Click here to load reader

Iuwne10 S02 L02

  • View
    769

  • Download
    0

Embed Size (px)

Text of Iuwne10 S02 L02

Configuring a ControllerIUWNE v1.0—2-*
IUWNE v1.0—2-*
IUWNE v1.0—2-*
Controlling of associated Cisco wireless AP
Distribution system to enterprise network
Can assign multiple interfaces to a port
Data must be untagged or tagged to support multiple VLANs on the same trunk
LWAPP header contains client WLAN information, which is then translated into VLAN tags on the distribution port.
© 2008 Cisco Systems, Inc. All rights reserved.
IUWNE v1.0—2-*
Interfaces
Cisco wireless interface configuration allows the association of a VLAN name to a VLAN ID, which are then mapped to a physical port and WLAN,
Must assign each interface to a port for distribution into the enterprise
Cannot assign multiple ports to an interface
Can assign multiple WLANs to an interface
The VLAN ID will represent either untagged traffic (value 0) or IEEE 802.1Q tagged traffic (value 1-4095).
Can assign multiple interfaces to a port
All interfaces must be assigned to all Cisco wireless controllers in a mobility group to allow seamless roaming.
Various types of interfaces
IUWNE v1.0—2-*
Management Interface
Cisco wireless uses the management interface as the default interface for in-band management of the Cisco wireless controller and connectivity to enterprise services such as AAA
Must be in a different VLAN or subnetwork than the service port interface
Cisco wireless uses the management interface for Layer 2 LWAPP communications between Cisco wireless controllers and APs
Listens for messages through Layer 2 network to auto-discover, associate, and communicate with Cisco AP
© 2008 Cisco Systems, Inc. All rights reserved.
IUWNE v1.0—2-*
AP Manager Interface
Cisco wireless uses the AP-Manager interface as the source IP address for communications from the Cisco wireless controller to Cisco APs
Must be a unique IP address, preferably in the same subnetwork or network as the management interface and assigned to the same port
Should be created at the same time that Layer 3 communications are configured
Cisco wireless uses the AP-Manager interface for Layer 3 LWAPP communications between controllers and APs
Listens for messages through Layer 3 network to auto-discover, associate and communicate with Cisco AP
© 2008 Cisco Systems, Inc. All rights reserved.
IUWNE v1.0—2-*
Controller > Interfaces > Edit
IUWNE v1.0—2-*
Mobility management
Mobile client uses same virtual IP address across multiple controllers
DHCP relay
Layer 3 security
Web authentication uses the virtual interface as the gateway IP address
© 2008 Cisco Systems, Inc. All rights reserved.
IUWNE v1.0—2-*
Controller > Interfaces > Edit
IUWNE v1.0—2-*
Service Port Interface
Associated only with the service port on the Cisco wireless controller front panel 10/100Base-T Ethernet port dedicated out-of-band management
Must be in a different VLAN/subnetwork than the management port interface
You cannot assign a gateway to the service port interface, but must set up static routes if you wish to connect to the service port from remote networks
The service port is not auto-sensing
You must use a straight-through Ethernet cable to connect to controllers and hubs
You must use a crossover Ethernet cable to connect to routers and workstations
© 2008 Cisco Systems, Inc. All rights reserved.
IUWNE v1.0—2-*
Controller > Interfaces > Edit
IUWNE v1.0—2-*
Dynamic Interfaces
Dynamic Interfaces are generally designed for WLAN client data and provide support for multiple VLAN instances
These interfaces are manually configured by the administrator
Configuration details include:
Physical port assignment
DHCP server support
IUWNE v1.0—2-*
Upon clicking Apply
IUWNE v1.0—2-*
Supports pins 2,3, & 5
Dedicated to Cisco Unified Wireless Network software management
Ensures access to CLI in the event of a network failure
Can be used for initial installation
Access to CLI only
10/100Base-TX Ethernet port, which is speed auto-sensing
