DEMOBOX DEPLOYMENT DOCUMENTATION DEMONSTRATION AND DEPLOYMENT SCRIPT CISCO MOBILITY EXPRESS WIRELESS DEMO VERSION 1.6 CCA version 1.6 © 2008 Cisco Systems, Inc. All rights reserved. Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
TABLE OF CONTENTS INTRODUCTION .......................................................................................................................................................................................................... 3 DEMONSTRATION GOALS .............................................................................................................................................................................................. 3 DEMONSTRATION SCRIPT STYLE ....................................
INTRODUCTION Welcome to the Cisco® Mobility Express Wireless Demo Box for small and medium-sized business (SMB) and midmarket customers. This kit is designed to provide you with everything you need to demonstrate a wide range of product features to a variety of potential customers, and illustrate the business benefits that Cisco Mobility Express Wireless solutions provide.
CISCO MOBILITY EXPRESS WIRELESS NETWORK The Cisco Mobility Express Wireless Network is the industry’s only Mobility Express wired and wireless solution to cost-effectively address the Wireless LAN (WLAN) security, deployment, management, and control issues facing SMB. This powerful solution combines the best elements of wireless and wired networking to deliver scalable, manageable, and secure WLANs with a low total cost of ownership.
Demo Topology. Figure 1. Note Table 2. CE 520 is optional and not required for this Demo. If CE 520 is not used in the demo please connect all the devices directly to the UC 520 Ethernet PoE ports. Devices Device Description 521 LWAPP Access Points Cisco Aironet 521 Series 802.11/b/g Access Point w/Internal. Antennas PC or Laptop PC or laptop with Win XP and CCA ver 1.6 WL526 Controller 526 Series WLAN Controller for up to 6 Cisco lightweight APs per controller. Maximum two allowed.
Key Features The Cisco SBCS – Small Business Communication System is an integrated end-to-end solution that addresses all layers of the WLAN, from client devices and access points, to the network infrastructure, to network management, to the delivery of advanced wireless services integration and award-winning, worldwide, 24-hour product support. It delivers the industry’s best wireless LAN security, innovation, and investment protection.
Solution The Cisco Mobility Express Wireless Network is the industry's only Mobility Express wired and wireless solution to cost-effectively address the WLAN security, deployment, management, and control issues facing SMB. This powerful solution combines the best elements of wireless and wired networking to deliver scalable, manageable, and secure WLANs with a low total cost of ownership.
CISCO AIRONET SERIES LIGHTWEIGHT ACCESS POINTS Demo Time: 1 to 10 minutes The Cisco Mobility Express Solution brings together the 521 Access Point and the Cisco 500 Series Wireless Express Mobility Controller to provide a flexible, cost effective wireless solution specifically designed to meet the needs of small and medium-sized businesses (SMBs).
• Standalone mode: Access points are directly connected to the wired infrastructure and provide reliable high-speed wireless connectivity to users in the area they cover. Configuration and management is performed locally at the individual access point level. Maximum of three standalone APs are supported. • Controller-based mode: Access points associate with a Cisco 526 Series Wireless Express Controller to provide wireless connectivity and comprehensive monitoring of the airspace.
• The APs are dynamically configured for RF and power levels, thus minimizing cost to implement, operate, and optimize wireless coverage Flexible and Easy Installation options (Lower Total Cost of Ownership) Models are available with internal antennas. Cisco Aironet Lightweight Access Points support industry standard 802.3af Power over Ethernet (via PoE switch or injector). An external power supply is also available.
STEP 6. While the APs reload, point out the APs which are receiving the operating system and configuration from the Wireless LAN Controller. Once the 521 LAP is registered, solid LEDs for the power (green) will be displayed for Registered AP STEP 7. Return to the CCA Topology screen and verify there are 3 APs registered (or as many as available). If only 2 APs are registered, click the refresh button to see the third. This process again may take several minutes. STEP 8.
