Saturday 9 March 2013

Multicast Routing

One requirement is for multicast routing on wired network infrastructure. The current CCNP R&S Syllabus has had multicast removed, so there are some gaps that need to be filled for "Configure and Troubleshoot L2/L3 network infrastructure to support WLANs" section of the CCIE wireless blueprint.

PIM - Protocol Independent Multicast
IGMP - Internet Group Management Protocol

PIM Dense Mode

PIM Dense mode is not the most common used.

!configuration requirements
!
ip multicast-routing
!
interface fa0/1
ip pim dense-mode
!
!verification
show ip pim neighbor
!
!##Client Router
int fa0/1
ip igmp join-group 239.4.4.4
!
!##Source Router Interface
ping 239.4.4.4 source fa0/0
!
sh ip mroute

useful source:
http://www.youtube.com/watch?v=zBiEztnKfyw

PIM Sparse Mode

Includes Pull Technology
Rendezvous Point

configuration
!
!enable multicast
ip multicast-routing
!
!enable pim
interface fa0/1
 pim sparse-mode
!
!statically configure rp group (on all routers)
ip pim rp-address 10.10.10.1
!

source


Friday 8 March 2013

Logging Autonomous AP


Severity Levels 

0 Emergency
1 Alert
2 Critical
3 Error
4 Warning
5 Notification
6 Informational -default for remote host syslog
7 Debug! -default for console and terminal

Anatomy of a Syslog message 

[sequence number] + [time stamp] + [%] + [Facility] + [severity level] + [mnemonic]  + [description]

Defaults

In true cisco fashion you should always know your defaults 

logging buffer size 4096
timestamps disabled
sequencing disabled
logging sever none

Some commands

! enable optional timestamp and sequencing fields
!
service timestamp
service sequence-numbers
!
logging host x.x.x.x
!
!Logging  levels
!
logging console lvl
logging monitor lvl
logging trap lvl
!
!Verify
show logging
!

http://www.cisco.com/en/US/docs/wireless/access_point/12.4.25d.JA/Configuration/guide/scg12.4.25d.JA-chap21-msg-logging.html

Peer-to-Peer Blocking on Autonomous AP

In the CCIE wireless written exam blue print there is a section under Configure and Troubleshoot Autonomous AP deployment model, point 4.05(d) regarding peer-to-peer blocking. In my experience with WLC it is relatively straightforward to configure (an there is plenty of documentation). But it took some time to find out how to configure it on an Autonomous AP.

Firstly, It makes sense that on a guest wireless network you don't want to expose hosts on the same subnet to each other, for security reason. But if the Autonomous AP is configured in a default state it will happily forwarding frames at layer 2 between hosts on the same SSID  - this is where p2p blocking comes in.
As mentioned It took me some time to figure out how to exactly configure it

In this case I have a MBSSID configured on radio sub interface d0.10

Int d0.10
bridge-group 10 port-protected

This resulted in a failed ping between hosts connected to that ssid, what was interested to note was that hosts connected to different SSID on the same Autonomous AP could communicate with the 'guest' SSID even after I enabled protected mode. However, that makes sense as the AP is only blocking layer 2 communication. Once the packet reaches layer 3 (bound for another wireless host) the p2p command is no longer relavant because the hosts are not layer 2 peers.

I applied an ACL on the radio interface blocking communication to the 'Corporate WLAN' subnet and that solved the issue.

Note: If you had another autonomous AP broadcasting the same Guest SSID, they would be able to communicate. Security would need to be enabled on the wired infrastructure in the form of Private VLAN configuration.

Thanks to http://cciew.wordpress.com/2010/01/07/

Wireless Packet Filtering

Great post for get started with display filtering wireless captures in wireshark;
https://supportforums.cisco.com/docs/DOC-13664

Some other handy filters I have found to view certain types of fields based on the Frame Control Flags
  • Retries - wlan.fc.retry == 1
  • Fragmented Packet - wlan.fc.frag == 1
  • Data Encryption - wlan.fc.wep == 1

Configuring Autonomous AP Radio Settings

!
Source
http://www.cisco.com/en/US/docs/wireless/access_point/12.4.25d.JA/Configuration/guide/scg12.4.25d.JA-chap6-radio.html
!
!! MANUAL CHANNEL SELECTION
int do0
 channel x
!
!! ORIENTATION OF ANTENNA CONFIGURATION
int do0
  antenna transmit right
  antenna receive left
!
!! ANTENNA GAIN OF ANTENNA
int d0
 antenna gain 2
!
!
!! TRANSMIT POWER IN dBm OF THE ACCESS POINT
int d0
 power x
!
!! SPEED RATES SUPPORTED BY RADIO INTERFACE
!! BASIC- INDICATES REQUIRED DATA RATE
int d0
 speed 1.0 2.0 5.5 6.0 9.0 11.0 basic-12.0 16.0 24.0 36.0 48.0 54.0
!
!
!! dBm REQUIRED TO INDICATE MEDIUM IS AVAILABLE FOR ACCESS
inter d0
 cca 75
!
!
int d0
 packet retries 3 drop-packet
!
!


Friday 22 February 2013

CWNP Youtube Channel

http://www.youtube.com/user/cwnptv

Great youtube channel for some high level 802.11 media access and security information.