Overview

Cisco MSX allows you to deploy a Wireless Local Area Network (WLAN) service on an existing switched access network (Non-Fabric). Using this feature, you can:

  • Create a new WLAN

  • Update an existing WLAN

  • View the details of a WLAN

  • Delete a configured WLAN

  • Deploy WLANs to Controllers

  • Undeploy WLAN

  • Provision a WLC

Creating a New Wireless LAN

You can configure WLANs with different SSIDs or with the same SSID. An SSID identifies the specific wireless network that you want the controller to access.

Procedure

Step 1

Log in to the Cisco MSX portal using your credentials.

Step 2

From the left pane, click Tenant Workspace and then choose a tenant from the drop-down list.

Step 3

Under Tenant Workspace, click Service Controls.

The list of service controls is displayed.
Step 4

Click WLAN Management.

The WLAN Management window is displayed with the list of wireless networks.

Step 5

Click the + icon (Create Wireless Network) displayed at the top-right corner of the page.

A wizard is displayed with the instructions to create a new enterprise wireless network.
Step 6

In the Name (SSID) field, enter a unique name for the wireless network or the SSID that you are creating. The name can contain up to 32 alphanumeric characters. All special characters are allowed except < and >.

Step 7

From the Starter Configuration drop-down list, choose a wireless configuration. You can choose Basic, Open, Secure Data, or Secure Voice and Data. For more information about the settings, see the table:

A description of the selected starter configuration is displayed at the bottom of the window.

Table 1. Network Wireless Settings

Network Wireless Settings

Open

Basic

Secure Data

Secure Voice and Data

Type Of Enterprise Network

Voice and Data

Voice and Data

Data

Voice and Data

Wireless Option

2.4 GHz only

Dual band operation (2.4GHz and 5GHz)

Dual band operation (2.4GHz and 5GHz)

Dual band operation (2.4GHz and 5GHz)

Fast Lane

False

False

True

True

Level of Security

Open

WPA2 Personal - Ask Password

WPA2 Enterprise and WPA3

WPA2 Enterprise and WPA3

SSID State

Admin Status

True

True

True

True

Broadcast SSID

True

True

True

True

Fast Transition (802.11r)

Over the DS

NA

NA

True

False

Mac Filtering

No

No

No

No
Step 8

Click Next.

The General Settings window is displayed with the starter configuration. You can use the displayed values as it is or you can change the values based on your requirements.

  1. From the Wireless Frequency drop-down list, choose a frequency for the wireless network.

  2. From the Wireless Type drop-down list, choose the type of enterprise network: Voice and Data or Data. The selection type defines the quality of service that is provisioned on the wireless network.

    If you select Voice and Data, the quality of service is optimized to access either voice or data traffic.

    If you select Data option, the quality of service is optimized for wireless data traffic only.

  3. Check the Admin checkbox to enable admin status.

  4. Check the Broadcast SSID checkbox to broadcast the SSID. If you uncheck this, MSX hides the SSID from clients attempting to connect to this SSID, thereby reducing unnecessary load on the wireless infrastructure.

  5. Under Wireless Security Mode, click the radio button to choose a security option. The security options are:

    • Open: Provides no security. It allows any device to connect to the wireless network without any authentication.

      Note 

      If you select Open, you cannot select the encryption methods WPA, WPA2, and WPA3.

    • Personal: Personal uses pre-shared keys (PSK) and is designed for home use. This doesn't require an authentication server.

      Note 

      If you select Personal, you have to provide a pre-shared key.

    • Enterprise: Enterprise uses IEEE 802.1X, which offers enterprise-grade authentication. Enterprise is designed for use in organizations. This requires a RADIUS authentication server.

      Note 

      If you select Enterprise, you do not provide a pre-shared key. You have to select at least one encryption method.

    • WPA: Provides a minimal level of security using Temporal Key Integrity Protocol (TKIP) encryption method.

    • WPA2: Provides a higher level of security using Extensible Authentication Protocol (EAP) (802.1x) to authenticate and authorize network users with a remote RADIUS server.

    • WPA3: WPA3 is the latest version of WPA, which is a suite of protocols and technologies that provide authentication and encryption for Wi-Fi networks. WPA3-Enterprise provides higher-grade security protocols for sensitive data networks.

