Enterasys Educational Services

Routing and Wireless Boot Camp

Local Lab Guide
Version 2.0
 Routing and Wireless Boot Camp Local Lab Guide

Enterasys Networks reserves all rights to its materials and the content of the
materials. No material provided by Enterasys Networks to a Partner (or Customer, etc.)
may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying and recording, or by any information storage or
retrieval system, or incorporated into any other published work, except for internal use
by the Partner and except as may be expressly permitted in writing by Enterasys
Networks.

This document and the information contained herein are intended solely for
informational use. Enterasys Networks makes no representations or warranties of
any kind, whether expressed or implied, with respect to this information and
assumes no responsibility for its accuracy or completeness. Enterasys Networks,
hereby disclaims all liability and warranty for any information contained herein and
all the material and information herein exists to be used only on an "as is" basis.
More specific information may be available on request. By your review and/or use of
the information contained herein, you expressly release Enterasys from any and all
liability related in any way to this information. A copy of the text of this section is
an uncontrolled copy, and may lack important information or contain factual errors.
All information herein is Copyright Enterasys Networks. All rights reserved. All
information contain in this document is subject to change without notice.

For additional information refer to:

http://www.enterasys.com/constants/terms-of-use.aspx
 Routing and Wireless Boot Camp Local Lab Guide

Contents
Lab 1: Basic Routing Configuration ............................................................................... 1
Section A: Start of Lab: Initial Connection ...................................................................... 2
Section B: Prepare the Switch/Router for the Lab .......................................................... 3
Section C: Create VLANs ................................................................................................ 3
Section D: Configure Router VLAN Interfaces with IP Addresses ................................. 4
Section E: Test Network Connectivity ............................................................................. 6
Section F: Static Route Network Setup ........................................................................... 7
Section G: Configure Router VLAN Interfaces with IP Addresses ................................. 9
Section H: Test Network Connectivity ............................................................................. 9
Section I: Defining Static Routes ..................................................................................... 9
Section J: Test Network Connectivity............................................................................ 10
Section K: Remove Static Route Setup ........................................................................ 10
Section L: Test Network Connectivity ........................................................................... 10
Section M: RIP Route Setup.......................................................................................... 10
Section N: Test Network Connectivity ........................................................................... 12
Section O: DHCP Relay (IP helper-address) ................................................................ 13
Section P: Test PC-Connectivity ................................................................................... 15
Lab 2: OSPF Routing Configuration ............................................................................. 16
Section A: New Configuration Setup ............................................................................. 19
Section B: Create a Router ID ....................................................................................... 21
Section C: Create an OSPF instance............................................................................ 22
Section D: Add Networks ............................................................................................... 23
Section E: Test Network Connectivity ........................................................................... 24
Section F: Set the Designated Router........................................................................... 24
Section G: OSPF show commands (Router A,B and C) .............................................. 25
Section H: Redistribution of Static Routes .................................................................... 26
Section I: Setting Secondary Addresses ....................................................................... 28
Section J: Summarization .............................................................................................. 29
Section K: Define Stub Area .......................................................................................... 30
Section L: Authentication- Simple ................................................................................. 33
Section M: Authentication- MD5 .................................................................................... 34
Section N: Verify Configuration ..................................................................................... 34

2012 Enterasys Networks, Inc. All rights reserved . Page iii

 Routing and Wireless Boot Camp Local Lab Guide

Lab 3: ACL Configuration .............................................................................................. 35

Section A: Initial Setup and Configuration .................................................................... 36
Section B: Configure a Standard ACL........................................................................... 37
Section C: Remove ACL access_group ........................................................................ 38
Section D: Adding an Extended ACL ............................................................................ 38
Section E: Move ACL entry ........................................................................................... 39
Section F: Remove ACL access_group ........................................................................ 39
Section G: NetSight ACL Manager Setup and Configuration....................................... 39
Section H: Creating an ACL and Adding Rules ............................................................ 42
Section I: Assigning ACLs to an Interface..................................................................... 45
Section J: Test Network Connectivity............................................................................ 47
Section K: Remove Your ACL ....................................................................................... 47
Lab 4: PBR Configuration .............................................................................................. 48
Section A: Initial Setup and Configuration .................................................................... 49
Section B: Test Network Connectivity ........................................................................... 50
Section C: Policy-Based Routing Setup for Router A ................................................... 50
Section D: Policy-Based Routing Setup for Router C .................................................. 51
Section E: Test Network Connectivity ........................................................................... 52
Lab 5: Multicasting Configuration ................................................................................ 53
Section A: Initial Setup and Configuration .................................................................... 54
Section B: Test Network Connectivity ........................................................................... 58
Section C: Enable IGMP ................................................................................................ 59
Section D: Enable PIM-SM ............................................................................................ 60
Section E: Verify PIM-SM without Multicast Traffic ...................................................... 60
Section F: Multicast Video with VLC ............................................................................. 61
Section G: Verify PIM-SM with Multicast Traffic ........................................................... 66
Lab 6: VRRP Configuration ............................................................................................ 67
Section A: Initial Setup and Configuration .................................................................... 67
Section B: Set Up VRRP Instance 1X1 (IP Address Owner Config) ........................... 71
Section C: Set Up VRRP Instance 1X4 (IP Address Non-Owner Config) ................... 72
Section D: Verify VRRP Switchover .............................................................................. 73
Section E: Verify Critical IP Address Switchover .......................................................... 74
Lab 7: Restore Controller Configuration...................................................................... 75
Lab 8: Controller Configuration .................................................................................... 77

2012 Enterasys Networks, Inc. All rights reserved . Page iv

 Routing and Wireless Boot Camp Local Lab Guide

Section A: Controller Configuration ............................................................................... 78

Section B: Syslog /System Log Level Configuration .................................................... 79
Section C: Network Time Settings................................................................................. 81
Section D: OSPF Routing .............................................................................................. 82
Section E: OSPF Reports .............................................................................................. 83
Lab 9: Controller Maintenance ...................................................................................... 85
Section A: Controller Backup......................................................................................... 85
Lab 10: Integration with Netsight .................................................................................. 87
Section A: Admin Account ............................................................................................. 87
Section B: SNMP V3 Configuration ............................................................................... 88
Section C: NetSight Configuration................................................................................. 89
Section D: Restore Default Database ........................................................................... 90
Section E: Authorization/Device Access ....................................................................... 92
Lab 11: Inventory Manager Archive Wizard............................................................. 97
Section A: Inventory Manager Access .......................................................................... 97
Section B: FTP Transfer Settings .................................................................................. 99
Section C: Scheduled Backup ..................................................................................... 100
Lab 12: OneView Polling ........................................................................................... 103
Section A: Set Polling Timers for OneView................................................................. 103
Lab 13: OneView - Collect Device/Interface Statistics ............................................ 105
Section A: Device Statistics ......................................................................................... 105
Section B: Enable Interface Statistics Collection ........................................................ 106
Lab 14: OneView Device Client Statistics .................................................................. 108
Section A: Launch OneView ........................................................................................ 108
Section B: Enable Client Collection ............................................................................. 109
Lab 15: Configuration of Access Points .................................................................... 111
Section A: Wireless AP Registration ........................................................................... 111
Section B: AP Default Settings .................................................................................... 112
Section C: AP Properties ............................................................................................. 113
Section D: Reset the AP to the Default Settings ........................................................ 114
Section E: Secure Tunnel ............................................................................................ 115
Lab 16: Events / Logs / Reports .................................................................................. 116
Section A: Enterasys WC Events ................................................................................ 116
Section B: AP Reports ................................................................................................. 117

2012 Enterasys Networks, Inc. All rights reserved . Page v

 Routing and Wireless Boot Camp Local Lab Guide

Lab 17: Wireless Client ................................................................................................. 118

Section A: Wireless Client Access .............................................................................. 118
Lab 18: VNS Creation .................................................................................................... 120
Section A: Tagged Bridge Locally at AP Topology ..................................................... 120
Section B: Class of Service/ Rate Limit ...................................................................... 121
Section C: Policy VLAN & Class of Service ............................................................. 123
Section D: Policy - Filter Rules .................................................................................... 124
Section E: WLAN Service Pre-Shared Keys............................................................ 126
Section F: Bridge Locally at AP Virtual Network ......................................................... 128
Section G: AP Reports ................................................................................................. 129
Section H: Network Connectivity ................................................................................. 130
Section I: Client Reports .............................................................................................. 132
Section J: One View Client Reports ............................................................................ 133
Section K: OneView Interface Statistics ...................................................................... 135
Lab 19: Dynamic Filtering ............................................................................................ 136
Section A: Dynamic Filtering ....................................................................................... 136
Lab 20: Bridge Locally at AP (Persistency) .............................................................. 140
Section A: Demonstrate Persistency ........................................................................... 141
Lab 21: Real Capture .................................................................................................... 143
Section A: Real Capture .............................................................................................. 143
Section B: Wireshark ................................................................................................... 144
Lab 22: 802.1x Authentication ..................................................................................... 148
Section A: Radius Configuration ................................................................................. 149
Section B: WLAN Service with 802.1x Authentication ................................................ 152
Section C: Virtual Network (802.1x Authentication).................................................... 155
Section D: Configuring 802.1x on the Wireless Windows 7 Client............................. 156
Section E: End-System Connections .......................................................................... 161
Lab 23: RFC3580 Filter-ID ......................................................................................... 162
Section A: RADIUS ACCESS-ACCEPT Filter-ID ....................................................... 162
Section B: Policy (Filter-ID) ......................................................................................... 163
Section C: End-System Connection ............................................................................ 166
Lab 24: RFC3580 VLAN ID......................................................................................... 168
Section A: RFC 3580 (ACCESS-ACCEPT) Options .................................................. 168
Lab 25: Captive Portal .................................................................................................. 171

2012 Enterasys Networks, Inc. All rights reserved . Page vi

 Routing and Wireless Boot Camp Local Lab Guide

Section A: Creating the WLAN Policy Components ................................................... 171

Section B: Captive Portal Virtual Network................................................................... 195
Section C: Network Connection - WLAN Client Connection ...................................... 196
Section D: Captive Portal Failed User ..................................................................... 197
Section E: Captive Portal Default Authenticated Policy .......................................... 198
Lab 26: Guest Portal ..................................................................................................... 200
Section A: Guest Portal Manager ................................................................................ 200
Section B: Guest Portal WLAN Service ...................................................................... 201
Section C: Create a Guest Account ............................................................................ 204
Section D: Access the Guest Portal SSID .................................................................. 207
Lab 27: Mobility ............................................................................................................. 209
Section A: Secondary Controller ................................................................................. 210
Section B: Mobility Domain Configuration................................................................... 211
Lab 28: Centralized Mobility ........................................................................................ 213
Section A: Setting the GuestPortal WLAN Service Remoteable................................ 213
Section B: Remotable VNS ......................................................................................... 215
Lab 29: Availability (Fast Failover) ............................................................................. 219
Section A: Configure Controllers and APs for Availability/Failover ............................ 220
Section B: Wireless APs Assignment.......................................................................... 224
Section C: Availability Report ...................................................................................... 225
Lab 30: OneView Reports.......................................................................................... 229
Section A: Client Search .............................................................................................. 229
Section B: Explore the Wireless Tab ........................................................................... 234
Section C: Explore the Reports Tab ............................................................................ 236

2012 Enterasys Networks, Inc. All rights reserved . Page vii

 Routing and Wireless Boot Camp Local Lab Guide

Lab 1: Basic Routing Configuration

Overview
This lab is designed to give you practice in basic routing configurations.

Equipment
For this lab you will need:
Two Enterasys routers (this lab was written with a C5 and an SSA
Three PCs

Objectives
When you finish this lab you will be able to:

Create VLANS and IP Interfaces

Configure Static Routes
Configure RIP
Configure DHCP Relay (IP helper-address)

NOTE: All screen shots included in this lab exercise are for illustrative purposes only
and may not accurately reflect the actual settings on your switch. Please follow the
procedural explanations in the text when you perform configurations in this lab.

NOTE: The CLI structure differs slightly between the S/K series and the Stackable
Switches. Not all CLI Commands in these labs work on all switches. Use the ?
command from the CLI to determine which specific command will work on the switch
you are configuring.

2012 Enterasys Networks, Inc. All rights reserved . Page 1

 Routing and Wireless Boot Camp Local Lab Guide

Section A: Start of Lab: Initial Connection

As you proceed through this section of the lab, you will configure your network
according to the table and diagram below.

Lab Component IP Address/Mask Connection

Port ge.1.2
PC-A 172.16.1x1.11/24
(VLAN 10)
Port ge.1.4
PC-B 172.16.1x3.11
(VLAN 3)
Router VLAN
172.16.1x1.101/24
Interface 2
Router VLAN
172.16.1x3.101/24
Interface 3

PC-A
VLAN 10
172.16.1x1.11/24
172.16.1x1.101/24
GW 172.16.1x1.101
ge.1.2

Port 2
Router A

Port 4

PC-B
172.16.1x3.11/24 VLAN 3
172.16.1x3.101/24
GW 172.16.1x3.101
ge.1.4

2012 Enterasys Networks, Inc. All rights reserved . Page 2

 Routing and Wireless Boot Camp Local Lab Guide

Section B: Prepare the Switch/Router for the Lab

1. Establish a serial connection to the console port of your S/K-series switch.
2. Login in as admin.
3. Hit Return for the password. By default, Enterasys switches ship from the
factory with no password enabled.
4. Set the switch back to factory defaults.
clear config all
This command will reset the entire system and clear its
application and stacking configuration.
Do you want to continue(y/n) [n]?

Enter Y.
5. Set a prompt for your Router.
> set prompt Router A
6. Disable spanning tree, LACP, and GVRP globally.
> set gvrp disable
> set lacp disable
> set spantree stpmode none

Section C: Create VLANs

7. Create VLAN 3 and VLAN 10 on Router A.

set vlan create 3
set vlan create 10
8. Assign port 2 to VLAN 10.
set port vlan ge.1.2 10 modify-egress
9. Assign port 4 to VLAN 3.
set port vlan ge.1.4 3 modify-egress
10. Enable ports 2 and 4.
set port enable ge.1.2;ge.1.4
11. Verify the configuration of the VLANs and interfaces. The following is an
example of Router A.
RouterA>show vlan static

2012 Enterasys Networks, Inc. All rights reserved . Page 3

 Routing and Wireless Boot Camp Local Lab Guide

RouterA(su)->show vlan static

VLAN: 1 NAME: DEFAULT VLAN
VLAN Type: Default
Egress Ports
ge.1.1,3,5-48, lag.0.1-63
Forbidden Egress Ports
None.
Untagged ports
ge.1.1,3,5-48, lag.0.1-63

Forbidden Egress Ports

None.
Untagged ports
ge.1.2
VLAN: 3 NAME:
VLAN Type: Permanent
Egress Ports
ge.1.4
Forbidden Egress Ports
None.
Untagged ports
ge.1.4

VLAN: 10 NAME:
VLAN Type: Permanent
Egress Ports
ge.1.2
Forbidden Egress Ports
None.
Untagged ports
ge.1.2

RouterA(su)->

Note: show vlan will show the ports that are configured and active;
show vlan static will show the configured ports even if they are not
currently active.

Section D: Configure Router VLAN Interfaces with IP Addresses

1. Assign IP addresses to your VLAN interfaces and configure routing on those

interfaces.

2012 Enterasys Networks, Inc. All rights reserved . Page 4

 Routing and Wireless Boot Camp Local Lab Guide

In these labs you will use an IP addressing scheme based upon your Student
Group number, as in the table below.

Group # VLAN 10 Address VLAN 3 Address

1 172.16.111.101/24 172.16.113.101/24
2 172.16.121.101/24 172.16.123.101/24
3 172.16.131.101/24 172.16.133.101/24
4 172.16.141.101/24 172.16.143.101/24
5 172.16.151.101/24 172.16.153.101/24
6 171.16.161.101/24 172.16.163.101/24
7 171.16.171.101/24 172.16.173.101/24
8 172.16.181.101/24 172.16.183.101/24

1. Enter router mode (Not required on S and K Series firmware 7.0 and higher. For
these routers, enter configuration mode directly from the Layer 2 prompt by
typing configure.)
Router A> router
2. Enter privileged mode (not required S and K 7.0 and higher. For these routers,
enter configuration mode directly from the Layer 2 prompt by typing
configure.)
Router A> enable
3. For the S and K7.0+ set the interface IP addresses and IP forwarding.
Router A(su)->config
Router A(su-config)->set ip address 172.16.1x1.101 mask
255.255.255.0 interface vlan.0.10
Router A(su-config)-> interface vlan.0.10
Router A(su-config-intf-vlan.0.2)->ip forwarding

For all other devices including the C-series, enter config mode and add an IP
address to the VLAN interface.
RouterA> router# configure
RouterA> router(Config)# interface vlan 10
RouterA> router(Config-if(Vlan-vid))# ip address
172.16.1X1.101 255.255.255.0
4. Enter no shutdown to enable the interface.
RouterA> router(Config-if(Vlan-vid))# no shutdown
5. Type exit to return to router mode.

2012 Enterasys Networks, Inc. All rights reserved . Page 5

 Routing and Wireless Boot Camp Local Lab Guide

RouterA> router(Config-if(Vlan-vid))# exit

6. Configure VLAN Interface 3, add an IP address and enable the interface.
On the S and K 7.0+:
RouterA(su)->config
RouterA(su-config)->set ip address 172.16.1X3.101 mask
255.255.255.0 interface vlan.0.3
RouterA(su-config)-> interface vlan.0.3
RouterA(su-config-intf-vlan.0.3)->ip forwarding
RouterA(su-config-intf-vlan.0.3)->no shutdown
RouterA(su-config-intf-vlan.0.3)->exit
On all other routers:
RouterA> router(Config)# interface vlan 3
RouterA> router(Config-if(Vlan-vid))# ip address
172.16.1X1.101 255.255.255.0
RouterA> router(Config-if(Vlan-vid))# no shutdown
RouterA> router(Config-if(Vlan-vid))# exit

Section E: Test Network Connectivity

1. Attach PC-A to port ge.1.2 and PC-B to port ge.1.4.

2. Assign the following IP addresses and gateways.

PC-A PC-B
172.16.1x1.11/24 172.16.1X3.11/24
172.16.1x1.101 GW 172.16.1X3.101 GW

3. Ping the directly connected default Gateway router to test the local connectivity.
4. Ping your neighbor's PC to check route connectivity.
5. From Router A router mode enter the following command:
RouterA>router# show ip route

2012 Enterasys Networks, Inc. All rights reserved . Page 6

 Routing and Wireless Boot Camp Local Lab Guide

Section F: Static Route Network Setup

In this portion of the lab you will set up static routes between two routers: Router
A and Router C. This lab was written using two SSAs; you may need to modify
your CLI commands if you are using a stackable switch as one or both of your
routers.

1. Rewire the network according to the table and diagram below.

2. Set Router C back to factory defaults (clear config)
clear config all

Network Component IP Address/Mask Connections

PC-A 172.16.1x1.11/24 Router A, port ge.1.2

PC-D 172.16.1x4.22/24 Router C, port ge.1.4

Router VLAN Interface 10 172.16.1x1.101/24

Router VLAN Interface 3 172.16.1x3.101/24 172.16.1x3.103/24

Router Interface VLAN 4 172.16.1x4.103/24

Router A, port ge.1.5 Router C, port ge.1.5

2012 Enterasys Networks, Inc. All rights reserved . Page 7

 Routing and Wireless Boot Camp Local Lab Guide

PC-A
VLAN 10
172.16.1x1.11/24
172.16.1x1.101/24
GW
ge.1.2
172.16.1x1.101

Port 2
Router A

Port ge.1.5 VLAN 3

172.16.1x3.101/24
ge.1.5

VLAN 3
172.16.1x3.103/24
Port ge.1.5 ge.1.5

Router C
Port 4

PC-D
VLAN 4
172.16.1x4.22/24
172.16.1x4.103/24
GW
ge.1.4
172.16.1x4.103

Router A config
1. Add port ge.1.5 to VLAN 3.
set port vlan ge.1.5 3 modify-egress

Router C configuration
1. Set the Prompt to Router C
set prompt Router C
2. Disable Spanning Tree and GVRP globally.
S/K-Series > set gvrp disable
> set spantree stpmode none
All others
> set spantree disable
3. Create VLAN 3 and VLAN 4 on Router C.
set vlan create 3
set vlan create 4
4. Assign port 4 to VLAN 4.

