cc/td/doc/product/wireless/wcs
hometocprevnextglossaryfeedbacksearchhelp
PDF

Table Of Contents

Configuring Controller Settings

Using the Configuration Wizard

Before You Start

Resetting the Device to Default Settings

Running the Configuration Wizard on the CLI

Managing the System Time and Date

Configuring Time and Date Manually

Configuring NTP

Configuring a Country Code

Enabling and Disabling 802.11 Bands

Configuring Administrator Usernames and Passwords

Configuring RADIUS Settings

Configuring SNMP Settings

Configuring Mobility Groups

Configuring RADIUS Settings

Configuring the Service Port

Configuring Radio Resource Management (RRM)

Configuring the Serial (CLI Console) Port

Enabling 802.3x Flow Control

Enabling System Logging

Enabling Dynamic Transmit Power Control


Configuring Controller Settings


This chapter describes how to configure settings on controllers. This chapter contains these sections:

Using the Configuration Wizard

Managing the System Time and Date

Configuring a Country Code

Enabling and Disabling 802.11 Bands

Configuring Administrator Usernames and Passwords

Configuring RADIUS Settings

Configuring SNMP Settings

Configuring Mobility Groups

Configuring RADIUS Settings

Configuring the Service Port

Configuring Radio Resource Management (RRM)

Configuring the Serial (CLI Console) Port

Enabling 802.3x Flow Control

Enabling System Logging

Enabling Dynamic Transmit Power Control

Using the Configuration Wizard

This section describes how to configure basic settings on a controller for the first time or after the configuration has been reset to factory defaults. The contents of this chapter are similar to the instructions in the quick start guide that shipped with your controller.

You use the configuration wizard to configure basic settings. You can run the wizard on the CLI or the GUI. This section explains how to run the wizard on the CLI.

This section contains these sections:

Before You Start

Resetting the Device to Default Settings

Running the Configuration Wizard on the CLI

Before You Start

You should collect these basic configuration parameters before configuring the controller:

System name for the controller

802.11 protocols supported: 802.11a and/or 802.11b/g

Administrator usernames and passwords (optional)

Distribution System (network) port static IP Address, netmask, and optional default gateway IP Address

Service port static IP Address and netmask (optional).

Distribution System physical port (1000BASE-T, 1000BASE-SX, or 10/100BASE-T)


Note Each 1000BASE-SX connector provides a 100/1000 Mbps wired connection to a network through an 850nM (SX) fiber-optic link using an LC physical connector.


Distribution System port VLAN assignment (optional)

Distribution System port Web and Secure Web mode settings: enabled or disabled

Distribution System port Spanning Tree Protocol: enabled/disabled, 802.1D/fast/off mode per port, path cost per port, priority per port, bridge priority, forward delay, hello time, maximum age

WLAN Configuration: SSID, VLAN assignments, Layer 2 Security settings, Layer 3 Security settings, QoS assignments

Mobility Settings: Mobility Group Name (optional)

RADIUS Settings

SNMP Settings

Other port and parameter settings: service port, Radio Resource Management (RRM), third-party access points, console port, 802.3x flow control, and system logging

Resetting the Device to Default Settings

If you need to start over during the initial setup process, you can reset the controller to factory default settings.


Note After resetting the configuration to defaults, you need a serial connection to the controller to use the configuration wizard.


Resetting to Default Settings Using the CLI

Follow these steps to reset the configuration to factory default settings using the CLI:


Step 1 Enter reset system. At the prompt that asks whether you need to save changes to the configuration, enter Y or N. The unit reboots.

Step 2 When you are prompted for a username, enter recover-config to restore the factory default configuration. The Cisco Wireless LAN Controller reboots and displays this message:

Welcome to the Cisco WLAN Solution Wizard Configuration Tool

Step 3 Use the configuration wizard to enter configuration settings.


Resetting to Default Settings Using the GUI

Follow these steps to return to default settings using the GUI:


Step 1 Open your Internet browser. The GUI is fully compatible with Microsoft Internet Explorer version 6.0 or later on Windows platforms.

Step 2 Enter the controller IP address in the browser address line and press Enter. An Enter Network Password window appears.

Step 3 Enter your username in the User Name field. The default username is admin.

Step 4 Enter the wireless device password in the Password field and press Enter. The default password is admin.

Step 5 Browse to the Commands/Reset to Factory Defaults page.

