Wireless Management

Feature history for wireless management

This table describes the developments of this feature, by release.

Table 1. Feature history

Feature Name

Release Information

Description

Wireless Management for ISR 1000 Series Routers with WiFi 5

Cisco IOS XE Catalyst SD-WAN Release 17.6.1a

Cisco vManage Release 20.6.1

This feature enables you to configure wireless LAN settings on WiFi 5-capable Cisco 1000 Series Integrated Services Routers using Cisco SD-WAN Manager.

With Cisco SD-WAN Manager, you can automate the wireless LAN controller configuration and provide wireless connectivity without the need for another external controller to configure and manage the wireless settings on the routers.

Wireless Management for ISR 1000 Series Routers with WiFi 6

Cisco IOS XE Catalyst SD-WAN Release 17.9.1a

Cisco vManage Release 20.9.1

This feature enables you to configure wireless LAN settings on WiFi 6-capable Cisco 1000 Series Integrated Services Routers using Cisco SD-WAN Manager.

The Embedded Wireless Controller on these routers facilitates wireless connectivity management without the need for an external controller.

Supported devices for wireless management

This section identifies Cisco device models that are compatible with wireless LAN management capabilities. It details the specific device models and the minimum software release versions required for wireless management on the Cisco ISR 1000 Series, assisting users in verifying their hardware for wireless deployments.

The following table displays a list of Cisco ISR 1000 Series routers that include the WLAN module.

Table 2. Cisco ISR 1000 Series Routers

Device Family

Device Name

Release Version

Cisco ISR 1000 Series Routers with WLAN module supporting WiFi 5

  • C1101-4PLTEPW

  • C1109-4PLTE2PW

  • C1111-4PW

  • C1111-8PLTEEAW

  • C1111-8PW

  • C1112-8PLTEEAW

  • C1112-8PW

  • C1113-8PLTEEAW

  • C1113-8PMW

  • C1113-8PW

  • C1116-4PLTEEAW

  • C1116-4PW

  • C1117-4PLTEEAW

  • C1117-4PLTELAW

  • C1117-4PMLTEEAW

  • C1117-4PMW

  • C1117-4PW

  • C1121-8PLTEPW

  • C1121X-8PLTEPW

Cisco IOS XE Catalyst SD-WAN Release 17.6.1a

Cisco SD-WAN Release 20.6.1

Cisco ISR 1000 Series Routers with WLAN module supporting WiFi 6

  • C1131X-8PLTEPW

  • C1131-8PLTEPW

  • C1131X-8PW

  • C1131-8PW

Cisco IOS XE Catalyst SD-WAN Release 17.9.1a

Cisco vManage Release 20.9.1

Prerequisites for wireless management on Cisco ISR 1000 series routers

WLAN module VLAN association

Add the management interface of the Wireless LAN (WLAN) module to a specific VLAN in order to access servers such as DHCP and RADIUS.

DHCP server

Configure a DHCP server to assign the IP address for the access point.

SVI for WLAN controller

Configure a switch virtual interface (SVI) on the Cisco ISR 1000 Services Router for virtual WLAN controller management.

Restrictions for wireless management on Cisco ISR 1000 series routers

Single Cisco mobility express access point

Configure only one access point on the LAN side of the router when using Cisco Mobility Express. However, you can connect other external access points to the router that are not configured with Cisco Mobility Express.

Absence of other wireless controllers

Ensure that no other wireless controllers are accessible on the LAN side of the router.

Wireless management on ISR 1000 series routers

Wireless Management on Cisco ISR 1000 Series Routers is a capability that enables the configuration and management of wireless LAN settings, provisioned through a Wireless LAN (WLAN) module, and utilizing an embedded virtual wireless LAN controller. This feature provides wireless connectivity without the need for an external controller to manage the router's wireless settings.

This capability is implemented through:

  • WLAN Module Provisioning: A WLAN module is provisioned on the Cisco ISR 1000 Series Routers to provide wireless connectivity

  • Embedded Virtual Controllers (EWC): The WLAN module hosts a virtual wireless LAN controller.

  • Cisco SD-WAN Manager Integration: Wireless settings are configured and managed using Cisco SD-WAN Manager.