2012 Enterasys Networks, Inc. All rights reserved . Page 8

 Routing and Wireless Boot Camp Local Lab Guide

set port vlan ge.1.4 4 modify-egress

5. Assign port 5 to VLAN 3.
set port vlan ge.1.5 3 modify-egress

Section G: Configure Router VLAN Interfaces with IP Addresses

On Router C:
1. Enter router mode. (Not required for S & K-7.0+)
2. Enter enable mode. (Not required for S & K-7.0+)
3. Enter configuration mode.
4. From config mode enter the VLAN interface 3 to add an IP address.
Router C(su-config)interface vlan.0.3
5. From the VLAN interface enter the IP address with a 24 bit mask.
ip address 172.16.1X3.103 255.255.255.0
6. Enter ip forwarding to enable IP forwarding on the interface.
7. Enter no shutdown to enable the interface.
8. Type exit to return to router mode
9. Configure VLAN interface 4 with IP address 172.16.1X4.103/24 using the same
process.

Section H: Test Network Connectivity

1. On PC-D, set the IP address to 172.16.1X4.22/24.

2. Verify that PC-A and PC-D do not have ping connectivity at this time, but each
PC-Can ping the interfaces of its locally connected router.

Section I: Defining Static Routes

A static route will allow the system to send traffic destined for a specific network out
a specific interface that is manually defined.
1. Add the static routes. From Router A, access config mode and enter the
following command:

2012 Enterasys Networks, Inc. All rights reserved . Page 9

 Routing and Wireless Boot Camp Local Lab Guide

ip route 172.16.1X4.0 255.255.255.0 172.16.1X3.103

2. From Router C, access config mode and enter the following command:
ip route 172.16.1X1.0 255.255.255.0 172.16.1X3.101

Section J: Test Network Connectivity

1. Verify that PC-A and PC-D now have ping connectivity.

2. Verify Router A and Router C route tables using the show ip route command.

Section K: Remove Static Route Setup

1. Remove the static routes. From Router A, access config mode and enter the
following command:
no ip route 172.16.1X4.0 255.255.255.0 172.16.1X3.103
2. From Router C, access config mode and enter the following command:
no ip route 172.16.1X1.0 255.255.255.0 172.16.1X3.101

Section L: Test Network Connectivity

1. Verify that PC-A and PC-D do not have ping connectivity at this time.

Section M: RIP Route Setup

You will be using the same network setup used for static routes. Using the IP
addresses that have been assigned to the VLAN interfaces; you will enable RIP, and
then identify the networks that will use RIP.

2. Enable RIP globally from config mode using the router rip command.

On the C5
RouterA/C> router
RouterA/C>router>enable

2012 Enterasys Networks, Inc. All rights reserved . Page 10

 Routing and Wireless Boot Camp Local Lab Guide

RouterA/C>router#config
RouterA/C> router(Config) # router rip

On the S/K-Series:
RouterA/C(su)->configure
RouterA/C(su-config)->router rip

3. On the C-series enable rip version 2 on each VLAN interface.

RouterA> router(Config)# interface vlan 10

RouterA> router(Config-if(Vlan 10))# ip rip enable
RouterA> router(Config-if(Vlan 10))# ip rip send version 2
RouterA> router(Config-if(Vlan 10))# ip rip receive version
2
RouterA> router(Config)# exit
C5

RouterA> router(Config)# interface vlan 3

RouterA> router(Config-if(Vlan 3))# ip rip enable
RouterA> router(Config-if(Vlan 3))# ip rip send version 2
RouterA> router(Config-if(Vlan 3))# ip rip receive version
2
RouterA> router(Config)# exit

2012 Enterasys Networks, Inc. All rights reserved . Page 11

 Routing and Wireless Boot Camp Local Lab Guide

RouterC> router(Config)# interface vlan 3

RouterC> router(Config-if(Vlan 3)# ip rip enable
RouterC> router(Config-if(Vlan 3))# ip rip send version 2
RouterC> router(Config-if(Vlan 3))# ip rip receive version
2
RouterC> router(Config)# exit
C5

RouterC> router(Config) # interface vlan 4

RouterC> router(Config-if(Vlan 4))# ip rip enable
RouterC> router(Config-if(Vlan 4))# ip rip send version 2
RouterC> router(Config-if(Vlan 4))# ip rip receive version
2
RouterC> router(Config)# exit

For S/K Switch/Routers set the networks to be advertised by RIP from config mode.

RouterA(su-config-rip)->network 172.16.1x1.0 0.0.0.255

RouterA(su-config-rip)->network 172.16.1x3.0 0.0.0.255

_____________________________________________________
S/K
RouterC(su-config-rip)->network 172.16.1x3.0 0.0.0.255

RouterC(su-config-rip)->network 172.16.1x4.0 0.0.0.255

Section N: Test Network Connectivity

1. From PC-A and PC-D

a. Ping your directly connected default Gateway router to test your local
connectivity.
b. Ping your neighbor's PC to check route connectivity.
c. Ping all the router interfaces to check route connectivity.
2. On Router A

2012 Enterasys Networks, Inc. All rights reserved . Page 12

 Routing and Wireless Boot Camp Local Lab Guide

a. Display the IP routing table using show ip route command .

b. Display the RIP status and routing info via:

C5 RouterA> router# show ip rip vlan {vlanid}

S/K RouterA> router# show ip protocol

Section O: DHCP Relay (IP helper-address)

PC-A
VLAN 10
172.16.1x1.11/24
172.16.1x1.101/24
GW
ge.1.2
172.16.1x1.101

Port 2
Router A

Port ge.1.5 VLAN 3

172.16.1x3.101/24
ge.1.5

VLAN 3
172.16.1x3.103/24
Port ge.1.5 ge.1.5

Router C
Port 4

PC-D
VLAN 4
DHCP Enabled
172.16.1x4.103/24
ge.1.4

1. Using your previously configured network topology (as shown above), set an IP
helper-address (172.16.1x1.11), on Router C, VLAN 4. At the interface level,
issue the command:
Router C(su-config-intf-vlan.0.4)->ip helper-address
172.16.1x1.11

2012 Enterasys Networks, Inc. All rights reserved . Page 13

 Routing and Wireless Boot Camp Local Lab Guide

2. Enable DHCP services on PC-A. (From StartProgramsMagikDHCP

ServerStart Server.)
3. Check to ensure your PC-D currently is using a static IP address. Open a DOS
window and type:
ipconfig /all
4. Examine the output of the command. What IP address is given in the DHCP
Server field?
5. Enable PC-D to receive an IP address via DHCP.

2012 Enterasys Networks, Inc. All rights reserved . Page 14

 Routing and Wireless Boot Camp Local Lab Guide

In Windows XP:
c. Highlight and right click My Network Places icon.
d. Select Properties. The Network Connections window opens.
e. From the network connections window, open Local Area Connection.
f. From Local Area Connection Status window, click the Properties tab.
g. From Local Area Connection Properties window, scroll down to Internet
Protocol (TCP/IP) and open Internet Protocol (TCP/IP).
h. From Internet Protocol (TCP/IP) Properties window select Obtain an IP
address automatically, click OK.

In Windows 7:
a. Open Network Connections by clicking the Start button , and then clicking
Control Panel. In the search box, type adapter, and then, under Network and
Sharing Center, click View network connections.
b. Right-click the connection that you want to change, and then click Properties.
If you're prompted for an administrator password or confirmation, type the
password or provide confirmation.
c. Click the Networking tab. Under This connection uses the following items,
click Internet Protocol Version 4 (TCP/IPv4), and then click Properties.
d. Click Obtain an IP address automatically, and then click OK.
6. Verify PC-D has received an IP address in the 172.16.1X4.0/24 range, with a
default gateway address of 172.16.1X4.103.
e. From your Windows desktop, select StartRun, and enter cmd, click OK.
f. At command prompt window, enter ipconfig /all.

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix .:

IP Address. . . . . . . . . . . . : 172.16.X4.10300
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.16.X4.103

Section P: Test PC-Connectivity

1. From PC-D, ping the directly connected default Gateway router (172.16.1X4.103)
to test your local connectivity.
2. Ping PC-A (172.16.1X1.11) to check route connectivity.

End of Lab 1

2012 Enterasys Networks, Inc. All rights reserved . Page 15

 Routing and Wireless Boot Camp Local Lab Guide

Lab 2: OSPF Routing Configuration

Lab Overview
This lab walks you through all the steps to configuring a multi-area OSPF network.

Resources/Tools
For this lab you will need:
Three Enterasys routers (this lab was written with two SSAs and one C5)
Two PCs

Objectives
At the end of this lab you will be able to:

Create VLAN interfaces and IP addresses

Create OSPF instances, networks and Areas
Define Stub Areas and NSSA
Add authentication
Set priorities to identify the Designated Router
Examine and Verify OSPF networks using show commands

Lab Setup
At the end of this lab you will have set up your network according to the table and
diagram below.

Network Component IP Address/Mask Connections

PC-A 172.16.1x1.11/24 Router A, port ge.1.2

PC-D 172.16.1x4.22/24 Router C, port ge.1.4

Router A, VLAN
172.16.1x1.101/24
Interface 10
Router A, VLAN
172.16.2x.101/24
Interface 2x
Router A, port ge.1.2 PC-A

Router A, port ge.1.3 Router B, port ge.1.3

2012 Enterasys Networks, Inc. All rights reserved . Page 16

 Routing and Wireless Boot Camp Local Lab Guide

Network Component IP Address/Mask Connections

Router B, Interface
172.16.2x.102/24
VLAN 2x
Router B, Interface
172.16.3x.10./24
VLAN 3x
Router B, port ge.1.3 Router A, port ge.1.3

Router B, port ge.1.6 Router C, port ge.1.6

Router C, Interface
172.16.3x.103/24
VLAN 3x
Router C, Interface
172.16.1x4.103/24
VLAN 4
Router C, port ge.1.4 PC-D

Router C, port ge.1.6 Router B, port ge.1.6

2012 Enterasys Networks, Inc. All rights reserved . Page 17

 Routing and Wireless Boot Camp Local Lab Guide

PC-A
172.16.1x1.11/24
GW 172.16.1x1.101
Area 1
VLAN 10
172.16.1x1.101/24
Port ge.1.2
Router A
Port ge.1.3 VLAN 2x
172.16.2x.101/24

Backbone Area 0
VLAN 2x
Port ge.1.3 172.16.2x.102/24

Router B
Port ge.1.6 VLAN 3x
172.16.3x.102/24

VLAN 3x
Area 2
172.16.3x.103/24
Port ge.1.6

Port ge.1.4
Router C
VLAN 4
172.16.1x4.103/24

PC-D
172.16.1x4.22/24
GW 172.16.1x4.103

2012 Enterasys Networks, Inc. All rights reserved . Page 18

 Routing and Wireless Boot Camp Local Lab Guide

Section A: New Configuration Setup

The steps to route using OSPF between the IP VLANs are as follows:
Define two VLANs on each Switch.
Add IP addresses to each VLAN.
Create OSPF Instances.
Add OSPF Networks and Areas.

1. Set all three switches back to factory defaults.

clear config all
This command will reset the entire system and clear its
application and stacking configuration.
Do you want to continue(y/n) [n]?

Enter Y.
2. Cable the network as shown in the table and diagram above.
3. Set your prompts on all three switches.
4. Disable Spanning Tree on all three switches.
5. Create VLANs on your routers according to the table below, where X is your
Student Group number.

Router VLAN VLAN

Router A 10 2x

Router B 2x 3x

Router C 3x 4

6. Configure the router ports to attach to the correct VLANs according to the table
below, where X is your Student Group number.

Router Port VLAN

Router A ge.1.2 VLAN 10

Router A ge.1.3 VLAN 2x

Router B ge.1.3 VLAN 2x

2012 Enterasys Networks, Inc. All rights reserved . Page 19

 Routing and Wireless Boot Camp Local Lab Guide

Router Port VLAN

Router B ge.1.6 VLAN 3x

Router C ge.1.4 VLAN 4

Router C ge.1.6 VLAN 3x

set port vlan <port string> <vlan> modify-egress

7. Enter router configuration mode (C-Series/Router B).

8. Enter configuration mode (S/K-Series/Router A & C).
9. From config mode create Layer 3 VLAN interfaces and assign IP addresses as
shown in the table below.

Router VLAN IP Address/Mask

Router A VLAN 10 172.16.1X1.101/24

Router A VLAN 2X 172.16.2X.101/24

Router B VLAN 2X 172.16.2X.102/24

Router B VLAN 3X 172.16.3X.102/24

Router C VLAN 3X 172.16.3X.103/24

Router C VLAN 4 172.16.1X4.103/24

10. From the VLAN interface enter the IP address with a 24 bit mask
11. Enter no shutdown to enable the interface.
12. Enter the IP Forwarding command for S/K-Series routers to enable IP
Forwarding for interface. (Not required on the C-Series.)
13. Type exit to return to configuration mode.
14. Configure all of the VLAN interfaces using the same process.
15. Configure your loopback address to advertise into OSPF using the same
process. This will allow you to reach the switchs loopback address via OSPF for
management purposes.

2012 Enterasys Networks, Inc. All rights reserved . Page 20

 Routing and Wireless Boot Camp Local Lab Guide

Section B: Create a Router ID

Having a router ID linked to a Loopback address is common practice for OSPF

networks. Create loopback addresses for each of your routers according to the
table below.

Router Loopback Interface IP Address/Mask

Router A 1 1.1.1.1/32

Router B 2 2.2.2.2/32

Router C 3 3.3.3.3/32

1. Create a loopback address for your C-series router.

Router B>router(config)# interface loopback 2
Router B>router(config-if(Lpbk 2)# ip address 2.2.2.2
255.255.255.255
Router B>router(config-if(Lpbk 2)# no shutdown
Router B>router(config-if(Lpbk 2)# exit

Note: For the S/K-Series router, you do not need to enter router mode. Simply
enter config mode, and issue same sequence of commands shown above to
create your loopback address. Be sure to include the ip forwarding command.
2. On the S-series:
Router A(su-config)->interface loop.0.1
Router A(su-config-intf-loop.0.1)->ip address 1.1.1.1
255.255.255.255
Router A(su-config-intf-loop.0.1)->ip forwarding
Router A(su-config-intf-loop.0.1)->no shut

Router C(su-config)->interface loop.0.3

Router C(su-config-intf-loop.0.3)->ip address 3.3.3.3
255.255.255.255
Router C(su-config-intf-loop.0.3)->ip forwarding
Router C(su-config-intf-loop.0.3)->no shut

2012 Enterasys Networks, Inc. All rights reserved . Page 21

 Routing and Wireless Boot Camp Local Lab Guide

Section C: Create an OSPF instance

Note: For S/K-Series routers using firmware 7.0+ the router-id is configured under
the OSPF instance. Therefore, you must create the OSPF instance first, and then
enter the router-id.

For C-Series routers, you should create your router id before you create your OSPF
instance.
3. Create an OSPF instance on each router, and add the router-id for the S/K-
Series platform:
On C5:
Router>router(Config)# router id 2.2.2.2
Router>router(Config)# router ospf 10

On S/K-Series:
Router(su-config)->router ospf 10
Router(su-config-ospf-10)->router-id 1.1.1.1
Router(su-config-ospf-10)->

Be sure to re-execute the above commands on Router C, with the appropriate

Router ID.

2012 Enterasys Networks, Inc. All rights reserved . Page 22

 Routing and Wireless Boot Camp Local Lab Guide

Section D: Add Networks

1. Add Networks to your OSPF instance.

On the Router B, edit each VLAN interface by adding an ospf areaid, and
enabling OSPF:

Example of a C5 (Router B)
RouterB> router(config)# interface vlan 2X
RouterB> router(config-if(Vlan 2X))# ip ospf enable
RouterB> router(config-if(Vlan 2X))# ip ospf areaid
0.0.0.0
RouterB> router(config-if(Vlan 2X))# exit

RouterB> router(config) # interface vlan 3X

RouterB> router(config-if(Vlan 3X))# ip ospf enable
RouterB> router(config-if(Vlan 3X))# ip ospf areaid 2
RouterB> router(config-if(Vlan 3X))# exit

Example of an S/K-series (Router A and Router C)

From config mode, enter ospf instance 10 and issue the network command:
RouterA(su-config-ospf-10)->network 172.16.2X.0 0.0.0.255
area 0.0.0.0
RouterA(su-config-ospf-10)->network 172.16.1X1.0 0.0.0.255
area 0.0.0.1

RouterC(su-config-ospf-10)->network 172.16.3X.0 0.0.0.255

area 0.0.0.2
RouterC(su-config-ospf-10)->network 172.16.1X4.0 0.0.0.255
area 0.0.0.2

2012 Enterasys Networks, Inc. All rights reserved . Page 23

 Routing and Wireless Boot Camp Local Lab Guide

Section E: Test Network Connectivity

1. Attach the PCs as shown in the diagram at the beginning of the lab. Use the IP
addresses in the table and diagram.
2. From PC-A and PC-D.
a. Ping the directly connected default Gateway router to test your local
connectivity.
b. Ping your neighbor's PC to check route connectivity.
3. Troubleshoot any connectivity issues that arise.
4. If OSPF has learned the wrong routes you can clear the OSPF processes.

C5:
RouterA/B/C>router# clear ip ospf process {process-number}
S/K:
RouterA(su)->clear ip ospf process pid {process-number}

Section F: Set the Designated Router

1. Check to see who is the Designated Router for area 0.0.0.2 by using the show
ip ospf interface command on Router B and Router C.
1) For VLAN 3X, which router is the DR?_______________
2) For VLAN 3X, which router is the BDR?______________
2. Change the router priority value to affect the Designated Router (DR) and Back-
up Designated Router (BDR) values. The router with the highest value will
become the DR.
RouterA> router(config-if(Vlan 2X) # ip ospf priority 50
RouterB> router(config-if(Vlan 3X) # ip ospf priority 255
RouterC> router(config-if(Vlan 3X) # ip ospf priority 0
3. Enter the show ip ospf interface command to view results of setting
OSPF interface priority.
show ip ospf interface

2012 Enterasys Networks, Inc. All rights reserved . Page 24

 Routing and Wireless Boot Camp Local Lab Guide

Section G: OSPF show commands (Router A,B and C)

1. Display the OSPF neighborhood
show ip ospf neighbor
2. Display the IP routes
show ip route
3. Display the IP ospf
show ip ospf
4. Display the IP ospf interface
show ip ospf interface
5. Display the IP ospf area (RouterB only))
RouterB>router # show ip ospf area 0
6. Display the IP ospf database
show ip ospf database

2012 Enterasys Networks, Inc. All rights reserved . Page 25

 Routing and Wireless Boot Camp Local Lab Guide

Section H: Redistribution of Static Routes

PC-A
172.16.1x1.11/24
GW 172.16.1x1.101
Area 1
VLAN 10
172.16.1x1.101/24
Port ge.1.2
Router A
Port ge.1.3 VLAN 2x
172.16.2x.101/24

Backbone Area 0
VLAN 2x
Port ge.1.3 172.16.2x.102/24

Router B
Port ge.1.6 VLAN 3x
172.16.3x.102/24

VLAN 3x Area 2
172.16.3x.103/24
Port ge.1.6

Port ge.1.4
Router C
VLAN 4 Static Routes
172.16.1x4.103/24 112.x.1.0/24
112.x.2.0/24
PC-D 112.x.3.0/24
172.16.1x4.22/24
GW 172.16.x4.103

Add the static routes shown in the diagram to your network. Once you have
created static IP addresses, redistribute the routes. Redistribution allows your
router to send the static routes to the remote routing tables.

1. Create static routes from router config mode on Router C. Add static routes as
shown below, where X is your student group number:

ip route 112.X.1.0 255.255.255.0 172.16.1X4.22

ip route 112.X.2.0 255.255.255.0 172.16.1X4.22
ip route 112.X.3.0 255.255.255.0 172.16.1X4.22

2012 Enterasys Networks, Inc. All rights reserved . Page 26

 Routing and Wireless Boot Camp Local Lab Guide

2. Verify that Router B does not know about the static routes from Router C by
using:
show ip route
3. To redistribute static routes into OSPF, enter router ospf 10 mode on Router C.
Use the redistribute static command.
Use the redistribute static subnets command for the C-Series
Use the redistribute static command for the S/K-Series
Example for C-Series
Router C<su>->router<Config-router># redistribute static subnets
Example for S/K-Series:
RouterC(su-config-ospf-10)->redistribute static
4. Check that the static routes from Router C have been redistributed to Router B.
Verify this by issuing the show ip route command on Router B.

