Chapter 1

Device Configuration
1.1. Configuration Wizard
While the configuration wizard is an easy way to display complex configuration options, it does
rely on the user having a basic understanding of the software component.

Network Devices

Computer networking devices are units that mediate data in a computer network and are also called
network equipment. Units that are the last receiver or generate data are called hosts or data terminal
equipment. Network Models It was developed by the International Organization for
Standardization (ISO). It was first introduced in the late 1970s. It is a model for a computer
protocol architecture and as a framework for developing protocol standards. An ISO standard that
covers all aspects of network communications is the Open Systems Interconnection (OSI) model.

OSI Model

The OSI Model (Open Systems Interconnection Model) is a conceptual framework used to
describe the functions of a networking system. The OSI model characterizes computing functions
into a universal set of rules and requirements in order to support interoperability between different
products and software. It comprises of seven layers.

Advantages:

 Network communication is broken into smaller, more manageable parts.

 Allows different types of network hardware and software to communicate with each
other.
 All layers are independent and changes does not affect other layers.
 Easier to understand network communication.

Why layered communication?

 To reduce complexity of communication task by splitting it into several layered small

tasks
 assists in protocol design
 changes in one layer do not affect other layers
 provides a common language

1
 Figure 1. 1 OSI model

LAYER 1: PHYSICAL LAYER

The lowest layer of the OSI Model is concerned with electrically or optically transmitting raw
unstructured data bits across the network from the physical layer of the sending device to the
physical layer of the receiving device. It can include specifications such as voltages, pin layout,
cabling, and radio frequencies. At the physical layer, one might find “physical” resources such as
network hubs, cabling, repeaters, network adapters or modems.

 Define physical characteristics of network. E.g. wires, connector, voltages, data rates,
Asynchronous, Synchronous Transmission.
 Handles bit stream or binary transmission.
 Used to maintain, activate and deactivate physical link.
 For receiver it reassembles bits and send to upper layer for frames.

For Sender it convert frames into bit stream and send on transmission medium.

LAYER 2: DATA LINK

At the data link layer, directly connected nodes are used to perform node-to-node data transfer
where data is packaged into frames. The data link layer also corrects errors that may have occurred
at the physical layer. The data link layer encompasses two sub-layers of its own. The first, media

2
access control (MAC), provides flow control and multiplexing for device transmissions over a
network. The second, the logical link control (LLC), provides flow and error control over the
physical medium as well as identifies line protocols.

 Packages raw bits from the physical layer into FRAMES.

 The data link layer provides reliable transit of data across a physical link by using the
Media Access Control (MAC) addresses. Source & Destination (address of device that
connects one Network to next) address.
 Flow Control: Prevent overwhelming of Receiving Node.
 Error Control: Through Trailer
 Access Control: Which device to have control
 Data Link LAN specifications: Fast Ethernet, Token Ring, FDDI.
 Data Link WAN specifications are: Frame Relay, PPP, X.25.
 Bridges and Switches operate at this layer

Sub layers of Layer 2

 Logical link layer (LLC)

o Used for communication with upper layers
o Error correction
o Flow control
 Media Access Control (MAC)
o Access to physical medium
o Header and trailer
o Trailer: The trailer typically includes a frame check sequence (FCS), which is
used to perform error detection.

LAYER 3: NETWORK

The network layer is responsible for receiving frames from the data link layer, and delivering them
to their intended destinations among based on the addresses contained inside the frame. The
network layer finds the destination by using logical addresses, such as IP (internet protocol). At
this layer, routers are a crucial component used to quite literally route information where it needs
to go between networks.

 Defines source to destination delivery of packets across NWs.

 Defines logical addressing and best path determination.
 Treat each packet independently
 Defines how routing works and how routes are learned
 Converts frames to packets
 Routed protocols ( encapsulate data into packets) and Routing protocols (create routing
tables) work on this layer
 Examples of Routed protocols are: IP, IPX, AppleTalk and Routing protocols are OSPF,
IGRP/EIGRP, RIP, BGP
 Routers operate at Layer 3.

3
LAYER 4: TRANSPORT

The transport layer manages the delivery and error checking of data packets. It regulates the size,
sequencing, and ultimately the transfer of data between systems and hosts. One of the most
common examples of the transport layer is TCP or the Transmission Control Protocol.

