Using the GUI Configuration Wizard
Follow these steps to configure the controller using the GUI configuration wizard.
Step 1 Connect your PC to the service port and configure it to use the same subnet as the controller (for example, 192.168.10.1).
Step 2 Start Internet Explorer 6.0 SP1 (or later) or Firefox 2.0.0.11 (or later) on your PC and browse to http://192.168.1.1. The configuration wizard appears (see Figure 1).
Figure 1 Configuration Wizard — System Information Page
Step 3 In the System Name field, enter the name that you want to assign to this controller. You can enter up to 31 ASCII characters.
Step 4 In the User Name field, enter the administrative username to be assigned to this controller. You can enter up to 24 ASCII characters. The default username is
admin
.
Step 5 In the Password and Confirm Password fields, enter the administrative password to be assigned to this controller. You can enter up to 24 ASCII characters. The default password is
admin
.
Step 6 Click
Next
. The SNMP Summary page appears (see Figure 2).
Figure 2 Configuration Wizard — SNMP Summary Page
Step 7 If you want to enable Simple Network Management Protocol (SNMP) v1 mode for this controller, choose
Enable
from the SNMP v1 Mode drop-down box. Otherwise, leave this parameter set to
Disable
.
Note SNMP is a protocol that manages nodes (servers, workstations, routers, switches, and so on) on an IP network. Currently, there are three versions of SNMP: SNMPv1, SNMPv2c, and SNMPv3.
Step 8 If you want to enable SNMPv2c mode for this controller, leave this parameter set to
Enable
. Otherwise, choose
Disable
from the SNVP v2c Mode drop-down box.
Step 9 If you want to enable SNMPv3 mode for this controller, leave this parameter set to
Enable
. Otherwise, choose
Disable
from the SNVP v3 Mode drop-down box.
Step 10 Click
Next
.
Step 11 When the following message appears, click
OK
:
Default values are present for v1/v2c community strings. Please make sure to create new v1/v2c community strings once the system comes up. Please make sure to create new v3 users once the system comes up.
Note Refer to the “Changing the Default Values of SNMP Community Strings” section and the “Changing the Default Values for SNMP v3 Users” section for instructions.
The Service Interface Configuration page appears (see Figure 3).
Figure 3 Configuration Wizard — Service Interface Configuration Page
Step 12 If you want the controller’s service-port interface to obtain an IP address from a DHCP server, check the
DHCP Protocol Enabled
check box. If you do not want to use the service port or if you want to assign a static IP address to the service port, leave the check box unchecked.
Note The service-port interface controls communications through the service port. Its IP address must be on a different subnet from the management interface. This configuration enables you to manage the controller directly or through a dedicated management network to ensure service access during network downtime.
Step 13 Perform one of the following:
Step 14 Click
Next
. The LAG Configuration page appears (see Figure 4).
Figure 4 Configuration Wizard — LAG Configuration Page
Step 15 To enable link aggregation (LAG), choose
Enabled
from the Link Aggregation (LAG) Mode drop-down box. To disable LAG, leave this field set to
Disabled
.
Step 16 Click
Next
. The Management Interface Configuration page appears (see Figure 5).
Figure 5 Configuration Wizard — Management Interface Configuration Page
Note The management interface is the default interface for in-band management of the controller and connectivity to enterprise services such as AAA servers.
Step 17 In the VLAN Identifier field, enter VLAN identifier of the management interface (either a valid VLAN identifier or
0
for an untagged VLAN). The VLAN identifier should be set to match the switch interface configuration.
Step 18 In the IP Address field, enter the IP address of the management interface.
Step 19 In the Netmask field, enter the IP address of the management interface netmask.
Step 20 In the Gateway field, enter the IP address of the default gateway.
Step 21 In the Port Number field, enter the number of the port assigned to the management interface. Each interface is mapped to at least one primary port.
Step 22 In the Backup Port field, enter the number of the backup port assigned to the management interface. If the primary port for the management interface fails, the interface automatically moves to the backup port.
