Table Of Contents
Obtaining Documentation, Obtaining Support, and Security Guidelines
Prerequisites for Configuring the Cisco WLCM on a Cisco Router
Restrictions for Configuring the Cisco WLCM on a Cisco Router
Information About the Cisco WLCM on a Cisco Router
Operating System User Interfaces
How to Configure the Cisco WLCM
Accessing the CLI Through a Console Connection or Through Telnet
Understanding Interfaces on the Cisco WLCM
Using Interface Configuration Mode
Configuring the Cisco WLCM in the Router
Running the Configuration Wizard
Configuration Example for Running the Configuration Wizard
Configuring and Verifying Management and AP Manager Interfaces
Configuration Examples for Verifying Management and AP Manager Interfaces
Configuring Wide-Area LANs on the Cisco WLCM
Assigning the WLANs to a DHCP server
Configuration Examples for Creating VLANs
Configuring VLANs with APs Connected to an External Switch
Assigning the WLANs on the Router to a DHCP Server
Creating Dynamic Interfaces on the WLCM
Configuring APs Connected to an EtherSwitch Module on the Router
Configuring Integrated Routing and Bridging
Configuring Wired VLANs on the EtherSwitch Module with Wireless VLANs on the WLCM
Configuring the EtherSwitch Network Module
Upgrading the Cisco WLCM Software
Configuration Examples for Using the reset system Command
Erasing and Resetting the WLCM Configuration
interface integrated-service-engine
service-module integrated-service-engine
show controllers integrated-service-engine
show interfaces integrated-service-engine
Configuring the Cisco Wireless Controller Network Module on a Cisco Router, Cisco IOS Release 12.4(15)T
The Cisco wireless LAN (WLAN) controller network module (WLCM) is designed to provide small- and medium-sized businesses (SMBs) and enterprise branch office customers 802.11 wireless networking solutions for Cisco 2800 series and Cisco 3800 series Integrated Services Routers (ISRs) and Cisco 3700 series routers. The Cisco WLCM operating system enables Cisco ISRs and Cisco 3700 series routers to manage up to 8 or 12 WLAN access points (APs) and simplifies deploying and managing wireless LANs. The operating system manages all data client, communications, and system administration functions, performs radio resource management (RRM) functions, manages system-wide mobility policies using the operating system security (OSS), and coordinates all security functions using the OSS framework. The Cisco WLCM works in conjunction with Cisco Aironet lightweight access points, the Cisco Wireless Control System (WCS), and the Cisco Wireless Location Appliance (WLA) to support wireless data, voice, and video applications.
For information about the Cisco Wireless LAN controller module NM-AIR-WLC6 solution, see the Cisco Network Modules Hardware Installation Guide at the following URL:
http://www.cisco.com/en/US/products/hw/modules/ps2797/products_installation_guide_chapter09186a008078984f.html
Note
The Cisco 2801 Integrated Services Router does not support the Cisco WLCM.
Note
For more information about the Cisco WLAN solution, see the Cisco Wireless LAN Solution Product Guide at the following URL:
http://www.cisco.com/en/US/products/ps6308/products_installation_and_configuration_guides_list.html
Obtaining Documentation, Obtaining Support, and Security Guidelines
For information on obtaining documentation, obtaining support, providing documentation feedback, security guidelines, and also recommended aliases and general Cisco documents, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Contents
•
•
•
•
Prerequisites for Configuring the Cisco WLCM on a Cisco Router
The Cisco WLCM operating system on the Cisco WLCM must be compatible with the Cisco IOS software release and feature set on the router.
Use the following commands to view the Cisco IOS version on the router and to view the operating system version on the WLCM.
•
•
Restrictions for Configuring the Cisco WLCM on a Cisco Router
The WLCM does not manage the integrated access points (HWIC-AP modules) on Cisco ISRs.
