If the APs reside in a different subnet than the WLC, you must implement one of these methods to allow WLC discovery:
■ Use DHCP with Option 43.
■ Use DNS entry CISCO-LWAPP-CONTROLLER.localdomain to resolve the management IP address of the WLC.
■ Prime the AP.
The Cisco 1000 Series APs use a string format for DHCP Option 43, whereas the Aironet APs use the type, length, value (TLV) format for DHCP Option 43. DHCP servers must be programmed to return the option based on the AP DHCP Vendor Class Identifier (VCI) string (DHCP Option 60). Table 7-2 lists the VCI strings for Cisco APs that can operate in lightweight mode.
The format of the TLV block is as follows:
■ Type: 0xf1 (decimal 241)
■ Length: Number of controller IP addresses * 4
■ Value: List of WLC management interfaces
Table 7-2 VCI Strings for Cisco APs Operating in Lightweight Mode
|
AP |
Vendor Class Identifier |
|
Cisco Aironet 1000 Series |
Airespace.AP1200 |
|
Cisco Aironet 1100 Series |
Cisco AP c1100 |
|
Cisco Aironet 1130 Series |
Cisco AP c1130 |
|
Cisco Aironet 1200 Series |
Cisco AP c1200 |
|
Cisco Aironet 1240 Series |
Cisco AP c1240 |
|
Cisco Aironet 1250 Series |
Cisco AP c1250 |
|
Cisco Aironet 1300 Series |
Cisco AP c1300 |
|
Cisco Aironet 1500 Series |
Cisco AP c15001 |
|
Cisco AP.OAP15002 |
|
|
Cisco AP.LAP15053 |
|
|
Cisco AP.LAP15104 |
|
|
Airespace.AP12005 |
|
|
Cisco 3201 LAP |
Cisco AP C3201 WMIC |
1Any 1500 Series AP running 4.1 software 21500 OAP AP running 4.0 software 31505 Model AP running 4.0 software 41510 Model AP running 4.0 software 5Any 1500 Series AP running 3.2 software
You can configure DHCP servers to return WLC IP addresses in vendor-specific Option 43 in the DHCP offer to Cisco LAPs. When the AP gets an IP address through DHCP, the AP looks for WLC IP addresses in the Option 43 field in the DHCP offer. The AP sends a unicast LWAPP discovery message to each of the WLCs that are listed in DHCP Option 43. WLCs that receive the LWAPP discovery request messages unicast an LWAPP discovery response to the AP. The AP attempts to resolve the DNS name CISCO-LWAPP-CONTROLLER.localdomain. When the AP is able to resolve this name to one or more IP addresses, the AP sends a unicast LWAPP discovery message to the resolved IP addresses. Each of the WLCs that receives the LWAPP discovery request message replies with a unicast LWAPP discovery response to the AP.
The first thing you need to do is get to an AP registered with the controller. To do that you much accomplish the following steps:
Step 1. Have a DHCP server present so that the APs can acquire a network address.
Step 2. Configure the WLC for basic operation. Note Option 43 is used if the APs reside in a different subnet.
Step 3. Configure the switch for the WLC. Step 4. Configure the switch for the APs. Step 5. Register the LAPs to the WLCs.
Step 6. Configure mobility groups for the WLCs. Multiple mobility groups are typically used with a multiple controller set up to identify roaming boundaries.
Note Use the Command Lookup tool with a valid CCO account on Cisco.com to obtain more information on the commands used in this section. The Command Lookup tool is located at http://www.cisco.com/cgi-bin/Support/Cmdlookup/home.pl.
When the controller is installed for the first time, the switches and other network devices must use a specific configuration. With that being said, look at the network diagram in Figure 7-8 to see the natural flow of the VLANs and how they are carried on the WLC and vice versa.
Figure 7-8 Network Diagram
Now is a good opportunity to look at configuring the controller for the first time. When the controller boots at factory defaults, the bootup script runs the configuration wizard, which prompts the installer for initial configuration settings. This procedure describes how to use the configuration wizard on the command-line interface (CLI) to enter initial configuration settings. Any time you are adding input into the wizard, if the user presses the hyphen (-) key, the wizard backs up to the previous configuration statement. That way if the user makes an error, it is possible to always go back after pressing the Enter key.
Note Be sure that you understand how to configure an external DHCP server and DNS.
Complete these steps to configure the WLC for basic operation:
Step 1. Connect your computer to the WLC with a DB-9 null modem serial cable.
Step 2. Open a terminal emulator session with these settings:
■ 9600 baud
■ 8 data bits
■ 1 stop bit
■ No parity
■ No hardware flow control
Step 3. At the prompt, log in to the CLI. The default username is admin, and the default password is admin.
Step 4. If necessary, enter reset system to reboot the unit and start the wizard.
Step 5. At the first wizard prompt, enter a system name. The system name can include up to 32 printable ASCII characters.
Step 6. Enter an administrator username and password. The username and password can include up to 24 printable ASCII characters.
Step 7. Enter the service-port interface IP configuration protocol, either none or
DHCP. Enter none if you do not want to use the service port or if you want to assign a static IP address to the service port.
Step 8. If you entered none in Step 7 and need to enter a static IP address for the service port, enter the service-port interface IP address and netmask for the next two prompts. If you do not want to use the service port, enter 0.0.0.0 for the IP address and netmask.
Step 9. Enter values for these options:
■ Management interface IP address.
■ Netmask.
