Xxipexpert Peter Saltarelli Wireless Volume 2 Workbook Complete

IPexperts Lab Preparation Workbook
Li
sa
lta
ce
ns
ed
el
o.
co
ho
ya
33
er
et
lip
ex
cl
r u
si
v
el
y
to
Pe
te
r
Sa
lta
r
el
li
for the Cisco CCIE v2.0 Wireless Lab Exam

Volume 2
IPexperts Workbook for the CCIE Wireless Lab Exam
Volume 2 Workbook
IPexperts Lab Preparation Workbook for

the Cisco CCIETM Wireless Lab Exam Volume 2
Before We Begin
el
li
This product is part of the IPexpert "Blended Learning Solution" that provides CCIE candidates
with a comprehensive training program. For information about the full solution, contact an
IPexpert Training Advisor today.
lta
r
Telephone: +1.810.326.1444
Email: sales@ipexpert.com
TM
o.
co
ho
Pe
te
r
Sa
Congratulations! You now possess one of the ULTIMATE CCIE Wireless Lab preparation
resources available today! This resource was produced by senior engineers, technical
instructors, and authors boasting decades of internetworking experience. Although there is no
TM
way to guarantee a 100% success rate on the CCIE
Wireless Lab exam, we feel VERY
confident that your chances of passing the Lab will improve dramatically after completing this
industry-recognized Workbook!
ya
33
er
et
sa
lta
Li
ce
ns
ed
el
lip
ex
cl
r u
si
v
el
y
to
Technical Support from IPexpert and your CCIE community!
IPexpert is proud to lead the industry with multiple support options at your disposal free of charge.
Our online communities have attracted a membership of over 20,000 of your peers from around
the world! At Blog.IPexpert.com you can keep up to date with everything IPexpert does, as well
as start your own CCIE-focused blog or simply add your existing blog to our directory so your
peers can find you. At OnlineStudyList.com, you may subscribe to multiple SPAM-free, CCIEfocused email lists.
v3150
Copyright by IPexpert, Inc. All Rights Reserved.
Volume 2 Workbook
Feedback
Do you have a suggestion or other feedback regarding this book or other IPexpert products? At
IPexpert, we look to you our valued clients for the real world, frontline evaluation that we
believe is necessary to improve continually. Please send an email with your thoughts to
feedback@ipexpert.com or call 1.866.225.8064 (international callers dial +1.810.326.1444).
TM
TM
In addition, when you pass the CCIE Lab exam, we want to hear about it! Email your CCIE
number to success@ipexpert.com and let us know how IPexpert helped you succeed. We would
like to send you a gift of thanks and congratulations.
TM
el
li
Additional CCIETM Preparation Material
to
o.
co
A message from the Author(s):
ho
Pe
te
r
Sa
lta
r
IPexpert, Inc. is committed to developing the most effective Cisco CCIE R&S, Security, Service
Provider, Voice and Wireless Lab certification preparation tools available. Our team of certified
networking professionals develops the most up-to-date and comprehensive materials for
networking certification, including self-paced workbooks, online Cisco hardware rental, classroom
training, online (distance learning) instructor-led training, audio products, and video training
materials. Unlike other certification-training providers, we employ the most experienced and
accomplished team of experts to create, maintain and constantly update our products. At
TM
IPexpert, we are focused on making your CCIE Lab preparation more effective.
ya
33
si
v
el
y
The scenarios covered in this workbook were developed by Wireless CCIEs to help you prepare
for the Cisco CCIE Wireless laboratory. It is strongly recommended that you use other reading
materials in addition to this workbook.
er
et
lip
ex
cl
r u
Training is not the CCIE Wireless workbook objective. The intent of these labs is to test your
knowledge and ability of implementing Cisco Enterprise Wireless Solutions.
sa
lta
ce
ns
ed
el
Time management is very important, if you get stuck on a lab scenario be sure to write it down.
Formulate a Checklist for skipped sections and then return to those sections once you have gone
through the entire lab. Be sure to revisit the questions that you do not understand.
Li
For more information on the CCIE Wireless lab, please visit

http://www.cisco.com/web/learning/le3/ccie/index.html and click on the link for Wireless on the
top-right of the page.
Helpful Hints
v3150
Keep It Simple, try to avoid any extra work (example: adding descriptions)
Always reference everything from the Documentation Website:
http://www.cisco.com/cisco/web/psa/default.html?mode=prod
Know your SRNDs well http://www.cisco.com/go/srnd
Save your router configurations often (wr is the quickest command)
Volume 2 Workbook
IPEXPERT END-USER LICENSE

AGREEMENT
END USER LICENSE FOR ONE (1) PERSON ONLY
IF YOU DO NOT AGREE WITH THESE TERMS AND CONDITIONS,
DO NOT OPEN OR USE THE TRAINING MATERIALS.
lta
r
el
li
This is a legally binding agreement between you and IPEXPERT, the Licensor, from whom you have licensed the
IPEXPERT training materials (the Training Materials). By using the Training Materials, you agree to be bound by the
terms of this License, except to the extent these terms have been modified by a written agreement (the Governing
Agreement) signed by you (or the party that has licensed the Training Materials for your use) and an executive officer of
Licensor. If you do not agree to the License terms, the Licensor is unwilling to license the Training Materials to you. In this
event, you may not use the Training Materials, and you should promptly contact the Licensor for return instructions.
te
r
Copyright and Proprietary Rights
Sa
The Training Materials shall be used by only ONE (1) INDIVIDUAL who shall be the sole individual authorized to use the
Training Materials throughout the term of this License.
o.
co
ho
ya
to
Pe
The Training Materials are the property of IPEXPERT, Inc. ("IPEXPERT") and are protected by United States and
International copyright laws. All copyright, trademark, and other proprietary rights in the Training Materials and in the
Training Materials, text, graphics, design elements, audio, and all other materials originated by IPEXPERT at its site, in its
workbooks, scenarios and courses (the "IPEXPERT Information") are reserved to IPEXPERT.
33
er
et
el
lip
ex
cl
r u
si
v
el
y
The Training Materials cannot be used by or transferred to any other person. You may not rent, lease, loan, barter, sell or
time-share the Training Materials or accompanying documentation. You may not reverse engineer, decompile, or
disassemble the Training Materials. You may not modify, or create derivative works based upon the Training Materials in
whole or in part. You may not reproduce, store, upload, post, transmit, download or distribute in any form or by any
means, electronic, mechanical, recording or otherwise any part of the Training Materials and IPEXPERT Information other
than printing out or downloading portions of the text and images for your own personal, non-commercial use without the
prior written permission of IPEXPERT.
ce
ns
Exclusions of Warranties
sa
lta
ed
You shall observe copyright and other restrictions imposed by IPEXPERT. You may not use the Training Materials or
IPEXPERT Information in any manner that infringes the rights of any person or entity.
Li
THE TRAINING MATERIALS AND DOCUMENTATION ARE PROVIDED AS IS. LICENSOR HEREBY DISCLAIMS ALL
OTHER WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, INCLUDING WITHOUT LIMITATION, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. SOME STATES DO NOT
ALLOW THE LIMITATION OF INCIDENTAL DAMAGES OR LIMITATIONS ON HOW LONG AN IMPLIED WARRANTY
LASTS, SO THE ABOVE LIMITATIONS OR EXCLUSIONS MAY NOT APPLY TO YOU. This agreement gives you
specific legal rights, and you may have other rights that vary from state to state.
Choice of Law and Jurisdiction
This Agreement shall be governed by and construed in accordance with the laws of the State of Michigan, without
reference to any conflict of law principles. You agree that any litigation or other proceeding between you and Licensor in
connection with the Training Materials shall be brought in the Michigan state or courts located in Port Huron, Michigan,
and you consent to the jurisdiction of such courts to decide the matter. The parties agree that the United Nations
Convention on Contracts for the International Sale of Goods shall not apply to this License. If any provision of this
Agreement is held invalid, the remainder of this License shall continue in full force and effect
v3150
Volume 2 Workbook
Limitation of Claims and Liability

ANY ACTION ON ANY CLAIM AGAINST IPEXPERT MUST BE BROUGHT BY THE USER WITHIN ONE (1) YEAR
FOLLOWING THE DATE THE CLAIM FIRST ACCRUED, OR SHALL BE DEEMED WAIVED. IN NO EVENT WILL THE
LICENSORS LIABILITY UNDER, ARISING OUT OF, OR RELATING TO THIS AGREEMENT EXCEED THE AMOUNT
PAID TO LICENSOR FOR THE TRAINING MATERIALS. LICENSOR SHALL NOT BE LIABLE FOR ANY SPECIAL,
INCIDENTAL, INDIRECT, OR CONSEQUENTIAL DAMAGES, HOWEVER CAUSED AND ON ANY THEORY OF
LIABILITY, REGARDLESS OF WHETHER LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
DAMAGES. WITHOUT LIMITING THE FOREGOING, LICENSOR WILL NOT BE LIABLE FOR LOST PROFITS, LOSS
OF DATA, OR COSTS OF COVER.
Entire Agreement
el
li
This is the entire agreement between the parties and may not be modified except in writing signed by both parties.
lta
r
U.S. Government - Restricted Rights
o.
co
Pe
te
r
Sa
The Training Materials and accompanying documentation are commercial computer Training Materials and commercial
computer Training Materials documentation, respectively, pursuant to DFAR Section 227.7202 and FAR Section 12.212,
as applicable. Any use, modification, reproduction release, performance, display, or disclosure of the Training Materials
and accompanying documentation by the U.S. Government shall be governed solely by the terms of this Agreement and
shall be prohibited except to the extent expressly permitted by the terms of this Agreement.
ho
ya
33
er
et
sa
lta
Li
ce
ns
ed
el
lip
ex
cl
r u
si
v
el
y
to
IF YOU DO NOT AGREE WITH THE ABOVE TERMS AND CONDITIONS, DO NOT OPEN OR USE THE TRAINING
MATERIALS AND CONTACT LICENSOR FOR INSTRUCTIONS ON RETURN OF THE TRAINING MATERIALS.
v3150
Volume 2 Workbook
IPexperts Mock Lab training exam for

the Cisco CCIETM Wireless Lab Exam
Volume 2
el
li
NOTE
o.
co
ho
ya
33
er
et
sa
lta
Li
ce
ns
ed
el
lip
ex
cl
r u
si
v
el
y
to
Pe
te
r
Sa
lta
r
You are encouraged to take advantage of the knowledge and support from your
peers around the globe. Join onlinestudylist.com to get more community support
and also official support from IPexpert.
v3150
Volume 2 Workbook
Table of Contents
IPEXPERT END-USER LICENSE AGREEMENT ............................................................................................... 3
END USER LICENSE FOR ONE (1) PERSON ONLY .................................................................................................... 3
U.S. Government - Restricted Rights ............................................................................................................................... 4
LAB 1: CCIE WIRELESS VERSION 2 A 8 HOUR TRAINING LAB .......................................................... 11
MOCK LAB 1: TOPOLOGY ................................................................................................................................ 12
LAB 1: PRE-LAB SETUP .................................................................................................................................... 13
el
li
LAB 1: PREREQUISITES: .................................................................................................................................. 13
Sa
lta
r
LAB 1: TABLES .................................................................................................................................................... 14

TABLE 1: VLAN AND SUBNET TABLE ................................................................................................................................. 14
TABLE 2: DEVICE IP ADDRESSES ......................................................................................................................................... 15
o.
co
ho
ya
33
el
y
to
Pe
te
r
LAB 1: 8 HOUR CCIE WIRELESS V2 MOCK LAB ......................................................................................... 16

1.0 CONFIGURE AND TROUBLESHOOT WIRED INFRASTRUCTURE TO SUPPORT WLAN'S ......................... 16
2.0 CONFIGURE AND TROUBLESHOOT INFRASTRUCTURE APPLICATION SERVICES .............................................. 18
3.0 CONFIGURE AND TROUBLESHOOT AUTONOMOUS DEPLOYMENT MODEL ......................................................... 19
4.0 CONFIGURE AND TROUBLESHOOT UNIFIED DEPLOYMENT MODEL .................................................................... 19
TABLE 3: WLC VLANS AND SSIDS .................................................................................................................................... 20
5.0 CONFIGURE AND TROUBLESHOOT WCS ................................................................................................................. 23
6.0 CONFIGURE AND TROUBLESHOOT WLAN SERVICES ........................................................................................... 24
er
si
v
LAB 2: CCIE WIRELESS VERSION 2, A 8 HOUR TRAINING LAB ............................................................ 26
et
lip
ex
cl
r u
el
LAB 2: PRE-LAB SETUP .................................................................................................................................... 29
sa
lta
ed
ce
ns
LAB 2: TABLES .................................................................................................................................................... 30

Li

TASK 1: CONFIGURE AND TROUBLESHOOT WIRED INFRASTRUCTURE TO SUPPORT WLANS

32
1.1 BASIC NETWORK DETAILS .......................................................................................................................................... 32
1.2 QOS ..................................................................................................................................................................................... 32
1.3 LAYER 2 CONFIGURATION .............................................................................................................................................. 33
1.4 TIME SYNCHRONIZATION ............................................................................................................................................... 33
1.5 MSE .................................................................................................................................................................................... 33
TASK 2: CONFIGURE AND TROUBLESHOOT WIRED INFRASTRUCTURE TO SUPPORT WLANS

34
v3150
Volume 2 Workbook
2.1 LIGHTWEIGHT APS DISCOVERY ..................................................................................................................................... 34

2.2 LIGHTWEIGHT APS SETTINGS ........................................................................................................................................ 34
2.3 SYSLOG ............................................................................................................................................................................... 35
TASK 3: CONFIGURE AND TROUBLESHOOT AUTONOMOUS DEPLOYMENT MODEL ............... 35
3.1 AP LOGGING ...................................................................................................................................................................... 35
3.2 SSID CONFIGURATION .................................................................................................................................................... 35
3.3 ADDITIONAL SETTINGS ................................................................................................................................................... 35
el
li
TASK 4: CONFIGURE AND TROUBLESHOOT UNIFIED DEPLOYMENT MODEL ........................... 36

4.1 CONFIGURING MO OFFICE ............................................................................................................................................. 36
4.2 CONFIGURING HEADQUARTER OFFICE ........................................................................................................................ 36
4.3 CONFIGURING GUEST SOLUTION ................................................................................................................................... 37
Sa
lta
r
TASK 5: CONFIGURE AND TROUBLESHOOT WCS ................................................................................ 37

5.1 ADDING WLCS ................................................................................................................................................................. 37
5.2 ADDING MOBILITY SERVICES ........................................................................................................................................ 37
5.3 CONFIGURING WCS ......................................................................................................................................................... 37
o.
co
ho
to
Pe
te
r
TASK 6: CONFIGURE AND TROUBLESHOOT WLAN SERVICES ........................................................ 38

6.1 RADIO MANAGEMENT ...................................................................................................................................................... 38
6.2 CONTROLLER SECURITY ................................................................................................................................................. 38
6.3 VOICE SETTINGS ............................................................................................................................................................... 39
ya
el
y
LAB 3: CCIE WIRELESS VERSION 2 ............................................................................................................... 40
33
si
v
8 HOUR TRAINING LAB 3 ................................................................................................................................ 40
er
et
lip
ex
cl
r u
LAB 3: PRE-LAB SETUP .................................................................................................................................... 42
el
sa
lta
ce
ns
ed
LAB 3: TABLES .................................................................................................................................................... 43

Li

1.0 CONFIGURE AND TROUBLESHOOT WIRED INFRASTRUCTURE TO SUPPORT WLAN'S ......................................... 45
L2 switching in HQ: ............................................................................................................................................................ 45
L3 routing: .............................................................................................................................................................................. 45
MO routing and switching: .............................................................................................................................................. 46
QOS: ........................................................................................................................................................................................... 46
2.0 CONFIGURE AND TROUBLESHOOT INFRASTRUCTURE APPLICATION SERVICES .................................................. 47
NTP: ........................................................................................................................................................................................... 47
AP management: ................................................................................................................................................................. 47
Switching security: ............................................................................................................................................................. 48
3.0 CONFIGURE AND TROUBLESHOOT AUTONOMOUS DEPLOYMENT MODEL ............................................................. 48
Autonomous setup: ............................................................................................................................................................. 48
v3150
Volume 2 Workbook
Sa
lta
r
el
li
4.0 CONFIGURE AND TROUBLESHOOT UNIFIED DEPLOYMENT MODEL ........................................................................ 49

