Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:03,700 --> 00:00:07,259 This is a free, complete course for the CCNA. 2 00:00:07,259 --> 00:00:11,109 If you like these videos, please subscribe\n 3 00:00:11,109 --> 00:00:15,959 Also, please like and leave a comment, and\n 4 00:00:19,028 --> 00:00:22,800 In this video we will look at wireless LAN\nconfiguration. 5 00:00:22,800 --> 00:00:27,750 In the past three videos we covered a lot\n 6 00:00:27,750 --> 00:00:32,238 Finally we’ll get hands-on and see how to\n 7 00:00:32,238 --> 00:00:35,899 We will cover exam topics 2.7, 2.8, and 2.9. 8 00:00:35,899 --> 00:00:43,019 2.9 in particular tells us what we need to\n 9 00:00:43,020 --> 00:00:49,290 In addition, we will cover exam topic 5.10\n 10 00:00:49,289 --> 00:00:54,950 using WPA2 PSK, pre-shared key, using the\nGUI. 11 00:00:54,950 --> 00:01:03,150 Note that both topics 2.9 and 5.10 mention\n 12 00:01:03,149 --> 00:01:07,780 Up to this point in the course we have only\n 13 00:01:10,010 --> 00:01:14,740 You can configure wireless LANs via the CLI\n 14 00:01:14,739 --> 00:01:18,969 GUI, and that’s what Cisco expects you to\nknow for the exam. 15 00:01:22,340 --> 00:01:27,859 First I’ll give an introduction to the network\n 16 00:01:27,859 --> 00:01:32,420 Then I’ll cover the necessary switch configurations,\n 17 00:01:34,709 --> 00:01:40,589 Then I’ll show the basic wireless LAN controller\n 18 00:01:40,590 --> 00:01:44,540 and do the configurations you need to know\nfor the CCNA. 19 00:01:44,540 --> 00:01:49,020 Then I’ll show how to configure the WLC’s\n 20 00:01:51,260 --> 00:01:54,609 Finally I’ll take a look at some additional\nfeatures on the WLC. 21 00:01:54,609 --> 00:01:59,849 There’s a lot to explore in the WLC and\n 22 00:01:59,849 --> 00:02:02,929 just point out a few features you might want\nto be aware of. 23 00:02:02,930 --> 00:02:08,259 As always, watch until the end of the video\n 24 00:02:08,258 --> 00:02:13,109 ExSim, the best practice exams for the CCNA. 25 00:02:13,110 --> 00:02:17,260 For the first time in this course, I will\n 26 00:02:17,259 --> 00:02:20,149 You can’t make a wireless lab with virtual\ndevices alone. 27 00:02:20,150 --> 00:02:24,550 With that said, a partially virtual lab is\npossible. 28 00:02:24,550 --> 00:02:29,920 I could have, for example, used a virtual\n 29 00:02:29,919 --> 00:02:35,609 to get this hardware second hand for a cheap\n 30 00:02:35,610 --> 00:02:40,910 Fortunately, you don’t have to purchase\n 31 00:02:42,699 --> 00:02:47,159 Packet Tracer does offer some basic WLC and\nAP functionality. 32 00:02:47,159 --> 00:02:52,159 It’s limited, but it’s good enough to\n 33 00:02:52,159 --> 00:02:57,590 Anyway, in this topology I have one switch,\n 34 00:02:59,409 --> 00:03:03,650 By the way, I haven’t connected any power\n 35 00:03:05,180 --> 00:03:09,409 Can you guess how they are receiving power\n 36 00:03:09,409 --> 00:03:13,049 The answer is PoE of course, power over ethernet. 37 00:03:13,050 --> 00:03:19,480 A single ethernet cable is used to both pass\n 38 00:03:19,479 --> 00:03:24,109 You can see here on the switch that its interfaces\n 39 00:03:24,110 --> 00:03:29,959 Actually, the WLC itself also has two PoE\n 40 00:03:30,959 --> 00:03:38,120 So, an AP could be directly connected to the\n 41 00:03:41,780 --> 00:03:47,310 Note that the WLC connects to the switch via\n 42 00:03:47,310 --> 00:03:53,659 You might remember from my EtherChannel video\n 43 00:03:53,659 --> 00:03:58,969 But in the context of wireless LAN controllers,\n 44 00:03:58,969 --> 00:04:04,889 And also note that WLCs only support static\n 45 00:04:04,889 --> 00:04:10,379 So, when we configure the switch’s interfaces\n 46 00:04:10,379 --> 00:04:15,609 1 MODE ON, not MODE ACTIVE or MORE DESIRABLE. 47 00:04:15,610 --> 00:04:19,759 You don’t have to connect the WLC to the\n 48 00:04:19,759 --> 00:04:23,819 to provide additional throughput and redundancy. 49 00:04:23,819 --> 00:04:27,500 I will use three VLANs, three subnets, in\nthis network. 50 00:04:27,500 --> 00:04:32,790 VLAN10 is the management VLAN, its subnet\n 51 00:04:32,790 --> 00:04:41,060 VLAN 100 will be called ‘Internal’, its\n 52 00:04:41,060 --> 00:04:43,560 And VLAN 200 will be called ‘Guest’. 