Xxipexpert Peter Saltarelli Wireless Volume 2 Workbook Complete

IPexperts Lab Preparation Workbook

Volume 2for the Cisco CCIE v2.0 Wireless Lab Exam

Licen

sed e

xclus

ively

to Pe

ter S

altare

lli

salta

rellip

eter33

@yah

oo.co

m

IPexperts Workbook for the CCIE Wireless Lab Exam Volume 2 Workbook

v3150 Copyright by IPexpert, Inc. All Rights Reserved. 1

IPexperts Lab Preparation Workbook for the Cisco CCIETM Wireless Lab Exam -

Volume 2 Before We Begin

This product is part of the IPexpert "Blended Learning Solution" that provides CCIE candidates with a comprehensive training program. For information about the full solution, contact an IPexpert Training Advisor today. Telephone: +1.810.326.1444 Email: [email protected] Congratulations! You now possess one of the ULTIMATE CCIETM Wireless Lab preparation resources available today! This resource was produced by senior engineers, technical instructors, and authors boasting decades of internetworking experience. Although there is no way to guarantee a 100% success rate on the CCIETM Wireless Lab exam, we feel VERY confident that your chances of passing the Lab will improve dramatically after completing this industry-recognized Workbook! Technical Support from IPexpert and your CCIE community!

IPexpert is proud to lead the industry with multiple support options at your disposal free of charge. Our online communities have attracted a membership of over 20,000 of your peers from around the world! At Blog.IPexpert.com you can keep up to date with everything IPexpert does, as well as start your own CCIE-focused blog or simply add your existing blog to our directory so your peers can find you. At OnlineStudyList.com, you may subscribe to multiple SPAM-free, CCIE-focused email lists.

Licen

sed e

xclus

ively

to Pe

ter S

altare

lli

salta

rellip

eter33

@yah

oo.co

m



Feedback Do you have a suggestion or other feedback regarding this book or other IPexpert products? At IPexpert, we look to you our valued clients for the real world, frontline evaluation that we believe is necessary to improve continually. Please send an email with your thoughts to [email protected] or call 1.866.225.8064 (international callers dial +1.810.326.1444). In addition, when you pass the CCIETM Lab exam, we want to hear about it! Email your CCIETM number to [email protected] and let us know how IPexpert helped you succeed. We would like to send you a gift of thanks and congratulations. Additional CCIETM Preparation Material IPexpert, Inc. is committed to developing the most effective Cisco CCIETM R&S, Security, Service Provider, Voice and Wireless Lab certification preparation tools available. Our team of certified networking professionals develops the most up-to-date and comprehensive materials for networking certification, including self-paced workbooks, online Cisco hardware rental, classroom training, online (distance learning) instructor-led training, audio products, and video training materials. Unlike other certification-training providers, we employ the most experienced and accomplished team of experts to create, maintain and constantly update our products. At IPexpert, we are focused on making your CCIETM Lab preparation more effective. A message from the Author(s):

The scenarios covered in this workbook were developed by Wireless CCIEs to help you prepare for the Cisco CCIE Wireless laboratory. It is strongly recommended that you use other reading materials in addition to this workbook.

Training is not the CCIE Wireless workbook objective. The intent of these labs is to test your knowledge and ability of implementing Cisco Enterprise Wireless Solutions.

Time management is very important, if you get stuck on a lab scenario be sure to write it down. Formulate a Checklist for skipped sections and then return to those sections once you have gone through the entire lab. Be sure to revisit the questions that you do not understand.

For more information on the CCIE Wireless lab, please visit http://www.cisco.com/web/learning/le3/ccie/index.html and click on the link for Wireless on the top-right of the page.

Helpful Hints

Keep It Simple, try to avoid any extra work (example: adding descriptions) Always reference everything from the Documentation Website:

http://www.cisco.com/cisco/web/psa/default.html?mode=prod Know your SRNDs well http://www.cisco.com/go/srnd Save your router configurations often (wr is the quickest command)

Licen

sed e

xclus

ively

to Pe

ter S

altare

lli

salta

rellip

eter33

@yah

oo.co

m



IPEXPERT END-USER LICENSE AGREEMENT

END USER LICENSE FOR ONE (1) PERSON ONLY

IF YOU DO NOT AGREE WITH THESE TERMS AND CONDITIONS, DO NOT OPEN OR USE THE TRAINING MATERIALS.

This is a legally binding agreement between you and IPEXPERT, the Licensor, from whom you have licensed the IPEXPERT training materials (the Training Materials). By using the Training Materials, you agree to be bound by the terms of this License, except to the extent these terms have been modified by a written agreement (the Governing Agreement) signed by you (or the party that has licensed the Training Materials for your use) and an executive officer of Licensor. If you do not agree to the License terms, the Licensor is unwilling to license the Training Materials to you. In this event, you may not use the Training Materials, and you should promptly contact the Licensor for return instructions. The Training Materials shall be used by only ONE (1) INDIVIDUAL who shall be the sole individual authorized to use the Training Materials throughout the term of this License.

Copyright and Proprietary Rights The Training Materials are the property of IPEXPERT, Inc. ("IPEXPERT") and are protected by United States and International copyright laws. All copyright, trademark, and other proprietary rights in the Training Materials and in the Training Materials, text, graphics, design elements, audio, and all other materials originated by IPEXPERT at its site, in its workbooks, scenarios and courses (the "IPEXPERT Information") are reserved to IPEXPERT.

The Training Materials cannot be used by or transferred to any other person. You may not rent, lease, loan, barter, sell or time-share the Training Materials or accompanying documentation. You may not reverse engineer, decompile, or disassemble the Training Materials. You may not modify, or create derivative works based upon the Training Materials in whole or in part. You may not reproduce, store, upload, post, transmit, download or distribute in any form or by any means, electronic, mechanical, recording or otherwise any part of the Training Materials and IPEXPERT Information other than printing out or downloading portions of the text and images for your own personal, non-commercial use without the prior written permission of IPEXPERT.

You shall observe copyright and other restrictions imposed by IPEXPERT. You may not use the Training Materials or IPEXPERT Information in any manner that infringes the rights of any person or entity.

Exclusions of Warranties THE TRAINING MATERIALS AND DOCUMENTATION ARE PROVIDED AS IS. LICENSOR HEREBY DISCLAIMS ALL OTHER WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, INCLUDING WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. SOME STATES DO NOT ALLOW THE LIMITATION OF INCIDENTAL DAMAGES OR LIMITATIONS ON HOW LONG AN IMPLIED WARRANTY LASTS, SO THE ABOVE LIMITATIONS OR EXCLUSIONS MAY NOT APPLY TO YOU. This agreement gives you specific legal rights, and you may have other rights that vary from state to state.

Choice of Law and Jurisdiction

This Agreement shall be governed by and construed in accordance with the laws of the State of Michigan, without reference to any conflict of law principles. You agree that any litigation or other proceeding between you and Licensor in connection with the Training Materials shall be brought in the Michigan state or courts located in Port Huron, Michigan, and you consent to the jurisdiction of such courts to decide the matter. The parties agree that the United Nations Convention on Contracts for the International Sale of Goods shall not apply to this License. If any provision of this Agreement is held invalid, the remainder of this License shall continue in full force and effect

Licen

sed e

xclus

ively

to Pe

ter S

altare

lli

salta

rellip

eter33

@yah

oo.co

m



Limitation of Claims and Liability

ANY ACTION ON ANY CLAIM AGAINST IPEXPERT MUST BE BROUGHT BY THE USER WITHIN ONE (1) YEAR FOLLOWING THE DATE THE CLAIM FIRST ACCRUED, OR SHALL BE DEEMED WAIVED. IN NO EVENT WILL THE LICENSORS LIABILITY UNDER, ARISING OUT OF, OR RELATING TO THIS AGREEMENT EXCEED THE AMOUNT PAID TO LICENSOR FOR THE TRAINING MATERIALS. LICENSOR SHALL NOT BE LIABLE FOR ANY SPECIAL, INCIDENTAL, INDIRECT, OR CONSEQUENTIAL DAMAGES, HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, REGARDLESS OF WHETHER LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. WITHOUT LIMITING THE FOREGOING, LICENSOR WILL NOT BE LIABLE FOR LOST PROFITS, LOSS OF DATA, OR COSTS OF COVER.

