CCNA Wireless Official Exam Certification Guide
CCNA Wireless Official Exam Certification Guide
First Edition
Copyright © 2008 Cisco Systems, Inc.
ISBN-10: 1-58720-211-5
ISBN-13: 978-1-58720-211-7
Warning and Disclaimer
Every effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness is implied. The information provided is on an "as is" basis. The author and the publisher shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book or from the use of the CD or programs accompanying it.
When reviewing corrections, always check the print number of your book. Corrections are made to printed books with each subsequent printing.
First Printing: October 2008
Corrections for all Printings – Chapter 16 through Chapter 20
| |Through out this book the abbreviation for Cisco Secure Services Client is listed as CSSC |Replace all abbreviations for CSSC with: |
| | |Cisco Secure Services Client - Cisco SSC |
| |Though out this book the abbreviation for Cisco Aironet Site Survey Utility (CASSU) is listed |Replace all abbreviation for Cisco Aironet Site Survey Utility (CASSU) with: |
| | |Cisco Aironet Site Survey Utility - (SSU) |
| |Though out this book 802.1x is listed incorrectly |Correct way to list is: |
| | |802.1X |
| |Though out this book the abbreviation for MS-CHAPv2 I listed incorrectly |Correct way to list is: |
| | |MSCHAPv2 |
|296 |Chapter 16, Question 2, answer b |Should read: |
| |Reads: |b. WPA/WPA2 Enterprise |
| |b. WPA/WPA2/CCKM | |
|297 |Chapter 16, Question 9 |Should read: |
| |Reads: |9. When you perform a site survey with the Cisco Site Survey Utility, what indicates a good SNR? |
| |9. When you perform a site survey with the CCSU, what indicates a good SNR? | |
|297 |Chapter 16, Question 12 |Should read: |
| |Reads: |12. What program is designed for vendors to create compatible client hardware? |
| |12. What program is designed for vendors to create compatible hardware? | |
|301 |Chapter 16, after second full paragraph, under Figure 16-4 add paragraph and bullet points |Add: |
| | |This section on the WZC was written based on WZC in Windows Vista. The IUWNE course and CCNA Wireless |
| | |test are built around WZC in Windows XP, which is visually different. The book should focus on the |
| | |Windows XP version. It should show screenshots and give explanation of: |
| | |The pop-up window in the system tray, when you mouse over the wireless connection icon |
| | |The View Available Networks program and how to use it |
| | |Examples of how to configure enterprise and personal profiles in the WZC, explaining what the different |
| | |configuration options entail |
|305 |Chapter 16, Configuring a Profile, second sentence |Should read: |
| |Reads: |It just means that the profile contains more security options. |
| |It just means that the profile contains more options, most likely security options and such. | |
|307 |Chapter 16, Table 16-2, First line |Should read: |
| |Reads: |Scan different channels Yes Yes |
| |Scan different channels No Yes | |
|308 |Chapter 16, Installing the ADU, first sentence |Replace with: |
| |Delete and Replace |The process is pretty simple. You must start by inserting the card. You may see the Windows Found New |
| | |Hardware Wizard, as shown in Figure 16-13. If you see this, close it. You don’t need it. Instead, you |
| | |will use an executable you downloaded from Cisco’s download site. |
| | |After you have closed the Found New Hardware Wizard, double-click the install executable. The opening |
| | |dialog box will tell you that you are installing the ADU. Click “next” and continue with the |
| | |installation by selecting the type of install you want to perform. In this case, it’s the default option:|
| | |Install Client Utilities and Driver. When you install the ADU, you have three options, as shown in Figure|
| | |16-12: |
|308 |Chapter 16, after Figure 16-12, after bullet points, second, third and fourth paragraphs |Replace with: |
| |Delete and replace |As the installation progresses (as you click the Next button), you are given the option to install the |
| | |SSU, as shown in Figure 16-14. |
|310 |Chapter 16, Configuring a Profile, first paragraph, second sentence |Should read: |
| |Reads: |The ADU did this because the WLAN allowed open authentication without any need for RADIUS authentication |
| |The ADU did this because the Windows client was associated with it before the ADU was even |afterwards. |
| |installed. | |
|312 |Chapter 16, Manually Creating a Profile, first paragraph, last sentence |Should read: |
| |Reads: |From the Security tab, you can choose from WPA/WPA2/CCKM, WPA/WPA2 Passphrase, 802.1X, Pre-Shared Key |
| |From the Security tab, you can choose from WPA/WPA2/CCKM, WPA/WPA2 Passphrase, 802.1x, Pre-Shared |(Static WEP), or None, as shown in Figure 16-20. |
| |Key (Static WEP), or None, as shown in Figure 16-20. | |
|312 |Chapter 16, 802.1x Profiles, first sentence |Replace with: |
| |Delete and replace |802.1X Profiles |
| | |You can also create an 802.1X profile, but understand that encryption of user data is optional. If |
| | |encryption is used, it will be dynamic WEP and you must choose between 40-bit and 104-bit keys. |
|313 |Chapter 16, WPA/WPA2/CCKM Profiles, second sentence |Should read: |
| |Reads: |This method performs encryption with a rotated encryption key and RADIUS-based authentication similar to |
