CWLAT Cisco Wireless LAN Advanced Topics Volume Version 1.0 Student Guide Text Part Number: xx-xxxx-xx Copyright © 2006, Cisco Systems, Inc All rights reserved Cisco Systems has more than 200 offices in the following countries and regions Addresses, phone numbers, and fax numbers are listed on the Cisco Web site at www.cisco.com/go/offices Argentina • Australia • Austria • Belgium • Brazil • Bulgaria • Canada • Chile • China PRC • Colombia • Costa Rica Croatia • Czech Republic • Denmark • Dubai, UAE • Finland • France • Germany • Greece • Hong Kong SAR • Hungary India • Indonesia • Ireland • Israel • Italy • Japan • Korea • Luxembourg • Malaysia • Mexico • The Netherlands New Zealand • Norway • Peru • Philippines • Poland • Portugal • Puerto Rico • Romania • Russia • Saudi Arabia Scotland • Singapore • Slovakia • Slovenia • South Africa • Spain • Sweden • Switzerland • Taiwan • Thailand • Turkey Ukraine • United Kingdom • United States Venezuela Vietnam Zimbabwe Copyright â 2006, Cisco Systems, Inc All rights reserved CCIP, the Cisco Powered Network mark, the Cisco Systems Verified logo, Cisco Unity, Fast Step, Follow Me Browsing, FormShare, Internet Quotient, iQ Breakthrough, iQ Expertise, iQ FastTrack, the iQ logo, iQ Net Readiness Scorecard, Networking Academy, ScriptShare, SMARTnet, TransPath, and Voice LAN are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, Discover All That’s Possible, The Fastest Way to Increase Your Internet Quotient, and iQuick Study are service marks of Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherSwitch, GigaStack, IOS, IP/TV, LightStream, MGX, MICA, the Networkers logo, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, RateMUX, Registrar, SlideCast, StrataView Plus, Stratm, SwitchProbe, TeleRouter, and VCO are registered trademarks of Cisco Systems, Inc and/or its affiliates in the U.S and certain other countries All other trademarks mentioned in this document or Web site are the property of their respective owners The use of the word partner does not imply a partnership relationship between Cisco and any other company (0201R) Table of Contents Volume Course Introduction Overview Course Goal and Objectives Course Flow .4 Additional References Cisco Unified Wireless Network Concepts 1-1 Describing Cisco Aironet Autonomous Access Points 1-3 Overview 1-3 Features and Components .1-4 Cisco Integrated Services Routers 1-16 Lesson Self-Check 1-19 Summary .1-21 Describing the Cisco Unified Wireless Network 1-23 Overview 1-23 Dynamic RF Management 1-25 Security and VLANs 1-26 Link Aggregation .1-31 Guest Tunnel and Anchor Mobility 1-39 Dynamic Frequency Selection 1-56 QoS .1-72 Multicast 1-86 WiSM 1-93 Cisco Wireless LAN Controller Module 1-99 Cisco Enhanced Security Module 1-108 Mesh Support 1-112 Lesson Self-Check 1-114 Summary .1-116 Describing WLAN Controller and Lightweight Access Point Architecture 1-117 Overview .1-117 Lightweight Access Point Protocol 1-118 WLAN Controller Hunting, Discovery, and Join Process 1-125 Implementation Basics 1-131 Advanced Deployment Concepts 1-137 Controller Placement and Deployment Strategies 1-144 Lesson Self-Check 1-150 Summary .1-152 Copyright © 2006, Cisco Systems, Inc Cisco Wireless LAN Advanced Topics (CWLAT) v1.0 Implementing the WLAN with Cisco WCS 2-1 Installing the Cisco WLAN Controller 2-3 Overview 2-3 Controller Initial Setup using the Console Port 2-4 Controller Initial Setup using the Service Port 2-7 Lesson Self-Check 2-18 Summary 2-20 Installing the Cisco Wireless Control System 2-21 Overview 2-21 Cisco Wireless Control System Overview 2-23 Installing the Cisco WCS 2-35 Cisco WCS Browser Overview 2-41 Administer the Cisco WCS 2-46 Populate the Cisco WCS Database 2-55 Adding Maps to the Cisco WCS 2-60 Viewing Maps 2-71 Editing Maps on the Cisco WCS 2-75 Configure the WLAN 2-86 Lesson Self-Check 2-106 Summary 2-109 The Cisco Core Feature Set 3-1 Introducing the Cisco Core Feature Set based on Autonomous Access Points 3-3 Overview 3-3 Configure the CiscoWorks WLSE Network Information 3-5 Switch and Router Setup 3-6 AAA Server Setup 3-8 Connecting to the Device 3-12 Login with Setup 3-13 Enter Setup Prompts 3-14 Enter SSL Certification Configuration Information 3-15 Verify Configuration 3-16 Configure Fast Secure Roaming for Voice 3-39 Lesson Self-Check 3-54 Summary 3-56 Implementing