无线/移动 : 无线 VLAN

CT5760控制器和Catalyst 3850交换机配置示例

2015 年 8 月 28 日 - 机器翻译
其他版本: PDFpdf | 英语 (2015 年 4 月 23 日) | 反馈

简介

本文描述步骤安装和准备在5760无线局域网控制器(WLC)的无线服务和3850交换机。本文包括初始配置和接入点(AP)加入进程两个的平台。

贡献用安托万KMEID和毛哔叽Yasmine, Cisco TAC工程师。

先决条件

要求

本文档没有任何特定的要求。

使用的组件

本文档中的信息基于以下软件和硬件版本:

  • Unified访问CT5760无线控制器-版本3.02.02SE
  • Unified访问Catalyst 3850交换版本3.02.02SE

本文档中的信息都是基于特定实验室环境中的设备编写的。本文档中使用的所有设备最初均采用原始(默认)配置。如果您使用的是真实网络,请确保您已经了解所有命令的潜在影响。

Unified访问CT5760无线控制器的背景信息

CT5760 WLC是用聪明的ASIC建立的第一Cisco IOS XE ®基于软件的控制器打算部署作为一个集中化控制器在下一代Unified无线体系结构里。平台也支持新的移动性功能用聚合的访问3850系列交换机。

CT5760控制器在核心附近典型地部署。上行链路端口连接对核心交换机可以配置作为以太网信道Trunk端口保证输出冗余。这新建的控制器是一个可扩展和高性能无线控制器,能扩展1000 AP和12,000个客户端。控制器有60 Gbps总容量的六个10 Gbps数据端口。

与Cisco Aironet AP, Cisco头等基础设施和Cisco Mobility服务引擎一道的5760系列工作为了支持商业危急无线数据、语音、视频和位置服务应用程序。

116342-config-wlc-01.png

Unified访问Catalyst 3850交换机的背景信息

Cisco Catalyst 3850系列是在单个平台提供在有线的和无线之间全双工收敛企业类可堆叠的接入层交换机的下一代。供给动力由IOS-XE软件,无线服务通过无线接入点(CAPWAP)协议控制和供应支持。思科的新建的统一的访问数据飞机(UADP) ASIC供给交换机动力并且启用统一有线的无线策略执行、应用程序可见性、灵活性和应用程序优化。此收敛在新和改善的思科StackWise-480的弹性被构件。在以太网的Cisco Catalyst 3850系列交换机支持全双工IEEE 802.3at电源加上(PoE+),模块化和现场可换的网络模块、冗余风扇和电源。

116342-config-wlc-02.png

5760 WLC初始配置

此部分概述步骤成功配置5760 WLC为了主机无线服务。

配置

设定脚本

         --- System Configuration Dialog ---

Enable secret warning
----------------------------------
In order to access the device manager, an enable secret is required
If you enter the initial configuration dialog, you will be prompted for the
enable secret
If you choose not to enter the intial configuration dialog, or if you exit setup
without setting the enable secret,
please set an enable secret using the following CLI in configuration mode-
enable secret 0 <cleartext password>
----------------------------------

Would you like to enter the initial configuration dialog? [yes/no]: yes

At any point you may enter a question mark '?' for help.
Use ctrl-c to abort configuration dialog at any prompt.
Default settings are in square brackets '[]'.

Basic management setup configures only enough connectivity
for management of the system, extended setup will ask you
to configure each interface on the system

Would you like to enter basic management setup? [yes/no]: yes

Configuring global parameters:

  Enter host name [Controller]: w-5760-1

  The enable secret is a password used to protect access to
  privileged EXEC and configuration modes. This password, after
  entered, becomes encrypted in the configuration.
  Enter enable secret: cisco

  The enable password is used when you do not specify an
  enable secret password, with some older software versions, and
  some boot images.
  Enter enable password: cisco

  The virtual terminal password is used to protect
  access to the router over a network interface.
  Enter virtual terminal password: cisco

Configure a NTP server now? [yes]:
Enter ntp server address : 192.168.1.200
Enter a polling interval between 16 and 131072 secs which is power of 2:16


  Do you want to configure wireless network? [no]: no

Setup account for accessing HTTP server? [yes]: yes
    Username  [admin]: admin
    Password  [cisco]: cisco
    Password is UNENCRYPTED.

