Networks Training

You are here: Home / Cisco Wireless / Cisco Wireless LAN Controller Basic Configuration

Cisco Wireless LAN Controller Basic Configuration

Written By

In this article we will go through a basic step-by-step configuration of a Cisco Wireless LAN Controller. Before going forward, let’s first see some basics about the product and the wlan technology from Cisco:

Introduction

Cisco introduced two types of Wireless architectures in its WiFi portfolio:

  • Distributed Architecture.
  • Centralized Architecture.
  1. Distributed WiFi Architecture: In Distributed Architecture all the WiFi Access Points (APs) are self-contained and called autonomous or standalone APs. Autonomous APs work individually and have to be configured and managed one by one. In this Architecture an autonomous Access Point performs both 802.11 operations and management operations.
  2. Centralized WiFi Architecture: In Centralized Architecture the access points are controlled and managed by a central device called Wireless LAN Controller (WLC) and such APs are called Lightweight APs. A lightweight access point performs only the real-time 802.11 operation. All the management functions are usually performed on a wireless LAN controller. A Lightweight AP cannot operate on its own.

Before jumping into the configuration, let’s talk a little bit about Wireless LAN Controller Ports, Controller Interfaces and CAPWAP protocol.

cisco-5500-wireless-lan-controller

 

1) Redundant port (RJ-45) 6) SFP distribution system ports 1–8
2) Service port (RJ-45) 7) Management port LEDs
3) Console port (RJ-45) 8) SFP distribution port Link and Activity LEDs
4) USB ports 0 and 1 (Type A) 9) Power supply (PS1 and PS2), System (SYS), and Alarm (ALM) LEDs
5) Console port (Mini USB Type B)

Note    You can use only one console port (either RJ-45 or mini USB). When you connect to one console port, the other is disabled.
10) Expansion module slot

WLC Controller Ports:

Controller Ports are the physical ports of the device as shown on picture above. The following are the most important Controller physical Ports.

  • Service Port (SP): Used for initial boot function, system recovery and out of band management. If you want to configure the controller with GUI you need to connect your computer with service port.
  • Redundancy Port (RP): This port is used to connect another controller for redundant operations.
  • Distribution Ports: These ports are used for all Access Points and management traffic. A Distribution Port connects to a switch port in trunk mode. 4400 series controllers have four distribution ports and 5500 series controllers have eight distribution ports.
  • Console port: Used for out-of-band management, system recovery and initial boot functions.
MORE READING:  Configuration of Cisco WPA2 Enterprise and Personal on WLAN using GUI

WLC Controller Interfaces:

WLC Controller Interfaces are logical entities on the device. The following are the most important Controller logical Interfaces:

  • Management Interface: Used for all management traffic.
  • Virtual Interface: Used to relay client DHCP requests, client web authentication and to support mobility.
  • Service port interface: Bound to service port and used for out-of-band management. Default ip address is 192.168.1.1. If you want to configure the controller first time with GUI, connect your computer with this port. Computer should be in the same subnet as service interface.
  • Dynamic Interface: Used to connect to VLAN to a WLAN.

CAPWAP:

CAPWAP (Control and Provisioning of Wireless Access Points) is a protocol which makes it possible to bind a Lightweight Access Point with a WLC. The CAPWAP protocol encapsulates the traffic between the Lightweight Access Point and WLC in a virtual tunnel called CAPWAP tunnel. All the traffic from access point to the WLC travels through this tunnel. Therefore you should have in mind that in a Centralized WiFi Architecture, all traffic from the Access Points terminate to the WLC controller and then diverted from the controller to the wired network as shown in figure below:

wlc configuration

Basic Cisco WLC Configuration

Below is the initial configuration of 5508 Wireless LAN Controller. In Blue color are my comments on each step of the configuration. To access the CLI you need to connect your computer to the Console Port of the Wireless LAN Controller with a console cable.

Wireless LAN Controller initial configuration with the CLI:

Welcome to the Cisco Wizard Configuration Tool
Use the ‘-‘ character to backup
Would you like to terminate autoinstall? [yes]: no

“enter no to follow the auto-install instructions”

AUTO-INSTALL: starting now. . .
System Name [Cisco_38:b4:2f]: My_WLC
Enter Administrative User Name (24 characters max): Admin
Enter Administrative Password (3 to 24 characters): *******
Re-enter Administrative Password                  : *******
 

“enter your wireless lan controller name. Enter username and password that you are going to use to log into the WLC”

Service Interface IP address Configuration [static] [DHCP]: DHCP

“Assign a static ip or select DHCP”

Management Interface IP Address: 192.168.10.10
Management Interface Netmask: 255.255.255.0
Management Interface Default Router: 192.168.10.1
Management Interface VLAN Identifier (0 = untagged): 10
Management Interface DHCP Server IP Address: 192.168.1.3

“By default, the interface is configured for VLAN 0, with no ip address and controller uses a single management interface for both management and CAPWAP traffic.”