Radio Management for Cisco Autonomous Access Points 3-57 Overview 3-57 RM Theory of Operation 3-59 CiscoWorks WLSE RM Operation 3-68 Self-Healing 3-79 Ad-Hoc Network Detection 3-84 Cisco Wireless LAN Advanced Topics (CWLAT) v1.0 Copyright © 2006, Cisco Systems, Inc Location Manager and Assisted Site Survey 3-89 Antenna Support 3-109 WDS Radio Management Verifier .3-122 Lesson Self-Check 3-124 Summary .3-126 Copyright © 2006, Cisco Systems, Inc Cisco Wireless LAN Advanced Topics (CWLAT) v1.0 Cisco Wireless LAN Advanced Topics (CWLAT) v1.0 Copyright © 2006, Cisco Systems, Inc CWLAT Course Introduction Overview This course is designed to give students a firm understanding of the components, features and proper deployment of the Cisco Unified Wireless Network The course focuses on advanced WLAN design, integrating Cisco wireless components into a wired infrastructure Deployment topics include managing the WLAN by using the Cisco Wireless Control System (WCS) to manage the advanced feature set and using the CiscoWorks Wireless LAN Solutions Engine (WLSE) to manage the core feature set Security topics focus on integrating WLAN security using the WLAN controllers and lightweight access points as well as the autonomous access points in conjunction with the Cisco Secure ACS, and Network Access Controller (NAC) Security also includes Cisco WCS and CiscoWorks WLSE Intrusion Detection Systems Troubleshooting the WLAN is also included Learner Prerequisite Skills and Knowledge This subtopic lists the skills and knowledge that learners must possess to benefit fully from the course The subtopic also includes recommended Cisco learning offerings that learners should first complete to benefit fully from this course Learner Skills and Knowledge • Basic Computer Literacy • Knowledge of fundamental networking components and terminology • Knowledge of the Open Systems Interconnection (OSI) reference model • Knowledge of basic LAN components and functions © 2006 Cisco Systems, Inc All rights reserved Cisco Wireless LAN Advanced Topics (CWLAT) v1.0 CWLAT v1.0—3 Copyright © 2006, Cisco Systems, Inc Course Goal and Objectives This topic describes the course goal and objectives Course Goal “To provide System Engineers and Field Engineers with a more in-depth understanding of the most innovative and comprehensive suite of WLAN solutions in the industry, spanning a wide range of customer sizes and needs” Cisco Wireless LAN Advanced Topics © 2006 Cisco Systems, Inc All rights reserved CWLAT v1.0—4 Upon completing this course, you will be able to meet these objectives: Describe detailed technical features, functions and benefits of the WLAN product offerings available from Cisco Install advanced feature set hardware so that it functions optimally Install and manage the CiscoWorks WLSE and infrastructure devices so that it functions optimally Install and administer WLAN management devices Troubleshoot and maintain a wireless network Administer security so that the network is safe from attack Copyright © 2006, Cisco Systems, Inc Course Introduction Course Flow This topic presents the suggested flow of the course materials Course Flow Day Day Day Course Introduction A M Cisco Unified Wireless Network Concepts The Cisco Core Feature Set Implementing the WLAN with Cisco WCS WLAN Management (Cont.) Wireless Network Troubleshooting Day Cisco WLAN Security Lunch P M Implementing the WLAN with Cisco WCS (Cont.) WLAN Management © 2006 Cisco Systems, Inc All rights reserved Wireless Network Troubleshooting (Cont.) Cisco WLAN Security (Cont.) CWLAT v1.0—5 The schedule reflects the recommended structure for this course This structure allows enough time for the instructor to present the course information and for you to work through the lab activities The exact timing of the subject materials and labs depends on the pace of your specific class Cisco Wireless LAN Advanced Topics (CWLAT) v1.0 Copyright © 2006, Cisco Systems, Inc Description Of Directional Antenna: Vertical (Elevation or Tilt) Pattern © 2006 Cisco Systems, Inc All rights reserved CWLAT v1.0—3-55 Vertical gain is normalized to dB as the maximum Antenna gain is calculated by summing the horizontal gain and vertical gain 3-116 Cisco Wireless LAN Advanced Topics (CWLAT) v1.0 Copyright © 2006, Cisco Systems, Inc Directional Antenna Consideration Beam pattern is