WLC management: ............................................................................................................................................................. 49
AP Priming: ............................................................................................................................................................................ 50
Guests: ...................................................................................................................................................................................... 50
Mobility: ................................................................................................................................................................................... 51
Interference and radio settings: ................................................................................................................................... 51
AP registration security and local radius: ................................................................................................................ 51
Client connection testing: ................................................................................................................................................ 52
Rouge detection: .................................................................................................................................................................. 52
5.0 CONFIGURE AND TROUBLESHOOT WCS ...................................................................................................................... 52
WCS: .......................................................................................................................................................................................... 52
MAPs: ........................................................................................................................................................................................ 53
6.0 CONFIGURE AND TROUBLESHOOT WLAN SERVICES ............................................................................................... 53
Wireless Voice: ...................................................................................................................................................................... 53
LAB 4: CCIE WIRELESS VERSION 2 ............................................................................................................... 55
te
r
8 HOUR TRAINING LAB 4 ................................................................................................................................ 55
o.
co
Pe
ho
to
LAB 4: PRE-LAB SETUP .................................................................................................................................... 57
ya
el
y
33
er
et
ex
cl
r u
si
v
LAB 4: TABLES .................................................................................................................................................... 58

sa
lta
Li
ce
ns
ed
el
lip

L2 switching in HQ: ............................................................................................................................................................ 60
L3 routing: .............................................................................................................................................................................. 60
MO routing and switching: .............................................................................................................................................. 61
QOS: ........................................................................................................................................................................................... 61
Multicast .................................................................................................................................................................................. 61
NTP: ........................................................................................................................................................................................... 62
AP management: ................................................................................................................................................................. 62
WLC management: ............................................................................................................................................................. 63
AP Priming: ............................................................................................................................................................................ 64
v3150
Volume 2 Workbook
Guests: ...................................................................................................................................................................................... 65
Client connection testing: ................................................................................................................................................ 66
Clean AIR: ............................................................................................................................................................................... 66
WCS: .......................................................................................................................................................................................... 67
MAPs: ........................................................................................................................................................................................ 67
Wireless Voice: ...................................................................................................................................................................... 67
LAB 5: CCIE WIRELESS V2 ............................................................................................................................... 69
el
li
8 HOUR TRAINING ............................................................................................................................................. 69
lta
r
Sa
LAB 5: PRE-LAB SETUP .................................................................................................................................... 71

o.
co
Pe
te
r
LAB 5: TABLES .................................................................................................................................................... 72

ho
ya
33
er
et
sa
lta
Li
ce
ns
ed
el
lip
ex
cl
r u
si
v
el
y
to

L2 switching in HQ: ............................................................................................................................................................ 74
L3 routing: .............................................................................................................................................................................. 74
QOS: ........................................................................................................................................................................................... 75
Multicast .................................................................................................................................................................................. 75
NTP: ........................................................................................................................................................................................... 75
AP management: ................................................................................................................................................................. 76
WLC management: ............................................................................................................................................................. 78
AP Priming: ............................................................................................................................................................................ 79
Guests: ...................................................................................................................................................................................... 79
Management: ........................................................................................................................................................................ 80
Clean AIR: ............................................................................................................................................................................... 80
WCS: .......................................................................................................................................................................................... 80
MAPs: ........................................................................................................................................................................................ 80
v3150
Volume 2 Workbook
o.
co
ho
ya
33
er
et
sa
lta
Li
ce
ns
ed
el
lip
ex
cl
r u
si
v
el
y
to
Pe
te
r
Sa
lta
r
el
li
Clean Air: ................................................................................................................................................................................. 81

Wireless Voice: ...................................................................................................................................................................... 81
v3150
10
Volume 2 Workbook
Pe
lta
r
Lab Overview
o.
co
te
r
Sa
1.0 Configure and troubleshoot wired infrastructure to

support WLAN's
2.0 Configure and Troubleshoot Infrastructure Application
Services
3.0 Configure and Troubleshoot Autonomous deployment
model
4.0 Configure and Troubleshoot Unified deployment model
5.0 Configure and Troubleshoot WCS
6.0 Configure and Troubleshoot WLAN Services
el
li
Lab 1: CCIE Wireless Version 2

a 8 hour training Lab
ho
ya
33
er
si
v
el
y
to
This lab will test your knowledge on several items of CCIE Wireless
blueprint version 2. The wording in the LAB questions might seem extra
hard because they are meant to prepare the candidate to read in between
the lines. The network and WLCs are partly pre-configured in order to save
time but some of the configurations have to be altered to meet the exam
requirements
et
sa
lta
ce
ns
ed
el
lip
ex
cl
r u
The fact that WLC are pre-configured doesnt mean that there are no tasks
where you have to rectify wrong pre-configs or make some small changes,
both on the WLCs and the network. Those are all part of solving this lab.
Throughout this lab you may expect to rectify basic IP connectivity issues
on more than one occasion. This is meant to prepare the candidate not to
take anything for granted and stay focused while the lab tries to confuse
you.
Li
This lab will use ALL equipment in the LAB 1: topology. Refer to the names
of the equipment on that topology.
When configuring WLANs/ SSIDs. The lab refers to SSID-XX replace XX
with your pod number where POD01 is for example SSID-01
Unless otherwise indicated, use admin for usernames and IPexpert123
for passwords.
It is strongly advised to read the whole LAB over before you start
configuring. And in each section read it briefly over to refresh. In some
sections some later tasks would better be done first
Estimated Time to Complete: 8 hours
v3150
11
Volume 2 Workbook
o.
co
ho
ya
33
er
et
sa
lta
Li
ce
ns
ed
el
lip
ex
cl
r u
si
v
el
y
to
Pe
te
r
Sa
lta
r
el
li
Mock Lab 1: Topology
v3150
12
Volume 2 Workbook
Lab 1: Pre-Lab Setup

Physically connect and configure your network according to Diagram 1.
The switches are pre-configured with some VLANs and IP addresses.
lta
r
el
li
Lab 1: Prerequisites:
te
r
If using your own hardware:
Sa
This lab will rely on the network infrastructure. You will need to pre-configure the
network with the base configuration files.
o.
co
ho
el
y
If you are using Proctor Labs:
ya
to
Pe
Login to IPexpert.com, navigate to the My Downloads area, download IPexpert

Wireless Volume 1 Configs, find the Lab 1 INITIAL Configs, and copy and paste the
proper switch files to the proper devices.
33
er
et
sa
lta
Li
ce
ns
ed
el
lip
ex
cl
r u
si
v
Log on to your Wireless vRack Web UI and navigate to near the top of the web page,
click the Load Lab button and choose: IPexpert WIFI Volume 2 Workbook Lab 1
INITIAL
v3150
13
Volume 2 Workbook
Lab 1: Tables
VLAN Name
Subnet
Netmask
Servers
10.10.210.0
/24
10
HQSwitchMgmt
10.10.10.0
/24
11
HQGuest1
10.10.11.0
/24
12
HQData1
10.10.12.0
/24
13
HQData2
10.10.13.0
/24
14
HQData3
10.10.14.0
15
HQVoice1
10.10.15.0
lta
r
16
HQVoice2
10.10.16.0
17
HQData4
10.10.17.0
20
MOSwitchMgmt
10.10.20.0
21
MOGuest1
10.10.21.64
22
MOData1
10.10.22.128
/26
23
MOVoice1
10.10.23.192
33
/26
105
HQServicePort
10.10.105.0
/24
110
HQAAP
10.10.110.0
/24
111
HQWLC1
10.10.111.0
/24
10.10.112.0
/24
v3150
/24
Sa
/24
/24
o.
co
ho
ya
el
y
to
Pe
te
r
/24
et
si
v
el
lip
ex
cl
r u
sa
lta
ed
HQWLC2
/25
/26
113
HQLAP1
10.10.113.0
/24
114
HQLAP2
10.10.114.0
/24
Li
ce
ns
112
el
li
VLAN
er
Table 1: VLAN and Subnet Table
120
MOWLC1
10.10.120.128
/26
121
MOLAP1
10.10.121.192
/26
999
VLAN999
n/a
n/a
14
Volume 2 Workbook
Table 2: Device IP Addresses

Device
Port
CAT1
NA
Connected
Device
NA
Connected
Port
IP Address
CAT2
NA
NA
10.10.10.3
CAT3
NA
NA
10.10.10.4
CAT4
NA
NA
10.10.20.1
ACS
NIC1
CAT2
Fa0/11
10.10.210.5
WCS
NIC1
CAT2
Fa0/11
10.10.210.6
CME
Fa0/0
CAT1
Fa0/4
10.10.210.20
lta
r
el
li
10.10.10.2
CAT2
Fa0/11
WLC1
Po1
CAT2
Gi0/1
WLC2
Po1
CAT3
Gi0/1
WLC3
Po1
CAT4
WLC4
Po1
CAT2
AAP1
Gi0
CAT1
AAP2
Fa0
CAT3
LAP1
Gi0
CAT1
LAP2
Fa0
LAP3
Gi0
LAP4
Gi0
ho
o.
co
Pe
to
ya
Fa0/2
33
si
v
el
y
Fa0/15
10.10.112.10
10.10.120.140
10.10.112.20
10.10.110.100
Fa0/1
10.10.113.x
CAT2
Fa0/2
10.10.114.x
CAT3
Fa0/3
10.10.114.x
CAT4
Fa0/4
10.10.121.x
CAT4
Fa0/5
10.10.121.x
et
lip
el
er
10.10.110.101
ex
cl
r u
Fa0/2
sa
lta
ed
ce
ns
Fa0
Fa0/1
10.10.111.10
Li
LAP5
10.10.210.10
Eth0
te
r
MSE
Sa
10.10.205.20 (Loop)
v3150
15
Volume 2 Workbook
Lab 1: 8 hour CCIE Wireless v2 Mock LAB

1.0 Configure and troubleshoot wired infrastructure to support
WLAN's
o.
co
ho
Pe
et
er
33
ya
to
ce
ns
L3 routing
sa
lta
ed
el
lip
ex
cl
r u
si
v
el
y
Sa
Cat1 will handle all VLANs and distribute them to Cat2. Cat3 will also get all
VLAN changes from Cat1
o Use Md5 encryption to protect the VLAN database on your 3 switches.
o Use ipexpert123 as the MD5 secret
Cat1 should be the root for odd numbered VLANs in the HQ
Cat2 should be the root for the even numbered VLANs in the HQ
Do not configure Cat3 for the last question above.
o From Cat3, Show commands should give the correct outcome to see
where the Root bridges are. Cat1 should be seen as root for odd
numbered VLANs and Cat2 for even numbered VLANs
Configure the 2 links between Cat1 and Cat2 to appear as one STP instance.
o Use a method that is Cisco proprietary negotiation method.
te
r
lta
r
el
li
L2 switching in HQ: To prepare your network we need to take extra care that the network is
properly set up. All future configurations with wireless components will rely on the network to
work. Please bear in mind that most wireless issues are related to the network. The Proctor
Labs lab environment will have some preconfigured equipment. It is up to you to change
configuration according to the requirements in this lab.
Li
Site HQ: Cat1 SVIs always have the last IP usable address from each VLAN network. Cat2
SVIs always have next IP address below in each VLAN network. VLAN 10 should be .2 on Cat1
and .3 on Cat2. Cat3 only needs SVI Interface and IP address in VLAN10 (HQSwitchMgmt). For
Cat3 VLAN10 SVI, Use IP address 10.10.10.4/24. VLAN 5 is preconfigured dont change that
as that will ruin management access to your servers.
Create the SVIs on your appropriate HQ switches and ensure you have
connectivity between all L3 interfaces. Refer to table 1 for the VLAN IDs. HQ,
MO have different VTP domains as can be seen in table 1.
Create a Loopback99 interface on your Cat1 with IP 10.99.99.99/32
v3150
16
el
li
lta
r
o Use a Cisco proprietary routing protocol to advertise Loopback99 to Cat2.

o Only advertise loopback99 in your configuration.
o Dont summarize the classful networks in your routing domain.
VLAN 12 should be redundant for Cat1 and Cat2
o On Cat1 and Cat2, Use a Cisco proprietary method to create a redundant
SVI for VLAN 12.
o The VLAN 12 virtual IP should be the next available IP address below
Cat1 and Cat2.
o Cat1 should always be the primary router for VLAN 12 and in case of
failure it should revert back when things go back to normal.
Create a DHCP pool for VLAN 12. The pool starts from .65 and ends with .125.
Configure redundant DHCP pool between Cat1 and Cat2.
o.
co
te
r
ho
Pe
ya
to
er
33
el
y
lip
On all routers and switches, trust layer2 and layer3 QOS markings where
appropriate.
Tune your COS to DSCP mapping (and vice versa) as Cisco best practices
recommend
o VoIP SCCP AVVID gets value of 24 (CS3) instead of the default 26
(AF31) VoIP RTP stream gets value of 46 (EF) instead of the default 40.
The traffic from MO should have a policy that marks skinny traffic and RTP VOIP
traffic.
o Skinny is TCP port 2000
o RTP traffic is UDP port range 16384 to 32767.
o It is uncertain that the ISP is marking the packets correctly over the WAN.
Ensure the correct marking is maintained.
v3150
sa
lta
ce
ns
Li
ed
el
ex
cl
r u
QOS
et
Create VLANS and SVIs for Cat4 according to table 1.

Cat4 should not exchange VLAN configuration with other switches.
Cat4 should participate in routing updates and exchange routing tables with HQ.
Only advertise the needed networks over the routing protocol.
Cat4 SVIs always use the first IP address per SVI.
Dont summarize the classful networks as before.
si
v
Sa
MO routing and switching
Volume 2 Workbook
17
Volume 2 Workbook

Services
NTP
el
li
lta
r
er
et
sa
lta
Li
ce
ns
ed
el
lip
ex
cl
r u
33
el
y
LAP2 (f0/2 on Cat2) and LAP3 (F0/3 on Cat3) should discover WLC2 and WLC4
with DHCP (dont use DNS).
o Future APs will use the DHCP information to load balance new APs
between the WLC2 and WLC4. Name the APs from their default name to
the name in table 1. Subnets for those APs are listed in table 2. Configure
your network accordingly
o Use your Microsoft DHCP server to accomplish this.
o Exclude the range from 1 to 20 and 200 to 254.
o Microsoft DHCP server is 10.10.210.6
Make sure that WLC2 will be primary and WLC4 secondary Controllers for LAP2
and LAP3. Mobility group should be named HQ.
LAP4 and LAP5 should join WLC4 with DNS lookup configured on Microsoft
DNS. Set those APs on VLAN 121 on Cat4.
si
v
to
HQ
Sa
Pe
AP management
o.
co
te
r
ho
ya
Use NTP server on WCS to synch time for all your wireless network devices
including the WLCs. WCS is 10.10.210.6
Controllers should synch time every 2 hours.
Cat1 should be the NTP master for all switches. Use password "ipexpert" for
NTP authentication. Use UTC time zone 0.
Cat1 should answer NTP requests only on VLAN 10 and only allow switches in
your network to synch time with Cat1. Cat2 uses VLAN 5 IP, Cat4 uses VLAN 20
IP and Cat3 uses VLAN10 IP address for NTP communications.
Dont forget the autonomous APs!
Switching security
v3150
All LAP AP Ports should go to STP Forwarding mode immediately

