This document describes a project to set up a secured wireless network for an enterprise with redundancy. Key aspects include:
- Creating a secure wireless LAN using Cisco controllers and access points, with individual usernames and passwords for authentication via WPA2 and AES encryption.
- Centralized management of the wireless network through the Cisco controllers.
- Use of an external DHCP server to assign IP addresses and track connected devices.
- Implementation of Active Directory for centralized user credentials, authentication, authorization and permissions.
- Configuration of a network policy on a RADIUS server for wireless authentication along with 802.1X, allowing specific access for each user.
- Introduction of redundancy between the Cisco controllers so
Northridge Consulting Group Case Projectedwardlong
This document discusses different types of wireless local area networks (WLANs) including basic service sets (BSS), extended service sets (ESS), and independent basic service sets (IBSS). It describes the advantages and disadvantages of each type. A BSS uses a single access point to cover a small area like a home or office, while an ESS connects multiple BSSs to cover a larger area. An IBSS is a peer-to-peer network without an access point that allows easy file sharing between devices. The document also covers authentication methods for WLANs like open system, shared key, and digital certificate authentication and recommends digital certificates for added security.
Have you ever wondered why MetaGeek had such awesome Wi-Fi tools? Well ponder no more!
This product slide deck is designed for you to get a brief idea of why MetaGeek helps so many geeks, who we are assisting, and how our products are so great at identifying what is wrong.
Enjoy!
Enterprise Wi-Fi in less than five minutes with Aruba Instant which provides:
- No software or service licenses required
- Scalable Wi-Fi for businesses of all sizes
- Enterprise-grade security including WPA2 encryption and access control policies
Basically, a group of computers connected together with various wires is called a network. Similarly, a group of computers connected together with the help of radio waves in a limited space is called a wireless network.
https://www.infosectrain.com/courses/ceh-v11-certification-training/
This document provides a tutorial on using the InSSIDer wireless network scanning tool to perform a wireless site survey. It explains that InSSIDer can be used to gather Wi-Fi network information, choose the best wireless channel, and ensure networks are operating on the best channel to avoid interference. The tutorial outlines how to use InSSIDer's interface and view features like the network list, signal graphs, link scores, and filters to analyze wireless network performance in an area and determine the optimal channel settings.
This document discusses network monitoring and performance. It provides an overview of how network monitoring has evolved from early computer networks to today's sophisticated tools. It describes key aspects of network monitoring like functions, commonly used protocols like ICMP and SNMP, and popular open source monitoring tools. The document also discusses measuring network performance and how monitoring will be important for handling future networking demands like increased video traffic and more mobile users.
The document discusses various 802.11 wireless networking standards including 802.11a, 802.11b, 802.11g, 802.11e, 802.11i, 802.11n and the developing 802.11ac. It also covers wireless network modes of infrastructure and ad-hoc, security threats like eavesdropping, man-in-the-middle attacks and denial of service. Additional topics include WEP, WPA, WPA2 and techniques to improve wireless security.
The document provides setup instructions for deploying and configuring an Aruba Instant wireless network. It describes how to set up the initial access point which will run the virtual controller software. Additional access points will automatically inherit settings from the virtual controller. The instructions also cover creating basic employee and guest wireless networks with options for security, client IP assignment, and access controls. The process involves a simple four step configuration for each network's basic info, IP settings, security, and access rules.
Northridge Consulting Group Case Projectedwardlong
This document discusses different types of wireless local area networks (WLANs) including basic service sets (BSS), extended service sets (ESS), and independent basic service sets (IBSS). It describes the advantages and disadvantages of each type. A BSS uses a single access point to cover a small area like a home or office, while an ESS connects multiple BSSs to cover a larger area. An IBSS is a peer-to-peer network without an access point that allows easy file sharing between devices. The document also covers authentication methods for WLANs like open system, shared key, and digital certificate authentication and recommends digital certificates for added security.
Have you ever wondered why MetaGeek had such awesome Wi-Fi tools? Well ponder no more!
This product slide deck is designed for you to get a brief idea of why MetaGeek helps so many geeks, who we are assisting, and how our products are so great at identifying what is wrong.
Enjoy!
Enterprise Wi-Fi in less than five minutes with Aruba Instant which provides:
- No software or service licenses required
- Scalable Wi-Fi for businesses of all sizes
- Enterprise-grade security including WPA2 encryption and access control policies
Basically, a group of computers connected together with various wires is called a network. Similarly, a group of computers connected together with the help of radio waves in a limited space is called a wireless network.
https://www.infosectrain.com/courses/ceh-v11-certification-training/
This document provides a tutorial on using the InSSIDer wireless network scanning tool to perform a wireless site survey. It explains that InSSIDer can be used to gather Wi-Fi network information, choose the best wireless channel, and ensure networks are operating on the best channel to avoid interference. The tutorial outlines how to use InSSIDer's interface and view features like the network list, signal graphs, link scores, and filters to analyze wireless network performance in an area and determine the optimal channel settings.
This document discusses network monitoring and performance. It provides an overview of how network monitoring has evolved from early computer networks to today's sophisticated tools. It describes key aspects of network monitoring like functions, commonly used protocols like ICMP and SNMP, and popular open source monitoring tools. The document also discusses measuring network performance and how monitoring will be important for handling future networking demands like increased video traffic and more mobile users.
The document discusses various 802.11 wireless networking standards including 802.11a, 802.11b, 802.11g, 802.11e, 802.11i, 802.11n and the developing 802.11ac. It also covers wireless network modes of infrastructure and ad-hoc, security threats like eavesdropping, man-in-the-middle attacks and denial of service. Additional topics include WEP, WPA, WPA2 and techniques to improve wireless security.
The document provides setup instructions for deploying and configuring an Aruba Instant wireless network. It describes how to set up the initial access point which will run the virtual controller software. Additional access points will automatically inherit settings from the virtual controller. The instructions also cover creating basic employee and guest wireless networks with options for security, client IP assignment, and access controls. The process involves a simple four step configuration for each network's basic info, IP settings, security, and access rules.
Cloud Security Topics: Network Intrusion Detection for Amazon EC2Alert Logic
With the rapid growth of online commerce, the challenge to secure and monitor internal and customer-facing websites, card processing systems and other critical infrastructure has never been greater. Deploying full-featured intrusion detection in a public cloud has been challenging – the network models and multi-tenancy of public clouds do not make deep network services easy to deploy. Misha Govshteyn, VP of Emerging Products at Alert Logic will present a new approach for a an IDS solution in a public cloud.
This document provides a technical overview of the broadband last mile connectivity solution for the SBI colony in Nerul. The solution will use optical fiber cable from RailTel to provide minimum 2Mbps internet to every apartment. Equipment such as the Intra Complex Distributor, Intra Building Distributor, and Intra Floor Distributor will distribute the internet throughout buildings and floors using a centralized management system to monitor performance.
ABC Worldwide is a leading video editing and advertising company headquartered in San Francisco with 6 worldwide design centers and over 1500 employees. It was founded in 2014 by a group of friends and has annual sales of $450 million. The company provides corporate videos, commercials, films and web services.
The document then describes ABC Worldwide's network infrastructure which includes redundancy, separation of networks, high speed connectivity, and scalability. It discusses the wide area network connecting the headquarters to design centers around the world, as well as security measures like firewalls, virtual private networks and quarantining of testing systems. Sales teams are provided laptops, smartphones and wireless access to maintain mobility.
Usb wifi adapter, 600 mbps dual band 802.11ac driverizzall
This document provides instructions for installing and using a wireless USB adapter. It includes:
1) An overview of the adapter's features and usage cases.
2) Step-by-step instructions for installing the adapter's driver and configuration software from an included CD.
3) A guide to using the adapter in both station and access point modes, including explanations of the configuration utility's various pages and settings.
Holland safenet livehack hid usb pineapple_cain_oph_with_videorobbuddingh
This document discusses hacking tools and techniques that could enable man-in-the-middle attacks on wireless networks. It describes how a wireless penetration testing device could intercept probe requests from a device looking to connect to a wireless network, and respond posing as the legitimate network to establish a connection. Once connected, the device could monitor and manipulate web traffic using tools like Cain & Abel, ARP poisoning, and DNS spoofing. Rainbow tables are also mentioned as a tool for cracking Windows passwords using hashed values within a few minutes. Throughout, the document emphasizes these techniques should only be used for legitimate security testing and not illegal hacking.
The document discusses the evolution of wireless networks in offices and the rise of the "All-Wireless Office" (AWO). It notes that most offices are becoming "mostly wireless" now, using 802.11n and emerging 802.11ac standards, to support mobile users and BYOD. Fully wireless offices are predicted by 2015. The document outlines considerations for planning high-density wireless networks focused on capacity rather than just coverage, and standards like 802.11ad, 802.11mc that will support future applications and use cases in all-wireless offices.