 It regulates information flow to ensure process-to- process connectivity between host

applications reliably and accurately
 Adds service point address or Port address
 Segmentation & Re-assembly: SEGMENTS data from sending node and reassembles
data on receiving node
 Flow control / Error control at Source to destination level
 Connection oriented transport service ensures that data is delivered error free, in
sequence with no losses or duplications
 Establishes, maintains and terminates virtual circuits
 Connection oriented / Connectionless:

TCP (Reliable, provides guaranteed delivery),

UDP (Unreliable, less overhead, reliability can be provided by the Application layer)

Provides multiplexing: the support of different flows of data to different applications on the same
host

LAYER 5: SESSION

The session layer controls the conversations between different computers. A session or
connection between machines is set up and managed at layer 5. Session layer services also
include authentication and reconnections.

 The session layer defines how to start, control and end conversations (called sessions)
between applications
 Establishes dialog control between the two computers in a session, regulating which side
transmits, plus when and how long it transmits (Full duplex)
 Synchronization: Allows processes to add check points. E.g. Insert check point at every
100 page of 2000 page file to ensure that each 100-page unit is received & acknowledged
 Transmits Data

LAYER 6: PRESENTATION

The presentation layer formats or translates data for the application layer based on the syntax or
semantics that the application accepts. Because of this, it at times also called the syntax layer.
This layer can also handle the encryption and decryption required by the application layer.

 Presentation layer is concerned with the syntax and semantics of the information
exchanged between two systems.
 This layer is primarily responsible for the translation, encryption and compression of data.

4
  Defines coding and conversion functions
 This layer also manages security issues by providing services such as data encryption and
data compression
 Examples of these formats and schemes are: MPEG, QuickTime, ASCII, EBCDIC, GIF,
TIFF, JPEG

LAYER 7: APPLICATION

At this layer, both the end user and the application layer interact directly with the software
application. This layer sees network services provided to end-user applications such as a web
browser or Office 365. The application layer identifies communication partners, resource
availability, and synchronizes communication.

 The application layer is responsible for providing services to the user

 Closest to the user and provides user interface
 Establishes the availability of intended communication partners
 Examples of Application layer protocols are: Telnet, SMTP, FTP, SNMP

Layer 1 Vs Layer 2

Layer 1 cannot communicate with upper layers Layer 2 does this using LLC
Layer 1 cannot identify computer Layer 2 uses addressing process
Layer 1 can only describe stream of bits Layer 2 uses framing to organize bits

Data Encapsulation

Data Encapsulation is the process of adding a header to wrap/envelop the data that flows down
the OSI model. The 5 Steps of Data Encapsulation are:

1. The Application, Presentation and Session layers create DATA from users’ input.
2. The Transport layer converts the DATA to SEGMENTS
3. The NW layer converts the Segments to Packets (datagram)
4. The Data Link layer converts the PACKETS to FRAMES
5. The Physical layer converts the FRAMES to BITS.

Some of application layer protocols and their functions

Simple Mail Transfer Protocol (SMTP)

 Governs the transmission of mail messages and attachments

 SMTP is used in the case of outgoing messages
 More powerful protocols such as POP3 and IMAP4 are needed and available to manage
incoming messages
 POP3(Post Office Protocol version 3) is the older protocol
 IMAP4(Internet Mail Access Protocol version 4) is the more advanced protocol

5
Telnet:

 It allows a user on a remote client machine, called the Telnet client, to access the resources
of another machine, the Telnet server, in order to access a command-line interface.

File Transfer Protocol (FTP)

 File Transfer Protocol (FTP) actually lets us transfer files, and it can accomplish this
between any two machines using it.
 FTP’s functions are limited to listing and manipulating directories, typing file contents,
and copying files between hosts.

Simple Network Management Protocol (SNMP)

 Simple Network Management Protocol (SNMP) collects and manipulates valuable

network information.

Hypertext Transfer Protocol (HTTP)

 It’s used to manage communications between web browsers and web servers and opens
the right resource when you click a link, wherever that resource may actually reside.

Hypertext Transfer Protocol Secure (HTTPS)

 Hypertext Transfer Protocol Secure (HTTPS) is also known as Secure Hypertext Transfer
Protocol. It uses Secure Sockets Layer (SSL).

Domain Name Service (DNS)

 Domain Name Service (DNS) resolves hostnames—specifically, Internet names, such as

www.wcu.edu.et

Dynamic Host Configuration Protocol (DHCP)

 Dynamic Host Configuration Protocol (DHCP) assigns IP addresses to hosts dynamically.

 It allows for easier administration and works well in small to very large network
environments.

Some of Transport layer protocols and their functions

TCP (Transmission Control Protocol)

 TCP: takes large blocks of information from an application and breaks them into
segments.
 It is Connection oriented means that a virtual connection is established before any user
data is transferred. (handshake)

6
User Datagram Protocol (UDP)

 UDP does not sequence the segments and does not care about the order in which the
segments arrive at the destination.
 UDP just sends the segments off and forgets about them.

