wireless mod5 accesspoints

8/10/2019 Wireless Mod5 AccessPoints

1/49

Ch. 5Access Points


2/49

Overview


3/49

Access Point Connection


4/49


5/49


6/49

Cable and Power

WARNINGNever connect both the DC power to the APpower port and inline power simultaneously


7/49

AP Installation


8/49

LED indicators

The LED lights on an access point convey status information. When the access point is powering on, all three LEDs normally blink.

After bootup, the colors of the LEDs represent the following: GreenLEDs indicate normal activity.

AmberLEDs indicate errors or warnings.

RedLEDs mean the unit is not operating correctly or is being

upgraded.

1100 AP 1200 AP


9/49

Reset the AP (Power On)

When beginning a lab, to make sure the AP has the default settings,you will reset the AP.

Follow these steps to reset the access point to factory default settingsusing the access point MODE button:

Step 1Disconnect power (the power jack for external power or theEthernet cable for in-line power) from the access point.

Step 2Press and hold the MODEbutton while power to the accesspoint is reconnected.

Step 3Hold the MODEbutton until the Status LED turns amber(approximately 1 to 2 seconds), and release the button. All access

point settings return to factory defaults.

1100 AP 1200 AP


10/49

Connecting to the AP (Configuration)

Wired Wireless: Requires Association


11/49

Connecting to the AP (Console)

ConsoleSerial

Rollover Cable

IOS CLI


12/49

Connecting to the AP (Telnet)

Requires a network connection either Ethernetor Wireless

AP Defaults IP Address = 10.0.0.1/24

Username and Password =Cisco (C not c)

This password is theprivilege password, not theWEP password.

Cisco


13/49

Connecting to the AP (Browser)

Wired Wireless: Requires AssociationPreferred Method!


14/49

Connecting to the AP (Wireless)

Wireless adapter: If configuring using the wireless adapter, you must first associate

with the AP. Make sure the settings on the ACU match the AP.

Cisco 1100 and 1200 Aps have the following defaults:

IP Address = 10.0.0.1/24

SSID = tsunami

Password = Cisco (C not c)

SSID = tsunami

SSID = tsunami


15/49

Connecting to the AP (Wired)

Wired Ethernet: No association necessary

Make sure the IP Address on the Ethernet interface is on the samesubnet as the AP.

AP Defaults

IP Address = 10.0.0.1/24

Password = Cisco (C not c)

Preferred Method!

SSID = tsunami

SSID = tsunami


16/49

Connecting to the AP (Wired)

Wired Ethernet: We will use the browser via wired methodto initially configure

APs during labs so we do not configure the wrong AP via wireless. IOS CLIOptional, but you can do those labs if you wish. We

will cover some of the basic commands.

Preferred Method!

SSID = tsunami

SSID = tsunami


17/49

Basic Configuration

The labs will really help you understand this.

Lab 5.4.4: Configuring Radio Interfaces Through the

GUI

Skip step # 4

Refer to the next few slides to complete the lab


18/49

The APs IP address

Same IP address whether you are connecting via the wiredor wireless interface. (For configuring the AP.)


19/49

ACU - Verifying

Right click

N t k I t f R di 802 11B


20/49

Network InterfacesRadio-802.11B

(Settings)

Network Interfaces Radio 802 11B


21/49


(Settings)



22/49


(Settings)



23/49


(Settings)

PLCP

frame!



24/49


(Settings)



25/49


(Settings)



26/49


(Settings)



27/49


(Settings)


28/49

Using the CLI


29/49

Lab 5.4.5 Page 118

Configuring Radio Interfaces through the IOS CLI

Stop at step # 10


30/49

Wired equivalent privacy (WEP)

The IEEE 802.11standard includes WEP to protect authorized users ofa WLAN from casual eavesdropping.

The IEEE 802.11 WEP standard specified a 40-bit key, so that WEPcould be exported and used worldwide.

Most vendors have extended WEP to 128 bits or more. When using WEP, both the wireless client and the access point must

have a matching WEP key.

WEP is based upon an existing and familiar encryption type, RivestCipher 4 (RC4).

128 bit WEP is sometimes

referred to, and more

accurately, as 104 bit WEP.