CISCO MOBILITY EXPRESS CONFIGURATION AND MANAGEMENT Demo Time: 15 to 25 minutes Wireless is a rapidly changing environment; managing this change is challenging in most wireless deployments. To resolve this problem, changes to the APs, such as RF and power levels, are made dynamically by the controllers. Other changes require manual changes.
technologies-unified communications, switching, routing, security, and wireless. Cisco Configuration Assistant simplifies wireless configuration and provides follow-up support to facilitate easy modification. Features include an interactive topology view, frontpanel views of devices, and drag-and-drop Cisco IOS Software upgrades.
• Simplified network reporting-Users can print easy to read reports such as bandwidth utilization. The enhanced print option even allows users to print the Topology View or Front Panel View on one page using the "fit to page" option. • Enhanced security for configuration and monitoring activities-Cisco Configuration Assistant provides a secure connection between the Cisco Configuration Assistant client and each connected device in the network to safeguard all sensitive information.
bandwidth to ensure overall optimal network performance, and support advanced mobility services such as guest Internet access and voice over Wi-Fi. Figure 3. 500 Series Controllers The Cisco 526 Wireless Express Mobility Controller can be used with up to six access points per controller and up to two controllers per network.
Supports Cisco LWAPP Uses Cisco LWAPP for communication between access points and controllers to simplify deployment and follow-on management, and to automate functions required for a pervasive WLAN end-user experience. Multi-access-point Radio Resource Management (RRM) In builds with more than one access point, RRM coordinates access points in real time to optimize radio coverage/capacity while working around potential points of interference.
Cisco Configuration Assistant Overview STEP 1. From the PC running CCA double click on the CCA icon on the desktop. The screen will come with the message to connect to community or create community. If community was already created then choose that community from the drop down menu. In our demo the community name is SBCS demo. STEP 2. Click OK to connect to the community STEP 3. The message will come up and ask for user name and password on the UC 520 our seed device address.
Note You might have other devices in the topology that will require different user name and passwords. You will need to know their default or administratively changed credentials for the CCA to be able to configure and manage them. STEP 4. I f the community was not created then choose an option of creating community. In our demo we will create community “SBCSdemo” with the “seed IP address” of the UC 520. Enter the information indicated above and start discovery.
STEP 5. The CCA will come on the screen with Topology View of the configured network. Please make sure all the devices are discovered and presented on the Topology View screen. © 2008 Cisco Systems, Inc. All rights reserved. Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
Verify AP Registration STEP 1. In the topology view verify that all the components are present and all the devices show MAC address and IP addresses. You can change the setting of what is shown on the screen in the Topology Preference Setting. STEP 2. Open the Monitor>Reports> Wireless Radios menu and see all the APs connected to the controller and their Channel and Transmit power assignments. Note The AP Mac address entries will vary in every demo.
CCA menu options on the Left Side Menu STEP 1. On the left side menu open the Configure Tab and view all the different options to configure Smartports, VLANs, Ports, Security, Telephony, Wireless, Routing, DHCP Server, Device Properties, etc. © 2008 Cisco Systems, Inc. All rights reserved. Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
STEP 2. Open the < Smartports menu tab, you will see the UC500 displayed on the screen with Ethernet Smartports highlighted on the display. By clicking on the Port and then on the Modify button will show the configuration options for the port. Note that in our demo the port where the APs are connected configured as Access Point ports with default VLAN. STEP 3.
STEP 4. Next move on to the Wireless Networks and choose Hostname of the 526 controller, you will see all the SSIDs created and their security settings and VLANs they are assigned too. You can create a new SSID from this menu option as well. © 2008 Cisco Systems, Inc. All rights reserved. Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
Note If you choose to create a new SSID and there is no unassigned VLANs available the system will prompt you to first create a new VLAN for that SSID since Mobility Express system supports only one to one mapping between VLAN and SSID. See the Note on the screen capture above. Note The new created VLAN shown on the screen will be synchronized with VLANs on all other SBCS system that CCA 1.6 supports; such as in our case UC520.
