Wireless2Notes

================================
1. Physical to logical Topology

================================
------------------------------------------
1. Configure Trunking between the Switches
------------------------------------------
------
CAT1
------
default interface range Gig 1/0/21-22

!
Interface range gig 1/0/21-22
switchport mode trunk
------
CAT2
------
default interface range Gig 1/0/21-22

!
------------------------------------------
2. Create the VLANs on both the swithces
------------------------------------------
---------
CAT1
---------
vlan 10,11,12,13,20,30,101
exit
---------
CAT2
---------
vlan 10,11,12,13,20,30,101
exit
-----------------------------------------------
3. Assign Ports to VLANs - ONE VLAN AT A TIME
-----------------------------------------------
----------
VLAN 101
----------
-------
CAT1
-------

switchport mode access
switchport access vlan 101
!
ip routing
!
interface vlan 101
ip add 10.0.1.11 255.255.255.0
no shut
----------
VLAN 10
----------
-------
CAT1
-------
default interface range gig 1/0/11-12

!
Description Port channel towards the WLC
channel-group 21 mode on
no shut
!
Interface Port-channel 21
-------
CAT2
-------
default interface range gig 1/0/11-12

!
Description Port channel towards the WLC
channel-group 21 mode on
no shut
!
Interface Port-channel 21
----------
VLAN 11
----------
-------
CAT1
-------
default interface gig 1/0/1

!
interface gig 1/0/1
!
interface vlan 11
ip address 10.0.11.11 255.255.255.0
no shut
----------
VLAN 20
----------
-------
CAT1
-------
interface vlan 20
ip address 10.0.20.11 255.255.255.0
no shut
----------
VLAN 13
----------
-------
CAT1
-------
interface vlan 13
ip address 10.0.13.11 255.255.255.0
no shut
-------
CAT2
-------
ip routing
!
interface vlan 13
ip address 10.0.13.22 255.255.255.0
no shut
----------
VLAN 12
----------
-------
CAT2
-------

!
interface gig 1/0/3
!
interface vlan 12
ip address 10.0.12.22 255.255.255.0
ip helper-address 10.0.13.11
no shut
----------
VLAN 30
----------
-------
CAT2
-------
interface vlan 30
ip address 10.0.30.22 255.255.255.0
ip helper-address 10.0.13.11
no shut
!
no ip forward-protocol udp 137
=============================================================
2. Configure the DHCP Server for all VLANs that require it.
=============================================================
ip dhcp excluded-address 10.0.11.1 10.0.11.100

!
ip dhcp pool LAP1
network 10.0.11.0 /24
default-router 10.0.11.11
dns-server 10.0.1.12
option 43 hex f104.0A00.0A15
!
ip dhcp pool LAP2
network 10.0.12.0 /24
option 43 hex f104.0A00.0A15
!
ip dhcp pool EXECS
network 10.0.20.0 /24
!
ip dhcp pool EMPOYEES
network 10.0.30.0 /24
====================================
3. Configure PVSTP
====================================
-----------------------------------------------------------------------------------
-----
1. Configure CAT1 to be the Root Switch for Odd VLANs and CAT2 for the Even VLANs
-----------------------------------------------------------------------------------
-----
-------
CAT1
-------
spanning-tree vlan 11,13,101 priority 0

spanning-tree vlan 10,12,20,30 priority 4096
-------
CAT2
-------
spanning-tree vlan 11,13,101 priority 4096

spanning-tree vlan 10,12,20,30 priority 0
-----------------------------------------------------------------------------------
-----
1. Configure Port 22 as the forwarding port for vlans 10,12,20,30
-----------------------------------------------------------------------------------
-----
--------
CAT1
--------
Interface gig 1/0/21

spanning-tree vlan 10,12,20,30 cost 2000000
--------
CAT2
--------
Interface gig 1/0/21

spanning-tree vlan 10,12,20,30 cost 2000000
=======================================
4. Configure Multi-Instance STP (MSTP)
=======================================
-----------------------------------------------------------------
1. Configure the switches in MST Mode based on the Config given
-----------------------------------------------------------------
MST Name: CCIEW

