CNET324 Lab 4-Wireless VLAN with RADIUS Authentication

.docx

School

Centennial College *

*We aren’t endorsed by this school

Course

324

Subject

Computer Science

Date

Feb 20, 2024

Type

docx

Pages

22

Uploaded by ColonelPantherPerson857

Lab 5: Wireless VLAN with RADIUS Authentication Lab 4 Lab 4: Wireless VLAN with RADIUS Authentication *By signing above, you attest that you have contributed to this submission and confirm that all work you have contributed to this submission is your own work. Any suspicion of copying or plagiarism in this work will result in an investigation of Academic Misconduct and may result in a “0” on the School of Engineering Technology and Applied Science (SETAS) Information and Computing Engineering Technology (ICET) CNET 324 - Wireless Networks Course Lead: Dr. Sattar Hussain Section No. 002 Group No. 06 Obtained Mark (out of 20) Due Date February 12, 2024 Name Student ID Signature* Saad 301284248 S Shivani Bajaj 301312712 SB Alka 301281875 A
Lab 5: Wireless VLAN with RADIUS Authentication Overview If you use VLANs on your wireless network and assign different SSIDs to these VLANs, you can use any of the security settings on the Express Security page of the Cisco AP1242G Aironet Access Point. Without VLANs, encryption settings options apply to an interface are limited. Just as you use the Express Setup page to assign basic setting, you can use the Express Security page to create unique SSIDs and assign one of four security types to them. For detailed security, refer to the Cisco IOS Software Configuration Guide for Cisco Access Points . When the access point configuration is set to factory defaults, the first SSID that you create by using the Express Security page overwrites the default SSID, which has no security settings. The SSIDs that you create appear in the SSID table at the bottom of the page. You can create up to 16 SSIDs on the access point. The four security types provided by the Express Setup page are: No Security: This is the least secure option. You should use this option only for SSIDs used in a public space and assign it to a VLAN that restricts access to your network. Static WEP Key: Static WEP keys are vulnerable to attack. If you configure this setting, you should consider limiting association to the wireless device based on MAC address or, if your network does not have a RADIUS server, consider using an access point as a local authentication server. EAP Authentication: This option enables 802.1X authentication (such as LEAP, PEAP, EAP-TLS, EAP-FAST, EAP-TTLS, EAP-GTC, EAP-SIM, and other 802.1X/EAP based products). This setting uses mandatory encryption, WEP, open authentication + EAP, network EAP authentication, no key management, RADIUS server authentication port 1645. You are required to enter the IP address and shared secret for an authentication server on your network (server authentication port 1645). Because 802.1X authentication provides dynamic encryption keys, you do not need to enter a WEP key. WPA: Wi-Fi Protected Access (WPA) permits wireless access to users authenticated against a database through the services of an authentication server, then encrypts their IP traffic with stronger algorithms than those used in WEP. This setting uses encryption ciphers, TKIP, open authentication + EAP, network EAP authentication, key management WPA mandatory, and RADIUS server authentication port 1645. As with EAP authentication, you must enter the IP address and shared secret for an authentication server on your network (server authentication port 1645). Learning Objectives By completion of this lab, students will be able to: - Configure VLANs on Cisco Access Points using of the command−line interface (CLI) - Configure Cisco 2950 Catalyst switch using of the command−line interface (CLI) - Configure VLANs with RADIUS authentications - Test the VALNs connectivity with RADIUS authentication Required Equipment - 1 Cisco AP1242G Aironet Access Point - 2 desktop computers running WINDOWS 7 or Windows 10 operating system - 2 Laptops with WINDOWS 7 or Windows 10 operating system - 1 Cisco 2950 Catalyst switch - 2 Whip WiFi 2.4 GHz antennas