If you are creating a SSID with WebAuth you will also get a message if a new WLAN user should be created at the same time. Also a new feature in the CCA 1.6 STEP 5. Under Wireless >WLANs (SSID)…>Modify you can modify the SSID setting such as Security, Encryption, Choose associated VLAN and decide whether the SSID should be broadcasted. © 2008 Cisco Systems, Inc. All rights reserved. Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
STEP 6. Under and then selecting < New526-demo> for the Hostname you can see all the dynamic interfaces (VLANs) that exist on your wireless network and their IP addresses assignments. We can see the same information under WebUI. © 2008 Cisco Systems, Inc. All rights reserved. Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
STEP 7. Under Wireless> WLAN Users> you can create a new Wireless Network Users – a Regular User with no time restrictions or a Guest user with time restrictions. Note The new created Guest user option allows you to specify the Validity time of the Guest User on the network. In addition you have an option to create a new SSID right from the same configuration screen. These are a new feature in the CCA 1.6 and new WLC software. STEP 8.
Note When a new SSID gets created the system automatically sets the type of the WLAN to Guest from the three available options – Data, Voice, Guest. You can also demonstrate that the new SSIDs and VLANs were created successfully on the system as shown below. STEP 9.
STEP 11. Next lets take a look at the Monitor>Wireless Controller Dashboard > tab – this is also a new option in the CCA 1.6. Under this option you can show System Status, AP summary, Controller and AP Statistics © 2008 Cisco Systems, Inc. All rights reserved. Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
STEP 12. Next lets take a look at the Monitor>System Messages tab – if there are any rogues AP in the surrounding environment and not configured on you network the system will display them as Rogue APs. You may also setup a Message Filter or Save/Print the system messages report. Note The error messages displayed on the display will vary from site to site. Converting 521 AP from Standalone to Controller mode LAP STEP 13.
Viewing Horizontal Menu Tab in the CCA The Client filter further enable the ability to view specific information relating to client IP Address, MAC Address, Name, and asset information. STEP 1. The First Tab allows to connect or change the community you are displaying STEP 2. The second Tab is the refresh button, when you make changes and need to refresh the information presented on the screen or the Topology view. STEP 3. The Third Tab activates the Print Services STEP 4.
STEP 5. Next Tab save configurations of all or individual devices STEP 6. The allows you to configure Voice setting such as: Device and System Parameters, Network parameters, Dial Plan, AA and Voicemail, SIP trunk parameters, Voice Features and User Parameters. STEP 7. The . STEP 8. Next Tab tab is to Cofigure VPN server on the UC520 is to setup Firewall and DMZ on the UC 520 and different Security Levels. © 2008 Cisco Systems, Inc. All rights reserved.
STEP 9. The Wireless Tab allows you to configure Wireless setting on the UC520 device for the Stand- alone AP(s) and on the WLC 526 for the Controller Mode configuration. Note This setting is the same as if you would choose a Wireless Networks Configuration on the left side Config Wireless Tab. Several other Tabs on the Horizontal Menu are a repeat of the configuration options available on the Left Side Menu options. STEP 10.
Note The Front View of the WLC 526 is now supported in release version 1.6 of the CCA STEP 16. The next Tab displays and refreshes the Network Topology View on the screen. STEP 17. And the next four Tabs are for Legend, Help, Email option and Search. Configuring 526 Wireless LAN Controllers STEP 1. There are Unified Controllers and SMB controllers, you want to briefly discuss the differences between the Unified and Mobility Express 526 controller STEP 2.
Auto Radio Frequency (RF) and Power Management In this section, you can demo auto power and auto channel assignments. The Auto RF demos rely on the controller response time which is locked in at 600 seconds (10 minutes). Patience is required for some of the RF changes to occur. Auto Power and DCA STEP 1. For this demonstration use Web UI interface on the controller. Connect to the controller Web UI interface IP address 192.168.10.50 ( in our case the IP address of the controller management interface).
Note: Power Level The transmit power level of the access point where 1 = Maximum power allowed per Country Code setting, 2 = 50% power, 3 = 25% power, 4 = 6.25 to 12.5% power, and 5 = 0.195 to 6.25% power Note The power levels and available channels are defined by the Country Code setting, and are regulated on a country by country basis. STEP 8. Connect AP back to the Ethernet port and you should be able to observer changes in Power Levels.
Emphasize: • The real-time RF management capabilities of the Cisco Mobility Express Wireless Network allow the network to respond in realtime to changes in the RF environment. 1 Organization should expect ongoing changes in the RF environment. 2 Users come and go from conference rooms. 3 Additional clients may be added to an area in a building 4 The WLAN infrastructure may need to be adjusted over time for changes in the building configuration or design.
