CISCO AIR WIRELESS LAN CONTROLLER CONFIGURATION LAB part 1

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hi everyone thank you very much for joining me I'm going to be going through how to configure a Cisco wireless LAN controller from scratch so the objective of this lab is to configure the Cisco WLC using the CLI and the setup wizard on the CLI then we're going to connect on to the controller using the web interface we're going to make some configuration changes on the WLC to allow telnet connections to the controller we'll also create a wireless LAN so we're going to create a couple of wireless LANs to begin with which is going to do open authentication I'm going to do other videos later on which going through other types of authentication but just keep it simple for now - straightforward basic setup on the wireless LAN controller will also create a DHCP scope on on the wireless LAN controller and supply IP addresses for local clients will connect an access point to the WLC make sure we verified the WLC and the AP are joined together and then we're going to create another new VLAN sort of wireless LAN sorry and make sure that works as well so go for that step-by-step so this is this is my lab setup at the moment so I've got a 4402 wireless LAN controller slightly old older model but still reasonably effective and you can you can come from an iOS perspective you can still go seven and above on that you can't go up to eight unless unfortunately but it's still a reasonably good controller to buy off the internet or on eBay a reasonable price I've got a twenty nine sixty POV switch which is going to power my 1130 access point so this basic layer to switch so for phonetic it would be ideal to have a layer 3 switch but I haven't so I've got a layer 2 switch there and then I've got an eight eight seven router which provides my layer 3 configurations so what we're going to do is then that eight eight seven connects to my broadband router and provide internet connection to the PC so there's my laptop over there all ready to go and it's going to be wirelessly connecting onto the access point and then get into the axis so a little bit about the the 4402 so this is a number of interfaces on here on the 4400 so the first most important one is the management interface so the management interface is used predominately used by the access point to create your cap web tunnel and so your access point discovers the controller and creates the cap back tunnel between the two devices once the cap web tunnels up and running the the access point and the controller can see each other and you can control what goes on the access point from the controller itself another interface on the 4402 is the ap manager interface now on the newer models the 5500 this is gone so the ap manager interface is now gone and it's no longer available the 5500 it's been replaced with the management interface so so even on the 2500 s there's no more manage ap manager interface it's all connected to the management interface so the management interface now becomes the single point for connecting your access points and then all the layer 3 coms between the wireless LAN controller and the rest of the network so in the 4402 the AP manager interface is used for the layer 3 communications for example if you've got tac-x server or a DHCP server or any kind of other servers you got the layer 3 communications is done via the ap manager interface but the cap web and between the access point and the 4400 is done by the management interface one additional interface you have on there is the call the service port interface so this is predominately used for out-of-band management so you can do in band management using the management interface so you don't really need the service port interface but this one does have a service port I think the 2500 doesn't have a service port 5500 do have a service port so it's quite useful in that you've got out of bounds so it's a separate network which is more secure so you can access your controllers via a completely separate Network that's not connected to your live wireless network so we're going to plow ahead with the configuration so I'm just going to show you what I've got on configuration wise on the switch and and the router and then we'll jump straight into the 4400 and I'll show you how to configure that so in terms of straightforward configuration so all my interfaces are labeled here and as you can see so the connection to the switch is always going to be a trunk port so so this this gig gig interface here connected to the switch is always a trunk the access point is always configured as a access port so it's going to go into VLAN 10 and then my link to the router is going to be a trunk port as well so all my layer 3 interfaces are going to be on this 8 8 7 router and the VLANs respectively are VLAN 10 and VLAN 20 so we're going to configure those on this router we're going to have all the VLANs configured on the switch and then we'll create the the wireless LANs on the 4400 so in terms of configurations the switch the route to configuration straightforward because it's an 8 8 7 I've got a 4 port switch on there but the the link to the switch is a trunk this is the link to the access point so it's it's my internet and that's using the default VLAN 1 so 192 168 0.1 and finally there's my sv is configured and I've got some netting going on to allow internet access as well in terms of switch configurations really straightforward I've created the two VLANs for the wireless LANs the fast ethernet one is connected to the Rooter so that's set up as a as a trunk port the fast ethernet 2 is connected to the access point and that's set up as an access oops sorry about that that's set up as an access port on VLAN 10 and finally my gigabit zero one interface which connects to my wireless LAN controller is set up as a switch port trunk and my on my switch I've got out of band management and then my management addresses