Information About the Cisco WLCM on a Cisco Router
The Cisco WLCM is supported on the following router platforms:
•
For information about Cisco 3700 series routers wireless support, see the following URL:
http://www.cisco.com/en/US/products/hw/routers/ps282/tsd_products_support_series_home.html
•
For information about Cisco 2800 Integrated Services Routers wireless support, see the following URL:
http://www.cisco.com/en/US/products/ps5854/tsd_products_support_series_home.html
•
For information about Cisco 3800 Integrated Services Routers wireless support, see the following URL:
http://www.cisco.com/en/US/products/ps5855/tsd_products_support_series_home.html
Cisco WLCMs ship with a boot loader and a 512-MB CompactFlash memory card. The CompactFlash memory card contains the boot loader, Linux kernel, Cisco WLCM and access points executable file, emergency upgrade software, and Cisco WLCM configuration.
Figure 1 shows the faceplate of the Cisco WLCM.
Note
Figure 1 Cisco Wireless LAN Controller Network Module Faceplate
Note
Note
Figure 2 shows how the Cisco WLCM can be simultaneously deployed across multiple floors and buildings in a wired branch office with secure data, voice, switching, and wireless functions.
Figure 2 Cisco WLCM Deployment for Converged Wireless with Secure Data, Voice, Switching, and Wireless Functions
The Cisco Wireless Control System (WCS) allows users to design, control, and monitor enterprise wireless networks from a centralized location. The Cisco WCS is an optional network component that works in conjunction with Cisco APs and Cisco WLCMs.
The Cisco 2700 series location appliance is another optional network component that enhances the high-accuracy, built-in, Cisco WCS location-tracking abilities by computing, collecting, and storing historical location data. This data can be displayed in the Cisco WCS. The location appliance acts as a server to one or more Cisco WCS servers; the location appliance collects, stores, and passes on data from its associated controllers. For complete information about managing the Cisco WLAN location appliance, see the following URL:
http://www.cisco.com/en/US/products/ps6386/tsd_products_support_series_home.html
Power over Ethernet
Power over Ethernet (PoE) is supported on Cisco ISR routers. When using PoE, the installer runs a single CAT-5 cable from each access point to PoE-equipped network elements, such as a PoE-compliant Cisco EtherSwitch service module on the integrated services router or a Cisco Catalyst 3750 switch with PoE. When the PoE equipment determines that the access point is PoE-enabled, it sends -48 VDC over the unused pairs in the Ethernet cable to power the access point.
Connecting Access Points
Access points can be connected to a separate switch or to a Cisco EtherSwitch service module on Cisco ISRs. The Cisco ISR family supports a range of integrated Cisco EtherSwitch service modules with 4 to 48 ports supporting PoE.
Note
Operating System User Interfaces
The Cisco WLCM and its associated Cisco access points can be concurrently managed by these operating system user interfaces:
•
For more information about the CLI and a complete list of features available on the Cisco WLCM, see the Cisco Wireless LAN Solution Product Guide at the following URL:
http://www.cisco.com/en/US/products/ps6308/products_installation_and_configuration_guides_list.html
•
Note
Because the web user interface works with one Cisco wireless LAN controller at a time, the web user interface is especially useful when you wish to configure or monitor a single Cisco wireless LAN controller and its associated access points that support Lightweight Access Point Protocol (LWAPP). The web GUI is supported on Internet Explorer, version 6.0 Standard and Enterprise Editions (SP1) or later.
For complete information about the GUI, see the Cisco Wireless LAN Solution Product Guide at the following URL:
http://www.cisco.com/en/US/products/ps6308/products_installation_and_configuration_guides_list.html
•
The Cisco WCS includes the same configuration, performance monitoring, security, fault management, and accounting options that are used at the Cisco wireless LAN controller level, but adds a graphical view of multiple controllers and managed access points.
For complete information about the Cisco WCS, see the Cisco Wireless LAN Solution Product Guide at the following URL:
http://www.cisco.com/en/US/products/ps6308/products_installation_and_configuration_guides_list.html
The Cisco WLCM, together with Cisco ISRs, supports IPSec security for wireless clients that terminate on Cisco ISRs through the use of a VPN pass-through on the Cisco WLCM.