| |This method performs encryption with a rotated encryption key and authentication with 802.1x. |802.1X, but the encryption types will be either WPA-TKIP or AES. |
|314 |Chapter 16, Table 16-3 |Replace with: |
| |Delete and replace |Security Option Encryption Authentication |
| | |WPA/WPA2/CCKM WPA-TKIP or AES Rotating key |
| | |EAP methods (see 802.1X) |
| | |WPA/WPA2 Passphrase WPA-TKIP or AES Rotating key |
| | |8 to 63 ASCII or 64 hexadecimal passphrase |
| | |802.1X Dynamic WEP optional |
| | |EAP-TLS, PEAP, LEAP, EAP- FAST, host-based EAP (host- based is not an option for WPA/WPA2/CCKM) |
| | |Pre-Shared Key (Static WEP) Static WEP (weak) Open or Shared Key |
| | |None None None |
|316 |Chapter 16, after Figure 16-24, first and second sentence: |Replace with: |
| |Delete and replace |If you note a high count of retries, it may be due to collisions, noise, or interference. High numbers of|
| | |RTS/CTS (provided in relation to the total number of frames transmitted) frames indicate the protection |
| | |mechanism is being used. |
|318 |Chapter 16, Figure titles |Should read: |
| |Reads: |Figure 16-26 SSU Display in dBm |
| |Figure 16-26 CSSU Display in dBm | |
| | |Figure 16-27 SSU Display in Percentage |
| |Figure 16-27 CSSU Display in Percentage | |
|320 |Chapter 16, after first paragraph, insert |Insert: |
| | |The section on the ADU still leaves several things unaddressed: |
| | |An explanation of different pieces of data on the ADU’s Current Status Tab, such as link status, network |
| | |type, and wireless mode, and what do the colors mean for the boxes in the Signal Strength field? |
| | |How to configure different authentication types (LEAP, EAP-FAST, PEAP, EAP-TLS) – they should be |
| | |described in more detail, with pictures so students can see what’s being configured and descriptions of |
| | |what the different options entail |
| | |802.1X and WPA/WPA2/CCKM are very similar in the way they are configured in the ADU – so how do you know |
| | |which one to configure on the client? Part of it is based on the encryption protocol you want to use and|
| | |part of it has to match settings configured on the controller. This needs to be explained. |
| | |How many profiles can you have in the ADU? |
| | |The Advanced tab was never discussed, but can be used to limit which radio a profile uses, transmit |
| | |power, power save modes, and to set up ad hoc networks. |
| | |Installing the ADU through Microsoft Active Directory Group Policy Objects. |
|320 |Chapter 16, The Cisco Secure Services Client, first paragraph, first four sentences |Replace with: |
| |Delete and replace |The Cisco Secure Services Client (SSC) is client software that provides 802.1X (Layer 2) user and device |
| | |authentication for access to both wired and wireless networks. The Cisco SSC does not need a Cisco |
| | |wireless card to operate the software – it works with all wired and wireless network interface cards. |
| | |From the wired network side, it provides 802.1X capabilities for user and device authentication, which is|
| | |more extensive than the standard wired LAN connection. |
|322 |Chapter 16, SSC Groups, first paragraph, third sentence |Should read: |
| |Reads: |You can also add basic wireless connections (PSK-based), but not secured wireless or wired connections. |
| |You can also add basic wireless connections (PSK-based), but not secured or wired connections. | |
|322 |Chapter 16, SSCAU Overview, after second bullet point, insert the following |Insert: |
| | |Via an MSI that will also install the Cisco SSC |
| | |This section leaves out several pieces of information the student may need. |
| | |What kind of profiles are users allowed to create with the SSC? |
| | |What kind of profiles are admins allowed to create with the admin utility? An example of how the tool is |
| | |used should be shown for visual reference. |
| | |If an administrator uses the administration utility to build a profile, can a client make changes to it? |
| | |Once you’ve bought the non-expiring wireless license, how do you deploy it to the user? |
|322 |Chapter 16, The Cisco Client Extension Program, add under last paragraph |Add: |
| | |Should include information on: |
| | |How the CCX program is used with Wi-Fi tags, including the types of information that a Wi-Fi tag can |
| | |deliver to a third party app. |
| | |Some of the benefits achieved with CCX (CCKM, DTPC, roaming enhancements, MFPv2) |
| | |Features implemented at different levels of CCX compatibility |
| | |(Note: if it looks like I’ve indicated a lot of things are missing, its because this chapter uses 28 |
| | |pages to summarize 105 pages from the IUWNE course.) |
|327 |Chapter 17, Securing the Wireless Network, first paragraph, first sentence |Should read: |
| |Reads: |It’s usually obvious that the medium of wireless networks can be more easily accessed from the outside |
| |It’s usually obvious that the medium of wireless networks can be less secure than wired networks. |than wired networks. |
|328 |Chapter 17, Question 4, answers |Should read: |
| |Reads: |a. v1 |
| |a. v1.x |b. v2 |
| |b. v2.x |c. v5 |
| |c. v5.x |d. v6 |
| |d. v6.x | |
|329 |Chapter 17, Question 8 |Should read: |
| |Reads: |8. In centralized authentication, a certificate can be used based on information from a trusted third |
| |8. In centralized authentication, a certificate is based on information from a trusted third |party. What information is not included in a certificate? |