  6. Under Management Frame Protection, click one of the radio buttons: Disabled, Required, or Optional.

    Management Frame Protection (MFP) increases the security of management frames. It provides security for the otherwise unprotected and unencrypted 802.11 management messages that are passed between access points and clients. MFP provides both infrastructure and client support.

    If you click the Required radio button, then the clients are allowed to associate only if the MFP is negotiated (that is, if WPA2 is configured on the wireless controller and the client supports CCXv5 MFP and is also configured for WPA2).

  7. Set Fast Transition to Enable, Adaptive, or Disable mode.

    Fast transition allows wireless clients to quickly roam from one AP to another AP. Fast transition ensures less disrupted connectivity when a wireless client roams from one AP to another AP.

Step 9

Click Next.

Step 10

Review the wireless configuration.
Step 11

Click Next.

Step 12

Click Close.

What to do next

You have created a wireless network. The next step is deploying the network to a wireless controller. For more information, see Deploying WLAN to Controllers.

Viewing WLAN

Procedure

Step 1

Log in to the Cisco MSX portal using your credentials.
Step 2

From the left pane, click Tenant Workspace and then choose a tenant from the drop-down list.

Step 3

Under Tenant Workspace, click Service Controls.

The list of service controls is displayed.
Step 4

Click WLAN Management.

The WLAN Management window is displayed with the list of wireless networks.

Step 5

From the list, click a wireless network.

The wireless network information is displayed in two tabs: Wireless Settings and Deployments. Click Wireless Settings to see the wireless settings information. Click Deployments to see the status of the wireless deployment on controllers.

Note 

If a WLAN deployment fails, you can see the reason of the failure by clicking the Deployment Failed link under the status column in the Deployments tab.

Editing WLAN

Procedure

Step 1

Log in to the Cisco MSX portal using your credentials.

Step 2

From the left pane, click Tenant Workspace and then choose a tenant from the drop-down list.

Step 3

Under Tenant Workspace, click Service Controls.

The list of service controls is displayed.
Step 4

Click WLAN Management.

The WLAN Management window is displayed with the list of wireless networks.

Step 5

Choose a wireless network and click the ellipsis (...) that is located on the far right of the row and choose Edit WLAN.

The Edit Wireless Network wizard is displayed.

Step 6

In the General Settings, make changes wherever required. You cannot change the SSID Name. For field descriptions, see Creating a New Wireless LAN.

Step 7

Click Next.

Step 8

Review the wireless configuration.
Step 9

Click Next.

A message 'Wireless Network Saved' is displayed.
Step 10

Click Close.

Deploying WLAN to Controllers

Procedure

Step 1

Log in to the Cisco MSX portal using your credentials.

Step 2

From the left pane, click Tenant Workspace and then choose a tenant from the drop-down list.

Step 3

Under Tenant Workspace, click Service Controls.

The list of service controls is displayed.
Step 4

Click WLAN Management.

The WLAN Management window is displayed with the list of wireless networks.

Step 5

From the list, click a wireless network.

The wireless network information is displayed in two tabs: Wireless Settings and Deployments.

Step 6

Click the Deployments tab.

Step 7

Click Deploy WLAN.

The Deployment wizard is displayed.
Step 8

Click Next.

The list of controllers is displayed.

Note 

The edited WLAN can be re-deployed using the same deployment wizard if the user needs to change WLAN on the controller.
Step 9

Choose the controllers from the list. The wireless network will be deployed to the controllers you choose.
Step 10

Click Next.

Step 11

Review your selection. If you want to change the controllers, you can go back.
Step 12

Click Next.

The deployment process starts and a message 'Successfully Initiated Deployment' is displayed.
Step 13

Click Close.

Undeploying WLAN

Procedure

Step 1

Log in to the Cisco MSX portal using your credentials.

Step 2

From the left pane, click Tenant Workspace and then choose a tenant from the drop-down list.

Step 3

Under Tenant Workspace, click Service Controls.

The list of service controls is displayed.
Step 4

Click WLAN Management.

The WLAN Management window is displayed with the list of wireless networks.

Step 5

From the list, click a wireless network.

The wireless network information is displayed.
Step 6

Click the Deployments tab.

The list of controllers is listed. These are the controllers where the wireless network is already deployed.
Step 7

To undeploy a wireless network from a controller, click the ellipsis (...) and choose Undeploy.

You will be prompted with a message 'Undeploy Wireless Network'.

Step 8

Click Undeploy.

The undeployment process starts and a message 'Undeployment Initiated' is displayed.
Step 9

Click Okay.

