Enabling WEB GUI on both the 5760 and 3850 Platforms
Currently, Cat3850 and CT5760 ships with the first release labeled as 3.2.01. If you have an existing CAT3850/CT5760 and want to use the GUI to configure or monitor your wireless network, please follow the steps below:
1. Console to the 3850/5760 platform. Save your current configuration and upgrade to 3.2.2 release available on cisco.com. Upgrade procedure can be found in the link below:
Note During the upgrade, firmware will be upgraded and therefore it will take few more additional minutes than the regular upgrade. Please do not turn off the unit during the upgrade.
2. After upgrading to 3.2.2 version, the web GUI functionality will be enabled. By default, https is enabled. You can access the web GUI through https, but if you want to enable http access, you can do so by issuing the following IOS CLI command:
Controller(config)#ip http server
3. Using the IOS CLI, you will need to create a username and password to access the GUI. You can configure a local username by issuing the following command:
Controller(config)#username admin privilege 15 password Cisco123.
Or you can configure it to use credentials using an authentication server. Make sure the user has privilege 15 access level.
4. To access the GUI, you can configure the out of band management port (GigE 0/0) or use existing reachable configured interfaces through the network.
5. Now, you will be able to access the Web GUI interface. Open a browser and type your controller/switch IP address. Example: https://10.10.10.5/. Please refer to the configuration examples below for additional Web GUI access information.
Note If you have an out of the box or brand new 5760 or 3850, please console to the box and go through the Startup Wizard as outlined in the deployment guide located at: http://www.cisco.com/en/US/docs/wireless/technology/5760_deploy/Supported_Features.html
If you require additional information regarding any of the field while going through the deployment guide, please refer to the GUI Online Help available after you have successfully accessed the GUI through the steps below.
GUI Access for CT5760/3850 Example
Complete these steps:
Step 1 For GUI access, open a browser and type your controller IP address. By default https is enabled, for example:
Note You can setup username/password using the following CLI command:
Controller(config)#username admin privilege 15 password Cisco123. This is an example and not the default username and password.
Once you login, you will be directed to the following page:
Step 2 Click Wireless WEB GUI, this will direct you to the home page shown below:
Basic Configuration for CT5760/3850 Example
In this section you will perform basic controller and management configuration using the GUI Wizard of the CT5760 or CAT 3850.
Step 3 Under the Configuration tab, choose the option Wizard.
Step 4 Configure Admin username and password.
Step 5 Configure SNMP information—You can configure SNMP trap in this section, give a Location and Contact and proceed to the next step.
Step 6 Management Interface Configuration—You can use the out of band Management Port to access the controller. Enter the IP address and Netmask value and proceed to the next screen for Wireless management configuration.
Step 7 Wireless Management Configuration—Here, you can configure Wireless Management interface on the 5760 and assign it for a specific VLAN. Please assign VLAN IP and default gateway.
Step 8 RF Mobility and Country Code settings—Here, you can enter the RF Mobility configuration and select a country code. As an example, enter rfdemo as the RF mobility name and choose US for Country Code.
Step 9 Mobility Configuration—Here, you can change the Mobility Group Name and other Mobility timers. Please click Next to go to the next screen.
Step 10 Creating a WLAN—You can create a WLAN in this screen. It is disabled by default. Create an 802.1x WLAN name. In this example, it is NGWC1-1x.
Step 11 Enabling 802.11 Radios—Radios were disabled once the country code was changed in earlier steps. Enable the radio by checking th 802.11a/n and 802.11 b/g/n check boxes.
Step 12 Time Settings—You can choose between two modes: Manual and NTP. In the following example, choose NTP and use 10.10.10.1 as the NTP Server IP Address.
Step 13 Save and apply the Wizard
Step 14 Confirmation Message–Please wait few seconds until the configurations are applied. You should see the success message below. Click OK and this concludes the initial Wizard configuration.
Note This concludes the Initial Wizard setup. Next section describes the AAA configuration.
AAA Configuration for 802.1x WLAN Example
In this section you will setup AAA configuration.
Step 15 Configuring AAA settings for 802.1x WLAN—Under the Configuration tab, choose Security.