| |party. What information is not included in a certificate? | |
|329 |Chapter 17, Question 9, answer d |Should read: |
| |Reads: |d. 802.1X |
| |d. 802.1x | |
|329 |Chapter 17, Question 11 |Should read: |
| |Reads: |11. Which EAP method must use certificates on both the client and the server? |
| |11. Which EAP method uses certificates on both the client and the server? | |
|331 |Chapter 17, Rogue APs, |Replace with: |
| |Delete first and second paragraphs and replace |A rogue AP is not A part of the corporate infrastructure. It could be an AP that’s been brought in from |
| | |home or an AP that’s in a neighboring network. A rogue AP is not always bad. It could be an AP that’s |
| | |part of the corporate domain yet still operating in autonomous mode (any access point not managed by a |
| | |controller in a mobility group will be identified by the controllers in that mobility group as a |
| | |potential rogue access point). Part of an administrator’s job is determining if the AP is supposed to be |
| | |there. Fortunately, you don’t have to do all the work yourself. A few functions of the controller-based |
| | |network can detect rogue APs and even indicate if they are on your network. |
| | |Something to consider when looking for rogue APs is what happens to clients that can connect to those |
| | |rogue APs. If a client connects to a rogue AP, it is considered to be a rogue client. The reason rogue |
| | |APs on your wired network pose a threat is that rogue APs typically are installed with default |
| | |configurations, meaning that any client that connects bypasses any corporate security policy. So you do |
| | |not know if the client is a corporate user or an attacker. |
|332 |Chapter 17, Management Frame Protection, first paragraph |Replace with: |
| |Delete and replace |One method of Management Frame Protection (MFP) is Infrastructure MFP, or MFP version 1. With this |
| | |method, each management frame includes a cryptographic hash called a Message Integrity Check (MIC). The |
| | |MIC is added to each frame before the Frame Check Sequence (FCS). When this is enabled, each WLAN has a |
| | |unique key sent to each radio on the AP. Then, the AP sends management frames, and the network knows that|
| | |this AP is in protection mode. Detecting APs can identify if a frame was altered, or if someone spoofs |
| | |the SSID of the WLAN and doesn’t have the unique key, then the detecting AP invalidates the message. APs |
| | |that hear invalid frames report them to the controller. |
|332 |Chapter 17, Management Frame Protection, second paragraph, first sentence |Should read: |
| |Reads: |The other method of MFP is called Client MFP, or MFP version 2. |
| |The other method of MFP is called Client MFP. | |
|332 |Chapter 17, Management Frame Protection, fourth paragraph, third sentence |Should read: |
| |Reads: |You don’t have to worry about your client associating with the rogue AP, because your client identifies |
| |You don’t have to worry about your client associating with the rogue AP, because it drops invalid |and drops invalid frames. |
| |frames. | |
|332 |Chapter 17, Management Frame Protection, sixth paragraph |Replace with: |
| |Delete and replace |To enable Client MFP you must then open the properties for the individual WLANs that will support Client |
| | |MFP. Navigate to WLANs> WLAN_name> Advanced tab and use the MFP Client Protection drop down menu to |
| | |select either Optional or Required, depending on how you want the service to run. |
|334 |Chapter 17, second bullet point, second sentence |Replace with: |
| |Delete and replace |The problems with WEP today are that the keys are not scalable for large networks and that they can be |
| | |broken in 4 to 7 minutes. |
|334 |Chapter 17, first paragraph after bullet points, first sentence |Should read: |
| |Reads: |The mitigation methods used to prevent attacks mentioned here cover a wide range of capabilities, some |
| |The mitigation methods used to prevent attacks mentioned here are not very advanced and are |more powerful than others. |
| |considered weak by today’s standards. | |
|334 |Chapter 17, Open Authentication, last two sentences |Replace with: |
| |Delete and replace |WEP encryption, if used, begins immediately after association is granted. Everything is “open” in the |
| | |sense that no credentials are passed. |
|334 |Chapter 17, Preshared Key Authentication with Wired Equivalent Privacy, second paragraph |Replace with: |
| |Delete and replace |The process of preshared key authentication used with static WEP is as follows: |
|335 |Chapter 17, Step 3 |Replace with: |
| |Delete and replace |Step 3. The client encrypts the text received and sends the encrypted version of the challenge as a |
| | |response. The encryption is done using one of the client’s static WEP keys. |
|336 |Chapter 17, Note box |Do not replace |
| |Delete | |
|336 |Chapter 17, MAC Address Filtering, last two sentences |Replace with: |
| |Delete and replace |This method is not recommended for use by itself. To configure MAC address filtering, you simply check a |
| | |box on the Layer 2 Security Policy configuration page, as shown in Figure 17-6. |
|336 |Chapter 17, Centralized Authentication, second sentence |Should read: |
| |Reads: |In this scenario, a Public Key Infrastructure (PKI) may be used. |
| |In this scenario, a Public Key Infrastructure (PKI) is usually in place. | |
