CCNP Wirless

1.1. Describe Extensible Authentication Protocol (EAP) authentication process
1.2. Configure client for secure EAP authentication
1.2.a. Native OS (iOS, Android, Windows, MAC OS, year 2013+) or AnyConnect client
1.3. Describe the impact of security configurations on application and client roaming
1.3.a. Key caching
1.3.b. 802.11r
1.4. Implement 802.11w Protected Management Frame (PMF) on the WLAN
1.4.a. Client support
1.4.b. PMF modes
1.4.c. Relevant timer settings
1.5. Implement Cisco Management Frame Protection (MFP)
1.5.a. Cisco Compatible Extensions (CCX)
1.5.b. Infrastructure mode
1.5.c. Client and infrastructure mode
1.6. Describe and configure client profiling
1.6.a. ISE
1.6.b. WLC

2.1. Describe the impact of BYOD on wireless security

• 2.1.a Additional security risks
• 2.1.b Loss of device control
• 2.1.c Increased complexity of policy enforcement

2.2. Implement BYOD policies

• 2.2.a. Single vs dual SSID
• 2.2.b.Self registration
• 2.2.c. mDNS sharing
• 2.2.d.Wi-Fi Direct

2.3. Implement AAA based Layer 3 security on the controller

• 2.3.a. Local Web Auth (LWA)
  • 2.3.a.[i] External authentication)
  • 2.3.a.[ii] Locally significant certificates
  • 2.3.a.[iii] Pre-authentication ACL
  • 2.3.a.[iv] Pass through configuration

2.4. Describe regulatory compliance considerations for protecting data and access and providing accountability

• 2.4.a. PCI

2.5. Utilize security audit tools for Distribution Systems

• 2.5.a. PI reports
• 2.5.b. PCI audit

3.1. Implement 802.1x wireless client authentication

• 3.1.a. AireOS
  • 3.1.a.[i] Local
  • 3.1.a.[ii] Central
• 3.1.b. IOS-XE
• 3.1.c. Autonomous
  • 3.1.c.[i] Local authentication
  • 3.1.c.[ii] Remote authentication
• 3.1.d. FlexConnect
  • 3.1.d.[i] Local authentication
  • 3.1.d.[ii] Remote authentication

3.2. Implement Identity Based Networking (IBN)

• 3.2.a. AireOS
  • 3.2.a.[i] VLANs
  • 3.2.a.[ii] QoS
  • 3.2.a.[iii] ACLs
• 3.2.b. IOS-XE
  • 3.2.b.[i] VLANs
  • 3.2.b.[ii] QoS
  • 3.2.b.[iii] ACLs
• 3.2.c. Autonomous
  • 3.2.c.[i] VLAN
• 3.2.d. FlexConnect
  • 3.2.d.[i] VLAN
  • 3.2.d.[ii] ACLs
  • 3.2.d.[iii] QoS

3.3. Implement ISE AAA parameters for integration with the wireless network

• 3.3.a. Network device
• 3.3.b. IBN profile

3.4. Implement AAA based Layer 3 security using ISE

• 3.4.a. Utilizing ISE as AAA service
  • 3.4.a.[i] Locally significant certificates on ISE
  • 3.4.a.[ii] Using captive portal capabilities for guest access
• 3.4.b. Central Web Auth (CWA
  • 3.4.b.[i] Returned values and overrides
  • 3.4.b.[ii] Access accept
  • 3.4.b.[iii] AAA override statement

3.5. Configure MSE based web authentication

3.6. Utilize security audit tools for client connectivity

• 3.6.a. PI reports
• 3.6.b. PCI audit

4.1. Controlling administrative access to the wireless infrastructure

• 4.1.a. RADIUS
• 4.1.b. TACACS
• 4.1.c. Controller and ISE integration
• 4.1.d. Access point administration credentials

4.2. Configure APs and switches for 802.1x access to the wired infrastructure

• 4.2.a. Controller based
• 4.2.b. Autonomous

4.3. Implement SNMPv3 on the wireless infrastructure

• 4.3.a. AireOS
• 4.3.b. IOS-XE
• 4.3.c. Autonomous

5.1. Execute Security reports on PI

5.2. Perform Rogue Management

• 5.2.a. Rogue Containment on WLC and PI
• 5.2.b. RLDP on WLC and PI
• 5.2.c. SwitchPort tracing on PI
• 5.2.d. Location on PI
• 5.2.e. Rogue Rules on WLC and PI