How to Configure the Cisco WLCM
This section contains the following procedures:
•
•
•
•
•
•
•
•
•
•
•
•
Note
http://www.cisco.com/en/US/products/ps6308/products_installation_and_configuration_guides_list.html
Before installing, configuring, or upgrading a Cisco WLCM, see the Cisco Wireless LAN Solution Product Guide.
Note
Caution
Accessing the CLI Through a Console Connection or Through Telnet
Before you can access the Cisco WLCM CLI, you must first use one of these methods to establish a connection from the host router:
•
Note
Note
•
The Cisco WLCM supports one secure SSH session and up to 5 simultaneous Telnet sessions. Changes made by one Telnet user are reflected in all other Telnet sessions.
If your Cisco WLCM is already configured, you can directly open a session to the WLCM and configure it through its CLI.
Understanding Interfaces on the Cisco WLCM
The host router and the Cisco WLCM communicate through the integrated-service-engine interface connection between the router and the Cisco WLCM.
Note
For more detailed information about interface types on the controller network module, see the
Cisco Wireless LAN Solution Product Guide at the following URL:http://www.cisco.com/en/US/products/ps6308/products_installation_and_configuration_guides_list.html
Using Interface Configuration Mode
Note
The Gigabit Ethernet internal interface on the Cisco WLCM connects internally to the integrated-service-engine interface 1/0 on the router (if the WLCM is inserted in slot 1 of the router).
The port numbering scheme that you use in interface configuration mode is interface type/slot number/port number.
•
•
•
Configuring the Cisco WLCM in the Router
This section describes how to perform the initial configuration of the router with a Cisco WLCM installed. This section also describes the initial configuration of the Cisco WLCM itself.
For advanced information about configuring the Cisco WLCM, see the Cisco Wireless LAN Solution Product Guide at the following URL:
http://www.cisco.com/en/US/products/ps6308/products_installation_and_configuration_guides_list.html
Prerequisites
Before installing, configuring, or upgrading the Cisco WLCM, see the Cisco Wireless LAN Solution Product Guide at the following URL:
http://www.cisco.com/en/US/products/ps6308/products_installation_and_configuration_guides_list.html
Note
http://www.cisco.com/en/US/products/ps6308/prod_command_reference_list.html
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
DETAILED STEPS
Step 1
enable
Example:Router# enable
Enters privileged EXEC mode.
Step 2
configure terminal
Example:Router# configure terminal
Enters global configuration mode.
Step 3
interface integrated-service-engine slot/port
Example:Router(config)# interface integrated-service-engine 1/0
Enters interface configuration mode, and specifies an interface for configuration.
Step 4
ip address ip address/subnet mask
Example:Router(config-if)# ip address 192.0.2.254 255.255.255.0
Configures an IP address and subnet mask on this controller interface.
Step 5
no shutdown
Example:Router(config-if)# no shutdown
Enables the module port.
Step 6
end
Example:Router(config-if)# end
Returns to privileged EXEC mode.
Step 7
service-module integrated-service-engine slot/port session
Example:Router# service-module integrated-service-engine 1/0 session
Opens a session to the WLCM.
If the Cisco WLCM has no prior configuration, the configuration wizard automatically starts. You cannot bypass the configuration wizard. Through the CLI, you must provide the required information at the prompts. For information about the configuration wizard, see the "Running the Configuration Wizard" section.
What to Do Next
Proceed to the "Running the Configuration Wizard" section.
Running the Configuration Wizard
When the controller boots at factory defaults, the bootup script runs the configuration wizard, which prompts the installer for initial configuration settings.
Note
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
DETAILED STEPS
Step 1
system name
Example:Welcome to the Cisco Wizard Configuration ToolUse the '-' character to backupWLCM:# anyname
Enter up to 32 printable ASCII characters.
Step 2
username and password
Example:Enter Administrative User Name (24 characters max): anyname
Enter Administrative Password (24 characters max): *****
Enter an administrator username and password, each up to 24 printable ASCII characters.
