You do not want anyone to access the AP in the research lab using the GUESTNET.. Select the WLAN Override by selecting enable, as seen in Figure 13-14.. Figure 13-14 Enabling WLAN Overri
Trang 1Figure 13-8 WLAN Configuration Tabs
Step 7. Choose not to broadcast the SSID by deselecting the Broadcast SSID check
box This adds a little security, but, as you will learn in Chapter 17, “Securing the Wireless Network,” it is not a high degree of security The default value is
to broadcast the SSID
Step 8 Do not click Apply yet.
Modifying the Security Settings Before you apply the configuration, you need to modify the security settings Follow these steps:
Step 1. Click the Security tab within the WLAN configuration window
You are presented with three additional tabs:
■ Layer 2
■ Layer 3
■ AAA Servers For now, you should only be concerned with the Layer 2 policy, because the Layer 3 policy defaults to None
Step 2 Choose None as the Layer 2 security method.
Step 3 Click Apply.
Trang 2Figure 13-9 Listing WLAN Profiles
Success! You now have a functional WLAN, as Figure 13-9 illustrates That is, it is func-tional as long as the wired network behind it is good to go
Naming Access Points Still, you might want to do some tweaks to the network For example, suppose that you have two APs One AP is in the lobby, and the other is in the research lab You do not want anyone to access the AP in the research lab using the GUESTNET What do you do? You just control the APs that allow GUESTNET access To begin, though, you should identify which AP is in the lobby and which is in the research lab Figure 13-10 shows that the two APs are identified by a MAC address as the AP name
This can be confusing I recommend changing the name of the AP to something that makes sense Here is how to do it:
Step 1. Find the MAC address of the AP in the lobby It is printed on the bottom of
the AP
Step 2. After you have the MAC of the lobby AP, go to the WLC interface and browse
to WIRELESS > Access Points > All APs.
Step 3. Select the AP that matches the MAC address The AP name begins with “AP”
followed by the MAC address
Step 4 Change the Name in the General tab to Lobby-AP.
Trang 3Figure 13-10 Listing All APs
Note: This name follows the AP when you move it within your network, so it is important
to update the name on the controller if you ever move the AP or swap it out Also, it is good practice to label the Cisco PoE switch port with the same name This helps when you are troubleshooting any issues and might need to remotely power cycle the AP by shutting its switch port
Step 5. Optionally add a location These steps are seen in Figure 13-11
Step 6 Click Apply.
Step 7. Next, select the other AP
Note: You might have more than two APs in your own deployment The term other AP in this case simply refers to the only other AP used in the example
Step 8. Repeat Steps 5 through 7 to assign a different name and location for the
Re-search_Lab AP
When completed, you should see two APs that are easy to identify based on their name
Trang 4Figure 13-11 Naming the AP
Restricting Access to Access Points Now is where the control part comes in Remember that you do not want the GUESTNET access going through the Research_Lab-AP Following is how to prevent it:
Step 1 Start by selecting WIRELESS > Access Points > Radios > 802.11a/n.
Step 2. Find the Research_Lab-AP seen in Figure 13-12
Step 3. To the right of the entry, hover your mouse over the arrow seen in Figure
13-13, and select Configure.
Step 4 Select the WLAN Override by selecting enable, as seen in Figure 13-14 A new
list of WLANS appears
Step 5. Select the WLAN that you want this AP to support
In this case, leaving the GUESTNET WLAN unchecked removes that access through this AP
Step 6 Click Apply.
Step 7. Repeat these steps for the 802.11b/g/n radio
After you have done this for the Research_Lab-AP, you probably want to do the same for the Lobby_AP, but only allow GUESTNET access though it, removing any other net-works
Trang 5Figure 13-12 802.11a/n Radios
Figure 13-13 802.11a/n Radio Options Menu
Key
Topic
Key
Topic
Trang 6Figure 13-14 Enabling WLAN Override
Summary of Controller Configuration Using the Web Interface
At this point you have accomplished much by way of your controller Through one inter-face, you can see how much power in configuration you have What did you do? Here is the list:
■ You set up multiple APs at the same time
■ You easily configured a WLAN connection to provide GUESTNET access
■ You controlled which APs allows GUESTNET access
Of course, more options are available that you might want to understand, and many relate
to security First, however, it is beneficial to understand how to monitor the network from the interface of the controller, view your APs, and simply get a better picture of what is going on in the network The following sections discuss these aspects
Monitoring with the Controller
As far as the management and monitoring of the network go, you have much power by way of the controller The controller is a central point of intelligence that can give you valuable information regarding the network overall as well as specifics related to APs, clients, rogues, and more The main login page of the controller provides an excellent starting point
Trang 7General Monitoring The Controller Summary page is the first thing you see when you log in At first glance, it might seem like a simple overview, but it has much more than that Examine Figure 13-15, where you will notice the following functional areas of the Summary page:
■ Controller Summary
■ Access Point Summary
■ Client Summary
■ Rogue Summary
■ Most Recent Traps Each area provides a wealth of information, as described in the sections that follow Controller Summary
Controller Summary provides the management IP address and the service port address You can also see the software version In Figure 13-15, you can see that the version is 4.1.192.17M (Mesh) Eventually you will learn to upgrade it to version 5.x For now, this version is acceptable
Figure 13-15 Monitor Summary
Trang 8Figure 13-16 Radio Details
You can also gather the name of the controller and its uptime Next, you can see the up time and system time on the controller, as well as the internal temperature In addition, you can see that the 802.11a and 802.11b/g networks are enabled
Access Point Summary The next functional area is Access Point Summary, which shows the total number of 802.11a.n and 802.11b/g/n radios that are present, how many are up, and how many are
down You can click Detail for more information 802.11b/g/n Radios details have been
se-lected, and you are presented with a list of APs, as seen in Figure 13-16
This list provides valuable information regarding the administrative status of the APs as well as the channel they are operating on and their power level A power level of 1 indi-cates the highest level of power legal in the country you are in You can change these
lev-els by hovering your mouse over the blue arrow on the right and selecting the Configure
link, as seen in Figure 13-17
After you select Configure, you are taken to the page shown in Figure 13-18 that allows
you to set General parameters, including enabling and disabling the radios, 11n parameters
if available, and antenna type and diversity
You can also gather information about management frame protection and perform a WLAN override A WLAN override lets you control which SSIDs are made available by
this AP You saw this in the section “Configuring the Controller Using the Web Interface.”
Trang 9Figure 13-18 802.11b/g/n Cisco APs > Configure Screen
Figure 13-17 Access the Configure Options of the Radios
Trang 10Figure 13-19 Viewing 802.11a/n Radios
On the right side of the page, you can change the RF channel assignment and the TX (transmit) power level assignment The higher the number of the power setting, the lower the power level is For example, changing the level from 1 to 2 decreases the power by 50 percent Changing it to 3 decreases it by 25 percent, and 4 decreases it by 12.5 percent
Each level halves the one before it
You can also change and edit a performance profile The Performance Profile link takes you to a page that lets you define RF values and thresholds Additionally, from the Moni-tor page, you can select the Wireless link on the left side of the page, as shown in Figure 13-19
In the figure, you can see a list containing the following links:
■ Rogue APs: Selecting Rogue APs takes you to a page that lists the rogue APs.
■ Known Rogue APs: Selecting Known Rogue APs takes you to a page of known
rogue APs
■ Rogue Clients: The Rogue Clients link takes you to a list of rogue clients.
■ Adhoc Rogues: Adhoc Rogues takes you to a list of clients that are creating ad-hoc
networks This can pose a serious security risk, because it can enable access to the wired infrastructure
Key Topic