WAN Port
LAN Port
DHCP
172.17.88.1 /24
DHCP
Addressing Table
Device WRS1 PC1 PC2 PC3 Interface WAN LAN/Wireless NIC NIC NIC IP Address 172.17.88.35 172.17.30.1 172.17.88.1 DHCP assigned 172.17.30.100 DHCP assigned 172.17.30.24 Subnet Mask 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 Default Gateway 172.17.88.1 N/A 172.17.88.35 172.17.30.1 172.17.30.1
Learning Objectives
Upon completion of this lab, you will be able to: Hard reset a Linksys WRT300N router Configure the IP settings of a Linksys WRT300N Add wireless connectivity to a PC Test connectivity Configure DHCP on a Linksys WRT300N Change the network mode and corresponding network channel on a WRT300N Learn how to enable WPA encryption Learn how to enable WEP encryption and disable SSID broadcast Enable a wireless MAC filter Configure access restrictions on a WRT300N Configure router management password on a WRT300N Learn backup, restore, and confirmation mechanisms on a WRT300N
All contents are Copyright 19922008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 20
CCNA Exploration LAN Switching and Wireless: Wireless Concepts and Configuration
Scenario
In this lab, you will configure a Linksys WRT300N. Make note of the procedures involved in connecting to a wireless network because some changes involve disconnecting clients, which may then have to reconnect after making changes to the configuration.
Step 2: Verify connectivity settings for PC2. On PC2, verify the connectivity settings by going to Start > Run and typing cmd. At the command prompt, type the command ipconfig to view your network device information. Notice which IP address is the default gateway. This is the default IP address of a Linksys WRT300N.
Step 3: Open a web browser on PC2 and navigate to the wireless routers Web Utility. Set the URL of the browser to http://192.168.1.1.
Step 4: Log in The default login credentials are a blank username and a password of: admin. Note that this is very
All contents are Copyright 19922008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 20
CCNA Exploration LAN Switching and Wireless: Wireless Concepts and Configuration
insecure since it is the factory default and provided publicly. You will set our own password in a later task. Leave the username blank and set the password to: admin. You should now be viewing the default Setup page of the Linksys WRT300N web utility.
All contents are Copyright 19922008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 20
CCNA Exploration LAN Switching and Wireless: Wireless Concepts and Configuration
Step 2: Set the IP address settings for Internet Setup. Internet IP Address set to: 172.17.88.35. Subnet Mask set to: 255.255.255.0. Default Gateway set to the ISP address: 172.17.88.1.
All contents are Copyright 19922008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 20
CCNA Exploration LAN Switching and Wireless: Wireless Concepts and Configuration
Step 3: Save the settings. Scroll down the bottom of the screen and click Save Settings. You are prompted with the following window. Click Continue.
Step 4: Verify connection to PC1. Navigate to the Administration page and then to the Diagnostics tab.
All contents are Copyright 19922008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 20
CCNA Exploration LAN Switching and Wireless: Wireless Concepts and Configuration
Enter 172.17.88.1 for the Ping Test, and click Start to Ping. (Note: you might need to allow popups in your browser.) You should see the results below; if not troubleshoot.
Click Close. Note: Due to security settings, at this point, PC1 is not able to ping WRS1. This will be changed in a later task.
Step 2: Save the settings. Click Save Settings, and then Continue. At this point you will be disconnected from the web page, as you just changed the IP address you are connected to. It will take a minute or two, and you will need to refresh your browser, but you should be redirected to the new URL of the web utility (http://172.17.30.1). If not, you might need to release your IP address and request a new one, before your navigate your browser there. You will be asked to login again. Step 3: Verify IP address changes. Go back to the command prompt and use the command ipconfig. Notice the new IP addresses.
Ping the ISP (172.17.88.1) to verify you can get outside your network. The pings should succeed.
All contents are Copyright 19922008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 6 of 20
CCNA Exploration LAN Switching and Wireless: Wireless Concepts and Configuration
WUSB300N NIC. Ask your instructor for details if your NIC is different. Use the driver CD before you connect the USB NIC in this step. On PC3, insert the driver CD, and auto-install will launch the program (otherwise start the Setup.exe). Follow the on screen prompts, and when it asks you to connect the NIC, plug the cable into the USB port. You will see the Creating a Profile screen (below). Do not connect to the access point yet you will do that in step 3. Make note of any wireless networks and the channels in use. In the example picture below, there are two networks on Channel 1. You will change the channel in the next step. Dont forget to remove the driver CD and put it back in the case. Click on the Linksys wireless network, and hover the mouse over it, and the MAC address of the WRSs Wireless Port will show up. NOTE: This value is 2 more (in hex) than the value listed on the bottom of the case of the Linksys WRS300N. The MAC address listed on the case is used for the wired connections.