Key Features • • Multiple security policies are very easy to deploy and maintain across any network using Cisco Mobility Express WLAN Solution. Built in guest user administration web authentication is a key feature many customers require for guest access. Marketing Messages With the increased reliance on WLANs, businesses are becoming more concerned about network security.
STEP 4. Under the security settings you will see all of the security options available for configuration. In our case the SSID = datasec is configured with WPA2 as a security option. STEP 5. The encryption type for the SSID was chosen as “AES” the second option available is TKIP. STEP 6. And finally the RADIUS server with IP address 192.168.10.1 was selected for 802.1x authentication as shown in the screen below STEP 7.
STEP 9. Enable the “Local RADIUS Server” with “Secret Key = demo STEP 10. Show client connectivity on the SSID = smbdata, with username=user1 and password= demo. Note The supported EAP types with the Local RADIUS serer are LEAP; EAP-FAST and MAC authentication Cisco Wireless Clients Demo Time: 20 to 30 minutes There are variety of the Wireless Client 802.11a/b/g cards are available on the market today. There are also about half a dozen very popular Supplicants available to the wireless users.
Table 6. Key Components to demonstrate various Client Demo Description Laptop with CB 21AG card and Cisco ADU Wireless client setup with the Cisco PC Bus 802.11 a/g card and Cisco ADU supplicant Laptop with 350 card and ACU supplicant Wireless client setup with Cisco 350 802.11b card and ACU Laptop with CB 21AG card and ADU and CSSC 5.0 Supplicants Wireless Client setup with Cisco card and Cisco Security Services Client Version 5.
In this demonstration we will use variety of wireless cards and supplicants and to make demo more interesting and to explore rich set of the security capabilities of the Mobility Express controller in combination with the UC 520 we will demonstrate several different security setups ( as shown in the previous section) with different clients. This demonstration will further enforce the security capabilities of the SMB system and its interoperability with a wide variety of wireless clients and supplicants.
Note We are demonstrating connectivity with an autonomous AP on the UC 500 Note There are many Client Supplicants available and any of them should work with the Cisco Wireless System Client connectivity demonstration using CSSC ver 5.0 supplicant In this section we will demonstrate configuration and setting of the CSSC supplicant ver 5.0 with WPA-PSK and TKIP encryption. As shown in the step 2 other Authentication and Encryption options can be easily configured using CSSC ver 5.0 supplicant. CSSC 5.
STEP 2. Enable Authentication Policy in the Supplicant for all the profiles of the wireless client. For our profile we have to make sure that WPA-PSK Personal with TKIP is enabled. STEP 3. In the next step we have to configure Wireless Settings for the client with SSID=smbdata and shared key=sbcsdemo © 2008 Cisco Systems, Inc. All rights reserved. Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
STEP 4. After finishing configuring the profile SBCS demo as shown above, save the profile to the SBCS group © 2008 Cisco Systems, Inc. All rights reserved. Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
STEP 5. In the next step after saving profile in the Configuration Manager, Start the CSSC Client Utility > Lunch the SBCS Demo profile and enter Authentication credentials when prompted. © 2008 Cisco Systems, Inc. All rights reserved. Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
STEP 6. And finally use the connection status tab to see the client IP address and other connectivity parameters as indicated in the screen shot below. The client received IP address fro the DHCP server on the UC 500 on VLAN 10. Wireless connectivity with UC 520 AP - Secure connectivity using MS Zero Config Supplicant Next we can demonstrate setup with WPA/PSK on the hand held device.
STEP 1. We will demonstrate Wireless client connectivity with WPA/PSK on the Windows Mobile device. STEP 2. Configure the discovered wireless network smbdata with WPA/PSK. Configure SSID= smbdata with shared key=sbcsdata STEP 3. After the user credential entered as shown above the client will authenticate and connect to the Wireless Network © 2008 Cisco Systems, Inc. All rights reserved. Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
Wireless connectivity with WLC526 LAP - Secure connectivity using ADU and Odyssey Supplicants Next we can demonstrate setup with WPA2/AES on the laptop and hand held device. For the next few client connectivity demonstration we will use WLC 526 controller and LWAPP APs. STEP 1. We will demonstrate Wireless client connectivity with WPA2/AES and EAP-FAST authentication. Configure SSID= datasec with security WPA2/AES and EAP-FAST; in the security make sure Local RADIUS server 192.168.10.
