Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:03,700 --> 00:00:07,259
This is a free, complete course for the CCNA.
2
00:00:07,259 --> 00:00:11,109
If you like these videos, please subscribe\n
3
00:00:11,109 --> 00:00:15,959
Also, please like and leave a comment, and\n
4
00:00:19,028 --> 00:00:22,800
In this video we will look at wireless LAN\nconfiguration.
5
00:00:22,800 --> 00:00:27,750
In the past three videos we covered a lot\n
6
00:00:27,750 --> 00:00:32,238
Finally we’ll get hands-on and see how to\n
7
00:00:32,238 --> 00:00:35,899
We will cover exam topics 2.7, 2.8, and 2.9.
8
00:00:35,899 --> 00:00:43,019
2.9 in particular tells us what we need to\n
9
00:00:43,020 --> 00:00:49,290
In addition, we will cover exam topic 5.10\n
10
00:00:49,289 --> 00:00:54,950
using WPA2 PSK, pre-shared key, using the\nGUI.
11
00:00:54,950 --> 00:01:03,150
Note that both topics 2.9 and 5.10 mention\n
12
00:01:03,149 --> 00:01:07,780
Up to this point in the course we have only\n
13
00:01:10,010 --> 00:01:14,740
You can configure wireless LANs via the CLI\n
14
00:01:14,739 --> 00:01:18,969
GUI, and that’s what Cisco expects you to\nknow for the exam.
15
00:01:22,340 --> 00:01:27,859
First I’ll give an introduction to the network\n
16
00:01:27,859 --> 00:01:32,420
Then I’ll cover the necessary switch configurations,\n
17
00:01:34,709 --> 00:01:40,589
Then I’ll show the basic wireless LAN controller\n
18
00:01:40,590 --> 00:01:44,540
and do the configurations you need to know\nfor the CCNA.
19
00:01:44,540 --> 00:01:49,020
Then I’ll show how to configure the WLC’s\n
20
00:01:51,260 --> 00:01:54,609
Finally I’ll take a look at some additional\nfeatures on the WLC.
21
00:01:54,609 --> 00:01:59,849
There’s a lot to explore in the WLC and\n
22
00:01:59,849 --> 00:02:02,929
just point out a few features you might want\nto be aware of.
23
00:02:02,930 --> 00:02:08,259
As always, watch until the end of the video\n
24
00:02:08,258 --> 00:02:13,109
ExSim, the best practice exams for the CCNA.
25
00:02:13,110 --> 00:02:17,260
For the first time in this course, I will\n
26
00:02:17,259 --> 00:02:20,149
You can’t make a wireless lab with virtual\ndevices alone.
27
00:02:20,150 --> 00:02:24,550
With that said, a partially virtual lab is\npossible.
28
00:02:24,550 --> 00:02:29,920
I could have, for example, used a virtual\n
29
00:02:29,919 --> 00:02:35,609
to get this hardware second hand for a cheap\n
30
00:02:35,610 --> 00:02:40,910
Fortunately, you don’t have to purchase\n
31
00:02:42,699 --> 00:02:47,159
Packet Tracer does offer some basic WLC and\nAP functionality.
32
00:02:47,159 --> 00:02:52,159
It’s limited, but it’s good enough to\n
33
00:02:52,159 --> 00:02:57,590
Anyway, in this topology I have one switch,\n
34
00:02:59,409 --> 00:03:03,650
By the way, I haven’t connected any power\n
35
00:03:05,180 --> 00:03:09,409
Can you guess how they are receiving power\n
36
00:03:09,409 --> 00:03:13,049
The answer is PoE of course, power over ethernet.
37
00:03:13,050 --> 00:03:19,480
A single ethernet cable is used to both pass\n
38
00:03:19,479 --> 00:03:24,109
You can see here on the switch that its interfaces\n
39
00:03:24,110 --> 00:03:29,959
Actually, the WLC itself also has two PoE\n
40
00:03:30,959 --> 00:03:38,120
So, an AP could be directly connected to the\n
41
00:03:41,780 --> 00:03:47,310
Note that the WLC connects to the switch via\n
42
00:03:47,310 --> 00:03:53,659
You might remember from my EtherChannel video\n
43
00:03:53,659 --> 00:03:58,969
But in the context of wireless LAN controllers,\n
44
00:03:58,969 --> 00:04:04,889
And also note that WLCs only support static\n
45
00:04:04,889 --> 00:04:10,379
So, when we configure the switch’s interfaces\n
46
00:04:10,379 --> 00:04:15,609
1 MODE ON, not MODE ACTIVE or MORE DESIRABLE.
47
00:04:15,610 --> 00:04:19,759
You don’t have to connect the WLC to the\n
48
00:04:19,759 --> 00:04:23,819
to provide additional throughput and redundancy.
49
00:04:23,819 --> 00:04:27,500
I will use three VLANs, three subnets, in\nthis network.
50
00:04:27,500 --> 00:04:32,790
VLAN10 is the management VLAN, its subnet\n
51
00:04:32,790 --> 00:04:41,060
VLAN 100 will be called ‘Internal’, its\n
52
00:04:41,060 --> 00:04:43,560
And VLAN 200 will be called ‘Guest’.
53
00:04:45,160 --> 00:04:53,390
Note that only VLAN 100 and VLAN 200 will\n
54
00:04:54,600 --> 00:05:00,389
VLAN 10 will just be used for connecting to\n
55
00:05:00,389 --> 00:05:07,610
APs, and managing them for example via their\n
56
00:05:07,610 --> 00:05:12,860
VLAN100 will be mapped to an SSID, Internal,\n
57
00:05:16,500 --> 00:05:21,750
It will be mapped to an SSID called Guest\n
58
00:05:21,750 --> 00:05:24,779
Devices will be able to associate with that\nSSID too.