REVISION: 1
INSTANCE 1 : 11,13,101
INSTANCE 2 : 10,12,20,30
------
CAT1
------
spanning-tree mode mst

spanning-tree mst configuration
name CCIEW
revision 1
instance 1 vlan 11,13,101
instance 2 vlan 10,12,20,30
------
CAT1
------
spanning-tree mode mst

spanning-tree mst configuration
name CCIEW
revision 1
instance 1 vlan 11,13,101
instance 2 vlan 10,12,20,30
-------------------------------------------------------------------------------
2. Configure CAT1 to be the Root Switch for Instance 1 and CAT2 for Instance 2.
-------------------------------------------------------------------------------
-------------
CAT1
-------------
spanning-tree mst 1 priority 0

-------------
CAT2
-------------

=======================================
5. HSRP
=======================================
------------------------------------------------------------
1. Configure the SVIs for VLAN 20 & 30 on both the Switches
------------------------------------------------------------
-----
CAT1
-----
Interface vlan 30
ip address 10.0.30.11 255.255.255.0
no shut
-----
CAT2
-----
Interface vlan 20
ip address 10.0.20.22 255.255.255.0
no shut
--------------------------------------------------------------------
2. Configure HSRP on VLANs 20 and 30 based on the given requirement
--------------------------------------------------------------------
-> Configure a HSRP Group for VLAN 20 based on the following:

- VIP : 10.0.20.254
- Preferred Active : CAT1
- Preemption : Enabled
- Dead Peer Detection within 1 sec
- Standby Group # : 20
-> Configure a HSRP Group for VLAN 30 based on the following:
- VIP : 10.0.30.254
- Preferred Active : CAT2
- Preemption : Enabled
- Dead Peer Detection within 1 sec
- Standby Group # : 30
-> Re-configure the DHCP Pool for the VLANs to point to the VIP as the Default
Router.
--------
CAT1
--------
Interface vlan 20
standby 20 ip 10.0.20.254
standby 20 priority 200
standby 20 preempt
standby 20 timers msec 300 msec 900
!
Interface vlan 30
standby 30 ip 10.0.30.254
-----
CAT2
-----
Interface vlan 20
standby 20 ip 10.0.20.254
!
Interface vlan 30
standby 30 ip 10.0.30.254
standby 30 priority 200
standby 30 preempt
=======================================
6. Initializing the WLC - CLI
=======================================
System Name: WLC1

Enter Administrative User Name (24 characters max): admin
Enter Administrative Password (3 to 24 characters): ********
Re-enter Administrative Password : ********
Service Interface IP Address Configuration [static][DHCP]:
Enable Link Aggregation (LAG) [yes][NO]: yes
Management Interface IP Address: 10.0.10.21

Management Interface Netmask: 255.255.255.0
Management Interface Default Router: 10.0.10.11
Management Interface VLAN Identifier (0 = untagged): 10
Management Interface DHCP Server IP Address: 10.0.10.11
Enable HA [yes][NO]: no
Virtual Gateway IP Address: 192.0.2.1
Mobility/RF Group Name: x
Network Name (SSID): MGMT
Configure DHCP Bridging Mode [yes][NO]: no
Allow Static IP Addresses [YES][no]: no
Configure a RADIUS Server now? [YES][no]: no

Warning! The default WLAN security policy requires a RADIUS server.
Please see documentation for more details.
Enter Country Code list (enter 'help' for a list of countries) [US]:
Enable 802.11b Network [YES][no]: yes

Enable 802.11a Network [YES][no]: yes
Enable 802.11g Network [YES][no]: yes
Enable Auto-RF [YES][no]: yes
Configure a NTP server now? [YES][no]: no

