📘 CCNA 200-301 v1.1
2.9 Interpret the wireless LAN GUI configuration for client connectivity, such as WLAN creation, security settings, QoS profiles, and advanced settings
creation, security settings, QoS profiles, and advanced settings
What this topic means
This part of the CCNA exam tests if you can read and understand (interpret) the wireless LAN controller (WLC) web GUI configuration — not necessarily configure it yourself from scratch, but understand what’s being shown and what each setting does.
So you need to be able to look at a screenshot or a web page of a WLAN configuration and understand:
- What is being configured?
- How it affects client connectivity (how wireless devices connect and use the network).
🧱 1. WLAN CREATION
When you create a Wireless LAN (WLAN) on a Wireless LAN Controller (WLC), you are defining the wireless network that clients will connect to.
Key Elements:
| Setting | Meaning |
|---|---|
| WLAN ID | A number that uniquely identifies the WLAN on the controller. Example: WLAN ID 1, 2, 3, etc. |
| Profile Name | Internal name used by the WLC to identify the WLAN. Example: “Corp_WiFi_Profile”. |
| SSID (Service Set Identifier) | The name broadcasted to clients (the Wi-Fi network name you see). Example: “Corp_WiFi”. |
| Status (Enabled/Disabled) | Determines if the WLAN is active and available for clients. |
| Interface/Interface Group | The VLAN or group of VLANs that the WLAN maps to. This controls which network the wireless clients belong to once they connect. |
| Broadcast SSID | When enabled, clients can “see” the network name. If disabled, the SSID is hidden. |
Exam Tip:
If you see a WLAN configuration with SSID not broadcasting, it means users must manually type the SSID to connect.
🔒 2. SECURITY SETTINGS
This section controls how clients authenticate and encrypt data when connecting to Wi-Fi.
There are 3 main security areas you need to recognize:
(a) Layer 2 Security
This deals with authentication and encryption between the client and the Access Point (AP).
| Security Type | Description |
|---|---|
| None (Open) | No authentication or encryption. Anyone can connect. |
| Static WEP (Wired Equivalent Privacy) | Older method, weak encryption, not recommended. |
| WPA / WPA2 / WPA3 | Modern and secure methods. WPA2 and WPA3 are standard in enterprises. |
| 802.1X (Enterprise mode) | Uses RADIUS server for centralized authentication. Common in business environments. |
| PSK (Pre-Shared Key) | Uses a shared password, typically used in smaller or guest networks. |
Example:
If the GUI shows:
- Security: WPA2-PSK
- Encryption: AES
It means:
Clients connect using a shared Wi-Fi password, and data is encrypted with AES.
(b) Layer 3 Security
This adds additional authentication after the client connects.
| Option | Purpose |
|---|---|
| None | No additional authentication. |
| Web Authentication (Captive Portal) | Client redirected to a web login page before full access (e.g., for guests). |
| VPN Passthrough | Allows clients to use VPN over Wi-Fi. |
(c) AAA (Authentication, Authorization, Accounting) Servers
- When 802.1X or web authentication is used, the WLC connects to an external RADIUS server.
- The RADIUS server checks usernames/passwords.
- The GUI usually shows:
- Server IP address
- Shared secret
- Timeouts or retries
🎚️ 3. QoS PROFILES (Quality of Service)
QoS determines how network traffic is prioritized.
In wireless networks, QoS ensures important traffic (like voice or video) gets higher priority than less important traffic (like file downloads).
Default QoS Profiles in Cisco WLC:
| QoS Profile | Description |
|---|---|
| Platinum (Voice) | Highest priority, used for voice traffic. |
| Gold (Video) | High priority, used for streaming/video. |
| Silver (Best Effort) | Default for general data traffic (web, email, etc.). |
| Bronze (Background) | Lowest priority, used for background or non-critical data. |
In the GUI, you’ll often see a dropdown menu for QoS Profile.
If the WLAN uses Platinum, that means voice traffic (like IP phones) is given the best service.
Exam Tip:
QoS does not increase speed — it controls priority when bandwidth is limited.
⚙️ 4. ADVANCED SETTINGS
These settings fine-tune how clients connect and how the WLAN behaves.
| Setting | Description |
|---|---|
| Client Load Balancing | Distributes clients evenly across multiple APs. Prevents one AP from becoming overloaded. |
| Band Select / Band Steering | Encourages clients to connect on the 5 GHz band instead of 2.4 GHz (less interference, better performance). |
| DTIM Interval | Controls how often Access Points send broadcast/multicast traffic. Impacts power-saving clients (e.g., laptops, phones). |
| Multicast to Unicast Conversion | Improves reliability for multicast traffic (e.g., streaming). |
| Client Isolation (Peer-to-Peer Blocking) | Prevents wireless clients on the same SSID from communicating directly with each other. Improves security. |
| Mobility Anchors | Used in larger networks to manage client roaming between controllers. |
| SSID Override | Allows different SSIDs per AP group or location. |
| 802.11k/r/v | Fast roaming and client optimization standards: – 802.11r: Fast transition between APs – 802.11k: Neighbor reports for better roaming – 802.11v: Network-assisted roaming suggestions |
📡 Putting It All Together
When interpreting a WLAN configuration GUI, you should be able to identify:
| Area | What to Look For | Meaning |
|---|---|---|
| General Tab | SSID, Profile Name, Interface | Defines the network and VLAN clients join |
| Security Tab | WPA2/WPA3, PSK/802.1X, Encryption | Controls authentication and encryption |
| QoS Tab | Platinum, Gold, Silver, Bronze | Prioritizes traffic types |
| Advanced Tab | Band steering, Load balancing, Isolation, DTIM | Optimizes performance and roaming |
🧠 Exam Focus Summary
| Topic | You Should Be Able To… |
|---|---|
| WLAN Creation | Identify SSID, profile, and VLAN mapping |
| Security Settings | Recognize WPA/WPA2/PSK/802.1X, and know how clients authenticate |
| QoS Profiles | Match QoS levels to traffic types |
| Advanced Settings | Understand what settings like band steering or client isolation do |
