目录
简介
本文档介绍在5760无线LAN控制器(WLC)和3850交换机上安装和准备无线服务的步骤。本文档介绍两个平台的初始配置和接入点(AP)加入过程。
先决条件
要求
本文档没有任何特定的要求。
使用的组件
本文档中的信息基于以下软件和硬件版本:
- 统一接入CT5760无线控制器 — 版本3.02.02SE
- 统一接入Catalyst 3850交换机 — 版本3.02.02SE
本文档中的信息都是基于特定实验室环境中的设备编写的。本文档中使用的所有设备最初均采用原始(默认)配置。如果您使用的是真实网络,请确保您已经了解所有命令的潜在影响。
统一接入CT5760无线控制器的背景信息
CT5760 WLC是首款基于Cisco IOS-XE®软件的控制器,内置智能ASIC,旨在作为下一代统一无线架构中的集中控制器进行部署。该平台还支持融合接入3850系列交换机的新移动功能。
CT5760控制器通常部署在核心附近。连接到核心交换机的上行链路端口可以配置为EtherChannel中继端口,以确保端口冗余。这款新控制器是可扩展的高性能无线控制器,可扩展至1000个AP和12,000个客户端。控制器有6个10 Gbps数据端口,总容量为60 Gbps。
5760系列与Cisco Aironet AP、Cisco Prime基础设施和思科移动服务引擎配合使用,以支持业务关键型无线数据、语音、视频和位置服务应用。
Unified Access Catalyst 3850交换机的背景信息
Cisco Catalyst 3850系列是下一代企业级堆叠式接入层交换机,可在单一平台上提供有线和无线之间的完全融合。无线服务由IOS-XE软件支持,通过无线接入点控制和调配(CAPWAP)协议受支持。思科新的统一接入数据平面(UADP)ASIC为交换机供电,并实现统一的有线 — 无线策略实施、应用可视性、灵活性和应用优化。此融合基于新的和改进的Cisco StackWise-480的恢复能力。Cisco Catalyst 3850系列交换机支持全IEEE 802.3at增强型以太网供电(PoE+)、模块化且可现场更换的网络模块、冗余风扇和电源。
5760 WLC初始配置
本节概述成功配置5760 WLC以托管无线服务的步骤。
配置
设置脚本
--- System Configuration Dialog ---
Enable secret warning
----------------------------------
In order to access the device manager, an enable secret is required
If you enter the initial configuration dialog, you will be prompted for the
enable secret
If you choose not to enter the intial configuration dialog, or if you exit setup
without setting the enable secret,
please set an enable secret using the following CLI in configuration mode-
enable secret 0 <cleartext password>
----------------------------------
Would you like to enter the initial configuration dialog? [yes/no]: yes
At any point you may enter a question mark '?' for help.
Use ctrl-c to abort configuration dialog at any prompt.
Default settings are in square brackets '[]'.
Basic management setup configures only enough connectivity
for management of the system, extended setup will ask you
to configure each interface on the system
Would you like to enter basic management setup? [yes/no]: yes
Configuring global parameters:
Enter host name [Controller]: w-5760-1
The enable secret is a password used to protect access to
privileged EXEC and configuration modes. This password, after
entered, becomes encrypted in the configuration.
Enter enable secret: cisco
The enable password is used when you do not specify an
enable secret password, with some older software versions, and
some boot images.
Enter enable password: cisco
The virtual terminal password is used to protect
access to the router over a network interface.
Enter virtual terminal password: cisco
Configure a NTP server now? [yes]:
Enter ntp server address : 192.168.1.200
Enter a polling interval between 16 and 131072 secs which is power of 2:16
Do you want to configure wireless network? [no]: no
Setup account for accessing HTTP server? [yes]: yes
Username [admin]: admin
Password [cisco]: cisco
Password is UNENCRYPTED.