  Configure SNMP Network Management? [no]: no

Current interface summary

Any interface listed with OK? value "NO" does not have a valid configuration

Interface             IP-Address      OK?   Method    Status     Protocol
Vlan1                  unassigned     NO    unset     up         up      
GigabitEthernet0/0    unassigned      YES   unset     up         up      
Te1/0/1               unassigned      YES   unset     up         up      
Te1/0/2               unassigned      YES   unset     down       down    
Te1/0/3               unassigned      YES   unset     down       down    
Te1/0/4               unassigned      YES   unset     down       down    
Te1/0/5               unassigned      YES   unset     down       down    
Te1/0/6               unassigned      YES   unset     down       down    

Enter interface name used to connect to the
management network from the above interface summary: vlan1

Configuring interface Vlan1:

Configure IP on this interface? [yes]: yes
    IP address for this interface: 192.168.1.20
    Subnet mask for this interface [255.255.255.0] : 255.255.255.0
    Class C network is 192.168.1.0, 24 subnet bits; mask is /24

Wireless management interface needs to be configured at startup
It needs to be mapped to an SVI that's not Vlan 1 (default)

Enter VLAN No for wireless management interface:  120
Enter IP address :192.168.120.94
Enter IP address mask: 255.255.255.0

The following configuration command script was created:

w-5760-1
enable secret 4 tnhtc92DXBhelxjYk8LWJrPV36S2i4ntXrpb4RFmfqY^Q
enable password cisco
line vty 0 15
password cisco
ntp server 192.168.1.200 maxpoll 4 minpoll 4
username admin privilege 15 password cisco
no snmp-server
!
no ip routing

!
interface Vlan1
no shutdown
ip address 192.168.1.20 255.255.255.0
!
interface GigabitEthernet0/0
shutdown
no ip address
!
interface TenGigabitEthernet1/0/1
!
interface TenGigabitEthernet1/0/2
!
interface TenGigabitEthernet1/0/3
!
interface TenGigabitEthernet1/0/4
!
interface TenGigabitEthernet1/0/5
!         
interface TenGigabitEthernet1/0/6
vlan 120
interface vlan 120
ip addr  192.168.120.94 255.255.255.0
exit
wireless management interface Vlan120
!
end


[0] Go to the IOS command prompt without saving this config.
[1] Return back to the setup without saving this config.
[2] Save this configuration to nvram and exit.

Enter your selection [2]: 2

Building configuration...
Compressed configuration from 2729 bytes to 1613 bytes[OK]
Use the enabled mode 'configure' command to modify this configuration.


Press RETURN to get started!

接入点的必需的配置能加入

注意:重要-保证交换机有正确boot命令下面全局配置。如果它在闪存解压缩,然后w-5760-1(config)#boot系统闪存:boot命令的packages.conf要求。

  1. 配置网络连通性。

    配置TenGig接口连接对呼入/呼出的CAPWAP的通信流的骨干网络。在本例中,使用的接口是TenGigabitEthernet1/0/1。VLAN1和VLAN 120允许。

    interface TenGigabitEthernet1/0/1
    switchport trunk allowed vlan 1,120
    switchport mode trunk
    ip dhcp relay information trusted
    ip dhcp snooping trust

    配置出站的默认路由:

    ip route 0.0.0.0 0.0.0.0 192.168.1.1
  2. 配置 Web 访问。

    GUI可以通过https:// <ipaddress >/wireless访问

    登录凭证在初始配置对话已经定义。

    username admin privilege 15 password cisco

    116342-config-wlc-03.png

  3. 保证无线管理接口正确地配置。
         wireless management interface Vlan120
         w-5760-1#sh run int vlan 120
         Building configuration...

         Current configuration : 62 bytes
         !
         interface Vlan120
         ip address 192.168.120.94 255.255.255.0
        end

      w-5760-1#sh ip int br
      Interface               IP-Address      OK?    Method   Status      Protocol

