252 CCNA Wireless Official Exam Certification Guide Figure 13-20 Radio Statistics ■ 802.11a/n Radios / 802.11b/g/n Radios: The 802 Radios links provide a list of APs with that specific type of radio. ■ Clients: This link ties you to a page that provides a list of clients and lets you search by MAC address for clients. ■ RADIUS Servers: This link provides a list of RADUIS Authentication and Account- ing servers. Looking further into the 802.11a/n Radios and 802.11b/g/n Radios options, you can gain even more information by selecting the Details link for a radio from the Monitor Sum- mary page. Here is what you get. You see the slot that the radio is in and the base radio MAC address. Looking more closely at Figure 13-19, you can see that Operational Status is UP. You can gain information regarding a load profile, noise profile, interference profile, and coverage profile. Load Profile is set to 80% by default. If the load of this particular AP goes over that threshold, Load Profile shows a warning rather than the status Passed. Likewise, if the SNR is too low, Load Profile indicates a warning. Should too much interference be on the same channel that this AP is operating on, the Interference Profile shows a warning. If clients roam away and are not able to relay off another AP, the Coverage Profile shows a warning. To see the details of these profiles, from the screen in Figure 13-18, select the Details link at the right side of the page. This causes a page similar to Figure 13-20 to be displayed. 15_1587202115_ch13.qxp 9/29/08 2:41 PM Page 252 Chapter 13: Simple Network Configuration and Monitoring with the Cisco Controller 253 The resulting page is Radio Statistics. Numerous items are of interest here that are not seen in the figure: Note: To see the content discussed in the previous bulleted list, you need to scroll down in the web interface of the controller, because the page is long for this output and is not shown completely in Figure 13-20. ■ The Noise vs. Channel chart shows each channel of the AP and the level of non- 802.11 noise interference on that particular channel. ■ The Interference by Channel shows statistics for other 802.11 interference. ■ The Load Statistics section provides information about transmit and receive utiliza- tion, channel utilization, and attached clients. ■ Two charts exist: % Client Count vs. RSSI and % Client Count vs. SNR. ■ The next section covers the Rx Neighbors Information. This section displays neigh- boring APs along with their IP address and Received Signal Strength Indicator (RSSI). The controller uses this to allocate channels and ensure adequate coverage by shaping the coverage area. As far as the CCNA Wireless exam is concerned, you should be familiar with the overall concept, but you do not need to understand each area in great detail. Still, with all this in- formation for monitoring the APs that this controller manages and their radios, you must contend with those rogue devices. Rogue devices include any wireless device that can in- terfere with the managed APs. The following section discusses how to manage them. Managing Rogue APs You can manage rogue APs from the controller interface. Recall that on the Monitor page, the second column has information on rogue devices. This is a good place to start. Re- viewing the Monitor page, seen in Figure 13-21, notice that the first line below Rogue Summary is Active Rogue APs. A rogue AP is an AP that is unknown to the controller. You want to avoid jumping to con- clusions here. It might simply be an AP in a neighboring business. It does not necessarily represent the bad guys. This takes a little work to figure out, however. The next line is Active Rogue Clients. This is a wireless device that sends an unexpected frame. This is usually from a default configuration on client devices. Next is Adhoc Rogues, which is, as previously mentioned, any device setting up an Adhoc network. Finally, you have the Rogues on a Wired Network field. This is a count of rogues that a Rogue Detector AP has discovered. It works by the AP detecting ARP requests on the wired network for APs marked as rogue. You can gather more information by selecting the Detail link on the right. Selecting this for the Active Rogue APs presents a list of the designated rogue APs. The key on this page is the