53. Control and Provisioning of Wireless Access Points ( CAPWAP)
We have discussed the access point and the controller they have to communicate with. So how they are going to communicate is by building the cap-wrap tunnel. You can see the full form of CapWAP control and wireless access point provisioning. And there are so many RFCs that you can go to and refer to. You can see that the cap app is defined in these RFCs (541-516-1718), where you can go and learn more about this cap VAP tunnel. So let’s read this as a cap, a shot, but you can also see the full form. Now that the lightweight access point and the WLC are forming the tunnel in between, we have two different types of channels. We have a channel for control messages, or a control plane, and then we have a channel for a data plane as well.
Now, if you correlate this with the SD van, we are thinking now that we are using the STN, SDWAN, and ST LAN solutions. However, because WLC is an old technology that uses the concept of STM, such as Cisco Prime, other mechanisms for managing the infrastructure were also available. In terms of that, we have some central authority that manages the infrastructure, like SD or SD1, etc. For if you go and learn more about the captain’s information, you’ll discover that the tunnel being built between the WLC and the rest of the APS has exactly the same type of certification process that we’ve seen in the cases of Vsmart, the control plane device, and Vedge, the data plane device. As you can see, they’re using UDP port 5246 and a secure, authenticated DTL tunnel. In the case of SDB, we are aware of this, and we have two options: TCP or UDP. Most of the other SDN technology uses UDP-based IPsec tunnels or UDP-based tunnels. In our WLC, we are using a UDP-based control panel and data channel. Now, DTLs are optional for the data channel, implying that the secure tunnel is optional. That means at least the encryption is optional. If we want, we can use; if we don’t want, we don’t. So you can see that, but they are not encrypted by default. So tunnel in between them. So the tunnel is there, but the encryption is optional. If you want, you can use it. Now here, you can see that we have two tunnels. We have the data tunnel and the control channel, and in this manner, the access points will go and communicate with the WLC. That’s one part.
Now, what will happen in this case; what is going on behind the scenes? So these tunnels that we are seeing in between the WLC and the access point are using IP addresses. So that means they are IP-based kennels, since they are IP-based tunnels. So what can they do? And there are two things. First thing. that the VLAN So, obviously, whatever VLAN I have in the distribution system is connected to a switch. So the VLAN information is passed through the tunnel to the AP’s access point, and the SSID information is passed through the distribution system to the switches. Okay? So in that way, the communication will happen. So you don’t need a trunk link here. So that’s why you can see that I have the access link, so I don’t need the trunk link. And then I have to do incancellation for one queue, et cetera, et cetera. But that’s the enhancement, because you’re creating the tunnel. So obviously, it will send and receive the package depending on the tenant source and destination. The tenant source and destination in this case are the AP’s IP addresses. And suppose you have a greater number of channels, in other words, if you have a greater number of access points, you will have a greater number of channels, and communication will proceed as follows. So this is the communication channel that we have, okay? So now that you have the WLC, what are the rules and what are the activities that the WLC can do? So WLC can go and do the dynamic channel assignment, transmit, power optimization, self-healing, wireless coverage, flexible client roaming, dynamic client load balancing, RF monitoring, security parameters, QS parameters, et cetera, et cetera.So whatnot means we can do a number of things from WLC because that is the brain I have; that is the central mechanism to manage all the lightweight access points, right? Then you can see that we can do the wireless intrusion protection system as well. So this is the typical and use case of the Cab app. And this is the mechanism by which the WLC is talking to the access points.
54. Centralized wireless Network Architecture & Flexconnect Wireless Network Archite
Let us continue our discussion and learn about the centralised wireless network architecture and the Flesh Connect architecture. Now we know at this point in time that the WLC and the AP are going to have the Cap mapchannel in between them, and then the communication will happen. Now, before moving further, you can go and check the comparative chart of the different types of WLCS that we have in Cisco. So, for example, I have taken a snapshot from one of the links from Cisco. Here we can clearly see that we have different types of WLC for different purposes, although we also have a virtual controller as well.We have a controller for ISR G 2, starting at 5003, progressing to 650, 8500, and 9000. Now we have the 9800 WLCS as well.
