Release 80 Wireless Controller Configuration

Cisco Wireless Controller Configuration Guide, Release 8.0

Specifications

The specifications and information regarding the products in
this manual are subject to change without notice. All statements,
information, and recommendations in this manual are believed to be
accurate but are presented without warranty of any kind, express or
implied. Users must take full responsibility for their application
of any products.

Product Information

The Cisco Wireless Controller is a core component of the Cisco
Wireless Solution. It provides centralized management and control
for wireless networks. The controller can be set up using either
wired or wireless methods. The configuration can be done through a
graphical user interface (GUI) or through a command-line interface
(CLI) configuration wizard.

Key Features

• Cisco Mobility Express

• AutoInstall Feature for Controllers Without a
  Configuration

• Default Configurations

Components

The Cisco Wireless Controller consists of the following
components:

• Controller Hardware
• Controller Software
• Configuration Wizard

Product Usage Instructions

Initial Setup

To set up the Cisco Wireless Controller, follow these steps:

1. Cisco WLAN Express Setup: Connect the controller to the network
   and configure basic settings.

2. Setting up Cisco Wireless Controller using Cisco WLAN Express
   (Wired Method): Connect the controller to the network using a wired
   connection and configure the controller.

3. Setting up Cisco Wireless Controller using Cisco WLAN Express
   (Wireless Method): Connect the controller to the network using a
   wireless connection and configure the controller.

Default Configurations

The Cisco Wireless Controller comes with default configurations
that can be used as a starting point. These configurations include
basic settings such as network name, security settings, and access
point settings.

Configuring the Controller Using the Configuration Wizard

The Cisco Wireless Controller can be configured using the
Configuration Wizard. This wizard provides a step-by-step guide to
configure various settings such as wireless networks, security
policies, and user access.

Configuring the Controller (GUI)

The Cisco Wireless Controller can also be configured through a
graphical user interface (GUI). The GUI provides an intuitive
interface for managing and configuring the controller.

Configuring the Controller Using the CLI Configuration

Wizard

For advanced users, the Cisco Wireless Controller can be
configured through a command-line interface (CLI) configuration
wizard. This wizard allows for more granular control and
customization of the controller settings.

Using the AutoInstall Feature for Controllers Without a

Configuration

The AutoInstall feature allows for easy configuration of
controllers that do not have a pre-existing configuration. This
feature automatically applies a default configuration to the
controller upon startup.

Restrictions on AutoInstall

There are certain restrictions on the use of the AutoInstall
feature. These restrictions include compatibility limitations and
specific configuration requirements. Please refer to the
documentation for more information.

FAQ

Q: How can I access the Cisco Bug Search Tool?

A: You can access the Cisco Bug Search Tool by visiting the
following URL: https://www.cisco.com/c/en/us/support/bug-tools.html

Q: How can I provide feedback on the documentation?

A: You can provide feedback on the documentation by using the
Documentation Feedback feature on the Cisco website. Simply
navigate to the relevant documentation page and click on the
“Feedback” button.

Cisco Wireless Controller Configuration Guide, Release 8.0
First Published: 2014-08-18 Last Modified: 2019-05-31
Americas Headquarters
Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000
800 553-NETS (6387) Fax: 408 527-0883

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE- NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
All printed copies and duplicate soft copies of this document are considered uncontrolled. See the current online version for the latest version.
Cisco has more than 200 offices worldwide. Addresses and phone numbers are listed on the Cisco website at www.cisco.com/go/offices.
The documentation set for this product strives to use bias-free language. For purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on standards documentation, or language that is used by a referenced third-party product.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: https://www.cisco.com/c/en/us/about/legal/trademarks.html. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R)
© 2014­2019 Cisco Systems, Inc. All rights reserved.

CONTENTS

PREFACE
PART I CHAPTER 1 CHAPTER 2

Full Cisco Trademarks with Software License ?
Preface xlv Audience xlv Conventions xlv Related Documentation xlvi Communications, Services, and Additional Information xlvii Cisco Bug Search Tool xlvii Documentation Feedback xlvii
Overview 49
Cisco Wireless Solution Overview 1 Core Components 2 Overview of Cisco Mobility Express 3
Initial Setup 5 Cisco WLAN Express Setup 5 Setting up Cisco Wireless Controller using Cisco WLAN Express (Wired Method) 8 Setting up Cisco Wireless Controller using Cisco WLAN Express (Wireless Method) 10 Default Configurations 10 Configuring the Controller Using the Configuration Wizard 11 Configuring the Controller (GUI) 12 Configuring the Controller–Using the CLI Configuration Wizard 22 Using the AutoInstall Feature for Controllers Without a Configuration 25 Restrictions on AutoInstall 26

Cisco Wireless Controller Configuration Guide, Release 8.0 iii

Contents

PART II CHAPTER 3

Obtaining an IP Address Through DHCP and Downloading a Configuration File from a TFTP Server 26
Selecting a Configuration File 27 Example: AutoInstall Operation 28 Managing the Controller System Date and Time 29 Restrictions on Configuring the Controller Date and Time 29 Configuring the Date and Time (GUI) 29 Configuring the Date and Time (CLI) 30
Management of Controllers 33
Administration of Controller 35 Using the Controller Interface 35 Using the Controller GUI 35 Guidelines and Restrictions on using Controller GUI 36 Logging On to the GUI 36 Logging out of the GUI 37 Using the Controller CLI 37 Logging on to the Controller CLI 37 Using a Local Serial Connection 37 Using a Remote Telnet or SSH Connection 38 Logging Out of the CLI 39 Navigating the CLI 39 Enabling Web and Secure Web Modes 40 Enabling Web and Secure Web Modes (GUI) 41 Enabling Web and Secure Web Modes (CLI) 41 Telnet and Secure Shell Sessions 43 Configuring Telnet and SSH Sessions (GUI) 44 Configuring Telnet and SSH Sessions (CLI) 44 Configuring Telnet Privileges for Selected Management Users (GUI) 46 Configuring Telnet Privileges for Selected Management Users (CLI) 46 Management over Wireless 47 Enabling Management over Wireless (GUI) 47 Enabling Management over Wireless (CLI) 47

Cisco Wireless Controller Configuration Guide, Release 8.0 iv

Contents

CHAPTER 4 CHAPTER 5

Configuring Management using Dynamic Interfaces (CLI) 48
Managing Licenses 49 Cisco Wireless Controller Licensing 49 Installing a License 50 Installing a License (GUI) 50 Installing a License (CLI) 51 Viewing Licenses 51 Viewing Licenses (GUI) 51 Viewing Licenses (CLI) 52 Configuring the Maximum Number of Access Points Supported 55 Configuring Maximum Number of Access Points to be Supported (GUI) 55 Configuring Maximum Number of Access Points to be Supported (CLI) 56 Troubleshooting Licensing Issues 56 Activating an AP-Count Evaluation License 56 Information About Activating an AP-Count Evaluation License 56 Activating an AP-Count Evaluation License (GUI) 57 Activating an AP-Count Evaluation License (CLI) 58 Right to Use Licensing 59 Configuring Right to Use Licensing (GUI) 60 Configuring Right to Use Licensing (CLI) 60 Rehosting Licenses 61 Information About Rehosting Licenses 61 Rehosting a License 62 Rehosting a License (GUI) 62 Rehosting a License (CLI) 63 License Agent 64 Configuring the License Agent (GUI) 65 Configuring the License Agent (CLI) 66 Retrieving the Unique Device Identifier on Controllers and Access Points 67 Retrieving the Unique Device Identifier on Controllers and Access Points (GUI) 67 Retrieving the Unique Device Identifier on Controllers and Access Points (CLI) 67
Managing Software 69

Cisco Wireless Controller Configuration Guide, Release 8.0 v

Contents

CHAPTER 6 CHAPTER 7

Upgrading the Controller Software 69 Guidelines and Restrictions for Upgrading Controller Software 69 Upgrading Controller Software (GUI) 71 Upgrading Controller Software (CLI) 73 Predownloading an Image to an Access Point 75
Access Point Predownload Process 77 Guidelines and Restrictions for Predownloading an Image to an Access Point 78 Predownloading an Image to Access Points–Global Configuration (GUI) 79 Predownloading an Image to Access Points (CLI) 80 Bootloader and Recovery Image 82
Configuring Boot Order (GUI) 82 Recovering an Access Point Using TFTP 83
Managing Configuration 85 Resetting the Controller to Default Settings 85 Resetting the Controller to Default Settings (GUI) 85 Resetting the Controller to Default Settings (CLI) 86 Saving Configurations 86 Editing Configuration Files 86 Clearing the Controller Configuration 88 Restoring Passwords 88 Rebooting the Controller 89 Transferring Files to and from a Controller 89 Backing Up and Restoring Controller Configuration 89 Uploading Configuration Files 90 Downloading Configuration Files 92 Downloading a Login Banner File 94 Downloading a Login Banner File (GUI) 95 Downloading a Login Banner File (CLI) 96 Clearing the Login Banner (GUI) 97
Network Time Protocol Setup 99 Authentication for the Controller and NTP/SNTP Server 99 Guidelines and Restrictions on NTP 99

Cisco Wireless Controller Configuration Guide, Release 8.0 vi

Contents

CHAPTER 8 CHAPTER 9

Configuring the NTP/SNTP Server to Obtain the Date and Time (GUI) 99 Configuring the NTP/SNTP Server to Obtain the Date and Time (CLI) 100
High Availability 103 Information About High Availability 103 Restrictions for High Availability 108 Configuring High Availability (GUI) 111 Enabling High Availability (CLI) 113 Configuring High Availability Parameters (CLI) 114 Replacing the Primary Controller in an HA Setup 115
Managing Certificates 117 Information about Loading an Externally Generated SSL Certificate 117 Loading an SSL Certificate (GUI) 118 Loading an SSL Certificate (CLI) 118 Downloading Device Certificates 119 Downloading Device Certificates (GUI) 120 Downloading Device Certificates (CLI) 121 Uploading Device Certificates 122 Uploading Device Certificates (GUI) 122 Uploading Device Certificates (CLI) 123 Downloading CA Certificates 124 Download CA Certificates (GUI) 124 Downloading CA Certificates (CLI) 125 Uploading CA Certificates 126 Uploading CA Certificates (GUI) 126 Uploading CA Certificates (CLI) 127 Generating a Certificate Signing Request 127 Generating a Certificate Signing Request using OpenSSL 128 Generating a Certificate Signing Request using Cisco Wireless Controller (GUI) 130 Downloading Third-Party Certificate 131 Downloading Third-Party Certificate (GUI) 131 Downloading Third-Party Certificate (CLI) 132

Cisco Wireless Controller Configuration Guide, Release 8.0 vii

Contents

CHAPTER 10

AAA Administration 133 Setting up RADIUS for Management Users 133 Restrictions on Configuring RADIUS 135 Configuring RADIUS Authentication (GUI) 135 Configuring RADIUS Accounting Servers (GUI) 138 Configuring RADIUS (CLI) 141 RADIUS Authentication Attributes Sent by the Controller 146 Authentication Attributes Honored in Access-Accept Packets (Airespace) 148 RADIUS Accounting Attributes 156 RADIUS VSA 158 Sample RADIUS AVP List XML File 158 Downloading RADIUS AVP List (GUI) 159 Uploading RADIUS AVP List (GUI) 160 Uploading and Downloading RADIUS AVP List (CLI) 160 Per-WLAN RADIUS Source Support 161 Prerequisites for Per-WLAN RADIUS Source Support 161 Configuring Per-WLAN RADIUS Source Support (GUI) 161 Configuring Per-WLAN RADIUS Source Support (CLI) 162 Monitoring the Status of Per-WLAN RADIUS Source Support (CLI) 162 RADIUS Realm 163 Disabling Accounting Servers per WLAN (GUI) 166 User Login Policies 166 Configuring User Login Policies (GUI) 167 Configuring User Login Policies (CLI) 167 AAA Override (Identity Networking) 167 RADIUS Attributes Used in Identity Networking 168 Configuring Network Access Identifier (CLI) 171 Setting up TACACS+ 172 TACACS+ VSA 174 Configuring TACACS+ (GUI) 175 Configuring TACACS+ (CLI) 177 Maximum Local Database Entries 178 Configuring Maximum Local Database Entries (GUI) 179

Cisco Wireless Controller Configuration Guide, Release 8.0 viii

Contents

CHAPTER 11 CHAPTER 12

Configuring Maximum Local Database Entries (CLI) 179
Managing Users 181 Administrator Usernames and Passwords 181 Restrictions on Managing User Accounts 181 Configuring Usernames and Passwords (GUI) 181 Configuring Usernames and Passwords (CLI) 182 Lobby Ambassador Account 183 Creating a Lobby Ambassador Account (GUI) 183 Creating a Lobby Ambassador Account (CLI) 184 Creating Guest User Accounts as a Lobby Ambassador (GUI) 184 Guest Accounts 185 Viewing the Guest Accounts (GUI) 185 Viewing the Guest Accounts (CLI) 186 Password Policies 186 Configuring Password Policies (GUI) 186 Configuring Password Policies (CLI) 187
Ports and Interfaces 189 Ports 189 Distribution System Ports 190 Restrictions for Configuring Distribution System Ports 190 Service Port 190 Configuring Ports (GUI) 191 Configuring Ports (CLI) 192 Link Aggregation 193 Restrictions on Link Aggregation 194 Configuring Link Aggregation (GUI) 196 Configuring Link Aggregation (CLI) 196 Verifying Link Aggregation Settings (CLI) 197 Configuring Neighbor Devices to Support Link Aggregation 197 Choosing Between Link Aggregation and Multiple AP-Manager Interfaces 197 Interfaces 198 Restrictions for Configuring Interfaces 199

Cisco Wireless Controller Configuration Guide, Release 8.0 ix

Contents

Dynamic AP Management 199 WLANs 199 Management Interface 201
Configuring the Management Interface (GUI) 201 Configuring the Management Interface (CLI) 203 Virtual Interface 205 Configuring Virtual Interfaces (GUI) 205 Configuring Virtual Interfaces (CLI) 206 Service-Port Interfaces 206 Restrictions on Configuring Service-Port Interfaces 207 Configuring Service- Port Interfaces Using IPv4 (GUI) 207 Configuring Service-Port Interfaces Using IPv4 (CLI) 208 Configuring Service-Port Interface Using IPv6 (GUI) 209 Configuring Service-Port Interfaces Using IPv6 (CLI) 209 Dynamic Interface 210 Prerequisites for Configuring Dynamic Interfaces 210 Restrictions on Configuring Dynamic Interfaces 210 Configuring Dynamic Interfaces (GUI) 211 Configuring Dynamic Interfaces (CLI) 212 AP-Manager Interface 214 Restrictions for Configuring AP Manager Interface 214 Configuring the AP-Manager Interface (GUI) 215 Configuring the AP Manager Interface (CLI) 216 Configuration Example: Configuring AP-Manager on a Cisco 5500 Series Controller 216 Interface Groups 218 Restrictions on Configuring Interface Groups 218 Creating Interface Groups (GUI) 219 Creating Interface Groups (CLI) 219 Adding Interfaces to Interface Groups (GUI) 219 Adding Interfaces to Interface Groups (CLI) 220 Viewing VLANs in Interface Groups (CLI) 220 Adding an Interface Group to a WLAN (GUI) 220 Adding an Interface Group to a WLAN (CLI) 221

Cisco Wireless Controller Configuration Guide, Release 8.0 x

Contents

CHAPTER 13 CHAPTER 14

IPv6 Clients 223 IPv6 Client Mobility 223 Prerequisites for Configuring IPv6 Mobility 223 Restrictions on Configuring IPv6 Mobility 224 Global IPv6 224 Restrictions on Global IPv6 224 Configuring IPv6 Globally (GUI) 225 Configuring IPv6 Globally (CLI) 225 RA Guard 225 Configuring RA Guard (GUI) 226 Configuring RA Guard (CLI) 226 RA Throttling 226 Configuring RA Throttling (GUI) 226 Configuring the RA Throttle Policy (CLI) 227 IPv6 Neighbor Discovery 227 Configuring Neighbor Binding (GUI) 228 Configuring Neighbor Binding (CLI) 228
Access Control Lists 229 Information about Access Control Lists 229 Guidelines and Restrictions on Access Control Lists 230 Configuring Access Control Lists (GUI) 231 Applying an Access Control List to an Interface (GUI) 233 Applying an Access Control List to the Controller CPU (GUI) 233 Applying an Access Control List to a WLAN (GUI) 234 Applying a Preauthentication Access Control List to a WLAN (GUI) 235 Configuring Access Control Lists (CLI) 235 Applying Access Control Lists (CLI) 236 Layer 2 Access Control Lists 237 Restrictions on Layer 2 Access Control Lists 238 Configuring Layer 2 Access Control Lists (CLI) 238 Configuring Layer 2 Access Control Lists (GUI) 239 Applying a Layer2 Access Control List to a WLAN (GUI) 240

