Curtin University

Wireless Data Network 303 and 603

Experiment Four Antenna and wireless traffic negotiation (WLC Configuration)
Due: Monday 29th of April

Table of Contents
Antenna ....................................................................................................................................... 3 Wireless traffic: .......................................................................................................................... 4 Reset the Wireless LAN Controller: ............................................................................................. 4 Start up Configuration: .................................................................................................................... 4 WLC Configuration Backup ............................................................................................................ 5 Upload configuration file using GUI .......................................................................................................... 5 Upload configuration file using CLI ........................................................................................................... 5 Creating accounts on WLC .............................................................................................................. 6 Creating a guest Access Account Using the lobby Ambassador Option ........................... 6 Creating a Lobby Ambassador Account Using the Controller GUI ................................................ 6 Creating a Lobby Ambassador Account Using the Controller CLI ................................................. 7 Creating Guest User Accounts Using the Controller GUI ...................................................... 7 Using the GUI to View Guest Accounts ........................................................................................ 8 Using the CLI to View Guest Accounts ........................................................................................ 8 Banner .......................................................................................................................................... 9 Using the GUI to Download a Login Banner File ..................................................................... 9 Using the CLI to Download a Login Banner File ................................................................... 10 Web access Security ............................................................................................................... 11 Enable secure web mode (HTTPS) using GUI ....................................................................... 11 Enable web mode using the controller CLI ............................................................................ 11 Save configuration .................................................................................................................. 12

Antenna
1. The two factors involved in dealing with antennas are polarity and Diversity. Briefly explain each factor. 2. There are two types of antenna, Omnidirectional and Directional. Explain how they operate and what are the differences. Use examples for each type. 3. What is the model of Access Point used in Laboratory? How many antenna it has? What is the type of antennas?

Wireless traffic:
Reset the Wireless LAN Controller:
During loading process choose option 5 to clear the previous configuration. When it reloads for the second time choose option 1.

Start up Configuration:

Figure 1- Wireless Lab topology

Follow the procedure in previous lab experiment to configure the Figure-1 topology.

WLC Configuration Backup

Upload configuration file using GUI 1. WLC configuration file can be saved via TFTP server. To do this: 2. Run TFTP server on wired client (e.g. c:\Program Files\tftpd) 3. Open web browser and type in the WLC management interface IP address 4. In COMMANDS tab click on upload file button from side menu to configure tftp on WLC. 5. Choose Configuration from drop down menu in File Type 6. No encryption 7. Transfer mode TFTP 8. Server Details: a. IP address of wired client running TFTP server b. File Path: / c. File name: OPTIONAL (e.g. CONFIGwlc.txt) 9. Save configurations and upload. 10. You can find this file in your TFTP server current directory. 11. This file can be saved for the future use to restore the configuration on WLC by choosing download file option instead of upload file. Upload configuration file using CLI Step 1 Transfer the file from the controller to a TFTP server by entering these commands: transfer upload mode tftp transfer upload datatype Configuration transfer upload serverip server_ip_address transfer upload path server_path_to_file transfer upload filename filename Step 2 View the updated settings by entering this command: transfer upload start Step 3 When prompted to confirm the current settings and start the software upload, answer y.

Creating accounts on WLC

You can create accounts with different privileged level on your WLC. But always remember NOT TO DELETE DEFAULT ACCOUNT UNLESS YOU CREATE A NEW ADMINISTRATOR ONE.

Creating a guest Access Account Using the lobby Ambassador Option

A lobby ambassador account is used to assign guest access accounts. You can create a lobby ambassador account on the controller through either its GUI or the CLI. Creating a Lobby Ambassador Account Using the Controller GUI To create a lobby ambassador account on the controller using the controller GUI, follow these Step 1 Click Management > Local Management Users. Note! This Local Management Users window lists the names and access privileges of the current local management users. You can delete any of the user accounts from the controller by selecting the Remove option from the blue arrow drop-down menu next to that account. However, deleting the default administrative user prohibits both GUI and CLI access to the controller. Therefore, you must create a user with administrative privileges (Read/Write) before you remove the default user. Step 2 Click New. Step 3 Step 4 In the User Name field, enter a username. In the Password and Confirm Password fields, enter a password. Note! Passwords are case sensitive. Step 5 Select LobbyAdmin from the User Access Mode drop-down menu. This option enables the lobby ambassador to create guest user accounts. Note! The ReadOnly option in the User Access Mode menu creates an account with read-only privileges, and the ReadWrite an option creates an administrative

 Step 6 Step 7

account with both read and write privileges. Click Apply to see your changes. The new lobby ambassador account appears in the list of local management users. Click Save Configuration to save your changes.

