WGB with WPA2-PSK in UWNS

In this post we will see how to configure the WGB with WPA2-PSK authentication security in Unified Wireless Network Solutions.

I have a lightweight AP (AP001) connected to WLC1 in local mode.

DHCP functionality is defined on Core switch for VLAN 80

WGB and Client will get IP in VLAN 80.

Here is my Topology

WGB°°°°°°°°°°°°°LAP—————-Switch————–WLC

WPA2-WGB1

WLC Configuration:

First we have to configure a WLAN “Test” with WPA2 policy and PSK authentication key management.

WPA2-WGB2

WGB Configuration:

Here is the basic configuration of WGB with WPA2-PSK security Policy.

hostname WGB
 !
 dot11 ssid Test
 vlan 80
 authentication open
 authentication key-management wpa version 2
 wpa-psk ascii 7 131112011F5D56797F71
 !
 interface Dot11Radio0
 no ip address
 no ip route-cache
 shutdown
 !
 interface Dot11Radio1
 no ip address
 no ip route-cache
 !
 encryption vlan 80 mode ciphers aes-ccm
 !
 ssid Test
 !
 station-role workgroup-bridge
 !
 interface Dot11Radio1.80
 encapsulation dot1Q 80 native
 no ip route-cache
 bridge-group 1
 !
 interface FastEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
 !
 interface FastEthernet0.80
 encapsulation dot1Q 80 native
 no ip route-cache
 bridge-group 1
 !
 interface BVI1
 ip address DHCP
 no ip route-cache
 !
 ip default-gateway 10.35.80.254
 bridge 1 address 588d.0903.e31c forward fastethernet0.80 -->Used to add permanent entry in WGB Table

Just after completing the configuration we will see this message on WGB CLI:

*Jul 24 00:06:04.573: %DOT11-4-UPLINK_ESTABLISHED: Interface Dot11Radio1, Associated To AP AP001 0022.bd98.3a3d [None WPAv2 PSK]

Verification:

WGB#sh dot11 associations
 802.11 Client Stations on Dot11Radio1:
 SSID [Test] :
 MAC Address    IP address      Device        Name            Parent         State
 0022.bd98.3a3d 10.35.80.1      LWAPP-Parent AP001           -              Assoc
WGB#sh dot11 associations 0022.bd98.3a3d
 Address           : 0022.bd98.3a3d     Name             : AP001
 IP Address        : 10.35.80.1         Interface        : Dot11Radio 1
 Device            : LWAPP-Parent      Software Version : NONE
 CCX Version       : 5                  Client MFP       : On
 State             : Assoc              Parent           : -
 SSID              : Test
 VLAN              : 80
 Hops to Infra     : 0                  Association Id   : 1
 Tunnel Address    : 0.0.0.0
 Key Mgmt type     : WPAv2 PSK          Encryption       : AES-CCMP
 Current Rate      : 36.0               Capability       : WMM 11h
 Supported Rates   : 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
 Voice Rates       : disabled           Bandwidth        : 20 MHz
 Signal Strength   : -75  dBm           Connected for    : 293 seconds
 Signal to Noise   : 21  dB            Activity Timeout : 13 seconds
 Power-save        : Off                Last Activity    : 2 seconds ago
 Apsd DE AC(s)     : NONE
 Packets Input     : 3048               Packets Output   : 200
 Bytes Input       : 566366             Bytes Output     : 16546
 Duplicates Rcvd   : 0                  Data Retries     : 142
 Decrypt Failed    : 0                  RTS Retries      : 0
 MIC Failed        : 0                  MIC Missing      : 0
 Packets Redirected: 0                  Redirect Filtered: 0
(WLC1) >show wgb summary
 WGB Vlan Client Support.......................... Enabled
 Number of WGBs................................... 1
 MAC Address        IP Address      AP Name            Status    WLAN  Auth  Protocol          Clients
 -----------------  --------------- -----------------  --------- ----  ----  ----------------  -------
 58:8d:09:03:e3:1c  10.35.80.110    AP001              Assoc     3     Yes   802.11a            0
(WLC1) >show client summary
 Number of Clients................................ 1
 MAC Address       AP Name           Status        WLAN           Auth Protocol         Port Wired
 ----------------- ----------------- ------------- -------------- ---- ---------------- ---- -----
 58:8d:09:03:e3:1c AP001             Associated    3              Yes  802.11a          1    N/A
(WLC1) >show client detail 58:8d:09:03:e3:1c
 Client MAC Address............................... 58:8d:09:03:e3:1c
 Client Username ................................. N/A
 AP MAC Address................................... 00:22:bd:98:3a:30
 AP Name.......................................... AP001
 Client State..................................... Associated
 Client NAC OOB State............................. Access
 Workgroup Bridge................................. 0 client(s)
 Wireless LAN Id.................................. 3
 BSSID............................................ 00:22:bd:98:3a:3d
 Connected For ................................... 455 secs
 Channel.......................................... 36
 IP Address....................................... 10.35.80.110
 Association Id................................... 1
 Authentication Algorithm......................... Open System
 Reason Code...................................... 1
 Status Code...................................... 0
 Session Timeout.................................. 0
 Client CCX version............................... 5
 Client E2E version............................... No E2E support
 Diagnostics Capability........................... Not Supported
 S69 Capability................................... Not Supported
 QoS Level........................................ Silver
 802.1P Priority Tag.............................. disabled
 WMM Support...................................... Enabled
 Power Save....................................... OFF
 Current Rate..................................... 54.0
 Supported Rates.................................. 6.0,9.0,12.0,18.0,24.0,36.0,
 ............................................. 48.0,54.0
 Mobility State................................... Local
 Mobility Move Count.............................. 0
 Security Policy Completed........................ Yes
 Policy Manager State............................. RUN
 Policy Manager Rule Created...................... Yes
 ACL Name......................................... none
 ACL Applied Status............................... Unavailable
 Policy Type...................................... WPA2
 Authentication Key Management.................... PSK
 Encryption Cipher................................ CCMP (AES)
 Management Frame Protection...................... Yes
 EAP Type......................................... Unknown
 Interface........................................ management
 VLAN............................................. 80
 Quarantine VLAN.................................. 0
 Access VLAN...................................... 80

In next post we will see the configuration of WGB with LEAP authentication.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s