How to configure a cisco wireless access point (ap) from scratchIT Tech
The document provides step-by-step instructions for configuring a Cisco 1242G wireless access point from scratch. It describes connecting the AP to a power source and Ethernet, finding its IP address, logging into the web interface using the default credentials, running the Express Setup to configure basic network settings, enabling security settings like WEP encryption and changing the default password, and enabling the 2.4GHz radio to allow wireless devices to connect to the network. The Cisco 1242G AP offers business-grade features like multiple wireless protocols, security protocols, encryption, and management capabilities compared to consumer-grade APs.
- Bharti Enterprises is a major telecommunications supplier in South Asia with a 30% market share in India.
- In 2011-2012, the company received several awards for telecommunications excellence, innovative services, and being ranked among the top global companies.
- The report details the process of firewall reconciliation, which involves analyzing firewall logs to refine rules and only allow necessary traffic, increasing network security. Proposed rule changes are shown to refine access based on specific subnets and ports.
- Software tools used include Checkpoint products and Putty for managing firewalls and reconciling rules based on traffic logs.
This document identifies vulnerabilities in PKL Autoparts' network infrastructure and provides recommendations to address them. It finds that PKL lacks firewalls, VPN access, strong wireless security, network monitoring tools, and other critical security controls. The document then outlines a restructured network topology with separate subnets for each site to prevent broadcast storms. It recommends implementing a Cisco firewall to detect and prevent intrusions. Finally, it defines several new security policies around wireless devices, remote access, servers, and passwords to secure the network and prevent future breaches.
This document provides an overview of software defined networking (SDN) and network virtualization. It discusses how SDN separates the control plane from the data plane in networking equipment to provide more agility, speed, and flexibility. Network functions can be virtualized and run in software rather than proprietary hardware. Use cases for SDNs include improving issues in telecommunications networks like vendor lock-in. The document also outlines NSX, VMware's SDN solution, which provides a virtual network that is decoupled from physical hardware and allows distributed network and security services.
The document provides instructions for multiple assignments related to configuring and securing a wireless network over 5 weeks. It includes tasks like designing wireless network requirements, conducting a site survey, configuring wireless access points, implementing encryption and intrusion detection systems, analyzing threats, and reviewing packet captures to assess security risks. Students are asked to provide documentation like reports, diagrams, presentations, and technical specifications to demonstrate their work.
The document provides instructions for multiple assignments related to configuring and securing a wireless network over 5 weeks. It includes tasks like designing wireless network requirements, conducting a site survey, configuring wireless access points, implementing encryption and intrusion detection systems, analyzing threats, and reviewing packet captures to assess security risks. Students are asked to provide documentation like reports, diagrams, presentations, and technical specifications to demonstrate their work.
It has never been easier and better! You can now take your laptop, mobile phone, tablet or whatever you use
and find the best place in your house, apartment or garden to do your stuff.
The document discusses the design and implementation of a secured network for Super Finance Solutions Pvt. Ltd. It outlines the network topology, including IP configurations, servers, routing protocols and VLAN configurations. It then covers secure implementations like ACLs, IPsec VPN, NIPS and the Zero Trust framework. Finally, it discusses VPN reliability and the cryptographic mechanisms of IPsec. The secured network architecture provides privacy and security for remote users and customers through protocols added for security.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
A modern approach to safeguarding your ICS and SCADA systemsAlane Moran
Tempered Networks' presentation at the recent Rockwell Automation Fair 2016 helps viewers understand why it's so challenging and complex to connect and secure industrial IoT and SCADA systems. The future of networking and security must be based on 'host identity' not spoofable IP addresses.
The document discusses Aerohive Networks, a Wi-Fi company that has over 20,000 customers worldwide. It highlights that Aerohive has a fully distributed architecture that allows scalability from 1 to 100,000s of access points. Aerohive also focuses on security by only providing access to authorized devices and simplicity by reducing network management complexity. The document promotes Aerohive's cloud-managed networking solution and how customers can get started for as little as $229.
A Guide to Securing Networks for Wi-Fi (IEEE 802.11 Family).pptxYousef Al-Mutayeb
This guide summarizes best practices and technical guidance for securing networks against wireless threats and for implementing wireless access to networks securely.
Focused on IEEE 802.11 Wi-Fi technology
This guide does not include commercial mobile networks (e.g., 3GPP, LTE).
SD-WAN_MoD.pptx for SD WAN networks connectivitybayusch
The document discusses how SD-WAN can help improve user access to applications and ease communication. It provides an overview of how networking and applications have become more complex as users and applications have moved to the cloud. SD-WAN is presented as a solution to address this by combining networking and security functions to securely connect users to applications from any environment. The benefits of Cisco's SD-WAN solution are discussed, including optimized multicloud access, predictable application experiences, and secure access through a SASE-enabled architecture.
The document provides instructions for installing and configuring the Zoom WiMAX and WiFi Gateway device. It includes details on the product package contents, device connectors, LED indicators, and a 4-step installation process. It also describes accessing and navigating the device's web interface in 3 steps to configure settings.
IRJET- Implementation of Dynamic Internetworking in the Real World it DomainIRJET Journal
This document summarizes a study that implemented a dynamic internetworking in a real-world IT domain. The study created a network topology for an organization using Cisco Packet Tracer with routers, switches, computers and a DHCP server. It configured routing protocols, access control lists, authentication, VLANs and inter-VLAN routing. DHCP was configured to automatically assign IP addresses. Routing protocols like RIP, OSPF and EIGRP were configured between routers. Access control lists were used to filter traffic and provide security. Authentication ensured security and remote access was provided using telnet. VLANs divided the network into broadcast domains and inter-VLAN routing allowed communication between VLANs.
This document describes an Android-based smart department system that allows users to control home appliances like lights and fans remotely using a smartphone. The system includes an Android application, an Arduino microcontroller board connected to home devices via relays, and a web server to facilitate communication between the app and microcontroller. The microcontroller acts as the central hub to receive commands from the app over the internet and switch devices on or off accordingly. The proposed system aims to provide a low-cost way to automate home device control and monitoring using a mobile phone.
Cloud Security Topics: Network Intrusion Detection for Amazon EC2Alert Logic
With the rapid growth of online commerce, the challenge to secure and monitor internal and customer-facing websites, card processing systems and other critical infrastructure has never been greater. Deploying full-featured intrusion detection in a public cloud has been challenging – the network models and multi-tenancy of public clouds do not make deep network services easy to deploy. Misha Govshteyn, VP of Emerging Products at Alert Logic will present a new approach for a an IDS solution in a public cloud.
This document provides a technical overview of the broadband last mile connectivity solution for the SBI colony in Nerul. The solution will use optical fiber cable from RailTel to provide minimum 2Mbps internet to every apartment. Equipment such as the Intra Complex Distributor, Intra Building Distributor, and Intra Floor Distributor will distribute the internet throughout buildings and floors using a centralized management system to monitor performance.
ABC Worldwide is a leading video editing and advertising company headquartered in San Francisco with 6 worldwide design centers and over 1500 employees. It was founded in 2014 by a group of friends and has annual sales of $450 million. The company provides corporate videos, commercials, films and web services.
The document then describes ABC Worldwide's network infrastructure which includes redundancy, separation of networks, high speed connectivity, and scalability. It discusses the wide area network connecting the headquarters to design centers around the world, as well as security measures like firewalls, virtual private networks and quarantining of testing systems. Sales teams are provided laptops, smartphones and wireless access to maintain mobility.
Usb wifi adapter, 600 mbps dual band 802.11ac driverizzall
This document provides instructions for installing and using a wireless USB adapter. It includes:
1) An overview of the adapter's features and usage cases.
2) Step-by-step instructions for installing the adapter's driver and configuration software from an included CD.
3) A guide to using the adapter in both station and access point modes, including explanations of the configuration utility's various pages and settings.
Holland safenet livehack hid usb pineapple_cain_oph_with_videorobbuddingh
This document discusses hacking tools and techniques that could enable man-in-the-middle attacks on wireless networks. It describes how a wireless penetration testing device could intercept probe requests from a device looking to connect to a wireless network, and respond posing as the legitimate network to establish a connection. Once connected, the device could monitor and manipulate web traffic using tools like Cain & Abel, ARP poisoning, and DNS spoofing. Rainbow tables are also mentioned as a tool for cracking Windows passwords using hashed values within a few minutes. Throughout, the document emphasizes these techniques should only be used for legitimate security testing and not illegal hacking.
The document discusses the evolution of wireless networks in offices and the rise of the "All-Wireless Office" (AWO). It notes that most offices are becoming "mostly wireless" now, using 802.11n and emerging 802.11ac standards, to support mobile users and BYOD. Fully wireless offices are predicted by 2015. The document outlines considerations for planning high-density wireless networks focused on capacity rather than just coverage, and standards like 802.11ad, 802.11mc that will support future applications and use cases in all-wireless offices.