If we have a larger number of users and you want to manage a larger number of lightweight access points, then obviously we have to move and we have to go to the higher end of WLC. So it’s just the evolution of WLC: how many clients we have, how much APS we have, what security features we have (Flex, Connect, QS, et cetera). Depending on that, we can go and choose one of the WLCs for our organization. Now once we are done with that, we can go and apply the WLC, and we can connect the APS with the WLC. That’s the overall idea. And then the traffic will start flowing. Now we have a centralised solution that all these devices will use to connect to or create a channel with WLC. At this point, we can pretty much assume that this is a hub-and-spoke topology, with the hub serving as the WC and the spokesperson constructing the tunnel with the hub. Now there is one problemwith this particular architecture. We’ll discuss that problem and the solution as well. Before coming to the problem, you can see that since you have your central authority, you can manage everything related to access points.
As a result, the user identity, to which the WLC is also linked, is communicating with each other about user profiles and roaming profiles. User identity, user service, or user interaction So what are the user and its roaming capabilities that can be managed from one place because everything is managed from one place? So that’s the power we have. We have the centralised authority to manage everything. Next in this diagram, you can see that although the physical architecture is the same, the movement of data along the physical path is different. So here you can see that the actual movement of the data will be from switch one to two, and three ensures that in between you may have a number of switches. On top of that, you have created the Cab app channel. So again, you can see that from the access point for the distribution system or the core layer switch. I have the Cab web channel, and then the traffic can go, but the physical movement or the data traffic movement where the link is will be different.
So that’s one interesting thing we have. Although we are not concerned about the configuration, what is the trunk VLAN passing to the intermediate devices? Correct? As a result, we can conclude that those are temporary devices. On top of that, I have Metano. As you can see, you have a benefit. Now, what is the disadvantage? What disadvantages do we have? Now, if you see this diagram, you’ll find that although I am local to this access point, that is highlighted, so let me quickly highlight that. So I am local to this particular access point, and I should not go to my hub and then come back, or I should not go to my centre location and come back. Although I am capable of handling local traffic movements, So here’s the issue: if you don’t provide local intelligence, the traffic will continue to flow. They will go and table this taxi webchannel, then they will go to the Central Authority and return. What’s the solution? The solution is the Flex Connect wireless architecture. From the diagram, we can see what will happen in Flex Connect. So we have two types of architecture. First is the split. Mac Split Mac means you have your own centrally operated WLC. You can go to WLC and come back again; you can see that you have cabbage, and again, the same thing you can see in the other diagram as well.
So you can go to the WLC. And then suppose you’re going there because you have local printers on the switch system. However, if you use the Flex Connect feature, it will provide the device with local intelligence. So what does it mean? It simply means that for local transmission you will not go and use the Capex panel, although you can go and directly use the printer because reaching this path is easy. As the diagram shows, the traffic path during Flex Connectlocal switching is local. That’s the power we have with FlexConnect. We have a small tip here: Flex Connect was previously known as a hybrid remote edge access point with an edge rip feature to maintain connectivity between WS and brandside lanes, and the Van link should have a round trip latency of less than 300 milliseconds for normal data and less than 100 for the realtor and traffic. So the concept, the idea behind it, is that when we are doing the Flex Connect architecture, at that time we can do the local switching.
55. Implementing Controller-based Deployments
Next, we have to learn about how we can implement the controller. Before that, we should understand what type of interfaces and ports are available inside the WLC and what the connectivity will be from the WLC to the switches. We have four different types of ports. We have service ports, distribution system ports, console ports, and redundancy ports. Now the service port will be used for out-of-band management, system recovery, and initial boot. This will always serve as the access point. So we are going to use this for management. Then we have the most important port, which is the distribution system port. We know this thing: that distribution system port means that the WLC you are connecting with the switch Now we have the capability and the feature that we can do the aggregation, we can use the leak aggregation protocol, and we can group those interfaces and connect with the switch. These ports are always 80 2.1Q because, once again, we will be passing multiple valence information via the WLC. Then we have the console port, which we can connect for recovery, initial boot, etc. And finally, in case we need multiple WLCs for Latin, we have the latest. Now here in the diagram, you can see that we have the distribution system.