Table 1. 1 Well-Known TCP Port Numbers

Network device

Hub

Hubs connect computers together in a star topology network. Due to their design, they increase
the chances for collisions. Hubs operate in the physical layer of the OSI model and have no
intelligence. Hubs flood incoming packets to all ports all the time. For this reason, if a network is
connected using hubs, the chances of a collision increases linearly with the number of computers
(assuming equal bandwidth use).

Hubs cannot filter data so data packets are sent to all connected devices/computers and do not have
intelligence to find out best path for data packets. This leads to inefficiencies and wastage.

7
Bridge

In telecommunication networks, a bridge is a product that connects a local area network (LAN) to
another local area network that uses the same protocol. Having a single incoming and outgoing
port and filters traffic on the LAN by looking at the MAC address, bridge is more complex than
hub. Bridge looks at the destination of the packet before forwarding unlike a hub. It restricts
transmission on other LAN segment if destination is not found. Bridge works at the data-link
(physical network) level of a network, copying a data frame from one network to the next network
along the communications path. It used to connect two subnetworks that use interchangeable
protocols. It combines two LANs to form an extended LAN. The main difference between the
bridge and repeater is that the bridge has a penetrating efficiency.

 Transparent Bridges: It is also called learning bridges. Bridge construct its table of
terminal addresses on its own as it implements connecting two LANs. It facilitates the
source location to create its table. It is self-updating. It is a plug and plays bridge.
Transparent Bridges is invisible to the other devices on the network. Transparent Bridge
only perform the function of blocking or forwarding data based on MAC address. MAC
address may also be referred as hardware address or physical address. These addresses are
used to build tables and make decision regarding whether a frame should be forward and
where it should be forwarded.
 Source Routing Bridge: Source-route Bridges were designed by IBM for use on Token
ring networks. The SR Bridge derives the entire route of the frame embedded within the
frame. This allows the Bridge to make specific decision about how the frame should be
forwarded through the network. This sending terminal means the bridges that the frames
should stay. This type of bridge is used to prevent looping problem.
 Translational Bridge: Translational Bridges are useful to connect segments running at
different speeds or using different protocols such as token Ring and Ethernet networks.
Depending on the direction of travel, a Translational Bridge can add or remove information
and fields from frame as needed.

Repeater

A repeater is an electronic device that receives a signal and retransmits it at a higher level and/or
higher power, or onto the other side of an obstruction, so that the signal can cover longer distances
without degradation. Because repeaters work with the actual physical signal, and do not attempt
to interpret the data being transmitted, they operate on the physical layer, the first layer of the OSI
model. Repeaters are majorly employed in long distance transmission to reduce the effect of
attenuation. It is important to note that repeaters do not amplify the original signal but simply
regenerate it.

Modem

Modem (from modulator-demodulator) is a device that turns the digital 1s and 0s of a personal
computer into sounds that can be transmitted over the telephone lines

8
NIC (Network Interface Card)

A network interface card is a computer hardware component designed to allow computers to

communicate over a computer network. It is both an OSI layer 1 (physical layer) and layer 2 (data
link layer) device, as it provides physical access to a networking medium and provides a low-level
addressing system through the use of MAC addresses. It allows users to connect to each other
either by using cables or wirelessly. Most motherboards today come equipped with a network
interface card in the form of a controller, with the hardware built into the board itself, eliminating
the need for a standalone card.

Switch

A switch when compared to bridge has multiple ports. Switches can perform error checking before
forwarding data, which are very efficient by not forwarding packets that error-end out or
forwarding good packets selectively to correct devices only. Switches can support both layer 2
(based on MAC Address) and layer 3 (Based on IP address) depending on the type of switch.
Usually large networks use switches instead of hubs to connect computers within the same subnet.

 A switch operates in the layer 2, i.e. data link layer of the OSI model.
 It is an intelligent network device that can be conceived as a multiport network bridge.
 It uses MAC addresses (addresses of medium access control sublayer) to send data packets to
selected destination ports.
It uses packet switching technique to receive and forward data packets from the source to the
destination device.
 It is supports unicast (one-to-one), multicast (one-to-many) and broadcast (one-to-all)
communications.
Transmission mode is full duplex, i.e. communication in the channel occurs in both the
directions at the same time. Due to this, collisions do not occur.
 Switches are active devices, equipped with network software and network management
capabilities.
 Switches can perform some error checking before forwarding data to the destined port.
The number of ports is higher – 24/48.

