Clik here to view.
Cisco Prime – Device Mgt using SNMPv3
SNMP-Simple Network Management Protocol is used to provide management capability for TCP/IP based networks. There are three versions (v1, v2, v3) & only version 3 added the security capability to...
View ArticleClik here to view.
Configuring New Mobility
In this post we will see how to configure “new mobility” feature on a legacy controller to communicate with a NGWC (like 5760/3850/3650). As shown in the below topology there are two WLCs (5760 &...
View ArticleClik here to view.
WLC Access via RADIUS (ISE)
In this post we will see how to control access to a WLC using a RADIUS server. I have used Cisco ISE (Identity Service Engine)a s RADIUS server in this post. I have created 3 user group (WLC-RW,WLC-RO...
View ArticleClik here to view.
WLC Access via RADIUS (ACS 5.x)
In this post we will see how to control WLC access via RADIUS, where ACS 5.2 used as the RADIUS server. First you need to add WLC in to your ACS as an AAA device. Ensure shared secret configured for...
View ArticleClik here to view.
On Holidays !!!
I am taking a long awaited break & now enjoying 6 weeks off from my work (including blogging itself). That’s the reason for lack of my responses to your comments/mails/etc. I have spent few days in...
View ArticleClik here to view.
Vlan Groups in 5760/3850
If you ever wonder how to configure “vlan select” or “interface group” feature in a Converged Access (3850/3650/5760) setup, here how you do it. (I am using IOS-XE 3.6E for this post). This feature is...
View ArticleClik here to view.
5760-WebAuth Certificates
In this post we will see how to install a WebAuth certificate on a 5760 controller. This will help to prevent Guest Users prompting with SSL error when they are trying to authenticate to a guest...
View ArticleClik here to view.
Cisco Technical Documentation
If you want to find all about Cisco Tech Notes & Configuration Examples, then you have to go http://www.cisco.com/web/services/technical-services-newsletter/techdocs/index.html. You can search by...
View ArticleClik here to view.
Client Details in Converged Access
In this post we will see how client information can be found in Converged Access platforms (5760/3850/3650). Normally client information will be stored in 3 different places within the switch 1. WCM –...
View ArticleClik here to view.
How Fast is your Network – iPerf ?
Have you ever get complaints from users stating “Network is too slow” ? how do you measure network throughput in your environment ? It is always good idea to benchmark your network(wired or wireless)...
View ArticleClik here to view.
Decrypt WPA2-PSK using Wireshark
In this post we will see how to decrypt WPA2-PSK traffic using wireshark. This is useful when you study (my case for CWSP studies) different security protocols used in wireless.Here is the basic...
View ArticleClik here to view.
How to get WLC SFP Info ?
Did you ever wanted to find out inventory details of the SFP plugged into WLC ports ? Typically “show inventory” is what we need. But in AireOS, that command only give the Chassis serial Number as...
View ArticleClik here to view.
CWSP – 4 Way Handshake
In this post we will go through 4-Way Handshake process. This is described in Chapter 5 of CWSP Official Study Guide. Page 194 of this book shows the RSN key hierarchy. MSK-Master Session Key ( or AAA...
View ArticleClik here to view.
CWSP – CCMP Encryption Method
In IEEE 802.11-2007 standard define 3 encryption methods that operate at layer 2 of OSI model (WEP, TKIP, CCMP). These used to encrypt upper layer information of 802.11 data frames what has MSDU...
View ArticleClik here to view.
CWSP-Legacy 802.11 Security
Here is my study notes from CWSP-Official Study Guide – Chapter 2. There two legacy (Pre-RSNA) authentication methods. 1. Open System Authentication 2. Shared Key Authentication. In Open System...
View ArticleClik here to view.
CWSP -RSN Information Element
RSN-IE (Robust Security Network Information Element) is an optional field of variable length that can be found in 802.11 management frames.RSN element has an element ID of 48 & present in below...
View ArticleClik here to view.
CWSP – EAP Basics
The Extensible Authentication Protocol (EAP) as defined in IETF RFC 2284 provides support for many authentication methods.EAP was originally adopted for use with PPP, since been redefined in IETF RFC...
View ArticleClik here to view.
CWSP- EAP LEAP
EAP-LEAP (Lightweight Extensible Authentication Protocol) is Cisco proprietary authentication method. Below diagram shows the EAP-LEAP authentication process. (page 143 of CWSP Official Study Guide)...
View ArticleClik here to view.
CWSP- EAP PEAP
EAP-PEAP (Protected Extensible Authentication Protocol), creates an encrypted TLS tunnel withing which the supplicant’s inner identity is validated. Sometime it is referred as EAP within EAP. There are...
View ArticleClik here to view.
CWSP- EAP TLS
EAP-TLS (EAP-Transport Layer Security) is defined in RFC 5216 & considered as most secure EAP methods used in WLAN. EAP-TLS is required to use client-side certificates in addition to server-side...
View Article