measured in free space In frees pace, no signal exists in antenna null direction In indoor environment, signal is measurable in null direction due to multipath reflection Antenna null truncated to dB © 2006 Cisco Systems, Inc All rights reserved CWLAT v1.0—3-56 To account for the signal enhancement in the null direction caused by radio signal multipath, the antenna null is truncated to dB so that the gain is no worse than a dB omni antenna in any direction of the antenna Copyright © 2006, Cisco Systems, Inc The Cisco Core Feature Set 3-117 Default Directional Antenna Coverage Azimuth = 0, Tilt = Height = 10 © 2006 Cisco Systems, Inc All rights reserved CWLAT v1.0—3-57 The figure shows the default setting when using antenna placement tool 3-118 Cisco Wireless LAN Advanced Topics (CWLAT) v1.0 Copyright © 2006, Cisco Systems, Inc Changing Azimuth on Directional Antenna Azimuth = 90, Tilt = Height = 10 © 2006 Cisco Systems, Inc All rights reserved CWLAT v1.0—3-58 The figure shows a change in the azimuth or direction that the antenna is pointing from to 90 degrees Copyright © 2006, Cisco Systems, Inc The Cisco Core Feature Set 3-119 Changing Tilt on Directional Antenna Azimuth = 0, Tilt = 30 Height = 10 © 2006 Cisco Systems, Inc All rights reserved CWLAT v1.0—3-59 The figure shows a change of the antenna from to 30 degrees As you can see, the tilt angle increases, the antenna peak gain reduces 3-120 Cisco Wireless LAN Advanced Topics (CWLAT) v1.0 Copyright © 2006, Cisco Systems, Inc Changing Height on Directional Antenna Azimuth = 0, Tilt = 0, Height = 100 © 2006 Cisco Systems, Inc All rights reserved CWLAT v1.0—3-60 The figure shows a change in the height from 10 feet to 100 feet When the height reaches a point where the vertical gain is less than dB, we get dB omni coverage due to truncation of the antenna gain Copyright © 2006, Cisco Systems, Inc The Cisco Core Feature Set 3-121 WDS Radio Management Verifier This topic discusses the WDS radio management verifier Radio Management Verifier Test access points WDS configuration Runs automatically when access point is dragged onto Location Manager Right click on access point invokes this utility © 2006 Cisco Systems, Inc All rights reserved CWLAT v1.0—3-61 You can verify that your access points, the WDS, and the CiscoWorks WLSE are configured correctly for Radio Management, which might help troubleshoot any problems you encounter The first time you place an access point on the floor map, the Radio Management verification runs automatically You can suppress this feature by setting your preference in the User Preferences Open the device whose Radio Management capability you want to verify and select Verify RM Capability The RM Capability Verifier window opens The Devices column lists all devices on which you have run the RM Capability Verifier 3-122 Cisco Wireless LAN Advanced Topics (CWLAT) v1.0 Copyright © 2006, Cisco Systems, Inc Viewing RM Verifier © 2006 Cisco Systems, Inc All rights reserved CWLAT v1.0—3-62 Right-click on the device whose Radio Management capability you want to verify, select Verify RM Capability The RM Capability Verifier window opens The Devices column lists all devices on which you have run the RM Capability Verifier The RM Capability Verifier checks the access point for connectivity, registration with WDS, and capabilities that are listed under the Test Description Field Check the Test Status column OK indicates the test passed Failed indicates a problem If a test fails, select the failed test, and the Suggested Action field displays information about how to fix the problem To re-run the RM Capability Verifier, select Re-run Copyright © 2006, Cisco Systems, Inc The Cisco Core Feature Set 3-123 Lesson Self-Check Use the questions here to review what you learned in this module The correct answers and solutions are found in the Lesson Self-Check Answer Key Q1) To which of the following devices access points and clients send their radio manager data? (Choose one.) (Source: RM Theory of Operation) A) B) C) D) Q2) What two functions does Self-Healing perform? (Choose two.)