This opens the AAA configuration page:
Step 16 Radius Server Configuration—Expand the Radius tab and click New
Enter the ISE/Radius server information as shown below and then click Apply.
Click OK and you should see the following window.
Step 17 Server Group Creation—Go to Server Group > Radius > New
Once you click Apply, a confirmation pop-up appears:
Click OK and confirm that the server group cisco is created.
Step 18 Creating AAA Method Lists for Authentication/Accounting/Authorization—Go to AAA > Method Lists > Authentication > New
Once you click Apply, a confirmation pop-up appears:
Click OK and confirm that the server group cisco is created.
Repeat the same step for Accounting and Authorization:
This concludes the Radius and AAA configuration. Next section explains WLAN settings. Before moving on, please save your configuration by clicking Save Configuration in the upper right hand side of the GUI.
801.1x WLAN Configuration Example
In this section you will perform 802.1x WLAN configuration using ISE as a radius server
Step 19 Enabling 802.1x on the entire system.
Under Configuration tab, navigate to Controller > System > General
Enable Dot1x System Auth Control and click Apply. Once you get a confirmation message, move to the next step.
Step 20 Edit WLAN Configuration and Assign VLAN—Under Configuration tab, choose Wireless
Navigate to Wireless > WLAN, you should see the WLAN summary page:
Select WLAN NGWC1-1x, you can now edit its settings.
Step 21 Apply Security Settings—Under Security tab, Layer 2. Make sure WPA+WPA2 is selected as Layer 2 Security and 802.1x is selected as Auth Key Mgmt
Under WLAN > Security > AAA Server, type cisco as the Authentication and Accounting Methods that was created earlier under AAA.
Under WLAN > Advanced, enable Allow AAA Override
Now click Apply to enable the WLAN and its settings.
Once you click Apply, you will be prompted with the message below. Click OK.
Confirmation message appears. Click OK.
Step 22 Saving Config—Once client verification is done, save the configuration by selecting Save Configuration in the upper right hand side of the screen.
Creating a Switch Peer Group (SPG) on Mobility Controller 5760 Example
In this section, you will be able to configure Switch Peer Group (SPG) and add members (Mobility Agent) to the Group on the Mobility Controller (MC).
Step 23 On the 5760 controller GUI, navigate to Configuration > Controller > Mobility Management
Step 24 Under Mobility Management tab, select Switch Peer Group tab. Click New and create a new Switch Peer Group (SPG1).
Step 25 Create new Switch Peer Group SPG1 and Click Apply
Step 26 Click OK
Step 27 Go to Switch Peer Group tab and verify that SPG1 is created. Select SPG1
Step 28 Add member in SPG1 by clicking new
Step 29 Add public and private Mobility Agent (MA) IP address. Example = 10.10.10.2
Step 30 Click OK
You can repeat this step to add additional MA to the switch group or create a different SPG name.
Step 31 Go to Switch Peer Group tab and verify that Switch peer group Member Count is 1.
Step 32 Click SPG1 and verify that your MA address, and control and data link status is Down. That is normal for now since you will be configuring the 3850 (MA) in the upcoming steps.
Configuring Mobility between Mobility Agent (3850) and Mobility Controller (5760) Example
Step 33 Follow the same steps outlined in the to access and configure the 3850 switch. In this example, we will start with the Initial Wizard Configuration. Please note that there are differences between the 3850 and the 5760 Initial Wizard configuration.
Open a browser and type your 3850 IP address. For example:
Enter username: admin
Step 34 Landing Page for MA UA-C3850-24P. Select Wireless Web GUI
Step 35 Login to the Home page of the 3850 and verify the software version, System model and system name.
Step 36 Under Configuration Tab, choose Wizard
Step 37 Configure admin username and password.
Step 38 You can configure SNMP trap in this section, give a Location and Contact to proceed to next step.
Step 39 Management Interface Configuration—You can use the out of band Management Port to access the switch. Enter the IP address/Netmask shown in the screen below and proceed to next screen for Wireless management configuration.