53 00:04:45,160 --> 00:04:53,390 Note that only VLAN 100 and VLAN 200 will\n 54 00:04:54,600 --> 00:05:00,389 VLAN 10 will just be used for connecting to\n 55 00:05:00,389 --> 00:05:07,610 APs, and managing them for example via their\n 56 00:05:07,610 --> 00:05:12,860 VLAN100 will be mapped to an SSID, Internal,\n 57 00:05:16,500 --> 00:05:21,750 It will be mapped to an SSID called Guest\n 58 00:05:21,750 --> 00:05:24,779 Devices will be able to associate with that\nSSID too. 59 00:05:24,779 --> 00:05:29,819 Now, in this video I won’t be doing any\n 60 00:05:29,819 --> 00:05:35,699 in a real deployment you could limit the Guest\n 61 00:05:35,699 --> 00:05:42,290 associated with the Internal SSID could access\n 62 00:05:42,290 --> 00:05:47,879 The switch will have an SVI in each VLAN,\n 63 00:05:47,879 --> 00:05:53,740 And the WLC will have an IP address in each\n 64 00:05:53,740 --> 00:05:59,230 The APs will need an IP address in the management\n 65 00:05:59,230 --> 00:06:01,669 but they will get their IP addresses via DHCP. 66 00:06:03,540 --> 00:06:11,509 The WLC could be the server, but I’ll configure\n 67 00:06:13,490 --> 00:06:20,509 I want to remind you that, since we’re using\n 68 00:06:20,509 --> 00:06:24,038 interfaces connecting to the APs are access\nports. 69 00:06:24,038 --> 00:06:29,149 Only the WLC needs to connect via a trunk\n 70 00:06:29,149 --> 00:06:32,469 However the APs will form CAPWAP tunnels to\nthe WLC. 71 00:06:32,470 --> 00:06:38,050 So, let’s say this client associated with\n 72 00:06:38,050 --> 00:06:41,550 its default gateway, which is SW1’s VLAN\n100 SVI. 73 00:06:41,550 --> 00:06:47,120 The traffic passes through the CAPWAP tunnel\nto the WLC. 74 00:06:47,120 --> 00:06:52,949 On the WLC, the Internal WLAN is mapped to\n 75 00:06:55,040 --> 00:06:59,509 SW1 then sends it back via the same path. 76 00:06:59,509 --> 00:07:04,449 What if the client associated with the Internal\n 77 00:07:07,000 --> 00:07:12,360 It will send the traffic to its default gateway,\n 78 00:07:12,360 --> 00:07:18,230 SW1 routes it to VLAN 200 and sends it to\n 79 00:07:18,230 --> 00:07:20,800 client via the CAPWAP tunnel and the AP. 80 00:07:20,800 --> 00:07:26,550 So, that’s just a quick review of how traffic\n 81 00:07:26,550 --> 00:07:32,030 So, let’s finally start our configurations,\nfirst SW1. 82 00:07:32,029 --> 00:07:35,689 All of these configurations will be review\n 83 00:07:36,779 --> 00:07:40,609 Here’s the first half of the configurations. 84 00:07:40,610 --> 00:07:47,240 First I created the three VLANs, 10, 100,\n 85 00:07:47,240 --> 00:07:53,079 Then I configured fastethernet 0/6, 7, and\n 86 00:07:53,079 --> 00:07:59,310 F0/7 and 8 connect to the APs, so why do you\n 87 00:07:59,310 --> 00:08:07,649 It’s because I will later connect my PC\n 88 00:08:07,649 --> 00:08:12,448 A device’s CLI, command line interface,\n 89 00:08:12,449 --> 00:08:15,449 to over the network using Telnet or SSH. 90 00:08:15,449 --> 00:08:21,870 However, the GUI, graphical user interface,\n 91 00:08:21,870 --> 00:08:26,038 You must connect over the network, using HTTP\nor HTTPS. 92 00:08:26,038 --> 00:08:30,449 I’ll show you how to do that when I move\n 93 00:08:30,449 --> 00:08:38,528 Anyway, I then configured SW1’s F0/1 and\n 94 00:08:38,528 --> 00:08:43,519 Remember that WLCs only support static LAG,\nno PAgP or LACP. 95 00:08:43,519 --> 00:08:51,039 So, you must use the command CHANNEL-GROUP\n 96 00:08:51,039 --> 00:08:55,149 And finally I configured the port-channel\n 97 00:08:58,708 --> 00:09:01,528 And here’s the second half of the configurations. 98 00:09:01,528 --> 00:09:04,438 I configured an SVI for each VLAN. 99 00:09:04,438 --> 00:09:07,349 These will be used as the default gateway\nfor their subnets. 100 00:09:07,350 --> 00:09:13,110 I then configured a DHCP pool for each VLAN,\n 101 00:09:13,110 --> 00:09:20,129 command and specified SW1’s SVI IP addresses\n 102 00:09:20,129 --> 00:09:25,289 The VLAN10 DHCP pool will be used by the APs\n 103 00:09:28,448 --> 00:09:36,639 Note that the VLAN10 pool has an additional\n 104 00:09:36,639 --> 00:09:43,190 DHCP option 43 can be used to tell the APs\n 105 00:09:43,190 --> 00:09:49,911 So, when the APs get an IP address from SW1,\n 106 00:09:49,910 --> 00:09:56,708 192.168.1.100’, and the APs will then try\n 107 00:09:59,039 --> 00:10:01,799 Although in this case it’s actually not\nnecessary. 108 00:10:01,799 --> 00:10:07,688 The APs and WLC are in the same subnet, the\n 109 00:10:07,688 --> 00:10:13,708 CAPWAP discovery messages to check if there\n 110 00:10:13,708 --> 00:10:20,828 The WLC will hear those broadcast messages,\n 111 00:10:20,828 --> 00:10:26,318 But just be aware that DHCP option 43 might\n 112 00:10:26,318 --> 00:10:31,458 that it won’t be able to hear the broadcast\n 113 00:10:31,458 --> 00:10:34,909 Remember that one for the exam, DHCP option\n43. 114 00:10:38,318 --> 00:10:42,308 The VLAN 100 and VLAN 200 pools will be used\n 115 00:10:42,308 --> 00:10:45,909 SW1 will assign IP addresses to them using\nDHCP. 116 00:10:45,909 --> 00:10:49,980 Okay, the final command I used on the switch\nis NTP MASTER. 117 00:10:49,980 --> 00:10:57,990 This will make it an NTP server, and I’ll\n 118 00:10:57,990 --> 00:11:03,269 Okay, that’s all of the configuration needed\non SW1. 