STEP 2. Configure Client in ADU with the same credentials as shown above in step 1 in the CCA configuration. Create profile with a SSID=datasec. STEP 3. Configure in the ADU security settings for WPA2/AES and EAP-FAST authentication as shown below © 2008 Cisco Systems, Inc. All rights reserved. Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
STEP 4. Configure EAP-FAST settings as they are shown in the figure below STEP 5. In the Advanced option Tab you may want to configure additional options as shown and also disable the 5GHz scan since the 521 AP don’t support that mode. © 2008 Cisco Systems, Inc. All rights reserved. Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
STEP 6. Finally activate the newly created profile STEP 7. The wireless client should Associate, Authenticate and eventually get an IP address from the DHCP server on VLAN 40. © 2008 Cisco Systems, Inc. All rights reserved. Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
STEP 8. In Web UI interface you can show more details about the connected client and even do a Link Test. And also on the Client device in ADU you can see in more Advanced Status tab. © 2008 Cisco Systems, Inc. All rights reserved. Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
Client Connectivity using Intermec CN-3 device and Odyssey or Windows Mobile supplicant STEP 1. Configure the CN-3 device using the Odyssey interface for the WPA2/AES and EAP_FAST authentication STEP 2. Configure the Odyssey with SSID= datasec withWPA2/AES and EAP-FAST © 2008 Cisco Systems, Inc. All rights reserved. Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
STEP 3. After you entered authentication credentials user=user5 and passw=demo as it was configured on the Local Radius Server you will see the client Associate, Authenticate and receiving IP address. Wireless Client Connectivity with WLC 526 and LAP using Cisco 350 card and ACU with EAP/WEP STEP 1. In this demonstration we will show client connectivity to the Wireless Network with SSID=dataopen with EAP/Dynamic WEP configured with CCA. © 2008 Cisco Systems, Inc. All rights reserved.
STEP 2. Configure Cisco Wireless Client with the same SSID=dataopen using ACU 6.6 . Create a profile 350 with ACU in the ACU under Profile Manager Menu option as shown below. STEP 3. Configure wireless security as LEAP under Network Security Tab in the ACU and then configure LEAP. © 2008 Cisco Systems, Inc. All rights reserved. Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
STEP 4. Save the profile and then select it in the ACU main menu using Select Profile option. STEP 5. Authenticate to the wireless network with credentials as configured on the Local Radius server on the UC520. User name=user3 and password=demo © 2008 Cisco Systems, Inc. All rights reserved. Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
STEP 6. The client will Authenticate and receive IP address from the DHCP server configured on the UC520 on the VLAN 30 © 2008 Cisco Systems, Inc. All rights reserved. Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
STEP 7. And finally verify the connectivity in the ACU main menu under the Status tab. © 2008 Cisco Systems, Inc. All rights reserved. Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
Wireless connectivity with WLC526 LAP521 - Secure connectivity using Wireless 7921 Phones Next we can demonstrate setup with WPA/TKIP and 802.1x with Wireless Phone clients. We will initially configure the Cisco 7921 device with the GUI interface on the phone supplicant that comes native on the 7921. Note It is technically difficult to get the screen shots from the 7921; therefore we will demonstrate the configuration setup of the 7921 using Browser interface connecting to the 7921.
STEP 2. Configure the Active Profile SMBphone with SSID= smbphone © 2008 Cisco Systems, Inc. All rights reserved. Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
STEP 3. On the 7921 create a Wireless Profile SMBphone and setup the wireless options as shown below. Security should be setup to WPA/TKIP and Authentication Auto AKM equivalent to CCKM (Cisco Centralized Key Management = Fast Secure Roaming). When Auto AKM is selected on the 7921 phone the Authentication type will be LEAP automatically as it will show below in the controller screen shot. © 2008 Cisco Systems, Inc. All rights reserved.
