Table Of Contents
Quick Start Guide
Cisco 4400 Series Wireless LAN Controllers
INCLUDING LICENSE AND WARRANTY
1 About this Guide
This guide is designed to help you install and minimally configure your Cisco 4400 Series Wireless LAN Controller. This guide covers the following controller models: 4402-25, 4402-50, 4404-25, 4404-50, and 4404-100.
FCC Safety Compliance Statement
This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on.
Try to correct the interference by one or more of the following measures:
•Verify that the ambient temperature remains between 32 to 104° F (0 to 40° C), taking into account the elevated temperatures when installed in a rack or enclosed space.
•When multiple Cisco 4400 series controllers are mounted in an equipment rack, be sure that the power source is sufficiently rated to safely run all the equipment in the rack.
•Verify the integrity of the electrical ground before installing the controller.
Safety warnings appear throughout this guide in procedures that may harm you if performed incorrectly. A warning symbol precedes each warning statement. The warnings below are general warnings that are applicable to the entire guide. Translated versions of the safety warnings in this guide are provided in the Safety Warnings for Cisco 4400 Wireless LAN Controllers document that accompanies this guide.
Statement 371—Power Cable and AC Adapter
Statement 191—VCCI Class A Warning for Japan
2 Introduction to the Controller
Cisco 4400 series wireless LAN controllers offer the highest level of performance and scalability for large scale enterprise wireless LAN deployments. In addition, these controllers deliver wireless LAN services over an existing Ethernet or IP infrastructure, thereby protecting existing network investments while providing the best in class wireless services. A core component of the Cisco unified wireless solution, these controllers deliver wireless security, intrusion detection, radio management, quality of service (QoS), and mobility across an entire enterprise. The controllers work in conjunction with other controllers, Cisco Wireless Control System (WCS), and access points to provide network managers with a robust wireless LAN solution.
In order to best use this guide, you should have already designed the wireless topology of your network. Because the radio resource management (RRM) feature automatically detects and configures access points as they appear on the network, it is not necessary to have any access points on the network to install and configure a controller.
Two versions of the 4400 series controller are available: 4402 and 4404 series controllers. Cisco 4402 controllers have two gigabit Ethernet distribution system ports, each of which is capable of managing up to 48 access points. However, Cisco recommends no more than 25 access points per port due to bandwidth constraints. The 4402-25 and 4402-50 models allow a total of 25 or 50 access points to join the controller. Cisco 4404 controllers have four gigabit Ethernet distribution system ports, each of which is capable of managing up to 48 access points. However, Cisco recommends no more than 25 access points per port due to bandwidth constraints. The 4404-25, 4404-50, and 4404-100 models allow a total of 25, 50, or 100 access points to join the controller.
Figure 1 shows the front panel layout of the 4400 series controller.
Figure 1 Front Panel Layout
Service port (RJ-45)
Distribution port 1 & 2 Link and Activity LEDs
Distribution port 2
Status, alarm, and power supply LEDs
Distribution port 3
Utility port (RJ-45)
Distribution port 3 & 4 Link and Activity LEDs
Distribution port 1
Distribution port 4
Figure 2 shows the back panel layout with a power supply unit installed in power supply slot 2.
Figure 2 Back Panel Layout
VPN termination module Slot 1
Slot 2 power supply power receptacle
VPN termination module slot 0
Slot 2 power supply switch
Power supply slot 1
Slot 2 power supply LED
Checking the Controller LEDs
If your controller is not working properly, check the LEDs on the front panel of the unit. You can use the LED indications to quickly assess the unit's status. The LED indicators are described in
Table 1 LED Indicators
Front Panel LEDs LED Description
Service Port link
Solid green indicates service port link is established.
Service Port activity
Blinking green indicates link data transmission over the service port.
PS1 and PS2
Solid green indicates power supply # is operational.
Solid red indicates an undervoltage condition detected on one of the DC/DC converters. Off indicates normal operation. This LED behavior may also be defined by the controller software.
Solid green followed by blinking green indicates controller is rebooting or loading software. Off indicates normal operation. After the controller resets, the LED behavior is defined by the controller software.
Solid green indicates Ethernet link to wired network is established.
Blinking green indicates data transmission over the Ethernet link
Distribution port link
Solid green indicates link established on distribution port # link.