3) What type of route is 112.X.1.0/24 on Router C? __________

4) What type of route is 112.X.1.0/24 on Router B? __________

2012 Enterasys Networks, Inc. All rights reserved . Page 27

 Routing and Wireless Boot Camp Local Lab Guide

Section I: Setting Secondary Addresses

PC-A
172.16.1x1.11/24
GW 172.16.1x1.101
Area 1
VLAN 10
172.16.1x1.101/24
Secondary Port ge.1.2
Addresses Router A
20.x.1.0/24 Port ge.1.3 VLAN 2x
20.x.2.0/24 172.16.2x.101/24
20.x.3.0/24
Backbone Area 0
VLAN 2x
Port ge.1.3 172.16.2x.102/24

Router B
Port ge.1.6 VLAN 3x
172.16.3x.102/24

VLAN 3x Area 2
172.16.3x.103/24
Port ge.1.6

Port ge.1.4
Router C
VLAN 4 Static Routes
172.16.1x4.103/24 112.x.1.0/24
112.x.2.0/24
PC-D 112.x.3.0/24
172.16.1x4.22/24
GW 172.16.x4.103

1. Set multiple secondary addresses that will be used for route summarization.
Configure these secondary addresses on Router A.
Router A(su-config)->interface vlan.0.10
Router A(su-config-intf-vlan.0.10)->ip address 20.X.1.1
255.255.255.0 secondary
Router A(su-config-intf-vlan.0.10)->ip address 20.X.2.1
255.255.255.0 secondary

2012 Enterasys Networks, Inc. All rights reserved . Page 28

 Routing and Wireless Boot Camp Local Lab Guide

Router A(su-config-intf-vlan.0.10)->ip address 20.X.3.1

255.255.255.0 secondary
Router A(su-config-intf-vlan.0.10)->exit
2. If Router A is an S/K-Series platform, add the 20.X.1.0, 20.X.2.0 and the 20.X.3.0
networks to router ospf 10 instance on Area 1 using the network command.
Router A(su-config-ospf-10)->network 20.X.1.1 0.0.0.255
area 1
Router A(su-config-ospf-10)->network 20.X.2.1 0.0.0.255
area 1
Router A(su-config-ospf-10)->network 20.X.3.1 0.0.0.255
area 1

Section J: Summarization

Summarization is used to reduce size of your LS database and Route tables. This is
performed on the Area Border Router. You will examine Router Bs OSPF
database, then implement route summarization on Router A, and then recheck
Router Bs database.
1. Examine the OSPF database on Router B.
Router B>router(config-)# show ip ospf database
5) How many entries start with
20.X.x.x?_________________________________
2. Implement route summarization on Router A.
Router A(su-config)->router ospf 10
Router A(su-config-ospf-10)->area 0.0.0.1 range 20.X.0.0
255.255.0.0
Router A(su-config-ospf-10)->exit
3. Recheck the OSPF database on Router B.
Router B(su)->router#show ip ospf database
6) How many entries start with
20.X.x.x?_________________________________

2012 Enterasys Networks, Inc. All rights reserved . Page 29

 Routing and Wireless Boot Camp Local Lab Guide

Section K: Define Stub Area

1. Start a dual continuous ping between PC-A and PC-D.

Ping 172.16.1X1.11 t
Ping 172.16.1X4.22 t
Note: The pings should succeed.

2. Make note of the route table and OSPF database on Router C prior to converting
area 2 to a stub. Issue the commands show below:
RouterC(su)->router#show ip route

Router C(su-config)->show ip route

IP Route Table for VRF global

Codes: C-connected, S-static, R-RIP, B-BGP, O-OSPF, IA-OSPF interarea
N1-OSPF NSSA external type 1, N2-OSPF NSSA external type 2
E1-OSPF external type 1, E2-OSPF external type 2,
i-IS-IS, L1-IS-IS level-1, L2-IS-IS level-2

C 3.3.3.3/32 [0/0] direct loop.0.3

1h17m16s
O IA 20.1.0.0/16 [110/30] via 172.16.31.102 vlan.0.31
21m17s
S 112.1.1.0/24 [1/1] via 172.16.114.22 vlan.0.4
34m02s
S 112.1.2.0/24 [1/1] via 172.16.114.22 vlan.0.4
33m43s
S 112.1.3.0/24 [1/1] via 172.16.114.22 vlan.0.4
33m24s
C 127.0.0.1/32 [0/0] direct lo.0.1
3h23m04s
O IA 172.16.111.0/24 [110/30] via 172.16.31.102 vlan.0.31
1h04m59s
C 172.16.114.0/24 [0/0] direct 172.16.114.103 vlan.0.4
57m09s
O IA 172.16.21.0/24 [110/20] via 172.16.31.102 vlan.0.31
1h04m59s
C 172.16.31.0/24 [0/0] direct 172.16.31.103 vlan.0.31
1h40m24s

Number of routes = 10
Router C(su-config)->

Note that specific routes exist to 172.16.1x1.0/24, 172.16.2x.0/24 & 20.x.0.0/16 all
your interarea routes.

2012 Enterasys Networks, Inc. All rights reserved . Page 30

 Routing and Wireless Boot Camp Local Lab Guide

Router C(su)->show ip ospf database

OSPF Process Id 10

Displaying LS Type 1 Advertisements (Area 0.0.0.2)

LinkID ADV Router Age Seq# Checksum

2.2.2.2 2.2.2.2 161 80000008 0x7835

3.3.3.3 3.3.3.3 1792 80000006 0xcbf4

Displaying LS Type 2 Advertisements (Area 0.0.0.2)

LinkID ADV Router Age Seq# Checksum

172.16.31.102 2.2.2.2 161 80000004 0x3eba

Displaying LS Type 3 Advertisements (Area 0.0.0.2)

LinkID ADV Router Age Seq# Checksum

20.1.0.0 2.2.2.2 1134 80000002 0xe446

172.16.111.0 2.2.2.2 278 80000004 0xe78d
172.16.21.0 2.2.2.2 288 80000004 0x2056

OSPF Process Id 10

Displaying LS Type 5 Advertisements

LinkID ADV Router Age Seq# Checksum

112.1.1.0 3.3.3.3 1792 80000002 0x9ac3

112.1.2.0 3.3.3.3 1792 80000002 0x8fcd
112.1.3.0 3.3.3.3 1793 80000002 0x84d7
Router C(su)->

Note that summary LSAs (LS Type 3 Advertisements) are present for
172.16.1x1.0/24, 172.16.2x.0/24 & 20.x.0.0/16.

3. Define area 2 as a Stub Area on Routers B & C via commands below

Router C(su-config)->router ospf 10
Router C(su-config-ospf-10)->area 2 stub no-summary

Router B(su)->router#config
Enter configuration commands:
Router B(su)->router(Config)#router ospf 10
Router B(su)->router(Config-router)#area 2 stub no-summary
Router B(su)->router(Config-router)#

(Note: Pings will fail momentarily while you configure your stub area.)

2012 Enterasys Networks, Inc. All rights reserved . Page 31

 Routing and Wireless Boot Camp Local Lab Guide

4. Verify area 2 has been set to stub area by issuing the show ip ospf
command on Router B and Router C.
5. Clear IP OSPF process on Router C
Router C(su-config)->clear ip ospf process
6. Re-issue the show ip route, and show ip ospf database commands.
Routes to 172.16.1x1.0/24, 172.16.2x.0/24 & 20.x.0.0/16 should no longer be
present in the route table. Only a single OSPF default route 0.0.0.0/0 will be
visible as shown below:

Router C(su-config)->show ip route

IP Route Table for VRF global

Codes: C-connected, S-static, R-RIP, B-BGP, O-OSPF, IA-OSPF interarea
N1-OSPF NSSA external type 1, N2-OSPF NSSA external type 2
E1-OSPF external type 1, E2-OSPF external type 2,
i-IS-IS, L1-IS-IS level-1, L2-IS-IS level-2

O IA 0.0.0.0/0 [110/11] via 172.16.31.102 vlan.0.31 40s

C 3.3.3.3/32 [0/0] direct loop.0.3 2h43m37s
S 112.1.1.0/24 [1/1] via 172.16.14.22 vlan.0.4 2h00m22s
S 112.1.2.0/24 [1/1] via 172.16.14.22 vlan.0.4 2h00m04s
S 112.1.3.0/24 [1/1] via 172.16.14.22 vlan.0.4 1h59m45s
C 127.0.0.1/32 [0/0] direct lo.0.1 4h49m25s
C 172.16.14.0/24 [0/0] direct 172.16.14.103 vlan.0.4 2h23m30s
C 172.16.31.0/24 [0/0] direct 172.16.31.103 vlan.0.31 3h06m44s

Number of routes = 8
Router C(su-config)->

Additionally, summary LSAs for the 172.16.1x1.0/24, 172.16.2x.0/24 &

20.x.0.0/16 networks should NOT be present in the OSPF database. Only a
single summary LSA of 0.0.0.0/0 will be visible as shown below:

Router C(su-config)->show ip ospf database

OSPF Process Id 10

Displaying LS Type 1 Advertisements (Area 0.0.0.2)

LinkID ADV Router Age Seq# Checksum

2.2.2.2 2.2.2.2 529 80000010 0x8621

3.3.3.3 3.3.3.3 501 80000003 0xe9dd

Displaying LS Type 2 Advertisements (Area 0.0.0.2)

LinkID ADV Router Age Seq# Checksum

172.16.31.102 2.2.2.2 529 80000001 0x629b

2012 Enterasys Networks, Inc. All rights reserved . Page 32

 Routing and Wireless Boot Camp Local Lab Guide

Displaying LS Type 3 Advertisements (Area 0.0.0.2)

LinkID ADV Router Age Seq# Checksum

0.0.0.0 2.2.2.2 693 80000001 0x57fe

Router C(su-config)->

Note Once your stub area is up, pings will succeed based on the OSPF injected default
route.

Section L: Authentication- Simple

1. Start a dual continuous ping between PC-A and PC-D.

ping 172.16.1x1.11 t
ping 172.16.1x4.22 t
2. Configure Authentication simple between Router A and Router B
Example for C-Series:
Router B>router(config) # interface vlan 2X
Router B>router(config-if(Vlan2X))# ip ospf authentication-
key redsox

Example for S/K-Series:

RouterA(su-config)->interface vlan 2X
RouterA(su-config-intf-vlan.0.2X)->ip ospf authentication-
key redsox

3. Verify pings are working again.

2012 Enterasys Networks, Inc. All rights reserved . Page 33

 Routing and Wireless Boot Camp Local Lab Guide

Section M: Authentication- MD5

1. Start a dual continuous ping between PC-A and PC-D.

2. Configure Authentication -MD5 between Router B and Router C
Example for C-Series:
Router B>router(config) # interface vlan 3X
Router B>router(config-if(Vlan 3X))# ip ospf message-
digest-key 22 md5 patriots

Example for S/K-Series:

Router C(su-config)->interface vlan 3X
Router C(su-config-intf-vlan.0.3X)->ip ospf message-digest-
key 22 md5 patriots

3. Verify pings are working again.

Section N: Verify Configuration

1. Ping all interfaces and PCs.

2. Issue the following commands to verify your current setup.
show running-config
show ip ospf neighbor
show ip route
show ip ospf
show ip ospf interface
show ip ospf database

End of Lab 2

2012 Enterasys Networks, Inc. All rights reserved . Page 34

 Routing and Wireless Boot Camp Local Lab Guide

Lab 3: ACL Configuration

Overview
This lab gives you hands-on practice at creating and testing Access Control Lists on
Enterasys routers.

Resources/Tools
For this lab you will need:
One Enterasys router (this lab was written with an SSA)
Two PCs

Objectives
When you complete this lab you will be able to:
Create an ACL via the Router CLI
Test your ACL
Create an ACL via NetSight ACL Manager
Test your ACL

Network
IP Address/Mask Connection
Component
Router A port
PC-A 172.16.1x1.11/24
ge.1.2
Router A port
PC-B 172.16.1x3.11/24
ge.1.4
Router A Interface
172.16.1x1.101/24
VLAN 2
Router A Interface
172.16.1x3.101/24
VLAN 3

2012 Enterasys Networks, Inc. All rights reserved . Page 35

 Routing and Wireless Boot Camp Local Lab Guide

PC-A
VLAN 10
172.16.1x1.11/24
172.16.1x1.101/24
GW
ge.1.2
172.16.1x1.101

Port 2 Router A
Port 4 S/K Series
PC-B
VLAN 3
172.16.1x3.11/24
172.16.1x3.101/24
GW
ge.1.4
172.16.1x3.101

Section A: Initial Setup and Configuration

1. Establish a console connection to Router A.

2. Set the router back to factory defaults (clear config all).
3. Attach your PCs as shown in the diagram at the beginning of the lab. Use the IP
addresses in the table and diagram.
4. Set Prompt to Router A.
5. Set Spanning Tree disabled globally.
6. Set GVRP disabled globally.
7. Create VLANs 10 and 3 on your router.
8. Configure the router ports to be in the correct VLANs.

Network
Port VLAN
Component
Router A Port ge.1.2 VLAN 10

Router A Port ge.1.4 VLAN 3

9. Enter configuration mode.

10. From config mode enter your VLAN 10 interface.
11. From the VLAN interface enter the IP address with a 24 bit mask.

2012 Enterasys Networks, Inc. All rights reserved . Page 36

 Routing and Wireless Boot Camp Local Lab Guide

Network
VLAN IP Address
Component
Router A VLAN 10 172.16.1x1.101/24

Router A VLAN 3 172.16.1x3.101/24

12. Enter ip forwarding.

13. Enter no shutdown to enable the interface.
14. Type exit to return to config mode.
15. Configure VLAN 3 using the same process as above.
16. Ping your directly connected default Gateway router to test the local connectivity.
17. Check to that you can telnet to the router.
18. Start a continuous ping between your two PCs to check route connectivity.
19. Troubleshoot any connectivity issues that arise.

Section B: Configure a Standard ACL

1. Create a standard named ACL to deny access for PC-A (172.16.1X1.11/24).

Router A(su-config)->ip access-list standard denyPCA

Router A(su-cfg-std-acl-denyPCA)->deny 172.16.1X1.11
0.0.0.0
Router A(su-cfg-std-acl-denyPCA)->permit any
Router A(su-cfg-std-acl-denyPCA)->exit

2. Apply the ACL to VLAN 10.

RouterA(su-config)->interface vlan 10
RouterA(su-config-intf-vlan.0.10)->ip access-group denyPCA
in
RouterA(su-config-intf-vlan.0.10)->exit

2012 Enterasys Networks, Inc. All rights reserved . Page 37

 Routing and Wireless Boot Camp Local Lab Guide

3. Start continuous Pings between PC-A and PC-B, (pings should be failing).
4. Ensure that PC-A cannot ping to the router.
5. Show the access list.

RouterA(su-config)->show access-lists

Section C: Remove ACL access_group

1. Issue the following commands to remove the ACL.access-group denyPCA:

RouterA(su-config)->interface vlan 10
RouterA(su-config-intf-vlan.0.10)->no ip access-group
denyPCA in
2. Notice that the pings are successful again.

Section D: Adding an Extended ACL

1. Add an extended numbered ACL to stop ICMP from any source on VLAN 3.

RouterA(su-config)->ip access-list extended 100

RouterA(su-cfg-ext-acl-100)->deny icmp any any
RouterA(su-cfg-ext-acl-100)->permit ip any any
RouterA(su-cfg-ext-acl-100)->exit
RouterA(su-config)->interface vlan 3
RouterA(su-config-intf-vlan.0.3)->ip access-group 100 in
RouterA(su-config-intf-vlan.0.3)->exit

2. Check the continuous Pings between PCs on VLAN 10 and VLAN 3. (They
should fail).
3. Ensure that you can telnet from PC-B on VLAN 3 to the router.
4. Show the access list:
show access-lists 100

2012 Enterasys Networks, Inc. All rights reserved . Page 38

 Routing and Wireless Boot Camp Local Lab Guide

Section E: Move ACL entry

1. Move entry 2 to the beginning of ACL100.

RouterA(su-config)->ip access-list extended 100
RouterA(su-cfg-ext-acl-100)->move before 1 from 2 to 2
2. Check the continuous Pings between PC-A and PC-B, (they should be passing).
3. Show the access list. Note that first rule now indicates (permit ip any any).
show access-lists 100

Section F: Remove ACL access_group

1. Remove the ACL.access-group 100 from VLAN 3.

RouterA(su-config-intf-vlan.0.3)->no ip access-group 100 in
RouterA(su-config-intf-vlan.0.3)->exit

Section G: NetSight ACL Manager Setup and Configuration

PC-A
VLAN 10
172.16.1x1.11/24
172.16.1x1.101/24
GW
ge.1.2
172.16.1x1.101

Port 2 Router A
Port 4 S/K Series
PC-B
VLAN 3
172.16.1x3.11/24
172.16.1x3.101/24
GW
ge.1.4
172.16.1x3.101

2012 Enterasys Networks, Inc. All rights reserved . Page 39

 Routing and Wireless Boot Camp Local Lab Guide

1. On PC-B, launch NetSight.

2. Launch NetSight Console by double-clicking the Console link.

3. Logon to NetSight Console (password is training).
4. Add the router on which you wish to create your ACLs.
5. In the left window pane of the Console screen, highlight the My Networks folder,
right click, and select add device.
6. From the add device window, enter the device IP in this case, 172.16.1X1.101 -
and set the SNMP profile to public_v1_profile. Click OK. The newly added
device will appear in the left window pane.

2012 Enterasys Networks, Inc. All rights reserved . Page 40

 Routing and Wireless Boot Camp Local Lab Guide

7. ACL Manager functionality is available from the ACL Manager Tab in the main
NetSight Console window.

8. Select the ACL Manger tab. From ACL Manager, you can access the ACL Editor
to create a new ACL or to modify an existing ACL.
9. If you do not see your device in the ACL Manager view, right click on your router
in the device tree and click Refresh Device Data.
10. To open the ACL Editor, click the ACL Editor Button located on upper right side
of ACL Manager Screen.

2012 Enterasys Networks, Inc. All rights reserved . Page 41

 Routing and Wireless Boot Camp Local Lab Guide

Section H: Creating an ACL and Adding Rules

1. From the ACL Editor window: in the leftpanel tree, highlight the cataloged folder,
right click and select Create S/K/N 7.x+.
Note: Do NOT choose an N-Series ACL, even if you are working on an N-Series
switch. Beginning with version 7.0, the Enterasys N-Series switch uses S-Series
ACLs.
2. Type the name for your new ACL (use ACL5) and click OK. (ACL names must
be alphanumeric characters only.)
3. In the leftpanel tree, select/highlight ACL5.
4. In the rightpanel Editor tab, click the New button.
5. Set the parameters for your rule:
a. Action: Deny
b. Rule Type: TCP
c. Source Address:172.16.1x3.0/24
d. Destination Address: Any
e. Source Port: Any
f. Destination Port: = (21) FTP

2012 Enterasys Networks, Inc. All rights reserved . Page 42

 Routing and Wireless Boot Camp Local Lab Guide

6. Click OK. The window closes and the rule appears in the leftpanel tree and
right-panel display of the Editor.

2012 Enterasys Networks, Inc. All rights reserved . Page 43

 Routing and Wireless Boot Camp Local Lab Guide

7. Using the previous steps, create a rule for an explicit permit all for ACL5. Once
you have created the rule, click save and close the editor.

2012 Enterasys Networks, Inc. All rights reserved . Page 44

 Routing and Wireless Boot Camp Local Lab Guide

Section I: Assigning ACLs to an Interface

1. From the ACL Manager window: right-click the device in the Console leftpanel
tree that the ACL will be written to (in this case, 172.16.1X1.101) and click
Import ACL Data.

2. Select the Interface Assignment view using the radio button at the top of the tab.
3. Select the device interface where you want to assign your ACL. (Interface VLAN
3). Note you may need to refresh the view to see your router interfaces.
4. Click on the Show Table Editor Button to display the table editor row. (The button
is located on upper right side of ACL Manager Window.)

2012 Enterasys Networks, Inc. All rights reserved . Page 45

 Routing and Wireless Boot Camp Local Lab Guide

5. In the Table Editor Row (displayed at the bottom of the ACL Manager Window)
click on the Inbound ACL column to display the ACL Selection window. Expand
the folders to select the desired ACL.

6. Select your ACL (ACL 5) and click OK.

A green exclamation mark marks that the cell that has been changed. The Save
to Database button becomes active.
7. Click on the Save to Database button to save your change to the ACL Manager
Database. (The button is located on upper right side of ACL Manager Window.)

