■ Clients:This link ties you to a page that provides a list of clients and lets you search by MAC address for clients.. Numerous items are of interest here that are not seen in the figur
Trang 1Figure 13-20 Radio Statistics
■ 802.11a/n Radios / 802.11b/g/n Radios:The 802 Radios links provide a list of APs with that specific type of radio
■ Clients:This link ties you to a page that provides a list of clients and lets you search
by MAC address for clients
■ RADIUS Servers:This link provides a list of RADUIS Authentication and Account-ing servers
Looking further into the 802.11a/n Radios and 802.11b/g/n Radios options, you can gain
even more information by selecting the Details link for a radio from the Monitor
Sum-mary page Here is what you get You see the slot that the radio is in and the base radio MAC address Looking more closely at Figure 13-19, you can see that Operational Status
is UP You can gain information regarding a load profile, noise profile, interference profile, and coverage profile
Load Profile is set to 80% by default If the load of this particular AP goes over that threshold, Load Profile shows a warning rather than the status Passed Likewise, if the SNR is too low, Load Profile indicates a warning Should too much interference be on the same channel that this AP is operating on, the Interference Profile shows a warning If clients roam away and are not able to relay off another AP, the Coverage Profile shows a warning To see the details of these profiles, from the screen in Figure 13-18, select the
Details link at the right side of the page This causes a page similar to Figure 13-20 to be
displayed
Trang 2The resulting page is Radio Statistics Numerous items are of interest here that are not seen in the figure:
Note: To see the content discussed in the previous bulleted list, you need to scroll down
in the web interface of the controller, because the page is long for this output and is not shown completely in Figure 13-20
■ The Noise vs Channel chart shows each channel of the AP and the level of non-802.11 noise interference on that particular channel
■ The Interference by Channel shows statistics for other 802.11 interference
■ The Load Statistics section provides information about transmit and receive utiliza-tion, channel utilizautiliza-tion, and attached clients
■ Two charts exist: % Client Count vs RSSI and % Client Count vs SNR
■ The next section covers the Rx Neighbors Information This section displays neigh-boring APs along with their IP address and Received Signal Strength Indicator (RSSI)
The controller uses this to allocate channels and ensure adequate coverage by shaping the coverage area
As far as the CCNA Wireless exam is concerned, you should be familiar with the overall concept, but you do not need to understand each area in great detail Still, with all this in-formation for monitoring the APs that this controller manages and their radios, you must contend with those rogue devices Rogue devices include any wireless device that can
in-terfere with the managed APs The following section discusses how to manage them
Managing Rogue APs You can manage rogue APs from the controller interface Recall that on the Monitor page, the second column has information on rogue devices This is a good place to start Re-viewing the Monitor page, seen in Figure 13-21, notice that the first line below Rogue Summary is Active Rogue APs
A rogue AP is an AP that is unknown to the controller You want to avoid jumping to con-clusions here It might simply be an AP in a neighboring business It does not necessarily represent the bad guys This takes a little work to figure out, however
The next line is Active Rogue Clients This is a wireless device that sends an unexpected frame This is usually from a default configuration on client devices
Next is Adhoc Rogues, which is, as previously mentioned, any device setting up an Adhoc network
Finally, you have the Rogues on a Wired Network field This is a count of rogues that a Rogue Detector AP has discovered It works by the AP detecting ARP requests on the wired network for APs marked as rogue
You can gather more information by selecting the Detail link on the right Selecting this
for the Active Rogue APs presents a list of the designated rogue APs The key on this page
is the number of detecting radios Examine Figure 13-22 Notice that 20 of 32 rogues are
Trang 3Figure 13-21 Review Rogues from the Monitor Page
listed Also key in on the number of detecting radios The fewer radios, the better That is because if only one or two detect the rogue, the rogue is probably on the edge of the net-work, most likely coming from a neighboring business, as is the case with this figure
If the number of detecting radios is high, the rogue is being seen by a number of APs and most likely is within your network, probably sitting under a desk exactly where it should not be
You can click on the rogue that you are concerned with and select Contain Rogue, as seen
in Figure 13-23
When you contain the rogue, your AP spoofs its MAC address and sends deauthentication frames that appear to come from the contained AP When clients see this, they are unable
to stay associated with the contained AP This should stress the importance of ensuring that it is not the AP of your neighbor
Another note related to containment relates to the number of devices you can contain You cannot contain more than three rogues per AP because the AP that is performing containment takes a CPU hit of up to 10 percent per contained AP The system cap is 30 percent This means that if an AP contains two rogues, it takes a 20 percent CPU hit With the system cap of 30 percent, it can contain only one more rogue
Key
Topic
Trang 4Figure 13-22 Rogue APs
Figure 13-23 Contain the Rogue AP
Key Topic
Trang 5Managing Clients Managing clients is another important aspect to master From the Monitor page, you can see the client summary This gives a total of current clients, excluded clients, and disabled clients Any device that sends a probe is considered a current client, so this number might
be inflated even if the client does not associate with the AP
Clicking on details provides a list of clients, as shown in Figure 13-24 You can see the
MAC address of the clients, the AP with which they are associated, the WLAN profile they are using, and the protocol they are using
In the case of Figure 13-24, the client with MAC address 00:1e:c2:ab:14:26 is associated with the Public_Guest_Access profile Next you have the status, in this case Associated Also, the client is authenticated, and port 1 on the controller is the means to the wired network This client is not a workgroup bridge
As seen in other examples, you can hover your mouse over the blue arrow to the right for
a list of options, including these:
■ LinkTest
■ Disable
■ Remove
Figure 13-24 Clients
Trang 6■ 802.11aTSM
■ 802.11b/gTSM The LinkTest provides a way to test the link of the client by reporting the number of sent and received packets, the signal strength, and the signal-to-noise ratio (SNR)
Disabling the client puts it into a Disabled Client list and bans it until it is manually
re-moved To view this list, select Security > Disabled Clients To manually add clients, click New.
