Iuwne10 S02 L02
-
Upload
ravi-ranjan -
Category
Technology
-
view
774 -
download
0
Transcript of Iuwne10 S02 L02
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—2-1
Basic Cisco WLAN Installation
Configuring a Controller
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—2-2
Terminology
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—2-3
PortsCisco wireless controllers use ports for the following features: Controlling of associated Cisco wireless AP Distribution system to enterprise network
– Can assign multiple interfaces to a port– Data must be untagged or tagged to support multiple VLANs on the
same trunk
LWAPP header contains client WLAN information, which is then translated into VLAN tags on the distribution port.
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—2-4
Interfaces
Cisco wireless interface configuration allows the association of a VLAN name to a VLAN ID, which are then mapped to a physical port and WLAN, Must assign each interface to a port for distribution into the enterprise Cannot assign multiple ports to an interface Can assign multiple WLANs to an interface
The VLAN ID will represent either untagged traffic (value 0) or IEEE 802.1Q tagged traffic (value 1-4095). Can assign multiple interfaces to a port
All interfaces must be assigned to all Cisco wireless controllers in a mobility group to allow seamless roaming.Various types of interfaces
Static– Management– AP–Manager– Service port– Virtual
Dynamic– User defined
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—2-5
Management Interface
Cisco wireless uses the management interface as the default interface for in-band management of the Cisco wireless controller and connectivity to enterprise services such as AAA Must be in a different VLAN or subnetwork than the service port interface
Cisco wireless uses the management interface for Layer 2 LWAPP communications between Cisco wireless controllers and APs Listens for messages through Layer 2 network to auto-discover, associate,
and communicate with Cisco AP
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—2-6
AP Manager Interface
Cisco wireless uses the AP-Manager interface as the source IP address for communications from the Cisco wireless controller to Cisco APs Must be a unique IP address, preferably in the same subnetwork or
network as the management interface and assigned to the same port Should be created at the same time that Layer 3 communications are
configured
Cisco wireless uses the AP-Manager interface for Layer 3 LWAPP communications between controllers and APs Listens for messages through Layer 3 network to auto-discover, associate
and communicate with Cisco AP
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—2-7
Controller > Interfaces > Edit
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—2-8
Virtual Interface
Virtual interface is used when supporting the following features: Mobility management
– Mobile client uses same virtual IP address across multiple controllers
DHCP relay– Client uses virtual IP address as DHCP server address
Layer 3 security– Web authentication uses the virtual interface as the gateway IP
address
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—2-9
Controller > Interfaces > Edit
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—2-10
Associated only with the service port on the Cisco wireless controller front panel 10/100Base-T Ethernet port dedicated out-of-band management Must be in a different VLAN/subnetwork than the management port
interface
You cannot assign a gateway to the service port interface, but must set up static routes if you wish to connect to the service port from remote networksThe service port is not auto-sensing You must use a straight-through Ethernet cable to connect to controllers
and hubs You must use a crossover Ethernet cable to connect to routers and
workstations
Service Port Interface
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—2-11
Controller > Interfaces > Edit
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—2-12
Dynamic Interfaces
Dynamic Interfaces are generally designed for WLAN client data and provide support for multiple VLAN instances
These interfaces are manually configured by the administrator Configuration details include:
– VLAN ID– IP Address, mask and gateway information– Physical port assignment– DHCP server support– ACL support
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—2-13
Controller > Interfaces > New and Edit
Upon clicking Apply
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—2-14
Controller Initial Setup OptionsSerial console port: Available on all models Male DB-9 pin connector or RJ45
– Supports pins 2,3, & 5– Default port configuration
9600 baud 8 data bits 1 stop bit No parity No hardware flow control
DB-9 female-to-female null-modem serial cable
Dedicated to Cisco Unified Wireless Network software management
– Ensures access to CLI in the event of a network failure
– Can be used for initial installation– Access to CLI only
Service interface port: Not available on all models 10/100Base-TX Ethernet port, which
is speed auto-sensing Service interface port auto-senses
for DTE / DCE– Straight-through or crossover
Ethernet cable to controller or hub Category 5 Ethernet cable Dedicated to controller management
– Ensures access to Cisco AireOS in the event of a network failure
– Can be used for initial configuration or out of band management
– Has a default 192.168.1.1/24 default IP address
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—2-15
Boot Options
The controller boot sequence will always have these option available, since this is set in PROM to ensure controller recovery options.