Service interface port auto-senses for DTE / DCE
Straight-through or crossover Ethernet cable to controller or hub
Category 5 Ethernet cable
Dedicated to controller management
Ensures access to Cisco AireOS in the event of a network failure
Can be used for initial configuration or out of band management
Has a default 192.168.1.1/24 default IP address
© 2008 Cisco Systems, Inc. All rights reserved.
IUWNE v1.0—2-*
Boot Options
The controller boot sequence will always have these option available, since this is set in PROM to ensure controller recovery options.
© 2008 Cisco Systems, Inc. All rights reserved.
IUWNE v1.0—2-*
Version
If no escape key is pressed to halt the boot process and enter the boot options menu, the boot process begins automatically.
© 2008 Cisco Systems, Inc. All rights reserved.
IUWNE v1.0—2-*
Web authentication certificate not found (error) only after initial controller boot or controller upgrade.
Cisco Wizard Configuration Tool begins automatically, if there is no saved configuration.
© 2008 Cisco Systems, Inc. All rights reserved.
IUWNE v1.0—2-*
Use the '-' character to backup
System Name [Cisco_40:d3:23]: sw2
Enter Administrative Password (24 characters max): *******
Re-enter Administrative Password : *******
Service Interface IP Address: 192.168.1.2
Service Interface Netmask: 255.255.255.0
Management Interface IP Address: 10.10.10.20
Management Interface Netmask: 255.255.255.0
Management Interface VLAN Identifier (0 = untagged):
Management Interface Port Num [1 to 2]: 1
Management Interface DHCP Server IP Address: 10.10.10.10
Virtual Gateway IP Address: 1.1.1.1
Mobility/RF Group Name: Group2
IUWNE v1.0—2-*
Enable Symmetric Mobility Tunneling [yes][NO]: no
Network Name (SSID): Open2
Configure a RADIUS Server now? [YES][no]: no
Warning! The default WLAN security policy requires a RADIUS server.
Please see documentation for more details.
Enter Country Code (enter 'help' for a list of countries) [US]:
Enable 802.11b Network [YES][no]:
Enable 802.11a Network [YES][no]:
Enable 802.11g Network [YES][no]:
Enable Auto-RF [YES][no]:
Configure a NTP server now? [YES][no]: no
Configure the system time now? [YES][no]: no
Warning! No AP will come up unless the time is set.
Please see documentation for more details
Configuration correct? If yes, system will save it and reset. [yes][NO]:
© 2008 Cisco Systems, Inc. All rights reserved.
IUWNE v1.0—2-*
config Configure switch options and settings.
debug Manages system debug options.
help Help
linktest Perform a link test to a specified MAC address.
logout Exit this session. Any unsaved changes are lost.
ping Send ICMP echo packets to a specified IP address.
reset Reset options.
transfer Transfer a file to or from the switch.
(Cisco Controller) >s?
(Cisco Controller) >save config ?
(Cisco Controller) >save config
Configuration Saved!
IUWNE v1.0—2-*
advanced Advanced Configuration.
boot Configures the default boot image.
cdp Configure Cisco Discovery Protocol
<…> output omitted
airewave-director Configures the Airewave Director debug options
ap Configures debug of Cisco AP.
arp Configures debug of ARP.
bcast Configures debug of broadcast.
cac Configures the call admission control (CAC) debug options.
cdp Configures debug of cdp.
crypto Configures the Hardware Crypto debug options.
dhcp Configures the DHCP debug options.
client Enables debugs for common client problems.
disable-all Disables all debug messages.
© 2008 Cisco Systems, Inc. All rights reserved.
IUWNE v1.0—2-*
Controller Web Configuration
Wizard Login
If you attempt to use HTTPS, you will receive an error.
Initial system configuration will support only HTTP access.
Default IP address is 192.168.1.1/24.
Username: admin
Password: admin
IUWNE v1.0—2-*
Controller Web Configuration Wizard
After SNMP communities area checked, another login is required to verify the new credentials.
© 2008 Cisco Systems, Inc. All rights reserved.
IUWNE v1.0—2-*
© 2008 Cisco Systems, Inc. All rights reserved.