119 00:11:03,269 --> 00:11:05,139 Now let’s finally configure the WLC. 120 00:11:05,139 --> 00:11:08,919 I can’t connect to its GUI yet. 121 00:11:08,919 --> 00:11:13,058 First I need to connect to its console port\n 122 00:11:16,759 --> 00:11:21,079 When the WLC first boots up you will be greeted\n 123 00:11:21,078 --> 00:11:25,688 So, you don’t actually need to know any\n 124 00:11:25,688 --> 00:11:28,669 setup, the wizard will walk you through it. 125 00:11:28,669 --> 00:11:33,549 First, it asks me if I would like to terminate\nautoinstall. 126 00:11:33,549 --> 00:11:39,328 Autoinstall can be used to automatically download\n 127 00:11:39,328 --> 00:11:43,019 I won’t do that, so I press enter to skip\nit. 128 00:11:43,019 --> 00:11:47,519 Note that the value in the square brackets,\n 129 00:11:47,519 --> 00:11:52,740 You don’t have to type yes, if you just\n 130 00:11:52,740 --> 00:11:58,369 Then I entered the system name, the host name,\n 131 00:11:58,369 --> 00:12:01,139 that I will use later to log in to the device. 132 00:12:01,139 --> 00:12:05,610 It then asks me if I want to enable link aggregation,\nLAG. 133 00:12:05,610 --> 00:12:10,318 Notice that there are two options in square\n 134 00:12:10,318 --> 00:12:14,618 However, NO is in upper case letters, so it\nis the default. 135 00:12:14,619 --> 00:12:20,278 If I just hit enter, the device will assume\n 136 00:12:20,278 --> 00:12:25,999 However in this case I will be using a LAG\n 137 00:12:25,999 --> 00:12:29,499 Then I enter some values for the management\ninterface. 138 00:12:29,499 --> 00:12:32,329 Note that this isn’t a physical interface,\na physical port. 139 00:12:32,328 --> 00:12:36,099 It is a virtual interface in the WLC. 140 00:12:36,100 --> 00:12:44,928 I gave it an IP of 192.168.1.100, a /24 netmask,\n 141 00:12:44,928 --> 00:12:51,068 default gateway, gave it a VLAN ID of 10,\n 142 00:12:55,019 --> 00:12:58,808 Let’s continue with the WLC’s basic setup. 143 00:12:58,808 --> 00:13:02,899 This is still part of the configuration wizard,\n 144 00:13:02,899 --> 00:13:05,769 inputting commands in the CLI. 145 00:13:05,769 --> 00:13:09,919 These three options at the top are a bit beyond\n 146 00:13:12,019 --> 00:13:16,909 The virtual gateway IP is an IP address used\n 147 00:13:16,909 --> 00:13:21,558 wireless clients such as when relaying DHCP\nrequests. 148 00:13:21,558 --> 00:13:26,039 The multicast IP address is used when forwarding\n 149 00:13:26,039 --> 00:13:30,789 Note that I selected an IP address in the\n 150 00:13:32,059 --> 00:13:37,358 And the mobility/RF group name is used when\n 151 00:13:39,109 --> 00:13:43,290 I doubt you’ll be asked about these on the\nCCNA exam. 152 00:13:43,289 --> 00:13:47,668 Next in the setup it asks us to configure\n 153 00:13:47,668 --> 00:13:53,139 I’ll show you how to do this in the GUI\n 154 00:13:55,058 --> 00:14:00,278 I use the SSID internal, and then I accept\n 155 00:14:00,278 --> 00:14:04,278 about DHCP bridging mode, leaving it disabled. 156 00:14:04,278 --> 00:14:10,019 For wireless clients’ DHCP requests to reach\n 157 00:14:11,559 --> 00:14:18,138 If DHCP bridging mode is enabled, the WLC\n 158 00:14:18,139 --> 00:14:22,060 It will appear as if they are communicating\n 159 00:14:22,059 --> 00:14:24,928 But that’s not necessary here, so I’ll\nleave it disabled. 160 00:14:24,928 --> 00:14:30,308 I also accept the default for the next setting,\n 161 00:14:30,308 --> 00:14:33,568 This means that clients are allowed to use\n 162 00:14:36,109 --> 00:14:41,579 And finally I choose not to configure a RADIUS\n 163 00:14:41,578 --> 00:14:46,388 The default WLAN security policy requires\na RADIUS server. 164 00:14:46,389 --> 00:14:50,859 We will change the WLAN security policy to\n 165 00:14:53,720 --> 00:14:58,699 Next I have to enter a country code, or a\n 166 00:15:02,100 --> 00:15:07,249 This is actually very important and was a\n 167 00:15:07,249 --> 00:15:11,759 Because I live in Japan, I originally entered\n 168 00:15:16,548 --> 00:15:19,489 Look at the model name of this AP here. 169 00:15:19,489 --> 00:15:22,480 Specifically, this E in the model name. 170 00:15:22,480 --> 00:15:27,899 This E indicates the regulatory domain of\n 171 00:15:27,899 --> 00:15:33,198 If the regulatory domain of the country specified\n 172 00:15:33,198 --> 00:15:39,108 regulatory domain of the AP, the AP won’t\n 173 00:15:39,109 --> 00:15:42,309 You can check the regulatory domain of each\ncountry here. 174 00:15:42,308 --> 00:15:49,308 In Canada or the US, for example, -A is used\n 175 00:15:49,308 --> 00:15:52,850 I configured a country in Europe on my WLC. 176 00:15:52,850 --> 00:15:56,959 I doubt that you have to know this for the\n 177 00:15:56,958 --> 00:16:01,928 lab with second-hand devices, you should be\n 178 00:16:01,928 --> 00:16:06,470 Okay, here’s the final section of the initial\nWLC setup. 