In this converged access product platform,
you should have some familiarity with the new Cisco 3850 switch, especially the
answer for “how to configure a Cisco 3850 switch for basic wireless
connectivity?” Now, let’s share the 5 key points of using 3850 as WLC firstly.
1. Attach your access points directly to
your 3850 switches (every wiring closet you should have this in order to all
building AP to be connect to this new environment)
2. Wireless management vlan & AP
management vlan should be identical. (If you configure vlan 20 as wireless
management in 3850 switch all your APs connected to this switch should be on
access vlan 20.)
3. Enable Mobility Controller (MC)
functionality to terminate CAP/WAP (or register AP). By default, when you enable
wireless management, switch will act as Mobility Agent (MA) & not able to
terminate CAP/WAP.
4. “ipbase” or “ipservices” feature set to
be there for CAP/WAP termination.”lanbase” cannot be used.
5. Given 3850 switch stack can support
maximum 50 APs.
|
Catalyst 3850 switch (the picture is from Cisco.com) |
In the following example, we will have two
3850 switches stacked together. (We will have latest software code- IOS-XE
3.2.3SE on this switch. Then let’s get down to business:
New image to flash of Cisco 3850 switch:
3850-1#copy
tftp://192.168.20.51/firmware/cat3k_caa-universalk9.SPA.03.02.03.SE.150-1.EX3.bin
flash:
Destination
filename [cat3k_caa-universalk9.SPA.03.02.03.SE.150-1.EX3.bin]?
Accessing
tftp://192.168.20.51/firmware/cat3k_caa-universalk9.SPA.03.02.03.SE.150-1.EX3.bin...
Loading
firmware/cat3k_caa-universalk9.SPA.03.02.03.SE.150-1.EX3.bin from 192.168.20.51
(via Vlan999):
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!
[OK -
223743040 bytes]
There are two modes called
"INSTALL" & "BUNDLE" available in these new switches.
If you want to boot in "INSTALL" mode you have to copy the image onto
flash first. In "BUNDLE" mode, you can keep the image on TFTP &
boot if required. But in BUNDLE mode switch require more memory to do this
function, meanwhile, the preferred method is doing it via "INSTALL"
mode.
You can use "software install file
<file_location>“command to install new software onto your switch. At the
end it will prompt to reload the switch as shown below:
3850-1#software
install file flash:cat3k_caa-universalk9.SPA.03.02.03.SE.150-1.EX3.bin
Preparing
install operation...
[1]:
Copying software from active switch 1 to switch 2
[1]:
Finished copying software to switch 2
[1
2]: Starting install operation
[1
2]: Expanding bundle flash:cat3k_caa-universalk9.SPA.03.02.03.SE.150-1.EX3.bin
[1
2]: Copying package files
[1
2]: Package files copied
[1
2]: Finished expanding bundle
flash:cat3k_caa-universalk9.SPA.03.02.03.SE.150-1.EX3.bin
[1
2]: Verifying and copying expanded package files to flash:
[1
2]: Verified and copied expanded package files to flash:
[1
2]: Starting compatibility checks
[1
2]: Finished compatibility checks
[1
2]: Starting application pre-installation processing
[1
2]: Finished application pre-installation processing
[1]:
Old files list:
Removed cat3k_caa-base.SPA.03.02.02.SE.pkg
Removed cat3k_caa-drivers.SPA.03.02.02.SE.pkg
Removed cat3k_caa-infra.SPA.03.02.02.SE.pkg
Removed
cat3k_caa-iosd-universalk9.SPA.150-1.EX2.pkg
Removed cat3k_caa-platform.SPA.03.02.02.SE.pkg
Removed cat3k_caa-wcm.SPA.10.0.111.0.pkg
[2]:
Old files list:
Removed cat3k_caa-base.SPA.03.02.02.SE.pkg
Removed cat3k_caa-drivers.SPA.03.02.02.SE.pkg
Removed cat3k_caa-infra.SPA.03.02.02.SE.pkg
Removed cat3k_caa-iosd-universalk9.SPA.150-1.EX2.pkg
Removed cat3k_caa-platform.SPA.03.02.02.SE.pkg
Removed cat3k_caa-wcm.SPA.10.0.111.0.pkg
[1]:
New files list:
Added cat3k_caa-base.SPA.03.02.03.SE.pkg
Added cat3k_caa-drivers.SPA.03.02.03.SE.pkg
Added cat3k_caa-infra.SPA.03.02.03.SE.pkg
Added
cat3k_caa-iosd-universalk9.SPA.150-1.EX3.pkg
Added cat3k_caa-platform.SPA.03.02.03.SE.pkg
Added cat3k_caa-wcm.SPA.10.0.120.0.pkg
[2]:
New files list:
Added cat3k_caa-base.SPA.03.02.03.SE.pkg
Added cat3k_caa-drivers.SPA.03.02.03.SE.pkg
Added cat3k_caa-infra.SPA.03.02.03.SE.pkg
Added
cat3k_caa-iosd-universalk9.SPA.150-1.EX3.pkg
Added cat3k_caa-platform.SPA.03.02.03.SE.pkg
Added cat3k_caa-wcm.SPA.10.0.120.0.pkg
[1
2]: Creating pending provisioning file
[1
2]: Finished installing software. New software will load on reboot.