Step 2: Basic Wireless Settings. The Linksys WRT300N allows you to choose which network mode to operate in. Currently, the most common network mode for clients is Wireless-G and for routers is BG-Mixed. When a router is operating in BG-Mixed, it can accept both B and G clients. However, if a B client connects, the router must scale down to the slower level of B. For this lab, pick the fastest speed your clients can support. On PC2, navigate to the Wireless page (the Basic Wireless Settings tab is the default). Network Mode If your clients support 802.11n, select Wireless-N Only, otherwise, choose BGMixed.
Network Name (SSID) Change to WRS1_number. Where number is a unique id assigned by your instructor, such as your pod number, to avoid conflicts with other students doing the lab at the same time
All contents are Copyright 19922008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 7 of 20
CCNA Exploration LAN Switching and Wireless: Wireless Concepts and Configuration
Wireless-N Only Radio Band Change to Standard 20MHz Channel. Note: setting this to Wide - 40MHz Channel will use 2 radio channels at the same time to boost speeds, but will cause more interference in the 2.4 GHz band. Cisco Aironet products will only allow Wide in the 5.8 GHz band. Standard Channel To avoid interference, change the Standard Channel to a number that is not already in use. Ideally, this would be at least 3 channels away from other wireless networks to reduce interference. For Wireless-N, if you selected Wide for the Radio Band, then this will be your secondary channel, and you can only select one that is 2 channels above or below your Wide Channel. SSID Broadcast Leave Enabled for now. Wireless-BG settings example:
Step 3: Verify wireless connection. On PC3, click on Refresh to update your wireless networks. You should see the new network.
Click on the name to highlight it and then click Connect. When it is done, it will congratulate you on creating a profile. Click Finish and you will see the Link Information tab.
All contents are Copyright 19922008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 8 of 20
CCNA Exploration LAN Switching and Wireless: Wireless Concepts and Configuration
On PC2, navigate back to the Setup page (the Basic Setup is the default tab). In the middle of the Basic Setup Page, under DHCP Server Settings, click the DHCP Reservations button. The window shown below will open.
All contents are Copyright 19922008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 9 of 20
CCNA Exploration LAN Switching and Wireless: Wireless Concepts and Configuration
There are two ways to assign DHCP addresses. The first method will always assign the client the same address the client has right now. The second will be in the next step. Find PC2 (your name may be different) in the list of current DHCP clients. (Hint: it should be listed as a LAN connection.) Check the Select box next to your PC. Click Add Clients. Now PC2 will show up under Clients Already Reserved. This gives PC2, (in this example, the computer with a MAC address of 00:13:21:5E:0F:EB), the same IP address it has right now, 172.17.30.100, whenever it requests an address through DHCP.
Step 2: Assign PC3 the 172.17.30.24 address. The second method to assign DHCP addresses is to select the address you want the machine to get. You will assign PC3 the static IP address listed in the Addressing Table, not the one it received initially. Under Manually Adding Client, enter your clients actual name, .24 for the IP address, the actual MAC address of your PCs Wireless Connection, and click Add. Now whenever PC3 connects to the wireless router, it receives the IP address 172.17.30.24 via DHCP.
Click Save Settings and Continue. Click Close to exit the DHCP Reservation window and return to Basic Setup.
Step 3: Verify the static IP address change. On both PC2 and PC3, at the command prompt, type Ipconfig /release and then Ipconfig /renew to verify the IP addresses you assigned are used. On PC3, ping the IP address of PC1 to verify you can reach the internet. Step 4: Configure other DHCP server settings. Right underneath the DHCP Reservation are the other settings for the DHCP server. What is the default maximum number of users the WRS300N will hand out DHCP addresses to? ________________________________________________________________________________ ________________________________________________________________________________ Start IP Address Change to: 172.17.30.50. Maximum Number of Users Change to: 75 Client Lease Time Change to 120 minutes (2 hours).