179 00:16:06,470 --> 00:16:14,889 I choose to enable 802.11b, a, and g, as well\n 180 00:16:14,889 --> 00:16:19,389 select which channels to use and how much\ntransmit power to use. 181 00:16:19,389 --> 00:16:21,808 This is much better than doing everything\nmanually. 182 00:16:21,808 --> 00:16:27,458 I then configure some NTP settings so my WLC\n 183 00:16:27,458 --> 00:16:30,149 Finally I save the settings, and the device\nresets. 184 00:16:30,149 --> 00:16:33,970 That’s all for the WLC initial setup. 185 00:16:33,970 --> 00:16:40,060 So, now that the WLC’s initial setup is\n 186 00:16:42,308 --> 00:16:47,969 So, instead of connecting my PC to the WLC’s\n 187 00:16:49,568 --> 00:16:55,539 Remember, I configured SW1’s F0/6 interface\n 188 00:16:55,539 --> 00:17:02,469 Now I will be able to use HTTP or HTTPS to\n 189 00:17:02,470 --> 00:17:09,890 So, I enter WLC1’s IP address, 192.168.1.100,\nin a web browser. 190 00:17:09,890 --> 00:17:13,370 However I get a warning that my connection\nis not private. 191 00:17:13,369 --> 00:17:16,759 The error is certificate authority invalid. 192 00:17:16,759 --> 00:17:20,250 This just means my PC doesn’t trust the\ncertificate on my WLC. 193 00:17:22,869 --> 00:17:25,859 Next I clicked on advanced here. 194 00:17:25,859 --> 00:17:30,740 And now I get the option to proceed to 192.168.1.100. 195 00:17:30,740 --> 00:17:35,230 If your browser gives you a warning like this\n 196 00:17:35,230 --> 00:17:39,789 but I know that I’m just connecting to WLC1\n 197 00:17:41,750 --> 00:17:44,659 And here is the login screen for the Cisco\nWLC. 198 00:17:44,659 --> 00:17:48,889 So, I click on the login button. 199 00:17:48,888 --> 00:17:53,689 And then I enter the admin username and password\n 200 00:17:53,690 --> 00:17:58,360 And here is the dashboard for the WLC. 201 00:17:58,359 --> 00:18:00,638 Let me point out a few things. 202 00:18:00,638 --> 00:18:04,949 Notice that it shows which interfaces are\n 203 00:18:06,690 --> 00:18:11,690 Those two green interfaces are forming a LAG\n 204 00:18:11,690 --> 00:18:16,058 Here there is a summary of some information\n 205 00:18:16,058 --> 00:18:22,700 IP, system name, up time, temperature, CPU\n 206 00:18:22,700 --> 00:18:26,730 And here is a summary of the access points\n 207 00:18:26,730 --> 00:18:29,079 Note that both of my APs have already joined. 208 00:18:29,079 --> 00:18:33,038 Okay, now let’s actually do some configurations\non the WLC. 209 00:18:33,038 --> 00:18:39,158 First, I’ll go to the CONTROLLER tab up\ntop here. 210 00:18:39,159 --> 00:18:46,640 From the controller tab, I clicked on interfaces,\n 211 00:18:46,640 --> 00:18:53,250 Note that these are not physical ports, but\n 212 00:18:53,250 --> 00:18:57,710 In most contexts we can use the terms port\n 213 00:18:57,710 --> 00:19:04,670 However, in the context of WLCs, port means\n 214 00:19:08,450 --> 00:19:13,250 Before configuring the interfaces, let me\n 215 00:19:14,808 --> 00:19:20,178 Again, WLC ports are the physical interfaces\n 216 00:19:20,179 --> 00:19:27,009 And interfaces are the logical interfaces\n 217 00:19:27,009 --> 00:19:32,000 WLCs have a few different kinds of ports,\nlet me introduce them. 218 00:19:32,000 --> 00:19:38,009 The service port is a dedicated management\n 219 00:19:38,009 --> 00:19:42,660 That means keeping management traffic totally\n 220 00:19:44,579 --> 00:19:50,199 My WLC doesn’t have a dedicated service\n 221 00:19:50,200 --> 00:19:54,259 same physical ports as the regular data traffic. 222 00:19:54,259 --> 00:19:58,548 Note that the service port must connect to\n 223 00:20:00,849 --> 00:20:05,459 Also this port can be used to connect to the\n 224 00:20:05,460 --> 00:20:10,490 recovery, and other system management tasks\nlike that. 225 00:20:10,490 --> 00:20:13,138 Next are distribution system ports. 226 00:20:13,138 --> 00:20:17,508 These are the standard network interfaces\n 227 00:20:17,509 --> 00:20:21,569 that’s the 802.11 term for the wired network. 228 00:20:21,569 --> 00:20:25,950 And these are the interfaces that are used\n 229 00:20:27,509 --> 00:20:31,980 Note that these ports usually connect to switch\n 230 00:20:31,980 --> 00:20:36,740 ports are used they can form a LAG, as I did\nin my network. 