Distribution port activity
Blinking green indicates data transmission on distribution port # link.
Rear Panel LEDs LED Description
Power supply unit
Solid white indicates normal operation. Solid red indicates a fault.
3 Unpacking and Preparing the Controller for Operation
Follow these steps to unpack the 4400 series controller and prepare it for operation:
Step 1 Open the shipping container and carefully remove the contents.
Step 2 Return all packing materials to the shipping container and save it.
Step 3 Ensure that all items listed in the "Package Contents" section are included in the shipment. Check each item for damage. If any item is damaged or missing, notify your authorized Cisco sales representative.
Each access point package contains the following items:
•Cisco 4400 series wireless LAN controller and power cord
•Mounting hardware kit
•Translated Safety Warnings for Cisco 4400 Series Wireless LAN Controllers
•Cisco product registration and Cisco documentation feedback cards
Required Tools and Information
You will need the following tools and information before you can install the controller:
•Wireless LAN controller hardware
–Controller with factory-supplied power cord and mounting hardware
–Network, operating system service network, and access point cables as required
•Command-line interface (CLI) console
–VT-100 terminal emulator on CLI console (PC, laptop, or palmtop)
–CISCO console port cable (RJ-45 to DB-9) and modular adapter (RJ-45 female to DB-9 female) to connect CLI console and controller
•Local TFTP server (required for downloading operating system software updates). Cisco uses an integral TFTP server. This means that third-party TFTP servers cannot run on the same workstation as the Cisco WCS because Cisco WCS and third-party TFTP servers use the same communication port.
Initial System Configuration Information
Obtain the following initial configuration parameters from your wireless LAN or network administrator:
•A system (controller name).
•An administrative username and password. The default administrative username and password are admin and admin, respectively.
•A service port interface IP address configuration protocol (none or DHCP).
•A management interface (DS Port or network interface port) IP address.
Note The service port interface and management interface must be on different subnets.
•A management interface netmask address.
•A management interface default router IP address.
•A VLAN identifier if the management interface is assigned to a VLAN, or 0 for an untagged VLAN.
•Distribution system physical port number
–4402: 1-2 for front panel GigE ports
–4404: 1-4 for front panel GigE ports
•IP address of the default DHCP server that will supply IP addresses to clients.
•The lightweight access point protocol (LWAPP) transport mode (Layer 2 or Layer 3).
•A virtual gateway IP address (a fictitious, unassigned IP address, such as 18.104.22.168, used by all Cisco wireless LAN controller Layer 3 security and mobility managers).
•A Cisco wireless LAN controller mobility group name, if required.
•An 802.11 network name (SSID) for WLAN 1. This is the default SSID that the access points use when they join with the controller.
•Whether or not to allow static IP addresses from clients.
–Yes is more convenient, but has lower security (session can be hijacked).
–No is less convenient, but has higher security and works well for Windows XP devices.
•RADIUS server IP address, communications port, and secret (if you are configuring a RADIUS server).
•The country code for this installation. Refer to the Cisco Wireless LAN Controller Configuration Guide for country code information. This guide is available at cisco.com.
•Status of the 802.11a, 802.11b, and 802.11g networks (enabled or disabled).
•Status of radio resource management (RRM) (enabled or disabled).
Choosing a Physical Location
You can install the controller almost anywhere, but it is more secure and reliable if you install it in a secure equipment room or wiring closet. For maximum reliability, mount the controller using the following guidelines:
Warning To prevent the system from overheating, do not operate it in an area that exceeds the maximum recommended ambient temperature of:
104° F (40° C) Statement 1047
Warning To prevent airflow restriction, allow clearance around the ventilation openings to be at least:
4-in (10.16 cm) Statement 1076
Warning Take care when connecting units to the supply circuit so that wiring is not overloaded. Statement 1018
•Make sure you can reach the controller and all cables attached to it.
•Make sure that water or excessive moisture cannot get into the controller.
•Make sure that the controller is within 328 ft. (100 m) of equipment connected to a 1000BASE-T port.
•Make sure the controller is within one of the following distances of equipment connected to the optional 1000BASE-SX or -LX port:
–722 ft. (220 m) when using 160 MHz-km rated 62.5/125 um multimode fiber.
–902 ft. (275 m) when using 200 MHz-km rated 62.5/125 um multimode fiber.
