Author Archive

Controllers and LWAPP

February 18th, 2011 wirelesstut 16 comments

Here you will find answers to Controllers and LWAPP Questions

Question 1

In the AP Layer 3 controller discovery process, after the LWAPP Discovery Request is broadcast on a local subnet, what is the next step that the AP takes?

A. Determine whether the controller responses are the primary controller.
B. Send an LWAPP discovery request to controllers learned via OTAP if operational.
C. Send an LWAPP response to the master controller if known.
D. Wait 5 seconds and resend a Discovery Request to the local subnet.

 

Answer: B

Question 2

A controller is connected to a Cisco IOS Catalyst switch. The following is the switch port configuration:

interface GigabitEthernet 1/0/10
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,20,30,50
switchport trunk native vlan 20
switchport mode trunk

Which controller CLI command assigns its management interface to the Cisco IOS Catalyst switch native vlan interface?

A. config interface vlan management 0
B. config interface vlan management 1
C. config interface vlan management 20
D. config interface vlan management 30
E. config interface vlan management 50

 

Answer: A

Question 3

Why does Cisco recommend using Tftpd32 version 3.0 or later when upgrading wireless LAN controller software to release 4.1 or later?

A. Tftpd32 is a component of CiscoWorks LMS
B. Tftpd32 supports TFTP file transfers larger than 32 MB
C. Tftpd32 is Cisco Compatible Extensions version 4 compliant
D. Tftpd32 supports EoIP tunneling which is required for remote Cisco WLC upgrades

 

Answer: B

Question 4

Which two statements best describe LWAPP? (Choose two)

A. Cisco proprietary
B. communication between the AP and client
C. communication between the AP and the WLC
D. Lightweight Access Point provisioning
E. used to encrypt control and data packets

 

Answer: A C

Question 5

Which two services are offered on Cisco Unified Wireless Networks running controller v5.0 but not offered on Cisco Mobility Express Solution using 526 controllers with v4.2 code? (Choose two)

A. Authentication using 802.1X
B. Guest access
C. GUI management
D. IDS/IPS
E. Location services
F. RRM
G. VoWLAN

 

Answer: D E

Question 6

A controller-based wireless solution can avoid interference by dynamically adjusting what two access point transmission characteristics? (Choose two)

A. operating RF channel
B. SSID names
C. transmit power levels
D. switch port parameters
E. antenna gain

Answer: A C

Explanation

A controller-based wireless solution can use RRM to perform these characteristics. RRM engine monitors the radio resources, performs dynamic channel assignments, provides detection and avoidance of interference, and provides the dynamic transmit power control (TPC).

Question 7

The office is currently operational using one 2106 WLAN controller with six 1131 APs and one 526 WLAN controller with three 521 APs. When the 526 loses power, the 521 APs do not establish a connection with the 2106 WLAN controller. What is the most likely cause of this problem?

A. The 2106 controller and 526 controller were not configured correctly using the sysname and MAC address for a mobility group.
B. The 2106 controller and 526 controller do not share the same mobility group name.
C. The 521 APs were not configured with the 2106 controller as the secondary controller.
D. The 2106 controller does not support the 521 APs.
E. The 2106 controller has no more AP capacity.

 

Answer: D

Explanation

The Cisco 521 AP cannot communicate with CUWN wireless LAN controllers. The Cisco 526 Controller communicates only with Cisco 521 Mobility

Question 8

Which CLI command would you use on the Cisco WLC to display detailed information for a client associated with a lightweight access point?

A. debug dot11
B. show arp switch
C. show client detailed
D. show exclusionlist

 

Answer: C

Explanation

Use the show client detail (or detailed) command to display detailed information for a client on a Cisco 1000 series lightweight access point.

show_controller_detail.jpg

Note: Use the show exclusionlist command to view clients on the exclusion list (blacklisted).

Question 9

What is the maximum number of lightweight APs that can be supported from a single Cisco WCS Navigator management console with Cisco WCS and Cisco WLC running v5.0 code?

A. 5,000
B. 10,000
C. 20,000
D. 25,000
E. 30,000
F. 35,000

 

Answer: E

Explanation

Cisco WCS Navigator runs on a server platform with an embedded database. It can support up to 20 Cisco WCS management platforms with manageability of up to 30,000 Cisco Aironet lightweight access points from a single management console.

(Reference: http://www.cisco.com/en/US/prod/collateral/wireless/ps5755/ps6301/ps7305/product_data_sheet0900aecd80633649.html)

Question 10

A lightweight AP has been deployed in local mode in a network consisting of 10 wireless LAN controllers in a single mobility group. The AP has been configured to use primary, secondary, and tertiary WLCs. Due to a major power failure, the AP’s primary, secondary, and tertiary Cisco WLCs are all unavailable. What will be the next step taken by the AP?

