François Vergès discusses Wi-Fi security and securing the access to the Wi-Fi network.
On episode 56, we have talked about the legacy Wi-Fi security mechanisms and we explained why they are not considered safe and secure anymore and why we should not be using them in our modern Wi-Fi networks deployments.
In this follow up episode, we want to start going over the stronger and safer way to secure a Wi-Fi network. We are focusing on how the client devices can securely connect and exchange data over a Wi-Fi network.
This episode will answer the following questions:
How does a client station securely connect to a Wi-Fi network?
What is WPA?
What is the difference between WPA and WPA2?
How does the Personal and Enterprise mode of operation work?
What is 802.1X and how is it related to Wi-Fi security?
What is required in order to authenticate client devices using 802.1X?
What is the 4-way handshake?
What are the secured EAP methods?
What do we need to do in order to securely use WPA/PA2-Personal?
What is considered a strong password?
How does a client station securely exchange data over the Wi-Fi network?
Here are the links to the videos we talked about during this episode:
Cisco Mobility Express is a small to medium sized Wi-Fi solution which can be deployed in just under 20 minutes. In this episode, I talk about my what Cisco Mobility Express entails and how I configured a couple of Cisco 1800 series access points.
Other access points that can be controllers with Cisco Mobility Express include the 2800 and 3800 series access points. This is a special image and not the lightweight images we typically use with the larger controller based models. What’s so special with Cisco Mobility Express is there is a built-in controller. This AP can serve wireless clients and function as a controller to manage up to 25 access points and 500 clients.
Deploying a Cisco Mobility Express controller can be completed in under 20 minutes. After completing the boot up process, a new SSID, CiscoAirProvision, will be enabled. It can be joined using your desktop/laptop computer or with an app, CiscoWireless.
For testing purposes I used the app on my iPhone which was surprisingly simple.
It’s only 5 steps:
Configure an admin account
Setup the controller – System name, management IP address, etc.
Configure wireless networks
Set up RF Parameter Optimization
Confirm and Reboot
Reminder: Configure your switch port properly! If you’re tagging multiple VLANs for your wireless networks, be sure to configure trunk ports to the access point.
A controller can function as one single controller but for redundancy, each Cisco Mobility Express AP (1800,2800,3800 series) can be redundant to each other. But if you want to statically configure a primary and secondary controller, you can do so using the CLI.
The election of a controller happens in one of three ways:
Least client load
Lowest MAC address
All of your advanced troubleshooting will be done using the CLI as well.
Within the web interface, to manage the controller, you have the ability to modify the configuration such as radio policies for your SSID, VLAN tags for an SSID and advanced settings such as channels, channel widths, and transmit power.
Monitoring will yield statistics on access points and individual wireless clients.
You can view access point statistics such as:
Configured data rates
Current transmit power
Client statistics collected include:
Current SSID connected to
Basic client capabilities
In addition to the statistics above, you can view the top applications used by each client and on the network.
To get to ap level from controller:
To get back to controller cli from ap cisco shell:
Troubleshooting AP join issues from controller:
debug capwap events enable
debug capwap detail enable
debug capwap errors enable
What you can configure via the AP:
Set static IP address:
capwap ap ip <ip-address> <subnet mask> <default-gateway>
Configure static controller IP:
capwap ap primary-base <controller-name> <ip-address>
Setup a primary and secondary AP for controller:
config ap priority 4 <ap>
config ap priority 3 <ap>
We’ve made it to episode 3 baby! I just got back from doing personal travel to Washington DC and San Diego. In between airplanes and during flights I managed to plan this podcast to be recorded the night I return back to San Jose!
In this episode there are now segments. Specifically, there is News, a Quick Tip, and the Featured Segment.
And a new podcast was born. Get ready and take a listen. It’s a short episode as I go through introductions to the podcast and an introduction to me, Rowell.
I’m excited to start the Clear To Send podcast. The core topic will be about wifi. With no prior experience in podcasting this is sure to be an interesting adventure but I am confident you’ll stick with me.
My name is Rowell and I am the author of Packet6, which is a blog about network & wireless engineering. Today, I am introducing a new self-published podcast called Clear To Send.
The podcast will start off as audio only with the blog to support the podcast by providing show notes from each episode. The topics that will be covered are:
Length is still up in the air but I am planning to keep it at 30-60 minutes per episode.
Clear To Send (or CTS for short) is for those who would like:
To get started in wireless
To get news on the wireless industry
Hear opinions on wireless
To get educated on wireless topics
Listen to interviews
Get career tips
Just the beginning
The Clear To Send podcast will be funded by me, Rowell, affiliate marketing links, and advertising on the podcast. As of this writing I have not reached out for any advertisers because I am still experimenting with the podcast.
I do not have any previous podcasting experience. My passion and experience will drive the early beginning stages of the podcast but I am open to feedback from the listeners.
If you have any questions or concerns, feel free to email me at firstname.lastname@example.org.
The journey to this stage took a lot of thought. I’ve always been interested in doing a podcast. Instead of just thinking about it I have decided to just do it. I hope to get the support from my industry peers to help share the podcast and to provide feedback on the published episodes.
So here’s the start of a new journey into podcasting. The blog, Packet6, will still be there. Clear To Send will just be an extension of the blog in audio format.