–1312 ft. (400 m) when using 400 MHz-km rated 50/125 um multimode fiber.
–1641 ft. (500 m) when using 500 MHz-km rated 50/125 um multimode fiber.
Note These distances depend on the small form factor pluggable (SFP) gigabit converter being used. See the Gigabit Interface Converter (GBIC) Module and Small Form-Factor Pluggable (SFP) GBIC Module Installation Information and Specifications at http://www.cisco.com/en/US/docs/routers/7200/install_and_upgrade/gbic_sfp_modules_install/5067g.html.
The 1000BASE-SX SFP modules provide 1000 Mbps wired connections to a network through 850nM (SX) fiber-optic links using LC physical connectors. The 1000BASE-LX SFP modules provide 1000 Mbps wired connections to a network through 1300nM (LX/LH) fiber- optic links using LC physical connectors.
Installing the Chassis
The controller ships with rack mounting ears attached and the desktop or shelf mounting rubber feet in a separate bag. Follow these guidelines when mounting the controller:
•When mounting the controller on a desktop or shelf, attach the rubber feet to the bottom of the controller chassis, and place the chassis on any secure horizontal surface. If desired, you can remove the rack mounting ears from the controller.
•When mounting the controller in an EIA standard rack, attach the ears to the equipment rack using the factory supplied fasteners.
Caution The controller weighs 15.2 lbs (6.95 kg). For safety, two or more people must work together to perform the rack mount installation.
•Install the SFP modules as described in the 1000BASE-SX, 1000BASE-LX, and 1000BASE-T SFP Module Quick Start Guide.
•If you have purchased an extra power supply module or enhanced security modules, refer to the Cisco 4400 Series Power Supply Quick Start Guide for information about installing these devices.
Warning This unit might have more than one power supply connection. All connections must be removed to de-energize the unit. Statement 1028
Connecting the Controller's Console Port
Before you can configure the controller for basic operations, you need to connect it to a PC that uses a VT-100 terminal emulator (such as HyperTerminal, ProComm, Minicom, or Tip).
Follow these steps to connect the PC to the controller's console port:
Step 1 Connect the RJ-45 connector of the CISCO console port cable, using the modular adapter, to the controller's DB-9 console port. Plug the DB-9 connector of the CISCO console port cable into the CLI console's DB-9 serial port.
Note For example, see Cisco Global Site Selector 4492R Hardware Installation Guide - Console Port section for information on RJ-45 connector of the CISCO console port cable and DB-9 console port.
Step 2 Start the PC's terminal emulation program.
Step 3 Configure the terminal emulation program for the following parameters:
•8 data bits
•No flow control
•1 stop bit
Running the Bootup Script and Power-On Self Test
When you plug the controller into an AC power source, the bootup script initializes the system, verifies the hardware configuration, loads its microcode into memory, verifies its operating system software load, and initializes itself with its stored configurations. Before performing this test, you should have connected your PC to the controller's CLI console as described in the "Connecting the Controller's Console Port" section. Follow these steps to run the bootup script and conduct the power-on self test (POST).
Step 1 Plug an AC power cord into the back of the controller and connect the other end to a grounded 100 to 240 VAC, 50/60 Hz electrical outlet.
Note If you wish to run a previous release of the controller code, press Esc immediately after the Model and S/N line appears. The Bootloader Options menu appears.
Step 2 Observe the bootup using the CLI screen.