In MO, all switch ports with access points should block traffic if BPDUs are
advertised over the port.
18
Volume 2 Workbook
In HQ, all switch ports with access points should get disabled if BPDUs are
advertised over the port.
3.0 Configure and Troubleshoot Autonomous deployment

model
el
li
Autonomous Setup
o.
co
ho
ya
33
er
et
Configure and Troubleshoot Unified deployment model
Li
4.0
ce
ns
ed
sa
lta
el
lip
ex
cl
r u
si
v
el
y
to
Pe
Make a Layer 2 only VLAN 999 on AAP2 connected switch to avoid loops in your
network.
AAP2 will connect to AAP1 with 802.1x security. SSID is crane-xx Username is
crane and password is aluminum.
o AAP1 will authenticate the crane user. And the industrial PC should be on
VLAN 17. As the industrial PC is not ready yet. Configure DHCP on AAP2
to see DHCP work. Configure DHCP on Cat1 for VLAN 17. Exclude the
first 9 addresses.
o Use the most secure EAP option that is Cisco proprietary
The Crane is mobile. Ensure that it only scans non-overlapping channels in your
2.4 GHz frequency. So it uses the least time to scan channels when moving
around.
Ensure that the association reliable. So the AP disassociates clients only after
127 packets are lost.
te
r
Sa
lta
r
An aluminum company has mobile cranes in their manufacturing area. Those cranes will have
industrial computers on board with Ethernet ports (no wireless). You need to use AAP2 to
connect the industrial computer to the wireless network
WLC management
WLC1 has its Service Port connected to Cat1.
v3150
Connect the SP on VLAN 5. Use DHCP from Cat2 for the SP. The SP port
should always get the 10.10.210.50 address. This should only work for WLC1 SP
interface. Default gateway advertised by the DHCP scope should be VLAN 5 SVI
on Cat1.
19
It is required that users from Cat4 MOData1 can reach this SP and manage it.
Pinging that address from the MOData1 VLAN should work. Remove this
configuration after you have made it work. Why?
On WLC1 guests should see the name guests.proctorlabs.com in their web
browser URL when doing guest authentication. This name should resolve on
your DNS server (Microsoft server 10.10.210.6) to WLC1 virtual IP address.
All WLCs should have IP management Interfaces according to table 2 Verify it
is all correct.
Configure appropriate VLAN interfaces per WLC according to table 3.
el
li
Volume 2 Workbook
Sa
lta
r
Table 3: WLC VLANs and SSIDs

WLC IP Address
Default gateway
WLAN
WLC1
Vlan 11
10.10.11.252/24
10.10.11.254
HQ-guests-XX
WLC2
WLC1 Anchor
NA
WLC2
Manageme
nt
Vlan 13
10.10.13.50/54
10.10.13.254
WLC2
Vlan 15
10.10.15.50/24
WLC3
Vlan 22
10.10.22.130/26
WLC4
WLC1 Anchor
WLC4
Manageme
nt
Vlan 13
WLC4
Vlan 15
10.10.15.51/24
o.
co
ho
Pe
to
ya
33
10.10.22.129
NA
er
si
v
el
y
10.10.15.254
et
HQ-guests-XX
Client-Vlan-XX
voip-5ghz-XX
MOData1-XX
HQ-guests-XX
10.10.13.254
Client-Vlan-XX
10.10.15.254
voip-5ghz-XX
sa
lta
ed
el
lip
ex
cl
r u
10.10.13.51/24
Interface
te
r
Device
v3150
The CLI prompt should represent each WLC. For example WLC1
Set up etherchannel for both interfaces on WLC2. Ensure that APs are load
balanced across the WLC2 ports according to best practices.
QOS needs to be tagged using 802.1p on the management VLAN of all WLCs
Only needed VLANs should traverse over to each WLC in the network.
Li
ce
ns
VLANs on Switches should already be done and working in the first part of this lab.
20
Volume 2 Workbook
AP Priming
LAP2 and LAP3 should have redundant WLCs for WLC2 and WLC4.
Ensure that LAP2 will be given priority over other devices when requesting PoE.
Guests
el
li
lta
r
Sa
ya
33
er
et
lip
el
sa
lta
Li
ce
ns
ed
ex
cl
r u
si
v
el
y
to
o.
co
te
r
ho
Configure Client-Vlan11 on port 1 on WLC1.

o Use .252 for the WLC IP address. See table 3.
Configure WLC1 port 2 to be the primary management port connected to Cat1.
And port 1 connected to Cat2 to be redundant for the WLC1 operation.
Configure port 1 so no other VLANs are allowed except guests and for
redundancy purposes (above)
Guests should be able to ping and telnet to the .254 SVI on Cat2 and nothing
else. This restriction should not be applied to the WLAN. DNS and DHCP
should also work for the clients.
Configure the WLC1 to restrict the above mentioned access. DNS server IP is
10.10.210.6
Create the WLAN HQ-guests-xx on all HQ WLCs. HQ WLCs should transport
all guest access traffic to WLC1 Vlan 11 and they should traverse out of Port1 on
WLC1.
o Use SSID HQ-guests-XX
o No encryption
o Web-splash page will authenticate guest users locally on WLC1
o The guest SSID has to work on all APs in the HQ
Guests use DHCP on WLC1. Issue 15 address pool starting from 10.10.13.15
Create a lobby admin account on WLC1 and with this account, create a guest
user that lasts for 4 hours. Lobby account User is lobby password Lobby123.
Guest user is guest4 password ipexpert123
Test the connection from the Win7 client and test the telnet and ping connectivity.
The laptop is reachable from the WCS server using VNC to 10.10.210.4
password IPexpert123
Pe
Mobility
v3150
HQ users should be able to roam seamlessly between WLC2 and WLC4. This is
not needed for WLC3 in MO.
o Use the mobility name HQ when accomplishing this.
All HQ WLCs should check their mobility members every 15 seconds.
21
Volume 2 Workbook
Interference and radio settings

On your 802.11g network, the 2.4 GHz channel 11 near LAP1 is unusable because of foreign
interference. Join your LAP1 AP manually to WLC4 without DHCP, DNS information passed to
the AP. LAP1 should belong to VLAN113.
lta
r
el
li
Make sure that your LAP1 uses the lowest 2,4Ghz frequency channel in the
future.
On all your controllers change the utilization trap to trigger at 87% in your 5 GHz
radio only.
AP registration security and local radius
o.
co
te
r
ho
Pe
ya
to
er
33
el
y
el
Client connection testing
et
si
v
lip
Ensure that only those APs can join WLC3 and no other APs
Configure local radius on WLC3 for WLAN MOData1 VLAN for SSID is
MOData1-XX in table 3. WLC VLAN 22 IP is 10.10.22.130/26
Use PEAP mschapv2 authentication. username localpeap password localradius.
Security is WPA1 with software encryption:
Configure DHCP on WLC3 for these SSID clients. Give out 131 and 132
addresses of the scope.
Test connectivity with AnyConnect on your test PC
ex
cl
r u
Sa
MO should only allow LAP4 and LAP5 to join WLC3
v3150
sa
lta
ce
ns
SSID Client-Vlan13-XX
o This SSID should exist on WLC2 and WLC4. Clients should terminate at
Vlan13. Table 3 shows what IP goes on the Controllers VLAN13
Use ACS and EAP-FAST authentication. The RADIUS preshared key is
ipexpert123. First SSH from the windows machine with admin and IPexpert123
then configure a user acsadmin password IPexpert123.
o Set youre your ACS to use NTP at IP 10.10.210.6
o Use client username tarzan with password jane
o Allow OFDM only for this SSID.
o Advertise 802.11i in your beacons but also enable for software encryption
to work over 802.11i for older clients.
o DHCP should be set up on Cat1
Li
ed
Your AnyConnect client needs to connect to the Client-Vlan13-XX WLAN in HQ. Configure your
network to meet the requirements below:
22
Volume 2 Workbook
o On LAP2 this SSID should bypass the controller for data traffic and go to
VLAN 12. Dont use AP-groups to make this work.
o Configure the switch connected to LAP2 to support this scenario. LAP2
should use its current VLAN for management. DHCP for VLAN 12 is on
Cat1.
Test this configuration and see the IP address change on your AnyConnect
client.
Rouge detection
lta
r
It needs to see if Open access points (no security) are on your wired network.
o We need to detect rogue APs ASAP. Also Greenfield mode APs.
o Make sure that one of your APs connected to WLC3 accomplishes the
above
to
o.
co
Man-in-the-middle
ho
Pe
te
r
Sa
el
li
Your WLC3 should detect rouge access points.
ya
33
er
sa
lta
Configure and Troubleshoot WCS
Li
5.0
ce
ns
ed
el
lip
et
si
v
Configure all LAPs in your HQ network to validate RF information in order to

protect the integrity of your LAP APs.
ex
cl
r u
el
y
Your CEO was reading an article about man in the middle attacks and is worried that your HQ
Wireless system is vulnerable.
WCS Management
v3150
Manage all WLCs with WCS using the most secure method
o Username wcs password ipexpert.123-ipexpert.123
o Allow only this method to be used on the WLCs
23
Volume 2 Workbook
Maps
Put LAP2 LAP3 on floor 1 map on your WCS. Position the APs for best
coverage.
See how AIR-ANT2450S-R antennas will perform on LAP2 2.4 GHz Radio. The
antenna has also to face 25 towards the floor. Let the direction of the antenna
point down the map (90) Controllers shouldnt send information to WCS when
the APs change its power levels.
Configure and Troubleshoot WLAN Services
lta
r
6.0
Sa
Wireless Voice
On WLC2 and WLC4 in HQ:
ho
ya
to
33
er
et
lip
el
sa
lta
Only support 802.11e on this SSID and 7925 phones should get Platinum QoS
treatment. The 802.11e clients with this SSID will get mapped with 802.1p value
of 5 when they hit the wired network.
Support 27 voice streams. Only configure the data-rates necessary.
Deployment Guide specifies the following data rates
o 802.11b - Basic = 11, Optional = None
o 802.11g - Basic = 12, Optional = 18,24
o 802.11a - Basic = 12, Optional = 18,24
o 802.11b/g - Basic = 11, Optional = 12,18,24
The Cisco AP's support up to 27 calls, so there is no need for any speeds greater
than 24Mbps.
Li
ce
ns
ed
ex
cl
r u
si
v
el
y
o.
co
te
r
Deploy a SSID called voip-5ghz-XX This will be VLAN 15. WLC IP information
in table 3. DHCP is on Cat1 and should give out callmanager option about the
CME router 10.10.210.20
Allow only 5 GHz connections on this SSID.
o Use 802.11i encryption and ensure that Cisco 7925 phones can roam
seamlessly
o Phone uses EAP-FAST authentication. On your ACS configure the user
phone with password of ipexpert.
o Test it from your AnyConnect.
Make sure your phones have enough time to authenticate on the ACS so they
dont accidentally time-out while retrieving the PACs. Allow at least 20 seconds
to pass before giving up.
Pe
el
li
v3150
24
Volume 2 Workbook
o 13 Streams = 6Mbps
User your AnyConnect client to test the connectivity. You should be able to ping
the CME router from the desktop after connecting. It should work from the
AnyConnect client on the PC.
Pe
Technical Verification and Support
o.
co
te
r
Sa
lta
r
el
li
You are at the end of this marathon it is a bit long and some longer than the actual lab.
Especially chapter 4, but the wording can slow you down as it might do on the actual lab.
So I hope this was a good exercise. Do this lab many, many times to practice speed and
work on things you want to study in the meantime
ho
ya
el
y
to
To verify your configurations please review the Volume 1 Detailed Solutions Guide
that you received along with this Workbook. You can also find this document in
the eBook section of your www.IPexpert.com account.
33
si
v
Support is also available in the following ways:
er
et
sa
lta
Li
ce
ns
ed
el
lip
ex
cl
r u
IPexpert Support: www.OnlineStudyList.com

IPexpert Blog: blog.ipexpert.com
Proctor Labs Hardware Support: support@ipexpert.com
v3150
25
Volume 2 Workbook
o.
co
ya
to
Lab Overview
ho
Pe
te
r
Sa
lta
r
1. Configure and troubleshoot wired infrastructure to

support WLAN's
2. Configure and Troubleshoot Infrastructure
Application Services
3. Configure and Troubleshoot Autonomous
deployment model
4. Configure and Troubleshoot Unified deployment
model
5. Configure and Troubleshoot WCS
6. Configure and Troubleshoot WLAN Services
el
li
Lab 2: CCIE Wireless version 2

8 hour training Lab
33
er
et
el
lip
ex
cl
r u
si
v
el
y
blueprint version 2. The wording in the LAB questions might seem extra
hard because they are meant to prepare the candidate to read in between
the lines. The network and WLCs are partly pre-configured in order to save
time but some of the configurations have to be altered to meet the exam
requirements.
sa
lta
Li
ce
ns
ed
The fact that WLCs are pre-configured doesnt mean that there are no tasks
where you have to rectify wrong pre)configs or make some small changes,
both on the WLCs and the network. Those are all part of solving this lab.
Throughout this lab you may expect to rectify basic IP connectivity issues
on more than one occasion. This is meant to prepare the candidate not to
take anything for granted and stay focused while the lab tries to confuse
you.
This lab will use ALL equipment in the LAB 2: topology. Refer to the names
of the equipments on that topology.
When configuring WLANs/SSIDs, the lab refers to SSID-XX, replace XX
v3150
26
Volume 2 Workbook
Unless otherwise indicated, use admin for usernames and IPexpert123 for password
It is strongly advised to read the whole lab over before you start configuring. And in each section
read it briefly over to refresh. In some sections some later tasks would better be done first.
o.
co
ho
ya
33
er
et
sa
lta
Li
ce
ns
ed
el
lip
ex
cl
r u
si
v
el
y
to
Pe
te
r
Sa
lta
r
el
li
Estimated time to complete: 8 hours
v3150
27
Volume 2 Workbook
o.
co
ho
ya
33
er
et
sa
lta
Li
ce
ns
ed
el
lip
ex
cl
r u
si
v
el
y
to
Pe
te
r
Sa
lta
r
el
li
v3150
28
Volume 2 Workbook

This lab will focus on the network infrastructure. You will need to preconfigure the network with the base configuration files.
el
li
o.
co
Pe
te
r
Sa
lta
r
o Login to IPexpert.com, navigate to the eBooks/Downloads

area, download IPexpert Wireless Volume 2 Configs, find the
Lab 2 INITIAL Configs, and copy and paste the proper switch
files to the proper devices.
ho
ya
33
er
et
sa
lta
Li
ce
ns
ed
el
lip
ex
cl
r u
si
v
el
y
to
o Log on to your Wireless vRack Web UI and navigate to near the

top of the web page, click the Load Lab button and choose:
IPexpert WIFI Volume 2 Workbook Lab 2 INITIAL
v3150
29
Volume 2 Workbook
Lab 2: Tables
VLAN Name
Subnet
Netmask
Servers
10.10.210.0
/24
10
HQSwitchMgmt
10.10.10.0
/24
11
HQGuest1
10.10.11.0
/24
12
HQData1
10.10.12.0
/25
13
HQData2
10.10.13.0
/25
14
HQData3
10.10.14.0
15
HQVoice1
10.10.15.0
lta
r
16
HQVoice2
10.10.16.0
17
HQData4
10.10.17.0
18
HQWiredGuests
20
MOSwitchMgmt
10.10.20.0
21
MOGuest1
10.10.21.64
/26
22
MOData1
10.10.22.128
/26
23
MOVoice1
10.10.23.192
/26
32
HQData1-2
10.10.12.128
/25
33
HQData2-2
10.10.13.128
/25
10.10.14.128
/25
v3150
/25
Sa
/24
/24
o.
co
ho
ya
33
el
y
to
Pe
te
r
/24
et
si
v
el
lip
ex
cl
r u
sa
lta
ed
HQData3-2
/25
105
HQService
10.10.105.0
/24
110
HQAAPMgmt
10.10.110.0
/24
Li
ce
ns
34
el
li
VLAN
er
111
HQLWAP1
10.10.111.0
/24
112
HQLWAP2
10.10.112.0
/24
113
HQLWAP3
10.10.113.0
/24
114
HQLWAP4
10.10.114.0
/24
120
MOAPMgmt
10.10.120.128
/26
121
MOLWAP1
10.10.121.192
/26
999
VLAN999
30
Volume 2 Workbook

