Cisco Controller Welcome to the Cisco Wizard Configuration Tool Use the ‘-’ character to backup System Name [Cisco_32:af:43]: For the CCNA Wireless exam, you should be familiar with the
Trang 1Step 3. Manually update images.
Step 4. Change the active boot image
Step 5. Clear the configuration
The correct choice at this point is to run the primary image When the HTML interface is accessible, you can upgrade the code on the controller Because this is covered in Chapter 19, “Maintaining Wireless Networks,” it will not be covered now Of course, you can also manually update the image, as seen in Step 3 Alternatively, you can change the active boot image or clear the configuration file
Performing Initial CLI Configurations Initially, the controller looks for a configuration file If the controller finds such a file, it loads it and then prompts you for a username and password If no configuration exists, you see a prompt to run through a dialog and a message stating that the certificate was not found, as in Example 13-2
Example 13-2 Certificate Not Found Message
Starting LOCP: ok Starting CIDS Services: ok Starting Ethernet-over-IP: ok Starting Management Services:
Web Server: ok CLI: ok
Secure Web: Web Authentication Certificate not found (error).
(Cisco Controller)
Welcome to the Cisco Wizard Configuration Tool Use the ‘-’ character to backup
System Name [Cisco_32:af:43]:
For the CCNA Wireless exam, you should be familiar with the CLI Wizard Configuration tool This tool is designed for quick setup of the controller Example 13-3 shows a CLI Wizard configuration
Note During the startup script, any time that you make a mistake after pressing the Enter key, you can move back a step to fix the error by pressing the ( - ) key.
Example 13-3 CLI Wizard Configuration
Welcome to the Cisco Wizard Configuration Tool Use the ‘-’ character to backup
System Name [Cisco_32:af:43]: WLC_1
Key
Topic
Trang 2Enter Administrative Password (24 characters max): *****
Re-enter Administrative Password : *****
Service Interface IP Address Configuration [none][DHCP]: 10.1.1.1
Invalid response
Service Interface IP Address Configuration [none][DHCP]: none Service Interface IP Address: 10.1.1.1
Service Interface Netmask: 255.255.255.0
Enable Link Aggregation (LAG) [yes][NO]:
Management Interface IP Address: 192.168.1.75 Management Interface Netmask: 255.255.255.0 Management Interface Default Router: 192.168.1.1
Management Interface VLAN Identifier (0 = untagged):
Management Interface Port Num [1 to 2]: 1 Management Interface DHCP Server IP Address: 192.168.1.1
AP Transport Mode [layer2][LAYER3]:
AP Manager Interface IP Address: 192.168.1.80
AP-Manager is on Management subnet, using same values
AP Manager Interface DHCP Server (192.168.1.1):
Virtual Gateway IP Address: 1.1.1.1 Mobility/RF Group Name: CP_Mobile1 Enable Symmetric Mobility Tunneling [yes][NO]: no Network Name (SSID): OpenAccess
Allow Static IP Addresses [YES][no]:
Configure a RADIUS Server now? [YES][no]:
Enter the RADIUS Server’s Address: -Configure a RADIUS Server now? [YES][no]: no
Warning! The default WLAN security policy requires a RADIUS server.
Please see documentation for more details.
Enter Country Code list (enter ‘help’ for a list of countries) [US]:
Enable 802.11b Network [YES][no]:
Enable 802.11a Network [YES][no]:
Enable 802.11g Network [YES][no]:
Enable Auto-RF [YES][no]:
Configuration saved!
Resetting system with new configuration
Configuration saved!
Resetting system with new configuration
Bootloader 4.1.171.0 (Apr 27 2007 - 05:19:36) Motorola PowerPC ProcessorID=00000000 Rev PVR=80200020 CPU: 833 MHz
CCB: 333 MHz DDR: 166 MHz LBC: 41 MHz
continues
Trang 3L1 D-cache 32KB, L1 I-cache 32KB enabled.
I2C: ready`
DTT: 1 is 31 C DRAM: DDR module detected, total size:512MB.