number of detecting radios. Examine Figure 13-22. Notice that 20 of 32 rogues are 15_1587202115_ch13.qxp 9/29/08 2:41 PM Page 253 254 CCNA Wireless Official Exam Certification Guide Figure 13-21 Review Rogues from the Monitor Page listed. Also key in on the number of detecting radios. The fewer radios, the better. That is because if only one or two detect the rogue, the rogue is probably on the edge of the net- work, most likely coming from a neighboring business, as is the case with this figure. If the number of detecting radios is high, the rogue is being seen by a number of APs and most likely is within your network, probably sitting under a desk exactly where it should not be. You can click on the rogue that you are concerned with and select Contain Rogue, as seen in Figure 13-23. When you contain the rogue, your AP spoofs its MAC address and sends deauthentication frames that appear to come from the contained AP. When clients see this, they are unable to stay associated with the contained AP. This should stress the importance of ensuring that it is not the AP of your neighbor. Another note related to containment relates to the number of devices you can contain. You cannot contain more than three rogues per AP because the AP that is performing containment takes a CPU hit of up to 10 percent per contained AP. The system cap is 30 percent. This means that if an AP contains two rogues, it takes a 20 percent CPU hit. With the system cap of 30 percent, it can contain only one more rogue. Key Topi c 15_1587202115_ch13.qxp 9/29/08 2:41 PM Page 254 Chapter 13: Simple Network Configuration and Monitoring with the Cisco Controller 255 Figure 13-22 Rogue APs Figure 13-23 Contain the Rogue AP Key Topi c 15_1587202115_ch13.qxp 9/29/08 2:41 PM Page 255 256 CCNA Wireless Official Exam Certification Guide Managing Clients Managing clients is another important aspect to master. From the Monitor page, you can see the client summary. This gives a total of current clients, excluded clients, and disabled clients. Any device that sends a probe is considered a current client, so this number might be inflated even if the client does not associate with the AP. Clicking on details provides a list of clients, as shown in Figure 13-24. You can see the MAC address of the clients, the AP with which they are associated, the WLAN profile they are using, and the protocol they are using. In the case of Figure 13-24, the client with MAC address 00:1e:c2:ab:14:26 is associated with the Public_Guest_Access profile. Next you have the status, in this case Associated. Also, the client is authenticated, and port 1 on the controller is the means to the wired network. This client is not a workgroup bridge. As seen in other examples, you can hover your mouse over the blue arrow to the right for a list of options, including these: ■ LinkTest ■ Disable ■ Remove Figure 13-24 Clients 15_1587202115_ch13.qxp 9/29/08 2:41 PM Page 256 Chapter 13: Simple Network Configuration and Monitoring with the Cisco Controller 257 ■ 802.11aTSM ■ 802.11b/gTSM The LinkTest provides a way to test the link of the client by reporting the number of sent and received packets, the signal strength, and the signal-to-noise ratio (SNR). Disabling the client puts it into a Disabled Client list and bans it until it is manually re- moved. To view this list, select Security > Disabled Clients. To manually add clients, click New. The Remove link disassociates the client. However, this does not prevent it from attempt- ing association again, like disabling would. For more details, click the client MAC address. This presents the Detail page, as seen in Figure 13-25. The five sections are as follows: ■ Client Properties ■ Security Information ■ Quality of Service Properties ■ Client Statistics ■ AP Properties Finally, there are excluded clients. Clients can be excluded for the following reasons: ■ The client has failed 802.11 authentication five times. ■ The client has failed 802.11 association five times. ■ The client has failed 802.1x authentication three times. ■ The client has failed the policy on an external server. ■ The client has an IP that is already in use. ■ The client has failed three web authentication attempts. By default, these clients are excluded for 60 seconds. Think of it as a waiting period. If a client retries after that 60 seconds and does not fail any of the criteria in the preceding list, the client is no longer excluded. Using Internal DHCP One reason for exclusion is that the client might be trying to use an IP that is in use al- ready. You can solve this issue using DHCP. If your network does not have a DHCP server, the controller can act as one for you. To configure the controller as a DHCP server, go to CONTROLLER > Internal DHCP Server > New. The rest of the DHCP server configura- tion is pretty self-explanatory. 