were with a default gateway so in terms of prepared all my configuration so it's always best to prepare your configurations when you when you're doing some kind of when you're doing the wireless configurations or wireless setup so I've managed to state all my IP address is already here so the controller config and the AP manager config a be managing interface or all noted down here but the 8087 Reuters setup as well the out-of-band management IP addresses and then the the wireless LANs that I'm going to set up and the default gateway is all set up here the SSID names and so this is this is the whole process when you boot up the wireless LAN controller so let's list let's get cracking so I will boot up the wireless LAN controller right now okay so we just bring my so I've got a virtual box here and we're going to run everything off of that okay so just fired up the wireless LAN controller and that's booting up right now let's just make that little bit bigger so there we go so we let that we'll let that boot up and then just quickly show you what I've prepared already so this is exactly what's going to come up on the on the interface we you you have to make sure that you have all this information ready to plug in so it helps to plan a little bit ahead so here we go that's booting up and me there so I've already prepared my switching routed configs we're not going to go through that that's pretty straightforward but that's on my document already as well as I shown here before okay there we go so we've got the so the first question says do you want to terminate auto towing storm we say yes to that so when you tell me like that it does jump skip a little line here it's actually asking you for the system name so you know for my system name we're just going to call it WL c1 so wel c1 okay so administrative username we're just going to go with admin and the password is it's got to be a combination of eight characters one uppercase in numbers as well so I'm just going to go with capital C is Co one two three four five and then repeat that capital C is C 0 1 2 3 4 5 ok so this is service interface IP address now if we just look at that the service interface you have to specify whether you're going to go with static or DHCP I'd like to keep it static so I'm going to I'm going to go with static so tell it this is going to be a static so then you ask you to enter the IP address and my IP address is 192.168.0.0 the net mask is 255.255.255.0 link aggregation so what this is asking for is on the wireless LAN controller it's actually got two gigabit interfaces gig one and gig two and what you can do is you can either channel those together and create a bundle so I'm not going to do that this time just without beyond another lab so we're just going to go with the no but where it says whatever's in capitals in the in the brackets is the default so I'm just going to press ENTER for that and so that no is no is the default so now he's asking for the management IP address so if we go back to what we set up already the management IP address is 10 1 1 100 so so it's all set up already so we're ready to go so it's 10.1.1.1 hundred and the management mass which 255.255.255.0 the default route is 10.1.1.1 which is on my eight eight seven now this is the V is really important here if you're using native VLANs then and your VLAN so I'm using VLAN 10 as as my VLAN identifier that's a that's a Cisco recommendation that you should always use some kind of tagging because if you leave it zero then it's not really safe anybody can just plug in devices and get access to it but if you were using native VLANs let's say your native VLAN was 10 then you would put zero but I'm not using native VLAN I'm using the proper VLAN so on my 10 is the real an identifier and then some management interface port so I'm going to use port 1 press ENTER and then so this is now asking for the DHCP server address now if you look at what I've set up here right you can use an external DHCP server or you can use the internal DHCP server 4400 now please be careful because some of the newer models of 5500 does not have a DHCP server option so I found that out the hard way but you have to be careful but this one does have a DHCP server availability on the unless on the controller so I'm just going to go with 10.1.1.1 hundred which is itself now it's going for the AP manager so this is my layer 3 comms for tech acts and stuff so 10.1.1.1 o1 and so what is realized is that we're using the same as the management interface this is I'm going to use the same values if you use the different value than it would it would obviously starting you the same different questions so the API manager interface DAV said we're going to keep the same so it's 10 100 and then that's it so the virtual gateway IP so this is used for roaming so if you had more than one controller you'd want to configure an IP address on here now what normally people do is this virtual gateway IP address has to be the same on different different controllers so if you had redundancy in your network and you got multiple controllers and you want roaming from one access point to another which is going from one controller to another and this this virtual gateway IP should be the same on all controllers so I'm just going to go with one dot one dot one dot one and so if you were having roaming and multiple controllers then you would have to have a mobility group as well so I'm just going to call it RF group that's it so now he's asking you to set up the first SSID so we're just going to go with W land ten bridging mode I'm going to say no to that so you just press ENTER because that's the the Capitals is a default oh so no to that allow static addresses yeah that's not a problem can leave that yes radius server I'm going to say no to that because I haven't got a radius server at the moment so and it gives you a little warning right now the next one is really important you must get your country code correct