Lab 5: Wireless VLAN with RADIUS Authentication Note: This lab is derived from the application note for AP1242 VLANs on Aironet Access Points Network Topology Below is the list of IP addresses used for the devices. All the IP addresses use /24 subnet mask AP Bridge−Group Virtual Interface (BVI) IP address (VLAN 2): 172.16.1.20 Wireless client (SSID Admin) that connects to VLAN 20 gets a static IP address: 172.16.2.X* Wireless client (SSID Guest) that connects to VLAN 30 gets a static IP address: 172.16.3.X* Admin user on the wired network on VLAN 20: 172.16.2.60 (static IP) Web server on VLAN 30: 172.16.3.60 (Static IP) * X is any number 2-254 172.16.2.0 subnet 172.16.3.0 subnet
Lab 5: Wireless VLAN with RADIUS Authentication The numbering plan to be used for this lab is as follows: Cisco 1242G Factory Setting         Default IP address 10.0.0.1       Subnet Mask 255.255.255.0       User name:       Password: Cisco       NOTE: Change LAN settings to static IP address.                 Group # Network Host Name VLAN to be used IP Address Subnet Mask 1 AP As per lab instructions As per lab instructions 255.255.255.0 2 AP As per lab instructions As per lab instructions 255.255.255.0 3 AP As per lab instructions As per lab instructions 255.255.255.0 4 AP As per lab instructions As per lab instructions 255.255.255.0 5 AP As per lab instructions As per lab instructions 255.255.255.0 6 AP As per lab instructions As per lab instructions 255.255.255.0 7 AP As per lab instructions As per lab instructions 255.255.255.0 8 AP As per lab instructions As per lab instructions 255.255.255.0 Procedure Important: read the following notes before starting your lab a) The following procedure is based on Windows 7. If a different system is used, the procedure may be slightly different. b) In each laptop, turn off MacAfee Protection. Turn Off the Windows Firewall for Home or work (private) networks. Make sure each laptop is disconnected from Centennial WiFi network. c) EACH OF THE PCS , CELLPHONES AND THE AP SHOULD HAVE UNIQUE IP ADDRESS BUT ALL MUST BE IN THE SAME SUBNET TO COMMUNICATE. d) Handle lab equipment with extra care. Dropping or misusing equipment may damage them. Ask your professor if you are not sure about any step of the lab procedure e) Read the label on the power adapter (charger) of the access point. Make sure that you are using the right one. Using a different charger will damage the wireless access point.
Lab 5: Wireless VLAN with RADIUS Authentication Task 1: Set up WAP on 802.11g Radio Interface Note: If you have not copied the configuration file from lab 4, repeat these steps exactly as you have done in lab 4 1. Before you power up the access point , connect two 2.4-GHz external antennas as shown. Make sure to connect these antennas to 2.4 GHz side of the AP . Notice the difference in the shape of the 2.4 GHz and the 5 GHz antenna. This will help in identifying the 2.4 GHz antenna. 1. Use a Hyper terminal or PuTTY to go on CLI. 2. Use the USB to Serial adapter. Load the drivers if it is required and verify the COMM port by going through the Device manager. 3. Set up a terminal emulator on your PC to communicate with the access point. Use the following settings for the terminal emulator connection: 9600 baud, 8 data bits, no parity, 1 stop bit, and no flow control. Commands are: ap > Enable ap # Config terminal ap (config) # Interface bvi1 ap (config-if) # IP address 10.0.x.1 255.255.255.0 (Replace x with your group number) ap (config-if) # end Exit 4. Change the Local Area Network (Ethernet) Adapter IP address of to be in the same subnet of the access point (10.0.x.X) where X any number 2-254. 5. Open the Browser and type 10.0.x.1. Login with Username {blank} Password: Cisco You should now see the summary status 5 GHz antennas 2.4 GHz antennas
Lab 5: Wireless VLAN with RADIUS Authentication 6. Go to EXPRESS SET-UP and assign the following: Host Name : AP Configuration Server Protocol : Static IP IP Address : 172.16.1.20 Default Gateway: : Web Server Address (172.16.3.60) SNMP COMMUNITY : defaultCommunity Role in Radio Network : Access Point 7. Click Apply
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help