Configure SNMP Network Management? [no]: no
Current interface summary
Any interface listed with OK? value "NO" does not have a valid configuration
Interface IP-Address OK? Method Status Protocol
Vlan1 unassigned NO unset up up
GigabitEthernet0/0 unassigned YES unset up up
Te1/0/1 unassigned YES unset up up
Te1/0/2 unassigned YES unset down down
Te1/0/3 unassigned YES unset down down
Te1/0/4 unassigned YES unset down down
Te1/0/5 unassigned YES unset down down
Te1/0/6 unassigned YES unset down down
Enter interface name used to connect to the
management network from the above interface summary: vlan1
Configuring interface Vlan1:
Configure IP on this interface? [yes]: yes
IP address for this interface: 192.168.1.20
Subnet mask for this interface [255.255.255.0] : 255.255.255.0
Class C network is 192.168.1.0, 24 subnet bits; mask is /24
Wireless management interface needs to be configured at startup
It needs to be mapped to an SVI that's not Vlan 1 (default)
Enter VLAN No for wireless management interface: 120
Enter IP address :192.168.120.94
Enter IP address mask: 255.255.255.0
The following configuration command script was created:
w-5760-1
enable secret 4 tnhtc92DXBhelxjYk8LWJrPV36S2i4ntXrpb4RFmfqY^Q
enable password cisco
line vty 0 15
password cisco
ntp server 192.168.1.200 maxpoll 4 minpoll 4
username admin privilege 15 password cisco
no snmp-server
!
no ip routing
!
interface Vlan1
no shutdown
ip address 192.168.1.20 255.255.255.0
!
interface GigabitEthernet0/0
shutdown
no ip address
!
interface TenGigabitEthernet1/0/1
!
interface TenGigabitEthernet1/0/2
!
interface TenGigabitEthernet1/0/3
!
interface TenGigabitEthernet1/0/4
!
interface TenGigabitEthernet1/0/5
!
interface TenGigabitEthernet1/0/6
vlan 120
interface vlan 120
ip addr 192.168.120.94 255.255.255.0
exit
wireless management interface Vlan120
!
end
[0] Go to the IOS command prompt without saving this config.
[1] Return back to the setup without saving this config.
[2] Save this configuration to nvram and exit.
Enter your selection [2]: 2
Building configuration...
Compressed configuration from 2729 bytes to 1613 bytes[OK]
Use the enabled mode 'configure' command to modify this configuration.
Press RETURN to get started!
接入点加入所需的配置
- 配置网络连通性。
配置连接到CAPWAP流量流入/出站的主干网络的TenGig接口。在本例中,使用的接口为TenGigabitEthernet1/0/1。允许VLAN 1和VLAN 120。
interface TenGigabitEthernet1/0/1
switchport trunk allowed vlan 1,120
switchport mode trunk
ip dhcp relay information trusted
ip dhcp snooping trust配置出站默认路由:
ip route 0.0.0.0 0.0.0.0 192.168.1.1
- 配置 Web 访问。
可通过https://<ipaddress>/wireless访问GUI
登录凭证已在初始配置对话框中定义。
username admin privilege 15 password cisco
- 确保无线管理接口配置正确。
wireless management interface Vlan120
w-5760-1#sh run int vlan 120
Building configuration...
Current configuration : 62 bytes
!