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—2-16
Run Primary or Backup Image
Version
If no escape key is pressed to halt the boot process and enter the boot options menu, the boot process begins automatically.
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—2-17
Run Primary or Backup Image (Cont.)
Web authentication certificate not found (error) only after initial controller boot or controller upgrade.
Cisco Wizard Configuration Tool begins automatically, if there is no saved configuration.
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—2-18
CLI Wizard Configuration Tool
Welcome to the Cisco Wizard Configuration ToolUse the '-' character to backupSystem Name [Cisco_40:d3:23]: sw2Enter Administrative User Name (24 characters max): admin2Enter Administrative Password (24 characters max): *******Re-enter Administrative Password : *******
Service Interface IP Address Configuration [none][DHCP]: noneService Interface IP Address: 192.168.1.2Service Interface Netmask: 255.255.255.0
Enable Link Aggregation (LAG) [yes][NO]:
Management Interface IP Address: 10.10.10.20Management Interface Netmask: 255.255.255.0Management Interface Default Router: 10.10.10.1Management Interface VLAN Identifier (0 = untagged): Management Interface Port Num [1 to 2]: 1Management Interface DHCP Server IP Address: 10.10.10.10
Virtual Gateway IP Address: 1.1.1.1
Mobility/RF Group Name: Group2
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—2-19
CLI Wizard Configuration Tool (Cont.)
Enable Symmetric Mobility Tunneling [yes][NO]: no
Network Name (SSID): Open2Allow Static IP Addresses [YES][no]: no
Configure a RADIUS Server now? [YES][no]: noWarning! The default WLAN security policy requires a RADIUS server.Please see documentation for more details.
Enter Country Code (enter 'help' for a list of countries) [US]:
Enable 802.11b Network [YES][no]: Enable 802.11a Network [YES][no]: Enable 802.11g Network [YES][no]: Enable Auto-RF [YES][no]: Configure a NTP server now? [YES][no]: noConfigure the system time now? [YES][no]: noWarning! No AP will come up unless the time is set.
Please see documentation for more details Configuration correct? If yes, system will save it and reset. [yes][NO]:
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—2-20
Command Line Interface (CLI)Basic Command SetUser: admin2Password:*******(Cisco Controller) >?
clear Clear selected configuration elements.config Configure switch options and settings.debug Manages system debug options.help Helplinktest Perform a link test to a specified MAC address.logout Exit this session. Any unsaved changes are lost.ping Send ICMP echo packets to a specified IP address.reset Reset options.save Save switch configurations.show Display switch options and settings.transfer Transfer a file to or from the switch.
(Cisco Controller) >s?save show(Cisco Controller) >sa?save(Cisco Controller) >save ?
config Save current settings to NVRAM.
(Cisco Controller) >save config ?(Cisco Controller) >save config
Are you sure you want to save? (y/n) y
Configuration Saved!
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—2-21
Command Line Interface (CLI)config and debug Commands(Cisco Controller) >config ?
802.11a Configures 802.11a parameters.802.11b Configures 802.11b parameters.802.11h Configures 802.11h parameters.aaa Configures AAA related items.acl Configures Access Control Lists.advanced Advanced Configuration.ap Configures Cisco APsauth-list Configures ap authorization list.boot Configures the default boot image.cdp Configure Cisco Discovery Protocol<…> output omitted
Cisco Controller) >debug ?
aaa Configures the AAA debug options.airewave-director Configures the Airewave Director debug optionsap Configures debug of Cisco AP.arp Configures debug of ARP.bcast Configures debug of broadcast.cac Configures the call admission control (CAC) debug options.cdp Configures debug of cdp.crypto Configures the Hardware Crypto debug options.dhcp Configures the DHCP debug options.client Enables debugs for common client problems.disable-all Disables all debug messages.
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—2-22
Controller Web Configuration Wizard Login
If you attempt to use HTTPS, you will receive an error.
Initial system configuration will support only HTTP access.
Default IP address is 192.168.1.1/24.
Username: adminPassword: admin
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—2-23
Controller Web Configuration Wizard
After SNMP communities area checked, another login is required to verify the new credentials.
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—2-24
Controller Web Configuration Wizard (Cont.)
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—2-25
Controller Web Configuration Wizard (Cont.)
