Clik here to view.
Configuring MFP
Management Frame Protection (MFP) provides security for the otherwise unprotected and unencrypted 802.11 management messages between APs & Clients. MFP provides both infrastructure & client...
View ArticleClik here to view.
Configuring TCP MSS on WLC
TCP Maximum Segment Size is the maximum allowable TCP payload size as show in the below diagram. You can find a nice article on this & MTU in below blog post from Packetlife.net (above diagram from...
View ArticleClik here to view.
Probe Request Forwarding
Probe requests are 802.11 management frames sent by clients to request information about the capabilities of SSIDs. By default AP forward acknowledged probe requests to the WLC for processing....
View ArticleClik here to view.
Configuring Country Codes on WLC
Controllers (WLC) & Access Points(AP) are designed for use in many countries with varying regulatory requirements. The radios within APs are assigned to a specific regulatory domain at the factory...
View ArticleClik here to view.
Configuring AP Retransmission Interval
The controller and the access points exchange packets using the CAPWAP reliable transport protocol. For each request, a response is defined. This response is used to acknowledge the receipt of the...
View ArticleClik here to view.
AP Failover
When an AP is fully joined to a controller, the AP learns of all the controllers configured in that mobility group. Should the controllers that an AP is currently registered with go down, the AP will...
View ArticleClik here to view.
A-MPDU & A-MSDU
IEEE 802.11 PHY layer specification concentrates mainly on wireless transmission and concurrently perform secondary functions like assessing the state of wireless medium & reporting back to the MAC...
View ArticleClik here to view.
Configuring BPDU Guard & Filtering
There are two features you can configure to complement the functionality of PortFast. 1. BPDU Guard 2. BPDU Filter BPDU Guard: On PortFast-enabled ports, BPDU Guard provides the protection against...
View ArticleClik here to view.
Configuring Root Guard & Loop Guard
In this post we will look at two other STP optional features known as Root Guard & Loop Guard. Root Guard: The STP root guard feature prevents a port from becoming root port or blocked port. If a...
View ArticleClik here to view.
Configuring RADIUS on WLC
In this post we will look at how to configure a WLC for a external RADIUS server. RADIUS server can handle two functions, namely Authentication & Accounting. In addition to these two functions,...
View ArticleClik here to view.
Configuring Local EAP on WLC
Local EAP is an authentication method that allows users and wireless clients to be authenticated locally to WLC. This is useful for a remote branch where it does not have a external RADIUS on-site or...
View ArticleClik here to view.
Configuring EAP-TLS on WLC
In this post we will see how to configure EAP-TLS on a wireless controller.It is assumed that you have a PC which has already installed certificates(User Certifcate & Root CA Certificate). You can...
View ArticleClik here to view.
Configuring Authentication in AAP
In Autonomous AP configurations, authentications type configured under SSID section.Below shows the configuration options available for authentication. AAP1(config-ssid)#authentication ? client...
View ArticleClik here to view.
802.11 Frame Format
The MAC frame format comprises a set of fields that occur in a fixed order in all frames. Below picture shows the general MAC frame format. The first three fields (Frame Control, Duration/ID, and...
View ArticleClik here to view.
Configuring HSRP
Hot Standby Routing Protocol (HSRP) is Cisco standard of providing redundancy for IP host configured in a LAN network with default gateway address.It enables a set of router interfaces to work together...
View ArticleClik here to view.
WLC Admin Access via TACACS
In this post we will see how to control access to WLC for different type of users using TACACS (ACS 5.2). I will create 3 different user type (Admin, User, Guest) where “Admin” user have full access to...
View ArticleClik here to view.
Configuring TACACS on WLC
In this post we will see how to configure TACACS on a WLC. (I am using ACS 5.2 as TACACS server & WLC is 7.0.116.0 which is in CCIE v2.0 exam). As you can see TACACS server can be added for...
View ArticleClik here to view.
NTP Basics
Network Time Protocol (NTP) is used to synchronize a device clock with external NTP server. You can configure a Cisco IOS router as NTP server by configuring “ntp master <stratum> ” CLI command....
View ArticleClik here to view.
WGB with EAP-FAST
In this post we will see how to configure security for basic Autonomous WGB solution. Here is the topology I will use for this post. A Laptop connected to the WGB (1252 AP) ethernet port & it is...
View ArticleClik here to view.
WGB with CAPWAP
Since WGB AP acting as client, it can be associated to any (Autonomous or Lightweight) other AP. In this post we will see how WGB associated with a CAPWAP AP. Here is the setup for this post (Note that...
View Article