Types of Switches: There are variety of switches that can be broadly categorized into 4 types:

 Unmanaged Switch − These are inexpensive switches commonly used in home networks
and small businesses. They can be set up by simply plugging in to the network, after which
they instantly start operating. When more devices needs to be added, more switches are
simply added by this plug and play method. They are referred to as unmanaged since they
do not require to be configured or monitored. Unmanaged switches are generally made as
plug-and-play devices and require little to no special installation beyond an Ethernet cable.
The setup of this type of switch relies on auto-negotiation between Ethernet devices to
enable communication between them. The switch will automatically determine the best
data rate to use, switching between full-duplex mode (where data is received or transmitted
in two directions at the same time) or half-duplex mode (where data is received or
transmitted two ways but only one direction at a time).

9
  Managed Switch − These are costly switches that are used in organisations with large and
complex networks, since they can be customized to augment the functionalities of a
standard switch. The augmented features may be QoS (Quality of Service) like higher
security levels, better precision control and complete network management. Despite their
cost, they are preferred in growing organizations due to their scalability and flexibility.
Simple Network Management Protocol (SNMP) is used for configuring managed switches.
A managed switch is exactly what it sounds like—a switch that requires some oversight by
a network administrator. This type of switch gives you total control over the traffic
accessing your network while allowing you to custom-configure each Ethernet port so you
get maximum efficiency over data transfers on the network. Managed switches are also
typically the best network switches to support the Gigabit standard of Ethernet rather than
traditional Fast Ethernet.
 LAN Switch − Local Area Network (LAN) switches connects devices in the internal LAN
of an organization. They are also referred as Ethernet switches or data switches. These
switches are particularly helpful in reducing network congestion or bottlenecks. They
allocate bandwidth in a manner so that there is no overlapping of data packets in a network.
 PoE Switch − Power over Ethernet (PoE) switches are used in PoE Gogabit Ethernets. PoE
technology combine data and power transmission over the same cable so that devices
connected to it can receive both electricity as well as data over the same line. PoE switches
offer greater flexibility and simplifies the cabling connections. A PoE switch distributes
power over the network to different devices. This means any device on the network, from
PCs to IP cameras and smart lighting systems, can function without the need to be near an
AC access point or router, because the PoE switch sends both data and power to the
connected devices.

Media Converter

A media converter, in the context of network hardware, is a cost-effective and flexible device
intended to implement and optimize fiber links in every kind of network. Among media converters,
the most often used type is a device that works as a transceiver, which converts the electrical signal
utilized in copper unshielded twisted pair (UTP) network cabling to light waves used for fiber
optic cabling. It is essential to have the fiber optic connectivity if the distance between two network
devices is greater than the copper cabling is transmission distance.

The copper-to-fiber conversion carried out by a media converter allows two network devices
having copper ports to be connected across long distances by means of fiber optic cabling. Media
converters are available as Physical Layer or Layer 2 switching devices, and can provide rate-
switching and other advanced switching features like VLAN tagging. Media converters are
typically protocol specific and are available to support a wide variety of network types and data
rates.

Media converters can also convert between wavelengths for Wavelength Division Multiplexing
(WDM) applications. Deployed in Enterprise, Government, Data Center, and Telecom Fiber to the
x networks, media converters have become the Swiss army knife of networking to enable
connectivity and fiber distance extension.

10
The Benefits of Media Converters

Network complexity, demanding applications, and the growing number of devices on the network
are driving network speeds and bandwidth requirements higher and forcing longer distance
requirements within the Local Area Network (LAN). Media converters present solutions to these
problems, by allowing the use of fiber when it is needed, and integrating new equipment into
existing cabling infrastructure. Media converters provide seamless integration of copper and fiber,
and different fiber types in Enterprise LAN networks. They support a wide variety of protocols,
data rates and media types to create a more reliable and cost-effective network.

Figure 1. 2 Multi-mode media converter

Configuring Basic Settings

Setting the Hostname

Cisco switch by default have a host name “switch”. To change this name follow the instructions
below:

1. Click on the Switch. A popup window will be opened.

2. Go to CLI tab in the popup window.

11
 3. Click in command box.
4. Press “Enter”.
5. To enable the switch give give following command: 1 | enable
6. To enable configuration mode give following command:
1 | configure terminal
7. To change the host name give following command: 1 | hostname
8. To save the configuration give following command: 1 | do write memory
9. To exit the configuration mode give following command: 1 | exit
10. To exit enable mode give following command:
1 | exit

Set or change password of cisco switch in cisco packet tracer

Cisco switch by default have no password. To set a password or change previous password
follow the instructions below: Click on the Switch. A popup window will be opened. Go to CLI
tab in the popup window. Click in command box.Press “Enter”.To enable the switch give give
following command: enable To enable.

Configuring Command-Line Access

To configure parameters to control access to the router, perform the following steps.

