13.3.12 Packet Tracer - Configure a WPA2 Enterprise WLAN on the WLC

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hi friends welcome to world in this video we are going to discuss CCNA version 7 packet tracer activity configure a wpa2 enterprise WLAN on that WLC before coming to this activity first if you like to get any CCNA project support or a CCNA version 7 online classes you can contact our team using our website link you will get from the description below and also if you like to get this type of technical videos in future considered subscribing node so don't forget to enable that Bell icon near to the subscribe button so that you will get notification message whenever we upload a new video now coming back to our activity here we can see our addressing table just will go through the objectives in this activity we will configure a new wireless LAN on a wireless LAN controller that is WLC including the VLAN interface that it will use we will configure the wireless LAN to use a radius server and wpa2 Enterprise to authenticate users you will also configure the WLC to use an SNMP server here we can see those objectives configure a new wheel and interface on a WL see that is Wireless a LAN controller then configure a new wireless LAN on a WLC configure a new scope on the WLC internal DHCP server then configure the WL CB the SNMP settings then configure the WLC to user to use a radius server to authenticate W LAN users secure a wireless LAN with the wpa2 enterprise then connect house to the new WL see here we can see the scenario we have already configured and tested WLC with an existing WLAN we configure wpa2 PSK for that W LAN because it was to be used in a small or dizziness we have been asked to configure and test a WL c topology that will be used in l at your enterprise you know that wpa2 PSK does not scale well and is not appropriate to use in an enterprise network this new topology will use a radius server and the wpa2 enterprise to authenticate wireless LAN users this allows administration of the user accounts from a central location and provides enhanced security and transparency because each account has its own username and password in addition user activities are logged on the server in this lab we will create a new VLAN interface use that interface to create a new wireless LAN and is secure that Wireless salon with wpa2 enterprise we will also configure the WLC to use the enterprise or radius server to authenticate users in addition you will configure the WLC to use a SNMP server you will go to the instructions in part 1 create a new W land step 1 create a new of VLAN interface so each W a LAN requires a virtual interface on the welc these interfaces are unknown as a dynamic interfaces the virtual interface is assigned a VLAN ID and the traffic that uses the interface will be tagged as a VLAN traffic this is why connections between the APS the welc and the rotor are over trunk ports for the traffic from multiple VLANs to be transported through the network traffic for the WLAN B lens must be trunk open the browser from the desktop of admin pc connect to the IP address of the WLC over HTTPS then login with the username admin and password Cisco one two or three so here we will get the IP address of this a double you will see you will go to a dressing table and here we can see its IP address management and its IP address just I will copy that now we will go this admin PC click on this admin PC and we can choose a browser and paste that IP address here and the area to change this protocol to HTTPS then go we can log in with the credentials are given in this instruction so click on login and here the username is admin and the password is Cisco one two three then click on login then click the controller menu and then click interfaces from the menu on the left you will see the default virtual interface and the management interface to which you are connected coming to this at WLC here we can see now we are in this menu monitor and here we can see controller you can click on this controller and here we can see interfaces so here we can see interface name management and virtual so here we used this management and here we can see the details with an identifier IP address and then interface type and other information click the new button in the upper right hand corner of the page you may need to scroll the page to the right to see it ok coming to our WLC just to scroll to the right side and here we can see this button new click on this button new here we can see interface name and VLAN ID we can see enter the name of the new interface we will call it WLAN - 5 so here we are going to give this a interface and name as W LAN - 5 then we can see configure the VLAN ID as 5 so here we will let configure this VLAN ID as 5 this is the villain that will carry traffic for the WLAN that we create later click apply this leads to a configuration screen for the an interface so here we can see the apply button we have to click on this apply and here we can see that the configuration window for the severan interface right now first configure the interface to use physical port number one multiple beam interfaces can use the same physical port because the physical interfaces are like a dedicated chunk ports so a truss the interface as follows here we had to set this IP address 192.168.1.1 also we have to say this primary dhcp server your first of all we will configure the interface to use physical port number one we can scroll down and here we can see a physical information port number we will change to 1 then we will let's set the IP address here we can see the IP address one ninety two dot one sixty eight dot v dot 254 then netmask 255 dot 255 dot 255 dot zero and here we can set the gateway one ninety two dot one sixty eight dot v dot one and here we can see dhcp information and so we can set this primary dhcp