Configure the system time now? [YES][no]: yes
Enter the date in MM/DD/YY format: 03/10/20
Enter the time in HH:MM:SS format: 11:07:00
Would you like to configure IPv6 parameters[YES][no]: no
Configuration correct? If yes, system will save it and reset. [yes][NO]: yes
=============================================
7. Configuring the Channels for specific APs
=============================================
config ap name LAP-1 xxxx.xxxx.xxxx

config ap name LAP-3 xxxx.xxxx.xxxx
!
config 802.11b disable LAP-1
config 802.11a disable LAP-1
config 802.11b channel ap LAP-1 1
config 802.11a channel ap LAP-1 36
config 802.11b enable LAP-1
config 802.11a enable LAP-1
!
config 802.11b disable LAP-3
config 802.11a disable LAP-3
config 802.11b channel ap LAP-3 6
config 802.11a channel ap LAP-3 40
config 802.11b enable LAP-3
config 802.11a enable LAP-3
Enable the GUI in case it has been disabled
config network webmode enable
=============================================
8. Configure 2 WLANs - Execs and Employees
=============================================
-------------------------------------
1. Configure the VLAN Interfaces
-------------------------------------
Controller -> Interfaces -> Add New
Name: execs
VLAN: 20
IP Address/Mask: 10.0.20.99/24
Default Gateway: 10.0.20.254
DHCP Server: 10.0.10.11
Name: employees
VLAN: 30
IP Address/Mask: 10.0.30.99/24
Default Gateway: 10.0.30.254
DHCP Server: 10.0.10.11
-------------------------------------
2. Configure the WLANs
-------------------------------------
WLAN -> Create New
Name: EXECS Profile

SSID: EXECS
Enabled: Checked
Interface : execs
Security : L2 - Basic WEP - 40-bit - Cisco
Name: EMPLOYEES Profile

SSID: EMPLOYEES
Enabled: Checked
Interface : employees
Security : L2 - Basic WEP - 40-bit - Cisco
======================================================
9. Configure AP Groups to Limit WLANs to specific APs
======================================================
-------------------------------------
1. Create the AP Groups
-------------------------------------
WLANs -> Advanced -> AP Groups -> Add
Name: APG-EMPLOYEES
AP: LAP-3
WLAN: EMPLOYEES
Interface: employees
Name: APG-EXECS
AP: LAP-1
WLAN: EXECS
Interface: execs
======================================================
10. Configure the AP in Flex Connect Mode
======================================================
----------------------------------------------------------------
1. Configure the Switchport connected towards the AP as a Trunk
----------------------------------------------------------------
------
CAT2
------

!
interface gig 1/0/3
switchport trunk native vlan 12
----------------------------------------------------------------
2. Configure the WLAN as a Flex Connect WLAN
----------------------------------------------------------------
WLAN -> Create New
Name: BRANCH1 Profile

SSID: BRANCH1
Enabled: check
Interface: employees
Security: L2- Basic WEP : 40bit Key: Cisco
Advanced Tab:
FlexConnect Local Switching
----------------------------------------------------------------
3. Configure the AP in FlexConnect Mode
----------------------------------------------------------------
Monitor -> Summary -> All APs -> Details -> LAP-3
AP Mode: FlexConnect
Apply
FlexConnet Tab
Check the VLAN Support = Check