2012 Enterasys Networks, Inc. All rights reserved . Page 46

 Routing and Wireless Boot Camp Local Lab Guide

8. Click on the Enforce button to write your changes to the device's active
configuration.

9. A lastchance message appears before the action is performed. Click Yes to

enforce your ACLs.
10. From the router CLI, issue the show running-config command to verify the
ACL has been written to the device. Insure the ACL has been applied at the
interface level as well.

Section J: Test Network Connectivity

1. Using continuous pings from PC-A, check route connectivity. Should the pings
succeed?
2. Initiate an ftp session from PC-B to PC-A (172.16.1X1.11), username: training,
password: training. Ensure that you cannot ftp to PC-A from PC-B.
Note: FileZilla is running on PC-A.

Section K: Remove Your ACL

1. Remove the ACL from VLAN 3.

2. Initiate an ftp session from PC-B to PC-A (172.16.1X1.11), username: training,
password: training. Ensure that you can ftp to PC-A from PC-B.

End of Lab 3

2012 Enterasys Networks, Inc. All rights reserved . Page 47

 Routing and Wireless Boot Camp Local Lab Guide

Lab 4: PBR Configuration

Overview
This lab shows you how Policy Based Routing forwards traffic based on matching
the criteria in an ACL.

Resources/Tools
For this lab you will need:
Two Enterasys S/K-series routers
Two PCs

Objectives
After you complete this lab, you will be able to:
Create a Policy Based Route (PBR)
Test your PBR

At the end of the lab you will have set up your network according to the table and
diagram below.

Network
IP Address/Mask Connection
Component
172.16.1x1.11/24 Router A
PC-A
GW 172.16.1x1.101 Port ge.1.2
172.16.x4.22/24 Router C
PC-D
GW 172.16.x4.103 Port ge.1.4
Router A
172.16.x5.101/24
VLAN 5
Router A
172.16.1x1.101
VLAN 10
Router A Router C
Port ge.1.5 Port ge.1.5
Router C
172.16.1x4.103/24
VLAN 4
Router C
172.16.x5.103/24
VLAN 5
Router C Router C
Port ge.1.5 Port ge.1.5

2012 Enterasys Networks, Inc. All rights reserved . Page 48

 Routing and Wireless Boot Camp Local Lab Guide

PC-A
172.16.1X1.11/24

VLAN 10
172.16.1X1.101/24
Port 2

Router A
Port 5
.101
VLAN 5
172.16.X5.0/24
Port 5
.103

Router C
Port 4

PC-D
172.16.1X4.22/24

VLAN 4
172.16.1X4.103/24

Section A: Initial Setup and Configuration

1. Connect the routers together as shown in the diagram.

2. Establish a console connection to Router A. Clear your configuration.. Disable
GVRP, LACP, and Spanning Tree, and set your prompt to Router A.
clear config all
set gvrp disable
set lacp disable
set spantree stpmode none
set prompt Router A
set spantree stpmode none

2012 Enterasys Networks, Inc. All rights reserved . Page 49

 Routing and Wireless Boot Camp Local Lab Guide

set prompt Router A

3. Create VLAN 5 and 10 as routing interfaces. Assign the IP addresses given in
the table above. Assign port 2 to VLAN 10 and port 5 to VLAN 5.
4. Establish a console connection to your second S/K Series router. Clear your
config. Disable all ports. Configure ports 4 and 5 to be active. Disable GVRP,
LACP, and Spanning Tree, and set your prompt to Router C.
5. Create VLAN 4 and VLAN 5 as routing interfaces. Assign the IP addresses given
in the table above. Assign port 4 to VLAN 4 and port 5 to VLAN 5.
6. Give PC-A an IP address of 172.16.1X1.11/24, gateway 172.16.1X1.101.
7. Give PC-D an IP address of 172.16.1X4.22/24, gateway 172.16.1X4.103.
8. Do NOT add any routing protocols.

Section B: Test Network Connectivity

1. Ping between PC-A and PC-D to check route connectivity. You should not be
able to ping between the PCs at this time.

Section C: Policy-Based Routing Setup for Router A

1. Create a new extended ACL.

Router A(su-config)->ip access-list extended 101
Router A(su-cfg-ext-acl-101)->permit ip 172.16.1x1.0
0.0.0.255 172.16.1X4.0 0.0.0.255
Router A(su-cfg-ext-acl-101)->exit
2. Create a route map entry give the route map a number of 101.
Router A(su-config)->route-map policy 101
3. Check to see if the ACL has any matches.
Router A(su-config-route-map-pbr)->match ip address 101
4. Set the route for the match
Router A(su-config-route-map-pbr)->set next-hop
172.16.X5.103
Router A(su-config-route-map-pbr)->exit
5. Select the VLAN to attach the route using the policy command

2012 Enterasys Networks, Inc. All rights reserved . Page 50

 Routing and Wireless Boot Camp Local Lab Guide

Router A(su-config)->interface vlan 10

Router A(su-config-intf-vlan.0.10)->ip policy route-map 101

Section D: Policy-Based Routing Setup for Router C

1. Create a new extended ACL.

Router C(su-config)->ip access-list extended 101
Router C(su-cfg-ext-acl-101)->permit ip 172.16.1X4.0
0.0.0.255 172.16.1X1.0 0.0.0.255
Router C(su-cfg-ext-acl-101)->exit

2. Create a route map entry give the route map a number of 101.
Router C(su-config)->route-map policy 101
3. Check to see if the ACL has any matches.
Router C(su-config-route-map-pbr)->match ip address 101
4. Set the route for the match
Router C(su-config-route-map-pbr)->set next-hop
172.16.X5.101
Router C(su-config-route-map-pbr)->exit

5. Select the VLAN to attach the route using the policy command
Router C(su-config)->interface vlan 4
Router C(su-config-intf-vlan.0.4)->ip policy route-map 101

2012 Enterasys Networks, Inc. All rights reserved . Page 51

 Routing and Wireless Boot Camp Local Lab Guide

Section E: Test Network Connectivity

1. Check connectivity between VLAN 2 and VLAN 4, pings should now succeed
between PC-A and PC-D.
2. Show the access list.
3. Show the route map.
4. Show ip policy.

End of Lab 4

2012 Enterasys Networks, Inc. All rights reserved . Page 52

 Routing and Wireless Boot Camp Local Lab Guide

Lab 5: Multicasting Configuration

Overview
This lab gives you practice in configuring multicast routing across your Enterasys
network. In the process you will:
Define VLANs on each Switch.
Add IP addresses to each VLAN.
Create OSPF Instances.
Add OSPF Networks and Areas.
Enable IGMP.
Enable PIM-SM.
Save your configuration.

Resources/Tools
For this lab you will need:
Two Enterasys routers (this lab was written with two SSAs)
Three PCs

Objectives
At the end of this lab you will be able to:
Configure PIM-SM
Verify your configuration with VLC Multicast movies

2012 Enterasys Networks, Inc. All rights reserved . Page 53

 Routing and Wireless Boot Camp Local Lab Guide

Section A: Initial Setup and Configuration

Network
IP Address/Mask Connection
Component
172.16.1x1.11/24 Router A
PC-A
GW 172.16.x2.101 Port ge.1.2
172.16.x4.22/24 Router C
PC-D
GW 172.16.1x4.103 Port ge.1.4
Router A
172.16.1x1.101/24
VLAN 10
Router A
172.16.x3.101/24
VLAN 3
Router A
172.16.x5.101/24
VLAN 5
Router A
PC-A
Port ge.1.2
Router A Router B
Port ge.1.3 Port ge.1.3
Router A Router C
Port ge.1.5 Port ge.1.5
Router B
172.16.x3.102/24
VLAN 3
Router B
172.16.x6.102/24.
VLAN 6
Router B Router A
Port ge.1.3 Port ge.1.3
Router B Router C
Port ge.1.6 Port ge.1.6
Router C
172.16.1x4.103/24
VLAN 4
Router C
172.16.x5.103/24
VLAN 5
Router C
172.16.x6.103/24
VLAN 6
Router C
PC-D
Port ge.1.4
Router C Router A
Port ge.1.5 Port ge.1.5
Router C Router B
Port ge.1.6 Port ge.1.6

2012 Enterasys Networks, Inc. All rights reserved . Page 54

 Routing and Wireless Boot Camp Local Lab Guide

PIM-SM Network
VLAN 3 VLAN 6
172.16.X3.x/2 Router B 172.16.X6.x/24 Router C
Router A
Leaf- 4 RP ge.1.6 ge.1.6 First Hop
ge.1.3 ge.1.3
RTR
.101 .102 .103
.102

.101 ge.1. ge.1.5 ge.1.

ge.1. 5 4.103
..101 .103
2
VLAN 10 VLAN 4
172.16.X1X1.x/24 172.16.1X4.x/24
172.16.X5.x/2
.1 PC-A 4 .2
1 VLAN 5 2
Multicast
Backbone
PC-D
Receiver

Area 0 Multicast
Server

Note: The C5 cannot function as a Rendezvous Point or as a Bootstrap

Router in a PIM-SM environment.

As you cable your network for this lab, you must configure your S/K-series
router to function as Router B. We recommend that if you have a second
S/K series router you configure it as Router C.

We have changed the labeling on your routers in this lab to reflect this
change in the physical topology of your network.

5. Cable the network as shown in the diagram above and as outlined in the
previous table.
6. Set the switch back to factory defaults (clear config all).
7. Attach the PCs as shown in the diagram at the beginning of the lab, using the IP
addresses in the table and diagram.
8. Set your Prompts to Router A, Router B, and Router C, respectively.
9. Globally disable GVRP, LACP, and Spanning Tree.
10. Create VLANs on your Switches.

2012 Enterasys Networks, Inc. All rights reserved . Page 55

 Routing and Wireless Boot Camp Local Lab Guide

Router VLAN VLAN VLAN

Router A 10 3 5
Router B 3 6
Router C 4 5 6

11. Place your Router ports in the correct VLANs.

Router Port VLAN

Router A Port 2 VLAN 10
Router A Port 3 VLAN 3
Router A Port 5 VLAN 5
Router B Port 3 VLAN 3
Router B Port 6 VLAN 6
Router C Port 4 VLAN 4
Router C Port 5 VLAN 5
Router C Port 6 VLAN 6

12. From config mode, configure each VLAN interface.

13. From the VLAN interface configuration mode, enter the IP address of the VLAN
with a 24 bit mask.

Router VLAN IP Address

Router A VLAN 10 172.16.1X1.101/24
Router A VLAN 3 172.16.X3.101/24
Router A VLAN 5 172.16.X5.101/24
Router B VLAN 3 172.16.X3.102/24
Router B VLAN 6 172.16.X6.102/24
Router C VLAN 4 172.16.1X4.103/24
Router C VLAN 5 172.16.X5.103/24
Router C VLAN 6 172.16.X6.103/24

14. Enter no shutdown to enable the interface.

15. Enter ip forwarding on your S/K interfaces.
16. Configure the next VLAN interface , using the same process as above
17. If you are using a C-Series or N-Series ensure an advanced router license is
present, and enter it if required.
18. Create Router IDs on your Routers.
Router A(su)->router(Config)#interface loopback 1

2012 Enterasys Networks, Inc. All rights reserved . Page 56

 Routing and Wireless Boot Camp Local Lab Guide

Router A(su)->router(Config-if(Lpbk 1))#ip address 1.1.1.1

255.255.255.255
Router A(su)->router(Config-if(Lpbk 1))#no shut
Router A(su)->router(Config-if(Lpbk 1))#exit
Router A(su)->router(Config)#router id 1.1.1.1

Router B(su-config)->interface loopback 2

Router B(su-config-intf-loop.0.2)->ip address 2.2.2.2
255.255.255.255
Router B(su-config-intf-loop.0.2)->ip forwarding
Router B(su-config-intf-loop.0.2)->no shut

Router C(su-config)->interface loopback 3

Router C(su-config-intf-loop.0.3)->ip address 3.3.3.3
255.255.255.0
Router C(su-config-intf-loop.0.3)->ip forwarding
Router C(su-config-intf-loop.0.3)->no shut

19. Create an OSPF instance.

Router A(su)->router(Config)#router ospf 10
Router B(su-config)->router ospf 10
Router B(su-config-ospf-10)->router-id 2.2.2.2

Router C(su-config)->router ospf 10

Router C(su-config-ospf-10)->router-id 3.3.3.3

20. Add your OSPF networks.

Router Network VLAN Area

Router A 172.16.1X1.0 10 0
Router A 172.16.X3.0 3 0
Router A 172.16.X5.0 5 0
Router B 172.16.X3.0 3 0
Router B 172.16.X6.0 6 0

2012 Enterasys Networks, Inc. All rights reserved . Page 57

 Routing and Wireless Boot Camp Local Lab Guide

Router Network VLAN Area

Router C 172.16.1X4.0 4 0
Router C 172.16.X5.0 5 0
Router C 172.16.X6.0 6 0

On the C5:
Router A(su)->router(Config)#interface vlan 10
Router A(su)->router(Config-if(Vlan 10))#ip ospf enable
Router A(su)->router(Config-if(Vlan 10))#ip ospf areaid
0.0.0.0
Router A(su)->router(Config-if(Vlan 10))#exit
Repeat for each interface.

On the S/K:
Router B(su-config-ospf-10)->network 172.16.x3.0 0.0.0.255
area 0.0.0.0
Repeat for each interface.

Section B: Test Network Connectivity

1. From your PCs, ping your directly connected default Gateway routers to test your
local connectivity.
2. Ping your neighbor's PC to check route connectivity.
3. Troubleshoot any connectivity issues that arise.

2012 Enterasys Networks, Inc. All rights reserved . Page 58

 Routing and Wireless Boot Camp Local Lab Guide

Section C: Enable IGMP

1. Enable IGMP globally. On your C-Series switches, also issue ip igmp enable
on each VLAN.

On the C5 from switch mode:

Router A> set igmpsnooping adminmode enable
Router A> set igmpsnooping interfacemode ge.1.* enable

On the C5 from router mode:

Router A> router(config)# ip igmp
Router A> router(config(Vlan#)# ip igmp enable

(IGMP must be enabled on individual VLAN interfaces in the C-Series routers.)

On the S/K:
Router B/Cset igmp enable <vids>
Router B/C> set igmp query-enable <vids>

2012 Enterasys Networks, Inc. All rights reserved . Page 59

 Routing and Wireless Boot Camp Local Lab Guide

Section D: Enable PIM-SM

1. Enable PIM-SM globally and at each VLAN interface level for the C-series
platforms.
On the C5:
Router A> router(config) # ip pimsm
Router A> router(config) # ip pimsm staticrp 172.16.X3.102
224.4.4.4 255.255.255.255
Router A> router(config(Vlan#) # ip pimsm enable
Router A> router(config(Vlan#) # ip pimsm enable
Router A> router(config(Vlan#) # ip pimsm enable

2. Enable PIM-SM globally and at each VLAN interface on the S/K-Series.

On the S/K-series:
Router B/C(su-config)->ip pim rp-address 172.16.X3.102
224.4.4.4 255.255.255.255
Router B/C(su-config-intf-vlan.0.#)->ip pim sparse-mode
Router B/C(su-config-intf-vlan.0.#)->ip pim sparse-mode
Router B/C(su-config-intf-vlan.0.#)->ip pim sparse-mode

Section E: Verify PIM-SM without Multicast Traffic

1. Show current multicast routes for each router.

RouterX> router # show ip mroute

(No ip mroutes should be present at this time.)

2. Issue the show ip interface command. Verify that PIM-SM is enabled on all
VLAN interfaces.
RouterX> router# show ip interface
3. Use the following commands where possible.
RouterX> router# show ip pim neighbors

2012 Enterasys Networks, Inc. All rights reserved . Page 60

 Routing and Wireless Boot Camp Local Lab Guide

RouterX> router# show ip pim interfaces

RouterX> router# show ip pim rp
RouterX> router# show ip igmp interface

Section F: Multicast Video with VLC

In this section you will use the VLC video player to generate multicast traffic over
the network. Prior to setup, insure VLC software is installed on your Server (PC-
D, attached to Router C) and your clients (PC-A attached to Router A). If you do
not have the VLC application, contact your instructor.

1. Set up PC-D as the Video server. Double click on the VLC icon to start the
application.

2012 Enterasys Networks, Inc. All rights reserved . Page 61

 Routing and Wireless Boot Camp Local Lab Guide

2. Click on Media and select Open (advanced). The Open Media window appears.

3. Click on the add button and select a movie.

Note: The goodwarriors.mpeg file is located in the Client Software folder on the
Desktop of PC-D.
4. At bottom of Open Media window, click on down arrow next to Play button then
select Stream to open the Stream Output Window. Click Next.

2012 Enterasys Networks, Inc. All rights reserved . Page 62

 Routing and Wireless Boot Camp Local Lab Guide

5. From Stream Output window, Destinations Setup, select Display Locally. From
the New destinations pull down choose UDP, then click the add button. A new
UDP tab will be created, enter in multicast address 224.4.4.4

6. From Transcoding Options section, insure Activate Transcoding is checked,

and from the Profile pull down choose MPEG-2 + MPGA(TS), click next.
7. Set Time-To-Live (TTL) to 12, then click stream. The movie should stream on
network and play locally. Use Wireshark from PC-D to verify video stream.

2012 Enterasys Networks, Inc. All rights reserved . Page 63

 Routing and Wireless Boot Camp Local Lab Guide

8. To set up your video client, Open VLC on PC-A. Click on Media and Select Open
Network Steam. Enter the Multicast address you used when you set up your
server (224.4.4.4). Then Click Play.

2012 Enterasys Networks, Inc. All rights reserved . Page 64

 Routing and Wireless Boot Camp Local Lab Guide

9. If everything has been configured properly, you should see the video on client
PC-A. If not, troubleshoot PIM environment using recommended show
commands.

2012 Enterasys Networks, Inc. All rights reserved . Page 65

 Routing and Wireless Boot Camp Local Lab Guide

Section G: Verify PIM-SM with Multicast Traffic

1. Use the following commands to verify PIM-SM: on Router A and Router C.

RouterX> router # show ip mroute
RouterX> router # show ip igmp groups
RouterX> router # show ip mcache (S/K-Series)
RouterX> router # show ip traffic

End of Lab 5

2012 Enterasys Networks, Inc. All rights reserved . Page 66

 Routing and Wireless Boot Camp Local Lab Guide

Lab 6: VRRP Configuration

Overview
This lab gives you experience in configuring VRRP both with and without a Critical
IP Interface. The lab setup uses Router a as a switch, logically dividing it in half so it
can function as two separate edge switches.

Resources/Tools
For this lab you will need:
Three Enterasys routers (this lab was written with two SSAs and a C5)
Two PCs

Objectives
At the end of this lab you will be able to:
Configure VRRP
Configure a VRRP IP address owner
Configure a VRRP Critical IP interface
Configure an Enterasys router for VRRP priority

Section A: Initial Setup and Configuration

At the end of the lab, you will have configured your devices according to the table
and diagram below.

Network Component IP Address/Mask Connection

VRRP 1:
172.16.1x1.11/24 Switch/Router A
PC-A
GW 172.16.1x1.103 Port ge.1.2
Switch/Router A
Ports ge.1.2,3,5
VLAN 1x1
Switch/Router A Router B
Port ge.1.3 Port ge.1.3
Switch/Router A Router C
Port ge.1.5 Port ge.1.5
Router B
Switch/Router A
VLAN 1x1 172.16.1x1.102/24
Port ge.1.3
Port ge.1.3

2012 Enterasys Networks, Inc. All rights reserved . Page 67

 Routing and Wireless Boot Camp Local Lab Guide

Network Component IP Address/Mask Connection

Router C
Switch/Router A
VLAN 1x1 172.16.1x1.103/24
Port ge.1.5
Port ge.1.5
VRRP 2:
172.16.1x4.11/24 Switch/Router A
PC-B
GW 172.16.1x4.50 Port ge.1.4
Switch/Router A
Ports ge.1.4,7,8
Vlan 1x4
Switch/Router A Router B
Port ge.1.7 Port ge.1.7
Switch/Router A Router C
Port ge.1.8 Port ge.1.8
Router B
Switch/Router A
VLAN 1x4 172.16.1x4.102/24
Port ge.1.7
Port ge.1.7
Router C
Switch/Router A
VLAN 1x4 172.16.1x4.103/24
Port ge.1.8
Port ge.1.8

2012 Enterasys Networks, Inc. All rights reserved . Page 68

 Routing and Wireless Boot Camp Local Lab Guide

Logical Diagram of Lab

Host 172.16.1X1.11 /24

DG 172.16.1X1.103

VLAN VRID=1X1
1X1 IP=172.16.1X1.103/24
Switch/Router A
ge.1.2
ge.1.3 ge.1.5
172.16.1X1.102/24 172.16.1X1.103/24
VLAN 1X1 VLAN 1X1
ge.1.3 ge.1.5

Router B Switch A Router C

ge.1.7 ge.1.8
172.16.1X4.102/24 172.16.1X4.103/24
VLAN 1X1 VLAN 1X1

ge.1.7 ge.1.8

ge.1.4
VRID=1X4
VLAN IP=172.16.1X4.50/24
1X4

Host 172.16.1X4.22 /24

DG 172.16.1X4.50

1. Cable the network as shown in the diagram above and previous table.
2. Set the switches back to factory defaults (clear config all).
It may be necessary to re-enter the advanced routing licenses on platforms once
they have been defaulted.
3. Set equipment prompts to Switch A, Router B, and Router C.
Note: an S/K-Series platform must be used for Router C in this lab setup.
4. Set Spanning Tree disabled globally on all devices.
5. Set GVRP disabled globally on all devices.
6. Set LACP disabled globally on all devices.
(Note: LACP is fully supported with VRRP, but for this lab it is necessary to
disable it to prevent routers from forming a LAG with Switch A.)