231 00:20:36,740 --> 00:20:42,788 Then there is the console port, which can\n 232 00:20:44,638 --> 00:20:49,549 And there might also be a redundancy port,\n 233 00:20:49,549 --> 00:20:53,178 to form a high availability, HA, pair. 234 00:20:53,179 --> 00:20:58,640 This means you have redundant WLCs, so if\n 235 00:20:59,849 --> 00:21:07,408 My WLC is a bit old, so it just has an RJ45\n 236 00:21:09,000 --> 00:21:14,029 These aren’t ports but it has a reset button\n 237 00:21:14,029 --> 00:21:20,298 To show you the other kinds of ports, let’s\n 238 00:21:20,298 --> 00:21:27,429 So, here is a pair of WLCs, let’s go through\n 239 00:21:27,429 --> 00:21:29,220 Number 1 is the service port. 240 00:21:29,220 --> 00:21:34,079 Again, this can be used for out-of-band management,\n 241 00:21:34,079 --> 00:21:37,048 separate from the data traffic. 242 00:21:37,048 --> 00:21:43,408 Number 2 is an RJ45 console port, and number\n 243 00:21:43,409 --> 00:21:45,659 Then there is another USB port. 244 00:21:45,659 --> 00:21:50,250 This isn’t a network port, it’s just a\n 245 00:21:50,250 --> 00:21:54,759 the WLC, for example a new OS version to update\nthe software. 246 00:21:54,759 --> 00:22:00,630 Next, number five is a distribution system\n 247 00:22:02,470 --> 00:22:08,480 And then four more distribution system ports,\n 248 00:22:08,480 --> 00:22:13,788 Number 7 isn’t a port, it’s a reset button\n 249 00:22:13,788 --> 00:22:18,869 too indicating the status of the device, those\n 250 00:22:18,869 --> 00:22:21,928 And finally number 9 is the redundancy port. 251 00:22:21,929 --> 00:22:26,660 You could connect these two WLCs by their\n 252 00:22:28,169 --> 00:22:32,950 Okay, those are the different kinds of physical\nWLC ports. 253 00:22:32,950 --> 00:22:36,690 WLCs have a few different kinds of interfaces,\ntoo. 254 00:22:36,690 --> 00:22:41,659 The management interface is used for so-called\n 255 00:22:41,659 --> 00:22:49,139 used to manage devices such as Telnet or SSH\n 256 00:22:49,138 --> 00:22:55,918 to the GUI, RADIUS authentication traffic,\n 257 00:22:55,919 --> 00:23:01,379 Remember that, to connect to the GUI of the\n 258 00:23:05,148 --> 00:23:12,069 CAPWAP tunnels between the APs and WLC are\n 259 00:23:12,069 --> 00:23:14,928 Next there also might be a redundancy management\ninterface. 260 00:23:14,929 --> 00:23:21,179 When two WLCs are connected by their redundancy\n 261 00:23:23,148 --> 00:23:28,028 To manage the active WLC you can connect to\n 262 00:23:28,028 --> 00:23:32,558 standby WLC you can use the redundancy management\ninterface. 263 00:23:32,558 --> 00:23:35,899 Next there is the virtual interface. 264 00:23:35,900 --> 00:23:39,980 Remember I had to configure this IP address\n 265 00:23:39,980 --> 00:23:45,548 It’s used when communicating with wireless\n 266 00:23:45,548 --> 00:23:49,528 web authentication if necessary, etc. 267 00:23:49,528 --> 00:23:52,099 Next there is a service port interface. 268 00:23:52,099 --> 00:23:56,980 If the WLC’s service port is used, this\n 269 00:23:56,980 --> 00:24:01,019 management instead of the regular management\ninterface. 270 00:24:01,019 --> 00:24:06,278 And finally there are dynamic interfaces,\n 271 00:24:07,278 --> 00:24:11,859 For example, traffic from the internal wireless\n 272 00:24:11,859 --> 00:24:14,269 the WLC’s Internal dynamic interface. 273 00:24:14,269 --> 00:24:19,888 So, let’s go back to the GUI and configure\n 274 00:24:22,179 --> 00:24:25,759 Here’s the interfaces menu again. 275 00:24:25,759 --> 00:24:30,900 I’ll click New to create a new interface. 276 00:24:30,900 --> 00:24:35,879 First I’ll make the interface for the Internal\n 277 00:24:40,230 --> 00:24:43,798 I am then brought to this screen where I can\nenter more details. 278 00:24:43,798 --> 00:24:49,829 The VLAN ID was already set to 100 from the\n 279 00:24:49,829 --> 00:24:53,158 netmask, gateway, and DHCP server address. 280 00:24:53,159 --> 00:24:57,730 That’s all I need to enter here, so I clicked\non Apply. 281 00:24:57,730 --> 00:25:01,599 By the way, feel free to pause the video at\n 282 00:25:01,599 --> 00:25:04,898 different settings available in any of these\nmenus. 283 00:25:04,898 --> 00:25:09,918 So, now the dynamic interface called ‘internal’\n 284 00:25:09,919 --> 00:25:15,200 I will map this interface to the Internal\n 285 00:25:16,319 --> 00:25:20,490 That is the guest interface, so I click on\nNew again. 286 00:25:20,490 --> 00:25:26,130 and then at this screen I specify a name of\n 287 00:25:26,130 --> 00:25:29,710 will be used for the guest WLAN and VLAN. 288 00:25:32,538 --> 00:25:38,308 Again at this screen I enter the IP information\n 289 00:25:38,308 --> 00:25:43,769 netmask, gateway, and DHCP server address,\n 290 00:25:45,240 --> 00:25:50,299 Okay, now the WLC has all of the interfaces\nit needs. 291 00:25:50,299 --> 00:25:53,668 Finally let’s go to configuring some WLANs. 292 00:25:53,669 --> 00:25:58,980 To do that, just click on the WLAN tab here\n 293 00:26:02,720 --> 00:26:06,490 Note that one WLAN, Internal, already exists. 