SUMMARY STEPS

1. configure terminal
2. line [ aux | console | tty | vty ] line-number
3. password password
4. login
5. exec-timeout minutes [ seconds ]
6. line [ aux | console | tty | vty ] line-number
7. password password
8. login
9. end

Steps Command Purpose

configure terminal
Step 1 Example: Enters global configuration mode.
Router# configure terminal
line [ aux | console | tty | vty ] line-number
Enters line configuration mode, and
Step 2 Example:
specifies the type of line.
Router(config)# line console 0
password password
Specifies a unique password for the console
Step 3 Example:
terminal line.
Router(config)# password 5dr4Hepw3

12
 login
Enables password verification at the
Step 4 Example:
terminal login session.
Router(config-line)# login
Sets the interval that the EXEC command
exec-timeout minutes [ seconds ]
interpreter waits until user input is detected.
Step 5 Example:
The default is 10 minutes. You can also
Router(config-line)# exec-timeout 5 30
optionally add seconds to the interval value.
line [ aux | console | tty | vty ] line-number Specifies a virtual terminal for remote
Step 6
Example: Router(config-line)# line vty 0 4 console access.
password password
Specifies a unique password for the virtual
Step 7 Example:
terminal line.
Router(config-line)# password aldf2ad1
login Enables password verification at the virtual
Step 8
Example: Router(config-line)# login terminal login session.
end Exits line configuration mode, and returns to
Step 9
Example: Router(config-line)# endRouter# privileged EXEC mode.

1.2. View VLANs by Device and Port

 VLANs are assigned to individual switch ports.
 Ports can be statically assigned to a single VLAN or dynamically assigned to a single
VLAN.
 All ports are assigned to VLAN 1 by default
 Ports are active only if they are assigned to VLANs that exist on the switch.
 Static port assignments are performed by the administrator and do not change unless
modified by the administrator, whether the VLAN exists on the switch or not.
 Dynamic VLANs are assigned to a port based on the MAC address of the device plugged
into a port.
 Dynamic VLAN configuration requires a VLAN Membership Policy Server (VMPS)
client, server, and database to operate properly.

Configuring Static VLANs

On a Cisco switch, ports are assigned to a single VLAN. These ports are referred to as access ports
and provide a connection for end users or node devices, such as a router or server. By default, all
devices are assigned to VLAN 1, known as the default VLAN. After creating a VLAN, you can
manually assign a port to that VLAN and it will be able to communicate only with or through other
devices in the VLAN. Configure the switch port for membership in a given VLAN as follows:

13
To change the VLAN for a COS device, use the set vlan command, followed by the VLAN number,
and then the port or ports that should be added to that VLAN. VLAN assignments such as this are
considered static because they do not change unless the administrator changes the VLAN
configuration.

For the IOS device, you must first select the port (or port range for integrated IOS) and then use
the switchport access vlan command followed by the VLAN number.

Configuring Dynamic VLANs

Although static VLANs are the most common form of port VLAN assignments, it is possible to
have the switch dynamically choose a VLAN based on the MAC address of the device connected
to a port. To achieve this, you must have a VTP database file, a VTP server, a VTP client switch,
and a dynamic port. After you have properly configured these components, a dynamic port can
choose the VLAN based on whichever device is connected to that port.

Configuring a VLAN based on ports allows PCs in the VLAN to communicate with each other.
Application Environment: A company has multiple departments located in different buildings. For
service security, it is required that employees in one department be able to communicate with each
other, whereas employees in different departments be prohibited from communicating with each
other. Devices on the network shown in the following figure. Add ports connecting devices to PCs
of the financial department to VLAN 5 and ports connecting devices to PCs of the marketing
department to VLAN 9. This configuration prevents employees in financial and marketing
departments from communicating with each other.

Configure links between CE and PE as trunk links to allow frames from VLAN 5 and VLAN 9 to
pass through, allowing employees of the same department but different buildings to communicate
with each other. By configuring port-based VLANs on the PE, CE1, and CE2, employees in the
same department can communicate with each other, whereas employees in different departments
cannot.

Figure 1. 3 Networking diagram for configuring a VLAN based on ports

14
Pre-configuration Tasks

Before configuring a VLAN based on ports, complete the following task: Connecting ports and
configuring physical parameters of the ports, ensuring that the ports are physically Up.

Configuration Procedures

Figure 1. 4 Procedure of configuring a VLAN based on ports

After a VLAN profile is created, assign it to switches, aggregation devices in a Junos Fusion fabric,
Virtual Chassis Fabric, members of Layer 3 Fabric, or members of custom groups. You must have
one or more existing VLAN profiles, either user-configured or system-created, before you can
assign a VLAN profile to a switch, or member of a custom group or port group.

