Configure Cisco 3504 Wireless LAN Controller with VLANs

## The Importance of Wireless Technology 🌐 **Wireless technology** serves as the backbone of modern converged network systems. Its significance lies in its ability to provide: * **Mobility:** It allows users to connect to the network and access resources **anywhere** within the coverage area without being restricted by cables. This is essential for flexible work, learning, and entertainment environments. * **Ease of Deployment & Scalability:** Setting up a wireless network is faster and simpler than a wired one, especially when expanding coverage or adding new devices (as in this lab, where we use **Access Points** to extend VLANs). * **Cost Efficiency:** It significantly reduces the costs associated with installing, maintaining, and replacing physical cabling infrastructure. In summary, Wireless is not just a convenience but a **critical factor** in achieving a **flexible, efficient, and highly scalable** network environment. ## 1. Lab Requirements ### 1.1. Configure Converged Network System with VLANs * **VLAN 10:** `192.168.1.0/24` * **VLAN 20:** `192.168.2.0/24` * **VLAN 30:** `192.168.3.0/24` ### 1.2. Access Point (AP) Configuration * All **Access Points (APs)** must join the **Wireless LAN Controller (WLC)** with IP: `192.168.1.254`. ### 1.3. SSID Configuration Each AP must broadcast the correct **SSID** according to the schema: * **"WLAN20"** for **VLAN 20**. * **"WLAN30"** for **VLAN 30**. ### 1.4. Write Access Control List (ACL) Requirements | Requirement | Network Segment | Access Rights | | :--- | :--- | :--- | | **1.4.1** | `192.168.1.0/24` | **Full Access** (Allowed to access everywhere). | | **1.4.2** | `192.168.2.0/24` | **Only** allowed to access the **Test Server** (`192.168.1.252`) but **blocked** from accessing the Internet. | | **1.4.3** | `192.168.3.0/24` | Allowed to access the **Internet** but **blocked** from accessing the Test Server (`192.168.1.252`). | --- ## 2. General Topology ![image](https://hackmd.io/_uploads/SytydU40eg.png) # 4. Configuration ## 4.1. WLC Configuration ### B1: Check the Default IP/Netmask of the WLC ![image](https://hackmd.io/_uploads/SklPOLVAxl.png) ### B2: Connect an Additional PC to the WLC * The PC accesses the WLC's GUI and configures the WLC via the GUI ![image](https://hackmd.io/_uploads/By6j_U4Axl.png) ### B3: Configure the PC * The PC must be on the **same network segment** as the WLC's default network. * The **Gateway** must point to the WLC's IP address. ![image](https://hackmd.io/_uploads/rk6ROIVRel.png) ### B4: Access the WLC Graphical User Interface (GUI) via the WLC's IP * Access the WLC GUI. * Create an account. * Set a password for the account. ![image](https://hackmd.io/_uploads/HyMbt8ECeg.png) ### B5: Configure the New Management IP, Configure According to the Topology * **WLC** belongs to **VLAN 10**. * **Gateway:** Router IP (sub-interface VLAN 10 on the router: `192.168.1.1/24`). * **Management VLANID:** 1 (optional) ![image](https://hackmd.io/_uploads/SyIXYU4Cex.png) ### B6: Configure the "Employee Network" SSID * Set the **Name** and **Password**. ![image](https://hackmd.io/_uploads/BJZuYIV0xe.png) * Check the Entire Configuration -> Finish ![image](https://hackmd.io/_uploads/ByyoYLE0le.png) ### B7: Move the PC and Connect to the Internal Network * After using the PC to point the gateway to the WLC and modifying the WLC's configuration, connect the PC to the switch, **interface f0/3**. * Confirm the PC's **IP/Netmask** belongs to **VLAN 10**, and the **Gateway** is the router's **VLAN 10 sub-interface**. ![image](https://hackmd.io/_uploads/HyfptIERee.png) ## 4.2. Router Configuration ### B1: Configure Sub-interfaces on the Router * The sub-interfaces will serve as the **Gateways** for **VLANs 10, 20, and 30**. ![image](https://hackmd.io/_uploads/r11-q8NAel.png) ### B2: Configure the DHCP Server * Configure **IP Pools** to issue DHCP IP addresses for the corresponding VLANs. * Required information includes: **IP Range** to assign/Excluded IP Range, **Gateway**, and **DNS-Server**. ![image](https://hackmd.io/_uploads/Sy6m58VCgl.png) ## 4.3. PC3 Configuration for WLC GUI Management * Set the **IP/Netmask/Gateway/DNS**. ![image](https://hackmd.io/_uploads/B1ULq8VCxe.png) * **Access the WLC GUI.** * **Login information** was declared in **B4/4.1**. ![image](https://hackmd.io/_uploads/B1B_cLVRlg.png) ![image](https://hackmd.io/_uploads/HkZY98E0eg.png) ## 5. Configure VLAN Interfaces * Check that **only the Management Interface** currently exists. ![image](https://hackmd.io/_uploads/HJiq9U40gx.png) * Add **INT-VLAN20 (VLAN 20)** ![image](https://hackmd.io/_uploads/HkW3qU4Cee.png) * **Port number** ![image](https://hackmd.io/_uploads/rJEaqUEAle.png) * Declare the **IP/Netmask/Gateway/DHCP server** for **VLAN 20**. ![image](https://hackmd.io/_uploads/H1aOoUERxe.png) * Add **INT-VLAN30 (VLAN 30)** ![image](https://hackmd.io/_uploads/HyQcs8NReg.png) * **Port number** ![image](https://hackmd.io/_uploads/r1Hjs8NAll.png) * Declare the **IP/Netmask/Gateway/DHCP server** for **VLAN 30**. ![image](https://hackmd.io/_uploads/Byj3oUV0xx.png) ## 6. WLANs Configuration ### 6.1. WLANs VLAN 20 #### B1: Declare Name/SSID/ID ![image](https://hackmd.io/_uploads/Hyc0oIN0ee.png) #### B2: Declare the Interface for the WLAN20 SSID ![image](https://hackmd.io/_uploads/S1ixhL4Agg.png) #### B3: Configure Security: WPA/WPA2/WPA Policy ![image](https://hackmd.io/_uploads/SJ-6lPVAeg.png) #### B4: Configure Authentication: PSK (Pre-Shared Key) ![image](https://hackmd.io/_uploads/r1ORgPNCgl.png) ### 6.2. WLANs VLAN 30 #### B1: Declare Name/SSID/ID ![image](https://hackmd.io/_uploads/BJxOn8NRgl.png) #### B2: Declare the Interface for the WLAN30 SSID ![image](https://hackmd.io/_uploads/B1_O2L4Agg.png) #### B3: Configure Security: WPA/WPA2/WPA Policy ![image](https://hackmd.io/_uploads/H1xY2U4Ree.png) #### B4: Configure Authentication: PSK (Pre-Shared Key) ![image](https://hackmd.io/_uploads/rJrtTLNRll.png) ## 7. Switch Configuration ### B1: Configure VLANs/Names on the Switch: VLAN 10, VLAN 20, VLAN 30 ![image](https://hackmd.io/_uploads/SkZa6INAll.png) ### B2: Configure Trunking * Interfaces **f0/1-5** – **trunk** – **trunk native 10**. * Interface **f0/6** – **access** – **access vlan 10**. ![image](https://hackmd.io/_uploads/BJ_xCI4Cxl.png) ![image](https://hackmd.io/_uploads/HyyG0840lx.png) ### B3: Start the WLC and Check the DHCP IP Address on the APs ![image](https://hackmd.io/_uploads/HJ6XCIECll.png) ![image](https://hackmd.io/_uploads/By2ERU4Axg.png) ![image](https://hackmd.io/_uploads/S1BBCI4Agx.png) ![image](https://hackmd.io/_uploads/HyaHCLNAlx.png) ### B4: Check if APs have Joined the WLC -> Successful Join ![image](https://hackmd.io/_uploads/BkETbPEAel.png) ## 8. Wireless Connection ### B1: DHCP Connection * **Laptop1** declares the **SSID/PSK** to request **IP/Gateway/DNS**. ![image](https://hackmd.io/_uploads/r1DFRUNCle.png) * **Tablet PC0** declares the **SSID/PSK** to request **IP/Gateway/DNS**. ![image](https://hackmd.io/_uploads/H1Zi0LEClx.png) * **Laptop0** declares the **SSID/PSK** to request **IP/Gateway/DNS**. ![image](https://hackmd.io/_uploads/H1hhALN0ll.png) ### B2: Check Connectivity, Network Convergence -> The Network Model has Converged ![image](https://hackmd.io/_uploads/SkBC0LV0eg.png) ![image](https://hackmd.io/_uploads/S1ykkvVRgl.png) ![image](https://hackmd.io/_uploads/rkdykwV0ex.png) ## 9. Test Server Configuration ### B1: Declare IP/DNS/Gateway/Subnet ![image](https://hackmd.io/_uploads/rJ7ExvEAle.png) ### B2: Check Connectivity from Client to Test Server -> Success ![image](https://hackmd.io/_uploads/HkVBlP4All.png) ## 10. INTERNET Configuration (Simulate Server 8.8.8.8) * Declare **IP/DNS/Gateway/Subnetmask**. ![image](https://hackmd.io/_uploads/SJBSJDVRle.png) ![image](https://hackmd.io/_uploads/BkTHJwVAxg.png) ## 11. Test Access Before ACL Deployment * From **Laptop0 (192.168.2.11)**: Ping **INTERNET**, **Test Server** success. * From **Laptop1 (192.168.2.12)**: Ping **INTERNET**, **Test Server** success. * From **Tablet PC0 (192.168.3.12)**: Ping **INTERNET**, **Test Server** success. ![image](https://hackmd.io/_uploads/S1cvyDV0eg.png) ![image](https://hackmd.io/_uploads/rkVd1v4Axl.png) ![image](https://hackmd.io/_uploads/rk3dyDNAlx.png) ## 12. Configure ACL According to Requirements ### B1: Deploy ACL Configuration * Allow **192.168.3.0** and **192.168.1.0** to access the **Internet**. * Deny **192.168.2.0** from accessing the **Internet**. ![image](https://hackmd.io/_uploads/BJ_q1vERxl.png) ### B2: Test * **192.168.2.1** fails to access the **Internet**, but accesses other networks normally. ![image](https://hackmd.io/_uploads/BJunyD4Reg.png) * **192.168.1.252** successfully accesses the **Internet** and other networks. ![image](https://hackmd.io/_uploads/BkdA1vVRel.png) ### B3: Deploy ACL * **192.168.3.0** is **denied** access to the **Test Server**. ![image](https://hackmd.io/_uploads/SkZegvE0gx.png) ### B4: Test * **192.168.3.12** accesses the **Internet** normally, but **fails** to access the **Test Server**. ![image](https://hackmd.io/_uploads/B1wWgwVAgl.png)