1 / 49

Ch. 5 – Access Points

Ch. 5 – Access Points. Overview. Access Point Connection. Radio Upgrade. 802.11g is chip just now shipping. Cable and Power. Cisco Aironet 1100 and 1200 Series, can be powered over Ethernet with: Switch with inline power (Option 1) Inline power patch panel (Option 2)

nona
Télécharger la présentation

Ch. 5 – Access Points

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Ch. 5 – Access Points

  2. Overview

  3. Access Point Connection

  4. Radio Upgrade 802.11g is chip just now shipping

  5. Cable and Power • Cisco Aironet 1100 and 1200 Series, can be powered over Ethernet with: • Switch with inline power (Option 1) • Inline power patch panel (Option 2) • Optional inline power injector (Option3) • Universal power supply (Option 4)

  6. Cable and Power • WARNING Never connect both the DC power to the AP power port and inline power simultaneously

  7. AP Installation

  8. LED indicators • The LED lights on an access point convey status information. • When the access point is powering on, all three LEDs normally blink. • After bootup, the colors of the LEDs represent the following: • Green LEDs indicate normal activity. • Amber LEDs indicate errors or warnings. • Red LEDs mean the unit is not operating correctly or is being upgraded. 1100 AP 1200 AP

  9. Reset the AP (Power On) • When beginning a lab, to make sure the AP has the default settings, you will reset the AP. • Follow these steps to reset the access point to factory default settings using the access point MODE button: • Step 1 Disconnect power (the power jack for external power or the Ethernet cable for in-line power) from the access point. • Step 2 Press and hold the MODE button while power to the access point is reconnected. • Step 3 Hold the MODE button until the Status LED turns amber (approximately 1 to 2 seconds), and release the button. All access point settings return to factory defaults. 1100 AP 1200 AP

  10. Connecting to the AP (Configuration) Wired Wireless: Requires Association

  11. Connecting to the AP (Console) Serial Console Rollover Cable IOS CLI

  12. Connecting to the AP (Telnet) • AP Defaults • IP Address = 10.0.0.1/24 • Username and Password = Cisco (“C” not “c”) • This password is the privilege password, not the WEP password. Cisco Requires a network connection either Ethernet or Wireless

  13. Connecting to the AP (Browser) Preferred Method! Wired Wireless: Requires Association

  14. Connecting to the AP (Wireless) • Wireless adapter: • If configuring using the wireless adapter, you must first associate with the AP. • Make sure the settings on the ACU match the AP. • Cisco 1100 and 1200 Aps have the following defaults: • IP Address = 10.0.0.1/24 • SSID = tsunami • Password = Cisco (“C” not “c”) SSID = tsunami SSID = tsunami

  15. Connecting to the AP (Wired) • Wired Ethernet: • No association necessary • Make sure the IP Address on the Ethernet interface is on the same subnet as the AP. • AP Defaults • IP Address = 10.0.0.1/24 • Password = Cisco (“C” not “c”) SSID = tsunami SSID = tsunami Preferred Method!

  16. Connecting to the AP (Wired) • Wired Ethernet: • We will use the browser via wired method to initially configure APs during labs so we do not configure the wrong AP via wireless. • IOS CLI – Optional, but you can do those labs if you wish. We will cover some of the basic commands. SSID = tsunami SSID = tsunami Preferred Method!

  17. Basic Configuration The labs will really help you understand this. Lab 5.4.4: Configuring Radio Interfaces Through the GUI Skip step # 4 Refer to the next few slides to complete the lab

  18. The AP’s IP address • Same IP address whether you are connecting via the wired or wireless interface. (For configuring the AP.)

  19. ACU - Verifying Right click

  20. Network Interfaces – Radio-802.11B (Settings)

  21. Network Interfaces – Radio-802.11B (Settings)

  22. Network Interfaces – Radio-802.11B (Settings)

  23. Network Interfaces – Radio-802.11B (Settings) PLCP frame!

  24. Network Interfaces – Radio-802.11B (Settings)

  25. Network Interfaces – Radio-802.11B (Settings)

  26. Network Interfaces – Radio-802.11B (Settings)

  27. Network Interfaces – Radio-802.11B (Settings)

  28. Using the CLI

  29. Lab 5.4.5 Page 118 • Configuring Radio Interfaces through the IOS CLI • Stop at step # 10

  30. Wired equivalent privacy (WEP) AP • The IEEE 802.11 standard includes WEP to protect authorized users of a WLAN from casual eavesdropping. • The IEEE 802.11 WEP standard specified a 40-bit key, so that WEP could be exported and used worldwide. • Most vendors have extended WEP to 128 bits or more. • When using WEP, both the wireless client and the access point must have a matching WEP key. • WEP is based upon an existing and familiar encryption type, Rivest Cipher 4 (RC4). 128 bit WEP is sometimes referred to, and more accurately, as 104 bit WEP. Also, be sure that Transmit Key numbers match, I.e. Key 1 on both AP and ACU. ACU