(Source: Self-Healing) A) B) C) D) Rogue AP Detection Monitoring – Detecting a downed radio Compensation – Modifying neighbor radios in response to a downed radio Interference detection Q3) What dose IBSS stand for? (Source: Ad-Hoc Network Detection) Q4) At what drop in RF performance is Auto Re-Site Survey triggered? (Source: Location Manager and Assisted Site Survey) A) B) C) D) Q5) 10 percent 20 percent 30 percent 40 percent The Radio Manager Verifier checks the access point for connectivity to the WDS (Source: WDS Radio Management Verifier) A) B) 3-124 CiscoWorks WLSE WDS Win2K server Cisco Secure ACS True False Cisco Wireless LAN Advanced Topics (CWLAT) v1.0 Copyright © 2006, Cisco Systems, Inc Lesson Self-Check Answer Key Q1) B Q2) B, C Q3) Independent basic service set Q4) B Q5) A Copyright © 2006, Cisco Systems, Inc The Cisco Core Feature Set 3-125 Summary This topic summarizes the key points discussed in this lesson Summary This lesson discussed the CiscoWorks WLSE Radio Management features This lesson discussed the use theory of RM operations Self-healing and how to implement it in a WLAN network was explained This lesson discussed the use of ad-hoc detection and why it is necessary This lesson explored the Location manager and the use of the Assisted site survey to develop a graphical view of the radio coverage and then looked at the various formats in which coverage could be viewed This lesson described the functions of the WDS RM Verifier © 2006 Cisco Systems, Inc All rights reserved 3-126 Cisco Wireless LAN Advanced Topics (CWLAT) v1.0 CWLAT v1.0—3-64 Copyright © 2006, Cisco Systems, Inc Module Summary This topic summarizes the key points that were discussed in this module Module Summary This module described the components of the Cisco core feature set as well as wireless LAN basics and how Radio Management simplifies the day-to-day management of the WLAN radio environment This module also described the installing and managing the CiscoWorks WLSE and infrastructure devices so that it functions optimally This module included lessons that described configuring various Cisco components to create the Cisco core feature set framework, and also configuring autonomous access points for Radio Management to monitor the radio coverage on the WLAN © 2006 Cisco Systems, Inc All rights reserved CWLAT v1.0—m3-1 This module described the components of the Cisco core feature set as well as wireless LAN basics and how Radio Management simplifies the day-to-day management of the WLAN radio environment This module also described the installing and managing the CiscoWorks WLSE and infrastructure devices so that it functions optimally This module included lessons that described configuring various Cisco components to create the Cisco core feature set framework, and also configuring autonomous access points for Radio Management to monitor the radio coverage on the WLAN Copyright © 2006, Cisco Systems, Inc The Cisco Core Feature Set 3-127 Module Self-Check Use the questions here to review what you learned in this Module The correct answers and solutions are found in the Module Self-Check Answer Key Q1) When defining an AAA client on the CiscoSecure ACS server what authentication should be used? (Choose one.) (Source: Introducing the Cisco WLAN core feature set based on autonomous access points.) A) B) C) D) Q2) What two functions does Self-Healing perform? (Choose two.)(Source: Self-Healing) A) B) C) D) 3-128 TACACS + (Cisco IOS) RADIUS (Cisco Aironet) RADIUS (IETF) RADIUS (iPass) Rogue AP Detection Monitoring – Detecting a downed radio Compensation – Modifying neighbor radios in response to a downed radio Interference detection Cisco Wireless LAN Advanced Topics (CWLAT) Copyright © 2006, Cisco Systems, Inc Module Self-Check Answer Key Q1) B Q2) B,C Copyright © 2006, Cisco Systems, Inc The Cisco Core Feature Set 3-129 3-130 Cisco Wireless LAN Advanced Topics (CWLAT) Copyright © 2006, Cisco Systems, Inc ... connection to two 10 / 10 0 / 10 00 Ethernet controllers AC power supply wattage 2 30 W AC power supply voltage 10 0 -12 0V at 50- 60 Hz; 200 -240V at 50- 60 Hz System battery Physical Environmental CR 203 2 3V lithium... Concepts 1- 17 Integrated Services Routers with WDS Access Points Supported 10 0 APs Local Authentication Client Database 10 00 clients 50 500 Cisco 3725 25 2 50 Cisco 28 51 20 200 10 10 0 50 Cisco... roaming 2 800 Series • Local authentication Routers supported • 3 800 Enterprise Branch Office © 200 6 Cisco Systems, Inc All rights reserved • 3 700 • 2 800 • 2 600 Small Branch CWALT v1 .0 1- 15 The Cisco