Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
43 views12 pages

Wireless 2 Notes

Uploaded by

Partha Sarathi Nandi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
43 views12 pages

Wireless 2 Notes

Uploaded by

Partha Sarathi Nandi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 12

================================

1. Physical to logical Topology


================================

------------------------------------------
1. Configure Trunking between the Switches
------------------------------------------

------
CAT1
------

default interface range Gig 1/0/21-22


!
Interface range gig 1/0/21-22
switchport mode trunk

------
CAT2
------

default interface range Gig 1/0/21-22


!
Interface range gig 1/0/21-22
switchport mode trunk

------------------------------------------
2. Create the VLANs on both the swithces
------------------------------------------

---------
CAT1
---------

vlan 10,11,12,13,20,30,101
exit

---------
CAT2
---------

vlan 10,11,12,13,20,30,101
exit

-----------------------------------------------
3. Assign Ports to VLANs - ONE VLAN AT A TIME
-----------------------------------------------

----------
VLAN 101
----------

-------
CAT1
-------

Interface range gig 1/0/7-8


switchport mode access
switchport access vlan 101
!
ip routing
!
interface vlan 101
ip add 10.0.1.11 255.255.255.0
no shut

----------
VLAN 10
----------

-------
CAT1
-------

default interface range gig 1/0/11-12


!
Interface range gig 1/0/11-12
Description Port channel towards the WLC
channel-group 21 mode on
no shut
!
Interface Port-channel 21
switchport mode trunk

-------
CAT2
-------

default interface range gig 1/0/11-12


!
Interface range gig 1/0/11-12
Description Port channel towards the WLC
channel-group 21 mode on
no shut
!
Interface Port-channel 21
switchport mode trunk

----------
VLAN 11
----------

-------
CAT1
-------

default interface gig 1/0/1


!
interface gig 1/0/1
switchport mode access
switchport access vlan 11
!
interface vlan 11
ip address 10.0.11.11 255.255.255.0
no shut

----------
VLAN 20
----------

-------
CAT1
-------

interface vlan 20
ip address 10.0.20.11 255.255.255.0
no shut

----------
VLAN 13
----------

-------
CAT1
-------

interface vlan 13
ip address 10.0.13.11 255.255.255.0
no shut

-------
CAT2
-------

ip routing
!
interface vlan 13
ip address 10.0.13.22 255.255.255.0
no shut

----------
VLAN 12
----------

-------
CAT2
-------

default interface gig 1/0/3


!
interface gig 1/0/3
switchport mode access
switchport access vlan 12
!
interface vlan 12
ip address 10.0.12.22 255.255.255.0
ip helper-address 10.0.13.11
no shut

----------
VLAN 30
----------

-------
CAT2
-------
interface vlan 30
ip address 10.0.30.22 255.255.255.0
ip helper-address 10.0.13.11
no shut
!
no ip forward-protocol udp 137
no ip forward-protocol udp 138
no ip forward-protocol udp 37
no ip forward-protocol udp 49
no ip forward-protocol udp 53
no ip forward-protocol udp 69

=============================================================
2. Configure the DHCP Server for all VLANs that require it.
=============================================================

ip dhcp excluded-address 10.0.11.1 10.0.11.100


ip dhcp excluded-address 10.0.12.1 10.0.12.100
ip dhcp excluded-address 10.0.20.1 10.0.20.100
ip dhcp excluded-address 10.0.30.1 10.0.30.100
!
ip dhcp pool LAP1
network 10.0.11.0 /24
default-router 10.0.11.11
dns-server 10.0.1.12
option 43 hex f104.0A00.0A15
!
ip dhcp pool LAP2
network 10.0.12.0 /24
default-router 10.0.12.22
dns-server 10.0.1.12
option 43 hex f104.0A00.0A15
!
ip dhcp pool EXECS
network 10.0.20.0 /24
default-router 10.0.20.11
dns-server 10.0.1.12
!
ip dhcp pool EMPOYEES
network 10.0.30.0 /24
default-router 10.0.30.22
dns-server 10.0.1.12

====================================
3. Configure PVSTP
====================================

-----------------------------------------------------------------------------------
-----
1. Configure CAT1 to be the Root Switch for Odd VLANs and CAT2 for the Even VLANs
-----------------------------------------------------------------------------------
-----

-------
CAT1
-------

spanning-tree vlan 11,13,101 priority 0


spanning-tree vlan 10,12,20,30 priority 4096

-------
CAT2
-------

spanning-tree vlan 11,13,101 priority 4096


spanning-tree vlan 10,12,20,30 priority 0

-----------------------------------------------------------------------------------
-----
1. Configure Port 22 as the forwarding port for vlans 10,12,20,30
-----------------------------------------------------------------------------------
-----

--------
CAT1
--------

Interface gig 1/0/21


spanning-tree vlan 10,12,20,30 cost 2000000

--------
CAT2
--------

Interface gig 1/0/21


spanning-tree vlan 10,12,20,30 cost 2000000

=======================================
4. Configure Multi-Instance STP (MSTP)
=======================================