interface Vlan120
ip address 192.168.120.94 255.255.255.0
end
w-5760-1#sh ip int br
Interface IP-Address OK? Method Status Protocol
Vlan1 192.168.1.20 YES manual up up
Vlan120 192.168.120.94 YES manual up up
GigabitEthernet0/0 unassigned YES unset down down
Te1/0/1 unassigned YES unset up up
Te1/0/2 unassigned YES unset down down
Te1/0/3 unassigned YES unset down down
Te1/0/4 unassigned YES unset down down
Te1/0/5 unassigned YES unset down down
Te1/0/6 unassigned YES unset down down
Capwap2 unassigned YES unset up up
w-5760-1# - 确保激活许可证已启用,且AP计数正确。
w-5760-1#license right-to-use activate apcount <count> slot 1 acceptEULA
- 确保在WLC上配置了正确的国家/地区代码,以符合AP所部署的国家/地区的管制范围。
w-5760-1#show wireless country configured
Configured Country.............................: US - United States
Configured Country Codes
US - United States : 802.11a Indoor,Outdoor/ 802.11b / 802.11g要修改国家/地区代码,请输入以下命令:
w-5760-1(config)#ap dot11 24ghz shutdown
w-5760-1(config)#ap dot11 5ghz shutdown
w-5760-1(config)#ap country BE
Changing country code could reset channel and RRM grouping configuration.
If running in RRM One-Time mode, reassign channels after this command.
Check customized APs for valid channel values after this command.
Are you sure you want to continue? (y/n)[y]: y
w-5760-1(config)#no ap dot11 24ghz shut
w-5760-1(config)#no ap dot11 5ghz shut
w-5760-1(config)#end
w-5760-1#wr
Building configuration...
Compressed configuration from 3564 bytes to 2064 bytes[OK]
w-5760-1#show wireless country configured
Configured Country.............................: BE - Belgium
Configured Country Codes
BE - Belgium : 802.11a Indoor,Outdoor/ 802.11b / 802.11g - 确保AP能够通过DHCP选项43、域名服务(DNS)或CAPWAP中的任何其他发现机制获知WLC(本例中为192.168.120.94)的IP地址。
验证
为确保AP已加入,请输入show ap summary命令:
w-5760-1#show ap summary
Number of APs: 1
Global AP User Name: Not configured
Global AP Dot1x User Name: Not configured
AP Name AP Model Ethernet MAC Radio MAC State
--------------------------------------------------------------------------
APa493.4cf3.232a 1042N a493.4cf3.232a 10bd.186d.9a40 Registered
故障排除
排除AP加入问题故障的有用调试:
w-5760-1#debug capwap ap events
capwap/ap/events debugging is on
w-5760-1#debug capwap ap error
capwap/ap/error debugging is on
w-5760-1#debug dtls ap event
dtls/ap/event debugging is on
w-5760-1#debug capwap ios event
CAPWAP Event debugging is on
5760-1#debug capwap ios error
CAPWAP Error debugging is on
3850交换机初始配置
本节包括在3850上托管无线服务所需的配置。
配置
设置脚本
--- System Configuration Dialog ---
Enable secret warning
----------------------------------
In order to access the device manager, an enable secret is required
If you enter the initial configuration dialog, you will be prompted
for the enable secret
If you choose not to enter the intial configuration dialog, or if you
exit setup without setting the enable secret,
please set an enable secret using the following CLI in configuration mode-
enable secret 0 <cleartext password>
----------------------------------
Would you like to enter the initial configuration dialog? [yes/no]: yes
At any point you may enter a question mark '?' for help.
Use ctrl-c to abort configuration dialog at any prompt.
Default settings are in square brackets '[]'.
Basic management setup configures only enough connectivity
for management of the system, extended setup will ask you
to configure each interface on the system
Would you like to enter basic management setup? [yes/no]: yes
Configuring global parameters:
Enter host name [Switch]: sw-3850-1
The enable secret is a password used to protect access to
privileged EXEC and configuration modes. This password, after
entered, becomes encrypted in the configuration.
Enter enable secret: Cisco123
The enable password is used when you do not specify an
enable secret password, with some older software versions, and
some boot images.
Enter enable password: Cisco123
The virtual terminal password is used to protect
access to the router over a network interface.
Enter virtual terminal password: Cisco123
Do you want to configure country code? [no]: yes
Enter the country code[US]:US
Note : Enter the country code in which you are installing this 3850 Switch and
the AP(s). If your country code is not recognized, enter one that is compliant
with the regulatory domain of your own country
Setup account for accessing HTTP server? [yes]: yes
Username [admin]: admin
Password [cisco]: cisco
Password is UNENCRYPTED.