■ Default router IP address.
■ Optional VLAN identifier. You can use a valid VLAN identifier or 0 for untagged.
Note When the management interface on the controller is configured as part of the native VLAN on the switchport to which it connects, the controller should not tag the frames. Therefore, you must set the VLAN to be 0 on the controller.
Step 10. Enter the network interface (Distribution System) physical port number. For the WLC, the possible ports are 1 through 4 for a front-panel Gigabit Ethernet port.
Step 11. Enter the IP address of the default DHCP server that supplies IP addresses to clients, the management interface, and the service-port interface, if you use one.
Step 12. Enter the LWAPP transport mode, either LAYER2 or LAYER3.
Note If you configure the WLC 4402/4404/41xx via wizard and select AP transport mode LAYER2, the wizard does not ask the details of AP Manager.
Step 13. Enter the virtual gateway IP address. This address can be any fictitious, unas-signed IP address, such as 1.1.1.1, for the Layer 3 Security and Mobility managers to use.
Note Usually the virtual gateway IP address that is used is a private address. This should not be a routed interface anywhere in the network!
Step 14. Enter the Cisco WLAN Solution Mobility Group/RF Group name.
Step 15. Enter the WLAN 1 service set identifier (SSID) or network name. This identifier is the default SSID that LAPs use to associate to a WLC.
Step 16. Allow or disallow static IP addresses for clients. Enter yes to allow clients to supply their own IP addresses. Enter no to require clients to request an IP address from a DHCP server.
Step 17. If you need to configure a RADIUS server on the WLC, enter yes and enter this information:
■ RADIUS server IP address
■ Communication port
■ Shared secret
If you do not need to configure a RADIUS server or you want to configure the server later, enter no.
Step 18. Enter a country code for the unit.
Step 19. Enter help to see a list of the supported countries.
Step 20. Enable and disable support for IEEE 802.11b, IEEE 802.11a, and IEEE 802.11g.
Step 21. Enable or disable Radio Resource Management (RRM) (auto RF).
Example 7-1 shows the Configuration Wizard tool along with the questions it displays during the initial startup.
Example 7-1 WLC 4402—Configuration Wizard
Note The management interface on the WLC is the only consistently pingable interface from outside of the WLC unless under a significant load. Internet Control Message Protocol (ICMP) is not 100 percent reliable. Dynamic interfaces are reachable too, if mgmt-via-dynamic is enabled. Therefore, it is an expected behavior if you are not able to ping the AP manager interface from outside of the WLC.
You must configure the AP manager interface for the APs to associate with the WLC.
Configure the Switch for the WLC
Example 7-2 employs a Catalyst 3750 switch that uses only one port. The example tags the AP-Manager and management interfaces and places these interfaces on VLAN 60. The switch port is configured as an IEEE 802.1Q trunk and only the appropriate VLANs, which are VLANs 2 through 4 and 60 in this case, are allowed on the trunk. The management and AP-Manager VLAN (VLAN 60) is tagged and is not configured as the native VLAN of the trunk. When the example configures those interfaces on the WLC, the interfaces are assigned a VLAN identifier.
Example 7-2 802.1Q Switch Port Configuration
Notice that this example configures the neighbor switch port in a way that only allows relevant VLANs on the 802.1Q trunk. All other VLANs are pruned. This type of configuration is not necessary, but it is a deployment best practice. When you prune irrelevant VLANs, the WLC only processes relevant frames, which optimizes performance. Now that you have the controller and the switch configured for interaction with the WLC, you can configure the switch so it can talk with the APs. The switch setup is completely different from the autonomous AP in the way it is configured for access ports. An exception exists, which you will see firsthand when you get into configuring Hybrid Remote Edge Access Point (H-REAP). However, at this point, you are looking at a standard installation. Example 7-3 shows the VLAN interface configuration from the Catalyst 3750.
Example 7-3 Switch Interface VLAN Configuration
Note The interface VLAN does not always have to have an IP address.
Although the Cisco WLCs can connect to 802.1Q trunks, Cisco LAPs do not understand VLAN tagging and should only be connected to the access ports of the neighbor switch. The exception to this is when the APs are configured in H-REAP mode, where the APs are connected and configured as trunks to the switch. Cisco-IOS refers to the native VLAN with a tag of 0. The typical WLC naming convention does not use the wording "native" but rather the wording "default" VLAN. The word "default" indicates a tagging value of 0 in the WLC world.
Example 7-4 shows the switch port configuration from the Catalyst 3750.
Example 7-4 Gigabit Switch Port Configuration
The infrastructure is now ready for connection to the APs. The time it takes for the AP to register with the controller depends on a number of factors. Overall, it does not take a long time for the registration process to occur. The controller is limited to a specific number of APs it can pass the configuration/software to at the same time. This does vary depending on code version.
After configuring everything, you can validate that it is working correctly using either the controller GUI or the CLI. After the APs register with the controller, you can view them under the Wireless tab at the top of the user interface of the controller (see Figure 7-9).
Figure 7-9 Web GUI Screen of Registered APs
On the CLI, you can use the show ap summary command to verify that the APs are registered with the WLC, as demonstrated in Example 7-5.
Example 7-5 Using the CLI to Verify AP Registration with the WLC
On the WLC CLI, you can also use the show client summary command to see the clients that are registered with the WLC, as demonstrated in Example 7-6.
Example 7-6 Displaying Clients Registered with the WLC
