Configuring the Controller (GUI)
Step 1 Connect your PC to the service port and configure it to use the same subnet as the controller (for example, 184.108.40.206).
Step 2 Start Internet Explorer 6.0 SP1 (or later) or Firefox 220.127.116.11 (or later) on your PC and browse to http://18.104.22.168. The configuration wizard appears.
Figure 3-1 Configuration Wizard — System Information Screen
Step 3 In the System Name text box, enter the name that you want to assign to this controller. You can enter up to 31 ASCII characters.
Step 4 In the User Name text box, enter the administrative username to be assigned to this controller. You can enter up to 24 ASCII characters. The default username is
Step 5 In the Password and Confirm Password text boxes, enter the administrative password to be assigned to this controller. You can enter up to 24 ASCII characters. The default password is
Starting in release 22.214.171.124, the following password policy has been implemented:
The password must contain characters from at least three of the following classes:
– Lowercase letters
– Uppercase letters
– Special characters.
No character in the password must be repeated more than three times consecutively.
The new password must not be the same as the associated username and not be the username reversed.
The password must not be cisco, ocsic, or any variant obtained by changing the capitalization of letters of the word Cisco. In addition, you cannot substitute 1, I, or ! for i, 0 for o, or $ for s..
Step 6 Click
. The SNMP Summary screen appears.
Figure 3-2 Configuration Wizard — SNMP Summary Screen
Step 7 If you want to enable Simple Network Management Protocol (SNMP) v1 mode for this controller, choose
from the SNMP v1 Mode drop-down list. Otherwise, leave this parameter set to
Note SNMP manages nodes (servers, workstations, routers, switches, and so on) on an IP network. Currently, there are three versions of SNMP: SNMPv1, SNMPv2c, and SNMPv3.
Step 8 If you want to enable SNMPv2c mode for this controller, leave this parameter set to
. Otherwise, choose
from the SNVP v2c Mode drop-down list.
Step 9 If you want to enable SNMPv3 mode for this controller, leave this parameter set to
. Otherwise, choose
from the SNVP v3 Mode drop-down list.
Step 10 Click
Step 11 When the following message appears, click
Default values are present for v1/v2c community strings. Please make sure to create new v1/v2c community strings once the system comes up. Please make sure to create new v3 users once the system comes up.
The Service Interface Configuration screen appears.
Figure 3-3 Configuration Wizard — Service Interface Configuration Screen
Step 12 If you want the controller’s service-port interface to obtain an IP address from a DHCP server, select the
DHCP Protocol Enabled
check box. If you do not want to use the service port or if you want to assign a static IP address to the service port, leave the check box unselected.
Note The service-port interface controls communications through the service port. Its IP address must be on a different subnet from the management interface. This configuration enables you to manage the controller directly or through a dedicated management network to ensure service access during network downtime.
Step 13 Perform one of the following:
Step 14 Click
. The LAG Configuration screen appears.
Figure 3-4 Configuration Wizard — LAG Configuration Screen
Step 15 To enable link aggregation (LAG), choose
from the Link Aggregation (LAG) Mode drop-down list. To disable LAG, leave this text box set to
Step 16 Click
. The Management Interface Configuration screen appears.
Figure 3-5 Configuration Wizard — Management Interface Configuration Screen
Note The management interface is the default interface for in-band management of the controller and connectivity to enterprise services such as AAA servers.
Step 17 In the VLAN Identifier text box, enter the VLAN identifier of the management interface (either a valid VLAN identifier or
for an untagged VLAN). The VLAN identifier should be set to match the switch interface configuration.
Step 18 In the IP Address text box, enter the IP address of the management interface.
Step 19 In the Netmask text box, enter the IP address of the management interface netmask.
Step 20 In the Gateway text box, enter the IP address of the default gateway.
Step 21 In the Port Number text box, enter the number of the port assigned to the management interface. Each interface is mapped to at least one primary port.
Step 22 In the Backup Port text box, enter the number of the backup port assigned to the management interface. If the primary port for the management interface fails, the interface automatically moves to the backup port.
Step 23 In the Primary DHCP Server text box, enter the IP address of the default DHCP server that will supply IP addresses to clients, the controller’s management interface, and optionally, the service port interface.
Step 24 In the Secondary DHCP Server text box, enter the IP address of an optional secondary DHCP server that will supply IP addresses to clients, the controller’s management interface, and optionally, the service port interface.
Step 25 Click
. The AP-Manager Interface Configuration screen appears.
Note This screen does not appear for Cisco 5500 Series Controllers because you are not required to configure an AP-manager interface. The management interface acts like an AP-manager interface by default.
Step 26 In the IP Address text box, enter the IP address of the AP-manager interface.
Step 27 Click
. The Miscellaneous Configuration screen appears.
Figure 3-6 Configuration Wizard — Miscellaneous Configuration Screen
Step 28 In the RF Mobility Domain Name text box, enter the name of the mobility group/RF group to which you want the controller to belong.
