CCNP Enterprise Core (350-401)

If the environment is small or there is no RADIUS server in production, an authentication that is built into the Cisco wireless controller can be used. The local EAP service needs to be defined on the controller. Navigate to Security -> Local EAP -> Profiles and click the New button. A name is required to…

Configure one or more external RADIUS servers in the Security > AAA > RADIUS section. Enter the servers IP address and the shared secret key that the wireless controller uses to communicate with the RADIUS server and ensure the server is set to Enabled. To use the RADIUS server with wireless network clients make sure…

Authenticating a client normally requires a challenge, then a response, then a decision on whether to grant access. The challenge and response can involve a range of encryption keys and algorithms with unique requirements to pass information between the client and access point. Extensible Authentication Protocol (EAP) provides a framework that allows for building of…

One methods of a secure connection to a wireless network is by utilising one of the Wi-Fi Protected Access (WPA) technologies, WPA1, WPA2, or the latest version, WPA3. Each version of Wi-Fi Protected Access is certified by the Wi-Fi Alliance so a client and wireless access point utilising the same version of Wi-Fi Protected Access…

The original 802.11 standard has two choices in authenticating a client, Open Authentication and WEP (Wired Equivalent Privacy) Open Authentication offers open access to a wireless network. The only requirement is that a 802.11 authentication request must be made before it attempts to associate with an access point. Any 802.11 can authenticate to gain access…

Device location can be important to a business or enterprise network. A large store may be interested in tracking protentional customers as they walk around the store, or a museum as they walk around exhibits to present relevant content. A client can be located to which access point they are associated too, but it can…

Cisco Wireless Controllers can be organised into mobility groups to help with intercontroller roaming. If there are two controllers that are assigned to the same mobility group, clients will be able to quickly roam between them. Layer 2 and Layer 3 roaming is supported for Mobility Groups along with the assistance technologies for roaming: CCKM,…

Larger wireless networks may be supported by more than one wireless controller with access points distributed across them Clients can roam from one access point to another, but they may also roam from one controller to another dependant on the access point. Layer 2 Roaming When a client moves from one controller to another when…

Wireless access points are bound to a wireless controller in a Cisco wireless network. When a client roams between access points in a Cisco wireless controller network, it is not the access point that handles the roaming but the controller due to it’s split-MAC architecture. In a Cisco controller network not much changes when the…

A client can move between one basic service set and another by roaming between access points. The client continuously checks the connection quality to the wireless access point that is connected too. If the signal degrades too much, the client will search for a new access point to roam too that can offer a better…