Table Of Contents
Configuring Management Interfaces and Ports
Overview of Interfaces and Ports
Verifying and Changing the Management Interfaces
Creating and Assigning the AP-Manager Interface
Creating, Assigning, and Deleting Operator-Defined Interfaces
Verifying and Changing the Virtual Interface
Enabling Web and Secure Web Modes
Configuring Spanning Tree Protocol
Configuring Management Interfaces and Ports
This chapter describes how to configure the management interfaces and physical ports on the controller. This chapter contains these sections:
•
Overview of Interfaces and Ports
• Verifying and Changing the Management Interfaces
• Creating and Assigning the AP-Manager Interface
• Creating, Assigning, and Deleting Operator-Defined Interfaces
• Verifying and Changing the Virtual Interface
• Enabling Web and Secure Web Modes
• Configuring Spanning Tree Protocol
Overview of Interfaces and Ports
The Cisco 2000 Series Wireless LAN Controller has up to four physical ports, the Cisco 4100 Series Wireless LAN Controller has two redundant physical ports, and the Cisco 4400 Series Wireless LAN Controller has one (4402) or two (4404) pairs of redundant physical ports. This means that the Cisco 4100 Series Wireless LAN Controller can physically connect to one subnet, and the Cisco 2000 Series Wireless LAN Controller and Cisco 4400 Series Wireless LAN Controllers can physically connect to multiple subnets.
Each of the physical ports can have multiple Interfaces applied to it:
•The Management Interface controls communications with network equipment for all physical ports in all cases.
When the Cisco WLAN Solution is operated in Layer 2 Mode the Management Interface also controls communications between the controller and lightweight access points.
When the Cisco WLAN Solution is operated in Layer 3 Mode, the Management Interface no longer controls communications between the controller and lightweight access points.
•When the Cisco WLAN Solution is operated in Layer 3 Mode the AP-Manager Interface controls all communications between the controller and lightweight access points.
•Each physical port can also have between one and 512 Operator-Defined Interfaces, also known as VLAN Interfaces, assigned to it. Each Operator-Defined Interface is individually configured, and allows separate communication streams to exist on any or all of the physical port(s).
•The Virtual Interface controls Layer 3 Security and Mobility manager communications for controllers for all physical Ports. It also maintains the DNS Gateway hostname used by Layer 3 Security and Mobility managers to verify the source of certificates when Layer 3 Web Authorization is enabled.
•Controllers also have a Service-Port Interface, but that Interface can only be applied to the Service Port. The Cisco 2000 Series Wireless LAN Controller, which has no Service Port, also has no Service-Port Interface.
If you have not already done so, you must decide which physical port(s) you want to use, and then follow the instructions in this chapter to assign interfaces to the ports.
Verifying and Changing the Management Interfaces
Verifying and Changing the Management Interface
You can define static management interface parameters using the configuration wizard. You can also verify or change management interface parameters by following these steps:
Step 1 Enter show interface detailed management to view the current management interface settings. Note that the Management Interface uses the controller's burned-in MAC address.
Step 2 Enter config wlan disable wlan-number to disable each WLAN that is enabled.
Step 3 Enter these commands to define management interfaces:
•config interface address management ip-addr ip-netmask [gateway]
•config interface vlan management {vlan-id | 0}
–Enter 0 for untagged.
•config interface port management physical-ds-port-number
•config interface dhcp management ip-address-of-primary-dhcp-server [ip-address-of-secondary-dhcp-server]
•config interface acl management access-control-list-name
Note To create ACLs, follow the instructions in the controller online help.
Step 4 Enter show interface detailed management to verify that the controller saved your changes.
Creating and Assigning the AP-Manager Interface
The static AP-Manager Interface only exists when the Cisco WLAN Solution is operating in LWAPP Layer 3 Mode. Follow these steps to define the AP-Manager interface:
Step 1 Enter show interface summary to view the current interfaces. If the system is operating in Layer 2 mode, the AP-Manager interface is not listed.
Step 2 Enter show interface detailed ap-manager to view the current AP-Manager interface settings.
Step 3 Enter config wlan disable wlan-number to disable each WLAN that is enabled.
Step 4 Enter these commands to define the AP-Manager interface:
•config interface address ap-manager ip-addr ip-netmask [gateway]
•config interface vlan ap-manager {vlan-id | 0}
–Enter 0 for untagged.
•config interface port ap-manager physical-ds-port-number
•config interface dhcp ap-manager ip-address-of-primary-dhcp-server [ip-address-of-secondary-dhcp-server]
•config interface acl ap-manager access-control-list-name
Note To create ACLs, follow the instructions in the controller online help.
Step 5 Enter show interface detailed ap-manager to verify that the controller saved your changes.