Obviously, the WLC is connected to the switch, and that’s why you have the distribution port. You can have the link aggregation group. The service port is for outer band management; you have the console port, and if you want to have multiple WLCs, we can use the redundant port as well. Then from WLC to AP, we have the capacity, and then the information will go and get exchanged. Now, this is one type of port we have. Again, we’ll discuss more about other port analogies as well. At this point in time, we know that the AP and the WSC will go and form the Cabbage Tunnel, the distribution port. We should enable the two one-cubes, and we should also do the link aggregation protocol, or link aggregation, between the WLC and the distribution switch. All right, so as for the model, you can see which model has the distribution port and service port listed here in the table. Again, if we have a larger number of APS, we should check the higher end of the controller. The capability will increase, the throughput will increase, and the overall performance will improve, but the cost will also get increased.Now, what is happening? So these are the ports we have. We have a service port, a distribution system console, and a redundancy port. But internally, the controller must somehow map these ports to the equivalent logical port. So inside the controller, we have the equivalent logical port. So, for example, we have the management interface.
Now, what is the use of a management interface? Naturally, for management-related traffic such as radius, authentication, WX to WXC, communication, web-based SSH sessions, SNMP, and JPX laws, and so on. Okay, now in this diagram you’ll find a clear picture of what we are talking about. So here you can see that first we have the management interface, then we have the EP manager interface as well. We have the service port. We have discussed just now what service ports will do and various tasks related to service ports. We also have dynamic interfaces. So what is happening here is that these VLANs that are coming from the switch site are going to map with the AP, and then again, this AP somehow has to associate with the access points as well. This AP is the WLC. So let me again redo this switch. It will go and connect with the WLC, and the WLC has connectivity with AP. In between WLC and AP, we have the Capitol. All right, so what is the use of the AP manager interface? They are the dynamic interface used to terminate the cap-wrap tunnel between the controller and AP. So here you are seeing this AP manager’s use of this to terminate the captain in between the AP and WLC. Then we have the virtual interfaces. Again, with virtual interfaces, they have just the right use case.
So the IP address facing the wireless client when the controller is relaying client DHCP requests, performing client web authentication, and supporting client mobility is the use case for these virtual interfaces. It is used for client mobility. It is used in a way that the WC can relay the DHCP information to the IP address facing the wireless client. Okay, this interface will be less useful, but we have the interface. Then we have services for the interface. We discovered that this is used for outer bank management. Then finally, you can see that you have the dynamic interfaces as well. These dynamic interfaces must connect the VLAN to the WLAN. Isn’t that the usability? So we have discussed the management interface. They are there for management traffic of various types, such as HTTP, SSH, and so on. And then you can see that the management interface is actually important. So that’s one of the uses. And then suppose the other use of this management interface is the same as when the AP manager interface is not available. So the manager interface will perform that performance or task instead of okay, which is the other use we have for the management interface. All right, so these are the interfaces. Here you can see that these are the ports, and here you can see that these are the interfaces we have in the WLC. So let’s come to a halt here and get started. Bye.