[1
2]: Committing provisioning file
[1
2]: Do you want to proceed with reload? [yes/no]: yes
[2]:
Reloading
[1]:
Pausing before reload
Now look at your flash directory, there could
be multiple versions of the .conf files & .pkg files depending on the number
of images came with your switch and the frequency you upgraded the switch. You
can clean this directory using “software clean” command which will result
deleting all unwanted file from your directory. In this way you will only keep
3.2.3SE related files on your flash.
3850-1#dir
Directory
of flash:/
85193
-rw- 2097152 Sep 28 2013 14:28:26 +10:00 nvram_config
85187
-rw- 74410468 Jan 1 1970 11:01:11 +11:00 cat3k_caa-base.SPA.03.02.00SE.pkg
85188
-rw- 2773680 Jan 1 1970 11:01:12 +11:00 cat3k_caa-drivers.SPA.03.02.00.SE.pkg
85189
-rw- 32478044 Jan 1 1970 11:01:12 +11:00 cat3k_caa-infra.SPA.03.02.00SE.pkg
85190
-rw- 30393116 Jan 1 1970 11:01:12 +11:00 cat3k_caa-iosd-universalk9.SPA.150-1.EX.pkg
85191
-rw- 18313952 Jan 1 1970 11:01:12 +11:00 cat3k_caa-platform.SPA.03.02.00.SE.pkg
85192
-rw- 63402700 Jan 1 1970 11:01:12 +11:00 cat3k_caa-wcm.SPA.10.0.100.0.pkg
85199
-rw- 1224 Sep 28 2013 14:19:19 +10:00 packages.conf
85196
-rw- 8916 Sep 26 2013 15:59:58 +10:00 vlan.dat
85195
-rw- 114 Jun 6 2013 08:31:45 +10:00 express_setup.debug
85194
-rw- 1224 Sep 25 2013 02:20:20 +10:00 packages.conf.00-
7750 -rw- 74369252 Sep 25 2013 02:20:16 +10:00
cat3k_caa-base.SPA.03.02.02.SE.pkg
7751 -rw- 5808828 Sep 25 2013 02:20:16 +10:00
cat3k_caa-drivers.SPA.03.02.02.SE.pkg
7752 -rw- 32488292 Sep 25 2013 02:20:16 +10:00
cat3k_caa-infra.SPA.03.02.02.SE.pkg
7753 -rw- 30403764 Sep 25 2013 02:20:16 +10:00
cat3k_caa-iosd-universalk9.SPA.150-1.EX2.pkg
7754 -rw- 16079584 Sep 25 2013 02:20:16 +10:00
cat3k_caa-platform.SPA.03.02.02.SE.pkg
7755 -rw- 64580300 Sep 25 2013 02:20:17 +10:00
cat3k_caa-wcm.SPA.10.0.111.0.pkg
85186
-rw- 223743040 Sep 28 2013 13:30:24 +10:00 cat3k_caa-universalk9.SPA.03.02.03.SE.150-1.EX3.bin
85198
-rw- 1218 Jan 1 1970 11:01:22 +11:00 packages.conf.01-
30979
-rw- 74369716 Sep 28 2013 14:19:15 +10:00 cat3k_caa-base.SPA.03.02.03.SE.pkg
30980
-rw- 5808828 Sep 28 2013 14:19:15 +10:00 cat3k_caa-drivers.SPA.03.02.03.SE.pkg
30981
-rw- 32496484 Sep 28 2013 14:19:15 +10:00 cat3k_caa-infra.SPA.03.02.03.SE.pkg
30982
-rw- 30418104 Sep 28 2013 14:19:15 +10:00
cat3k_caa-iosd-universalk9.SPA.150-1.EX3.pkg
30983
-rw- 16059104 Sep 28 2013 14:19:15 +10:00
cat3k_caa-platform.SPA.03.02.03.SE.pkg
30984
-rw- 64586444 Sep 28 2013 14:19:15 +10:00 cat3k_caa-wcm.SPA.10.0.120.0.pkg
1621966848
bytes total (723390464 bytes free)
3850-1#software
clean
Preparing
clean operation...