Cisco Wireless Controller Configuration Guide, Release 8.0 xi

Contents

CHAPTER 15 CHAPTER 16

Applying a Layer2 Access Control List to an AP on a WLAN (GUI) 241 DNS-based Access Control Lists 241
Guidelines and Restrictions on DNS-based Access Control Lists 242 Configuring DNS-based Access Control Lists (CLI) 242 Configuring DNS-based Access Control Lists (GUI) 243
Multicast/Broadcast Setup 245 Multicast/Broadcast Mode 245 Restrictions on Configuring Multicast Mode 247 Enabling Multicast Mode (GUI) 249 Enabling Multicast Mode (CLI) 250 Viewing Multicast Groups (GUI) 251 Viewing Multicast Groups (CLI) 251 Viewing an Access Point’s Multicast Client Table (CLI) 252 Media Stream 253 Prerequisites for Media Stream 253 Restrictions for Configuring Media Stream 253 Configuring Media Stream (GUI) 253 Configuring Media Stream (CLI) 257 Configuring Media Parameters (GUI) 258 Viewing and Debugging Media Stream 259 Multicast Domain Name System 260 Restrictions for Configuring Multicast DNS 262 Configuring Multicast DNS (GUI) 263 Configuring Multicast DNS (CLI) 265 Bonjour Gateway Based on Access Policy 268 Restrictions on Bonjour Gateway Based on Access Policy 268 Configuring mDNS Service Groups (GUI) 269 Configuring mDNS Service Groups (CLI) 269
Controller Security 271 FIPS, CC, and UCAPL 271 FIPS 271 FIPS Self-Tests 271

Cisco Wireless Controller Configuration Guide, Release 8.0 xii

CHAPTER 17
PART III CHAPTER 18 CHAPTER 19

Information About CC 272 Information About UCAPL 272 Configuring FIPS (CLI) 273 Configuring CC (CLI) 273 Configuring UCAPL (CLI) 274 Cisco TrustSec 274 Guidelines and Restrictions on Cisco TrustSec 276 Configuring Cisco TrustSec 276
Configuring Cisco TrustSec on Controller (GUI) 276 Configuring Cisco TrustSec on Cisco WLC (CLI) 277 SXP 277
SNMP 281 Guidelines and Limitations for SNMP 281 Configuring SNMP (CLI) 281 SNMP Community Strings 284 Changing the SNMP Community String Default Values (GUI) 284 Changing the SNMP Community String Default Values (CLI) 284 Configuring Real Time Statistics (CLI) 285 SNMP Trap Enhancements 286 Configuring SNMP Trap Receiver (GUI) 286
Mobility 289
Overview 291 Information About Mobility 291 Guidelines and Restrictions 294
Auto-Anchor Mobility 297 Information about Auto-Anchor Mobility 297 Restrictions for Auto-Anchor Mobility 298 Configuring Auto-Anchor Mobility (GUI) 299 Configuring Auto-Anchor Mobility (CLI) 300 Dynamic Anchoring for Clients with Static IP 301

Contents

Cisco Wireless Controller Configuration Guide, Release 8.0 xiii

Contents

CHAPTER 20
CHAPTER 21 CHAPTER 22 PART IV CHAPTER 23

How Dynamic Anchoring of Static IP Clients Works 302 Restrictions on Dynamic Anchoring for Clients With Static IP Addresses 302 Configuring Dynamic Anchoring of Static IP Clients (GUI) 303 Configuring Dynamic Anchoring of Static IP Clients (CLI) 303
Mobility Groups 305 Information About Mobility Groups 305 Prerequisites for Configuring Mobility Groups 308 Configuring Mobility Groups (GUI) 309 Configuring Mobility Groups (CLI) 311 Viewing Mobility Group Statistics (GUI) 313 Viewing Mobility Group Statistics (CLI) 314 Information about Encrypted Mobility Tunnel 315 Restrictions for Encrypted Mobility Tunnel 315 Configuring Global Encrypted Mobility Tunnel (GUI) 315 Configuring Global Encrypted Mobility Tunnel (CLI) 316
Configuring New Mobility 317 Information About New Mobility 317 Restrictions for New Mobility 317 Configuring New Mobility (GUI) 318 Configuring New Mobility (CLI) 319
Monitoring and Validating Mobility 321 Mobility Ping Tests 321 Restrictions for Mobility Ping Tests 321 Running Mobility Ping Tests (CLI) 321 WLAN Mobility Security Values 322
Wireless 325
Country Codes 327 Information About Configuring Country Codes 327 Restrictions for Configuring Country Codes 328

Cisco Wireless Controller Configuration Guide, Release 8.0 xiv

CHAPTER 24 CHAPTER 25

Configuring Country Codes (GUI) 328 Configuring Country Codes (CLI) 329
Radio Bands 333 802.11 Bands 333 Configuring the 802.11 Bands (GUI) 333 Configuring the 802.11 Bands (CLI) 334 802.11n Parameters 337 Configuring the 802.11n Parameters (GUI) 337 Configuring the 802.11n Parameters (CLI) 338 802.11ac Parameters 340 Restrictions for 802.11ac Support 341 Configuring the 802.11ac High-Throughput Parameters (GUI) 342 Configuring the 802.11ac High- Throughput Parameters (CLI) 342
Radio Resource Management 345 Information about Radio Resource Management 345 Radio Resource Monitoring 346 Benefits of RRM 346 Information About Configuring RRM 346 Restrictions for Configuring RRM 347 Configuring RRM (CLI) 347 Viewing RRM Settings (CLI) 352 RF Groups 352 Information About RF Groups 352 RF Group Leader 353 RF Group Name 355 Controllers and APs in RF Groups 355 Configuring RF Groups 356 Configuring an RF Group Name (GUI) 356 Configuring an RF Group Name (CLI) 356 Configuring the RF Group Mode (GUI) 357 Configuring the RF Group Mode (CLI) 357 Viewing RF Group Status 358

Contents

Cisco Wireless Controller Configuration Guide, Release 8.0 xv

Contents

Viewing the RF Group Status (GUI) 358 Viewing the RF Group Status (CLI) 359 Rogue Access Point Detection in RF Groups 359 Enabling Rogue Access Point Detection in RF Groups (GUI) 359 Configuring Rogue Access Point Detection in RF Groups (CLI) 360 Off-Channel Scanning Deferral 361 Configuring Off-Channel Scanning Deferral for WLANs 362 Configuring Off-Channel Scanning Deferral for a WLAN (GUI) 362 Configuring Off Channel Scanning Deferral for a WLAN (CLI) 362 RRM NDP and RF Grouping 363 Configuring RRM NDP (CLI) 363 Channels 364 Dynamic Channel Assignment 364 Configuring Dynamic Channel Assignment (GUI) 366 Configuring RRM Profile Thresholds, Monitoring Channels, and Monitor Intervals (GUI) 369 Overriding RRM 371 Statically Assigning Channel and Transmit Power Settings (GUI) 371 Statically Assigning Channel and Transmit Power Settings (CLI) 373 Disabling Dynamic Channel and Power Assignment (CLI) 376 802.11h Parameters 377 Configuring the 802.11h Parameters (GUI) 377 Configuring the 802.11h Parameters (CLI) 377 Transmit Power Control 378 Overriding the TPC Algorithm with Minimum and Maximum Transmit Power Settings 379 Configuring Transmit Power Control (GUI) 379 Coverage Hole Detection and Correction 380 Configuring Coverage Hole Detection (GUI) 381 RF Profiles 382 Prerequisites for Configuring RF Profiles 385 Restrictions on Configuring RF Profiles 385 Configuring an RF Profile (GUI) 386 Configuring an RF Profile (CLI) 387 Applying an RF Profile to AP Groups (GUI) 389 Applying RF Profiles to AP Groups (CLI) 390

Cisco Wireless Controller Configuration Guide, Release 8.0 xvi

Contents

CHAPTER 26

Debug RRM Issues (CLI) 390 CleanAir 391
Role of the Cisco Wireless LAN Controller in a Cisco CleanAir System 391 Interference Types that Cisco CleanAir Can Detect 392 Persistent Devices 393
Persistent Devices Detection 393 Persistent Devices Propagation 393 Detecting Interferers by an Access Point 393 Detecting Persistent Sources of Interference 394 Prerequisites for CleanAir 394 Restrictions for CleanAir 394 Configuring Cisco CleanAir on the Controller 395 Configuring Cisco CleanAir on Cisco WLC (GUI) 395 Configuring Cisco CleanAir on Cisco WLC (CLI) 397 Configuring Cisco CleanAir on an Access Point 401 Configuring Cisco CleanAir on an Access Point (GUI) 401 Configuring Cisco CleanAir on an Access Point (CLI) 402 Monitoring Interference Devices 402 Prerequisites for Monitoring the Interference Devices 402 Monitoring the Interference Device (GUI) 403 Monitoring the Interference Device (CLI) 404 Monitoring Persistent Devices (GUI) 406 Monitoring Persistent Devices (CLI) 407 Monitoring the Air Quality of Radio Bands 407
Wireless Quality of Service 413 Call Admission Control 413 Voice and Video Parameters 413 Configuring Voice Parameters 413 Configuring Voice Parameters (GUI) 413 Configuring Voice Parameters (CLI) 415 Configuring Video Parameters 416 Configuring Video Parameters (GUI) 416 Configuring Video Parameters (CLI) 417

Cisco Wireless Controller Configuration Guide, Release 8.0 xvii

Contents

CHAPTER 27

Viewing Voice and Video Settings 418 Viewing Voice and Video Settings (GUI) 418 Viewing Voice and Video Settings (CLI) 419
Configuring SIP-Based CAC 422 Restrictions for SIP-Based CAC 422 Configuring SIP-Based CAC (GUI) 423 Configuring SIP-Based CAC (CLI) 423
Voice Prioritization Using Preferred Call Numbers 423 Prerequisites for Configuring Voice Prioritization Using Preferred Call Numbers 424 Configuring a Preferred Call Number (GUI) 424 Configuring a Preferred Call Number (CLI) 424
Enhanced Distributed Channel Access Parameters 425 Configuring EDCA Parameters (GUI) 425 Configuring EDCA Parameters (CLI) 426
Key Telephone System-Based CAC 427 Restrictions for Key Telephone System-Based CAC 427 Configuring KTS-based CAC (GUI) 428 Configuring KTS-based CAC (CLI) 428
Application Visibility and Control 429 Restrictions for Application Visibility and Control 431 Configuring Application Visibility and Control (GUI) 431 Configuring Application Visibility and Control (CLI) 432
NetFlow 433 Configuring NetFlow (GUI) 434 Configuring NetFlow (CLI) 434
QoS Profiles 435 Configuring QoS Profiles (GUI) 436 Configuring QoS Profiles (CLI) 438 Assigning a QoS Profile to a WLAN (GUI) 439 Assigning a QoS Profile to a WLAN (CLI) 441
Location Services 443 Optimizing RFID Tracking on Access Points 443 Optimizing RFID Tracking on Access Points (GUI) 443

Cisco Wireless Controller Configuration Guide, Release 8.0 xviii

Contents

CHAPTER 28

Optimizing RFID Tracking on Access Points (CLI) 444 Location Settings 445
Configuring Location Settings (CLI) 445 Viewing Location Settings (CLI) 447 Modifying the NMSP Notification Interval for Clients, RFID Tags, and Rogues (CLI) 448 Viewing NMSP Settings (CLI) 448 Debugging NMSP Issues 449 Probe Request Forwarding 450 Configuring Probe Request Forwarding (CLI) 450 CCX Radio Management 451 Radio Measurement Requests 451 Location Calibration 452 Configuring CCX Radio Management 452
Configuring CCX Radio Management (GUI) 452 Configuring CCX Radio Management (CLI) 453 Viewing CCX Radio Management Information (CLI) 453 Debugging CCX Radio Management Issues (CLI) 454 Mobile Concierge 455 Configuring Mobile Concierge (802.11u) (GUI) 455 Configuring Mobile Concierge (802.11u) (CLI) 456 802.11u MSAP 457 Configuring 802.11u MSAP (GUI) 458 Configuring MSAP (CLI) 458 Configuring 802.11u HotSpot 458 Information About 802.11u HotSpot 458 Configuring 802.11u HotSpot (GUI) 459 Configuring HotSpot 2.0 (CLI) 459 Configuring Access Points for HotSpot2 (GUI) 461 Configuring Access Points for HotSpot2 (CLI) 462 Downloading the Icon File (CLI) 465
Wireless Intrusion Detection System 467 Protected Management Frames (Management Frame Protection) 467 Configuring Infrastructure MFP (GUI) 468

Cisco Wireless Controller Configuration Guide, Release 8.0 xix

Contents

CHAPTER 29

Viewing the Management Frame Protection Settings (GUI) 469 Configuring Infrastructure MFP (CLI) 469 Viewing the Management Frame Protection Settings (CLI) 470 Debugging Management Frame Protection Issues (CLI) 470 Rogue Management 470 Configuring Rogue Detection (GUI) 471 Configuring Rogue Detection (CLI) 474 Rogue Access Point Classification 477 Guidelines and Restrictions for Classifying Rogue Access Points 479 Configuring Rogue Classification Rules (GUI) 480 Viewing and Classifying Rogue Devices (GUI) 484 Configuring Rogue Classification Rules (CLI) 487 Viewing and Classifying Rogue Devices (CLI) 489 Intrusion Detection System Signatures 492 Uploading or Downloading IDS Signatures 494 Configuring IDS Signatures (GUI) 495 Viewing IDS Signature Events (GUI) 497 Configuring IDS Signatures (CLI) 498 Viewing IDS Signature Events (CLI) 499 Cisco Intrusion Detection System 500 Shunned Clients 500 Configuring IDS Sensors (GUI) 500 Viewing Shunned Clients (GUI) 501 Configuring IDS Sensors (CLI) 502 Viewing Shunned Clients (CLI) 503 Wireless Intrusion Prevention System 504 Restrictions for wIPS 509 Configuring wIPS on an Access Point (GUI) 510 Configuring wIPS on an Access Point (CLI) 510 Viewing wIPS Information (CLI) 511 Cisco Adaptive wIPS Alarms 512
Advanced Wireless Tuning 513 Aggressive Load Balancing 513

Cisco Wireless Controller Configuration Guide, Release 8.0 xx

CHAPTER 30
PART V CHAPTER 31

Configuring Aggressive Load Balancing (GUI) 514 Configuring Aggressive Load Balancing (CLI) 514 Reanchoring of Roaming Voice Clients 515 Restrictions for Configuring Reanchoring of Roaming Voice Clients 515 Configuring Reanchoring of Roaming Voice Clients (GUI) 516 Configuring Reanchoring of Roaming Voice Clients (CLI) 516 SpectraLink NetLink Telephones 517 Enabling Long Preambles (GUI) 517 Enabling Long Preambles (CLI) 518 Receiver Start of Packet Detection Threshold 518 Guidelines and Restrictions for RxSOP 519 Configuring Rx SOP (GUI) 519 Configuring RxSOP (CLI) 520
Timers 521 Information about Wireless Timers 521 Configuring Wireless Timers (GUI) 521 Configuring Wireless Timers (CLI) 521
Access Points 523
AP Power and Uplink LAN Connections 525 Power over Ethernet 525 Configuring Power over Ethernet (GUI) 525 Configuring Power over Ethernet (CLI) 526 Cisco Discovery Protocol 528 Restrictions for Cisco Discovery Protocol 528 Configuring the Cisco Discovery Protocol 530 Configuring the Cisco Discovery Protocol (GUI) 530 Configuring the Cisco Discovery Protocol (CLI) 531 Viewing Cisco Discovery Protocol Information 532 Viewing Cisco Discovery Protocol Information (GUI) 532 Viewing Cisco Discovery Protocol Information (CLI) 534 Getting CDP Debug Information 535

