Sie sind auf Seite 1von 26

CCNA WIRELESS (200-355)

Chapter 16. Implementing a


Wireless Guest Network

Elaborated by: Ing. Ariel Germn


For: ITLA
Based on: CCNA Wireless 200-355 Official
Cert Guide (2016) David Hucaby

ROUTE v6 Chapter 1
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 1
Chapter 16 Topics
Guest Network Overview

Configuring a Guest Network

Chapter 1
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 2
Guest Network
Overview

Chapter 1
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 3
Guest Network Overview
Wireless LANs are usually configured to support specific
groups of clients or client devices.

You might also decide to create WLANs to support different


types of wireless devices.

Each WLAN might have a different set of security policies


from the others.

As a wireless network administrator, you might be asked to


provide connectivity for users who do not fall into any
convenient category.

Chapter 1
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 4
Guest Network Overview
Guest users are normally temporary visitors who need to
access a wireless network.

Because guests are not regular, trusted employees, you


should always try to offer some basic network access while
containing and isolating them from the trusted portion of
your network.

Chapter 1
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 5
Guest Network Overview

The guest WLAN can be bound to a guest VLAN that is isolated


from other VLANs.

Before guest users can access the guest WLAN, they should be
authenticated somehow.

Because all web browsers on all platforms use HTTP and


HTTPS, the web browser is a universal interface for users to be
authenticated before granting them wireless access.

Chapter 1
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 6
Guest Network Overview
Web authentication can be handled locally on the WLC for
smaller environments through local web authentication (LWA).

You can configure LWA in the following modes:

LWA with an internal database on the WLC


LWA with an external database on a RADIUS or LDAP server
LWA with an external redirect after authentication
LWA with an external splash page redirect, using an internal database on
the WLC

The next logical progression is to move the web authentication


page onto the central server too. This is called central web
authentication (CWA).

Chapter 1
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 7
Scaling the Guest Network
Building a guest WLAN on a single controller is
straightforward.

The guest WLAN is just like any other WLAN defined on the
controller.

In larger installations, you might have more than one


controller. In that case, each guest WLAN terminates on its
own controller.

Cisco WLCs can support Layer 3 roaming by automatically


building a tunnel between the first controller a client
associates with and the controller where the client is
currently located.
Chapter 1
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 8
Scaling the Guest Network

Chapter 1
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 9
Configuring a Guest Network

Chapter 1
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 10
Step 1. Create a dynamic interface for the guest
WLAN.

Chapter 1
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 11
Step 1. Create a dynamic interface for the guest
WLAN.

Chapter 1
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 12
Step 2. Create the guest WLAN.

Chapter 1
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 13
Step 3. Bind the guest WLAN to the guest
WLAN interface.

Chapter 1
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 14
Step 4. Configure the wireless security method.

Chapter 1
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 15
Step 5. Configure web authentication.

Chapter 1
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 16
Step 6. Configure mobility anchors (for larger
networks).

If your network consists of multiple controllers, you should


configure guest WLANs on each one where guest users might
connect.

Identify one controller that will serve as a mobility anchor for all
guest users hosted by other controllers.

All of the foreign controllers (the ones you are configuring) should
be configured in the same mobility group to allow roaming.

(The anchor controller does not need to be in the same mobility


group).

Chapter 1
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 17
Step 6. Configure mobility anchors (for larger
networks).

Chapter 1
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 18
Step 6. Configure mobility anchors (for larger
networks).

Chapter 1
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 19
Review Questions

ROUTE v6 Chapter 1
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 20
Suppose a data WLAN and a guest WLAN are configured
on a controller and mapped to two VLANs. Which one of the
following is a true statement?

a. The controller can route traffic between the two WLANs.


b. The controller will bridge traffic between the two WLANs.
c. The controller cannot route packets between the two WLANs.
d. The controller can route packets between the two WLANs, but not the
two VLANs.

Chapter 1
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 21
Which one of the following correctly finishes this sentence?
By default, all guest WLANs defined on controllers in an
enterprise...

a. are merged into one VLAN and subnet.


b. are connected by CAPWAP tunnels.
c. must be assigned the same WLAN ID number.
d. are isolated from each other.

Chapter 1
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 22
Which one of the following is necessary to merge guest
WLANs from multiple controllers onto a common guest
WLAN on a controller?

a. RF group
b. Global WLAN
c. Mobility anchor
d. Master controller
e. Prime Infrastructure templates

Chapter 1
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 23
In a wireless guest network, which one of the following
statements is correct?

a. A client associates with a guest mobility anchor controller and is


tunneled to a guest foreign controller.

b. A client associates with a guest foreign controller and is tunneled to a


guest mobility anchor controller.

c. A client associates with a guest mobility anchor and then must


reassociate with a guest foreign controller.

d. A client associates with a guest foreign controller and then must


reassociate with a guest mobility anchor controller.

Chapter 1
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 24
Which of the following pairs of phrases makes this sentence
correct? You can configure _____________ as a
______________ for a guest WLAN.

a. only one controller, mobility anchor


b. multiple controllers, mobility anchor
c. a mobility anchor, foreign controller
d. a foreign controller, mobility anchor

Chapter 1
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 25
Chapter 1
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 26