server one ninety two dot one sixty eight dot v dot one sure we can see the information we given now user traffic for the WLAN that uses this via an interface will be on the 192.168.0 slash twenty four a network the default gateway is the address of an interface on router r1 then a DCP pool has been configured on the rotor the address that we configure here for dhcp tells the welc to forward all a DHCP requests that it receives from hosts on the W land to the DHCP server on the router yes that's why we given these information here next be sure to click apply to enact your changes and click OK to respond to the whining message click Save configuration so that your configuration will be in effect when the welc restarts ok coming here we'll scroll up and here we can see a plane click on this airplane so changing the interface parameters causes the W lands to be temporarily disabled and this may result in loss of connectivity for some clients ok we'll press ok now we will let us save our configuration here we can see that option save configuration click on this so just press ok no coming to step to configure the welc to use a radius server wpa2 enterprises I use an external radius server to authenticate WLAN users individual user accounts with a unique usernames and passwords can be configured on the radius server before the WLC can use the services of the radius server the W else must be configured with the server address now coming to step to configure the WLC to use a radius server wpa2 enterprise uses an external radius server to authenticate WLAN users individual user accounts with the unique usernames and passwords can be configured on the radius server before the WLC can use the services of the radius server the WLC must be configured with the server address for that click the security menu on the WLC then click the new button and enter the IP address of the radius server in the server IP address field okay that's fine here we can see security tab click on the security and we have to click the new button here we can see that new button until we have to enter the IP address of the radius server in the server IP address field here we can see server IP address so we will get the IP address of our radius server here we can see radius server you will a copy this IP address and we will paste here the radius server will authenticate the welc before it will allow the welc to access the user account information that is on the server now these are acquires a shared secret value use Cisco one two three then confirm the shared a secret and click apply so here we can see that a shared secret we will give a Cisco one two three one two three also we have to confirm that share secret then you click apply and also the given a note here it is not a good practice to reuse passwords yeah that's correct because this password already be used cisco 1 2 3 but here we can see this activity reuses passwords only to make the activity easier for you to complete and review yeah that's fine so we'll go and apply and you just to make sure that you are not going to reuse these passwords coming to a step 3 create a new WLAN create a new WLAN use the newly created VLAN interface for the new WLAN for that click the W lense entry in the menu bar locate the drop-down box in the upper right right-hand corner of the W LANs screen it will say create new click go to create a new WLAN ok here we can see that W lands click on this W lens and here we can see this create new drop-down just to click on this go so we can see type profile name SSID and ID so here enter the profile name of the new WLAN use the profile name a floor to employees I seen an SSID of SSID - v to the WLAN change the ID drop down to 5 house we'll need to use this SSID to join the network when you are done click apply to accept your settings we will do that here are in this a profile name we will give this floor to employees then SSID we will give yes s ID - 5 then we have to change the ID drop down to 5 then we will wanna play they given a note here the ID is an arbitrary value that is used as a label for the WLAN in this case we can figure it as five to be consistent with the VLAN for the WN it could be any available value now click apply so that the settings go into effect okay here we can see that a plane we will click on it now that the WLAN has been created you can configure features of the network click enabled to make the WN functionally it is a common mistake to accidentally skip this step yes here we can see that button we have to click on this enabled now choose the VLAN interface that will be used to for the new WLAN the WLC will use this interface for user traffic on the network click the drop-down box of 4 interface / interface group G select the interface that we created in step 1 so here we can see that now interface / interface group G so here we can see we created WLAN - v then go to the Advanced tab scroll to flex connect section of the interface so here we can see advanced option and we will go to this F flex connect see flex flex connect click to enable a flex connect a local switching and the Flex connector local earth sure we can see that the Flex connector local switching here to enable it then flex connect local earth we have to enable it that's fine then click apply to enable the new WLAN if you forget to do this the WLAN will not operate so we have to click on apply now we will go to step 4 configure a WLAN a security instead of wpa2 PSK we will configure the new WLAN to use a wpa2 enterprise then click the WLAN ID of the newly created WLAN to continue configuring it is necessary then a click the Security tab then under the layer 2 tab select WPA + wpa2 from the drop down box so already we are in these are W lands so we can see that otherwise you can as see this winter have you have to click on this WLAN ID 5 so that again we can go through this winter