Step 23 In the Primary DHCP Server field, enter the IP address of the default DHCP server that will supply IP addresses to clients, the controller’s management interface, and optionally the service port interface.
Step 24 In the Secondary DHCP Server field, enter the IP address of an optional secondary DHCP server that will supply IP addresses to clients, the controller’s management interface, and optionally the service port interface.
Step 25 Click
Next
. The AP-Manager Interface Configuration page appears.
Note This page does not appear for 5500 series controllers because you are not required to configure an AP-manager interface. The management interface acts like an AP-manager interface by default.
Step 26 In the IP Address field, enter the IP address of the AP-manager interface.
Step 27 Click
Next
. The Miscellaneous Configuration page appears (see Figure 6).
Figure 6 Configuration Wizard — Miscellaneous Configuration Page
Step 28 In the RF Mobility Domain Name field, enter the name of the mobility group/RF group to which you want the controller to belong.
Note Although the name that you enter here is assigned to both the mobility group and the RF group, these groups are not identical. Both groups define clusters of controllers, but they have different purposes. All of the controllers in an RF group are usually also in the same mobility group and vice versa. However, a mobility group facilitates scalable, system-wide mobility and controller redundancy while an RF group facilitates scalable, system-wide dynamic RF management. See the Configuring Radio Resource Management and Configuring Mobility Groups chapters for more information.
Step 29 The Configured Country Code(s) field shows the code for the country in which the controller will be used. If you want to change the country of operation, check the check box for the desired country.
Note You can choose more than one country code if you want to manage access points in multiple countries from a single controller. After the configuration wizard runs, you need to assign each access point joined to the controller to a specific country. See the “Configuring Country Codes” section for instructions.
Step 30 Click
Next
.
Step 31 When the following message appears, click
OK
:
Warning! To maintain regulatory compliance functionality, the country code setting may only be modified by a network administrator or qualified IT professional. Ensure that proper country codes are selected before proceeding.
The Virtual Interface Configuration page appears (see Figure 7).
Figure 7 Configuration Wizard — Virtual Interface Configuration Page
Step 32 In the IP Address field, enter the IP address of the controller’s virtual interface. You should enter a fictitious, unassigned IP address.
Note The virtual interface is used to support mobility management, DHCP relay, and embedded Layer 3 security such as guest web authentication and VPN termination. All controllers within a mobility group must be configured with the same virtual interface IP address.
Step 33 In the DNS Host Name field, enter the name of the Domain Name System (DNS) gateway used to verify the source of certificates when Layer 3 web authorization is enabled.
Note To ensure connectivity and web authentication, the DNS server should always point to the virtual interface. If a DNS host name is configured for the virtual interface, then the same DNS host name must be configured on the DNS servers used by the client.
Step 34 Click
Next
. The WLAN Configuration page appears (see Figure 8).
Figure 8 Configuration Wizard — WLAN Configuration Page
Step 35 In the Profile Name field, enter up to 32 alphanumeric characters for the profile name to be assigned to this WLAN.
Step 36 In the WLAN SSID field, enter up to 32 alphanumeric characters for the network name, or service set identifier (SSID). The SSID enables basic functionality of the controller and allows access points that have joined the controller to enable their radios.
Step 37 Click
Next
.
Step 38 When the following message appears, click
OK
:
Default Security applied to WLAN is: [WPA2(AES)][Auth(802.1x)]. You can change this after the wizard is complete and the system is rebooted.
The RADIUS Server Configuration page appears (see Figure 9).
Figure 9 Configuration Wizard — RADIUS Server Configuration Page
Step 39 In the Server IP Address field, enter the IP address of the RADIUS server.
Step 40 From the Shared Secret Format drop-down box, choose ASCII or Hex to specify the format of the shared secret.
Note Due to security reasons, the RADIUS shared secret key reverts to ASCII mode even if you have selected HEX as the shared secret format from the Shared Secret Format drop-down list.
Step 41 In the Shared Secret and Confirm Shared Secret fields, enter the secret key used by the RADIUS server.
Step 42 In the Port Number field, enter the communication port of the RADIUS server. The default value is 1812.