Contents

Cisco Wireless Controller Configuration Guide, Release 8.0 xxi

Contents

CHAPTER 32

Cisco 700 Series Access Points 535 Configuring Cisco 700 Series Access Points 536 Enabling the LAN Ports (CLI) 536
AP Connectivity to Controller 537 CAPWAP 537 Restrictions for Access Point Communication Protocols 538 Viewing CAPWAP Maximum Transmission Unit Information 538 Debugging CAPWAP 539 Link Latency 539 Restrictions for Link Latency 540 Configuring Link Latency (GUI) 540 Configuring Link Latency (CLI) 541 Preferred Mode 542 Guidelines for Configuring Preferred Mode 542 Configuring CAPWAP Preferred Mode (GUI) 542 Configuring CAPWAP Preferred Mode (CLI) 543 IPv6 CAPWAP UDP Lite 544 Configuring UDP Lite Globally (GUI) 544 Configuring UDP Lite on AP (GUI) 545 Configuring the UDP Lite (CLI) 545 Data Encryption 546 Restrictions on Data Encryption 547 Upgrading or Downgrading DTLS Images for Cisco 5508 WLC 548 Guidelines When Upgrading to or from a DTLS Image 548 Configuring Data Encryption (GUI) 549 Configuring Data Encryption (CLI) 549 VLAN Tagging for CAPWAP Frames from Access Points 550 Configuring VLAN Tagging for CAPWAP Frames from Access Points (GUI) 550 Configuring VLAN Tagging for CAPWAP Frames from Access Points (CLI) 551 Discovering and Joining Controllers 551 Controller Discovery Process 551 Guidelines and Restrictions on Controller Discovery Process 553 Using DHCP Option 43 and DHCP Option 60 553

Cisco Wireless Controller Configuration Guide, Release 8.0 xxii

Contents
Backup Controllers 554 Restrictions for Configuring Backup Controllers 554 Configuring Backup Controllers (GUI) 554 Configuring Backup Controllers (CLI) 556
Failover Priority for Access Points 558 Configuring Failover Priority for Access Points (GUI) 559 Configuring Failover Priority for Access Points (CLI) 560 Viewing Failover Priority Settings (CLI) 560
AP Retransmission Interval and Retry Count 561 Restrictions for Access Point Retransmission Interval and Retry Count 561 Configuring the AP Retransmission Interval and Retry Count (GUI) 561 Configuring the Access Point Retransmission Interval and Retry Count (CLI) 562
Authorizing Access Points 562 Authorizing Access Points Using SSCs 563 Authorizing Access Points for Virtual Controllers Using SSC 563 Authorizing Access Points Using MICs 564 Authorizing Access Points Using LSCs 564 Configuring Locally Significant Certificates (GUI) 565 Configuring Locally Significant Certificates (CLI) 566 Authorizing Access Points (GUI) 568 Authorizing Access Points (CLI) 569
AP Wired 802.1X Supplicant 569 Prerequisites for Configuring Wired 802.1X Authentication for Access Points 570 Restrictions for Authenticating Access Points 571 Configuring Authentication for Access Points (GUI) 571 Configuring Authentication for Access Points (CLI) 572 Configuring the Switch for Authentication 573
Configuring a Static IP Address on a Lightweight Access Point 574 Configuring a Static IP Address (GUI) 574 Configuring a Static IP Address (CLI) 575
Troubleshooting the Access Point Join Process 576 Configuring the Syslog Server for Access Points (CLI) 578 Viewing Access Point Join Information 579 Viewing Access Point Join Information (GUI) 579
Cisco Wireless Controller Configuration Guide, Release 8.0 xxiii

Contents

CHAPTER 33 CHAPTER 34

Viewing Access Point Join Information (CLI) 580
Managing APs 583 Access Point Modes 583 Global Credentials for Access Points 584 Restrictions for Global Credentials for Access Points 585 Configuring Global Credentials for Access Points 585 Configuring Global Credentials for Access Points (GUI) 585 Configuring Global Credentials for Access Points (CLI) 586 Configuring Telnet and SSH for Access Points 587 Configuring Telnet and SSH for APs (GUI) 587 Configuring Telnet and SSH for APs (CLI) 588 Embedded Access Points 588 Spectrum Expert Connection 589 Guidelines and Limitations for Spectrum Expert Connection 590 Configuring Spectrum Expert (GUI) 590 Cisco Universal Small Cell 8×18 Dual-Mode Module 592 Configuring Cisco Universal Small Cell 8×18 Dual-Mode Module 593 Configuring USC8x18 Dual-Mode Module in Different Scenarios 593 LED States for Access Points 595 Configuring the LED State for Access Points in a Network Globally (GUI) 596 Configuring the LED State for Access Point in a Network Globally (CLI) 596 Configuring LED State on a Specific Access Point (GUI) 596 Configuring LED State on a Specific Access Point (CLI) 596 Configuring Flashing LEDs 597 Information About Configuring Flashing LEDs 597 Configuring Flashing LEDs (CLI) 597 Configuring LED Flash State on a Specific Access Point (GUI) 597 Access Points with Dual- Band Radios 598 Configuring Access Points with Dual-Band Radios (GUI) 598 Configuring Access Points with Dual-Band Radios (CLI) 598
AP Groups 599 Access Point Groups 599

Cisco Wireless Controller Configuration Guide, Release 8.0 xxiv

Contents

PART VI CHAPTER 35

Restrictions for Configuring Access Point Groups 600 Configuring Access Point Groups 600 Creating Access Point Groups (GUI) 601 Creating Access Point Groups (CLI) 603 Viewing Access Point Groups (CLI) 604 802.1Q-in-Q VLAN Tagging 604 Restrictions for 802.1Q-in-Q VLAN Tagging 605 Configuring 802.1Q-in-Q VLAN Tagging (GUI) 605 Configuring 802.1Q-in-Q VLAN Tagging (CLI) 606
Mesh Access Points 607
Connecting Mesh Access Points to the Network 609 Overview 609 Adding Mesh Access Points to the Mesh Network 610 Adding MAC Addresses of Mesh Access Points to MAC Filter 611 Adding the MAC Address of the Mesh Access Point to the Controller Filter List (CLI) 611 Defining Mesh Access Point Role 612 Configuring the AP Role (CLI) 612 Configuring Multiple Controllers Using DHCP 43 and DHCP 60 612 Configuring External Authentication and Authorization Using a RADIUS Server 613 Configuring RADIUS Servers 614 Enable External Authentication of Mesh Access Points (CLI) 614 View Security Statistics (CLI) 615 Mesh PSK Key Provisioning 615 CLI Commands for PSK Provisioning 616 Configuring Global Mesh Parameters 617 Configuring Global Mesh Parameters (CLI) 617 Viewing Global Mesh Parameter Settings (CLI) 618 Backhaul Client Access 619 Configuring Backhaul Client Access (GUI) 620 Configuring Backhaul Client Access (CLI) 620 Configuring Local Mesh Parameters 620 Configuring Wireless Backhaul Data Rate 621

Cisco Wireless Controller Configuration Guide, Release 8.0 xxv

Contents

Configuring Ethernet Bridging 623 Configuring Native VLAN (CLI) 624 Configuring Bridge Group Names 625 Configuring Bridge Group Names (CLI) 625 Configuring Antenna Gain 625 Configuring Antenna Gain (CLI) 626 Configuring Advanced Features 626 Configuring Ethernet VLAN Tagging 626
Ethernet Port Notes 627 VLAN Registration 628 Configuring Ethernet VLAN Tagging (CLI) 630 Viewing Ethernet VLAN Tagging Configuration Details (CLI) 631 Workgroup Bridge Interoperability with Mesh Infrastructure 631 Configuring Workgroup Bridges 633 Guidelines for Configuration 636 Configuration Example 636 WGB Association Check 638 Link Test Result 639 WGB Wired/Wireless Client 640 Client Roaming 641 WGB Roaming Guidelines 642 Configuration Example 642 Troubleshooting Tips 643 Configuring Voice Parameters in Indoor Mesh Networks 643 Call Admission Control 643 Quality of Service and Differentiated Services Code Point Marking 644 Guidelines For Using Voice on the Mesh Network 649 Voice Call Support in a Mesh Network 650 Enabling Mesh Multicast Containment for Video 651 Viewing the Voice Details for Mesh Networks (CLI) 651 Enabling Multicast on the Mesh Network (CLI) 655 IGMP Snooping 655 Locally Significant Certificates for Mesh APs 656 Guidelines for Configuration 657

Cisco Wireless Controller Configuration Guide, Release 8.0 xxvi

Contents

CHAPTER 36

Differences Between LSCs for Mesh APs and Normal APs 657 Certificate Verification Process in LSC AP 657 Getting Certificates for LSC Feature 658 Configuring a Locally Significant Certificate (CLI) 659 LSC only MAP Authentication using wild card MAC 660 LSC-Related Commands 661 Controller GUI Security Settings 663 Deployment Guidelines 664 Configuring Antenna Band Mode 664 Information About Configuring Antenna Band Modes 664 Configuring Antenna Band Mode (CLI) 664 Configuring Daisy Chaining on Cisco Aironet 1530 Series Access Points 665 Information About Daisy Chaining the Cisco Aironet 1530 Series Access Points 665 Configuring Daisy Chaining (CLI) 669 Configuring a Daisy-Chain 670 Configuring Mesh Convergence 672 Information About Mesh Convergence 672 Restrictions on Mesh Convergence 672 Configuring Mesh Convergence (CLI) 673 Switching Between LWAPP and Autonomous Images (AP CLI) 673
Checking the Health of the Network 675 Show Mesh Commands 675 Viewing General Mesh Network Details 675 Viewing Mesh Access Point Details 677 Viewing Global Mesh Parameter Settings 678 Viewing Bridge Group Settings 679 Viewing VLAN Tagging Settings 679 Viewing DFS Details 679 Viewing Security Settings and Statistics 680 Viewing GPS Status 680 Viewing Mesh Statistics for a Mesh Access Point 681 Viewing Mesh Statistics for a Mesh Access Point (GUI) 681 Viewing Mesh Statistics for a Mesh Access Point (CLI) 684

Cisco Wireless Controller Configuration Guide, Release 8.0

xxvii

Contents

CHAPTER 37
PART VII CHAPTER 38

Viewing Neighbor Statistics for a Mesh Access Point 685 Viewing Neighbor Statistics for a Mesh Access Point (GUI) 685 Viewing the Neighbor Statistics for a Mesh Access Point (CLI) 686
Troubleshooting Mesh Access Points 689 Installation and Connections 689 Debug Commands 690 Remote Debug Commands 690 AP Console Access 691 Cable Modem Serial Port Access from an AP 691 Configuration 692 Mesh Access Point CLI Commands 694 Mesh Access Point Debug Commands 697 Defining Mesh Access Point Roles 697 Backhaul Algorithm 697 Passive Beaconing (Anti-Stranding) 698 Dynamic Frequency Selection 699 DFS in RAP 700 DFS in MAP 700 Preparation in a DFS Environment 701 Monitoring DFS 703 Frequency Planning 703 Good Signal-to- Noise Ratios 704 Access Point Placement 704 Bridge Group Name Misconfiguration 704 Misconfiguration of the Mesh Access Point IP Address 705 Misconfiguration of DHCP 706 Identifying the Node Exclusion Algorithm 706 Throughput Analysis 708
Client Network 711
Client Traffic Forwarding Configurations 713 802.3 Bridging 713

xxviii

Cisco Wireless Controller Configuration Guide, Release 8.0

CHAPTER 39

Restrictions on 802.3 Bridging 713 Configuring 802.3 Bridging (GUI) 713 Configuring 802.3 Bridging (CLI) 714 Enabling 802.3X Flow Control 714 Bridging Link Local Traffic 714 Configuring Bridging of Link Local Traffic (GUI) 714 Configuring Bridging of Link Local Traffic (CLI) 715 IP-MAC Address Binding 715 Configuring IP-MAC Address Binding (CLI) 715 TCP Adjust MSS 716 Configuring TCP Adjust MSS (GUI) 717 Configuring TCP Adjust MSS (CLI) 717 Passive Clients 718 Restrictions for Passive Clients 718 Configuring Passive Clients (GUI) 719 Configuring Passive Clients (CLI) 719 Enabling the Multicast-Multicast Mode (GUI) 720 Enabling the Global Multicast Mode on Controllers (GUI) 721 Enabling the Passive Client Feature on the Controller (GUI) 721
Quality of Service 723 Quality of Service 723 QoS Profiles 724 Configuring QoS Profiles (GUI) 725 Configuring QoS Profiles (CLI) 727 Assigning a QoS Profile to a WLAN (GUI) 728 Assigning a QoS Profile to a WLAN (CLI) 729 Quality of Service Roles 730 Configuring QoS Roles (GUI) 731 Configuring QoS Roles (CLI) 732 SIP (Media Session) Snooping, CAC, and Reporting 733 Restrictions for SIP (Media Session) Snooping, CAC, and Reporting 733 Configuring Media Session Snooping (GUI) 734 Configuring Media Session Snooping (CLI) 734

Contents

Cisco Wireless Controller Configuration Guide, Release 8.0 xxix

Contents

CHAPTER 40

Voice and Video Parameters 738 Call Admission Control 738 Static CAC 738 Load- Based CAC 739 Expedited Bandwidth Requests 739 U-APSD 740 Traffic Stream Metrics 740 Configuring Voice Parameters 741 Configuring Voice Parameters (GUI) 741 Configuring Voice Parameters (CLI) 742 Configuring Video Parameters 744 Configuring Video Parameters (GUI) 744 Configuring Video Parameters (CLI) 744 Viewing Voice and Video Settings 746 Viewing Voice and Video Settings (GUI) 746 Viewing Voice and Video Settings (CLI) 746
SIP-based CAC 750 Restrictions for SIP-Based CAC 750 Configuring SIP-Based CAC (GUI) 750 Configuring SIP-Based CAC (CLI) 751
Enhanced Distributed Channel Access Parameters 751 Configuring EDCA Parameters (GUI) 751 Configuring EDCA Parameters (CLI) 752
WLANs 755 Information About WLANs 755 Prerequisites for WLANs 755 Restrictions for WLANs 756 Creating and Removing WLANs (GUI) 757 Enabling and Disabling WLANs (GUI) 758 Editing WLAN SSID or Profile Name for WLANs (GUI) 758 Creating and Deleting WLANs (CLI) 759 Enabling and Disabling WLANs (CLI) 759 Editing WLAN SSID or Profile Name for WLANs (CLI) 760

Cisco Wireless Controller Configuration Guide, Release 8.0 xxx

Contents

CHAPTER 41

Viewing WLANs (CLI) 760 Searching WLANs (GUI) 760 Assigning WLANs to Interfaces 761
Per-WLAN Wireless Settings 763 DTIM Period 763 Configuring the DTIM Period (GUI) 764 Configuring the DTIM Period (CLI) 764 Cisco Client Extensions 765 Prerequisites for Configuring Cisco Client Extensions 765 Guidelines and Restrictions for Configuring Cisco Client Extensions 765 Configuring CCX Aironet IEs (GUI) 765 Viewing a Client’s CCX Version (GUI) 766 Configuring CCX Aironet IEs (CLI) 766 Viewing a Client’s CCX Version (CLI) 766 Client Profiling 766 Prerequisites for Configuring Client Profiling 767 Restrictions for Configuring Client Profiling 768 Configuring Client Profiling (GUI) 768 Configuring Client Profiling (CLI) 769 Configuring Custom HTTP Port for Profiling (GUI) 769 Configuring Custom HTTP Port for Profiling (CLI) 769 Client Count per WLAN 770 Restrictions for Setting Client Count for WLANs 770 Configuring the Client Count per WLAN (GUI) 770 Configuring the Maximum Number of Clients per WLAN (CLI) 771 Configuring the Maximum Number of Clients for each AP Radio per WLAN (GUI) 771 Configuring the Maximum Number of Clients for each AP Radio per WLAN (CLI) 772 Limit Clients per WLAN per AP Radio 772 Limit Clients per WLAN per AP Radio (GUI) 772 Limit Clients per WLAN per AP Radio (CLI) 773 Disabling Coverage Hole Detection per WLAN 773 Disabling Coverage Hole Detection on a WLAN (GUI) 774 Disabling Coverage Hole Detection on a WLAN (CLI) 774