and here we have to go to this security tab here you can see that then under this layer 2 here we can see layer 2 security here we have to choose this WP A+ wpa2 ok then under WPA + wpa2 parameters enable wpa2 policy so here we can see WPA + wpa2 parameters we have to enable this wpa2 policy ok then click Add 2.1 X under authentication key management sure we can see that authentication key management we will click on this side now 2.1 X click on this enabled then this tells WLC to use they'd know 2.1 x protocol to authenticate uses externally next is click the Triple A servers tap open the drop-down next to server one in the authentication servers column and select the server that we configured in step 2 ok we can do that here we can see it replace server's tab click on these are Triple S servers and we can see under this authentication servers server 1 and we will click on this drop down and here we can see that Triple S server we configured 1 7 2.30 1.1.2 54 we have to choose this ok click apply to enact this configuration you have now configured the WLC to use the radius server to authenticate users that attempt to connect to the WLAN we will do that sure we can see a play then click ok now coming to but to configure a DHCP scope and SNMP step one configure a dhcp scope the WLC offers its own internal DHCP server cisco recommends that the WLAN dhcp server not be used to for high-volume DCP services such as that are acquired by a larger user w lines however in smaller networks the DCP server can be used to provide IP addresses to labs that are connected to the wired management network in this step we will configure a DHCP scope on the WLC and they use it to address lab - man should be connected to the w LC GUI from admin pc yeah it's here click the controller menu and then click interfaces what interfaces are present we will go to this controller menu and then we have to click on these interfaces and here we can see interface and names WLAN - feiyu management and the virtual click the management interface record its addressing information here like IP address netmask gateway and a primary dhcp server so we will click on this some management and we can see this information here we can see its Pietrus over ninety two dot one sixty eight dot two hundred dot 254 then we can see netmask also we can see its gateway and two primary dhcp server you can see its 0.0.0.0 we want the WLC to use its own dhcp server to provide addressing to devices on the wireless management network such as a lightweight ApS for this reason enter the IP address of the WLC management interface as the primary dhcp server address then click apply click OK to acknowledge any wiring messages that appear so just will copy this IP address and will paste here as a primary DHCP server now we will apply this configuration and just click OK again click OK in the left hand menu expand the internal DHCP server section then click a DHCP scope so here we can see this internal DHCP server click on it and we can see DHCP scope to create a DHCP scope click the new button so here we can see that new button click on it and we have to give the scope name and name the scope wired management just I will copy this sir scope name and paste here we will configure this DHCP scope to provide addresses to the wired infrastructure network that connects that mean PC WLC - 1 and lab - 1 click apply to create the new DHCP scope so here we are - click on apply click the new scope in the DHCP scopes table to configure addressing information for the scope enter the following information poor standard truss pull in tetras then we had to give status enabled so here we can see the newly created scope name Hawaii the management we will click on it and we will set this poor start atras pull start address then pull and actress then status enabled so we can see status enabled then provide the values for a network net mask and default rotors from the information you gathered in ash step one see so here in step of one C we gather this information IP address and netmask gateway and the primary DHCP server right so we can update this first is a network so network is 192.168.1.0 we can edit that here 200.000 fold or others so we can give Gateway and here we can see DNS servers cure the given primary DHCP server yeah that's fine then click apply to activate the configuration click Save a configuration in the upper right hand corner of the WLC interface to save your work so that it is available when the w LC or a starts sure we will apply and we will s save a configuration click OK successfully saved our configuration now coming to step to configure SNMP click the management menu in the WL CG way and to expand the entry for SNMP in the left hand menu click trap receivers and then new coming to order WL see here we can see management and the here we have to click on this SNMP in the left hand menu the necklace receivers and then new sure we can see that trap receivers click on this and we have to click on this new we have to update this community name then IP address then status so here we can see enter the community string us WLAN underscore SNMP just able copy and paste here that's fine then IP address of the server at 170 2.30 1.1.2 54 we will give that IP address here then click apply to finish the configuration so we'll click on a plane next you will go to Part III connect host to the network step 1 configure a host to connect it to the enterprise network in the packet tracer PC wireless client up you must configure a WLAN profile in order to attach to a wpa2 enterprise WLAN we have to click wireless host and open the PC wireless app so just will minimize this admin PC and here we can see a wireless host sure we can see this a PC Wireless we have to click on this PC Wireless then click the profiles tab and then click new to create a new profile name the profile WLC net so here we