59
00:05:24,779 --> 00:05:29,819
Now, in this video I won’t be doing any\n
60
00:05:29,819 --> 00:05:35,699
in a real deployment you could limit the Guest\n
61
00:05:35,699 --> 00:05:42,290
associated with the Internal SSID could access\n
62
00:05:42,290 --> 00:05:47,879
The switch will have an SVI in each VLAN,\n
63
00:05:47,879 --> 00:05:53,740
And the WLC will have an IP address in each\n
64
00:05:53,740 --> 00:05:59,230
The APs will need an IP address in the management\n
65
00:05:59,230 --> 00:06:01,669
but they will get their IP addresses via DHCP.
66
00:06:03,540 --> 00:06:11,509
The WLC could be the server, but I’ll configure\n
67
00:06:13,490 --> 00:06:20,509
I want to remind you that, since we’re using\n
68
00:06:20,509 --> 00:06:24,038
interfaces connecting to the APs are access\nports.
69
00:06:24,038 --> 00:06:29,149
Only the WLC needs to connect via a trunk\n
70
00:06:29,149 --> 00:06:32,469
However the APs will form CAPWAP tunnels to\nthe WLC.
71
00:06:32,470 --> 00:06:38,050
So, let’s say this client associated with\n
72
00:06:38,050 --> 00:06:41,550
its default gateway, which is SW1’s VLAN\n100 SVI.
73
00:06:41,550 --> 00:06:47,120
The traffic passes through the CAPWAP tunnel\nto the WLC.
74
00:06:47,120 --> 00:06:52,949
On the WLC, the Internal WLAN is mapped to\n
75
00:06:55,040 --> 00:06:59,509
SW1 then sends it back via the same path.
76
00:06:59,509 --> 00:07:04,449
What if the client associated with the Internal\n
77
00:07:07,000 --> 00:07:12,360
It will send the traffic to its default gateway,\n
78
00:07:12,360 --> 00:07:18,230
SW1 routes it to VLAN 200 and sends it to\n
79
00:07:18,230 --> 00:07:20,800
client via the CAPWAP tunnel and the AP.
80
00:07:20,800 --> 00:07:26,550
So, that’s just a quick review of how traffic\n
81
00:07:26,550 --> 00:07:32,030
So, let’s finally start our configurations,\nfirst SW1.
82
00:07:32,029 --> 00:07:35,689
All of these configurations will be review\n
83
00:07:36,779 --> 00:07:40,609
Here’s the first half of the configurations.
84
00:07:40,610 --> 00:07:47,240
First I created the three VLANs, 10, 100,\n
85
00:07:47,240 --> 00:07:53,079
Then I configured fastethernet 0/6, 7, and\n
86
00:07:53,079 --> 00:07:59,310
F0/7 and 8 connect to the APs, so why do you\n
87
00:07:59,310 --> 00:08:07,649
It’s because I will later connect my PC\n
88
00:08:07,649 --> 00:08:12,448
A device’s CLI, command line interface,\n
89
00:08:12,449 --> 00:08:15,449
to over the network using Telnet or SSH.
90
00:08:15,449 --> 00:08:21,870
However, the GUI, graphical user interface,\n
91
00:08:21,870 --> 00:08:26,038
You must connect over the network, using HTTP\nor HTTPS.
92
00:08:26,038 --> 00:08:30,449
I’ll show you how to do that when I move\n
93
00:08:30,449 --> 00:08:38,528
Anyway, I then configured SW1’s F0/1 and\n
94
00:08:38,528 --> 00:08:43,519
Remember that WLCs only support static LAG,\nno PAgP or LACP.
95
00:08:43,519 --> 00:08:51,039
So, you must use the command CHANNEL-GROUP\n
96
00:08:51,039 --> 00:08:55,149
And finally I configured the port-channel\n
97
00:08:58,708 --> 00:09:01,528
And here’s the second half of the configurations.
98
00:09:01,528 --> 00:09:04,438
I configured an SVI for each VLAN.
99
00:09:04,438 --> 00:09:07,349
These will be used as the default gateway\nfor their subnets.
100
00:09:07,350 --> 00:09:13,110
I then configured a DHCP pool for each VLAN,\n
101
00:09:13,110 --> 00:09:20,129
command and specified SW1’s SVI IP addresses\n
102
00:09:20,129 --> 00:09:25,289
The VLAN10 DHCP pool will be used by the APs\n
103
00:09:28,448 --> 00:09:36,639
Note that the VLAN10 pool has an additional\n
104
00:09:36,639 --> 00:09:43,190
DHCP option 43 can be used to tell the APs\n
105
00:09:43,190 --> 00:09:49,911
So, when the APs get an IP address from SW1,\n
106
00:09:49,910 --> 00:09:56,708
192.168.1.100’, and the APs will then try\n
107
00:09:59,039 --> 00:10:01,799
Although in this case it’s actually not\nnecessary.
108
00:10:01,799 --> 00:10:07,688
The APs and WLC are in the same subnet, the\n
109
00:10:07,688 --> 00:10:13,708
CAPWAP discovery messages to check if there\n
110
00:10:13,708 --> 00:10:20,828
The WLC will hear those broadcast messages,\n
111
00:10:20,828 --> 00:10:26,318
But just be aware that DHCP option 43 might\n
112
00:10:26,318 --> 00:10:31,458
that it won’t be able to hear the broadcast\n
113
00:10:31,458 --> 00:10:34,909
Remember that one for the exam, DHCP option\n43.
114
00:10:38,318 --> 00:10:42,308
The VLAN 100 and VLAN 200 pools will be used\n
115
00:10:42,308 --> 00:10:45,909
SW1 will assign IP addresses to them using\nDHCP.