Cisco Wireless Controller Configuration Guide, Release 8.0 xxxi

Contents

CHAPTER 42 CHAPTER 43
CHAPTER 44

WLAN Interfaces 775 Multicast VLAN 775 Configuring a Multicast VLAN (GUI) 776 Configuring a Multicast VLAN (CLI) 776
WLAN Timeouts 777 Client Exclusion Timeout 777 Configuring Client Exclusion Timeout (CLI) 777 Session Timeouts 777 Configuring a Session Timeout (GUI) 778 Configuring a Session Timeout (CLI) 778 User Idle Timeout 779 Configuring User Idle Timeout (GUI) 779 Configuring User Idle Timeout (CLI) 779 User Idle Timeout per WLAN 780 Configuring Per-WLAN User Idle Timeout (GUI) 780 Configuring Per-WLAN User Idle Timeout (CLI) 780 Address Resolution Protocol Timeout 781 Configuring ARP Timeout (GUI) 781 Configuring ARP Timeout (CLI) 781
WLAN Security 783 Layer 2 Security 783 Prerequisites for Layer 2 Security 783 MAC Filtering of WLANs 784 Restrictions for MAC Filtering 784 Enabling MAC Filtering 784 Local MAC Filters 785 Prerequisites for Configuring Local MAC Filters 785 Configuring Local MAC Filters (CLI) 785 Protected Management Frames (802.11w) 786 Restrictions for Protected Management Frames (802.11w) 786 Configuring Protected Management Frames (802.11w) (GUI) 787

xxxii

Cisco Wireless Controller Configuration Guide, Release 8.0

Contents
Configuring Protected Management Frames (802.11w) 802.11w (CLI) 788 Fast Secure Roaming 788
802.11r Fast Transition 788 802.11i Sticky Key Caching 793 Cisco Centralized Key Management (CCKM) 795 Wi-Fi Protected Areas (WPA) 795 WPA1 and WPA2 795 Wireless Encryption Protocol (WEP) 799 WLAN for Static WEP 799 Configuring Dynamic WEP (CLI) 800 MAC Authentication Failover to 802.1X Authentication 801 Layer 3 Security 801 Information About Web Authentication 802 Prerequisites for Configuring Web Authentication on a WLAN 802 Restrictions for Configuring Web Authentication on a WLAN 803 Default Web Authentication Login Page 803 Using a Customized Web Authentication Login Page from an External Web Server 807 Downloading a Customized Web Authentication Login Page 811 Assigning Login, Login Failure, and Logout Pages per WLAN 814 Captive Network Assistant Bypass 817 Configuring Captive Bypassing (CLI) 817 Fallback Policy with MAC Filtering and Web Authentication 817 Configuring a Fallback Policy with MAC Filtering and Web Authentication (GUI) 818 Configuring a Fallback Policy with MAC Filtering and Web Authentication (CLI) 818 Central Web Authentication 819 Authentication of Sleeping Clients 820 Restrictions for Authenticating Sleeping Clients 821 Configuring Authentication for Sleeping Clients (GUI) 822 Configuring Authentication for Sleeping Clients (CLI) 822 Web Redirect with 802.1X Authentication 823 Conditional Web Redirect 823 Splash Page Web Redirect 823 Configuring the RADIUS Server (GUI) 824 Configuring Web Redirect 824

Cisco Wireless Controller Configuration Guide, Release 8.0

xxxiii

Contents

Web Authentication Proxy 825 Configuring the Web Authentication Proxy (GUI) 827 Configuring the Web Authentication Proxy (CLI) 827
Supporting IPv6 Client Guest Access 828 EAP and AAA Servers 828
802.1X and Extensible Authentication Protocol 828 LDAP 830
Configuring LDAP (GUI) 830 Configuring LDAP (CLI) 832 Local EAP 834 Restrictions for Local EAP 835 Configuring Local EAP (GUI) 835 Configuring Local EAP (CLI) 839 Local Network Users on Controller 844 Uploading PACs for EAP-FAST 846 Uploading PACs (GUI) 847 Uploading PACs (CLI) 847 Advanced WLAN Security 848 AAA Override 848 Restrictions for AAA Override 848 Updating the RADIUS Server Dictionary File for Proper QoS Values 849 Configuring AAA Override (GUI) 850 Configuring AAA Override (CLI) 851 ISE NAC Support 851 Device Registration 851 Central Web Authentication 851 Local Web Authentication 853 Guidelines and Restrictions on ISE NAC Support 853 Configuring ISE NAC Support (GUI) 854 Configuring ISE NAC Support (CLI) 855 Client Exclusion Policies 855 Configuring Client Exclusion Policies (GUI) 855 Configuring Client Exclusion Policies (CLI) 856 Configuring Client Exclusion Policies for a WLAN (GUI) 857

xxxiv

Cisco Wireless Controller Configuration Guide, Release 8.0

Contents

CHAPTER 45

Configuring Client Exclusion Policies for a WLAN (CLI) 858 Wi-Fi Direct Client Policy 858
Restrictions for the Wi-Fi Direct Client Policy 858 Configuring the Wi-Fi Direct Client Policy (GUI) 858 Configuring the Wi-Fi Direct Client Policy (CLI) 859 Monitoring and Troubleshooting the Wi-Fi Direct Client Policy (CLI) 859 Peer-to-Peer Blocking 860 Restrictions on Peer-to-Peer Blocking 860 Configuring Peer-to-Peer Blocking (GUI) 860 Configuring Peer-to-Peer Blocking (CLI) 861 Local Policies 861 Guidelines and Restrictions for Local Policy Classification 863 Local Policy–Best Practices 864 Configuring Local Policies (GUI) 864 Configuring Local Policies (CLI) 866 Updating Organizationally Unique Identifier List 867 Updating Device Profile List 868 Wired Guest Access 869 Prerequisites for Configuring Wired Guest Access 870 Restrictions for Configuring Wired Guest Access 870 Configuring Wired Guest Access (GUI) 870 Configuring Wired Guest Access (CLI) 872
Client Roaming 877 Fast SSID Changing 877 Configuring Fast SSID Changing (GUI) 877 Configuring Fast SSID Changing (CLI) 878 802.11k Neighbor List and Assisted Roaming 878 Restrictions for Assisted Roaming 878 Configuring Assisted Roaming (GUI) 879 Configuring Assisted Roaming (CLI) 879 802.11v 880 Prerequisites for Configuring 802.11v 882 Configuring 802.11v Network Assisted Power Savings (CLI) 882

Cisco Wireless Controller Configuration Guide, Release 8.0 xxxv

Contents

CHAPTER 46

Monitoring 802.11v Network Assisted Power Savings (CLI) 882 Configuration Examples for 802.11v Network Assisted Power Savings 882 Optimized Roaming 883 Restrictions for Optimized Roaming 883 Configuring Optimized Roaming (GUI) 884 Configuring Optimized Roaming (CLI) 885 Band Select 885
Band Select Algorithm 886 Restrictions for Band Selection 886 Configuring Band Selection (GUI) 887 Configuring Band Selection (CLI) 888
DHCP 891 Information About Dynamic Host Configuration Protocol 891 Internal DHCP Servers 891 External DHCP Servers 892 DHCP Assignments 892 DHCP Proxy Mode versus DHCP Bridging Mode 893 DHCP Proxy Mode 894 Restrictions on Using DHCP Proxy 894 Configuring DHCP Proxy (GUI) 895 Configuring DHCP Proxy (CLI) 896 Configuring a DHCP Timeout (GUI) 896 Configuring a DHCP Timeout (CLI) 897 DHCP Option 82 897 Restrictions on DHCP Option 82 898 Configuring DHCP Option 82 (GUI) 898 Configuring DHCP Option 82 (CLI) 898 Configuring DHCP Option 82 Insertion in Bridge Mode (CLI) 899 DHCP Option 82 Link Select and VPN Select Suboptions 900 DHCP Link Select 900 DHCP VPN Select 900 Mobility Considerations 900 Prerequisites for DHCP Option 82 Link Select and VPN Select 901

xxxvi

Cisco Wireless Controller Configuration Guide, Release 8.0

CHAPTER 47 CHAPTER 48
CHAPTER 49

Configuring DHCP Option 82 Link Select and VPN Select (GUI) 901 Configuring DHCP Option 82 Link Select and VPN Select (CLI) 902 Internal DHCP Server 903 Restrictions for Configuring Internal DHCP Server 904 Configuring DHCP Scopes (GUI) 904 Configuring DHCP Scopes (CLI) 905 Configuring DHCP Per WLAN (GUI) 906 Configuring DHCP Per WLAN (CLI) 907 Debugging DHCP (CLI) 908
Client Data Tunneling 909 Proxy Mobile IPv6 909 Restrictions on Proxy Mobile IPv6 911 Configuring Proxy Mobile IPv6 (GUI) 912 Configuring Proxy Mobile IPv6 (CLI) 914
AP Groups 917 Access Point Groups 917 Restrictions for Configuring Access Point Groups 918 Configuring Access Point Groups 918 Creating Access Point Groups (GUI) 919 Creating Access Point Groups (CLI) 921 Viewing Access Point Groups (CLI) 922 802.1Q-in-Q VLAN Tagging 922 Restrictions for 802.1Q-in-Q VLAN Tagging 923 Configuring 802.1Q-in-Q VLAN Tagging (GUI) 923 Configuring 802.1Q-in-Q VLAN Tagging (CLI) 924
Workgroup Bridges 925 Cisco Workgroup Bridges 925 Guidelines and Restrictions for Cisco Workgroup Bridges 926 Viewing the Status of Workgroup Bridges (GUI) 927 Viewing the Status of Workgroup Bridges (CLI) 928 Debugging WGB Issues (CLI) 928

Contents

Cisco Wireless Controller Configuration Guide, Release 8.0

xxxvii

Contents

PART VIII CHAPTER 50

Non-Cisco Workgroup Bridges 929 Restrictions for Non-Cisco Workgroup Bridges 930
FlexConnect 931
FlexConnect 933 FlexConnect Overview 933 FlexConnect Authentication Process 935 FlexConnect Switching Modes 938 FlexConnect Operation Modes 938 FlexConnect VLANs and ACLs 939 Central DHCP Server for FlexConnect 939 Guidelines and Restrictions on FlexConnect 939 Configuring FlexConnect 941 Configuring the Switch at a Remote Site 941 Configuring the Controller for FlexConnect 942 Configuring the Controller for FlexConnect for a Centrally Switched WLAN Used for Guest Access 943 Configuring the Controller for FlexConnect (GUI) 943 Configuring the Controller for FlexConnect (CLI) 946 Configuring an Access Point for FlexConnect 947 Configuring an Access Point for FlexConnect (GUI) 947 Configuring an Access Point for FlexConnect (CLI) 950 Configuring an Access Point for Local Authentication on a WLAN (GUI) 952 Configuring an Access Point for Local Authentication on a WLAN (CLI) 952 Configuring FlexConnect Ethernet Fallback 953 Information About FlexConnect Ethernet Fallback 953 Restrictions for FlexConnect Ethernet Fallback 953 Configuring FlexConnect Ethernet Fallback (GUI) 953 Configuring FlexConnect Ethernet Fallback (CLI) 954 VideoStream for FlexConnect 954 Information About VideoStream for FlexConnect 954 Configuring VideoStream for FlexConnect (GUI) 955 Configuring VideoStream for FlexConnect (CLI) 956

xxxviii

Cisco Wireless Controller Configuration Guide, Release 8.0

Contents

CHAPTER 51

FlexConnect+Bridge Mode 957 Information about Flex+Bridge Mode 957 Configuring Flex+Bridge Mode (GUI) 959 Configuring Flex+Bridge Mode (CLI) 960
FlexConnect Groups 961 Information About FlexConnect Groups 961 IP-MAC Context Distribution for FlexConnect Local Switching Clients 962 Guidelines and Restrictions for IP-MAC Context Distribution for FlexConnect Local Switching Clients 962 Configuring IP-MAC Context Distribution For FlexConnect Local Switching Clients (GUI) 963 Configuring IP-MAC Context Distribution For FlexConnect Local Switching Clients (CLI) 963 FlexConnect Groups and Backup RADIUS Servers 963 FlexConnect Groups and Fast Secure Roaming 963 FlexConnect Groups and Local Authentication Server 964 Configuring FlexConnect Groups (GUI) 965 Configuring FlexConnect Groups (CLI) 968 VLAN-ACL Mapping 971 Configuring VLAN-ACL Mapping on FlexConnect Groups (GUI) 971 Configuring VLAN- ACL Mapping on FlexConnect Groups (CLI) 971 Viewing VLAN-ACL Mappings (CLI) 972 WLAN-VLAN Mapping 972 Configuring WLAN-VLAN Mapping on FlexConnect Groups (GUI) 972 Configuring WLAN-VLAN Mapping on FlexConnect Groups (CLI) 973 OfficeExtend Access Points 973 OEAP 600 Series Access Points 974 Supported WLAN Settings for 600 Series OfficeExtend Access Point 975 WLAN Security Settings for the 600 Series OfficeExtend Access Point 975 Authentication Settings 979 Supported User Count on 600 Series OfficeExtend Access Point 979 Remote LAN Settings 979 Channel Management and Settings 980 Firewall Settings 981 Additional Caveats 982

Cisco Wireless Controller Configuration Guide, Release 8.0

xxxix

Contents

CHAPTER 52

Implementing Security 982 Configuring OfficeExtend Access Points 983
Configuring OfficeExtend Access Points (GUI) 983 Configuring OfficeExtend Access Points (CLI) 985 Configuring a Personal SSID on an OfficeExtend Access Point Other than 600 Series OEAP 988 Viewing OfficeExtend Access Point Statistics 989 Viewing Voice Metrics on OfficeExtend Access Points 989 Network Diagnostics 990 Running Network Diagnostics (GUI) 990 Running Network Diagnostics (CLI) 991 Remote LANs 991 Configuring a Remote LAN (GUI) 991 Configuring a Remote LAN (CLI) 992 FlexConnect AP Image Upgrades 993 Restrictions on FlexConnect AP Image Upgrades 993 Configuring FlexConnect AP Upgrades (GUI) 994 Configuring FlexConnect AP Upgrades (CLI) 994 WeChat Client Authentication 995 Restrictions on WeChat Client Authentication 995 Configuring WeChat Client Authentication on WLC (GUI) 995 Configuring WeChat Client Authentication on WLC (CLI) 996 Authenticating Client Using WeChat App for Mobile Internet Access (GUI) 997 Authenticating Client Using WeChat App for PC Internet Access (GUI) 998
FlexConnect Security 999 FlexConnect Access Control Lists 999 Restrictions for FlexConnect Access Control Lists 999 Configuring FlexConnect Access Control Lists (GUI) 1001 Configuring FlexConnect Access Control Lists (CLI) 1003 Viewing and Debugging FlexConnect Access Control Lists (CLI) 1004 Authentication, Authorization, Accounting Overrides 1004 Restrictions on AAA Overrides for FlexConnect 1006 Configuring AAA Overrides for FlexConnect on an Access Point (GUI) 1007 Configuring VLAN Overrides for FlexConnect on an Access Point (CLI) 1008

Cisco Wireless Controller Configuration Guide, Release 8.0 xl

Contents

CHAPTER 53
CHAPTER 54 PART IX

OfficeExtend Access Points 1009 OfficeExtend Access Points 1009 OEAP 600 Series Access Points 1010 Supported WLAN Settings for 600 Series OfficeExtend Access Point 1011 WLAN Security Settings for the 600 Series OfficeExtend Access Point 1011 Authentication Settings 1015 Supported User Count on 600 Series OfficeExtend Access Point 1015 Remote LAN Settings 1015 Channel Management and Settings 1016 Firewall Settings 1017 Additional Caveats 1018 Implementing Security 1019 Configuring OfficeExtend Access Points 1019 Configuring OfficeExtend Access Points (GUI) 1019 Configuring OfficeExtend Access Points (CLI) 1021 Configuring a Personal SSID on an OfficeExtend Access Point Other than 600 Series OEAP 1024 Viewing OfficeExtend Access Point Statistics 1025 Viewing Voice Metrics on OfficeExtend Access Points 1025 Network Diagnostics 1026 Running Network Diagnostics (GUI) 1027 Running Network Diagnostics (CLI) 1027 Remote LANs 1027 Configuring a Remote LAN (GUI) 1028 Configuring a Remote LAN (CLI) 1029
FlexConnect AP Image Upgrades 1031 FlexConnect AP Image Upgrades 1031 Restrictions on FlexConnect AP Image Upgrades 1031 Configuring FlexConnect AP Upgrades (GUI) 1032 Configuring FlexConnect AP Upgrades (CLI) 1033
Monitoring the Network 1035

