|
Table Of Contents
Configuring Controller Settings
Using the Configuration Wizard
Resetting the Device to Default Settings
Running the Configuration Wizard on the CLI
Managing the System Time and Date
Configuring Time and Date Manually
Enabling and Disabling 802.11 Bands
Configuring Administrator Usernames and Passwords
Configuring Radio Resource Management (RRM)
Configuring the Serial (CLI Console) Port
Enabling Dynamic Transmit Power Control
Configuring Controller Settings
This chapter describes how to configure settings on controllers. This chapter contains these sections:
• Using the Configuration Wizard
• Managing the System Time and Date
• Enabling and Disabling 802.11 Bands
• Configuring Administrator Usernames and Passwords
• Configuring the Service Port
• Configuring Radio Resource Management (RRM)
• Configuring the Serial (CLI Console) Port
• Enabling 802.3x Flow Control
• Enabling Dynamic Transmit Power Control
Using the Configuration Wizard
This section describes how to configure basic settings on a controller for the first time or after the configuration has been reset to factory defaults. The contents of this chapter are similar to the instructions in the quick start guide that shipped with your controller.
You use the configuration wizard to configure basic settings. You can run the wizard on the CLI or the GUI. This section explains how to run the wizard on the CLI.
This section contains these sections:
• Resetting the Device to Default Settings
• Running the Configuration Wizard on the CLI
Before You Start
You should collect these basic configuration parameters before configuring the controller:
•System name for the controller
•802.11 protocols supported: 802.11a and/or 802.11b/g
•Administrator usernames and passwords (optional)
•Distribution System (network) port static IP Address, netmask, and optional default gateway IP Address
•Service port static IP Address and netmask (optional).
•Distribution System physical port (1000BASE-T, 1000BASE-SX, or 10/100BASE-T)
Note Each 1000BASE-SX connector provides a 100/1000 Mbps wired connection to a network through an 850nM (SX) fiber-optic link using an LC physical connector.
•Distribution System port VLAN assignment (optional)
•Distribution System port Web and Secure Web mode settings: enabled or disabled
•Distribution System port Spanning Tree Protocol: enabled/disabled, 802.1D/fast/off mode per port, path cost per port, priority per port, bridge priority, forward delay, hello time, maximum age
•WLAN Configuration: SSID, VLAN assignments, Layer 2 Security settings, Layer 3 Security settings, QoS assignments
•Mobility Settings: Mobility Group Name (optional)
•RADIUS Settings
•SNMP Settings
•Other port and parameter settings: service port, Radio Resource Management (RRM), third-party access points, console port, 802.3x flow control, and system logging
Resetting the Device to Default Settings
If you need to start over during the initial setup process, you can reset the controller to factory default settings.
Note After resetting the configuration to defaults, you need a serial connection to the controller to use the configuration wizard.
Resetting to Default Settings Using the CLI
Follow these steps to reset the configuration to factory default settings using the CLI:
Step 1 Enter reset system. At the prompt that asks whether you need to save changes to the configuration, enter Y or N. The unit reboots.
Step 2 When you are prompted for a username, enter recover-config to restore the factory default configuration. The Cisco Wireless LAN Controller reboots and displays this message:
Welcome to the Cisco WLAN Solution Wizard Configuration Tool
Step 3 Use the configuration wizard to enter configuration settings.
Resetting to Default Settings Using the GUI
Follow these steps to return to default settings using the GUI:
Step 1 Open your Internet browser. The GUI is fully compatible with Microsoft Internet Explorer version 6.0 or later on Windows platforms.
Step 2 Enter the controller IP address in the browser address line and press Enter. An Enter Network Password window appears.
Step 3 Enter your username in the User Name field. The default username is admin.
Step 4 Enter the wireless device password in the Password field and press Enter. The default password is admin.
Step 5 Browse to the Commands/Reset to Factory Defaults page.
Step 6 Click Reset. At the prompt, confirm the reset.
Step 7 Reboot the unit and do not save changes.
Step 8 Use the configuration wizard to enter configuration settings.
Running the Configuration Wizard on the CLI
When the controller boots at factory defaults, the bootup script runs the configuration wizard, which prompts the installer for initial configuration settings. Follow these steps to enter settings using the wizard on the CLI:
Step 1 Connect your computer to the controller using a DB-9 null-modem serial cable.
Step 2 Open a terminal emulator session using these settings:
•9600 baud
•8 data bits
•1 stop bit
•no parity
•no hardware flow control
Step 3 At the prompt, log into the CLI. The default username is admin and the default password is admin.
Step 4 If necessary, enter reset system to reboot the unit and start the wizard.
Step 5 The first wizard prompt is for the system name. Enter up to 32 printable ASCII characters.
Step 6 Enter an administrator username and password, each up to 24 printable ASCII characters.
Step 7 Enter the service-port interface IP configuration protocol: none or DHCP. If you do not want to use the service port or if you want to assign a static IP Address to the service port, enter none.
Step 8 If you entered none in step 7 and need to enter a static IP address for the service port, enter the service-port interface IP address and netmask for the next two prompts. If you do not want to use the service port, enter 0.0.0.0 for the IP address and netmask.