Step 40 Wireless Management Configuration—Here, you can configure Wireless Management interface on the 3850 and assign it for a specific VLAN. Assign VLAN IP and default gateway.
Note AP is connected to Interface Gig1/0/3 marked as access port.
Step 41 Enter RF mobility domain name as rfdemo and Country code US
Step 42 Enter Mobility configuration. Define Mobility role as Mobility Agent and enter Mobility Controller public and private IP Address as 10.10.10.5. This is where you point the MA to the MC.
Step 43 Enter WLAN ID as 1 and SSID/Profile information as ngwc1-1x.
Step 44 Enable Radios as shown below and click Next
Step 45 Set time as NTP or Manual
Step 46 Enter NTP server as 10.10.10.1 as an example and click Next
Step 47 At Save Wizard page verify Mobility Configuration, WLAN and Wireless Management configuration for your Network
Step 48 Apply Changes and verify that all the configurations are successfully applied.
Note It will take few seconds for the changes to be applied. Do not click multiple times.
Step 49 The below figure displays the final success page where you can verify your configuration changes.
Exercise—Verify New Mobility on MA 3850 and MC 5760
Step 50 On Mobility Agent 3850, navigate to Configuration > Controller > Mobility Management
Step 51 Select Mobility Global Config and verify the Mobility role as Mobility Agent and Mobility Controller IP address as your MC 10.10.10.5
Step 52 Now switch back to your Mobility Controller.
Step 53 Go to Configuration > Controller > Mobility Management > Switch Peer Group and then click SPG1.
Step 54 Check your MA IP address 10.10.10.2 and verify that the control link status and data link status is UP. If link is still showing down then refresh the page. It usually takes around a minute for the link to show as UP.
Step 55 Now, go to Monitor > Controller > Mobility > Mobility Statistics
Step 56 Verify the Mobility statistics.
Monitoring: Verify AP Registration Example
In this section, you will monitor and verify AP and Client connectivity.
Step 57 Go to Monitor > Wireless > Access Points
Step 58 At Access Point tab > All APs verify that you see your AP connected and it is operationally UP.
Click the AP and you can check the radio stats, Channel assignment, and RF Parameters
Monitoring: Verify Client Connectivity Example
Step 59 Connecting a Client to your 802.1x WLAN—Go to Monitor > Clients and check that the client is connected.
Configure Mobility Oracle, Mobility Peer and Verify Statistics on MC 5760 Example
Step 60 Now login back to Mobility Controller 5760 GUI using https://10.10.10.5 and navigate to Configuration > Controller > Mobility Management and enable Mobility Oracle as shown below. Click Apply.
Step 61 Click OK
Step 62 Go to Mobility Peer tab and verify that only MC is showing and the link status is shown as UP
Step 63 Now navigate to Monitor > Mobility > Mobility Oracle Summary and verify that the client count is shown as 1.
Step 64 Click the IP address and verify your client details on MO as shown below:
Managing CT5760/Cat3850 with Cisco Prime Infrastructure 2.0 Example
In this section you will:
Configure SNMP on CT5760
Add CT5760/Cat3850 to Cisco Prime Infrastructure
Manage basic CT5760/Cat3850 functions on Prime Infrastructure
Step 65 SNMP strings Configurations—Navigate to 5760 Web GUI: Configuration > Controller > Management > Protocol Management > SNMP > Communities
Configure SNMP strings for private and public.
Repeat the same step for a public Community
Step 66 Log in to PI 2.0.
Step 67 Navigate to PI > Operate > Device Work Center.
Step 68 Click Add Device.
Step 69 Enter the CT5760 parameters:
a. IP address – CT5760 mgt IP
b. Read-Write SNMP string (private)
c. Telnet credentials
Username = admin
User password = admin
iEnable password = cisco
HTTP credentials can be IGNORED
Step 70 Confirm Prime Infrastructure discovery of the CT5760—If reachable and successful, the status will show as complete with the correct device type.
Step 71 Repeat the same steps by creating SNMP community strings on the 3850 and adding it to Prime Infrastructure.
Step 72 Explore Cisco Prime Infrastructure GUI in management of CT5760, e.g. client statistics, details, reports and so on.