294 00:26:06,490 --> 00:26:10,019 That is because I made it during the initial\nsetup in the CLI. 295 00:26:10,019 --> 00:26:13,849 However, I still have to make some changes\nto this one. 296 00:26:13,849 --> 00:26:17,730 For example, look at the security policies\ncolumn on the right. 297 00:26:17,730 --> 00:26:23,308 It is configured to use 802.1X authentication,\n 298 00:26:23,308 --> 00:26:29,569 But for the CCNA we have to configure Pre-shared\n 299 00:26:30,569 --> 00:26:38,829 So, if I click on the WLAN ID, the number\n 300 00:26:38,829 --> 00:26:45,849 The profile name is Internal, it’s a WLAN,\n 301 00:26:49,769 --> 00:26:54,579 As I said before I’ll have to change that,\n 302 00:26:57,349 --> 00:27:01,178 Currently the Internal WLAN is mapped to the\n 303 00:27:01,179 --> 00:27:05,929 That’s not correct, we should map it to\n 304 00:27:08,308 --> 00:27:11,730 I selected the Internal interface here. 305 00:27:11,730 --> 00:27:17,308 Now it’s time to go to the security tab\n 306 00:27:23,569 --> 00:27:27,589 First up, notice what’s called the ‘layer\n2 security’ setting. 307 00:27:27,589 --> 00:27:34,288 This is where we can select things like WEP,\n 308 00:27:34,288 --> 00:27:41,339 Currently it’s WPA+WPA2, which is what we\n 309 00:27:41,339 --> 00:27:46,720 For your reference, here are the layer 2 security\n 310 00:27:46,720 --> 00:27:48,960 Note that the newer WPA3 isn’t supported. 311 00:27:48,960 --> 00:27:54,380 But that’s fine, we’re supposed to use\nWPA2 for the CCNA. 312 00:27:54,380 --> 00:27:58,450 Next, look down here at authentication key\nmanagement. 313 00:28:01,140 --> 00:28:04,619 This is what we want to change, it should\nbe PSK. 314 00:28:04,618 --> 00:28:14,378 So, I scrolled down a bit, de-selected 802.1X,\n 315 00:28:14,378 --> 00:28:18,330 Notice that the PSK can then be specified\n 316 00:28:18,330 --> 00:28:25,709 HEX means hexadecimal, the same number system\n 317 00:28:25,710 --> 00:28:30,538 ASCII means American Standard Code for Information\nInterchange. 318 00:28:30,538 --> 00:28:36,308 Basically, it means you can enter your password\n 319 00:28:36,308 --> 00:28:43,339 So, I selected ASCII, entered a short password,\n 320 00:28:43,339 --> 00:28:49,528 message, stating that the PSK in ASCII format\n 321 00:28:49,528 --> 00:28:54,259 This is to make sure the password is secure,\nnot easy to crack. 322 00:28:54,259 --> 00:28:59,679 So this time I entered a longer password,\n 323 00:28:59,679 --> 00:29:05,869 We won’t configure any ‘Layer 3’ security\n 324 00:29:05,868 --> 00:29:13,399 the Layer 3 tab and you can see that my WLC\n 325 00:29:13,400 --> 00:29:20,309 If I select web policy, various options appear,\n 326 00:29:20,308 --> 00:29:25,019 Web authentication means that, after wireless\n 327 00:29:25,019 --> 00:29:30,660 a web page, they will have to enter a username\n 328 00:29:30,660 --> 00:29:35,440 Web passthrough is similar, but no username\n 329 00:29:35,440 --> 00:29:40,259 Instead a warning or statement is displayed\n 330 00:29:42,148 --> 00:29:46,888 In either of these examples, the Layer 2 authentication\n 331 00:29:46,888 --> 00:29:51,709 This is common for public WiFi for example\nat a cafe. 332 00:29:51,710 --> 00:29:57,048 Note that the conditional and splash page\n 333 00:29:57,048 --> 00:30:00,868 require 802.1X layer 2 authentication. 334 00:30:00,868 --> 00:30:05,658 Anyway, as I said before we won’t configure\n 335 00:30:08,669 --> 00:30:14,389 There is also a AAA servers tab, but since\n 336 00:30:14,388 --> 00:30:17,219 no need to set up anything like a RADIUS server. 337 00:30:17,220 --> 00:30:21,379 So, let’s go to the QoS tab now. 338 00:30:24,648 --> 00:30:28,998 The only thing you need to be aware of here\n 339 00:30:32,349 --> 00:30:34,459 Here are the options available. 340 00:30:34,460 --> 00:30:39,778 This is how you can control what quality of\n 341 00:30:39,778 --> 00:30:44,460 Platinum should be used for voice, for example\nWiFi IP phones. 342 00:30:44,460 --> 00:30:47,149 Gold should be used for video traffic. 343 00:30:47,148 --> 00:30:52,178 Silver is the default, and bronze is given\n 344 00:30:53,179 --> 00:30:57,700 Anyway, in this case I’ll just leave it\n 345 00:30:57,700 --> 00:31:02,600 these four QoS settings, platinum, gold, silver,\nand bronze. 346 00:31:02,599 --> 00:31:08,109 Okay, finally we’ll take a look at the advanced\ntab. 347 00:31:08,109 --> 00:31:10,619 In this tab there are lots of different settings. 348 00:31:10,619 --> 00:31:15,369 For example, you could configure a maximum\n 349 00:31:15,369 --> 00:31:17,629 Currently it is 0, meaning there is no maximum. 350 00:31:17,630 --> 00:31:22,249 Okay, I’ll scroll down to see other settings. 