A. The AP will reboot and repeatedly attempt to join the configured primary, secondary, and tertiary Cisco WLCs in that order. The process will continue until one of the configured WLCs is again available.
B. The AP will attempt to join a Cisco WLC configured as a “Master Controller.”
C. The AP will attempt to join the Cisco WLC with the greatest amount of available capacity.
D. The AP state will transition to AP Fallback Mode and continue providing limited WLAN services (that is, no new client authentications) until a WLC is again available.

 

Answer: B

Explanation

Below lists the Access Point join order:

* The AP will associate first with its primary controller, assuming it has been primed.
* Upon failing with the primary, it will try to register with its secondary and then its tertiary.
* If there is no controller information primed in the AP, the AP will then look for a master controller.
* Finally, if there is no primed controller and no master controller, the AP will select the least loaded AP-Manager interface from all controllers that have responded to the discovery.

(Reference: IUWNE Student Guide)

Question 11

Which statement correctly describes the procedure for a lightweight AP to successfully establish a connection to a controller?

A. AP authenticates the received Cisco WLC certificate as valid.AP then sends its certificate to the controller.
B. AP sends its certificate to the controller. AP then authenticates the received Cisco WLC certificate as valid.
C. AP sends its certificate to the RADIUS server. AP then authenticates the controller certificate as valid.
D. AP sends its certificate to the RADIUS server. AP then authenticates the RADIUS certificate as valid.
E. AP authenticates the received RADIUS server certificate as valid. AP then sends its certificate to the RADIUS server.
F. AP authenticates the received RADIUS server certificate as valid. AP then sends its certificate to the controller.

 

Answer: B

Question 12

The corporate network locates all RADIUS servers at the centralized data center for authentication. The remote offices use access points operating in H-REAP mode using v5.0 code with various local and central switch WLANs. When a remote office has lost connectivity to the main corporate network due to a WAN outage, which two statements correctly describe the status of that remote office when H-REAP access points are operating in standalone mode? (Choose two)

A. All Cisco APs with 16 MB of RAM or more can operate as standalone H-REAP.
B. All clients will continue association until the respective authentication timers expire.
C. If configured, clients using WPA or WPA2 with PSK and locally switched WLANs will continue to operate.
D. If configured, locally switched WLANs will continue operation using the backup RADIUS server feature.
E. If configured, locally switched WLANs will continue operation using Local-EAP for EAP-LEAP and EAP-FAST for up to twenty users.
F. If configured, locally switched WLANs will continue operation using Local-EAP for EAP-LEAP, EAP-FAST, EAP-TLS, and EAP-PEAP for up to twenty users.

 

Answer: C E

Question 13

In which of the following modes can a LWAPP operate?

A. Layer 1 and Layer 3 LWAPP mode
B. Layer 1 and Layer 5 LWAPP mode
C. Layer 2 and Layer 3 LWAPP mode
D. Layer 3 and Layer 5 LWAPP mode

 

Answer: C

Explanation

LWAPP can operate in either Layer 2 LWAPP mode or Layer 3 LWAPP mode. The Layer 2 mode is considered out of date, and Cisco prefers and recommends Layer 3 mode. Layer 3 mode is the default LWAPP mode on most Cisco devices.

Question 14

Lightweight access points send control traffic to which device(s)?

A. Other access points.
B. The Wireless Control System.
C. The Wireless Controller.
D. Lightweight access points don’t send control traffic.

 

Answer: C

Explanation

In Cisco network the AP and the controller use Lightweight Access Point Protocol (LWAPP) to share information. In larger network environment, APs are often managed by a controller, which is the central point of configuration and intelligence. The AP has to send the frame to the Wireless Controller and the controller will decide what to do next.

Configuration and Monitoring

February 17th, 2011 wirelesstut 5 comments

Here you will find answers to Configuration and Monitoring Questions

Question 1

What is the result when client exclusion is enabled with a timeout value of zero?

A. Clients are excluded indefinitely.
B. Clients are never excluded.
C. Client exclusion is disabled.
D. Clients must be explicitly included by specifying the MAC address.
E. Exclusion and inclusion is determined by access list.

 

Answer: A

Explanation

The Client Exclusion is used to disable client machines. When turning this option on, you must set the Timeout Value in seconds for disabled client machines. Client machines are excluded by MAC address and their status can be observed. A timeout setting of 0 indicates that administrative control is required to re-enable the client.