Step 43 To enable the RADIUS server, choose
Enabled
from the Server Status drop-down box. To disable the RADIUS server, leave this field set to
Disabled
.
Step 44 Click
Apply
. The 802.11 Configuration page appears (see Figure 10).
Figure 10 Configuration Wizard — 802.11 Configuration Page
Step 45 To enable the 802.11a, 802.11b, and 802.11g lightweight access point networks, leave the
802.11a Network Status
,
802.11b Network Status
, and
802.11g Network Status
check boxes checked. To disable support for any of these networks, uncheck the check boxes.
Step 46 To enable the controller’s radio resource management (RRM) auto-RF feature, leave the
Auto RF
check box checked. To disable support for the auto-RF feature, uncheck this check box. Refer to the
Configuring Radio Resource Management
chapter for more information on RRM.
Note The auto-RF feature enables the controller to automatically form an RF group with other controllers. The group dynamically elects a leader to optimize RRM parameter settings, such as channel and transmit power assignment, for the group.
Step 47 Click
Next
. The Set Time page appears (see Figure 11).
Figure 11 Configuration Wizard — Set Time Page
Step 48 To manually configure the system time on your controller, enter the current date in Month/DD/YYYY format and the current time in HH:MM:SS format.
Step 49 To manually set the time zone so that Daylight Saving Time (DST) is not set automatically, enter the local hour difference from Greenwich Mean Time (GMT) in the Delta Hours field and the local minute difference from GMT in the Delta Mins field.
Note When manually setting the time zone, enter the time difference of the local current time zone with respect to GMT (+/–). For example, Pacific time in the United States is 8 hours behind GMT. Therefore, it is entered as –8.
Step 50 Click
Next
. The Configuration Wizard Completed page appears (see Figure 12).
Figure 12 Configuration Wizard — Configuration Wizard Completed Page
Step 51 Click
Save and Reboot
to save your configuration and reboot the controller.
Step 52 When the following message appears, click
OK
:
Configuration will be saved and the controller will be rebooted. Click ok to confirm.
Step 53 The controller saves your configuration, reboots, and prompts you to log in. Follow the instructions in the “Using the GUI” section to log into the controller.
Using the CLI Configuration Wizard
Note The available options appear in brackets after each configuration parameter. The default value appears in all uppercase letters.
Note If you enter an incorrect response, the controller provides you with an appropriate error message, such as “Invalid Response,” and returns you to the wizard prompt.
Note Press the hyphen key if you ever need to return to the previous command line.
Follow these steps to configure the controller using the CLI configuration wizard.
Step 1 When prompted to terminate the AutoInstall process, enter
yes
. If you do not enter
yes
, the AutoInstall process begins after 30 seconds.
Note The AutoInstall feature downloads a configuration file from a TFTP server and then loads the configuration onto the controller automatically. Refer to the “Using the AutoInstall Feature for Controllers Without a Configuration” section for more information.
Note The Cisco WiSM controllers do not support the AutoInstall feature.
Step 2 Enter the system name, which is the name you want to assign to the controller. You can enter up to 31 ASCII characters.
Step 3 Enter the administrative username and password to be assigned to this controller. You can enter up to 24 ASCII characters for each. The default administrative username and password are admin and admin, respectively.
Step 4 If you want the controller’s service-port interface to obtain an IP address from a DHCP server, enter
DHCP
. If you do not want to use the service port or if you want to assign a static IP address to the service port, enter none.
Note The service-port interface controls communications through the service port. Its IP address must be on a different subnet from the management interface. This configuration enables you to manage the controller directly or through a dedicated management network to ensure service access during network downtime.
Step 5 If you entered none in If you want the controller’s service-port interface to obtain an IP address from a DHCP server, enter DHCP. If you do not want to use the service port or if you want to assign a static IP address to the service port, enter none., enter the IP address and netmask for the service-port interface on the next two lines.
Step 6 Enable or disable link aggregation (LAG) by choosing yes or NO. Refer to the
Configuring Ports and Interfaces
chapter for more information on LAG.