5.3. Monitor rogue APs and clients

• 5.3.a. PI Maps
• 5.3.b. Controller

5.4. Monitor Alarms

• 5.4.a. 2 items
• 5.4.b. PI Security Tab
• 5.4.c. Controller Trap Logs

5.5. Identify RF related Security interferers on WLC and PI Maps

• 5.5.a. Jammers
• 5.5.b. Inverted Wi-Fi
• 5.5.c. Wi-Fi invalid channel

5.6. Implement wIPS

• 5.6.a. Enhanced Local Mode (ELM)

1.1 Identify business and RF application needs
1.2 Identify client density, capabilities and their impact on the wireless network
1.2.a Client quantity, radio type, spatial streams
1.3 Identify the challenges of setting up a wireless network by various vertical markets
1.4 Describe required site survey documentation
1.4.a Customer questionnaire
1.4.b Floor plans & their quality
1.4.c Describe the deliverables of the site survey
1.5 Identify coverage area requirements
1.5.a Mesh
1.5.b High density
1.5.c Security sensitive
1.5.d Real time applications

2.1 Describe impact of regulatory domains
2.1.a Mesh
2.1.b Channel and power
2.1.c Multi-national deployments
2.2 Identify deployment location safety considerations
2.3 Identify the impact of customer aesthetic limitations on the installation
2.4 Assess the existing wired and wireless infrastructure
2.4.a Determine high-throughput and very high throughput (VHT) protocol (n/ac) impact
2.4.b Determine existing wireless infrastructure if required
2.5 Identify impact of material attenuation
2.5.a Walls, cubicles, and the likes
2.5.b Single/multi-floor
2.5.c Campus
2.5.d Warehouse/retail
2.5.e Subtitle number 2.2

3.1 Select the criteria used for coverage design

• 3.1.a Data vs voice vs video vs location

3.2 Demonstrate the impact of frequency planning in a high density environment

• 3.2.a Band select for high density
• 3.2.b Optimize 2.4 GHz radio utilization
• 3.2.c Legacy devices
• 3.2.d Channel width

3.3 Use PI and Ekahau planning tools to make network plan

• 3.3.a Enter network requirements in the tool
  • 3.3.a.[i] Capacity requirements
  • 3.3.a.[ii] Coverage requirements
• 3.3.b Define the environment
  • 3.3.b.[i] Maps and scale
  • 3.3.b.[ii] Types of RF obstacles
• 3.3.c Place and configure simulated APs and antennas
  • 3.3.c.[i] Place simulated APs (manual, automatics)
  • 3.3.c.[ii] Adjust APs and Antennas / AP TX power height and down tilt
• 3.3.d Analyze key network metrics using heat maps for 2.4 and 5GHz
  • 3.3.d.[i] Analyze coverage, SNR, and channel overlap
  • 3.3.d.[ii] Analyze AP placements in regards to real time handoffs around corner

4.1 Identify the appropriate site survey equipment and access requirements based on environmental needs

4.2 Complete the Layer 2 site survey for indoor, and outdoor MESH environments

• 4.2.a Select proper AP and antenna for conducting site survey
• 4.2.b Configure AP
• 4.2.c Survey for worst case client

4.3 Complete Layer 1 survey (Cisco CleanAir, Metageek Chanalyzer)

5.1 Verify RF coverage

• 5.1.a Utilize tools (Ekahau) for audit
• 5.1.b RRM, controller
• 5.1.c Analyze SNR, channel overlap, and packet loss

5.2 Verify network applications and performance

• 5.2.a Apply PI tools (voice readiness, location readiness, site calibration)

5.3 Reconcile any deployment issues

5.4 Assemble and deliver installation report to customer

• 5.4.a Indoor
• 5.4.b Outdoor MESH

6.1 Determine physical infrastructure requirements

• 6.1.a AC Power and POE
• 6.1.b Understand cable plant considerations
• 6.1.c Mounting considerations: NEMA
• 6.1.d Outdoor grounding and lighting protection
• 6.1.e Rack capacity
• 6.1.f Switch port capacity

6.2 Determine logical infrastructure requirements

• 6.2.a Determine AP count, controller count, and license requirements
• 6.2.b Decide the type of architecture for the deployment

