Wireless networking spans two major syllabus categories, Network Fundamentals and Network Access. In order to maintain consistency, we’ve grouped all wireless topics together. This chapter will cover what you can consider to be the bread-and-butter work of any Cisco engineer. We have a dedicated Wireless Engineer certification course you might want to consider.
Please do visit the free support page at www.howtonetwork.com/ccnasimplified for the wireless exam and configuration videos.
Wireless Standards – LANs and Access Points
Cisco is a major player in the wireless networking market, so it was expected that an understanding of wireless networking would be a feature of the CCNA exam. The previous update removed it completely, probably due to the new CCNA Wireless exam that has been created.
Based on the interviews of Cisco customers, the consensus is that wireless is a subject that even CCNA engineers should understand. This makes sense because many corporate networks feature wireless networking to some degree, and the field is rapidly developing. For this reason, wireless networking is back in the exam, albeit in a stripped-down version. You will not be expected to have an in-depth understanding of protocols, security, and site surveys, but you will need to understand the impact of wireless devices as well as have a basic understanding of installation steps.
There are so many advantages to wireless networking that it is now integrated into almost every home and corporate network. Wireless removes the cost and the huge inconvenience of installing wiring; it also removes all the associated cable-related issues, including major network outages and downtime.
Wireless Overview
In addition to not requiring wires to connect hosts to the network, standard layer 2 protocols are also not required. These have been replaced with a different set of protocols, leaving the upper layers of the OSI/TCP model unaffected.
Access points (APs) are used as hub devices to transport the signal across the network. CSMA/CD has been replaced by Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA). Wireless LANs have unique Service Set IDs (SSIDs), which can be seen at home or a local coffee shop when you click “scan” on your mobile phone and are asked for the password to connect to a network. Figure 8.1 below shows a typical Cisco AP:
FIG 8.1 – Cisco 300 Series access point
Wireless Overview
Wireless network designers and engineers must fully understand the concept of Service Set Identifiers (SSIDs). This concept defines an identifier for the logical wireless LAN and is similar in some ways to the concept of Ethernet VLANs, which defines who can communicate in a LAN based on the broadcast domain. With WLANs, everyone is in the same collision and broadcast domains, so stations can receive everyone’s traffic. This situation generated the need for SSIDs that logically split WLANs. Two devices that are in different SSIDs will ignore each other’s traffic, but this does not affect the collision domain.
One of the major misconceptions about wireless area networking is that the SSIDs’ logical structures are similar to collision domains. This is not true because every device is in the same collision and broadcast domains with other devices in the same signal range. SSIDs simply cause the stations to ignore the frames received from different SSIDs.
When considering the SSID concept, its infrastructure can be built in two modes over three different categories, based on who participates in the WLAN. The three different categories are:
- Independent Basic Service Set (IBSS)
- Basic Service Set (BSS)
- Extended Service Set (ESS)
The IBSS is rarely used in modern networks; it uses the ad-hoc mode whereas the wireless network uses Wi-Fi capability without the use of any access points. An example of an ad-hoc network would be two workstations establishing a direct wireless connection without the use of an intermediary access point (the equivalent of directly connecting two workstations through an Ethernet crossover cable instead of using a switch). The BSS approach, also called wireless infrastructure mode, is much more common. It involves the use of access points that act as traffic hubs, as described earlier.
The ESS (also operating in infrastructure mode) involves the use of multiple access points that are servicing the same SSID. This allows individuals to cover a larger distance with their wireless devices in a transparent and seamless manner. These users can move from AP to AP, keeping the same SSIDs.
Wireless Standards
It is worth making a note of the various standards available for wireless networks. Bear in mind, though, as already stated, this is a rapidly developing technology, so do some further research before taking the exam.
802.11 wireless standards are all managed by the international IEEE LAN/MAN standards committee. There have been many updates to 802.11 over time, with one of the most recent larger updates made in 2007.
Most wireless products are branded with the Wi-Fi trademark logo (illustrated in Figure 8.2 below), which means that the device has gone through testing that verifies that it will work and interoperate properly with other wireless devices.