Cisco Wireless Controller Configuration Guide, Release 8.0 xli

Contents

CHAPTER 55 CHAPTER 56
PART X CHAPTER 57
CHAPTER 58

Monitoring the Controller 1037 Viewing System Resources 1037 Viewing System Resources (GUI) 1037 Viewing System Resources (CLI) 1038
System and Message Logging 1041 System and Message Logging 1041 Configuring System and Message Logging (GUI) 1041 Viewing Message Logs (GUI) 1044 Configuring System and Message Logging (CLI) 1044 Viewing System and Message Logs (CLI) 1049 Viewing Access Point Event Logs 1049 Information About Access Point Event Logs 1049 Viewing Access Point Event Logs (CLI) 1049
Troubleshooting 1051
Debugging on Cisco Wireless Controllers 1053 Understanding Debug Client on Wireless Controllers 1053 Deauthenticating Clients 1053 Deauthenticating Clients (GUI) 1053 Deauthenticating Clients (CLI) 1054 Using the CLI to Troubleshoot Problems 1054 Potential Reasons for Controller Reset 1055
Controller Unresponsiveness 1059 Upload Logs and Crash Files 1059 Uploading Logs and Crash Files (GUI) 1059 Uploading Logs and Crash Files (CLI) 1060 Uploading Core Dumps from the Controller 1061 Configuring the Controller to Automatically Upload Core Dumps to an FTP Server (GUI) 1061 Configuring the Controller to Automatically Upload Core Dumps to an FTP Server (CLI) 1062 Uploading Core Dumps from Controller to a Server (CLI) 1063

Cisco Wireless Controller Configuration Guide, Release 8.0 xlii

Contents

CHAPTER 59

Uploading Crash Packet Capture Files 1064 Restrictions for Uploading Crash Packet Capture Files 1065 Uploading Crash Packet Capture Files (GUI) 1066 Uploading Crash Packet Capture Files (CLI) 1066
Monitoring Memory Leaks 1067 Monitoring Memory Leaks (CLI) 1067 Troubleshooting Memory Leaks 1068
Debugging on Cisco Access Points 1071 Troubleshooting Access Points Using Telnet or SSH 1071 Troubleshooting Access Points Using Telnet or SSH (GUI) 1072 Troubleshooting Access Points Using Telnet or SSH (CLI) 1072 Debugging the Access Point Monitor Service 1073 Debugging Access Point Monitor Service Issues (CLI) 1073 Sending Commands to Access Points 1073 Understanding How Access Points Send Crash Information to the Controller 1074 Understanding How Access Points Send Radio Core Dumps to the Controller 1074 Retrieving Radio Core Dumps (CLI) 1074 Uploading Radio Core Dumps (GUI) 1075 Uploading Radio Core Dumps (CLI) 1075 Viewing the AP Crash Log Information 1076 Viewing the AP Crash Log information (GUI) 1076 Viewing the AP Crash Log information (CLI) 1077 Viewing MAC Addresses of Access Points 1077 Disabling the Reset Button on Access Points to Lightweight Mode 1077 Viewing Access Point Event Logs 1078 Information About Access Point Event Logs 1078 Viewing Access Point Event Logs (CLI) 1078 Troubleshooting OfficeExtend Access Points 1079 Interpreting OfficeExtend LEDs 1079 Troubleshooting Common Problems with OfficeExtend Access Points 1079 Link Test 1080 Performing a Link Test (GUI) 1081 Performing a Link Test (CLI) 1082

Cisco Wireless Controller Configuration Guide, Release 8.0 xliii

Contents

CHAPTER 60

Packet Capture 1083 Using the Debug Packet Logging Facility 1083 Configuring the Debug Facility (CLI) 1084 Wireless Sniffing 1088 Prerequisites for Wireless Sniffing 1088 Restrictions on Wireless Sniffing 1088 Configuring Sniffing on an Access Point (GUI) 1089 Configuring Sniffing on an Access Point (CLI) 1090

Cisco Wireless Controller Configuration Guide, Release 8.0 xliv

Preface

This preface describes the audience, organization, and conventions of this document. It also provides information on how to obtain other documentation. This preface includes the following sections:
· Audience, on page xlv · Conventions, on page xlv · Related Documentation, on page xlvi · Communications, Services, and Additional Information, on page xlvii
Audience
This publication is for experienced network administrators who configure and maintain Cisco wireless controllers and Cisco lightweight access points.

Conventions

This document uses the following conventions:
Table 1: Conventions

Convention bold font italic font
[] {x | y | z }
[x|y|z] string

Indication
Commands and keywords and user-entered text appear in bold font.
Document titles, new or emphasized terms, and arguments for which you supply values are in italic font.
Elements in square brackets are optional.
Required alternative keywords are grouped in braces and separated by vertical bars.
Optional alternative keywords are grouped in brackets and separated by vertical bars.
A nonquoted set of characters. Do not use quotation marks around the string. Otherwise, the string will include the quotation marks.

Cisco Wireless Controller Configuration Guide, Release 8.0 xlv

Related Documentation

Preface

Convention courier font <> [] !, #

Indication
Terminal sessions and information the system displays appear in courier font. Nonprinting characters such as passwords are in angle brackets. Default responses to system prompts are in square brackets. An exclamation point (!) or a pound sign (#) at the beginning of a line of code indicates a comment line.

Note Means reader take note. Notes contain helpful suggestions or references to material not covered in the manual.

Tip Means the following information will help you solve a problem.

Caution Means reader be careful. In this situation, you might perform an action that could result in equipment damage or loss of data.
Related Documentation
· Release Notes for Cisco Wireless Controllers and Lightweight Access Points for Cisco Wireless releases http://www.cisco.com/c/en/us/support/wireless /wireless-lan-controller-software/ products-release-notes-list.html
· Cisco Wireless Solutions Software Compatibility Matrix https://www.cisco.com/c/en/us/td/docs/wireless/compatibility/matrix /compatibility-matrix.html
· Feature Matrix for Wave 2 and 802.11ax (Wi-Fi 6) Access Points https://www.cisco.com/c/en/us/td/docs/wireless/access_point/feature-matrix/ap- feature-matrix.html
· Wireless and Mobility home page https://www.cisco.com/c/en/us/products/wireless/index.html
· Cisco Wireless Controller Configuration Guides http://www.cisco.com/c/en/us/support/wireless/wireless-lan-controller- software/ products-installation-and-configuration-guides-list.html
· Cisco Wireless Controller Command References http://www.cisco.com/c/en/us/support/wireless/wireless-lan-controller- software/ products-command-reference-list.html
· Cisco Wireless Controller System Message Guides and Trap Logs

Cisco Wireless Controller Configuration Guide, Release 8.0 xlvi

Preface

Communications, Services, and Additional Information

http://www.cisco.com/c/en/us/support/wireless/wireless-lan-controller- software/ products-system-message-guides-list.html · Cisco Wireless Release Technical References http://www.cisco.com/c/en/us/support/wireless/wireless- lan-controller-software/ products-technical-reference-list.html · Cisco Wireless Mesh Access Point Design and Deployment Guides http://www.cisco.com/c/en/us/support/wireless/wireless-lan-controller- software/ products-technical-reference-list.html · Cisco Prime Infrastructure http://www.cisco.com/c/en/us/support/cloud-systems-management/prime- infrastructure/ tsd-products-support-series-home.html · Cisco Connected Mobile Experiences http://www.cisco.com/c/en_in/solutions/enterprise-networks /connected-mobile-experiences/index.html · Cisco Mobility Express for Aironet Access Points https://www.cisco.com/c/en/us/support/wireless/mobility- express/series.html
Communications, Services, and Additional Information
· To receive timely, relevant information from Cisco, sign up at Cisco Profile Manager. · To get the business impact you’re looking for with the technologies that matter, visit Cisco Services. · To submit a service request, visit Cisco Support. · To discover and browse secure, validated enterprise-class apps, products, solutions, and services, visit
Cisco DevNet. · To obtain general networking, training, and certification titles, visit Cisco Press. · To find warranty information for a specific product or product family, access Cisco Warranty Finder.
Cisco Bug Search Tool
Cisco Bug Search Tool (BST) is a gateway to the Cisco bug-tracking system, which maintains a comprehensive list of defects and vulnerabilities in Cisco products and software. The BST provides you with detailed defect information about your products and software.
Documentation Feedback
To provide feedback about Cisco technical documentation, use the feedback form available in the right pane of every online document.

Cisco Wireless Controller Configuration Guide, Release 8.0 xlvii

Documentation Feedback

Preface

xlviii

Cisco Wireless Controller Configuration Guide, Release 8.0

I P A R T
Overview
· Cisco Wireless Solution Overview, on page 1 · Initial Setup, on page 5

1 C H A P T E R
Cisco Wireless Solution Overview
Cisco Wireless Solution is designed to provide 802.11 wireless networking solutions for enterprises and service providers. Cisco Wireless Solution simplifies deploying and managing large-scale wireless LANs and enables a unique best-in-class security infrastructure. The operating system manages all data client, communications, and system administration functions, performs radio resource management (RRM) functions, manages system-wide mobility policies using the operating system security solution, and coordinates all security functions using the operating system security framework. This figure shows a sample architecture of a Cisco Wireless Enterprise Network:
Figure 1: Sample Cisco Wireless Enterprise Network Architecture
The interconnected elements that work together to deliver a unified enterprise-class wireless solution include the following:
· Client devices · Access points (APs)
Cisco Wireless Controller Configuration Guide, Release 8.0 1

Core Components

Overview

· Network unification through Cisco Wireless Controllers (controllers)
· Network management
· Mobility services
Beginning with a base of client devices, each element adds capabilities as the network needs to evolve and grow, interconnecting with the elements above and below it to create a comprehensive, secure wireless LAN (WLAN) solution.
· Core Components, on page 2
Core Components
A Cisco Wireless network consists of the following core components: · Cisco Wireless Controllers: Cisco Wireless Controllers (controllers) are enterprise- class high-performance wireless switching platforms that support 802.11a/n/ac and 802.11b/g/n protocols. They operate under control of the AireOS operating system, which includes the radio resource management (RRM), creating a Cisco Wireless solution that can automatically adjust to real-time changes in the 802.11 radio frequency (802.11 RF) environment. Controllers are built around high-performance network and security hardware, resulting in highly reliable 802.11 enterprise networks with unparalleled security. The following controllers are supported: · Cisco 2504 Wireless Controller
· Cisco 5508 Wireless Controller
· Cisco Flex 7510 Wireless Controller
· Cisco 8510 Wireless Controller
· Cisco Virtual Wireless Controller
· Catalyst Wireless Services Module 2 (WiSM2)
Note The Cisco Wireless Controllers do not support 10 G-based CISCO-AMPHENOL SFP. However, you may use an alternate vendor SFP.
· Cisco Access Points: Cisco access points (APs) can be deployed in a distributed or centralized network for a branch office, campus, or large enterprise. For more information about APs, see https://www.cisco.com/c/en/us/products/wireless/access-points/index.html
· Cisco Prime Infrastructure (PI): Cisco Prime Infrastructure can be used to configure and monitor one or more controllers and associated APs. Cisco PI has tools to facilitate large-system monitoring and control. When you use Cisco PI in your Cisco wireless solution, controllers periodically determine the client, rogue access point, rogue access point client, radio frequency ID (RFID) tag location and store the locations in the Cisco PI database. For more information about Cisco PI, see https://www.cisco.com/c/ en/us/support/cloud- systems-management/prime-infrastructure/series.html.
· Cisco Connected Mobile Experiences (CMX): Cisco Connected Mobile Experiences (CMX) acts as a platform to deploy and run Cisco Connected Mobile Experiences (Cisco CMX). Cisco Connected Mobile

Cisco Wireless Controller Configuration Guide, Release 8.0 2

Overview

Overview of Cisco Mobility Express

Experiences (CMX) is delivered in two modes–the physical appliance (box) and the virtual appliance (deployed using VMware vSphere Client) . Using your Cisco wireless network and location intelligence from Cisco MSE, Cisco CMX helps you create personalized mobile experiences for end users and gain operational efficiency with location-based services. For more information about Cisco CMX, see https://www.cisco.com/c/en/us/support/wireless/connected- mobile-experiences/series.html.
· Cisco DNA Spaces: Cisco DNA Spaces is a multichannel engagement platform that enables you to connect, know, and engage with visitors at their physical business locations. It covers various verticals of business such as retail, manufacturing, hospitality, healthcare, education, financial services, enterprise work spaces, and so on. Cisco DNA Spaces also provides solutions for monitoring and managing the assets in your premises.
The Cisco DNA Spaces: Connector enables Cisco DNA Spaces to communicate with multiple Cisco Wireless Controller (controller) efficiently by allowing each controller to transmit high intensity client data without missing any client information.
For information about how to configure Cisco DNA Spaces and the Connector, see https://www.cisco.com/ c/en/us/support/wireless/dna-spaces/products- installation-and-configuration-guides-list.html.
For more information about design considerations for enterprise mobility, see the Enterprise Mobility Design Guide at:
https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-5/Enterprise- Mobility-8-5-Design-Guide/ Enterprise_Mobility_8-5_Deployment_Guide.html
Overview of Cisco Mobility Express
The Cisco Mobility Express wireless network solution comprises of at least one Cisco Wave 2 AP with an in-built software-based wireless controller managing other Cisco APs in the network.
The AP acting as the controller is referred to as the primary AP while the other APs in the Cisco Mobility Express network, which are managed by this primary AP, are referred to as subordinate APs.
In addition to acting as a controller, the primary AP also operates as an AP to serve clients along with the subordinate APs.
Cisco Mobility Express provides most features of a controller and can interface with the following:
· Cisco Prime Infrastructure: For simplified network management, including managing AP groups
· Cisco Identity Services Engine: For advanced policy enforcement
· Connected Mobile Experiences (CMX): For providing presence analytics and guest access using Connect & Engage
For more information about using Cisco Mobility Express, see the user guide for relevant releases at: https://www.cisco.com/c/en/us/support/wireless /mobility-express/ products-installation-and-configuration-guides-list.html

Cisco Wireless Controller Configuration Guide, Release 8.0 3

Overview of Cisco Mobility Express

Overview

Cisco Wireless Controller Configuration Guide, Release 8.0 4

2 C H A P T E R
Initial Setup
· Cisco WLAN Express Setup, on page 5 · Configuring the Controller Using the Configuration Wizard, on page 11 · Using the AutoInstall Feature for Controllers Without a Configuration, on page 25 · Managing the Controller System Date and Time, on page 29
Cisco WLAN Express Setup
Cisco WLAN Express Setup is a simplified, out-of-the-box installation and configuration interface for Cisco Wireless Controllers. This section provides instructions to set up a controller to operate in a small, medium, or large network wireless environment, where access points can join and together as a simple solution provide various services such as corporate employee or guest wireless access on the network. There are two methods:
· Wired method · Wireless method With this, there are three ways to set up a controller: · Cisco WLAN Express Setup · Traditional command line interface (CLI) through serial console · Updated method using network connection directly to the controller GUI setup wizard
Note Cisco WLAN Express Setup can be used only for the first time in out-of- the-box installations or when controller configuration is reset to factory defaults.
Feature History · Release 7.6.120.0: This feature was introduced and supported only on Cisco 2500 Series Wireless Controller. It includes an easy-to-use GUI Configuration Wizard, an intuitive monitoring dashboard and several Cisco Wireless LAN best practices enabled by default. · Release 8.0.110.0: The following enhancements were made:
Cisco Wireless Controller Configuration Guide, Release 8.0 5

