Archive for June 2011
Probably the most common 802.11 management frame is the beacon frame. This frame is broadcasted from the AP listing the capabilities of the WLAN, but what exactly is listed? Let’s take a quick look.
Here we can easily make out some of the capabilities of the WLAN, for example the SSID is probably going to be the first thing you notice TestSSID in this case, this is what provides the name of the WLAN. As you know SSID broadcasting can be disabled (Also called Closed System) at which point the SSID field will be blank.
Next we will take a look at the what data rates are supported by this WLAN:
Here you can see the a few supported data rates and the extended supported data rates. This tells us the WLAN is capable of supporting both 802.11b and 802.11g WLAN clients. You’ll notice the Data rate of 5.5 has a (B) next to it, it just so happens 5.5 is set a mandatory data for this WLAN, so if a WLAN client can not support a data rate of 5.5 it will not be able to successfully authenticate and associate to the WLAN.
Next up we are going to at the RSN (Robust Security Network) information for this WLAN.
As you can see from the RSN Information element (IE), this WLAN is 802.11i compliant, showing it’s capable of AES/CCMP which means your WLAN clients will need to support 802.11i/WPA2 with AES in order to successfully communicate with this WLAN.
A few other noticeable features we can find in this beacon frame is the WLAN supports High-Throughput (HT), which is 802.11n (Draft 1 in this case). So this is an 802.11b/b/n WLAN in the 2.4 GHz RF range.
This access point did not have multiple antennas attached to it, which is why the TxBF and ASEL capabilities are currently at 0x0000 and 0x00.
You will also notice in the 6th line down that the WLAN is 802.11e compliant meaning some QoS will be performed, and the line after that states: no non-ERP STA’s, do not use protection this states no 802.11b clients are currently connected only 802.11g WLAN clients are currently connected to this WLAN so protection mechanism’s are not in use.
Now, at the end of the beacon frame you will notice all this Unknown information, as you have probably guessed (or read) this information is vendor specific, which is common for every vendor to have put their own proprietary information within the Beacon frames. The main thing is make sure this extra information does not create its own incompatible issues with older WLAN client devices.
So in conclusion there’s a basic Cisco WLAN beacon frame, it should be a mirror image of the configuration for your WLAN. Looking at the beacon is just a simple way to make sure the WLAN is doing what’s it’s configured to do.
As I was going some switch configuration guides I stumbled upon something that caught my attention macros. These macros allow you to create a set of commands that are issued to the device anytime you apply the macro.
Now these macros are very open ended, and have a host of potential uses. For example if you needed to change the management address of switch in a remote location simply create a macro that will do it for you. This way even though you will lose connectivity to the switch the macro still runs because the commands are being issued by the switch not by you from your computer, thus the new IP address is applied allowing you to connect back in using the new IP address. You can also use these to configure ports. Simply create a macro that will enable various features like portfast, port-security, rootguard, storm control, etc then head into interface config or interface range config mode and apply the macro, its an even quicker way to apply the same configuration to multiple ports this can also assist you with enforcing a uniform configuration to these ports leaving out human error (in case you configure ports manually one by one or continually configure small groups of ports using the interface range command).
You can also set variables in your macros, variables are assigned using the $ followed by the variable name. So let’s just say you created a macro that will reset a port that has been disable due to a port security violation you can set the interface as variable within the macro, now when you apply the macro simply specify the value of the variable.
See the below macro:
macro name psecrst do clear port-security stick int $int int $int shut no shut end sh int | include err-dis @
Note: Macros are created from configuration mode.
The key points with defining the above macro are the following, the name of the macro in this case the name is psecrst (short for port security reset, but you can name macro’s whatever you want), then you input the commands in the format and order needed to accomplish what you want successfully. Something to keep in mind is the commands will be issued from configuration mode (config) so if some commands needs to be issued in different modes you will need to account for that. You can also see I specified the variable at $int so I am able to specify whatever interface I need to in order for this macro to work correctly. When you are finished putting the commands in your macro you finish the macro by inputting the @ symbol.
To apply a macro we can issue the following command:
macro global apply psecrst $int fa0/2
As you can see after I specify the macro name I then start calling the variables (and you can have more then one variable in a macro) followed by the desired value of the variable. So in this case I specified fa0/2 as the variable so when the macro runs it resets port fa0/2.
Now if you run a macro and you are not getting the results you were expecting you apply the macro using this command
macro global trace psecrst $int fa0/2
Here we specified the keyword trace instead of apply this tells the switch to show you the commands as they are being issued.
I’ve attached the below screen captures:
I’ve added a new page to the blog, Study Notes. In this section I will be posting the notes I take while studying for different topics. Now my notes are usually pretty rough and right to the point I take the notes in evernote so I can read them anywhere. Currently I have my CWNA Security Objective notes there, next up will by notes for the Site Surveying Objective. I’m hoping to tackle one CWNA objective a week.