2012 Enterasys Networks, Inc. All rights reserved . Page 69

 Routing and Wireless Boot Camp Local Lab Guide

7. Create VLANs on your Switches.

Network
VLANs
Component
1x1
Switch A
1x4
1x1
Router B
1x4
1x1
Router C
1x4

8. Configure the Router ports to the correct VLANs.

Network
Port VLAN
Component
Switch A Ge.1.2,3,5 VLAN 1x1

Switch A Ge.1.4,7-8 VLAN 1x4

Router B Ge.1.3 VLAN 1x1

Router B Ge.1.7 VLAN 1x4

Router C Ge.1.5 VLAN 1x1

Router C Ge.1.8 VLAN 1x4

9. Create Layer 3 VLAN/routing interfaces on your two routers. From the VLAN
interfaces enter the IP addresses shown in table, with 24 bit masks.

Network
VLAN IP Address/Mask
Component
Router B VLAN 1x1 172.16.1x1.102/24

Router B VLAN 1x4 172.16.1x4.102/24

Router C VLAN 1x1 172.16.1x1.103/24

2012 Enterasys Networks, Inc. All rights reserved . Page 70

 Routing and Wireless Boot Camp Local Lab Guide

Network
VLAN IP Address/Mask
Component
Router C VLAN 1x4 172.16.1x4.103/24

10. Enter ip forwarding on your S/K interfaces.

11. Enter no shutdown to enable the interfaces.

Section B: Set Up VRRP Instance 1X1 (IP Address Owner Config)

1. From router config mode set up VRRP instance 1X1, for VLAN 1X1, on Router B.
On your C5 in router mode:
RouterB> router(config)# router vrrp
RouterB> router(config-router)# create vlan 1X1 1X1
RouterB> router(config-router)# address vlan 1X1 1X1 1 Indicates IP
172.16.1X1.102 1 address owner.
RouterB> router(config-router)# enable vlan 1X1 1X1
RouterB> router(config-router)# exit

2. From config mode setup, configure VRRP instance 1X1, for VLAN 1X1, on
Router C at the interface level.
On your S/K in config mode:
RouterC(su-config)->interface vlan 1X1
RouterC(su-config-intf-vlan.0.1X1)->vrrp create 1X1 v2-IPv4
RouterC(su-config-intf-vlan.0.1X1)->vrrp address 1X1
172.16. 1X1.102
RouterC(su-config-intf-vlan.0.1X1)->vrrp enable 1X1

2012 Enterasys Networks, Inc. All rights reserved . Page 71

 Routing and Wireless Boot Camp Local Lab Guide

Section C: Set Up VRRP Instance 1X4 (IP Address Non-Owner Config)

1. From router config mode setup VRRP instance 1X4 for VLAN 1X4 on Router B.
Note: critical-ip address support is platform specific. Therefore, Router C
configuration must be performed on the S/K-Series platform for critical-ip to
function.
On your C5 in router mode:
RouterB>router(config)# router vrrp
RouterB>router(config-router)# create vlan 1X4 1X4
RouterB>router(config-router)# address vlan 1X4 1X4
172.16.1X4.50 0
RouterB>router(config-router)# priority vlan 1X4 1X4 100
RouterB>router(config-router)# enable vlan 1X4 1X4
RouterB>router(config-router)# exit

2. From config mode setup configure VRRP instance 1X4, for VLAN 1X4, on Router
C at the interface level.
On your S/K in config mode:
RouterC(su-config)->interface vlan 1X4
RouterC(su-config-intf-vlan.0.1X4)-> vrrp create 1X4 v2-
IPv4
RouterC(su-config-intf-vlan.0.1X4)->vrrp address 1X4
172.16.1X4.50
RouterC(su-config-intf-vlan.0.1X4)->vrrp priority 1X4 125
RouterC(su-config-intf-vlan.0.1X4)->vrrp critical-ip 1X4
172.16.1X1.103 50 (Configures critical-ip on RouterC)
RouterC(su-config-intf-vlan.0.1X4)->vrrp accept-mode 1X4
(Configure Router C to accept pings for VIP)
RouterC(su-config-intf-vlan.0.1X4)->vrrp enable 1X4

To ensure Router C becomes the Master in the Non-Owner config setup,

increase its VRRP priority to 125, (as shown above). Default VRRP priority is
100.

2012 Enterasys Networks, Inc. All rights reserved . Page 72

 Routing and Wireless Boot Camp Local Lab Guide

Section D: Verify VRRP Switchover

1. Start a continuous ping between PC-A and PC-B in VLAN 1X1 and VLAN 1X4.
Confirm the pings are successful.
ping 172.16.1X#.11 t
2. Display VRRP setup information to determine the master router in the VRRP
pair. Router B should be VRRP Master for VLAN 1X1 based on IP address
ownership, Router C should be VRRP Master for VLAN 1X4 based on VRRP
priority.
show ip vrrp
show ip vrrp verbose (S-Series)
3. Display the VRRP instances
show ip vrrp 1X1
show ip vrrp 1X4
4. Disable the port on the master router for VLAN 1X1 (ge.1.3 on Router B) to
cause the backup router to take over the VRRP instance. Verify that ping traffic
remains successful between your VLANs.
5. Re-enable the port on the master router for VLAN 1X1. Verify that the original
master router resumes supporting the VRRP instance. Verify that ping traffic
remains successful between your VLANs.
6. Repeat the above steps for VLAN 1X4. Be sure to disable/enable the master
port on the correct router.
7. Use show commands above to ensure switchover has occurred.

2012 Enterasys Networks, Inc. All rights reserved . Page 73

 Routing and Wireless Boot Camp Local Lab Guide

Section E: Verify Critical IP Address Switchover

1. Verify that your S/K Series router is the master VRRP router in VLAN 1X4.
RouterC> show ip vrrp vlan.0.1X4
2. Start a continuous ping between PC-B, VLAN 1X4 and PC-A, VLAN 1X1.
Confirm the pings are successful.
3. Cause a failure of the critical-ip address on Router C. Disable the interface for
VLAN 1X1 on Router C (ge.1.5).
4. Verify that master VRRP router (S/K Series) for VLAN 4has now switched to
backup role. Router B should now be the master VRRP router for VLAN 1X4 as a
result of the critical-ip interface failure on Router C.
5. Verify that ping traffic remains successful between VLANs.

End of Lab 6

2012 Enterasys Networks, Inc. All rights reserved . Page 74

 Routing and Wireless Boot Camp Local Lab Guide

Lab 7: Restore Controller Configuration

Objective
In this lab exercise, you will:
Restore the Controller Configuration to the initial Wireless training environment

1. Open your Web Browser and connect to Enterasys Wireless Controller

(PC.1/esa0) ip address https://10.170.1x0.10:5825.

Group IP Address
Group1 10.170.110.10
Group2 10.170.120.10
Group3 10.170.130.10
Group4 10.170.140.10
Group5 10.170.150.10
Group6 10.170.160.10
Group7 10.170.170.10
Group8 10.170.180.10

2. Login to the Enterasys WC (EWC) using the following username and password.
a. Username: admin
b. Password: training
3. Select Wireless Controller from the top toolbar.
4. Select Software Maintenance from the left column and then select the Restore
tab.

2012 Enterasys Networks, Inc. All rights reserved . Page 75

 Routing and Wireless Boot Camp Local Lab Guide

5. Select the available backup to restore from the pull down that contains your
controller name WC#BACKUP.zip, e.g. WC1, and then select Restore Now.

6. A Window will open and the restore process will start. After a while the controller
will reboot. This will remove the pre-configured VNS configurations.

End of Lab 7

2012 Enterasys Networks, Inc. All rights reserved . Page 76

 Routing and Wireless Boot Camp Local Lab Guide

Lab 8: Controller Configuration

Objectives:
In this lab exercise, you will:
Become familiar with the interactive Dashboard
Configure and enabled Syslog
Configure and enable Network Time (NTP)
Configure and enable OSPF Routing
View OSPF Reports

These components will be utilized in future labs, such as Integration with NetSight,
Guest Portal, Availability and Mobility.

10.170.1.15/32
DHCP, RADIUS
Server
L3 Switch

10.170.1x1.50
PC (VNC/ WLAN
10.170.1x0.0/24 Client)
Controller L2 Switch
PC w/ VMWare

10.170.1x0.10
AP1
AP2

2012 Enterasys Networks, Inc. All rights reserved . Page 77

 Routing and Wireless Boot Camp Local Lab Guide

Section A: Controller Configuration

1. Open your Web Browser and connect to the Wireless Controller ip address
https://10.170.1x0.10:5825.
2. Login to the WC using the Username: admin and Password: training
3. Examine the dashboard page. The tool bar at the bottom of the page displays
the name of the Enterasys Wireless Controller, User, Port status and Software
Release.

4. Click the Green Up arrow for Local APs this will produce a pop-up window of
the active APs.

2012 Enterasys Networks, Inc. All rights reserved . Page 78

 Routing and Wireless Boot Camp Local Lab Guide

Click on some of the other areas, such as: Admin Session, Security, Health and
Licensing. Each of these items on the dashboard will re-direct to the
configuration or reporting information for each of these items.

Section B: Syslog /System Log Level Configuration

1. Select Wireless Controller from the toolbar, the System Maintenance screen
will appear.
2. Click on the Logs tab in the left-hand panel.
3. Configure the System Log Levels and then click Apply.
a. Wireless Controller Log Level: Information
b. Wireless AP Log Level: Information

2012 Enterasys Networks, Inc. All rights reserved . Page 79

 Routing and Wireless Boot Camp Local Lab Guide

4. Configure Syslog and click Apply.

a. Syslog Server IP: 10.150.1.51, Port#: 514
b. Syslog Sever IP: <PC-Address>, Port#:514
I.e. Syslog Server IP: 10.170.1.14# or 10.170.1.141

The first setting specifies the level at which events should be logged; Information is
the lowest level and Critical is the highest level. The second setting tells the
Enterasys Wireless Controller the IP address and port to which syslog messages
should be sent. The syslog messages will be sent to the lab SIEM and to your
NetSight Server (messages can be viewed by clicking on the Syslog tab in the
Console View).

2012 Enterasys Networks, Inc. All rights reserved . Page 80

 Routing and Wireless Boot Camp Local Lab Guide

Section C: Network Time Settings

Changes to the NTP screen may cause the controller to reboot, therefore you may
need to login again after this section.

1. Click the Network tab in the left hand column.

2. Click Network Time.Enter the Continent or Ocean from the pull down menu,
then the Country and finally the Time Zone Region for the location of the class.
3. Click Apply Time Zone (if you have changed any of the settings the system may
reboot at this stage).
4. Enable NTP, enter the Time Server 1: 10.170.1.15 and then click Apply.
Note: Fast Failover/Session Availability and Mobility require NTP to be enabled in
order to synchronize client session information.

2012 Enterasys Networks, Inc. All rights reserved . Page 81

 Routing and Wireless Boot Camp Local Lab Guide

Section D: OSPF Routing

1. Select Routing Protocols from the left hand column.

2. Select the OSPF tab.
3. Change the OSPF Status to On, set the Router ID to the IP address of the
Controller and then Save.

4. Select New, add the Interface to the OSPF configuration. and then Save.

Enabling OSPF will propagate all new Routed networks created on the
Controller to the neighboring router.

2012 Enterasys Networks, Inc. All rights reserved . Page 82

 Routing and Wireless Boot Camp Local Lab Guide

Section E: OSPF Reports

1. Select the Reports tab.

2. From the left pane select Routing Protocols, click the OSPF Neighbor Report.
You should see your Controller has formed adjacencies with Router in the
Network, Neighbor Router ID: 10.170.1.1.

2012 Enterasys Networks, Inc. All rights reserved . Page 83

 Routing and Wireless Boot Camp Local Lab Guide

3. At any time during the labs you can select Reports tab to see other reports such
as:
Forwarding Table
OSPF Neighbor
OSPF Link state
AP Inventory

End of Lab 8

2012 Enterasys Networks, Inc. All rights reserved . Page 84

 Routing and Wireless Boot Camp Local Lab Guide

Lab 9: Controller Maintenance

Objective:
In this lab exercise, you will:
Create a Backup locally on the Controller

Section A: Controller Backup

1. Select the Wireless Controller tab.

2. Select the Administration tab in the left-hand column.
3. Select Software Maintenance from the left hand column.
4. Select the Backup tab.
5. Create an on-demand Backup, by clicking the Backup Now button, a new
window will pop-up with the status of the Backup.

2012 Enterasys Networks, Inc. All rights reserved . Page 85

 Routing and Wireless Boot Camp Local Lab Guide

End of Lab 9

2012 Enterasys Networks, Inc. All rights reserved . Page 86

 Routing and Wireless Boot Camp Local Lab Guide

Lab 10: Integration with Netsight

Objectives:
In this lab exercise, you will:
Configure an Administration Account
Enable and configure SNMP V3
Access NetSight
Add the SNMP/CLI Credentials
Add the Controller to NetSight

Section A: Admin Account

The admin account is what NetSight will use to config some components on the
Controller.

1. Select Login Management from the left hand column.

2. Create a Full Administrator account; enter the following User ID, Password and
Confirm Password.
a. User ID: WC
b. Password: training
3. Click Add User.

2012 Enterasys Networks, Inc. All rights reserved . Page 87

 Routing and Wireless Boot Camp Local Lab Guide

Section B: SNMP V3 Configuration

1. Click on the Network tab in the left hand column.

2. Click on SNMP in the left column to bring up the SNMP configuration screen.
Enter the following information:
a. Mode: SNMPv3
b. Contact Name: Name of Student
c. Location: Location of the Training
d. Port: destination port for SNMP traps (industry standard is 162)
e. Forward Traps From: Critical
f. Publish AP as interface of controller: Enabled
3. Select the SNMPv3 tab and enter the following information:
4. Engine ID: 1234567890x x = group number
5. Add User Account and Enable SNMPv3 User Account, enter the following
parameters:
a. User Name: WC
b. Security Level: authPriv
c. Authentication Protocol: MD5
d. Authentication Password: training
e. Privacy Protocol: DES
f. Privacy Password: training
6. Click OK.
7. Click Save.

2012 Enterasys Networks, Inc. All rights reserved . Page 88

 Routing and Wireless Boot Camp Local Lab Guide

Section C: NetSight Configuration

1. Launch the Console Client from your browser http://<ip address of your
PC>:8080 or select the NetSight Launch Page on the Desktop.

2012 Enterasys Networks, Inc. All rights reserved . Page 89

 Routing and Wireless Boot Camp Local Lab Guide

2. Launch the Console client application, by clicking on the Console Hyperlink.

3. Login with the password training. (The Server and Username are pre-
populated and shouldnt be changed unless instructed by the trainer.)

Section D: Restore Default Database

1. Before you configure anything you will have to import the Default Database. Go
to Tools > Server Information.
2. From the Database tab click the Restore button.
3. Select the Restore Initial Database radio button from the Restore Database
window.
4. Click the Restore button.

2012 Enterasys Networks, Inc. All rights reserved . Page 90

 Routing and Wireless Boot Camp Local Lab Guide

5. After the Database is cleared, the NetSight Server has to be restarted; the
system will do this for you when you click on the OK then the YES button.

6. The Server will restart and the connection will be restored, the status on the
bottom of the NetSight Console window will show the status. When the NetSight
Server taskbar arrow icon goes green the server has been restarted successfully
and you can continue.

2012 Enterasys Networks, Inc. All rights reserved . Page 91

 Routing and Wireless Boot Camp Local Lab Guide

Section E: Authorization/Device Access

1. Create SNMP and CLI Authentication credentials for the Enterasys Wireless
Controller, from the Console Tools Menu select Authorization/Device Access.

2012 Enterasys Networks, Inc. All rights reserved . Page 92

 Routing and Wireless Boot Camp Local Lab Guide

2. Click the Profiles/Credentials tab.

3. Create the SNMP Credentials that will be used to discover the Controller (Add
Credential). When finished, click Apply and then Close.
a. Credential Name: WC
b. SNMP Version: SNMPv3
c. User Name: WC
d. Authentication Type: MD5
e. Authentication password: training
f. Confirm password: training
g. Privacy type: DES
h. Privacy password: training
i. Confirm password: training

2012 Enterasys Networks, Inc. All rights reserved . Page 93

 Routing and Wireless Boot Camp Local Lab Guide

4. Select the CLI Credentials tab.

5. Add the CLI Credentials, and then click on OK.
a. User Name = WC
b. Description = WC_Access
c. Login & Configuration password = training
d. Type = SSH

2012 Enterasys Networks, Inc. All rights reserved . Page 94

 Routing and Wireless Boot Camp Local Lab Guide

6. Create the Device Access Profile (Add Profile), by combining the SNMP and CLI
Credentials, when finished, click Apply and then Close.
a. Profile Name: WC
b. SNMP version: SNMPv3
c. Read/Write/Max Access : WC (Security Level: AuthPriv)
d. CLI Credential: WC_Access

7. Close the Authorization/Device Access window.

2012 Enterasys Networks, Inc. All rights reserved . Page 95

 Routing and Wireless Boot Camp Local Lab Guide

8. In the Console Window, right-click on My Network and select Add Device

9. Enter the following parameters and then click Apply and then click Cancel.
a. IP address of your controller (i.e. 10.170.110.10)
b. Device Profile = WC

NetSight should contact the Controller and will display the Controller and the alarm
icon will be green indicating that that the SNMPv3 contact was successful.

End of Lab 10

2012 Enterasys Networks, Inc. All rights reserved . Page 96

 Routing and Wireless Boot Camp Local Lab Guide

Lab 11: Inventory Manager

Archive Wizard
Objectives:
In this lab exercise, you will:
Set the support method of File Transfer (FTP)
Schedule nightly backups the Controller Configuration using NetSight

The Enterasys Wireless Controller requires an FTP Server on the network. The FTP
server (filezilla) has been installed on the same PC-As the NetSight Suite Software.

Section A: Inventory Manager Access

1. Select Inventory Manager from the Application pull down

2012 Enterasys Networks, Inc. All rights reserved . Page 97

 Routing and Wireless Boot Camp Local Lab Guide

2. Right-click on the controller and set the File Transfer Method to FTP.

2012 Enterasys Networks, Inc. All rights reserved . Page 98

 Routing and Wireless Boot Camp Local Lab Guide

Section B: FTP Transfer Settings

1. Open the Tools > Options window.

2. Change the FTP Transfer Settings Control Login Information to Username:

training, Password; training and then Apply and OK.

2012 Enterasys Networks, Inc. All rights reserved . Page 99

 Routing and Wireless Boot Camp Local Lab Guide

Section C: Scheduled Backup

The Controller Configuration will be archived nightly; if problems arise in class the
configuration can be easily be restored.

1. Select the Controller, right click and select the Wizards > Archive Wizard.

3. Enter an Archive Name and Description and then click Next.

2012 Enterasys Networks, Inc. All rights reserved . Page 100

 Routing and Wireless Boot Camp Local Lab Guide

4. Verify the Device Selection (should match the starting point of the wizard) and
click Next.

5. Select to archive the configuration on a daily basis Schedule and then click
Finish.
a. Frequency: Daily
b. Starting Day: Today
c. Time: 10:00 PM EST

2012 Enterasys Networks, Inc. All rights reserved . Page 101

 Routing and Wireless Boot Camp Local Lab Guide

End of Lab 11

2012 Enterasys Networks, Inc. All rights reserved . Page 102

 Routing and Wireless Boot Camp Local Lab Guide

Lab 12: OneView Polling

Objectives:
In this lab exercise, you will:
Set the Polling option for Wireless to provide up-to-date view of the device
Enable statistic collection on the device, client and interfaces for trend
reporting

Section A: Set Polling Timers for OneView

1. By default, OneView polls the devices every 15 minutes for statistics. To change
that polling interval for purposes of this class, from Netsight Console click
Tools>Options.