56. Performing an Initial Setup
Next, we have to perform the lab, and in this we are going to do the initial setup for WLC. I’m using the virtual WLC here, and once you are on the first page, you can give the username and password, and then you click start. Once you go and click “Start,” the next page that you will get will be like this. So let’s do this and complete it. I will go and give the name, for example, “Virtual World,” and the country. I can go and select anyone. Let me go and select, for example, any of the nearby countries. Let’s take a look at an example and some testing. So I can go and select London, and then you can see the time zone, and then I can go and give the entity server. Then we can go and give the management IPs, so that’s the management IP in my case, then the subnet mask for the management IP, then the default gateway I have in my case. That is to say, the management believes that at this time, we can leave this as the default. All right. So now we can go and click “Next.” I will go ahead and click “Next.” Next, we can see that we have to create the wireless network, and then we have some of the advanced settings. Let me select the correct default gateway and click Next. So what is the network name I have so I can go and give a cloud demo, and then what key? I’ll leave this as is, but if we have WPA personal and enterprise, I’ll go ahead and provide the password. Let me confirm that. Then what is the management like? We leave this as the management VLAN. If I have a DHCP server, I can go ahead and give it to you, and we’ll be done with this step. So you can see how simple the setup is now. Now I will go next and we will verify the advanced setting as well. So I’ll go next.
You can see the virtual IP address, the local mobility group, the service port interface, and these things we have discussed. Now the virtual IP address should say some of the private addresses because those addresses will be used locally. Assume that if I use any of the addresses that are not private and may be in conflict, there is a possibility of conflict. All right. So here you can see that we are giving the virtual IP address, and then for the service port, we are leaving this as the default. Let me now scroll up to see if we have any other parameters. So here you can see that you can disable RF parameter optimization. You can enable it and see that the client density is low, and the typical high traffic type is data, which I can use at this time. Alright? So here you can see that. Please confirm the setting and apply. So this is the setting that we have given for the management IP, the management gateway, the network name, security passports, et cetera. So once we are okay with this particular summary, we can go and click next, and then we can go and apply as well. So this is the final page. Yes, okay, I want to apply this, and then we can wait. So once the setting applies, we can go and log in with the management IP. So I logged in here with the management IP, and then you will get this first page. So now you can go and log in here. You can see the management IP, eleven, dot ten, and then I can go and give the user name and the password. So let me go and give the username and password, and then we’ll get the first page.
So this is the first page that we have, and here you will see the monitoring interface, the rogues interface, the wireless dashboard, et cetera. Interestingly, on this first page, you’ll find that we have the best practises as well. So, if you want to check the best practices, you can do so on this page. On this first page, because we don’t have any AP associations, we don’t have any live traffic, so everything is showing blank. But if you go ahead and click “advanced,” you’ll be taken to this page, which we’re all too familiar with. Generally, we are using this advanced tab to check everything related to the WLC. So in the advanced page, you can see that you have the management IP. Then you have the service portfolio version, where you can see eight, seven, the name, the uptime, and the rest of the thing, and then the access point, where somebody can see nothing is there. As a result, everything is zero; all counters are zero. But on the top, you can see that you have a monitor for WLAN. So suppose if you want to create WLAN, you have to go to this section, and then you have to create the wireless WLAN. Again, once you go and create there, you will get multiple options related to the WLAN. We can go and check this later, after the information about the WLC.
So you can see the long list of information that we have, and you can go and click and check each and every individual tab that you have: your management interface, your service port, your virtual port. We have discussed this, correct? Then we can connect to the wireless. At the moment everything is blank; we can go and check the security. Again, you can see the extensive list of security measures in place. Then if you want to run any command, we have some of the command support that we have. So the page will look like this: This is the initial setup for the WLC, and we should go and check the best practises that we have. So if you go and check the best practices, then we can see that. What are the recommendations? So let me quickly show you that. You can go and click on “Top Home” here. Once you go and click “home,” you’ll go back to the first page that we have opened. The best practises are then displayed here. So best practises related to infrastructure, security, art management, Apple devices, and ice radius And you can go, and you can scroll, and you can check all these best practises that we have. Okay, so this was the initial baseline setting that we had with the EU.
57. Understanding Controller Discovery
Let us understand that, for the discovery of the controllers, we have the document and will understand with that document what are the steps that AP is going to take to discover the controller and then how the AP will go and select a certain WLC as the controller. So, what is the reason for us to reboot the AP? The first step is that you will go and boot the AP. So AP boot will happen, and obviously it will go and contact the DHCP server to get the IP. And suppose there are alternatives: we can have a static IP address, but we can also use a HCP server. Once you get the IP, it will try to discover the WLC. We will see this again for WLC discovery. I have separate slides for that in detail.That’s how WLC discovery happens. But the next step is that the AP will try to build the Cape Tunnel with the WLC. And inside that capital, obviously, we have the Capt control panel, where we have the APWC control messages. Now the next step is that the AP will go and send the Cape an up-join request.
