Cisco 9800 Wireless 2024 – Phase 11 – Version 17.12.02 Bulk Bulk AP Provisioning
Version 17.12.02 makes it easier to provision APs with primary, secondary, and tertiary controllers.
Version 17.12.02 makes it easier to provision APs with primary, secondary, and tertiary controllers.
Before you begin Clean up the old installation files Copy the new image to flash Verify that the file was […]
Testing and verification are based on the following basic configuration found here. Verification of VLANs & VLAN IDs Verification of […]
Basic Connectivity Configuration. The configuration workflow is as follows Create a PSK WLAN to test basic connectivity Create the Policy […]
Cisco 9800 VPC on Nexus Cisco 9800 HA on 17.X Cisco 9800-CL HA Configuring a highly available wireless network requires […]
Security Requirements: All Cisco access points must be authorized locally to join the Cisco 9800 WLC. Background Information To authorize […]
Note: When HTTP authentication is configured using TACACS+/RADIUS, the banner message does not display on the Web UI. The login […]
Problem Resolution Retrieve the CA in base64 format Right click on the .cer file and open with a text editor […]
Add DNS entries for the Cisco 9800 Controllers Add the Cisco 9800 Controllers to Cisco ISE Configure the ISE TACACS+ […]
West Coast LA Local See the steps on configuring HA here Verify that the WLC pair is in HA By […]
Goal: Configure the core WLAN infrastructure (West and East Coast) Verify IP reachability between West and East WLCs
Goal: Configure the core WLAN infrastructure (West and East Coast) West Coast Data Center 1 Note: The East Coast Dater […]
Part 1 Testing the Failback After the failover server fails over and becomes the primary, test the failback functionality. These […]
Part 2 About the Failover Server The failover server communicates with the watched AirWave servers using SSH, SNMP, and AMON […]
“On box” Create the CSR Create a folder with the name of the device Create the OpenSSL .cnf file Update […]
“Off box” ssh into the WLC Retrieve the CA in base64 format Right-click on the .cer file and open it […]
R1, R4 and CORE-SWITCH ISE Config System > Deployment > Edit the ISE node 2. Add the network devices 3. […]
Proof of concept – Cisco Captive Portal via an Aruba Mobility Controller. The wireless LAN controllers are “firewalled” and can […]
TCP Startup Connection Process Step #1 Step # 2 Step # 3 Computer_X acknowledges receipt of WebServer_X’s sequence number and […]
ARP stands for Address Resolution Protocol. It is a communication protocol used in computer networks to map an IP address […]
High-Level Groups and Profiles AP Groups An Example AP group and the associated profiles. WLAN Profile > Virtual AP AP […]
Part 1 Destination Alias Example Destination Aliases A quick note about positioning. Example: Look at the original rule and start […]
Part 2 Aruba’s configuration can be a bit confusing at times. The focus of the Aruba Campus Access Fundamentals, Implementing […]
R5 R1 R2 R3 R4 Verification
High-Level Operations Summary Wireshark Verification All 4 (Spoke) routers sent an NHRP Registration Request to R5 (Hub), who responded with […]
Configuration and Behavior Between R5 and R1 R1 (Spoke) sends an NHRP Request to R5 (Hub) R5 (Hub) Responds with […]
DMVPN Phase 2 with static mapping restrictions: R5 Hub R1 R2 R3 R4 Verification of mappings R1, R2, R3 and […]
Dynamic mappings allow for a much more scalable configuration. How does this work? R5 HUB R1 Spoke R2 Spoke R3 […]
Network Type DB/BDR Hello TypeUnicast/Multicast Hello/Dead/WaitIntervals Point-to-Point NO Multicast 10/40/40 Point-to-Multipoint NO Multicast 30/120/120 Point-to-Multipoint Non-broadcast NO Unicast 30/120/120 Broadcast […]
Building OSPF Adjacencies Down This is the first OSPF neighbor state. It means that no information (hellos) has been received […]