How to configure a cisco wireless access point (ap) from scratchIT Tech
The document provides step-by-step instructions for configuring a Cisco 1242G wireless access point from scratch. It describes connecting the AP to a power source and Ethernet, finding its IP address, logging into the web interface using the default credentials, running the Express Setup to configure basic network settings, enabling security settings like WEP encryption and changing the default password, and enabling the 2.4GHz radio to allow wireless devices to connect to the network. The Cisco 1242G AP offers business-grade features like multiple wireless protocols, security protocols, encryption, and management capabilities compared to consumer-grade APs.
- Bharti Enterprises is a major telecommunications supplier in South Asia with a 30% market share in India.
- In 2011-2012, the company received several awards for telecommunications excellence, innovative services, and being ranked among the top global companies.
- The report details the process of firewall reconciliation, which involves analyzing firewall logs to refine rules and only allow necessary traffic, increasing network security. Proposed rule changes are shown to refine access based on specific subnets and ports.
- Software tools used include Checkpoint products and Putty for managing firewalls and reconciling rules based on traffic logs.
This document identifies vulnerabilities in PKL Autoparts' network infrastructure and provides recommendations to address them. It finds that PKL lacks firewalls, VPN access, strong wireless security, network monitoring tools, and other critical security controls. The document then outlines a restructured network topology with separate subnets for each site to prevent broadcast storms. It recommends implementing a Cisco firewall to detect and prevent intrusions. Finally, it defines several new security policies around wireless devices, remote access, servers, and passwords to secure the network and prevent future breaches.
This document provides an overview of software defined networking (SDN) and network virtualization. It discusses how SDN separates the control plane from the data plane in networking equipment to provide more agility, speed, and flexibility. Network functions can be virtualized and run in software rather than proprietary hardware. Use cases for SDNs include improving issues in telecommunications networks like vendor lock-in. The document also outlines NSX, VMware's SDN solution, which provides a virtual network that is decoupled from physical hardware and allows distributed network and security services.
The document provides instructions for multiple assignments related to configuring and securing a wireless network over 5 weeks. It includes tasks like designing wireless network requirements, conducting a site survey, configuring wireless access points, implementing encryption and intrusion detection systems, analyzing threats, and reviewing packet captures to assess security risks. Students are asked to provide documentation like reports, diagrams, presentations, and technical specifications to demonstrate their work.
The document provides instructions for multiple assignments related to configuring and securing a wireless network over 5 weeks. It includes tasks like designing wireless network requirements, conducting a site survey, configuring wireless access points, implementing encryption and intrusion detection systems, analyzing threats, and reviewing packet captures to assess security risks. Students are asked to provide documentation like reports, diagrams, presentations, and technical specifications to demonstrate their work.
It has never been easier and better! You can now take your laptop, mobile phone, tablet or whatever you use
and find the best place in your house, apartment or garden to do your stuff.
The document discusses the design and implementation of a secured network for Super Finance Solutions Pvt. Ltd. It outlines the network topology, including IP configurations, servers, routing protocols and VLAN configurations. It then covers secure implementations like ACLs, IPsec VPN, NIPS and the Zero Trust framework. Finally, it discusses VPN reliability and the cryptographic mechanisms of IPsec. The secured network architecture provides privacy and security for remote users and customers through protocols added for security.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
A modern approach to safeguarding your ICS and SCADA systemsAlane Moran
Tempered Networks' presentation at the recent Rockwell Automation Fair 2016 helps viewers understand why it's so challenging and complex to connect and secure industrial IoT and SCADA systems. The future of networking and security must be based on 'host identity' not spoofable IP addresses.
The document discusses Aerohive Networks, a Wi-Fi company that has over 20,000 customers worldwide. It highlights that Aerohive has a fully distributed architecture that allows scalability from 1 to 100,000s of access points. Aerohive also focuses on security by only providing access to authorized devices and simplicity by reducing network management complexity. The document promotes Aerohive's cloud-managed networking solution and how customers can get started for as little as $229.
A Guide to Securing Networks for Wi-Fi (IEEE 802.11 Family).pptxYousef Al-Mutayeb
This guide summarizes best practices and technical guidance for securing networks against wireless threats and for implementing wireless access to networks securely.
Focused on IEEE 802.11 Wi-Fi technology
This guide does not include commercial mobile networks (e.g., 3GPP, LTE).
SD-WAN_MoD.pptx for SD WAN networks connectivitybayusch
The document discusses how SD-WAN can help improve user access to applications and ease communication. It provides an overview of how networking and applications have become more complex as users and applications have moved to the cloud. SD-WAN is presented as a solution to address this by combining networking and security functions to securely connect users to applications from any environment. The benefits of Cisco's SD-WAN solution are discussed, including optimized multicloud access, predictable application experiences, and secure access through a SASE-enabled architecture.
The document provides instructions for installing and configuring the Zoom WiMAX and WiFi Gateway device. It includes details on the product package contents, device connectors, LED indicators, and a 4-step installation process. It also describes accessing and navigating the device's web interface in 3 steps to configure settings.
IRJET- Implementation of Dynamic Internetworking in the Real World it DomainIRJET Journal
This document summarizes a study that implemented a dynamic internetworking in a real-world IT domain. The study created a network topology for an organization using Cisco Packet Tracer with routers, switches, computers and a DHCP server. It configured routing protocols, access control lists, authentication, VLANs and inter-VLAN routing. DHCP was configured to automatically assign IP addresses. Routing protocols like RIP, OSPF and EIGRP were configured between routers. Access control lists were used to filter traffic and provide security. Authentication ensured security and remote access was provided using telnet. VLANs divided the network into broadcast domains and inter-VLAN routing allowed communication between VLANs.
This document describes an Android-based smart department system that allows users to control home appliances like lights and fans remotely using a smartphone. The system includes an Android application, an Arduino microcontroller board connected to home devices via relays, and a web server to facilitate communication between the app and microcontroller. The microcontroller acts as the central hub to receive commands from the app over the internet and switch devices on or off accordingly. The proposed system aims to provide a low-cost way to automate home device control and monitoring using a mobile phone.
Background Information for World-Wide Trading CompanyWorld-Wide .docxikirkton
Background Information for World-Wide Trading Company
World-Wide Trading (WWTC) is a large online broker firm in the Hong Kong. The trading company has a staff of 9,000 who are scattered around the globe. Due to aggressive growth in business, they want to establish a regional office in New York City. They leased the entire floor of a building on Wall Street. You were hired as the director of the IT Department. The President of the company asked you to set up the state of the art network by December 15, 2013. He shared with you the organizational structure and a list of the staff. You hired a consultant to test the network infrastructure and power requirement at WWTC office space. The consultant reported that the network infrastructure is solid and gigabit network can be set up on existing network wiring. Also, the existing power supply will meet their current and future demand. The President has reiterated these business goals.
Business and Technical Goals
· Increaserevenue from 10 billion to 40 billion by the year 2015
· Reduce the operating cost from 30 to 15 percent by the year 2015 by using an automated system for buying and selling.
· Provide secure means of customer purchase and payment over Internet.
· Allow employee to attach their notebook computers to the WWTC network and Internet services.
· Provide state of the art VoIP and Data Network
· Provide faster Network services
· Provide fast and secure wireless services in the lobby and two large conference rooms (100x60)
On the basis of these business goals, you prepared a RFP to solicit a proposal for designing and implementing a fast, reliable and secure network.
The purpose of this Request for Proposal is to solicit from qualified vendors proposals for a
secure and fast network to ensure proper operation of the network.
To prepare a design for a state of the art network at the Wall Street location of World-Wide Trading.
Propose a Network design that solves the current security audit problems (see security sections), to meet business and technical goals.
Provide a modular, scalable and network.
Provide redundancy at building core layer and building distribution layer and access layer and at workstation level to avoid failure at one point. For Building Access layer provide redundant uplinks connection to Building Distribution layer.
Select appropriate Cisco switch model for each part of your enterprise campus model design from the Cisco Products Link, listed below and use the following assumptions in your selection process.
Selecting the Access layers switches:
0. Provide one port to each device
0. Make provision for 100% growth
Server farm switches
· Assume 6 NIC cards in each server and one NIC card uses one port of switch
· Dual processors and dual power supply
Propose an IP addressing redesign that optimizes IP addressing and IP routing (including the use of route summarization). Provide migration provision to IPv6 protocol in future.
Propose a High Level securi ...
This document provides details about a network infrastructure project proposal for a banking software company called Orange Creek Inc. that is moving to a new building. The proposal includes setting up a network with 200 workstations, VoIP phones, secure WiFi, servers, switches, and other equipment across two floors housing 75-100 employees each. The scope involves physical setup, security, and providing a network schema within budget. Risks and disaster recovery plans are also outlined.