|338 |Chapter 17, first paragraph after bullet points, first sentence |Should read: |
| |Reads: |When you use digital certificates, you have a CA certificate, a server certificate, and possibly a client|
| |When you use digital certificates, you have a CA certificate and a server certificate that is |certificate that is issued by the CA. |
| |issued by the CA. | |
|338 |Chapter 17, first paragraph after bullet points, third sentence |Should read: |
| |Reads: |If the signature matches, you accept the certificate as valid. |
| |If the signature matches, you authenticate. | |
|338 |Chapter 17, third paragraph after bullet points |Replace with: |
| |Delete and replace |Certificates can also be used for encrypting LWAPP control data, but it’s not the same certificate that |
| | |is used for 802.1X; in this case certificates at the controller and access point are used to create an |
| | |AES encrypted TLS tunnel. Additionally, certificates are used for web authentication, but again, it’s not|
| | |the same certificate as the one used by 802.1X. With web authentication, the controller uses its |
| | |self-signed certificate to create a TLS tunnel to protect credentials passed during authentication, but |
| | |the credentials are verified against accounts on the controller and not an AAA server. |
|339 |Chapter 17, first sentence after Figure 17-8 |Should read: |
| |Reads: |Until the user authenticates, no frames other than authentication frames can be passed to the wireless |
| |Until the user authenticates, no frames can be passed to the wireless network. |network. |
|339 |Chapter 17, Step 1, 2, 3, 4, and 5 |Replace with: |
| |Delete and replace |Step 1. The client selects an AP to associate with. |
| | |Step 2. The client sends an authentication request. |
| | |Step 3. The AP returns an authentication response. |
| | |Step 4. The client sends an association request. |
| | |Step 5. The AP sends an association response. |
|339 |Chapter 17, Numbers 4, 5, 6, 7, 8, 9, and 10 |Replace with: |
| |Delete and replace |4. The client sends a challenge for the RADIUS server, which is forwarded by the access point. |
| | |5. The RADIUS server responds to the challenge, validating its identity, and the response is forwarded |
| | |to the client by the access point. |
| | |6. During the communication, the client and the RADIUS server derive unique session keys. |
| | |7. The RADIUS server sends an access success message back to the AP, along with a session encryption key.|
| | |8. The AP keeps the session encryption key to use between the client and itself. |
| | |9. The AP exchanges random numbers (nonces) with the client, which are then combined with the session |
| | |encryption key at both client and AP, finalizing the actual session encryption key to be used. Using the|
| | |finalized session key, the AP forwards its broadcast/multicast encryption key, to the client. |
| | |10. The client and AP can use the session encryption keys to encrypt traffic. |
|339 |Chapter 17, last paragraph |Replace with: |
| |Delete and replace |The AP keeps the session encryption key so that it can encrypt traffic between the AP and the client |
| | |protecting the connection. The AP sends a broadcast/multicast encryption key because each session |
| | |encryption key is unique. So if the client were to use it to encrypt a broadcast or multicast, only the |
| | |AP would be able to decipher it. |
|340 |Chapter 17, The EAP Process, second paragraph |Replace with: |
| |Delete and replace |EAP controls how the user credentials are sent under the premise that no matter what EAP method you use, |
| | |the RADIUS server and the client will all use the same process. It involves the following steps: |
|340 |Chapter 17, The Authentication Server, first paragraph, second sentence |Should read: |
| |Reads: |It really doesn’t matter what you use as an authentication server, as long as it supports the EAP method |
| |It really doesn’t matter what you use as an authentication server, as long as it supports the EAP |used by the supplicant. |
| |method configured on the controller and used by the supplicant and AP. | |
|340 |Chapter 17, The Authentication Server, second paragraph |Replace with: |
| |Delete and replace |When you define the RADIUS server, enter the server’s IP address and the shared secret (a predefined |
| | |passphrase that you determine and configure) to be used with the server. You configure the port number, |
| | |the server’s status, whether it supports RFC 3576 (identity based networking), the server timeout (how |
| | |long a controller waits for the server to respond before trying the server again), and what type of |
| | |authentication the RADIUS server will perform (network users, management users, or IPSec users). Then |
| | |click Next. |
|342 |Chapter 17, first paragraph after Figure 17-12 |Replace with: |
| |Delete and replace |As you can see, the process begins with an EAP Start message. Next, the AP requests the client’s |
| | |identity. The client responds with its identity, and this is sent via EAP over LAN (EAPOL) to the |
| | |authentication server. The authentication server sends its certificate, proving its identity to the |
| | |client. The client creates a session key and encrypts it with the public key from the authentication |
| | |server’s certificate, then forwards the encrypted version of the key to the authentication server. This |