[1
2]: Cleaning up unnecessary package files
[1
2]: No path specified, will use booted path flash:packages.conf
[1
2]: Cleaning flash:
[1]:
Preparing packages list to delete ...
cat3k_caa-base.SPA.03.02.03.SE.pkg
File is in use, will not delete.
cat3k_caa-drivers.SPA.03.02.03.SE.pkg
File is in use, will not delete.
cat3k_caa-infra.SPA.03.02.03.SE.pkg
File is in use, will not delete.
cat3k_caa-iosd-universalk9.SPA.150-1.EX3.pkg
File is in use, will not delete.
cat3k_caa-platform.SPA.03.02.03.SE.pkg
File is in use, will not delete.
cat3k_caa-wcm.SPA.10.0.120.0.pkg
File is in use, will not delete.
packages.conf
File is in use, will not delete.
[2]:
Preparing packages list to delete ...
cat3k_caa-base.SPA.03.02.03.SE.pkg
File is in use, will not delete.
cat3k_caa-drivers.SPA.03.02.03.SE.pkg
File is in use, will not delete.
cat3k_caa-infra.SPA.03.02.03.SE.pkg
File is in use, will not delete.
cat3k_caa-iosd-universalk9.SPA.150-1.EX3.pkg
File is in use, will not delete.
cat3k_caa-platform.SPA.03.02.03.SE.pkg
File is in use, will not delete.
cat3k_caa-wcm.SPA.10.0.120.0.pkg
File is in use, will not delete.
packages.conf
File is in use, will not delete.
[1]:
Files that will be deleted:
cat3k_caa-base.SPA.03.02.00SE.pkg
cat3k_caa-base.SPA.03.02.02.SE.pkg
cat3k_caa-drivers.SPA.03.02.00.SE.pkg
cat3k_caa-drivers.SPA.03.02.02.SE.pkg
cat3k_caa-infra.SPA.03.02.00SE.pkg
cat3k_caa-infra.SPA.03.02.02.SE.pkg
cat3k_caa-iosd-universalk9.SPA.150-1.EX.pkg
cat3k_caa-iosd-universalk9.SPA.150-1.EX2.pkg
cat3k_caa-platform.SPA.03.02.00.SE.pkg
cat3k_caa-platform.SPA.03.02.02.SE.pkg
cat3k_caa-universalk9.SPA.03.02.03.SE.150-1.EX3.bin
cat3k_caa-wcm.SPA.10.0.100.0.pkg
cat3k_caa-wcm.SPA.10.0.111.0.pkg
packages.conf.00-
packages.conf.01-
[2]:
Files that will be deleted:
cat3k_caa-base.SPA.03.02.00SE.pkg
cat3k_caa-base.SPA.03.02.02.SE.pkg
cat3k_caa-drivers.SPA.03.02.00.SE.pkg
cat3k_caa-drivers.SPA.03.02.02.SE.pkg
cat3k_caa-infra.SPA.03.02.00SE.pkg
cat3k_caa-infra.SPA.03.02.02.SE.pkg
cat3k_caa-iosd-universalk9.SPA.150-1.EX.pkg
cat3k_caa-iosd-universalk9.SPA.150-1.EX2.pkg
cat3k_caa-platform.SPA.03.02.00.SE.pkg
cat3k_caa-platform.SPA.03.02.02.SE.pkg
cat3k_caa-universalk9.SPA.03.02.03.SE.150-1.EX3.bin
cat3k_caa-wcm.SPA.10.0.100.0.pkg
cat3k_caa-wcm.SPA.10.0.111.0.pkg
packages.conf.00-
packages.conf.01-
[1
2]: Do you want to proceed with the deletion? [yes/no]: yes
[1
2]: Clean up completed
3850-1#dir
Directory
of flash:/
85193
-rw- 2097152 Sep 28 2013 14:28:26 +10:00 nvram_config
85199
-rw- 1224 Sep 28 2013 14:19:19 +10:00 packages.conf
85196
-rw- 8916 Sep 26 2013 15:59:58 +10:00 vlan.dat
85195
-rw- 114 Jun 6 2013 08:31:45 +10:00 express_setup.debug
30979
-rw- 74369716 Sep 28 2013 14:19:15 +10:00 cat3k_caa-base.SPA.03.02.03.SE.pkg
30980
-rw- 5808828 Sep 28 2013 14:19:15 +10:00 cat3k_caa-drivers.SPA.03.02.03.SE.pkg
30981
-rw- 32496484 Sep 28 2013 14:19:15 +10:00 cat3k_caa-infra.SPA.03.02.03.SE.pkg
30982
-rw- 30418104 Sep 28 2013 14:19:15 +10:00
cat3k_caa-iosd-universalk9.SPA.150-1.EX3.pkg
30983
-rw- 16059104 Sep 28 2013 14:19:15 +10:00 cat3k_caa-platform.SPA.03.02.03.SE.pkg
30984
-rw- 64586444 Sep 28 2013 14:19:15 +10:00 cat3k_caa-wcm.SPA.10.0.120.0.pkg
1621966848