116
00:10:45,909 --> 00:10:49,980
Okay, the final command I used on the switch\nis NTP MASTER.
117
00:10:49,980 --> 00:10:57,990
This will make it an NTP server, and I’ll\n
118
00:10:57,990 --> 00:11:03,269
Okay, that’s all of the configuration needed\non SW1.
119
00:11:03,269 --> 00:11:05,139
Now let’s finally configure the WLC.
120
00:11:05,139 --> 00:11:08,919
I can’t connect to its GUI yet.
121
00:11:08,919 --> 00:11:13,058
First I need to connect to its console port\n
122
00:11:16,759 --> 00:11:21,079
When the WLC first boots up you will be greeted\n
123
00:11:21,078 --> 00:11:25,688
So, you don’t actually need to know any\n
124
00:11:25,688 --> 00:11:28,669
setup, the wizard will walk you through it.
125
00:11:28,669 --> 00:11:33,549
First, it asks me if I would like to terminate\nautoinstall.
126
00:11:33,549 --> 00:11:39,328
Autoinstall can be used to automatically download\n
127
00:11:39,328 --> 00:11:43,019
I won’t do that, so I press enter to skip\nit.
128
00:11:43,019 --> 00:11:47,519
Note that the value in the square brackets,\n
129
00:11:47,519 --> 00:11:52,740
You don’t have to type yes, if you just\n
130
00:11:52,740 --> 00:11:58,369
Then I entered the system name, the host name,\n
131
00:11:58,369 --> 00:12:01,139
that I will use later to log in to the device.
132
00:12:01,139 --> 00:12:05,610
It then asks me if I want to enable link aggregation,\nLAG.
133
00:12:05,610 --> 00:12:10,318
Notice that there are two options in square\n
134
00:12:10,318 --> 00:12:14,618
However, NO is in upper case letters, so it\nis the default.
135
00:12:14,619 --> 00:12:20,278
If I just hit enter, the device will assume\n
136
00:12:20,278 --> 00:12:25,999
However in this case I will be using a LAG\n
137
00:12:25,999 --> 00:12:29,499
Then I enter some values for the management\ninterface.
138
00:12:29,499 --> 00:12:32,329
Note that this isn’t a physical interface,\na physical port.
139
00:12:32,328 --> 00:12:36,099
It is a virtual interface in the WLC.
140
00:12:36,100 --> 00:12:44,928
I gave it an IP of 192.168.1.100, a /24 netmask,\n
141
00:12:44,928 --> 00:12:51,068
default gateway, gave it a VLAN ID of 10,\n
142
00:12:55,019 --> 00:12:58,808
Let’s continue with the WLC’s basic setup.
143
00:12:58,808 --> 00:13:02,899
This is still part of the configuration wizard,\n
144
00:13:02,899 --> 00:13:05,769
inputting commands in the CLI.
145
00:13:05,769 --> 00:13:09,919
These three options at the top are a bit beyond\n
146
00:13:12,019 --> 00:13:16,909
The virtual gateway IP is an IP address used\n
147
00:13:16,909 --> 00:13:21,558
wireless clients such as when relaying DHCP\nrequests.
148
00:13:21,558 --> 00:13:26,039
The multicast IP address is used when forwarding\n
149
00:13:26,039 --> 00:13:30,789
Note that I selected an IP address in the\n
150
00:13:32,059 --> 00:13:37,358
And the mobility/RF group name is used when\n
151
00:13:39,109 --> 00:13:43,290
I doubt you’ll be asked about these on the\nCCNA exam.
152
00:13:43,289 --> 00:13:47,668
Next in the setup it asks us to configure\n
153
00:13:47,668 --> 00:13:53,139
I’ll show you how to do this in the GUI\n
154
00:13:55,058 --> 00:14:00,278
I use the SSID internal, and then I accept\n
155
00:14:00,278 --> 00:14:04,278
about DHCP bridging mode, leaving it disabled.
156
00:14:04,278 --> 00:14:10,019
For wireless clients’ DHCP requests to reach\n
157
00:14:11,559 --> 00:14:18,138
If DHCP bridging mode is enabled, the WLC\n
158
00:14:18,139 --> 00:14:22,060
It will appear as if they are communicating\n
159
00:14:22,059 --> 00:14:24,928
But that’s not necessary here, so I’ll\nleave it disabled.
160
00:14:24,928 --> 00:14:30,308
I also accept the default for the next setting,\n
161
00:14:30,308 --> 00:14:33,568
This means that clients are allowed to use\n
162
00:14:36,109 --> 00:14:41,579
And finally I choose not to configure a RADIUS\n
163
00:14:41,578 --> 00:14:46,388
The default WLAN security policy requires\na RADIUS server.
164
00:14:46,389 --> 00:14:50,859
We will change the WLAN security policy to\n
165
00:14:53,720 --> 00:14:58,699
Next I have to enter a country code, or a\n
166
00:15:02,100 --> 00:15:07,249
This is actually very important and was a\n
167
00:15:07,249 --> 00:15:11,759
Because I live in Japan, I originally entered\n
168
00:15:16,548 --> 00:15:19,489
Look at the model name of this AP here.
169
00:15:19,489 --> 00:15:22,480
Specifically, this E in the model name.
170
00:15:22,480 --> 00:15:27,899
This E indicates the regulatory domain of\n
171
00:15:27,899 --> 00:15:33,198
If the regulatory domain of the country specified\n
172
00:15:33,198 --> 00:15:39,108
regulatory domain of the AP, the AP won’t\n
173
00:15:39,109 --> 00:15:42,309
You can check the regulatory domain of each\ncountry here.