| | |allows the authentication server to securely receive a copy of a session key and create a TLS tunnel with|
| | |the client. Once the tunnel is created, the client sends its certificate, thus proving its identity to |
| | |the authentication server. |
|343 |Chapter 17, EAP-FAST, last sentence of first paragraph and second paragraph |Replace with: |
| |Delete and replace |Instead, EAP-FAST uses a strong shared secret key stored within a Protected Access Credential (PAC) file |
| | |that is unique on every client. |
| | |EAP-FAST negotiation normally happens in two phases, phase 1 and phase 2, though there is an optional |
| | |phase 0 that can be used to provision the PAC file. If an EAP-FAST client does not have a PAC file, they|
| | |can request it during Phase 0 if anonymous PAC provisioning has been configured at the RADIUS server and |
| | |the client. After the PAC has been distributed, phase 1 can happen. In phase 1, the AAA server sends an |
| | |Authority-ID, allowing the client to pick the PAC file that corresponds to that server. The client then |
| | |sends the encrypted portion of the PAC file, known as the PAC-opaque, which contains a session key; the |
| | |client already has a copy of this session key in unencrypted form. The AAA server and the client use |
| | |this session key to establish a TLS tunnel. After phase 1 establishes the secure TLS tunnel, phase 2 |
| | |authenticates the user to the AAA server using another EAP method, with either passwords, generic token |
| | |cards, or a certificate. |
|343 |Chapter 17, EAP-FAST, Number 5 |Replace with: |
| |Delete and replace |5. The client selects a PAC based on the received A-ID. The client sends a PAC Opaque reply to the |
| | |server. The PAC Opaque is a variable-length field that can be interpreted only by the authentication |
| | |server. The PAC Opaque is used to transport a session key to the authentication server. Because the PAC |
| | |Opaque is encrypted with a key possessed only by the authentication server, the session key is secure in |
| | |transit. |
|344 | Chapter 17, Numbers 4, 5, 6, and 7 |Replace with: |
|& |Delete and replace |4. The client returns a premaster secret, encrypted with the public key from the AAA server’s |
|345 | |certificate. |
| | |5. The AAA server decrypts the premaster secret using its private key and the tunnel is established. |
| | |6. The AAA server sends an identity request to the client, negotiating which inner authentication method |
| | |will be used. |
| | |7. The AAA client sends an identity response, indicating which inner authentication method it will use. |
|345 |Chapter 17, LEAP, first sentence |Should read: |
| |Reads: |Lightweight Extensible Authentication Protocol (LEAP) gets honorable mention here mainly because it is a |
| |Lightweight Extensible Authentication Protocol (LEAP) gets honorable mention here mainly because |Cisco EAP method that is still seen in some networks. |
| |it is a Cisco EAP method that is still seen in 802.11b networks. | |
|345 |Chapter 17, Authentication and Encryption, first paragraph, third sentence |Should read: |
| |Reads: |The problems with WEP are that it can be broken easily and it is not scalable. |
| |The problem with WEP is that it can be broken easily. | |
|346 |Chapter 17, WPA Overview, first paragraph |Replace with: |
| |Delete and replace |WPA was introduced in 2003 by the Wi-Fi Alliance as a temporary replacement for WEP while waiting for |
| | |802.11i to release. WPA uses Temporal Key Integrity Protocol (TKIP) to automatically change the keys. |
| | |TKIP still uses RC4; it just improves how it’s done by implementing per-user, per-session dynamic keys. |
| | |This is a major improvement over static WEP where every user had to be configured with the same WEP key. |
| | |WPA is based on 802.11i draft version 3. WEP uses RC4 encryption, which is very weak. TKIP uses a larger|
| | |IV than WEP. This would make it more difficult to guess the keys while not requiring new hardware. |
| | |Instead, you could simply perform a firmware upgrade in most cases. |
|346 |Chapter 17, first bullet point |Replace with: |
| |Delete and replace |Enterprise mode: Enterprise mode WPA requires an authentication server. RADIUS is used for authentication|
| | |and key distribution, and TKIP is used for encryption. |
|347 |Chapter 17, Last paragraph under WPA Overview, after Figure 17-16 |Replace with: |
| |Delete and replace |To configure WPA, set the Layer 2 security method by choosing WLANs > Edit. Then select the Security tab |
| | |and choose WPA+WPA2 from the drop-down, as shown in Figure 17-17. To allow WPA check the WPA Policy check|
| | |box. This will automatically enable support for TKIP with a WPA-style handshake, though AES can |
| | |optionally be used. |
|347 |Chapter 17, WPA2 Overview, first paragraph, first and second sentences |Should read: |
| |Reads: |WPA2, as its name implies, is the second generation of WPA. WPA was designed to be implemented through a |
| |WPA2, as its name implies, is the second attempt at WPA. WPA was not designed to be just a |firmware upgrade but WPA2 has more stringent hardware requirements. |
| |firmware upgrade; instead, you might need hardware to use it. | |
|348 |Chapter 17, first full paragraph |Replace with: |
| |Delete and replace |It was mentioned that AES is used for encryption. AES is the commonly used abbreviation for Advanced |