Figure 8.2 – Wi-Fi Trademark Logo
The original 802.11 standard was defined in 1997 by the IEEE, and it used two different types of radio frequency (RF) technologies operating in the 2.4 GHz range:
- FHSS (Frequency Hopping Spread Spectrum), which operates only at 1 or 2Mbps
- DSSS (Direct Sequence Spread Spectrum), which also operates at 1 or 2Mbps
Table 8-1: Wireless network standards
| Standard | Peak Download Mbps | Peak Uplink Mbps | Range |
| Wi-Fi: 802.11a | 54 | 54 | ~30m |
| Wi-Fi: 802.11b | 11 | 11 | ~30m |
| Wi-Fi: 802.11g | 54 | 54 | ~30m |
| Wi-Fi: 802.11n | 600 | 600 | ~50m |
| Wi-Fi: 802.11ac | 1,300 (1.3 gigabit) | 1,300 | ~50m |
Wireless in Action
Before they join the network, devices go through a wireless negotiation process with an AP called “association”. If successful, the AP will install the client’s MAC address. The steps for this process are outlined in Figure 8.3 below:
FIG 8.3 – The steps for association
WLAN Topologies
Once the association is complete, the AP’s main job is to bridge traffic, either wired to wireless or wireless to wireless. WLANs, like non-broadcast multi-access (NBMA) technologies, can be implemented and configured using many different topologies. In WLAN environments, APs can perform the following roles:
- Bridges
- Repeaters
- Mesh topologies
FIG 8.4 – WLAN bridge topology
An example of a WLAN bridge topology is shown above in Figure 8.4. Wireless bridges function in several ways:
- They accept traffic from traditional LANs and forward it to wireless clients. This is the process of translation between wired and wireless networks called multipoint bridging.
- They can work in point-to-point mode to connect two buildings (LANs).
- They can work in point-to-multipoint mode to connect multiple buildings.
Note: When using wireless bridging functionality in a point-to-point mode, the two buildings/areas must have line-of-sight connectivity.
FIG 8.5 – WLAN repeater topology
Access points can function as repeaters (see Figure 8.5 above), accepting a weak RF signal, strengthening (amplifying) it, and resending it. This operation is used to extend the range of wireless networks.
FIG 8.6 – WLAN mesh topology
The WLAN mesh topology (see Figure 8.6 above) is the most sophisticated and most used wireless topology. When used in this type of topology, the AP can function as a repeater or as a bridge, as needed, based on RFs. This technology allows designers to use wireless technologies to cover large geographical areas and ensures features such as:
- Fault tolerance
- Load distribution
- Transparent roaming
Mesh is the most fault-tolerant design, as it allows for load distribution and transparent roaming.
Cisco Unified Wireless Solution
According to Cisco:
“The Cisco Unified Wireless Network [CUWN] cost-effectively addresses the WLAN security, deployment, management, and control issues facing enterprises. This framework integrates and extends wired and wireless networks to deliver scalable, manageable, and secure WLANs with the lowest total cost of ownership. The Cisco Unified Wireless Network provides the same level of security, scalability, reliability, ease of deployment, and management for wireless LANs that organizations expect from their wired LANs.”
It would be worth your time to review the Cisco website for more information if you intend to become a consultant or network designer in the future.
At the core of the CUWN are Aironet access points, Wireless Control Systems (WCSs), Wireless LAN Controllers (WLCs), and other specialized devices and modules. A few of the main devices and features are listed in Figure 8.7 below:
FIG 8.7 – Main devices and features of the CUWN
- Wireless clients – This includes laptops, workstations, PDAs, IP phones, smartphones, tablets, and manufacturing devices that have embedded wireless technology.
- Access points – These provide access to the wireless network; they should be placed strategically in the correct locations to get the best performance and minimal interference.
- Network management – This is accomplished through the network WCS. This central management tool facilitates the design, control, and monitoring of wireless networks.
- Network unification – The wireless LAN system should be able to support wireless applications by offering unified security policies, QoS, IPS, and RF management. Cisco WLCs have this unified integration functionality in all of its major switching platforms and routing platforms.
- Network services – Wireless network services are also referred to as mobility services and include guest access, voice services, location services, and threat detection and mitigation.
One of the advantages of using the Cisco unified wireless solution is that as a centralized control architecture, it offers reduced TCO, improved visibility, dynamic RF management, enhanced WLAN security, enterprise mobility, and improved productivity and collaboration.
Standalone versus Lightweight Access Points
Access points come in two varieties, standalone and lightweight. Standalone is easy to install but not suitable for large networks. The CUWN introduced the concept of Lightweight Access Points (LWAPs) and WLCs. LWAPs and WLCs divide the responsibilities of a standalone AP, while adding scalability by separating WLAN data and control planes (see Figure 8.8 below). This technology adds scalability by separating the WLAN data plane from the control plane into a “split MAC” design. We cover planes of operation later.
