- Index
- Preface
- Overview
- Using the Command-Line Interface
- Clustering Switches
- Assigning the Switch IP Address and Default Gateway
- Configuring Cisco IOS Configuration Engine
- Managing Switch Stacks
- Administering the Switch
- Configuring SDM Templates
- Configuring Switch-Based Authentication
- Configuring IEEE 802.1x Port-Based Authentication
- Configuring Web-Based Authentication
- Configuring Interface Characteristics
- Configuring VLANs
- Configuring VTP
- Configuring Voice VLAN
- Configuring Private VLANs
- Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling
- Configuring STP
- Configuring MSTP
- Configuring Optional Spanning-Tree Features
- Configuring Flex Links and the MAC Address-Table Move Update Feature
- Configuring DHCP Features and IP Source Guard
- Configuring Dynamic ARP Inspection
- Configuring IGMP Snooping and MVR
- Configuring Port-Based Traffic Control
- Configuring CDP
- Configuring LLDP, LLDP-MED, and Wired Location Service
- Configuring UDLD
- Configuring SPAN and RSPAN
- Configuring RMON
- Configuring System Message Logging
- Configuring SNMP
- Configuring Embedded Event Manager
- Configuring Network Security with ACLs
- Configuring QoS
- Configuring EtherChannels and Link-State Tracking
- Configuring TelePresence E911 IP Phone Support
- Configuring IP Unicast Routing
- Configuring IPv6 Routing
- Configuring IPv6 MLD Snooping
- Configuring IPv6 ACLs
- Configuring HSRP
- Configuring Cisco IOS IP SLAs Operations
- Configuring Enhanced Object Tracking
- Configuring IP Multicast Routing
- Configuring MSDP
- Configuring Cache Services By Using WCCP
- Configuring Fallback Bridging
- Troubleshooting
- Configuring Online Diagnostics
- Configuring the Catalyst 3750G Integrated Wireless LAN Controller Switch
- Supported MIBs
- Working with the Cisco IOS File System, Configuration Files, and Software Images
- Unsupported Commands in Cisco IOS Release 12.2(55)SE
Configuring the Catalyst 3750G Integrated Wireless LAN Controller Switch
The Catalyst 3750G Integrated Wireless LAN Controller Switch is an integrated Catalyst 3750 switch and Cisco 4400 series wireless LAN controller that supports up to 25 or 50 lightweight access points. The switch and the internal controller run separate software versions, which must be upgraded separately. Although the interaction between the switch and the controller is minimal, these software images must be compatible for the wireless LAN controller switch to operate correctly. See the Catalyst 3750 switch release notes for switch and controller software compatibility information.
Note When using the wireless LAN controller switch in a stack, you should load this image on all switches in the stack. However, wireless capability is available only on the Catalyst 3750G Integrated Wireless LAN Controller Switch.
The integrated controller runs software for the Cisco 4402 wireless controller. For information about the controller software release, see the Release Notes for Cisco Wireless LAN Controllers and Lightweight Access Point, Release 4.0.x.0. For controller software upgrade procedure, see the Cisco Wireless LAN Controller Configuration Guide Release 4.0.
If the switch and controller software are not compatible, you need to upgrade or downgrade the software so that they are compatible:
- When the Wireless LAN Control Protocol (WCP) version in the Catalyst 3750 image and the controller image do not match, the switch generates syslog message. If the system still functions, you should upgrade or downgrade software to synchronize the images.
- If WCP stops working, you can use the second console port on the switch to upgrade or downgrade controller software. If WCP stops working, the switch resets the wireless LAN controller approximately every 320 seconds.
This appendix contains information that applies to the software running on the switch, and describes only features that are specific to the wireless LAN controller switch. For information about the switch commands specific to the Catalyst 3750G switch, see the command reference for this release.