Step 9 Enter the management interface IP Address, netmask, default router IP address, and optional VLAN identifier (a valid VLAN identifier, or 0 for untagged).
Step 10 Enter the Network Interface (Distribution System) Physical Port number.
Step 11 Enter the IP address of the default DHCP Server that will supply IP Addresses to clients, the management interface, and the service port interface if you use one.
Step 12 Enter the LWAPP Transport Mode, LAYER2 or LAYER3 (refer to the Layer 2 and Layer 3 LWAPP Operation chapter for an explanation of this setting).
Step 13 Enter the Virtual Gateway IP Address. This address can be any fictitious, unassigned IP address (such as 1.1.1.1) to be used by Layer 3 Security and Mobility managers.
Step 14 Enter the Cisco WLAN Solution Mobility Group (RF group) name.
Step 15 Enter the WLAN 1 SSID, or network name. This is the default SSID that lightweight access points use to associate to a controller.
Step 16 Allow or disallow Static IP Addresses for clients. Enter yes to allow clients to supply their own IP addresses. Enter no to require clients to request an IP Address from a DHCP server.
Step 17 If you need to configure a RADIUS Server, enter yes, and enter the RADIUS server IP address, the communication port, and the shared secret. If you do not need to configure a RADIUS server or you want to configure the server later, enter no.
Step 18 Enter a country code for the unit. Enter help to list the supported countries, or refer to Appendix x, Country Codes.
Step 19 Enable and disable support for 802.11b, 802.11a, and 802.11g.
Step 20 Enable or disable Radio Resource Management (RRM) (auto RF). Refer to chapter x for a complete description of RRM.
When you answer the last prompt, the controller saves the configuration, reboots with your changes, and prompts you to log in or to enter recover-config to reset to the factory default configuration and return to the wizard.
Managing the System Time and Date
You can configure the controller to obtain the time and date from an NTP server or you can configure the time and date manually.
Configuring Time and Date Manually
On the CLI, enter show time to check the system time and date. If necessary, enter config time mm/dd/yy hh:mm:ss to set the time and date.
To enable Daylight Saving Time, enter config time timezone enable.
Configuring NTP
On the CLI, enter config time ntp server-ip-address to specify the NTP server for the controller. Enter config time ntp interval to specify, in seconds, the polling interval.
Configuring a Country Code
Controllers are designed for use in many countries with varying regulatory requirements. You can configure a country code for the controller to ensure that it complies with your country's regulations.
On the CLI, enter config country code to configure the country code. Enter show country to check the configuration.
Note The controller must be installed by a network administrator or qualified IT professional and the proper country code must be selected. Following installation, access to the unit should be password protected by the installer to maintain compliance with regulatory requirements and to ensure proper unit functionality.
Table 4-1 lists commonly used country codes and the 802.11 bands that they allow. For a complete list of country codes, refer to Appendix D, "Cisco WLAN Solution Supported Country Codes."
Enabling and Disabling 802.11 Bands
You can enable or disable the 802.11b/g (2.4-GHz) and the 802.11a (5-GHz) bands for the controller to comply with the regulatory requirements in your country. By default, both 802.11b/g and 802.11a are enabled.
On the CLI, enter config 80211b disable network to disable 802.11b/g operation on the controller. Enter config 80211b enable network to re-enable 802.11b/g operation.
Enter config 80211a disable network to disable 802.11a operation on the controller. Enter config 80211a enable network to re-enable 802.11a operation.
Configuring Administrator Usernames and Passwords
You can configure administrator usernames and passwords to prevent unauthorized users from reconfiguring the controller and viewing configuration information.
On the CLI, enter config mgmtuser add username password read-write to create a username-password pair with read-write privileges. Enter config mgmtuser add username password read-only to create a username-password pair with read-only privileges. Usernames and passwords are case-sensitive and can contain up to 24 ASCII characters. Usernames and passwords cannot contain spaces.
To change the password for an existing username, enter config mgmtuser password username new_password
To list configured users, enter show mgmtuser.
Configuring RADIUS Settings
If you need to use a RADIUS server for accounting or authentication, follow these steps on the CLI to configure RADIUS settings for the controller:
Step 1 Enter config radius acct ip-address to configure a RADIUS server for accounting.
Step 2 Enter config radius acct port to specify the UDP port for accounting.
Step 3 Enter config radius acct secret to configure the shared secret.
Step 4 Enter config radius acct enable to enable accounting. Enter config radius acct disable to disable accounting. Accounting is disabled by default.
Step 5 Enter config radius auth ip-address to configure a RADIUS server for authentication.
Step 6 Enter config radius auth port to specify the UDP port for authentication.
Step 7 Enter config radius auth secret to configure the shared secret.
Step 8 Enter config radius auth enable to enable authentication. Enter config radius acct disable to disable authentication. Authentication is disabled by default.
Use the show radius acct statistics, show radius auth statistics, and show radius summary commands to verify that the RADIUS settings are correctly configured.