Device
Port
CAT1
NA
Connected
Device
NA
Connected
Port
IP Address
CAT2
NA
NA
10.10.10.3
CAT3
NA
NA
10.10.10.4
CAT4
NA
NA
10.10.20.1
ACS
NIC1
CAT2
Fa0/11
10.10.210.5
WCS
NIC1
CAT2
Fa0/11
10.10.210.6
CME
Fa0/0
CAT1
Fa0/4
10.10.210.20
lta
r
el
li
10.10.10.2
CAT2
Fa0/11
WLC1
Po1
CAT2
Gi0/1
WLC2
Po1
CAT3
Gi0/1
WLC3
Po1
CAT4
WLC4
Po1
CAT2
AAP1
Gi0
CAT1
AAP2
Fa0
CAT3
LAP1
Gi0
CAT1
LAP2
Fa0
LAP3
Gi0
LAP4
Gi0
ho
o.
co
Pe
to
ya
Fa0/2
33
si
v
el
y
Fa0/15
10.10.112.10
10.10.120.140
10.10.112.20
10.10.110.100
Fa0/1
10.10.113.x
CAT2
Fa0/2
10.10.114.x
CAT3
Fa0/3
10.10.114.x
CAT4
Fa0/4
10.10.121.x
CAT4
Fa0/5
10.10.121.x
et
lip
el
er
10.10.110.101
ex
cl
r u
Fa0/2
sa
lta
ed
ce
ns
Fa0
Fa0/1
10.10.111.10
Li
LAP5
10.10.210.10
Eth0
te
r
MSE
Sa
10.10.205.20 (Loop)
v3150
31
Volume 2 Workbook
Lab 2: 8 Hour CCIE Wireless v2 Mock Lab

Task 1: Configure and troubleshoot wired
infrastructure to support WLANs
1.1 Basic network details
el
li
lta
r
Sa
m
o.
co
te
r
ho
Pe
ya
to
1.2 QoS
v3150
et
sa
lta
Make sure that every port has the right QoS configuration. We want to trust layer
3 tagging of traffic on all ports susceptible to transport voice traffic.
The traffic from the headquarters should preserve its QoS tagging across the
WAN link to the remote office. It seems the ISP doesnt preserve this tagging so
make sure that the traffic is re-tagged accordingly after crossing the WAN.
Skinny uses TCP port 2000 and RTP uses UDP port range 16384 to 32767.
Make sure that you are as precise as possible and do not tag traffic that would
not be voice traffic.
Li
ce
ns
ed
el
lip
ex
cl
r u
si
v
33
er
To reach any internet (i.e. behind WAN / non-local) resource, switches from the
headquarters should use Cat2 as gateway since Cat2 has the right static route
towards outside.
When you need to create an interface on a WLC, use the last digit of the
management interface to determine the last digit of your dynamic interface. For
example, a WLC with a management ip on 10.10.110.10 will have all its dynamic
interfaces ending by .10
Connectivity between all Cat switches should be fine. Cat4 default gateway
should not be mentioned with an IP address but with an outgoing interface on
Cat4.
The 3 client VLANs are split in 2 between Cat1 and Cat2. Make sure that the
Catalysts do not operate on those VLANs as load-balanced gateway and
configure OSPF routing to make sure every switch is aware of those subnets.
OSPF should use a loopback interface to identify itself to other routers and Cat1
should be the designated router. OSPF updates should only be sent through
VLAN 10 when possible.
Make sure that only the necessary VLANs are allowed on each trunk ports.
el
y
32
Volume 2 Workbook
On Cat1, ports fa0/13 to fa0/20 included will be connected with desk IP phones
with laptops behind them. Those are not plugged in yet, but you need to prepare
the switch port configuration so that those ports use VLAN 23 for voice traffic and
VLAN 13 for the laptops. We also want those ports to be up and forwarding as
soon as something is plugged to them.
1.3 Layer 2 configuration
el
li
o.
co
ho
Pe
ya
to
er
33
el
y
et
Make sure that MSE stays in time synchronization with the WCS. Also
make sure that MSE will use admin/IPexpert123!! as credentials for
WCS to connect to it
Li
ce
ns
ed
1.5 MSE
sa
lta
el
lip
si
v
Make sure the two IOS access points synchronize their time with the WCS
server.
Cat1 should get his synchronization from the WCS server but the other
switches should get their synchronization from Cat1. They should do so
using IPexpert123 as authentication key.
On the WLCs, make sure they synchronize their time with the WCS and
the synchronization should happen every 2 hours. Also make sure that the
WLCs know they are in Pacific US time zone.
ex
cl
r u
te
r
1.4 Time synchronization
Sa
We want Cat1 to always be the root for all VLANs for spanning-tree purposes. In
case of failure, Cat2 has to be the one taking over the root role in case of Cat1
failure.
We want Cat3 to never be root. Moreover, we want Cat3 to switch its links
towards Cat2 in less than a second in case of failure of Cat1.
lta
r
v3150
33
Volume 2 Workbook
Task 2: Configure and troubleshoot wired

infrastructure to support WLANs
2.1 Lightweight APs discovery
el
li
WLC2
LAP5
v3150
ce
ns
LAP4
WLC2
Li
LAP3
el
LAP2
sa
lta
WLC4
ed
LAP1
lip
ex
cl
r u
o.
co
ya
33
er
Primary WLC
Secondary WLC
et
si
v
Make sure that it is possible to connect via console to all access points
with the username admin and password IPexpert123
Make sure that the APs know which are their preferred WLCs. Use the
table below:
el
y
to
2.2 Lightweight APs settings
ho
Pe
te
r
lta
r
Sa
LAP 2 and 3 must use the WCS server as DHCP server. That scope
should give an IP with the last digit between 100 and 200 to the APs. They
should learn WLC 2 IP address through DNS discovery. Once joined, they
should learn the IP address of WLC4 as well.
LAP 1 should use WCS server as DHCP server, but should discover WLC
4 through a DHCP option. That scope should give an IP with the last digit
between 100 and 200 to the AP
LAP 4 and 5 need to learn through DHCP the IP addresses of controllers
WLC 3 and 1. Cat4 should be the DHCP server for those access points.
LAP 4 and 5 should have WLC3 as primary controller and WLC1 as
secondary in case of failure of the remote office WLC.
Tertiary WLC
WLC2
WLC4
WLC4
WLC3
WLC1
WLC3
WLC1
Make sure that LAP1, 2 and 3 will never associate to WLC1 or WLC3.
34
Volume 2 Workbook
2.3 Syslog
Configure the autonomous access point AAP1 so that it logs the

messages usually appearing on console towards the WCS where a syslog
server is installed. The AP should use the facility local2.
Configure the controllers and all lightweight access points to log as well
towards the WCS syslog. Controllers should use facility local3 and APs
local4. They should all log up to warning level of logs.
Sa
lta
r
el
li
Task 3: Configure and troubleshoot Autonomous

deployment model
o.
co
ho
ya
to
33
er
sa
lta
ce
ns
ed
el
lip
et
si
v
Configure a bridge SSID called Bridge1 between AAP1 and AAP2. Make
sure they use WPA2-aes to connect to each other. AAP2 should
authenticate itself as admin/IPexpert123 with EAP-FAST and AAP1
should be the radius server for this purpose. On top of the VLAN of the
SSID, the bridge link should carry VLANs 11, 12 and 13. The SSID name
should be visible in beacons.
ex
cl
r u
el
y
3.2 SSID configuration
When we consult the Autonomous AP logs through show log, we noticed

it doesnt go back as much as we want to. Double the retaining capacity of
the logs messages shown through show log.
Pe
te
r
3.1 AP logging
3.3 Additional settings
v3150
Make sure that AAP2 will only try to connect to AAP1. Make sure that
AAP1 will only accept connections from AAP2. Make sure that the access
points retry packets 16 times after giving up but when they give up, they
should not cause the link to go down.
Configure the access points so that they use WMM, that they use the
802.11e QBSS and that they do the proper mapping between 802.1p CoS
and 802.11e UP (where the voice tag is not the same number in the 2
standards).
Li
35
Volume 2 Workbook
Task 4: Configure and Troubleshoot Unified

Deployment model
4.1 Configuring MO Office
o.
co
ho
ya
er
sa
lta
Li
ce
ns
ed
el
lip
et
WLC 2 and 4 should be configured with the same WLANs.

HQData SSID should use enterprise-class authentication with 802.11i
encryption. It should not forward traffic into any valid subnet until the user
authenticates at which point it will select the VLAN depending on the user
group. User admin belongs to user group department1; user john
belongs to department2 and user lisa to department3. Users from group
department1 should be granted access to VLAN 12 or 32 depending
where they connect from (Users connecting through WLC2 should use
lower numbered VLANs and users connecting through WLC4 should use
higher numbered VLANs). Users from group department2 should be
given access to VLAN 13 or 33 depending on the same conditions and
users from group department3 to VLAN 14 or 34. Users should have
their identity re-verified every 60 minutes and they should not be able to
use a static IP address. Since we know that old clients will use this SSID,
the WLC should not pay attention and take actions if clients refuse to roam
and stay connected at very bad signal strength. Clients of this SSID
should not be able to exchange files between themselves directly.
HQVoice SSID should use a shared-key authentication with RSN
encryption. It should balance the clients between VLAN 15 and 16.
ex
cl
r u
si
v
4.2 Configuring Headquarter Office
33
el
y
to
Pe
te
r
Sa
el
li
WLC3 is the remote office controller. WLC1 sits in the headquarters but is
a dedicated controller serving as fallback for WLC3. The clients will be
placed in VLANs 21, 22 and 23 respectively for guests, data and voice
clients. You have to make sure that traffic never gets released on the
headquarters side.
We need to make sure that the clients will be placed in that VLAN even if
the access points move to WLC1 because WLC3 went down.
The SSID MOGuest will have a pre-shared key IPexpert123 using
standards with the best RC4-based encryption as well as a web
authentication portal hosted on the controller itself.
The SSID MOData will use the best encryption standard available and will
authenticate users against ACS.
The SSID MOVoice will use a Cisco-proprietary fast roaming mechanism
and the best encryption/authentication standard among those that have no
fast-roaming mechanism on their own. The Cisco proprietary fast roaming
mechanism should not be mandatory to use the SSID.
lta
r
v3150
36
Volume 2 Workbook
HQGuest SSID should have no layer 2 security, a web authentication

portal and place clients in vlan11.
4.3 Configuring Guest solution

We need clients connected to a switchport that sits on VLAN 18 to be
intercepted and presented the web authentication login page that is
configured internally on WLC1. This VLAN should not be allowed in the
Core switches Cat1 and Cat2 and should stay at the access layer. They
should get an IP address in the subnet 10.10.11.x. Configure port fa0/12
on Cat3 for such guest usage. Cat2 should be the DHCP server for VLAN
11
lta
r
el
li
ho
et
er
33
ya
to
ce
ns
Li
sa
lta
Create a building with one floor and create a map for that floor. The
environment is a warehouse with the ceiling at 20 feet high and APs
placed at 12 feet high. Place the APs in every corner of the map. You
can find the floor image in the WCS c:\FTP\ folder.
Add MSE to WCS with both location and intrusion detection service
activated. Synchronize it with the map and controllers.
ed
el
5.2 Adding Mobility Services
lip
ex
cl
r u
si
v
Add all WLCs to WCS.

They should be managed with snmpv3 and should refuse any version 2
connection attempt.
They should be free of any community configuration and be configured
with v3 username and password admin/IPexpert12345 and the strongest
encryption mechanism
el
y
Pe
5.1 Adding WLCs
o.
co
te
r
Sa
Task 5: Configure and Troubleshoot WCS
5.3 Configuring WCS
v3150
Make sure that rogue APs can be seen on the map.

Select a rogue on the map and make sure that no alerts will be sent about
that rogue again and that it will not be contained by your access points.
37
Volume 2 Workbook
Task 6: Configure and troubleshoot WLAN

services
6.1 Radio management
o.
co
ho
ya
33
er
et
sa
lta
ce
ns
ed
el
lip
ex
cl
r u
si
v
el
y
to
Pe
te
r
Sa
lta
r
WLC1 and 3 are the only WLC susceptible to manage Medium Office
access points while WLC 2 and 4 are the only ones to manage
Headquarters access points. Make sure that WLC 2 and 4 talk to each
other (but not to 1 and 3) to elect RF-leader and make RF decisions while
WLC1 and 3 talk to each other but not to 2 and 4 for those decisions.
All WLCs should:
o Support all data rates above 11Mbps (included) on 2.4 GHz.
11Mbps being the only mandatory rate.
o The WLC will increase the power (if possible) on an AP if 5 clients
are detected to be sticking with low signal.
o Never bring an AP transmission power lower than 1dbm
o Support all data rates above 12Mbps (included) on 5 GHz. 12Mbps
being the only mandatory rate
o Support beamforming on 11n-class access points when dealing
with 11a/g clients.
o Lower the APs transmission power if several surrounding APs are
heard at -67 or louder.
o Support phones and devices that make their transmit power
variable depending on AP power level
o When selecting a channel for an AP, the WLC should take into
account the load of other Cisco APs as well as rogues in the
deployment (for example 2 APs could be on the same channel next
to each other if they have relatively low load).
o If CleanAir APs, thanks to their CleanAir chipset, detect a specific
source of interference, this should count in the algorithm decision if
its worth to change channel immediately.
el
li
Li
6.2 Controller Security
v3150
Make sure that only management subnets (VLANs 5, 111, 112, and 120
as well as the 10.10.0.0/24 subnet) can talk to WLC1. It should be
inaccessible from any other subnet.
38
Volume 2 Workbook
6.3 Voice settings

Ensure that both voice SSIDs follow usual VoWlan recommendations like :
o It must support the phones sending tagged voice UP traffic.
o They should allow phones to sleep and only wake up every 2
beacons for broadcast buffered traffic.
o The APs should not do off-channel scanning (for RRM, rogue
scanning purposes etc ..) in the 200ms after they last received a
voice-tagged frame (and only in this case)
o The AP should block phones to initiate a new call if there is not
enough bandwidth available and should therefore reserve 10% of
their bandwidth for roaming devices.
o For the medium access parameters, do not use the 802.11e
parameters but optimize the channel access timers for Voice. Also
limit the amount of wireless retries.
o.
co
ho
ya
33
er
et
sa
lta
Li
ce
ns
ed
el
lip
ex
cl
r u
si
v
el
y
to
Pe
te
r
Sa
lta
r
el
li
v3150
39
Volume 2 Workbook
Lab 3: CCIE wireless version 2

8 hour training Lab 3
Pe
Lab Overview
o.
co
te
r
Sa
lta
r
el
li

support WLAN's
2.0 Configure and Troubleshoot Infrastructure
3.0 Configure and Troubleshoot Autonomous
deployment model
4.0 Configure and Troubleshoot Unified deployment
model
ho
ya
33
er
si
v
el
y
to
blueprint version 2. The wording in the LAB questions might seem tricky but
they are supposed to prepare the candidate to read in between the lines.
The network and WLCs are partly pre-configured but some of the
configuration have to be altered to meet the exam requirements
et
sa
lta
ed
el
lip
ex
cl
r u
where you have to rectify wrong pre-configs or make some changes. Both
on the WLCs APs and the network. Those are all part of solving this lab.
Throughout this lab you may expect to rectify basic IP connectivity issues.
In this lab and the real lab we cannot take anything for and stay focused.
ce
ns
This lab will use All equipment in the LAB 1: topology. Refer to the names of
the equipment on that topology. Rectify names according to Table 2.
Li
When configuring WLANs/ SSIDs. If the lab refers to SSID-XX replace XX

for passwords. When not specially mentioned use 2,4 GHz frequency.
configuring. And read each section briefly over to refresh your memory. In
some sections some later tasks would better be done first. Tip: WCS
templates may seriously speed things up!
v3150
40
Volume 2 Workbook