2. The NetSight Console Options window opens.

2012 Enterasys Networks, Inc. All rights reserved . Page 103

 Routing and Wireless Boot Camp Local Lab Guide

3. Click on OneView Collector to open your poll settings window.

4. Change the poll rates for Wireless Collection, Device Collection and Interface
Collection to 2 minutes, click Apply and then OK.

End of Lab 12

2012 Enterasys Networks, Inc. All rights reserved . Page 104

 Routing and Wireless Boot Camp Local Lab Guide

Lab 13: OneView -

Collect Device/Interface Statistics
Objective:
Enable Device and Interface Statistics Collection on the Wireless Controller
and its APs

OneView Device and Interface Statistics Collection can be easily enabled from the
NetSight Console Window. Once statistic collection is enabled you will see any
results in the OneView Reports.

Section A: Device Statistics

1. Right-click on the Controller in the Console Properties window, rollover OneView

and select Collect Device Statistics.

2012 Enterasys Networks, Inc. All rights reserved . Page 105

 Routing and Wireless Boot Camp Local Lab Guide

2. The Collect Controller Statistics window opens. Click to enable Wireless

Controller, WLAN, Topology, AP Wired and Wireless Statistics.

3. Click OK.

Section B: Enable Interface Statistics Collection

1. You must also enable statistics collection on your interfaces. In the NetSight
Console window, select the Wireless Controller.

2. Select the Interface Summary tab and poll the interfaces.

3. Enable interface statistic collection for all the interfaces on your controller. Shift-
click to select all your interfaces. Rollover OneView and select Interface
Statistics Collection.

2012 Enterasys Networks, Inc. All rights reserved . Page 106

 Routing and Wireless Boot Camp Local Lab Guide

4. Click the Enable radio button and select OK.

End of Lab 13

2012 Enterasys Networks, Inc. All rights reserved . Page 107

 Routing and Wireless Boot Camp Local Lab Guide

Lab 14: OneView Device Client Statistics

Objective:
In this lab exercise, you will:
Enable Client Statistics Collection on the Wireless Controller

The Controller client statistics collection is enabled within the OneView window.

Section A: Launch OneView

1. From Console, select Applications>OneView.

2012 Enterasys Networks, Inc. All rights reserved . Page 108

 Routing and Wireless Boot Camp Local Lab Guide

2. The OneView main page will open to the Reports tab.

Section B: Enable Client Collection

1. You must enable statistics collection in OneView for your controller before you
will see any results in your reports. To do so, click on the Devices tab.

The Devices window will open, displaying your controller.

2012 Enterasys Networks, Inc. All rights reserved . Page 109

 Routing and Wireless Boot Camp Local Lab Guide

2. Right-click on the controller and select Collect Device Statistics.

3. The Collect Controller Statistics window opens. Click OK to enable statistics

collection from your controller.

The Reports that use these collections will be view in a later lab.

End of Lab 14

2012 Enterasys Networks, Inc. All rights reserved . Page 110

 Routing and Wireless Boot Camp Local Lab Guide

Lab 15: Configuration of Access Points

Objectives:
In this lab exercise, you will:
Configure AP Registration Mode
Set the Default Setting for APs
Perform the Configuration of the Access Points

Section A: Wireless AP Registration

1. Select the Wireless APs tab and then select AP Registration from the left hand
column.
2. Change the Security mode to: Allow only approved Wireless APs to connect and
then click Save.

2012 Enterasys Networks, Inc. All rights reserved . Page 111

 Routing and Wireless Boot Camp Local Lab Guide

Section B: AP Default Settings

1. Select the Bulk Configuration tab in the left-hand window.

2. Select AP Default Settings.
3. Select AP2610 AP2620 AP2605 W788 BP200 WB500.
a. Radio 1: Set Admin Mode: off, Set Radio Mode: a, Max Tx Power: 1dbm.
b. Radio 2: Set Admin Mode: On, Set Radio Mode: b/g, Max Tx Power: 8dbm.
c. Click on the Advanced Settings, Enabled Remote Access, and then click on
Close
4. Select the AP36xx tab.
a. Radio 1: Set Admin Mode: off, Set Radio Mode: a/n, Max Tx Power: 1dbm.
b. Radio 2: Set Admin Mode: on, Set Radio Mode: b/g/n, Max Tx Power:
2dbm.
5. Select AP4102 AP4102x tab.
a. Radio 1: Set Radio Mode: off, Set Radio Mode: a, Max Tx Power: 1dbm.
b. Radio 2: Set Radio Mode: b/g, Max Tx Power: 8dbm.
c. Click on the Advanced Settings, Enable Remote Access and then click
Close.
6. Save Settings.

Note: Transmit Power is reduced for training purposes only.

2012 Enterasys Networks, Inc. All rights reserved . Page 112

 Routing and Wireless Boot Camp Local Lab Guide

Section C: AP Properties

1. Select the AP tab in the left pane.

2. Select All, the AP will be listed by Serial Number.
3. Select the AP and enter a Name, then Save (i.e. Group#-AP1).

4. If you have an Access Point with External Antennas (3620/2620), verify that
under the AP properties tab, that the Antennas are set to the Factory default
Antenna, i.e. choose the Left , Middle and Right Antenna to 4dBi Omni
Factory.

NOTE: Even if you assign WLAN service to that AP, there will be no radio service
available on any AP radio till the proper antenna is selected.

2012 Enterasys Networks, Inc. All rights reserved . Page 113

 Routing and Wireless Boot Camp Local Lab Guide

Section D: Reset the AP to the Default Settings

1. Select All.
2. Select the AP, and Select the Reset to Defaults button (the AP will obtain the
new default settings that were created.
3. Click OK to accept the warning message.

2012 Enterasys Networks, Inc. All rights reserved . Page 114

 Routing and Wireless Boot Camp Local Lab Guide

Section E: Secure Tunnel

1. Click on the AP Properties.

2. Verify that the AP Hardware Version is AP3600 series and that the Application
Version is at least V8.11.

Note: Secure Tunnel is only supported on AP3600 and AP3700 series

APs running at a minimum V8.11. If your AP does not match these
criteria, skip this part of the lab.

3. Click Advanced Settings.

4. Select Enable Secure Tunnel and Encrypt control traffic between AP &
Controller.
5. Click Close.

6. Click Save.

End of Lab 15

2012 Enterasys Networks, Inc. All rights reserved . Page 115

 Routing and Wireless Boot Camp Local Lab Guide

Lab 16: Events / Logs / Reports

Objective:
In this lab exercise, you will:
View the WC Events and AP Logs

Section A: Enterasys WC Events

Check the Logs on the Controller; these will include the discovery of the AP to the
controller.

1. Click on Logs from the Menu Bar.

2. Select HWC: Events then Severity: All to display all the Log Messages that have
been reported.
3. For the AP Logs, select AP: Logs, then Severity: All.

2012 Enterasys Networks, Inc. All rights reserved . Page 116

 Routing and Wireless Boot Camp Local Lab Guide

Section B: AP Reports

1. Click on Reports.
2. Select AP Inventory.

End of Lab 16

2012 Enterasys Networks, Inc. All rights reserved . Page 117

 Routing and Wireless Boot Camp Local Lab Guide

Lab 17: Wireless Client

Objective:
In this lab exercise, you will:
Verify the Wireless Client Access

Section A: Wireless Client Access

Each group is assigned a WLAN Client that is accessible via VNC from your Glance
session. This will be the Wireless Client that will be used to connect to the
Broadcasting SSID of the APs.

Group # WLAN Client IP Address

Group1 10.170.111.50
Group2 10.170.121.50
Group3 10.170.131.50
Group4 10.170.141.50
Group5 10.170.151.50
Group6 10.170.161.50
Group7 10.170.171.50
Group8 10.170.181.50

1. To access the WLAN client, open the VNC Viewer Icon on the Desktop

2. Enter the Server IP Address listed above for your Group, and then click OK.

2012 Enterasys Networks, Inc. All rights reserved . Page 118

 Routing and Wireless Boot Camp Local Lab Guide

3. The WLAN client screen should be displayed.

End of Lab 17

2012 Enterasys Networks, Inc. All rights reserved . Page 119

 Routing and Wireless Boot Camp Local Lab Guide

Lab 18: VNS Creation

Objectives:
In this lab exercise, you will:
Create VNS Component for deployment of a Bridged @ AP tagged topology
Create a CoS that will limit bandwidth

Section A: Tagged Bridge Locally at AP Topology

Bridge Locally at AP (tagged) Traffic will be tagged by the Access Point before
entering the network.

1. Select VNS Configuration > Topologies.

2. Create a new Bridge Traffic Locally at AP Topology with a VLAN Settings to be
tagged and then click Save.
a. Name: Bridge_AP_Tagged
b. Mode: Bridge Traffic Locally at AP
c. VLAN Settings: Tagged = VLAN ID: 100

2012 Enterasys Networks, Inc. All rights reserved . Page 120

 Routing and Wireless Boot Camp Local Lab Guide

Section B: Class of Service/ Rate Limit

Rate Limiting is typically configured in order to give priority to Enterprise traffic and
applications.

1. Select the Classes of Service component from the left hand menu.
2. Select the Critical Data Class of Service.

3. Select Inbound Rate Limit and click on New.

4. Enter the Profile Name: Student set the Average Rate (CIR): 350Kbps and then
click Add.

2012 Enterasys Networks, Inc. All rights reserved . Page 121

 Routing and Wireless Boot Camp Local Lab Guide

5. Select Outbound Rate Limit: select Student from the pull down menu, and then
click Save.

2012 Enterasys Networks, Inc. All rights reserved . Page 122

 Routing and Wireless Boot Camp Local Lab Guide

Section C: Policy VLAN & Class of Service

Create a Policy that will provide access to the network will some restrictions.

1. Select the Policies component.

2. Create a new Policy:
a. Policy Name: Student
b. Assigned Topology: Bridge_AP_Tagged, ignore the warning and click OK.
c. Default Class of Service: Critical Data.
3. Select Save.

2012 Enterasys Networks, Inc. All rights reserved . Page 123

 Routing and Wireless Boot Camp Local Lab Guide

Section D: Policy - Filter Rules

Create Filter rules that will not allow the end-system to act as any type of Server on
the Network (DNS, FTP and DHCP Server) and allow all other traffic.

1. Select the Filter Rules tab.

2. Add the following Filter Rules, by selecting Add and configure the DNS rule:
a. In Filter: Source (src)
b. Out Filter: Destination (dest)
c. Port: DNS
d. Access Control: Deny
e. Click OK.

2012 Enterasys Networks, Inc. All rights reserved . Page 124

 Routing and Wireless Boot Camp Local Lab Guide

3. Repeat this process for the following ports: FTP & Bootp.

Note: This filter will allow all traffic from the network (scr), but will not
allow the end system be to an FTP, DNS or BOOTP Server.

4. Click Save to save the filter.

2012 Enterasys Networks, Inc. All rights reserved . Page 125

 Routing and Wireless Boot Camp Local Lab Guide

Section E: WLAN Service Pre-Shared Keys

1. Select the WLAN Services component.

2. Create a new WLAN Service:
a. Name: BR_Group#
b. SSID: BR_Group# (# = group number)
c. Service Type = Standard
d. Status = Enable
e. Save
3. Assign Radio 2 on the AP to the WLAN Service.

2012 Enterasys Networks, Inc. All rights reserved . Page 126

 Routing and Wireless Boot Camp Local Lab Guide

4. In the Privacy Tab, select:

a. Privacy = WPA-PSK > WPAv.2 only
b. Pre-shared key = training
c. Click Save
d. Accept the Security warning by clicking the Leave original key radio button
and click OK.

2012 Enterasys Networks, Inc. All rights reserved . Page 127

 Routing and Wireless Boot Camp Local Lab Guide

Section F: Bridge Locally at AP Virtual Network

1. Select the Virtual Networks component.

2. Create a new Virtual Network that will bind the Bridge Locally at AP.
Policy/Topology with WLAN Service. Enter the following parameters and then
click Save.
a. VNS Name: Bridge_AP
b. WLAN Service: BR_Group#
c. Non-Authenticated: Student
d. Authenticated: Same as non-authenticated

2012 Enterasys Networks, Inc. All rights reserved . Page 128

 Routing and Wireless Boot Camp Local Lab Guide

Section G: AP Reports

1. Confirm that your APs are transmitting on just the b/g/n (depending on your AP)
by selecting Reports.

2. Click Active APs.

If Secure Tunnel is configured on a particular AP, it will be displayed in the

Sec. Tunnel cell as SC and the Channel that the Radio is broadcasting on
will be displayed.

2012 Enterasys Networks, Inc. All rights reserved . Page 129

 Routing and Wireless Boot Camp Local Lab Guide

Section H: Network Connectivity

1. Using your Wireless Client connect to the SSID broadcasted by your Access
Point BR_Group#, i.e. BR_Group1.

2. Using the WLAN client connect to the SSID broadcasted by the AP(s) i.e.
BR_Group#, enter the pre-shared Key.

2012 Enterasys Networks, Inc. All rights reserved . Page 130

 Routing and Wireless Boot Camp Local Lab Guide

3. Open a DOS command window.

4. Execute ipconfig at the command prompt to check for the IP- address for the
Wireless adapter.

2012 Enterasys Networks, Inc. All rights reserved . Page 131

 Routing and Wireless Boot Camp Local Lab Guide

Section I: Client Reports

1. Active WLAN Clients are displayed in the EWC reports by selecting Clients from
the left hand pane. Client reports include Clients by AP, Clients by VNS and All
Active Clients.

2. Click All Active Clients.

Answer the following questions:

1) What IP address did the client obtain? _______________ Why ?

2) Can you access the following url, http://10.170.1.15?
3) Can you ping the Network Router (10.170.1.1) from your Wireless Client?

2012 Enterasys Networks, Inc. All rights reserved . Page 132

 Routing and Wireless Boot Camp Local Lab Guide

ICMP and HTTP traffic is controlled by the Filters that are applied
to the Authenticated Client.

3. Using the scroll bar find the Avg. Rate (Mbps) Sent / Recd. Note that the Avg.
Rate is not the highest Data Rate but is the Class of Service applied to the SSID/
End-System. Using the Refresh button this value will change.
What is the Avg. Rate Sent / Recd? ___ / ___

Note: If the IP Client IP address is N/A either the WLAN Client is still in the
Authentication process or there may be a problem with the DHCP server.

Section J: One View Client Reports

1. Launch NetSight Console and Login.

2. From the NetSight Console, access the OneView Reporting.
3. Select the Wireless Tab from the toolbar.
4. Select Client Event History.

The Client that associated and Authenticated with the AP should be displayed. A Pre-
Shared WPA key was used for authentication therefore Identity information such as
User Name and Host Name are not displayed.

2012 Enterasys Networks, Inc. All rights reserved . Page 133

 Routing and Wireless Boot Camp Local Lab Guide

2012 Enterasys Networks, Inc. All rights reserved . Page 134

 Routing and Wireless Boot Camp Local Lab Guide

Section K: OneView Interface Statistics

When a new VNS is added to the controller, a new interface is created. To monitor
traffic and collect historical information using OneView this interface MUST have
interface collection enabled. This can be performed in the OneView screen or in the
Netsight Console window.

1. Launch NetSight Console and Login.

2. Select the Controller from My Networks and select the Interface Summary
FlexView tab.
3. Click on the Polling icon to display all the available interfaces, right-click on the
newly created interface, rollover OneView and select Collect Interface
Statistics.
4. Click the Enable radio button and click OK.

End of Lab 18

2012 Enterasys Networks, Inc. All rights reserved . Page 135

 Routing and Wireless Boot Camp Local Lab Guide

Lab 19: Dynamic Filtering

Objective:
In this lab exercise, you will:
Demonstrate the dynamic filtering feature

Section A: Dynamic Filtering

1. Start a continuous ping to 10.170.1.1 on the Wireless Client, i.e. ping t

10.170.1.1, it you should see the Reply packets.

2012 Enterasys Networks, Inc. All rights reserved . Page 136

 Routing and Wireless Boot Camp Local Lab Guide

2. Select the VNS Configuration tab.

3. Select the Policies component.
4. Select the Student Policy, change the Filter Rules, add an ICMP filter to deny
ICMP Protocol traffic to 10.170.1.1 and then click OK.

2012 Enterasys Networks, Inc. All rights reserved . Page 137

 Routing and Wireless Boot Camp Local Lab Guide

5. Click Save to Apply the Filters/Policy to the AP.

Answer the following questions:

What is the status of the ping packets?

Did the filter work dynamically or did you have to disassociate the client from
the AP and connect again?

2012 Enterasys Networks, Inc. All rights reserved . Page 138

 Routing and Wireless Boot Camp Local Lab Guide

6. Select the Student Policy; Delete the ICMP rules previously created in Step 4
and then click Save.
Are the pings (ICMP Reply packets) working again?

End of Lab 19

2012 Enterasys Networks, Inc. All rights reserved . Page 139

 Routing and Wireless Boot Camp Local Lab Guide

Lab 20: Bridge Locally at AP

(Persistency)
Objective:
In this lab exercise, you will:
Demonstrate the Persistency Feature

10.170.1.15/32
DHCP, RADIUS
Server

Controller 10.170.1#0.0/24

WLAN Client
AP1 AP2

Maintain client session in event of poll failure is default behavior for the Enterasys
APs. This is an Advanced Setting for the APs.

2012 Enterasys Networks, Inc. All rights reserved . Page 140

 Routing and Wireless Boot Camp Local Lab Guide

Section A: Demonstrate Persistency

1. Connect to the SSID broadcasted by your Bridged Locally at AP topology, i.e.

BR_Group#.
2. Start a continuous ping session between your WLAN Client to Wireless Router,
i.e. ping t 10.170.1.1.
3. Select the Wireless Controller > System Maintenance.
4. Select System Shutdown, Halt system: reboot and then select Shutdown.
5. Click Yes to accept the warning message.

Answer the following questions:

Are the ICMP Replay packets still being displayed in the command window on
the Windows Client?

Check the controller logs after you log back into the controller to confirm the
reboot, you can see it under the severity of Major.

2012 Enterasys Networks, Inc. All rights reserved . Page 141

 Routing and Wireless Boot Camp Local Lab Guide
In a Bridge Locally at AP topology, the data traffic is not tunneled to the controller.
Therefore if the controller goes down traffic between the Wireless Client and the
Network will persist. The Controller will not be able to monitor the AP through the
CTP tunnel between the AP and the Controller.

End of Lab 20

2012 Enterasys Networks, Inc. All rights reserved . Page 142

 Routing and Wireless Boot Camp Local Lab Guide

Lab 21: Real Capture

Objective:
In this lab exercise, you will:
Use the Wireless AP to Capture Wireless Traffic

Section A: Real Capture

1. Click on Wireless APs.

2. Click on APs in the left hand panel.
3. Highlight the Access Point and click Advanced Settings in the AP Properties
section.
4. Change the Real Capture window to 600 seconds (The Real Capture daemon
will stop once this limit is reached).
5. Click on Start.

2012 Enterasys Networks, Inc. All rights reserved . Page 143

 Routing and Wireless Boot Camp Local Lab Guide

Section B: Wireshark

1. Open the Wireshark application on the PC.

2. Select Capture Options.

3. In the Wireshark: Capture Options window, change the interface to Remote.

2012 Enterasys Networks, Inc. All rights reserved . Page 144

 Routing and Wireless Boot Camp Local Lab Guide

4. Enter the IP address of the Wireless Access Point, i.e. 10.170.1x0.102, where x
is the Group Number you have been assigned.
5. Enter port 2002, this is port that will be used on collect the packets.

6. Click OK.

2012 Enterasys Networks, Inc. All rights reserved . Page 145

 Routing and Wireless Boot Camp Local Lab Guide

7. Once the Remote Host is configured the Interface pull-down is populated. Select
the rcap entry for the node; e.g., rpcap://[10.170.110.102]:2002/wifi1.

8. Click Start.

2012 Enterasys Networks, Inc. All rights reserved . Page 146

 Routing and Wireless Boot Camp Local Lab Guide

9. The Wireless Packets will be displayed.

Note: If you receive the following message, this is an indication that the trace is not
running at this time.