Now for that request, obviously the WLC will respond with a “Cabbage join” response. So, once we’ve built the Cabbage Tunnel between the AP and the controller, if you know who the controller is and the controller knows who the AP is, it’s a WLC rule that you go check the image version. So there should not be a mismatch between the WLC image and the AP image. In that case, the AP will go and download the image, after which it will reboot. If the image is satisfactory, the configuration for the RF service set, identifier security, QS, and so on will be pushed from the WLC. And finally, the device will go into the run state. Now you can see all of the steps, numbered one through seven. Now, on some occasions, due to some issue, WLC wants to reset the AP. So in that case, again, the AP will go and reset, and step number one will start. Okay, one point to note here is that while the APS is downloading the image, it may take some time to download and update the image because downloading the image and then booting will take some time. All right, so what’s the process for discovering the WLC? There is a process by which an AP can learn about WLCor using DHCP and DNS; they are getting that information, or the WLC is in another network. Then, with the help of broadcast, I routed between who is relaying the information. That’s the broadcast on the local subnet.
So, for example, a broadcast on a local subnet What happens is that if your AP and WLC are in different subnets, you must go to the router in between and relay that information using IP forward protocol UDP 5246. This is the UDP port for the Capwap control tunnel. Then you have the interface VLAN, and you can go and give the IP helper address for different types of WLCS. Okay, so that’s one option, one way. Another possibility is that you have WLC information in your AP. In terms of secondary and tertiary, the AP will check WLC 1, WLC 2, and WLC 3, and then contact or discover the WLC. We have options with DHCP. So, once they have the IP address, DHCP option 43 will appear, recommending a list of WLC addresses. It can use DNS as well to resolve the Capwapcontrollerlocal domain with the DNS request again, and if nothing happens again, the AP will go into reset mode and start the recovery process. At this point in time, we have discovered a WLC that is working well. So we have the WLC option at that time. So what does it mean? It means that AP will go after primary and secondary schools. Teresa, I mean, as per the priority of WLC, they will go and join. The second thing is that if they don’t have any primary, if they can’t find any primary secondary data, they will go and check in the local subnet. So who is the master controller? According to that, they will go and choose one of the controllers, and finally, they can go and check the least-delivered controller as well. So as per the controllers and their connectivity, which means the controller knows how many APS are associated, they can go and select one of the WLCs. Okay, so these are the methods for finding and joining the AP.
58. Understanding L2 & L3 Roaming
We have layer two and layer three roaming. So let’s understand that we have already discussed this earlier: when we are doing the royal say in the case of autonomous AP, the client here, as you can see in the diagram, can go and connect with the client too. As for their signal strength, when the signal strength goes down, he can go and join the other available, highest-strength SSID or the AP. That is a normal way for roaming to occur. And the other important thing here is that he has the straight information of this particular client in between that distribution system, which is the switch, and then he can go and join. Now, the roaming will follow a very normal and simple standard procedure. The problem here is that we are not using this type of architecture in the Enterprise Network. We have N clients, N access points, and a good number of other controllers because we have an enterprise network. So, in the Enterprise network, the methodology is purely split Mac architecture. In the case of a split Mac architecture, what will happen? So let’s try to understand that. We know that in split Mac architecture, the APS is going to form the capacity tunnel with the WLC. And in that case, if a client wants to book a room, there are two options.