CCIE Wireless v2 mock
lab 3 topology
el
li
Headquarters
lta
r
NIC
Internet
Sa
o.
co
Fa0/11
te
r
Fa0/22
Fa0/20
ho
Power
Injector
Fa0
LWAPP
LAP2
1242AG
Gi0
er
Fa0/8
et
Gi0/1
WLC4
2504
LWAPP
SP
Po2
Po1
Po2
LAP3
1042N
WAN
WLC2
5508
Remote Office
LWAPP
LAP4
1262N
WLC3
2504
LWAPP
Fa0/4
Gi0
Fa0/22
Li
ce
ns
ed
AAP2
1242AG
el
lip
Fa0
e
sa x
lta cl
r u
Gi0/2
si
v
Cat3
Fa0/16
ya
to
Fa0/20
Fa0/3
Po1
el
y
Fa0/22
Fa0/2
AAP1
1262N
Cat2
Fa0/15
Fa0/2
Fa0/24
LWAPP
LAP1
3502i
Gi0/1
Fa0/24
Pe
Fa0/23
Gi0
Fa0/2
Fa0/1
Gi0
Fa0/23
Fa0/22
Cat1
ACS/WCS/
MSE/Test PC
WLC1
5508
33
Fa0/4
CME
Po1
SP
Fa0/8
Gi0/2
Po2
Po1
Fa0/1
Po2
Fa0/2
Fa0
Cat4
Fa0/5
LAP5
1242AG
v3150
41
Volume 2 Workbook

lta
r
el
li
te
r
Sa
o.
co
ho
el
y
ya
to
Pe

33
er
et
sa
lta
Li
ce
ns
ed
el
lip
ex
cl
r u
si
v
INITIAL
v3150
42
Volume 2 Workbook
Lab 3: Tables
VLAN Name
Subnet
Netmask
Servers
10.10.210.0
/24
10
HQSwitchMgmt
10.10.10.0
/24
11
HQGuest1
10.10.11.0
/24
12
HQData1
10.10.12.0
/24
13
HQData2
10.10.13.0
/24
14
HQData3
10.10.14.0
15
HQVoice1
10.10.15.0
lta
r
16
HQVoice2
10.10.16.0
17
HQData4
10.10.17.0
20
MOSwitchMgmt
10.10.20.0
21
MOGuest1
10.10.21.64
22
MOData1
10.10.22.128
/26
23
MOVoice1
10.10.23.192
33
/26
105
HQServicePort
10.10.105.0
/24
110
HQAAP
10.10.110.0
/24
111
HQWLC1
10.10.111.0
/24
10.10.112.0
/24
v3150
/24
Sa
/24
/24
o.
co
ho
ya
el
y
to
Pe
te
r
/24
et
si
v
el
lip
ex
cl
r u
sa
lta
ed
HQWLC2
/25
/26
113
HQLAP1
10.10.113.0
/24
114
HQLAP2
10.10.114.0
/24
Li
ce
ns
112
el
li
VLAN
er
120
MOWLC1
10.10.120.128
/26
121
MOLAP1
10.10.121.192
/26
131
HOAP
192.168.100.0
/24
999
VLAN999
n/a
n/a
43
Volume 2 Workbook

Device
Port
CAT1
NA
Connected
Device
NA
Connected
Port
IP Address
CAT2
NA
NA
10.10.10.3
CAT3
NA
NA
10.10.10.4
CAT4
NA
NA
10.10.20.1
ACS
NIC1
CAT2
Fa0/11
10.10.210.5
WCS
NIC1
CAT2
Fa0/11
10.10.210.6
CME
Fa0/0
CAT1
Fa0/4
10.10.210.20
lta
r
el
li
10.10.10.2
CAT2
Fa0/11
WLC1
Po1
CAT2
Gi0/1
WLC2
Po1
CAT3
Gi0/1
WLC3
Po1
CAT4
WLC4
Po1
CAT2
AAP1
Gi0
CAT1
AAP2
Fa0
CAT3
LAP1
Gi0
CAT1
LAP2
Fa0
LAP3
Gi0
LAP4
Gi0
ho
o.
co
Pe
to
ya
Fa0/2
33
si
v
el
y
Fa0/15
10.10.112.10
10.10.120.140
10.10.112.20
10.10.110.100
Fa0/1
10.10.113.x
CAT2
Fa0/2
10.10.114.x
CAT3
Fa0/3
10.10.114.x
CAT4
Fa0/4
10.10.121.x
CAT4
Fa0/5
10.10.121.x
et
lip
el
er
10.10.110.101
ex
cl
r u
Fa0/2
sa
lta
ed
ce
ns
Fa0
Fa0/1
10.10.111.10
Li
LAP5
10.10.210.10
Eth0
te
r
MSE
Sa
10.10.205.20 (Loop)
v3150
44
Volume 2 Workbook
Lab 3: 8 hour CCIE wireless v2 Mock LAB

WLAN's
L2 switching in HQ:
o.
co
ho
Pe
ya
to
er
33
el
y
et
si
v
sa
lta
ce
ns
ed
el
lip
ex
cl
r u
Cat1 will handle all VLANs and distribute them to Cat2. Cat3 will also get all
VLAN changes from Cat1
o Use Md5 encryption to protect the VLAN database on your 3 switches.
o Use ipexpert123 as the MD5 secret. Domain is ipexpert
Create the VLANs in table 1 for your HQ switches.
Cat1 should be the root all VLANs
Cat2 should be the root for all VLANs if the root fails
Do not configure Cat3 for the last question above.
o From Cat3, show commands should give the correct outcome to see
where the root bridges are. Cat1 should be seen as root for all VLANs and
Cat2 will be the backup path. Prove that the backup path works by testing.
Configure the 2 links between Cat1 and Cat2 to appear as one STP instance.
o Use a method that has no negotiation.
te
r
Sa
lta
r
el
li
To prepare your network we need to take extra care that the network is properly set up. All
future configurations with wireless components will rely on the network. Please bear in mind that
most wireless issues are related to the network. The Proctor Labs lab environment will have
some preconfigured equipment. It is up to you to change configuration according to the
requirements in this lab.
L3 routing:
v3150
Site HQ: Do not configure or change anything that is not requested by the lab.
Cat1 is SVI has always the first IP address from each VLAN network.
Cat2 is SVI has always second IP address in each VLAN network.
For Cat3 VLAN10 SVI, Use IP address 10.10.10.4/24
VLAN 5 IP configuration should not be changed
VLAN10 ip configuration should not be changed (HQSwitchMgmt).
Li
45
MO have different VTP domains as can be seen in table 1. VLANs should flow
between all 3 switches in the HQ.
Create a Loopback99 interface on your CAT1 with ip 10.99.99.99/32
o Use a link state open standard based routing protocol to advertise
Loopback99 to CAT2.
o Only advertise loopback99 in your configuration.
o Dont summarize the classful networks in your routing domain.
VLAN 12 should be redundant for CAT1 and CAT2
o On CAT1 and CAT2, Use a Cisco proprietary method to create a
redundant SVI for VLAN 12.
o The VLAN 12 virtual IP should be the next available ip address after CAT1
and CAT2 .
o CAT1 should always be the primary router for VLAN12 and in case of
failure it should revert back when things go back to normal.
Create a redundant DHCP pool for VLAN12 on CAT1 and CAT2:
v3150
o.
co
ya
er
33
el
y
et
si
v
lip
el
Li
QOS:
ce
ns
ed
ex
cl
r u
Create VLANS and SVIs for CAT4 according to table 1. CAT4 SVIs always use
the first IP address per SVI. Create MO SVIs from Table 1.
CAT4 should be ready to serve VLAN configuration to other switches. Protect the
database IPexpert-MO with the password ipexpert.123
CAT4 should not participate in routing updates and exchange routing tables with
HQ. CAT4 should be able to reach any network on HQ. On HQ you need to
advertise all the networks belonging to CAT4 MO. Use your routing protocol to
accomplish this in your HQ Switches
sa
lta
to
MO routing and switching:
ho
Pe
te
r
Sa
lta
r
el
li
Volume 2 Workbook
appropriate.
recommend
o VoIP SCCP AVVID gets value of 24 (CS3) instead of the default 26
(AF31) VoIP RTP stream gets value of 46 (EF) instead of the default 40.
traffic with the RTP and Skinny (not encrypted) known udp and tcp ports.
46
Volume 2 Workbook
o Ensure the correct marking is maintained when VoIP traffic enters MO

from HQ and vice versa.

Services
NTP:
el
li
lta
r
ce
ns
o.
co
ho
ya
33
er
et
Li
sa
lta
LAP2 (f0/2 on CAT2) and LAP3 (F0/3 on CAT3) should discover WLC2 and
WLC4 with DNS (not option 43). APs should be on VLAN1134
o LAPs default gateway is 10.10.114.1
o Default name to the name in table 1. Subnets for those APs are listed in
table 2. Configure your network accordingly
o Use your Microsoft DHCP and DNS server to accomplish this.
o DNS suffix for your APs subnet should be LAPs.proctorlabs.com
o Microsoft DHCP/DNS server is 10.10.210.6
Make sure that WLC2 will be primary and WLC4 secondary Controllers for LAP2
and WLC4 are primary controllers for LAP3 and WLC2 secondary controller.
Mobility group should be named HQ2 for WLC2 and HQ4 for WLC4. WLCs
should have the same RF group HQ-WLC2-and-4
ed
el
lip
HQ
ex
cl
r u
AP management:
si
v
el
y
to
Pe
te
r
Sa
Use NTP server on WCS to synch time for all your network devices including the
WLCs. WCS is 10.10.210.6
CAT1 should be the NTP master for all switches and routers. For routers and
switches: use password "ipexpert" for NTP authentication. Use EST timezone -5.
CAT1 should answer ntp requests only on VLAN10 and only allow switches and
routers in your network to synch time with CAT1. CAT2 uses VLAN5 IP, CAT4
uses VLAN20 IP and CAT3 uses VLAN10 IP address for NTP communications.
Dont forget the autonomous APs ! Configure them to use the same time
settings with CAT1 as the NTP server. No security is needed for the Autonomous
Aps. Use IP information from Table 2 for the APs.
v3150
47
Volume 2 Workbook
LAP4 and LAP5 should join WLC4 with DHCP from CAT4. Set those APs on
VLAN 121 on CAT4:
Switching security:
te
r
Sa
lta
r
All LAP AP Ports (present and future) should go to STP Forwarding mode
immediately
In MO All switchports with access points should block traffic if BPDUs are
advertised over the port. Also all potential host ports.
In HQ all switchports with access points should get disabled if BPDUs are
advertised over the port. This setting needs to be default for all host switchports
so it wont be forgotten in future tasks. You dont want your VMware servers on
CAT2 port Fa0/11 to get potentially disabled. Let that one port bypass that
default setting.
el
li
o.
co
ho
33
er
et
si
v
lip
el
Make a Layer2 only VLAN on AAP2 connected switch to avoid loops in your
network VLAN 999. Override bpduguard with bpdufilter on f0/2 port on CAT3.
AAP2 will connect to AAP1 with 802.1x security. SSID is fork-xx Username is
lifter and password is fork. Use 2,4Ghz frequency.
o AAP1 will authenticate the lifter user. And the industrial PC should be on
VLAN 17. As the industrial PC is not ready yet. Configure DHCP on AAP2
to see the DHCP offer working. Configure DHCP on CAT1 for VLAN17.
Exclude the first 9 addresses.
o Use the most secure option that is Cisco proprietary
The forklifter is actively mobile. Ensure that it only scans non-overlapping
channels in your 2,4 GHz frequency. So it uses the least time to scan channels
when moving around.
Ensure that the association reliable. So the AP disassociates clients only many
packets are lost. Use the maximum reliable setting for the association to stay up.
Li
ce
ns
ex
cl
r u
sa
lta
A cargo company has mobile fork lifters in their warehouses. Those fork lifters
will have industrial computers on board with Ethernet ports (no wireless)
You need to use AAP2 to connect the industrial computer to the wireless network
ed
el
y
Autonomous setup:
ya
to
Pe
3.0 Configure and Troubleshoot Autonomous deployment model
v3150
48
Volume 2 Workbook

WLC management:
el
li
lta
r
Sa
Pe
te
r
o.
co
WLC1 has its Service Port connected to CAT1.

Connect the SP on VLAN 10. Use DHCP from CAT2 for the SP. The SP port
should always get the 10.10.10.50 address. Default gateway is 10.10.10.2 it
should be pingable from the same VLAN.
On WLC1 guests should see the name guests.proctorlabs.com. This name
should resolve on your DNS server (Microsoft server 10.10.210.6) to WLC1
virtual IP address.
Configure appropriate VLAN interfaces per WLC according to table 3. (WLANs
will be configured and explained in more detail later)
Interface
WLC IP Address
Default gateway
WLAN
WLC1
Vlan 11
10.10.11.252/24
10.10.11.1
HQ-guests-XX
WLC2
Management
NA
WLC2
Vlan 13
10.10.13.50/54
WLC2
Vlan 15
10.10.15.50/24
WLC2
Vlan 12
WLC3
Vlan 22
WLC4
Management
WLC4
Vlan 13
lip
10.10.12.50/24
el
ya
er
33
el
y
et
si
v
ex
cl
r u
10.10.13.1
Client-Vlan-XX
voip-5ghz-XX
10.10.12.3
NA
NA
HQ-guests-XX
10.10.13.51/24
10.10.13.1
Client-Vlan-XX
Vlan 12
10.10.12.51/24
10.10.12.3
Vlan 15
10.10.15.51/24
10.10.15.1
sa
lta
10.10.22.130/26
10.10.15.2
HQ-guests-XX
MOData1-XX
ed
Li
WLC4
NA
10.10.22.129
ce
ns
WLC4
to
Device
ho
voip-5ghz-XX
VLANs on Switches should already be done and working in the first part of this LAB.
v3150
balanced over the layer3 network based on source and destination IP
information. Do this for all switches connected to controllers.
VLANs on the wired network should work on the wired interfaces of each WLC
49
Volume 2 Workbook
QOS needs to be tagged on the management VLAN of all WLCs

Only VLANs created on WLCs should traverse over the link towards the
network and vice versa.
AP Priming:
LAP1 should join WLC3. Find a way to configure a static VLAN113
10.10.113.100 address for this AP. Manually join LAP1 to your WLC3. Default
gateway is 10.10.113.1
el
li
Sa
m
o.
co
te
r
ho
ya
33
er
et
el
lip
ex
cl
r u
sa
lta
Li
ed
ce
ns
si
v
el
y
to
For WLC1 guests will be directed out the Po2

Configure Client-Vlan11 on port1 on WLC1.
o Use .252 for the WLC IP address. See table 3.
WLC1 used to be connected with po1 and po2 to two separate 6509 switches
with VSS configured. Now they have been replaced with 2x 3560 switches
connected again the same way. Configure WLC1 port2 to be the primary
management port connected to CAT1. And port 1 connected to CAT2. Make the
management interface redundant for po1 and po2 WLC1 operation. The guest
access should be redundant too.
Configure Port 1 so no other VLANs are allowed except guests and for
management redundancy purposes (4.10)
all guest access traffic to WLC1 Vlan 11 and they should traverse default out of
Port1 on WLC1.
Use SSID HQ-guests-XX. There are also complaints that users from APs on
WLC2 and also other users trying to roam to APs on WLC2 dont work. This
problem is seen mainly on the guest SSID. Rectify the mobility config so it will be
seamless.
o No encryption
o Web-splash page will authenticate guest users on WLC1
o The guest SSID hast to work on all APs in the HQ. Guest need to reach
SSL VPN server on 10.10.210.6 even before they reach the splash page.
Enable ICMP to work for that vpn server as well for troubleshooting ease.
Guests use DHCP on WLC1. Issue 15 address pool starting from 10.10.11.10.
DNS is 10.10.210.6
Pe
lta
r
Guests:
v3150
50
Volume 2 Workbook
Create a lobby admin account on WLC1 and with this account, create a guest
user that lasts for 3 days. Lobby account User is lobby password Lobby123.
Guest user is guest4 password ipexpert123
Test the HQ-guests-xx connection from the Laptop test https://10.10.210.6
without the splash login. Then try to login through the splash page. Before the
login through splash page, the guest should NOT be able to ping 10.10.10.3 but
it should work after splash web authentication. The laptop is reachable directly
with VNC on 10.10.210.4 password IPexpert123
lta
r
Sa
33
er
et
si
v
el
lip
ex
cl
r u
ya
to
On your 802.11g network , the 2.4 GHz channel 2452 GHz with 2 channels
above and below are severely impacted by a nearby microwave oven located
next to LAP3. These channels are unusable because of this massive
interference. Make sure that your LAP3 uses the best possible 2,4Ghz
frequency channel to avoid the microwave interference in the future.
el
y
o.
co
Interference and radio settings:
ho
Pe
te
r
HQ users should be able to roam between all controllers. Use the default Mobility
names HQ1 for WLC1, HQ2 for WLC2 , HQ3 for WLC3, and HQ4 for WLC4.
All HQ WLCs should check its mobility members every 15 seconds. They should
consider them dead after 60 seconds.
el
li
Mobility:
v3150
sa
lta
MO: should only allow LAP1 to join WLC3

Ensure that only LAP1 can join WLC3. Create DHCP pool for LAPs VLAN113 on
CAT2. Point to WLC3. Change LAP1 to DHCP.
Configure local radius on WLC3 for WLAN MOData1 VLAN for SSID is
MOData1-XX in table 3. WLC VLAN 22 IP is 10.10.22.130/26
Use PEAP mschapv2 authentication . username localpeap password localradius.
Security is WPA 802.11i with software encryption:
Configure DHCP on WLC3 for this SSID clients. Give out 131 and 132 addresses
of the scope.
Test connectivity with AnyConnect on your test PC
Li
ce
ns
ed
AP registration security and local radius:
51
Volume 2 Workbook
Client connection testing:
o This ssid should exist on WLC2 and WLC4. Clients should terminate at
Vlan13. Table 3 shows what IP should be on your Controllers VLAN13.
Exempt addresses 10.10.13.1 10.10.13.49 and 10.10.13.59
10.10.13.254
o Use WPA psk. Psk is ipExpert.123
o Allow CCK modulation for this SSID. Exempt 5Ghz.
o Advertise 802.11i and pre-standard WPA in your beacons but also enable
for software encryption to work over 802.11i for older clients.
o DHCP should be set up on CAT1
o On LAP2 this SSID should use to VLAN12. Dont use HREAP. Only let
this SSID go out VLAN 12 for LAP2. DHCP is the redundant IP of vlan12
shared with CAT1 and CAT2. Gateway is the redundant IP of VLAN12.
Test this configuration and see the IP address change on your AnyConnect
client.
o.
co
ho
ya
33
er
lip
ce
ns
Li
sa
lta
el
Your WLC3 should detect rouge access points.