Cisco Mobility Express

Cisco Mobility Express is a virtual wireless LAN controller installed in the WLAN module of WiFi 5-capable Cisco ISR 1000 Series Routers. It provides the interface where wireless settings for LAN access are available.

Embedded wireless controller

The Embedded Wireless Controller is a virtual wireless controller installed on the WLAN module of WiFi 6-capable C1131 Cisco IOS XE Catalyst SD-WAN devices. Similar to Cisco Mobility Express, the EWC provides the interface for wireless LAN access settings.

Configure wireless management on Cisco ISR 1000 series routers using a configuration group

Before you begin

On the Configuration > Configuration Groups page, choose SD-WAN as the solution type.

Procedure

Step 1

From the Cisco SD-WAN Manager menu, choose Configuration > Configuration Groups.

Step 2

Create and configure a Wireless LAN feature in Service profile.

  1. Configure the basic details for the wireless LAN.

    Field

    Description

    Enable 2.4G*

    Disable this option to shut down the radio type of 2.4 GHz.

    Default: Enabled

    Enable 5G*

    Disable this option to shut down the radio type of 5 GHz.

    Default: Enabled

    Country*

    Choose the country where the router is installed.

    Username*

    Specify the username of Cisco Mobility Express.

    Password*

    Specify the password of Cisco Mobility Express.

  2. Configure ME IP address.

    Field

    Description

    ME Dynamic IP*

    Enable this option so that the interface receives its IP address dynamically from a DHCP server.

    ME IP Address

    Specify the IP address of Cisco Mobility Express.

    Subnet Mask

    Specify the subnet mask of Cisco Mobility Express.

    Default Gateway

    Specify the default gateway address of Cisco Mobility Express.

  3. Configure the Wi-Fi SSID details for setting up a wireless LAN.

    Field

    Description

    Add SSID

    SSID Name*

    Enter a name for the wireless SSID.

    It can be a string from 4 to 32 characters. The SSID must be unique.

    Admin State*

    Enable this option to indicate that the interface has been configured.

    Broadcast SSID*

    Enable this option if you want to broadcast the SSID. Disable this option if you do not want the SSID to be visible to all the wireless clients.

    VLAN (Range 1-4094)*

    Enter a VLAN ID for the wireless LAN traffic.

    Radio Type

    Choose one of the following radio types:

    • 2.4GHz

    • 5GHz

    • All

    Security Type*

    Choose a security type:

    • WPA2 Enterprise: Choose this option for an enterprise where you authenticate and authorize network users with a remote RADIUS server.

    • WPA2 Personal: Choose this option to authenticate users who want to access the wireless network using a passphrase.

    • Open: Choose this option to allow access to the wireless network without authentication.

    Passphrase*

    This field is available if you choose WPA2 Personal as the security type. Set a pass phrase. This pass phrase provides users access to the wireless network.

    QoS Profile

    Choose a QoS profile.

What to do next

Also see Deploy a Configuration Group.

Configure wireless management on ISR 1000 series routers

Use this procedure to configure and manage wireless settings on your Cisco ISR 1000 Series Routers using Cisco SD-WAN Manager. This task allows you to enable wireless LAN functionality directly on the router, leveraging its embedded wireless controller capabilities.

Wireless management on ISR 1000 Series Routers enables you to set up wireless LANs (WLANs) directly on the router, utilizing its embedded wireless controller. This eliminates the need for an external wireless LAN controller, simplifying network architecture and management.

Before you begin

  • Ensure your Cisco ISR 1000 Series Router is a supported model with a WLAN module (WiFi 5 or WiFi 6 capable).

  • Confirm that necessary network prerequisites, such as DHCP server availability and proper VLAN configuration for the WLAN module's management interface, are in place.

Follow these steps to configure wireless management using feature templates in Cisco SD-WAN Manager:

Procedure

Step 1

From the Cisco SD-WAN Manager menu, choose Configuration > Templates.

Step 2

Click Feature Templates.

In Cisco vManage Release 20.7.x and earlier releases, Feature Templates is titled as Feature.

Step 3

Click Add Template to select an appropriate device model.

Step 4

In the left pane, from Select Devices, choose a Cisco ISR 1000 Series Router for which you are creating a template.

