Scribd
Upload
153 views

Exercise No5

This document provides instructions to configure a WPA2 Enterprise wireless network using a Wireless LAN Controller (WLC) with an external RADIUS server for authentication. The steps include: 1. Creating a new WLAN on the WLC, configuring the RADIUS server and creating a user on the server. 2. Configuring the new WLAN for WPA2-Enterprise authentication using the RADIUS server and enabling FlexConnect. 3. Configuring a wireless client profile to connect to the WPA2-Enterprise WLAN and authenticate using the RADIUS user credentials. 4. Verifying connectivity from the wireless client to resources on the wired network.

Uploaded by

E D I T H
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
153 views

Exercise No5

This document provides instructions to configure a WPA2 Enterprise wireless network using a Wireless LAN Controller (WLC) with an external RADIUS server for authentication. The steps include: 1. Creating a new WLAN on the WLC, configuring the RADIUS server and creating a user on the server. 2. Configuring the new WLAN for WPA2-Enterprise authentication using the RADIUS server and enabling FlexConnect. 3. Configuring a wireless client profile to connect to the WPA2-Enterprise WLAN and authenticate using the RADIUS user credentials. 4. Verifying connectivity from the wireless client to resources on the wired network.

Uploaded by

E D I T H
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

EXERCISE NO.

5
Configure a WPA2 Enterprise WLAN on the WLC
-Create a new WLAN
-Configure a DHCP Scope and SNMP
-Connect Hosts to the Network

TOPOLOGY

Addressing Table

Subnet Default
Device Interface IP Address Description
Mask Gateway
R1 G0/0/1 192.168.1.1 255.255.255.0 Not Applicable Connected to S1 G0/1
WLC Management 192.168.1.2 255.255.255.0 192.168.1.1 WLC Management
LAP NIC DHCP Connected to S1 Fa0/1
Admin NIC DHCP Connected to S1 Fa0/2
AAA NIC 192.168.1.3 255.255.255.0 192.168.1.1 Connected to S1 Fa0/3
Laptop NIC DHCP Connected Wirelessly to LAP

Router R1 Configuration
Router>enable
Router#configure terminal
Router(config)#hostname R1
R1(config)#interface g0/0/1
R1(config-if)#ip address 192.168.1.1 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#ip dhcp excluded-address 192.168.1.1 192.168.1.9
R1(config)#ip dhcp pool DHCP_Pool
R1(dhcp-config)#network 192.168.1.0 255.255.255.0
R1(dhcp-config)#default-router 192.168.1.1
R1(dhcp-config)#end
R1#copy run start

Configure the WLC


Go to Admin PC -> Desktop -> Web Browser
Type 192.168.1.2 and click go (Need to wait nearly 1 minute to get the Page)

Create admin username: admin


Create admin password: Cisco123
Confirm admin password: Cisco123
Then click Start

Setup Your Controller as follows


System Name: WLC
Management IP Address: 192.168.1.2
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.1.1
(Note: Leave other options as default)
Then click Next

Create your Wireless Networks as follows


Network Name: CP08
Security: WPA2 Personal
Passphrase: Cisco123
Confirm Passphrase: Cisco123
(Note: Leave other options as default)
Then click Next

Advanced Settings as default then click Next

Please confirm settings and apply (There will be a reboot message, click Ok)
Close the Admin Window

Configure AAA Service

Go to AAA Server -> Services -> AAA


Service: On
In Network Configuration
Client Name: WLC
Client IP: 192.168.1.2
Secret: Cisco123
ServerType: Radius
Then Click on Add

User Setup
Username: admin
Password: admin
Then Click on Add
Configure the WLC to use a RADIUS server.

WPA2-Enterprise uses an external RADIUS server to authenticate WLAN users. Individual user accounts with
unique usernames and passwords can be configured on the RADIUS server. Before the WLC can use the services
of the RADIUS server, the WLC must be configured with the server address.
Click the Security menu on the WLC.
Click the New button and enter the IP address of the RADIUS server in the Server IP Address field.
The RADIUS server will authenticate the WLC before it will allow the WLC to access the user account information
that is on the server. This requires a shared secret value. Use Cisco123. Confirm the shared secret and click Apply.

Create and enable the WLAN. (Remove Existing WLANs)


Click WLANs in the WLC menu bar. Locate the dropdown box in the upper right had corner of the WLANs screen.
It will say Create New. Click Go to create a new WLAN.
Enter the Profile Name of the new WLAN. Use the profile name NTTF. Assign an SSID of CP08 to the WLAN. Hosts
will need to use this SSID to join the network.
Select the ID for the WLAN. This value is a label that will be used to identify the WLAN is other displays. Select a
value of 5 to keep it consistent with the VLAN number and SSID. This is not a requirement but it helps with
understanding the topology.
Click Apply so that the settings go into effect.
Now that the WLAN has been created, you can configure features of the network. Click Enabled to make the
WLAN functional. It is a common mistake to accidentally skip this step.
Click the Advanced tab.
Scroll down to the FlexConnect portion of the page. Click to enable FlexConnect Local Switching and FlexConnect
Local Auth.
Click Apply to enable the new WLAN. If you forget to do this, the WLAN will not operate.

Configure WLAN security.

Instead of WPA2-PSK, we will configure the new WLAN to use WPA2-Enterprise.


Click the WLAN ID of the newly created WLAN to continue configuring it, if necessary.
Click the Security tab. Under the Layer 2 tab, select WPA+WPA2 from the drop-down box.
Under WPA+WPA2 Parameters, enable WPA2 Policy. Click 802.1X under Authentication Key Management. This
tells the WLC to use the 802.1X protocol to authenticate users externally.
Click the AAA Servers tab. Open the drop-down next to Server 1 in the Authentication Servers column and select
the server that we configured.
Click Apply to enact this configuration. You have now configured the WLC to use the RADIUS sever to authenticate
users that attempt to connect to the WLAN.

Configure SNMP

Click the Management menu in the WLC GUI and expand the entry for SNMP in the left-hand menu.
Click Trap Receivers and then New…
Enter the community string as WLAN_SNMP and the IP address of the server at 192.168.1.3.
Click Apply to finish the configuration.
Configure a host to connect to the enterprise network.

In the Packet Tracer PC Wireless client app, you must configure a WLAN Profile in order to attach to a
WPA2-Enterprise WLAN.
Click Laptop and open the PC Wireless app.
Click the Profiles tab and then click Edit.
Highlight the Wireless Network Name for the WLAN that we created earlier and click Advanced Setup.
Verify that the SSID for the wireless LAN is present and then click Next. Wireless Host should see CP08.
Verify that the DHCP network setting is selected and click Next.
In the Security drop down box, select WPA2-Enterprise. Click Next.
Enter login admin and the password admin and click Next.
Verify the Profile Settings and click Save.
Then Click Connect to Network
Confirm that Wireless Host has connected to the WLAN. Wireless Host should receive an IP address from the
DHCP server

Test Connectivity.

Close the PC Wireless app.


Open a command prompt and confirm that Wireless Host laptop has obtained an IP address from the WLAN
network. From Wireless Host, ping the WLAN default gateway and the Server to verify that the laptop has full
connectivity.

Result: Configured and Verified a WPA2 Enterprise WLAN on the WLC.

You might also like