      Vlan1                   192.168.1.20   YES    manual    up          up
      Vlan120                 192.168.120.94  YES    manual    up          up
      GigabitEthernet0/0      unassigned      YES    unset     down        down
      Te1/0/1                unassigned      YES   unset     up          up
      Te1/0/2               unassigned      YES   unset     down        down
      Te1/0/3                unassigned      YES   unset     down        down
      Te1/0/4                unassigned      YES   unset     down        down
      Te1/0/5                unassigned      YES    unset     down        down
      Te1/0/6                unassigned      YES    unset     down        down
      Capwap2                unassigned      YES   unset     up          up

    w-5760-1#
  4. 保证一个活动许可证启用与适当的AP计数。

    注意:1) 5760未激活许可证级别,镜像已经是ipservices。作为移动性控制器的2) 5760 (MC)可以支持1000 AP。

    w-5760-1#license right-to-use activate apcount <count> slot 1 acceptEULA
  5. 保证正确国家代码配置在WLC与AP部署国家的管理域一致。
    w-5760-1#show wireless country configured

     Configured Country.............................: US  - United States
     Configured Country Codes
        US  - United States : 802.11a Indoor,Outdoor/ 802.11b / 802.11g

    为了修改国家代码,请输入这些命令:

    w-5760-1(config)#ap dot11 24ghz shutdown

    w-5760-1(config)#ap dot11 5ghz shutdown

    w-5760-1(config)#ap country BE
    Changing country code could reset channel and RRM grouping configuration.
    If running in RRM One-Time mode, reassign channels after this command.
    Check customized APs for valid channel values after this command.
    Are you sure you want to continue? (y/n)[y]: y
    w-5760-1(config)#no ap dot11 24ghz shut
    w-5760-1(config)#no ap dot11 5ghz shut
    w-5760-1(config)#end
    w-5760-1#wr
    Building configuration...
    Compressed configuration from 3564 bytes to 2064 bytes[OK]


    w-5760-1#show wireless country configured

     Configured Country.............................: BE  - Belgium
     Configured Country Codes
        BE  - Belgium : 802.11a Indoor,Outdoor/ 802.11b / 802.11g

  6. 保证AP能通过DHCP选项43,域名服务(DNS),或者在CAPWAP的其他发现机制学习WLC (在本例中的192.168.120.94的) IP地址。

验证

为了保证AP加入,请输入show ap summary命令

w-5760-1#show ap summary

Number of APs: 1

Global AP User Name: Not configured
Global AP Dot1x User Name: Not configured

AP Name              AP Model  Ethernet MAC    Radio MAC       State
--------------------------------------------------------------------------
APa493.4cf3.232a     1042N     a493.4cf3.232a  10bd.186d.9a40  Registered

故障排除

排除故障AP加入问题的有用的调试:

w-5760-1#debug capwap ap events
capwap/ap/events debugging is on

w-5760-1#debug capwap ap error
capwap/ap/error debugging is on

w-5760-1#debug dtls ap event
dtls/ap/event debugging is on

w-5760-1#debug capwap ios event
CAPWAP Event debugging is on

5760-1#debug capwap ios error
CAPWAP Error debugging is on

3850交换机初始配置

此部分包括要求的配置主机在3850的无线服务。

配置

设定脚本

         --- System Configuration Dialog ---

Enable secret warning
----------------------------------
In order to access the device manager, an enable secret is required
If you enter the initial configuration dialog, you will be prompted
for the enable secret
If you choose not to enter the intial configuration dialog, or if you
exit setup without setting the enable secret,
please set an enable secret using the following CLI in configuration mode-
enable secret 0 <cleartext password>
----------------------------------
Would you like to enter the initial configuration dialog? [yes/no]: yes

At any point you may enter a question mark '?' for help.
Use ctrl-c to abort configuration dialog at any prompt.
Default settings are in square brackets '[]'.


Basic management setup configures only enough connectivity
for management of the system, extended setup will ask you
to configure each interface on the system

Would you like to enter basic management setup? [yes/no]: yes
Configuring global parameters:

  Enter host name [Switch]: sw-3850-1

  The enable secret is a password used to protect access to
  privileged EXEC and configuration modes. This password, after
  entered, becomes encrypted in the configuration.
  Enter enable secret: Cisco123

  The enable password is used when you do not specify an
  enable secret password, with some older software versions, and
  some boot images.
  Enter enable password: Cisco123

  The virtual terminal password is used to protect
  access to the router over a network interface.
  Enter virtual terminal password: Cisco123

  Do you want to configure country code? [no]: yes

  Enter the country code[US]:US

Note :  Enter the country code in which you are installing this 3850 Switch and
the AP(s). If your country code is not recognized, enter one that is compliant
with the regulatory domain of your own country

Setup account for accessing HTTP server? [yes]: yes
    Username  [admin]: admin
    Password  [cisco]: cisco
    Password is UNENCRYPTED.