Part 1 Link State Advertisements (LSAs) OSPF Header The major fields of the OSPF packet header are as follows: Identifying […]
Part 2 Forming OSPF Adjacencies Must match items: Must be unique items: OSPF Network Types Broadcast DR/BDR Election There is […]
EVE-NG topology DMVPN combines mGRE, the Next-Hop Resolution Protocol (NHRP), and optional IPSec. DMVPN can be implemented as Phase 1, […]
VLSM table Major Network = 10.15.0.0/22 11111111.11111111.11111100.00000000 Number of networks = 2^ 6 = 64 Network Address Usable Host Range […]
The OSI (Open Systems Interconnection) model is a conceptual framework that standardizes the functions of a communication system or network […]
TCP Header
DHCP stands for Dynamic Host Configuration Protocol. It’s a network protocol used to automatically assign IP addresses and other network […]
Traceroute from PC1 (192.168.13.2) to PC2 (192.168.62.2) Note to self: The process repeats for each router in the path. Even […]
VTP Modes You can configure a switch to operate in any one of these VTP modes: VTP Version 1 VTP […]
Example Exponent Number of Hosts * -2 Notation Bits Subnet Mask 2^1 2 /31 11111111.11111111.11111111.11111110 255.255.255.254 2^2 4 /30 11111111.11111111.11111111.11111100 […]
Wireless remote packet capture refers to the process of capturing network traffic on a remote device or network using a […]
Disclaimer for Wireless Penetration Testing Educational Purposes: The wireless penetration testing educational service provided here is solely for the purpose […]
Trigger Frame The trigger frame is a control frame of the MAC header, which contains the association IDs (AIDs) of […]
The article that covers the details of the attack can be found here and here. Launch the rogue AP Start […]
Part 1 Part 2 hostapd-wpe Download the files Creating certs Copy and edit the hostapd-wpe config file Execute the script […]
Part 1 Part 3 berate-ap OR Test berate_ap Testing hostapd-mana Create certificates: Documentation can be found here Create a certificate […]
Part 2 Part 3 Reference and credit: https://w1f1.net/ Tools: screen Linux screen is a command-line utility that allows you to […]
References: EVP_RSA_gen() generates a new RSA key pair with modulus size bits. Create a certificate signing request. Create the hostapd.eap_user […]
Wireless Penetration Test and Training Purposes Disclaimer: The training material and exercises provided are for educational and training purposes only. […]
AWUS036AXML is the WiFi 6/6E (802.11ax) 2×2 6 GHz and Bluetooth 5.2 high-performance USB adapter. It comes with a 2-in-1 USB-C […]
By default, Kali is set to global regulatory domain (00). To change or set the regulatory domain, run iw reg […]
Part 1 Create the wireless monitor interface(s). 2. Recon and gather info using any of the monitor mode interfaces. Take […]
Part 2 Check the status of the adapter/driver The recon data will be saved in .csv format. This is useful […]
This is a high-level document where I try to understand how different devices will transfer data and at what data […]
Passive Scanning – With 1200 MHz to cover and 59 channels to scan, a station with a dwell time of […]
Reference: https://www.wi-fi.org/news-events/newsroom/wi-fi-alliance-delivers-wi-fi-6e-certification-program An overview of WPA 3 can be found here wlan virtual-ap “WIFI6E”aaa-profile “WIFI6E_AAA_PROFILE”vlan 12ssid-profile “WIFI6E_SSID_PROFILE”allowed-band noneallowed-band-6ghz Security Wi-Fi […]
Channels Image Reference: www.juniper.net show arm-channels show ap bss-table show ap arm neighbors Basic Packet Capture from the IAP pcap […]
Whitelist the IAP on the Mobility Conductor Obtain the Ethernet MAC address of the IAP from the GUI/sticker on the […]
Reference: https://www.arubanetworks.com/support-services/end-of-life/arubaos-software-release/