The bootup script displays operating system software initialization (code download and POST verification) and basic configuration as shown in the following sample bootup display:Bootloader 22.214.171.124. (Feb 2 2006 - 19:14:47)Motorola PowerPC ProcessorID=00000000 Rev. PVR=80200020Cisco Systems INC., 4400 Wireless LAN Switch BoardCPU: 833 MHzCCB: 333 MHzDDR: 166 MHzLBC: 41 MHzL1 D-cache 32KB, L1 I-cache 32KB enabled.I2C: readyDTT: 1 is 22 CDRAM: DDR module detected, total size: 512MB.512MB8540 in PCI Host Mode.8540 is the PCI Arbiter.Memory Test PASSFLASH:Flash Bank 0: portsize = 2, size 8 MB in 142 Sectors8 MBL2 cache enabled: 256KBCard Id: 1541Card Revision Id: 1Card CPU Id: 1725Number of MAC addresses: 32Number of Slots supported: 4Serial Number: 12345678-12345678-1244Manufacturers ID: 30464Board Maintenance Level: 00Number of supported APs: 24In: serialOut: serialErr: serial.o88b. d888888b .d8888. .o88b. .d88b. d8P Y8 `88' 88' YP d8P Y8 .8P Y8. 8P 88 `8bo. 8P 88 88 8b 88 `Y8b. 8b 88 88 Y8b d8 .88. db 8D Y8b d8 `8b d8' `Y88P' Y888888P `8888Y' `Y88P' `Y88P' Model WS-C3750G-24PS-W24 S/N: 12345678-12345678-12345Net:PHY DEVICE: Found Intel LXT971A at 0x01FEC ETHERNETIDE: Bus 0: OKDevice 0: Model: TOSHIBA THNCF256MBA Firm: 2.20Type: Removable Hard DiskCapacity: 244.5 MB = 0.2 GB (500736 x 512)Device 1: not availableBooting Primary Image...Press <ESC> now for additional boot options...
Step 3 If desired, press Esc to display the Bootloader Boot Options menu.Boot OptionsPlease choose an option from below:1. Run primary image2. Run backup image3. Manually update images4. Change active boot image5. Clear ConfigurationPlease enter your choice:
Note Enter 1 to run the current software, enter 2 to run the previous software, or enter 5 to run the current software and set the controller configuration to factory defaults. Do not enter 3 or 4 unless directed to do so.Detecting Hardware . . .
Step 4 The rest of the is process takes two to three minutes. Do not reboot the controller until the user login prompt appears.Cisco is a trademark of Cisco Systems, Inc.Software Copyright Cisco Systems, Inc. All rights reserved. Cisco AireOS Version 126.96.36.199 Initializing OS Services: ok Initializing Serial Services: ok Initializing Network Services: ok Starting ARP Services: ok Starting Trap Manager: ok Starting Network Interface Management Services: okpolicyBuildDefaultConfigData: Setting default LWAPP MODE to L3policySysReadConfig: policySystemLwappModeSet(L3) Starting System Services: ok Starting Fast Path Hardware Acceleration: ok Starting Switching Services: ok Starting QoS Services: ok Starting Policy Manager: ok Starting Data Transport Link Layer: ok Starting Access Control List Services: ok Starting System Interfaces: ok Starting LWAPP: ok Starting Crypto Accelerator[s]: None Present Starting Certificate Database: ok Starting VPN Services: ok Starting Security Services: ok Starting Policy Manager: ok Starting Authentication Engine: ok Starting Mobility Management: ok Starting Virtual AP Services: ok Starting AireWave Director: ok Starting Network Time Services: ok Starting Broadcast Services: ok Starting Logging Services: ok Starting DHCP Server: ok Starting IDS Signature Manager: ok Starting External Policy Interface: ok Starting RFID Tag Tracking: ok Starting Power Supply and Fan Status Monitoring Service: ok Starting WLAN Control Protocol (WCP): wcpSysInit: Out of factory boot:Initialize ports and IP address for interfaceswcpSysInit: Setting IP address for MGMT interface OKwcpSysInit: Setting LAG for MGMT interface OKwcpSysInit: Setting IP address for AP_MGR interface OKwcpSysInit: Setting IP address for OOB interface OKwcpSysInit: simInterfacePortSet for OOB at LAG port successfulwcpTask: osapiSetsockopt for AF_BSNET_OPTS successwcpTask: Shrinked loopback interface's range to 127.0.0.0/24Set status line to 1wcpSysInit: wcpSysInit(): initializing wcp...DoneokStarting Management Services: Web Server: ok CLI: ok Secure Web: ok
Step 5 If the controller passes the power-on self test, the bootup script runs the Startup Wizard, which prompts you for basic configuration inputs.
4 Using the Startup Wizard
Before you can use the startup wizard, you must obtain the information discussed in the "Required Tools and Information" section. Follow these steps to use the Startup Wizard to configure the controller for basic operation.
Note The available options appear in brackets after each configuration parameter. The default value appears in all uppercase letters.
Note Press the hyphen key if you ever need to return to the previous command line.
Step 1 Enter the system name, which is the name you want to assign to the controller. You can enter up to 32 ASCII characters.