Configure all LAPs in your HQ network to validate RF information in
order to prevent spoofing of SSID and your AP Mac addresses from
man in the middle attacks.
ed
ex
cl
r u
Rouge detection:
et
si
v
el
y
to
Pe
te
r
Sa
lta
r
el
li
Your AnyConnect client needs to connect to the Client-Vlan13-XX

WLAN in HQ
Configure your network to meet the requirements below:
WCS:
v3150
Management:
Manage all WLCs with WCS using the default method. The user is admin and
password IPexpert123 for all WLCs.
52
Volume 2 Workbook
MAPs:
Sa
o.
co
Pe
te
r
lta
r
el
li
Put your LAPs on floor 1 map on your WCS. Position as many APs you need for
data 2,4Ghz coverage your second floor. Your campus is 2 floors with 500 x 500
feet span. You are instructed to expect -80 dBm RSSI cutoff. Make sure you see
it work for your WCS 2,4 coverage map.
First create a new building in your system campus put 2 floors.
LAP2 is a 1242 with AIR-ANT5135D-R antenna for A band and the antenna is
slightly tilted 15 down. The AP is in the ceiling of floor 1. Let WCS know about
the antenna settings. B/G band has the same setting. LAP1 is also on floor 1 but
it is in 7 feet height.
Use WCS to disable all 802.11b clients association in your network. Still allow
OFDM clients on 2,4 GHz to connect at 9 mbps and not less.
When Root is logged in. Show the overall security score on the right side of your
security page. This has to work when root is logged on.
v3150
ce
ns
ho
ya
er
Li
sa
lta
Deploy a SSID called voip-5ghz-XX This will be VLAN 15. WLC IP information
in table 3. DHCP and default gateway is on CAT1 and should give out Cisco call
manager option about the CME router 10.10.210.20. Exclude addresses
10.10.15.1 10.10.15.10 and 10.10.15.40 10.10.15.70 Use Table 3 for
VLAN50 ip information for each Controller.
Allow only 5ghz connections on this SSID.
o Use WPA 802.11i encryption and ensure that Cisco 7925 phones can inter
control roam seamlessly
o Phone uses PEAP authentication. On your ACS configure the user phone
with password of ipexpert. ACS is 10.10.210.5 user acsadmin password
IPexpert123
o For ACS use NTP server 10.10.10.2 allow for this communication on your
CAT1 NTP server . Time zone is EST
o Test it from your Anyconnect .
ed
el
lip
et
ex
cl
r u
si
v
Wireless Voice:
33
el
y
to
53
Volume 2 Workbook
Only support 802.11e on this previously configured voice SSID and 7925 phones
should get Platinum QOS treatment. 802.11e clients with this SSID will get
mapped with 802.1p value of 5 when they hit the wired network.
Only allow the necessary data rates for the phones operation in your 5 GHz
band.
o.
co
ho
ya
el
y
to
Pe
te
r
Sa
lta
r
el
li
You are at the end of this LAB! Should I say congratulations? J It has hard questions when it
comes to wording. But we have to be prepared to spot what the LAB wants. This will come in
handy at the actual battlefield. So I hope this was a good exercise. Do this lab many numerous
times to practice speed and work on things you want to study in the meantime
33
er
et
ex
cl
r u
si
v
el
lip
sa
lta
Li
ce
ns
ed

v3150
54
Volume 2 Workbook
Lab 4: CCIE wireless version 2

8 hour training Lab 4
Pe
Lab Overview
o.
co
te
r
Sa
lta
r
el
li

support WLAN's
deployment model
model
ho
ya
33
er
si
v
el
y
to
blueprint version 2. The wording in the LAB questions might seem tricky but
they are supposed to prepare the candidate to read in between the lines.
The network and WLCs are partly pre-configured but some of the
configuration have to be altered to meet the exam requirements
et
sa
lta
ed
el
lip
ex
cl
r u
where you have to rectify wrong pre-configs or make some changes. Both
on the WLCs APs and the network. Those are all part of solving this lab.
Throughout this lab you may expect to rectify basic IP connectivity issues.
In this lab and the real lab we cannot take anything for and stay focused.
ce
ns
This lab will use All equipment in the LAB 4: topology. Refer to the names of
the equipment on that topology. Rectify names according to Table 2.
Li
When configuring WLANs/ SSIDs. If the lab refers to SSID-XX replace XX

for passwords. When not specially mentioned use 2,4 GHz frequency.
configuring. And read each section briefly over to refresh your memory. In
some sections some later tasks would better be done first. Tip: WCS
templates may seriously speed things up!
v3150
55
Volume 2 Workbook
o.
co
ho
ya
33
er
et
sa
lta
Li
ce
ns
ed
el
lip
ex
cl
r u
si
v
el
y
to
Pe
te
r
Sa
lta
r
el
li
v3150
56
Volume 2 Workbook

lta
r
el
li
te
r
Sa
o.
co
ho
el
y
ya
to
Pe

33
er
et
sa
lta
Li
ce
ns
ed
el
lip
ex
cl
r u
si
v
INITIAL
v3150
57
Volume 2 Workbook
Lab 4: Tables
VLAN Name
Subnet
Netmask
Servers
10.10.210.0
/24
10
HQSwitchMgmt
10.10.10.0
/24
11
HQGuest1
10.10.11.0
/24
12
HQData1
10.10.12.0
/24
13
HQData2
10.10.13.0
/24
14
HQData3
10.10.14.0
15
HQVoice1
10.10.15.0
lta
r
16
HQVoice2
10.10.16.0
17
HQData4
10.10.17.0
20
MOSwitchMgmt
10.10.20.0
21
MOGuest1
10.10.21.64
22
MOData1
10.10.22.128
/26
23
MOVoice1
10.10.23.192
33
/26
105
HQServicePort
10.10.105.0
/24
110
HQAAP
10.10.110.0
/24
111
HQWLC1
10.10.111.0
/24
10.10.112.0
/24
v3150
/24
Sa
/24
/24
o.
co
ho
ya
el
y
to
Pe
te
r
/24
et
si
v
el
lip
ex
cl
r u
sa
lta
ed
HQWLC2
/25
/26
113
HQLAP1
10.10.113.0
/24
114
HQLAP2
10.10.114.0
/24
Li
ce
ns
112
el
li
VLAN
er
120
MOWLC1
10.10.120.128
/26
121
MOLAP1
10.10.121.192
/26
131
HOAP
192.168.100.0
/24
999
VLAN999
n/a
n/a
58
Volume 2 Workbook

Device
Port
CAT1
NA
Connected
Device
NA
Connected
Port
IP Address
CAT2
NA
NA
10.10.10.3
CAT3
NA
NA
10.10.10.4
CAT4
NA
NA
10.10.20.1
ACS
NIC1
CAT2
Fa0/11
10.10.210.5
WCS
NIC1
CAT2
Fa0/11
10.10.210.6
CME
Fa0/0
CAT1
Fa0/4
10.10.210.20
lta
r
el
li
10.10.10.2
CAT2
Fa0/11
WLC1
Po1
CAT2
Gi0/1
WLC2
Po1
CAT3
Gi0/1
WLC3
Po1
CAT4
WLC4
Po1
CAT2
AAP1
Gi0
CAT1
AAP2
Fa0
CAT3
LAP1
Gi0
CAT1
LAP2
Fa0
LAP3
Gi0
LAP4
Gi0
ho
o.
co
Pe
to
ya
Fa0/2
33
si
v
el
y
Fa0/15
10.10.112.10
10.10.120.140
10.10.112.20
10.10.110.100
Fa0/1
10.10.113.x
CAT2
Fa0/2
10.10.114.x
CAT3
Fa0/3
10.10.114.x
CAT4
Fa0/4
10.10.121.x
CAT4
Fa0/5
10.10.121.x
et
lip
el
er
10.10.110.101
ex
cl
r u
Fa0/2
sa
lta
ed
ce
ns
Fa0
Fa0/1
10.10.111.10
Li
LAP5
10.10.210.10
Eth0
te
r
MSE
Sa
10.10.205.20 (Loop)
v3150
59
Volume 2 Workbook

WLAN's
L2 switching in HQ:
o.
co
ho
Pe
ya
to
er
33
el
y
et
sa
lta
ce
ns
ed
el
lip
ex
cl
r u
si
v
CAT1, CAT2 and CAT3 in HQ should have independent VLAN databases so no

accidents can happen with incorrect VLAN information is distributed. The domain
name should be ipexpert-local
Create the VLANs in table 1 for your HQ switches.
CAT1 should be the root all VLANs. Use the primary command.
CAT2 should be the secondary root for all VLANs if the root fails. Use the
secondary command.
Do not configure CAT3 for the last question above.
o From CAT3, Show commands should give the correct outcome to see
where the Root bridges are. CAT1 should be seen as root for all vlans and
CAT2 will be the backup path. Prove that the backup path works by
testing.
Configure the 2 links between CAT1 and CAT2 to appear as one STP instance.
o Use a method that has no negotiation.
te
r
Sa
lta
r
el
li
To prepare your network we need to take extra care that the network is properly set up. All
future configurations with wireless components will rely on the network. Please bear in mind that
most wireless issues are related to the network. The Proctor Labs LAB environment will have
some preconfigured equipment. It is up to you to change configuration according to the
requirements in this LAB.
Li
L3 routing:
v3150
Site HQ: Do not configure or change anything that is not requested by the LAB.
CAT1 is SVI has always the first IP address from each VLAN network.
CAT2 is SVI has always second IP address in each VLAN network.
VLAN 10 should be .2 on CAT1 and .3 on CAT2 dont change them.
For CAT3 VLAN10 SVI, Use ip address 10.10.10.4/24
VLAN 5 ip configuration should not be changed
60
MO have different VTP domains as can be seen in table 1. HQ should be able to
reach all networks on CAT4. CAT4 should reach any network in HQ. Dont use a
routing protocol in any of your switches. VLAN10 on CAT1 and CAT2 is not
working for some reason. Find out and rectify. CAT1 will have the first IP in each
SVI1 and CAT2 should have the second IP in each SVI. (Apart from VLANs
already created on the switches.)
Create a DHCP pool for VLAN12 on CAT1 , dont give out addresses from 1. -60.
Default gateway is .2
lta
r
el
li
Volume 2 Workbook
MO routing and switching:
o.
co
ho
Pe
ya
er
33
el
y
et
si
v
sa
lta
MO WLC 3 should advertise multicast group for its locally registered APs. Use
239.x.x.x where x is the last 3 digits in MO WLC 3 Management IP. All CAT4
VLANs should have multicast routing enabled for CAT4. Use a method that
doesnt flood your network as it should be built for growth later. On your CAT4 ,
use RP address of 10.99.254.254/30. When the IGMP timeout expires (70
seconds), the controller sends a query to all WLANs. Those clients which are
listening in the multicast group should send a packet back to the controller
o Ensure the correct marking is maintained when VoIP traffic enters MO
from HQ and vice versa.
Li
ce
ns
Multicast
ed
el
lip
appropriate.
recommend
VoIP SCCP AVVID gets value of 24 (CS3) instead of the default 26 (AF31)
VoIP RTP stream gets value of 46 (EF) instead of the default 40.
ex
cl
r u
to
QOS:
Sa
Create VLANS and SVIs for CAT4 according to table 1.

CAT4 should be have a standalone VLAN configuration and not exchange VLAN
information with other switches. VTP domain should be MO4.
te
r
v3150
61
Volume 2 Workbook

Services
NTP:
WLCs. WCS is 10.10.210.6
o Controllers should synch time every 2 hours.
o CAT1 should be the NTP master for all switches and routers. For routers
and switches: use password "ipexpert" for NTP authentication. Use EST
timezone -5.
o CAT1 should answer ntp requests only on VLAN10 and only allow
switches and routers in your network to synch time with CAT1. CAT2 uses
VLAN5 IP, CAT4 uses VLAN20 IP and CAT3 uses VLAN10 IP address for
NTP communications.
Configure NTP for the autonomous APs. Point to CAT1 10.10.10.2 and use
timezone EST -5
o.
co
ho
Pe
ya
WLC4 with DHCP on CAT1. Default gateway is .1
o Name the APs from their default name to the name in table 1. Subnet for
those Aps are listed in table 2. Configure your network accordingly. This
should be done for all other LAP APs.
Make sure that WLC2 will be primary Controller for LAP2 and WLC4 Primary
controller for LAP3. Mobility group should be named HQ2 for WLC2 and HQ4 for
WLC4. LAP2 and LAP3 need to failover if primary controller fails. LAP2
secondary is WLC4 and LAP3 secondary is WLC2.
LAP4 and LAP5 should join WLC3 with DHCP from Cat4. You are forbidden to
enter option 43 or DNS on your MS DHCP. Also you cant use the AP CLI to
manually join them. Use the network to deliver the LAP management traffic to
WLC3. Set those APs on VLAN 121 on CAT4:
sa
lta
Li
ce
ns
ed
el
lip
ex
cl
r u
er
HQ
et
si
v
AP management:
33
el
y
to
te
r
Sa
lta
r
el
li
v3150
62
Volume 2 Workbook
Switching security:
All MO LAP AP Ports should go to STP Forwarding mode immediately but dont
risk spanning-tree loops later on if some switch is connected to those ports.
In HQ All switchports with LAP access points should block traffic if Bridge
Protocol Data Units are advertised over the port.
el
li
lta
r
Autonomous setup:
A Law firm company has 2 buildings. One Building has a Wireless Bridge AAP2
To connect to the HQ LAN through AAP1.
Make AAP2 and AAP1 to belong to the AAP management VLAN 110. AAP2
BVI1 interface has to be reachable only over the bridge link. Behind AAP2 VLAN
14 needs to traverse the bridge link over to HQ network. 10.10.14.2 is on CAT2.
This will be tested as it was behind AAP2. The end result is CAT1 pinging over
the bridge link to 10.10.14.2 behind the AAP2. Use 2,4ghz.
AAP2 will connect to AAP1 with Cisco proprietary most secure 802.1x method.
SSID is lawfirm-xx Username is lawyer and password is fresnelzone. AAP1 will
authenticate the lawyer user.
No FTP traffic should be allowed over the bridge link during business hours 9am
to 5pm Monday Friday
o.
co
ho
ya
33
er
et
lip
sa
lta
ed
el
ex
cl
r u
si
v
el
y
to
Pe
te
r
Sa
Li
ce
ns