Creating, Assigning, and Deleting Operator-Defined Interfaces
Each Cisco Wireless LAN Controller can support up to 512 dynamic Operator-Defined Interfaces (VLANs). Each Operator-Defined Interface controls VLAN and other communications between controllers and all other network devices. You can assign Operator-Defined Interfaces to WLANs, physical Distribution System Ports, the Layer 2 management interface, and the Layer 3 AP-manager interface.
Note You cannot assign operator-defined interfaces to the dedicated service port on 4100 and 4400 series controllers.
Note Operator-defined interface names cannot contain spaces.
Follow these steps to create, assign, and delete operator-defined interfaces:
Step 1 Enter show interface summary to view the current operator-defined interfaces. They can be identified by the dynamic interface type.
Step 2 To view the details of a specific operator-defined interface, enter show interface detailed operator-defined-interface-name to view the current operator-defined interface settings.
Step 3 Enter config wlan disable wlan-number to disable each WLAN that is enabled.
Step 4 Enter these commands to configure operator-defined interfaces:
•config interface create operator-defined-interface-name {vlan-id | 0}
–Enter 0 for untagged.
•config interface address operator-defined-interface-name ip-addr ip-netmask [gateway]
•config interface vlan operator-defined-interface-name {vlan-id | 0}
•config interface port operator-defined-interface-name physical-ds-port-number
•config interface dhcp operator-defined-interface-name ip-address-of-primary-dhcp-server [ip-address-of-secondary-dhcp-server]
•config interface acl operator-defined-interface-name access-control-list-name
Note To create ACLs, follow the instructions in the controller online help.
Step 5 Enter show interface detailed operator-defined-interface-name and show interface summary to verify that the controller saved your changes.
Step 6 Enter config interface delete operator-defined-interface-name to delete an operator-defined interface.
Verifying and Changing the Virtual Interface
The static virtual interface controls Layer 3 security and mobility manager communications for controller, and it maintains the DNS Gateway hostname used by Layer 3 security and mobility managers to verify the source of certificates when Layer 3 web authorization is enabled. Follow these steps to verify and change the virtual interface:
Step 1 Enter show interface detailed virtual to view the currently configured virtual interfaces.
Step 2 Enter config wlan disable wlan-number to disable each WLAN that is enabled.
Step 3 Enter these commands to configure the virtual interface:
•config interface address virtual ip-address
–For ip-address, enter any fictitious, unassigned, unused gateway IP address.
•config interface hostname virtual dns-host-name
Step 4 Enter reset system. At the confirmation prompt, enter y to save configuration changes to NVRAM. The controller reboots.
Step 5 Enter show interface detailed virtual to verify that the controller saved your changes.
Enabling Web and Secure Web Modes
Use these commands to enable or disable the distribution system port as a web port or as a secure web port:
•config network webmode {enable | disable}
•config network secureweb {enable | disable}
Web and secure web modes are enabled by default.
Configuring Spanning Tree Protocol
Spanning Tree Protocol (STP) is disabled for the distribution system (network) ports by default. Use these commands to enable STP on the controller for all physical ports:
Step 1 Enter show spanningtree port and show spanningtree switch commands to view the current STP status.
Step 2 If STP is enabled, you must disable it before you can change STP settings. Enter config spanningtree switch mode disable to disable STP on all ports.
Step 3 Use these commands to configure the STP port administrative mode:
•config spanningtree port mode 802.1d {port-number | all}
•config spanningtree port mode fast {port-number | all}
•config spanningtree port mode off {port-number | all}
Step 4 Enter these commands to configure the STP port path cost on the STP ports. Use this command to specify a path cost from 1 to 65535 to the port:
•config spanningtree port pathcost 1-65535 {port-number | all}
Use this command to allow the STP algorithm to automatically assign the path cost. This is the default setting:
•config spanningtree port mode pathcost auto {port-number | all} (default)
Step 5 Enter config spanningtree port priority 0-255 port-number to configure port priority on STP ports. The default priority is 128.
Step 6 If necessary, enter config spanningtree switch bridgepriority 0-65535 to configure the controller STP bridge priority. The default bridge priority is 32768.
Step 7 If necessary, enter config spanningtree switch forwarddelay 4-30 to configure the controller STP forward delay in seconds. The default forward delay setting is 15 seconds.
Step 8 If necessary, enter config spanningtree switch hellotime 1-10 to configure the controller STP hello time in seconds. The default hello time is 2 seconds.
Step 9 If necessary, enter config spanningtree switch maxage 6-40 to configure the controller STP maximum age. The default maximum age setting is 20 seconds.
Step 10 After you configure STP settings for the ports, enter config spanningtree switch mode enable to enable STP. The controller automatically detects logical network loops, places redundant ports on standby, and builds a network with the most efficient pathways.
Step 11 Enter show spanningtree port and show spanningtree switch to verify that the controller saved your changes.