174
00:15:42,308 --> 00:15:49,308
In Canada or the US, for example, -A is used\n
175
00:15:49,308 --> 00:15:52,850
I configured a country in Europe on my WLC.
176
00:15:52,850 --> 00:15:56,959
I doubt that you have to know this for the\n
177
00:15:56,958 --> 00:16:01,928
lab with second-hand devices, you should be\n
178
00:16:01,928 --> 00:16:06,470
Okay, here’s the final section of the initial\nWLC setup.
179
00:16:06,470 --> 00:16:14,889
I choose to enable 802.11b, a, and g, as well\n
180
00:16:14,889 --> 00:16:19,389
select which channels to use and how much\ntransmit power to use.
181
00:16:19,389 --> 00:16:21,808
This is much better than doing everything\nmanually.
182
00:16:21,808 --> 00:16:27,458
I then configure some NTP settings so my WLC\n
183
00:16:27,458 --> 00:16:30,149
Finally I save the settings, and the device\nresets.
184
00:16:30,149 --> 00:16:33,970
That’s all for the WLC initial setup.
185
00:16:33,970 --> 00:16:40,060
So, now that the WLC’s initial setup is\n
186
00:16:42,308 --> 00:16:47,969
So, instead of connecting my PC to the WLC’s\n
187
00:16:49,568 --> 00:16:55,539
Remember, I configured SW1’s F0/6 interface\n
188
00:16:55,539 --> 00:17:02,469
Now I will be able to use HTTP or HTTPS to\n
189
00:17:02,470 --> 00:17:09,890
So, I enter WLC1’s IP address, 192.168.1.100,\nin a web browser.
190
00:17:09,890 --> 00:17:13,370
However I get a warning that my connection\nis not private.
191
00:17:13,369 --> 00:17:16,759
The error is certificate authority invalid.
192
00:17:16,759 --> 00:17:20,250
This just means my PC doesn’t trust the\ncertificate on my WLC.
193
00:17:22,869 --> 00:17:25,859
Next I clicked on advanced here.
194
00:17:25,859 --> 00:17:30,740
And now I get the option to proceed to 192.168.1.100.
195
00:17:30,740 --> 00:17:35,230
If your browser gives you a warning like this\n
196
00:17:35,230 --> 00:17:39,789
but I know that I’m just connecting to WLC1\n
197
00:17:41,750 --> 00:17:44,659
And here is the login screen for the Cisco\nWLC.
198
00:17:44,659 --> 00:17:48,889
So, I click on the login button.
199
00:17:48,888 --> 00:17:53,689
And then I enter the admin username and password\n
200
00:17:53,690 --> 00:17:58,360
And here is the dashboard for the WLC.
201
00:17:58,359 --> 00:18:00,638
Let me point out a few things.
202
00:18:00,638 --> 00:18:04,949
Notice that it shows which interfaces are\n
203
00:18:06,690 --> 00:18:11,690
Those two green interfaces are forming a LAG\n
204
00:18:11,690 --> 00:18:16,058
Here there is a summary of some information\n
205
00:18:16,058 --> 00:18:22,700
IP, system name, up time, temperature, CPU\n
206
00:18:22,700 --> 00:18:26,730
And here is a summary of the access points\n
207
00:18:26,730 --> 00:18:29,079
Note that both of my APs have already joined.
208
00:18:29,079 --> 00:18:33,038
Okay, now let’s actually do some configurations\non the WLC.
209
00:18:33,038 --> 00:18:39,158
First, I’ll go to the CONTROLLER tab up\ntop here.
210
00:18:39,159 --> 00:18:46,640
From the controller tab, I clicked on interfaces,\n
211
00:18:46,640 --> 00:18:53,250
Note that these are not physical ports, but\n
212
00:18:53,250 --> 00:18:57,710
In most contexts we can use the terms port\n
213
00:18:57,710 --> 00:19:04,670
However, in the context of WLCs, port means\n
214
00:19:08,450 --> 00:19:13,250
Before configuring the interfaces, let me\n
215
00:19:14,808 --> 00:19:20,178
Again, WLC ports are the physical interfaces\n
216
00:19:20,179 --> 00:19:27,009
And interfaces are the logical interfaces\n
217
00:19:27,009 --> 00:19:32,000
WLCs have a few different kinds of ports,\nlet me introduce them.
218
00:19:32,000 --> 00:19:38,009
The service port is a dedicated management\n
219
00:19:38,009 --> 00:19:42,660
That means keeping management traffic totally\n
220
00:19:44,579 --> 00:19:50,199
My WLC doesn’t have a dedicated service\n
221
00:19:50,200 --> 00:19:54,259
same physical ports as the regular data traffic.
222
00:19:54,259 --> 00:19:58,548
Note that the service port must connect to\n
223
00:20:00,849 --> 00:20:05,459
Also this port can be used to connect to the\n
224
00:20:05,460 --> 00:20:10,490
recovery, and other system management tasks\nlike that.
225
00:20:10,490 --> 00:20:13,138
Next are distribution system ports.
226
00:20:13,138 --> 00:20:17,508
These are the standard network interfaces\n
227
00:20:17,509 --> 00:20:21,569
that’s the 802.11 term for the wired network.
228
00:20:21,569 --> 00:20:25,950
And these are the interfaces that are used\n
229
00:20:27,509 --> 00:20:31,980
Note that these ports usually connect to switch\n
230
00:20:31,980 --> 00:20:36,740
ports are used they can form a LAG, as I did\nin my network.
231
00:20:36,740 --> 00:20:42,788
Then there is the console port, which can\n
232
00:20:44,638 --> 00:20:49,549
And there might also be a redundancy port,\n
233
00:20:49,549 --> 00:20:53,178
to form a high availability, HA, pair.
