Curtin University

Wireless Data Network

COMT3002/6004

Experiment Three- Simulator Version

Antenna and wireless traffic negotiation and Configuring WLAN

(WLC Configuration)
Antenna .................................................................................................................................... 2
Creating accounts on WLC........................................................................................................ 2
Creating an Administrator Account ...................................................................................... 2
Creating an Administrator Account Using the Controller GUI ........................................ 3
Creating WLANs ........................................................................................................................ 3
Using the GUI to Create WLANs ........................................................................................... 4
Configuring Layer 2 Security ..................................................................................................... 5
WPA and WPA2 .................................................................................................................... 5
Using the GUI to configure WPA1+WPA2............................................................................. 6
Static WEP Keys .................................................................................................................... 8

Antenna

1. The two factors involved in dealing with antennas are polarity and Diversity. Briefly
explain each factor.

2. There are two types of antenna, Omnidirectional and Directional. Explain how they
operate and what are the differences. Use examples for each type.

Creating accounts on WLC

You can create accounts with different privileged level on your WLC. But always remember
NOT TO DELETE DEFAULT ACCOUNT UNLESS YOU CREATE A NEW
ADMINISTRATOR ONE.
Note: Packet Tracer version only has the admin account creation ability

Creating an Administrator Account

Creating an Administrator Account Using the Controller GUI

To create an Administrator account on the controller using the controller GUI, follow
these

Step 1
Click Management > Local Management Users.

Note! This Local Management Users window lists the names and access privileges of
the current local management users. You can delete any of the user accounts from the
controller by selecting the Remove option from the blue arrow drop-down menu next to
that account. However, deleting the default administrative user prohibits both GUI and
CLI access to the controller. Therefore, you must create a user with administrative
privileges (Read/Write) before you remove the default user.


Step 2
Click New.
Step 3
In the User Name field, enter a username.

Step 4
In the Password and Confirm Password fields, enter a password.
Note! Passwords are case sensitive.
Step 6
Click Apply to see your changes. The new an Administrator account appears in the
list of local management users.

Creating WLANs

This section provides instructions for creating up to 512 WLANs using either the controller GUI or CLI (ONLY
GUI for Packet Tracer). You can configure WLANs with different service set identifiers (SSIDs) or with the same
SSID. An SSID identifies the specific wireless network that you want the controller to access. Creating WLANs
with the same SSID enables you to assign different Layer 2 security policies within the same wireless LAN. To
distinguish among WLANs with the same SSID, you must create a unique profile name for each WLAN.

WLANs with the same SSID must have unique Layer 2 security policies so that clients can make a WLAN
selection based on information advertised in beacon and probe responses. These are the available Layer 2
security policies:

• None (open WLAN)

• Static WEP or 802.1X
• CKIP
• WPA/WPA2
Using the GUI to Create WLANs

To create WLANs using the GUI, follow these steps:

1. Choose WLANs to open the WLANs page (Figure 1)

This page lists all of the WLANs currently configured on the controller. For each WLAN, you can see its WLAN
ID, profile name, type, SSID, status, and security policies.

The total number of WLANs appears in the upper right-hand corner of the page. If the list of WLANs spans
multiple pages, you can access these pages by clicking the page number links.

Note select the check box to the left of the WLAN, choose Remove Selected from the drop-down list and click
Go. A message appears asking you to confirm your decision. remove option at the end of each WLAN
description line. If you proceed, the WLAN is removed from any access point group to which it is assigned and
from the access point’s radio.

Figure 1-WLANs>New Page

2. Create a new WLAN by choosing Create New from the drop-down list and clicking
Go. The WLANs > New page appears
 Figure 2- WLANs>New Page

3. From the Type drop-down list, choose WLAN to create a WLAN.

4. In the Profile Name text box, enter up to 32 alphanumeric characters for the profile
name to be assigned to this WLAN. The profile name must be unique.
5. In the WLAN SSID text box, enter up to 32 alphanumeric characters for the SSID to
be assigned to this WLAN.
6. From the WLAN ID drop-down list, choose the ID number for this WLAN.
7. Click Apply to commit your changes. The WLANs > Edit page appears.

Figure 3-WLANs>Edit Page

Configuring Layer 2 Security

This section describes how to assign Layer 2 security settings to WLANs

WPA and WPA2

Wi-Fi Protected Access (WPA or WPA1) and WPA2 are standards-based security solutions from the Wi-Fi
Alliance that provide data protection and access control for wireless LAN systems. WPA1 is compatible with
the IEEE 802.11i standard but was implemented prior to the standard’s ratification; WPA2 is the Wi-Fi
Alliance's implementation of the ratified IEEE 802.11i standard.