FIG 8.8 – WLAN split MAC scalability
LWAPs focus solely on RF transmissions and real-time control operations, such as beaconing, probing, and buffering. WLCs manage any non-real-time task, for example:
- SSID management
- VLAN management
- Access point association
- Authentication
- Wireless QoS
Modern LWAPs are plug and play (PnP), which means that they can be directly connected to the network with no configuration. Management logic and functions are dictated by the WLC, which is a simplified process compared with autonomous APs. RF communication between LWAPs and WLCs is handled by the Lightweight Access Point Protocol (LWAPP).
Wireless LAN Controllers
Wireless LAN Controllers consist of the following:
- Wireless LAN – (i.e., the SSID name)
- Interfaces – logical interfaces that map to a network VLAN
- Distribution Port – physical connection to a switch, AP or router
You can see the physical view and the network icon, respectively, in Figures 8.9 and 8.10 below:
FIG 8.9 – Physical view of a WLC
FIG 8.10 – Network icon for a WLC
Wireless LAN Design Considerations
The CCNA Wireless and Cisco Design exams cover WLAN design considerations in great detail. When designing the wireless network, controller redundancy should be carefully analyzed. Radio channels require an RF site survey and management by certified wireless professionals. Note also the power supply locations and amount of output, the number of WLCs required, and the placement of WLCs (security/roaming).
Roaming
One of the main features of a WLAN solution is users’ ability to access network resources from different areas, including zones where it is difficult to install cables. Another reason for using WLANs is organizational policies that allow guest access only wirelessly. Sometimes a WLAN solution is built as a transition network until the complete wired network is implemented.
Considering the scenarios mentioned above, end-users will most likely move from one location to another. The solution to this issue is the roaming and mobility features that give users the ability to access the network from different locations. Roaming occurs when wireless clients change their association from one LWAP to another without losing connectivity. Network designers should carefully scale the wireless network to allow for the client roaming process. Wireless roaming can be divided into two categories:
- Intra-controller roaming
- Inter-controller roaming (layer 2 or layer 3)
FIG 8.11 – WLAN mobility
As illustrated in Figure 8.11 above, intra-controller roaming occurs when a client moves from one AP to another AP controlled by the same WLC. At that moment, the WLC will update the client database with the new association, but it will not change the client’s IP address. Inter-controller roaming can operate in either layer 2 or layer 3. In layer 2 inter-controller roaming, users move from AP to AP and from WLC to WLC while remaining in the same subnet. In layer 3 inter-controller roaming, users move from AP to AP, from WLC to WLC, and from subnet to subnet. This scenario makes it more difficult to implement inter-controller roaming, and WLCs must be configured with mobility groups to closely communicate and exchange information about the roaming user’s status.
A very important advantage of layer 3 inter-controller roaming is that users can maintain their original IP address. The two WLCs are connected through an IP connection, and the traffic is bridged to a different IP subnet. When clients associate with the new AP, the new WLC exchanges mobility information with the old WLC. The original client database is not moved to the new WLC. Instead, the old WLC will mark the clients in its database entry (anchor entry), and this entry will be copied to the new WLC database entry (foreign entry). Wireless clients keep their original IP address, which is re-authenticated as soon as a new security session is established.
WLCs are assigned to mobility groups to exchange mobility messages dynamically and tunnel data over the IP connection. Mobility groups use the following ports to exchange data:
- LWAPP control: UDP 12223
- LWAPP data: UDP 12222
- WLC exchange unencrypted messages: UDP 16666
- WLC exchange encrypted messages: UDP 16667
LWAPP
LWAPP allows the move of intelligence away from the access point and shares it with WLCs. WLCs handle wireless policies, control messaging setup, authentication, and wireless operations. WLCs can also be considered the bridge between wireless networks and wired networks. WLC devices can manage multiple access points, providing configuration information as well as firmware updates on an ad-hoc basis.
LWAPP is an IETF draft standard for wireless LAN control messaging between access points and the WLCs. It can operate at both Layer 2 and Layer 3, but the Layer 3 LWAPP is far more popular.
