WLAN
ADU-L 'ADU is a tool used to create profiles that can then be used depending on where you are connecting: home, office, entertainment etc and it is clear that such acts directly ADU the wireless adapter card installed on your computer.
-L 'takes care of the Association between the ADU client adapter and access point, the authentication, data encryption. It 'is clear that with ADU client adapter can only handle one at a time.
-L 'ADU can be used to enable and disable the wireless adapter and configure LEAP authentication with dynamic WEP.
Aironet Desktop Utility (ADU) is a utility profile manager for the Cisco Aironet client adapters CB21AG and PI21AG. This utility Allows the user to create and manage up to 16 profiles for the client adapter. A profile is a set of configuration settings (network settings) on the client adapters That Allows your wireless adapter to connect to a network access point (AP) (Infrastructure mode) or computer (device-to-device ad hoc mode).
Profiles enable the user to use the client adapter in different locations, each of which requires different configuration settings. Some examples are profiles for home, office, airports, and public hotspots. Once the profiles are created, the user does not have to configure the client adapter after each move to a new location. Instead, the user only needs to switch between the different profiles.
Cisco Aironet CB21AG and PI21AG client adapter software is incompatible with other Cisco Aironet client adapter software. The ADU must be used with CB21AG and PI21AG cards.
The latest version of the ADU utility can be downloaded from Wireless Software downloads.
To create a profile using the ADU, perform these steps:
1. To open the ADU profile manager, double-click the Aironet Desktop Utility icon on the desktop.
2. Click on New on the ADU (Profile Management) window. The Profile Management (General) window appears.
3. Enter a name for your new profile (such as office, home, etc.) in the Profile Name field.
4. If you want this profile to use the default values, click OK. The profile is added to the profiles list on the ADU (Profile Management) window.
5. To change any of the configuration parameter settings (to values specified by your system administrator, for example), select the General, Advanced, and Security tabs. Change any desired parameter values. Click OK when you are finished making changes. The profile is added to the profiles list on the Cisco ADU window.
6. To activate a profile, select the profile from the Profile Management window, and click on Activate.
For more information and example screenshots on how to create a new profile on the client adapter, refer to the Using the Profile Manager.
For information on configuring the General, Advanced and Security parameters on the client adapter, refer to Configuring the Client Adapter.
Risposta: The Microsoft Wireless Configuration Manager can be configured to display the Aironet System Tray Utility (ASTU) icon in the Windows system tray.
Nell'architettura wireless pensata da cisco e indicata con il nome di Cisco Unified Wireless Network, there is an architectural solution indicated by the name of Controller-Based WLAN Solution.
The concept is that the access point is responsible for very little and is totally controlled by another device by the name of WLC. Access Point WLC and communicate via the LWAPP protocol.
It makes you feel just a tunnel between AP and WLC and the communication takes place through LWAPP.
The communication is governed both by the LWAPP Layer 2 (data link) and Layer 3 (network, UDP).
below what happens to the LWAPP.
LAP who discovers a WLC
The AP, once it receives the IP address from DHCP Server, has to discover the WLC to scaricaresi configuration.
There are two methods you can use:
-sending broadcast request to join that work well in the case of LAP and WLC in the same subnet
-submission of a list of available WLC sent in the DHCP response from the DHCP server if the ' Option 43 is enabled, this is useful in the case of WLC and LAP on two different subnets.
Regarding the discovery phase of the WLC available, there are actually two ways of use: L2 and L3 discovery discovery algorithm. In the first instance, the algortimo level 2 is no longer used, in favor of Level 3 dell'algortimo
A LAP always has a list of three and WLC for example, once finished booting up, try to LAP connect each time one of the WLC disposnibili. In EVENT SHALL fail then makes a request to broadcast. If you lose connection WLC and LAP, the LAP will then reset and the search for new ricomncia WLC.