351 00:31:22,249 --> 00:31:26,569 Here are some additional settings, for example\n 352 00:31:28,308 --> 00:31:32,710 But I won’t touch these advanced settings,\n 353 00:31:34,808 --> 00:31:39,440 Okay, the Internal WLAN is done. 354 00:31:39,440 --> 00:31:44,909 Next I’ll click on Go here to create a new\nWLAN, the guest WLAN. 355 00:31:44,909 --> 00:31:51,000 Okay, since we’re creating a new WLAN this\n 356 00:31:54,230 --> 00:31:59,499 The profile name is used to identify this\n 357 00:31:59,499 --> 00:32:03,579 make it the same as the SSID, as I did in\nthis case. 358 00:32:03,579 --> 00:32:07,918 Note that the profile name and SSID don’t\n 359 00:32:07,919 --> 00:32:12,870 Then there is the ID, a unique number that\nidentifies the WLAN. 360 00:32:12,869 --> 00:32:16,709 The Internal WLAN was 1, so I’ll make this\none 2. 361 00:32:16,710 --> 00:32:20,100 So, I’ll click on apply to move forward. 362 00:32:20,099 --> 00:32:24,089 Okay, now we’re at that same page. 363 00:32:24,089 --> 00:32:28,569 Since we already went through all of the settings\n 364 00:32:29,569 --> 00:32:32,689 There are two things we should change on this\ngeneral tab. 365 00:32:34,909 --> 00:32:39,940 The Internal WLAN was already enabled, but\n 366 00:32:41,028 --> 00:32:45,628 And secondly, we should change the interface\n 367 00:32:45,628 --> 00:32:48,808 Okay, I changed the settings. 368 00:32:48,808 --> 00:32:53,749 Now, the only other change we have to make\n 369 00:32:55,759 --> 00:33:01,099 I’ve already shown you how to do that, so\n 370 00:33:01,099 --> 00:33:06,778 Okay, now we have two WLANs, the internal\n 371 00:33:06,778 --> 00:33:12,148 So, let’s return to the monitoring dashboard\n 372 00:33:14,960 --> 00:33:19,940 I scrolled down a bit, and you can see that\n 373 00:33:23,099 --> 00:33:27,980 On my iPhone you can see that the guest and\n 374 00:33:30,429 --> 00:33:35,820 Okay, now you can see that there are 3 clients\n 375 00:33:35,819 --> 00:33:40,759 To see a list of them, you can click clients,\n 376 00:33:43,349 --> 00:33:49,628 It shows their IP Addresses, which AP they\n 377 00:33:50,628 --> 00:33:55,888 Okay, we’ve looked at a lot in this video,\n 378 00:33:55,888 --> 00:33:57,678 look at a couple more things. 379 00:33:57,679 --> 00:34:02,269 Let’s go to the wireless tab here. 380 00:34:02,269 --> 00:34:07,038 The first thing we’re shown is a list of\n 381 00:34:07,038 --> 00:34:11,530 You can see their IP addresses, model numbers,\n 382 00:34:11,530 --> 00:34:16,169 Let’s click on an AP name and check the\nsettings. 383 00:34:16,168 --> 00:34:21,759 Again, here you can see a lot of information\n 384 00:34:24,858 --> 00:34:26,000 You should know what this is. 385 00:34:29,739 --> 00:34:33,209 These are the operational modes I covered\nin earlier videos. 386 00:34:33,210 --> 00:34:38,449 Local, flexconnect, monitor, rogue detector,\netc. 387 00:34:38,449 --> 00:34:42,858 This is where you can configure the AP’s\n 388 00:34:44,570 --> 00:34:49,429 Okay, next let’s look at the management\ntab. 389 00:34:51,059 --> 00:34:54,619 First, you can see a summary of the management\nsettings. 390 00:34:54,619 --> 00:35:01,250 For example, SNMPv1 is disabled, but v2 and\nv3 are enabled. 391 00:35:03,320 --> 00:35:07,250 HTTP and HTTPS connections are enabled. 392 00:35:07,250 --> 00:35:09,340 Telnet connections are disabled. 393 00:35:09,340 --> 00:35:15,910 To prove this I tried to Telnet from my PC\n 394 00:35:15,909 --> 00:35:19,719 Telnet is not a secure protocol, so it’s\n 395 00:35:19,719 --> 00:35:25,558 SSH is enabled, and management via wireless\nis disabled. 396 00:35:25,559 --> 00:35:30,780 This means that a wireless client won’t\n 397 00:35:30,780 --> 00:35:33,460 Only a device connected to the wired network\ncan. 398 00:35:33,460 --> 00:35:40,720 Let’s change that setting by clicking on\n 399 00:35:40,719 --> 00:35:44,959 You can change that setting by checking this\n 400 00:35:44,960 --> 00:35:51,079 If this is enabled, a wireless client, for\n 401 00:35:51,079 --> 00:35:54,610 to connect to the WLC and make configuration\nchanges. 402 00:35:54,610 --> 00:35:59,588 Anyway, let’s look at one last thing, here\non the security tab. 403 00:35:59,588 --> 00:36:05,230 So, I clicked on the security tab and then\n 404 00:36:05,230 --> 00:36:11,070 Let’s configure an ACL to limit the management\n 405 00:36:11,070 --> 00:36:17,600 There are no ACLs at the moment, so I’ll\n 406 00:36:17,599 --> 00:36:24,179 First I named the ACL MANAGEMENT_ACL, and\n 407 00:36:24,179 --> 00:36:26,759 Then I clicked apply to move forward. 