Configuring SNMP Settings
Cisco recommends that you use the GUI to configure SNMP settings on the controller. To use the CLI, follow these steps:
Step 1 Enter config snmp community create name to create an SNMP community name.
Step 2 Enter config snmp community delete name to delete an SNMP community name.
Step 3 Enter config snmp community accessmode ro name to configure an SNMP community name with read-only privileges. Enter config snmp community accessmode rw name to configure an SNMP community name with read-write privileges.
Step 4 Enter config snmp community ipaddr ip-address ip-mask name to configure an IP address and subnet mask for an SNMP community.
Step 5 Enter config snmp community mode enable to enable a community name. Enter config snmp community mode disable to disable a community name.
Step 6 Enter config snmp trapreceiver create name ip-address to configure a destination for a trap.
Step 7 Enter config snmp trapreceiver delete name to delete a trap.
Step 8 Enter config snmp trapreceiver ipaddr old-ip-address name new-ip-address to change the destination for a trap.
Step 9 Enter config snmp trapreceiver mode enable to enable traps. Enter config snmp trapreceiver mode disable to disable traps.
Step 10 Enter config snmp syscontact syscontact-name to configure the name of the SNMP contact. Enter up to 31 alphanumeric characters for the contact name.
Step 11 Enter config snmp syslocation syslocation-name to configure the SNMP system location. Enter up to 31 alphanumeric characters for the location.
Use the show snmpcommunity and show snmptrap commands to verify that the SNMP traps and communities are correctly configured.
Use the show trapflags command to see the enabled and disabled trapflags. If necessary, use the config trapflags commands to enable or disable trapflags.
Configuring Mobility Groups
All Cisco Wireless LAN Controllers that can communicate with each other through their Distribution System (network) ports can automatically discover each other and form themselves into groups. After they are grouped, the Radio Resource Management (RRM) function maximizes its inter-controller processing efficiency and mobility processing.
Cisco Wireless LAN Controller group discovery is automatically enabled when two or more members are assigned to the same mobility group name. Note that this feature must be enabled on each Cisco Wireless LAN Controller to be included in the discovery process.
Follow these steps to configure mobility groups:
Step 1 Enter show mobility summary to check the current mobility settings.
Step 2 Enter config mobility group name group_name to create a mobility group. Enter up to 31 case-sensitive ASCII characters for the group name. Spaces are not allowed in mobility group names.
Step 3 Enter config mobility group member add mac-address ip-addr to add a group member. Enter config mobility group member delete mac-address ip-addr to delete a group member.
Step 4 Enter show mobility summary to verify the mobility configuration.
Configuring RADIUS Settings
When your Cisco WLAN Solution is to use an external RADIUS server for accounting and/or authentication, set up the links using these commands.
•config radius acct address
•config radius acct port
•config radius acct secret
•config radius acct {disable | enable}
•config radius auth address
•config radius auth port
•config radius auth secret
•config radius auth {disable | enable}
For address, enter the server name or IP Address. For port, enter the UDP port number. For secret, enter the RADIUS server's secret.
When you complete the configuration, enter show radius acct statistics, show radius auth statistics, and show radius summary to verify that the RADIUS links are correctly configured.
Configuring the Service Port
Service PortThe service port on 4100 and 4400 series controllers can be configured with a separate IP Address, subnet mask, and IP assignment protocol from the Distribution System (network) port. To display and configure the service port parameters, use these commands:
•show serviceport
•config serviceport params
•config serviceport protocol
Configuring Radio Resource Management (RRM)
Radio Resource Management (RRM)The Radio Resource Management (RRM) function automatically recognizes lightweight access points on your network, and when they are part of the same mobility group, automatically configures them for optimal operation in their respective frequency bands.
Typically, you will not need to manually configure anything after enabling and/or disabling the 802.11a and 802.11b/g networks. However, you might want to fine-tune the network operation using these command sets:
•config 802.11a
•config 802.11b
•config advanced 802.11a
•config advanced 802.11b
•config cell
•config load balancing
Configuring the Serial (CLI Console) Port
The controller serial port is set for a 9600 baud rate and a short timeout. If you would like to change either of these values, enter config serial baudrate and config serial timeout to make your changes. If you enter config serial timeout 0, serial sessions never time out.
Enabling 802.3x Flow Control
802.3x Flow Control is disabled by default. To enable it, enter config switchconfig flowcontrol enable.
Enabling System Logging
System logging is disabled by default. Enter show syslog to view the current syslog status. Enter config syslog to send a controller log to a remote IP Address or hostname.
Enabling Dynamic Transmit Power Control
When you enable Dynamic Transmit Power Control (DTPC), access points add channel and transmit power information to beacons. (On access points that run Cisco IOS software, this feature is called world mode.) Client devices using DTPC receive the information and adjust their settings automatically. For example, a client device used primarily in Japan could rely on DTPC to adjust its channel and power settings automatically when it travels to Italy and joins a network there. DTPC is enabled by default.
Enter this command to disable or enable DTPC:
config {802.11a | 802.11bg} dtpc {enable | disable}
Posted: Thu Sep 15 08:21:53 PDT 2005
All contents are Copyright © 1992--2005 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.