Iuwne10 S02 L02

© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—2-1

Basic Cisco WLAN Installation

Configuring a Controller


Terminology


PortsCisco wireless controllers use ports for the following features: Controlling of associated Cisco wireless AP Distribution system to enterprise network

– Can assign multiple interfaces to a port– Data must be untagged or tagged to support multiple VLANs on the

same trunk

LWAPP header contains client WLAN information, which is then translated into VLAN tags on the distribution port.


Interfaces

Cisco wireless interface configuration allows the association of a VLAN name to a VLAN ID, which are then mapped to a physical port and WLAN, Must assign each interface to a port for distribution into the enterprise Cannot assign multiple ports to an interface Can assign multiple WLANs to an interface

The VLAN ID will represent either untagged traffic (value 0) or IEEE 802.1Q tagged traffic (value 1-4095). Can assign multiple interfaces to a port

All interfaces must be assigned to all Cisco wireless controllers in a mobility group to allow seamless roaming.Various types of interfaces

Static– Management– AP–Manager– Service port– Virtual

Dynamic– User defined


Management Interface

Cisco wireless uses the management interface as the default interface for in-band management of the Cisco wireless controller and connectivity to enterprise services such as AAA Must be in a different VLAN or subnetwork than the service port interface

Cisco wireless uses the management interface for Layer 2 LWAPP communications between Cisco wireless controllers and APs Listens for messages through Layer 2 network to auto-discover, associate,

and communicate with Cisco AP


AP Manager Interface

Cisco wireless uses the AP-Manager interface as the source IP address for communications from the Cisco wireless controller to Cisco APs Must be a unique IP address, preferably in the same subnetwork or

network as the management interface and assigned to the same port Should be created at the same time that Layer 3 communications are

configured

Cisco wireless uses the AP-Manager interface for Layer 3 LWAPP communications between controllers and APs Listens for messages through Layer 3 network to auto-discover, associate

and communicate with Cisco AP


Controller > Interfaces > Edit


Virtual Interface

Virtual interface is used when supporting the following features: Mobility management

– Mobile client uses same virtual IP address across multiple controllers

DHCP relay– Client uses virtual IP address as DHCP server address

Layer 3 security– Web authentication uses the virtual interface as the gateway IP

address




Associated only with the service port on the Cisco wireless controller front panel 10/100Base-T Ethernet port dedicated out-of-band management Must be in a different VLAN/subnetwork than the management port

interface

You cannot assign a gateway to the service port interface, but must set up static routes if you wish to connect to the service port from remote networksThe service port is not auto-sensing You must use a straight-through Ethernet cable to connect to controllers

and hubs You must use a crossover Ethernet cable to connect to routers and

workstations

Service Port Interface




Dynamic Interfaces

Dynamic Interfaces are generally designed for WLAN client data and provide support for multiple VLAN instances

These interfaces are manually configured by the administrator Configuration details include:

– VLAN ID– IP Address, mask and gateway information– Physical port assignment– DHCP server support– ACL support


Controller > Interfaces > New and Edit

Upon clicking Apply


Controller Initial Setup OptionsSerial console port: Available on all models Male DB-9 pin connector or RJ45

– Supports pins 2,3, & 5– Default port configuration

9600 baud 8 data bits 1 stop bit No parity No hardware flow control

DB-9 female-to-female null-modem serial cable

Dedicated to Cisco Unified Wireless Network software management

– Ensures access to CLI in the event of a network failure

– Can be used for initial installation– Access to CLI only

Service interface port: Not available on all models 10/100Base-TX Ethernet port, which

is speed auto-sensing Service interface port auto-senses

for DTE / DCE– Straight-through or crossover

Ethernet cable to controller or hub Category 5 Ethernet cable Dedicated to controller management

– Ensures access to Cisco AireOS in the event of a network failure

– Can be used for initial configuration or out of band management

– Has a default 192.168.1.1/24 default IP address


Boot Options

The controller boot sequence will always have these option available, since this is set in PROM to ensure controller recovery options.


Run Primary or Backup Image

Version

If no escape key is pressed to halt the boot process and enter the boot options menu, the boot process begins automatically.