6.3 Describe IPv6 optimization on the WLC

• 6.3.a RA filter
• 6.3.b DHCP Server guard
• 6.3.c DHCPv6 Source guard

7.1 Describe the relationship between real time applications & the wireless networks
7.1.a Packet Error Rate (PER)
7.1.b RF Coverage
7.1.c Bit Error Rate (BER)
7.1.d QoS
7.1.e Call Admission Control (CAC)
7.1.f Client roaming decision algorithm
7.2 Describe voice and video as they apply to the wireless network
7.2.a Device capabilities (hardware and software)
7.2.b Call setup/data flow overview
7.2.c Other wireless voice and video services (i.e. Jabber, Lync, Skype, Viber, Facetime)
7.2.d Standards and WIFI Alliance (WFA) certifications (.11r, .11e, .11n/ac, .11k, CCKM, voice enterprise, voice personal, WMM, UAPSD)
7.2.e Cisco Compatible Extensions (voice features)
7.2.f Voice and video codecs
7.2.g Skinny Client Control Protocol (SCCP)
7.2.h Session Initiation Protocol (SIP)
7.3 Describe real time applications (other than voice and video) as they apply to the wireless network
7.3.a Session based and non-session based
7.3.b Roaming sensitivity
7.3.c Disconnection issue
7.4 Design wireless roaming parameters for supporting real time applications
7.4.a 802.11 r/k, CCKM, OKC, mobility groups, interface groups,
7.4.b Tuning RF parameters
7.4.c AP placement considerations
7.5 Design wireless parameters for supporting real time applications
7.5.a Minimum speed requirements-RSSI and SNR
7.5.b Client transmit and receive sensitivity / mismatch with AP
7.5.c Cell overlap requirements
7.5.d Cell separations
7.5.e Traffic control and management, QoS, VLAN, WMM, AVC
7.5.f Delay and jitter requirements
7.5.g CAC and TSPEC
7.5.h Spectrum
7.5.i 802.11n/ac enhancements
7.5.j Concurrent client connections
7.5.k Band select

1.1 Describe and implement general considerations for wired QoS
1.1.a Configurations
1.1.b DSCP/IP precedence to 802.1p mapping
1.1.c Voice VLAN
1.1.d Trust boundaries
1.2 Describe and implement the appropriate wireless QoS deployment schemes
1.2.a 802.11e / WMM
1.2.b Mapping-wired to wireless
1.2.c Alloy QOS
1.3 Configure infrastructure QoS for wireless clients
1.3.a CAC
1.3.b TSPEC
1.3.c EDCA parameters
1.3.d Queues
1.3.e Bandwidth control and override
1.4 Implement AVC
1.4.a Configure AVC
1.4.a.[i] Profiles
1.4.a.[ii] Netflow/NBAR2
1.4.b Monitor AVC
1.4.b.[i] Controller
1.4.b.[ii] PI

2.1 Describe general multicast concepts

• 2.1.a PIM
• 2.1.b Cisco Group Management Protocol
• 2.1.c IGMP snooping
• 2.1.d RP

2.2 Describe implications for multicast in 802.11

• 2.2.a Highest mandatory data rate
• 2.2.b Unicast and multicast modes
• 2.2.c Roaming
• 2.2.d Controllers having same CAPWAP multicast group
• 2.2.e Video stream (reliable multicast)
• 2.2.f mDNS

2.3 Configure multicast in a wireless network

• 2.3.a Infrastructure multicast group
• 2.3.b IGMP snooping on the controller
• 2.3.c Video stream (reliable multicast)
• 2.3.d Switch peer group / Mobility group multicast

2.4 Configure mDNS

• 2.4.a mDNS gateway
• 2.4.b LSS
• 2.4.c Service advertisement
• 2.4.d MAC priority
• 2.4.e AAA override
• 2.4.f ISE portal
• 2.4.g Static advertisements on converged access
• 2.4.h mDNS profiling

3.1 Design for High Density

• 3.1.a High client count (high capacity)
• 3.1.b High AP count (high density)