STEP 4. Configure wireless Profile = Profile1 or make changes to the existing profile as shown below. If the settings are locked – Unlock them by chosing <*><*> and <# >keys. Enter User credentials as configured on the Local Radius Server user=user5 and password=demo. Enable the DHCP server. © 2008 Cisco Systems, Inc. All rights reserved. Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
STEP 5. After configuring the 7921 and connecting to the wireless network verify the phone connectivity authentication and security credentials obtained on the controller Web UI as shown below. © 2008 Cisco Systems, Inc. All rights reserved. Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
STEP 6. Verify Phone connectivity to the CME in the CCA as shown below. © 2008 Cisco Systems, Inc. All rights reserved. Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
STEP 7. After all the connectivity is verified you should be able to demonstrate the functionality of the 7921 by making calls to a Desktop 7960 phone and other phones if available. Phones extensions examples are shown in the figure above. Note 7921 clients should be freely moving (roaming) around the demonstration room and observe no latency in the communications since Fast Secure Roaming (CCKM) was configured on the 7921. The 7921 phone will be auto configured in the Voice system.
Wireless connectivity with WLC526 LAP521 - Secure connectivity using Wireless Nokia Dual-Mode Phone Next we can demonstrate setup with WPA/TKIP and 802.1x with Wireless Phone clients. We will initially configure the Nokia device with the GUI interface on the phone supplicant that comes native on the Nokia interface. STEP 1.
STEP 3. Under the Connectivity Options > Connection Mgr > Available WLAN – find available WLANs seen by the Nokia Dual Mode wireless phone. STEP 4. Select under the Settings Menu a Connection configuration option for the Access Point and Create or Modify the SMB profile for the Nokia WLAN. © 2008 Cisco Systems, Inc. All rights reserved. Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
STEP 5. Configure SMB profile for WPA/WPA2 with TKP for Authentication and Encryption and WLAN=smbphone, just like on the WLC. Also choose the “EAP plug-in setting” and configure it for LEAP at the highest priority and also configure under the LEAP settings User Credentials User=user5, Password=demo STEP 6. Setup the Wireless LAN connection and then the SMB profile under the Access STEP 7. Select Dual Mode operation, verify SCCP configuration for CME connection and Voice Profile.
STEP 8. After successful Authentication the Nokia dual mode phone will receive CME extension and the call can be places to the Desktop phone extension 201. Note Please note in the Figure above when Phone is connected to the CME and has extension there is a little Icon right below the Battery Icon. Also note that when phone is connected to the WLAN (primary wireless connection) the Little Clover icon with the Lock right below the 123. © 2008 Cisco Systems, Inc. All rights reserved.
Create Guest Web Authentication In the Present release code of the CCA version 1.6 the Guest Access is configurable now right via the CCA interface. STEP 8. Create Guest User interface in the CCA prior to configuring Guest SSID. Under Wireless> WLANs…> in CCA. For Guest User we create VLAN 60 with no security. STEP 9. From the same interface create another WLAN = smbguest , this time on VLAN 20 with Web Authentication checked and security set WPA2-PSK /AES © 2008 Cisco Systems, Inc. All rights reserved.
STEP 10. Configure the IP address of the Interface “guest’ and “smbguest” , Subnet Mask, Default Gateway and DHCP server as shown below. © 2008 Cisco Systems, Inc. All rights reserved. Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
STEP 11. After SSID “guest” was created in the CCA 1.6 Configure>Wireless> WLAN Users…> create new user guest as shown below. Note when creating user guest there are options available in this release that allow you to configure the times guest user is permitted on the network. © 2008 Cisco Systems, Inc. All rights reserved. Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
STEP 12. Under the same screen create another Guest user “smbguest” but this time don’t check the Guest User box; this setup will allow you to map the not-guest user to a smbguest SSID that has different security credentials. This is a very useful setup when a “not-guest” users can be connected to the wireless network using Web-auth credentials and without and AAA server. STEP 1. From the same tab you can create or modify the Web Authentication page as shown below.
Note Lobby ambassador from the Web UI or System administrator has to create all the Guest and Local Net user accounts. Also note that session timeout will impact the Lifetime of the local net user. The session will end whatever ends sooner the Lifetime or the session timeout timer. Session timeout of “0” means session for that WLAN will not expire. STEP 2. Click Hide or Show if you want Cisco Logo to appear on the log on page. STEP 3.