First, rooming can be layer two; roaming can be layer three. So what will be the difference between those two? And there’s a chance I don’t have just one. We may have multiple WLCS connected via a wired network. So let us attempt to comprehend layer two roaming. What is the key feature of layer 2 roaming? In that case, we are in the same subnet. We have the same big IP subnet inside that I want to roam on. So here you can see in the diagram that I have a user in the 100 or 0 subnet who wants to roam from one AP to other AP.Obviously, you can see that these APS have been captured with their WLC. Suppose I have two WLCs and their connected network is a wired switch network. Okay? So this is a use case. What will happen now is that you will have to reassociate when you move from one location to another. So you will go and associate. This rooming arrangement is now quite good and scalable. Why? Because most of the things we are not changing here So we are not changing. And again, it depends on the use case. If we do not want to change the IP address of this client, he will also be on the same IP when he joins the new IP, and even the state information will be synced across WLC one and WLC two. So, in that case, we will either get the seamless Roman type of capability or a good experience because the room is usually less than 20 milliseconds.
Now, the second option we have is layer-three roaming. Layer-three roaming simply means that you are in two different domains. So suppose your exact IP is 1000, and then you want to roam to 2000. So you’re crossing the subnet, and then you want to roam. The structure will look the same as before. However, the cabinets visible are for AP 1 and WLC 1, as well as AP 2 and WLC 2. Both are on different IP subnets. So what will happen now? If this client wishes to relocate and de-associate and re-associate with another AP, he may do so, but only because the IP segment will change. Here you have 100 or zero. Here, you have 200 or zero. So these are behind the scenes, forming the Cap Lap Tunnel over the switching system. So here you can see in the diagram that 100 is going to change into 200, and then finally they have the captain in between that is just to exchange the state information of a client associated with AP One with AP Two. Correct. And you will find that the names of these WLCS are also different. So, when a client is attached to one of the APs and wants to roll at that point in time, that WLC is anchor and where he is going. And he’s going to join the new AP associated with WLC, which will be the foreign controller. So, from anchor, I’ll connect with the foreign controller, and then the roaming will occur as LC roaming. So, with the help of the diagram, you can easily understand how I’m connected to one AP and then roaming. However, in the case of L-3 roaming, the shade change occurs with the assistance of the captain.
59. Troubleshooting WLAN Connectivity
End-to-end authentication Next was the connection process. So we have discussed this process earlier. In the last slide, you’re sending the probe, then you’re getting the response, and you’re sending the association. Remember authentication and then association? Then you can see that we have this process of 80-factor authentication. We are going to discuss this more in the security section, where we will talk about authentication and security. Then you’ll exchange encryption keys, T and Hcp, and finally enter the run state. This is the final run state, in which everything works flawlessly. Again, if you want to learn more about all the states, So we have the policy enforcement module that is inserted into the split Mac architecture from the start until the end. So you can see the first through the last steps here. So we have 123-4567 eight states, and if it is in run estate, it means everything is fine. So the initial start of the client authentication check is 8021 X. That is one requirement completed out of two. If you have the web key, talk about security later, then make a DHCP request, a vertical request, and a renewed request. So in between, you may have any issue that you have to detect at exactly what point you have an issue, and then you have to solve it. This is the final flow chart.
On your screen, you can see that you begin checking the authentication when it is required, and then your L2 is completed. If it is not an authentication failure, If it is, then you will go and move to the required web, which should be 100% successful. Then you will go on to the next step. Next step. You can see that you have the necessary DHCP. Again, DHCP is required. Then there’s web needed and web off needed. If it fails, it will exit and come to a halt. So likewise, you can see the complete chart where you have a two-part policy. One x web is required, as well as openssid, mobility, DHCP, and web keys. If you don’t have any of these, it will be renewed. So it will go and finish the tips. For example, to reach the renewed, it could go like this and this. So this does not imply that I will always have all of the policy and that it will apply to all 20 steps or all of the steps that we are seeing here. But these are the steps, and these are the touch points where we should investigate and try to resolve. Okay, so this is the troubleshooting option and how we can go about defining the problem and solving it to narrow down the problems. Reach the nearby touch point, go there, and try to check exactly which technology the problem belongs to and then try to resolve it.