  Configure SNMP Network Management? [no]: no

Current interface summary

Any interface listed with OK? value "NO" does not have a valid configuration

Interface              IP-Address      OK? Method Status   Protocol
Vlan1                  unassigned      NO  unset up       down    
GigabitEthernet0/0     unassigned      YES unset up       up      
GigabitEthernet2/0/1   unassigned      YES unset  down     down    
GigabitEthernet2/0/2   unassigned      YES unset  down     down    
GigabitEthernet2/0/3   unassigned      YES unset  down     down    
...

...
...
GigabitEthernet2/0/46  unassigned      YES unset  down     down    
GigabitEthernet2/0/47  unassigned      YES unset  down     down    
GigabitEthernet2/0/48  unassigned      YES unset  up       up      
GigabitEthernet2/1/1   unassigned      YES unset  down     down    
GigabitEthernet2/1/2   unassigned      YES unset  down     down    
GigabitEthernet2/1/3   unassigned      YES unset  down     down    
GigabitEthernet2/1/4   unassigned      YES unset  down     down    
Te2/1/1               unassigned      YES unset  down     down    
Te2/1/2                unassigned      YES unset  down     down    
Te2/1/3                unassigned      YES unset  down     down    
Te2/1/4               unassigned      YES unset  down     down    

Enter interface name used to connect to the
management network from the above interface summary: vlan1

Configuring interface Vlan1:
  Configure IP on this interface? [yes]: yes
    IP address for this interface: 192.168.1.2
    Subnet mask for this interface [255.255.255.0] : 255.255.255.0
    Class C network is 192.168.1.0, 24 subnet bits; mask is /24

此配置命令脚本创建:

hostname sw-3850-1
enable secret 4 vwcGVdcUZcRMCyxaH2U9Y/PTujsnQWPSbt.LFG8lhTw
enable password Cisco123
line vty 0 15
password Cisco123
  ap dot11 24ghz shutdown
  ap dot11 5ghz shutdown
  ap country US
  no ap dot11 24ghz shutdown
  no ap dot11 5ghz shutdown

username admin privilege 15 password 0 cisco
no snmp-server
!
no ip routing

!
interface Vlan1
no shutdown
ip address 192.168.1.2 255.255.255.0
!
interface GigabitEthernet0/0
shutdown
no ip address
!
interface GigabitEthernet2/0/1
!
interface GigabitEthernet2/0/2
!
interface GigabitEthernet2/0/3
...

...

...
interface GigabitEthernet2/0/46
!
interface GigabitEthernet2/0/47
!
interface GigabitEthernet2/0/48
!
interface GigabitEthernet2/1/1
!
interface GigabitEthernet2/1/2
!
interface GigabitEthernet2/1/3
!         
interface GigabitEthernet2/1/4
!
interface TenGigabitEthernet2/1/1
!
interface TenGigabitEthernet2/1/2
!
interface TenGigabitEthernet2/1/3
!
interface TenGigabitEthernet2/1/4
!
end


[0] Go to the IOS command prompt without saving this config.
[1] Return back to the setup without saving this config.
[2] Save this configuration to nvram and exit.

Enter your selection [2]:    2
The enable password you have chosen is the same as your enable secret.
This is not recommended.  Re-enter the enable password.
Changing country code could reset channel and RRM grouping configuration.
If running in RRM One-Time mode, reassign channels after this command.
Check customized APs for valid channel values after this command.
Are you sure you want to continue? (y/n)[y]: y
% Generating 1024 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 1 seconds)

Building configuration...
Compressed configuration from 4414 bytes to 2038 bytes[OK]
Use the enabled mode 'configure' command to modify this configuration.




Press RETURN to get started!

接入点的必需的配置能加入

注意:重要-保证正确boot命令配置在全局配置下。如果它在闪存解压缩,则引导程序系统交换机所有flash: packages.conf命令要求。

  1. 配置无线前提条件。

    为了启用无线服务, 3850必须运行ipservices或ipbase许可证。

  2. 在交换机的Enable (event)无线。

    注意:AP需要连接到在同样VLAN的接入模式连接孔!

    • Enable (event)无线管理
      sw-3850-1(config)#wireless management interface vlan <1-4095>
    • 定义MC

      必须定义MC为了允许AP加入。

      1. 如果此3850将是MC,请输入controller命令无线的移动性

        sw-3850-1(config)#wireless mobility controller

        注意:此配置更改要求重新启动!