STEP 10. Verify that client appears on the WLAN Controller’ client list as Associated and Authenticated. STEP 11. Click on the Monitor > Report > Wireless Client link to view associated client detail table. Guest clients should show as associated in the table with configured Guest profile.
The work around in this release of CCA 1.0 - 1.6 is to apply ACL's on the UC500 or on the 526 controller. Create the ACLs on the controller as shown in the example below: Web Authentication lockout STEP 1. Start WWW browser on SE Laptop and browse to https:// 1.1.1.1/login.html .You will get a redirect to the web authentication page STEP 2. At the WebAuth login screen, login using the “guest” User Name however, use an incorrect password 4 times. STEP 3.
APPENDIX-A — IP ADDRESSING AND ACCOUNT INFORMATION Table 1. Device Management Access Device IP Address User Password Laptop 192.168.20.X (Guest User) NA NA Cisco 521 AP Created during the demo NA NA Cisco UC520 192.168.10.1 admin cisco 526 WLAN Controller 192.168.10.50 (Management Interface) admin cisco Local RADIUS server 192.168.10.1 n/a Key=demo Table 2.
Cables UC 520 6’ – Console Cable - optional Console Port Table 3. Device end Quantity 1 Wireless LAN SSIDs IP address Username Password SSID: dataopen (EAP/802.1x) 192.168.30.1 n/a n/a SSID : datasec (WPA2/AES/802.1X) 192.168.40.1 n/a n/a Description SSID: smbguest (WPA2-PSK/AES/WEBAUTH) 192.168.20.1 Not-guest demo SSID: smbphone (WPA/TKIP/802.1X-CCKM) 10.1.1.1 n/a n/a (open) 10.1.1.1 n/a n/a (WPA-PSK/TKIP/WEBAUTH) 192.168.50.1 n/a WPA PS key=sbcsdata 192.168.60.
Cisco Configuration Assistant, a PC-based intuitive GUI configuration tool, is an integral component of the Cisco Smart Business Communications System. With a focus on ease of use, the Cisco Configuration Assistant simplifies configuration of multiple technologies-unified communications, switching, routing, security, and wireless. Cisco Configuration Assistant simplifies telephony configuration and provides follow-up support to facilitate easy modification.
• Simplified topology mapping and deployment through dynamic discovery-Cisco Configuration Assistant's unique discovery capabilities provide users with total control when discovering network devices to create a community. Users can discover devices by entering a seed IP, range IP, subnet IP, or a single IP address. This feature provides more flexibility and time savings when designing the topology.
• Increased security and performance through network synchronization-This feature detects inconsistent settings in the network such as VLAN mismatches, centralized time, and security policies. Working with the Troubleshooting Advisor, users can detect and fix these inconsistencies easily.
Supported Devices Table 1 describes supported devices. Table 1. Cisco Configuration Assistant 1.
8 PoE ports, 1 VIC slot for expansion Feature licenses for call control, voicemail and Cisco Unified IP Phones Note: requires an eight (8) port Cisco Catalyst Express 520 switch with 8 user call control feature license UC520-16U-2BRI-K9 16 User configuration with 2 BRI trunks (BRI), 4 Analog ports (FXS), 8 PoE ports, 1 VIC slot for expansion Feature licenses for call control, voicemail and Cisco Unified IP Phones Note: requires an eight (8) port Cisco Catalyst Express 520 switch with 8 user call control fe
UC520-48U-12FXO-K9 48 User configuration with 12 PSTN trunks (FXO), 4 Analog ports (FXS), 8 PoE ports, 1 VIC slot for expansion Feature licenses for call control, voicemail and Cisco Unified IP Phones Note: requires two twenty-four (24) port Cisco Catalyst Express 520 switches (WS-CE520-24PC-K9) UC520-48U-6BRI-K9 48 User configuration with 6 BRI trunks (BRI), 4 Analog ports (FXS), 8 PoE ports, 1 VIC slot for expansion Feature licenses for call control, voicemail and Cisco Unified IP Phones Note: requires
CISCO857W-G-E-K9 Cisco 857 ADSL Wireless Router; Europe Cisco 870 Series Integrated Services Routers CISCO871-K9 Cisco 871 Ethernet to Ethernet Router CISCO871W-G-A-K9 Cisco 871 Ethernet to Ethernet Wireless Router; U.S.