60. 3.4 IP services NTP
In three and four, we must learn about IP services, such as NTP, the netfirst operating agency protocol, and multicast. So let’s start with the NTP network time protocol. We used to give the same time and date to all the devices in the enterprise network infrastructure. One of the most important use cases for this is that all devices nowadays perform certificate-based authentication. And we need to sync the time to all of the devices in the IT infrastructure for all of those certificates, distilled certificates. So that’s one of the main use cases we have for entities.
Now, how we are going to do that, I will see that, and we’ll discuss more about that. However, we may have an external server hosted in the cloud, an internal server within our premises, or any Cisco devices acting as a NTP master or NTP server. So all these options are available. There is some terminology used inside NTP. So, for example, what is a stratum? So what is happening is that the NTP device will form an association with the NTP device closer to the time source. So you have your time source nearby, and that measurement is the stratum. So for example, stratum one versus two means that if it is one, that means your source is nearby. If it is two, that means your source is a hop away. The time source is referred to as the source. Okay, now how are we going to configure the entity? We have a client-server model. We’ll see that in the last section. So one is the entity master, and others will work as a client.
We can do peer-to-peer as well. As we all know, peer-to-peer refers to point-to-point communication. So peer entity devices can get their time from each other depending on who is the closest, which is the lowest rate. We’ll see all these things in the lab section. Now, with the NTP second tool packet or NTP message exchange, we can do the encryption as well. So we have that encryption feature for entities that we can also verify in the lab. Now here in the diagram, you can see that you have the time source. And then suppose we are at router D. It’s very simple to go and simply give the NTP server and then the server one versus two. For example, if there are two servers, you want to give one priority. So we have this keyword called “prefer.” So the first will be preferred, and then the other will be checked. The NTP can do the tired approach as well. So, since you’re getting the entity information from the service that’s router D, does that mean C can get all those details for D as well?
So that’s a tiered approach. Here you can see that for C, the server is nothing but router D. So I can go to C, and then I can say, “Okay, NTP server, and the server IP is 51.” Likewise, we can go and do the configuration for router A, and I can tell you, okay, for router A, your entity server is router C. So we can follow that hierarchy. Suppose that you don’t have any external time source or maybe any internal time source; in that case, any router can be made the authoritative source or the NTP master, and from there it will go and take the NTP information or it will send the NTP information to all the clients. Again, in the diagram, you can see that we can do the peering as well. So, if we want to have some sort of fallback or redundancy, we can do the peering configuration as well. So here you can see that router D wants to be a master, NTP master is the keyword, and ten is the structure number. We can go to the router D, set the time to whatever the current time is there, and then make that the master. Then for A and B I, you can see that they can go and make themselves peers as well. So, if the Ethernet link fails, they will update their entity information to each other because they are peers. So this is the way that we can go and create the master, and obviously, we can go and create the client as well, as the master will send and the client will get the information. We will see this in the last section of the upcoming recording. Apart from that, we can go and do the authentication as well. You can see here that I have NTP master, and then I can use NTP authentication with MD5, and then the password, and then I can go to the client side, and those client side I can go and tell, “Okay, NTP authenticates the key, the NTP-trusted key, and what is the NTP server’s IP?” Okay, so the master is sending information to the clients in this manner, but the message exchange between them is MDF encrypted or MD5 authenticated.
All right, we have some other commands as well. If you want to disable the NTB, we can go to the interface and disable it. If you want to do the most with how many clients a master has, So we can go and do the maximum association (1020, etc.). Just to prevent the interfaces, we can go ahead and do the loopback interfaces. So in that case, if any of the fiscal interfaces still exist, the entity is reachable by the loopback, and that’s the standard configuration we have in the industry. If you go and check the NTP source, the AAA radius, or maybe the tacticis authentication source addresses, TFTP source addresses, Generally, we use loopback addresses because they are always up and any physical interface downstairs is reachable; then, for some verification, we can type showclock to check the time and NTP status. It will tell you the details about the NTP information. Finally, we can go and check the entity association as well. Alright, so let’s just stop here, and the next section will do. The lab was related to an entity.
