配置DNA空间和Mobility Express Direct Connect并排除故障
简介
本文档介绍
背景信息
与基于AireOS的常规无线局域网控制器一样,在802.11ac Wave 2接入点(2800、3800、4800、1542、1562、1850、11上运行的思科移动快捷版(ME)815)可通过3种方式连接到DNA空间云:
- 直接连接
- 通过DNA空间连接器
- 通过思科CMX内部设备或VM
从Mobility Express 8.3版开始,支持与DNA空间集成。本文将仅介绍Direct Connect的设置和故障排除。
要求
先决条件
使用的组件
- Mobility Express映像8.10。
- 1542年无线接入点
- DNA空间云
本文中概述的步骤假设ME已部署,并且具有工作的Web界面和SSH。
本文档中的信息都是基于特定实验室环境中的设备编写的。本文档中使用的所有设备最初均采用原始(默认)配置。如果您的网络处于活动状态,请确保您了解所有命令的潜在影响。
配置
移动性快捷解决方案
DNA空间云节点和ME正在通过HTTPS协议(端口443)进行通信。在此测试设置中,在1542 AP上运行的ME已置于具有完全互联网访问权限的NAT之后。
通过Web界面进行配置
在Mobility Express控制器可以连接到DNA空间之前,需要设置NTP和DNS服务器,并且至少连接一个AP。与其他基于AireOS的控制器不同,Mobility Express不要求安装DigiSign根证书(在撰写本文时)。
访问Mobility Express Web界面,在右上角单击2个绿色箭头以启用Expert模式。专家模式将解锁某些隐藏选项:
导航至Management > Time,并确保WLC与NTP同步。 默认情况下,EWC已预配置为使用ciscome.pool.ntp.org NTP服务器:
导航至Advanced > Controller Tools > Troubleshooting Tools,并验证是否已添加DNS服务器。默认情况下,ME已预配置为使用Open DNS服务器。HTTP代理地址和端口可以在同一页上输入:
在Wireless Settings > Access Points下,验证至少已加入一个AP。此AP可以是ME运行的AP:
在DNA空间云上,登录并导航至Setup > Wireless Networks > Connect WLC/Catalyst 9800 Directly,然后单击View Token:
复制令牌和URL:
在ME Web界面中,在Advanced > CMX下,粘贴URL和Authentication Token:
要验证连接是否已建立,请单击“测试链接”按钮。如果连接已建立,则按钮将更改为“Link Up:(链路打开:)”
跳过下一章,转到“将控制器导入位置层次结构”。
通过CLI进行配置
验证NTP是否已配置并同步:
(ME) >show time Time............................................. Mon Feb 24 23:38:13 2020 Timezone delta................................... 0:0 Timezone location................................ (GMT +1:00) Amsterdam, Berlin, Rome, Vienna NTP Servers NTP Version.................................. 3 NTP Polling Interval......................... 86400 Index NTP Key Index NTP Server Status NTP Msg Auth Status ------------------------------------------------------------------------------------- 1 0 0.ciscome.pool.ntp.org In Sync AUTH DISABLED 2 0 1.ciscome.pool.ntp.org Not Tried AUTH DISABLED 3 0 2.ciscome.pool.ntp.org Not Tried AUTH DISABLED
可以使用config time ntp server <index> <ip_address>命令添加新的NTP服务器。
验证DNS服务器是否已配置:
(ME) >show network summary RF-Network Name............................. ME DNS Server IP1.............................. 192.168.1.1 DNS Server IP2.............................. 208.67.222.222 DNS Server IP3.............................. 208.67.220.220
可以使用config network dns serverip <ip_addr>命令添加新的DNS服务器。
要确认AP已加入,请执行以下操作:
(ME) >show ap summary Number of APs.................................... 1 Global AP User Name.............................. admin Global AP Dot1x User Name........................ Not Configured Global AP Dot1x EAP Method....................... EAP-FAST * prefix indicates Cisco Internal AP AP Name Slots AP Model Ethernet MAC Location Country IP Address Clients DSE Location --------------------- ----- ----------------- ----------------- ------------------ ---------- --------------- ------- -------------- *APD478.9BF8.7070 2 AIR-AP1542I-E-K9 d4:78:9b:f8:70:70 default location BE 192.168.1.185 0 [0 ,0 ,0 ]
如前所述,访问DNA空间云,导航至Setup > Wireless Networks > Connect WLC/Catalyst 9800 Directly,然后单击View Token:
复制令牌和URL:
运行以下命令:
(ME) >config cloud-services cmx disable (ME) >config cloud-services server url [URL] (ME) >config cloud-services server id-token [TOKEN] (ME) >config cloud-services cmx enable
要验证与DNA空间云的连接是否已成功建立,请运行:
CMX Service Server ....................................... https://vasilijeperovic.dnaspaces.eu IP Address.................................... 63.33.127.190 Connectivity.................................. https: UP Service Status ............................... Active Last Request Status........................... HTTP/1.1 200 OK Heartbeat Status ............................. OK Payload Compression type ..................... gzip
将控制器导入位置层次结构
其余配置将在DNA空间中完成。在Setup > Wireless Networks > Connect WLC/Catalyst 9800 Directly下,单击Import Controllers。
选中您的帐户名称旁边的单选按钮,然后点击“下一步”。如果已添加了一些位置,它们将显示在以下列表中:
查找控制器IP地址,选中控制器IP地址旁的复选框,然后按下一步:
由于尚未添加其他位置,只需单击“完成”:
系统将弹出提示,提示ME已成功导入位置层次结构:
既然EWC已成功连接到云,您就可以开始使用所有其他DNA空间功能。
验证
当前没有可用于此配置的验证过程。
故障排除
本节提供可用于排除配置故障的信息。
在Mobility Express上进行调试非常有限,在撰写本文时,对于与云的连接失败的原因,没有提供太多的见解。 缺少NTP服务器、DNS未解析DNA空间域名和防火墙阻止HTTPS流量都将产生相同的调试和显示输出:
(ME) >show cloud-services cmx summary CMX Service Server ....................................... https://vasilijeperovic.dnaspaces.eu IP Address.................................... 0.0.0.0 Service Status ............................... Down Connectivity.................................. https: Failed to establish connection Time remaining for next Retry................. 5 Seconds
如果与云的连接失败,Mobility Express将每30秒重试一次以建立它。要启用调试,只需运行:
(ME) >debug nmsp all enable
*emWeb: Jul 01 00:20:52.836: Started http trace logging to file /var/log/debug/wlc-debug-captures.txt
对于丢失的NTP服务器、DNS未解析DNA空间域名和防火墙阻止HTTPS流量,调试输出将再次相同。因此,始终建议在AP交换机端口上执行数据包捕获。
以下是因未配置NTP而导致连接失败的示例:
(ME) >debug nmsp all enable Debugging session started on Jul 01 00:20:52.839 for WLC AIR-AP1542I-E-K9 Version :8.10.112.0 SN :FGL2324B02P Hostname ME *nmspTxServerTask: Jul 01 00:21:05.408: Received Message LOCP_HTTPS_SERVICE_UPDATE *nmspTxServerTask: Jul 01 00:21:05.408: Received CMX service command CMX_SERVICE_LINK_CHECK, Buffer Length 1292 *nmspTxServerTask: Jul 01 00:21:05.408: connection failed. Attempt 1 *nmspTxServerTask: Jul 01 00:21:05.409: Configured Domain:vasilijeperovic.dnaspaces.eu *nmspTxServerTask: Jul 01 00:21:05.409: Connect to data.dnaspaces.eu/networkdata, Tenent Id vasilijeperovic *nmspTxServerTask: Jul 01 00:21:05.409: Keep Alive Url:https://data.dnaspaces.eu/api/config/v1/nmspconfig/192.168.1.13 *nmspTxServerTask: Jul 01 00:21:05.409: Initating cmx-cloud connetion. port 443, token eyJ0eXAiOiJKV1Q[information-omitted]I8krcrpmRq0g *nmspTxServerTask: Jul 01 00:21:05.409: [CTX:0] Tx handles in use 0, free 1 *nmspTxServerTask: Jul 01 00:21:05.411: [CTX:1] Tx handles in use 0, free 32 *nmspTxServerTask: Jul 01 00:21:05.411: Http connection URL https://data.dnaspaces.eu/networkdata?jwttoken=eyJ0eXAiOiJKV1Q[information-omitted]I8krcrpmRq0g *nmspTxServerTask: Jul 01 00:21:05.411: Sending Echo Req in start. Refresh Handle =Yes *nmspTxServerTask: Jul 01 00:21:05.411: Https Control path handle may be refreshed. *nmspMxServerTask: Jul 01 00:21:05.413: Async Perform done on 1 messages
成功连接的示例:
(ME) >debug nmsp all enable Debugging session started on Feb 25 01:13:04.913 for WLC AIR-AP1542I-E-K9 Version :8.10.112.0 SN :FGL2324B02P Hostname ME
*emWeb: Feb 25 01:13:10.138: Init cmx-cloud config: Already initialized *emWeb: Feb 25 01:13:10.138: Starting connection retry timer *emWeb: Feb 25 01:13:10.138: Posting Service Request 50 to Tx service *nmspTxServerTask: Feb 25 01:13:10.212: Received Message LOCP_HTTPS_SERVICE_UPDATE *nmspTxServerTask: Feb 25 01:13:10.213: Received CMX service command CMX_SERVICE_START, Buffer Length 1292 *nmspTxServerTask: Feb 25 01:13:10.213: Configured Domain:vasilijeperovic.dnaspaces.eu *nmspTxServerTask: Feb 25 01:13:10.213: Connect to data.dnaspaces.eu/networkdata, Tenent Id vasilijeperovic *nmspTxServerTask: Feb 25 01:13:10.213: Keep Alive Url:https://data.dnaspaces.eu/api/config/v1/nmspconfig/192.168.1.13 *nmspTxServerTask: Feb 25 01:13:10.213: Initating cmx-cloud connetion. port 443, token eyJ0eXAiOiJKV1Q[information-omitted]I8krcrpmRq0g *nmspTxServerTask: Feb 25 01:13:10.216: [CTX:1] Tx handles in use 0, free 32 *nmspTxServerTask: Feb 25 01:13:10.216: Http connection URL https://data.dnaspaces.eu/networkdata?jwttoken=eeyJ0eXAiOiJKV1Q[information-omitted]I8krcrpmRq0g *nmspTxServerTask: Feb 25 01:13:10.216: Sending Echo Req in start. Refresh Handle =No *nmspMxServerTask: Feb 25 01:13:10.217: Async Perform done on 1 messages *nmspMxServerTask: Feb 25 01:13:10.446: Received: 17 bytes header *nmspMxServerTask: Feb 25 01:13:10.446: Rx Header HTTP/1.1 200 OK *nmspMxServerTask: Feb 25 01:13:10.446: 00000000: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d HTTP/1.1.200.OK. *nmspMxServerTask: Feb 25 01:13:10.446: 00000010: 0a . *nmspMxServerTask: Feb 25 01:13:10.446: Received Heartbeat response on connection [0] *nmspMxServerTask: Feb 25 01:13:10.446: Stopping connection retry timer *nmspMxServerTask: Feb 25 01:13:10.446: connection succeeded. server IP 63.33.127.190
反馈