What is clustering? A cluster combines multiple managed devices to provide high availability for all clients. Benefits include seamless roaming […]
Steps 1,2 and 3 – Establish layer one and two The wireless client associates with the AP and seSupplicantional EAPOL […]
Model AP Client Type Firewall Capacity POE Ports 7005 16 1,024 Physical 2 Gbps N/A 7008 16 1,024 Physical 2 […]
In cryptography, PKCS #12 defines an archive file format for storing many cryptographic objects as a single file. It is […]
WLAN configured for WPA3 SAE with backward compatibility Confirmation via airodump-ng Confirmation via Wireshark The client connected after going through […]
PEAP MSCHAPV2 network={ssid=”LAB-PEAP“scan_ssid=1key_mgmt=WPA-EAPeap=PEAPidentity=”jack”password=”black”phase1=”peaplabel=0″phase2=”auth=MSCHAPV2″} TTLS-PAP network={ssid=”LAB-PAP-TTLS“scan_ssid=1key_mgmt=WPA-EAPeap=TTLSidentity=”jack”anonymous_identity=”anon”password=”black”phase2=”auth=PAP”} TTLS-CHAP network={ssid=”LAB-CHAP-TTLS“scan_ssid=1key_mgmt=WPA-EAPeap=TTLSidentity=”jack”anonymous_identity=”anon”password=”black”phase2=”auth=CHAP”} TTLS-MSCHAPv2 network={ssid=”LAB-TTLS-MSCHAPv2″scan_ssid=1key_mgmt=WPA-EAPeap=TTLSidentity=”jack”anonymous_identity=”anon”password=”black”phase2=”auth=MSCHAPV2″}
network={ssid=”TEST”scan_ssid=1key_mgmt=WPA-PSKpsk=”password12345″} wpa_supplicant -Dnl80211 -iwlan0 -c/etc/wpa_supplicant.conf
interface=wlan1driver=nl80211ssid=BLACKhw_mode=gchannel=11macaddr_acl=0ignore_broadcast_ssid=0auth_algs=1wpa=2wpa_passphrase=LETMEINwpa_key_mgmt=WPA-PSKwpa_pairwise=TKIPwpa_group_rekey=86400ieee80211n=1wme_enabled=1 bss=wlan1_0driver=nl80211ssid=WHITEhw_mode=gchannel=11macaddr_acl=0ignore_broadcast_ssid=0auth_algs=1wpa=2wpa_passphrase=LETMEINwpa_key_mgmt=WPA-PSKwpa_pairwise=TKIPwpa_group_rekey=86400ieee80211n=1wme_enabled=1
Use hostapd to create multiple SSIDs on a single wireless adapter interface=wlan1hw_mode=gchannel=6driver=nl80211ssid=APPLEauth_algs=1wep_default_key=0wep_key0=”10101″ bss=wlan0_1 hw_mode=g channel=6 driver=nl80211 ssid=PEAR auth_algs=1 wep_default_key=0 wep_key0=”10101″
Ventev colocation mounts with Aruba AP-534 Ventev Antenna Option # 1 For Open Warehouse Areas – part # – 220125 […]
Wireless designs come with a plethora of nuances, specifically around requirements and past experiences. You can look at a floor […]
Use auxiliary for smb service Set options to target host Scan target Use ms17_010_eternalblue module exploit Victim desktop Change directory […]
2.4 GHz 1 – 23 – 200 mW2 – 20 – 100 mW3 – 17 – 050 mW4 – 14 […]
Reference: 802.11-2016 – Section – 12.7.6 4-way handshake Key 1- sent from the authenticator to the supplicant Key 2- sent […]
Define the AAA server and server group. I normally define the Radius server on both Anchor and Foreign controllers just […]
Add AAA server to WLC Add the WLC to the AAA server Create a radius server group Create an AAA […]
This lab will demonstrate how to configure a simple web passthrough on the IOS XE 9800 Controller AireOS web passthrough […]
Verify the ARP table of each device PC1 R4 R6 PC2 The primary function of a network is to provide […]
First and foremost read this …. https://tools.ietf.org/id/draft-ietf-tsvwg-ieee-802-11-05.html. Then this … https://tools.ietf.org/html/rfc4594 wireless packet capture with omnipeek /wireshark / SSID open […]
First and foremost read this …. https://tools.ietf.org/id/draft-ietf-tsvwg-ieee-802-11-05.html. Then this … https://tools.ietf.org/html/rfc4594 wireless packet capture with omnipeek /wireshark / SSID open […]
Nexus Config – 9K1 vlan 1,10,20vlan 10name NETWORK_MGMTvlan 20name WLAN_MGMT spanning-tree vlan 1-3967 priority 24576vrf context managementvpc domain 1peer-keepalive destination […]
Information About High Availability High Availability (HA) allows you to reduce the downtime of wireless networks that occurs due to […]
Eve-ng Physical Topology