Step 5

Under OTHER TEMPLATES, click ISR1K Wireless to select it as the feature template.

Step 6

In the Template Name field, enter a name for the feature template.

This field is mandatory and can contain only uppercase and lowercase letters, the digits 0 to 9, hyphens (-), and underscores (_). It cannot contain spaces or any other characters.

Step 7

In the Description field, enter a description for the feature template.

This field is mandatory, and it can contain all characters and spaces.

Step 8

Enter the Wi-Fi SSID details for setting up a wireless LAN:

Parameter Name

Description

Wireless Network Name (SSID)

Enter a name for the wireless SSID.

It can be a string from 4 to 32 characters. The SSID must be unique.

VLAN (Range 1-4094)

Enter a VLAN ID for the wireless LAN traffic.

Security Type

Choose a security type:

  • WPA2 Enterprise: Choose this option for an enterprise where you authenticate and authorize network users with a remote RADIUS server.

  • WPA2 Personal: Choose this option to authenticate users who want to access the wireless network using a passphrase.

  • Open: Choose this option to allow access to the wireless network without authentication.

RADIUS Server IP

(Optional) This field is available if you choose the WPA2 Enterprise option as the security type. Enter the IP address of the RADIUS server.

Authentication Port

(Optional) This field is available if you choose the WPA2 Enterprise option as the security type. Enter the authentication port number of the RADIUS server.

Shared Secret

(Optional) This field is available if you choose the WPA2 Enterprise option as the security type. Enter the shared secret key of the RADIUS server.

Passphrase

(Optional) This field is available if you choose the WPA2 Personal option as the security type. Set a pass phrase. This pass phrase provides users with access to the wireless network.

Admin State

Choose an admin state.

Radio Type

Choose one of the following radio types:

  • 2.4GHz

  • 5GHz

  • Both

Broadcast SSID

Choose On to broadcast the SSID. Choose Off if you do not want the SSID to be visible to all the wireless clients.

QoS Profile

Choose a QoS profile.

Step 9

Enter the General details for the wireless LAN:

Parameter Name

Description

Country

Choose the country where the ISR is installed.

Username

Specify the username of Cisco Mobility Express.

If you are using a C1131 Cisco IOS XE Catalyst SD-WAN device specify the username for the EWC.

Password

Specify the password for Cisco Mobility Express or the EWC.

Step 10

Enter the Advanced details for the wireless LAN:

Parameter Name

Description

Controller IP Address

Note

 

For Cisco IOS XE Catalyst SD-WAN Release 17.6.1a, and Cisco vManage Release 20.6.1 and earlier releases, this field is displayed as ME IP Address.

Specify the Management IP address of Cisco Mobility Express or EWC.

Subnet Mask

Specify the subnet mask for the Management IP address.

Default Gateway

Specify the default gateway address of Cisco Mobility Express or EWC.

2.4GHz Shutdown

Click Yes to shut down the 2.4 GHz radio type. Click No to not shut down this radio type.

5GHz Shutdown

Click Yes to shut down the 5 GHz radio type. Click No to not shut down this radio type.

Step 11

Click Save to save your wireless configuration.

After completing these steps, the wireless LAN settings are configured on your Cisco ISR 1000 Series Router via the feature template, enabling wireless connectivity.

What to do next

Deploy the configured feature template to the desired devices. For more information, see Deploy a Configuration Group.

Configure wireless management on Cisco ISR 1000 series routers using CLI

Use this procedure to apply Command Line Interface (CLI) templates to configure wireless LAN settings on your Cisco ISR 1000 series routers. This method allows for direct configuration using pre-defined command sets.

CLI templates are pre-configured sets of commands that simplify the deployment of wireless settings. They allow for precise control over radio profiles, WLAN SSIDs, and general wireless LAN parameters. By default, these commands are executed in global configuration mode.

Before you begin

Ensure you have console or SSH access to the Cisco ISR 1000 series router.

Follow these steps to configure wireless management settings using CLI templates:

Configure WLAN Profile Using a CLI Template

For more informationabout using CLI templates, see CLI add-on feature templates and CLI templates for Cisco IOS XE Catalyst SD-WAN devices.


