Ch.

5 Access Points

Overview

Access Point Connection

Radio Upgrade

802.11g is chip just

now shipping

Cable and
Power

Cisco Aironet 1100 and 1200 Series, can be powered over Ethernet
with:
Switch with inline power (Option 1)
Inline power patch panel (Option 2)
Optional inline power injector (Option3)
Universal power supply (Option 4)

Cable and Power

WARNING Never connect both the DC power to the AP

power port and inline power simultaneously

AP Installation

LED indicators
1100 AP

1200 AP

The LED lights on an access point convey status information.

When the access point is powering on, all three LEDs normally blink.
After bootup, the colors of the LEDs represent the following:
Green LEDs indicate normal activity.
Amber LEDs indicate errors or warnings.
Red LEDs mean the unit is not operating correctly or is being
upgraded.

Reset the AP (Power On)

1100 AP

1200 AP

When beginning a lab, to make sure the AP has the default settings,

you will reset the AP.

Follow these steps to reset the access point to factory default settings
using the access point MODE button:
Step 1 Disconnect power (the power jack for external power or the
Ethernet cable for in-line power) from the access point.
Step 2 Press and hold the MODE button while power to the access
point is reconnected.
Step 3 Hold the MODE button until the Status LED turns amber
(approximately 1 to 2 seconds), and release the button. All access
point settings return to factory defaults.

Connecting to the AP (Configuration)

Wired

Wireless: Requires Association

Connecting to the AP (Console)

Serial

Console

Rollover Cable

IOS CLI

Connecting to the AP (Telnet)

Cisco

AP Defaults
IP Address = 10.0.0.1/24
Username and Password =
Cisco (C not c)
This password is the
privilege password, not the
WEP password.

Requires a network connection either Ethernet or Wireless

Connecting to the AP (Browser)

Preferred Method!

Wired

Wireless: Requires Association

Connecting to the AP (Wireless)

SSID = tsunami

SSID = tsunami

Wireless adapter:
If configuring using the wireless adapter, you must first associate
with the AP.
Make sure the settings on the ACU match the AP.
Cisco 1100 and 1200 Aps have the following defaults:
IP Address = 10.0.0.1/24
SSID = tsunami
Password = Cisco (C not c)

Connecting to the AP (Wired)

SSID = tsunami

SSID = tsunami

Preferred Method!

Wired Ethernet:
No association necessary
Make sure the IP Address on the Ethernet interface is on the same
subnet as the AP.
AP Defaults
IP Address = 10.0.0.1/24
Password = Cisco (C not c)

Connecting to the AP (Wired)

SSID = tsunami

SSID = tsunami

Preferred Method!

Wired Ethernet:
We will use the browser via wired method to initially configure
APs during labs so we do not configure the wrong AP via wireless.
IOS CLI Optional, but you can do those labs if you wish. We
will cover some of the basic commands.

Basic Configuration
The labs will really help you understand this.
Lab 5.4.4: Configuring Radio Interfaces Through the
GUI
Skip step # 4
Refer to the next few slides to complete the lab

The APs IP address

Same IP address whether you are connecting via the wired

or wireless interface. (For configuring the AP.)

ACU - Verifying

Right click

Network Interfaces Radio-802.11B

(Settings)

Network Interfaces Radio-802.11B

(Settings)

Network Interfaces Radio-802.11B

(Settings)

Network Interfaces Radio-802.11B

(Settings)

PLCP
frame!

Network Interfaces Radio-802.11B

(Settings)

Network Interfaces Radio-802.11B

(Settings)

Network Interfaces Radio-802.11B

(Settings)

Network Interfaces Radio-802.11B

(Settings)

Using the CLI

Lab 5.4.5 Page 118

Configuring Radio Interfaces through the IOS CLI

Stop at step # 10

Wired equivalent privacy (WEP)

AP
128 bit WEP is sometimes
referred to, and more
accurately, as 104 bit WEP.

ACU

Also, be sure that Transmit

Key numbers match, I.e. Key
1 on both AP and ACU.