234
00:20:53,179 --> 00:20:58,640
This means you have redundant WLCs, so if\n
235
00:20:59,849 --> 00:21:07,408
My WLC is a bit old, so it just has an RJ45\n
236
00:21:09,000 --> 00:21:14,029
These aren’t ports but it has a reset button\n
237
00:21:14,029 --> 00:21:20,298
To show you the other kinds of ports, let’s\n
238
00:21:20,298 --> 00:21:27,429
So, here is a pair of WLCs, let’s go through\n
239
00:21:27,429 --> 00:21:29,220
Number 1 is the service port.
240
00:21:29,220 --> 00:21:34,079
Again, this can be used for out-of-band management,\n
241
00:21:34,079 --> 00:21:37,048
separate from the data traffic.
242
00:21:37,048 --> 00:21:43,408
Number 2 is an RJ45 console port, and number\n
243
00:21:43,409 --> 00:21:45,659
Then there is another USB port.
244
00:21:45,659 --> 00:21:50,250
This isn’t a network port, it’s just a\n
245
00:21:50,250 --> 00:21:54,759
the WLC, for example a new OS version to update\nthe software.
246
00:21:54,759 --> 00:22:00,630
Next, number five is a distribution system\n
247
00:22:02,470 --> 00:22:08,480
And then four more distribution system ports,\n
248
00:22:08,480 --> 00:22:13,788
Number 7 isn’t a port, it’s a reset button\n
249
00:22:13,788 --> 00:22:18,869
too indicating the status of the device, those\n
250
00:22:18,869 --> 00:22:21,928
And finally number 9 is the redundancy port.
251
00:22:21,929 --> 00:22:26,660
You could connect these two WLCs by their\n
252
00:22:28,169 --> 00:22:32,950
Okay, those are the different kinds of physical\nWLC ports.
253
00:22:32,950 --> 00:22:36,690
WLCs have a few different kinds of interfaces,\ntoo.
254
00:22:36,690 --> 00:22:41,659
The management interface is used for so-called\n
255
00:22:41,659 --> 00:22:49,139
used to manage devices such as Telnet or SSH\n
256
00:22:49,138 --> 00:22:55,918
to the GUI, RADIUS authentication traffic,\n
257
00:22:55,919 --> 00:23:01,379
Remember that, to connect to the GUI of the\n
258
00:23:05,148 --> 00:23:12,069
CAPWAP tunnels between the APs and WLC are\n
259
00:23:12,069 --> 00:23:14,928
Next there also might be a redundancy management\ninterface.
260
00:23:14,929 --> 00:23:21,179
When two WLCs are connected by their redundancy\n
261
00:23:23,148 --> 00:23:28,028
To manage the active WLC you can connect to\n
262
00:23:28,028 --> 00:23:32,558
standby WLC you can use the redundancy management\ninterface.
263
00:23:32,558 --> 00:23:35,899
Next there is the virtual interface.
264
00:23:35,900 --> 00:23:39,980
Remember I had to configure this IP address\n
265
00:23:39,980 --> 00:23:45,548
It’s used when communicating with wireless\n
266
00:23:45,548 --> 00:23:49,528
web authentication if necessary, etc.
267
00:23:49,528 --> 00:23:52,099
Next there is a service port interface.
268
00:23:52,099 --> 00:23:56,980
If the WLC’s service port is used, this\n
269
00:23:56,980 --> 00:24:01,019
management instead of the regular management\ninterface.
270
00:24:01,019 --> 00:24:06,278
And finally there are dynamic interfaces,\n
271
00:24:07,278 --> 00:24:11,859
For example, traffic from the internal wireless\n
272
00:24:11,859 --> 00:24:14,269
the WLC’s Internal dynamic interface.
273
00:24:14,269 --> 00:24:19,888
So, let’s go back to the GUI and configure\n
274
00:24:22,179 --> 00:24:25,759
Here’s the interfaces menu again.
275
00:24:25,759 --> 00:24:30,900
I’ll click New to create a new interface.
276
00:24:30,900 --> 00:24:35,879
First I’ll make the interface for the Internal\n
277
00:24:40,230 --> 00:24:43,798
I am then brought to this screen where I can\nenter more details.
278
00:24:43,798 --> 00:24:49,829
The VLAN ID was already set to 100 from the\n
279
00:24:49,829 --> 00:24:53,158
netmask, gateway, and DHCP server address.
280
00:24:53,159 --> 00:24:57,730
That’s all I need to enter here, so I clicked\non Apply.
281
00:24:57,730 --> 00:25:01,599
By the way, feel free to pause the video at\n
282
00:25:01,599 --> 00:25:04,898
different settings available in any of these\nmenus.
283
00:25:04,898 --> 00:25:09,918
So, now the dynamic interface called ‘internal’\n
284
00:25:09,919 --> 00:25:15,200
I will map this interface to the Internal\n
285
00:25:16,319 --> 00:25:20,490
That is the guest interface, so I click on\nNew again.
286
00:25:20,490 --> 00:25:26,130
and then at this screen I specify a name of\n
287
00:25:26,130 --> 00:25:29,710
will be used for the guest WLAN and VLAN.
288
00:25:32,538 --> 00:25:38,308
Again at this screen I enter the IP information\n
289
00:25:38,308 --> 00:25:43,769
netmask, gateway, and DHCP server address,\n
290
00:25:45,240 --> 00:25:50,299
Okay, now the WLC has all of the interfaces\nit needs.
291
00:25:50,299 --> 00:25:53,668
Finally let’s go to configuring some WLANs.
292
00:25:53,669 --> 00:25:58,980
To do that, just click on the WLAN tab here\n
293
00:26:02,720 --> 00:26:06,490
Note that one WLAN, Internal, already exists.