WLC management:
v3150
On WLC1 guests should be transported from Other HQ controllers to

WLC1. Prepare the Configuration so the WLAN can be directed
directly to WLC1 in the future. WLC1 default mobility domain should be
HQ1, WLC2 HQ2, WLC3 HQ3, and WLC4 HQ4.
63
Volume 2 Workbook

Interface
WLC IP Address
Default gateway
WLAN
WLC1
Vlan 11
10.10.11.252/24
10.10.11.1
HQ-guests-XX
WLC2
Management
NA
NA
HQ-guests-XX
WLC2
Vlan 13
10.10.13.50/54
10.10.13.1
Client-Vlan-XX
WLC2
Vlan 15
10.10.15.50/24
10.10.15.1
voip-6ghz-XX
WLC3
Vlan 22
10.10.22.130/26
10.10.22.129
MOData1-XX
WLC4
Management
NA
NA
HQ-guests-XX
WLC4
Vlan 13
10.10.13.51/24
10.10.13.1
Client-Vlan-XX
WLC4
Vlan 15
10.10.15.51/24
10.10.15.1
lta
r
el
li
Device
Sa
voip-6ghz-XX
o.
co
ya
er
33
el
y
et
si
v
LAP1 should have redundant WLCs for WLC2 and WLC4. WLC4 is primary.
Join the AP manually from its console but allow for it to get DHCP address from
CAT2. Refer to Table 2 for ip information and VLAN. Default gateway is
10.10.113.2
Users with Apple computers complain that they cant switch SSIDs on their
computers. The WLC reports the are connected but the client doesnt seem to
notice. Rectify the issue with one setting on all Controllers.
v3150
Li
ce
ns
ed
AP Priming:
sa
lta
el
lip
ex
cl
r u
ho
balanced over the layer3 network based on source and destination IP
information.
QOS needs to be tagged on the management VLAN of all WLCs
Only VLANs created on WLCs should traverse over the link towards the
network and vice versa.
to
Pe
te
r
64
Volume 2 Workbook
Guests:
o.
co
ho
ya
to
33
er
si
v
el
y
Pe
te
r
Sa
lta
r
el
li
WLC1 guest for VLAN 11 should exit to Po2 by default but Po1 if Po2 goes
down.
Configure WLC1 port1 to be the primary management port connected to CAT2.
Ensure that only existing VLANs to traverse the switch ports. Guest VLAN is
VLAN 12.
all guest access traffic to WLC1 Vlan 11. No encryption.
o Dont allow static ip addressing of clients.
o Timeout is 4 hours.
o Do not advertise Aironet Information Element to avoid interoperability
issues with various guest equipment.
o Delivery traffic indication message should be every 5 beacons on 2,4 Ghz
connections.
o The guest SSID hast to work on all APs in the HQ. Users should have the
option of entering their email address on the splash page and connect
after that.
Guests use DHCP on CAT1. Issue 15 address pool starting from 10.10.11.10.
Default gateway is CAT1 SVI VLAN 11. DNS is 10.10.210.6
Test the connection from the Win7 PC. The PC is reachable directly with VNC
from the WCS server on 10.10.210.4 password IPexpert123
v3150
et
lip
ce
ns
Li
sa
lta
el
Configure your ACS to be used on WLC3 for WLAN MOData1 VLAN for SSID is
MOData1-XX in table 3. WLC VLAN 22 IP is 10.10.22.130/26. LAP4 should send
their users to VLAN 23. Dont use AP-groups. DHCP for VLAN23 is configured
on CAT4.
Use EAP-FAST authentication . username fast password faster. Security is WEP
128 bit.
Configure DHCP on your Microsoft DHCP server for this SSID clients above.
Give out 131 and 132 addresses of the scope. Also ensure the VLAN23 users
get DHCP as well with the same parameters.
Test connectivity to MOdata1-xx with AnyConnect on your test PC
ed
ex
cl
r u
65
Volume 2 Workbook
Client connection testing:
o This ssid should exist on WLC2 and WLC4. Clients should terminate at
Vlan13. Table 3 shows what IP should be on your Controllers VLAN13
o Use WPA Enterprise with AES encryption. Use 802.1x security and PEAP
authentication on your ACS server.
o Username Client-peap password ipexpert123
o DHCP server is Microsoft DHCP server. Gateway is .1
o Configure the DHCP so there will be no conflict with the least of
exclusions possible.
For this SSID you have a strange requirement from your customer. He (a guy in
a white coat with the mad scientific look with a very narrow interest in radio
waves) shows you spectrum expert screenshots of square top looking waves. He
mentions he doesnt want the round top waves to show in his environment as he
claims it slows down the network. Make sure that controllers necessary have the
setting to fulfill this strange request. The customer doesnt have any other
explanation than this picture.
Test this on your AnyConnect client.
o.
co
ho
Pe
ya
33
er
et
Your WLC4 should detect and report microwave ovens and Bluetooth
devices on capable access points in the 2,4 Ghz frequency.
v3150
Li
ce
ns
sa
lta
Clean AIR:
ed
el
lip
ex
cl
r u
si
v
el
y
to
te
r
Sa
lta
r
el
li
Your AnyConnect client needs to connect to the Client-Vlan13-XX

WLAN in HQ
Configure your network to meet the requirements below:
For capable access points, monitor and dynamically avoid Bluetooth and
microwave oven interference. There is no requirement for anything else
available. The event driven Radio resource management should be set to the
highest value.
66
Volume 2 Workbook

WCS:
Management:
Manage all WLCs with WCS using version 2 of Simple Network Management
Protocol. No other methods should be available. Use the name ipexpert.snmp for
your name. Only WCS should be able to control or read the WLCs.
lta
r
el
li
o.
co
ho
Pe
ya
to
er
33
el
y
et
ex
cl
r u
si
v
Put LAP1,LAP2, LAP3, LAP4 and LAP5 on Campus IPX, building1, floor1 map
on your WCS. Position the APs for best location tracking. Configure your
mobility services so you see live WiFi clients on your MAP. Campus is 1000 by
1000 feet. Building is 500 by 900 feet. Floor is 200 by 100 feet. Horizontal
number first. MSE IP is 10.10.210.10 use encrypted method to communicate
WCS to MSE.
Clean air: Locate and report Clean-air interference in MSE. Gather history related
to interference and Client stations. Display all interferers on your WCS MAP.
te
r
Sa
MAPs:
v3150
Deploy SSID voip-6ghz-XX. Terminate at VLAN 15. WLC IP information in table

3. DHCP is on CAT1 and should give out callmanager option about the CME
router 10.10.210.20. Default gateway is CAT1 VLAN15 SVI. Take care of IP
conflict in your DHCP configuration.
o Allow only 5ghz connections on this SSID.
o Use WPA encryption and ensure that Cisco 7925 phones can roam
seamlessly. Your phone 7921 has load 1.3.(4) Allow for better battery
usage on your CCX compatible phones.
o Phone uses EAP-FAST authentication. On your ACS configure the user
phone with password of ipexpert
Li
ce
ns
sa
lta
Wireless Voice:
ed
el
lip
67
Volume 2 Workbook
o Test it from your Anyconnect .

Some of your wife phones on WLC2 and WLC4 will use SIP and not all of them
will be Cisco phones. Some might be iPhone or android devices. You need to
QOS mark the packets by recognizing SIP call setup messages no matter tcp
ports they will use. Use this setting on your controller that has the voice ssid
configured above.
o.
co
ho
ya
33
er
et
sa
lta
ce
ns
ed
el
lip
ex
cl
r u
si
v
el
y
to
Pe
te
r
Sa
lta
r
el
li
You are at the end of LAB 4. It is a bit difficult to finish in 8 hours. Harder the training thus easier
the battle. The question phrasing can slow you down as it might do on the actual LAB. So I hope
this was a good exercise. Do this lab many times to practice speed and work on things you want
to improve in the meantime. I recommend having a LAB strategy in place that you practice when
you take this LAB because this LAB is built up from the blueprint sections and hopefully
prepares you for the actual LAB.
Li
v3150
68
Volume 2 Workbook
Lab 5: CCIE Wireless v2

8 hour training
o.
co
ya
to
Lab Overview
ho
Pe
te
r
Sa
lta
r
el
li

support WLAN's
deployment model
model
33
er
et
el
lip
ex
cl
r u
si
v
el
y
blueprint version 2. In this lab we use a scoring system of maximum 100
points. 85 points and above will be considered a pass. A good idea is to
define and use your LAB exam strategy to practice and fine tune to prepare
for the real battle. This will help in your time management that is essential to
pass!
sa
lta
ed
This lab will use all equipment in the LAB 1: topology. Refer to the names of
the equipment on that topology.
ce
ns
When configuring WLANs/ SSIDs. The lab refers to SSID-XX replace XX

Li

for passwords.
v3150
69
Volume 2 Workbook
o.
co
ho
ya
33
er
et
sa
lta
Li
ce
ns
ed
el
lip
ex
cl
r u
si
v
el
y
to
Pe
te
r
Sa
lta
r
el
li
v3150
70
Volume 2 Workbook

lta
r
el
li
Sa
o.
co
Pe
te
r
If using your own hardware: Login to IPexpert.com, navigate to the My Downloads

area, download IPexpert Wireless Volume 1 Configs, find the Lab 3 INITIAL Configs,
and copy and paste the proper switch files to the proper devices.
ho
ya
33
er
et
sa
lta
Li
ce
ns
ed
el
lip
ex
cl
r u
si
v
el
y
to
If you are using Proctor Labs: Log on to your Wireless vRack Web UI and navigate to
near the top of the web page, click the Load Lab button and choose: IPexpert WIFI
Volume 2 Workbook Lab 5 INITIAL
v3150
71
Volume 2 Workbook
Lab 5: Tables
VLAN Name
Subnet
Netmask
Servers
10.10.210.0
/24
10
HQSwitchMgmt
10.10.10.0
/24
11
HQGuest1
10.10.11.0
/24
12
HQData1
10.10.12.0
/24
13
HQData2
10.10.13.0
/24
14
HQData3
10.10.14.0
15
HQVoice1
10.10.15.0
lta
r
16
HQVoice2
10.10.16.0
17
HQData4
10.10.17.0
20
MOSwitchMgmt
10.10.20.0
21
MOGuest1
10.10.21.64
22
MOData1
10.10.22.128
/26
23
MOVoice1
10.10.23.192
33
/26
105
HQServicePort
10.10.105.0
/24
110
HQAAP
10.10.110.0
/24
111
HQWLC1
10.10.111.0
/24
10.10.112.0
/24
v3150
/24
Sa
/24
/24
o.
co
ho
ya
el
y
to
Pe
te
r
/24
et
si
v
el
lip
ex
cl
r u
sa
lta
ed
HQWLC2
/25
/26
113
HQLAP1
10.10.113.0
/24
114
HQLAP2
10.10.114.0
/24
Li
ce
ns
112
el
li
VLAN
er
120
MOWLC1
10.10.120.128
/26
121
MOLAP1
10.10.121.192
/26
131
HOAP
192.168.100.0
/24
999
VLAN999
n/a
n/a
72
Volume 2 Workbook

Device
Port
CAT1
NA
Connected
Device
NA
Connected
Port
IP Address
CAT2
NA
NA
10.10.10.3
CAT3
NA
NA
10.10.10.4
CAT4
NA
NA
10.10.20.1
ACS
NIC1
CAT2
Fa0/11
10.10.210.5
WCS
NIC1
CAT2
Fa0/11
10.10.210.6
CME
Fa0/0
CAT1
Fa0/4
10.10.210.20
lta
r
el
li
10.10.10.2
CAT2
Fa0/11
WLC1
Po1
CAT2
Gi0/1
WLC2
Po1
CAT3
Gi0/1
WLC3
Po1
CAT4
WLC4
Po1
CAT2
AAP1
Gi0
CAT1
AAP2
Fa0
CAT3
LAP1
Gi0
CAT1
LAP2
Fa0
LAP3
Gi0
LAP4
Gi0
ho
o.
co
Pe
to
ya
Fa0/2
33
si
v
el
y
Fa0/15
10.10.112.10
10.10.120.140
10.10.112.20
10.10.110.100
Fa0/1
10.10.113.x
CAT2
Fa0/2
10.10.114.x
CAT3
Fa0/3
10.10.114.x
CAT4
Fa0/4
10.10.121.x
CAT4
Fa0/5
10.10.121.x
et
lip
el
er
10.10.110.101
ex
cl
r u
Fa0/2
sa
lta
ed
ce
ns
Fa0
Fa0/1
10.10.111.10
Li
LAP5
10.10.210.10
Eth0
te
r
MSE
Sa
10.10.205.20 (Loop)
v3150
73
Volume 2 Workbook

WLAN's
L2 switching in HQ:
The Proctor Labs LAB environment will have some preconfigured
equipment. It is up to you to change configuration according to the
requirements in this LAB.
CAT1, CAT2 and CAT3 in HQ should have independent VLAN databases so no
accidents can happen with incorrect VLAN information is distributed. The domain
name should be ipexpert-standalone
Configure the 2 links between CAT1 and CAT2 to appear as 2 gigabit
connection.
to
o.
co
L3 routing:
ho
Pe
te
r
Sa
lta
r
el
li
ya
33
er
et
sa
lta
Li
ce
ns
ed
el
lip
ex
cl
r u
si
v
el
y
o Site HQ: Do not configure or change anything that is not requested by the
LAB.
o CAT1 is SVI has always the first IP address from each VLAN network.
o CAT2 is SVI has always second IP address in each VLAN network.
o VLAN 10 should be .2 on CAT1 and .3 on CAT2 dont change them.
o For CAT3 VLAN10 SVI, Use ip address 10.10.10.4/24
o VLAN 5 ip configuration should not be changed
o CAT1 needs to reach WCS. Dont use a routing protocol to accomplish
this. CAT2 need to reach all networks on MO. Use EIGRP. MO should
have default route distributed via the routing protocol. Let the SVI
interfaces only be advertised in your EIGRP configuration
o Use the DHCP pool for VLAN12 on CAT1, dont give out addresses from
1. -60. Default gateway is .2:
CAT4 should be ready to exchange and serve VLAN configuration to other
switches.VTP domain should be MO4.Prepare VLAN22 for IPv6 connectivity
using IPv6 with dhcp functionality DHCP on CAT4. This will be needed later for
clients connecting to WLC3 MOData1-xx SSID. use any link local address you
like.
v3150
74
Volume 2 Workbook
QOS:
appropriate. Between switches trust layer2 QOS tagging.
recommend
VoIP SCCP AVVID gets value of 24 (CS3) instead of the default 26 (AF31)
VoIP RTP stream gets value of 46 (EF) instead of the default 40.
lta
r
MO WLC 3 should advertise multicast group for its locally registered APs. Use
239.x.x.x where x is the last 3 digits in MO WLC 3 Management IP. All CAT4
VLANs should have multicast routing enabled for CAT4. Use a method that
doesnt flood your network as it should be built for growth later. On your CAT4,
use RP address of 10.99.254.254/30. When the IGMP timeout expires (70
seconds), the controller sends a query to all WLANs. Those clients which are
listening in the multicast group should send a packet back to the controller.
Ensure the correct marking is maintained when VoIP traffic enters MO from HQ
and vice versa.
There will be phones on CAT3 ports 12-19. Voice VLAN is 16.
We dont trust marking over the cloud network between MO CAT4 and HQ
CAT2. We need to ensure that voice traffic (skinny and sccp) will be marked
correctly between MO and HQ. Make a policy that marks this traffic correctly
o.
co
ho
ya
er
33
el
y
et
si
v
sa
lta
ce
ns
ed
el
lip
ex
cl
r u
to
Pe
te
r
Sa
el
li
Multicast
NTP:
v3150
Li