WWTC Office Layout Diagram.htmlBackground Information for Wo.docxericbrooks84875
WWTC Office Layout Diagram.html
Background Information for World-Wide Trading Company
World-Wide Trading (WWTC) is a large online broker firm in the Hong Kong. The trading company has a staff of 9,000 who are scattered around the globe. Due to aggressive growth in business, they want to establish a regional office in New York City. They leased the entire floor of a building on Wall Street. You were hired as the director of the IT Department. The President of the company asked you to set up the state of the art network by December 15, 2013. He shared with you the organizational structure and a list of the staff. You hired a consultant to test the network infrastructure and power requirement at WWTC office space. The consultant reported that the network infrastructure is solid and gigabit network can be set up on existing network wiring. Also, the existing power supply will meet their current and future demand. The President has reiterated these business goals.
Business and Technical Goals
· Increaserevenue from 10 billion to 40 billion by the year 2015
· Reduce the operating cost from 30 to 15 percent by the year 2015 by using an automated system for buying and selling.
· Provide secure means of customer purchase and payment over Internet.
· Allow employee to attach their notebook computers to the WWTC network and Internet services.
· Provide state of the art VoIP and Data Network
· Provide faster Network services
· Provide fast and secure wireless services in the lobby and two large conference rooms (100x60)
On the basis of these business goals, you prepared a RFP to solicit a proposal for designing and implementing a fast, reliable and secure network.
The purpose of this Request for Proposal is to solicit from qualified vendors proposals for a
secure and fast network to ensure proper operation of the network.
To prepare a design for a state of the art network at the Wall Street location of World-Wide Trading.
Propose a Network design that solves the current security audit problems (see security sections), to meet business and technical goals.
Provide a modular, scalable and network.
Provide redundancy at building core layer and building distribution layer and access layer and at workstation level to avoid failure at one point. For Building Access layer provide redundant uplinks connection to Building Distribution layer.
Select appropriate Cisco switch model for each part of your enterprise campus model design from the Cisco Products Link, listed below and use the following assumptions in your selection process.
Selecting the Access layers switches:
0. Provide one port to each device
0. Make provision for 100% growth
Server farm switches
· Assume 6 NIC cards in each server and one NIC card uses one port of switch
· Dual processors and dual power supply
Propose an IP addressing redesign that optimizes IP addressing and IP routing (including the use of route summarization). Provide migration provision to IPv6 protocol in fut.
Enterprise networking course work under NCC EducationMd. Mahbub Alam
The document outlines submission requirements for students, including attaching a statement confirming the work as their own and acknowledging assessment standards. Students must provide identification details and ensure assignments are submitted before the due date. Plagiarism is prohibited under the program's academic dishonesty policy.
Similar to Project report on secured wireless network for an enterprise with redundancy (20)
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
A Comprehensive Guide to DeFi Development Services in 2024Intelisync
DeFi represents a paradigm shift in the financial industry. Instead of relying on traditional, centralized institutions like banks, DeFi leverages blockchain technology to create a decentralized network of financial services. This means that financial transactions can occur directly between parties, without intermediaries, using smart contracts on platforms like Ethereum.
In 2024, we are witnessing an explosion of new DeFi projects and protocols, each pushing the boundaries of what’s possible in finance.
In summary, DeFi in 2024 is not just a trend; it’s a revolution that democratizes finance, enhances security and transparency, and fosters continuous innovation. As we proceed through this presentation, we'll explore the various components and services of DeFi in detail, shedding light on how they are transforming the financial landscape.
At Intelisync, we specialize in providing comprehensive DeFi development services tailored to meet the unique needs of our clients. From smart contract development to dApp creation and security audits, we ensure that your DeFi project is built with innovation, security, and scalability in mind. Trust Intelisync to guide you through the intricate landscape of decentralized finance and unlock the full potential of blockchain technology.
Ready to take your DeFi project to the next level? Partner with Intelisync for expert DeFi development services today!
Trusted Execution Environment for Decentralized Process MiningLucaBarbaro3
Presentation of the paper "Trusted Execution Environment for Decentralized Process Mining" given during the CAiSE 2024 Conference in Cyprus on June 7, 2024.
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Best 20 SEO Techniques To Improve Website Visibility In SERPPixlogix Infotech
Boost your website's visibility with proven SEO techniques! Our latest blog dives into essential strategies to enhance your online presence, increase traffic, and rank higher on search engines. From keyword optimization to quality content creation, learn how to make your site stand out in the crowded digital landscape. Discover actionable tips and expert insights to elevate your SEO game.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
5th LF Energy Power Grid Model Meet-up SlidesDanBrown980551
5th Power Grid Model Meet-up
It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology.
Power Grid Model
The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services.
Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability.
Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization.
What to expect
For the upcoming meetup we are organizing, we have an exciting lineup of activities planned:
-Insightful presentations covering two practical applications of the Power Grid Model.
-An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024.
-An interactive brainstorming session to discuss and propose new feature requests.
-An opportunity to connect with fellow Power Grid Model enthusiasts and users.
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
Dive into the realm of operating systems (OS) with Pravash Chandra Das, a seasoned Digital Forensic Analyst, as your guide. 🚀 This comprehensive presentation illuminates the core concepts, types, and evolution of OS, essential for understanding modern computing landscapes.
Beginning with the foundational definition, Das clarifies the pivotal role of OS as system software orchestrating hardware resources, software applications, and user interactions. Through succinct descriptions, he delineates the diverse types of OS, from single-user, single-task environments like early MS-DOS iterations, to multi-user, multi-tasking systems exemplified by modern Linux distributions.
Crucial components like the kernel and shell are dissected, highlighting their indispensable functions in resource management and user interface interaction. Das elucidates how the kernel acts as the central nervous system, orchestrating process scheduling, memory allocation, and device management. Meanwhile, the shell serves as the gateway for user commands, bridging the gap between human input and machine execution. 💻
The narrative then shifts to a captivating exploration of prominent desktop OSs, Windows, macOS, and Linux. Windows, with its globally ubiquitous presence and user-friendly interface, emerges as a cornerstone in personal computing history. macOS, lauded for its sleek design and seamless integration with Apple's ecosystem, stands as a beacon of stability and creativity. Linux, an open-source marvel, offers unparalleled flexibility and security, revolutionizing the computing landscape. 🖥️
Moving to the realm of mobile devices, Das unravels the dominance of Android and iOS. Android's open-source ethos fosters a vibrant ecosystem of customization and innovation, while iOS boasts a seamless user experience and robust security infrastructure. Meanwhile, discontinued platforms like Symbian and Palm OS evoke nostalgia for their pioneering roles in the smartphone revolution.
The journey concludes with a reflection on the ever-evolving landscape of OS, underscored by the emergence of real-time operating systems (RTOS) and the persistent quest for innovation and efficiency. As technology continues to shape our world, understanding the foundations and evolution of operating systems remains paramount. Join Pravash Chandra Das on this illuminating journey through the heart of computing. 🌟
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
Your One-Stop Shop for Python Success: Top 10 US Python Development Providersakankshawande
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on integration of Salesforce with Bonterra Impact Management.
Interested in deploying an integration with Salesforce for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...alexjohnson7307
Predictive maintenance is a proactive approach that anticipates equipment failures before they happen. At the forefront of this innovative strategy is Artificial Intelligence (AI), which brings unprecedented precision and efficiency. AI in predictive maintenance is transforming industries by reducing downtime, minimizing costs, and enhancing productivity.
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
Project report on secured wireless network for an enterprise with redundancy
1. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
PROJECT REPORT
ON
SECURED WIRELESS NETWORK FOR AN ENTERPRISE
Wireless Project - WLS 5507 – 0NA
Submitted To: Submitted By:
Prof. Waleed Ejaz Harkirat Singh Dhillon
Varinder Singh
Tarandeep Kaur
2. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page1
This Project is regarding the security of an Enterprise Network. In this project we
will create a secure Wlan network using CISCO controller, light Aps and external
Server. Our motive is to secure network by providing every employee of the
company with his/her own username and password in order to connect to the
network. To secure the network we will use WPA2 and AES encryption in our
project.It is not feasible to use a single password for the whole network as it can
expose the network to rogue attacks and hackers resulting in data theft or
compromising the secuirty of whole company’s network.Also, we will introduce
redudancy in the network in case one controller fails the other one can do the job
without a hinch.
The management of the whole network is centeralized i.e. the whole setup can be
managed from one place. Wireless LAN controllers are responsible for
systemwide WLAN functions and provide centralized management. Large
number of
AP’s can be managed by single controller and also easy to deploy and removal of
APs. We created an external DHCP server, which provides IP addresses to the
devices. We can track which devices are connected to the network on this server.