Run Primary or Backup Image (Cont.)

Web authentication certificate not found (error) only after initial controller boot or controller upgrade.

Cisco Wizard Configuration Tool begins automatically, if there is no saved configuration.


CLI Wizard Configuration Tool

Welcome to the Cisco Wizard Configuration ToolUse the '-' character to backupSystem Name [Cisco_40:d3:23]: sw2Enter Administrative User Name (24 characters max): admin2Enter Administrative Password (24 characters max): *******Re-enter Administrative Password : *******

Service Interface IP Address Configuration [none][DHCP]: noneService Interface IP Address: 192.168.1.2Service Interface Netmask: 255.255.255.0

Enable Link Aggregation (LAG) [yes][NO]:

Management Interface IP Address: 10.10.10.20Management Interface Netmask: 255.255.255.0Management Interface Default Router: 10.10.10.1Management Interface VLAN Identifier (0 = untagged): Management Interface Port Num [1 to 2]: 1Management Interface DHCP Server IP Address: 10.10.10.10

Virtual Gateway IP Address: 1.1.1.1

Mobility/RF Group Name: Group2


CLI Wizard Configuration Tool (Cont.)

Enable Symmetric Mobility Tunneling [yes][NO]: no

Network Name (SSID): Open2Allow Static IP Addresses [YES][no]: no

Configure a RADIUS Server now? [YES][no]: noWarning! The default WLAN security policy requires a RADIUS server.Please see documentation for more details.

Enter Country Code (enter 'help' for a list of countries) [US]:

Enable 802.11b Network [YES][no]: Enable 802.11a Network [YES][no]: Enable 802.11g Network [YES][no]: Enable Auto-RF [YES][no]: Configure a NTP server now? [YES][no]: noConfigure the system time now? [YES][no]: noWarning! No AP will come up unless the time is set.

Please see documentation for more details Configuration correct? If yes, system will save it and reset. [yes][NO]:


Command Line Interface (CLI)Basic Command SetUser: admin2Password:*******(Cisco Controller) >?

clear Clear selected configuration elements.config Configure switch options and settings.debug Manages system debug options.help Helplinktest Perform a link test to a specified MAC address.logout Exit this session. Any unsaved changes are lost.ping Send ICMP echo packets to a specified IP address.reset Reset options.save Save switch configurations.show Display switch options and settings.transfer Transfer a file to or from the switch.

(Cisco Controller) >s?save show(Cisco Controller) >sa?save(Cisco Controller) >save ?

config Save current settings to NVRAM.

(Cisco Controller) >save config ?(Cisco Controller) >save config

Are you sure you want to save? (y/n) y

Configuration Saved!


Command Line Interface (CLI)config and debug Commands(Cisco Controller) >config ?

802.11a Configures 802.11a parameters.802.11b Configures 802.11b parameters.802.11h Configures 802.11h parameters.aaa Configures AAA related items.acl Configures Access Control Lists.advanced Advanced Configuration.ap Configures Cisco APsauth-list Configures ap authorization list.boot Configures the default boot image.cdp Configure Cisco Discovery Protocol<…> output omitted

Cisco Controller) >debug ?

aaa Configures the AAA debug options.airewave-director Configures the Airewave Director debug optionsap Configures debug of Cisco AP.arp Configures debug of ARP.bcast Configures debug of broadcast.cac Configures the call admission control (CAC) debug options.cdp Configures debug of cdp.crypto Configures the Hardware Crypto debug options.dhcp Configures the DHCP debug options.client Enables debugs for common client problems.disable-all Disables all debug messages.


Controller Web Configuration Wizard Login

If you attempt to use HTTPS, you will receive an error.

Initial system configuration will support only HTTP access.

Default IP address is 192.168.1.1/24.

Username: adminPassword: admin


Controller Web Configuration Wizard

After SNMP communities area checked, another login is required to verify the new credentials.


Controller Web Configuration Wizard (Cont.)


Controller Web Configuration Wizard (Cont.)


Connect to the Controller Web Interface

After the controller web configuration wizard saves the configuration and reboots the controller, HTTPS access is enabled and HTTP access is disabled by default.