408 00:36:26,760 --> 00:36:33,420 Okay, now the ACL has been created, but as\n 409 00:36:33,420 --> 00:36:41,358 So, I’ll click here to add a new rule and\n 410 00:36:41,358 --> 00:36:46,068 This is where you specify things like the\n 411 00:36:46,068 --> 00:36:49,730 protocol, DSCP marking, direction, etc. 412 00:36:49,730 --> 00:36:55,550 So, I specified a sequence number, source\n 413 00:36:57,460 --> 00:37:02,548 I followed that process again to make two\n 414 00:37:03,980 --> 00:37:09,048 Don’t worry about the exact contents of\n 415 00:37:10,900 --> 00:37:17,170 So, now that the ACL is made let’s apply\n 416 00:37:18,650 --> 00:37:25,070 To do so, click here, CPU access control lists. 417 00:37:25,070 --> 00:37:32,609 To apply the ACL, check enable CPU ACL here\n 418 00:37:36,539 --> 00:37:42,730 So, CPU ACLs are used to limit access to the\nCPU of the WLC. 419 00:37:42,730 --> 00:37:50,750 This limits which devices will be able to\n 420 00:37:50,750 --> 00:37:53,710 retrieve SNMP information from the WLC, etc. 421 00:37:53,710 --> 00:38:00,068 This doesn’t affect traffic passing through\n 422 00:38:02,059 --> 00:38:08,119 Okay, there are so many more things I could\n 423 00:38:08,119 --> 00:38:12,240 quite long and we’ve covered what we need\nto for the CCNA. 424 00:38:12,239 --> 00:38:18,059 To practice for the CCNA you can just use\n 425 00:38:19,880 --> 00:38:24,539 But if you’re interested in really exploring\n 426 00:38:24,539 --> 00:38:29,869 get some second-hand hardware for cheap like\n 427 00:38:29,869 --> 00:38:34,440 But again, that’s not necessary for CCNA\nstudies. 428 00:38:34,440 --> 00:38:40,559 Before moving on to the quiz, let’s review\n 429 00:38:40,559 --> 00:38:44,808 First I introduced the network topology we\n 430 00:38:44,809 --> 00:38:49,300 Then I showed the configurations I did on\n 431 00:38:52,250 --> 00:38:57,750 Then I showed the basic WLC setup which is\n 432 00:38:57,750 --> 00:39:01,539 Then I showed how to configure WLC interfaces. 433 00:39:01,539 --> 00:39:06,179 Remember the difference between physical ports\n 434 00:39:06,179 --> 00:39:10,589 Up to now I’ve always used the terms port\n 435 00:39:10,590 --> 00:39:13,510 about WLCs you should be specific. 436 00:39:13,510 --> 00:39:18,470 I then showed how to configure WLANs on a\nWLC. 437 00:39:18,469 --> 00:39:22,959 We configured the Internal WLAN and the Guest\nWLAN. 438 00:39:22,960 --> 00:39:28,920 And finally we looked at some additional features,\n 439 00:39:28,920 --> 00:39:32,059 management traffic to the WLC. 440 00:39:32,059 --> 00:39:36,540 Make sure to watch until the end of the video\n 441 00:39:36,539 --> 00:39:40,630 ExSim for CCNA, the best practice exams for\nthe CCNA. 442 00:39:40,630 --> 00:39:46,030 Okay, let’s go to quiz question 1. 443 00:39:46,030 --> 00:39:51,400 Which WLC port can be used to form an HA pair\nwith another WLC? 444 00:39:51,400 --> 00:39:55,579 Pause the video now to select the best answer. 445 00:39:55,579 --> 00:40:00,400 Okay, the answer is redundancy port. 446 00:40:00,400 --> 00:40:03,960 The redundancy port in this image is number\n9. 447 00:40:03,960 --> 00:40:10,650 It can be used to connect the two WLCs together\n 448 00:40:10,650 --> 00:40:15,630 One WLC will be active and the other will\n 449 00:40:21,030 --> 00:40:25,240 Which WLC interface type maps a WLAN to a\nVLAN? 450 00:40:25,239 --> 00:40:29,558 Pause the video now to select the best answer. 451 00:40:29,559 --> 00:40:35,569 Okay, the answer is A, dynamic interface. 452 00:40:35,568 --> 00:40:39,358 Dynamic interfaces are used to send traffic\n 453 00:40:41,219 --> 00:40:47,199 In this video, for example, we created two\n 454 00:40:47,199 --> 00:40:52,279 used them to map the Internal and Guest WLANs\n 455 00:40:57,409 --> 00:41:01,199 Which of the following is a type of Layer\n3 authentication? 456 00:41:01,199 --> 00:41:06,909 Pause the video now to select the best answer. 457 00:41:06,909 --> 00:41:10,250 The answer is D, web authentication. 458 00:41:10,250 --> 00:41:15,500 Web authentication can be configured under\n 459 00:41:15,500 --> 00:41:20,460 It requires users to authenticate with a username\n 460 00:41:26,940 --> 00:41:31,130 Which WLC QoS setting should be used for video\ntraffic? 461 00:41:31,130 --> 00:41:34,818 Pause the video now to select the best answer. 462 00:41:34,818 --> 00:41:39,150 Okay, the answer is B, gold. 463 00:41:39,150 --> 00:41:41,410 Here are those QoS options again. 464 00:41:41,409 --> 00:41:46,440 Silver, best effort, is the default, but Gold\n 465 00:41:51,719 --> 00:41:56,730 Which WLC port type can form a LAG to pass\n 466 00:41:56,730 --> 00:42:00,490 Pause the video now to select the best answer. 467 00:42:00,489 --> 00:42:06,029 Okay, the answer is B, distribution system\nport. 468 00:42:06,030 --> 00:42:10,590 These ports are the standard network ports\n 469 00:42:12,550 --> 00:42:14,769 Okay, that’s all for the quiz. 470 00:42:14,769 --> 00:42:19,809 Now let’s take a look at a bonus question\n 38879