3.2 Implement RXSOP

3.3 Implement enhanced roaming

3.4 Implement AP Groups

• 3.4.a RF profiles

3.5 Implement interface groups

3.6 Implement client limits

• 3.6.a Per Radio
• 3.6.b Per WLAN
• 3.6.c Per Interface

4.1 Describe the impact of client VLAN assignment on mobility

• 4.1.a AP group VLANS
• 4.1.b Identity based networking

4.2 Minimize inter controller roaming

4.3 Describe mobility control plane architectures

4.4 Describe mobility tunneling process

• 4.4.a Formation
  • 4.4.a.[i] Ability to identify the tunnels created
• 4.4.b Tear down
• 4.4.c Messaging
• 4.4.d Handoff types

4.5 Implementing client mobility

• 4.5.a Switch Peer Group (SPG)
• 4.5.b Mobility groups
• 4.5.c Mobility lists
• 4.5.d Anchoring
• 4.5.e Virtual interface continuity
• 4.5.f Mobility Optimization (11k/11v)
• 4.5.g Verify resulting mobility tunneling structure

5.1 Describe Cisco MSE capabilities and integration with wireless network architecture

• 5.1.a Context aware
• 5.1.b Adaptive wireless IPS
• 5.1.c Analysis
• 5.1.d CleanAir
• 5.1.e Scalability

5.2 Describe location techniques

• 5.2.a Angulation
• 5.2.b Cell of origin
• 5.2.c TDoa and ToA lateration
• 5.2.d RSS lateration
• 5.2.e Pattern recognition
• 5.2.f RF Fingerprinting
• 5.2.g Compare probe based location vs data frame based location
• 5.2.h Bluetooth Low Energy (BLE)

5.3 Identify the relevant parameters required Initialize MSE for network operations

5.4 Implement base location services

• 5.4.a Calibration procedure
  • 5.4.a.[i] PI based
  • 5.4.a.[ii] Ekahau based
• 5.4.b Complex environments
  • 5.4.b.[i] Mixed use environments
  • 5.4.b.[ii] Complex RF environments
  • 5.4.b.[iii] Small areas ( i.e new presence capabilities)
  • 5.4.b.[iv] Multi-floor facilities
  • 5.4.b.[v] Recalibration
• 5.4.c NMSP
• 5.4.d Synchronization
• 5.4.e History parameters
• 5.4.f Tracking parameters
  • 5.4.f.[i] Active RFID tag
  • 5.4.f.[ii] WiFi-Devices
  • 5.4.f.[iii] Active Interferes
  • 5.4.f.[iv] Rogue devices

5.5 Implement advanced location services

• 5.5.a Analytics
  • 5.5.a.[i] Location (zone based)
  • 5.5.a.[ii] Presence (site based)
• 5.5.b Visitor connect
• 5.5.c Describe AppEngage
• 5.5.d Facebook for Wi-Fi
• 5.6 Integrate MSE with PI
• 5.6.a Identify the relevant components to integrate the MSE with PI
• 5.6.b Identify the relevant steps to Integrate MSE with PI
• 5.6.c Identify the relevant steps required to Maintain MSE

6.1 Compare and contrast the components of FlexConnect architecture

• 6.1.a Local switching vs Central switching
• 6.1.b Local Auth vs Central Auth
• 6.1.c Connected mode vs Standalone mode

6.2 Describe and implement the capabilities of a FlexConnect group

• 6.2.a VLAN mapping
• 6.2.b ACLs
• 6.2.c AP Image upgrade
• 6.2.d Authentication and key management
• 6.2.e Central vs Local DHCP

6.3 Describe the impact of FlexConnect architecture on roaming

• 6.3.a ACLs
• 6.3.b Authentication
• 6.3.c Key management
• 6.3.d Real time application

6.4 Describe and implement Office Extend operation

• 6.4.a Configuration
  • 6.4.a.[i] Controller
  • 6.4.a.[ii] AP
• 6.4.b Split tunneling for printing and general traffic

7.1 Configure the wireless network for high availability

• 7.1.a LAG vs Port based
• 7.1.b Backup primary and backup secondary outside of mobility group
• 7.1.c Anchor controller redundancy

7.2 Configure high availability for the AP

• 7.2.a AP fallback
• 7.2.b AP prioritization
• 7.2.c Legacy primary ,secondary, and tertiary

7.3 Configure high availability for the Controller

• 7.3.a AireOS
  • 7.3.a.[i] Stateful switch over (SSO)
• 7.3.b IOS-XE
  • 7.3.b.[i] Stateful switch over (SSO)
  • 7.3.b.[ii] Stacking

