wireless access point emulator (IOS 12)
Back | Part 1 | Part 2 | Part 3 | Part 4 | Chall 01 | Chall 02| Chall 03| Chall 04 | Chall 05 | Test | GUI  | Home   

[Expand][PDF Tutorial][New .NET Version]

Perform the following:

1

Go into the privileged mode by typing enable.

2

SHOW CLIENTS. This command is used to show the details of all the associated clients, and uses:


# show dot11 associations all-clients

An example of the output is:


Address : 0003.6dff.2a51 Name :
IP Address : 192.168.0.11 Interface : Dot11Radio 0
Device : - Software Version :
State : Assoc Parent : self
SSID : tsunami VLAN : 0
Hops to Infra : 1 Association Id : 3
Clients Associated: 0 Repeaters associated: 0
Key Mgmt type : NONE Encryption Rate : 11.0
Capability : ShortHdr
Supported Rates : 1.0 2.0 5.5 11.0
Signal Strength : -29 dBm Connected for : 913 seconds
Signal Quality : 81 % Activity Timeout : 31 seconds
Power-save : Off Last Activity : 28 seconds ago
Packets Input : 143 Packets Output : 5
Bytes Input : 16801 Bytes Output : 266
Duplicates Rcvd : 0 Data Retries : 0
Decrypt Failed : 0 RTS Retries : 0
MIC Failed : 0
MIC Missing : 0


19.SHOW DOT11 ASSOCIATIONS STATISTICS. This command shows the statistics for the associations. For example:


# show dot11 associations statistics

An example of the output is:


---- DOT11 Assocation Statistics -------------
On Interface Dot11Radio0:
cDot11AssStatsAssociated :2
cDot11AssStatsAuthenticated :2
cDot11AssStatsRoamedIn :0
cDot11AssStatsRoamedAway :0
cDot11AssStatsDeauthenticated :1
cDot11AssStatsDisassociated :1
cur_bss_associated :1
cur_associated :1
cur_bss_repeaters :0
cur_repeaters :0
cur_known_ip :1
dot11DisassociateReason :2
dot11DisassociateStation :0003.6dff.2a51
dot11DeauthenticateReason :2
dot11DeauthenticateStation :0003.6dff.2a51
dot11AuthenticateFailStatus :0
dot11AuthenticateFailStation :0000.0000.0000


20.SHOW INTERFACES DOT11RADIO0 STATISTICS. This command shows the statistics for the radio port. For example:


# show interfaces dot11radio0 statisticsAn example of the output is:


DOT11 Statistics (Cumulative Total/Last 5 Seconds):
RECEIVER TRANSMITTER
Host Rx Bytes: 41758 / 0 Host Tx Bytes: 135270 / 0
Unicasts Rx: 450 / 0 Unicasts Tx: 1258 / 0
Unicasts to host: 450 / 0 Unicasts by host: 11 / 0
Broadcasts Rx: 1247 / 0 Broadcasts Tx: 30329 / 49
Beacons Rx: 0 / 0 Beacons Tx: 29773 / 49
Broadcasts to host: 0 / 0 Broadcasts by host: 556 / 0
Multicasts Rx: 0 / 0 Multicasts Tx: 77 / 0
Multicasts to host: 0 / 0 Multicasts by host: 77 / 0
Mgmt Packets Rx: 1247 / 0 Mgmt Packets Tx: 1247 / 0
RTS received: 0 / 0 RTS transmitted: 0 / 0
Duplicate frames: 65 / 0 CTS not received: 0 / 0
CRC errors: 57 / 0 Unicast Fragments Tx: 1258 / 0
WEP errors: 0 / 0 Retries: 0 / 0
Buffer full: 0 / 0 Packets one retry: 0 / 0
Host buffer full: 0 / 0 Packets > 1 retry: 0 / 0
Header CRC errors: 656 / 0 Protocol defers: 0 / 0
Invalid header: 0 / 0 Energy detect defers: 52 / 0
Length invalid: 0 / 0 Jammer detected: 0 / 0
Incomplete fragments: 0 / 0 Packets aged: 0 / 0
Rx Concats: 0 / 0 Tx Concats: 0 / 0
RATE 11.0 Mbps
Rx Packets: 450 / 0 Tx Packets: 8 / 0
Rx Bytes: 41664 / 0 Tx Bytes: 764 / 0
RTS Retries: 0 / 0 Data Retries: 0 / 0