LWAPP Layer 2 functions include:
- 11 beacons and probe responses
- Packet control
- Packet acknowledgement and transmission
- Frame queuing and packet prioritization
- 11i MAC layer data encryption and decryption
WLC Layer 2 functions include:
- 11 MAC management
- 11e resource reservation
- 11e authentication and key management
Layer 3 LWAPP tunnels are used between access points and wireless LAN controllers to transmit control messages. It uses UDP port 12223 for control and UDP port 12222 for data messages. Cisco LWAPs can operate in six different modes:
- Local mode
- Remote Edge Access Point (REAP) mode
- Monitor mode
- Rogue Detector (RD) mode
- Sniffer mode
- Bridge mode
Local mode is the default mode of operation in LWAP. Every 180 seconds, the access points spend 60 ms on channels it does not operate on. During the 60 ms time period, the access points perform noise and interference measurements and scan for intrusion detection activity.
REAP mode allows the LWAP to reside across a LAN link and still be able to communicate with the WLC and provide the functionality of a regular LWAP. REAP mode is not supported on all LWAP models.
Monitor mode is a special feature that allows LWAPP-enabled access points to exclude themselves from dealing with data traffic between clients and the infrastructure. Instead, these APs act as dedicated sensors for location-based services, rogue access point detection, and intrusion detection systems. Access points in monitor mode cannot serve clients, and they continuously cycle through all available channels, listening on each channel for approximately 60 ms.
In RD mode, the LWAP monitors for rogue access points. The RD access point’s goal is to see all the VLANs in the network because rogue access points can be connected to any of these VLANs. The switch sends all the rogue access point client MAC address lists to the RD access point, which forwards these to the WLC to compare them with the MAC addresses of legitimate clients. If MAC addresses are matched, the controller knows that the rogue access point that deals with those clients is on the wired network.
Sniffer mode allows the LWAP to capture and forward all the packets on a particular channel to a remote machine that is running packet capturing and analysis software. These packets include timestamps, packet size, and signal strength information.
Bridge mode typically operates on outdoor access points that function in a mesh topology. This is a cost-effective high-bandwidth wireless bridging connectivity mechanism, and it includes Point-to-Point or Point-to-Multipoint bridging.
NOTE: In controller software release 5.2 or later, Cisco LAPs use the IETF standard Control and Provisioning of Wireless Access Points protocol (CAPWAP) in order to communicate between the controller and other LAPs on the network. Controller software releases prior to 5.2 use the LWAPP for these communications.
CAPWAP, which is based on LWAPP, is a standard, interoperable protocol that enables a controller to manage a collection of wireless APs. LAPs can discover and join a CAPWAP controller. The one exception is for Layer 2 deployments, which are not supported by CAPWAP. Additionally, CAPWAP and LWAPP controllers may be deployed in the same network. The CAPWAP-enabled software allows APs to join a controller that runs either CAPWAP or LWAPP.
When a LAP joins a controller, it downloads the controller software if the revisions on the LAP and the controller do not match. Following that, the LAP is completely under the control of the controller and is unable to function independently of the controller.
LWAPP secures the control communication between the LAP and the controller by means of a secure key distribution, which requires already provisioned X.509 digital certificates on both the LAP and the controller. Factory-installed certificates are referenced with the term ‘MIC,’ which is an acronym for Manufacturing Installed Certificate.
Wireless Link Aggregation
We cover link aggregation elsewhere in this book but the concept also applies to wireless networking. A link aggregation group (LAG) combines a number of distribution ports together to make a single high-bandwidth data path. An obvious benefit is traffic load sharing among the member ports in the group which improves reliability. Cisco WLC doesn’t send CDP advertisements on a LAG interface.
FIG 8.12 – LAG on a Cisco WLC (Image Copyright Cisco Systems)
Distribution system ports are physical ports on your WLC through which the controller can manage multiple access points. Ports on your WLC can be aggregated as a LAG, so traffic is load-balanced across the physical ports. If one port fails, the traffic is distributed evenly among the remaining ports.
There may be restrictions depending upon your WLC model and software. On the 5508 controller, for example, you can bundle all eight ports into a single link. You can’t configure the controller’s ports into separate LAG groups, only one group-per-controller is supported.
LAG isn’t supported on Cisco Packet Tracer but you can view the facility via Controller – General. You need to reboot the WLC after any configuration changes.
FIG 8.13 – LAG on the WLC GUI
WLAN Controllers
Wireless LAN Controllers have three major components:
- Wireless LANs
- Interfaces
- Ports
The wireless LAN is basically the SSID network name. Every wireless LAN is assigned to an interface in the WLC, and each wireless LAN is configured with policies for RF, QoS, and other wireless LAN attributes.