Cisco WLAN Express Setup

Overview

· Connect to any port: You can connect a client device to any port on the Cisco 2500 Series Wireless Controller and access the GUI configuration wizard to run Cisco WLAN Express. Previously, you were required to connect the client device to only port 2.
· Wireless Support to run Cisco WLAN Express: You can connect an AP to any of the ports on the Cisco 2500 Series Wireless Controller, associate a client device with the AP, and run Cisco WLAN Express. When the AP is associated with the Cisco 2500 Series Wireless Controller, only 802.11b and 802.11g radios are enabled; the 802.11a radio is disabled. The AP broadcasts an SSID named CiscoAirProvision, which is of WPA2-PSK type with the key being password. After a client device associates with this SSID, the client device automatically gets an IP address in the 192.168.x.x range. On the web browser of the client device, go to http://192.168.1.1 to open the GUI configuration wizard.
Note This feature is not supported on mobile devices such as smartphones and tablet computers.
· Release 8.1: The following enhancements are made: · Added support for the Cisco WLAN Express using the wired method to Cisco 5500, Flex 7500, 8500 Series Wireless Controllers and Cisco Virtual Wireless Controller. · Introduced the Main Dashboard view and compliance assessment and best practices. For more details, see the controller Online Help.
Configuration Checklist The following checklist is for your reference to make the installation process easy. Ensure that you have these requirements ready before you proceed: 1. Network switch requirements:
a. Controller switch port number assigned b. Controller assigned switch port c. Is the switch port configured as trunk or access? d. Is there a management VLAN? If yes, Management VLAN ID e. Is there a guest VLAN? If yes, Guest VLAN ID
2. Controller Settings: a. New admin account name b. Admin account password c. System name for the controller d. Current time zone e. Is there an NTP server available? If yes, NTP server IP address

Cisco Wireless Controller Configuration Guide, Release 8.0 6

Overview

Cisco WLAN Express Setup

Note We recommend using a reachable NTP server IP address. APs do not support FQDN in a day0 scenario.
f. Controller Management Interface: 1. IP address 2. Subnet Mask 3. Default gateway
g. Management VLAN ID
3. Corporate wireless network 4. Corporate wireless name or SSID 5. Is a RADIUS server required? 6. Security authentication option to select:
a. WPA/WPA2 Personal b. Corporate passphrase (PSK) c. WPA/WPA2 (Enterprise) d. RADIUS server IP address and shared secret
7. Is a DHCP server known? If yes, DHCP server IP address 8. Guest Wireless Network (optional)
a. Guest wireless name/SSID b. Is a password required for guest? c. Guest passphrase (PSK) d. Guest VLAN ID e. Guest networking
1. IP address 2. Subnet Mask 3. Default gateway
9. Advanced option: Configure RF Parameters for Client Density as Low, Medium, or High.
Preparing for Setup Using Cisco WLAN Express · Do not auto-configure the controller or use the wizard for configuration. · Do not use console interface; the only connection to the controller should be client connected to service port.
Cisco Wireless Controller Configuration Guide, Release 8.0 7

Setting up Cisco Wireless Controller using Cisco WLAN Express (Wired Method)

Overview

· Configure DHCP or assign static IP 192.168.1.X to laptop interface connected to service port. For more information about Cisco WLAN Express, see WLAN Express Setup and Best Practices Deployment Guide. This section contains the following subsections:
Setting up Cisco Wireless Controller using Cisco WLAN Express (Wired Method)
Procedure

Step 1
Step 2 Step 3
Step 4 Step 5

Connect a laptop’s wired Ethernet port directly to the Service port of the controller. The port LEDs blink to indicate that both the machines are properly connected.

Note

It may take several minutes for the controller to fully power on to make the GUI available to the

PC. Do not auto-configure the controller.

The LEDs on the front panel provide the system status:

· If the LED is off, it means that the controller is not ready.

· If the LED is solid green, it means that the controller is ready.

Configure DHCP option on the laptop that you have connected to the Service port. This assigns an IP address to the laptop from the controller Service port 192.168.1.X, or you can assign a static IP address 192.168.1.X to the laptop to access the controller GUI; both options are supported. Open any one of the following supported web browsers and type http://192.168.1.1 in the address bar.
· Mozilla Firefox version 32 or later (Windows, Mac)
· Microsoft Internet Explorer version 10 or later (Windows)
· Apple Safari version 7 or later (Mac)

Note

This feature is not supported on mobile devices such as smartphones and tablet computers.

Create an administrator account by providing the name and password. Click Start to continue. In the Set Up Your Controller box, enter the following details: a. System Name for the controller

b. Current time zone

c. NTP Server (optional)

Note

We recommend using a reachable NTP server IP address. APs do not support FQDN in a

day0 scenario.

d. Management IP Address

e. Subnet Mask

f. Default Gateway

Cisco Wireless Controller Configuration Guide, Release 8.0 8

Overview

RF Profile Configurations

Step 6
Step 7
Step 8 Step 9 Step 10

g. Management VLAN ID–If left unchanged or set to 0, the network switch port must be configured with a native VLAN ‘X0’

Note

The setup attempts to import the clock information (date and time) from the computer via

JavaScript. We recommend that you confirm this before continuing. Access points rely on correct

clock settings to be able to join the controller.

In the Create Your Wireless Networks box, in the Employee Network area, use the checklist to enter the following data: a) Network name/SSID b) Security c) Pass Phrase, if Security is set to WPA/WPA2 Personal d) DHCP Server IP Address: If left empty, the DHCP processing is bridged to the management interface
(Optional) In the Create Your Wireless Networks box, in the Guest Network area, use the checklist to enter the following data: a) Network name/SSID b) Security c) VLAN IP Address, VLAN Subnet Mask, VLAN Default Gateway, VLAN ID d) DHCP Server IP Address: If left empty, the DHCP processing is bridged to the management interface
In the Advanced Setting box, in the RF Parameter Optimization area, do the following: a) Select the client density as Low, Typical, or High. b) Configure the RF parameters for RF Traffic Type, such as Data and Voice. c) Change the Service port IP address and subnet mask, if necessary.
Click Next. Review your settings and then click Apply to confirm.
The controller reboots automatically. You will be prompted that the controller is fully configured and will be restarted. Sometimes, you might not be prompted with this message. In this scenario, do the following:
a) Disconnect the laptop from the controller service port and connect it to the Switch port. b) Connect the controller port 1 to the switch configured trunk port. c) Connect access points to the switch if not already connected. d) Wait until the access points join the controller.

RF Profile Configurations Procedure

Step 1 Step 2

After a successful login as an administrator, choose Wireless > RF Profiles to verify whether the Cisco WLAN Express features are enabled by checking that the predefined RF profiles are created on this page. You can define AP Groups and apply appropriate profile to a set of APs.
Choose Wireless > Advanced > Network Profile, verify the client density and traffic type details.

Cisco Wireless Controller Configuration Guide, Release 8.0 9

Setting up Cisco Wireless Controller using Cisco WLAN Express (Wireless Method)

Overview

Note

We recommend that you use RF and Network profiles configuration even if Cisco WLAN

Express was not used initially or if the controller was upgraded from a release that is earlier than

Release 8.1.

Setting up Cisco Wireless Controller using Cisco WLAN Express (Wireless Method)
This wireless method applies only to Cisco 2500 Series Wireless Controller.
Procedure

Step 1
Step 2 Step 3 Step 4
Step 5

Plug in a Cisco AP to any one of the ports of Cisco 2500 Series WLC. If you do not have a separate power supply for the AP, you can use Port 3 or Port 4, which supports PoE.
After the AP boots up, the AP associates with the WLC and downloads the WLC software.
The AP starts provisioning a WPA2-PSK SSID “CiscoAirProvision” with the key “password.”
Associate a client device to the “CiscoAirProvision” SSID. The client device is assigned an IP address in the 192.168.x.x range.
On the web browser of the client device, go to http://192.168.1.1 to open the GUI configuration wizard.

Default Configurations

When you configure your Cisco Wireless Controller, the following parameters are enabled or disabled. These settings are different from the default settings obtained when you configure the controller using the CLI wizard.

Parameters in New Interface Aironet IE DHCP Address Assignment (Guest SSID) Client Band Select Local HTTP and DHCP Profiling Guest ACL

Default Setting

Disabled

Enabled

Enabled

Enabled

Applied.

Note

Guest ACL denies traffic to the

management subnet.

CleanAir EDRRM EDRRM Sensitivity Threshold

Enabled Enabled
· Low sensitivity for 2.4 GHz. · Medium sensitivity for 5 GHz.

Cisco Wireless Controller Configuration Guide, Release 8.0 10

Overview

Configuring the Controller Using the Configuration Wizard

Parameters in New Interface Channel Bonding (5 GHz) DCA Channel Width mDNS Global Snooping Default mDNS profile
AVC (only AV)
Management
Virtual IP Address Multicast Address Mobility Domain Name RF Group Name

Default Setting Enabled 40 MHz Enabled Two new services added:
· Better printer support · HTTP

Enabled only with following prerequisites: · Bootloader version–1.0.18 Or
· Field Upgradable Software version–1.8.0.0 and above

Note

If you upgrade the bootloader after you

have setup the Cisco 2500 Series

Controller using the GUI Wizard, you

have to manually enable AVC on the

previously created WLAN.

· Via Wireless Clients–Enabled · HTTP/HTTPS Access–Enabled

· WebAuth Secure Web–Enabled

192.0.2.1 Not configured Name of employee SSID Default

Configuring the Controller Using the Configuration Wizard
The configuration wizard enables you to configure basic settings on the controller. You can run the wizard after you receive the controller from the factory or after the controller has been reset to factory defaults. The configuration wizard is available in both GUI and CLI formats.

Cisco Wireless Controller Configuration Guide, Release 8.0 11

Configuring the Controller (GUI)

Overview

Configuring the Controller (GUI)
Procedure

Step 1 Step 2

Connect your PC to the service port and configure it to use the same subnet as the controller.

Note

With Cisco 2504 Wireless Controller, connect your PC to the port 2 on the controller and configure

to use the same subnet.

Browse to http://192.168.1.1. The configuration wizard is displayed.

Note

You can use both HTTP and HTTPS when using the service port interface. HTTPS is enabled

by default and HTTP can also be enabled.

Note

For the initial GUI Configuration Wizard, you cannot access the controller using IPv6 address.

Figure 2: Configuration Wizard — System Information Page

Step 3 Step 4 Step 5

In the System Name field, enter the name that you want to assign to this controller. You can enter up to 31 ASCII characters. In the User Name field, enter the administrative username to be assigned to this controller. You can enter up to 24 ASCII characters. The default username is admin. In the Password and Confirm Password boxes, enter the administrative password to be assigned to this controller. You can enter up to 24 ASCII characters. The default password is admin.
· The password must contain characters from at least three of the following classes:
· Lowercase letters
· Uppercase letters
· Digits
· Special characters

Cisco Wireless Controller Configuration Guide, Release 8.0 12

Overview

Configuring the Controller (GUI)

Step 6

· No character in the password must be repeated more than three times consecutively. · The new password must not be the same as the associated username and not be the username reversed. · The password must not be cisco, ocsic, or any variant obtained by changing the capitalization of letters
of the word Cisco. In addition, you cannot substitute 1, I, or ! for i, 0 for o, or $ for s.
Click Next. The SNMP Summary page is displayed.
Figure 3: Configuration Wizard–SNMP Summary Page

Step 7
Step 8 Step 9 Step 10 Step 11

If you want to enable Simple Network Management Protocol (SNMP) v1 mode for this controller, choose Enable from the SNMP v1 Mode drop-down list. Otherwise, leave this parameter set to Disable.

Note

SNMP manages nodes (servers, workstations, routers, switches, and so on) on an IP network.

Currently, there are three versions of SNMP: SNMPv1, SNMPv2c, and SNMPv3.

If you want to enable SNMPv2c mode for this controller, leave this parameter set to Enable. Otherwise, choose Disable from the SNVP v2c Mode drop-down list.
If you want to enable SNMPv3 mode for this controller, leave this parameter set to Enable. Otherwise, choose Disable from the SNVP v3 Mode drop-down list.
Click Next.
When the following message is displayed, click OK:

Default values are present for v1/v2c community strings. Please make sure to create new v1/v2c community strings once the system comes up. Please make sure to create new v3 users once the system comes up.
The Service Interface Configuration page is displayed.

Cisco Wireless Controller Configuration Guide, Release 8.0 13

Configuring the Controller (GUI) Figure 4: Configuration Wizard-Service Interface Configuration Page

Overview

Step 12 Step 13 Step 14

If you want the controller’s service-port interface to obtain an IP address from a DHCP server, check the DHCP Protocol Enabled check box. If you do not want to use the service port or if you want to assign a static IP address to the service port, leave the check box unchecked.

Note

The service-port interface controls communications through the service port. Its IP address must

be on a different subnet from the management interface. This configuration enables you to manage

the controller directly or through a dedicated management network to ensure service access during

network downtime.

Perform one of the following:
· If you enabled DHCP, clear out any entries in the IP Address and Netmask text boxes, leaving them blank.

· If you disabled DHCP, enter the static IP address and netmask for the service port in the IP Address and Netmask text boxes.

Click Next. The LAG Configuration page is displayed.

Cisco Wireless Controller Configuration Guide, Release 8.0 14

Overview Figure 5: Configuration Wizard–LAG Configuration Page

Configuring the Controller (GUI)

Step 15 Step 16

To enable link aggregation (LAG), choose Enabled from the Link Aggregation (LAG) Mode drop-down list. To disable LAG, leave this field set to Disabled. Click Next.
The Management Interface Configuration page is displayed.

Step 17

Note

The management interface is the default interface for in-band management of the controller and

connectivity to enterprise services such as AAA servers.

In the VLAN Identifier field, enter the VLAN identifier of the management interface (either a valid VLAN identifier or 0 for an untagged VLAN). The VLAN identifier should be set to match the switch interface configuration.

Cisco Wireless Controller Configuration Guide, Release 8.0 15

Configuring the Controller (GUI)

Overview

Step 18 Step 19 Step 20 Step 21 Step 22 Step 23 Step 24 Step 25
Step 26 Step 27

In the IP Address field, enter the IP address of the management interface.
In the Netmask field, enter the IP address of the management interface netmask.
In the Gateway field, enter the IP address of the default gateway.
In the Port Number field, enter the number of the port assigned to the management interface. Each interface is mapped to at least one primary port.
In the Backup Port field, enter the number of the backup port assigned to the management interface. If the primary port for the management interface fails, the interface automatically moves to the backup port.
In the Primary DHCP Server field, enter the IP address of the default DHCP server that will supply IP addresses to clients, the controller’s management interface, and optionally, the service port interface.
In the Secondary DHCP Server field, enter the IP address of an optional secondary DHCP server that will supply IP addresses to clients, the controller’s management interface, and optionally, the service port interface.
Click Next. The AP-Manager Interface Configuration page is displayed.

Note

This screen does not appear for Cisco 5508 controllers because you are not required to configure

an AP-manager interface. The management interface acts like an AP-manager interface by default.

In the IP Address field, enter the IP address of the AP-manager interface. Click Next. The Miscellaneous Configuration page is displayed.
Figure 6: Configuration Wizard–Miscellaneous Configuration Page

Step 28 Step 29

In the RF Mobility Domain Name field, enter the name of the mobility group/RF group to which you want the controller to belong.

Note

Although the name that you enter here is assigned to both the mobility group and the RF group,

these groups are not identical. Both groups define clusters of controllers, but they have different

purposes. All of the controllers in an RF group are usually also in the same mobility group and

vice versa. However, a mobility group facilitates scalable, system-wide mobility and controller

redundancy while an RF group facilitates scalable, system-wide dynamic RF management.

The Configured Country Code(s) field shows the code for the country in which the controller will be used. If you want to change the country of operation, check the check box for the desired country.

Cisco Wireless Controller Configuration Guide, Release 8.0 16

Overview

Configuring the Controller (GUI)

Step 30 Step 31

Note

You can choose more than one country code if you want to manage access points in multiple

countries from a single controller. After the configuration wizard runs, you must assign each

access point joined to the controller to a specific country.