1.3. Automatic Discovery and Configuration Manager

Configuration management is a process closely linked to change management, which is also called
configuration control. Any system that needs to be controlled closely and run with good reliability,
maintainability and performance benefits greatly from configuration management, i.e., the
management of system information and system changes. Configuration management can extend
life, reduce cost, reduce risk, and even correct defects. It should be applied over the life cycle of a
system in order to provide visibility and control of its performance as well as its functional and
physical attributes.

In Configuration Manager 2012, the discovery of users, groups and devices has been improved
since Configuration Manager 2007. The discovery feature in Configuration Manager 2012 enables
you to identify computer and user resources that can be managed with Configuration Manager.
You are able to configure the discovery of resources on different levels in the Configuration
Manager 2012 hierarchy.

Active Directory Forest Discovery

The Active Directory Forest Discovery is a new discovery method in Configuration Manager 2012
that allows the discovery of Active Directory Forest where the site servers reside and any trusted
forest. With this discovery method, you are able to automatically create the Active Directory or IP
subnet boundaries that are within the discovered Active Directory Forests. Active Directory Forest
Discovery can be configured on Central Administration Sites & Primary Sites.

15
1.4. Wireless Mobility Configuration Menu
A Mobility Domain enables users to roam geographically across the system while maintaining
data sessions and VLAN or subnet membership, including IP address, regardless of connectivity
to the network backbone. As users move from one area of a building or campus to another, client
associations with servers or other resources remains the same.

The clustering functionality ensures mobility across an entire wireless network. With clustering,
you can effortlessly create logical groups of controllers and access points, which share network
and user information in a proactive manner for continuous and uninterrupted support. You can
create a mobility domain using the Create Mobility Domain window from the Network Director
user interface.

A Mobility Group is a group of Wireless LAN Controllers (WLCs) in a network with the same
Mobility Group name. These WLCs can dynamically share context & state of client devices, WLC
load information, and can forward data traffic among them, which enables inter-controller wireless
LAN roam and controller redundancy. Before you add controllers to a mobility group, you must
verify that certain requirements are met for all controllers that are to be included in the group.

A Mobility Group is configured manually. The IP and MAC address of the Wireless LAN
Controllers (WLCs) that belong to the same Mobility Group are configured on each of the WLCs
individually. Mobility Groups can be configured either through the CLI or through the GUI.
Mobility Groups can also be configured with the Prime Infrastructure (PI). This alternative method
comes in handy when a large number of WLCs is deployed. No Wireless LAN Controllers (WLCs)
can be configured only in one Mobility Group.

A Mobility Group can include up to 24 WLCs of any type. The number of access points supported
in a Mobility Group is bound by the number of WLCs and WLC types in the group. For example,
if a controller supports 6000 access points, a mobility group that consists of 24 such controllers
supports up to 144,000 access points (24 * 6000 = 144,000 access points).

You can add different mobility members that are part of a different Mobility Group into the
mobility list that is used for mobility anchors that can anchor within a different Mobility Group.
There can be up to 72 members in the list with up to 24 in the same Mobility Group.

In a mobility list, the below combinations of mobility groups and members are allowed:

 3 mobility groups with 24 members in each group

 12 mobility groups with 6 members in each group
 24 mobility groups with 3 members in each group
 72 mobility groups with 1 member in each group

Configuring Mobility Groups (Cisco Wireless LAN Controllers)

To add an entry to a controller mobility configuration using the GUI, go to CONTROLLER >
Mobility Management > Mobility Groups, and click on New. Here you enter the MAC address

16
and IP address of the controller management interface you are adding along with the mobility
group name of that controller.

Mobility, or roaming, is a wireless LAN client’s ability to maintain its association seamlessly from
one access point to another securely and with as little latency as possible.

Mobility group is a set of controllers, identified by the same mobility group name that make
seamless roaming for wireless clients. By creating a mobility group, we can enable multiple
controllers in a network to dynamically share information and forward data traffic when inter-
controller or inter-subnet roaming occurs. Controllers in the same mobility group can share the
context and state of client devices as well as their list of access points so that they do not consider
each other’s access points as rogue devices.

Wireless access point

A wireless access point (WAP or AP) is a device that allows wireless communication devices to
connect to a wireless network using Wi-Fi, Bluetooth or related standards. The WAP usually
connects to a wired network, and can relay data between the wireless devices (such as computers
or printers) and wired devices on the network.