| | |Encryption Standard-Cipher Block Chaining Message Authentication Code Protocol (AES/CCMP). |
|348 |Chapter 17, last paragraph, first sentence |Should read: |
| |Reads: |To configure WPA2, from the WLANs > Edit page, select WPA+WPA2 from the layer 2 security policy drop down|
| |To configure WPA2, from the WLANs > Edit page, select WPA2 Policy option. |menu, then the WPA2 Policy option. |
|354 |Chapter 18, Question 4, answers a and b |Should read: |
| |Reads: |a. Windows 2003 Server |
| |a. Windows Server |b. Red Hat Linux AS/ES 4 |
| |b. Red Hat Linux | |
|355 |Chapter 18, Question 11, answer a |Should read: |
| |Reads: |a. Administration > AAA > Users |
| |a. Administration > AAA | |
|356 |Chapter 18, Question 16, answer c |Should read: |
| |Reads: |c. Use the Audit tool. |
| |c. Use the Audit Config page. | |
|357 |Chapter 18, Question 21, answer c |Should read: |
| |Reads: |c. Floor area |
| |c. Floor | |
|358 |Chapter 18, Introduction to the WCS, first paragraph after first set of bullet points, second |Should read: |
| |sentence |Licensing enables single-server deployments of up to 3000 APs being supported. |
| |Reads: Licensing enables single-server deployments of up to 500 APs to 2500 APs being supported. | |
|358 |Chapter 18, Introduction to the WCS, second paragraph after first set of bullet points |Insert: |
| |Insert first sentence |By itself, WCS can allow an administrator to track the current location of a single wireless device at a |
| | |time; if using WCS Location you can use the added feature of RF fingerprinting to achieve better location|
| | |accuracy. |
|358 |Chapter 18. Introduction to the WCS, second paragraph after first set of bullet points, original |Should read: |
| |first sentence |The Cisco Wireless Location Appliance, accessed via the WCS interface, provides mapping of multiple |
| |Reads: |clients and assistance in enforcing security policies. |
| |The Cisco Wireless Location Appliance, accessed via the WCS interface, provides mapping of clients| |
| |and assistance in enforcing security policies. | |
|358 |Chapter 18, Introduction to the WCS, second set of bullet points |Replace with: |
| |Delete and replace |Real-time tracking of up to 2500 clients |
| | |Historical information going back for 30 days |
| | |A single point of management |
|358 |Chapter 18, Installing and Configuring the WCS, first two paragraphs |Should read: |
| |Reads: |The WCS has two deployment possibilities: a Linux-based deployment (using Red Hat Enterprise ES/AS Linux |
| |The WCS has two deployment possibilities: a Linux-based deployment and a Windows deployment. In |Release 4, the Cisco WCS can be installed as a service under Linux) and a Windows 2003/SP1-based |
| |large deployments, Cisco recommends the Linux-based deployment. |deployment. In large deployments, Cisco recommends the Linux-based deployment. |
| |The requirements for a Linux-based deployment are as follows: |The requirements for a high-end server are as follows: |
|358 |Installing and Configuring the WCS, |Should read: |
| |Delete first bullet point |Intel Xeon Quad 3.15-GHz CPU |
| | |8-GB RAM, 200-GB HD |
|359 |Chapter 18, first two paragraphs, and first set of bullet points |Replace with: |
| |Delete and replace |In a mid-grade server, you can use the following: |
| | |Intel dual-core 3.2-GHz CPU |
| | |4-GB RAM, 80-GB hard drive |
| | |With a deployment using these specifications, you can support up to 2000 APs and 150 controllers. |
| | |In a low-end server, you can use the following: |
| | |Pentium 4/3.06 GHz (minimum) |
| | |2-GB RAM, 30-GB hard drive |
| | |With a deployment using these specifications, you can support up to 500 APs and 50 controllers. |
|359 |Chapter 18, Table 18-2, line 3 through 12 |Should read: |
| |Reads: |1315 Solid SQL Database |
| |1315 Java |1299 Java – Remote Method Invocation (RMI) |
| |1299 Java |6789 — |
| |6789 — |8009 Java – Web Container |
| |8009 Java |8456 Java – HTTP Connector |
| |8456 Java |8005 — |
| |8005 — |69 TFTP |
| |69 TFTP |21 FTP |
| |21 FTP |162 SNMP traps |
| |162 SNMP traps |8457 HTTP Connector Redirect |
| |8457 — | |
|360 |Chapter 18, bullet points number 2, 3, 4, 5 |Should read: |
| |Reads: |Verify the server ports. Only the ports for http and https access (80 and 443, respectively) can be |
| |Verify the server ports. |changed – all others are fixed and cannot be changed. |
| |Enter the passwords. |Enter the passwords. The passwords must be strong passwords (minimum of 8 characters, no “cisco”, |
| |Choose the FTP and TFTP root folders. |“ocsis”, or “public”, no more than two repeated characters, and at least have three of the following |
| |Select whether this is a multihomed server (two NIC cards). |characteristics: upper case letters, lower case letters, numbers, or special characters). |
| | |Choose the FTP and TFTP root folders. Choosing a folder outside the WCS installation folders is |
| | |recommended. |
| | |Select whether this is a multihomed server (two or more NIC cards); if so, choose the NIC that will be |
| | |used for supporting WCS FTP and TFTP services. |
|360 |Chapter 18, third paragraph, third sentence |Should read: |
| |Reads: |You might encounter problems if the WCS and IIS are installed on the same machine, because both would try|
| |You might encounter problems if the WCS and IIS are installed on the same machine, because both |to use port 80. |
| |would try to secure port 80. | |