In general we have:
1) The LAP as the WLC need an IP address and may or not belong to the same subnet
2) E 'can be a phase of authentication between LAP and WLC
3) Just to see that What does the WLC for example: as soon as it is connected all'ecces point, compare the code image of the LAP with its locale and in case of differences aggionra version of the LAP
4) E 'can be configured through the WLC or console or CLI. For the examination is important to know that:
HTTP-access-> conf-net webmode
access HTTPS-> conf net secureweb
1) The LAP sends a request to the DHCP server to obtain the IP address
1) LAP sends LWAPP discovery request to a level 2 . If the LAP does not support or if the L2 LWAPP WLC does not respond or lose any response, then the part with a LAP L3 LWAPP discovery
2) The WLC responds with an LWAPP discovery response
3) LAP sends a join request
4) The WLC responds with a join response
5) Once past qesto phase starts with the user mutual between WLC and LAP and the creation of an encryption key for the encription package. Recall that the data is on the tunnels scmabiati LWAPP without encryption, and encrypts the control data are
6) Periodically WLC and LAP exchange of hello messages to verify that they are still in communication with each other
7) The LAP as soon as it receives a data from a host, it encapsulates and sends it into the tunnel and sends it to the LWAPP WLC which then sends it to its destination.
-association request and action-resource reservation
-authentication-access point discovery, information exchange and configuration
-access point certification and software control
-packet encapsulation, fragmentation ,
formatting and management control-communication Between Access Points and wireless system device
In a nutshell then deals with both access to the management of the access point.
Access Point in turn takes care of time critical operations:
-beacons, probe responses
ack-packet transmission and packet-frame
queuing prioritization frame-mac
encryption and decription
-monitoring of the radio channel: or better ordering the WLC to the access point to monitor
the channel and then send this info as noise, signals from other APs to the WLC, which then takes the final decision in terms of monitoring for example.
-encryption of data: in fact the data exchanged between the host and can be encrypts lap, but once he is sent to the AP by means of the WLC LWAPP tunnel without any encryption. The
-based control solution is also indicated by the name of WLA lightweight solutions and is opposed to stand-alone solution in which the access point is in charge of all the proper operation of the wireless communication between client and network. WLSE uses a maximum for a centralized management.
LWAPP protocol used between the AP and the WLC for the encapsulation of data and control messages
In particular, the traffic control as well as to be encapsulated is also encrypts, while data traffic is not only encapsulated . Clearly, for safety reasons, traffic data can be unencrypted tract host - access-point.
When the WLC receives traffic from a customer, the applicable QoS and VLAN tagging.
The tunnels created, as I understand it, are two: one for data and one for control info.
Both the access point that the WLC IP address must have a clear order for the access point you download the configuration from the WLC.
In the first instance we can say that essentially when a mobile host wants to communicate with another host sends traffic to your access point, the access point then sends it to the WLC and the WLC sends it to the AP which is connected 'destination host.
UDP data traffic is encapsulated with UDP source port 1024 and destination port 12222
Traffic Control is encapsulated with UDP source port 1024 and destination port 12223
HREAP
From the description above made it clear that the access point is unable to function properly if he loses connection with the WLC. In this case infattil the access point stops working and must be taken to find another access point. So, to remedy this situation, you can use as an access point HREAP that in case of loss of connection with the WLC has the opportunity to work in standalone mode, allowing continuity in the transmission between access points and hosts. It is usually used in situations in which the WLC is is in a difficult position to be reached, or in situations where there is only one WLC and no backup
WCS
E 'WLC clear that without an access point is unable to properly communicate with its host. So to avoid problems or interruption of the flow of data between the host and access-point, it was decided to introduce an access-point called HREAP that can operate in either control-based (with WLC) that a stand-alone (without WLC) .
Cisco Wireless LAN Solution Engine (WLSE)
can be used to manage the autonomous access point.