Step 2 Enter the administrative username and password to be assigned to this controller. You can enter up to 24 ASCII characters for each. The default administrative username and password are admin and admin, respectively.
Step 3 If you want the controller's service-port interface to obtain an IP address from a DHCP server, enter DHCP. If you do not want to use the service port or if you want to assign a static IP address to the service-port interface, enter none.
Note The service-port interface controls communications through the service port. Its IP address must be on a different subnet from the management and AP-manager interfaces. This configuration enables you to manage the controller directly or through a dedicated management network to ensure service access during network downtime.
Step 4 If you entered none in Step 3, enter the IP address and netmask for the service-port interface on the next two lines.
Step 5 Enter the IP address, netmask, default router IP address, and optional VLAN identifier (a valid VLAN identifier or 0 for an untagged VLAN) for the management interface.
Note The VLAN identifier should be set to match the switch interface configuration.
Step 6 Enter the IP address of the default DHCP server that will supply IP addresses to clients, the controller's management interface, and optionally the service-port interface.
Note The management interface is the default interface for in-band management of the controller and connectivity to enterprise services such as AAA servers.
Step 7 Enter the IP address of the controller's AP-manager interface.
Note The AP-manager interface is used for Layer 3 communications between the controller and lightweight access points. It must have a unique IP address and is usually configured on the same VLAN or IP subnet as the management interface, but this is not a requirement.
Note If the AP-manager interface is on the same subnet as the management interface, the AP-manager interface uses the same DHCP server IP address as the management interface.
Step 8 Enter the IP address of the controller's virtual interface, which will be used by all controller Layer 3 security and mobility managers. You should enter a fictitious, unassigned IP address, such as 188.8.131.52.
Note The virtual interface is used to support mobility management, DHCP relay, and embedded Layer 3 security such as guest web authentication and VPN termination. All controllers within a mobility group must be configured with the same virtual interface IP address.
Step 9 If desired, enter the name of the mobility group/RF group to which you want the controller to belong.
Note Although the name that you enter here is assigned to both the mobility group and the RF group, these groups are not identical. Both groups define clusters of controllers, but they have different purposes. All of the controllers in an RF group are usually also in the same mobility group and vice versa. However, a mobility group facilitates scalable, system-wide mobility and controller redundancy while an RF group facilitates scalable, system-wide dynamic RF management.
Step 10 Enter the network name, or service set identifier (SSID). The initial SSID enables basic functionality of the controller and allows access points that have joined the controller to enable their radios.
Step 11 Enter yes to allow clients to assign their own IP address or no to make clients request an IP address from a DHCP server.
Step 12 To configure a RADIUS server now, enter yes and then enter the IP address, communication port, and secret key of the RADIUS server. Otherwise, enter no.
Step 13 Enter the code for the country in which the controller will be used.
Note Enter help to view the list of available country codes.
Step 14 Enter yes to enable or no to disable each of the 802.11b, 802.11a, and 802.11g lightweight access point networks.
Step 15 Enter yes to enable or no to disable the controller's radio resource management (RRM) auto RF feature.
Note The auto RF feature enables the controller to automatically form an RF group with other controllers. The group dynamically elects a leader to optimize RRM parameter settings, such as channel and transmit power assignment, for the group.
The controller saves your configuration, reboots, and prompts you to log in.
Logging into the Controller
Follow these steps to log into the controller.
Step 1 Enter a valid username and password to log into the controller CLI.
Note The administrative username and password you created in the Startup Wizard are case sensitive.
Step 2 The CLI displays the root level system prompt:#(system prompt)>
The system prompt can be any alphanumeric string up to 31 characters. You can change it by entering the config prompt command.
Note The CLI automatically logs you out without saving any changes after 5 minutes of inactivity. You can set the automatic logout from 0 (never log out) to 160 minutes using the config serial timeout command.
Note Cisco Aironet lightweight access points do not connect to the 4400 series controller if the date and time are not set properly. Set the current date and time on the controller before allowing the access points to connect to it.
Verifying Interface Settings and Port Operation
Follow these steps to verify that your interface configurations have been set properly and the controller's ports are operational.