End of Lab 21

2012 Enterasys Networks, Inc. All rights reserved . Page 147

 Routing and Wireless Boot Camp Local Lab Guide

Lab 22: 802.1x Authentication

Objectives:
In this lab exercise, you will:
Configure a RADIUS Server
Configure the WLAN Server to 802.1x Authentication

10.170.1.15/32
DHCP, RADIUS
Server

Controller 10.170.1#0.0/24

WLAN Client
AP1 AP2

Utilizing RADIUS as a back-end authentication server allows you to utilize end-system

account information that is already defined on an Active Directory Server. Once the
end-system is authenticated and authorized, identity information such as Username
will be displayed in the Wireless Client Reports.

In the classroom training there is a Radius Server configured using the following
settings:
IP-Address: 10.170.1.15
Authentication: EAP, PEAP, MS-CHAP2, PAP
User: Student / Password: training

2012 Enterasys Networks, Inc. All rights reserved . Page 148

 Routing and Wireless Boot Camp Local Lab Guide

Section A: Radius Configuration

1. Login to the Enterasys WC and select the VNS Configuration tab.

2. Select Global from the left hand column.

2012 Enterasys Networks, Inc. All rights reserved . Page 149

 Routing and Wireless Boot Camp Local Lab Guide

3. Define a New Radius Server using the following settings, and then Save.
a. Server Alias: Radius
b. Server Address: 10.170.1.15
c. Shared Secret: training
d. Default Protocol: MS-CHAP2

2012 Enterasys Networks, Inc. All rights reserved . Page 150

 Routing and Wireless Boot Camp Local Lab Guide

4. Select to Save the Radius Configuration.

2012 Enterasys Networks, Inc. All rights reserved . Page 151

 Routing and Wireless Boot Camp Local Lab Guide

Section B: WLAN Service with 802.1x Authentication

1. Select the WLAN Services component.

2. Create a new WLAN Service and then click Save.
a. Name: Group# , i.e. Group1
b. SSID: Group#
3. Finish completing the WLAN Service.
a. Select APs: local APs radio 2.

2012 Enterasys Networks, Inc. All rights reserved . Page 152

 Routing and Wireless Boot Camp Local Lab Guide

4. Select the Privacy tab.

a. Select WPA.
b. Select WPA v.2.
c. In the drop down menu next to Key Management Options select
Opportunistic Keying & Pre-auth.

2012 Enterasys Networks, Inc. All rights reserved . Page 153

 Routing and Wireless Boot Camp Local Lab Guide

5. Select the Auth & Acct tab.

a. Select Mode 802.1x, the rest of the screen will be displayed automatically
after the selection.
b. Select the RADIUS server from the pull down menu and select Use, select
the Radius Server in the table and select Auth and Acct, and then Save.

2012 Enterasys Networks, Inc. All rights reserved . Page 154

 Routing and Wireless Boot Camp Local Lab Guide

Section C: Virtual Network (802.1x Authentication)

1. Create a Virtual Network that will utilize the 802.1x Authentication.

2. Enter the following parameters and then click Save.
a. VNS Name: Group#
b. WLAN Service: Group#
c. Non-Authenticated: Student
d. Authenticated: Same as non-authenticated

Note: If you want to monitor this newly created interface (VNS), repeat the
process defined earlier to enable interface collection on the OneView Screen.

2012 Enterasys Networks, Inc. All rights reserved . Page 155

 Routing and Wireless Boot Camp Local Lab Guide

Section D: Configuring 802.1x on the Wireless Windows 7 Client

Note: You will have to make some changes on your WLAN Client (Windows 7) to
make the connection.

1. Click on the Wireless icon and then Open Network and Sharing Center (Window
7).

2. Select Manage wireless networks.

2012 Enterasys Networks, Inc. All rights reserved . Page 156

 Routing and Wireless Boot Camp Local Lab Guide

3. Select Add.

4. Select Manually create a network profile.

5. Enter SSID or Network name = Group#, Security Type = WPA2-Enterprise,

Encryption type = AES, and then click Next.

2012 Enterasys Networks, Inc. All rights reserved . Page 157

 Routing and Wireless Boot Camp Local Lab Guide

6. Select to Change connection settings.

7. Select the Security Tab.

8. Deselect Remember my credentials for this connection each time Im logged on.

9. Select Advanced Settings.

2012 Enterasys Networks, Inc. All rights reserved . Page 158

 Routing and Wireless Boot Camp Local Lab Guide

10. Select Specify Authentication mode and select User authentication from the
pull down menu, and then click OK.

11. From the Security Tab, click on Settings next to the network authentication
method.

2012 Enterasys Networks, Inc. All rights reserved . Page 159

 Routing and Wireless Boot Camp Local Lab Guide

12. In the Protected EAP Properties window uncheck Validate Certificate Server
and Enable Fast Reconnect.

13. Click on Configure next to the Authentication Method.

14. Uncheck automatically use my Windows logon name and password and then
click OK.

15. Click OK on the Protected EAP Properties window.

16. Click OK on the Security Tab and click Close on the Managed Wireless
Connections.

2012 Enterasys Networks, Inc. All rights reserved . Page 160

 Routing and Wireless Boot Camp Local Lab Guide

Section E: End-System Connections

The End-System will authenticate using 802.1.x, the Radius Server.

1. Connect to the Group# SSID and authenticate using the username = training /
Password = training.

If the SSID is not listed as an available Wireless Connection check that the
VNS and WLAN Services configuration for this SSID on the controller are
enabled.

2. Choose Work Network and click Close.

3. In the Wireless Controller, click on Reports from the top toolbar.
4. Open All Active Clients Report.

Note that the Auth/Priv will be EAP/ WPA and that the Avg. Rate Sent/Recd is
within the full rate of 54Mbps. Because the back-end Radius Server was used for
Authentication, identity information, such as Username is displayed.

What is the Filter/Policy that was applied? ____________________

What is the Topology that was applied? _______________________
What is the IP Address? ______________________

End of Lab 22

2012 Enterasys Networks, Inc. All rights reserved . Page 161

 Routing and Wireless Boot Camp Local Lab Guide

Lab 23: RFC3580 Filter-ID

Objective:
In this lab exercise, you will:
Configure a WLAN Service to the accept on the Filter-ID attribute only

When authenticating via 802.1x or Captive Portal the Radius Filter-ID attribute can be
used to assign both the policy and topology for an end-system. By default, when the
controller receives a RADIUS ACCESS-ACCEPT packet, it will use the RADIUS Filter-
ID to assign the Policy and the Tunnel-Private-Group-ID to assign the topology.

Section A: RADIUS ACCESS-ACCEPT Filter-ID

1. Click VNS Configuration.

2. Select Global > Authentication.
3. Select the RFC 3580 (ACCESS-ACCEPT) Options.
4. Change the default setting from Both RADIUS Filter-ID and Tunnel-Private-
Group-ID Attributes to Radius Filter-ID attribute.

5. Click Save.

2012 Enterasys Networks, Inc. All rights reserved . Page 162

 Routing and Wireless Boot Camp Local Lab Guide

Section B: Policy (Filter-ID)

Create a Policy named Employees. This Policy will match the Filter-ID defined on the
RADIUS Server. The Filter-ID is case sensitive; therefore the policy created on the
Controller must exactly match the Filter-ID name specified in the RADIUS Accept
Message.

2012 Enterasys Networks, Inc. All rights reserved . Page 163

 Routing and Wireless Boot Camp Local Lab Guide

1. Select the Policies component.

2. Create a new Policy:
a. Policy Name: Employees
b. Assigned Topology: Bridged at AP untagged, this is the default topology on
the Controller.
c. Assign the High Priority Default Class of Service and then Save.

2012 Enterasys Networks, Inc. All rights reserved . Page 164

 Routing and Wireless Boot Camp Local Lab Guide

3. Select the Filter Rules Tab and select the Default Filter to Allow all Traffic and
then click Save.

2012 Enterasys Networks, Inc. All rights reserved . Page 165

 Routing and Wireless Boot Camp Local Lab Guide

Section C: End-System Connection

The End-System will authenticate using 802.1.x; the Radius Server will return the
Filter-ID attribute.

1. Disconnect the from the Group# SSID.

2. Connect to the Group# SSID and authenticate using the username = Trainer /
Password = training.

2012 Enterasys Networks, Inc. All rights reserved . Page 166

 Routing and Wireless Boot Camp Local Lab Guide

3. Refresh the All Active Clients report.

What is the Filter/Policy that was applied? ____________________

What is the Topology that was applied? _______________________
What is the IP Address? ______________________

The Topology and the IP address which is tied to the topology and Filter will
change because a different Filter-ID was returned by the RADIUS server.

When authenticating an end-user with the RADIUS Server, if the Radius or Network
Access Policy has a Filter-ID defined and returned in the Radius Accept Message, the
policy that matches the Filter-ID will be used to assign the topology, class of service
and filters. The User Trainer returns a Filter-ID of Employees, therefore the
Employees Policy will be applied.

This can also be viewed by looking at the Logs.

End of Lab 23

2012 Enterasys Networks, Inc. All rights reserved . Page 167

 Routing and Wireless Boot Camp Local Lab Guide

Lab 24: RFC3580 VLAN ID

Objective:
In the lab exercise, you will:
Explore how a VLAN-ID returned from the Radius Server can manipulate the
topology

Section A: RFC 3580 (ACCESS-ACCEPT) Options

1. Modify the RFC3580 (ACCESS-ACCEPT) Options to include Both RADIUS

Filter-ID and Tunnel-Private-Group-ID attributes.

2012 Enterasys Networks, Inc. All rights reserved . Page 168

 Routing and Wireless Boot Camp Local Lab Guide

2. Disconnect the from the Group# SSID.

3. If the WLAN is not connected to the Group# SSID, reconnect and login using the
Username: Trainer and Password: training.

4. Refresh the All Active Clients report.

What is the Filter/Policy that was applied? ____________________

What is the Topology that was applied? _______________________
What is the IP Address? ______________________

2012 Enterasys Networks, Inc. All rights reserved . Page 169

 Routing and Wireless Boot Camp Local Lab Guide

End of Lab 24

2012 Enterasys Networks, Inc. All rights reserved . Page 170

 Routing and Wireless Boot Camp Local Lab Guide

Lab 25: Captive Portal

Objectives:
In this lab exercise, you will:
Created a Tunneled Topology
Create an Internal Captive Portal WLAN Service

Section A: Creating the WLAN Policy Components

Captive Portal Traffic will be tunneled to the Controller.

Bridged Locally at HWC or Routed Traffic is tunneled to the Controller, this can be
used in a Guest Network Environment where Wireless End-System traffic enters the
Enterprise Network into the DMZ, by-passing the core network.

1. Select VNS Configuration > Topologies.

2. Create a new Routed Topology with a VLAN Settings to be tagged and then
Save.
a. Name: Guest_Network
b. Mode: Routed
c. Layer 3 Parameters:
i. Gateway: See chart below
ii. Mask: 255.255.255.0
iii. DHCP: Use Relay - 10.170.1.15

Group Routed Topology Gateway

Group1 10.170.113.1
Group2 10.170.123.1
Group3 10.170.133.1
Group4 10.170.143.1
Group5 10.170.153.1
Group6 10.170.163.1
Group7 10.170.173.1
Group8 10.170.183.1

2012 Enterasys Networks, Inc. All rights reserved . Page 171

 Routing and Wireless Boot Camp Local Lab Guide

Guest Access is typically Rate Limited and traffic is given a lower priority in order to
give priority to Enterprise traffic and applications.

3. Modify the Best Effort Class of Service.

a. Select ToS/DSCP Marking: 0x20 od DSCP: 0x08.
i. Click on Select and then select Diffserv Code point (DSCP).
ii. In the Well-Known Value field select CS1 or Precedence 1 and then
Close.

2012 Enterasys Networks, Inc. All rights reserved . Page 172

 Routing and Wireless Boot Camp Local Lab Guide

Note: The DSCP bit is being used due the Routed Topology.

4. Select Inbound Rate Limit and click on New.

5. Enter the Profile Name: Guest and set the Average Rate (CIR): 1024 Kbps.

2012 Enterasys Networks, Inc. All rights reserved . Page 173

 Routing and Wireless Boot Camp Local Lab Guide

6. Select Outbound Rate Limit: select Guest on the pull down menu.

7. Click Save.

2012 Enterasys Networks, Inc. All rights reserved . Page 174

 Routing and Wireless Boot Camp Local Lab Guide

Non-Authenticated Policy This policy will be used for features such as Captive Portal
or Guest Portal, traffic will be re-directed to the Controller for Authentication.

8. Select the Policies component.

9. Create a new Policy:
a. Policy Name: Non-Authenticated.
b. Assigned Topology: Guest_Network (Topology that is tunneled back to the
Controller). Accept the warning by clicking OK.
c. Default Class of Service: Best Effort and then Save.

10. Select the Filter Rules tab.

2012 Enterasys Networks, Inc. All rights reserved . Page 175

 Routing and Wireless Boot Camp Local Lab Guide

11. Add the following Filter Rules:

a. Allow DNS and Bootp service.

b. Allow HTTPS to the Virtual Interface (Routed Network).

2012 Enterasys Networks, Inc. All rights reserved . Page 176

 Routing and Wireless Boot Camp Local Lab Guide

c. Allow HTTP to an External HTTP link (used in the Captive Portal Web Page).

d. Edit the last two rules to Deny all other traffic and then Save.

2012 Enterasys Networks, Inc. All rights reserved . Page 177

 Routing and Wireless Boot Camp Local Lab Guide

Once Authenticated onto the Network, users that do not have a Filter-ID or
Role/Policy assigned to their Radius account will get the default Guest Policy (limited
access and Routed topology).

12. Select the Policies component.

13. Create a new Policy:
a. Policy Name: Guest.
b. Assigned Topology: Guest_Network (Topology that is tunneled back to the
Controller). Accept the warning by clicking OK.
c. Default Class of Service: Best Effort and then Save.

2012 Enterasys Networks, Inc. All rights reserved . Page 178

 Routing and Wireless Boot Camp Local Lab Guide

14. Select the Filter Rules tab.

15. Add the following Filter Rules:
a. Allow DNS and Bootp service

b. Allow HTTP and HTTPS

2012 Enterasys Networks, Inc. All rights reserved . Page 179

 Routing and Wireless Boot Camp Local Lab Guide

c. Edit the last two rules to Deny all other traffic and then Save.

2012 Enterasys Networks, Inc. All rights reserved . Page 180

 Routing and Wireless Boot Camp Local Lab Guide

16. Captive Portal WLAN Service & Captive Portal Page

17. Create a new WLAN Service for the Captive Portal with the following settings and
then Save:
a. WLAN Service Name: Portal_Group# (# = Group)
b. SSID: Portal_Groupx
c. Service Type: Standard
18. Select APs: radio 2, which will apply the WLAN service to all Radio 2s.

2012 Enterasys Networks, Inc. All rights reserved . Page 181

 Routing and Wireless Boot Camp Local Lab Guide

19. Click on the Advanced button.

20. Change the post timeout to 1 minute (For training purposes only), click Close
and then click Save.

2012 Enterasys Networks, Inc. All rights reserved . Page 182

 Routing and Wireless Boot Camp Local Lab Guide

21. Select the Auth & Acct tab.

22. Change the Authentication Mode to Internal.
23. Select to Use the Radius Server, and select Auth and Acct and then Save.

24. Select Configure for the Internal Captive Portal Settings.

2012 Enterasys Networks, Inc. All rights reserved . Page 183

 Routing and Wireless Boot Camp Local Lab Guide

25. In the Message Configuration section, click Configure.

26. Enter a creative message to be displayed to users that fail authentication and
then click Close.

2012 Enterasys Networks, Inc. All rights reserved . Page 184

 Routing and Wireless Boot Camp Local Lab Guide

27. Select Launch Captive Portal Editor for the Captive Portal Configuration Editor.

28. Click the Widget Management Graphics icon.

2012 Enterasys Networks, Inc. All rights reserved . Page 185

 Routing and Wireless Boot Camp Local Lab Guide

29. In the Property Editor window, Browse for the enterasys.jpg file to upload from
the Training Share and then click Open.

30. Click Upload and Close.

2012 Enterasys Networks, Inc. All rights reserved . Page 186

 Routing and Wireless Boot Camp Local Lab Guide

31. Click on the Text button in the Add Widget To Panel section.

32. Set the display option to Only prior to authentication. Enter the message to
display to user, i.e. Welcome to the Enterasys Training Guest Network. pPease
enter your credentials.

33. Click Apply.

2012 Enterasys Networks, Inc. All rights reserved . Page 187

 Routing and Wireless Boot Camp Local Lab Guide

34. The Message box will be display in the Login Page screen, select the Text Box
and move it slightly above the Login Prompt.

The Error message label indicates where the error messages will be displayed. During
the testing phase of creating the Captive Portal Web page, you may have to adjust the
text box so that it doesnt overwrite the Error message.

2012 Enterasys Networks, Inc. All rights reserved . Page 188

 Routing and Wireless Boot Camp Local Lab Guide

35. In the Add Widget to Panel section, click on Graphic.

36. In the Property Editor Window and then set the Width, Height, Left values.
a. Width: 210 Height: 75
b. Left: 295 Top: 10

37. Select the image that was recently uploaded and then click Apply.

2012 Enterasys Networks, Inc. All rights reserved . Page 189

 Routing and Wireless Boot Camp Local Lab Guide

38. In the Add Widget To Panel window, click on External HTML.

39. Enter the URL for the External HTML link, http://10.170.1.15/footer.htm in the
Property Editor.
40. Select the Width, Height and Top equal to what is displayed below. This will set
the location of where the contents of the External HTML file will be displayed.

41. Click Apply.

2012 Enterasys Networks, Inc. All rights reserved . Page 190

 Routing and Wireless Boot Camp Local Lab Guide

42. Click Save in the Design Management window.

43. Click the Preview to see the sample page, make adjustments if needed.

2012 Enterasys Networks, Inc. All rights reserved . Page 191

 Routing and Wireless Boot Camp Local Lab Guide

44. Select the Topology Change Tab.

45. Click on the box that contains the information about the topology changes, make
any changes and then click Apply.

This is the screen that will be displayed if the topology changes during the
authentication process, i.e. Non-Authenticated = Bridged Locally at HWC.
Once authenticated, the end-users topology is changed to Bridge Locally at
AP based on a Dynamic Policy Assignment.

2012 Enterasys Networks, Inc. All rights reserved . Page 192

 Routing and Wireless Boot Camp Local Lab Guide

46. Click Save & Close.

2012 Enterasys Networks, Inc. All rights reserved . Page 193

 Routing and Wireless Boot Camp Local Lab Guide

47. In the Configure window select to redirect the end-user once authenticated to
the original destination that was required, i.e. 10.170.1.1. Click Close.

48. Select the Save button to save your Captive Portal configuration.

2012 Enterasys Networks, Inc. All rights reserved . Page 194

 Routing and Wireless Boot Camp Local Lab Guide

Section B: Captive Portal Virtual Network

1. Select Virtual Networks, and then create a New Portal Virtual Network.
a. VNS Name: Portal_VNS
b. WLAN Service: Portal_Group#
c. Non-Authenticated = Non-Authenticated
d. Authenticated: Guest
e. Select Enable and then click Save.

2012 Enterasys Networks, Inc. All rights reserved . Page 195

 Routing and Wireless Boot Camp Local Lab Guide

Section C: Network Connection - WLAN Client Connection

1. Connect to the Captive Portal SSID that is being broadcasted from your AP, i.e.
Portal_Group#.

2. Open your web browser on the WLAN Client. (If there isnt a DNS Server on the
Network, enter the following URL, http://10.170.1.1, to be redirected to the
Captive Portal Page). You should be redirected to the controller displaying the
previously configured Captive Portal login page.

Did you go the URL specified?

Note: 10.170.1.1 is the log-in screen for the switch in the network.

Check your filter settings first if you cannot reach the Captive Portal Web Page.

2012 Enterasys Networks, Inc. All rights reserved . Page 196

 Routing and Wireless Boot Camp Local Lab Guide

3. Go to Reports on the GUI then click on Active Clients by VNS or All Active
Clients notice that the Filter for the connection is the non-authenticated policy or
Non-Authenticated.

Section D: Captive Portal Failed User

1. Login as user: test password: test (Should fail authentication).

2012 Enterasys Networks, Inc. All rights reserved . Page 197

 Routing and Wireless Boot Camp Local Lab Guide

Section E: Captive Portal Default Authenticated Policy

If a Filter-ID or VLAN-id is not returned in the Authentication Packet received from the
Radius Server, the default Authenticated Policy (Filters/Cos/Topology) will be
assigned to the end-system.