Creating a Lobby Ambassador Account Using the Controller CLI Use this command to create a lobby ambassador account using the controller CLI: config mgmtuser add lobbyadmin_username lobbyadmin_pwd lobby-admin

Creating Guest User Accounts Using the Controller GUI

Follow these steps to create guest user accounts using the controller GUI after you have created the Lobby Ambassador account: Note! A lobby ambassador cannot access the controller CLI and therefore can only create guest user accounts from the controller GUI. Step 1 Log into the controller as the lobby ambassador, using the username and password specified in the Creating a Lobby Ambassador Account Using the Controller GUI section above. Step 2 Click New to create a guest user account. Step 3 In the User Name field, enter a name for the guest user. You can enter up to 24 characters. Step 4 Perform one of the following: If you want to generate an automatic password for this guest user, check the Generate Password check box. The generated password is entered automatically in the Password and Confirm Password fields. If you want to create a password for this guest user, leave the Generate Password check box unchecked and enter a password in both the Password and Confirm Password fields. Note! Passwords can contain up to 24 characters and are case sensitive. Step 5

From the Lifetime drop-down boxes, choose the amount of time (in days, hours, minutes, and seconds) that this guest user account is to remain active. A value of zero (0) is not valid for the lifetime parameter.

Default: 1 day Range: 5 minutes to 30 days Step 6 From the WLAN SSID drop-down menu, choose the SSID to be used by the guest user. The only WLANs that are listed are those, which have Layer 3 web authentication configured. Step 7 In the Description field, enter a description of the guest user account. You can enter up to 32 characters. Click Apply to commit your changes. Step 8 Repeat this procedure to create any additional guest user accounts.

Note A lobby ambassador cannot access the controller CLI interface and therefore can create guest user accounts only from the controller GUI.

Using the GUI to View Guest Accounts

To view guest user accounts using the controller GUI, choose Security > AAA > Local Net Users. The Local Net Users page appears.

Using the CLI to View Guest Accounts

To view all of the local net user accounts (including guest user accounts) using the controller CLI, enter this command: show netuser summary

Banner
In controller software release 6.0 or later releases, you can download a login banner file using either the GUI or the CLI. The login banner is the text that appears on the page before user authentication when you access the controller GUI or CLI using Telnet, SSH, or a console port connection. You save the login banner information as a text (*.txt) file. The text file cannot be larger than 1500 bytes and cannot have more than 18 lines of text.

Here is an example of a login banner: Unauthorized access prohibited. Contact sysadmin@corp.com for access.

Using the GUI to Download a Login Banner File

Follow the instruction to download a login banner to the controller through GUI: Step 1 Make sure you have TFTP server available (run TFTP server on wired client) Step2 Copy the login banner file to the default directory on your TFTP server. Step 3 Choose Commands > Download File to open the Download File to Controller page Step 4 From the File Type drop-down list, choose Login Banner. Step 5 In the File Path text box, enter the directory path of the login banner file (/). Step 6 In the File Name text box, enter the name of the login banner text (*.txt) file. Step 7

Click Download to download the login banner file to the controller. A message appears indicating the status of the download.

Using the CLI to Download a Login Banner File

To download a login banner file to the controller using the controller CLI, follow these steps: Step 1 Log into the controller CLI. Step 2 Specify the transfer mode used to download the config file by entering this command: transfer download mode tftp Step 3 Download the controller login banner by entering this command: transfer download datatype login-banner Step 4 Specify the IP address of the TFTP or FTP server by entering this command: transfer download serverip server-ip-address Step 5 Specify the name of the config file to be downloaded by entering this command: transfer download path server-path-to-file Step 6 Specify the directory path of the config file by entering this command: transfer download filename filename.txt Step 7 If you are using a TFTP server, enter these commands: transfer download tftpMaxRetries retries transfer download tftpPktTimeout timeout

10

Web access Security

Enable secure web mode (HTTPS) using GUI
Step 1 Choose Management>HTTP . Step 2 To enable secure web mode, which allows users to access the controller GUI using https://ip-address, choose Enabled from the HTTPS Access drop-down list and disable from the HTTP Access. Secure web mode is a secure connection. Step 3 In the Web Session Timeout text box, enter the amount of time (in minutes) before the web session times out due to inactivity. You can enter a value between 30 and 160 minutes (inclusive), and the default value is 30 minutes. Step 4 Click Apply to commit your changes.

Enable web mode using the controller CLI

Step 1 To enable or disable web mode, enter this command: config network webmode {enable | disable} This command allows users to access the controller GUI using http://ip-address. The default value is disabled. Web mode is not a secure connection. Step 2 To enable or disable secure web mode, enter this command: config network secureweb {enable | disable}

11

This command allows users to access the controller GUI using https://ip-address. The default value is enabled. Secure web mode is a secure connection. Enable HTTPS and Disable HTTP Step 3 To enable or disable secure web mode with increased security, enter this command: config network secureweb cipher-option high {enable | disable} This command allows users to access the controller GUI using https://ip-address but only from browsers that support 128-bit (or larger) ciphers. The default value is disabled. Step 4 To enable or disable SSLv2 for web administration, enter this command: config network secureweb cipher-option sslv2 {enable | disable} If you disable SSLv2, users cannot connect using a browser configured with SSLv2 only. They must use a browser that is configured to use a more secure protocol such as SSLv3 or later. The default value is enabled. Step 5 To verify that the controller has generated a certificate, enter this command: show certificate summary Information similar to the following appears: Web Administration Certificate................. Locally Generated Web Authentication Certificate................. Locally Generated Certificate compatibility mode:................ off

Save configuration
Save the configuration file on TFTP server and keep it for the next lab.

12