Step 3
IP address, netmask, default router, VLAN identifier, port number
Example:Management Interface IP Address: 192.0.2.24
Management Interface Netmask: 255.255.255.0
Management Interface Default Router: 192.0.2.254
Management Interface VLAN Identifier (0 = untagged): 0
Management Interface Port Num [1]: 1
Enter the management interface IP address, netmask, default router IP address, optional VLAN identifier (a valid VLAN identifier, or 0 for untagged), and port number.
Step 4
DHCP server IP address
Example:Management Interface DHCP Server IP Address: 192.0.2.24
Enter the IP address of the default DHCP server that will supply IP addresses to clients and to the management interface, if you use one.
Step 5
AP manager interface and AP manager DHCP server IP address
Example:AP Manager Interface IP Address: 192.0.2.25
AP-Manager is on Management subnet, using same values
AP Manager Interface DHCP Server (192.0.2.24): 192.0.2.24
Enter the IP addresses for the AP manager interface and the AP manager DHCP server.
Step 6
virtual gateway IP address
Example:Virtual Gateway IP Address: 1.1.1.1
Enter the virtual gateway IP address. This address can be any fictitious, unassigned IP address (such as 1.1.1.1) to be used by Layer 3 security and mobility managers.
Step 7
RF group name
Example:Mobility/RF Group Name: anyname-mg
Enter the Cisco WLAN solution mobility RF group name.
Step 8
service set identifier (SSID)
Example:Network Name (SSID): wlan-15
Enter the WLAN 1 service set identifier (SSID), or network name. This is the default SSID that access points use to associate to a controller.
Step 9
static IP addresses for clients
Example:Allow Static IP Addresses [YES][no]: no
Allow or disallow static IP addresses for clients. Enter yes to allow clients to supply their own IP addresses. Enter no to require clients to request an IP address from a DHCP server.
Step 10
RADIUS server
Example:Configure a RADIUS Server now? [YES][no]: no
Warning! The default WLAN security policy requires a RADIUS server.
Please see documentation for more details.
If you need to configure a RADIUS server, enter yes, and enter the RADIUS server IP address, the communication port, and the shared secret. If you do not need to configure a RADIUS server, or if you want to configure the server later, enter no.
Step 11
country code
Example:Enter Country Code (enter 'help' for a list of countries) [US]: US
Enter a country code for the unit. To see a list of the supported country codes, enter help or see the Cisco Wireless LAN Solution Product Guide at the following URL:
http://www.cisco.com/en/US/products/ps6308/products_installation_and_configuration_guides_list.html
Step 12
support for 802.11b, 802.11a, or 802.11g
Example:Enable 802.11b Network [YES][no]: yes
Enable 802.11a Network [YES][no]: yes
Enable 802.11g Network [YES][no]: yes
Enable or disable support for 802.11b, 802.11a, and 802.11g.
Step 13
radio resource management (RRM) (auto RF)
Example:Enable Auto-RF [YES][no]:
Enable or disable radio resource management (RRM) (auto RF).
Note
When the configuration wizard has completed initial configuration, the Cisco WLCM automatically reboots with the new configuration and stops at the User prompt.
Step 14
NTP server IP address and polling interval
Example:Configure a NTP server now? [YES][no]: yes
Enter the NTP server's IP address: 192.0.2.254
Enter a polling interval between 3600 and 604800 secs: 7200
You are prompted to configure the Network Time Protocol (NTP) server if necessary.
If you answer yes to configuring the NTP server, you are prompted to provide the NTP server IP address.
If you answer yes to configuring the NTP server, you are also prompted to provide the polling interval.
Step 15
username and password
Example:User: anyname
Password: *****
(WLCM)
Supply the username and password.