Note

By default, CLI templates execute commands in global config mode.

 
wlan-profile wlan-profile-sample-1 
vlan-id 100  
ssid sample-ssid-1   
data-security personal 
passphrase 0 Pass-Phrase-Sample123# 
qos-type silver 
wlan-profile wlan-profile-sample-2 
vlan-id 200 
ssid sample-ssid-2 
data-security enterprise 
aaa radius-server 10.2.3.4 auth-port 1812 shared-secret 0 EsrdT_23sss
 
qos-type gold 
nobroadcast-ssid

Configure General WLAN Settings Using a CLI Template

For more informationabout using CLI templates, see CLI add-on feature templates and CLI templates for Cisco IOS XE Catalyst SD-WAN devices.


Note

By default, CLI templates execute commands in global config mode.

Here is the complete configuration example that shows that show how to configure and manage wireless settings on Cisco ISR 1000 Series Routers. 

wlan-profile TEST-Enterprise
radio-band all
vlan-id 300
ssid TEST-Enterprise
data-security enterprise
aaa radius-server 192.168.100.20 auth-port 1812 shared-secret 6 EsrdT_23sss
qos-type silver


wlan-profile TEST-Personal
radio-band all
ssid TEST-Personal
data-security personal
passphrase 0 IdSvs23452#
qos-type silver


radio-profile 24ghz
channel auto
channel-bandwidth auto


radio-profile 5ghz
channel auto
channel-bandwidth auto


wireless-lan mgmt ip address 192.168.1.11 255.255.255.0 default-gateway 192.168.1.1
wireless-lan mgmt credential username admin password 6 sRe32dfst#asd
wireless-lan country US

Procedure

Step 1

Access the router's command-line interface.

Log in to your Cisco ISR 1000 series router.

Step 2

Enter global configuration mode.

From privileged EXEC mode, enter configure terminal. 

Router# configure
Router(config)#

Step 3

Configure the radio profiles.

Apply the necessary CLI commands to define the 2.4GHz and 5GHz radio settings, such as shutdown status, channel, and bandwidth.

radio-profile 24ghz 
shutdown
exit
radio-profile 5ghz 
no shutdown

Step 4

Configure the WLAN profiles.

Apply the CLI commands to define your wireless SSIDs, including VLAN IDs, security types (WPA2 Personal, WPA2 Enterprise, Open), passphrases, RADIUS server details, and QoS profiles. 

wlan-profile wlan-profile-sample-1 
vlan-id 100  
ssid sample-ssid-1   
data-security personal 
passphrase 0 Pass-Phrase-Sample123# 
qos-type silver 
wlan-profile wlan-profile-sample-2 
vlan-id 200 
ssid sample-ssid-2 
data-security enterprise 
aaa radius-server 10.2.3.4 auth-port 1812 shared-secret 0 EsrdT_23sss
 
qos-type gold 
nobroadcast-ssid

Step 5

Configure general wireless LAN settings.

Apply the CLI commands to set the country code, management IP address, default gateway, and management credentials for Cisco Mobility Express or the Embedded Wireless Controller (EWC). 

wireless-lan country US 
wireless-lan mgmt ip address10.16.1.100 255.255.255.0 default-gateway 192.168.1.1 
wireless-lan mgmt credential username admin password 0 sRe32dfst#asd

Step 6

Commit the configuration changes.

Here is the complete configuration example that shows that show how to configure and manage wireless settings on Cisco ISR 1000 Series Routers. 

wlan-profile TEST-Enterprise
radio-band all
vlan-id 300
ssid TEST-Enterprise
data-security enterprise
aaa radius-server 192.168.100.20 auth-port 1812 shared-secret 6 EsrdT_23sss
qos-type silver


wlan-profile TEST-Personal
radio-band all
ssid TEST-Personal
data-security personal
passphrase 0 IdSvs23452#
qos-type silver


radio-profile 24ghz
channel auto
channel-bandwidth auto


radio-profile 5ghz
channel auto
channel-bandwidth auto


wireless-lan mgmt ip address 192.168.1.11 255.255.255.0 default-gateway 192.168.1.1
wireless-lan mgmt credential username admin password 6 sRe32dfst#asd
wireless-lan country US

The wireless management settings are applied to your Cisco ISR 1000 series router using the specified CLI templates. The router's wireless module will now operate according to the configured radio and WLAN profiles.