Configure SNMP Network Management? [no]: no
Current interface summary
Any interface listed with OK? value "NO" does not have a valid configuration
Interface IP-Address OK? Method Status Protocol
Vlan1 unassigned NO unset up down
GigabitEthernet0/0 unassigned YES unset up up
GigabitEthernet2/0/1 unassigned YES unset down down
GigabitEthernet2/0/2 unassigned YES unset down down
GigabitEthernet2/0/3 unassigned YES unset down down
...
...
...
GigabitEthernet2/0/46 unassigned YES unset down down
GigabitEthernet2/0/47 unassigned YES unset down down
GigabitEthernet2/0/48 unassigned YES unset up up
GigabitEthernet2/1/1 unassigned YES unset down down
GigabitEthernet2/1/2 unassigned YES unset down down
GigabitEthernet2/1/3 unassigned YES unset down down
GigabitEthernet2/1/4 unassigned YES unset down down
Te2/1/1 unassigned YES unset down down
Te2/1/2 unassigned YES unset down down
Te2/1/3 unassigned YES unset down down
Te2/1/4 unassigned YES unset down down
Enter interface name used to connect to the
management network from the above interface summary: vlan1
Configuring interface Vlan1:
Configure IP on this interface? [yes]: yes
IP address for this interface: 192.168.1.2
Subnet mask for this interface [255.255.255.0] : 255.255.255.0
Class C network is 192.168.1.0, 24 subnet bits; mask is /24
此配置命令脚本已创建:
hostname sw-3850-1
enable secret 4 vwcGVdcUZcRMCyxaH2U9Y/PTujsnQWPSbt.LFG8lhTw
enable password Cisco123
line vty 0 15
password Cisco123
ap dot11 24ghz shutdown
ap dot11 5ghz shutdown
ap country US
no ap dot11 24ghz shutdown
no ap dot11 5ghz shutdown
username admin privilege 15 password 0 cisco
no snmp-server
!
no ip routing
!
interface Vlan1
no shutdown
ip address 192.168.1.2 255.255.255.0
!
interface GigabitEthernet0/0
shutdown
no ip address
!
interface GigabitEthernet2/0/1
!
interface GigabitEthernet2/0/2
!
interface GigabitEthernet2/0/3
...
...
...
interface GigabitEthernet2/0/46
!
interface GigabitEthernet2/0/47
!
interface GigabitEthernet2/0/48
!
interface GigabitEthernet2/1/1
!
interface GigabitEthernet2/1/2
!
interface GigabitEthernet2/1/3
!
interface GigabitEthernet2/1/4
!
interface TenGigabitEthernet2/1/1
!
interface TenGigabitEthernet2/1/2
!
interface TenGigabitEthernet2/1/3
!
interface TenGigabitEthernet2/1/4
!
end
[0] Go to the IOS command prompt without saving this config.
[1] Return back to the setup without saving this config.
[2] Save this configuration to nvram and exit.
Enter your selection [2]: 2
The enable password you have chosen is the same as your enable secret.
This is not recommended. Re-enter the enable password.
Changing country code could reset channel and RRM grouping configuration.
If running in RRM One-Time mode, reassign channels after this command.
Check customized APs for valid channel values after this command.
Are you sure you want to continue? (y/n)[y]: y
% Generating 1024 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 1 seconds)
Building configuration...
Compressed configuration from 4414 bytes to 2038 bytes[OK]
Use the enabled mode 'configure' command to modify this configuration.
Press RETURN to get started!