Client_Exclusion_TimeOut.jpg

Question 2

The central office is currently using a combination of 4400 and 2100 series WLAN controllers running v4.2 and a variety of LWAPP-enabled access points servicing both 2.4 GHz and 5 GHz. The WLAN deployment has been extended to each remote office by implementing a 526 WLAN controller running v4.1 and several 521 access points. Wireless client deployment uses EAP-TLS authentication using a centralized RADIUS server plus 802.11n for performance. After the first remote office deployment, remote office users complain that they are not connecting via 802.11n. What is the most likely cause of this problem?

A. The 526 WLAN controller does not support external authentication via RADIUS, prohibiting authentication.
B. The 521 AP does not support 5 GHz, which prohibits 802.11n.
C. The 521 AP and 526 WLAN controllers do not support AES, which prohibits 802.11n.
D. The 526 WLAN controller does not support 802.11n with v4.1 and must be upgraded to v4.2.
E. The 526 WLAN controller does not support 802.11n with either v4.1 or v4.2.

 

Answer: E

Question 3

Which statement about an infrastructure basic service set is true according to IEEE 802.11 specifications?

A. Also called an Ad Hoc Network.
B. The BSSID is generated from the first wireless client that starts up in the IBSS.
C. Enables the use of ESS.
D. No relaying of signals from one client to another client.

 

Answer: C

Explanation

The set-up formed by the access point and the stations located within its coverage area are called the basic service set (or infrastructure basic service set, or BSS for short). Each BSS forms one cell.

We can link several BSS’s together (it means we link access points) using a connection called a distribution system in order to form an extended service set or ESS. The distribution system can also be a wired network, a cable between two access points or even a wireless network.

Note: When a station moves from one access point to another in an ESS, it is called roaming.

Question 4

Which set of commands assigns a standalone access point an IP address of 10.0.0.24 with a 27-bit subnet mask and a gateway of 10.0.0.1?

A. config t
interface BVI1
ip address 10.0.0.24 255.255.255.192
exit
ip default-gateway 10.0.0.1

B. config t
interface BVI1
ip address 10.0.0.24 255.255.255.224
exit
ip default-gateway 10.0.0.1

C. config t
interface FastEthernet1
ip address 10.0.0.24 255.255.255.224
exit
ip default-gateway 10.0.0.1

D. config t
interface Dot11Radio0
ip address 10.0.0.24 255.255.255.224
exit
ip default-gateway 10.0.0.1

E. config t
interface FastEthernet1
ip address 10.0.0.24 255.255.255.192
exit
ip default-gateway 10.0.0.1
F. config t
interface Dot11Radio0
ip address 10.0.0.24 255.255.255.192
exit
ip default-gateway 10.0.0.1

 

Answer: B

Question 5

If you have the Cisco ADU installed but want to use the Windows Zero Config utility to configure a wireless network profile, what must you do first?

A. Define a common profile in both the Cisco ADU and WZC.
B. Define the wireless profile in the Wireless Networks tab in WZC.
C. In the WZC utility, make sure that the box labeled “Use Windows to configure my Wireless Network Settings” is checked.
D. Uninstall the Cisco ADU.

 

Answer: C

Question 6

Which CLI command would be used on a Cisco WLC to troubleshoot mobility, rogue detection, and load-balancing events?

A. debug dot11
B. debug lwapp
C. show dot11 details
D. showlwapp details

 

Answer: A

Explanation

The debug dot11 command helps you troubleshoot 802.11 parameters, such as these:

* Mobility
* Rogue detection
* Load balancing events

(Cisco Controller) > debug dot11 ?

all Configures debug of all 802.11 messages.
load-balancing Configures debug of 802.11 load balancing events.
locp Configures debug of LOCP interface events.
management Configures debug of 802.11 MAC management messages.
mobile Configures debug of 802.11 mobile events.
rfid Configures debug of 802.11 RFID tag module.
rldp Configures debug of 802.11 Rogue Location Discovery.
rogue Configures debug of 802.11 rogue events.
state Configures debug of 802.11 mobile state transitions.

Note: Remember to use “terminal monitor” when running debugs on the AP from a Telnet session to see the result.

Question 7

The configuration of a wireless LAN controller as a RADIUS client is ensured by doing what?

A. adding the MAC address of the physical port of the controller into the trusted client table of the CiscoSecure RADIUS server
B. using an encrypted tunnel between the Cisco Secure RADIUS server and the controller
C. defining a RADIUS server secret at both the Cisco Secure RADIUS server and the controller
D. implementing an EAP exchange between the Cisco Secure RADIUS server and the controller

 

Answer: C

Question 8

A WLAN deployment will use a combination of Cisco Aironet AP 1240s and multiple Cisco 4404 Wireless LAN Controllers to provide wireless LAN access to end-users. The network administrator has decided to use DHCP Option 43 to enable the APs to discover the wireless LAN controllers. When configuring the DHCP scope, which format should be used for the Cisco WLC addresses?