By default, WPA1 uses Temporal Key Integrity Protocol (TKIP) and message integrity check (MIC) for data
protection while WPA2 uses the stronger Advanced Encryption Standard encryption algorithm using Counter
Mode with Cipher Block Chaining Message Authentication Code Protocol (AES-CCMP). Both WPA1 and WPA2
use 802.1X for authenticated key management by default. However, these options are also available:
 • 802.1X—The standard for wireless LAN security, as defined by IEEE, is called 802.1X for 802.11, or
simply 802.1X. An access point that supports 802.1X acts as the interface between a wireless client
and an authentication server, such as a RADIUS server, to which the access point communicates over
the wired network. If 802.1X is selected, only 802.1X clients are supported.

• PSK—When you choose PSK (also known as WPA preshared key or WPA passphrase), you need to
configure a preshared key (or a passphrase). This key is used as the pairwise master key (PMK)
between the clients and the authentication server.
• CCKM—Cisco Centralized Key Management (CCKM) uses a fast rekeying technique that enables
clients to roam from one access point to another without going through the controller, typically in
under 150 milliseconds (ms). CCKM reduces the time required by the client to mutually authenticate
with the new access point and derive a new session key during reassociation. CCKM fast secure
roaming ensures that there is no perceptible delay in time-sensitive applications such as wireless
Voice over IP (VoIP), enterprise resource planning (ERP), or Citrix-based solutions. CCKM is a CCXv4-
compliant feature. If CCKM is selected, only CCKM clients are supported.
• 802.1X+CCKM—During normal operation, 802.1X-enabled clients mutually authenticate with a new
access point by performing a complete 802.1X authentication, including communication with the
main RADIUS server. However, when you configure your WLAN for 802.1X and CCKM fast secure
roaming, CCKM-enabled clients securely roam from one access point to another without the need to
re-authenticate to the RADIUS server. 802.1X+CCKM is considered optional CCKM because both
CCKM and non-CCKM clients are supported when this option is selected.

On a single WLAN, you can allow WPA1, WPA2, and 802.1X/PSK/CCKM/802.1X+CCKM clients to join. All of the
access points on such a WLAN advertise WPA1, WPA2, and 802.1X/PSK/CCKM/802.1X+CCKM information
elements in their beacons and probe responses. When you enable WPA1 and/or WPA2, you can also enable
one or two ciphers, or cryptographic algorithms, designed to protect data traffic. Specifically, you can enable
AES and/or TKIP data encryption for WPA1 and/or WPA2. TKIP is the default value for WPA1, and AES is the
default value for WPA2.

You can configure WPA1+WPA2 through either the GUI or the CLI.

Using the GUI to configure WPA1+WPA2

To configure a WLAN for WPA1+WPA2 using the controller GUI, follow these steps.

1. Choose WLANs to open the WLANs page.

2. Click the ID number of the desired WLAN to open the WLANs > Edit page.
3. Choose the Security and Layer 2 tabs to open the WLANs > Edit (Security > Layer 2)
page
 Figure 4- WLANs>Edit (Security > Layer 2) Page

4. Choose WPA+WPA2 from the Layer 2 Security drop-down list.

Step

5. Under WPA+WPA2 Parameters, select the WPA Policy check box to enable WPA,
select the WPA2 Policy check box to enable WPA2, or select both check boxes to
enable both WPA and WPA2. (Only one is available for Packet Tracer)

6. Select the AES check box to enable AES data encryption or the TKIP check box to
enable TKIP data encryption for WPA1, WPA2, or both (Only AES is available for
Packet Tracer).
7. Choose one of the following key management methods from the Auth Key Mgmt
drop-down list: 802.1X, CCKM, PSK, or 802.1X+CCKM (Only 802.1x and is available
for Packet Tracer).
8. If you chose PSK in step 7 choose ASCII or HEX from the PSK Format drop-down list
(Only ASCII is available for Packet Tracer) and then enter a preshared key in the
blank text box. WPA preshared keys must contain 8 to 63 ASCII text characters or 64
hexadecimal characters.
9. Click Apply to commit your changes.

To connect a client same as first lab, enter the WLAN details into Wireless0 interface.
Static WEP Keys

To configure a WLAN for WEP using the controller GUI, follow these steps.

1. Choose WLANs to open the WLANs page.

2. Click the ID number of the desired WLAN to open the WLANs > Edit page.
3. Choose the Security and Layer 2 tabs to open the WLANs > Edit (Security > Layer 2)
page
4. Choose Static WEP from the Layer 2 Security drop-down list.
Step

5. Enter 10 hexadecimal digits (any combination of 0-9, a-f, or A-F) or five printable ASCII characters for
40-bit/64-bit WEP keys or enter 26 hexadecimal or 13 ASCII characters for 104-bit/128-bit keys.

You should have 3 clients, each connected to the different WLAN (no security, WPA, and
WEP)