Active directory is also a major part of this project in which we create user
credentials for different users. It provide centralized repository for user account
information, directory authentication, authorization and assignment of right and
permissions. It maintains the relationship between resources and enable them to
work together. A Network Policy has been created for authentication of Wi-Fi
network on RADIUS authentication and authorization sever. A particular user can
be de-authorized, without changing key for everyone. It has ability to direct users
into particular user profiles based on RADIUS attribute. Also we can add new
users and remove retired users. It is potential solution to setup a secured wireless
network for an enterprise.
3. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page2
Acknowledgement
We are grateful to Prof Waleed Ejaz, project in charge for unflinching support,
guidance and pearls of wisdom to enable me to complete this project. The way he
instilled knowledge of the module was undoubtly praise worthy and valuable. We
are also grateful to my Coordinator of Department Prof. Kevin Ramdass and
Mehdi Akbari for the supervision and encouragement during course. We are also
thankful to Humber College as a whole that is doing yeoman’s service by teaching
the learner abreast with the RF technology, telecom, networking etc. knowledge
that is the need of the day. We are grateful to Bhawandeep Singh and Amandeep
Kaur Randhawa for providing us with their project report and work. We found it
utmost useful for guidance and completion of our project.
Last but not the least: We thank all classmates at Humber College for extending
kind cooperation.
4. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page3
INDEX
Contents
1. Network topology.....................................................................................................4
2. Components Used.....................................................................................................5
2. Basic step to be followed in controller configuration..............................................6
4. Setting up Cisco Wireless Controller using Cisco WLAN Express ........................7
(Wired Method)...............................................................................................................7
5. Using the GUI to Create WLANs ..........................................................................12
6. Using the GUI to Configure DHCP Scope.............................................................15
7. Introduction to Virtual Box.......................................................................................19
8. Microsoft Server as Virtual machine ........................................................................20
Configure DHCP server............................................................................................33
9) 802.1X Authentication via WiFi – Active Directory + Network Policy
Server + Cisco WLAN + Group Policy........................................................................39
10) INTRODUCING REDUNDANCY ON WLC’S...................................................64
REFERENCES..............................................................................................................72
5. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page4
1. Network topology
6. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page5
2. Components Used
A. Wireless controller – 2x
a. Hardware Specifications
b. Data Ports - 4 x 1 Gigabit Ethernet Ports
c. Console Port - 1 x RJ45
d. External 48V Power Supply
B. Access points
C. Ethernet cables
D. Console cables
E. Laptop additional server
7. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page6
2. Basic step to be followed in controller configuration
Figure 2: Controller basic setup
8. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page7
4. Setting up Cisco Wireless Controller using Cisco WLAN
Express
(Wired Method)
Step 1 Connect the laptop’s wired Ethernet port directly to the service port of
WLC (port no. 1). The port LEDs blink to indicate that both the machines are
properly connected
NOTE: It may take several minutes for the WLC to fully power on to make the
GUI available to the PC. Do not auto-configure the WLC.
Figure 3: Wireless controller
The LEDs on the front panel provide the system status:
If the LEDs is off, it means that the WLC is not ready.
If the LEDs is solid green , it means that the WLC is ready
Step 2
Assign a static IP address 192.168.1.X to the laptop to access the WLC GUI
Step 3
Open any one of the following supported web browsers and type
http://192.168.100.10 (the ip address may get changed because the WLC’s are
used in lab experiments, but you can change it to desired ip address by configuring
the WLC through console cable and Putty )
9. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page8
If you are unable to login into WLC , then join the console cable and open Putty
software for WLC 2504 initial configuration.
Putty>Serial>ok
After that a command box will open and type the following commands for
configuration of WLC-
>Clear config
Are you sure you want to clear configuration ? (y/n) Y
>reset system
The system has unsaved changes.
Would you like to save them now ? (y/n) N
Configuration not saved !
Are you sure you would like to reset the system ? (y/n) Y
This will take some time as the system will be restarted
10. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page9
When system will come live again, do the following configuration
11. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page10
Now, the WLC has been configured it can be accessed by typing the ip address
we assigned it in the configuration.
12. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page11
Step 4 Login into WLC
Username- admin
Password- Humber1 (set in configuration)
Step 5 Go to ADVANCE option which appear when you will login into WLC.
After that browse the COMMAND>SET TIME
This option will let you set the current time in order you were unable to
configure it.
It is necessary to set the time because the AP’s will not work if the time is not set
to current time.
13. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page12
5. Using the GUI to Create WLANs
To create WLANs using the GUI, follow these steps:
Step 1 Go to WLANs page.
Figure- Wlan page
14. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page13
This page lists all of the WLANs currently configured on the controller. For each
WLAN, you can see its WLAN ID, pro le name, type, SSID, status, and security
policies. The total number of WLANs appears in the upper right-hand corner of
the page. If the list of WLANs spans multiple pages, you can access these pages
by clicking the page number links.
Step 2 Create a new WLAN by choosing Create New from the drop-down list
and clicking Go.
After this the following page will pop-up, add the details as you desire.
Wlan> new page
Step 3 From the Type drop-down list, choose WLAN to create a WLAN.
Step 4 In the Profile Name text box, enter up to 32 alphanumeric characters for
the profile name to be assigned to this WLAN. The profile name must be
unique.
Step 5 In the WLAN SSID text box, enter up to 32 alphanumeric characters for
the SSID to be assigned to this WLAN.
Step 6 From the WLAN ID drop-down list, choose the ID number for this WLAN.
Step 7 Click Apply to commit your changes. The WLANs > Edit page appears
15. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page14
Figure : WLANs > Edit Page
Step 8 Use the parameters on the General, Security, QoS, and Advanced tabs to
configure this WLAN. Seethe sections in the rest of this chapter for instructions
on configuring specific features for WLANs.
Step 9 On the General tab, select the Status check box to enable this WLAN. Be
sure to leave it unselected until you have finished making configuration changes
to the WLAN.
Step 10 Click Apply to commit your changes.
Step 11 Click Save Configuration to save your changes.
16. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page15
6. Using the GUI to Configure DHCP Scope
Step 1 Choose Controller > Internal DHCP Server > DHCP Scope to open the
DHCP Scopes page >DHCP Scopes
NOTE: If you ever want to delete an existing DHCP scope, hover your cursor
over the blue drop-down arrow for that scope and choose Remove.
Step 2 Click New to add a new DHCP scope. The DHCP Scope > New page
appears.
Step 3 In the Scope Name text box, enter a name for the new DHCP scope.
Step 4 Click Apply. When the DHCP Scopes page reappears, click the name of
the new scope. The DHCP Scope > Edit page appears DHCP Scope > Edit Page
Step 5 In the Pool Start Address text box, enter the starting IP address in the range
assigned to the clients.
NOTE: This pool must be unique for each DHCP scope and must not include the static IP
Step 6 In the Pool End Address text box, enter the ending IP address in the range
assigned to the clients.
NOTE: This pool must be unique for each DHCP scope and must not include the
static IP addresses of routers or other servers.
Step 7 In the Network text box, enter the network served by this DHCP scope.
This IP address is used by the management interface with Netmask applied, as
configured on the Interfaces page.
Step 8 In the Netmask text box, enter the subnet mask assigned to all wireless
clients.
Step 9 In the Lease Time text box, enter the amount of time (from 0 to 65536
seconds) that an IP address is granted to a client.
17. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page16
Step 10 In the Default Routers text box, enter the IP address of the optional router
connecting the controllers. Each router must include a DHCP forwarding agent,
which allows a single controller to serve the clients of multiple controllers.
Step 11 In the DNS Domain Name text box, enter the optional domain name
system (DNS) domain name of this DHCP scope for use with one or more DNS
servers.
Step 12 In the DNS Servers text box, enter the IP address of the optional DNS
server. Each DNS server must be able to update a client’s DNS entry to match the
IP address assigned by this DHCP scope.
Step 13 In the NetBIOS Name Servers text box, enter the IP address of the
optional Microsoft Network Basic Input Output System (NetBIOS) name server,
such as the Internet Naming Service (WINS) server.
Step 14 From the Status drop-down list, choose Enabled to enable this DHCP
scope or choose Disabled to disable it.
Step 15 Click Apply to commit your changes.
Step 16 Click Save Configuration to save your changes.
Step 17 Choose DHCP Allocated Leases to see the remaining lease time for
wireless clients. The DHCP Allocated Lease page appears, showing the MAC
address, IP address, and remaining lease time for the wireless clients
18. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page17
Using the GUI to Configure Dynamic Interfaces to configure a
primary DHCP server for a management, AP-manager, or dynamic
interface that will be assigned to the WLAN.
Step 1 Choose WLANs to open the WLANs page.
Step 2 Click the ID number of the WLAN for which you wish to assign an
interface. The WLANs > Edit
NOTE: When you want to use the internal DHCP server, you must set the
management interface IP address of the controller as the DHCP server IP address.