Step 7 Enter the IP address of the management interface.
Note The management interface is the default interface for in-band management of the controller and connectivity to enterprise services such as AAA servers.
Step 8 Enter the IP address of the management interface netmask.
Step 9 Enter the IP address of the default router.
Step 10 Enter the VLAN identifier of the management interface (either a valid VLAN identifier or 0 for an untagged VLAN). The VLAN identifier should be set to match the switch interface configuration.
Step 11 Enter the IP address of the default DHCP server that will supply IP addresses to clients, the controller’s management interface, and optionally the service port interface.
Step 12 Enter the IP address of the AP-manager interface.
Note This prompt does not appear for 5500 series controllers because you are not required to configure an AP-manager interface. The management interface acts like an AP-manager interface by default.
Step 13 Enter the IP address of the controller’s virtual interface. You should enter a fictitious, unassigned IP address.
Note The virtual interface is used to support mobility management, DHCP relay, and embedded Layer 3 security such as guest web authentication and VPN termination. All controllers within a mobility group must be configured with the same virtual interface IP address.
Step 14 If desired, enter the name of the mobility group/RF group to which you want the controller to belong.
Note Although the name that you enter here is assigned to both the mobility group and the RF group, these groups are not identical. Both groups define clusters of controllers, but they have different purposes. All of the controllers in an RF group are usually also in the same mobility group and vice versa. However, a mobility group facilitates scalable, system-wide mobility and controller redundancy while an RF group facilitates scalable, system-wide dynamic RF management. See the Configuring Radio Resource Management and Configuring Mobility Groups chapters for more information.
Step 15 Enter the network name, or service set identifier (SSID). The SSID enables basic functionality of the controller and allows access points that have joined the controller to enable their radios.
Step 16 Enter YES to allow clients to assign their own IP address or no to require clients to request an IP address from a DHCP server.
Step 17 To configure a RADIUS server now, enter YES and then enter the IP address, communication port, and secret key of the RADIUS server. Otherwise, enter no. If you enter no, the following message appears: “Warning! The default WLAN security policy requires a RADIUS server. Please see documentation for more details.”
Step 18 Enter the code for the country in which the controller will be used.
Note Enter help to view the list of available country codes.
Note You can enter more than one country code if you want to manage access points in multiple countries from a single controller. To do so, separate the country codes with a comma (for example, US,CA,MX). After the configuration wizard runs, you need to assign each access point joined to the controller to a specific country. See the “Configuring Country Codes” section for instructions.
Step 19 Enable or disable the 802.11b, 802.11a, and 802.11g lightweight access point networks by entering YES or no.
Step 20 Enable or disable the controller’s radio resource management (RRM) auto-RF feature by entering YES or no. Refer to the
Configuring Radio Resource Management
chapter for more information on RRM.
Note The auto-RF feature enables the controller to automatically form an RF group with other controllers. The group dynamically elects a leader to optimize RRM parameter settings, such as channel and transmit power assignment, for the group.
Step 21 If you want the controller to receive its time setting from an external Network Time Protocol (NTP) server when it powers up, enter
YES
to configure an NTP server. Otherwise, enter
no
.
Note The controller network module installed in a Cisco Integrated Services Router does not have a battery and cannot save a time setting. Therefore, it must receive a time setting from an external NTP server when it powers up.
Step 22 If you entered
no
in If you want the controller to receive its time setting from an external Network Time Protocol (NTP) server when it powers up, enter YES to configure an NTP server. Otherwise, enter no. and want to manually configure the system time on your controller now, enter
YES
. If you do not want to configure the system time now, enter
no
.
Step 23 If you entered
YES
in If you entered no in Step 21 and want to manually configure the system time on your controller now, enter YES. If you do not want to configure the system time now, enter no., enter the current date in MM/DD/YY format and the current time in HH:MM:SS format.
Step 24 When prompted to verify that the configuration is correct, enter
yes
or
NO
.
The controller saves your configuration, reboots, and prompts you to log in. Follow the instructions in the “Using the CLI” section to log into the controller.