• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Iuwne10 S02 L02
 

Iuwne10 S02 L02

on

  • 816 views

 

Statistics

Views

Total Views
816
Views on SlideShare
812
Embed Views
4

Actions

Likes
0
Downloads
66
Comments
0

2 Embeds 4

http://www.slideshare.net 3
http://www.techgig.com 1

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Iuwne10 S02 L02 Iuwne10 S02 L02 Presentation Transcript

    • Basic Cisco WLAN Installation Configuring a Controller
    • Terminology
    • Ports
      • Cisco wireless controllers use ports for the following features:
        • Controlling of associated Cisco wireless AP
        • Distribution system to enterprise network
          • Can assign multiple interfaces to a port
          • Data must be untagged or tagged to support multiple VLANs on the same trunk
      LWAPP header contains client WLAN information, which is then translated into VLAN tags on the distribution port.
    • Interfaces
      • Cisco wireless interface configuration allows the association of a VLAN name to a VLAN ID, which are then mapped to a physical port and WLAN,
        • Must assign each interface to a port for distribution into the enterprise
        • Cannot assign multiple ports to an interface
        • Can assign multiple WLANs to an interface
      • The VLAN ID will represent either untagged traffic (value 0) or IEEE 802.1Q tagged traffic (value 1-4095).
        • Can assign multiple interfaces to a port
      • All interfaces must be assigned to all Cisco wireless controllers in a mobility group to allow seamless roaming.
      • Various types of interfaces
        • Static
          • Management
          • AP – Manager
          • Service port
          • Virtual
        • Dynamic
          • User defined
    • Management Interface
      • Cisco wireless uses the management interface as the default interface for in-band management of the Cisco wireless controller and connectivity to enterprise services such as AAA
        • Must be in a different VLAN or subnetwork than the service port interface
      • Cisco wireless uses the management interface for Layer 2 LWAPP communications between Cisco wireless controllers and APs
        • Listens for messages through Layer 2 network to auto-discover, associate, and communicate with Cisco AP
    • AP Manager Interface
      • Cisco wireless uses the AP-Manager interface as the source IP address for communications from the Cisco wireless controller to Cisco APs
        • Must be a unique IP address, preferably in the same subnetwork or network as the management interface and assigned to the same port
        • Should be created at the same time that Layer 3 communications are configured
      • Cisco wireless uses the AP-Manager interface for Layer 3 LWAPP communications between controllers and APs
        • Listens for messages through Layer 3 network to auto-discover, associate and communicate with Cisco AP
    • Controller > Interfaces > Edit
    • Virtual Interface
      • Virtual interface is used when supporting the following features:
        • Mobility management
          • Mobile client uses same virtual IP address across multiple controllers
        • DHCP relay
          • Client uses virtual IP address as DHCP server address
        • Layer 3 security
          • Web authentication uses the virtual interface as the gateway IP address
    • Controller > Interfaces > Edit
      • Associated only with the service port on the Cisco wireless controller front panel 10/100Base-T Ethernet port dedicated out-of-band management
        • Must be in a different VLAN/subnetwork than the management port interface
      • You cannot assign a gateway to the service port interface, but must set up static routes if you wish to connect to the service port from remote networks
      • The service port is not auto-sensing
        • You must use a straight-through Ethernet cable to connect to controllers and hubs
        • You must use a crossover Ethernet cable to connect to routers and workstations
      Service Port Interface
    • Controller > Interfaces > Edit
    • Dynamic Interfaces
        • Dynamic Interfaces are generally designed for WLAN client data and provide support for multiple VLAN instances
        • These interfaces are manually configured by the administrator
        • Configuration details include:
          • VLAN ID
          • IP Address, mask and gateway information
          • Physical port assignment
          • DHCP server support
          • ACL support
    • Controller > Interfaces > New and Edit Upon clicking Apply
    • Controller Initial Setup Options
      • Serial console port:
        • Available on all models
        • Male DB-9 pin connector or RJ45
          • Supports pins 2,3, & 5
          • Default port configuration
            • 9600 baud
            • 8 data bits
            • 1 stop bit
            • No parity
            • No hardware flow control
        • DB-9 female-to-female null-modem serial cable
        • Dedicated to Cisco Unified Wireless Network software management