A. a comma-separated ASCII string of Cisco WLC AP-manager addresses
B. a comma-separated ASCII string of Cisco WLC management addresses
C. a comma-separated ASCII string of Cisco WLC virtual IP addresses
D. a hexadecimal string of Cisco WLC AP-manager addresses
E. a hexadecimal string of Cisco WLC management addresses
F. a hexadecimal string of Cisco WLC virtual IP addresses

 

Answer: E

Question 9

The network administrator of a company makes some changes in monitor mode of the access point using a CLI session. This change affects the value of the channels that are monitored in the monitor mode. Which command has he run on the access point?

A. config advanced [802.11a | 802.11b} channel dca anchor-time value
B. config {802.11a | 802.11b} channel global auto
C. config advanced 802.11b monitor channel-list
D. config advanced {802.11a | 802.11b} channel dca interval value

 

Answer: C

Question 10

Which of the following defines the correct path to create an interface in the controller that ties to VLAN for GUESTNET users?

A. Interfaces > New
B. CONTROLLER > New interfaces
C. VLAN > Interface > New
D. CONTROLLER > Interfaces > New

 

Answer: D

Explanation

This is what you see when click into CONTROLLER > Interfaces > New

Interface_new.jpg

 

Question 11

Richard works as a network administrator for Fenco Auto Inc. The company has a wireless LAN network. All users are working on the Linux operating system. Which of the following is used to set the parameters of the network interface, which are specific to the wireless operation?

A. IPCONFIG
B. IWCONFIG
C. IFCONFIG
D. DB_CONFIG

 

Answer: B

Explanation

iwconfig is the command-line tool for Linux to work with WLANs. It is similar to the ifconfig that you would use to work with Ethernet interfaces.

Note: Linux has both command-line and GUI interface-type tools for working with WLANs. While IWCONFIG is the command-line tool, NetworkManager is the graphical user interface (GUI) tool that lets you create wireless pro-
files in Linux.

Wireless Security

February 15th, 2011 wirelesstut 2 comments

Here you will find answers to Wireless Security Questions

Question 1

Cisco Client Management Frame Protection is running on a mobility group with two controllers. Which two MFP requirements protect the network? (Choose two)

A. forces clients to authenticate, using a secure EAP method only
B. implements the validation of wireless management frames
C. requires CCXv5
D. requires the use of a non-broadcast SSID
E. requires CCXv4

 

Answer: B C

Explanation

In order to use client MFP, clients must support CCXv5 MFP and must negotiate WPA2 with either TKIP or AES-CCMP.

When management frame validation is enabled, the AP validates every management frame that it receives from other APs in the network. It ensures that the MIC IE is present (when the originator is configured to transmit MFP frames) and matches the content of the management frame. If it receives any frame that does not contain a valid MIC IE from a BSSID that belongs to an AP, which is configured to transmit MFP frames, it reports the discrepancy to the network management system.

(Reference: http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008080dc8c.shtml)

Question 2

When creating a wireless profile in the Cisco ADU and you have selected the WPA/WPA2/CCKM radio button option, what other decision must you make and then configure on this same screen?

A. the address and the server secret of the authentication device you will authenticate with
B. the encryption type
C. the EAP type to be used for authentication
D. the length and value of the pre-shared key
E. the SSID of the wireless client

 

Answer: C

Explanation

The ADU profile manager feature enables you to create and manage up to 16 profiles (saved configurations) for your client adapter. These profiles enable you to use your client adapter in different locations, each of which requires different configuration settings. For example, you may want to set up profiles for using your client adapter at the office, at home, and in public areas such as airports. After the profiles are created, you can easily switch between them without having to reconfigure your client adapter each time you enter a new location.

Cisco_ADU_Profile_Management_Security_Tab.jpg

When selecting the WPA/WPA2/CCKM radio button option you have to select the EAP type to be used for authentication too.

Question 3

What three authentication methods are generally used in enterprise wireless networks? (Choose three)

A. AE
B. CCKM
C. EAP-FAST
D. EAP-TLS
E. PEAP
F. WEP

 

Answer: C D E

Explanation

LEAP is fundamentally weak because it provides zero resistance to offline dictionary attacks. As LEAP began to gain a massive foothold on the enterprise market, a superior form of EAP called EAP-TLS (Transport Layer Security) was readily available and was completely password cracking resistant because it didn’t rely on user passwords. EAP-TLS relied on digital certificates on both the Server and the Client end to facilitate mutual authentication and secure key exchange. Unfortunately, the need for a PKI (Public Key Infrastructure) deployment on the server end and the installed user base was too great a barrier for many organizations.