Step 6 Click Reset. At the prompt, confirm the reset.

Step 7 Reboot the unit and do not save changes.

Step 8 Use the configuration wizard to enter configuration settings.


Running the Configuration Wizard on the CLI

When the controller boots at factory defaults, the bootup script runs the configuration wizard, which prompts the installer for initial configuration settings. Follow these steps to enter settings using the wizard on the CLI:


Step 1 Connect your computer to the controller using a DB-9 null-modem serial cable.

Step 2 Open a terminal emulator session using these settings:

9600 baud

8 data bits

1 stop bit

no parity

no hardware flow control

Step 3 At the prompt, log into the CLI. The default username is admin and the default password is admin.

Step 4 If necessary, enter reset system to reboot the unit and start the wizard.

Step 5 The first wizard prompt is for the system name. Enter up to 32 printable ASCII characters.

Step 6 Enter an administrator username and password, each up to 24 printable ASCII characters.

Step 7 Enter the service-port interface IP configuration protocol: none or DHCP. If you do not want to use the service port or if you want to assign a static IP Address to the service port, enter none.

Step 8 If you entered none in step 7 and need to enter a static IP address for the service port, enter the service-port interface IP address and netmask for the next two prompts. If you do not want to use the service port, enter 0.0.0.0 for the IP address and netmask.

Step 9 Enter the management interface IP Address, netmask, default router IP address, and optional VLAN identifier (a valid VLAN identifier, or 0 for untagged).

Step 10 Enter the Network Interface (Distribution System) Physical Port number.

Step 11 Enter the IP address of the default DHCP Server that will supply IP Addresses to clients, the management interface, and the service port interface if you use one.

Step 12 Enter the LWAPP Transport Mode, LAYER2 or LAYER3 (refer to the Layer 2 and Layer 3 LWAPP Operation chapter for an explanation of this setting).

Step 13 Enter the Virtual Gateway IP Address. This address can be any fictitious, unassigned IP address (such as 1.1.1.1) to be used by Layer 3 Security and Mobility managers.

Step 14 Enter the Cisco WLAN Solution Mobility Group (RF group) name.

Step 15 Enter the WLAN 1 SSID, or network name. This is the default SSID that lightweight access points use to associate to a controller.

Step 16 Allow or disallow Static IP Addresses for clients. Enter yes to allow clients to supply their own IP addresses. Enter no to require clients to request an IP Address from a DHCP server.

Step 17 If you need to configure a RADIUS Server, enter yes, and enter the RADIUS server IP address, the communication port, and the shared secret. If you do not need to configure a RADIUS server or you want to configure the server later, enter no.

Step 18 Enter a country code for the unit. Enter help to list the supported countries, or refer to Appendix x, Country Codes.

Step 19 Enable and disable support for 802.11b, 802.11a, and 802.11g.

Step 20 Enable or disable Radio Resource Management (RRM) (auto RF). Refer to chapter x for a complete description of RRM.

When you answer the last prompt, the controller saves the configuration, reboots with your changes, and prompts you to log in or to enter recover-config to reset to the factory default configuration and return to the wizard.


Managing the System Time and Date

You can configure the controller to obtain the time and date from an NTP server or you can configure the time and date manually.

Configuring Time and Date Manually

On the CLI, enter show time to check the system time and date. If necessary, enter config time mm/dd/yy hh:mm:ss to set the time and date.

To enable Daylight Saving Time, enter config time timezone enable.

Configuring NTP

On the CLI, enter config time ntp server-ip-address to specify the NTP server for the controller. Enter config time ntp interval to specify, in seconds, the polling interval.

Configuring a Country Code

Controllers are designed for use in many countries with varying regulatory requirements. You can configure a country code for the controller to ensure that it complies with your country's regulations.

On the CLI, enter config country code to configure the country code. Enter show country to check the configuration.


Note The controller must be installed by a network administrator or qualified IT professional and the proper country code must be selected. Following installation, access to the unit should be password protected by the installer to maintain compliance with regulatory requirements and to ensure proper unit functionality.


Table 4-1 lists commonly used country codes and the 802.11 bands that they allow. For a complete list of country codes, refer to Appendix D, "Cisco WLAN Solution Supported Country Codes."