These settings give any PC that connects (wired or wirelessly) to this router requesting an IP address through DHCP, an address between 172.17.30.50124. Only 75 clients at a time are able to get an IP
All contents are Copyright 19922008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 10 of 20
CCNA Exploration LAN Switching and Wireless: Wireless Concepts and Configuration
address and they can only have the address for two hours, after which time they must request a new one. Step 5: Configure the router for the appropriate time zone. At the bottom of the Basic Setup page: Time Zone - Change the Time Zone of the router to reflect your location.
Step 2: Select Security Mode. In a corporate environment using WPA2 wireless security, clients will authenticate to the access point. The access point will then contact a Remote Authentication Dial-In User Service (RADIUS) database server to verify the credentials. Security Mode Using the pull-down menu, select WPA2 Enterprise.
What are the names of the options listed (field names)? ________________________________________________________________________________ ________________________________________________________________________________ Since you do not have a RADIUS server, you will use WPA2 Personal. Security Mode Using the pull-down menu, select WPA2 Personal.
All contents are Copyright 19922008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 11 of 20
CCNA Exploration LAN Switching and Wireless: Wireless Concepts and Configuration
Encryption select AES. AES is stronger encryption than TKIP. If your clients support WPA2, but not AES, then leave it at the default of TKIP or AES. Passphrase enter 0123456789 Key Renewal leave at 3600. Click Save Settings and Continue.
Step 3: Configure PC3 to use WPA2. At this point, PC3 will no longer be able to connect until you edit the profile.
On PC3, click the Profiles tab and click to highlight your profile. Click Edit at the bottom. From the Available Wireless Network list, select your wireless network.
All contents are Copyright 19922008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 12 of 20
CCNA Exploration LAN Switching and Wireless: Wireless Concepts and Configuration
Leave the Security set to WPA2-Personal and enter the pre-shared key of 0123456789 (as configured before on the router).
Click Connect, and then Finish. The Link Information tab should show you connected. If not, verify the key is entered the same on the WRS and the PC. Step 4: Verify PC3 can connect. On PC3, at the command prompt, ping the IP Address of PC1, to verify you can reach the internet.
Task 7: Enable Wireless Security (part 2) using WEP, Wireless MAC Address Filters, and Disabling SSID Broadcast.
If you have clients that do not support WPA or WPA2, the best option would be to set up a separate access point (on a different VLAN from the more secured wireless). If there is only one access point, enabling WEP with MAC address filtering and disabling SSID broadcast is the best security you can provide. Be aware there are tools that can discover networks that are not broadcasting their SSID, it is not hard to do MAC address spoofing, and there are even tools that can crack WEP key encryption. WPA or WPA2 are the preferred methods to secure wireless. Step 1: Change the Security Mode to WEP. On PC2, select the Wireless Security tab. Security Mode From the pull-down menu, select WEP. Encryption Leave at 40 / 64-bit (10 hex digits) Passphrase Leave blank. Key 1 Enter ABCDEF1234.
All contents are Copyright 19922008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 13 of 20
CCNA Exploration LAN Switching and Wireless: Wireless Concepts and Configuration
Click Save Settings and Continue. It might take a minute, but PC3 should show it can no longer connect to the access point. Make sure PC3 is no longer connected before you disable the SSID broadcast, or it will still think the connection is active.
Step 2: Disable SSID broadcast. On PC2, navigate to the Basic Wireless Settings tab. SSID Broadcast Click Disabled. Click Save Settings and Continue.
Step 3: Configure PC3 to use WEP. PC3 will no longer be able to connect until you edit the profile. On PC3, click the Profiles tab and click to highlight your profile. Click Edit at the bottom. Since you disabled SSID broadcast, you can no longer select from the Available Wireless Network list. Click Advanced Setup. On the next screen, leave the Network Setting at Obtain a network setting automatically (DHCP) and click Next. Leave the Wireless Mode at Infrastructure Mode, and the Wireless Network Name should match your SSID. Click Next. On the Wireless Security page, from the Security pull-down menu, select WEP, and click Next. Leave WEP set to 64-bit, and Passphrase as blank. For the WEP Key enter ABCDEF1234 and click Next.
Click Save and then on the next screen, Connect to Network. The Link Information tab should show you connected. If not, verify the key is entered the same on the
All contents are Copyright 19922008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 14 of 20
CCNA Exploration LAN Switching and Wireless: Wireless Concepts and Configuration
Linksys and the PC. Step 4: Verify PC3 can connect. On PC3, at the command prompt, ping the IP address of PC1, to verify you can reach the internet. Step 5: Add a Wireless MAC Filter. On PC2, click the Wireless MAC Filter tab. Click Enabled.