To solve the need for a PKI, FunkSoftware created Tunneled Transport Layer Security (EAP-TTLS) to ease the deployment requirements by producing a standard that only required digital certificates on the authentication server end. Digital certificates were no longer needed for the client end which posed the biggest deployment barrier of all.

Similarly Microsoft, Cisco and RSA collaborated and created their own “lite”version of EAP-TLS called PEAP which in principal was the same as EAP-TTLS and also alleviated the need for client side certificates.

But many organizations don’t want to deploy a digital certificate on their authentication server because of the $300/year price tag of a publicly trusted digital certificate nor do they want to build their own Certificate Authority server or chain of servers. So many organizations still used LEAP which is very insecure.

Cisco has responded to the threat of LEAP hacking and the reluctance of most of their customers to adopt PKI-based PEAP with their so-called “PKI-free”protocol EAP-FAST.

(Reference: http://www.techrepublic.com/article/ultimate-wireless-security-guide-an-introduction-to-leap-authentication/6148551)

Question 4

A client is attached to the Cisco Unified Wireless network using controllers. When the client is using WPA2 and EAP authentication, where are the wireless encryption keys located during the active user session? (Choose two)

A. on the access point
B. on the RADIUS server
C. on the Cisco WCS
D. on the client
E. on the Cisco WLC

 

Answer: A D

Question 5

When choosing an EAP type for your Cisco ADU security profile, what must you ensure to authenticate successfully?

A. that the client and authentication server support the same encryption protocol
B. that the EAP type selected is known not to exchange any of its credentials in the clear
C. that the EAP type that you selected is supported by the authentication server
D. that the time set on the clocks for the wireless client and the authenticator are close to the same time
E. that WEP is not selected

 

Answer: C

Question 6

Which two attacks does Management Frame Protection help to mitigate? (Choose two)

A. Eavesdropping
B. Denial of Service
C. War Driving
D. Man-in-the-Middle

 

Answer: B D

 

Explanation

In 802.11, management frames such as authentication & de-authentication , association & dis-association , beacons, and probes are always unauthenticated and unencrypted. In other words, 802.11 management frames are always sent in an unsecured manner, unlike the data traffic, which are encrypted with protocols such as WPA, WPA2, or, at least, WEP, and so forth.

This allows an attacker to spoof a management frame from the AP to attack a client that is associated to an AP. With the spoofed management frames, an attacker can perform these actions:

* Run a Denial of Service (DOS) on the WLAN
* Attempt a Man in the Middle attack on the client when it reconnects
* Run an offline dictionary attack

Management Frame Protection overcomes these pitfalls when it authenticates 802.11 management frames exchanged in the wireless network infrastructure.

(Reference: http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008080dc8c.shtml)

Question 7

What security benefit is enabled by using Management Frame Protection?

A. Provides encryption of administrator sessions between a wireless client and a wireless LAN
B. Protects the network infrastructure from denial-of-service attacks that attempt to flood the network with associations and probes.
C. Prevents the formation of client ad hoc networks within the RF coverage domain.
D. Detects network reconnaissance probes, like those used by tools like NetStumbler, that attempt to discover the wireless network topology.

 

Answer: B

Question 8

The Cisco Secure Services Client suite comprises which three elements? (Choose three)

A. Cisco Secure Services Client
B. Cisco Secure Services Client Administration Utilities
C. Cisco Secure Services Client Auditor
D. Cisco Secure Services Client Desktop Configurator
E. Cisco Secure Services Client Log Packager
F. Cisco Secure Services Client Manager

 

Answer: A B E

Explanation

The Cisco Secure Services Client (SSC) is client software that provides 802.1x (Layer 2) user and device authentication for access to both wired and wireless networks.

There are three pieces of SSC software:

* The SSC itself (Cisco Secure Services Client): Client software that provides 802.1x user and device authentication for access to both wired and wireless networks.
* The Cisco Secure Services Client Administration Utilities: Allow you to create complex profiles.
* The Cisco Secure Services Client Log Packager: Connects system information for support. An administrator would create profiles using the Cisco Secure Services Client Administration Utilities, which then generate an XML file that can be deployed network-wide to all the client machines.