Because STP is involved in loop detection, many people refer to the catastrophic loops as “Spanning Tree loops.” This is […]
Spanning-tree from the view point of DL-1 and DL2 The interface associated to lowest path cost is more preferred. The […]
In part one we looked at the simplest spanning tree decision that a switch can make when it has a […]
Locating Root Ports After the switches have identified the root bridge, they must determine their root port (RP). The root […]
Define class maps Class Map match-any DROP-NETFLIX1_AVC_UI_CLASS (id 39) Description: DROP-NETFLIX1_AVC_UI_CLASS UI_policy_DO_NOT_CHANGE Match protocol netflix Class Map match-any DROP-NETFLIX2_AVC_UI_CLASS (id […]
Management frame protection (MFP) provides security for the otherwise unprotected and unencrypted 802.11 management messages passed between access points and […]
4.5.4.3 Deauthentication reference – 802.11-2016 – page 223 The deauthentication service is invoked when an existing Open System, Shared Key, […]
reference 802.11-2016 – page STA = station RSNA – Robust Security Network Association A STA prepared to establish RSNAs shall […]
WPA3-Personal WPA3-Personal brings better protections to individual users by providing more robust password-based authentication, even when users choose passwords that […]
Be sure to complete the following prerequisites before upgrading the Cisco IOS XE version of the controller software image: Compatibility […]
video upload test Enhanced open using Ubuntu and wpa_supplicant lab@Crazy4840afkee:/etc/wpa_supplicant$ more owe_script.conf network={ ssid=”OWE13″ key_mgmt=OWE pairwise=CCMP scan_ssid=1 ieee80211w=2 } use […]
New Wi-Fi Enhanced Open™ technology infuses no-hassle advanced cryptography for open networks We’ve all come to expect fast, reliable, and […]
Define the TACACS+ source interface. The source interface is usually the management interface. ip tacacs source-interface VlanX 2. Enable aaa […]
1. Download recovery code from Cisco.com 2. Copy file from server to autonomous AP AP will reboot and join the […]
How RF Groups are formed When the WLC initializes as new, it creates a unique Group ID using the IP […]
The C9800 Product line is designed as a direct replacement for Current Hardware Wireless Lan Controller platforms. C9800 is compatible […]
Blessings, love , righteousness, tolerance, acceptance and forgiveness. For the LORD is good; his mercy is everlasting; and his truth […]
Configure sever parameters – server IP, protocol, file location , file name. Select the cluster of devices to be upgraded. […]
Download the desired version from Aruba’s website. Once the code is downloaded verify the checksum using the Linux md5sum command […]
Clustering is a new feature introduced in AOS 8.x MM – Mobility Master MC – Mobility Controller VMC – Virtual […]
Note: CCIE Enterprise Wireless (v1.0) – 3.9 Controller Mobility – 3.9.e Mobility anchoring On any firewall between the guest anchor […]
Restrictions Prior to enabling HA between two 9800 WLCs ensure these you perform these validations: Both devices must be of […]
The Aruba mobility master structure is configured via folder hierarchy starting at the “managed device” level The two options are […]
TOPOLOGY Boot and configure basic settings: ports, up link VLAN, username and password Configure VRRP on the primary and secondary […]
Download the recommended controller version from Cisco.com – as of 12/18/2019 the recommended version is listed below as Gibraltar-16.12.1s ED […]
Disable the wireless network to configure the country code: C9800(config)#ap dot11 5ghz shutdown Disabling the 802.11a network may strand mesh […]
Carrier Sense/Clear Channel Assessment (CS/CCA) If the station is not currently transmitting or receiving, it listens and senses the channel […]
Management Frames 802.11 management frames make up a majority of the frame types in a WLAN. Management frames are used […]