          • Ensures access to CLI in the event of a network failure
          • Can be used for initial installation
          • Access to CLI only
      • Service interface port:
        • Not available on all models
        • 10/100Base-TX Ethernet port, which is speed auto-sensing
        • Service interface port auto-senses for DTE / DCE
          • Straight-through or crossover Ethernet cable to controller or hub
        • Category 5 Ethernet cable
        • Dedicated to controller management
          • Ensures access to Cisco AireOS in the event of a network failure
          • Can be used for initial configuration or out of band management
          • Has a default 192.168.1.1/24 default IP address
    • Boot Options The controller boot sequence will always have these option available, since this is set in PROM to ensure controller recovery options.
    • Run Primary or Backup Image Version If no escape key is pressed to halt the boot process and enter the boot options menu, the boot process begins automatically.
    • Run Primary or Backup Image (Cont.) Web authentication certificate not found (error) only after initial controller boot or controller upgrade. Cisco Wizard Configuration Tool begins automatically, if there is no saved configuration.
    • CLI Wizard Configuration Tool Welcome to the Cisco Wizard Configuration Tool Use the '-' character to backup System Name [Cisco_40:d3:23]: sw2 Enter Administrative User Name (24 characters max): admin2 Enter Administrative Password (24 characters max): ******* Re-enter Administrative Password : ******* Service Interface IP Address Configuration [none][DHCP]: none Service Interface IP Address: 192.168.1.2 Service Interface Netmask: 255.255.255.0 Enable Link Aggregation (LAG) [yes][NO]: Management Interface IP Address: 10.10.10.20 Management Interface Netmask: 255.255.255.0 Management Interface Default Router: 10.10.10.1 Management Interface VLAN Identifier (0 = untagged): Management Interface Port Num [1 to 2]: 1 Management Interface DHCP Server IP Address: 10.10.10.10 Virtual Gateway IP Address: 1.1.1.1 Mobility/RF Group Name: Group2
    • CLI Wizard Configuration Tool (Cont.) Enable Symmetric Mobility Tunneling [yes][NO]: no Network Name (SSID): Open2 Allow Static IP Addresses [YES][no]: no Configure a RADIUS Server now? [YES][no]: no Warning! The default WLAN security policy requires a RADIUS server. Please see documentation for more details. Enter Country Code (enter 'help' for a list of countries) [US]: Enable 802.11b Network [YES][no]: Enable 802.11a Network [YES][no]: Enable 802.11g Network [YES][no]: Enable Auto-RF [YES][no]: Configure a NTP server now? [YES][no]: no Configure the system time now? [YES][no]: no Warning! No AP will come up unless the time is set. Please see documentation for more details Configuration correct? If yes, system will save it and reset. [yes][NO]:
    • Command Line Interface (CLI) Basic Command Set User: admin2 Password: ******* (Cisco Controller) > ? clear Clear selected configuration elements. config Configure switch options and settings. debug Manages system debug options. help Help linktest Perform a link test to a specified MAC address. logout Exit this session. Any unsaved changes are lost. ping Send ICMP echo packets to a specified IP address. reset Reset options. save Save switch configurations. show Display switch options and settings. transfer Transfer a file to or from the switch. (Cisco Controller) > s? save show (Cisco Controller) > sa? save (Cisco Controller) > save ? config Save current settings to NVRAM. (Cisco Controller) > save config ? (Cisco Controller) >save config Are you sure you want to save? (y/n) y Configuration Saved!
    • Command Line Interface (CLI) config and debug Commands (Cisco Controller) >config ? 802.11a Configures 802.11a parameters. 802.11b Configures 802.11b parameters. 802.11h Configures 802.11h parameters. aaa Configures AAA related items. acl Configures Access Control Lists. advanced Advanced Configuration. ap Configures Cisco APs auth-list Configures ap authorization list. boot Configures the default boot image. cdp Configure Cisco Discovery Protocol <…> output omitted Cisco Controller) >debug ? aaa Configures the AAA debug options. airewave-director Configures the Airewave Director debug options ap Configures debug of Cisco AP. arp Configures debug of ARP. bcast Configures debug of broadcast. cac Configures the call admission control (CAC) debug options. cdp Configures debug of cdp. crypto Configures the Hardware Crypto debug options. dhcp Configures the DHCP debug options. client Enables debugs for common client problems. disable-all Disables all debug messages.
    • Controller Web Configuration Wizard Login If you attempt to use HTTPS, you will receive an error. Initial system configuration will support only HTTP access. Default IP address is 192.168.1.1/24. Username: admin Password: admin
    • Controller Web Configuration Wizard After SNMP communities area checked, another login is required to verify the new credentials.