Step 1 Enter show interface summary. The controller's current interface configurations appear:Interface Name Port Vlan Id IP Address Type Ap Mgr-------------------------------- ---- -------- -------------- ------- -----ap-manager LAG 10 10.91.104.99 Static Yesmanagement LAG 10 10.91.104.93 Static Noservice-port N/A N/A 10.10.0.9 Static Novirtual N/A N/A 184.108.40.206 Static No
Note Link aggregation (LAG) is enabled by default on the integrated wireless LAN controller. LAG bundles all of the controller's distribution system ports into a single IEEE 802.3ad port channel. Refer to the Cisco Wireless LAN Controller Configuration Guide for more information.
Step 2 Enter show port summary. The following information appears, showing the status of the controller's distribution system ports, which serve as the data path between the controller and Cisco lightweight access points and to which the controller's management and AP-manager interfaces are mapped.STP Admin Physical Physical Link Link McastPr Type Stat Mode Mode Status Status Trap Appliance POE-- ------- ---- ------- ---------- ---------- ------ ------- --------- -------1 Normal Forw Enable Auto 1000 Full Up Enable Enable N/A2 Normal Forw Enable Auto 1000 Full Up Enable Enable N/A
A link status of Up indicates that the controller's ports are fully operational.
Connecting the Network (Distribution System)
Model 4402 Controllers
Up to two of the following connections are supported in any combination:
•1000BASE-T (GigE, front panel, RJ-45 physical port, UTP cable).
•1000BASE-SX (GigE, front panel, LC physical port, multi-mode 850nM (SX) fiber-optic links using LC physical connectors).
•1000BASE-LX (GigE, front panel, LC physical port, multi-mode 1300nM (LX/LH) fiber-optic links using LC physical connectors).
Model 4404 Controllers
Up to four of the following connections are supported in any combination:
•1000BASE-T (GigE, front panel, RJ-45, physical port, UTP cable).
•1000BASE-SX (GigE, front panel, LC physical port, multi-mode 850nM (SX) fiber-optic links using LC physical connectors).
•1000BASE-LX (GigE, front panel, LX physical port, multi-mode 1300nM (LX/LH) fiber optic links using LC physical connectors.
Depending on the distribution system physical port to be assigned, use Ethernet Category 5 or higher cables or SX/LX/LH compatible fiber-optic cables to connect the network equipment to the controller.
Connecting the Switch's Service Port (Optional)
The service port is controlled by the service-port interface and is reserved for out-of-band management of the controller and system recovery and maintenance in the event of a network failure. The service-port interface enables the controller to be managed on an interface different from the one used for your network traffic. Use of the service port is optional.
You can perform out-of-band controller management from a PC running a terminal emulation program or a PC running Cisco WCS, a network management tool that enables you to configure and monitor a network of controllers, or the controller GUI. However, you must first connect the PC to the switch's service port in one of two ways:
•Use a shielded, twisted-pair cross-over cable to connect the PC directly to the switch's service port.
•For a remote connection (using Telnet or SSH) through a dedicated management network, use a Category 5, Category 5e, Category 6, or Category 7 Ethernet cable to connect the management network to the switch's service port and the appropriate cable to connect the PC to the management network.
Connecting Access Points
After you have configured the controller, use Category-5, Category-5e, Category-6, or Category-7 Ethernet cables to connect Cisco lightweight access points to the network.
As soon as the controller is operational, it starts to scan for access points. When it detects an access point, it records the access-point MAC address in its database. The controller radio resource management (RRM) feature then automatically configures the access point to start sending and allowing clients to associate.
You have prepared the controller for basic operation. Refer to the Cisco Wireless LAN Controller Configuration Guide, Release 3.4, for information on configuring the controller to meet the specific needs of your wireless network.
Installing a Power Supply Unit
The controller can be powered using one or two power supply units. When the controller is equipped with two power supply units, the power supplies are redundant. Either power supply continues to power the controller should the other power supply unit fail. Also, the power supplies are hot swappable; you do not need to remove power from the controller to replace one or both power supplies.
One power supply unit is installed in slot 2 at the factory. You can order a second power supply unit and install it in slot 1.
Tools and Equipment Required
To install a power supply unit, you need the following tools and equipment:
•A power supply unit
•A number 1 Phillips screwdriver
Follow these steps to install a power supply unit.
Step 1 Locate the empty power supply slot on the controller's back panel. See Figure 3.
Figure 3 Controller Power Supply Slots
Note The power supply units are hot swappable.