21.SHOW DOT11 NETWORK-MAP. This command shows the radio network map. For example:


# show dot11 network-map

22.RTS. The RTS (Ready To Send) is used to handshake data between the client and the WAP. RTS threshold is used to set the packet size at which the access point issues a request to send (RTS) before sending the packet. Low RTS Threshold values are useful in areas where there are many clients, or where the clients are far apart and cannot reach each other (the hidden node problem). The Maximum RTS Retries (1-128) defines the maximum number of times the access point issues an RTS before abandoning the send. For example to set the threshold at 1000 Bytes and the number of retries to 10:


# config t
(config)# int dot11radio0
(config-if)# rts ?
(config-if)# rts threshold 1000
(config-if)# rts retries 10
(config-if)# exit
(config)# exit

23.PACKET RETRIES. The maximum data retries value (1-128) defines the number of attempts that a WAP makes before dropping the packet.


# config t
(config)# int dot11radio0
(config-if)# packet retries 5
(config-if)# exit
(config)# exit

24.FRAGMENT-THRESHOLD. The fragmentation threshold value sets the size at which packets are fragmented (256 B to 2338 B). Low values are good when there are many errors in the transmitted data, as there will be more chance that each of the fragments will be received correctly. An example is:


# config t
(config)# int dot11radio0
(config-if)# fragment-threshold 1000
(config-if)# exit
(config)# exit

25.LOCAL ATHENTICATION. Large networks require a separate RADIUS server to authenticate nodes. For smaller networks it is possible to run a local authenticator. The steps are:


·The local WAP is defined as a RADIUS-SERVER (radius-server local).
·The WAP is defined as a NAS (Network Authentication Server).
·Local users are defined, along with passwords (up to 50 users can normally be created).

# config t
(config)# aaa new-model
(config)# radius-server local
(config-radsvr)# ?
(config-radsvr)# nas 192.168.0.1 key fred
(config-radsvr)# user michael password none
(config)# exit
# show radius local-server statistics

Examine the running-config. How has the password been changed for the user?


26.WEP (40-bit). WEP is the basic encryption method used for wireless. Unfortunately the 40-bit version can be cracked within 5 hours, but it can be used as a barrier to stop users from initially connecting to the WAP. For the key to be generated the user must define a 10-digit hexadecimal code:


# config t
(config)# int dot11radio0
(config-if)# encryption mode wep optional
(config-if)# encryption key 1 size 40bit 0 1122334455 transmit-key
(config)# exit

Examine the running-config. How has the encryption key been changed?

How many digits does the hashed encryption key have?


27.WEP (128-bit). The same can be done for 128-bit encryption, which is more secure. In this case we require 26 hexadecimal digits.


# config t
(config)# int dot11radio0
(config-if)# encryption mode wep optional
(config-if)# encryption key 1 size 128bit 0 12345678901234567890123456 transmit-key
(config)# exit

Examine the running-config. How has the encryption key been changed?How many digits does the hashed encryption key have?


28.IP PROXY-MOBILE. This command is applied to the interface command to enable proxy Mobile IP operations. For example:


# config t
(config)# int dot11radio0
(config-if)# ip proxy-mobile
(config-if)# exit
(config)# exit


The basic details of the wireless access point is:


FA0 - Fast Ethernet connection to the network.
DOT11RADIO0- 2.4GHz radio connection.
DOT11RADIO1- 5GHz radio connection.


29.CDP (Cisco Discovery Protocol) is set with the following:


# config t
(config)# cdp holdtime 120
(config)# cdp timer 50
(config)# end


Using the show cdp command, determine the settings for CDP:


30.To enable CDP on the WAP:


# config t
(config)# cdp run
(config)# end


31.To enable CDP on an interface:


# config t
(config)# int fa0
(config-if)# cdp enable
(config-if)# end


32.To show CDP information:


# show cdp neighbors
# show cdp neighbors detail
# show cdp neighbors traffic


33.Set authentication:


# configure t
(config)# configure interface dot11radio 0
(config-if)# ssid fred
(config-ssid)# authentication ?
(config-ssid)# authentication network-eap joe
(config-ssid)# end

34. Enable encryption key


# config t
(config)# configure interface dot11radio 0
(config-if)# encryption mode cipher tkip wep128
(config-if)# encryption key 3 size 128 12345678901234567890123456 transmit-key

 

For more, use:

[PDF Tutorial]

If you would like to register the wireless access point emulator, or obtain the full version, please complete the following:

Purchase emulator