Basic firewall A firewall is a part of a computer system or network that is designed to block
unauthorized access while permitting outward communication. It is also a device or set of devices
configured to permit, deny, encrypt, decrypt, or proxy all computer traffic between different
security domains based upon a set of rules and other criteria.

Routers

 A router, like a switch forwards packets based on address.

 Usually, routers use the IP address to forward packets, which allows the network to go
across different protocols.
 Routers forward packets based on software while a switch (Layer 3 for example) forwards
using hardware called ASIC (Application Specific Integrated Circuits).
 Routers support different WAN technologies but switches do not.
 Besides, wireless routers have access point built in.
 The most common home use for routers is to share a broadband internet connection.
 As the router has a public IP address which is shared with the network, when data comes
through the router, it is forwarded to the correct computer.

1.5. Device Schedules

Owing to the increasing need for massive data analysis and model training at the network edge, as
well as the rising concerns about the data privacy, a new distributed training framework called
federated learning (FL) has emerged. In each iteration of FL (called round), the edge devices
update local models based on their own data and contribute to the global training by uploading the
model updates via wireless channels. Due to the limited spectrum resources, only a portion of the
devices can be scheduled in each round.

17
In order to take a backup of your device configurations, you need to first discover your devices
using Network Configuration Manager. The tool also allows you to add devices in bulk. Once the
devices are discovered, you can proceed to scheduling network backups. Device configurations
need to be backed up often in order to maintain a repository of backups ready to be restored in case
of emergencies. In large enterprises with more number of devices, this task of getting the device
configuration backup up becomes a huge mundane task taking up most of the time of an admin.
Being able to schedule configuration backups is used to free up a network admin’s time to do
productivity enhancing tasks.

1.6. VPN Policy Manager

A virtual private network (VPN) is a private data network connection that makes use of the public
telecommunications infrastructure, maintaining privacy through the use of a tunneling protocol
and security procedures. Using a virtual private network involves maintaining privacy through the
use of authorization, authentication, and encryption controls that encrypt da ta before sending it
through the public network and decrypting it at the receiving end. In a site-to-site configuration, a
VPN can be contrasted with a system of owned or leased lines that can only be used by one
company. In a remote user configuration, a VPN can be contrasted to a privately managed remote
access system (e.g. dial-up). The concept of the VPN is to give the agency the same capabilities at
much lower costs by using the shared public infrastructure rather than a private one. However,
VPN links are considered to be less trusted than dedicated, private connections; therefore, this
policy sets forth the security requirements for VPN connections to the State’s network.

VPN’s enable an organization to use public networks such as the internet, to provide a secure
connection among the organization’s wide area network. Customers can use VPN’s to connect an
enterprise Intranet to a wide area network comprised of partners, customers, resellers and
suppliers. Traditionally, business have relied on private 56-Kbps or T-1 leased lines to connect
remote offices together. Leased lines are expensive to install and maintain. For small companies,
the cost is just too high. Using the internet as a backbone, A VPN can securely and cost effectively
connect all of companies’ offices, telecommuters, mobile workers, customers, partners &
suppliers.

Overview of how it Works

 Two connections – one is made to the Internet and the second is made to the VPN.
 Datagrams – contains data, destination and source information.
 Firewalls – VPNs allow authorized users to pass through the firewalls.
 Protocols – protocols create the VPN tunnels.

VPN Gateway and Tunnels

A VPN gateway is a network device that provides encryption and authentication service to a
multitude of hosts that connect to it. From the outside (internet), all communications addressed to
inside hosts flow through the gateway. There are two types of endpoint VPN tunnels:

 Computer to gateway

18
For remote access: generally set up for a remote user to connect A corporate LAN

 Gateway to Gateway

This is a typical enterprise-to-enterprise configuration. The two gateways communicate with

each other

Figure 1. 5 Types of endpoint VPN tunnels

1.7. Element Manager

Importance of Managing Network Devices

 Configuration Management
 Performance Management
 Fault Management

Common ways to analyze the configuration, Performance and Faults on a Cisco Device

 CLI (Command Line Interface)

 SNMP (Simple Network Management Protocol)
 CiscoView

Using SNMP and CiscoView:

 A user can define a VTP domain,

 Configure devices as VTP servers, clients, or transparent devices in the domain,
 Create VLANs within the domain,
 Assign ports to a VLAN, and view the ports assigned to a VLAN.

19
 Figure 1. 6 Access a device using CiscoView

1.8. CLI Configuration Manager

Configuration Manager can be run from a command line. You want to run the Configuration
Manager from the commend line as opposed to using the graphical user interface because of the
following reasons:

 You want to automate the configuration of the software.

20
  Your site wants the command-line version run for security reasons.
 You want to create a script to set up your system and then allow a user to run the script.