512 MB
8540 in PCI Host Mode.
8540 is the PCI Arbiter.
Memory Test PASS
After the controller reboots, you are prompted for a username This, of course, is the user-name that you created in the CLI Wizard:
Enter User Name (or ‘Recover-Config’ this one-time only to reset configura-tion to factory defaults)
User: admin Password:*****
(Cisco Controller) >
After you are authenticated, you can become familiar with some of the commands
avail-able to you in the CLI Press the question mark key (?) to get a list of commands Similar
to the Cisco routers and security appliances, the ? can follow a letter to give you a list of commands that begin with that letter For example, issuing the p? command shows that
ping is available Use the space key to complete the command if it is unique Ping is a
com-mon utility that helps to verify connectivity Another comcom-mon command is the command
to save your work Unlike Cisco routers, copy run start does not work here Instead, you use the save config command In Example 13-4, you can see the process of saving the
configuration After you issue the command, you are asked to verify You need not press
Enter after making your selection Simply press the letter y for yes and press n for no.
Example 13-4 Saving Your Configuration from the CLI
(Cisco Controller) >save config Are you sure you want to save? (y/n) y
Configuration Saved!
(Cisco Controller) >
Just as routers have a global configuration mode, so does the controller Accessing the configuration mode of the controller is a little different from what you might expect You
use the config command followed by what it is you want to configure For example, if you want to configure 802.11a parameters, you type config 802.11a ? You need to type the ?
because you have to enter the complete string, and the question mark helps you find the syntax, as demonstrated in Example 13-5
Trang 4Example 13-5 Using the ? Help Facility
(Cisco Controller) >config 802.11a ?
11nSupport Configure 802.11n-5Ghz parameters.
antenna Configures the 802.11a antenna beaconperiod Configures the 802.11a beacon interval (20 1000) cac Configure Call Admission Control parameters for 802.11a radios.
channel Configures the 802.11a channel chan_width Configure 802.11a channel width disable Disables 802.11a.
dtim Configures the 802.11a DTIM Period enable Enables 802.11a.
fragmentation Configures the 802.11a Fragmentation Threshold l2roam Configures 802.11a l2roam information.
pico-cell Configures the 802.11a pico-cell mode picocell-V2 Configures the 802.11a picocell-V2 mode rate Configures 802.11a operational rates.
txPower Configures the 802.11a Tx Power Level dtpc Configures the 802.11a DTPC Setting tsm Configures the 802.11a Traffic stream Metrics option exp-bwreq Configures the 802.11a Expedited BW Request option (Cisco Controller) >config 802.11a
You can also perform debug commands from the CLI interface This is important because
these commands are not available from the web interface
Note: debug commands, although useful, can be dangerous They take up a lot of
re-sources, so use them sparingly Also, they turn off when your session times out
Performing Initial Web Configurations You can connect to the web interface without ever running though the CLI by browsing to the default IP address on the controller, which is 192.168.1.1 Assume, for the purposes of demonstration, that the controller IP address is 192.168.1.50 This is the IP address that has been assigned to the management interface When you browse to the controller after us-ing the Setup dialog, you use HTTPS, as seen in Figure 13-1
After you have accessed the Controller Login page, click the Login button You then see
the controller Summary page, shown in Figure 13-2
Navigating the Web Interface of the Controller
It is beneficial to take time to understand the controller interface The main menus along the top of the interface are as follows:
Trang 5Figure 13-1 Browsing to the Controller
Figure 13-2 Controller Summary
Trang 6Figure 13-3 WIRELESS Submenus
■ SECURITY
■ HELP Also, along the top right you have access to links that save your configuration, access a ping utility, log out, and refresh the page
When you select one of the top-level configuration tabs, the menu in the left margin of the screen changes The change enables configuration and monitoring options that pertain
to the main level with which you are working For example, if you are working in the WIRELESS tab, the left menus include the following configuration areas, as seen in Figure 13-3:
■ Access Points
■ Mesh
■ HREAP Groups
■ 802.11a/n
Trang 7■ 802.11b/g/n
■ QoS Each top-level heading you change results in a new side menu
Configuring the Controller Using the Web Interface
For this example, you build basic wireless connectivity The process is as follows:
■ Build the controller interface
■ Create the WLAN and tie it to the interface
■ Modify security settings
Building the controller interface is required because, as you might recall from the begin-ning of this chapter, the interface is a logical entity It is not a physical port that you can touch, although the interface you create will end up having access to the network via one
of the physical ports After you have created the interface, you need to create the WLAN The WLAN defines the wireless side, whereas the interface creates the wired side of the configuration You then need to bind these two to each other so that users on the wireless side can access the wired side of the network
The default settings for a WLAN apply certain security settings that prohibit a user from connecting without additional configuration The last step in creating a functional WLAN allowing anyone access with no security is to modify the security settings of the WLAN The following sections detail the process
Building the Controller Interface
Step 1. Create an interface in the controller that ties to the VLAN that you want the
GUESTNET users on
CONTROLLER > Interfaces > New Step 2. Populate the fields with the appropriate values for the Interface Name and
VLAN Id fields, as shown in Figure 13-4 Click Apply.