Deleting WLAN

Procedure

Step 1

Log in to the Cisco MSX portal using your credentials.

Step 2

From the left pane, click Tenant Workspace and then choose a tenant from the drop-down list.

Step 3

Under Tenant Workspace, click Service Controls.

The list of service controls is displayed.
Step 4

Click WLAN Management.

The WLAN Management window is displayed with the list of wireless networks.

Step 5

Choose a wireless network and click the ellipsis (...) that is located on the far right of the row and choose Delete WLAN.

You will be prompted with a message 'Delete WLAN'.
Step 6

Click Delete WLAN.

A message 'Successfully deleted' is displayed.

Provisioning WLC

Procedure

Step 1

Log in to the Cisco MSX portal using your credentials.

Step 2

From the left pane, click Tenant Workspace and then choose a tenant from the drop-down list.

Step 3

Under the Tenant Workspace, click Devices.

The list of devices attached to a tenant is displayed.
Step 4

From the list, choose the device you want to provision, click the Ellipsis (…) and choose Provision Device.

A wizard is displayed with the instructions to provision WLC.

In the Provision Wireless LAN Controller window, you have to assign the device to a site and choose one or more access point locations.
Note 

The wizard also supports re-provisioning. If the device is already provisioned and if you are re-provisioning it, the Site is pre-selected and you cannot change it.

Step 5

From the WLC Device Location drop-down list, choose a device location.

Step 6

From the Managed Access Point Locations section, choose a location of the access point.

The selected access point locations are displayed at the bottom of the window.
Step 7

Click Next.

The Managed AP Site Network Profiles window is displayed with the AP locations and the associated wireless profile. Each managed AP site must be associated with a wireless profile, which can include one or more SSIDs. The profile also includes one or more templates.

Step 8

If a site is not associated with a wireless profile, you can create a new wireless profile and attach to it. Click a site name.

The row expands and shows the Network Profile drop-down list. You can either choose an existing profile or create a new profile.

Creating a New Profile:

  1. To create a new profile, click Create New from the drop-down list.

  2. In the Name field, enter the profile name.

  3. From the SSID drop-down list, choose a SSID. You can add more than one SSID for a profile. To add additional SSIDs, click the + icon. Similarly, you can delete an existing SSID by clicking the - icon.

  4. Click the radio button to select the type of interface: Existing Interface or New Interface.

    If you select Existing Interface, you can select the interface from the drop-down list. If you select New Interface, you can create a new interface and it will be part of the drop-down list. For a new interface, you have to enter the Interface name and VLAN ID.

  5. Check the Flex Connect Local Switching check box to enable local switching for the WLAN. When you enable local switching, any FlexConnect access point that advertises this WLAN is able to locally switch data packets.

    If you have enabled Flex Connect Local Switching for an SSID, then all APs on that particular floor where the network profile is mapped will switch to FlexConnect mode.

  6. From the Templates drop-down list, choose a template. You can add more than one template. To add additional templates, click the + icon. Similarly, you can delete an existing template by clicking the - icon.

  7. Click Save Network Profile to save the network profile.

    A message 'Network profile successfully saved to controller' is displayed. If you want to update the profile information, you can edit it. To edit the profile, click Edit Network Profile.

Step 9

Click Next.

Step 10

(Optional) Enter the IP address, Gateway, and Subnet mask for each interface. All IP and Gateway addresses must be unique.

Step 11

Click Next.

The Provide Template Variables window is displayed.

Step 12

If you want, you can either add or edit template variables.
Step 13

Click Next.

Step 14

Review the configuration before you provision your wireless LAN controller.
Step 15

Click Next.

Provisioning the WLC starts and a message 'Started Provisioning Successfully' is displayed. The status of the provisioning will be shown in the device page.

Step 16

Click Close.

Viewing the Status of Provisioning

You can view the status of WLAN provisioning in the device details page. The device details page lists information like Status of the Device, Applied Template Variables, Managed AP Locations, Wireless Network, and so on.

Procedure

Step 1

Log in to the Cisco MSX portal using your credentials.

Step 2

From the left pane, click Tenant Workspace and then choose a tenant from the drop-down list.

Step 3

Under the Tenant Workspace, click Devices.

The list of devices attached to a tenant is displayed.
Step 4

From the list, click a device that is already provisioned.

The Device Details page is displayed with device status and provisioning information.