bytes total (1393401856 bytes free)
In this step, you can verify switch is
having upgraded image in each member of the switch stack.
3850-1#sh
ver | be SW
Switch
Ports Model SW Version SW Image Mode
------
----- ----- ---------- ---------- ----
1 56
WS-C3850-48P
03.02.03.SE
cat3k_caa-universalk9 INSTALL
2 56
WS-C3850-48P
03.02.03.SE
cat3k_caa-universalk9 INSTALL
You can verify boot configuration of your
switch using "show boot" CLI command. As you can see
"packages.conf" file is the boot loading file used in the booting
process. If this file not exists or corrupted, the switch will go onto ROMMON
mode."
3850-1#sh
boot
---------------------------
Switch
1
---------------------------
Current
Boot Variables:
BOOT
variable = flash:packages.conf;
Boot
Variables on next reload:
BOOT
variable = flash:packages.conf;
Manual
Boot = no
Enable
Break = no
You can access wireless controller GUI
using https://<switch-ipaddress>/wireless URL.
|
Cisco 3850 switch configuration example |
It is different when compare to CUWN
controllers (5508,2504, etc). Let's see how we can configure the wireless
controller config on this switch. First of all you need to ensure you have the
correct license to start with.
3850-1#show
license right-to-use?
default Displays the default license
information.
detail Displays details of all the licenses in
the stack.
eula Displays the EULA text.
mismatch Displays mismatch license
information.
slot Specify switch number
summary Displays consolidated stack wide
license information.
usage Displays the usage details of all
licenses.
| Output modifiers
<cr>
3850-1#show
license right-to-use summary
License
Name Type Count Period left
-----------------------------------------------
lanbase permanent N/A Lifetime
apcount base 0 Lifetime
apcount adder 0 Lifetime
--------------------------------------------
License Level In Use: ipbase
License Level on Reboot: ipbase
Evaluation AP-Count: Disabled
Total AP Count Licenses: 0
AP Count Licenses In-use: 0
AP Count Licenses Remaining: 0
In Converged Access architecture, 3850 can
act as Mobility Agent (MA) or Mobility Controller (MC). By default it is a MA.
Normally AP license should be on a MC where CAP/WAP tunnels from AP get
terminated. In this case we have only 3850 switch for everything (MC & MA)
so you have to install AP license onto this switch. Remember that maximum 50
APs can be supported by a 3850 switch stack. In our case we will configure 25 licenses
each for the first two members of stack & all APs to be terminated in these
two switches (max 25 in each member).
3850-1#license
right-to-use?
activate activate particular license level
deactivate deactivate particular license level
3850-1#license
right-to-use activate?
apcount configure the AP-count licenses on the
switch
ipbase activate ipbase license on the switch
ipservices activate Ipservices license on the
switch
lanbase activate lanbase license on the switch
3850-1#license
right-to-use activate apcount?
<1-50> configure the number of adder
licenses
evaluation activate evaluation license
3850-1#license
right-to-use activate apcount 50?
slot Specify switch number
3850-1#license
right-to-use activate apcount 50 slot?