Also, be sure that Transmit

Key numbers match, I.e. Key1 on both AP and ACU.

AP

ACU


31/49

Authentication Process (Review)

On a wired network, authentication is implicitly provided by the physicalcable from the PC to the switch.

Authentication is the process to ensure that stations attempting toassociate with the network (AP) are allowed to do so.

802.11 specifies two types of authentication: Open-system

Shared-key (makes use of WEP)


32/49

Open Authentication

Typical Open Authentication onboth AP and Client with No WEP

keys


33/49

Open Authentication and WEP

Remember there are three steps to Association: Probe

Authentication

Association

A client can associate with an AP, but use WEP to send the encrypted

data packets. Authentication and data encryption are two different things.

AuthenticationIs the client allowed to associate with this AP?

EncryptionEncrypts the data (payload) and ICV (Integrity Check

Value) fields of the 802.11 MAC, not the other fields.

So a client could Associate with the AP, using Open Authentication(basically no authentication), but use WEP to encrypt the data frames

sent after its associated.


34/49

Open Authentication and WEP

In some configurations, a client can associate to the access point with anincorrect WEP key or even no WEP key.

The AP must be configured to allow this (coming).

A client with the wrong WEP key will be unable to send or receive data, sincethe packet payload will be encrypted.

Keep in mind that the header is not encrypted by WEP. Only the payload or data is encrypted.

Associated but data

cannot be sent or

received, since it

cannot be

unencrypted.

Open Authentication - Optional WEP


35/49

Open Authentication - Optional WEP

Encryption (AP)

802.11 allows client to associate with AP. Cisco AP must have WEP Encryption set to Optional Association successful with any of these options on the client:

Matching WEP key

Non-matching WEP key

No WEP key


36/49

Encryption Modes

Indicates whether clients should use data encryption when

communicating with the device. The three options are: None- The device communicates only with client devices that are not

using WEP.

WEP Encryption- Choose Optional or Mandatory. If optional, client devices can communicate with this access point or

bridge with or without WEP. If mandatory, client devices must use WEP when communicating withthe access point. Devices not using WEP are not allowed tocommunicate. WEP (Wired Equivalent Privacy) is an 802.11 standardencryption algorithm originally designed to provide with a level ofprivacy experienced on a wired LAN. The standard defines WEP base

keys of size 40 bits or 104 bits.


37/49

In Summary

Client Use Open Authentication on the client (does not use WEP, challenge

transaction, during authentication).

Use WEP for Data Encryption.

AP Use Open Authentication

Use Mandatory WEP Encryption, Devices not using WEP are not allowed

to communicate.


38/49

Lab 8.3.3.1: Page 225

Configuring WEP on AP and client

C / C


39/49

MAC Authentication/MAC Filters

Allows you to accept/deny specific MAC or IP addresses.

L b 8 3 2 P 218


40/49

Lab 8.3.2: Page 218

Configuring Filters on AP


41/49

Services

We will not configure all of these options or use all ofthe features.

S i


42/49

Services

The Services Summarypage shows whether all of themain services are currently enabled or disabled.

T l t/SSH


43/49

Telnet/SSH

L b 8 3 1 1 P 198


44/49

Lab 8.3.1.1 Page 198

Configuring Basic AP Security Via GUI

E t L


45/49

Event Log

L b 11 5 6 1 335


46/49

Lab 11.5.6.1: page 335

Configuring Syslog on AP

HTTP


47/49

HTTP

This feature enables Web-based GUI management by providing support forHTML Web pages and Common Gateway Interface (CGI) scripts usingcommon Web browsers.

The Services>Web Serverpage is used to enable browsing to the web-basedmanagement system, specify the location of the Help files, and enter settingsfor a custom-tailored web system for management.

With the Allow Web-based Configuration Management enabled, access to theGUI management system is permitted.

If HTTP is disabled, the management system is accessible only through Telnet

or the console

C fi AP t


48/49

Configure an AP as a repeater

Lab 5.4.8: Configure an AP as a repeater through the GUIPage 127

Lab 8.3.3.2: Configure an AP as a repeater using WEP

through the GUIpage 230


49/49

Ch. 5Access Points

wireless mod5 accesspoints

Documents