Configuration Example for Running the Configuration Wizard
The following example shows the settings by using the wizard on the CLI:
Welcome to the Cisco Wizard Configuration ToolUse the '-' character to backupWLCM:# anynameEnter Administrative User Name (24 characters max): anynameEnter Administrative Password (24 characters max): *****Management Interface IP Address: 192.0.2.24Management Interface Netmask: 255.255.255.0Management Interface Default Router: 192.0.2.254Management Interface VLAN Identifier (0 = untagged): 0Management Interface Port Num [1]: 1Management Interface DHCP Server IP Address: 192.0.2.24AP Manager Interface IP Address: 192.0.2.25AP-Manager is on Management subnet, using same valuesAP Manager Interface DHCP Server (192.0.2.24): 192.0.2.24Virtual Gateway IP Address: 1.1.1.1Mobility/RF Group Name: anyname-mgNetwork Name (SSID): wlan-15Allow Static IP Addresses [YES][no]: noConfigure a RADIUS Server now? [YES][no]: noWarning! The default WLAN security policy requires a RADIUS server.Please see documentation for more details.Enter Country Code (enter 'help' for a list of countries) [US]: USEnable 802.11b Network [YES][no]: yesEnable 802.11a Network [YES][no]: yesEnable 802.11g Network [YES][no]: yesEnable Auto-RF [YES][no]:Configure an NTP server now? [YES][no]: yesEnter the NTP server's IP address: 192.0.2.24Enter a polling interval between 3600 and 604800 secs: 3600Configuration correct? If yes, system will save it and reset. [yes][no]: yesConfiguration saved!Resetting system with new configuration...User:Configure a NTP server now? [YES][no]: yesEnter the NTP server's IP address: 192.0.2.254Enter a polling interval between 3600 and 604800 secs: 7200User: anynamePassword: *****(WLCM)What to Do Next
Proceed to the "Configuring and Verifying Management and AP Manager Interfaces" section.
Configuring and Verifying Management and AP Manager Interfaces
You can create any number of static or dynamic logical interfaces on the Cisco WLCM, configured as VLAN tagged interfaces or untagged interfaces. By default, two static untagged interfaces are assigned (management interface and ap-manager interface) and used for management and communication with APs. Because these interfaces are untagged, they must be assigned to the same subnet that is used to configure the WLCM interface on the router.
SUMMARY STEPS
1.
2.
3.
4.
DETAILED STEPS
Configuration Examples for Verifying Management and AP Manager Interfaces
The management interface must have an IP address that can be reached from the workstation that is managing the interface. The AP manager interface allows the WLCM to communicate with APs.
WLCM> configure interface address management 192.0.2.24 255.255.255.0 192.0.2.254WLCM> configure interface address ap-manager 192.0.2.25 255.255.255.0 192.0.2.254The last IP address (192.0.2.254) is the default-gateway IP address for those interfaces and the IP address of the WLCM interface on the router.
Send a ping from the router to the WLCM management interface and AP manager interface.
Router:# ping 192.0.2.24Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 192.0.2.24, timeout is 2 seconds:Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 msRouter:# ping 192.0.2.25Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 192.0.2.25, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 msRouter#For information about configuring VLANs on the Cisco WLCM, see the Cisco Wireless LAN Solution Product Guide at the following URL:
http://www.cisco.com/en/US/products/ps6308/products_installation_and_configuration_guides_list.html
What to Do Next
Proceed to the "Configuring Wide-Area LANs on the Cisco WLCM" section.
Configuring Wide-Area LANs on the Cisco WLCM
The Cisco WLCM can control up to 16 wireless LANs for access points. Each wireless LAN has a separate wireless LAN ID (1 through 16) and a separate wireless LAN SSID (wireless LAN name). Each wireless LAN can be assigned unique security policies.
Note
Note
Native VLAN is not supported on the Cisco WLCM; therefore, the router should not have any functional native VLANs configured.
For additional information about configuring VLANs on the Cisco WLCM, see the Cisco Wireless LAN Solution Product Guide at the following URL:
http://www.cisco.com/en/US/products/ps6308/products_installation_and_configuration_guides_list.html
To configure and activate WLANs, to assign the WLANs to a DHCP server, and to assign the WLANs a VLAN, follow the steps below.