294
00:26:06,490 --> 00:26:10,019
That is because I made it during the initial\nsetup in the CLI.
295
00:26:10,019 --> 00:26:13,849
However, I still have to make some changes\nto this one.
296
00:26:13,849 --> 00:26:17,730
For example, look at the security policies\ncolumn on the right.
297
00:26:17,730 --> 00:26:23,308
It is configured to use 802.1X authentication,\n
298
00:26:23,308 --> 00:26:29,569
But for the CCNA we have to configure Pre-shared\n
299
00:26:30,569 --> 00:26:38,829
So, if I click on the WLAN ID, the number\n
300
00:26:38,829 --> 00:26:45,849
The profile name is Internal, it’s a WLAN,\n
301
00:26:49,769 --> 00:26:54,579
As I said before I’ll have to change that,\n
302
00:26:57,349 --> 00:27:01,178
Currently the Internal WLAN is mapped to the\n
303
00:27:01,179 --> 00:27:05,929
That’s not correct, we should map it to\n
304
00:27:08,308 --> 00:27:11,730
I selected the Internal interface here.
305
00:27:11,730 --> 00:27:17,308
Now it’s time to go to the security tab\n
306
00:27:23,569 --> 00:27:27,589
First up, notice what’s called the ‘layer\n2 security’ setting.
307
00:27:27,589 --> 00:27:34,288
This is where we can select things like WEP,\n
308
00:27:34,288 --> 00:27:41,339
Currently it’s WPA+WPA2, which is what we\n
309
00:27:41,339 --> 00:27:46,720
For your reference, here are the layer 2 security\n
310
00:27:46,720 --> 00:27:48,960
Note that the newer WPA3 isn’t supported.
311
00:27:48,960 --> 00:27:54,380
But that’s fine, we’re supposed to use\nWPA2 for the CCNA.
312
00:27:54,380 --> 00:27:58,450
Next, look down here at authentication key\nmanagement.
313
00:28:01,140 --> 00:28:04,619
This is what we want to change, it should\nbe PSK.
314
00:28:04,618 --> 00:28:14,378
So, I scrolled down a bit, de-selected 802.1X,\n
315
00:28:14,378 --> 00:28:18,330
Notice that the PSK can then be specified\n
316
00:28:18,330 --> 00:28:25,709
HEX means hexadecimal, the same number system\n
317
00:28:25,710 --> 00:28:30,538
ASCII means American Standard Code for Information\nInterchange.
318
00:28:30,538 --> 00:28:36,308
Basically, it means you can enter your password\n
319
00:28:36,308 --> 00:28:43,339
So, I selected ASCII, entered a short password,\n
320
00:28:43,339 --> 00:28:49,528
message, stating that the PSK in ASCII format\n
321
00:28:49,528 --> 00:28:54,259
This is to make sure the password is secure,\nnot easy to crack.
322
00:28:54,259 --> 00:28:59,679
So this time I entered a longer password,\n
323
00:28:59,679 --> 00:29:05,869
We won’t configure any ‘Layer 3’ security\n
324
00:29:05,868 --> 00:29:13,399
the Layer 3 tab and you can see that my WLC\n
325
00:29:13,400 --> 00:29:20,309
If I select web policy, various options appear,\n
326
00:29:20,308 --> 00:29:25,019
Web authentication means that, after wireless\n
327
00:29:25,019 --> 00:29:30,660
a web page, they will have to enter a username\n
328
00:29:30,660 --> 00:29:35,440
Web passthrough is similar, but no username\n
329
00:29:35,440 --> 00:29:40,259
Instead a warning or statement is displayed\n
330
00:29:42,148 --> 00:29:46,888
In either of these examples, the Layer 2 authentication\n
331
00:29:46,888 --> 00:29:51,709
This is common for public WiFi for example\nat a cafe.
332
00:29:51,710 --> 00:29:57,048
Note that the conditional and splash page\n
333
00:29:57,048 --> 00:30:00,868
require 802.1X layer 2 authentication.
334
00:30:00,868 --> 00:30:05,658
Anyway, as I said before we won’t configure\n
335
00:30:08,669 --> 00:30:14,389
There is also a AAA servers tab, but since\n
336
00:30:14,388 --> 00:30:17,219
no need to set up anything like a RADIUS server.
337
00:30:17,220 --> 00:30:21,379
So, let’s go to the QoS tab now.
338
00:30:24,648 --> 00:30:28,998
The only thing you need to be aware of here\n
339
00:30:32,349 --> 00:30:34,459
Here are the options available.
340
00:30:34,460 --> 00:30:39,778
This is how you can control what quality of\n
341
00:30:39,778 --> 00:30:44,460
Platinum should be used for voice, for example\nWiFi IP phones.
342
00:30:44,460 --> 00:30:47,149
Gold should be used for video traffic.
343
00:30:47,148 --> 00:30:52,178
Silver is the default, and bronze is given\n
344
00:30:53,179 --> 00:30:57,700
Anyway, in this case I’ll just leave it\n
345
00:30:57,700 --> 00:31:02,600
these four QoS settings, platinum, gold, silver,\nand bronze.
346
00:31:02,599 --> 00:31:08,109
Okay, finally we’ll take a look at the advanced\ntab.
347
00:31:08,109 --> 00:31:10,619
In this tab there are lots of different settings.
348
00:31:10,619 --> 00:31:15,369
For example, you could configure a maximum\n
349
00:31:15,369 --> 00:31:17,629
Currently it is 0, meaning there is no maximum.
350
00:31:17,630 --> 00:31:22,249
Okay, I’ll scroll down to see other settings.