Entire Agreement This is the entire agreement between the parties and may not be modified except in writing signed by both parties.

U.S. Government - Restricted Rights

The Training Materials and accompanying documentation are commercial computer Training Materials and commercial computer Training Materials documentation, respectively, pursuant to DFAR Section 227.7202 and FAR Section 12.212, as applicable. Any use, modification, reproduction release, performance, display, or disclosure of the Training Materials and accompanying documentation by the U.S. Government shall be governed solely by the terms of this Agreement and shall be prohibited except to the extent expressly permitted by the terms of this Agreement.

IF YOU DO NOT AGREE WITH THE ABOVE TERMS AND CONDITIONS, DO NOT OPEN OR USE THE TRAINING MATERIALS AND CONTACT LICENSOR FOR INSTRUCTIONS ON RETURN OF THE TRAINING MATERIALS.

Licen

sed e

xclus

ively

to Pe

ter S

altare

lli

salta

rellip

eter33

@yah

oo.co

m



IPexperts Mock Lab training exam for the Cisco CCIETM Wireless Lab Exam

Volume 2

NOTE

You are encouraged to take advantage of the knowledge and support from your peers around the globe. Join onlinestudylist.com to get more community support and also official support from IPexpert.

Licen

sed e

xclus

ively

to Pe

ter S

altare

lli

salta

rellip

eter33

@yah

oo.co

m



Table of Contents

IPEXPERT END-USER LICENSE AGREEMENT ............................................................................................... 3 END USER LICENSE FOR ONE (1) PERSON ONLY .................................................................................................... 3 U.S. Government - Restricted Rights ............................................................................................................................... 4

LAB 1: CCIE WIRELESS VERSION 2 A 8 HOUR TRAINING LAB .......................................................... 11 MOCK LAB 1: TOPOLOGY ................................................................................................................................ 12 LAB 1: PRE-LAB SETUP .................................................................................................................................... 13 LAB 1: PREREQUISITES: .................................................................................................................................. 13 LAB 1: TABLES .................................................................................................................................................... 14 TABLE 1: VLAN AND SUBNET TABLE ................................................................................................................................. 14 TABLE 2: DEVICE IP ADDRESSES ......................................................................................................................................... 15 LAB 1: 8 HOUR CCIE WIRELESS V2 MOCK LAB ......................................................................................... 16 1.0 CONFIGURE AND TROUBLESHOOT WIRED INFRASTRUCTURE TO SUPPORT WLAN'S ......................... 16 2.0 CONFIGURE AND TROUBLESHOOT INFRASTRUCTURE APPLICATION SERVICES .............................................. 18 3.0 CONFIGURE AND TROUBLESHOOT AUTONOMOUS DEPLOYMENT MODEL ......................................................... 19 4.0 CONFIGURE AND TROUBLESHOOT UNIFIED DEPLOYMENT MODEL .................................................................... 19 TABLE 3: WLC VLANS AND SSIDS .................................................................................................................................... 20 5.0 CONFIGURE AND TROUBLESHOOT WCS ................................................................................................................. 23 6.0 CONFIGURE AND TROUBLESHOOT WLAN SERVICES ........................................................................................... 24 LAB 2: CCIE WIRELESS VERSION 2, A 8 HOUR TRAINING LAB ............................................................ 26 MOCK LAB 2: TOPOLOGY ................................................................................................................................ 28 LAB 2: PRE-LAB SETUP .................................................................................................................................... 29 LAB 2: PREREQUISITES: .................................................................................................................................. 29 LAB 2: TABLES .................................................................................................................................................... 30 TABLE 1: VLAN AND SUBNET TABLE ................................................................................................................................. 30 TABLE 2: DEVICE IP ADDRESSES ......................................................................................................................................... 31 LAB 2: 8 HOUR CCIE WIRELESS V2 MOCK LAB ......................................................................................... 32 TASK 1: CONFIGURE AND TROUBLESHOOT WIRED INFRASTRUCTURE TO SUPPORT WLANS 32 1.1 BASIC NETWORK DETAILS .......................................................................................................................................... 32 1.2 QOS ..................................................................................................................................................................................... 32 1.3 LAYER 2 CONFIGURATION .............................................................................................................................................. 33 1.4 TIME SYNCHRONIZATION ............................................................................................................................................... 33 1.5 MSE .................................................................................................................................................................................... 33 TASK 2: CONFIGURE AND TROUBLESHOOT WIRED INFRASTRUCTURE TO SUPPORT WLANS 34

Licen

sed e

xclus

ively

to Pe

ter S

altare

lli

salta

rellip

eter33

@yah

oo.co

m



2.1 LIGHTWEIGHT APS DISCOVERY ..................................................................................................................................... 34 2.2 LIGHTWEIGHT APS SETTINGS ........................................................................................................................................ 34 2.3 SYSLOG ............................................................................................................................................................................... 35 TASK 3: CONFIGURE AND TROUBLESHOOT AUTONOMOUS DEPLOYMENT MODEL ............... 35 3.1 AP LOGGING ...................................................................................................................................................................... 35 3.2 SSID CONFIGURATION .................................................................................................................................................... 35 3.3 ADDITIONAL SETTINGS ................................................................................................................................................... 35 TASK 4: CONFIGURE AND TROUBLESHOOT UNIFIED DEPLOYMENT MODEL ........................... 36 4.1 CONFIGURING MO OFFICE ............................................................................................................................................. 36 4.2 CONFIGURING HEADQUARTER OFFICE ........................................................................................................................ 36 4.3 CONFIGURING GUEST SOLUTION ................................................................................................................................... 37 TASK 5: CONFIGURE AND TROUBLESHOOT WCS ................................................................................ 37 5.1 ADDING WLCS ................................................................................................................................................................. 37 5.2 ADDING MOBILITY SERVICES ........................................................................................................................................ 37 5.3 CONFIGURING WCS ......................................................................................................................................................... 37 TASK 6: CONFIGURE AND TROUBLESHOOT WLAN SERVICES ........................................................ 38 6.1 RADIO MANAGEMENT ...................................................................................................................................................... 38 6.2 CONTROLLER SECURITY ................................................................................................................................................. 38 6.3 VOICE SETTINGS ............................................................................................................................................................... 39 LAB 3: CCIE WIRELESS VERSION 2 ............................................................................................................... 40 8 HOUR TRAINING LAB 3 ................................................................................................................................ 40 MOCK LAB 3: TOPOLOGY ................................................................................................................................ 41 LAB 3: PRE-LAB SETUP .................................................................................................................................... 42 LAB 3: PREREQUISITES: .................................................................................................................................. 42 LAB 3: TABLES .................................................................................................................................................... 43 TABLE 1: VLAN AND SUBNET TABLE ................................................................................................................................. 43 TABLE 2: DEVICE IP ADDRESSES ......................................................................................................................................... 44 LAB 3: 8 HOUR CCIE WIRELESS V2 MOCK LAB ......................................................................................... 45 1.0 CONFIGURE AND TROUBLESHOOT WIRED INFRASTRUCTURE TO SUPPORT WLAN'S ......................................... 45

L2 switching in HQ: ............................................................................................................................................................ 45 L3 routing: .............................................................................................................................................................................. 45 MO routing and switching: .............................................................................................................................................. 46 QOS: ........................................................................................................................................................................................... 46 2.0 CONFIGURE AND TROUBLESHOOT INFRASTRUCTURE APPLICATION SERVICES .................................................. 47 NTP: ........................................................................................................................................................................................... 47 AP management: ................................................................................................................................................................. 47 Switching security: ............................................................................................................................................................. 48 3.0 CONFIGURE AND TROUBLESHOOT AUTONOMOUS DEPLOYMENT MODEL ............................................................. 48 Autonomous setup: ............................................................................................................................................................. 48

