In this post we will see how to configure the WGB with WPA2-PSK authentication security in Unified Wireless Network Solutions.
I have a lightweight AP (AP001) connected to WLC1 in local mode.
DHCP functionality is defined on Core switch for VLAN 80
WGB and Client will get IP in VLAN 80.
Here is my Topology
WGB°°°°°°°°°°°°°LAP—————-Switch————–WLC
WLC Configuration:
First we have to configure a WLAN “Test” with WPA2 policy and PSK authentication key management.
WGB Configuration:
Here is the basic configuration of WGB with WPA2-PSK security Policy.
hostname WGB ! dot11 ssid Test vlan 80 authentication open authentication key-management wpa version 2 wpa-psk ascii 7 131112011F5D56797F71 ! interface Dot11Radio0 no ip address no ip route-cache shutdown ! interface Dot11Radio1 no ip address no ip route-cache ! encryption vlan 80 mode ciphers aes-ccm ! ssid Test ! station-role workgroup-bridge ! interface Dot11Radio1.80 encapsulation dot1Q 80 native no ip route-cache bridge-group 1 ! interface FastEthernet0 no ip address no ip route-cache duplex auto speed auto ! interface FastEthernet0.80 encapsulation dot1Q 80 native no ip route-cache bridge-group 1 ! interface BVI1 ip address DHCP no ip route-cache ! ip default-gateway 10.35.80.254 bridge 1 address 588d.0903.e31c forward fastethernet0.80 -->Used to add permanent entry in WGB Table
Just after completing the configuration we will see this message on WGB CLI:
*Jul 24 00:06:04.573: %DOT11-4-UPLINK_ESTABLISHED: Interface Dot11Radio1, Associated To AP AP001 0022.bd98.3a3d [None WPAv2 PSK]
Verification:
WGB#sh dot11 associations 802.11 Client Stations on Dot11Radio1: SSID [Test] : MAC Address IP address Device Name Parent State 0022.bd98.3a3d 10.35.80.1 LWAPP-Parent AP001 - Assoc
WGB#sh dot11 associations 0022.bd98.3a3d Address : 0022.bd98.3a3d Name : AP001 IP Address : 10.35.80.1 Interface : Dot11Radio 1 Device : LWAPP-Parent Software Version : NONE CCX Version : 5 Client MFP : On State : Assoc Parent : - SSID : Test VLAN : 80 Hops to Infra : 0 Association Id : 1 Tunnel Address : 0.0.0.0 Key Mgmt type : WPAv2 PSK Encryption : AES-CCMP Current Rate : 36.0 Capability : WMM 11h Supported Rates : 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 Voice Rates : disabled Bandwidth : 20 MHz Signal Strength : -75 dBm Connected for : 293 seconds Signal to Noise : 21 dB Activity Timeout : 13 seconds Power-save : Off Last Activity : 2 seconds ago Apsd DE AC(s) : NONE Packets Input : 3048 Packets Output : 200 Bytes Input : 566366 Bytes Output : 16546 Duplicates Rcvd : 0 Data Retries : 142 Decrypt Failed : 0 RTS Retries : 0 MIC Failed : 0 MIC Missing : 0 Packets Redirected: 0 Redirect Filtered: 0
(WLC1) >show wgb summary WGB Vlan Client Support.......................... Enabled Number of WGBs................................... 1 MAC Address IP Address AP Name Status WLAN Auth Protocol Clients ----------------- --------------- ----------------- --------- ---- ---- ---------------- ------- 58:8d:09:03:e3:1c 10.35.80.110 AP001 Assoc 3 Yes 802.11a 0
(WLC1) >show client summary
Number of Clients................................ 1
MAC Address AP Name Status WLAN Auth Protocol Port Wired
----------------- ----------------- ------------- -------------- ---- ---------------- ---- -----
58:8d:09:03:e3:1c AP001 Associated 3 Yes 802.11a 1 N/A
(WLC1) >show client detail 58:8d:09:03:e3:1c Client MAC Address............................... 58:8d:09:03:e3:1c Client Username ................................. N/A AP MAC Address................................... 00:22:bd:98:3a:30 AP Name.......................................... AP001 Client State..................................... Associated Client NAC OOB State............................. Access Workgroup Bridge................................. 0 client(s) Wireless LAN Id.................................. 3 BSSID............................................ 00:22:bd:98:3a:3d Connected For ................................... 455 secs Channel.......................................... 36 IP Address....................................... 10.35.80.110 Association Id................................... 1 Authentication Algorithm......................... Open System Reason Code...................................... 1 Status Code...................................... 0 Session Timeout.................................. 0 Client CCX version............................... 5 Client E2E version............................... No E2E support Diagnostics Capability........................... Not Supported S69 Capability................................... Not Supported QoS Level........................................ Silver 802.1P Priority Tag.............................. disabled WMM Support...................................... Enabled Power Save....................................... OFF Current Rate..................................... 54.0 Supported Rates.................................. 6.0,9.0,12.0,18.0,24.0,36.0, ............................................. 48.0,54.0 Mobility State................................... Local Mobility Move Count.............................. 0 Security Policy Completed........................ Yes Policy Manager State............................. RUN Policy Manager Rule Created...................... Yes ACL Name......................................... none ACL Applied Status............................... Unavailable Policy Type...................................... WPA2 Authentication Key Management.................... PSK Encryption Cipher................................ CCMP (AES) Management Frame Protection...................... Yes EAP Type......................................... Unknown Interface........................................ management VLAN............................................. 80 Quarantine VLAN.................................. 0 Access VLAN...................................... 80
In next post we will see the configuration of WGB with LEAP authentication.