Step 3 On the General tab, unselect the Status check box and click Apply to
disable the WLAN.
Step 4 Re-click the ID number of the WLAN.
Step 5 On the General tab, choose the interface for which you configured a
primary DHCP server to be used with this WLAN from the Interface drop-down
list.
Step 6 Choose the Advanced tab to open the WLANs > Edit (Advanced) page.
19. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page18
Step 7 If you want to define a DHCP server on the WLAN that will override the
DHCP server address on the interface assigned to the WLAN, select the DHCP
Server Override check box and enter the IP address of the desired DHCP server
in the DHCP Server IP Address text box. The default value for the check box is
disabled.
Note the preferred method for configuring DHCP is to use the primary DHCP
address assigned to a particular interface instead of the DHCP server override.
Note DHCP Server override is applicable only for the default group.
Step 8 If you want to require all clients to obtain their IP addresses from a DHCP
server, select the DHCP Address. Assignment required check box. When this
feature is enabled, any client with a static IP address is not allowed on the
network. The default value is disabled.
Note DHCP Address. Assignment required is not supported for wired guest
LANs.
Step 9 Click Apply to commit your changes.
Step 10 On the General tab, select the Status check box and click Apply to
reenable the WLAN.
Step 11 Click Save Configuration to save your changes.
Figure : WLAN>Edit>Advanced
20. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page19
7. Introduction to Virtual Box
What is Virtual Box?
Virtual Box is a free, open source, cross-platform application for creating,
managing and running virtual machines (VMs) – computers whose hardware
components are emulated by the host computer, the computer that runs the
program. How do I get it?
The easiest way to get the latest version of Virtual Box is to download it from the
download page of the Virtual Box website – http://www.virtualbox.org
There you can download the correct version for your platform, or if you’re using
Linux you can click through to find a list of instructions for various Linux
distributions.
For each Linux distribution you’re given the option of downloading either the
“i386”or “amd64” option. “i386” is the 32 bit version; “amd64” is the 64 bit
version. If you’re not sure which version of the operating system you’re using
you’re almost certainly using the 32 bit version and so you will want to download
the “i386” version of Virtual Box.
Installing Virtual Box is just like installing any other program on your platform,
so you shouldn’t have any problem with the installation. If you do get stuck
though, you can read the installation guide on the Virtual Box website.
21. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page20
8. Microsoft Server as Virtual machine
To create a new virtual machine, you need to start VirtualBox In the toolbar, click
the New button. The New Virtual Machine Wizard is displayed in a new window
Click the Next button to move though the various steps of the wizard. The wizard
enables you to configure the basic details of the virtual machine. On the VM
Name and OS Type step, enter a descriptive name for the virtual machine in the
Name (Microsoft server 2012) field and select the operating system (Microsoft
Windows) and version (Windows 2012 64 bit) that you are going to install from
the drop-down lists, as shown in Figure 10. It is important to select the correct
operating system and version as this determines the default settings for Virtual
Box uses for the virtual machine. You can change the settings later after you have
created the virtual machine.
22. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page21
On the Memory step, you can simply accept the default. This is the amount of
host memory (RAM) that Virtual Box assigns to the virtual machine when it runs.
You can change the settings of the virtual machine later, when you import the
template into Oracle VDI.
Figure : Memory size setup
On the Virtual Hard Disk step, ensure Start-up Disk is selected (see Figure) ,
select Create new hard disk and click Next. The Virtual Disk Creation Wizard
is displayed in a new window so you can create the new virtual disk.
23. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page22
Figure : Virtual Hard Disk Step
On the following steps, select VDI (Virtual Box Disk Image) as the file type,
dynamically allocated as the storage details, and accept the defaults for the
virtual disk file location and size, and then click Create to create the virtual disk.
When the virtual disk is created, the Virtual Disk Creation Wizard is closed and
you are returned to the Summary step of the New Virtual Machine Wizard. Click
Create to create the virtual machine. The wizard is closed and the newly-created
virtual machine is listed in Oracle VM Virtual Box Manager, as shown in Figure
24. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page23
Figure-: Virtual Machine Added
Since you want to install an operating system in the virtual machine, you need to
make sure the virtual machine can access the installation media. To do this, you
edit the virtual machine settings. In Oracle VM VirtualBox Manager, select the
virtual machine and then in the toolbar click the Settings button. The Settings
window is displayed. In the navigation on the left, select Storage as shown in
Figure.
In the Storage Tree section, select Empty below the IDE Controller. The
CD/DVD Drive attributes are displayed. Click the CD/DVD icon next to the
25. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page24
CD/DVD Drive drop-down list and select the location of the installation media,
as follows:
drive to the host's physical CD/DVD
drive,
select Host Drive <drive-name>.
To insert an ISO image in the virtual CD/DVD drive, select Choose a virtual
CD/DVD disk file and browse for the ISO image.
Figure : Virtual Machine Storage Settings
Click OK to apply the storage settings. The Settings window is closed. If you
connected the virtual machine's CD/DVD drive to the host's physical CD/DVD
drive, insert the installation media in the host's CD/DVD drive now. You are now
ready to start the virtual machine and install the operating system.
In Oracle VM VirtualBox Manager, select the virtual machine and click the Start
button in the toolbar. A new window is displayed, which shows the virtual
machine booting up. Depending on the operating system and the configuration of
the virtual machine, VirtualBox might display some warnings first. It is safe to
ignore these warnings. The virtual machine should boot from the installation
media, as shown in Figure
26. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page25
Figure : An Installation Program in a Running Virtual Machine
You can now perform all your normal steps for installing the operating system.
Be sure to make a note of the user name and password of the administrator user
account you create in the virtual machine, which you will need in order to log in
to the virtual machine. Do not join the virtual machine to a Windows domain (it
can be a member of a workgroup) as the domain configuration is performed later.
The virtual machine might reboot several times during the installation. When the
installation is complete, you might also want to let Windows Update to install any
updates.
27. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page26
Installing Active Directory and DHCP and DNS
Before proceeding to anything else , make sure that you have set up the IP address
of the Server to be Static.
Follow the steps to make IP address set to static –
Open the network and sharing center
Click on Change Adapter Settings
• Right click on the network adapter
• Select Properties
• Select Internet Protocol Version 4
• Click Properties
• Type in your Static IP address configuration
• Click OK
28. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page27
Figure : Static IP on Microsoft Server
1. Open the Server Manager from the task bar.
2. From the Server Manager Dashboard, select Add roles and features.
Figure : Server’s Dashboard
This will launch the Roles and Features Wizard allowing for modifications to be
performed on the Windows Server 2012 instance.
29. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page28
Select Role-based or features-based installation from the Installation Type
screen and click Next.
3) The current server is selected by default. Click Next to proceed to the Server
Roles tab.
4) From the Server Roles page place a check mark in the check box next to
Active Directory Domain Services, DNS,and DHCP. A notice will appear
explaining additional roles services or features are also required to install
domain services, click Add Features
5) Review and select optional features to install during the AD DS installation
by placing a check in the box next to any desired features, and then click
Next.
Figure : Addition of Roles in Microsoft server
6) Review the information on the Tab and click Next.
7) On the Confirm installation selections screen, review the installation and
then click Install.
30. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page29
Note: The installation progress will be displayed on the screen. Once
installed, the AD DS role will be displayed on the ‘Server Manager’ landing
page
Once the installation of DNS, DHCP and Active Directory roles is
complete you will get a notification in the Server Manager console to
“Promote this server to a domain controller” and to “Complete DHCP
configuration”. You can to run the “Promote this server to a domain
controller” first, click on that.
Figure : Notification after Installation
Configure Active Directory
Once the AD DS role is installed the server will need to be configured for
your domain.
1) If you have not done so already, Open the Server Manager from the task
bar.
2) Open the Notifications Pane by selecting the Notifications icon from the
top of the Server Manager. From the notification regarding configuring AD
DS, click Promote this server to a domain controller.
31. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page30
Figure : Configure Active Directory
3) You can change the name of your server if you want to, it can be done in
following way which is demonstrated by the above given figures –
(i) From the LOCAL SERVER display board, double click
on computer name. the following dialog box will
appear
32. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page31
(ii) Now click on change to rename your server
(iii) Now enter the desired name for computer and for your
workgroup.
(iv) Click OK to finish it.
(v) The changed computer name along with the workgroup
name will be seen on LOCAL SERVER display board
as shown in figure.
33. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page32
Figure – Updated Computer name and Workgroup name.
4) From the Deployment Configuration tab select Add a new forest from the
radial options menu. Insert your root domain name into the Root domain
name field, and then click Next.
5) Select a Domain and Forest functional level, and then input a password for
the Directory Services Restore Mode (DSRM) in the provided password
fields
34. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page33
The DSRM password is used when booting the Domain Controller into
recovery mode.
