wireless network security lab last update 2011.06.01 1.0.0 1copyright 2011 kenneth m. chipps ph.d

Wireless Network Security Lab

Last Update 2011.06.01

1.0.0

1Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com

Method Used

• This lab will be done in Packet Tracer 5.2 or later

• Start Packet Tracer

2Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com

Create the Lab Network

• Create this network in it

Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com 3


• The connections to the Server-PT devices from the Access Point switch ports are straight-through cables


Configure the Access Point

• Click on the Linksys WRT300N Wireless Access Point– Open the GUI tab and ensure that DHCP is

set to Automatic Configuration• Leave the Access Point’s IP address at the

default value of 192.168.0.1/24• Enable the DHCP Server and leave the Start

IP Address as 192.168.0.100• Set the maximum number of DHCP clients to

4Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com 6

Configure the Wireless Client

• Open the Physical tab of the PC-PT computer and turn the power off

• Remove the Ethernet module and replace it with the Linksys WMP-300N wireless module

• Turn the power back on• After a few seconds you should have a

wireless connection to the access point


Enable WEP

• The original security method used in wireless LANs was WEP

• Let’s see how it is enabled• On the WRT-300N access point select the

Config tab– Change the SSID to

• CCNP

– Enable WEP Authentication• Use 1234567890 as the WEP key value


Enable WEP

• On the PC using the Wireless Settings• Change the SSID to

• CCNP

• Enable WEP Authentication• Use 1234567890 as the WEP key value


Configure the Web Server

• On the Web Server• Open the Desktop tab• Click the IP configuration icon

• Change the static settings of the Web Server as follows



• Open the Config tab disable all service except for HTTP and HTTPS


Check Connectivity

• Open the wireless host’s Web Browser and verify that you can access the web server using the IP address 192.168.0.11

• If you are successful, your browser page should look this


Check Connectivity


Enable WPA with TKIP

• WEP was replaced by WPA using TKIP• Let’s see how WPA works• On the wireless access point, enable

WPA-PSK authentication• Set the Data Encryption type to TKIP• Use the PassPhase abcd1234


Enable WPA with TKIP

• On the wireless host, enable WPA-PSK authentication

• Use the PassPhase abcd1234• Ensure that the Data Encryption type is set

to TKIP


Check Connectivity

• After the wireless connection between the access point and the wireless host is resumed

• Verify connectivity by pinging the web server at 192.168.0.11


Enable WPA with AES

• TKIP was soon replaced in WPA by AES• Let’s see how this change is made• On the wireless access point, enable

WPA-PSK authentication• Set the Data Encryption type to AES• Use the PassPhase abcd1234


Enable WPA with AES

• On the wireless host, enable WPA-PSK authentication

• Ensure that the Data Encryption type is set to AES

• Use the PassPhase abcd1234


Check Connectivity

• After the wireless connection between the access point and the wireless host is resumed

• Verify connectivity by pinging the web server at 192.168.0.11


Enable WPA2

• There are two versions of WPA2– WPA2-PSK– WPA2-Enterprise

• We have just seen WPA-PSK enabled above at all it is is WPA with TKIP replaced by AES

• In other words PSK or pre-shared key• As in WEP and WPA, WPA-PSK is just a

password based systemCopyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com 22

Enable WPA2

• As is true of any password based system, the password can be lost

• This requires all the devices be changed• A better solution is to use a RADIUS

server to enable WPA2-Enterprise• Let’s see how this is done


Configure the RADIUS Server

• Open the Desktop tab on the RADIUS Server and click the IP configuration icon

• Change the static settings of the RADIUS Server as follows



• Open the Config tab– Disable all services except AAA

• Click on the AAA service–Turn the AAA service on and leave the

RADIUS port set to 1645– Add a RADIUS client Linksys Access Point

with an IP address of 192.168.0.1 and a secret key ccnp1234

– Add a user student with a password ciscoCopyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com 26


• On the access point– Change the Authentication type to WPA2– Configure the RADIUS server IP address as

192.168.0.10– Set the Shared Secret key to ccnp1234– Set the Data Encryption Type to AES


Configure the Wireless Client

• On the Wireless Client– Change the Authentication Type to WPA2

Change the Data Encryption Type to AES– Enter the User ID

• student

– Enter the password• cisco


Check Connectivity

• You should now have connectivity between the wireless host and the access point

• Verify this by connecting to the web server from the browser on the wireless host

• If you do not have connectivity to the web server, double-check all of your settings on access point, wireless host, and RADIUS server


Source

• Most of this lab is stolen from John Morgan, but its ok, he said I could


wireless network security lab last update 2011.06.01 1.0.0 1copyright 2011 kenneth m. chipps ph.d

Documents

web server copyright

access point copyright

lab network copyright

https copyright

cables copyright

wep key value copyright

check connectivity copyright

passphase abcd1234 copyright