Regarding QoS, or packets as a forward there are essentially three ways: Best Effort, Integrated Service Model, Differentiated Service Model. If
Integrated Service Model the traffic source, by RSVP is a reservation of resources depending on the traffic that is to send and thus the relevant parameters / requirements. If the various devices along the path can provide these requirements, then the source will receive a confirmation and send the traffic. An example of integrated service can be:
-Intelligent Queuing mechanism used in conjunction with RSVP to provide the following types of service:
1) Guaranteed Rate Service, which allows applications to reserve bandwidth to meet the demands relished. For example, a VoIP application can reserve 32 Mbps end to end. The Cisco IOS uses WFQ (Weighted Fair Queuing) with RSVP to provide this service.
2) Controlled Load Service, which enable applications to have low delay and high throughput even under periods of congestion. An example would be real-time applications such as conferences. In this case a queue WRED is used with RSVP. The tail usually peremmet WRED to drop packets with few demands in terms of QoS, in the case of congested links. In the case of DiffServ
Instead, each switch / router will take the decisions on how to treat the received packet according to the info QoS present in the header of the packet. By
DiffServ QoS can ottenre du traffic transmitted between switches.
The DiffServ approach uses a packet basis. In particular, we consider two switches that use a trunk encapsulation: in this trunk link can be transmitted in packets that belong to different VLANs. Each package is identified by a tag that indicates the VLAN membership and it can use some bits of the CoS to indicate how to treat the individual unit package.
Particularly in the case of encapsulation dot1q some bits are used to assign the header to the packet CoS, CoS, ranging from 0 to 7. In the case of ISL encapsulation
however, are always used three however, bits that are "taken" by a header field called User Field. However, there is full compatibility between the QoS implemented on a link in an implementation 802.1qe ISL to allow the communication between two distant swicthes and maybe connected to each other using, along the route, different techniques of incaspulamento.
In general, always take the DiffServ model, which in turn is linked to the concept of DSCP, which again, shows how bits are placed in the header of the packet QoS in the context chiaremente.
The following table of correspondence CoS-DSCP, IP precedence, DSCP:
The basic concept is: I can not create
- voice vlan interfaces on level 3 but only at level 2. But this is clear, I can only create the vlan on switch !!!!!
-CoS QoS to L2 is linked to the most thrilling or frames transmitted over a trunk link for example.
precdence-IP is connected to the concept of IntServ
DSCP-DiffServ QoS model is linked to
In a nutshell all traffic must be "marked" according to the QoS DSCP, so if a switch a packet comes in its L2 QoS is mapped to DSCP in the case of L3 IP Precedence, DSCP QoS is mapped it.
Then there is the concept of trusted and untrusted ports.
In the case of trust port, packets with CoS are left to pass, is applied to those untagged qos default. In
untrusted mode, the IP phone re-marks the Layer 2 CoS value to the new value (if configured on the access layer switch) or changes it to 0, if nothing is configured. The default is untrusted mode, Which is the recommend method.
Considering the topology above are:
1) The switch provides energy to the phone (PoE)
2) With the command:
"mls qos trust cos", indicates that the Fast Ethernet 0 / 4 is trusted for which does not affect the QoS values \u200b\u200bof incoming packets is already tagged (802.1q / p), while for untagged packets, QoS can be applied by default, which is zero.
In other words it means that I make the switch port that accepts trusted tagged voice packets coming from the phone without overwriting the QoS.
3) The IP phone can be connected to a PC. The default port of the phone connected to your PC is untrusted, so it overwrites with CoS equal to zero (default) or by applying the values \u200b\u200bconfigured on the port CoS, all packets sent from the PC.
with the Run command from the interface on the switch:
switch (config-if) # switchport priority extend {cos value Usually the rule is that voice traffic has QoS is then tagged (802.1q / p) as the traffic data do not, and as we have seen we can safely handle the IP phone in two ways: either the CoS attribute a zero or fix a precise value of qos switch (config-if) # switchport priority extend {cos value and QoS (L3)). As for the control data in the transmission of voice, using the values \u200b\u200bof CoS and QoS of three.