can see profiles will go to these profiles and to here we can see new click on this new and we have to give the name WLC space net then click ok then highlight the wireless network name for the WLAN that we created earlier and to click advanced setup so here we can see that wireless network SSID - 5 then here we can see advance to set up verify that the Society for the wireless LAN is present and then click Next yes so here we can see that wireless name and drug name is society 5 so wireless host should see SSID - 5 yes if it does not move the mouse over lap - 1 - a debate that it is communicating with the welc the pop-up box should indicate that a lab - one is aware of a society - 5 if it is not check the WLC configuration you can also manually enter the SSID sure we have that name SSID - 5 so we will click on next now we can see obtain network settings automatically DHCP verify that the DHCP network setting is selected and click Next here we can see network settings and lights in obtain network settings automatically then click Next wireless security in the security drop-down box select wpa2 - enterprise then click Next so here we can see wpa2 enterprise then we will click on next now enter login name user 1 and the password user one pass and click Next so here we can see a login name so we will give that as a user 1 then here we have the password its user 1 P a SS then we have to click Next then verify the profile settings and click Save and here we can see the details be given now we will click on the Save button next is select the welc Annette profile and click the connect to network button so here we can see connect to network even we can see return to profile screen let me try with this pretend to profile screen and here we can see now this WLC net we will click on this profile and we will give connect after a brief delay you should see the wireless host connect to lab - 1 you can click the fast-forward time button to speed up the process if it seems to be taking too long here we can see our wireless host connected to the cell lab - one perfect confirm that wireless host has connected to the WLAN wireless host should receive an IP address from the DHCP server that is configured for a host on our one that rest will be in the 192.168.0.0 slash 24 a network you may need to click the fast-forward time button speed up the process ok we will go to this so wireless host you can speed up this and go to wireless host we will close this window we can go to IP configuration and here we can see IP address is from this subnet Phi dot 0 and here we can see the IP address 192.168.0 son it to mask then here we can see it's a default gateway it's perfect coming to step to test connectivity close the PC Wireless up then open a command prompt and confirm that wireless host laptop has obtained an IP address from the WLAN network so what network should that truss be in explained yeah already we have seen that this PC wireless house 2 got the IP address from the subnet 192.168 out 5 dot 0 being the default gateway SW 1 and the radius server success indicates the full connectivity within this topology we will go to our addressing table so that we can take the IP address of these devices we'll go to wireless host choose command prompt and we can ping - it's a default gateway presenter and here we can see we get the replies then we will lapping 2sw - one maybe we get to one or two request timed out then we will get the reply yeah it's working once more we can verify it just press up arrow from keyboard and again press ENTER and we can see it's succeeded then we will a ping to this radius server you'll copy this IP address then coming to Wireless host ping - radius server here is the IP address and we get the replies right so firms in this video we discussed your packet race or activity configure a wpa2 enterprise WLAN on the WL see here we can see our completion status it's a hundred percent now dear friends if you have any doubt any suggestions regarding this activity please comment below or you can contact our team using our website and if you liked your video give it thumb and share with all your friends stay tuned we will meet again with the next video thank you
Info
Channel: Tech Acad
Views: 52,891
Rating: undefined out of 5
Keywords: CISCO, CISCO Certification, CCNA, Packet Tracer, WLAN, WLC, CCNAv7, Routing and Switching
Id: 2kX8Q9qiXi0
Channel Id: undefined
Length: 35min 0sec (2100 seconds)
Published: Wed Jul 22 2020
Related Videos
13.4.5 Packet Tracer - Troubleshoot WLAN Issues
Tech Acad
40K
13.5.1 Packet Tracer - WLAN Configuration
Tech Acad
79K
13.2.7 Packet Tracer - Configure a Basic WLAN on the WLC
Tech Acad
55K
Configure Cisco 3504 Wireless LAN Controller (WLC) with VLANs
Christian Augusto Romero Goyzueta
36K
13.2.7 Packet Tracer - Use Ping and Traceroute to Test Network Connectivity
Tech Acad
82K
DHCP DNS and Web Server configuration in cisco packet tracer | dhcp server configuration | dhcp lab
Network for you
78K
7.4.1 Packet Tracer - Implement DHCPv4
Tech Acad
52K
Cisco Catalyst 9800 WLC WLAN Setup
Ping Labz
16K
1.6.1 Packet Tracer - Implement a Small Network
Tech Acad
107K
11.6.1 Packet Tracer - Switch Security Configuration
Tech Acad
79K
What is a SWITCH? // FREE CCNA // Day 1
NetworkChuck
1.3M
13.5.1 Packet Tracer - WLAN Configuration
Christian Augusto Romero Goyzueta
25K
15.6.1 Packet Tracer - Configure IPv4 and IPv6 Static and Default Routes
Tech Acad
83K
13.2.7 Packet Tracer - Configure a Basic WLAN on the WLC
Christian Augusto Romero Goyzueta
19K
14.3.5 Packet Tracer - Basic Router Configuration Review
Tech Acad
62K
3.3.12 Packet Tracer - VLAN Configuration
Tech Acad
89K
Master Cisco Wireless with Atul Sharma !!
Network Kings
11K
11.1.10 Packet Tracer - Implement Port Security
Tech Acad
54K
11.6.2 Lab - Switch Security Configuration
Tech Acad
34K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.