Step 2 Use a Phillips screwdriver to loosen the captive screws on the slot cover.
Step 3 Remove the slot cover and store it in a safe place for future use.
Step 4 Align the power supply unit with the slot so that the unit's power input receptacle is on the left side of the slot. See Figure 4.
Figure 4 Inserting the Power Supply
Step 5 Gently but firmly push the power supply unit into the slot until it is firmly seated in the card electrical connector.
Step 6 Use a Phillips screwdriver to tighten the captive screws. Do not overtighten.
Step 7 Plug the power cord into the power supply unit and the other end into a grounded 95 to 260 VAC 50/60 Hz electrical outlet.
Step 8 Make sure that both power supply units are turned on.
Installing a VPN Termination Module
VPN termination modules provide extra processing power needed to support the termination of client VPN sessions on the controller. You can order these modules and install them in all 4400 series controllers.
Required Tools and Equipment
To install a VPN termination module, you need the following tools and equipment:
•One or two VPN termination modules.
•A standard screwdriver or a number 2 Phillips screwdriver.
Follow these steps to install a VPN termination module.
Caution If you are installing a VPN termination module in a model 4402 controller, install the module in slot 0. On the model 4404 controller, you can install the module in either slot.
Step 1 Remove all power from the controller.
a. Turn the power switch off.
b. Remove the power cord from the power supply unit power receptacle.
Caution If your controller is equipped with two power supply units, remove both power cords.
Step 2 Locate the VPN termination module slot on the rear panel of the controller. See Figure 5.
Figure 5 VPN Termination Module Slots
Step 3 Use a standard or Phillips screwdriver to unscrew the captive screws on the slot cover.
Step 4 Remove the slot cover and store it in a safe place for future use.
Step 5 Insert the module into the slot as shown in Figure 6.
Figure 6 Inserting the VPN Termination Module
Step 6 Gently but firmly push the module into the slot until it seats in the card electrical connector.
Step 7 Use a standard or Phillips screwdriver to tighten the captive screws. Do not overtighten.
Step 8 Restore all power to the controller.
a. Insert the power cord into the controller power supply unit. If your controller is equipped with two power supply units, insert both power cords.
b. Plug the power cords into a grounded 95 to 260 VAC 50/60 Hz electrical outlet.
c. Turn the power supply units on.
5 Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0.
6 Cisco 90-Day Limited Hardware Warranty Terms
There are special terms applicable to your hardware warranty and various services that you can use during the warranty period. Your formal Warranty Statement, including the warranties and license agreements applicable to Cisco software, is available on Cisco.com. Follow these steps to access and download the Cisco Information Packet and your warranty and license agreements from Cisco.com.
1. Launch your browser, and go to this URL:
The Warranties and License Agreements page appears.
2. To read the Cisco Information Packet, follow these steps:
a. Click the Information Packet Number field, and make sure that the part number 78-5235-03B0 is highlighted.
b. Select the language in which you would like to read the document.
c. Click Go.
The Cisco Limited Warranty and Software License page from the Information Packet appears.
d. Read the document online, or click the PDF icon to download and print the document in Adobe Portable Document Format (PDF).
Note You must have Adobe Acrobat Reader to view and print PDF files. You can download the reader from Adobe's website: http://www.adobe.com
3. To read translated and localized warranty information about your product, follow these steps:
a. Enter this part number in the Warranty Document Number field:
b. Select the language in which you would like to read the document.
c. Click Go.
The Cisco warranty page appears.
d. Review the document online, or click the PDF icon to download and print the document in Adobe Portable Document Format (PDF).
You can also contact the Cisco service and support website for assistance:
Duration of Hardware Warranty
Ninety (90) days.
Replacement, Repair, or Refund Policy for Hardware
Cisco or its service center will use commercially reasonable efforts to ship a replacement part within ten (10) working days after receipt of a Return Materials Authorization (RMA) request. Actual delivery times can vary, depending on the customer location.
Cisco reserves the right to refund the purchase price as its exclusive warranty remedy.
To Receive a Return Materials Authorization (RMA) Number
Contact the company from whom you purchased the product. If you purchased the product directly from Cisco, contact your Cisco Sales and Service Representative.
Complete the information below, and keep it for reference:
Company product purchased from
Company telephone number
Product model number
Product serial number
Maintenance contract number