Configuring the Interface
The interface must have an IP address and descriptors configured to the interface. To assign the IP address and descriptors to the interface, follow the steps below.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
8.
DETAILED STEPS
Assigning the WLANs to a DHCP server
The following shows how to configure a DHCP server to the router, and an IP address to the AP.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
DETAILED STEPS
Step 1
ip dhcp excluded-address low-address high-address
Example:Router(config-if)# ip dhcp excluded-address 100.100.100.1 100.100.100.100
Specifies the IP addresses that a Dynamic Host Configuration Protocol (DHCP) server should not assign to DHCP clients.
Step 2
ip dhcp pool name
Example:Router(config-if)# ip dhcp pool lwapp-ap
Configures a DHCP address pool on a DHCP server and enters DHCP pool configuration mode.
Step 3
network (dhcp) network-number mask
Example:Router(config-if)# network 100.100.100.0 255.255.255.0
Configures the subnet number and mask for a DHCP address pool on a Cisco IOS DHCP server.
Step 4
default-router address
Example:Router(config-if)# default-router 100.100.100.1
Specifies the default router list for a DHCP client.
Step 5
option code ascii string hex string ip address
Example:Router(config-if)# option 43 ascii 192.0.2.24
Configures DHCP server options for the Cisco WLAN 1000 series AP.
Note
Step 6
interface integrated-service-engine slot/port
Example:Router(config-if)# interface integrated-service-engine 1/0
Enters interface configuration mode, and specifies an interface for configuration.
Step 7
ip address ip-address mask
Example:Router(config-if)# ip address 192.0.2.254 255.255.255.0
Sets a primary or secondary IP address for an interface.
Step 8
interface integrated-service-engine slot/port
Example:Router(config-if)# interface integrated-service-engine 1/0.15
Enters interface configuration mode, and specifies an interface for configuration.
Step 9
encapsulation dot1q vlan-id
Example:Router(config-if)# encapsulation dot1q 15
Enables IEEE 802.1q encapsulation of traffic on a specified subinterface in a virtual LAN (VLAN).
Step 10
ip address ip-address mask
Example:Router(config-if)# ip address 15.0.0.1 255.255.255.0
Sets a primary or secondary IP address for an interface.
Step 11
interface integrated-service-engine slot/port
Example:Router(config-if)# interface integrated-service-engine 1/0.16
Enters interface configuration mode, and specifies an interface for configuration.
Step 12
encapsulation dot1q vlan-id
Example:Router(config-if)# encapsulation dot1q 16
Enables IEEE 802.1q encapsulation of traffic on a specified subinterface in a VLAN.
Step 13
ip address ip-address mask
Example:Router(config-if)# ip address 16.0.0.1 255.255.255.0
Sets a primary or secondary IP address for an interface.
Step 14
ip dhcp pool name
Example:Router(config)# ip dhcp pool client-15
Configures a DHCP address pool on a DHCP server and enters DHCP pool configuration mode.
Step 15
network (dhcp) network-number mask
Example:Router(config)# network 15.0.0.0 255.255.255.0
Configures the subnet number and mask for a DHCP address pool on a Cisco IOS DHCP server.
Step 16
default-router address
Example:Router(config)# default-router 15.0.0.1
Specifies the default router list for a DHCP client.
Step 17
ip dhcp pool name
Example:Router(config-if)# ip dhcp pool lwapp-ap
Configures a DHCP address pool on a DHCP server and enters DHCP pool configuration mode.
Step 18
network (dhcp) network-number mask
Example:Router(config-if)# network 100.100.100.0 255.255.255.0
Configures the subnet number and mask for a DHCP address pool on a Cisco IOS DHCP server.
Step 19
default-router address
Example:Router(config)# default-router 16.0.0.1
Specifies the default router list for a DHCP client.
Assigning the WLANs to a VLAN
The following shows how to configure a the WLAN to a VLAN.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
DETAILED STEPS
Guest