Click Next. When the following message is displayed, click OK:

Warning! To maintain regulatory compliance functionality, the country code setting may only be modified by a network administrator or qualified IT professional. Ensure that proper country codes are selected before proceeding.?

The Virtual Interface Configuration page is displayed.
Figure 7: Configuration Wizard — Virtual Interface Configuration Page

Step 32 Step 33 Step 34

In the IP Address field, enter the IP address of the controller’s virtual interface. You should enter a fictitious, unassigned IP address.

Note

The virtual interface is used to support mobility management, DHCP relay, and embedded Layer

3 security such as guest web authentication and VPN termination. All controllers within a mobility

group must be configured with the same virtual interface IP address.

In the DNS Host Name field, enter the name of the Domain Name System (DNS) gateway used to verify the source of certificates when Layer 3 web authorization is enabled.

Note

To ensure connectivity and web authentication, the DNS server should always point to the virtual

interface. If a DNS hostname is configured for the virtual interface, then the same DNS hostname

must be configured on the DNS servers used by the client.

Click Next. The WLAN Configuration page is displayed.

Cisco Wireless Controller Configuration Guide, Release 8.0 17

Configuring the Controller (GUI) Figure 8: Configuration Wizard — WLAN Configuration Page

Overview

Step 35 Step 36
Step 37 Step 38

In the Profile Name field, enter up to 32 alphanumeric characters for the profile name to be assigned to this WLAN.
In the WLAN SSID field, enter up to 32 alphanumeric characters for the network name, or service set identifier (SSID). The SSID enables basic functionality of the controller and allows access points that have joined the controller to enable their radios.
Click Next.
When the following message is displayed, click OK:

Default Security applied to WLAN is: [WPA2(AES)][Auth(802.1x)]. You can change this after the wizard is complete and the system is rebooted.?
The RADIUS Server Configuration page is displayed.

Cisco Wireless Controller Configuration Guide, Release 8.0 18

Overview Figure 9: Configuration Wizard-RADIUS Server Configuration Page

Configuring the Controller (GUI)

Step 39 Step 40
Step 41 Step 42 Step 43 Step 44

In the Server IP Address field, enter the IP address of the RADIUS server.
From the Shared Secret Format drop-down list, choose ASCII or Hex to specify the format of the shared secret.

Note

Due to security reasons, the RADIUS shared secret key reverts to ASCII mode even if you have

selected HEX as the shared secret format from the Shared Secret Format drop- down list.

In the Shared Secret and Confirm Shared Secret boxes, enter the secret key used by the RADIUS server. In the Port Number field, enter the communication port of the RADIUS server. The default value is 1812. To enable the RADIUS server, choose Enabled from the Server Status drop-down list. To disable the RADIUS server, leave this field set to Disabled. Click Apply. The 802.11 Configuration page is displayed.

Cisco Wireless Controller Configuration Guide, Release 8.0 19

Configuring the Controller (GUI) Figure 10: Configuration Wizard–802.11 Configuration Page

Overview

Step 45 Step 46
Step 47

To enable the 802.11a, 802.11b, and 802.11g lightweight access point networks, leave the 802.11a Network Status, 802.11b Network Status, and 802.11g Network Status check boxes checked. To disable support for any of these networks, uncheck the check boxes.
To enable the controller’s radio resource management (RRM) auto-RF feature, leave the Auto RF check box selected. To disable support for the auto-RF feature, uncheck this check box.

Note

The auto-RF feature enables the controller to automatically form an RF group with other

controllers. The group dynamically elects a leader to optimize RRM parameter settings, such as

channel and transmit power assignment, for the group.

Click Next. The Set Time page is displayed.

Cisco Wireless Controller Configuration Guide, Release 8.0 20

Overview Figure 11: Configuration Wizard — Set Time Screen

Configuring the Controller (GUI)

Step 48 Step 49
Step 50

To manually configure the system time on your controller, enter the current date in Month/DD/YYYY format and the current time in HH:MM:SS format.
To manually set the time zone so that Daylight Saving Time (DST) is not set automatically, enter the local hour difference from Greenwich Mean Time (GMT) in the Delta Hours field and the local minute difference from GMT in the Delta Mins field.

Note

When manually setting the time zone, enter the time difference of the local current time zone

with respect to GMT (+/­). For example, Pacific time in the United States is 8 hours behind GMT.

Therefore, it is entered as ­8.

Click Next. The Configuration Wizard Completed page is displayed.

Cisco Wireless Controller Configuration Guide, Release 8.0 21

Configuring the Controller–Using the CLI Configuration Wizard Figure 12: Configuration Wizard–Configuration Wizard Completed Page

Overview

Step 51 Step 52

Click Save and Reboot to save your configuration and reboot the controller. When the following message is displayed, click OK:
Configuration will be saved and the controller will be rebooted. Click ok to confirm.?
The controller saves your configuration, reboots, and prompts you to log on.

Configuring the Controller–Using the CLI Configuration Wizard
Before you begin · The available options are displayed in brackets after each configuration parameter. The default value is displayed in all uppercase letters. · If you enter an incorrect response, an appropriate error message is displayed, such as Invalid Response, and returns you to the wizard prompt. · Press the hyphen key if you ever need to return to the previous command line.
Procedure

Step 1

When prompted to terminate the AutoInstall process, enter yes. If you do not enter yes, the AutoInstall process begins after 30 seconds.

Cisco Wireless Controller Configuration Guide, Release 8.0 22

Overview

Configuring the Controller–Using the CLI Configuration Wizard

Step 2 Step 3
Step 4
Step 5 Step 6 Step 7 Step 8 Step 9 Step 10 Step 11
Step 12

Note

The AutoInstall feature downloads a configuration file from a TFTP server and then loads the

configuration onto the controller automatically.

Enter the system name, which is the name that you want to assign to the controller. You can enter up to 31 ASCII characters. Enter the administrative username and password to be assigned to this controller. You can enter up to 24 ASCII characters for each.
· The password must contain characters from at least three of the following classes:
· Lowercase letters

· Uppercase letters

· Digits

· Special characters

· No character in the password must be repeated more than three times consecutively.
· The new password must not be the same as the associated username and not be the username reversed.
· The password must not be cisco, ocsic, or any variant obtained by changing the capitalization of letters of the word Cisco. In addition, you cannot substitute 1, I, or ! for i, 0 for o, or $ for s.

If you want the controller’s service-port interface to obtain an IP address from a DHCP server, enter DHCP. If you do not want to use the service port or if you want to assign a static IP address to the service port, enter none.

Note

The service-port interface controls communications through the service port. Its IP address must

be on a different subnet from the management interface. This configuration enables you to manage

the controller directly or through a dedicated management network to ensure service access during

network downtime.

If you entered none in Step 4, enter the IP address and netmask for the service-port interface on the next two lines.
Enable or disable link aggregation (LAG) by choosing yes or NO.
Enter the IP address of the management interface.

Note

The management interface is the default interface for in-band management of the controller and

connectivity to enterprise services such as AAA servers.

Enter the IP address of the management interface netmask.
Enter the IP address of the default router.
Enter the VLAN identifier of the management interface (either a valid VLAN identifier or 0 for an untagged VLAN). The VLAN identifier should be set to match the switch interface configuration.
Enter the IP address of the default DHCP server that will supply IP addresses to clients, the management interface of the controller, and optionally, the service port interface. Enter the IP address of the AP-manager interface.

Note

This prompt does not appear for Cisco 5508 WLCs because you are not required to configure an

AP-manager interface. The management interface acts like an AP-manager interface by default.

Enter the IP address of the controller’s virtual interface. You should enter a fictitious unassigned IP address.

Cisco Wireless Controller Configuration Guide, Release 8.0 23

Configuring the Controller–Using the CLI Configuration Wizard

Overview

Step 13
Step 14 Step 15 Step 16 Step 17
Step 18 Step 19 Step 20
Step 21 Step 22 Step 23

Note

The virtual interface is used to support mobility management, DHCP relay, and embedded Layer

3 security such as guest web authentication and VPN termination. All controllers within a mobility

group must be configured with the same virtual interface IP address.

If desired, enter the name of the mobility group/RF group to which you want the controller to belong.

Note

Although the name that you enter here is assigned to both the mobility group and the RF group,

these groups are not identical. Both groups define clusters of controllers, but they have different

purposes. All of the controllers in an RF group are usually also in the same mobility group and

vice versa. However, a mobility group facilitates scalable, system-wide mobility and controller

redundancy while an RF group facilitates scalable, system-wide dynamic RF management.

Enter the network name or service set identifier (SSID). The SSID enables basic functionality of the controller and allows access points that have joined the controller to enable their radios.
Enter YES to allow clients to assign their own IP address or no to require clients to request an IP address from a DHCP server.
To configure a RADIUS server now, enter YES and then enter the IP address, communication port, and secret key of the RADIUS server. Otherwise, enter no. If you enter no, the following message is displayed: Warning! The default WLAN security policy requires a RADIUS server. Please see the documentation for more details.
Enter the code for the country in which the controller will be used.

Note

Enter help to view the list of available country codes.

Note

You can enter more than one country code if you want to manage access points in multiple

countries from a single controller. To do so, separate the country codes with a comma (for example,

US,CA,MX). After the configuration wizard runs, you need to assign each access point joined

to the controller to a specific country.

Enable or disable the 802.11b, 802.11a, and 802.11g lightweight access point networks by entering YES or no.
Enable or disable the controller’s radio resource management (RRM) auto-RF feature by entering YES or no.

Note

The auto-RF feature enables the controller to automatically form an RF group with other

controllers. The group dynamically elects a leader to optimize RRM parameter settings, such as

channel and transmit power assignment, for the group.

If you want the controller to receive its time setting from an external Network Time Protocol (NTP) server when it powers up, enter YES to configure an NTP server. Otherwise, enter no.

Note

The controller network module installed in a Cisco Integrated Services Router does not have a

battery and cannot save a time setting. Therefore, it must receive a time setting from an external

NTP server when it powers up.

If you entered no in Step 20 and want to manually configure the system time on your controller now, enter YES. If you do not want to configure the system time now, enter no. If you entered YES in Step 21, enter the current date in the MM/DD/YY format and the current time in the HH:MM:SS format. After you have completed step 22, the wizard prompts you to configure IPv6 parameters. Enter YES to proceed.
Enter the service port interface IPv6 address configuration. You can enter either static or SLAAC.
· If you entered, SLAAC, then IPv6 address is autoconfigured. · If you entered, static, you must enter the IPv6 address and its prefix length of the service interface.

Cisco Wireless Controller Configuration Guide, Release 8.0 24

Overview

Using the AutoInstall Feature for Controllers Without a Configuration

Step 24 Step 25 Step 26
Step 27 Step 28 Step 29
Step 30 Step 31

Enter the IPv6 address of the management interface. Enter the IPv6 address prefix length of the management interface. Enter the gateway IPv6 address of the management interface . After the management interface configuration is complete, the wizard prompts to configure IPv6 parameters for RADIUS server. Enter yes.
Enter the IPv6 address of the RADIUS server. Enter the communication port number of the RADIUS server. The default value is 1812. Enter the secret key for IPv6 address of the RADIUS server. Once the RADIUS server configuration is complete, the wizard prompts to configure IPv6 NTP server. Enter yes.
Enter the IPv6 address of the NTP server. When prompted to verify that the configuration is correct, enter yes or NO.
The controller saves your configuration when you enter yes, reboots, and prompts you to log on.

Using the AutoInstall Feature for Controllers Without a Configuration
When you boot up a controller that does not have a configuration, the AutoInstall feature can download a configuration file from a TFTP server and then load the configuration onto the controller automatically.
If you create a configuration file on a controller that is already on the network (or through a Prime Infrastructure filter), place that configuration file on a TFTP server, and configure a DHCP server so that a new controller can get an IP address and TFTP server information, the AutoInstall feature can obtain the configuration file for the new controller automatically.
When the controller boots, the AutoInstall process starts. The controller does not take any action until AutoInstall is notified that the configuration wizard has started. If the wizard has not started, the controller has a valid configuration.
If AutoInstall is notified that the configuration wizard has started (which means that the controller does not have a configuration), AutoInstall waits for an additional 30 seconds. This time period gives you an opportunity to respond to the first prompt from the configuration wizard:
Would you like to terminate autoinstall? [yes]:
When the 30-second terminate timeout expires, AutoInstall starts the DHCP client. You can terminate the AutoInstall task even after this 30-second timeout if you enter Yes at the prompt. However, AutoInstall cannot be terminated if the TFTP task has locked the flash and is in the process of downloading and installing a valid configuration file.

Cisco Wireless Controller Configuration Guide, Release 8.0 25

Restrictions on AutoInstall

Overview

Note The AutoInstall process and manual configuration using both the GUI and CLI of controller can occur in parallel. As part of the AutoInstall cleanup process, the service port IP address is set to 192.168.1.1 and the service port protocol configuration is modified. Because the AutoInstall process takes precedence over the manual configuration, whatever manual configuration is performed is overwritten by the AutoInstall process.
Restrictions on AutoInstall
· In Cisco 5508 WLCs, the following interfaces are used: · eth0–Service port (untagged)
· dtl0–Gigabit port 1 through the NPU (untagged)
· AutoInstall is not supported on Cisco 2504 WLC.
Obtaining an IP Address Through DHCP and Downloading a Configuration File from a TFTP Server
AutoInstall attempts to obtain an IP address from the DHCP server until the DHCP process is successful or until you terminate the AutoInstall process. The first interface to successfully obtain an IP address from the DHCP server registers with the AutoInstall task. The registration of this interface causes AutoInstall to begin the process of obtaining TFTP server information and downloading the configuration file. Following the acquisition of the DHCP IP address for an interface, AutoInstall begins a short sequence of events to determine the host name of the controller and the IP address of the TFTP server. Each phase of this sequence gives preference to explicitly configured information over default or implied information and to explicit host names over explicit IP addresses. The process is as follows:
· If at least one Domain Name System (DNS) server IP address is learned through DHCP, AutoInstall creates a /etc/resolv.conf file. This file includes the domain name and the list of DNS servers that have been received. The Domain Name Server option provides the list of DNS servers, and the Domain Name option provides the domain name.
· If the domain servers are not on the same subnet as the controller, static route entries are installed for each domain server. These static routes point to the gateway that is learned through the DHCP Router option.
· The host name of the controller is determined in this order by one of the following: · If the DHCP Host Name option was received, this information (truncated at the first period [.]) is used as the host name for the controller.
· A reverse DNS lookup is performed on the controller IP address. If DNS returns a hostname, this name (truncated at the first period [.]) is used as the hostname for the controller.
· The IP address of the TFTP server is determined in this order by one of the following:

Cisco Wireless Controller Configuration Guide, Release 8.0 26

Overview

Selecting a Configuration File

· If AutoInstall received the DHCP TFTP Server Name option, AutoInstall performs a DNS lookup on this server name. If the DNS lookup is successful, the returned IP address is used as the IP address of the TFTP server.
· If the DHCP Server Host Name (sname) text box is valid, AutoInstall performs a DNS lookup on this name. If the DNS lookup is successful, the IP address that is returned is used as the IP address of the TFTP server.
· If AutoInstall received the DHCP TFTP Server Address option, this address is used as the IP address of the TFTP server.
· AutoInstall performs a DNS lookup on the default TFTP server name (cisco- wlc-tftp). If the DNS lookup is successful, the IP address that is received is used as the IP address of the TFTP server.
· If the DHCP server IP address (siaddr) text box is nonzero, this address is used as the IP address of the TFTP server.
· The limited broadcast address (255.255.255.255) is used as the IP address of the TFTP server.
· If the TFTP server is not on the same subnet as the controller, a static route (/32) is installed for the IP address of the TFTP server. This static route points to the gateway that is learned through the DHCP Router option.
Selecting a Configuration File
After the hostname and TFTP server have been determined, AutoInstall attempts to download a configuration file. AutoInstall performs three full download iterations on each interface that obtains a DHCP IP address. If the interface cannot download a configuration file successfully after three attempts, the interface does not attempt further. The first configuration file that is downloaded and installed successfully triggers a reboot of the controller. After the reboot, the controller runs the newly downloaded configuration. AutoInstall searches for configuration files in the order in which the names are listed:
· The filename that is provided by the DHCP Boot File Name option
· The filename that is provided by the DHCP File text box
· host name-confg
· host name.cfg
· base MAC address-confg (for example, 0011.2233.4455-confg)
· serial number-confg
· ciscowlc-confg
· ciscowlc.cfg
AutoInstall runs through this list until it finds a configuration file. It stops running if it does not find a configuration file after it cycles through this list three times on each registered interface.