      2. 如果此3850运行作为移动性代理程序(MA),则请指向它MC IP地址用此命令:
        sw-3850-1(config)#wireless mobility controller ip a.b.c.d

        并且在MC,请输入这些命令:

        3850MC(config)#wireless mobility controller peer-group <SPG1>

        3850MC(config)#wireless mobility controller peer-group <SPG1> member
        ip w.x.y.z
  3. 保证许可证可用性。

    保证活动AP许可证是可用的在MC (MA使用在MC激活)的许可证:

    注意:1) 3850必须运行ipservices或ipbase许可证为了启用在3850的无线服务。2) AP计数许可证应用在MC和自动地设置并且被强制执行在MA。作为MC的3) 3850可以支持50 AP。

    sw-3850-1#show license right-to-use summary

                  License Name    Type        Count   Period left
                  -----------------------------------------------
                  ipservices      permanent   N/A     Lifetime
                  apcount         base       1       Lifetime
                  apcount         adder       49      Lifetime
                 -----------------------------------------------

    License Level In Use: ipservices
    License Level on Reboot: ipservices
    Evaluation AP-Count: Disabled
    Total AP Count Licenses: 50
    AP Count Licenses In-use: 1
    AP Count Licenses Remaining: 49

    为了激活在3850的AP计数许可证,请输入与需要的AP计数的此命令在MC :

    sw-3850-1#license right-to-use activate apcount <count> slot <#> acceptEULA
  4. 配置AP发现过程。

    为了AP能加入控制器,必须设置交换端口配置作为无线管理VLAN的一个接入端口

    如果VLAN 100使用无线管理接口:

    sw-3850-1(config)#interface gigabit1/0/10
    sw-3850-1(config-if)#switchport mode access
    sw-3850-1(config-if)#switchport access vlan 100
  5. 配置 Web 访问。

    GUI可以通过https:// <ipaddress>/wireless访问

    登录凭证在初始配置对话已经定义。

    username admin privilege 15 password 0 cisco ( username for Web access)

    116342-config-wlc-04.png

  6. 保证适当的国家代码在交换机配置与AP部署国家的管理域一致。
    sw-3850-1#show wireless country configured 

     Configured Country.............................: US  - United States
     Configured Country Codes
      US  - United States : 802.11a Indoor,Outdoor/ 802.11b / 802.11g

    为了修改国家代码,请输入这些命令:

    sw-3850-1(config)#ap dot11 24ghz shutdown 

    sw-3850-1(config)#ap dot11 5ghz shutdown

    sw-3850-1(config)#ap country BE
    Changing country code could reset channel and RRM grouping configuration.
    If running in RRM One-Time mode, reassign channels after this command.
    Check customized APs for valid channel values after this command.
    Are you sure you want to continue? (y/n)[y]: y
    sw-3850-1(config)#no ap dot11 24ghz shut
    sw-3850-1(config)#no ap dot11 5ghz shut
    sw-3850-1(config)#end
    sw-3850-1#wr
    Building configuration...
    Compressed configuration from 3564 bytes to 2064 bytes[OK]


    sw-3850-1#show wireless country configured

     Configured Country.............................: BE  - Belgium
     Configured Country Codes
        BE  - Belgium : 802.11a Indoor,Outdoor/ 802.11b / 802.11g

验证

为了保证AP加入,请输入show ap summary命令

sw-3850-1#show ap summary

Number of APs: 1

Global AP User Name: Not configured
Global AP Dot1x User Name: Not configured

AP Name              AP Model Ethernet MAC    Radio MAC          State
------------------------------------------------------------------------------

APa493.4cf3.232a     1042N     a493.4cf3.231a  10bd.186e.9a40      Registered

故障排除

排除故障AP加入问题的有用的调试:

sw-3850-1#debug capwap ap events
capwap/ap/events debugging is on

sw-3850-1#debug capwap ap error
capwap/ap/error debugging is on

sw-3850-1#debug dtls ap event
dtls/ap/event debugging is on

sw-3850-1#debug capwap ios event
CAPWAP Event debugging is on

sw-3850-1#debug capwap ios error
CAPWAP Error debugging is on

相关的思科支持社区讨论

思科支持社区是您提问、解答问题、分享建议以及与工作伙伴协作的论坛。


Document ID: 116342