Configuring Controller Settings

This chapter describes how to configure settings on controllers. This chapter contains these sections:

Using the Configuration Wizard

This section describes how to configure basic settings on a controller for the first time or after the configuration has been reset to factory defaults. The contents of this chapter are similar to the instructions in the quick start guide that shipped with your controller.

You use the configuration wizard to configure basic settings. You can run the wizard on the CLI or the GUI. This section explains how to run the wizard on the CLI.

Before You Start

You should collect these basic configuration parameters before configuring the controller:

•

Distribution System (network) port static IP Address, netmask, and optional default gateway IP Address

Note

Each 1000BASE-SX connector provides a 100/1000 Mbps wired connection to a network through an 850nM (SX) fiber-optic link using an LC physical connector.

•

Distribution System port Web and Secure Web mode settings: enabled or disabled

•

Distribution System port Spanning Tree Protocol: enabled/disabled, 802.1D/fast/off mode per port, path cost per port, priority per port, bridge priority, forward delay, hello time, maximum age

•

WLAN Configuration: SSID, VLAN assignments, Layer 2 Security settings, Layer 3 Security settings, QoS assignments

•

Other port and parameter settings: service port, Radio Resource Management (RRM), third-party access points, console port, 802.3x flow control, and system logging

Resetting the Device to Default Settings

If you need to start over during the initial setup process, you can reset the controller to factory default settings.

Note After resetting the configuration to defaults, you need a serial connection to the controller to use the configuration wizard.

Resetting to Default Settings Using the CLI

Follow these steps to reset the configuration to factory default settings using the CLI:

Step 1

Enter reset system. At the prompt that asks whether you need to save changes to the configuration, enter Y or N. The unit reboots.

Step 2

When you are prompted for a username, enter recover-config to restore the factory default configuration. The Cisco Wireless LAN Controller reboots and displays this message:

Resetting to Default Settings Using the GUI

Step 1

Open your Internet browser. The GUI is fully compatible with Microsoft Internet Explorer version 6.0 or later on Windows platforms.

Step 2

Enter the controller IP address in the browser address line and press Enter. An Enter Network Password window appears.

Step 3

Enter your username in the User Name field. The default username is admin.

Step 4

Enter the wireless device password in the Password field and press Enter. The default password is admin.

Running the Configuration Wizard on the CLI

When the controller boots at factory defaults, the bootup script runs the configuration wizard, which prompts the installer for initial configuration settings. Follow these steps to enter settings using the wizard on the CLI:

Step 1

Connect your computer to the controller using a DB-9 null-modem serial cable.

Step 3

At the prompt, log into the CLI. The default username is admin and the default password is admin.

Step 4

If necessary, enter reset system to reboot the unit and start the wizard.

Step 5

The first wizard prompt is for the system name. Enter up to 32 printable ASCII characters.

Step 6

Enter an administrator username and password, each up to 24 printable ASCII characters.

Step 7

Enter the service-port interface IP configuration protocol: none or DHCP. If you do not want to use the service port or if you want to assign a static IP Address to the service port, enter none.

Step 8

If you entered none in step 7 and need to enter a static IP address for the service port, enter the service-port interface IP address and netmask for the next two prompts. If you do not want to use the service port, enter 0.0.0.0 for the IP address and netmask.

Step 9

Enter the management interface IP Address, netmask, default router IP address, and optional VLAN identifier (a valid VLAN identifier, or 0 for untagged).

Step 10

Enter the Network Interface (Distribution System) Physical Port number.

Step 11

Enter the IP address of the default DHCP Server that will supply IP Addresses to clients, the management interface, and the service port interface if you use one.

Step 12

Enter the LWAPP Transport Mode, LAYER2 or LAYER3 (refer to the Layer 2 and Layer 3 LWAPP Operation chapter for an explanation of this setting).

Step 13

Enter the Virtual Gateway IP Address. This address can be any fictitious, unassigned IP address (such as 1.1.1.1) to be used by Layer 3 Security and Mobility managers.

Step 15

Enter the WLAN 1 SSID, or network name. This is the default SSID that lightweight access points use to associate to a controller.

Step 16

Allow or disallow Static IP Addresses for clients. Enter yes to allow clients to supply their own IP addresses. Enter no to require clients to request an IP Address from a DHCP server.

Step 17

If you need to configure a RADIUS Server, enter yes, and enter the RADIUS server IP address, the communication port, and the shared secret. If you do not need to configure a RADIUS server or you want to configure the server later, enter no.