Services
WLCs. WCS is 10.10.210.6
CAT1 should be the NTP master for all switches and routers. For routers and
switches: use password "ipexpert" for NTP authentication. Use EST timezone -5.
Use authentication for your switches.
75
CAT1 should answer ntp requests only on VLAN10 and only allow switches and
routers in your network to synch time with CAT1. CAT2 uses VLAN10 IP, CAT4
uses VLAN20 IP and CAT3 uses VLAN10 IP address for NTP communications.
Allow your ACS 10.10.210.5 to use the NTP on WCS
Fix any connectivity issues on WLC1 and other WLCs if there is problem
reaching the ntp server.
Configure NTP for the autonomous APs. Point to CAT1 10.10.10.2 and use
timezone EST -5. Fix any network connectivity issues the AAPs might have
el
li
Volume 2 Workbook
lta
r
AP management:
o.
co
te
r
ho
Pe
ya
33
er
et
lip
sa
lta
Li
ce
ns
ed
el
ex
cl
r u
si
v
el
y
to
WLC4 with DHCP on CAT1. Default gateway is .1
Name the Aps from their default name to the name in table 1. Subnet for those
Aps are listed in table 2. Configure your network accordingly.
Exclude the range from 1 to 20 and 200 to 254.
Make sure that WLC2 will be primary Controller for LAP2 and WLC4Primary
controller for LAP3. Mobility group should be named HQ2 for WLC2 and HQ4 for
WLC4. LAP2 and LAP3 need to failover between those controllers if primary
controller fails. Make sure APs fallback to their primary controller when possible.
Fix any network issues that the WLCs might have.
LAP4 and LAP5 should join WLC3. LAP4 with DHCP from your CAT4 DHCP
server. LAP5 should have manual configured IP as 10.10.121.210 and WLC3
needs to be manually entered for LAP5 to join WLC3.
LAP4 and LAP5 are the only APs allowed to join WLC3 with authentication from
the ACS server. Set those Aps on VLAN 121 on CAT4. Some parts are
preconfigured and need to work. Network might need to be rectified to meet the
requirements. Rename the access points to reflect Table 2.
Sa
HQ
Switching security:
v3150
All MO LAP AP Ports should go to STP Forwarding mode immediately with

minimum risk.
In HQ All switchports with LAP access points should get ip address in the fastest
way possible, also block traffic if Bridge Protocol Data Units are advertised over
the port. This should be default for all host ports.
76
Volume 2 Workbook

Autonomous setup:
v3150
el
li
lta
r
Sa
m
o.
co
te
r
ho
ya
33
er
et
si
v
lip
sa
lta
ce
ns
Li
ed
el
ex
cl
r u
el
y
to
A customer company has 2 Autonomous APS AAP1 and AAP2.

AAP1 will connect to WLC1 as a WGB (SSID WGB-xx)
AAP1 connects to APs on WLC4 on LAP1. join LAP1 to WLC4
Terminate the AAP1 access on WLC1 VLAN11 port 1 (on CAT2)
For SSID WGB-xx use wpa2 Advanced encryption standard psk of cisco!cisco
DHCP is on CAT1.
Use 2,4 GHz for this.
WLC1 default group should be HQ1 and WLC5 default mobility group should be
HQ5.
Avoid loops in your network.
CAT2 should be able to ping the AAP1.
Set 10.10.11.3 on AAP1 BVI1 interface.
Exempt vlan11 on the AAP1 trunk port to ensure the ping will flow wirelessly from
Cat2 to AAP1 BVI1 interface through LAP1. Fix any bpdu issues that AAP1 might
have but dont change the defaults configured before
AAP1 will connect users on 5 GHz radio using SSID aap1-xx and 802.11i
encryption.
AAP2 connects to aap1-xx ssid as a WGB and will use VLAN 12 through AAP1.
Use EAP-Fast between the APs with authentication stored on ACS.
AAP2 BVI1 interface should get a DHCP vlan12 address from CAT1 and be able
to ping 10.10.12.1 and vice versa.
Filter vlan 12 from CAT3 AAP2 trunk port. EAP-FAST username is fast-xx
password fast.
Aap1-xx clients will have WPA2 configured but some dont support encryption in
hardware. Advertise necessary IE in your beacons to support hardware and
software encryption. points)
On 5 GHz UNII-I is severely interfered. Dont use UNII-I
WGB 5 GHz radio is getting a lot of Reached maximum retries in its logs and
the link is disconnecting frequently. Make the link as reliable as possible so it
disconnects less often.
Pe
77
Volume 2 Workbook

WLC management:
el
li
lta
r
Sa
In HQ guests should be transported from Other HQ controllers to WLC1. Prepare

the Configuration so the guest WLAN traffic can be directed directly to WLC1 in
the future. WLC1 default mobility domain should be HQ1, WLC2 HQ2, and WLC4
HQ4.
te
r
WLC IP Address
Default gateway
WLC1
Vlan 11
10.10.11.252/24
10.10.11.1
WLC2
Management
NA
WLC2
Vlan 13
10.10.13.50/54
WLC2
Vlan 15
10.10.15.50/24
WLC3
Vlan 22
10.10.22.130/26
WLC4
Management
NA
WLC4
Vlan 13
WLC4
Vlan 15
ya
ho
to
33
el
y
10.10.15.1
er
si
v
10.10.13.1
WLAN
HQ-guests-XX
HQ-guests-XX
Client-Vlan-XX
voip-6ghz-XX
NA
HQ-guests-XX
10.10.13.51/24
10.10.13.1
Client-Vlan-XX
10.10.15.51/24
10.10.15.1
HQ-guests-XX
el
lip
et
MOData1-XX
ex
cl
r u
10.10.22.129
sa
lta
ed
ce
ns
NA
o.
co
Interface
Pe
Device
v3150
Li
Set up etherchannel for all WLC2 connected interfaces. Ensure that APs are load
balanced correctly.
QOS needs to be tagged on the all WLCs
Your MO WLC3 controller should do the DCA changes at 9:00, 17:00 and 01:00
for 2,4 GHz
78
Volume 2 Workbook
AP Priming:
lta
r
el
li
On WLC4 scan all available channels for rogues. LAP3 should find rouges as
soon as possible
WLC1 guest portal should say Welcome to IPexpert guest network guests
should be able to ping 10.10.120.140 without web authentication. Guest on
WLC1 set to bronze QOS queue should get a maximum of 100 Kbps for real time
traffic
Rogue aps should be treated as major alarms snmp traps on WCS. WCS sends
email about rouge aps to alarm@rouge.com from the address wcs@rouge.com
and email server 20.20.20.20 Send controller information with your message.
Dont sent information about power level changes on your WLC3 radios
o.
co
te
r
ho
ya
33
er
et
si
v
el
lip
ex
cl
r u
sa
lta
ed
ce
ns
Li
el
y
to
WLC3 uses same default mobility domain as WLC4 but no redundancy or

roaming is needed between the controllers.
Configure WLC1 port1 to be the primary management port connected to CAT2.
Guests on VLAN 11 should go out of port1. Ensure that only existing VLANs to
traverse the switch ports. Guest VLAN is VLAN 11. Make the setup redundant for
management and guests.
all guest access traffic to WLC1 Vlan 11.No encryption.
Dont allow static ip addressing of clients.
Timeout is 4 hours.
Do not advertise Aironet Information Element to avoid interoperability issues with
various guest equipment.
The guest SSID hast to work on all APs in the HQ. Users should have the option
of entering their email address on the splash page and connect after that.
QOS profile is bronze.
Users need to be able to roam between all controllers in HQ.
Guests use DHCP on CAT1. Issue 15 address pool starting from 10.10.11.10.
Default gateway is CAT1 SVI VLAN 11. DNS is 10.10.210.6
Test the guest connection from the Laptop. The laptop is reachable from the
WCS server with VNC at 10.10.210.4 password IPexpert123.
Pe
Sa
Guests:
v3150
Configure your ACS to be used on WLC3 for WLAN MOData1-XX in table 3.

WLC VLAN 22 IPv4 is 10.10.22.130/26. Test IPV6 connectivity on your client.
79
Volume 2 Workbook
Use EAP-FAST authentication . Username fast password faster. Security is

prestandard WPA with hardware encryption.ACS user is acsadmin password
IPexpert123
Management:
WLC4 should be authenticated by tacacs on ACS server. Use admin and
password of tacacs for administrators. Also create a lobby admin user lobby
password lobby.123 after the tacacs is working, change admin password to
IPexpert123 in ACS
lta
r
el
li
o.
co
ho
ya
el
y
to
Pe
Your WLC4 should detect and report microwave ovens and Bluetooth devices on
capable access points in the 2.4 GHz frequency.
For capable access points, monitor and report Bluetooth and microwave ovens
interference. There is no requirement for anything else available. The event
driven Radio resource management should be set to the lowest value.
te
r
Sa
Clean AIR:
ed
Management:
33
er
sa
lta
el
WCS:
ce
ns
Administrate all WLCs with WCS using most secure Simple Network
Management Protocol. No other methods should be available. User WCS with
password ipexpert.snmp.123$ for your authentication.
Li
et
lip
ex
cl
r u
si
v
MAPs:
v3150
Locate all WiFi clients that live on Campus IPX, building1, floor1 map on your
WCS. Position the APs for best location tracking. Campus is 1000 by 1000 feet.
Building is 500 by 900 feet. Floor is 200 by 100 feet. Horizontal number first.
MSE IP is 10.10.210.10 use encrypted method to communicate WCS to MSE.
80
Volume 2 Workbook
Clean Air:
Locate and report Clean-air interference in MSE (show icons and zone of
impact). Gather 1 day report from your campus regarding the worst interference.
Save a clean air report on your WCS desktop. Name it cleanair.pdf
lta
r

Deploy SSID VoIP-XX. Terminate at VLAN 15. WLC IP information in table 3.
DHCP is on CAT1.Default gateway is CAT1 VLAN15 SVI. Take care of IP conflict
in your DHCP configuration. Use 2.4 OFDM only
Phones on this SSID should get a maximum of 125kbps voice traffic. Use
Platinum
Use WPA2 encryption and ensure that Cisco 7925 phones can roam seamlessly.
Phone uses EAP-FAST authentication. On your ACS configure the user phone
with password of ipexpert
Test it from your AnyConnect .
Company policy doesnt allow for more than 2 devices to log on to the wireless
network with the same user credentials. Make it so on WLC4
o.
co
ho
Pe
ya
to
er
33
el
y
sa
lta
Li
ce
ns
ed
el
lip
ex
cl
r u
et
si
v
te
r
Sa
el
li
Wireless Voice:
v3150
81
Volume 2 Workbook
o.
co
ho
ya
33
er
et
sa
lta
Li
ce
ns
ed
el
lip
ex
cl
r u
si
v
el
y
to
Pe
te
r
Sa
lta
r
el
li
You are at the end of LAB 5. It should be easily done in 7 hours with 1 hour to verify and
complete tasks you left unfinished. Because most of the network is configured we only need to
find errors built into the network. This is essential to pass the lab, there must be some time left
to verify and fix things. There will be some mistakes and we should take it into account. The
question phrasing can slow you down as it might do on the actual LAB. Calculate your score.
The passing score is 85 points or above. Be critical in your scoring, no partial score is allowed if
one item is not correct in a multi item question. Do this lab many times to practice speed and
work on things you want to improve in the meantime. I recommend having a LAB strategy in
place that you practice when you take this LAB because this LAB is built up from the blueprint
sections and hopefully prepares you for the actual LAB.
v3150
82

Xxipexpert Peter Saltarelli Wireless Volume 2 Workbook Complete

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Xxipexpert Peter Saltarelli Wireless Volume 2 Workbook Complete

Uploaded by

Copyright:

Available Formats

IPexperts Lab Preparation Workbook

for the Cisco CCIE v2.0 Wireless Lab Exam

IPexperts Workbook for the CCIE Wireless Lab Exam

IPexperts Lab Preparation Workbook for

Technical Support from IPexpert and your CCIE community!

Copyright by IPexpert, Inc. All Rights Reserved.

IPexperts Workbook for the CCIE Wireless Lab Exam

Additional CCIETM Preparation Material

A message from the Author(s):

For more information on the CCIE Wireless lab, please visit

Copyright by IPexpert, Inc. All Rights Reserved.

IPexperts Workbook for the CCIE Wireless Lab Exam

IPEXPERT END-USER LICENSE

Copyright and Proprietary Rights

Copyright by IPexpert, Inc. All Rights Reserved.

IPexperts Workbook for the CCIE Wireless Lab Exam

Limitation of Claims and Liability

U.S. Government - Restricted Rights

Copyright by IPexpert, Inc. All Rights Reserved.

IPexperts Workbook for the CCIE Wireless Lab Exam

IPexperts Mock Lab training exam for

Copyright by IPexpert, Inc. All Rights Reserved.

IPexperts Workbook for the CCIE Wireless Lab Exam

LAB 1: PREREQUISITES: .................................................................................................................................. 13

LAB 1: TABLES .................................................................................................................................................... 14

LAB 1: 8 HOUR CCIE WIRELESS V2 MOCK LAB ......................................................................................... 16

LAB 2: CCIE WIRELESS VERSION 2, A 8 HOUR TRAINING LAB ............................................................ 26

MOCK LAB 2: TOPOLOGY ................................................................................................................................ 28

LAB 2: PRE-LAB SETUP .................................................................................................................................... 29

LAB 2: PREREQUISITES: .................................................................................................................................. 29

LAB 2: TABLES .................................................................................................................................................... 30

LAB 2: 8 HOUR CCIE WIRELESS V2 MOCK LAB ......................................................................................... 32

Copyright by IPexpert, Inc. All Rights Reserved.

IPexperts Workbook for the CCIE Wireless Lab Exam

2.1 LIGHTWEIGHT APS DISCOVERY ..................................................................................................................................... 34

TASK 4: CONFIGURE AND TROUBLESHOOT UNIFIED DEPLOYMENT MODEL ........................... 36

TASK 5: CONFIGURE AND TROUBLESHOOT WCS ................................................................................ 37

TASK 6: CONFIGURE AND TROUBLESHOOT WLAN SERVICES ........................................................ 38

LAB 3: CCIE WIRELESS VERSION 2 ............................................................................................................... 40

8 HOUR TRAINING LAB 3 ................................................................................................................................ 40

MOCK LAB 3: TOPOLOGY ................................................................................................................................ 41

LAB 3: PRE-LAB SETUP .................................................................................................................................... 42

LAB 3: PREREQUISITES: .................................................................................................................................. 42

LAB 3: TABLES .................................................................................................................................................... 43

LAB 3: 8 HOUR CCIE WIRELESS V2 MOCK LAB ......................................................................................... 45

Copyright by IPexpert, Inc. All Rights Reserved.

IPexperts Workbook for the CCIE Wireless Lab Exam

4.0 CONFIGURE AND TROUBLESHOOT UNIFIED DEPLOYMENT MODEL ........................................................................ 49

8 HOUR TRAINING LAB 4 ................................................................................................................................ 55

MOCK LAB 4: TOPOLOGY ................................................................................................................................ 56

LAB 4: PRE-LAB SETUP .................................................................................................................................... 57

LAB 4: PREREQUISITES: .................................................................................................................................. 57

LAB 4: TABLES .................................................................................................................................................... 58

LAB 4: 8 HOUR CCIE WIRELESS V2 MOCK LAB ......................................................................................... 60

Copyright by IPexpert, Inc. All Rights Reserved.

IPexperts Workbook for the CCIE Wireless Lab Exam

8 HOUR TRAINING ............................................................................................................................................. 69

MOCK LAB 5: TOPOLOGY ................................................................................................................................ 70

LAB 5: PRE-LAB SETUP .................................................................................................................................... 71

LAB 5: TABLES .................................................................................................................................................... 72

LAB 5: 8 HOUR CCIE WIRELESS V2 MOCK LAB ......................................................................................... 74

Copyright by IPexpert, Inc. All Rights Reserved.

IPexperts Workbook for the CCIE Wireless Lab Exam

Clean Air: ................................................................................................................................................................................. 81