接入点加入所需的配置
- 配置无线必备条件。
要启用无线服务,3850必须运行ipservices或ipbase许可证。
- 在交换机上启用无线。
- 启用无线管理
sw-3850-1(config)#wireless management interface vlan <1-4095>
- 定义MC
必须定义MC才能允许AP加入。
如果此3850将是MC,请输入无线移动控制器命令:
sw-3850-1(config)#wireless mobility controller
- 如果此3850作为移动代理(MA)运行,则使用以下命令将其指向MC IP地址:
sw-3850-1(config)#wireless mobility controller ip a.b.c.d
在MC上,输入以下命令:
3850MC(config)#wireless mobility controller peer-group
3850MC(config)#wireless mobility controller peer-groupmember
ip w.x.y.z
- 启用无线管理
- 确保许可证可用性。
确保活动AP许可证在MC上可用(MA使用在MC上激活的许可证):
sw-3850-1#show license right-to-use summary
License Name Type Count Period left
-----------------------------------------------
ipservices permanent N/A Lifetime
apcount base 1 Lifetime
apcount adder 49 Lifetime
-----------------------------------------------
License Level In Use: ipservices
License Level on Reboot: ipservices
Evaluation AP-Count: Disabled
Total AP Count Licenses: 50
AP Count Licenses In-use: 1
AP Count Licenses Remaining: 49要激活3850上的AP计数许可证,请在MC上输入此命令,并输入所需的AP计数:
sw-3850-1#license right-to-use activate apcountslot <#> acceptEULA 配置AP发现过程。
要使AP加入控制器,必须将交换机端口配置设置为无线管理vlan中的接入端口:
如果VLAN 100用于无线管理接口:
sw-3850-1(config)#interface gigabit1/0/10
sw-3850-1(config-if)#switchport mode access
sw-3850-1(config-if)#switchport access vlan 100配置 Web 访问。
可通过https://<ipaddress>/wireless访问GUI
登录凭证已在初始配置对话框中定义。
username admin privilege 15 password 0 cisco ( username for Web access)
- 确保交换机上配置了正确的国家/地区代码,以符合AP所部署国家/地区的管制范围。
sw-3850-1#show wireless country configured
Configured Country.............................: US - United States
Configured Country Codes
US - United States : 802.11a Indoor,Outdoor/ 802.11b / 802.11g要修改国家/地区代码,请输入以下命令:
sw-3850-1(config)#ap dot11 24ghz shutdown
sw-3850-1(config)#ap dot11 5ghz shutdown
sw-3850-1(config)#ap country BE
Changing country code could reset channel and RRM grouping configuration.
If running in RRM One-Time mode, reassign channels after this command.
Check customized APs for valid channel values after this command.
Are you sure you want to continue? (y/n)[y]: y
sw-3850-1(config)#no ap dot11 24ghz shut
sw-3850-1(config)#no ap dot11 5ghz shut
sw-3850-1(config)#end
sw-3850-1#wr
Building configuration...
Compressed configuration from 3564 bytes to 2064 bytes[OK]
sw-3850-1#show wireless country configured
Configured Country.............................: BE - Belgium
Configured Country Codes
BE - Belgium : 802.11a Indoor,Outdoor/ 802.11b / 802.11g
验证
为确保AP已加入,请输入show ap summary命令:
sw-3850-1#show ap summary
Number of APs: 1
Global AP User Name: Not configured
Global AP Dot1x User Name: Not configured
AP Name AP Model Ethernet MAC Radio MAC State
------------------------------------------------------------------------------
APa493.4cf3.232a 1042N a493.4cf3.231a 10bd.186e.9a40 Registered
故障排除
排除AP加入问题故障的有用调试:
sw-3850-1#debug capwap ap events
capwap/ap/events debugging is on
sw-3850-1#debug capwap ap error
capwap/ap/error debugging is on
sw-3850-1#debug dtls ap event
dtls/ap/event debugging is on
sw-3850-1#debug capwap ios event
CAPWAP Event debugging is on
sw-3850-1#debug capwap ios error
CAPWAP Error debugging is on