  31. Authentication Process (Review) • On a wired network, authentication is implicitly provided by the physical cable from the PC to the switch. • Authentication is the process to ensure that stations attempting to associate with the network (AP) are allowed to do so. • 802.11 specifies two types of authentication: • Open-system • Shared-key (makes use of WEP)

  32. Open Authentication • Typical Open Authentication on both AP and Client with No WEP keys

  33. Open Authentication and WEP • Remember there are three steps to Association: • Probe • Authentication • Association • A client can associate with an AP, but use WEP to send the encrypted data packets. • Authentication and data encryption are two different things. • Authentication – Is the client allowed to associate with this AP? • Encryption – Encrypts the data (payload) and ICV (Integrity Check Value) fields of the 802.11 MAC, not the other fields. • So a client could Associate with the AP, using Open Authentication (basically no authentication), but use WEP to encrypt the data frames sent after its associated.

  34. Open Authentication and WEP • In some configurations, a client can associate to the access point with an incorrect WEP key or even no WEP key. • The AP must be configured to allow this (coming). • A client with the wrong WEP key will be unable to send or receive data, since the packet payload will be encrypted. • Keep in mind that the header is not encrypted by WEP. • Only the payload or data is encrypted. Associated but data cannot be sent or received, since it cannot be unencrypted.

  35. Open Authentication - Optional WEP Encryption (AP) • 802.11 allows client to associate with AP. • Cisco AP must have WEP Encryption set to Optional • Association successful with any of these options on the client: • Matching WEP key • Non-matching WEP key • No WEP key

  36. Encryption Modes • Indicates whether clients should use data encryption when communicating with the device. The three options are: • None - The device communicates only with client devices that are not using WEP. • WEP Encryption - Choose Optional or Mandatory. • If optional, client devices can communicate with this access point or bridge with or without WEP. • If mandatory, client devices must use WEP when communicating with the access point. Devices not using WEP are not allowed to communicate. WEP (Wired Equivalent Privacy) is an 802.11 standard encryption algorithm originally designed to provide with a level of privacy experienced on a wired LAN. The standard defines WEP base keys of size 40 bits or 104 bits.

  37. In Summary • Client • Use Open Authentication on the client (does not use WEP, challenge transaction, during authentication). • Use WEP for Data Encryption. • AP • Use Open Authentication • Use Mandatory WEP Encryption, Devices not using WEP are not allowed to communicate.

  38. Lab 8.3.3.1: Page 225 Configuring WEP on AP and client

  39. MAC Authentication/MAC Filters • Allows you to accept/deny specific MAC or IP addresses.

  40. Lab 8.3.2: Page 218 Configuring Filters on AP

  41. Services We will not configure all of these options or use all of the features.

  42. Services • The Services Summary page shows whether all of the main services are currently enabled or disabled.

  43. Telnet/SSH

  44. Lab 8.3.1.1 Page 198 Configuring Basic AP Security Via GUI

  45. Event Log

  46. Lab 11.5.6.1: page 335 Configuring Syslog on AP

  47. HTTP • This feature enables Web-based GUI management by providing support for HTML Web pages and Common Gateway Interface (CGI) scripts using common Web browsers. • The Services>Web Server page is used to enable browsing to the web-based management system, specify the location of the Help files, and enter settings for a custom-tailored web system for management. • With the Allow Web-based Configuration Management enabled, access to the GUI management system is permitted. • If HTTP is disabled, the management system is accessible only through Telnet or the console

  48. Configure an AP as a repeater Lab 5.4.8: Configure an AP as a repeater through the GUI – Page 127 Lab 8.3.3.2: Configure an AP as a repeater using WEP through the GUI – page 230

  49. Ch. 5 – Access Points

More Related