|360 |Chapter 18, third paragraph |Add: |
| |Add sentence at end of paragraph |These tabs are configurable to meet the needs of different administrative users and those user’s settings|
| | |will be keyed to their individual login accounts. |
|360 |Chapter 18, Administration Options in the WCS, first sentence |Should read: |
| |Reads: |In the WCS interface, you have horizontal menus across the top that access various configuration |
| |In the WCS interface, you have tabs or horizontal menus across the top that access various |elements, including these: |
| |configuration elements, including these: | |
|360 |Chapter 18, Administration Options in the WCS, bullet points |Replace with: |
| |Delete and replace |Monitor |
| | |Reports |
| | |Configure |
| | |Location |
| | |Administration |
| | |Tools |
| | |Help |
|361 |Chapter 18, third paragraph, fifth sentence |Should read: |
| |Reads: |To see a list of who is logging into the WCS, go to Administration > AAA > Users > Audit Trail; note that|
| |To see a list of who is logging into the WCS, go to Administration > AAA > Users > Audit Trail. |audit trail is only accessible to members of the Superusers group. |
|362 |Chapter 18, Adding controllers to the WCS, first sentence |Should read: |
| |Reads: |To add controllers to the WCS, use the Configure drop-down menu. |
| |To add controllers to the WCS, use the Configure tab. | |
|364 |Chapter 18, second paragraph, fifth sentence |Should read: |
| |Reads: |Select a controller and then, using the Administrative Commands drop-down, choose Audit Now and click Go.|
| |Select a controller and then, using the drop-down, choose Audit Now and click Go. | |
|364 |Chapter 18, Working with Templates |Add: |
| |Add last sentence to first paragraph |Templates also help you keep controller and AP configuration consistent across the enterprise. |
|365 |Chapter 18, Step 5 of Working with Templates |Replace with: |
| |Delete and replace |Step 5. Configure the template’s options. |
| | |Step 6. Click Save. |
|368 |Chapter 18, Maps and APs in the WCS, third paragraph, first sentence |Should read: |
| |Reads: |You start by adding a campus, then a building and then adding floors. |
| |You start by adding a building and then adding floors. | |
|368 |Chapter 18, Maps and APs in the WCS, fourth paragraph, first sentence |Should read: |
| |Reads: |If you wish to support wireless networking outdoors, the maps begin in the context of a campus |
| |The maps begin in the context of a campus | |
|368 |Chapter 18, Maps and APs in the WCS, fourth paragraph, seventh sentence |Should read: |
| |Reads: |If you know you are not going to support outdoor wireless networking, they can be standalone. |
| |They can be standalone. | |
|370 |Chapter 18, Note box |Replace with: |
| |Delete and replace |Note: When adding buildings to a campus map, consider that the building’s horizontal and vertical span |
| | |must be larger than or the same size as any floors that you might add later. You cannot create any floor |
| | |if it is larger than the building. The WCS will not allow the larger level to then be added. You can find|
| | |more information in the section “Adding and Using Maps” in the Cisco Wireless Control System |
| | |Configuration Guide, Release 4.1 at . |
|370 |Chapter 18, fifth bullet point |Should read: |
| |Reads: |Horizontal and vertical dimensions (dimensions can be entered in feet or meters, but the same unit of |
| |Horizontal and vertical dimensions in feet |measure must be used for all maps in WCS) |
|371 |Chapter 18, first paragraph, fourth sentence |Should read: |
| |Reads: |The floor types include Cubes and Walled Offices, Drywall Office Only, Outdoor Area, and user-defined RF |
| |The floor types include Cubes and Walled Offices, Drywall Office Only, and Outdoor Open Space. |models. |
|371 |Chapter 18, last paragraph, third sentence |Should read: |
| |Reads: |A site survey is a measurement of how RF signals propagate at a certain point in time. |
| |A site survey is a measurement of a certain point in time. | |
|372 |Chapter 18, first paragraph, last sentence |Should read: |
| |Reads: |The WCS bases its information on what you tell it the environment will look like combined with the RF |
| |The WCS can base its information on what you tell it the environment will look like. |model (floor type) you have programmed for that floor or outdoor area. |
|372 |Chapter 18, Planning Mode, first paragraph, second sentence |Should read: |
| |Reads: |It allows you to choose whether you will manually place hypothetical APs on the map or have WCS do it for|
| |It places hypothetical APs on the map or lets you view the coverage area based on the placement of|you, based on input you add in, such as desired throughput and application, and then it lets you view the|
| |the hypothetical APs. |coverage area based on the placement of the hypothetical APs |
|373 |Chapter 18, first paragraph after Figure 18-15 |Replace with: |
| |Delete and replace |You move this around to determine the coverage area. You want to trace the outer edge of the area you |
| | |intend to cover. Know that this may give you coverage that extends beyond your walls, depending on the |
| | |size/shape of your building and the service type you are supporting; this is known as “service bulge” and|
| | |is very common. |
|376 |Chapter 18, Monitoring with the WCS, second paragraph |Replace with: |