The WLC interfaces are logical connections that map to a VLAN on a wired network. Every interface is configured with a unique IP address, a default gateway, physical ports, VLAN tagging, and a DHCP server. WLCs support five interface types:
- The management interface – Used for in-band management, connectivity to an AAA server, or Layer 2 discovery and association
- An optional service port interface – Used for out-of-band management that is statically configured
- The AP manager interface – Used for Layer 3 discovery and association (the static WLC IP address will be configured on this interface)
- Dynamic interfaces – Basically the VLANs designated for wireless LAN client data
- Virtual interfaces – Used for Layer 3 security authentication, DHCP relay support, and management of mobility features
The port is a physical connection to a neighboring switch or router, and by default, each port is a .1Q trunk port. WLCs might have multiple ports that go into a single port-channel interface (link aggregation can be applied to these ports). Some WLCs also have a service port that is used for out-of-band management.
Access Point Placement
When planning to install a new AP, there are a number of things you should consider. You can’t just place an AP anywhere in the building and expect it to work optimally. The first thing you should think about is the location of the users the AP will serve within that building. Users need access to the wireless network when they are at their desks, but they might also need access to the Wi-Fi network when they are in conference rooms or other meeting areas. If that is the case, you should place the access points closer to those parts of the room or floor.
You should also think about the positioning of the inside walls in each particular area of the building. You should try to avoid having metal and concrete walls between access points and the users, as these materials often block or attenuate the wireless signal. You should also analyze and decide on the type of antennas you need to use in your wireless environment. In addition, make sure that you use an antenna that is strong enough and has a high enough gain to be able to get through the walls that may impede the signal from the AP from reaching the users.
You can also use multiple access points, depending on the number of users and how large the building is. The recommendation is to overlap the signal from the access points by a ratio of 20 to 25% so the users can move from one access point to another. You should also make sure that the frequencies used by the APs do not overlap because you don’t want one of the APs interfering with frequencies on another AP. Figure 8.14 below shows an example of channel overlapping when channels 1, 6, and 11 are used without any overlapping point between APs that use a particular channel number (minimizing interference):
Figure 8.14 – Overlapping AP channels
Proper site surveys should be done before installing the access points to ensure proper placement based on the signal distribution you will need. Vendors will often assist with this process or give expert advice.
Encryption Protocols and Wireless Security
Security is an essential aspect of wireless networks because such networks are a shared and open medium with no default protection, so everyone can access it. The solution to confidentiality issues is to encrypt the data that flows through a Wi-Fi environment so that only people who are authorized can transmit and receive data.
The original 802.11 standard was not built with great security features in mind. The first WLAN security mechanism was Wireless Equivalent Privacy (WEP), and it emerged with the 802.11b standard. WEP offers different levels of encryption, with keys of 64 or 128 bits in size. WEP is a faulty security mechanism, and it is vulnerable to several types of attacks because it is built on the RC4 protocol. A series of WEP vulnerabilities were made public in 2001, which makes this a less preferable encryption protocol. If an attacker gathers enough packets, he will easily discover the entire WEP key.
Wi-Fi Protected Access (WPA) became available in 2003 and was intended as an intermediate measure in anticipation of the availability of the more secure and complex WPA2. WPA uses dynamic key management, adds a stronger encryption cipher, and is built on the EAP/802.1X mechanism. It uses the Temporal Key Integrity Protocol (TKIP) and the initialization vector has been increased to 48 bits (more than 500 trillion key combinations). Some of the WPA characteristics include the following:
- It is used with RADIUS in the enterprise
- It uses an encrypted hash
- Every packet gets a unique encryption key
The recommended WLAN security protocol is WPA2, based on the 802.11i architecture. WPA2 can be integrated with the 802.1X architecture that can work on top of either an 802.3 (wired) or an 802.11 (wireless) environment. This allows individual users and devices to authenticate using the Extensible Authentication Protocol (EAP) and an authentication server (RADIUS or TACACS+). WPA2 and 802.11i also involve the Robust Security Network (RSN) concept that is used to keep track of the associations to the access points.
Some of the key differences between WPA and WPA2 include the following:
- RC4 encryption is replaced by AES
- TKIP is replaced by CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol)
For confidentiality, integrity, and origin authentication, you should go beyond the Data Encryption Standard (DES) algorithm and look at the Advanced Encryption Standard (AES) for strong encryption at the enterprise level (128 bit, 256 bit, or beyond).