Note Although the name that you enter here is assigned to both the mobility group and the RF group, these groups are not identical. Both groups define clusters of controllers, but they have different purposes. All of the controllers in an RF group are usually also in the same mobility group and vice versa. However, a mobility group facilitates scalable, system-wide mobility and controller redundancy while an RF group facilitates scalable, system-wide dynamic RF management.
Step 29 The Configured Country Code(s) text box shows the code for the country in which the controller will be used. If you want to change the country of operation, select the check box for the desired country.
Note You can choose more than one country code if you want to manage access points in multiple countries from a single controller. After the configuration wizard runs, you need to assign each access point joined to the controller to a specific country. See the “Configuring Country Codes” section for instructions.
Step 30 Click
Step 31 When the following message appears, click
Warning! To maintain regulatory compliance functionality, the country code setting may only be modified by a network administrator or qualified IT professional. Ensure that proper country codes are selected before proceeding.
The Virtual Interface Configuration screen appears.
Figure 3-7 Configuration Wizard — Virtual Interface Configuration Screen
Step 32 In the IP Address text box, enter the IP address of the controller’s virtual interface. You should enter a fictitious, unassigned IP address.
Note The virtual interface is used to support mobility management, DHCP relay, and embedded Layer 3 security such as guest web authentication and VPN termination. All controllers within a mobility group must be configured with the same virtual interface IP address.
Step 33 In the DNS Host Name text box, enter the name of the Domain Name System (DNS) gateway used to verify the source of certificates when Layer 3 web authorization is enabled.
Note To ensure connectivity and web authentication, the DNS server should always point to the virtual interface. If a DNS host name is configured for the virtual interface, then the same DNS host name must be configured on the DNS servers used by the client.
Step 34 Click
. The WLAN Configuration screen appears.
Figure 3-8 Configuration Wizard — WLAN Configuration Screen
Step 35 In the Profile Name text box, enter up to 32 alphanumeric characters for the profile name to be assigned to this WLAN.
Step 36 In the WLAN SSID text box, enter up to 32 alphanumeric characters for the network name, or service set identifier (SSID). The SSID enables basic functionality of the controller and allows access points that have joined the controller to enable their radios.
Step 37 Click
Step 38 When the following message appears, click
Default Security applied to WLAN is: [WPA2(AES)][Auth(802.1x)]. You can change this after the wizard is complete and the system is rebooted.
The RADIUS Server Configuration screen appears.
Figure 3-9 Configuration Wizard — RADIUS Server Configuration Screen
Step 39 In the Server IP Address text box, enter the IP address of the RADIUS server.
Step 40 From the Shared Secret Format drop-down list, choose ASCII or Hex to specify the format of the shared secret.
Note Due to security reasons, the RADIUS shared secret key reverts to ASCII mode even if you have selected HEX as the shared secret format from the Shared Secret Format drop-down list.
Step 41 In the Shared Secret and Confirm Shared Secret text boxes, enter the secret key used by the RADIUS server.
Step 42 In the Port Number text box, enter the communication port of the RADIUS server. The default value is 1812.
Step 43 To enable the RADIUS server, choose
from the Server Status drop-down list. To disable the RADIUS server, leave this text box set to
Step 44 Click
. The 802.11 Configuration screen appears.
Figure 3-10 Configuration Wizard — 802.11 Configuration Screen
Step 45 To enable the 802.11a, 802.11b, and 802.11g lightweight access point networks, leave the
802.11a Network Status
802.11b Network Status
802.11g Network Status
check boxes selected. To disable support for any of these networks, unselect the check boxes.
Step 46 To enable the controller’s radio resource management (RRM) auto-RF feature, leave the
check box selected. To disable support for the auto-RF feature, unselect this check box.
Note The auto-RF feature enables the controller to automatically form an RF group with other controllers. The group dynamically elects a leader to optimize RRM parameter settings, such as channel and transmit power assignment, for the group.
Step 47 Click
. The Set Time screen appears.
Figure 3-11 Configuration Wizard — Set Time Screen
Step 48 To manually configure the system time on your controller, enter the current date in Month/DD/YYYY format and the current time in HH:MM:SS format.
Step 49 To manually set the time zone so that Daylight Saving Time (DST) is not set automatically, enter the local hour difference from Greenwich Mean Time (GMT) in the Delta Hours text box and the local minute difference from GMT in the Delta Mins text box.
Note When manually setting the time zone, enter the time difference of the local current time zone with respect to GMT (+/–). For example, Pacific time in the United States is 8 hours behind GMT. Therefore, it is entered as –8.
Step 50 Click
. The Configuration Wizard Completed screen appears.
Figure 3-12 Configuration Wizard — Configuration Wizard Completed Screen
Step 51 Click
Save and Reboot
to save your configuration and reboot the controller.
Step 52 When the following message appears, click
Configuration will be saved and the controller will be rebooted. Click ok to confirm.
Step 53 The controller saves your configuration, reboots, and prompts you to log in. Follow the instructions in the “Using the Controller Web GUI” section to log into the controller.