<1-9> Specify switch number
3850-1#license
right-to-use activate apcount 50 slot 1?
acceptEULA automatically accept the EULA for
the given license
<cr>
3850-1#license
right-to-use activate apcount 50 slot 1 acceptEULA
3850-1#license
right-to-use activate apcount 50 slot 2 acceptEULA
%
switch-2:stack-mgr:ACTIVATION FAIL : Total AP Count Licenses exceed maximum
limit
!
3850-1#license
right-to-use deactivate apcount 25 slot 1
3850-1#license
right-to-use activate apcount 25 slot 2 acceptEULA
You have to enable the MC functionality of
3850 by using the "wireless mobility controller" CLI command as shown
below.
3850-1(config)#wireless
mobility ?
controller Configures mobility controller
settings
dscp Configures the Mobility inter controller DSCP
value
group Configures the Mobility group parameters
load-balance Configure mobility load-balance
status
multicast Configures the Multicast Mode for
mobility messages
oracle Configures mobility oracle settings
3850-1(config)#wireless
mobility controller ?
ip no description
peer-group Configures mobility peer groups
<cr>
3850-1(config)#wireless
mobility controller
Now we are one step away to register our
AP. To register AP you should nominate an interface as wireless management
interface. You have to remember that all your AP should be configured with same
vlan access port where you configured for wireless management, otherwise AP
won’t join. In our case we will use vlan21 as wireless management interface &
configure switch port connected to AP in vlan 21.
interface
Vlan21
ip address 192.168.21.1 255.255.255.0
!
wireless
management interface Vlan21
!
interface
GigabitEthernet1/0/1
switchport
access vlan 21
switchport
mode access
spanning-tree
portfast
Now if you type "show ap summary"
you would see your AP get registered to your 3850 WLC.
3850-1#show
ap summary
Number
of APs: 1
Global
AP User Name: Not configured
Global
AP Dot1x User Name: Not configured
AP
Name AP
Model Ethernet MAC Radio MAC State
----------------------------------------------------------------------------------------
bc16.6516.790e 3602I bc16.6516.790e f41f.c298.c2a0 Registered
You can change any AP specific
configuration by using "ap name <AP-NAME> x" CLI commands.
Following are the all options available. we will change the name as example.
5508-1#ap
name bc16.6516.790e?
ap-groupname Set groupname
bhrate Bridge Backhaul Tx Rate
bridgegroupname Set bridgegroupname
bridging Enable Ethernet-to-Ethernet bridging
capwap AP Capwap parameters
command Remote execute a command on Cisco AP
console-redirect Enable redirecting remote debug output of
Cisco AP to
console
core-dump Enable memory core dump on Cisco AP
country Configure the country of operation
crash-file Manage crash data and radio core files
for Cisco AP
dot11
Configures 802.11
parameters
dot1x-user Enable the 802.1X credential for the
current AP
ethernet Configure Ethernet Port of the AP
image Configure image
led Enable LED-state for Cisco AP
link-encryption Enable link encryption state on Cisco AP
link-latency Enable Link Latency on Cisco AP
location Configure AP location
mfp Enable Management Frame
Protection
mgmtuser Configures user name, password and secret
for AP management
mode Select AP mode of operation
monitor-mode Monitor-mode channel optimization
name Configure AP name
no Negate a command or set its
defaults
power Configure Cisco Power over
Ethernet (PoE) feature for AP
reset Reset AP
reset-button Disable or enable reset button on AP
shutdown Disable AP
slot Set slot number
sniff Enable sniffing on dot11a/b radio
ssh Enable SSH
static-ip Set Cisco AP static IP address
configuration
stats-timer Set the frequency at which statistics
are sent from AP
syslog Set the system logging settings for
Cisco AP
tcp-adjust-mss TCP MSS configuration for an AP
telnet Enable telnet for Cisco AP
tftp-downgrade Initiate AP image downgrade from a TFTP
server
5508-1#ap
name bc16.6516.790e name L3600-1
5508-1#show
ap summary
Number
of APs: 1
Global
AP User Name: Not configured
Global
AP Dot1x User Name: Not configured
AP
Name AP
Model Ethernet MAC Radio MAC State
----------------------------------------------------------------------------------------
L3600-1 3602I bc16.6516.790e f41f.c298.c2a0 Registered
You can use "show ap name
<AP_NAME> x" CLI commands to view specific AP configurations.
name
L3600-1 ?
