Wireless for Network Engineers - Part 3

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello and welcome to asgentech forum this is wireless for network engineer part three and in this video we are going to continue with client configuration in part one and two we stored up the ewlc part two we let ap join the ewlc using cap tunnel and finally we will let client join the network and we will look into data path and control path of the network right again it didn't happen without any issues so we will talk about issues encountered and work around and that is going to be very interesting because we are using external dhcp and we do not have a switch in our network the ap is directly connected to ewlc and that's where some simple networking concept like native vlan and i'm giving you the secrets away here but you will come to know that how the small networking concept can be a show stopper or can can really trick you right so let's go ahead with our demo and connect the client okay let's go log into our ui as you can see we have ap join the controller so we have one access point zero client let's verify the wlan i'm advertising my wlan profile and ssid is available as sdn tech the sap pool user data pool is created i'm going to delete dhcp pool because we do not need any dhcp pool on ewlc we are going to have a external dhcp server in our network right so let's go ahead and delete this we'll create that subnet in external dhcp server okay so no dhcp at all in ewlc let's go ahead and check wlan so as you can see status is enabled i'm broadcasting this ssid and security wise i have only layer 2 security that means client can join the network using psk okay appreciate keys i'm just going to give you a if you have not watched part 2 and part 3 you can quickly see what we have done so far so we have our tags and policies created and they are attached to this ap as a matter as a result of that we are advertising ssid and as you can see in policy profile we are using user data vlan that mean uh this ssid when a client join he is going to get ip address from this vlan okay that's why we do that association so you can have multiple uh vlan types right so for iot you want one subnet for regular you want one subnet and so on so that's what we did there now let's go to dhcp server and create a subnet for our user data vlan [Music] obviously sudo since this is you're working with server you need to always have pseudo privileges so what i'm trying to do i'm trying to edit or show you what subnet we have created so we have created a new subnet 10 10 0 0 24 and i have created the option router as 10.01 um so we have subnet created mind it we do not need any vendor encapsulated because we are not passing any dhcp options okay on ewlc we have vlan 10 already created and vlan 100 already created right that's what we did earlier in earlier videos because that was part of planning now gigabit ethernet 2 which is an uplink for ap that mean which is connected to uplink it has initially access vlan 10 that mean only vlan 10 was allowed but now we want client to join come come and join this network right so on the uplink we need to allow the data or user data vlan as well so how i can do that i need to convert this access switch port to a transport so that i can apply multiple or i can allow multiple vlans so that's what i'm doing i defaulted that interface and then now i'm converting it to trunk and allow two vlans vlan 100 comma vlan 10 comma 100 so we 100 10 and 100 both will be allowed on this track and we can verify right so if you do a show interface trunk you'll see yeah this is my configuration so wireless client summary no client has joined okay uh so in background what i'm trying to do i'm trying to connect uh uh trying to connect my iphone to this ssid and that's how i know the mac address and i was trying to run a debug okay but let's look at the ap what happened in the ap right dtl is tear down and it went back into uh cap web discovery so what happened we just changed the port from axis uh to trunk and allowed another vlan so vlan 10 is allowed we allowed v900 also but that actually impacted my setup and my ap has disjoined the controller so what would happen we we need to allow more vlan vlans because we cannot keep all our network or all our clients and aps within one subnet that's not really scalable or flexible solution right so that made me want to write what i'm doing wrong here and as you can see my ap went down so we are into a issue and again once we are in ap related issue you will go to monitoring wireless ap stats general and join stats not much helpful just say not joined why all right it doesn't give me any indication at least in previously it was searching missing but now it doesn't say even that so what's going on here my interfaces are up and uh now i started looking into hypervisor right what is uh wrong so within hypervisor vmware esxi for port group you generally use two settings either you leave it to default vlan id 0 that mean it don't care what a tag you are bringing right so more like access behavior so by default it was set to 0 that mean it was access you can say generally right not technically but generally generally so what i'm going to do what i just know applied a workaround that i change the client profile um from ap vlan uh from user data vlan to a pv lan okay and see if that can help and we are watching dhcp also that is client if client can reach dhcp so nothing is happening right then and you can see this is my this configuration from part two so we have the third chain configure i'm just verifying everything right um i have vlan 10 i have vlan 100 um gigabit is on it two again i roll it back to access vlan 10 right so v in trunk when i converted it for trunk it break my lab so i converted it back to access and i change the wlan vlan association to ap so now my client my ap everything will be in the same subnet and let's see if that works with mode access okay so it's a it's a one trial okay so i'm pretty sure when i change the mode to access controller ap will join okay now let's see if client can join with the change vlan association and if it is getting uh uh confusing please leave me a feedback in the comment okay so now ap has joined now i'm trying to join my iphone and let's see what happened excuse me so expectation is since client is also a part of vlan 10 it should join in the network and get ip address from vlan 10 here here you go you can see the client one client game became active and it has got an ip address from vlans a pv line subnet which is 172.16 so this is working as expected but this is not ideal right but let's look at the client in little bit in more detail so which ap it is connected to what is the client performance that means what is snr what is the signal quality and all those details what capabilities so ac 802.11 ac got negotiated and mac address ads you can see it start with 2a and says locally administrative address that mean it is not a fixed mac address generally you can see it's a private mac address kind of scenario and keep changing apple generally uses a this behavior a lot of other details about the qr the client you can find here but the baseline is my network is working uh my client can join the ssid but with only one caveat is they all are in the same vlan my dhcp server in the same vlan my ap is in the same wheel and my client is in the same vlan so either i have to use a