Cisco Mobility Express Solution AIR-AP521G-A-K9 Cisco 521 Wireless Express Access Point (Cisco IOS Software) AIR-AP521G-E-K9 AIR-AP521G-P-K9 Cisco 521 Wireless Express Access Point (Cisco Unified Wireless Network Software) AIR-LAP521G-AK9 AIR-LAP521G-E-K9 AIR-LAP521G-P-K9 AIR-WLC526-K9 Cisco 526 Wireless Express Mobility Controller Device Limitations The solution supports up to 25 devices in a small office network, including: • Five routers • Three autonomous wireless access points • Two wireless contr
APPENDIX-C — CISCO 500 SERIES WIRELESS MOBILITY EXPRESS CONTROLLER The Cisco 500 Series Wireless Express Mobility Controller is designed to optimize the wireless networks of small and medium-sized businesses (SMBs). As a core element of the Cisco Mobility Express Solution, the mobility controller is built to specifically support the Cisco 500 Series Wireless Express Access Points. Together, they provide IT Managers complete visibility of the wireless network.
Streamlined management tool Uses Cisco Configuration Assistant management software instead of a command-line interface for configuration to accelerate new and incremental deployments. Supports Cisco LWAPP Uses Cisco LWAPP for communication between access points and controllers to simplify deployment and follow-on management, and to automate functions required for a pervasive WLAN end-user experience.
System Simplifies multiaccess-point networks ○ Cisco Configuration Assistant management tool1 ○ Support for Cisco Lightweight Access Point Protocol (LWAPP) ● ● ● ● ○ ○ ○ ● ● Multi-access-point Radio Resource Management (RRM) ○ ○ ● ● Support for a range of secure authentication mechanisms ○ ● ● ● Wired/wireless network virtualization ○ ● ● ● Advanced-mobilityservices-ready: Cisco Secure Guest Access ○ ○ ● ● Advanced-mobilityservices-ready: Voice over WLAN optimization ○ ○
1 RJ-45 serial port for direct console access Wired/switching/routing IEEE 802.3 10BASE-T, IEEE 802.3u 100BASE-TX specification, and IEEE 802.
APPENDIX-D — CISCO 500 SERIES UNIFIED COMMUNICATION The Cisco Unified Communications 500 Series is an all-in-one unified communications solution that integrates voice, data, video, security, wireless, and management into one platform. It brings unified communications to small businesses and organizations by providing a simplified, affordable solution that is easy to configure, deploy, and manage.
The IP phone portfolio includes options for use from wherever the user is located: the company lobby, the manufacturing floor, the executive suite, at home, on the road, or in branch offices (Figure 2). Figure 5. Cisco Unified IP Phone Portfolio Cisco Unified Communications Manager Express Cisco Unified Communications Manager Express is a Cisco IOS® Software solution embedded in the Cisco Unified Communications 500 Series appliance that provides call processing for Cisco Unified IP phones.
APPENDIX-E — CISCO CATALYST EXPRESS 520 SERIES SWITCHES Cisco Catalyst Express 520 Series Switches are a family of fixed-configuration, Layer 2 managed Ethernet switches that provide the reliability, scalability, and rich feature set your business needs in a cost-effective, easy-to-manage platform. Designed specifically for organizations with fewer than 250 employees, the solutions provide: • Wire-speed Fast Ethernet and Gigabit Ethernet connectivity • Power over Ethernet (PoE) to provide 15.
Cisco Catalyst Express 520-24LC Switch (WS-CE520-24LC-K9) • 20 10/100 access ports for desktop connectivity • 4 10/100 access ports with PoE for desktop, wireless access point, IP telephony, or closed-circuit TV camera connectivity • 2 10/100/1000BASE-T or SFP ports for flexible uplink or server connectivity Cisco Catalyst Express 520-24PC Switch (WS-CE520-24PC-K9) • 24 10/100 access ports with PoE for desktop, wireless, IP telephony, or closed-circuit TV camera connectivity • 2 10/100/1000BASE-T or SFP