Step 18

Enter a country code for the unit. Enter help to list the supported countries, or refer to Appendix x, Country Codes.

Step 20

Enable or disable Radio Resource Management (RRM) (auto RF). Refer to chapter x for a complete description of RRM.

When you answer the last prompt, the controller saves the configuration, reboots with your changes, and prompts you to log in or to enter recover-config to reset to the factory default configuration and return to the wizard.

Managing the System Time and Date

You can configure the controller to obtain the time and date from an NTP server or you can configure the time and date manually.

Configuring Time and Date Manually

On the CLI, enter show time to check the system time and date. If necessary, enter config time mm/dd/yy hh:mm:ss to set the time and date.

Configuring NTP

On the CLI, enter config time ntp server-ip-address to specify the NTP server for the controller. Enter config time ntp interval to specify, in seconds, the polling interval.

Configuring a Country Code

Controllers are designed for use in many countries with varying regulatory requirements. You can configure a country code for the controller to ensure that it complies with your country's regulations.

On the CLI, enter config country code to configure the country code. Enter show country to check the configuration.

Note The controller must be installed by a network administrator or qualified IT professional and the proper country code must be selected. Following installation, access to the unit should be password protected by the installer to maintain compliance with regulatory requirements and to ensure proper unit functionality.

Table 4-1 Commonly Used Country Codes
Country Code	Country	802.11 Bands Allowed
US	United States of America	802.11b, 802.11g, and 802.11a low, medium, and high bands
USL	US Low	802.11b, 802.11g, and 802.11a low and medium bands (used for legacy 802.11a interface cards that do not support 802.11a high band)
AU	Australia	802.11b, 802.11g, and 802.11a
AT	Austria	802.11b, 802.11g, and 802.11a
BE	Belgium	802.11b, 802.11g, and 802.11a
CA	Canada	802.11b and 802.11g
DK	Denmark	802.11b, 802.11g, and 802.11a
FI	Finland	802.11b, 802.11g, and 802.11a
FR	France	802.11b, 802.11g, and 802.11a
DE	Germany	802.11b, 802.11g, and 802.11a
GR	Greece	802.11b and 802.11g
IE	Ireland	802.11b, 802.11g, and 802.11a
IN	India	802.11b and 802.11a
IT	Italy	802.11b, 802.11g, and 802.11a
JP	Japan	802.11b, 802.11g, and 802.11a
KR	Republic of Korea	802.11b, 802.11g, and 802.11a
LU	Luxembourg	802.11b, 802.11g, and 802.11a
NL	Netherlands	802.11b, 802.11g, and 802.11a
PT	Portugal	802.11b, 802.11g, and 802.11a
ES	Spain	802.11b, 802.11g, and 802.11a
SE	Sweden	802.11b, 802.11g, and 802.11a
GB	United Kingdom	802.11b, 802.11g, and 802.11a

Enabling and Disabling 802.11 Bands

You can enable or disable the 802.11b/g (2.4-GHz) and the 802.11a (5-GHz) bands for the controller to comply with the regulatory requirements in your country. By default, both 802.11b/g and 802.11a are enabled.

On the CLI, enter config 80211b disable network to disable 802.11b/g operation on the controller. Enter config 80211b enable network to re-enable 802.11b/g operation.

Enter config 80211a disable network to disable 802.11a operation on the controller. Enter config 80211a enable network to re-enable 802.11a operation.

Configuring Administrator Usernames and Passwords

You can configure administrator usernames and passwords to prevent unauthorized users from reconfiguring the controller and viewing configuration information.

On the CLI, enter config mgmtuser add username password read-write to create a username-password pair with read-write privileges. Enter config mgmtuser add username password read-only to create a username-password pair with read-only privileges. Usernames and passwords are case-sensitive and can contain up to 24 ASCII characters. Usernames and passwords cannot contain spaces.

To change the password for an existing username, enter config mgmtuser password username new_password

Configuring RADIUS Settings

If you need to use a RADIUS server for accounting or authentication, follow these steps on the CLI to configure RADIUS settings for the controller:

Step 1

Enter config radius acct ip-address to configure a RADIUS server for accounting.

Step 2

Enter config radius acct port to specify the UDP port for accounting.

Step 4

Enter config radius acct enable to enable accounting. Enter config radius acct disable to disable accounting. Accounting is disabled by default.

Step 5

Enter config radius auth ip-address to configure a RADIUS server for authentication.

Step 6

Enter config radius auth port to specify the UDP port for authentication.