1. Open your web browser on the WLAN Client. (If there isnt a DNS Server on the
Network, enter the following URL, http://10.170.1.1, to be redirected to the
Captive Portal Page).
2. Login as user: Trainer password: training.

3. On the Wireless Controller GUI refresh the All Active Clients Report.

What Policy Filter was assigned to the user?

What topology and IP address was assigned to the user?

2012 Enterasys Networks, Inc. All rights reserved . Page 198

 Routing and Wireless Boot Camp Local Lab Guide

4. Select Logs.
5. Examine the Controller Events, HWC: Events > All. A log message is created
during the authentication process recording the Radius Server interaction,
showing the VNS the WLAN client connect to as well as the username and policy
that was applied to the user.

What filter, topology and IP address was assigned to the Wireless Client?
Why?

In this example when the user training was authenticated by the Radius Server,
there was NO filter-id was returned to the Controller. Therefore the controller
assigned the default policy or Guest.

End of Lab 25

2012 Enterasys Networks, Inc. All rights reserved . Page 199

 Routing and Wireless Boot Camp Local Lab Guide

Lab 26: Guest Portal

Objectives:
In this lab exercise, you will:

Create a GuestPortal Manager account

Modify the Portal_Group# WLAN to Guest Portal
Create Guest Username

Section A: Guest Portal Manager

Create a GuestPortal Manager account that will be used to Register Users that will
access the Guest Network.

1. Select Wireless Controller.

2. Select Administration>Login Management from the left hand column.
3. Create a GuestPortal Manager account by entering the following information and
then select Add User.
a. Group: GuestPortal Manager
b. User ID: GuestManager
c. Password: training

2012 Enterasys Networks, Inc. All rights reserved . Page 200

 Routing and Wireless Boot Camp Local Lab Guide

Section B: Guest Portal WLAN Service

1. Select VNS Configuration > WLAN Services.

2. Select the Portal_Group# WLAN Service.
3. Select the Auth & Acct tab.
4. Modify the Authentication Mode to GuestPortal and then click Save.

5. Select Configure, to open the window for the Internal Guest Portal Settings.

2012 Enterasys Networks, Inc. All rights reserved . Page 201

 Routing and Wireless Boot Camp Local Lab Guide

6. Determine the number of Concurrent Session (number of devices that can

authenticate with the same Username/Password), set the Maximum concurrent
Session = 1.

7. Configure your own personal Guest Portal web page. Type in the following:
a. Send Successful Login To: custom specific URL
b. Enter the URL: http://10.170.1.1
c. Communication Options: Use Zip File
d. Upload Zip file: enterasys.zip ( Found on the Training Share Drive)
e. Click Upload. Accept the warning by clicking OK.
f. Click Close.

2012 Enterasys Networks, Inc. All rights reserved . Page 202

 Routing and Wireless Boot Camp Local Lab Guide

8. Save the Auth & Acct settings.

Once the .zip file has been uploaded, via the Close button you can click on
Configure and then again on View Sample Login Page or View Sample Index Page.

2012 Enterasys Networks, Inc. All rights reserved . Page 203

 Routing and Wireless Boot Camp Local Lab Guide

Section C: Create a Guest Account

1. LOGOUT out of the Wireless Assistant.

2. Login Again in to the Wireless Assistant using the Guest Manager account
created in the previous lab, i.e. User Name: GuestManager, Password: training.

Note: The Guest Manager account is only active once Guest Manager is selected
as an Active VNS.

2012 Enterasys Networks, Inc. All rights reserved . Page 204

 Routing and Wireless Boot Camp Local Lab Guide

2012 Enterasys Networks, Inc. All rights reserved . Page 205

 Routing and Wireless Boot Camp Local Lab Guide

3. Select to Add Guest Account and enter the following parameters:

a. Select Enable
b. User Name
c. User ID
d. Password
e. Description
f. Start Date
g. Click OK.

2012 Enterasys Networks, Inc. All rights reserved . Page 206

 Routing and Wireless Boot Camp Local Lab Guide

Section D: Access the Guest Portal SSID

1. Logout of the Wireless Assistant.

2. Login Again to the Wireless Assistant using the admin account.
3. Using the WLAN client, connect to the Guest Portal SSID, i.e. Portal_Group# that
is being broadcasted from your AP.

Note: If the Portal_Group# ssid is not displayed, check to make sure that the
WLAN Service is enabled.

4. Open the web browser on the WLAN Client. (If there isnt a DNS Server on the
Network, enter the following URL, http://10.170.1.15, to be redirected to the
Captive Portal Page). You should be redirected to an internal site displayed the
previously configured Guest Portal login page.
5. Log in as using the guest access credentials created earlier.

2012 Enterasys Networks, Inc. All rights reserved . Page 207

 Routing and Wireless Boot Camp Local Lab Guide

6. Examine the Active Client Reports.

7. Examine the Logs for authentication information.

a. Controller Logs

b. Guest Portal Logs

Answer the following Questions:

What IP Address did the User obtain? Why?

How is Guest Portal different than Captive Portal?

End of Lab 26

2012 Enterasys Networks, Inc. All rights reserved . Page 208

 Routing and Wireless Boot Camp Local Lab Guide

Lab 27: Mobility

Objectives:
In this lab exercise, you will:
Configure a Mobility Pair between 2 Controllers
Create a Remoteable VNS for Centralized Mobility

Note: This Lab requires the use of a second controller or 2 groups working together.

DHCP, RADIUS
Server

Mobility Agent Controller

10.170.1#0.10/24
10.170.1#0.11/24
Mobility
Manager
Controller AP1 AP2

2012 Enterasys Networks, Inc. All rights reserved . Page 209

 Routing and Wireless Boot Camp Local Lab Guide

Section A: Secondary Controller

1. Open your Web Browser and connect to your second Wireless Controller (PC.1)
at IP address https://10.170.1#0.11:5825.

Group IP Address
Group1 10.170.110.11
Group2 10.170.120.11
Group3 10.170.130.11
Group4 10.170.140.11
Group5 10.170.150.11
Group6 10.170.160.11
Group7 10.170.170.11
Group8 10.170.180.11

2. Login to the Secondary Controller using the Username: admin and Password:
training.
3. Select the Bulk Configuration> Access Approval window; the AP should be
Approved and Active.

2012 Enterasys Networks, Inc. All rights reserved . Page 210

 Routing and Wireless Boot Camp Local Lab Guide

Section B: Mobility Domain Configuration

1. On the Primary Controller (10.170.1#10.10), select the Wireless Controller tab.

2. Select Services>Mobility Manager from the left hand column.
3. Under the Mobility Manager Settings select Mobility.
4. Select This Wireless Controller is a Mobility Manager.
5. Enter the following parameters and then Save.
a. Port: Interface that will be listening for Mobility Agent Connection Requests ,
e.g. PC.1 (10.170.110.10)
b. Heartbeat: 5
c. SLP Registration: Disable
d. Security Mode: Allow all mobility agents to connect

2012 Enterasys Networks, Inc. All rights reserved . Page 211

 Routing and Wireless Boot Camp Local Lab Guide

6. On the Secondary controller (i.e. 10.170.110.11) repeat steps 1 to 3, except

select This Wireless Controller is a Mobility Agent (default).
7. Configure the Mobility Agent parameters, and then click Save.
a. Port: The port that will be initiating a connection to the Mobility Manager, e.g.
10.170.110.11
b. Discovery Method: Static Configuration
c. Mobility Manager Address: Address of the Mobility Manager, 10.170.1#0.10,
e.g. 10.170.110.10 (address will depend on the group)

2012 Enterasys Networks, Inc. All rights reserved . Page 212

 Routing and Wireless Boot Camp Local Lab Guide

Lab 28: Centralized Mobility

Centralized mobility is a means of ensuring that a single specific controller in a
mobility zone hosts the sessions of all stations accessing the network via a specific
WLAN Service/SSID. This is useful in cases in which you do not want to offer the
back-end portion of the service on multiple controllers in the mobility zone or when
you cant do so. Centralized mobility is particularly useful for guest portal services in a
mobility zone, since you only have to maintain the guest registrations on one
controller.

Section A: Setting the GuestPortal WLAN Service Remoteable

1. On the Mobility Manager, Select VNS Configuration > WLAN Services.

2. Select the Portal_Group# WLAN Service.
3. In the WLAN Services window select Advanced
4. Select Remote Service Remoteable and Apply.

2012 Enterasys Networks, Inc. All rights reserved . Page 213

 Routing and Wireless Boot Camp Local Lab Guide

5. Save the WLAN Settings.

6. Using the WLAN Client, connect to the SSID. Portal_Group#.
7. Connect to the Web Server http://10.170.1.15, enter the Username Guest-
student and Password training.
8. Open a command window and start a continuous ping to 10.170.1.1, i.e. ping t
10.170.1.1. (Note: given your filters, would you expect the ping to succeed?
Why not?)
9. Examine the Reports on the primary controller; the client will be displayed as
associated to a VNS.

Notice that the AP information is displayed.

Which AP is the client connected to? __________

2012 Enterasys Networks, Inc. All rights reserved . Page 214

 Routing and Wireless Boot Camp Local Lab Guide

Section B: Remotable VNS

1. On the Secondary Controller (10.170.1#0.11), select VNS Configuration >

WLAN Services
2. Create a New Remote VNS and select Save.
a. Enter the name: Portal_Group#
b. Select Service Type: Remote
c. Select Portal_Group1 as the SSID
3. Select the Radio / AP that will be broadcasting the SSID and click Save.

2012 Enterasys Networks, Inc. All rights reserved . Page 215

 Routing and Wireless Boot Camp Local Lab Guide

4. Examine the Mobility Tunnel Matrix on the Mobility Manager. (Should see one
controller report home =1, current = 1).

2012 Enterasys Networks, Inc. All rights reserved . Page 216

 Routing and Wireless Boot Camp Local Lab Guide

5. Reboot the AP that the Client is connected to, Wireless APs>Bulk

Configuration>Access Approval.

2012 Enterasys Networks, Inc. All rights reserved . Page 217

 Routing and Wireless Boot Camp Local Lab Guide

6. Examine the Report on the primary controller, the WLAN client should have
roamed to the other AP on the other Controller, however because the primary
controller is configured for the Remoteable WLAN Server the client will be
displayed on the primary controller the Roamed status of Yes.

The controller is not managing the AP that the client is now connected to.
Therefore the information such as Radio/Protocol/RSS information is not displayed.

7. Examine the Mobility Tunnel Matrix report, the report should indicate that the one
Controller with home =1 and the other controller should have current =1).

Does the WLAN Client retain its IP address? Why or why not?
How have the Mobility Tunnel Reports changed?

End of Lab 28

2012 Enterasys Networks, Inc. All rights reserved . Page 218

 Routing and Wireless Boot Camp Local Lab Guide

Lab 29: Availability (Fast Failover)

Objective:
In this lab exercise, you will:
Configure an Availability Pair between 2 Controllers in a Routed Environment

DHCP, RADIUS
Server

Secondary/ Foreign
Controller
10.170.1#0.10/24
10.170.1#0.11/24
Home Controller

AP1 AP2

2012 Enterasys Networks, Inc. All rights reserved . Page 219

 Routing and Wireless Boot Camp Local Lab Guide

Section A: Configure Controllers and APs for Availability/Failover

1. On the Primary Controller, i.e. 10.170.1#0.10, select the Wireless Controller tab
and select the Availability component from the left hand column of the Wireless
Controller>Administration window.
2. Start the Availability Wizard.

2012 Enterasys Networks, Inc. All rights reserved . Page 220

 Routing and Wireless Boot Camp Local Lab Guide

3. Enter the Connection Details (Primary Controller will use this information to
communicate to its peer Controller and configure Availability).
a. Select the Port/IP that will communicate to the other Controller i.e. (esa0)
10.170.1#0.10
b. Set the Peer Controller IP, i.e. 10.170.1#0.11
c. Set the Peer Controller Login: admin / training
d. Enable Fast Failover
4. Enter the Synchronization Options.
a. Enable Synchronize System Configuration
b. Enable Synchronize Guest Portal Accounts
5. Click Next.

Note: Enabling Synchronize System Configuration will cause the Primary

Controller to overwrite the entire VNS configuration on the peer controller.

2012 Enterasys Networks, Inc. All rights reserved . Page 221

 Routing and Wireless Boot Camp Local Lab Guide

6. The Topology Definitions will be displayed for all Routed and Bridged Locally at
Controller topologies. Interface IP and Mask values are displayed with
placeholders as 0.0.0.0. For real Gateway and Mask information enter the Peers
Gateway IP address that matches your VNS, e.g. 10.170.113., would match
10.170.114.1. Give the gateway a 24-bit mask.

Secondary Controller Routed

Group
Gateway
Group1 10.170.114.1
Group2 10.170.124.1
Group3 10.170.134.1
Group4 10.170.144.1
Group5 10.170.154.1
Group6 10.170.164.1
Group7 10.170.174.1
Group8 10.170.184.1

2012 Enterasys Networks, Inc. All rights reserved . Page 222

 Routing and Wireless Boot Camp Local Lab Guide

7. Click Finish and then Close.

2012 Enterasys Networks, Inc. All rights reserved . Page 223

 Routing and Wireless Boot Camp Local Lab Guide

Section B: Wireless APs Assignment

1. Select the VNS Configuration tab on one of the Controllers.

2. Modify the WLAN Service that will be allowed to failover to the second controller
(BR_Group#):
a. Enable the SSID to be broadcasted on Radio 2 on the Local & Foreign APs,
then click Save. (This information will be synchronized with the other
Controller automatically.)

2012 Enterasys Networks, Inc. All rights reserved . Page 224

 Routing and Wireless Boot Camp Local Lab Guide

Section C: Availability Report

1. Select Reports and open the AP Availability report. The Availability tunnel
should be up. (The number of APs on display should be equal to the number of
APs configured on each Controller.)

2. Using the WLAN Client, connect to the BR_Group# SSID.

3. Initiate a continuous ping to 10.170.1.1 on the Wireless Client, i.e. ping t
10.170.1.1.
4. Open the Active Clients by Wireless AP report on each Controller (only one
controller will see the Client Connection), set the Refresh on each report to 10
secs and then apply.

What Controller/AP did the Client connect to?

What is the IP Address of the Client IP?

2012 Enterasys Networks, Inc. All rights reserved . Page 225

 Routing and Wireless Boot Camp Local Lab Guide

5. On the Controller that the Client is connected to, select the Wireless Controller
tab and Shutdown the controller by initiating a reboot.

2012 Enterasys Networks, Inc. All rights reserved . Page 226

 Routing and Wireless Boot Camp Local Lab Guide

6. Monitor the Active Clients by Wireless AP report on the Controller that did not
reboot and the continuous pings on the Wireless Client.

Note: If the Controller is displaying the Client IP as N/A, the Client IP address can
be obtained by using the ipconfig/all command on the WLAN client.

7. Monitor the Wireless AP Availability report by refreshing the Report until the
availability status is reported as UP, i.e. Availability Link is UP.

Answer the Questions.

Did the AP reboot when the controller failed?

Did the Client roam to the other AP?
What happened to the user sessions? Did the WLAN Client obtain a new IP
address? Why or why not?
Did you have to re-authenticate?
What does the AP availability report look like?

2012 Enterasys Networks, Inc. All rights reserved . Page 227

 Routing and Wireless Boot Camp Local Lab Guide

8. Bring the foreign AP(s) back to its home controller by selecting Wireless APs >
Access Approval and Releasing the Foreign AP.

End of Lab 29

2012 Enterasys Networks, Inc. All rights reserved . Page 228

 Routing and Wireless Boot Camp Local Lab Guide

Lab 30: OneView Reports

Over the course of the week the Controllers have been gathering statistics. One-View
can be used for multiple reports such as Client Search, Interface Routing and
Trending Reports.

Section A: Client Search

1. Associate the WLAN Client to SSID, BR_Group# SSID and log in as Student /
training.
2. Start a continuous ping to 10.170.1.1, i.e. ping t 10.170.1.1.
3. To discover the MAC address of your client, go to Console, click the All Devices
group, and click the Interface Summary tab.

2012 Enterasys Networks, Inc. All rights reserved . Page 229

 Routing and Wireless Boot Camp Local Lab Guide

4. Click the FlexView icon and click Open.

5. In the Enterasys Wireless folder, click the Wireless Clients.tpl Flexview and
click Open. If you cannot find the Enterasys Wireless folder, browse to
Win7OS(C:)/Users/training/Application Data/NetSight/System/Flexviews/ to
locate it.

2012 Enterasys Networks, Inc. All rights reserved . Page 230

 Routing and Wireless Boot Camp Local Lab Guide

6. Click on the Retrieve button to view your clients.

7. Right-click on the MAC address of your active client. Roll over Table Tools and
select Copy Cell.

8. Launch One View.

9. Move to the Search tab, and paste the MAC address of your client into the
search field.

2012 Enterasys Networks, Inc. All rights reserved . Page 231

 Routing and Wireless Boot Camp Local Lab Guide

10. Click Search . The Search Overview information appears on your screen.

2012 Enterasys Networks, Inc. All rights reserved . Page 232

 Routing and Wireless Boot Camp Local Lab Guide

11. Select the Wireless Details tab. Inormation about the Client, Controller and AP
that the Client is associated to is displayed.

12. Click on the Client History Tab.

13. The Client History trend report will be displayed for the client.

2012 Enterasys Networks, Inc. All rights reserved . Page 233

 Routing and Wireless Boot Camp Local Lab Guide

Section B: Explore the Wireless Tab

1. Explore the information available to you under the Wireless tab. Click the
Wireless tab, and click the Details sub tab. Click the Wireless Network icon
and answer the questions below.

In the System Snapshot panel:

What is the status of your controller? _____________________________________
What is the status of your APs? ___________________________________________
How many active clients do you have? _____________________________________

In the Top 10 panel:

(Use the drop-down menus to answer the questions below.)
Which is your busiest Access Point? _______________________________________
Which is your busiest Controller? _________________________________________
Which is your busiest VNS? ______________________________________________

2012 Enterasys Networks, Inc. All rights reserved . Page 234

 Routing and Wireless Boot Camp Local Lab Guide

2. Click the Virtual Networks icon, and answer the questions below.

What are your top 10 SSIDs by Clients? ____________________________________

What are your top 10 Topologies by Bandwidth? _____________________________

3. Click on the Controllers icon.

4. Click on your 10.170.1#0.10 controller to open the Controller Summary window

for your controller.

2012 Enterasys Networks, Inc. All rights reserved . Page 235

 Routing and Wireless Boot Camp Local Lab Guide

Section C: Explore the Reports Tab

1. Click on the Individual Reports tab.

2012 Enterasys Networks, Inc. All rights reserved . Page 236

 Routing and Wireless Boot Camp Local Lab Guide

2. Click on the Top Clients by Bandwidth report.

3. Click Close.

2012 Enterasys Networks, Inc. All rights reserved . Page 237

 Routing and Wireless Boot Camp Local Lab Guide

4. Click on the Reports tab.

5. Click on the Custom folder, and click on Custom Report to create a Custom
report. The Option Chart opens, allowing you to select the target for your report
and the statistic upon which you want the report.

6. The Options field provides you with five drop-down windows that allow you to
tailor your report. In the Data Options>Category drop-down window, select
Raw Data.

2012 Enterasys Networks, Inc. All rights reserved . Page 238

 Routing and Wireless Boot Camp Local Lab Guide

7. In the Date Range field, select Today.

8. In the Targets field, select Group#-AP1 Interface (the Ethernet interface of the
AP, since the connection we are using for the Wireless client is Bridged at AP
tagged).

2012 Enterasys Networks, Inc. All rights reserved . Page 239

 Routing and Wireless Boot Camp Local Lab Guide

9. In the Statistics field, select ifOutOctets.

10. In the Field Type field, select Total.

2012 Enterasys Networks, Inc. All rights reserved . Page 240

 Routing and Wireless Boot Camp Local Lab Guide

11. Click Submit. You will see one value at the far right-hand side of your chart. If
you re-click Submit after 15 minutes, a second value will appear.

2012 Enterasys Networks, Inc. All rights reserved . Page 241

 Routing and Wireless Boot Camp Local Lab Guide

12. OneView provides you the information in graph form. To see the same
information in table form, under Display Options check the Render As drop down
box. Choose Table and click Submit.

End of Lab 30

2012 Enterasys Networks, Inc. All rights reserved . Page 242