(Reference: CCNA Wireless Official Exam Certification Guide)

Question 9

John works as a network administrator for Web Perfect Inc. The company has a wireless LAN network. John has configured shared key authentication on a client. The client and the AP start exchanging the frames to enable authentication. Which of the following vulnerabilities may occur while the client and the AP exchange the challenge text over the wireless link?

A. Land attack
B. Vulnerability attack
C. DoS attack
D. Man-in-the-middle attack

 

Answer: D

Explanation

Man-in-the-middle attack relies on spoofing a management frame to deauthenticate or disassociate the client. The Management Frame Protection (MFP) mechanism can be used to counteract them.

Question 10

Which software is designed for both wired and wireless profile management and can access to Cisco Enterprise networks?

A. ACS
B. SSC
C. CSA
D. SSL

 

Answer: B

Explanation

The Cisco SSC is client software that provides IEEE 802.1X (Layer 2) user and device authentication, for access to both wired and wireless networks. The Cisco SSC manages user and device identity, and the network access protocols required for secure access. It works intelligently to make it simple for employees and guests to connect to a Cisco wired or wireless network.

(Reference: IUWNE Student Guide)

Wireless Control System

February 14th, 2011 wirelesstut 13 comments

Here you will find answers to Wireless Control System Questions

Question 1

Which command path correctly describes how to access the Cisco WCS 5.0 ability to troubleshoot clients?

A. Tools -> Clients -> select displayed client’s MAC address
B. Tools -> Clients -> enter client’s MAC address
C. Monitor -> Clients -> select displayed client’s MAC address
D. Monitor -> Clients -> enter client’s MAC address

 

Answer: D

Explanation

You can begin troubleshooting several ways: by entering a MAC addres sin the Client tab dashboard, by using the search function, or by clicking the Troubleshooting icon within the Client MAC Address column on the Monitor > Clients page.

Monitor_Client_MAC_address.jpg

Question 2

What information is required to add a Cisco WLC into the Cisco WCS?

A. IP address of AP manager interface
B. IP address of service port
C. IP address of management interface
D. IP address of virtual interface

 

Answer: C

Explanation

The management interface controls communications with network equipment for all physical ports in all cases. The management interface handles the AP communication. This is the only interface on the controller that reliably responds to pings when the controller is up and operational. It is the interface that the network admin uses to manage the box via Telnet, Secure Shell (SSH), web–HTTP, HTTPS, and so on.

Question 3

Using Cisco WCS v5.0, which configuration command option allows you to see a summary of all access points in the Cisco WCS database?

A. Configure -> Controllers
B. Configure -> Access Points
C. Configure ->Config Groups
D. Configure -> Chokepoints
E. Configure -> Database

 

Answer: B

Explanation

Choose Configure > Access Points to see a summary of all access points in the Cisco WCS database. The summary information includes the following:

* Ethernet MAC
* IP Address
* Radio
* Map Location
* AP Type
* Controller
* Operation Status
* Alarm Status
* Audit Status

Question 4

Which four file formats are used when importing a single campus map into the Cisco WCS 5.0? (Choose four)

A. .BMP
B. .GIF
C. .JPEG
D. .JPG
E. .PNG
F. .VSD
G. .MAP
H. .XML

 

Answer: B C D E

Explanation

Cisco WCS 5.0 supports popular image file types such as jpg, png, gif, bmp and AutoCAD files.

Question 5

How do the features that are available on the Cisco WCS for Linux version differ from those of the Cisco WCS for Windows version?

A. Assuming that there are no differences in hardware, a Cisco WCS for Linux can support up to 750 wireless LAN controllers. A Cisco WCS for Windows can support up to 250 wireless LAN controllers.
B. Cisco WCS for Windows includes support for Cisco Spectrum Expert clients. Cisco WCS for Linux does not support Cisco Spectrum Expert clients.
C. Cisco WCS for Linux is required for deployments.
D. There are no differences in features between the Linux and Windows versions of Cisco WCS.

 

Answer: D

Question 6

The existing Cisco Unified Wireless Controller is running v5.0 code for both the controllers and the Cisco WCS. A controller has been configured with an appropriate rogue rule condition to report discovered APs to the Cisco WCS. What default alarm level is used to display all rogue APs in the Alarm Summary?

A. Critical
B. Flash
C. Major
D. Minor
E. Urgent

 

Answer: D

Explanation

When Cisco WCS receives alarm messages from a controller, the Cisco WCS user interface displays an alarm indicator in the lower left corner. Alarms indicate the current fault or the state of an element which needs attention.

The default alarm level when a rogue AP is discovered is minor. If a rogue AP is detected to be connected to the enterprise network, the alarm will change the form from minor to critical.

There are four alarm levels, indicated by colors:
* Clear = no alarm
* Yellow  = minor alarm
* Orange = major alarm
* Red = critical alarm

Question 7

You work as a network administrator for Tech Perfect Inc. The company has a wireless network. You set up a Cisco 6100 series system controller in the network. After a short period, you find that the IP address assigned to the controller is unusable. Which of the following fields provides this information?

A. Rogue summary
B. Controller summary
C. Alarm summary
D. AP summary

 

Answer: C

Question 8

You are using maps in the WCS to design a wireless LAN network. You add a campus and two buildings to the map. Now you plan to add a new floor area to the first building. The floor types include cubes and walled offices, drywall office only, and outdoor open space. Which of the following do the floor types use to assist the WCS by adding these elements?

A. Electromagnetic interference
B. RF prediction
C. Site survey utility
D. RF modeling

 

Answer: D

Question 9

On which of the following web servers does WCS run?

A. Apache
B. Netscape enterprise
C. Boa
D. Zeus

 

Answer: A

Explanation

Cisco WCS is a web server, and uses Apache. It listens, by default, on ports 80 and 443 (HTTPS).

Troubleshooting Wireless Networks

February 13th, 2011 wirelesstut 19 comments

Here you will find answers to Troubleshooting Wireless Networks Questions

Question 1

What is the facility level of FTP Daemons?

A. 10
B. 11
C. 12
D. 15

 

Answer: B

Explanation

Syslog messages are broadly categorized on the basis of the sources that generate them. These sources can be the operating system, the process, or an application. These categories, called facility, are represented by integers. In other words, facility refers to the source of the message (such as a hardware device, a protocol, or a module of the system software).

The local use facilities are not reserved and are available for general use. Hence, the processes and applications that do not have pre-assigned facility values can choose any of the eight local use facilities. As such, Cisco devices use one of the local use facilities for sending syslog messages.

Question 2

Richard works as a network administrator for Fenco Auto Inc. The company has a wireless LAN network. Richard configures 802.11 authentications on all the clients present in the network. A client becomes active on the network and wants to pass traffic on the medium. Which of the following frames does the client use to search all access points in its radio range?

A. Authentication request frame
B. Association request frame
C. Probe request frame
D. Authentication response frame

 

Answer: C

Explanation

Probe request frame: A station sends a probe request frame when it needs to obtain information from another station. For example, a radio network interface cards (NIC) would send a probe request to determine which access points are within range.

Note:

Probe response frame: A station will respond with a probe response frame, containing capability information, supported data rates, etc., when after it receives a probe request frame.

Question 3

You work as a network consultant. Fenco Auto Inc. hires you to troubleshoot a communication problem and implement a functional wireless network. You check the network connection and all related issues. You find a reason why the clients do not communicate with each other, as they try to send data on the same channel at the same time. What is the best way to mitigate this problem?

A. Forces RTS/CTS control frames.
B. Remove the obstacles that are in the way
C. Reduce transmitted power of the signal.
D. Adjust the radio resources as needed.

 

Answer: A

Explanation

RTS/CTS (Request to Send / Clear to Send) is the optional mechanism used by the 802.11 wireless networking protocol to reduce frame collisions introduced by the hidden node problem.

The hidden node problem happens when two stations try to send on the same channel at the same time. If two stations are in the range of an AP but can not hear each other (because they are too far away or there is an obstacle between them), they both can start sending and the signals collide.

This is how the RTS/CTS works:

For example, station 1 has a frame to send; it initiates the process by sending an RTS frame. The RTS frame serves several purposes: in addition to reserving the radio link for transmission, it silences any stations that hear it. If the target station receives an RTS, it responds with a CTS. Like the RTS frame, the CTS frame silences stations in the immediate vicinity. Once the RTS/CTS exchange is complete, station 1 can transmit its frames without worry of interference from any hidden nodes. Hidden nodes beyond the range of the sending station are silenced by the CTS from the AP. When the RTS/CTS clearing procedure is used, any frames must be positively acknowledged.

The downsides of this method are that it slows down the network connection and that it usually sets, on a global level, for all clients in the cell.

Question 4

You work as a Network Administrator for Tech Perfect Inc. You have to implement a wireless LAN network for the company. After implementing the network, you check all the functions and find that most of its clients try to send data on the same channel at the same time. As a result, a collision occurs in the network and it affects the communication. What is the reason behind this problem?

A. The IP addresses of clients are in the same subnet.
B. The clients are not in range of one another.
C. The controller is not configured properly.
D. The access point cannot cover the required area.

 

Answer: B

Explanation

As explained at question 3, this phenomenon is called “the hidden node” problem.