If you were to select Prevent PCs listed below from accessing the wireless network, any MAC addresses you enter would not be allowed to connect to the wireless network. Obviously denying specific MAC addresses from connecting is not a practical solution for security. A far better solution is to only allow selected MAC addresses to connect. (However, it is not difficult to spoof MAC addresses, so this should not be your only line of defense.) Click Permit PCs listed below to access the wireless network.
The Wireless Client List shows anyone currently connected to the router via a wireless connection. Also take note of the option Save to MAC filter list. Checking this option automatically adds the MAC address of that client to the list of MAC addresses to prevent or permit access to the wireless network. Check the Save to MAC address filter list box next to your PC.
Click the Add button. The Wireless Client List window will automatically close.
Now you should see the MAC address added to the MAC Address Filter List. Even though you have DHCP set to 75 clients, what is the maximum number of Wireless MAC Addresses you can filter? ________________________________________________________________________________ ________________________________________________________________________________ Click Save Settings and Continue.
All contents are Copyright 19922008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 15 of 20
CCNA Exploration LAN Switching and Wireless: Wireless Concepts and Configuration
Step 6: Verify PC3 can still connect. On PC3, click the Profiles tab, highlight your profile, and click Connect. You should reconnect to the network. (If not, attempt to reconnect again.) If you still cannot connect, on PC2, verify in the Wireless MAC Filter page, the Access Restriction is set to Permit, or your client will be blocked! At the command prompt, ping the IP address of PC1, to verify you can still reach the internet.
Click Save Settings. You will be prompted for a login. Leave the User Name blank, but use cisco123 for the password, and click OK. Click Continue.
All contents are Copyright 19922008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 16 of 20
CCNA Exploration LAN Switching and Wireless: Wireless Concepts and Configuration
Step 2: Test Connectivity - Ping WRS1s WAN interface. On PC1, open the command prompt and type ping 172.17.88.35. Note: This change only allows you to ping the WAN interface IP address. The Firewall still prevents you from trying to ping PC2, PC3, or the LAN interface of the WRS.
Step 2: Creating an Access Restriction. On PC2, navigate to the Access Restrictions page (there is only one tab). From the Access Policy pull-down menu, how many simultaneous Access Policies can you have active? ________________________________________________________________________________ ________________________________________________________________________________ Access Policy Leave at 1(). Policy Name Type No_Ping. Status Click on Enabled. Access Restriction Leave at Allow. Schedule: Days Uncheck Everyday, and check Monday through Friday. (If you are completing this lab on a weekend, check that day too.) Scroll down to the Blocked Applications, and in the List, select Ping (0 - 0). Click the >> button to move Ping to the Blocked List.
All contents are Copyright 19922008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 17 of 20
CCNA Exploration LAN Switching and Wireless: Wireless Concepts and Configuration
Step 3: Set the IP address range. Apply this configuration to anyone that is using an address from the DHCP pool (172.17.30.50 124). Near the top of the window, under the Applied PCs, click the Edit List button. The List of PCs window will open. Under the IP Address Range, enter the IP address range.
All contents are Copyright 19922008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 18 of 20
CCNA Exploration LAN Switching and Wireless: Wireless Concepts and Configuration
Click Save Settings and then Continue. Click Close on List of PCs window. Back on the Access Restriction window, scroll down and click Save Settings, and then Continue.
Step 4: Verify the restrictions. On both PC2 and PC3, at the command prompt, ping the IP address of PC1. PC3 should ping successfully, as PC3s IP address (172.17.30.24) is outside the range of addresses specified. But PC2 (172.17.30.100) should no longer be able to ping PC1.
Step 2: Restore your configuration. If your settings are accidentally or intentionally changed or erased, you can restore them from a working configuration using the Restore Configurations option located in the Backup and Restore section. Click the Restore Configuration button. In the Restore Configurations window browse to the previously saved configuration file. Click the Start to Restore button. Your previous settings should be successfully restored. After the restore, the WRS will restart, so you will lose your connection until it is up again (about 20 seconds).
All contents are Copyright 19922008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 19 of 20
CCNA Exploration LAN Switching and Wireless: Wireless Concepts and Configuration
Navigate to the Administration page and then to the Factory Defaults tab Click the Restore All Settings button.
All contents are Copyright 19922008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 20 of 20