has recently decided to implement a wireless solution to enable mobility, increase the bandwidth to the branch office, and reduce the overall cost of remote access.. Some of the concerns
Trang 1FWL Skills Final
Estimated Time: 90 minutes
Number of Students: 2 students can be tested simultaneously
Objective
The student may read and prepare for 5 minutes There are 3 main tasks for the hands-on skills final
to be completed:
1 Basic Installation and Configuration (45 minutes)
2 Security and Monitoring (20 minutes)
3 Management (20 minutes)
Topology
Trang 2Scenario
FWL, Inc has recently decided to implement a wireless solution to enable mobility, increase the bandwidth to the branch office, and reduce the overall cost of remote access Some of the concerns from the Chief Security Officer (CSO) include data theft and wireless attacks on the network The Chief Executive Officer (CEO) is concerned with employee satisfaction with the wireless experience and expects a jump in productivity It is the job of the wireless network administrator to ensure the WLAN is properly installed, secured, and tested to achieve these goals
Read the checklist at the end of this document before beginning the exam Depending on the available time, the instructor will adjust the requirements Students may be required to use 802.11a, 802.11b, or both The instructor will assign each student to either the main office or branch office
Preparation
The equipment must be setup and cabled according to the topology
Tools and Resources
The following are required for each pod
Hardware:
• Wired PC
• Wireless PC or laptop
• Wireless NIC 802.11a, 802.11b, or both
• AP 1200 (or 1100)
• BR350
• 2 hubs or one switch with 2 VLANs
• 3 rubber duck dipole antennas
• 2 Category 5 patch cables
Software:
• ACU v6 or later
• PuTTY or equivalent
• Kiwi Sylog or equivalent
• IE 6 or Netscape 7
Optional:
• Windows 2000 Server
• Cisco Secure ACS 3.1 or later
Trang 3Checklist and Score Report
Step 1 Basic Installation and Configuration (45 min) /50
o Install (5 points)
NIC
• Option 1: 11b (PCM352 or PCI 352)
• Option 2: 11a (CB20A) ACUv6
• Option: Desktop or Laptop
o Operating System Options:
Windows MAC Linux
o Configure
Client (10 points)
• Create Profiles: Office 1 and Office 2 (2 must be created)
o Client Name:
Option1: 11b
• First initial-Last name-b Option2: 11a
• First initial-Last name-a
o SSID
Option 1: 11b
• Pod1: fwl-ap1-b
• Pod2: fwl-ap2-b Option 1: 11a
• Pod1: fwl-ap1-a
• Pod2: fwl-ap2-a
o Static WEP
Option 1: 40 bit Option 2: 128 bit
o Channel:
Option 1: 11b
• Pod1: 1
• Pod2: 11 Option 2: 11a
• Pod1: 34
• Pod2: 64
o Power:
Option 1:
• 1mW
• 5mW
o Auto Profiles
Office1 Office2
o IP Addressing:
Pod 1: 172.30.1.10 Pod 2: 172.30.2.10
AP (15 points)
• Hostname
o Option1: 11b
Fwl-ap1-b Fwl-ap2-b
o Option2: 11a
Fwl-ap1-a
Trang 4• SSID
o Option 1: 11b
Pod1: fwl-ap1-b Pod2: fwl-ap2-b
o Option 1: 11a
Pod1: fwl-ap1-a Pod2: fwl-ap2-a
o Option 3: both 11a and 11b
• Static WEP
o Option 1: 40 bit
o Option 2: 128 bit
• Channel:
o Option 1: 11b
Pod1: 1 Pod2: 11
o Option 2: 11a
Pod1: 34 Pod2: 64
• Power: 5mW or 10mW
• Antenna: Dual Diversity
BR (15 points)
• Hostname:
o Pod1: fwl-br1
o Pod2: fwl-br2
• SSID:
o Pod 1 and 2: fwlskills-br
• Radio
o Channel: 6
o Power: 5mW or 10mW
o Antenna: Left only
• WEP: 128 bit
o Students must collaborate to establish a common key
o Test Connectivity (5 points)
Verify connectivity from the syslog PC to the AP and bridge BVI
Verify wireless client to AP connectivity Telnet from the Student PC to the AP Verify connectivity from BR to BR Telnet from the wireless PC to the peer AP Ping the peer syslog server
Step 2 Security and monitoring (20 min) _/25
o Secure AP (20 points)
General (5 points)
• Change from Static WEP to Cipher ( TKIP + WEP 128 bit )
• Disable broadcast SSIDs Authentication (15 points)
• LEAP
o Option1: Local Radius
Configure users
• FWLuser1, FwLPaS1
• FWLuser2, FwLPaS2
o Option2: ACS
Configure users
o Test Connectivity (5 points)
Verify client to AP connectivity Telnet from the student PC to the AP
Verify connectivity from BR to BR Telnet from the student PC to the peer AP
Trang 5Step 3: Management (20 min) _/25
o Configure (20 points)
Administrator Account (5 points)
• Username: fwladmin1
• Password: WiReLeSs SSH (5 points)
• Disable Telnet and HTTP Backup configurations (5 points)
• Client profiles
• Bridge configuration
• AP configuration Monitoring (5 points)
• Configure Syslog on AP, BR or both
• Install and configure Syslog software on wired LAN PC
o Test Connectivity (5 points)
• Use the PuTTY SSH client to connect to the AP from the wireless PC
• Disassociate from the AP, then re-authenticate and verify the syslog logs are received by the syslog server
• Verify the backup configurations are stored on disk
• Verify the administrator account
• Verify Telnet and HTTP are disabled
• Connect to the peer AP through a wireless connection
Trang 6Pass / Fail
Must score 85% or better on the first attempt Must score 90% or better on subsequent attempts