Table 4-1 Commonly Used Country Codes 

Country Code
Country
802.11 Bands Allowed

US

United States of America

802.11b, 802.11g, and 802.11a low, medium, and high bands

USL

US Low

802.11b, 802.11g, and 802.11a low and medium bands (used for legacy 802.11a interface cards that do not support 802.11a high band)

AU

Australia

802.11b, 802.11g, and 802.11a

AT

Austria

802.11b, 802.11g, and 802.11a

BE

Belgium

802.11b, 802.11g, and 802.11a

CA

Canada

802.11b and 802.11g

DK

Denmark

802.11b, 802.11g, and 802.11a

FI

Finland

802.11b, 802.11g, and 802.11a

FR

France

802.11b, 802.11g, and 802.11a

DE

Germany

802.11b, 802.11g, and 802.11a

GR

Greece

802.11b and 802.11g

IE

Ireland

802.11b, 802.11g, and 802.11a

IN

India

802.11b and 802.11a

IT

Italy

802.11b, 802.11g, and 802.11a

JP

Japan

802.11b, 802.11g, and 802.11a

KR

Republic of Korea

802.11b, 802.11g, and 802.11a

LU

Luxembourg

802.11b, 802.11g, and 802.11a

NL

Netherlands

802.11b, 802.11g, and 802.11a

PT

Portugal

802.11b, 802.11g, and 802.11a

ES

Spain

802.11b, 802.11g, and 802.11a

SE

Sweden

802.11b, 802.11g, and 802.11a

GB

United Kingdom

802.11b, 802.11g, and 802.11a


Enabling and Disabling 802.11 Bands

You can enable or disable the 802.11b/g (2.4-GHz) and the 802.11a (5-GHz) bands for the controller to comply with the regulatory requirements in your country. By default, both 802.11b/g and 802.11a are enabled.

On the CLI, enter config 80211b disable network to disable 802.11b/g operation on the controller. Enter config 80211b enable network to re-enable 802.11b/g operation.

Enter config 80211a disable network to disable 802.11a operation on the controller. Enter config 80211a enable network to re-enable 802.11a operation.

Configuring Administrator Usernames and Passwords

You can configure administrator usernames and passwords to prevent unauthorized users from reconfiguring the controller and viewing configuration information.

On the CLI, enter config mgmtuser add username password read-write to create a username-password pair with read-write privileges. Enter config mgmtuser add username password read-only to create a username-password pair with read-only privileges. Usernames and passwords are case-sensitive and can contain up to 24 ASCII characters. Usernames and passwords cannot contain spaces.

To change the password for an existing username, enter config mgmtuser password username new_password

To list configured users, enter show mgmtuser.

Configuring RADIUS Settings

If you need to use a RADIUS server for accounting or authentication, follow these steps on the CLI to configure RADIUS settings for the controller:


Step 1 Enter config radius acct ip-address to configure a RADIUS server for accounting.

Step 2 Enter config radius acct port to specify the UDP port for accounting.

Step 3 Enter config radius acct secret to configure the shared secret.

Step 4 Enter config radius acct enable to enable accounting. Enter config radius acct disable to disable accounting. Accounting is disabled by default.

Step 5 Enter config radius auth ip-address to configure a RADIUS server for authentication.

Step 6 Enter config radius auth port to specify the UDP port for authentication.

Step 7 Enter config radius auth secret to configure the shared secret.

Step 8 Enter config radius auth enable to enable authentication. Enter config radius acct disable to disable authentication. Authentication is disabled by default.


Use the show radius acct statistics, show radius auth statistics, and show radius summary commands to verify that the RADIUS settings are correctly configured.

Configuring SNMP Settings

Cisco recommends that you use the GUI to configure SNMP settings on the controller. To use the CLI, follow these steps:


Step 1 Enter config snmp community create name to create an SNMP community name.

Step 2 Enter config snmp community delete name to delete an SNMP community name.

Step 3 Enter config snmp community accessmode ro name to configure an SNMP community name with read-only privileges. Enter config snmp community accessmode rw name to configure an SNMP community name with read-write privileges.

Step 4 Enter config snmp community ipaddr ip-address ip-mask name to configure an IP address and subnet mask for an SNMP community.

Step 5 Enter config snmp community mode enable to enable a community name. Enter config snmp community mode disable to disable a community name.

Step 6 Enter config snmp trapreceiver create name ip-address to configure a destination for a trap.

Step 7 Enter config snmp trapreceiver delete name to delete a trap.