Virtual Gateway IP Address: 1.1.1.1

Used to relay client DHCP requests, client web authentication and to support mobility. This value Must match among mobility groups.”

Mobility/RF Group Name: XYZ

Mobility / RF Group allows multiple wireless controllers to be clustered into one logical Controller group to allow dynamic RF adjustments and roaming for wireless clients.”

Network Name (SSID): TEST
Allow Static IP Addresses [YES][no]: no

“By default on WLC one WLAN SSID is already configured.”

Configure a RADIUS Server now? [YES][no]: no
Warning! The default WLAN security policy requires a RADIUS server.
Please see documentation for more details.

“Configure RADIUS server settings if you have a RADIUS server. By default RADIUS server is enabled.”

Enter Country Code (enter ‘help’ for a list of countries) [US]: US
Enable 802.11b Network [YES][no]: yes
Enable 802.11a Network [YES][no]: yes
Enable 802.11g Network [YES][no]: yes
Enable Auto-RF [YES][no]: yes

“By default, a controller enables 802.11a, 802.11b and 802.11g for all access points that associate with it”

Configure a NTP server now? [YES] [NO]:no
Warning! No AP will come up unless the time is set.
Please see documentation for more details.

“You have set a time or NTP server. If you don’t have NTP server, just enter no and login into GUI and set time on the controller from there”

Configuration correct? If yes, system will save it and reset. [yes][NO]:yes

Configuration saved!
Resetting system with new configuration…

“After initial setup, WLC saves the changes and reboot”

Related Posts

Filed Under: Cisco Wireless

Download Free Cisco Commands Cheat Sheets

Enter your Email below to Download our Free Cisco Commands Cheat Sheets for Routers, Switches and ASA Firewalls.

We use Elastic Email as our marketing automation service. By submitting this form, you agree that the information you provide will be transferred to Elastic Email for processing in accordance with their Terms of Use and Privacy Policy. Also, you allow me to send you informational and marketing emails from time-to-time.

About Harris Andrea

Harris Andrea is an Engineer with more than two decades of professional experience in the fields of TCP/IP Networks, Information Security and I.T. Over the years he has acquired several professional certifications such as CCNA, CCNP, CEH, ECSA etc.

He is a self-published author of two books ("Cisco ASA Firewall Fundamentals" and "Cisco VPN Configuration Guide") which are available at Amazon and on this website as well.

Comments

  1. Evin says

    Would the same configuration apply to the WLC module card I have installed in my 1800 series ISR router? Or does it get configured differently? I bought this module and router for my home lab for both R&S and Wireless certifications.

  2. Harris Andrea says

    Evin,

    Pretty much yes. Once you connect to the WLC module from within the router CLI, then the module will start the automatic wizard configuration which you can go through like the tutorial above.

  3. Same says

    Dear Sir,
    I did the same configuration as mention above on cisco 2500 wireless controller (Software Version 7.2.103.0) but when i enter in the gui interface when i click on wireless tab i cant see the access point
    Access point is connected to port GigabitEthernet0/0/3 and the model is AIR-LAP1142N-E-K9

    when i insert the console cable in access point i am getting this message

    (*Mar 2 02:00:05.881: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does not have an Ip !!
    *Mar 2 02:00:05.884: %CAPWAP-3-DHCP_RENEW: Could not discover WLC using DHCP IP. Renewing DHCP IP.)

    Please advise
    Thanks in advance

  4. Harris Andrea says

    well, the problem is obvious. The AP does not have an IP. Assign an IP manually or configure DHCP server on the Wireless controller

  5. Zoom says

    Hi,
    Can you please advice about the Switch Port configuration in Centralized Mode for APs and Controller ?

    This is what i have :
    Trunk port : For the WLC
    Access Port : For APs

    Thank you and Best Regards,

  7. Vikram Murudkar says

    Respected Sir,

    I’ve a query. We have set Management User password expiry in 60days in WLC. After 60days it is not asking use to change the password via both web access and CLI access. Another user has to reset the password. Can you help on this?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About Networks Training

We Provide Technical Tutorials and Configuration Examples about TCP/IP Networks with focus on Cisco Products and Technologies. This blog entails my own thoughts and ideas, which may not represent the thoughts of Cisco Systems Inc. This blog is NOT affiliated or endorsed by Cisco Systems Inc. All product names, logos and artwork are copyrights/trademarks of their respective owners.

Amazon Disclosure

As an Amazon Associate I earn from qualifying purchases.
Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates.

BLOGROLL

Tech21Century
Firewall.cx