You begin by generating the configuration XML files that define the application server, the
profile type, and the XML file path. You then edit the files to enter values for your environment.

Understanding Cisco IOS Command Line Modes

Cisco Command Line Interface (CLI) is the main interface where we will interact with Cisco
IOS devices. CLI is accessible directly via console cable or remotely via methods such as
Telnet/SSH. From here, we can do things such as monitoring device status or changing
configuration. Cisco has divided its CLI into several different modes. Understanding Cisco IOS
Command Line Modes is essential because each mode has its own set of commands. Cisco has at
least three main command line modes: user EXEC mode, privileged EXEC mode, and global
configuration mode. Of course, there are other more specific modes such as interface
configuration mode, extended ACL configuration mode, routing/VLAN configuration mode, etc.

User EXEC mode

By default this is where we begin the session with our Cisco IOS devices (unless a specific
privilege level has been granted to our user account). The characteristics of user EXEC mode
are:

 Indicated by a right angle bracket sign (“>”) next to the device hostname.
 Contains commands that we can use to test device/network configuration such as ping
and traceroute.
 A limited set of commands that are not changing the device configuration such as the
show and clear command are available.
 We can connect to other device from user EXEC mode by using telnet or ssh
 To protect user EXEC mode we can create username and password combination on the
device.
 Issuing exit command here will disconnect the session.

21
This flowchart below will show the position of each node against the other modes.

Figure 1. 7 Cisco IOS Command Line Modes

Privileged EXEC mode

Basically, privileged EXEC mode contains the complete command of what we got in user EXEC
mode. In this mode, we still cannot do any configuration changes. However, the configuration
mode can only be accessed from privileged EXEC mode. Privileged EXEC mode is activated
after we use command enable on user EXEC mode.

Below are the characteristics of privileged EXEC mode:

 Indicated by a hash sign (“#”) next to the device hostname

 All commands that are available on user EXEC mode are available in here too
 More complete set of commands under show and clear command are available here. For
example, in user EXEC mode there is no show running-config under the show command,
but in privileged EXEC mode it is exist.

22
  Unless the user account that we used has specific privilege level assigned to it, by default
it will get the highest privilege level, which is level 15.
 Privileged EXEC mode can be protected using an enable password.
 Issuing disable command here will bring us back to the user EXEC mode.
 Issuing exit command here will disconnect the session.

Global configuration mode

This is where the real configurations are done. We can enter global configuration mode from
privileged EXEC mode by using command configure terminal. From here we can do changes on
the global device configuration such as hostname, domain-name, creating user accounts, etc; or
we can enter more specific configuration within global configuration mode and make changes
such as IP address interface, access-list, DHCP, policy, etc.

Some characteristics of global configuration mode are:

 Indicated by device hostname prompt, followed by a word “config” inside a bracket and
then hash sign (“#”).
 All commands from EXEC mode can be used here by adding a word do before the
command that we want to execute, for example if we want to use show running-config in
global configuration mode we have to type it as do show running-config.
 Despite that we can change configuration within global configuration mode, if we want to
save the configuration we have to do it by exiting back to privileged EXEC mode and issue
command write memory or copy running-config startup-startup config from there
(however, these two commands can also be used from within global configuration mode
by adding a do prefix to the command, as explained in the previous point).
 Global configuration mode can be protected by assigning a custom privilege level to the
user account then set allowed commands and block the rest, thus limiting the configuration
capability.
 Issuing exit here will bring us back to the privileged EXEC mode.

To change a device configuration, you need to enter the global configuration mode. This mode can
be accessed by typing configure terminal (or conf t, the abbreviated version of the command) from
the enable mode. The prompt for this mode is hostname(config). Global configuration mode
commands are used to configure a device. You can set a hostname, configure authentication, set
an IP address for an interface, etc. From this mode, you can also access submodes, for example

23
the interface mode, from where you can configure interface options. You can get back to a
privileged EXEC mode by typing the end command. You can also type CTRL + C to exit the
configuration mode.

Submode Commands

A global configuration mode contains many sub-modes. For example, if you want to configure an
interface you have to enter that interface configuration mode. Each submode contains only
commands that pertain to the resource that is being configured. To enter the interface configuration
mode you need to specify which interface you would like to configure. This is done by using the
interface INTERFACE_TYPE/INTERFACE_NUMBER global configuration command, where
INTERFACE_TYPE represents the type of an interface (Ethernet, FastEthernet, Serial…) and
INTERFACE_NUMBER represents the interface number, since CIsco devices usually have more
than one physical interface. Once inside the interface configuration mode, you can get a list of
available commands by typing the “?” character. Each submode has its own prompt.

24