whichever country you you're working from because because the wireless rules are different and the you know the it varies from country to country so I'm in Great Britain so if we do help it tells you the all the codes for the different countries but I'm just going to do GB which is my country code now so next stage is to start enabling all your radios so you've got a toe to toe 11 B and the default is yes I'm just going to press ENTER a toe to live and a I'm going to press yes and enter and G as well so I'm enabled all of them you don't have to enable all of them you cannot allow maybe turn off a if you wanted to Auto RF is the feature so we just say yes to that I want to keep them is do you want to configure NTP I'm going to take fault yes and my NTP server is my 887 router which is 10.1.1.1 and the polling I'm going to keep that as 3,600 and to that and that's it so this is you configurations finish you want to save this and I'm going to say yes to that and so it's going to save the config and and reload the whole device that's basically it so that's that's the setup configuration done I'm gonna just pause the video there well let reboot but that's basically it so I think actually that's pretty quick so we're nearly there so let's let's just step let that come up and so we're now pretty much ready to get on to the controller just bring up a command prompt and ping 192.168.0 for their well while that comes up okay so that's come up some I'm still connected to the console port and it's ready to login so just check this the admins passwords working so go admin the password is capital c i SC o 1 2 3 4 5 there we go so we're in business that's working so if we just do a quick ping test again yep so I can ping that as well so we should now be able to get onto the the WLC using the web browser now let's just bring that down so you have to do HTTP let's just make that slightly bigger so you can see it ok so giving you a little warning and you just click on advanced and say proceed to that we know it's unsafe yet that's fine do a quick login and the login is admin CIS Co one two three four five Hey so we're in business so let's just make that slightly I can make that bigger for you ok so here we go so this is this is the front monitor section of the controller and if I just bring up my if I bring up my putty if we try and tell that to that to the device it's not going to let you do it so 192.168.0 200 open and you got nothing so you closes the connection that's because telnet has me enabled so so our first task in the lab is to allow tonette connections to the tralala okay so let's go ahead and do that right so if we go to management and telnet and ssh so at the moment it's got ssh is allowed by default so we could that we could ssh on to the box so if i try that let's do an ssh 192.168.0.0 and open that yeah actually you just have to wait for that to come back there we go so we'll get the access and now we can log in so it's admin I'm sorry admin and you're in so ssh works fine by default I'm just going to close that up again but the telnet doesn't so we're going to allow telnet and we click on apply and we should be able to now turn it on to the controller I know SSH is more secure but this is just a training exercise so that's all it is there we go said admin and there we go so the telnet is now working and we've got that fixed so let's move on to our next stage of the the lab so we've we've done the telnet connections we're going to create the wireless LAN with open authentication so when we did the initial setup if we go through wireless LANs we created the wireless LAN 10 so at this present moment that wireless 10 should work shouldn't be a problem because we've set up everything but we haven't got a DHCP working yet so we just need to do that but if we just follow what we've got to do on the lab so we've created the week the wireless LAN and which is going to create make it open authentication and then we'll move on to the DHCP ok so if you click on the wireless LAN this this number 1 here button just click on that and then so this is tells you it's already enabled the status is enabled it's name is W LAN 10 it's all ready to go radio policies are all enabled right and the current management the interface is the management interface because this this VLAN is VLAN 10 and it's also my in band management so it's already set up to go to security click on there and say none and apply so now I've got no security on there I know it's not safe but we're just trying to do an exercise on making sure it all works so next stage we want to do is set up our DHCP okay so if we if we click on controller and then set the internal DHCP server and then the DHCP scope so at the moment there's no scopes that up at all so all we do is click on you and create a new scope so we're going to call it W land 10 scope click on apply and and it creates one for you so at the moment it's disabled and not none of the addresses is set up so what you need to do is click on that and that gives you the starting so we need to put the pull start which is 10.1.1.10 pool end we'll call it 10.1 or 1.20 the network is too far sorry-sorry 10.1.1.10 net mask is 255.255.255.0 we'll keep the least time the same the default route is 10.1.1.1 there's no additional Reuters in there and the DNS what we'll do is we'll go for the Google one 8.8.8.8 I've also got an internal one which is 192.168.0.1 and at the moment the status is disabled so we create make that enabled click on apply and we're done so that says the DHCP scope for WLAN 10 is now working and up and running so what all it is we'll just test that and then once we've done that I'll move on to the last one we will create another wireless LAN so we'll show you how to do that as well so let's just subset so the DHCP is being set up we just need to make sure our access point works now ok so let's plug in the access point so I'm just going to bring up my console connection and I'm going