-----------------------------------------------------------------
1. Configure the switches in MST Mode based on the Config given
-----------------------------------------------------------------

MST Name: CCIEW


REVISION: 1
INSTANCE 1 : 11,13,101
INSTANCE 2 : 10,12,20,30

------
CAT1
------

spanning-tree mode mst


spanning-tree mst configuration
name CCIEW
revision 1
instance 1 vlan 11,13,101
instance 2 vlan 10,12,20,30

------
CAT1
------

spanning-tree mode mst


spanning-tree mst configuration
name CCIEW
revision 1
instance 1 vlan 11,13,101
instance 2 vlan 10,12,20,30

-------------------------------------------------------------------------------
2. Configure CAT1 to be the Root Switch for Instance 1 and CAT2 for Instance 2.
-------------------------------------------------------------------------------

-------------
CAT1
-------------

spanning-tree mst 1 priority 0


spanning-tree mst 2 priority 4096

-------------
CAT2
-------------

spanning-tree mst 1 priority 4096


spanning-tree mst 2 priority 0

=======================================
5. HSRP
=======================================

------------------------------------------------------------
1. Configure the SVIs for VLAN 20 & 30 on both the Switches
------------------------------------------------------------

-----
CAT1
-----

Interface vlan 30
ip address 10.0.30.11 255.255.255.0
no shut

-----
CAT2
-----

Interface vlan 20
ip address 10.0.20.22 255.255.255.0
no shut

--------------------------------------------------------------------
2. Configure HSRP on VLANs 20 and 30 based on the given requirement
--------------------------------------------------------------------

-> Configure a HSRP Group for VLAN 20 based on the following:


- VIP : 10.0.20.254
- Preferred Active : CAT1
- Preemption : Enabled
- Dead Peer Detection within 1 sec
- Standby Group # : 20
-> Configure a HSRP Group for VLAN 30 based on the following:
- VIP : 10.0.30.254
- Preferred Active : CAT2
- Preemption : Enabled
- Dead Peer Detection within 1 sec
- Standby Group # : 30

-> Re-configure the DHCP Pool for the VLANs to point to the VIP as the Default
Router.

--------
CAT1
--------

Interface vlan 20
standby 20 ip 10.0.20.254
standby 20 priority 200
standby 20 preempt
standby 20 timers msec 300 msec 900
!
Interface vlan 30
standby 30 ip 10.0.30.254
standby 30 timers msec 300 msec 900

-----
CAT2
-----

Interface vlan 20
standby 20 ip 10.0.20.254
standby 20 timers msec 300 msec 900
!
Interface vlan 30
standby 30 ip 10.0.30.254
standby 30 priority 200
standby 30 preempt
standby 30 timers msec 300 msec 900

=======================================
6. Initializing the WLC - CLI
=======================================

System Name: WLC1


Enter Administrative User Name (24 characters max): admin
Enter Administrative Password (3 to 24 characters): ********
Re-enter Administrative Password : ********

Service Interface IP Address Configuration [static][DHCP]:

Enable Link Aggregation (LAG) [yes][NO]: yes

Management Interface IP Address: 10.0.10.21


Management Interface Netmask: 255.255.255.0
Management Interface Default Router: 10.0.10.11
Management Interface VLAN Identifier (0 = untagged): 10
Management Interface DHCP Server IP Address: 10.0.10.11

Enable HA [yes][NO]: no
Virtual Gateway IP Address: 192.0.2.1

Mobility/RF Group Name: x

Network Name (SSID): MGMT

Configure DHCP Bridging Mode [yes][NO]: no

Allow Static IP Addresses [YES][no]: no

Configure a RADIUS Server now? [YES][no]: no


Warning! The default WLAN security policy requires a RADIUS server.
Please see documentation for more details.

Enter Country Code list (enter 'help' for a list of countries) [US]:

Enable 802.11b Network [YES][no]: yes


Enable 802.11a Network [YES][no]: yes
Enable 802.11g Network [YES][no]: yes
Enable Auto-RF [YES][no]: yes

Configure a NTP server now? [YES][no]: no


Configure the system time now? [YES][no]: yes
Enter the date in MM/DD/YY format: 03/10/20
Enter the time in HH:MM:SS format: 11:07:00

Would you like to configure IPv6 parameters[YES][no]: no

Configuration correct? If yes, system will save it and reset. [yes][NO]: yes

=============================================
7. Configuring the Channels for specific APs
=============================================

config ap name LAP-1 xxxx.xxxx.xxxx


config ap name LAP-3 xxxx.xxxx.xxxx
!
config 802.11b disable LAP-1
config 802.11a disable LAP-1
config 802.11b channel ap LAP-1 1
config 802.11a channel ap LAP-1 36
config 802.11b enable LAP-1
config 802.11a enable LAP-1
!
config 802.11b disable LAP-3
config 802.11a disable LAP-3
config 802.11b channel ap LAP-3 6
config 802.11a channel ap LAP-3 40
config 802.11b enable LAP-3
config 802.11a enable LAP-3