6) Review the warning on the DNS Options tab and select Next. 7) Confirm
or enter a NetBIOS name and click Next.
8) Specify the location of the Database, Log files, and SYSVOL folders and then
click Next. (by default)
9) Review the configuration options and click Next.
10) The system checks to ensure all necessary prerequisites are installed on
the system prior to moving forward. If the system passes these checks,
proceed by clicking Install. After this the System will reboot.
Login into server again using your name and password.
Configure DHCP server
Log into the server and open DHCP in the start menu. You will notice that it is
not configured yet
35. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page34
1) “Complete DHCP configuration”.
2) This provides some tasks that need to be performed to enable the DHCP
server role to work properly after role installation.
Figure : The last page of Add Role Wizard after DHCP role installation 3)
Launch the DHCP post-install wizard and complete the steps required.
4) Creation of DHCP security groups (DHCP Administrators and DHCP
Users). For these security groups to be effective, the DHCP server service
needs to be restarted. This will need to be performed separately by the
administrator.
36. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page35
Figure : DHCP Post-Install configuration wizard – Introduction Page
5) Authorization of DHCP server in Active Directory (only in case of a
domain-joint setup). In a domain joined environment, only after the
DHCP server is authorized, it will start serving the DHCP client requests.
Authorization of DHCP server can only be performed by a domain user
that has permissions to create objects in the Net services container in
Active Directory.
37. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page36
Figure : DHCP Post-Install configuration wizard – Authorization Page 6)
After that, enter the scope name as you desire.
7) After that, define the IP address range for your DHCP scope.
38. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page37
Figure : IP adress range page 8)
Set Lease time.
9) Configure DHCP option.
10) After that, set Default gateway
39. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page38
11) Now enter Domain name and DNS server details. On the Domain
Name and DNS Servers screen, enter the IP addresses of all DNS
servers the client should use. Click Next when done
12) On the WINS Servers screen, if you have WINS servers add them
here. Click Next when done.
Most Windows environments no longer use WINS for name resolution.
Although, some legacy applications and hardware may still require it, so
check your environment before skipping this
40. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page39
13) On the Activate Scope page, select Yes, I want to activate this
scope now. A scope must be activated before it is allowed to assign
clients IP addresses. If you do not want to activate it at this time,
select No, I will activate this scope later. Click Next when done.
14) Click Finish.
9) 802.1X Authentication via WiFi – Active Directory +
Network Policy Server + Cisco WLAN + Group Policy
Here is how to implement 802.1X authentication in a Windows Server 2012 R2
domain environment using Protected-EAP authentication. By creating the
Network Policy server first, once we switch the authentication type from
whatever to 802.1X via RADIUS, our Network Policy Server will immediately
start processing requests and allowing machines on the domain. By configuring
the Cisco Wireless LAN Controller or Group Policy first, clients will try
connecting to a RADIUS server that doesn’t exist or present invalid credentials.
A. Active Directory
First, we need to create a security group in Active Directory to allow a list of
specific users and computers to login to the domain.
a) Create User Account in Server 2012 Domain Controller
Here I will create user account in server 2012 domain controller using AD Users
and Computers snap-in.
Step 1: Open AD Users and Computers snap-in from Server Manager.
41. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page40
Step 2: Create an Organizational Unit
Organizational Unit or simply OU is a container object of AD domain which can
hold users, computers, and other objects. Basically, you create user accounts and
computers inside an OU. I will create an OU named Management. Right-click
domain in AD users and Computers, choose New and click Organizational Unit.
Type Management to name the OU. Check the Protect container from
accidental deletion option. This option will protect this object from accidental
deletion.
42. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page41
Step 3: Create New User
Right-click the Management OU, click New and click User
Now type the user information. Type the first name and last name. Here user
logon name is the name that the user will use to actually log in the computer in
the network. So when user tries to log in, he will type this name on username
field. Now click Next.
43. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page42
Now type the password. Check user must change password at next logon. The
user will be forced to change the password when user logs in. Click Next.
Review the user configuration and click Finish.
You have successfully created a user account. You can open the properties of the
user account to tweak settings.
44. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page43
This process is useful if you have to create couple of user accounts. But imagine,
if you have to create hundreds or thousands of users. This process would be very
time-consuming. So to create many users within minutes you can use Windows
PowerShell scripts using NewADusercmdletor batch script using DsAdd
command.
In this example, we will allow any authenticated user or machine on the domain
to authenticate successfully to the RADIUS sever. In the screenshot below, we
can see I have added both Domain Users and Domain Computers to a security
group called WirelessAccess. Here is a screenshot with the above settings.
B. Network Policy Server
1. Open up Server Manager, click Add Roles, click Next on the
Before You Begin screen, check Network Policy and Access
Services and click Next, click Next on the Introduction screen,
check Network Policy Server (leave the rest unchecked) and click
Next, click Install.
45. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page44
46. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page45
47. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page46
2. Once Network Policy Server is installed, launch the Network Policy
Server snap-in (via MMC or Administrative Tools)
48. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page47
3. Inside of Network Policy Server, on NPC (Local), select RADIUS
server for 802.1X
Wireless or Wired Connections from the dropdown and click
Configure 802.1X
a) On the Select 802.1X Connections Type page, select Secure
Wireless Connections, and enter My Company’s Wireless. Click Next.
49. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page48
b) Click on the Add… button. Enter the following settings
▪ Friendly name: Cisco WLAN Controller
▪ Address: Enter your WLAN Controller’s IP address
▪ Select Generate, click the Generate button, and then copy down
the Shared Secret the wizard generated (we will use this later
to get the WLAN Controller to talk to the RADIUS server).
Click OK.
c) Click Next.
50. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page49
c) On the Configure an Authentication Method, select Microsoft:
Protected EAP (PEAP).
Click Next.
d) Click Next on the Specify User Groups (we will come back to this)
e) Click Next on the Configure Traffic Controls page.
51. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page50
f) Click Finish
4. Click on NPS (Local) -> Policies -> Network Policies. Right
click Secure Wireless Connections and click Properties.
5. Click on the Conditions tab, select NAS Port Type, and click
Remove
6. Still on the Conditions tab, click Add…, select Windows Groups
and click Add…, click Add Groups…, search for
WirelessAccess and click OK. Click OK on the Windows Groups
dialog box, click Apply on the Secure Wireless Connections
52. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page51
Properties box. You should now have something like the image
below:
53. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page52
Figure : Network Policy server
7. Click on the Constraints tab.
a) Uncheck all options under Less secure authentication methods.:
b) Click Apply.
54. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page53
C. Cisco WLAN
1. Login to your Cisco Wireless LAN Controller
2. Add a RADIUS server to your controller
a) Click on the Security tab
b) Select AAA -> Radius -> Authentication on the left side
c) Click the New… button in the top right
• Server IP Address: 192.168.10.100 (The IP address of your NPS
server we setup earlier)
• Shared Secret Format: ASCII
• Shared Secret: The long generated password you wrote down when
setting up the Network Policy Server
• Confirm Shared Secret: Same password in previous step
• Key Wrap: unchecked
55. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page54
• Port Number: 1812
• Server Status: Enabled
• Support for RFC 3576: Enabled
• Server Timeout: 2
• Network User: Checked
• Management: Checked
• IP Sec: Unchecked
• Here is a screenshot with the above settings
CISCO WLAN >Security> AAA>RADIUS
3. Create or modify a wireless network to use 802.1X
a) Click on the WLANs tab
b) Create a new wireless network or select an existing WLAN ID to
edit
56. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page55
c) On the “WLANs > Add/Edit ‘My SSID'” page, use the following
settings
d) Security tab
1. Layer 2 Tab
a) Layer 2 Security: WPA+WPA2
b) MAC Filtering: Unchecked
c) WPA+WPA2 Parameters 1. WPA Policy: Unchecked
2. WPA2 Policy: Checked
3. WPA2 Encryption: AES checked, TKIP unchecked
4. Auth Key Mgmt: 802.1X
d) Here is a screenshot of the above settings
Wlan> layer 2 policies
2. Layer 3 Tab
a) Layer 3 Security: none
Web Policy: unchecked
3. AAA Servers Tab
a) Authentication Servers: checked Enabled
b) Server 1: Select your RADIUS server from the dropdown
c) Local EAP Authentication: Unchecked
57. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page56
D. Group Policy
1. Go to your domain controller and open up the Group Policy
Management console.
2. Right click the Organizational Unit you want to apply to policy to
and select Create a GPO in this domain, and Link it here…
58. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page57
Note, the policy must be linked to the OU containing a group of machines you
want to have WiFi access to or a parent of the OU.
3. Enter in 802.1X WiFi Policy for the Name and click OK
4. Right click your new GPO and click Edit
5. Navigate to Computer Configuration->Policies->Windows
Settings->Security Settings->Wireless Network (IEEE 802.11)
Policies
6. Right click and select Create A New Wireless Network Policy for
Windows Vista and Later Releases
59. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page58
5. Ensure the following settings are set for your Windows Vista and
Later Releases policy
1. General Tab
a) Policy Name: My Wireless Policy for Vista and Later Clients
b) Description: Vista and later wireless network for my company.
c) Check Use Windows WLAN AutoConfigure service for clients
d) Here is a screenshot with the above settings
60. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page59
61. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page60
e) Click the Add… button and select Infrastructure
I. Connection Tab
Profile Name: My Network
1. Enter in your SSID (Wireless network name that gets broadcasted)
and click the Add… button
2. Check Connect Automatically when this network is in range
II. Security Tab
1. Authentication: WPA2-Enterprise
2. Encryption: AES
3. Select a network authentication method: Microsoft Protected EAP
(PEAP)
4. Authentication Mode: User or Computer authentication
5. Max Authentication Failures: 1
6. Check Cache user information for subsequent connections to this
network
7. Click OK
II. Network Permission Tab
62. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page61
a) Enter your network into Define permissions for viewing and connection
to wireless networks if it hasn’t been added already Uncheck Prevent
connections to ad-hoc networks
b) Uncheck Prevent connections to infrastructure networks
c) Check Allow user to view denied networks
d. Check Allow everyone to create all user profiles
e. Uncheck Only use Group Policy profiles for allowed networks
f. Leave all Windows 7 policy settings unchecked
g. Here is a screenshot with the above settings (to infrastructure
networks).
h. Click OK
1. Right click and select Create A New Windows XP Policy
2. Ensure the following settings are set for your Windows XP Policy
1. General Tab
a. XP Policy Name: My Wireless Policy for XP
Machines
b. Description: My wireless policy for XP machines.
c. Networks to access: Any available network (access
point preferred)
63. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page62
d. Check Use Windows WLAN AutoConfigure service
for clients
e. Uncheck Automatically connect to non-preferred
networks
2. Preferred Networks Tab
a. Click the Add… button and select Infrastructure
I. Network Properties Tab
1. Network name (SSID): My SSID
2. Description: My wireless network
3. Uncheck Connect even if network is not broadcasting
4. Authentication: WPA2
5. Encryption: AES
6. Check Enable Pairwise Master Key (PMK) Caching
7. Uncheck This network uses pre-authentication 8. Here is a picture
of the above settings
64. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page63
I. IEEE 802.1X Tab
1. EAP Type: Microsoft: Protected EAP (PEAP)
2. EAP Start Message: Transmit
3. Authentication Mode: User or Computer Authentication
4. Check Authenticate as computer when computer information is
available
5. Uncheck Authentication as guest when user or computer information
is unavailable
III. Click OK
65. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page64
10) INTRODUCING REDUNDANCY ON WLC’S
When an AP is fully joined to a controller, the AP learns of all the controllers
configured in that mobility group. Should the controllers that an AP is currently
registered with go down, the AP will send discoveries to any and all controllers
in the mobility group. Assuming one of the controller has the capacity to accept
the AP, the AP should join the least loaded controller it can find. If many
controllers in the mobility group, it can be difficult to determine what controller
the APs will join should their current controller fail.
If you want to have more control over how the APs move between controllers on
your network, you can configure the APs with Primary, Secondary & Tertiary
controller names. With the controller name configured on APs, the APs always
try to register the primary controller first. Should the primary controller go down,
the AP tries to register with the secondary controller. If the AP is not able to join
any of the configured controllers, it try to join any controller with Master
Controller setting configured, or if no Master Controller, then the least loaded
controller in the Mobility Group.
AP Failover priority can be used to determine who will register for a controller if
there is a contention. You can configure your wireless network so that the backup
controller recognize a join request from a higher priority AP and if necessary
disassociates a lower priority AP as a means to provide an available port for
higher fail over priority AP.
Before setting up redundancy, following are the points to remember –
• The setup provides redundancy for controllers across separate data centers
with low cost of deployment.
• These WLCs are independent of each other and do not share
configuration or IP addresses on any of their interfaces. Each WLC needs
to be managed separately, can run a different hardware and a different
66. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page65
software version, and can be deployed in different datacenters across the
WAN link.
• We must configure and manage both WLC separately.
• When a primary WLC resumes operation, the APs fall back from the
backup WLC to the primary WLC automatically if the AP fallback
option is enabled.
Step1: Configure both WLC’s and just make sure the hostname and IP address
used for management and the dynamic interfaces are different.
As we have configured the primary controller, we will configure the secondary
controller.
To configure the secondary controller, follow the direction as discussed in the
report earlier to configure the primary WLC.
The only difference will be the use of different IP address along with different
Hostname.
For Primary WLC, hostname- HumberController
IP add- 192.168.100.10
For Secondary WLC, hostname-HumberController2
IP add- 193.178.100.10
i Create WLAN
After configuring Secondary WLC, create a Wlan as we did in Primary
WLC.
Figure: WLAN Edit page ii Create DHCP Scope
Next we have to create a DHCP pool, in order to define the range of Ip
addresses.
67. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page66
Figure: DHCP SCOPE
Figure: DHCP Scope > Edit
iii Enabling RADIUS SERVER
Here we will be linking the Server we created on virtual machine, the one we
linked earlier for Primary WLC.
68. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page67
Figure: RADIUS Authentication Servers > New
Figure: Wlans > Edit > Security > AAA Servers
Step2: Go to Primary Controller GUI and navigate to Wireless > Access
Points > Global Configuration, then configure the backup controller on
the primary to point to the secondary controller.
Here is the screenshot of above mentioned step.
69. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page68
Figure: Primary WLC >
Wireless > Access Points > Global Configuration
Step3: Configure High Availability to input Primary and Backup controller IP
Address at Wireless AP.
Go to Wireless > Access Point > All APs, select specific AP and then Click on
High Availability tab.
Enter the primary WLC, secondary WLC IP and name here. Make sure that the
WLC name we entered on the AP high availability tab is correct and is case
sensitive.
Step4: Configure Mobility Group on both Primary and Secondary Controllers.
Go to Primary WLC GUI then navigate to Controller >
MobilityManagement > Mobility Groups and then click on new, enter the
details of secondary controller.
Here is the screenshot –
70. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page69
Figure: Primary WLC > Controller > Mobility Groups > New
Same on secondary WLC:
Go to Secondary WLC GUI then navigate to Controller >
MobilityManagement > Mobility Groups and then click on new, enter the
details of Primary controller.
71. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page70
Figure: Secondary WLC > Controller > Mobility Groups > New
HOW to FIND MAC ADDRESS OF WLC –
We will be needing MAC address of respective WLC’s in order to complete the
above given configuration.
To find MAC Address of the WLC, go to CONTROLLER > Inventory.
It will provide the Mac address. Here is the screenshot –
Figure: For MAC Address , go to Controller > Inventory
Step5: Enable Secondary Unit
Well, this option should be enabled on both the WLC’s for redundancy to work.
This option can be selected under CONTROLLER >GENERAL > HA SKU
Secondary Unit.
Here is the screenshot –
72. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page71
Figure : Controller > General > HA SKU Secodary Unit
73. SECURED WIRELESS NETWORK FOR AN ENTERPRISE WITH REDUNDANCY
HARKIRAT SINGH DHILLON TARANDEEP KAUR VARINDER SINGH
Page72
REFERENCES
1) http://www.cisco.com/c/en/us/td/docs/wireless/controller/80/configuration
guide/b_cg80/b_cg80_chapter_010.html
2) Project Report on Securing Wireless Network for an Enterprise By
Bhawandeep Singh & Amandeep Kaur
3) https://blogs.technet.microsoft.com/canitpro/2015/01/19/stepby-step-
creating-awork-folders-test-lab-deployment-in-windowsserver-2012-r2/
4) https://www.youtube.com/watch?v=0WyBxwJD_c0
5) http://www.cisco.com/c/en/us/support/docs/wirelessmobility/wireless-
vlan/71477ap-group-vlans-wlc.html 6)
http://www.cisco.com/c/en/us/support/docs/wireless/2500series-
wirelesscontrollers/113034-2500-deploy-guide-00.html#anc25 7)
http://www.cisco.com/c/dam/en/us/td/docs/solutions/SBA/Febru
ary2013/Cisco_SBA_ BN_WirelessLANDeploymentGuideFeb2013.pdf
8) https://mrncciew.com/2013/04/07/ap-failover/
9) https://rscciew.wordpress.com/2014/06/07/n1-high-
availabilityconfiguration-on-cisco-2504wlc/
10) http://www.cisco.com/c/en/us/td/docs/wireless/technology/hi_av
ail/N1_High_Availability_Deployment_Guide.pdf