to plug in my access point and you can we can watch the access point connecting ok so that's just applied the power on my POS which I can just see yep as green it's about to boot up so we should see some output in a minute where the e the access point will start booting up and loading the iOS image on there I'm just going to pause the video there for a second while that boots up so there we go that's booting up so I'm just going to pause it there for a second while that boots up okay so there we go so it's booting up nicely I'm just going to bring up a new interface so if you go to the monitor section you see there's no there's no access points at the moment and we'll watch the access point boot up and it will join so there we go look it's trying to join the wireless access point and it already has looks like this is there we go if you look at the output on here and we should be able to see the access point come up on here as well so here we go looks like it's let's see if it's got an IP address say so it's managed to pick up IP addresses so if we just the default username is capital C is C oh and the password is capital C is C oh and if you do show IP in brief it's picked up an IP address from the DHCP server already and it's starting to build its cap web panel and there we go see there you just see the the access point has now joined the WLC and it's now pulling configurations off of the WLC so so we just quickly look at them the wireless LAN so we've got the wireless LAN 10 set up if I look at my wireless configurations I can see there is this wireless LAN if I do that and then connect hopefully we should all connect and as connected already so if I just do a have a look at the properties on that come online if we do an IP confit so there's my wireless LAN adapter and it's picked up an IP address 10 1 111 okay this is do a quick ping test here we go pinging nicely so we're looking good so we've got our first wireless LAN setup and we've got it all connected onto the network now it's fantastic so all working so next stage is the final part of this lab is to create a completely new VLAN so we've done the access point we verified it so there's our access point or connected so we can actually look at the details on there you can go into that and rename the access point let's just call that a p1 click on apply and say ok to that and we just renamed it so there's our access point all enabled ready to go and we've got our connectivity all sorted on there as well so we're now going to the last stage of the lab is to create a new wireless LAN from scratch ok so if we get go on to the wireless LANs and then where it says here create new just click on go so this is the type of wireless LAN you want to configure is a wireless LAN so we're going to go profile name is W LAN xx the SSID we'll call it W land xx click on apply so I forgot to mention one thing there I need to create a dynamic interface I forgot to do that so let's just go ahead and do that so if you go to controller interfaces so this is where all our our interfaces when we when we boot when we fired up the controller and it's got the current VLAN which is 10 already now when you when you create a new wireless LAN you need to create a new dynamic interface this is called a dynamic interface so we're going to call this one and we're going to name this one W LAN 20 and VLAN it's going to be 20 click on apply' so you can you can make this for a specific part of the network like a guest VLAN or whatever but you need to specify which port so we're going to go with port 1 on this the VLAN is 20 and the IP address we're going to give this one is 20 dot one dot one dot 100 the net mask is 255.255.255.0 and the Gateway is $20 1.1 got one now primary DHCP server so we're going to we're going to create a DHCP scope on this so what I will do is I'll put on here 10.1.1.1 hundred this is the AP manager interface that we've got ok I've got no access list so we'll pretty much done that you click on apply and say ok to that so these are our our WLAN dynamic interface created if we now go back to our wireless LANs go to the w2 here you need to specify that is part of WLAN 20 once you've done that we do this go into the security we're just going to make that numb so there's no security at the moment in terms of layer 3 and a a triple a service we don't need to do anything if we look on advanced we do need to something here we need to click on DHCP override and then tell it that the DHCP address is 10.1.1.1 hundred click on apply and we're done so that's that's pretty much it I'm going to sketch it's going to save the configuration to go back to the wireless LANs so configuration to be same so these are two wireless LAN set up at the moment still disabled so we need to click on enable bang and apply as soon as I seen a label we should start seeing that being broadcast there we go it's just coming straight away live on the network here ok so if we click on that we can say connect to that and we should hopefully connect there we go it's all connected and we just have a look at the IP address IP config there we go there's our wireless LAN connection now I've got a twenty dot one dot one dot one address if we just do a quick ping and we're pinging in the default gateway just quickly ping 192.168.0.1 yep so I can pick my default gateway so that's basically it so we've got two wireless connections now working albeit no security but I'll do some other other labs further on which will explain how to do security as well so I hope you found that useful it's got any questions please let me know and I look forward to in the next video thank you very much for listening

Info

Channel: Raj radia

Views: 230,516

Rating: undefined out of 5

Keywords: cisco, CCNA, CCNA WIRELESS, Wireless Lan Controller, WLC, Access point, 640-722, 200-355, WLC dhcp, WLAN, Wireless LAN (Industry)

Id: KmQioC4xTew

Channel Id: undefined

Length: 29min 0sec (1740 seconds)

Published: Mon Oct 26 2015