The IEEE 802.11 standard includes WEP to protect authorized users of

a WLAN from casual eavesdropping.

The IEEE 802.11 WEP standard specified a 40-bit key, so that WEP
could be exported and used worldwide.
Most vendors have extended WEP to 128 bits or more.
When using WEP, both the wireless client and the access point must
have a matching WEP key.
WEP is based upon an existing and familiar encryption type, Rivest
Cipher 4 (RC4).

Authentication Process (Review)

On a wired network, authentication is implicitly provided by the physical

cable from the PC to the switch.

Authentication is the process to ensure that stations attempting to
associate with the network (AP) are allowed to do so.
802.11 specifies two types of authentication:
Open-system
Shared-key (makes use of WEP)

Open Authentication

Typical Open Authentication on

both AP and Client with No WEP
keys

Open Authentication and WEP

Remember there are three steps to Association:

Probe
Authentication
Association
A client can associate with an AP, but use WEP to send the encrypted
data packets.
Authentication and data encryption are two different things.
Authentication Is the client allowed to associate with this AP?
Encryption Encrypts the data (payload) and ICV (Integrity Check
Value) fields of the 802.11 MAC, not the other fields.
So a client could Associate with the AP, using Open Authentication
(basically no authentication), but use WEP to encrypt the data frames
sent after its associated.

Open Authentication and WEP

Associated but data

cannot be sent or
received, since it
cannot be
unencrypted.

In some configurations, a client can associate to the access point with an

incorrect WEP key or even no WEP key.
The AP must be configured to allow this (coming).
A client with the wrong WEP key will be unable to send or receive data, since
the packet payload will be encrypted.
Keep in mind that the header is not encrypted by WEP.
Only the payload or data is encrypted.

Open Authentication - Optional WEP

Encryption (AP)

802.11 allows client to associate with AP.

Cisco AP must have WEP Encryption set to Optional
Association successful with any of these options on the client:
Matching WEP key
Non-matching WEP key
No WEP key

Encryption Modes

Indicates whether clients should use data encryption when

communicating with the device. The three options are:

None - The device communicates only with client devices that are not
using WEP.
WEP Encryption - Choose Optional or Mandatory.
If optional, client devices can communicate with this access point or
bridge with or without WEP.
If mandatory, client devices must use WEP when communicating with
the access point. Devices not using WEP are not allowed to
communicate. WEP (Wired Equivalent Privacy) is an 802.11 standard
encryption algorithm originally designed to provide with a level of
privacy experienced on a wired LAN. The standard defines WEP base
keys of size 40 bits or 104 bits.

In Summary

Client
Use Open Authentication on the client (does not use WEP, challenge
transaction, during authentication).
Use WEP for Data Encryption.
AP
Use Open Authentication
Use Mandatory WEP Encryption, Devices not using WEP are not allowed
to communicate.

Lab 8.3.3.1: Page 225

Configuring WEP on AP and client

MAC Authentication/MAC Filters

Allows you to accept/deny specific MAC or IP addresses.

Lab 8.3.2: Page 218

Configuring Filters on AP

Services
We will not configure all of these options or use all of
the features.

Services

The Services Summary page shows whether all of the

main services are currently enabled or disabled.

Telnet/SSH

Lab 8.3.1.1 Page 198

Configuring Basic AP Security Via GUI

Event Log

Lab 11.5.6.1: page 335

Configuring Syslog on AP

HTTP

This feature enables Web-based GUI management by providing support for

HTML Web pages and Common Gateway Interface (CGI) scripts using
common Web browsers.
The Services>Web Server page is used to enable browsing to the web-based
management system, specify the location of the Help files, and enter settings
for a custom-tailored web system for management.
With the Allow Web-based Configuration Management enabled, access to the
GUI management system is permitted.
If HTTP is disabled, the management system is accessible only through Telnet
or the console

Configure an AP as a repeater

Lab 5.4.8: Configure an AP as a repeater through the GUI

Page 127
Lab 8.3.3.2: Configure an AP as a repeater using WEP
through the GUI page 230

Ch. 5 Access Points