8.1 Describe the following MESH AP modes of operation

• 8.1.a RAP
• 8.1.b MAP
• 8.1.c Flex on MESH

8.2 Describe the considerations for a MESH deployment

• 8.2.a Hop count
• 8.2.b Backhaul caveats
• 8.2.c AP authorization
• 8.2.d Outdoor RF considerations
• 8.2.e VLAN transparent bridging

8.3 Describe the convergence of a MESH network

• 8.3.a Cisco AWPP
• 8.3.b Bridge group names
• 8.3.c Parent selection
• 8.3.d Fast convergence modes
• 8.3.e Re-convergence

8.4 Implement workgroup bridge

• 8.4.a Proprietary
  • 8.4.a.[i] Reliable multicast
  • 8.4.a.[ii] Roaming
• 8.4.b Universal

8.5 Describe the passive client feature

• 8.5.a No IP address learning
• 8.5.b Third party WGB support

1.1 Apply the appropriate trouble shooting methods to identify an issue
1.1.a Bottom up
1.1.b Top down
1.1.c Divide and Conquer
1.1.d Shoot from the hip
1.2 Utilize the appropriate tools to assist in isolating an issue
1.2.a Interpret Show commands
1.2.b Interpret Debug commands
1.2.c Interpret Config analyzer output
1.2.d Interpret Sniffer traces
1.2.e Interpret Spectrum analysis
1.2.f Interpret Ekahau output

2.1 Resolve controller discovery issues

• 2.1.a Compare controller discovery methods
• 2.1.b Analyze Controller selection method

2.2 Resolve DTLS session establishment issues

2.3 Resolve AP Joining issues

• 2.3.a Analyze join phase issues
• 2.3.b Analyze configuration phase issues

3.1 Identify and resolve authentication issues

• 3.1.a Identify 802.11 issues
• 3.1.b Analyze external EAP issues
• 3.1.c Resolve local EAP issues
• 3.1.d Resolve WebAuth issues

3.2 Identify RF signal issues

• 3.2.a Analyze poor RSSI/SNR issues due to AP-client positions
• 3.2.b Evaluate degraded RF conditions in the cell
• 3.2.c Evaluate excessive retries
• 3.2.d Resolve poor roaming performances (client stickiness or cell overlap issues)

3.3 Resolve supplicant configuration issues – (iOS, Android, Windows, MAC OS, year 2013+)

3.4 Troubleshooting autonomous AP links

• 3.4.a Troubleshooting work group bridge connectivity
• 3.4.b Troubleshoot WGB roaming issues
• 3.4.c Evaluate AP to AP EAP authentication issues
• 3.4.d Resolve root and non-root connectivity issues

4.1 Identify and mitigate rogues

• 4.1.a Characterize rogue clients and rogue access point
• 4.1.b Implement rogue mitigation techniques

4.2 Manage non-802.11 interferences

• 4.2.a Detect and characterize non-802.11 interferences
• 4.2.b Evaluate interference zone of impact
• 4.2.c Assess interference security severity

5.1 Characterize roaming issues

• 5.1.a Identify client stickiness
• 5.1.b Mitigate ping pong effect
• 5.1.c Resolve cross-band roaming issues

5.2 Evaluate throughput and data rate issues

• 5.2.a Identify rate shifting issues
• 5.2.b Evaluate incompatible client requirements vs AP settings

5.3 Identify the source of poor user experience

• 5.3.a Evaluate L2 issues vs upper Layer issues
• 5.3.b Identify cell design issues
• 5.3.c Mitigate Overlapping Basic Service Sets (OBSS) issues in high density designs
• 5.3.d Resolve channel planning issues

6.1 Identify DHCP - DHCPv4 / DHCPv6 issues

6.2 Identify DNS issues

6.3 Identify VLAN issues

6.4 Analyze end to end IP connectivity issues

6.5 Assess POE issues

6.6 Describe stacking as it related to wireless licenses and WCM role

7.1 Troubleshoot primary, secondary, tertiary controller join issues

• 7.1.a Resolve configuration mismatch
• 7.1.b Address capacity and capability mismatch

7.2 Troubleshoot Stateful Switch Over (SSO) issues

• 7.2.a Resolve primary and backup communication issues
• 7.2.b Assess primary and backup unsynchronized elements
• 7.2.c Analyze AP and client failover process