WPA3 was announced early 2018. It is the third iteration of WPA and offers several enhancements to WPA3. In enterprise mode, an equivalent 192-bit cryptographic strength is optionally used as well as 256-bit Galois/Counter Mode Protocol (GCMP-256), 384-bit Hashed Message Authentication Mode (HMAC) and 256-bit Broadcast/Multicast Integrity Protocol (BIP-GMAC-256). It offers brute-force protection (even if your password is weak), secures the Internet of Things, and adds individualized data encryption.
WPA, WPA2, and WPA3 support 802.1x or enterprise authentication. We cover well known EAP methods later on.
You can research further into wireless authentication, meanwhile, here is a summary.
Table 8-2: Wireless network security
| WEP | WPA | WPA2 | WPA3 | |
| Encryption | RC4 Stream Cipher with 64-bit key | RC4 Stream Cipher with 64-bit TKIP key | CCMP based on AES | Elliptical Curve Cryptography (ECC) with 192-bit security suite |
| Integrity | CRC-32 error detection code | 64-bit Message Integrity Code | 64-bit Message Integrity Code | Secure Hash Algorithm (SHA-2) |
| Authentication | Open System and Shared Key | PSK authentication | MIC and FCS | Simultaneous Authentication of Equals (SAE) |
It’s worth noting that WPA3 must be supported by your hardware and the wireless network you connect to must be configured to support it.
Another security design issue you have to deal with is unauthorized access. In wireless networks, there are no physical boundaries, so attackers can gain access from outside the physical security perimeter. They can introduce rogue access points or soft access points on laptops or handheld devices that can breach security policies. As wireless signals are not easily controlled or contained, this could create security issues for the network.
MAC address security can be used to allow only certain devices to associate with the access points, but this cannot prevent MAC address spoofing techniques. Another solution involves MAC address filtering, but this is not very scalable when dealing with a large number of wireless clients. The most efficient solution to this problem is using 802.1X port-based authentication, which will be described in a subsequent section.
Another important security aspect in WLAN networks involves controlling WLAN access to servers. Just as you would place DNS servers that are accessible from the Internet in a DMZ segment, you should apply the same strategy to RADIUS/TACACS+ and DHCP servers used in the wireless LAN solution. These servers should be placed into their own VLAN that has a strictly controlled network access policy. These servers should also be protected against Denial of Service (DoS) attacks using Intrusion Prevention System (IPS) solutions.
Configuring the Wireless LAN Controller
A large feature of the CCNA syllabus involves configuring features such as access with Telnet, SSH, HTTPS etc. You need to use the GUI to create a WAN and configure security features, QoS profiles, and advanced WLAN settings.
Because of the fact we are using a GUI, hands-on labs would extend to a huge number of pages and hundreds of screen shots. For this reason, we have moved the configuration part onto the free resources page which supports this book.
https://www.howtonetwork.com/ccnasimplified
Cisco Packet Tracer is free, and it offers a few WLCs and APs for you to configure using the GUI. Please bear-in-mind that PT features are limited, so when you try to configure QoS profiles, you will be limited to Silver (best effort) but the exam will expect you to know all the available options which, unfortunately, do not even display.
Figure 8.15 – WLC QoS options
Your full options are:
- Platinum (voice)
- Gold (video)
- Silver (best effort)
- Bronze (background)
In Packet Tracer, you can drag a WLC to your desktop and then create a physical connection to it with an Ethernet cable. You can click on the WLC to see the management IP address which should be 192.168.1.1 by default. If you assign an IP address in the same subnet to your host, you can open a web browser and connect to the WLC GUI.
FIG 8.16 – Connect to the WLC using a cable and http for the initial configuration (Packet Tracer)
We will demonstrate this in the free videos on the resources page but after you have set up your admin credentials and the first WLAN, you will need to reboot the WLC and then you must connect using https and the management IP address which will be 192.168.1.1 again, unless you changed it.
FIG 8.17 – Connect to the WLC using https the second time around
It’s important to spend time learning about all the available features on the WLC, so you are prepared come exam day. I strongly recommend that you spend some time reviewing Cisco documentation on the WLC which you can find on their product pages.
FIG 8.18 – Cisco WLC Controller User Guide
End of Chapter Questions
Please visit www.howtonetwork.com/ccnasimplified to take the free Chapter 8 exam.
Chapter 8 Labs
Because of the large amount of GUI screenshots required, we have moved the wireless labs onto the free support page. They are all in video format, and you can configure them using Packet Tracer, which is a free download from Cisco.
Please visit www.howtonetwork.com/ccnasimplified