If instead, the switch turns out that there is a mobile ip then report its untrusted interface and overrides the CoS of the received packets with CoS defalut which is 0. By default, not just turn a swicth, and watch the qos set to an interface with the command
switch # show interface type mod / num switchport
get:
QoS is disabled. When QoS is enabled, settings will be Applied Following
trust state: not trusted
trusted mode: not trusted
trust enabled flag: ena COS override: dis default COS : 0
DSCP Mutation Map: Default DSCP Mutation Map Trust device
: none
qos mode: port-based
After setting the parameters qos interface I get:
Switch # show mls qos interface FastEthernet 0 / 1
FastEthernet0 / 1
trust state: trust cos
trusted mode: trust cos trust enabled flag: ena COS
override: dis default COS
: 0
DSCP Mutation Map: Default DSCP Mutation Map
Trust device: cisco-phone qos mode: port-based
Continuing, we can now deal with the concept of Trusted Boubdary.
In the case of configuration like this: switch (config-if) # mls qos trust cos, I point to the switch to make the trust of packets received from the IP phone. In this case, then the IP phone becomes the trust boundary. Packets sent from the IP phone to the switch then, belong to a voice vlan, then arrive on the interface of the switch with the appropriate value set of CoS. They are given 802.1q header (which tag the packets with the voice vlan id) within the CoS field consists of three bits.
voice in terms of QoS must meet the following requirements:
-delay of less than 150 ms
-
-
-The voice packets are usually large 60 to 120 bytes -A call requires a rate 17 to 106 kbps 150 bps is the bandwidth for traffic control to ensure
-a delay of 150 ms <=30 ms jitter interface on which to configure vlan vocie:
-access port must be a automatiacemnet-port fast is enabled and remains active even after the voice vlan diasttivo <=1 % packet loss-l 'interface SUPPOTA 802.1x
-you can not configure static secure or sticky secure MAC address
-can be a dynamic access port
-I can configure port security: in this case the maximum number of machines allowed period must be at least 2: In fact, the switch connecting at least two or deviuces the phone and the PC (ref: http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_14_ea1/configuration/ Guides / swtrafc.html # wp1038546)
Plus' Whereas the topology under:
It has: Recital 4-
the vlan 1, 10,20,30,40
-VLAN 10 for voice
- vlan 30 for data from the PC
So, in this context, the access switch port Fa0/15 will be configured ALS1: -in access mode on vlan 30 vlan 10
-defines as the voice vlan ALS1 (config-if) # switchport access vlan 30
ALS1 (config-if) # switchport voice vlan 10
What happens in the case of one vlan for both voice and data? Apparently it seems that In this case you can not assign a value of 802.1p QoS to voice, because in my opinion would automatically apply the same priority as data traffic is also because of belonging to the same subnet: in these cases so it is useless to set values \u200b\u200bor QoS priority.
Dot1p: When I talk about dot1p means the 3-bit CoS 802.1q inserted in the header of the frame. They have meaning only at level 2. When referring to "tagged packet" means packets 802.1q / p tagged (reference: http://www.ciscopress.com/articles/article.asp?p=385336&seqNum=2)
Controls:
-switchport priority extend cos
: instructs the IP phone to override, if any, CoS of incoming frame from the PC, with a value that is equal to "priority"
-mls qos trust [cos]: indicates the switch to make the trust of incoming packets with CoS: Based on the reported value of CoS of incoming frames, the switch sends the output code in the appropriate ppachetti
-mls qos trust device cisco-phone: indicates that the IP Phone is a trusted device (in my opinion this commandment extend the boundary)
WLSE: it is linked the concept of autonomous access points
IP Phone and DHCP server
SSCP and CCM: events to establish a call
CCM, Cisco Call Manager is used together with protocllo SSCP to establish a call between two phones (the phone connects to the CCM through port 2000 or 2443, in the case of secure connections). The sequence of events is:
-L 'ip phone alerts the source of CCM' off-hook state -CCM istruisce l'IP phone di fornire dialtone -L'ip phone invia le cifre digitate al CCM
-CCM ruota la chiamata o al PSTN o all'ip phone destinazione
-RTP trfiic รจ scambiato tra l'ip phone sorgente e destinazione
0 comments:
Post a Comment