Understanding the Wireless LAN Controller Switch
The Catalyst 3750G Integrated Wireless LAN Controller Switch is a Layer 3 IEEE 802.3af-compliant switch with an integrated wireless LAN controller capable of supporting up to 25 or 50 lightweight access points. The switch combines the Catalyst 3750 switch infrastructure with wireless LAN controller and access points to provide an IEEE 802.11 mobile wireless solution.
The wireless LAN controller switch has these features:
- Layer 2 and Layer 3 wireless mobility
- wireless LAN controller in appliance mode using Layer 3 Lightweight Access Point Protocol (LWAPP) to control access points in the same or different subnet than the controller
- Layer 3 roaming
- single point of ingress for wireless traffic
- integration of wireless traffic with existing wired network infrastructure.
- Layer 2 switching and Layer 3 routing capability
- software parity with the Catalyst 3750 IP base and IP services cryptographic and noncryptographic images
- optimized for 25 and 50 access points and up to 500 wireless users
- Power over Ethernet ports for powering access points or other network appliances, such as IP phones
The Catalyst 3750G switch software handles all the switch features, including routing, bridging, access control lists (ACLs), and quality of service (QoS). The controller handles all wireless functionality. The Catalyst 3750G switch and the internal wireless controller are connected internally through two Gigabit Ethernet links. These links are automatically configured to direct the switch wireless traffic toward the controller, requiring minimal configuration by the user.
The Wireless LAN Controller Switch and Switch Stacks
The wireless LAN controller switch can coexist with other Catalyst 3750 switches in a switch stack. However, for controller functionality, all switches in the stack should be running software that supports the controller. To support wireless controller redundancy, there should be at least two wireless LAN controller switches in a stack. A stack should contain no more than four wireless LAN controller switches.
The wireless LAN controller switch can be a master switch or a member switch in a stack. Stacking behavior for a wireless LAN controller switch is consistent with that of other Catalyst 3750 switches. For wireless functionality, you can configure the access points so that if one wireless LAN controller switch in a stack shuts down, the access points and wireless clients controlled by the controller in this switch automatically migrate to the controller of another wireless LAN controller switch in the stack, The traffic for wireless clients experiences a short interruption due to reassociation and reauthentication.
In a switch stack, each switch holds a unique switch number (1 to 9). This same switch number is used to access the controller in a switch in a stack or a standalone switch, where the switch number is 1 by default. For example, to access the controller in stack member 3, use the session 3 processor 1 privileged EXEC command (where processor 1 represents the controller). To access the controller in a standalone switch, use the command session 1 processor 1.
Note Always power off a switch before adding or removing it from a switch stack.
Controller and Switch Interaction
The Catalyst 3750G switch and its internal controller are managed separately. You can manage the switch by using the switch CLI, eXpresso, or CNA. You can manage the controller by using the controller CLI, the embedded controller GUI, or WCS. To use the GUI or WCS, you must configure the controller management interface, either through the 3750 CLI, the controller CLI, eXpresso, or Express Setup. See the Catalyst 3750 Integrated Wireless LAN Controller Switch Getting Started Guide for how to use eXpresso and express setup. To access the controller CLI, enter the session switch-number processor 1 privileged EXEC command.
When you power on the wireless LAN controller switch, POST is performed separately by both the Catalyst 3750 switch and by the wireless controller. Both maintain separate configuration files, which must be separately saved or cleared.
Note these switch and controller interactions:
- The Catalyst 3750G switch and the controller maintain separate configuration files. They are not automatically synchronized.
- When the switch resets, this automatically resets the controller. When the controller is reset by the switch, the controller configuration is not automatically saved.
- Password recovery functions separately on the switch and on the controller.
– You can trigger the password recovery procedure on the switch by pressing the switch Mode button. (See Chapter 49, “Troubleshooting”for information about the switch password recovery procedure.)
– Password recovery on the controller can be performed by selecting clear config from a hidden boot-up menu accessible if the user initiates an escape from the controller bootup process. This requires serial console access to the controller through the second console port.