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—2-26
Connect to the Controller Web Interface
After the controller web configuration wizard saves the configuration and reboots the controller, HTTPS access is enabled and HTTP access is disabled by default.
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—2-27
Menu Bar
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—2-28
Administrative Commands
In configuration tasks, clicking Apply validates the configuration. Clicking Save Configuration writes it to NVRAM.
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—2-29
Management > Local Management Users
Local management user accounts are used by both the CLI and the controller web interface.
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—2-30
Security > TACACS+
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—2-31
Management > Mgmt via Wireless
The Cisco Wireless LAN Controller can be managed via WLAN clients, but this capability is disabled by default.
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—2-32
Example: Interface Creation
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—2-33
Example: WLAN Creation
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—2-34
Example: Mapping WLAN to AP
Optional step: WLAN override
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—2-35
Example: Mapping WLAN to AP (Cont.)
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—2-36
Controller Files AP code file AES combined image
− Bootloader file− RTOS – Real Time Operating System of controller− Code file
Can be upgraded from CLI or web interface In the web interface, these three are under one single file
Configuration file– Can be uploaded/downloaded via TFTP from CLI or web
interface– In 4.2 and later, an XML file; prior to 4.2, a binary file– V4.2 configuration file not accepted on pre-4.2 controllers and
vice-versa. AP gets its configuration and code from the controller
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—2-37
Controller Code Releases
ED: newest features MD: bug fixes Also deferred releases
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—2-38
show run-config(Cisco Controller) >show run?run-config running-config(Cisco Controller) >show run-config System InventoryNAME: "Chassis" , DESCR: "Chassis"PID: AIR-WLC4402-12-K9, VID: V02, SN: FOC1140F09D
Burned-in MAC Address............................ 00:1D:45:5E:00:E0Crypto Accelerator 1............................. AbsentCrypto Accelerator 2............................. AbsentPower Supply 1................................... AbsentPower Supply 2................................... Present, OKSystem InformationManufacturer's Name.............................. Cisco Systems Inc.Product Name..................................... Cisco ControllerProduct Version.................................. 5.0.148RTOS Version..................................... 5.0.148Bootloader Version............................... 4.0.191.0Build Type....................................... DATA + WPS
System Name...................................... sw2System Location.................................. System Contact................................... System ObjectID.................................. 1.3.6.1.4.1.14179.1.1.4.3IP Address....................................... 10.9.4.20System Up Time................................... 0 days 0 hrs 3 mins 40 secs
Configured Country............................... GB - United KingdomOperating Environment............................ Commercial (0 to 40 C)
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—2-39
show running-config
(Cisco Controller) >show run?run-config running-config(Cisco Controller) >show running-config 802.11a cac voice tspec-inactivity-timeout ignore 802.11a cac voice stream-size 84000 max-streams 2 802.11b cac voice tspec-inactivity-timeout ignore 802.11b cac voice stream-size 84000 max-streams 2 advanced 802.11a receiver pico-cell-V2 rx_sense_thrld 0 0 0 advanced 802.11a receiver pico-cell-V2 cca_sense_thrld 0 0 0 advanced 802.11a receiver pico-cell-V2 sta_tx_pwr 0 0 0 advanced 802.11b tx-power-control-thresh -65 advanced location expiry tags 1200 advanced location expiry client 150 advanced location expiry calibrating-client 30 advanced location expiry rogue-aps 1200Cisco Public Safety is not allowed to set in this domaincountry GB interface create vlan80 80interface address management 10.9.4.20 255.255.255.0 10.9.4.1 interface address service-port 192.168.1.2 255.255.255.0 interface address virtual 1.1.1.1 interface dhcp management primary 10.9.4.10interface dhcp service-port disable interface vlan vlan80 80 interface port management 1 logging buffered 1macfilter add 00:0b:85:72:14:a0 0 management macfilter add 00:0b:85:72:18:10 0 management
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—2-40
Summary Controllers have ports, static and dynamic interfaces, and
WLANs. Upon startup, a boot menu allows several options, such as
system upgrade or configuration clearup. If a controller does not have any prior configuration, a CLI wizard
appears. Initial setup is also possible using a web interface. Once configured, the controller web interface is accessible using
HTTPS. Items are usually created in a two-step process: creating the item
and then configuring it. Controller code and configuration files can be managed from the
web interface or the CLI. Version 4.2 and later have a new configuration file format.
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—2-41