auto-rf Auto-RF information for a Cisco AP
bhmode
Show Cisco Bridge Backhaul
Mode
bhrate Show Cisco Bridge Backhaul Rate
cac Display Call Admission Control
details
capwap AP Capwap parameters
ccx Shows ccx related information
cdp Shows Cisco AP cdp information
channel Shows the channel information of an
Cisco AP
config Shows the configuration of an Cisco
AP
core-dump Shows the AP memory core dump setting
for an Cisco AP
data-plane Show data plane status
dot11 Show 802.11 parameters
ethernet Shows ethernet information
eventlog Downloads and displays the event log
of a Cisco AP
image Shows the images present on a Cisco
AP
inventory Displays the inventory of a Cisco AP
link-encryption Show link encryption status
service-policy Show service policy information
tcp-adjust-mss Show tcp-adjust-mss for an AP
wlan Show BSSIDs for each AP
5508-1#show
ap name L3600-1 config general
Cisco
AP Name
: L3600-1
Cisco
AP Identifier
: 3
Country
Code :
AU - Australia
Regulatory
Domain Allowed by Country :
802.11bg:-A 802.11a:-N
AP
Country Code
: AU - Australia
AP
Regulatory Domain
: Unconfigured
Switch
Port Number
: Gi1/0/1
MAC
Address : bc16.6516.790e
IP
Address Configuration
: DHCP
IP
Address
: 192.168.21.53
IP
Netmask
: 255.255.255.0
Gateway
IP Address :
192.168.21.254
CAPWAP
Path MTU
: 1500
Telnet
State
: Disabled
SSH
State
: Disabled
Cisco
AP Location : default
location
Cisco
AP Group Name
: default-group
Administrative
State :
Enabled
Operation
State :
Registered
AP
Mode : Local
AP
Submode
: Not Configured
Remote
AP Debug
: Disabled
Logging
Trap Severity Level :
informational
Software
Version : 10.0.101.0
Boot
Version
: 15.2.2.4
Stats
Reporting Period
: 180
LED
State
: Enabled
PoE
Pre-Standard Switch
: Disabled
PoE
Power Injector MAC Address
: Disabled
Power
Type/Mode
: Power Injector/Normal Mode
Number
of Slots
: 2
AP
Model
: 3602I
AP
Image :
C3600-K9W8-M
IOS
Version
: 15.2(2)JN$
Reset
Button
: Enabled
AP
Serial Number
: FGL1721X3K5
AP
Certificate Type : Manufacture Installed
Management
Frame Protection Validation :
Disabled
AP
User Mode
: Automatic
AP
User Name
: Not Configured
AP
802.1X User Mode
: Not Configured
AP
802.1X User Name
: Not Configured
Cisco
AP System Logging Host
: 255.255.255.255
AP Up
Time
: 3 days 20 hours 14 minutes 26 seconds
AP
CAPWAP Up Time
: 3 days 20 hours 12 minutes 57 seconds
Join
Date and Time
: 09/24/2013 19:01:11
If you want to configure global settings
for all APs then you have to go for the configuration mode & then use
"ap x " CLI command as shown below. We will change Country code as
example. You can add upto 20 country codes if you have AP in multiple
countries.
3850-1#conf
t
Enter
configuration commands, one per line.
End with CNTL/Z.
3850-1(config)#ap
?
auth-list Configure Access Point authorization
list
bridging Enable/Disable Ethernet-to-Ethernet
bridging on all Cisco APs
capwap ap capwap parameters
cdp Enable/Disable CDP for all Cisco
APs
core-dump Enable/Disable memory core dump on all
Cisco APs
country Configure the country of operation
dot11 Configures 802.11 parameters
dot1x Configure the 802.1X credential
for all APs
ethernet Configure Ethernet Port on all Cisco
APs
group Manage AP Groups VLAN feature
led Enable/Disable LED-state for all
Cisco APs
link-encryption Enable link encryption state on all Cisco
AP's
link-latency Enable Link Latency on all Cisco AP's
mgmtuser Configure the user for AP management
power Configure Cisco Power over
Ethernet (PoE) feature for all AP's
reporting-period Configure AP rogue/error reporting period
reset-button Enable/Disable reset button for all Cisco
APs
static-ip Set Cisco AP static IP address
configuration
syslog Configure the system logging
settings for Cisco AP
tcp-adjust-mss Enable/Disable TCP MSS configuration for
all Cisco APs
tftp-downgrade Initiate AP image downgrade from a TFTP
server for all Cisco APs
3850-1(config)#ap
country ?