Licen

sed e

xclus

ively

to Pe

ter S

altare

lli

salta

rellip

eter33

@yah

oo.co

m



4.0 CONFIGURE AND TROUBLESHOOT UNIFIED DEPLOYMENT MODEL ........................................................................ 49 WLC management: ............................................................................................................................................................. 49 TABLE 3: WLC VLANS AND SSIDS .................................................................................................................................... 49 AP Priming: ............................................................................................................................................................................ 50 Guests: ...................................................................................................................................................................................... 50 Mobility: ................................................................................................................................................................................... 51 Interference and radio settings: ................................................................................................................................... 51 AP registration security and local radius: ................................................................................................................ 51 Client connection testing: ................................................................................................................................................ 52 Rouge detection: .................................................................................................................................................................. 52 5.0 CONFIGURE AND TROUBLESHOOT WCS ...................................................................................................................... 52 WCS: .......................................................................................................................................................................................... 52 MAPs: ........................................................................................................................................................................................ 53 6.0 CONFIGURE AND TROUBLESHOOT WLAN SERVICES ............................................................................................... 53 Wireless Voice: ...................................................................................................................................................................... 53

LAB 4: CCIE WIRELESS VERSION 2 ............................................................................................................... 55 8 HOUR TRAINING LAB 4 ................................................................................................................................ 55 MOCK LAB 4: TOPOLOGY ................................................................................................................................ 56 LAB 4: PRE-LAB SETUP .................................................................................................................................... 57 LAB 4: PREREQUISITES: .................................................................................................................................. 57 LAB 4: TABLES .................................................................................................................................................... 58 TABLE 1: VLAN AND SUBNET TABLE ................................................................................................................................. 58 TABLE 2: DEVICE IP ADDRESSES ......................................................................................................................................... 59 LAB 4: 8 HOUR CCIE WIRELESS V2 MOCK LAB ......................................................................................... 60 1.0 CONFIGURE AND TROUBLESHOOT WIRED INFRASTRUCTURE TO SUPPORT WLAN'S ......................................... 60

L2 switching in HQ: ............................................................................................................................................................ 60 L3 routing: .............................................................................................................................................................................. 60 MO routing and switching: .............................................................................................................................................. 61 QOS: ........................................................................................................................................................................................... 61 Multicast .................................................................................................................................................................................. 61 2.0 CONFIGURE AND TROUBLESHOOT INFRASTRUCTURE APPLICATION SERVICES .................................................. 62 NTP: ........................................................................................................................................................................................... 62 AP management: ................................................................................................................................................................. 62 Switching security: ............................................................................................................................................................. 63 3.0 CONFIGURE AND TROUBLESHOOT AUTONOMOUS DEPLOYMENT MODEL ............................................................. 63 Autonomous setup: ............................................................................................................................................................. 63 4.0 CONFIGURE AND TROUBLESHOOT UNIFIED DEPLOYMENT MODEL ........................................................................ 63 WLC management: ............................................................................................................................................................. 63 TABLE 3: WLC VLANS AND SSIDS .................................................................................................................................... 64 AP Priming: ............................................................................................................................................................................ 64

Licen

sed e

xclus

ively

to Pe

ter S

altare

lli

salta

rellip

eter33

@yah

oo.co

m



Guests: ...................................................................................................................................................................................... 65 AP registration security and local radius: ................................................................................................................ 65 Client connection testing: ................................................................................................................................................ 66 Clean AIR: ............................................................................................................................................................................... 66 5.0 CONFIGURE AND TROUBLESHOOT WCS ...................................................................................................................... 67 WCS: .......................................................................................................................................................................................... 67 MAPs: ........................................................................................................................................................................................ 67 6.0 CONFIGURE AND TROUBLESHOOT WLAN SERVICES ............................................................................................... 67 Wireless Voice: ...................................................................................................................................................................... 67

LAB 5: CCIE WIRELESS V2 ............................................................................................................................... 69 8 HOUR TRAINING ............................................................................................................................................. 69 MOCK LAB 5: TOPOLOGY ................................................................................................................................ 70 LAB 5: PRE-LAB SETUP .................................................................................................................................... 71 LAB 5: PREREQUISITES: .................................................................................................................................. 71 LAB 5: TABLES .................................................................................................................................................... 72 TABLE 1: VLAN AND SUBNET TABLE ................................................................................................................................. 72 TABLE 2: DEVICE IP ADDRESSES ......................................................................................................................................... 73 LAB 5: 8 HOUR CCIE WIRELESS V2 MOCK LAB ......................................................................................... 74 1.0 CONFIGURE AND TROUBLESHOOT WIRED INFRASTRUCTURE TO SUPPORT WLAN'S ......................................... 74

L2 switching in HQ: ............................................................................................................................................................ 74 L3 routing: .............................................................................................................................................................................. 74 QOS: ........................................................................................................................................................................................... 75 Multicast .................................................................................................................................................................................. 75 2.0 CONFIGURE AND TROUBLESHOOT INFRASTRUCTURE APPLICATION SERVICES .................................................. 75 NTP: ........................................................................................................................................................................................... 75 AP management: ................................................................................................................................................................. 76 Switching security: ............................................................................................................................................................. 76 3.0 CONFIGURE AND TROUBLESHOOT AUTONOMOUS DEPLOYMENT MODEL ............................................................. 77 Autonomous setup: ............................................................................................................................................................. 77 4.0 CONFIGURE AND TROUBLESHOOT UNIFIED DEPLOYMENT MODEL ........................................................................ 78 WLC management: ............................................................................................................................................................. 78 TABLE 3: WLC VLANS AND SSIDS .................................................................................................................................... 78 AP Priming: ............................................................................................................................................................................ 79 Guests: ...................................................................................................................................................................................... 79 AP registration security and local radius: ................................................................................................................ 79 Management: ........................................................................................................................................................................ 80 Clean AIR: ............................................................................................................................................................................... 80 5.0 CONFIGURE AND TROUBLESHOOT WCS ...................................................................................................................... 80 WCS: .......................................................................................................................................................................................... 80 MAPs: ........................................................................................................................................................................................ 80

Licen

sed e

xclus

ively

to Pe

ter S

altare

lli

salta

rellip

eter33

@yah

oo.co

m



Clean Air: ................................................................................................................................................................................. 81 6.0 CONFIGURE AND TROUBLESHOOT WLAN SERVICES ............................................................................................... 81 Wireless Voice: ...................................................................................................................................................................... 81

Licen

sed e

xclus

ively

to Pe

ter S

altare

lli

salta

rellip

eter33

@yah

oo.co

m



Lab 1: CCIE Wireless Version 2 a 8 hour training Lab

1.0 Configure and troubleshoot wired infrastructure to support WLAN's

2.0 Configure and Troubleshoot Infrastructure Application Services

3.0 Configure and Troubleshoot Autonomous deployment model

4.0 Configure and Troubleshoot Unified deployment model 5.0 Configure and Troubleshoot WCS 6.0 Configure and Troubleshoot WLAN Services

Lab Overview

This lab will test your knowledge on several items of CCIE Wireless blueprint version 2. The wording in the LAB questions might seem extra hard because they are meant to prepare the candidate to read in between the lines. The network and WLCs are partly pre-configured in order to save time but some of the configurations have to be altered to meet the exam requirements

The fact that WLC are pre-configured doesnt mean that there are no tasks where you have to rectify wrong pre-configs or make some small changes, both on the WLCs and the network. Those are all part of solving this lab. Throughout this lab you may expect to rectify basic IP connectivity issues on more than one occasion. This is meant to prepare the candidate not to take anything for granted and stay focused while the lab tries to confuse you.

This lab will use ALL equipment in the LAB 1: topology. Refer to the names of the equipment on that topology.

When configuring WLANs/ SSIDs. The lab refers to SSID-XX replace XX with your pod number where POD01 is for example SSID-01

Unless otherwise indicated, use admin for usernames and IPexpert123 for passwords.