    • Controller Web Configuration Wizard (Cont.)
    • Controller Web Configuration Wizard (Cont.)
    • Connect to the Controller Web Interface After the controller web configuration wizard saves the configuration and reboots the controller, HTTPS access is enabled and HTTP access is disabled by default.
    • Menu Bar
    • Administrative Commands In configuration tasks, clicking Apply validates the configuration. Clicking Save Configuration writes it to NVRAM.
    • Management > Local Management Users Local management user accounts are used by both the CLI and the controller web interface.
    • Security > TACACS+
    • Management > Mgmt via Wireless The Cisco Wireless LAN Controller can be managed via WLAN clients, but this capability is disabled by default.
    • Example: Interface Creation
    • Example: WLAN Creation
    • Example: Mapping WLAN to AP Optional step: WLAN override
    • Example: Mapping WLAN to AP (Cont.)
    • Controller Files
        • AP code file
        • AES combined image
          • Bootloader file
          • RTOS – Real Time Operating System of controller
          • Code file
            • Can be upgraded from CLI or web interface
            • In the web interface, these three are under one single file
        • Configuration file
          • Can be uploaded/downloaded via TFTP from CLI or web interface
          • In 4.2 and later, an XML file; prior to 4.2, a binary file
          • V4.2 configuration file not accepted on pre-4.2 controllers and vice-versa.
        • AP gets its configuration and code from the controller
    • Controller Code Releases
        • ED: newest features
        • MD: bug fixes
        • Also deferred releases
    • show run-config (Cisco Controller) >show run? run-config running-config (Cisco Controller) >show run-config System Inventory NAME: &quot;Chassis&quot; , DESCR: &quot;Chassis&quot; PID: AIR-WLC4402-12-K9, VID: V02, SN: FOC1140F09D Burned-in MAC Address............................ 00:1D:45:5E:00:E0 Crypto Accelerator 1............................. Absent Crypto Accelerator 2............................. Absent Power Supply 1................................... Absent Power Supply 2................................... Present, OK System Information Manufacturer's Name.............................. Cisco Systems Inc. Product Name..................................... Cisco Controller Product Version.................................. 5.0.148 RTOS Version..................................... 5.0.148 Bootloader Version............................... 4.0.191.0 Build Type....................................... DATA + WPS System Name...................................... sw2 System Location.................................. System Contact................................... System ObjectID.................................. 1.3.6.1.4.1.14179.1.1.4.3 IP Address....................................... 10.9.4.20 System Up Time................................... 0 days 0 hrs 3 mins 40 secs Configured Country............................... GB - United Kingdom Operating Environment............................ Commercial (0 to 40 C)
    • show running-config (Cisco Controller) >show run? run-config running-config (Cisco Controller) >show running-config 802.11a cac voice tspec-inactivity-timeout ignore 802.11a cac voice stream-size 84000 max-streams 2 802.11b cac voice tspec-inactivity-timeout ignore 802.11b cac voice stream-size 84000 max-streams 2 advanced 802.11a receiver pico-cell-V2 rx_sense_thrld 0 0 0 advanced 802.11a receiver pico-cell-V2 cca_sense_thrld 0 0 0 advanced 802.11a receiver pico-cell-V2 sta_tx_pwr 0 0 0 advanced 802.11b tx-power-control-thresh -65 advanced location expiry tags 1200 advanced location expiry client 150 advanced location expiry calibrating-client 30 advanced location expiry rogue-aps 1200 Cisco Public Safety is not allowed to set in this domain country GB interface create vlan80 80 interface address management 10.9.4.20 255.255.255.0 10.9.4.1 interface address service-port 192.168.1.2 255.255.255.0 interface address virtual 1.1.1.1 interface dhcp management primary 10.9.4.10 interface dhcp service-port disable interface vlan vlan80 80 interface port management 1 logging buffered 1 macfilter add 00:0b:85:72:14:a0 0 management macfilter add 00:0b:85:72:18:10 0 management
    • Summary
        • Controllers have ports, static and dynamic interfaces, and WLANs.
        • Upon startup, a boot menu allows several options, such as system upgrade or configuration clearup.
        • If a controller does not have any prior configuration, a CLI wizard appears.
        • Initial setup is also possible using a web interface.
        • Once configured, the controller web interface is accessible using HTTPS.
        • Items are usually created in a two-step process: creating the item and then configuring it.
        • Controller code and configuration files can be managed from the web interface or the CLI. Version 4.2 and later have a new configuration file format.
    •