Enable the GUI in case it has been disabled

config network webmode enable

=============================================
8. Configure 2 WLANs - Execs and Employees
=============================================
-------------------------------------
1. Configure the VLAN Interfaces
-------------------------------------

Controller -> Interfaces -> Add New

Name: execs
VLAN: 20
IP Address/Mask: 10.0.20.99/24
Default Gateway: 10.0.20.254
DHCP Server: 10.0.10.11

Name: employees
VLAN: 30
IP Address/Mask: 10.0.30.99/24
Default Gateway: 10.0.30.254
DHCP Server: 10.0.10.11

-------------------------------------
2. Configure the WLANs
-------------------------------------

WLAN -> Create New

Name: EXECS Profile


SSID: EXECS
Enabled: Checked
Interface : execs
Security : L2 - Basic WEP - 40-bit - Cisco

Name: EMPLOYEES Profile


SSID: EMPLOYEES
Enabled: Checked
Interface : employees
Security : L2 - Basic WEP - 40-bit - Cisco

======================================================
9. Configure AP Groups to Limit WLANs to specific APs
======================================================

-------------------------------------
1. Create the AP Groups
-------------------------------------

WLANs -> Advanced -> AP Groups -> Add

Name: APG-EMPLOYEES
AP: LAP-3
WLAN: EMPLOYEES
Interface: employees

Name: APG-EXECS
AP: LAP-1
WLAN: EXECS
Interface: execs

======================================================
10. Configure the AP in Flex Connect Mode
======================================================
----------------------------------------------------------------
1. Configure the Switchport connected towards the AP as a Trunk
----------------------------------------------------------------

------
CAT2
------

default interface gig 1/0/3


!
interface gig 1/0/3
switchport mode trunk
switchport trunk native vlan 12

----------------------------------------------------------------
2. Configure the WLAN as a Flex Connect WLAN
----------------------------------------------------------------

WLAN -> Create New

Name: BRANCH1 Profile


SSID: BRANCH1
Enabled: check
Interface: employees
Security: L2- Basic WEP : 40bit Key: Cisco

Advanced Tab:
FlexConnect Local Switching

----------------------------------------------------------------
3. Configure the AP in FlexConnect Mode
----------------------------------------------------------------

Monitor -> Summary -> All APs -> Details -> LAP-3

AP Mode: FlexConnect

Apply

FlexConnet Tab

Check the VLAN Support = Check


Native VLAN = 12

Apply

----------------------------------------------------------------
4. Configure the AP Group to Advertise the FlexConnect SSID
----------------------------------------------------------------

WLANs -> Advanced -> AP Groups -> APG-EMPLOYEES -> WLAN Tab

Add:
BRANCH1 - employees

================================================================
11. Integrating ISE and WLC
================================================================

-----------------------------------------------
1. Configure the relationship between ISE & WLC
-----------------------------------------------

------
WLC
------

Security -> AAA -> RADIUS -> Authentication -> Add

IP Address: 10.0.1.5
Secrey Key: cisco123
Authentication: 1812
Timeout: 5

Security -> AAA -> RADIUS -> Accounting -> Add

IP Address: 10.0.1.5
Secrey Key: cisco123
Accounting: 1813
Timeout: 5

------
ISE
------

Administration -> Network Resources -> Network Device Groups -> Add

HQ-WLCs

Administration -> Network Resources -> Network Devices -> Add

Name: WLC1
IP Address: 10.0.10.21
Network Device Group: HQ-WLCs
Protocol: RADIUS
Secret key: cisco123

-----------------------------------------------
2. Create Groups and Assign Users to them
-----------------------------------------------

------
ISE
------

Administration -> Identity Management -> Groups -> User Identity Groups -> Add

Name: EXECS

Name: EMPLOYEES

Administration -> Identity Management -> Identities -> Add

Name: Exec1
Password: Cisco123*
Group: EXECS

Name: Employees1
Password: Cisco123*
Group: EMPLOYEES

----------------------------------------------------------------------
3. Create an Authorization Profile to specify the VLAN to be assigned
----------------------------------------------------------------------

Policy -> Policy Elements -> Results -> Authorization -> Authorization Profiles ->
Add

Name: PROF-20
VLAN: 20

Name: PROF-30
VLAN: 30

----------------------------------------------------------------------
4. Configure an Authorization Policy to link the Group to the Profile
----------------------------------------------------------------------

Policy -> Authorization -> Insert

Name: EXECS-POLICY
Group: EXECS
Profile: PROF-20

Name: EMPLOYEE-POLICY
Group: EMPLOYEES
Profile: PROF-30

----------------------------------------------------------------------
5. Configure the SSID on the WLC
----------------------------------------------------------------------

WLANs -> Create new

Name: ABC Profile


SSID: ABC
Enabled: Checked
Interface: management
Security:L2 - Default [WPA+WPA2]

AAA Servers:

RADIUS Server Overwrite Interface : Checked


Authentication & Accounting Server: 10.0.1.5

Advanced Tab:

Allow AAA Override : Checked

===================================================================================

You might also like