It is strongly advised to read the whole LAB over before you start configuring. And in each section read it briefly over to refresh. In some sections some later tasks would better be done first

Estimated Time to Complete: 8 hours

Licen

sed e

xclus

ively

to Pe

ter S

altare

lli

salta

rellip

eter33

@yah

oo.co

m



Mock Lab 1: Topology

Licen

sed e

xclus

ively

to Pe

ter S

altare

lli

salta

rellip

eter33

@yah

oo.co

m



Lab 1: Pre-Lab Setup

Physically connect and configure your network according to Diagram 1. The switches are pre-configured with some VLANs and IP addresses.

Lab 1: Prerequisites:

This lab will rely on the network infrastructure. You will need to pre-configure the network with the base configuration files.

If using your own hardware:

Login to IPexpert.com, navigate to the My Downloads area, download IPexpert Wireless Volume 1 Configs, find the Lab 1 INITIAL Configs, and copy and paste the proper switch files to the proper devices.

If you are using Proctor Labs:

Log on to your Wireless vRack Web UI and navigate to near the top of the web page, click the Load Lab button and choose: IPexpert WIFI Volume 2 Workbook Lab 1 INITIAL

Licen

sed e

xclus

ively

to Pe

ter S

altare

lli

salta

rellip

eter33

@yah

oo.co

m



Lab 1: Tables Table 1: VLAN and Subnet Table

VLAN VLAN Name Subnet Netmask 5 Servers 10.10.210.0 /24

10 HQSwitchMgmt 10.10.10.0 /24

11 HQGuest1 10.10.11.0 /24

12 HQData1 10.10.12.0 /24

13 HQData2 10.10.13.0 /24

14 HQData3 10.10.14.0 /24

15 HQVoice1 10.10.15.0 /24

16 HQVoice2 10.10.16.0 /24

17 HQData4 10.10.17.0 /24

20 MOSwitchMgmt 10.10.20.0 /25

21 MOGuest1 10.10.21.64 /26

22 MOData1 10.10.22.128 /26

23 MOVoice1 10.10.23.192 /26

105 HQServicePort 10.10.105.0 /24

110 HQAAP 10.10.110.0 /24

111 HQWLC1 10.10.111.0 /24

112 HQWLC2 10.10.112.0 /24

113 HQLAP1 10.10.113.0 /24

114 HQLAP2 10.10.114.0 /24

120 MOWLC1 10.10.120.128 /26

121 MOLAP1 10.10.121.192 /26

999 VLAN999 n/a n/a

Licen

sed e

xclus

ively

to Pe

ter S

altare

lli

salta

rellip

eter33

@yah

oo.co

m



Table 2: Device IP Addresses

Device Port Connected Device

Connected Port

IP Address

CAT1 NA NA 10.10.10.2

CAT2 NA NA 10.10.10.3

CAT3 NA NA 10.10.10.4

CAT4 NA NA 10.10.20.1

ACS NIC1 CAT2 Fa0/11 10.10.210.5

WCS NIC1 CAT2 Fa0/11 10.10.210.6

CME Fa0/0 CAT1 Fa0/4 10.10.210.20

10.10.205.20 (Loop)

MSE Eth0 CAT2 Fa0/11 10.10.210.10

WLC1 Po1 CAT2 Gi0/1 10.10.111.10

WLC2 Po1 CAT3 Gi0/1 10.10.112.10

WLC3 Po1 CAT4 Fa0/1 10.10.120.140

WLC4 Po1 CAT2 Fa0/15 10.10.112.20

AAP1 Gi0 CAT1 Fa0/2 10.10.110.100

AAP2 Fa0 CAT3 Fa0/2 10.10.110.101

LAP1 Gi0 CAT1 Fa0/1 10.10.113.x

LAP2 Fa0 CAT2 Fa0/2 10.10.114.x

LAP3 Gi0 CAT3 Fa0/3 10.10.114.x

LAP4 Gi0 CAT4 Fa0/4 10.10.121.x

LAP5 Fa0 CAT4 Fa0/5 10.10.121.x

Licen

sed e

xclus

ively

to Pe

ter S

altare

lli

salta

rellip

eter33

@yah

oo.co

m



Lab 1: 8 hour CCIE Wireless v2 Mock LAB


L2 switching in HQ: To prepare your network we need to take extra care that the network is properly set up. All future configurations with wireless components will rely on the network to work. Please bear in mind that most wireless issues are related to the network. The Proctor Labs lab environment will have some preconfigured equipment. It is up to you to change configuration according to the requirements in this lab.

Cat1 will handle all VLANs and distribute them to Cat2. Cat3 will also get all VLAN changes from Cat1

o Use Md5 encryption to protect the VLAN database on your 3 switches. o Use ipexpert123 as the MD5 secret

Cat1 should be the root for odd numbered VLANs in the HQ Cat2 should be the root for the even numbered VLANs in the HQ Do not configure Cat3 for the last question above.

o From Cat3, Show commands should give the correct outcome to see where the Root bridges are. Cat1 should be seen as root for odd numbered VLANs and Cat2 for even numbered VLANs

Configure the 2 links between Cat1 and Cat2 to appear as one STP instance. o Use a method that is Cisco proprietary negotiation method.

L3 routing

Site HQ: Cat1 SVIs always have the last IP usable address from each VLAN network. Cat2 SVIs always have next IP address below in each VLAN network. VLAN 10 should be .2 on Cat1 and .3 on Cat2. Cat3 only needs SVI Interface and IP address in VLAN10 (HQSwitchMgmt). For Cat3 VLAN10 SVI, Use IP address 10.10.10.4/24. VLAN 5 is preconfigured dont change that as that will ruin management access to your servers.

Create the SVIs on your appropriate HQ switches and ensure you have

connectivity between all L3 interfaces. Refer to table 1 for the VLAN IDs. HQ, MO have different VTP domains as can be seen in table 1.

Create a Loopback99 interface on your Cat1 with IP 10.99.99.99/32

Licen

sed e

xclus

ively

to Pe

ter S

altare

lli

salta

rellip

eter33

@yah

oo.co

m



o Use a Cisco proprietary routing protocol to advertise Loopback99 to Cat2. o Only advertise loopback99 in your configuration. o Dont summarize the classful networks in your routing domain.

VLAN 12 should be redundant for Cat1 and Cat2 o On Cat1 and Cat2, Use a Cisco proprietary method to create a redundant

SVI for VLAN 12. o The VLAN 12 virtual IP should be the next available IP address below

Cat1 and Cat2. o Cat1 should always be the primary router for VLAN 12 and in case of

failure it should revert back when things go back to normal. Create a DHCP pool for VLAN 12. The pool starts from .65 and ends with .125.

Configure redundant DHCP pool between Cat1 and Cat2.

MO routing and switching

Create VLANS and SVIs for Cat4 according to table 1. Cat4 should not exchange VLAN configuration with other switches. Cat4 should participate in routing updates and exchange routing tables with HQ.

Only advertise the needed networks over the routing protocol. Cat4 SVIs always use the first IP address per SVI. Dont summarize the classful networks as before.

QOS

On all routers and switches, trust layer2 and layer3 QOS markings where appropriate.

Tune your COS to DSCP mapping (and vice versa) as Cisco best practices recommend

o VoIP SCCP AVVID gets value of 24 (CS3) instead of the default 26 (AF31) VoIP RTP stream gets value of 46 (EF) instead of the default 40.

The traffic from MO should have a policy that marks skinny traffic and RTP VOIP traffic.

o Skinny is TCP port 2000 o RTP traffic is UDP port range 16384 to 32767. o It is uncertain that the ISP is marking the packets correctly over the WAN.

Ensure the correct marking is maintained.

Licen

sed e

xclus

ively

to Pe

ter S

altare

lli

salta

rellip

eter33

@yah

oo.co

m




NTP

Use NTP server on WCS to synch time for all your wireless network devices including the WLCs. WCS is 10.10.210.6

Controllers should synch time every 2 hours. Cat1 should be the NTP master for all switches. Use password "ipexpert" for

NTP authentication. Use UTC time zone 0. Cat1 should answer NTP requests only on VLAN 10 and only allow switches in

your network to synch time with Cat1. Cat2 uses VLAN 5 IP, Cat4 uses VLAN 20 IP and Cat3 uses VLAN10 IP address for NTP communications.

Dont forget the autonomous APs!

AP management

HQ

LAP2 (f0/2 on Cat2) and LAP3 (F0/3 on Cat3) should discover WLC2 and WLC4 with DHCP (dont use DNS).

o Future APs will use the DHCP information to load balance new APs between the WLC2 and WLC4. Name the APs from their default name to the name in table 1. Subnets for those APs are listed in table 2. Configure your network accordingly

o Use your Microsoft DHCP server to accomplish this. o Exclude the range from 1 to 20 and 200 to 254. o Microsoft DHCP server is 10.10.210.6

Make sure that WLC2 will be primary and WLC4 secondary Controllers for LAP2 and LAP3. Mobility group should be named HQ.

LAP4 and LAP5 should join WLC4 with DNS lookup configured on Microsoft DNS. Set those APs on VLAN 121 on Cat4.

Switching security

All LAP AP Ports should go to STP Forwarding mode immediately In MO, all switch ports with access points should block traffic if BPDUs are

advertised over the port.

Licen

sed e

xclus

ively

to Pe

ter S

altare

lli

salta

rellip

eter33

@yah

oo.co

m



In HQ, all switch ports with access points should get disabled if BPDUs are advertised over the port.


Autonomous Setup

An aluminum company has mobile cranes in their manufacturing area. Those cranes will have industrial computers on board with Ethernet ports (no wireless). You need to use AAP2 to connect the industrial computer to the wireless network

Make a Layer 2 only VLAN 999 on AAP2 connected switch to avoid loops in your network.

AAP2 will connect to AAP1 with 802.1x security. SSID is crane-xx Username is crane and password is aluminum.

o AAP1 will authenticate the crane user. And the industrial PC should be on VLAN 17. As the industrial PC is not ready yet. Configure DHCP on AAP2 to see DHCP work. Configure DHCP on Cat1 for VLAN 17. Exclude the first 9 addresses.

o Use the most secure EAP option that is Cisco proprietary The Crane is mobile. Ensure that it only scans non-overlapping channels in your

2.4 GHz frequency. So it uses the least time to scan channels when moving around.

Ensure that the association reliable. So the AP disassociates clients only after 127 packets are lost.

4.0 Configure and Troubleshoot Unified deployment model

WLC management

WLC1 has its Service Port connected to Cat1.

Connect the SP on VLAN 5. Use DHCP from Cat2 for the SP. The SP port should always get the 10.10.210.50 address. This should only work for WLC1 SP interface. Default gateway advertised by the DHCP scope should be VLAN 5 SVI on Cat1.

Licen

sed e

xclus

ively

to Pe

ter S

altare

lli

salta

rellip

eter33

@yah

oo.co

m



It is required that users from Cat4 MOData1 can reach this SP and manage it.

Pinging that address from the MOData1 VLAN should work. Remove this configuration after you have made it work. Why?

On WLC1 guests should see the name guests.proctorlabs.com in their web browser URL when doing guest authentication. This name should resolve on your DNS server (Microsoft server 10.10.210.6) to WLC1 virtual IP address.

All WLCs should have IP management Interfaces according to table 2 Verify it is all correct.

Configure appropriate VLAN interfaces per WLC according to table 3.

Table 3: WLC VLANs and SSIDs

Device Interface WLC IP Address Default gateway WLAN

WLC1 Vlan 11 10.10.11.252/24 10.10.11.254 HQ-guests-XX

WLC2 Management

WLC1 Anchor NA HQ-guests-XX

WLC2 Vlan 13 10.10.13.50/54 10.10.13.254 Client-Vlan-XX

WLC2 Vlan 15 10.10.15.50/24 10.10.15.254 voip-5ghz-XX

WLC3 Vlan 22 10.10.22.130/26 10.10.22.129 MOData1-XX

WLC4 Management

WLC1 Anchor NA HQ-guests-XX

WLC4 Vlan 13 10.10.13.51/24 10.10.13.254 Client-Vlan-XX

WLC4 Vlan 15 10.10.15.51/24 10.10.15.254 voip-5ghz-XX

VLANs on Switches should already be done and working in the first part of this lab.

The CLI prompt should represent each WLC. For example WLC1 Set up etherchannel for both interfaces on WLC2. Ensure that APs are load

balanced across the WLC2 ports according to best practices. QOS needs to be tagged using 802.1p on the management VLAN of all WLCs Only needed VLANs should traverse over to each WLC in the network.

Licen

sed e

xclus

ively

to Pe

ter S

altare

lli

salta

rellip

eter33

@yah

oo.co

m



AP Priming

LAP2 and LAP3 should have redundant WLCs for WLC2 and WLC4. Ensure that LAP2 will be given priority over other devices when requesting PoE.

Guests

Configure Client-Vlan11 on port 1 on WLC1. o Use .252 for the WLC IP address. See table 3.

Configure WLC1 port 2 to be the primary management port connected to Cat1. And port 1 connected to Cat2 to be redundant for the WLC1 operation.

Configure port 1 so no other VLANs are allowed except guests and for redundancy purposes (above)

Guests should be able to ping and telnet to the .254 SVI on Cat2 and nothing else. This restriction should not be applied to the WLAN. DNS and DHCP should also work for the clients.

Configure the WLC1 to restrict the above mentioned access. DNS server IP is 10.10.210.6

Create the WLAN HQ-guests-xx on all HQ WLCs. HQ WLCs should transport all guest access traffic to WLC1 Vlan 11 and they should traverse out of Port1 on WLC1.

o Use SSID HQ-guests-XX o No encryption o Web-splash page will authenticate guest users locally on WLC1 o The guest SSID has to work on all APs in the HQ

Guests use DHCP on WLC1. Issue 15 address pool starting from 10.10.13.15 Create a lobby admin account on WLC1 and with this account, create a guest

user that lasts for 4 hours. Lobby account User is lobby password Lobby123. Guest user is guest4 password ipexpert123

Test the connection from the Win7 client and test the telnet and ping connectivity. The laptop is reachable from the WCS server using VNC to 10.10.210.4 password IPexpert123

Mobility

HQ users should be able to roam seamlessly between WLC2 and WLC4. This is not needed for WLC3 in MO.

o Use the mobility name HQ when accomplishing this. All HQ WLCs should check their mobility members every 15 seconds.

Licen

sed e

xclus

ively

to Pe

ter S

altare

lli

salta

rellip

eter33

@yah

oo.co

m



Interference and radio settings

On your 802.11g network, the 2.4 GHz channel 11 near LAP1 is unusable because of foreign interference. Join your LAP1 AP manually to WLC4 without DHCP, DNS information passed to the AP. LAP1 should belong to VLAN113.

Make sure that your LAP1 uses the lowest 2,4Ghz frequency channel in the future.

On all your controllers change the utilization trap to trigger at 87% in your 5 GHz radio only.

AP registration security and local radius

MO should only allow LAP4 and LAP5 to join WLC3

Ensure that only those APs can join WLC3 and no other APs Configure local radius on WLC3 for WLAN MOData1 VLAN for SSID is

MOData1-XX in table 3. WLC VLAN 22 IP is 10.10.22.130/26 Use PEAP mschapv2 authentication. username localpeap password localradius.

Security is WPA1 with software encryption: Configure DHCP on WLC3 for these SSID clients. Give out 131 and 132

addresses of the scope. Test connectivity with AnyConnect on your test PC

Client connection testing

Your AnyConnect client needs to connect to the Client-Vlan13-XX WLAN in HQ. Configure your network to meet the requirements below:

SSID Client-Vlan13-XX o This SSID should exist on WLC2 and WLC4. Clients should terminate at

Vlan13. Table 3 shows what IP goes on the Controllers VLAN13 Use ACS and EAP-FAST authentication. The RADIUS preshared key is

ipexpert123. First SSH from the windows machine with admin and IPexpert123 then configure a user acsadmin password IPexpert123.

o Set youre your ACS to use NTP at IP 10.10.210.6 o Use client username tarzan with password jane o Allow OFDM only for this SSID. o Advertise 802.11i in your beacons but also enable for software encryption

to work over 802.11i for older clients. o DHCP should be set up on Cat1

Licen

sed e

xclus

ively

to Pe

ter S

altare

lli

salta

rellip

eter33

@yah

oo.co

m



o On LAP2 this SSID should bypass the controller for data traffic and go to VLAN 12. Dont use AP-groups to make this work.

o Configure the switch connected to LAP2 to support this scenario. LAP2 should use its current VLAN for management. DHCP for VLAN 12 is on Cat1.

Test this configuration and see the IP address change on your AnyConnect client.

Rouge detection

Your WLC3 should detect rouge access points.

It needs to see if Open access points (no security) are on your wired network. o We need to detect rogue APs ASAP. Also Greenfield mode APs. o Make sure that one of your APs connected to WLC3 accomplishes the

above

Man-in-the-middle

Your CEO was reading an article about man in the middle attacks and is worried that your HQ Wireless system is vulnerable.

Configure all LAPs in your HQ network to validate RF information in order to protect the integrity of your LAP APs.

5.0 Configure and Troubleshoot WCS

WCS Management

Manage all WLCs with WCS using the most secure method o Username wcs password ipexpert.123-ipexpert.123 o Allow only this method to be used on the WLCs

Licen

sed e

xclus

ively

to Pe

ter S

altare

lli

salta

rellip

eter33

@yah

oo.co

m



Maps

Put LAP2 LAP3 on floor 1 map on your WCS. Position the APs for best coverage.

See how AIR-ANT2450S-R antennas will perform on LAP2 2.4 GHz Radio. The antenna has also to face 25 towards the floor. Let the direction of the antenna point down the map (90) Controllers shouldnt send information to WCS when the APs change its power levels.

.

6.0 Configure and Troubleshoot WLAN Services

Wireless Voice

On WLC2 and WLC4 in HQ:

Deploy a SSID called voip-5ghz-XX This will be VLAN 15. WLC IP information in table 3. DHCP is on Cat1 and should give out callmanager option about the CME router 10.10.210.20

Allow only 5 GHz connections on this SSID. o Use 802.11i encryption and ensure that Cisco 7925 phones can roam

seamlessly o Phone uses EAP-FAST authentication. On your ACS configure the user

phone with password of ipexpert. o Test it from your AnyConnect.

Make sure your phones have enough time to authenticate on the ACS so they dont accidentally time-out while retrieving the PACs. Allow at least 20 seconds to pass before giving up.

Only support 802.11e on this SSID and 7925 phones should get Platinum QoS

treatment. The 802.11e clients with this SSID will get mapped with 802.1p value of 5 when they hit the wired network.

Support 27 voice streams. Only configure the data-rates necessary. Deployment Guide specifies the following data rates

o 802.11b - Basic = 11, Optional = None o 802.11g - Basic = 12, Optional = 18,24 o 802.11a - Basic = 12, Optional = 18,24 o 802.11b/g - Basic = 11, Optional = 12,18,24

The Cisco AP's support up to 27 calls, so there is no need for any speeds greater than 24Mbps.

Licen

sed e

xclus

ively

to Pe

ter S

altare

lli

salta

rellip

eter33

@yah

oo.co

m



o 13 Streams = 6Mbps o 20 Streams = 12Mbps o 27 Streams = 24Mbps

User your AnyConnect client to test the connectivity. You should be able to ping the CME router from the desktop after connecting. It should work from the AnyConnect client on the PC.

You are at the end of this marathon it is a bit long and some longer than the actual lab. Especially chapter 4, but the wording can slow you down as it might do on the actual lab. So I hope this was a good exercise. Do this lab many, many times to practice speed and work on things you want to study in the meantime

Technical Verification and Support

To verify your configurations please review the Volume 1 Detailed Solutions Guide that you received along with this Workbook. You can also find this document in the eBook section of your www.IPexpert.com account.

Support is also available in the following ways:

IPexpert Support: www.OnlineStudyList.com IPexpert Blog: blog.ipexpert.com Proctor Labs Hardware Support: [email protected]

Licen

sed e

xclus

ively

to Pe

ter S

altare

lli

salta

rellip

eter33

@yah

oo.co

m



Lab 2: CCIE Wireless version 2 8 hour training Lab

1. Configure and troubleshoot wired infrastructure to support WLAN's

2. Configure and Troubleshoot Infrastructure Application Services

3. Configure and Troubleshoot Autonomous deployment model

4. Configure and Troubleshoot Unified deployment model

5. Configure and Troubleshoot WCS 6. Configure and Troubleshoot WLAN Services

Lab Overview

This lab will test your knowledge on several items of CCIE Wireless blueprint version 2. The wording in the LAB questions might seem extra hard because they are meant to prepare the candidate to read in between the lines. The network and WLCs are partly pre-configured in order to save time but some of the configurations have to be altered to meet the exam requirements.

The fact that WLCs are pre-configured doesnt mean that there are no tasks where you have to rectify wrong pre)configs or make some small changes, both on the WLCs and the network. Those are all part of solving this lab. Throughout this lab you may expect to rectify basic IP connectivity issues on more than one occasion. This is meant to prepare the candidate not to take anything for granted and stay focused while the lab tries to confuse you.

This lab will use ALL equipment in the LAB 2: topology. Refer to the names of the equipments on that topology.

When configuring WLANs/SSIDs, the lab refers to SSID-XX, replace XX with your pod number where POD01 is for example SSID-01


Licen

sed e

xclus

ively

to Pe

ter S

altare

lli

salta

rellip

eter33

@yah

oo.co

m



Unless otherwise indicated, use admin for usernames and IPexpert123 for password

It is strongly advised to read the whole lab over before you start configuring. And in each section read it briefly over to refresh. In some sections some later tasks would better be done first.

Estimated time to complete: 8 hours

Licen

sed e

xclus

ively

to Pe

ter S

altare

lli

salta

rellip

eter33

@yah

oo.co

m




Licen

sed e

xclus

ively

to Pe

ter S

altare

lli

salta

rellip

eter33

@yah

oo.co

m



Lab 2: Pre-Lab Setup Physically connect and configure your network according to Diagram 1.

The switches are pre-configured with some VLANs and IP addresses.

Lab 2: Prerequisites: This lab will focus on the network infrastructure. You will need to pre-

configure the network with the base configuration files.

If using your own hardware:

o Login to IPexpert.com, navigate to the eBooks/Downloads area, download IPexpert Wireless Volume 2 Configs, find the Lab 2 INITIAL Configs, and copy and paste the proper switch files to the proper devices.

If you are using Proctor Labs:

o Log on to your Wireless vRack Web UI and navigate to near the top of the web page, click the Load Lab button and choose: IPexpert WIFI Volume 2 Workbook Lab 2 INITIAL

Licen

sed e

xclus

ively

to Pe

ter S

altare

lli

salta

rellip

eter33

@yah

oo.co

m



Lab 2: Tables Table 1: VLAN and Subnet Table

VLAN VLAN Name Subnet Netmask 5 Servers 10.10.210.0 /24

10 HQSwitchMgmt 10.10.10.0 /24

11 HQGuest1 10.10.11.0 /24

12 HQData1 10.10.12.0 /25

13 HQData2 10.10.13.0 /25

14 HQData3 10.10.14.0 /25

15 HQVoice1 10.10.15.0 /24

16 HQVoice2 10.10.16.0 /24

17 HQData4 10.10.17.0 /24

18 HQWiredGuests

20 MOSwitchMgmt 10.10.20.0 /25

21 MOGuest1 10.10.21.64 /26

22 MOData1 10.10.22.128 /26

23 MOVoice1 10.10.23.192 /26

32 HQData1-2 10.10.12.128 /25

33 HQData2-2 10.10.13.128 /25

34 HQData3-2 10.10.14.128 /25

105 HQService 10.10.105.0 /24

110 HQAAPMgmt 10.10.110.0 /24

111 HQLWAP1 10.10.111.0 /24

112 HQLWAP2 10.10.112.0 /24

113 HQLWAP3 10.10.113.0 /24

114 HQLWAP4 10.10.114.0 /24

120 MOAPMgmt 10.10.120.128 /26

121 MOLWAP1 10.10.121.192 /26

999 VLAN999

Licen

sed e

xclus

ively

to Pe

ter S

altare

lli

salta

rellip

eter33

@yah

oo.co

m



Table 2: Device IP Addresses

Device Port Connected Device

Connected Port

IP Address

CAT1 NA NA 10.10.10.2

CAT2 NA NA 10.10.10.3

CAT3 NA NA 10.10.10.4

CAT4 NA NA 10.10.20.1

ACS NIC1 CAT2 Fa0/11 10.10.210.5

WCS NIC1 CAT2 Fa0/11 10.10.210.6

CME Fa0/0 CAT1 Fa0/4 10.10.210.20

10.10.205.20 (Loop)

MSE Eth0 CAT2 Fa0/11 10.10.210.10

WLC1 Po1 CAT2 Gi0/1 10.10.111.10

WLC2 Po1 CAT3 Gi0/1 10.10.112.10

WLC3 Po1 CAT4 Fa0/1 10.10.120.140

WLC4 Po1 CAT2 Fa0/15 10.10.112.20

AAP1 Gi0 CAT1 Fa0/2 10.10.110.100

AAP2 Fa0 CAT3 Fa0/2 10.10.110.101

LAP1 Gi0 CAT1 Fa0/1 10.10.113.x

LAP2 Fa0 CAT2 Fa0/2 10.10.114.x

LAP3 Gi0 CAT3 Fa0/3 10.10.114.x

LAP4 Gi0 CAT4 Fa0/4 10.10.121.x

LAP5 Fa0 CAT4 Fa0/5 10.10.121.x

Licen

sed e

xclus

ively

to Pe

ter S

altare

lli

salta

rellip

eter33

@yah

oo.co

m



Lab 2: 8 Hour CCIE Wireless v2 Mock Lab

Task 1: Configure and troubleshoot wired infrastructure to support WLANs

1.1 Basic network details To reach any internet (i.e. behind WAN / non-local) resource, switches from the

headquarters should use Cat2 as gateway since Cat2 has the right static route towards outside.

When you need to create an interface on a WLC, use the last digit of the management interface to determine the last digit of your dynamic interface. For example, a WLC with a management ip on 10.10.110.10 will have all its dynamic interfaces ending by .10

Connectivity between all Cat switches should be fine. Cat4 default gateway should not be mentioned with an IP address but with an outgoing interface on Cat4.

The 3 client VLANs are split in 2 between Cat1 and Cat2. Make sure that the Catalysts do not operate on those VLANs as load-balanced gateway and configure OSPF routing to make sure every switch is aware of those subnets. OSPF should use a loopback interface to identify itself to other routers and Cat1 should be the designated router. OSPF updates should only be sent through VLAN 10 when possible.

Make sure that only the necessary VLANs are allowed on each trunk ports.

1.2 QoS Make sure that every port has the right QoS configuration. We want to trust layer

3 tagging of traffic on all ports susceptible to transport voice traffic. The traffic from the headquarters should preserve its QoS tagging across the

WAN link to the remote office. It seems the ISP doesnt preserve this tagging so make sure that the traffic is re-tagged accordingly after crossing the WAN. Skinny uses TCP port 2000 and RTP uses UDP port range 16384 to 32767. Make sure that you are as precise as possible and do not tag traffic that would not be voice traffic.

Licen

sed e

xclus

ively

to Pe

ter S

altare

lli

salta

rellip

eter33

@yah

oo.co

m



On Cat1, ports fa0/13 to fa0/20 included will be connected with desk IP phones with laptops behind them. Those are not plugged in yet, but you need to prepare the switch port configuration so that those ports use VLAN 23 for voice traffic and VLAN 13 for the laptops. We also want those ports to be up and forwarding as soon as something is plugged to them.

1.3 Layer 2 configuration We want Cat1 to always be the root for all VLANs for spanning-tree purposes. In

case of failure, Cat2 has to be the one taking over the root role in case of Cat1 failure.

We want Cat3 to never be root. Moreover, we want Cat3 to switch its links towards Cat2 in less than a second in case of failure of Cat1.

1.4 Time synchronization Make sure the two IOS access points synchronize their time with the WCS

server. Cat1 should get his synchronization from the WCS server but the other

switches should get their synchronization from Cat1. They should do so using IPexpert123 as authentication key.

On the WLCs, make sure they synchronize their time with the WCS and the synchronization should happen every 2 hours. Also make sure that the WLCs know they are in Pacific US time zone.

1.5 MSE Make sure that MSE stays in time synchronization with the WCS. Also

make sure that MSE will use admin/IPexpert123!! as credentials for WCS to connect to it

L

icens

ed ex

clusiv

ely to

Peter

Salt

arelli

salta

rellip

eter33

@yah

oo.co

m



Task 2: Configure and troubleshoot wired infrastructure to support WLANs

2.1 Lightweight APs discovery LAP 2 and 3 must use the WCS server as DHCP server. That scope

should give an IP with the last digit between 100 and 200 to the APs. They should learn WLC 2 IP address through DNS discovery. Once joined, they should learn the IP address of WLC4 as well.

LAP 1 should use WCS server as DHCP server, but should discover WLC 4 through a DHCP option. That scope should give an IP with the last digit between 100 and 200 to the AP

LAP 4 and 5 need to learn through DHCP the IP addresses of controllers WLC 3 and 1. Cat4 should be the DHCP server for those access points.

LAP 4 and 5 should have WLC3 as primary controller and WLC1 as secondary in case of failure of the remote office WLC.

2.2 Lightweight APs settings Make sure that it is possible to connect via console to all access points

with the username admin and password IPexpert123 Make sure that the APs know which are their preferred WLCs. Use the

table below: Primary WLC Secondary WLC Tertiary WLC

LAP1 WLC4 WLC2

LAP2 WLC2 WLC4

LAP3 WLC2 WLC4

LAP4 WLC3 WLC1

LAP5 WLC3 WLC1

Make sure that LAP1, 2 and 3 will never associate to WLC1 or WLC3.

Licen

sed e

xclus

ively

to Pe

ter S

altare

lli

salta

rellip

eter33

@yah

oo.co

m



2.3 Syslog Configure the autonomous access point AAP1 so that it logs the

messages usually appearing on console towards the WCS where a syslog server is installed. The AP should use the facility local2.

Configure the controllers and all lightweight access points to log as well towards the WCS syslog. Controllers should use facility local3 and APs local4. They should all log up to warning level of logs.

Task 3: Configure and troubleshoot Autonomous deployment model

3.1 AP logging When we consult the Autonomous AP logs through show log, we noticed

it doesnt go back as much as we want to. Double the retaining capacity of the logs messages shown through show log.

3.2 SSID configuration Configure a bridge SSID called Bridge1 between AAP1 and AAP2. Make

sure they use WPA2-aes to connect to each other. AAP2 should authenticate itself as admin/IPexpert123 with EAP-FAST and AAP1 should be the radius server for this purpose. On top of the VLAN of the SSID, the bridge link should carry VLANs 11, 12 and 13. The SSID name should be visible in beacons.

3.3 Additional settings Make sure that AAP2 will only try to connect to AAP1. Make sure that

AAP1 will only accept connections from AAP2. Make sure that the access points retry packets 16 times after giving up but when they give up, they should not cause the link to go down.

Configure the access points so that they use WMM, that they use the 802.11e QBSS and that they do the proper mapping between 802.1p CoS and 802.11e UP (where the voice tag is not the same number in the 2 standards).