Cisco Wireless Controller Configuration Guide, Release 8.0 27

Example: AutoInstall Operation

Overview

Note

· The downloaded configuration file can be a complete configuration, or it can be a minimal configuration

that provides enough information for the controller to be managed by the Cisco Prime Infrastructure.

Full configuration can then be deployed directly from the Prime Infrastructure.

· AutoInstall does not expect the switch connected to the controller to be configured for either channels. AutoInstall works with a service port in LAG configuration.

· Cisco Prime Infrastructure provides AutoInstall capabilities for controllers. A Cisco Prime Infrastructure administrator can create a filter that includes the host name, the MAC address, or the serial number of the controller and associate a group of templates (a configuration group) to this filter rule. The Prime Infrastructure pushes the initial configuration to the controller when the controller boots up initially. After the controller is discovered, the Prime Infrastructure pushes the templates that are defined in the configuration group. For more information about the AutoInstall feature and Cisco Prime Infrastructure, see the Cisco Prime Infrastructure documentation.

Example: AutoInstall Operation
The following is an example of an AutoInstall process from start to finish:
Welcome to the Cisco Wizard Configuration Tool Use the ‘-‘ character to backup Would you like to terminate autoinstall? [yes]: AUTO-INSTALL: starting now… AUTO-INSTALL: interface ‘service-port’ – setting DHCP TFTP Filename ==> ‘abcd- confg’ AUTO-INSTALL: interface ‘service-port’ – setting DHCP TFTP Server IP ==> 1.100.108.2 AUTO-INSTALL: interface ‘service-port’ – setting DHCP siaddr ==> 1.100.108.2 AUTO-INSTALL: interface ‘service-port’ – setting DHCP Domain Server[0] ==> 1.100.108.2 AUTO-INSTALL: interface ‘service-port’ – setting DHCP Domain Name ==> ‘engtest.com’ AUTO-INSTALL: interface ‘service-port’ – setting DHCP yiaddr ==> 172.19.29.253 AUTO-INSTALL: interface ‘service-port’ – setting DHCP Netmask ==> 255.255.255.0 AUTO-INSTALL: interface ‘service-port’ – setting DHCP Gateway ==> 172.19.29.1 AUTO-INSTALL: interface ‘service-port’ registered AUTO-INSTALL: interation 1 — interface ‘service-port’ AUTO-INSTALL: DNS reverse lookup 172.19.29.253 ===> ‘wlc-1’ AUTO-INSTALL: hostname ‘wlc-1’ AUTO-INSTALL: TFTP server 1.100.108.2 (from DHCP Option 150) AUTO-INSTALL: attempting download of ‘abcd-confg’ AUTO-INSTALL: TFTP status – ‘TFTP Config transfer starting.’ (2) AUTO-INSTALL: interface ‘management’ – setting DHCP file ==> ‘bootfile1’ AUTO-INSTALL: interface ‘management’ – setting DHCP TFTP Filename ==> ‘bootfile2-confg’ AUTO-INSTALL: interface ‘management’ – setting DHCP siaddr ==> 1.100.108.2 AUTO-INSTALL: interface ‘management’ – setting DHCP Domain Server[0] ==> 1.100.108.2 AUTO-INSTALL: interface ‘management’ – setting DHCP Domain Server[1] ==> 1.100.108.3 AUTO-INSTALL: interface ‘management’ – setting DHCP Domain Server[2] ==> 1.100.108.4 AUTO-INSTALL: interface ‘management’ – setting DHCP Domain Name ==> ‘engtest.com’ AUTO- INSTALL: interface ‘management’ – setting DHCP yiaddr ==> 1.100.108.238 AUTO- INSTALL: interface ‘management’ – setting DHCP Netmask ==> 255.255.254.0 AUTO- INSTALL: interface ‘management’ – setting DHCP Gateway ==> 1.100.108.1 AUTO- INSTALL: interface ‘management’ registered AUTO-INSTALL: TFTP status – ‘Config file transfer failed – Error from server: File not found’ (3) AUTO-INSTALL: attempting download of ‘wlc-1-confg’ AUTO-INSTALL: TFTP status – ‘TFTP Config transfer starting.’ (2) AUTO-INSTALL: TFTP status – ‘TFTP receive complete… updating configuration.’ (2) AUTO-INSTALL: TFTP status – ‘TFTP receive complete… storing in flash.’ (2)

Cisco Wireless Controller Configuration Guide, Release 8.0 28

Overview

Managing the Controller System Date and Time

AUTO-INSTALL: TFTP status – ‘System being reset.’ (2) Resetting system

Managing the Controller System Date and Time
You can configure the controller system date and time at the time of configuring the controller using the configuration wizard. If you did not configure the system date and time through the configuration wizard or if you want to change your configuration, you can follow the instructions in this section to configure the controller to obtain the date and time from a Network Time Protocol (NTP) server or to configure the date and time manually. Greenwich Mean Time (GMT) is used as the standard for setting the time zone on the controller.
You can also configure an authentication mechanism between various NTP servers.
Restrictions on Configuring the Controller Date and Time
· If you are configuring wIPS, you must set the controller time zone to UTC.
· Cisco Aironet lightweight access points might not connect to the controller if the date and time are not set properly. Set the current date and time on the controller before allowing the access points to connect to it.
· You can configure an authentication channel between the controller and the NTP server.

Configuring the Date and Time (GUI)
Procedure

Step 1

Choose Commands > Set Time to open the Set Time page.
Figure 13: Set Time Page

Cisco Wireless Controller Configuration Guide, Release 8.0 29

Configuring the Date and Time (CLI)

Overview

Step 2
Step 3 Step 4 Step 5
Step 6 Step 7

The current date and time appear at the top of the page.

In the Timezone area, choose your local time zone from the Location drop-down list.

Note

When you choose a time zone that uses Daylight Saving Time (DST), the controller automatically

sets its system clock to reflect the time change when DST occurs. In the United States, DST starts

on the second Sunday in March and ends on the first Sunday in November.

Note

You cannot set the time zone delta on the controller GUI. However, if you do so on the controller

CLI, the change is reflected in the Delta Hours and Mins boxes on the controller GUI.

Click Set Timezone to apply your changes.
In the Date area, choose the current local month and day from the Month and Day drop-down lists, and enter the year in the Year box.
In the Time area, choose the current local hour from the Hour drop-down list, and enter the minutes and seconds in the Minutes and Seconds boxes.

Note

If you change the time zone location after setting the date and time, the values in the Time area

are updated to reflect the time in the new time zone location. For example, if the controller is

currently configured for noon Eastern time and you change the time zone to Pacific time, the

time automatically changes to 9:00 a.m.

Click Set Date and Time to apply your changes. Click Save Configuration.

Configuring the Date and Time (CLI)
Procedure

Step 1 Step 2

Configure the current local date and time in GMT on the controller by entering this command:

config time manual mm/dd/yy hh:mm:ss

Note

When setting the time, the current local time is entered in terms of GMT and as a value between

00:00 and 24:00. For example, if it is 8:00 a.m. Pacific time in the United States, you would enter

16:00 because the Pacific time zone is 8 hours behind GMT.

Perform one of the following to set the time zone for the controller: · Set the time zone location in order to have Daylight Saving Time (DST) set automatically when it occurs by entering this command: config time timezone location location_index where location_index is a number representing one of the following time zone locations: a. (GMT-12:00) International Date Line West

b. (GMT-11:00) Samoa

c. (GMT-10:00) Hawaii

d. (GMT-9:00) Alaska

Cisco Wireless Controller Configuration Guide, Release 8.0 30

Overview

Configuring the Date and Time (CLI)

e. (GMT-8:00) Pacific Time (US and Canada) f. (GMT-7:00) Mountain Time (US and Canada) g. (GMT-6:00) Central Time (US and Canada) h. (GMT-5:00) Eastern Time (US and Canada) i. (GMT-4:00) Atlantic Time (Canada) j. (GMT-3:00) Buenos Aires (Argentina) k. (GMT-2:00) Mid-Atlantic l. (GMT-1:00) Azores m. (GMT) London, Lisbon, Dublin, Edinburgh (default value) n. (GMT +1:00) Amsterdam, Berlin, Rome, Vienna o. (GMT +2:00) Jerusalem p. (GMT +3:00) Baghdad q. (GMT +4:00) Muscat, Abu Dhabi r. (GMT +4:30) Kabul s. (GMT +5:00) Karachi, Islamabad, Tashkent t. (GMT +5:30) Colombo, Kolkata, Mumbai, New Delhi u. (GMT +5:45) Katmandu v. (GMT +6:00) Almaty, Novosibirsk w. (GMT +6:30) Rangoon x. (GMT +7:00) Saigon, Hanoi, Bangkok, Jakarta y. (GMT +8:00) Hong Kong, Beijing, Chongqing z. (GMT +9:00) Tokyo, Osaka, Sapporo aa. (GMT +9:30) Darwin ab. (GMT+10:00) Sydney, Melbourne, Canberra ac. (GMT+11:00) Magadan, Solomon Is., New Caledonia ad. (GMT+12:00) Kamchatka, Marshall Is., Fiji ae. (GMT+12:00) Auckland (New Zealand)

Note

If you enter this command, the controller automatically sets its system clock to reflect DST

when it occurs. In the United States, DST starts on the second Sunday in March and ends

on the first Sunday in November.

· Manually set the time zone so that DST is not set automatically by entering this command:

config time timezone delta_hours delta_mins

Cisco Wireless Controller Configuration Guide, Release 8.0 31

Configuring the Date and Time (CLI)

Overview

Step 3 Step 4

where delta_hours is the local hour difference from GMT, and delta_mins is the local minute difference from GMT.

When manually setting the time zone, enter the time difference of the local current time zone with respect to GMT (+/­). For example, Pacific time in the United States is 8 hours behind GMT. Therefore, it is entered as ­8.

Note

You can manually set the time zone and prevent DST from being set only on the controller

CLI.

Save your changes by entering this command: save config
Verify that the controller shows the current local time with respect to the local time zone by entering this command: show time Information similar to the following is displayed:

Time……………… Thu Apr 7 13:56:37 2011 Timezone delt……… 0:0 Timezone location….. (GMT +5:30) Colombo, New Delhi, Chennai, Kolkata

NTP Servers NTP Polling Interval……….3600

Index

NTP Key Index

NTP Server NTP Msg Auth Status

——- ——————————————————–

1

1

209.165.200.225

AUTH SUCCESS

Note

If you configured the time zone location, the Timezone Delta value is set to “0:0.” If you manually

configured the time zone using the time zone delta, the Timezone Location is blank.

Cisco Wireless Controller Configuration Guide, Release 8.0 32

I I P A R T
Management of Controllers
· Administration of Controller, on page 35 · Managing Licenses, on page 49 · Managing Software, on page 69 · Managing Configuration, on page 85 · Network Time Protocol Setup, on page 99 · High Availability, on page 103 · Managing Certificates, on page 117 · AAA Administration, on page 133 · Managing Users, on page 181 · Ports and Interfaces, on page 189 · IPv6 Clients, on page 223 · Access Control Lists, on page 229 · Multicast/Broadcast Setup, on page 245 · Controller Security, on page 271 · SNMP, on page 281

3 C H A P T E R
Administration of Controller
· Using the Controller Interface, on page 35 · Enabling Web and Secure Web Modes, on page 40 · Telnet and Secure Shell Sessions, on page 43 · Management over Wireless, on page 47 · Configuring Management using Dynamic Interfaces (CLI), on page 48
Using the Controller Interface
You can use the controller interface in the following two methods:
Using the Controller GUI
A browser-based GUI is built into each controller. It allows up to five users to simultaneously browse into the controller HTTP or HTTPS (HTTP + SSL) management pages to configure parameters and monitor the operational status for the controller and its associated access points. For detailed descriptions of the controller GUI, see the Online Help. To access the online help, click Help on the controller GUI.
Note We recommend that you enable the HTTPS interface and disable the HTTP interface to ensure more robust security.
The controller GUI is supported on the following web browsers: · Microsoft Internet Explorer 11 or a later version (Windows) · Mozilla Firefox, Version 32 or a later version (Windows, Mac) · Apple Safari, Version 7 or a later version (Mac)
Cisco Wireless Controller Configuration Guide, Release 8.0 35

Guidelines and Restrictions on using Controller GUI

Management of Controllers

Note We recommend that you use the controller GUI on a browser loaded with webadmin certificate (third-party certificate). We also recommend that you do not use the controller GUI on a browser loaded with self-signed certificate. Some rendering issues have been observed on Google Chrome (73.0.3675.0 or a later version) with self-signed certificates. For more information, see CSCvp80151.
Guidelines and Restrictions on using Controller GUI
Follow these guidelines when using the controller GUI: · To view the Main Dashboard that is introduced in Release 8.1.102.0, you must enable JavaScript on the web browser.
Note Ensure that the screen resolution is set to 1280×800 or more. Lesser resolutions are not supported.
· You can use either the service port interface or the management interface to access the GUI. · The controller may intermittently or fail to respond when there is a high volume of packets destined for
the controller’s management IP address. · You can use both HTTP and HTTPS when using the service port interface. HTTPS is enabled by default
and HTTP can also be enabled. · Click Help at the top of any page in the GUI to access the online help. You might have to disable your
browser’s pop-up blocker to view the online help.
Logging On to the GUI

Note Do not configure TACACS+ authentication when the controller is set to use local authentication. Procedure

Step 1 Step 2

Enter the controller IP address in your browser’s address bar. For a secure connection, enter https://ip-address. For a less secure connection, enter https://ip-address.
When prompted, enter a valid username and password, and click OK.

The Summary page is displayed.

Note

The administrative username and password that you created in the configuration wizard are case

sensitive.

Cisco Wireless Controller Configuration Guide, Release 8.0 36

Management of Controllers

Logging out of the GUI

Logging out of the GUI
Procedure

Step 1 Step 2
Step 3

Click Logout in the top right corner of the page.
Click Close to complete the log out process and prevent unauthorized users from accessing the controller GUI.
When prompted to confirm your decision, click Yes.

Using the Controller CLI
A Cisco Wireless solution command-line interface (CLI) is built into each controller. The CLI enables you to use a VT-100 terminal emulation program to locally or remotely configure, monitor, and control individual controllers and its associated lightweight access points. The CLI is a simple text-based, tree-structured interface that allows up to five users with Telnet-capable terminal emulation programs to access the controller.
Note We recommend that you do not run two simultaneous CLI operations because this might result in incorrect behavior or incorrect output of the CLI.

Note For more information about specific commands, see the Cisco Wireless Controller Command Reference for relevant releases at: https://www.cisco.com/c/en/us/support/wireless/wireless-lan-controller- software/ products-command-reference-list.html
Logging on to the Controller CLI
You can access the controller CLI using either of the following methods: · A direct serial connection to the controller console port · A remote session over the network using Telnet or SSH through the preconfigured service port or the distribution system ports
For more information about ports and console connection options on controllers, see the relevant controller model’s installation guide.
Using a Local Serial Connection
Before you begin You need these items to connect to the serial port:
· A computer that is running a terminal emulation program such as Putty, SecureCRT, or similar · A standard Cisco console serial cable with an RJ45 connector

Cisco Wireless Controller Configuration Guide, Release 8.0 37

Using a Remote Telnet or SSH Connection

Management of Controllers

To log on to the controller CLI through the serial port, follow these steps: Procedure

Step 1 Step 2
Step 3

Connect console cable; connect one end of a standard Cisco console serial cable with an RJ45 connector to the controller’s console port and the other end to your PC’s serial port. Configure terminal emulator program with default settings:
· 9600 baud
· 8 data bits
· 1 stop bit
· No parity
· No hardware flow control

Note

The controller serial port is set for a 9600 baud rate and a short timeout. If you would like to

change either of these values, run the co

Read User Manual Online (PDF format)

Read User Manual Online (PDF format)  >>

Download This Manual (PDF format)

Download this manual  >>