WORD
Enter the country code (e.g. US,MX,IN) upto a maximum of 20 countries
3850-1(config)#ap
country AU
Changing
country code could reset channel and RRM grouping configuration. If running in
RRM One-Time mode, reassign channels after this command. Check customized APs
for valid channel values after this command.
Are
you sure you want to continue? (y/n)[y]: y
3850-1(config)#
Next we will configure a WLAN.
5508-1(config)#wlan
?
WORD
Enter Profile Name up to 32 alphanumeric characters
shutdown
Enable/disable all WLANs
5508-1(config)#wlan
MRN-CCIEW ?
<1-64>
Create WLAN Identifier
<cr>
5508-1(config)#wlan
MRN-CCIEW 1 ?
WORD
Enter SSID (Network Name) up to 32 alphanumeric characters
<cr>
5508-1(config)#wlan
MRN-CCIEW 1 MRN-CCIEW
5508-1(config-wlan)#no
shutdown
You can verify WLAN configuration in your
“show running-config all” output.
5508-1#show
running-config all | section wlan
wlan
MRN-CCIEW 1 MRN-CCIEW
accounting-list
channel-scan defer-time 100
client association limit 0
client vlan default
dtim dot11 24ghz 1
dtim dot11 5ghz 1
exclusionlist timeout 60
ip access-group web none
ip access-group none
ip dhcp server 0.0.0.0
ipv6 traffic-filter web none
ipv6 traffic-filter none
mac-filtering
radio all
security dot1x authentication-list
security dot1x encryption 104
security static-wep-key authentication open
security tkip hold-down 60
security web-auth authentication-list
security web-auth parameter-map
service-policy client input unknown
service-policy client output unknown
service-policy input unknown
service-policy output unknown
session-timeout 1800
no shutdown
You can configure any WLAN specific configs
as shown below. You have to shutdown the WLAN before make any changes.
5508-1(config)#wlan
MRN-CCIEW 1 MRN-CCIEW
5508-1(config-wlan)#?
aaa-override AAA policy override
accounting-list Set the accounting list for IEEE 802.1x
band-select Allow|Disallow Band Select on a WLAN.
broadcast-ssid Set broadcast SSID on a WLAN
call-snoop Call Snooping support
ccx Configure Cisco Client
Extension options
channel-scan Configures off channel scanning
deferral parameters
chd Set CHD per WLAN
client WLAN configuration for clients
datalink WLAN Datalink commands
default
Set a command to its
defaults
diag-channel Set Diagnostics Channel Capability on
a WLAN
dtim Set the DTIM period for the
WLAN
exclusionlist Set exclusion-listing on WLAN
exit Exit sub-mode
ip WLAN IP configuration
commands
ipv6 IPv6 WLAN subcommands
load-balance Allow|Disallow Load Balance on a WLAN.
local-auth Set the EAP Profile on a WLAN
mac-filtering Set MAC filtering support on WLAN
media-stream Configures media stream
mfp Configures Management Frame
Protection
mobility Configure mobility
nac Configures Radius NAC
support(Identity Service Engine).
no
Negate a command or
set its defaults
passive-client Configures passive client feature
peer-blocking Configure peer-to-peer blocking on a
WLAN
radio Configures the Radio Policy
roamed-voice-client Configure Roaming Attrbutes for Voice Clients
security Configures the security policy for
a WLAN
service-policy Configure WLAN QOS Service Policy
session-timeout Configures client timeout
shutdown
Disable WLAN
sip-cac Configure Wlan Sip-Cac attributes
static-ip Configures static IP client
tunneling support on a WLAN.
uapsd Configure WMM UAPSD attributes
for Wlan
wgb Configures WGB support on the
WLAN
wmm Configures WMM (WME)
5508-1(config-wlan)#client
vlan 51
%
switch-1:wcm:Request failed - WLAN in the enabled state.
