Hi Raul,
3.2: I too think web mandatory or cipher wep40 should be used else
nothing can connect.
3.2: I think literally, the question is asking for configuration for
the highest level of encryption which cckm can support. And this is
indeed aes-ccmp. Without wpa key management, cckm can also run with
aes but i suppose only cckm capable clients can connect, such as ip
phones. I could be wrong about the last part but my own testings
suggest so. However, wds needs to be functioning.
3.6 Agree with you on this. But maybe Jason can clarify.
Alvin
Quoting Raul Manzano <[email protected]>:
Hi guys.
Making the tasks about the lab 3 I have some doubts about the solution done.
Point 3.2: For the configuration of SSID Test2 on AAP2: "The least version
of WEP encryption, using a key of...."; if you are talking about the "wep
encryption" Why don't also use the command" encryption vlan Test2 mode wep
mandatory"? because if not, you only pass a passphrasse to "authenticate"
but your traffic without this command is not cipher with WEP.
Point 3.2: For the configuration of SSID Test6 on AAP1: "Use the highest
encryption level allowed for CCKM for the version of software on the AP". In
the SSID configuration, Why not "authentication key-management wpa cckm"?.
If you are using the "highest" (aes in this case) and CCKM I think this is
correct, unless the meaning of this command is allow both WPA and CCKM
key-management allowing non CCKM clients to connect . Is this OK?
Point 3.6: "On AAP2, only permit the laptop to connect". if you use in int
d0 "l2-filter bridge-group-acl" and apply in all the sub-interfaces the
command "bridge-group xx input-address-list 700" you should apply the same
commands to 5Ghz radio, because is only applied to the sub.interfaces but
not in "d1" interface (I'm assume this is a mistake).
Thanks.
Best Regards.
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
