13.5.1 Packet Tracer - Wlan Configuration

Mastering Wireless LAN Configuration in Cisco Packet Tracer: A Complete Guide

Configuring a Wireless Local Area Network (WLAN) is a fundamental skill for any modern network engineer. While physical hardware is ideal, Cisco Packet Tracer provides an unparalleled, risk-free environment to build, configure, and troubleshoot complete wireless infrastructures. This comprehensive guide walks you through the entire process of setting up a functional and secure WLAN within Packet Tracer, mirroring the hands-on experience of the 13.5.1 lab activities. You will learn to transform a simple topology with a router and wireless clients into a robust, connected network, understanding every critical parameter from SSID broadcast to security encryption.

Understanding the Packet Tracer WLAN Lab Environment

Before diving into commands, it's crucial to understand the simulated components. In Packet Tracer's WLAN labs, your central device is typically a Cisco Integrated Services Router (ISR), such as the 4321 or 4331 model, configured to act as a Wireless LAN Controller (WLC) and a router. This dual role is key: the router handles inter-VLAN routing and DHCP services, while the WLC functionality manages the lightweight access points (APs) and associated wireless clients. The "lightweight" APs in this simulation are virtual and controlled directly by the router's WLC software, eliminating the need for separate physical AP devices in the basic lab topology. Your clients will be end devices like laptops or smartphones, configured to connect to the wireless network you create.

Prerequisites and Initial Topology Setup

A successful configuration begins with a correct physical layout in Packet Tracer. Start by placing your router and at least two wireless client devices (e.g., a Laptop-PT and a PC-PT). Connect the router's GigabitEthernet0/0 interface to a switch (if present in your topology for wired clients) or leave it for your WAN simulation. The critical step is ensuring your router has the dot11 radio interface, which is standard on ISR G2/G3 series models in Packet Tracer. If your router model lacks this, replace it with an ISR that supports it. Power on all devices. Your initial goal is to establish a management connection, typically via the console cable to the router or by using the CLI tab within Packet Tracer.

Step 1: Enabling the WLAN Controller and Radio Interface

The router's WLC functionality is disabled by default. Your first CLI commands activate this service and the physical radio that will transmit the wireless signal.

1. Enter global configuration mode: Router> enable then Router# configure terminal.
2. Enable the WLC service: Router(config)# wlc controller module 1. This command loads the WLC software module.
3. Configure the Dot11 Radio Interface: You must enter the interface configuration for the radio.
   • Router(config)# interface dot11Radio0
   • Router(config-if)# no shutdown (This powers on the radio).
   • Router(config-if)# exit

At this point, your router is broadcasting a default, open (no security) SSID named "Cisco" on channel 1. You can verify this by going to the Physical tab in Packet Tracer, selecting the router, and clicking the Config tab. The dot11Radio0 interface will show its status and SSID.

Step 2: Creating and Configuring Your WLAN (SSID, Security, VLAN)

Now you create the specific wireless network your clients will join. This is done under the WLC's wlan configuration, which binds an SSID to a VLAN and security policy.

1. Create a new WLAN profile: Router(config)# wlan my-wlan 1. Here, my-wlan is a descriptive name, and 1 is the WLAN ID.
2. Assign the SSID: Router(config-wlan)# ssid MySecureNetwork. This is the name users will see.
3. Associate the WLAN with a VLAN: Router(config-wlan)# vlan 10. This step is vital. It maps all wireless clients in this SSID to VLAN 10. You must have this VLAN created on your router's switch module (if used) and an associated DHCP pool or another IP assignment method.
   • To create VLAN 10: Router(config)# vlan 10 then Router(config-vlan)# name WLAN-VLAN.
4. Configure Security: This is the most critical step for a real-world network.
   • Router(config-wlan)# security wpa wpa2 psk set-key ascii
   • Router(config-wlan)# security wpa psk set-key ascii MyStrongPass123!
   • This configures WPA2-PSK (Pre-Shared Key) with an ASCII passphrase. Always use a strong, complex passphrase.
   • You can also enable 802.1X authentication for enterprise security, but PSK is standard for the 13.5.1 lab.
5. Enable the WLAN: Router(config-wlan)# no shutdown.

Your WLAN is now active, secure, and tagged for VLAN 10.

Step 3: Configuring DHCP for Wireless Clients

Wireless clients need IP addresses. Since they are on VLAN 10, you need a DHCP pool that serves that subnet.

1. Create the DHCP pool: Router(config)# ip dhcp pool WLAN-POOL
2. Define the network: Router(dhcp-config)# network 192.168.10.0 255.255.255.0
3. Set the default gateway (the router's VLAN 10 interface IP): Router(dhcp-config)# default-router 192.168.10.1
4. Exclude the gateway IP from the pool (best practice):

Router(dhcp-config)# ip dhcp excluded-address 192.168.10.1 5. (Optional) Provide DNS servers: Router(dhcp-config)# dns-server 8.8.8.8

Important Prerequisite: For the DHCP pool to function, the router must have an active Switched Virtual Interface (SVI) for VLAN 10 with the IP address 192.168.10.1/24. If not already configured, create it: Router(config)# interface vlan 10 Router(config-if)# ip address 192.168.10.1 255.255.255.0 Router(config-if)# no shutdown

Step 4: Verification and Client Connection

1. Verify WLAN Status: Router# show wlan summary. This displays your WLAN ID, SSID, and status (should be "Enabled").
2. Check DHCP Bindings: After a client connects, use Router# show ip dhcp binding to see the leased IP address.
3. Test Client Connectivity: In Packet Tracer, configure a wireless client (e.g., a laptop) to connect to the SSID "MySecureNetwork" with the passphrase MyStrongPass123!. The client should obtain an IP in the 192.168.10.0/24 range and be able to ping the router's VLAN 10 interface (192.168.10.1) and, if configured, the default gateway or other network resources.

Conclusion

By following these steps, you have successfully transformed a basic Cisco ISR router into a functional, secure wireless access point. The configuration establishes a dedicated SSID (MySecureNetwork) that is cryptographically secured with WPA2-PSK, logically isolated within VLAN 10, and provides automated IP addressing via DHCP. This foundational setup demonstrates core enterprise wireless principles: security through encryption, segmentation via VLANs, and service automation via DHCP. While this lab uses a pre-shared key suitable for small offices or home labs, the same architecture scales to enterprise deployments by replacing PSK with 802.1X authentication. Always remember that the strength of your wireless security hinges on a robust passphrase and the consistent application of VLAN-based segmentation to contain broadcast traffic and enforce policy.