Menu Bar

John Bartenhagen

Q2Dev: On the left, under "Monitor," the word "Controller" should be lowercase. -EDIT.


Administrative Commands

In configuration tasks, clicking Apply validates the configuration. Clicking Save Configuration writes it to NVRAM.


Management > Local Management Users

Local management user accounts are used by both the CLI and the controller web interface.


Security > TACACS+


Management > Mgmt via Wireless

The Cisco Wireless LAN Controller can be managed via WLAN clients, but this capability is disabled by default.


Example: Interface Creation


Example: WLAN Creation


Example: Mapping WLAN to AP

Optional step: WLAN override


Example: Mapping WLAN to AP (Cont.)


Controller Files AP code file AES combined image

− Bootloader file− RTOS – Real Time Operating System of controller− Code file

Can be upgraded from CLI or web interface In the web interface, these three are under one single file

Configuration file– Can be uploaded/downloaded via TFTP from CLI or web

interface– In 4.2 and later, an XML file; prior to 4.2, a binary file– V4.2 configuration file not accepted on pre-4.2 controllers and

vice-versa. AP gets its configuration and code from the controller


Controller Code Releases

ED: newest features MD: bug fixes Also deferred releases


show run-config(Cisco Controller) >show run?run-config running-config(Cisco Controller) >show run-config System InventoryNAME: "Chassis" , DESCR: "Chassis"PID: AIR-WLC4402-12-K9, VID: V02, SN: FOC1140F09D

Burned-in MAC Address............................ 00:1D:45:5E:00:E0Crypto Accelerator 1............................. AbsentCrypto Accelerator 2............................. AbsentPower Supply 1................................... AbsentPower Supply 2................................... Present, OKSystem InformationManufacturer's Name.............................. Cisco Systems Inc.Product Name..................................... Cisco ControllerProduct Version.................................. 5.0.148RTOS Version..................................... 5.0.148Bootloader Version............................... 4.0.191.0Build Type....................................... DATA + WPS

System Name...................................... sw2System Location.................................. System Contact................................... System ObjectID.................................. 1.3.6.1.4.1.14179.1.1.4.3IP Address....................................... 10.9.4.20System Up Time................................... 0 days 0 hrs 3 mins 40 secs

Configured Country............................... GB - United KingdomOperating Environment............................ Commercial (0 to 40 C)


show running-config

(Cisco Controller) >show run?run-config running-config(Cisco Controller) >show running-config 802.11a cac voice tspec-inactivity-timeout ignore 802.11a cac voice stream-size 84000 max-streams 2 802.11b cac voice tspec-inactivity-timeout ignore 802.11b cac voice stream-size 84000 max-streams 2 advanced 802.11a receiver pico-cell-V2 rx_sense_thrld 0 0 0 advanced 802.11a receiver pico-cell-V2 cca_sense_thrld 0 0 0 advanced 802.11a receiver pico-cell-V2 sta_tx_pwr 0 0 0 advanced 802.11b tx-power-control-thresh -65 advanced location expiry tags 1200 advanced location expiry client 150 advanced location expiry calibrating-client 30 advanced location expiry rogue-aps 1200Cisco Public Safety is not allowed to set in this domaincountry GB interface create vlan80 80interface address management 10.9.4.20 255.255.255.0 10.9.4.1 interface address service-port 192.168.1.2 255.255.255.0 interface address virtual 1.1.1.1 interface dhcp management primary 10.9.4.10interface dhcp service-port disable interface vlan vlan80 80 interface port management 1 logging buffered 1macfilter add 00:0b:85:72:14:a0 0 management macfilter add 00:0b:85:72:18:10 0 management


Summary Controllers have ports, static and dynamic interfaces, and

WLANs. Upon startup, a boot menu allows several options, such as

system upgrade or configuration clearup. If a controller does not have any prior configuration, a CLI wizard

appears. Initial setup is also possible using a web interface. Once configured, the controller web interface is accessible using

HTTPS. Items are usually created in a two-step process: creating the item

and then configuring it. Controller code and configuration files can be managed from the

web interface or the CLI. Version 4.2 and later have a new configuration file format.


Technology

Iuwne10 S02 L02