5508-1(config-wlan)#shut
5508-1(config-wlan)#client
vlan 51
5508-1(config-wlan)#radio
?
all
Enable all available radios
dot11a
Enable 802.11a radio only
dot11ag
Enable 802.11 a and g radios
dot11bg
Enable 802.11b and g radios
dot11g
Enable 802.11g radio only
5508-1(config-wlan)#radio
dot11a
5508-1(config-wlan)#wmm
?
allowed
Allows WMM on the WLAN
require
Requires WMM enabled clients on the WLAN
5508-1(config-wlan)#wmm
require
5508-1(config-wlan)#ip
?
access-group
Specify WLAN ACL
dhcp
Configure DHCP parameters for WLAN
flow
Flexible Netflow commands
multicast
Configure multicast
verify
verify
5508-1(config-wlan)#ip
dhcp ?
opt82
Set DHCP option 82 for wireless clients on this WLAN
required
Specify whether DHCP address assignment is required
server
Configures the WLAN's IPv4 DHCP Server
5508-1(config-wlan)#ip
dhcp server 192.168.51.1
5508-1(config-wlan)#no
shut
You can verify WLAN settings “show wlan id
<WLAN_ID>” CLI command as shown below.
5508-1#show
wlan id 1
WLAN
Profile Name : MRN-CCIEW
================================================
Identifier : 1
Network
Name (SSID) :
MRN-CCIEW
Status :
Enabled
Broadcast
SSID : Enabled
Maximum
number of Associated Clients :
0
AAA
Policy Override
: Disabled
Network
Admission Control
NAC-State : Disabled
Number
of Active Clients :
0
Exclusionlist
Timeout : 60
Session
Timeout :
1800 seconds
CHD
per WLAN
: Enabled
Webauth
DHCP exclusion : Disabled
Interface : 51
Interface
Status :
Unconfigured
Multicast
Interface :
Unconfigured
WLAN
IPv4 ACL
: unconfigured
WLAN
IPv6 ACL
: unconfigured
DHCP
Server
: 192.168.51.1
DHCP
Address Assignment Required
: Disabled
DHCP
Option 82
: Disabled
DHCP
Option 82 Format
: ap-mac
DHCP
Option 82 Ascii Mode
: Disabled
DHCP
Option 82 Rid Mode
: Disabled
QoS
Service Policy - Input
Policy Name : unknown
Policy State : None
QoS
Service Policy - Output
Policy Name : unknown
Policy State : None
QoS
Client Service Policy
Input
Policy Name
: unknown
Output Policy Name : unknown
WMM :
Required
Channel
Scan Defer Priority:
Priority (default) : 4
Priority (default) : 5
Priority (default) : 6
Scan
Defer Time (msecs)
: 100
Media
Stream Multicast-direct
: Disabled
CCX -
AironetIe Support
: Enabled
CCX -
Gratuitous ProbeResponse (GPR) : Disabled
CCX -
Diagnostics Channel Capability
: Disabled
Dot11-Phone
Mode (7920) :
Invalid
Wired
Protocol
: None
Peer-to-Peer
Blocking Action :
Disabled
Radio
Policy
: 802.11a only
DTIM
period for 802.11a radio
: 1
DTIM
period for 802.11b radio
: 1
Local
EAP Authentication
: Disabled
Mac
Filter Authorization list name : Disabled
Accounting
list name :
Disabled
802.1x
authentication list name :
Disabled
Security
802.11 Authentication : Open System
Static WEP Keys : Disabled
802.1X : Disabled
Wi-Fi Protected Access (WPA/WPA2) : Enabled
WPA (SSN IE) : Disabled
WPA2 (RSN IE) : Enabled
TKIP Cipher : Disabled
AES Cipher : Enabled
Auth Key Management
802.1x : Enabled
PSK : Disabled
CCKM : Disabled
CKIP :
Disabled
IP Security : Disabled
IP Security Passthru : Disabled
L2TP : Disabled
Web Based Authentication : Disabled
Conditional Web Redirect : Disabled
Splash-Page Web Redirect : Disabled
Auto Anchor : Disabled
Sticky Anchoring : Enabled
Cranite Passthru : Disabled
Fortress Passthru : Disabled
PPTP :
Disabled
Infrastructure MFP protection : Enabled
Client MFP : Optional
Webauth On-mac-filter Failure : Disabled
Webauth Authentication List Name : Disabled
Webauth Parameter Map : Disabled
Tkip MIC Countermeasure Hold-down
Timer : 60
Call
Snooping
: Disabled
Passive
Client :
Disabled
Non
Cisco WGB
: Disabled
Band
Select : Disabled
Load
Balancing
: Disabled
IP
Source Guard
: Disabled
By default WLAN is configured with
WPA2/AES. So if you want to check basic client connectivity you can disable it.
Then you should be able to connect your wireless client to this new SSID.
In a separate post we will see how to
configure different security methods for a given SSID.
The material is referred from: