On the AP, the network is associated with a MAC address. This network or workgroup that your clients connect to is called a Service Set Identifier or WLAN. So, on an AP, the SSID is a combination of MAC address and network name.
Simply “This is your wireless network name which you found on your laptop or mobile to connect with Wi-Fi”.
The WLANs Tab
This tab in Cisco WLC on the menu bar enables you to create, configure, and delete on your Cisco WLC.
Below are the options available on the tab:
- WLANs
- AP Groups
How to check SSID in cisco wireless controller
If we need to check on Cisco WLC, then click on this tab and then click WLANs and all will be shown here.
By this tab, we can perform below task:
- Create
- Disable
- Enable
- Remove
How to Create WLAN (SSID) on Cisco WLC
We cannot access the Wireless network without it, So, we have to configure it based on our requirements such as:
- Corporate
- Guest
- Remote
The Cisco Wireless Network solution can configure up to 512 SSIDs for lightweight access points. Each has a number or ID (1 through 512) with its unique profile name and other parameters which we will discuss in this blog.
All Cisco WLCs can broadcast up to 16 to each connected access point.
So, let’s discuss the steps to create a Corporate WLAN it on Cisco WLC.
Step-1: Click on the “Create New” button which is available at the right corner.
Step 2: Once you click on the Create New tab, then below tab will open which some details.
Type: Here WLC has 2 options: WLAN and Remote LAN.
Profile Name: Need to type the name like Corp , Guest, or other.
SSID: Name that will appear on your laptop or mobile to connect with Wifi.
WLAN ID: It is a unique ID.
After filling in all the required information click on Apply button which is available in the right Top corner.
Step 3: For editing or configuring it further click on ID number.
Step-4: Edit it with basic and advanced configuration
The Edit page consists of the following four tabs:
- General
- Security
- QoS
- Policy-Mapping
- Advanced
| Parameter | Description |
| Profile Name | Name of the it |
| Type | Type of LAN: Corporate, Guest LAN, or Remote LAN. |
| SSID | SSID name. |
| Status | If you want to enable or disable. The default is enabled. If it is not enabled then it will not work, |
| Security Policies | Security policies that we can set from the Security tab which is next to the general tab. |
| Radio Policy | Which Radio policy wants to allow. The default is All.
|
| Interface/Interface Group (G) | which interface do you want to use for management and Data traffic |
| Multicast Vlan Feature | If you want to enable the multicast VLAN feature. The default option is none. |
| Broadcast | Need to Broadcast the SSID. If it is not enabled, then the user will not see this on their devices to connect. |
| 11ax Status | Should be enabled to use wifi-6 advanced features. |
| NAS-ID | It is used to communicate between the user and the radius server for authentication. |
| Lobby Admin Access | If you want use this SSID for Lobby admin for Guest users. |
WLAN Security Tab
Step-5: Go to the Security Tab to configure security parameters.
This security tab is further divided into 3 sub-tabs
- Layer-2
- Layer-3
- AAA Servers
Layer-2: with this Security, we can configure security parameters for corporate users or authorized users who can access all production environment servers and networks with appropriate Authentication, authorization, and Accounting (AAA).
Layer 2 Security has multiple options or provides multiple security Flavours including:
Enterprises & Personal
| Layer -2 Security (Enterprise Mode) | WPA2+WPA3 Encryption Parameters | Authentication Key Management |
| None | None / Open | None/Open |
| WPA/WPA2 | CCMP128 (AES), CCMP 256, GCMP 128, GCMP 256 | 802.1X-SHA1, 802.1X-SH2, CCKM |
| WPA2/WPA3 | CCMP128 (AES), CCMP 256, GCMP 128, GCMP 256 | 802.1X-SHA1, 802.1X-SH2, CCKM |
| Enhanced Open | Open | Open |
| 802.1X | 802.11 Data Encryption with WEP Key Size (40 and 104 bits) | |
| Static WEP | Static WEP Parameters with WEP Key Size (40 and 104 bits) | |
| Static WEP + 802.1X | Static WEP Parameters + 802.11 Data Encryption with WEP Key Size (40 and 104 bits) |
| Layer -2 Security (Personal Mode) | WPA2+WPA3 Encryption Parameters | Authentication Key Management |
| None | None / Open | None/Open |
| WPA/WPA2 | CCMP128 (AES) | PSK Format (ASCII), PSK |
| WPA2/WPA3 | CCMP128 (AES), CCMP 256, GCMP 128, GCMP 256 | 802.1X-SHA1, 802.1X-SH2, CCKM |
| Enhanced Open | Open | Open |
| 802.1X | 802.11 Data Encryption with WEP Key Size (40 and 104 bits) | |
| Static WEP | Static WEP Parameters with WEP Key Size (40 and 104 bits) | |
| Static WEP + 802.1X | Static WEP Parameters + 802.11 Data Encryption with WEP Key Size (40 and 104 bits) |
For more details on Security Parameters read this: https://techblog.kbrosistechnologies.com/wireless-security-protocols-wpa/
Other Parameters:
Mac Filtering: You can also add/configure the client’s device (laptop/PC) MAC addresses locally to limit the users, so only specific users will connect to it.
MAC authentication failover to Dot1x authentication.
The prerequisites for the failover to work are as follows:
- MAC Filtering must be enabled.
- Layer 2 security must be 802.1X and Static WEP.
If any user tries to connect with SSID then WLC will verify the MAC address added locally and if MAC authentication is successful and the client sends an EAP start request to start 802.1X authentication, the client must pass 802.1X authentication to send data traffic, or the client is unauthenticated.
If MAC authentication fails, the client authenticates using 802.1X or it will de-authenticated.
If MAC Auth passes, then the client authenticates using 802.1X, if required (for Static WEP Clients) depending on the client configuration.
Fast Transition:
| Fast Transition | It enables or disables a fast transition between access points during Roaming. |
| Over the DS | It enables or disables a fast transition over a distributed system. |
| Reassociation Timeout | Time in seconds after which a fast transition reassociation times out. |
Protected Management Frame (PMF)
802.11w introduces an Integrity Group Temporal Key (IGTK) that is used to protect broadcast or multicast management frames.
Comeback timer (1-10sec): If any user tries to connect with the Wi-Fi network and if, it is denied then it will wait (in Sec) for the next retries.
The range is from 1 to 20. The default value is 1.
Conclusion
Above mentioned configuration is the basic configuration with the rest of the default settings for admin SSID or corporate network access over WIFI.
Visit to our site : https://www.kbrosistechnologies.com/
Watch more Video https://www.youtube.com/channel/UCpcd6IshE1caAbf9EdJd3gw