This section provides a sample Command Line Interface (CLI) configuration for wireless management on Cisco ISR 1000 Series Routers. This example illustrates a complete setup, including WLAN profiles, radio settings, and general wireless LAN management parameters, serving as a factual representation for reference and implementation. See Configuration example for wireless configuration on Cisco ISR 1000 series routers.

What to do next

Monitor the wireless configuration to verify that the settings are active and functioning as expected. For verfication steps, see Monitor wireless configuration on Cisco ISR 1000 series routers.

Monitor wireless configuration on Cisco ISR 1000 series routers

Use this procedure to monitor the wireless settings configured on your Cisco ISR 1000 series routers using Cisco SD-WAN Manager. This allows you to verify the operational status of your wireless LAN, including radio parameters, SSID information, and connected clients.

After configuring wireless management, it is essential to monitor the operational status to ensure that the settings have been applied correctly and the wireless network is functioning as expected. Cisco SD-WAN Manager provides real-time monitoring capabilities for this purpose.

Before you begin

  • Wireless management must be configured and deployed on the Cisco ISR 1000 Series Router.

  • You must have access to Cisco SD-WAN Manager with appropriate monitoring permissions.

Follow these steps to monitor the wireless configuration using Cisco SD-WAN Manager:

Procedure

Step 1

From the Cisco SD-WAN Manager menu, navigate to Monitor > Network.

Step 2

Choose a router from the list of the routers.

Step 3

Click Real Time in the left pane.

Step 4

From the Device Options drop-down list, choose one of the following options:

Device Option

Description

Wireless Radio

Displays the radio parameters of the wireless LAN.

Wireless SSID

Displays information about the wireless SSID.

Wireless Clients

Displays information about the wireless clients in the wireless LAN.

Upon selecting a device option, the real-time data for the chosen wireless aspect (Radio, SSID, or Clients) is displayed, providing insight into the current state of the wireless configuration on the selected Cisco ISR 1000 Series Router.

Configuration example for wireless configuration on Cisco ISR 1000 series routers

This section provides a sample CLI configuration for wireless management on Cisco ISR 1000 series routers. This example illustrates a complete setup, including WLAN profiles, radio settings, and general wireless LAN management parameters, serving as a factual representation for reference and implementation.

Wireless configuration example

wlan-profile TEST-Enterprise
radio-band all
vlan-id 300
ssid TEST-Enterprise
data-security enterprise
aaa radius-server 192.168.100.20 auth-port 1812 shared-secret 6 EsrdT_23sss
qos-type silver


wlan-profile TEST-Personal
radio-band all
ssid TEST-Personal
data-security personal
passphrase 0 IdSvs23452#
qos-type silver


radio-profile 24ghz
channel auto
channel-bandwidth auto


radio-profile 5ghz
channel auto
channel-bandwidth auto


wireless-lan mgmt ip address 192.168.1.11 255.255.255.0 default-gateway 192.168.1.1
wireless-lan mgmt credential username admin password 6 sRe32dfst#asd
wireless-lan country US

Troubleshooting wireless configuration on Cisco ISR 1000 series routers

To ensure successful connection of an access point to the Cisco Mobility Express virtual controller or the Embedded Wireless Controller (EWC).

This guidance applies when a Cisco Mobility Express-enabled or EWC-enabled access point fails to establish a connection to the Cisco ISR 1000 Series Router's wireless controller.

The primary reason for this connectivity failure is the absence of an active DHCP server within the management VLAN that is assigned to the Wlan-GigabitEthernet interface. Without an IP address dynamically assigned by a DHCP server, the access point cannot communicate with the controller.

If a DHCP server is not configured in the appropriate VLAN, the access point will remain unable to connect to the wireless controller, thereby preventing wireless client connectivity through that access point.

  • Configure a DHCP Server: Ensure a DHCP server is configured and active within the native VLAN of the WiFi module. This server must be capable of assigning IP addresses to the access points.

  • Verify WLAN Module VLAN Configuration: Confirm that the management interface of the WLAN module is correctly assigned to a specific VLAN that has access to the DHCP server and other necessary network services (e.g., RADIUS).