IUWNE v1.0—2-*
© 2008 Cisco Systems, Inc. All rights reserved.
IUWNE v1.0—2-*
Connect to the Controller Web Interface
After the controller web configuration wizard saves the configuration and reboots the controller, HTTPS access is enabled and HTTP access is disabled by default.
© 2008 Cisco Systems, Inc. All rights reserved.
IUWNE v1.0—2-*
Menu Bar
John Bartenhagen (JMB) - Q2Dev: On the left, under "Monitor," the word "Controller" should be lowercase. -EDIT.
© 2008 Cisco Systems, Inc. All rights reserved.
IUWNE v1.0—2-*
© 2008 Cisco Systems, Inc. All rights reserved.
IUWNE v1.0—2-*
Management > Local Management Users
Local management user accounts are used by both the CLI and the controller web interface.
© 2008 Cisco Systems, Inc. All rights reserved.
IUWNE v1.0—2-*
IUWNE v1.0—2-*
Management > Mgmt via Wireless
The Cisco Wireless LAN Controller can be managed via WLAN clients, but this capability is disabled by default.
© 2008 Cisco Systems, Inc. All rights reserved.
IUWNE v1.0—2-*
Example: Interface Creation
IUWNE v1.0—2-*
Example: WLAN Creation
IUWNE v1.0—2-*
Optional step: WLAN override
IUWNE v1.0—2-*
© 2008 Cisco Systems, Inc. All rights reserved.
IUWNE v1.0—2-*
Code file
Can be upgraded from CLI or web interface
In the web interface, these three are under one single file
Configuration file
Can be uploaded/downloaded via TFTP from CLI or web interface
In 4.2 and later, an XML file; prior to 4.2, a binary file
V4.2 configuration file not accepted on pre-4.2 controllers and vice-versa.
AP gets its configuration and code from the controller
© 2008 Cisco Systems, Inc. All rights reserved.
IUWNE v1.0—2-*
Controller Code Releases
ED: newest features
MD: bug fixes
Also deferred releases
IUWNE v1.0—2-*
Burned-in MAC Address............................ 00:1D:45:5E:00:E0
Crypto Accelerator 1............................. Absent
Crypto Accelerator 2............................. Absent
Power Supply 1................................... Absent
System Information
Product Name..................................... Cisco Controller
System ObjectID.................................. 1.3.6.1.4.1.14179.1.1.4.3
IP Address....................................... 10.9.4.20
System Up Time................................... 0 days 0 hrs 3 mins 40 secs
Configured Country............................... GB - United Kingdom
Operating Environment............................ Commercial (0 to 40 C)
© 2008 Cisco Systems, Inc. All rights reserved.
IUWNE v1.0—2-*
802.11a cac voice stream-size 84000 max-streams 2
802.11b cac voice tspec-inactivity-timeout ignore
802.11b cac voice stream-size 84000 max-streams 2
advanced 802.11a receiver pico-cell-V2 rx_sense_thrld 0 0 0
advanced 802.11a receiver pico-cell-V2 cca_sense_thrld 0 0 0
advanced 802.11a receiver pico-cell-V2 sta_tx_pwr 0 0 0
advanced 802.11b tx-power-control-thresh -65
advanced location expiry tags 1200
advanced location expiry client 150
advanced location expiry calibrating-client 30
advanced location expiry rogue-aps 1200
Cisco Public Safety is not allowed to set in this domain
country GB
interface address service-port 192.168.1.2 255.255.255.0
interface address virtual 1.1.1.1
interface dhcp service-port disable
interface vlan vlan80 80
interface port management 1
© 2008 Cisco Systems, Inc. All rights reserved.
IUWNE v1.0—2-*
Controllers have ports, static and dynamic interfaces, and WLANs.
Upon startup, a boot menu allows several options, such as system upgrade or configuration clearup.
If a controller does not have any prior configuration, a CLI wizard appears.
Initial setup is also possible using a web interface.
Once configured, the controller web interface is accessible using HTTPS.
Items are usually created in a two-step process: creating the item and then configuring it.
Controller code and configuration files can be managed from the web interface or the CLI. Version 4.2 and later have a new configuration file format.
© 2008 Cisco Systems, Inc. All rights reserved.
IUWNE v1.0—2-*