351
00:31:22,249 --> 00:31:26,569
Here are some additional settings, for example\n
352
00:31:28,308 --> 00:31:32,710
But I won’t touch these advanced settings,\n
353
00:31:34,808 --> 00:31:39,440
Okay, the Internal WLAN is done.
354
00:31:39,440 --> 00:31:44,909
Next I’ll click on Go here to create a new\nWLAN, the guest WLAN.
355
00:31:44,909 --> 00:31:51,000
Okay, since we’re creating a new WLAN this\n
356
00:31:54,230 --> 00:31:59,499
The profile name is used to identify this\n
357
00:31:59,499 --> 00:32:03,579
make it the same as the SSID, as I did in\nthis case.
358
00:32:03,579 --> 00:32:07,918
Note that the profile name and SSID don’t\n
359
00:32:07,919 --> 00:32:12,870
Then there is the ID, a unique number that\nidentifies the WLAN.
360
00:32:12,869 --> 00:32:16,709
The Internal WLAN was 1, so I’ll make this\none 2.
361
00:32:16,710 --> 00:32:20,100
So, I’ll click on apply to move forward.
362
00:32:20,099 --> 00:32:24,089
Okay, now we’re at that same page.
363
00:32:24,089 --> 00:32:28,569
Since we already went through all of the settings\n
364
00:32:29,569 --> 00:32:32,689
There are two things we should change on this\ngeneral tab.
365
00:32:34,909 --> 00:32:39,940
The Internal WLAN was already enabled, but\n
366
00:32:41,028 --> 00:32:45,628
And secondly, we should change the interface\n
367
00:32:45,628 --> 00:32:48,808
Okay, I changed the settings.
368
00:32:48,808 --> 00:32:53,749
Now, the only other change we have to make\n
369
00:32:55,759 --> 00:33:01,099
I’ve already shown you how to do that, so\n
370
00:33:01,099 --> 00:33:06,778
Okay, now we have two WLANs, the internal\n
371
00:33:06,778 --> 00:33:12,148
So, let’s return to the monitoring dashboard\n
372
00:33:14,960 --> 00:33:19,940
I scrolled down a bit, and you can see that\n
373
00:33:23,099 --> 00:33:27,980
On my iPhone you can see that the guest and\n
374
00:33:30,429 --> 00:33:35,820
Okay, now you can see that there are 3 clients\n
375
00:33:35,819 --> 00:33:40,759
To see a list of them, you can click clients,\n
376
00:33:43,349 --> 00:33:49,628
It shows their IP Addresses, which AP they\n
377
00:33:50,628 --> 00:33:55,888
Okay, we’ve looked at a lot in this video,\n
378
00:33:55,888 --> 00:33:57,678
look at a couple more things.
379
00:33:57,679 --> 00:34:02,269
Let’s go to the wireless tab here.
380
00:34:02,269 --> 00:34:07,038
The first thing we’re shown is a list of\n
381
00:34:07,038 --> 00:34:11,530
You can see their IP addresses, model numbers,\n
382
00:34:11,530 --> 00:34:16,169
Let’s click on an AP name and check the\nsettings.
383
00:34:16,168 --> 00:34:21,759
Again, here you can see a lot of information\n
384
00:34:24,858 --> 00:34:26,000
You should know what this is.
385
00:34:29,739 --> 00:34:33,209
These are the operational modes I covered\nin earlier videos.
386
00:34:33,210 --> 00:34:38,449
Local, flexconnect, monitor, rogue detector,\netc.
387
00:34:38,449 --> 00:34:42,858
This is where you can configure the AP’s\n
388
00:34:44,570 --> 00:34:49,429
Okay, next let’s look at the management\ntab.
389
00:34:51,059 --> 00:34:54,619
First, you can see a summary of the management\nsettings.
390
00:34:54,619 --> 00:35:01,250
For example, SNMPv1 is disabled, but v2 and\nv3 are enabled.
391
00:35:03,320 --> 00:35:07,250
HTTP and HTTPS connections are enabled.
392
00:35:07,250 --> 00:35:09,340
Telnet connections are disabled.
393
00:35:09,340 --> 00:35:15,910
To prove this I tried to Telnet from my PC\n
394
00:35:15,909 --> 00:35:19,719
Telnet is not a secure protocol, so it’s\n
395
00:35:19,719 --> 00:35:25,558
SSH is enabled, and management via wireless\nis disabled.
396
00:35:25,559 --> 00:35:30,780
This means that a wireless client won’t\n
397
00:35:30,780 --> 00:35:33,460
Only a device connected to the wired network\ncan.
398
00:35:33,460 --> 00:35:40,720
Let’s change that setting by clicking on\n
399
00:35:40,719 --> 00:35:44,959
You can change that setting by checking this\n
400
00:35:44,960 --> 00:35:51,079
If this is enabled, a wireless client, for\n
401
00:35:51,079 --> 00:35:54,610
to connect to the WLC and make configuration\nchanges.
402
00:35:54,610 --> 00:35:59,588
Anyway, let’s look at one last thing, here\non the security tab.
403
00:35:59,588 --> 00:36:05,230
So, I clicked on the security tab and then\n
404
00:36:05,230 --> 00:36:11,070
Let’s configure an ACL to limit the management\n
405
00:36:11,070 --> 00:36:17,600
There are no ACLs at the moment, so I’ll\n
406
00:36:17,599 --> 00:36:24,179
First I named the ACL MANAGEMENT_ACL, and\n
407
00:36:24,179 --> 00:36:26,759
Then I clicked apply to move forward.
408
00:36:26,760 --> 00:36:33,420
Okay, now the ACL has been created, but as\n
409
00:36:33,420 --> 00:36:41,358
So, I’ll click here to add a new rule and\n
410
00:36:41,358 --> 00:36:46,068
This is where you specify things like the\n
411
00:36:46,068 --> 00:36:49,730
protocol, DSCP marking, direction, etc.