15_1587202115_ch13.qxp 9/29/08 2:41 PM Page 257 258 CCNA Wireless Official Exam Certification Guide Figure 13-25 Clients > Detail 15_1587202115_ch13.qxp 9/29/08 2:41 PM Page 258 Chapter 13: Simple Network Configuration and Monitoring with the Cisco Controller 259 Table 13-2 Key Topics for Chapter 13 Key Topic Item Description Page Number Controller Terminology Section defining controller terms 228 Example 13-3 Setup Wizard 232 Configuring the Controller Using the Web Interface Creating an interface and creating a WLAN 238 Figure 13-12 802.11a/n radios 246 Figure 13-13 802.11a/n Radio Options menu 246 Figure 13-19 Viewing 802.11a/n radios 251 Figure 13-21 Review rogues from the Monitor page 254 Exam Preparation Tasks Review All the Key Concepts Review the most important topics from this chapter, noted with the Key Topics icon in the outer margin of the page. Table 13-2 lists a reference of these key topics and the page number where you can find each one. Definition of Key Terms Define the following key terms from this chapter, and check your answers in the Glossary: port, interface, WLAN, static interface, dynamic interface, roaming, mobility group 15_1587202115_ch13.qxp 9/29/08 2:41 PM Page 259 This chapter covers the following subjects: Connecting to a Standalone AP: A brief discus- sion on how to gain access to a standalone AP using various methods. Using the Express Setup and Express Security for Basic Configuration: How to set up the standalone AP for wireless access using the Express Setup and Express Security configurations. Converting to LWAPP: How to convert a stand- alone AP to lightweight mode using the Upgrade tool. 16_1587202115_ch14.qxd 9/29/08 2:40 PM Page 260 CHAPTER 14 Migrating Standalone APs to LWAPP Table 14-1 “Do I Know This Already?” Section-to-Question Mapping Foundation Topics Section Questions Connecting to a Standalone AP 1–4 Using the Express Setup and Express Security for Basic Configuration 5–6 Converting to LWAPP 7–10 Many Cisco APs are capable of operating in both autonomous mode and lightweight mode. APs that can do both usually ship in standalone mode. Some may choose to use these APs in standalone mode. Others might immediately convert them to Lightweight Access Point Protocol (LWAPP)–capable APs and integrate them into a network designed after the Cisco Unified Wireless Network (CUWN). In this chapter, you will learn how to access a standalone AP, how to configure it in standalone mode, and how to convert it to lightweight mode. You should do the “Do I Know This Already?” quiz first. If you score 80 percent or higher, you might want to skip to the section “Exam Preparation Tasks.” If you score below 80 percent, you should spend the time reviewing the entire chapter. Refer to Appendix A, “Answers to the ‘Do I Know This Already?’ Quizzes,” to confirm your answers. “Do I Know This Already?” Quiz The “Do I Know This Already?” quiz helps you determine your level of knowledge of this chapter’s topics before you begin. Table 14-1 details the major topics discussed in this chapter and their corresponding quiz questions. 1. A standalone AP has a console port. True or False? a. True b. False 16_1587202115_ch14.qxd 9/29/08 2:40 PM Page 261 . of detecting radios. Examine Figure 13-22. Notice that 20 of 32 rogues are 15_1587202115_ch13.qxp 9 /29/ 08 2:41 PM Page 253 254 CCNA Wireless Official Exam Certification Guide Figure 13-21 Review. self-explanatory. 15_1587202115_ch13.qxp 9 /29/ 08 2:41 PM Page 257 258 CCNA Wireless Official Exam Certification Guide Figure 13-25 Clients > Detail 15_1587202115_ch13.qxp 9 /29/ 08 2:41 PM Page 258 Chapter. 13-23 Contain the Rogue AP Key Topi c 15_1587202115_ch13.qxp 9 /29/ 08 2:41 PM Page 255 256 CCNA Wireless Official Exam Certification Guide Managing Clients Managing clients is another important