Internal Ports
The two internal Gigabit Ethernet ports connect the switch and controller hardware. These ports carry the wireless control and data traffic, as well as the switch and controller management traffic. The links are automatically configured to allow internal traffic between the switch and the controller. In addition, an internal VLAN ID is chosen by the Catalyst 3750G switch and communicated to the controller. You cannot configure the internal VLAN.
In order to operate correctly with the controller, the internal ports (identified as Gigabit Ethernet ports 27 and 28) must have these characteristics:
- IEEE 802.1Q trunk mode
- static Ether Channel ports with Port Aggregation Protocol (PAgP) and Link Aggregation Control Protocol (LACP) disabled
- generation of Dynamic Trunking Protocol (DTP) frames disabled)
- spanning tree protocol (STP) Port Fast mode enabled
- Cisco Discovery Protocol (CDP) disabled
- UniDirectional Link Detection (UDLD) disabled
The ports are automatically configured with these parameters, including membership in an EtherChannel port group, and you should not change these configurations. However, it is important that the EtherChannel port group should be unique on the switch and in the stack; no other ports should belong to the port group that contains the internal ports. If a switch stack includes more than one wireless LAN controller switch, the internal port channel number must be different within each switch.
You can reconfigure the port channel number if necessary, and you can explicitly configure these ports with other parameters. However, you should not configure features that limit traffic flow, such as ACLs, VLAN maps, and IP source guard.
Configuring the Wireless LAN Controller Switch
You configure the wireless LAN controller switch by using the same commands that you use to configure any Catalyst 3750 switch (standalone or in a switch stack). This section describes only the configuration specific to the wireless LAN controller switch and includes these sections:
Internal Port Configuration
As explained in the “Internal Ports” section, the internal ports connecting the switch and controller are Gigabit Ethernet ports 27 and 28. You should not change the parameters defined in that section as required for switch and controller interaction. This is a sample configuration for the internal ports:
You can also configure other parameters on these ports in interface configuration mode. For example, by default, all traffic on all VLANs are sent to the controller. You should limit the VLANs that are allowed on the internal trunk by using the switchport trunk allowed vlan interface configuration command. You enter interface configuration mode for an internal port the same as any other port. For example, if the wireless LAN controller switch is a standalone switch or switch number 1 in a stack, use this command to enter interface configuration mode for internal port 27:
The internal ports are automatically configured to belong to a static Ether Channel that has PAgP and LACP disabled. No other ports (internal or otherwise) in the switch stack should be members of this EtherChannel. To identify the internal port channel number that the switch has automatically configured, use the show etherchannel summary privileged EXEC command.
This output shows that the internal ports on switch 1 in the stack belong to port channel 40. You should not use this port channel for any other ports in the stack.
Reconfiguring the Internal Ports
You should not modify the automatic configuration of the internal ports, but if they somehow lose the automatic configuration, you should reconfigure the ports to that configuration.
Beginning in privileged EXEC mode, follow these steps to configure the internal ports to the automatic configuration:
Accessing the Controller
You can configure the internal wireless controller by using the embedded controller GUI, WCS, or the controller CLI. You use the management interface IP address to access the controller GUI from a browser or from WCS.
You access the controller CLI from the master switch in a switch stack or from a standalone wireless LAN controller switch by using the session stack-member-number processor 1 privileged EXEC command. This command takes you to the controller CLI to enter controller configuration commands. This example assumes that switch 2 in a stack is the wireless LAN controller switch:
See the Cisco Wireless LAN Controller Configuration Guide Release 4.0 for controller CLI configuration information.
Displaying Internal Wireless Controller Information
To use access the controller GUI, you need to enter the management interface IP address. From the switch CLI, you can enter the show platform wireless-controller privileged EXEC command with or without keywords to display the management IP address, as well as other information about the internal controller as shown in this example.