412
00:36:49,730 --> 00:36:55,550
So, I specified a sequence number, source\n
413
00:36:57,460 --> 00:37:02,548
I followed that process again to make two\n
414
00:37:03,980 --> 00:37:09,048
Don’t worry about the exact contents of\n
415
00:37:10,900 --> 00:37:17,170
So, now that the ACL is made let’s apply\n
416
00:37:18,650 --> 00:37:25,070
To do so, click here, CPU access control lists.
417
00:37:25,070 --> 00:37:32,609
To apply the ACL, check enable CPU ACL here\n
418
00:37:36,539 --> 00:37:42,730
So, CPU ACLs are used to limit access to the\nCPU of the WLC.
419
00:37:42,730 --> 00:37:50,750
This limits which devices will be able to\n
420
00:37:50,750 --> 00:37:53,710
retrieve SNMP information from the WLC, etc.
421
00:37:53,710 --> 00:38:00,068
This doesn’t affect traffic passing through\n
422
00:38:02,059 --> 00:38:08,119
Okay, there are so many more things I could\n
423
00:38:08,119 --> 00:38:12,240
quite long and we’ve covered what we need\nto for the CCNA.
424
00:38:12,239 --> 00:38:18,059
To practice for the CCNA you can just use\n
425
00:38:19,880 --> 00:38:24,539
But if you’re interested in really exploring\n
426
00:38:24,539 --> 00:38:29,869
get some second-hand hardware for cheap like\n
427
00:38:29,869 --> 00:38:34,440
But again, that’s not necessary for CCNA\nstudies.
428
00:38:34,440 --> 00:38:40,559
Before moving on to the quiz, let’s review\n
429
00:38:40,559 --> 00:38:44,808
First I introduced the network topology we\n
430
00:38:44,809 --> 00:38:49,300
Then I showed the configurations I did on\n
431
00:38:52,250 --> 00:38:57,750
Then I showed the basic WLC setup which is\n
432
00:38:57,750 --> 00:39:01,539
Then I showed how to configure WLC interfaces.
433
00:39:01,539 --> 00:39:06,179
Remember the difference between physical ports\n
434
00:39:06,179 --> 00:39:10,589
Up to now I’ve always used the terms port\n
435
00:39:10,590 --> 00:39:13,510
about WLCs you should be specific.
436
00:39:13,510 --> 00:39:18,470
I then showed how to configure WLANs on a\nWLC.
437
00:39:18,469 --> 00:39:22,959
We configured the Internal WLAN and the Guest\nWLAN.
438
00:39:22,960 --> 00:39:28,920
And finally we looked at some additional features,\n
439
00:39:28,920 --> 00:39:32,059
management traffic to the WLC.
440
00:39:32,059 --> 00:39:36,540
Make sure to watch until the end of the video\n
441
00:39:36,539 --> 00:39:40,630
ExSim for CCNA, the best practice exams for\nthe CCNA.
442
00:39:40,630 --> 00:39:46,030
Okay, let’s go to quiz question 1.
443
00:39:46,030 --> 00:39:51,400
Which WLC port can be used to form an HA pair\nwith another WLC?
444
00:39:51,400 --> 00:39:55,579
Pause the video now to select the best answer.
445
00:39:55,579 --> 00:40:00,400
Okay, the answer is redundancy port.
446
00:40:00,400 --> 00:40:03,960
The redundancy port in this image is number\n9.
447
00:40:03,960 --> 00:40:10,650
It can be used to connect the two WLCs together\n
448
00:40:10,650 --> 00:40:15,630
One WLC will be active and the other will\n
449
00:40:21,030 --> 00:40:25,240
Which WLC interface type maps a WLAN to a\nVLAN?
450
00:40:25,239 --> 00:40:29,558
Pause the video now to select the best answer.
451
00:40:29,559 --> 00:40:35,569
Okay, the answer is A, dynamic interface.
452
00:40:35,568 --> 00:40:39,358
Dynamic interfaces are used to send traffic\n
453
00:40:41,219 --> 00:40:47,199
In this video, for example, we created two\n
454
00:40:47,199 --> 00:40:52,279
used them to map the Internal and Guest WLANs\n
455
00:40:57,409 --> 00:41:01,199
Which of the following is a type of Layer\n3 authentication?
456
00:41:01,199 --> 00:41:06,909
Pause the video now to select the best answer.
457
00:41:06,909 --> 00:41:10,250
The answer is D, web authentication.
458
00:41:10,250 --> 00:41:15,500
Web authentication can be configured under\n
459
00:41:15,500 --> 00:41:20,460
It requires users to authenticate with a username\n
460
00:41:26,940 --> 00:41:31,130
Which WLC QoS setting should be used for video\ntraffic?
461
00:41:31,130 --> 00:41:34,818
Pause the video now to select the best answer.
462
00:41:34,818 --> 00:41:39,150
Okay, the answer is B, gold.
463
00:41:39,150 --> 00:41:41,410
Here are those QoS options again.
464
00:41:41,409 --> 00:41:46,440
Silver, best effort, is the default, but Gold\n
465
00:41:51,719 --> 00:41:56,730
Which WLC port type can form a LAG to pass\n
466
00:41:56,730 --> 00:42:00,490
Pause the video now to select the best answer.
467
00:42:00,489 --> 00:42:06,029
Okay, the answer is B, distribution system\nport.
468
00:42:06,030 --> 00:42:10,590
These ports are the standard network ports\n
469
00:42:12,550 --> 00:42:14,769
Okay, that’s all for the quiz.
470
00:42:14,769 --> 00:42:19,809
Now let’s take a look at a bonus question\n
38879
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.