Question 5

Richard works as a network administrator for Fenco Auto Inc. The company deploys a wireless LAN network but there is some problem due to the interference of signals. Which of the following tools should you use to determine signal strength, noise level, and potential sources of interference? Each answer represents a complete solution. (Choose three)

A. RSSI
B. Link Budget
C. EIRP
D. SNR

 

Answer: A B D

Explanation

RSSI is the signal strength indicator. It indicates how much power is received, usually expressed in dBm. RSSI usually a negative value, the closer to 0 the better.
SNR is signal strength relative to noise level. The higher the SNR, the better.

SNR and RSSI may be useful to detect a near/far issue or determine if the client RF conditions may be causing the issue.

The link budget determines how much power needs to be sent out of the transmitter for the receiver to get a signal that can be interpreted. It accounts for attenuation, antenna gain, and other miscellaneous losses that may occur -> it determines potential sources of interference.

Note:

Effective Isotropic Radiated Power (EIRP) determines how much energy was actually radiated from the antenna towards the main beam.

Question 6

Which two actions would you use to begin to troubleshoot an access point that fails to successfully join a wireless LAN controller? (Choose two)

A. SSH to the AP
B. SSH to the Cisco WCS
C. SSH to the Cisco WLC
D. Cisco WLC command: debuglwapp events enable
E. Cisco WLC command: showlwapp events

 

Answer: C D

Question 7

Which CLI command shows the controller configuration in a way that is similar to the way that it is displayed on Cisco IOS routers?

A. showconfig
B. show runconfig
C. show run-config
D. show runningconfig
E. show running-config

 

Answer: E

Miscellaneous Questions

February 12th, 2011 wirelesstut 6 comments

Here you will find answers to Miscellaneous Questions

Question 1

Which limitation applies to the use of the Cisco WLAN Solution Management over Wireless feature?

A. Controllers must be managed using only secure protocols (that is, SSH and HTTPS), not non secure protocols (that is, HTTP and Telnet).
B. Read-write access is not available; only read-only access is supported.
C. Uploads and downloads from the controller are not allowed.
D. Wireless clients can manage other controllers however not the same controller and AP to which the client is associated.

 

Answer: C

Question 2

What is the main advantage to using a short-range ZigBee communication device?

A. Low-power, long battery-life and secure networking
B. It will replace Bluetooth devices
C. The battery is smaller than other devices
D. Its almost as cheap as Bluetooth to operate

 

Answer: A

Explanation

The ZigBee website says: “ZigBee was created to address the market need for a cost-effective, standards-based wireless networking solution that supports low data-rates, low-power consumption, security, and reliability”.

The ZigBee data rate is low (20, 40, and 250 kb/s); compared to Bluetooth (which is up to 2.1 Mb/s).

Question 3

Study the exhibit carefully (click exhibit). You are deploying a site survey for a new implementation and see this information in Cisco Spectrum Expert. Which option is true?

Exhibit:

Cisco_Spectrum_Expert_pattern.jpg

A. The capture shows radar. It is most probably military radar because of the frequency hopping in the “Swept Spectrogram.” The workaround is to disable DFS on the AP.
B. There is general background noise of -70dBm, which is not an issue at all for an 802.11b/g deployment.
C. The location of this capture is most likely near a kitchen, because it is clear that there is a microwave oven disrupting channel 1-13. There will be some packet loss while cooking, which is not a problem, because employees will not be working during lunch time.
D. This is a typical Bluetooth pattern. The source needs to be identified and eliminated because it will affect an 802.11b/g deployment.

 

Answer: D

Question 4

CDP is being used throughout the Wirelesstut.com network. What are two reasons why the network administrator would use CDP? (Choose two)

A. To determine the status of network services on a remote device
B. To obtain the IP Address of a connected device in order to telnet to the device
C. To verify the type of cable interconnecting two devices
D. To verify Layer 2 connectivity between two devices when Layer 3 fails
E. To obtain VLAN information from directly connected switches
F. To determine the status of the routing protocols between directly connected routers
G. To support automatic network failover during outages

 

Answer: B D

Question 5

CDP is running between two devices. What information is supplied by CDP? (Select three)

A. Device Identifiers
B. Capabilities list
C. Platform
D. Route identifier
E. Neighbor traffic data

 

Answer: A B C

Share your CCNA Wireless Experience

February 11th, 2011 wirelesstut 486 comments

Please share with us your experience after taking the CCNA Wireless 640-721 exam, your materials, the way you learned, your recommendations…

Your posts are warmly welcome!

Please don’t ask for links to download copyright materials here…