Native VLAN = 12
Apply
----------------------------------------------------------------
4. Configure the AP Group to Advertise the FlexConnect SSID
----------------------------------------------------------------
WLANs -> Advanced -> AP Groups -> APG-EMPLOYEES -> WLAN Tab
Add:
BRANCH1 - employees
================================================================
11. Integrating ISE and WLC
================================================================
-----------------------------------------------
1. Configure the relationship between ISE & WLC
-----------------------------------------------
------
WLC
------
Security -> AAA -> RADIUS -> Authentication -> Add
IP Address: 10.0.1.5
Secrey Key: cisco123
Authentication: 1812
Timeout: 5
Security -> AAA -> RADIUS -> Accounting -> Add
Secrey Key: cisco123
Accounting: 1813
Timeout: 5
------
ISE
------
Administration -> Network Resources -> Network Device Groups -> Add
HQ-WLCs
Administration -> Network Resources -> Network Devices -> Add
Name: WLC1
Network Device Group: HQ-WLCs
Protocol: RADIUS
Secret key: cisco123
-----------------------------------------------
2. Create Groups and Assign Users to them
-----------------------------------------------
------
ISE
------
Administration -> Identity Management -> Groups -> User Identity Groups -> Add
Name: EXECS
Name: EMPLOYEES
Administration -> Identity Management -> Identities -> Add
Name: Exec1
Password: Cisco123*
Group: EXECS
Name: Employees1
Password: Cisco123*
Group: EMPLOYEES
----------------------------------------------------------------------
3. Create an Authorization Profile to specify the VLAN to be assigned
----------------------------------------------------------------------
Policy -> Policy Elements -> Results -> Authorization -> Authorization Profiles ->
Add
Name: PROF-20
VLAN: 20
Name: PROF-30
VLAN: 30
----------------------------------------------------------------------
4. Configure an Authorization Policy to link the Group to the Profile
----------------------------------------------------------------------
Policy -> Authorization -> Insert
Name: EXECS-POLICY
Group: EXECS
Profile: PROF-20
Name: EMPLOYEE-POLICY
Group: EMPLOYEES
Profile: PROF-30
----------------------------------------------------------------------
5. Configure the SSID on the WLC
----------------------------------------------------------------------
WLANs -> Create new
Name: ABC Profile

SSID: ABC
Enabled: Checked
Interface: management
Security:L2 - Default [WPA+WPA2]
AAA Servers:
RADIUS Server Overwrite Interface : Checked

Authentication & Accounting Server: 10.0.1.5
Advanced Tab:
Allow AAA Override : Checked
===================================================================================

Wireless2Notes

Uploaded by

Copyright:

Available Formats

Wireless2Notes

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Wireless2Notes

Uploaded by

Copyright:

Available Formats

================================

1. Physical to logical Topology

default interface range Gig 1/0/21-22

default interface range Gig 1/0/21-22

Interface range gig 1/0/7-8

default interface range gig 1/0/11-12

default interface range gig 1/0/11-12

default interface gig 1/0/1

default interface gig 1/0/3

ip dhcp excluded-address 10.0.11.1 10.0.11.100

spanning-tree vlan 11,13,101 priority 0

spanning-tree vlan 11,13,101 priority 4096

Interface gig 1/0/21

Interface gig 1/0/21

MST Name: CCIEW

spanning-tree mode mst

spanning-tree mode mst

spanning-tree mst 1 priority 0

spanning-tree mst 1 priority 4096

-> Configure a HSRP Group for VLAN 20 based on the following:

System Name: WLC1

Service Interface IP Address Configuration [static][DHCP]:

Enable Link Aggregation (LAG) [yes][NO]: yes

Management Interface IP Address: 10.0.10.21

Mobility/RF Group Name: x

Network Name (SSID): MGMT

Configure DHCP Bridging Mode [yes][NO]: no

Allow Static IP Addresses [YES][no]: no

Configure a RADIUS Server now? [YES][no]: no

Enable 802.11b Network [YES][no]: yes

Configure a NTP server now? [YES][no]: no

Would you like to configure IPv6 parameters[YES][no]: no

config ap name LAP-1 xxxx.xxxx.xxxx

Enable the GUI in case it has been disabled

config network webmode enable

Controller -> Interfaces -> Add New

WLAN -> Create New

Name: EXECS Profile

Name: EMPLOYEES Profile

WLANs -> Advanced -> AP Groups -> Add

default interface gig 1/0/3

WLAN -> Create New

Name: BRANCH1 Profile

Check the VLAN Support = Check

Security -> AAA -> RADIUS -> Authentication -> Add

Security -> AAA -> RADIUS -> Accounting -> Add

Administration -> Network Resources -> Network Devices -> Add

Administration -> Identity Management -> Identities -> Add

Policy -> Authorization -> Insert

WLANs -> Create new

Name: ABC Profile

RADIUS Server Overwrite Interface : Checked

Allow AAA Override : Checked

You might also like

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.