In this article we will go through a basic step-by-step configuration of a Cisco Wireless LAN Controller. Before going forward, let’s first see some basics about the product and the wlan technology from Cisco:
Introduction
Cisco introduced two types of Wireless architectures in its WiFi portfolio:
- Distributed Architecture.
- Centralized Architecture.
- Distributed WiFi Architecture: In Distributed Architecture all the WiFi Access Points (APs) are self-contained and called autonomous or standalone APs. Autonomous APs work individually and have to be configured and managed one by one. In this Architecture an autonomous Access Point performs both 802.11 operations and management operations.
- Centralized WiFi Architecture: In Centralized Architecture the access points are controlled and managed by a central device called Wireless LAN Controller (WLC) and such APs are called Lightweight APs. A lightweight access point performs only the real-time 802.11 operation. All the management functions are usually performed on a wireless LAN controller. A Lightweight AP cannot operate on its own.
Before jumping into the configuration, let’s talk a little bit about Wireless LAN Controller Ports, Controller Interfaces and CAPWAP protocol.
| 1) | Redundant port (RJ-45) | 6) | SFP distribution system ports 1–8 | ||
| 2) | Service port (RJ-45) | 7) | Management port LEDs | ||
| 3) | Console port (RJ-45) | 8) | SFP distribution port Link and Activity LEDs | ||
| 4) | USB ports 0 and 1 (Type A) | 9) | Power supply (PS1 and PS2), System (SYS), and Alarm (ALM) LEDs | ||
| 5) | Console port (Mini USB Type B)
| 10) | Expansion module slot |
WLC Controller Ports:
Controller Ports are the physical ports of the device as shown on picture above. The following are the most important Controller physical Ports.
- Service Port (SP): Used for initial boot function, system recovery and out of band management. If you want to configure the controller with GUI you need to connect your computer with service port.
- Redundancy Port (RP): This port is used to connect another controller for redundant operations.
- Distribution Ports: These ports are used for all Access Points and management traffic. A Distribution Port connects to a switch port in trunk mode. 4400 series controllers have four distribution ports and 5500 series controllers have eight distribution ports.
- Console port: Used for out-of-band management, system recovery and initial boot functions.
WLC Controller Interfaces:
WLC Controller Interfaces are logical entities on the device. The following are the most important Controller logical Interfaces:
- Management Interface: Used for all management traffic.
- Virtual Interface: Used to relay client DHCP requests, client web authentication and to support mobility.
- Service port interface: Bound to service port and used for out-of-band management. Default ip address is 192.168.1.1. If you want to configure the controller first time with GUI, connect your computer with this port. Computer should be in the same subnet as service interface.
- Dynamic Interface: Used to connect to VLAN to a WLAN.
CAPWAP:
CAPWAP (Control and Provisioning of Wireless Access Points) is a protocol which makes it possible to bind a Lightweight Access Point with a WLC. The CAPWAP protocol encapsulates the traffic between the Lightweight Access Point and WLC in a virtual tunnel called CAPWAP tunnel. All the traffic from access point to the WLC travels through this tunnel. Therefore you should have in mind that in a Centralized WiFi Architecture, all traffic from the Access Points terminate to the WLC controller and then diverted from the controller to the wired network as shown in figure below:
Basic Cisco WLC Configuration
Below is the initial configuration of 5508 Wireless LAN Controller. In Blue color are my comments on each step of the configuration. To access the CLI you need to connect your computer to the Console Port of the Wireless LAN Controller with a console cable.
Wireless LAN Controller initial configuration with the CLI:
Welcome to the Cisco Wizard Configuration Tool
Use the ‘-‘ character to backup
Would you like to terminate autoinstall? [yes]: no
“enter no to follow the auto-install instructions”
AUTO-INSTALL: starting now. . .
System Name [Cisco_38:b4:2f]: My_WLC
Enter Administrative User Name (24 characters max): Admin
Enter Administrative Password (3 to 24 characters): *******
Re-enter Administrative Password : *******
“enter your wireless lan controller name. Enter username and password that you are going to use to log into the WLC”
Service Interface IP address Configuration [static] [DHCP]: DHCP
“Assign a static ip or select DHCP”
Management Interface IP Address: 192.168.10.10
Management Interface Netmask: 255.255.255.0
Management Interface Default Router: 192.168.10.1
Management Interface VLAN Identifier (0 = untagged): 10
Management Interface DHCP Server IP Address: 192.168.1.3
“By default, the interface is configured for VLAN 0, with no ip address and controller uses a single management interface for both management and CAPWAP traffic.”
Virtual Gateway IP Address: 1.1.1.1
“Used to relay client DHCP requests, client web authentication and to support mobility. This value Must match among mobility groups.”
Mobility/RF Group Name: XYZ
“Mobility / RF Group allows multiple wireless controllers to be clustered into one logical Controller group to allow dynamic RF adjustments and roaming for wireless clients.”
Network Name (SSID): TEST
Allow Static IP Addresses [YES][no]: no
“By default on WLC one WLAN SSID is already configured.”
Configure a RADIUS Server now? [YES][no]: no
Warning! The default WLAN security policy requires a RADIUS server.
Please see documentation for more details.
“Configure RADIUS server settings if you have a RADIUS server. By default RADIUS server is enabled.”
Enter Country Code (enter ‘help’ for a list of countries) [US]: US
Enable 802.11b Network [YES][no]: yes
Enable 802.11a Network [YES][no]: yes
Enable 802.11g Network [YES][no]: yes
Enable Auto-RF [YES][no]: yes
“By default, a controller enables 802.11a, 802.11b and 802.11g for all access points that associate with it”
Configure a NTP server now? [YES] [NO]:no
Warning! No AP will come up unless the time is set.
Please see documentation for more details.
“You have set a time or NTP server. If you don’t have NTP server, just enter no and login into GUI and set time on the controller from there”
Configuration correct? If yes, system will save it and reset. [yes][NO]:yes
Configuration saved!
Resetting system with new configuration…
“After initial setup, WLC saves the changes and reboot”