Step 3. Define the IP address for this interface This should be an address that resides
on the same subnet as the GUEST_LAN network
In Figure 13-5, the IP address is 172.30.1.50, and the gateway is 172.30.1.1
Step 4. Next, on the same configuration page shown in Figure 13-5, select a physical
port for this GUEST_LAN to use to access the wired network In the example, port 1 is used because it is a trunk back to the switch that accesses the wired network
Step 5. The next step involves defining the DHCP servers These servers assign IP
ad-dresses to the clients that access the network In the example, the DHCP server is 172.30.1.1, which is the same as the gateway The controller queries this DHCP server when clients need IP addresses
Step 6 Click Apply.
Key
Topic
Trang 8Figure 13-4 Creating the GUEST_LAN Interface
Figure 13-5 Adding an IP Address to the GUEST_LAN Interface
Trang 9Note You will receive a message indicating that WLANS are disabled temporarily when you click Apply This is normal
After you click Apply, you are returned to the list of interfaces seen in Figure 13-6 Notice that physical interfaces are listed here, such as the service-port, ap-manager, and manage-ment These interfaces are tied to VLANs that you can access via the physical connec-tion—port 1 Port 1 is connected to a switch and is operating as an 802.1Q trunk
The GUEST_LAN interface that you created ties the controller to the wired network over port 1 on VLAN 80 No WLAN is associated with it, and no AP is sending beacons adver-tising GUEST_LAN access That part has yet to be configured
Creating the WLAN and Tying It to the Interface The next piece of the configuration is creating the wireless side
Step 1 Choose WLANs > New.
You see a configuration page that assigns an arbitrary WLAN ID to the WLAN that you are creating In the case of Figure 13-7, the WLAN ID is 2
Step 2. Give the WLAN a profile name
Step 3. Give the WLAN an SSID In this case, the SSID chosen is GUESTNET
Figure 13-6 Interface Listing
Trang 10Figure 13-7 Creating the WLAN Profile Name
Step 4 Click Apply.
The next page that you arrive at has four tabs, seen in Figure 13-8 These tabs allow you to configure the General, Security, QoS, and Advanced settings for the WLAN
Step 5. On the General tab, make sure of the following:
■ The WLAN Status is Enabled If it is not, the WLAN settings are not sent
to all APs
Note: Skip the Security Policies field You will change this in the Security tab
■ For the Radio Policy, if All is left selected, all radios are available for the
GUESTNET network It is common to allow 802.11b/g for guests and then use 802.11a for private WLANs, because 802.11b/g usually experience more interference than 802.11a For guests, quality of service is probably not the highest concern; however, it is for internal users For now, just leave
Radio Policy at the default value of All.
Step 6. Next is the important step of choosing the interface in the Interface
drop-down that ties this GUESTNET WLAN to the guest_lan physical interface on
VLAN 80 If you choose the wrong interface here, people can end up on the wrong network