| |Delete and replace |An alarm summary, shown in Figure 18-20, is available and refreshes every 15 seconds by default, though |
| | |you can adjust this. Alarms are broken down into categories of information and their severities. The |
| | |categories include malicious AP, unclassified AP, coverage hole, security, controllers, access points, |
| | |and mesh links. WCS servers that support Location also include a location alarm category. Fields that |
| | |are clear indicate no alarms. Red is critical, orange is a major alarm, and yellow is a minor alarm. |
| | |By clicking a colored alarm square, you can get more details on the alarm(s) that fit that category and |
| | |severity level, starting with the most recent and working your way back in time. |
|376 |Chapter 18, Monitoring with the WCS, fourth paragraph |Replace with: |
| |Delete and replace |You can also monitor rogue APs, security settings, and Radio Resource Management (RRM). In addition, you |
| | |can monitor Location Appliances. The Location Appliance tightly integrates with the WCS and can provide |
| | |real-time location tracking. While the WCS performs this function on demand for a single device, the |
| | |location appliance, once added to a WCS server, performs this function for up to 2500 devices |
| | |simultaneously. Location accuracy in a server running WCS Base only determines the closest AP, but WCS |
| | |Location can determine the location of a wireless client to within 10 meters 90 percent of the time, and |
| | |to within 5 meters 50 percent of the time. This is an added benefit when troubleshooting issues related |
| | |to interference and rogues. |
|381 |Chapter 19, Maintaining Wireless Networks, first paragraph, second sentence |Should read: |
| |Reads: |Cisco recommends that all controllers in a mobility group run the same version of code. |
| |Cisco recommends that all controllers run the same version of code. | |
|383 |Chapter 19, Question 5 |Should read: |
| |Reads: |5. Which protocols are used to upgrade a controller? |
| |5. Which protocols are used to upgrade a controller? (Choose two.) | |
|384 |Chapter 19, Question 7, answers ‘b’ and ‘c’ |Should read: |
| |Reads: |b. How many available AP licenses the controller has |
| |b. How many licenses the controller has |c. The software version the controller is running |
| |c. The version the controller is running | |
|391 |Chapter 19, Step 6, second sentence |Should read: |
| |Reads: |WCS downloads the software to the controller, and the controller writes the code to RAM first, and then |
| |WCS downloads the software to the controller, and the controller writes the code to flash RAM. |to flash. |
|391 |Chapter 19, Upgrading an AP, first paragraph, last sentence |Should read: |
| |Reads: |Remember that after upgrading the software on the controller, the APs automatically upgrade their |
| |Remember that after upgrading the software on the controller, the APs automatically upgrade their |software as well, but only 10 APs can upgrade at any given time. |
| |software as well, but only 20 APs can upgrade at any given time. | |
|391 |Chapter 19, Upgrading an AP, last bullet point |Should read: |
| |Reads: |If the AP leaves one controller and associates with another, the AP checks the controller version and |
| |If the AP leaves one controller and associates with another, the AP checks the controller version |upgrades/downgrades as needed. This upgrade or downgrade takes about two minutes. |
| |and upgrades/downgrades as needed. | |
|392 |Chapter 19, Upgrading WCS, |Add: |
| |Add last sentence |Performing a backup prior to upgrading WCS is recommended. |
|394 |Chapter 19, first paragraph, last sentence |Replace with: |
| |Delete and replace |The file has been backed up and can now be used on this or other controllers. Keep in mind that the |
| | |controller you download the configuration file to must be the same model and running compatible code. |
|394 |Chapter 19, third paragraph |Replace with: |
| | |Also, the show running-config command can be copied and pasted into notepad, edited (if you wish), and |
| |Delete and replace fourth and fifth sentences |then pasted back to host if you want to make changes to the config. It’s important to note the |
| | |difference between this command and the show run-config command, because they produce very different |
| | |output. show running-config displays the contents of the configuration line by line. show run-config |
| | |provides information about the state of the system. show run-config can not be pasted to host. |
|398 |Chapter 19, Resetting the Controller to the Defaults, third sentence |Should read: |
| |Reads: |The controller needs to reboot for this to occur, because the configuration is not only stored in NVRAM, |
| |The controller needs to reboot for this to occur, because the configuration is not only stored in |but it is also active in RAM and is cleared only with a reboot; resetting the controller to factory |
| |NVRAM, but it is also active in RAM and is cleared only with a reboot. |defaults erases the startup config file but not the running config, so rebooting the server without |
| | |saving changes is required to complete the job. |
This errata sheet is intended to provide updated technical information. Spelling and grammar misprints are updated during the reprint process, but are not listed on this errata sheet.
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.