Step 8

Enter config radius auth enable to enable authentication. Enter config radius acct disable to disable authentication. Authentication is disabled by default.

Use the show radius acct statistics, show radius auth statistics, and show radius summary commands to verify that the RADIUS settings are correctly configured.

Configuring SNMP Settings

Cisco recommends that you use the GUI to configure SNMP settings on the controller. To use the CLI, follow these steps:

Step 1

Enter config snmp community create name to create an SNMP community name.

Step 2

Enter config snmp community delete name to delete an SNMP community name.

Step 3

Enter config snmp community accessmode ro name to configure an SNMP community name with read-only privileges. Enter config snmp community accessmode rw name to configure an SNMP community name with read-write privileges.

Step 4

Enter config snmp community ipaddr ip-address ip-mask name to configure an IP address and subnet mask for an SNMP community.

Step 5

Enter config snmp community mode enable to enable a community name. Enter config snmp community mode disable to disable a community name.

Step 6

Enter config snmp trapreceiver create name ip-address to configure a destination for a trap.

Step 8

Enter config snmp trapreceiver ipaddr old-ip-address name new-ip-address to change the destination for a trap.

Step 9

Enter config snmp trapreceiver mode enable to enable traps. Enter config snmp trapreceiver mode disable to disable traps.

Step 10

Enter config snmp syscontact syscontact-name to configure the name of the SNMP contact. Enter up to 31 alphanumeric characters for the contact name.

Step 11

Enter config snmp syslocation syslocation-name to configure the SNMP system location. Enter up to 31 alphanumeric characters for the location.

Use the show snmpcommunity and show snmptrap commands to verify that the SNMP traps and communities are correctly configured.

Use the show trapflags command to see the enabled and disabled trapflags. If necessary, use the config trapflags commands to enable or disable trapflags.

Configuring Mobility Groups

All Cisco Wireless LAN Controllers that can communicate with each other through their Distribution System (network) ports can automatically discover each other and form themselves into groups. After they are grouped, the Radio Resource Management (RRM) function maximizes its inter-controller processing efficiency and mobility processing.

Cisco Wireless LAN Controller group discovery is automatically enabled when two or more members are assigned to the same mobility group name. Note that this feature must be enabled on each Cisco Wireless LAN Controller to be included in the discovery process.

Step 2

Enter config mobility group name group_name to create a mobility group. Enter up to 31 case-sensitive ASCII characters for the group name. Spaces are not allowed in mobility group names.

Step 3

Enter config mobility group member add mac-address ip-addr to add a group member. Enter config mobility group member delete mac-address ip-addr to delete a group member.

Configuring RADIUS Settings

When your Cisco WLAN Solution is to use an external RADIUS server for accounting and/or authentication, set up the links using these commands.

For address, enter the server name or IP Address. For port, enter the UDP port number. For secret, enter the RADIUS server's secret.

When you complete the configuration, enter show radius acct statistics, show radius auth statistics, and show radius summary to verify that the RADIUS links are correctly configured.

Configuring the Service Port

The service port on 4100 and 4400 series controllers can be configured with a separate IP Address, subnet mask, and IP assignment protocol from the Distribution System (network) port. To display and configure the service port parameters, use these commands:

Configuring Radio Resource Management (RRM)

The Radio Resource Management (RRM) function automatically recognizes lightweight access points on your network, and when they are part of the same mobility group, automatically configures them for optimal operation in their respective frequency bands.

Typically, you will not need to manually configure anything after enabling and/or disabling the 802.11a and 802.11b/g networks. However, you might want to fine-tune the network operation using these command sets:

Configuring the Serial (CLI Console) Port

The controller serial port is set for a 9600 baud rate and a short timeout. If you would like to change either of these values, enter config serial baudrate and config serial timeout to make your changes. If you enter config serial timeout 0, serial sessions never time out.

Enabling 802.3x Flow Control

802.3x Flow Control is disabled by default. To enable it, enter config switchconfig flowcontrol enable.

Enabling System Logging

System logging is disabled by default. Enter show syslog to view the current syslog status. Enter config syslog to send a controller log to a remote IP Address or hostname.

Enabling Dynamic Transmit Power Control

When you enable Dynamic Transmit Power Control (DTPC), access points add channel and transmit power information to beacons. (On access points that run Cisco IOS software, this feature is called world mode.) Client devices using DTPC receive the information and adjust their settings automatically. For example, a client device used primarily in Japan could rely on DTPC to adjust its channel and power settings automatically when it travels to Italy and joins a network there. DTPC is enabled by default.

Table Of Contents