Step 8 Enter config snmp trapreceiver ipaddr old-ip-address name new-ip-address to change the destination for a trap.

Step 9 Enter config snmp trapreceiver mode enable to enable traps. Enter config snmp trapreceiver mode disable to disable traps.

Step 10 Enter config snmp syscontact syscontact-name to configure the name of the SNMP contact. Enter up to 31 alphanumeric characters for the contact name.

Step 11 Enter config snmp syslocation syslocation-name to configure the SNMP system location. Enter up to 31 alphanumeric characters for the location.


Use the show snmpcommunity and show snmptrap commands to verify that the SNMP traps and communities are correctly configured.

Use the show trapflags command to see the enabled and disabled trapflags. If necessary, use the config trapflags commands to enable or disable trapflags.

Configuring Mobility Groups

All Cisco Wireless LAN Controllers that can communicate with each other through their Distribution System (network) ports can automatically discover each other and form themselves into groups. After they are grouped, the Radio Resource Management (RRM) function maximizes its inter-controller processing efficiency and mobility processing.

Cisco Wireless LAN Controller group discovery is automatically enabled when two or more members are assigned to the same mobility group name. Note that this feature must be enabled on each Cisco Wireless LAN Controller to be included in the discovery process.

Follow these steps to configure mobility groups:


Step 1 Enter show mobility summary to check the current mobility settings.

Step 2 Enter config mobility group name group_name to create a mobility group. Enter up to 31 case-sensitive ASCII characters for the group name. Spaces are not allowed in mobility group names.

Step 3 Enter config mobility group member add mac-address ip-addr to add a group member. Enter config mobility group member delete mac-address ip-addr to delete a group member.

Step 4 Enter show mobility summary to verify the mobility configuration.


Configuring RADIUS Settings

When your Cisco WLAN Solution is to use an external RADIUS server for accounting and/or authentication, set up the links using these commands.

config radius acct address

config radius acct port

config radius acct secret

config radius acct {disable | enable}

config radius auth address

config radius auth port

config radius auth secret

config radius auth {disable | enable}

For address, enter the server name or IP Address. For port, enter the UDP port number. For secret, enter the RADIUS server's secret.

When you complete the configuration, enter show radius acct statistics, show radius auth statistics, and show radius summary to verify that the RADIUS links are correctly configured.

Configuring the Service Port

Service Port

The service port on 4100 and 4400 series controllers can be configured with a separate IP Address, subnet mask, and IP assignment protocol from the Distribution System (network) port. To display and configure the service port parameters, use these commands:

show serviceport

config serviceport params

config serviceport protocol

Configuring Radio Resource Management (RRM)

Radio Resource Management (RRM)

The Radio Resource Management (RRM) function automatically recognizes lightweight access points on your network, and when they are part of the same mobility group, automatically configures them for optimal operation in their respective frequency bands.

Typically, you will not need to manually configure anything after enabling and/or disabling the 802.11a and 802.11b/g networks. However, you might want to fine-tune the network operation using these command sets:

config 802.11a

config 802.11b

config advanced 802.11a

config advanced 802.11b

config cell

config load balancing

Configuring the Serial (CLI Console) Port

The controller serial port is set for a 9600 baud rate and a short timeout. If you would like to change either of these values, enter config serial baudrate and config serial timeout to make your changes. If you enter config serial timeout 0, serial sessions never time out.

Enabling 802.3x Flow Control

802.3x Flow Control is disabled by default. To enable it, enter config switchconfig flowcontrol enable.

Enabling System Logging

System logging is disabled by default. Enter show syslog to view the current syslog status. Enter config syslog to send a controller log to a remote IP Address or hostname.

Enabling Dynamic Transmit Power Control

When you enable Dynamic Transmit Power Control (DTPC), access points add channel and transmit power information to beacons. (On access points that run Cisco IOS software, this feature is called world mode.) Client devices using DTPC receive the information and adjust their settings automatically. For example, a client device used primarily in Japan could rely on DTPC to adjust its channel and power settings automatically when it travels to Italy and joins a network there. DTPC is enabled by default.

Enter this command to disable or enable DTPC:

config {802.11a | 802.11bg} dtpc {enable | disable}


hometocprevnextglossaryfeedbacksearchhelp

Posted: Thu Sep 15 08:21:53 PDT 2005
All contents are Copyright © 1992--2005 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.