very big subnet and keep everything in that same vlan but that's not uh cool right you why we need vlan with we when it's segmentation right we want to leverage the segmentation and so that we can isolate secure or macro segmentation micro segmentation all those things right so that's what's not cool uh so we uh i it made me think right what i'm doing wrong here uh because as soon as i convert the uplink to trunk the ap association is is broken um so it made me think and i started wondering like i started wondering and tried a couple of combinations and what i realized that is i i need to check the hypervisor and make sure the hypervisor side is also trunk and make certain changes within my network right so what we are going to do next so far good right we have access point we have client join the network i'm trying to see if i can get some more details uh anywhere uh maybe a packet capture or troubleshooting logs because you can see dhcp uh is handy uh handing out the ip address without any problem right and we have the client joined and it's in run state so that's active state no problem you can check client somebody ap summary everything you can check from cli and the same information you can get from ui as well so this is the end of task with workaround right but we cannot stop here right now if you see on my screen what we got so far uh we got this setup 9800 connected to ap and the client trying to join the ssid when the uplink is configured as access it is a thumbs up as soon as we configured uplink as trunk and allow the vlan it's thumbs down right so let's fix it what we can do go to av join profile and change the vlan mapping right to the intended uh uh or the final configuration so we want you to use user data vlan not ap vlan and user data vlan is 9.10 24 subnet now let's make some changes so this is ewlc uplink okay i'm just we are just going to verify that the change has taken effect and as you can see uh sdn tech poll profile now vlan is user data profile right show vlan 10 and 100 already defined show interface trunk no trunk link now let's convert access to trunk okay and break it so switchboard allowed and 200 and in hypervisor also i have changed the vlan id to 4095.4095 that means allow all the vlans all the tags okay as soon as we do this it breaks ap will will lose the heartbeat and it will go down captain will go down okay dtls tear down so again we we went back to the problem right where we applied the work around putting everything in one subnet now we recreated the problem so we are at the step where we have the problem at hand okay no ap joint because uplink is configured as trunk what is happening here native land that's the key so when ap is sending uh discovery sending with a uh with with encapsulation which is not getting understood because of native field and mismatch right so now i'm saying native vlan is vlan 10 which is my apv lamp right as soon as i say that switch can understand and it's not it doesn't get confused between the axis and trunk uh in the process go smooth right so now if we can join controller with vlan 10 with uplink being configured as trunk right so we have overcome that problem very good the second part was the client has to join uh get the ip address from n subnet not 172 subnet and that subnet is defined on dscp but dhcp need a route back for that subnet right so that's where you need to add this route and i have did ip route add and 1010 via my ens ens-224 so they now dhcp has a route back so that it can reply for dhcp discover messages also we need to create the wlan or vlan anchor point for that ssid and that on wlc and that's what i'm doing here interface wheel and 100 put the ip address in 10 subnet also use ip helper address because dhcp is in different subnets so that's where we are using ip helper writers and we are using ip helper writers of dhcp server itself because we do not have any router in the network but dhcp server is connected via virtual link directly so we can just use the dhcp server ip address as a helper address itself so what happened now as you can see wireless client summary we have client joined or i'm actively trying to join using uh putting the username and password on my phone and let's watch what happened on ap console okay because i cannot show you my phone it's in my hand right now in this at this point of time but ap has joined the controller that's a good thing right and now as you can see the add mobile id client all those messages started coming that mean client is trying to join and it has already got the ip address in 10.10.200 subnet so my dhcp server has provided ip address and i have a active client in my network okay client goes active active one bingo as expected this is what we wanted this is the holy grail right we have a ipv4 address in different subnet than ap vlan and this is getting negotiated dynamically from external dhcp server same thing just like previous work around you can get all sort of client related information here which ap disconnected what is the quality ssnr and other things what i did while we were checking this we you can also do a capture packet capture to see what's coming in and how dhcp discover uh our dora process is getting taken care right for that i run a packet capture and as you can see on my screen first we got dhcp discover as a broadcast and that product has been relayed to dhcp server the acp server know that i have a scope for that subnet it replied for reply it has a route back to um back to the request and from there it has been sent back to the client and here you can see uh it offered ip address of n 0 2 10.01 that vlan and within that reply you have the actual client address and that's the client address my client got in terms of n0 200 and this is my interface vlan so this is the ethernet mac address where source and destination is getting set right it's dhcp server to ewlc helper ip address okay so this is great this is what we wanted to achieve and i have shown you with packet capture and everything um this is our client somebody client has is joined it has an ip address we are broadcasting ssd ssid and everything looks very good so we have one wlan one access point one client now you are totally free to build on top of that you can have multiple ssids you can play with different kind of rf profile you can add more client you can add more subnet and all sort of things you can do so this is the conclusion of uh wireless for network engineer i intend to put a few architectural discussions like uh how the contention take place how we uh take what is the aloha network right all those things i'm sure you know it if you're a wireless engineer but we'll still talk about it and get some more feedback or familiarity with it and i hope you were able to follow along with me i know it was a long series but it's a great home lab and you can build on top of that you can do your cc uh any wireless i don't know what is it called now that they see wna or something or are you or maybe uh if not certification you can i mean wireless is ubiquitous now is nowadays right so it's good to know about wireless and it has very good scope so thank you very much for watching i'll see you in next videos

Info

Channel: SDN TechForum

Views: 82

Rating: undefined out of 5

Keywords: Networking, sdntechforum, monitoring, cisco

Id: DES0kyx4Acw

Channel Id: undefined

Length: 21min 9sec (1269 seconds)

Published: Fri Oct 29 2021