Licen

sed e

xclus

ively

to Pe

ter S

altare

lli

salta

rellip

eter33

@yah

oo.co

m



Task 4: Configure and Troubleshoot Unified Deployment model

4.1 Configuring MO Office WLC3 is the remote office controller. WLC1 sits in the headquarters but is

a dedicated controller serving as fallback for WLC3. The clients will be placed in VLANs 21, 22 and 23 respectively for guests, data and voice clients. You have to make sure that traffic never gets released on the headquarters side.

We need to make sure that the clients will be placed in that VLAN even if the access points move to WLC1 because WLC3 went down.

The SSID MOGuest will have a pre-shared key IPexpert123 using standards with the best RC4-based encryption as well as a web authentication portal hosted on the controller itself.

The SSID MOData will use the best encryption standard available and will authenticate users against ACS.

The SSID MOVoice will use a Cisco-proprietary fast roaming mechanism and the best encryption/authentication standard among those that have no fast-roaming mechanism on their own. The Cisco proprietary fast roaming mechanism should not be mandatory to use the SSID.

4.2 Configuring Headquarter Office WLC 2 and 4 should be configured with the same WLANs. HQData SSID should use enterprise-class authentication with 802.11i

encryption. It should not forward traffic into any valid subnet until the user authenticates at which point it will select the VLAN depending on the user group. User admin belongs to user group department1; user john belongs to department2 and user lisa to department3. Users from group department1 should be granted access to VLAN 12 or 32 depending where they connect from (Users connecting through WLC2 should use lower numbered VLANs and users connecting through WLC4 should use higher numbered VLANs). Users from group department2 should be given access to VLAN 13 or 33 depending on the same conditions and users from group department3 to VLAN 14 or 34. Users should have their identity re-verified every 60 minutes and they should not be able to use a static IP address. Since we know that old clients will use this SSID, the WLC should not pay attention and take actions if clients refuse to roam and stay connected at very bad signal strength. Clients of this SSID should not be able to exchange files between themselves directly.

HQVoice SSID should use a shared-key authentication with RSN encryption. It should balance the clients between VLAN 15 and 16.

Licen

sed e

xclus

ively

to Pe

ter S

altare

lli

salta

rellip

eter33

@yah

oo.co

m



HQGuest SSID should have no layer 2 security, a web authentication portal and place clients in vlan11.

4.3 Configuring Guest solution We need clients connected to a switchport that sits on VLAN 18 to be

intercepted and presented the web authentication login page that is configured internally on WLC1. This VLAN should not be allowed in the Core switches Cat1 and Cat2 and should stay at the access layer. They should get an IP address in the subnet 10.10.11.x. Configure port fa0/12 on Cat3 for such guest usage. Cat2 should be the DHCP server for VLAN 11

Task 5: Configure and Troubleshoot WCS

5.1 Adding WLCs Add all WLCs to WCS. They should be managed with snmpv3 and should refuse any version 2

connection attempt. They should be free of any community configuration and be configured

with v3 username and password admin/IPexpert12345 and the strongest encryption mechanism

5.2 Adding Mobility Services Create a building with one floor and create a map for that floor. The

environment is a warehouse with the ceiling at 20 feet high and APs placed at 12 feet high. Place the APs in every corner of the map. You can find the floor image in the WCS c:\FTP\ folder.

Add MSE to WCS with both location and intrusion detection service activated. Synchronize it with the map and controllers.

5.3 Configuring WCS Make sure that rogue APs can be seen on the map. Select a rogue on the map and make sure that no alerts will be sent about

that rogue again and that it will not be contained by your access points.

Licen

sed e

xclus

ively

to Pe

ter S

altare

lli

salta

rellip

eter33

@yah

oo.co

m



Task 6: Configure and troubleshoot WLAN services

6.1 Radio management WLC1 and 3 are the only WLC susceptible to manage Medium Office

access points while WLC 2 and 4 are the only ones to manage Headquarters access points. Make sure that WLC 2 and 4 talk to each other (but not to 1 and 3) to elect RF-leader and make RF decisions while WLC1 and 3 talk to each other but not to 2 and 4 for those decisions.

All WLCs should: o Support all data rates above 11Mbps (included) on 2.4 GHz.

11Mbps being the only mandatory rate. o The WLC will increase the power (if possible) on an AP if 5 clients

are detected to be sticking with low signal. o Never bring an AP transmission power lower than 1dbm o Support all data rates above 12Mbps (included) on 5 GHz. 12Mbps

being the only mandatory rate o Support beamforming on 11n-class access points when dealing

with 11a/g clients. o Lower the APs transmission power if several surrounding APs are

heard at -67 or louder. o Support phones and devices that make their transmit power

variable depending on AP power level o When selecting a channel for an AP, the WLC should take into

account the load of other Cisco APs as well as rogues in the deployment (for example 2 APs could be on the same channel next to each other if they have relatively low load).

o If CleanAir APs, thanks to their CleanAir chipset, detect a specific source of interference, this should count in the algorithm decision if its worth to change channel immediately.

6.2 Controller Security Make sure that only management subnets (VLANs 5, 111, 112, and 120

as well as the 10.10.0.0/24 subnet) can talk to WLC1. It should be inaccessible from any other subnet.

Licen

sed e

xclus

ively

to Pe

ter S

altare

lli

salta

rellip

eter33

@yah

oo.co

m



6.3 Voice settings Ensure that both voice SSIDs follow usual VoWlan recommendations like :

o It must support the phones sending tagged voice UP traffic. o They should allow phones to sleep and only wake up every 2

beacons for broadcast buffered traffic. o The APs should not do off-channel scanning (for RRM, rogue

scanning purposes etc ..) in the 200ms after they last received a voice-tagged frame (and only in this case)

o The AP should block phones to initiate a new call if there is not enough bandwidth available and should therefore reserve 10% of their bandwidth for roaming devices.

o For the medium access parameters, do not use the 802.11e parameters but optimize the channel access timers for Voice. Also limit the amount of wireless retries.

Technical Verification and Support

To verify your configurations please review the Volume 1 Detailed Solutions Guide that you received along with this Workbook. You can also find this document in the eBook section of your www.IPexpert.com account.

Support is also available in the following ways:

IPexpert Support: www.OnlineStudyList.com IPexpert Blog: blog.ipexpert.com Proctor Labs Hardware Support: [email protected]

Licen

sed e

xclus

ively

to Pe

ter S

altare

lli

salta

rellip

eter33

@yah

oo.co

m



Lab 3: CCIE wireless version 2 8 hour training Lab 3




4.0 Configure and Troubleshoot Unified deployment model

5.0 Configure and Troubleshoot WCS 6.0 Configure and Troubleshoot WLAN Services

Lab Overview

This lab will test your knowledge on several items of CCIE Wireless blueprint version 2. The wording in the LAB questions might seem tricky but they are supposed to prepare the candidate to read in between the lines. The network and WLCs are partly pre-configured but some of the configuration have to be altered to meet the exam requirements

The fact that WLC are pre-configured doesnt mean that there are no tasks where you have to rectify wrong pre-configs or make some changes. Both on the WLCs APs and the network. Those are all part of solving this lab. Throughout this lab you may expect to rectify basic IP connectivity issues. In this lab and the real lab we cannot take anything for and stay focused.

This lab will use All equipment in the LAB 1: topology. Refer to the names of the equipment on that topology. Rectify names according to Table 2.

When configuring WLANs/ SSIDs. If the lab refers to SSID-XX replace XX with your pod number where POD01 is for example SSID-01

Unless otherwise indicated, use admin for usernames and IPexpert123 for passwords. When not specially mentioned use 2,4 GHz frequency.

It is strongly advised to read the whole LAB over before you start configuring. And read each section briefly over to refresh your memory. In some sections some later tasks would better be done first. Tip: WCS templates may seriously speed things up!


Licen

sed e

xclus

ively

to Pe

ter S

altare

lli

salta

rellip

eter33

@yah

oo.co

m




HeadquartersGi0/2

Fa0/20

Fa0/11

Fa0/24

Fa0/23

Fa0/1

Documents

Xxipexpert Peter Saltarelli Wireless Volume 2 Workbook Complete