The Remove link disassociates the client However, this does not prevent it from
attempt-ing association again, like disablattempt-ing would
For more details, click the client MAC address This presents the Detail page, as seen in Figure 13-25 The five sections are as follows:
■ Client Properties
■ Security Information
■ Quality of Service Properties
■ Client Statistics
■ AP Properties Finally, there are excluded clients Clients can be excluded for the following reasons:
■ The client has failed 802.11 authentication five times
■ The client has failed 802.11 association five times
■ The client has failed 802.1x authentication three times
■ The client has failed the policy on an external server
■ The client has an IP that is already in use
■ The client has failed three web authentication attempts
By default, these clients are excluded for 60 seconds Think of it as a waiting period If a client retries after that 60 seconds and does not fail any of the criteria in the preceding list, the client is no longer excluded
Using Internal DHCP One reason for exclusion is that the client might be trying to use an IP that is in use al-ready You can solve this issue using DHCP If your network does not have a DHCP server, the controller can act as one for you To configure the controller as a DHCP server, go to
CONTROLLER > Internal DHCP Server > New The rest of the DHCP server
configura-tion is pretty self-explanatory
Trang 7Figure 13-25 Clients > Detail
Trang 8Table 13-2 Key Topics for Chapter 13
Controller Terminology Section defining controller terms 228
Configuring the Controller Using the Web Interface
Creating an interface and creating a WLAN
238
Figure 13-21 Review rogues from the Monitor page 254
Exam Preparation Tasks Review All the Key Concepts
Review the most important topics from this chapter, noted with the Key Topics icon in the outer margin of the page Table 13-2 lists a reference of these key topics and the page number where you can find each one
Definition of Key Terms
Define the following key terms from this chapter, and check your answers in the Glossary:
port, interface, WLAN, static interface, dynamic interface, roaming, mobility group
Trang 9This chapter covers the following subjects:
Connecting to a Standalone AP: A brief discus-sion on how to gain access to a standalone AP using various methods
Using the Express Setup and Express Security for Basic Configuration: How to set up the standalone AP for wireless access using the Express Setup and Express Security configurations
Converting to LWAPP: How to convert a stand-alone AP to lightweight mode using the Upgrade tool
Trang 10Migrating Standalone APs to LWAPP
Table 14-1 “Do I Know This Already?” Section-to-Question Mapping
Using the Express Setup and Express Security for Basic Configuration 5–6
Many Cisco APs are capable of operating in both autonomous mode and lightweight mode APs that can do both usually ship in standalone mode Some may choose to use these APs in standalone mode Others might immediately convert them to Lightweight Access Point Protocol (LWAPP)–capable APs and integrate them into a network designed after the Cisco Unified Wireless Network (CUWN) In this chapter, you will learn how to access a standalone AP, how to configure it in standalone mode, and how to convert it to lightweight mode
You should do the “Do I Know This Already?” quiz first If you score 80 percent or higher, you might want to skip to the section “Exam Preparation Tasks.” If you score below 80 percent, you should spend the time reviewing the entire chapter Refer to Appendix A,
“Answers to the ‘Do I Know This Already?’ Quizzes,” to confirm your answers
“Do I Know This Already?” Quiz
The “Do I Know This Already?” quiz helps you determine your level of knowledge of this chapter’s topics before you begin Table 14-1 details the major topics discussed in this chapter and their corresponding quiz questions
1. A standalone AP has a console port True or False?
a. True
b. False