Clik here to view.
How Fast is your Network – iPerf ?
Have you ever get complaints from users stating “Network is too slow” ? how do you measure network throughput in your environment ? It is always good idea to benchmark your network(wired or wireless)...
View ArticleClik here to view.
Decrypt WPA2-PSK using Wireshark
In this post we will see how to decrypt WPA2-PSK traffic using wireshark. This is useful when you study (my case for CWSP studies) different security protocols used in wireless.Here is the basic...
View ArticleClik here to view.
How to get WLC SFP Info ?
Did you ever wanted to find out inventory details of the SFP plugged into WLC ports ? Typically “show inventory” is what we need. But in AireOS, that command only give the Chassis serial Number as...
View ArticleClik here to view.
CWSP – 4 Way Handshake
In this post we will go through 4-Way Handshake process. This is described in Chapter 5 of CWSP Official Study Guide. Page 194 of this book shows the RSN key hierarchy. MSK-Master Session Key ( or AAA...
View ArticleClik here to view.
CWSP – CCMP Encryption Method
In IEEE 802.11-2007 standard define 3 encryption methods that operate at layer 2 of OSI model (WEP, TKIP, CCMP). These used to encrypt upper layer information of 802.11 data frames what has MSDU...
View ArticleClik here to view.
CWSP-Legacy 802.11 Security
Here is my study notes from CWSP-Official Study Guide – Chapter 2. There two legacy (Pre-RSNA) authentication methods. 1. Open System Authentication 2. Shared Key Authentication. In Open System...
View ArticleClik here to view.
CWSP -RSN Information Element
RSN-IE (Robust Security Network Information Element) is an optional field of variable length that can be found in 802.11 management frames.RSN element has an element ID of 48 & present in below...
View ArticleClik here to view.
CWSP – EAP Basics
The Extensible Authentication Protocol (EAP) as defined in IETF RFC 2284 provides support for many authentication methods.EAP was originally adopted for use with PPP, since been redefined in IETF RFC...
View ArticleClik here to view.
CWSP- EAP LEAP
EAP-LEAP (Lightweight Extensible Authentication Protocol) is Cisco proprietary authentication method. Below diagram shows the EAP-LEAP authentication process. (page 143 of CWSP Official Study Guide)...
View ArticleClik here to view.
CWSP- EAP PEAP
EAP-PEAP (Protected Extensible Authentication Protocol), creates an encrypted TLS tunnel withing which the supplicant’s inner identity is validated. Sometime it is referred as EAP within EAP. There are...
View ArticleClik here to view.
CWSP- EAP TLS
EAP-TLS (EAP-Transport Layer Security) is defined in RFC 5216 & considered as most secure EAP methods used in WLAN. EAP-TLS is required to use client-side certificates in addition to server-side...
View ArticleClik here to view.
CWSP- EAP FAST
EAP-FAST (Flexible Authentication via Secure Tunneling) initially developed by Cisco. Later in 2007, IETF ratified this in RFC 4851. Cisco developed this as replacement for LEAP. EAP-FAST provide both...
View ArticleClik here to view.
CWSP- 802.11 Roaming Basics
In this post we will see how a basic 802.11 roam works using Cisco WLC & two APs. My WLC is 4402 & running on 7.0.116.0 code. I have configured a SSID called TEST1 with 802.1X security. Here is...
View ArticleClik here to view.
CWSP-802.11r Key Hierarchy
IEEE 802.11r-2008 is also known as “fast basic service set transition -FT” is defined for allow fast secure roaming.802.11r mechanism introduce multiple layer of PMKs that are cached in different...
View ArticleClik here to view.
CWSP-802.11r FT Association
In this post we will see how 802.11r supported client first associate to an SSID configured for 802.11r FT support. I have used 3850 (running on IOS-XE 3.6) as my WLC. Not all wireless clients support...
View ArticleClik here to view.
CWSP-802.11r Over-the-Air FT
In this post we will see how 802.11r Over-the-Air Fast BSS Transition works. We will use same topology & base configuration used for the previous post. First I have to disable “Over-the-DS” feature...
View ArticleClik here to view.
CWSP-802.11r Over-the-DS FT
In this post we will see how “Over-the-DS Fast BSS Transition” works. We will use the same topology as shown below. Originally Client is associated to LAP2 & then roam to LAP1.One thing you have to...
View ArticleClik here to view.
What’s new in WLC 8.0 ?
As you already aware Cisco has released WLC 8.0 software which is a major upgrade in recent years. People were talking about this code version for a long period of time ( I remember even in CL-2012...
View ArticleClik here to view.
CWSP – PMK Caching & Preauthentication
PMK Caching & Preauthentication are two different methods defined in IEEE 802.11-2007 to allow fast secure roaming. PMK Caching: In PMK Caching AP & client station maintain PMKSA for a period...
View ArticleClik here to view.
CWSP – 802.11k AP Assisted Roaming
IEEE 802.11k-2008 defines Radio Resource Management (RRM) mechanism that enable 802.11k capable client’s radio to better understand the RF environment that they exist which will help clients to have...
View Article