Today we're going to take a look at the new
9120 access points that have come out recently. I got my hands on a couple of
them not too too long ago and wanted to run them in a little bit of a lab
environment. And what I didn't realize picking up two of them, was that you can get them in
two different modes - one is going to be the lightweight mode that you'd use if you had an
existing controller and the other would be the embedded wireless controller where it actually
runs the 9800 controller software on the access point itself as a container. You know and for
my lab environment I looked at doing the virtual version of the 9800 controller but I wanted to
save a little bit of VM space, so I decided to look at trying to stand up the 9800 controller
embedded on the access point itself. And it turns out that the conversion process is actually
pretty quick and straightforward. So the first thing that we're going to do is go to cisco.com
- we're going to go over to software downloads then we'll type in the access point, in my
case it's the 9120 the AXI. Look under the IOS-XE software and grab the bundle for the 9120
embedded wireless controller AP bundle image. All right in my case, I've already gone ahead
and downloaded this ahead of the video so I have an access point, one of the 9120s, sitting
next to me right now and what we're going to go ahead and do is plug this in, plug in a console
cable, and get this thing booting up. The boot up process is going to take a couple of minutes so
we'll go ahead and skip ahead and come back later. All right now the device is booted up and
we're at the username and password prompt we will go ahead and log in with Cisco
and Cisco as the username and password, both with a capital C. We'll go ahead and
enter enable mode also with password Cisco. First thing we're going to do is set the
hostname using the command capwap ap hostname and the name of the access point
that you choose in my case 0xAP1 here are the software images I already have
loaded on the server. In this case I've unzipped the file that we got from cisco.com and I have
a TFTP server running in the background. Now in this folder we see a bunch of different images
but we're going to need only a couple of them. We can open up the readme file which will show us
the mapping of the AP images to the file name in the directory. In our case since we have the 9120
access point we need the ap1g7 file we will also need the C9800-AP-iosxe-wlc.bin file which loads
the controller software onto the access point. Let's check our software version first... In this case our AP is running version 8.9 code
today. There's a little bit of a difference depending on which version will be running, we
will use a different command to load the image. So if we're on 8.9 or below we'll run ap-type
mobility express followed by the AP image and the WLC image. If we're running anything higher
than 8.9 we would use the command ap-type ewc-ap and then the AP image followed by the WLC image.
In our case we are running 8.9, so we'll go ahead and copy the string from the top of here which I
have already pre-filled with the TFTP information. One thing I'd like to note, is that after
the access point has rebooted we will no longer see the command prompt for the access
point itself. Instead we will see the command line for the embedded wireless controller.
One of the cool things about the Catalyst 9100 access points is the ability to do
something that we call application hosting. What that means is that we can essentially
run a Linux container or docker container on top of the access point. There's dedicated
processing power and storage to allow you to run some small containers and services on top of
the access point itself. This could be great for, one, in this case using the embedded controller
on the access point and not having to run it on a separate appliance or two you might be able to
find another application or use case where you could deploy a small software application to the
access point to run something closer to the user. One instance of that might be running network
monitoring - like let's say a monitoring agent or like smokeping or something like that to
gather real time latency and ping statistics. All right, now that the access point has
completely booted up with the new image the first thing we're going to see is the
same old always "would you like to enter the initial configuration dialog". In this case
we will go ahead and say no, we'll manually configure the settings that we need to. As I had
mentioned earlier the access point booted into the new image but our command prompt that we see
now is not the direct access point CLI. Instead it is the CLI for the WLC. And we'll get a nice
friendly warning up front that asks us to do the basic day zero provisioning prior to deploying
the access point. So that's just gonna be a couple of commands that we'll walk through quickly
here. First we will set the hostname of the WLC, in my case I'm setting that to 0xC9800.
Next we'll configure an admin user and provide it the privilege level as well
as a password to log into the web interface next we'll set an AP profile. So
we'll say ap profile ap-default and we will configure a management
user for the access points Next we will configure the management IP
address for the 9800 series wireless controller. This is going to be the IP address that you use to
manage the device via SSH or the web UI. So we'll go into interface gigabit ethernet 0 and add our
IP address configuration. Now we can exit out of that, and set a default gateway for the management
interface of our embedded wireless controller. We want to enable the web server software on it
by doing the 'ip http secure-server' command. Once we're done with all of that we can go ahead
and save the configuration. And we'll see pretty quickly that we'll get the message
stating that the day zero provisioning is done and there's a little bit of cleanup. And we'll
be able to log into our web interface shortly. Let's go ahead and launch chrome and go to the IP address of the WLC management IP that we just
configured. Bypass our certificate warning... and now we have a login page. We'll log in using
the credentials that we had already configured. And now we'll be dropped into the 9800
wireless controller dashboard, which will give us a quick overview of how many WLANs we
have configured, how many access points are up, if we have any clients... funny enough we're
already seeing that there are 25 rogue APs detected in my area. So let's go ahead and
click on the access point and take a quick look. So we'll see that we have the AP that we
configured.. So this is the underlying AP and hostname and stuff that we configured prior
to uploading the WLC software. And it's got an IP via DHCP. We can click on the AP and get
some base statistics on whether the AP is up, if it's got enough PoE, what kind
of PoE, and some radio statistics. In addition we also see a setting here that says
what the current primary wireless controller is. In this case it's the access point that
we've configured already and that we are running the controller on today. If we
were to stand up a second access point, which I'll be doing shortly here in my lab, the
two devices would automatically communicate with each other and pick what the active and
standby controller is. We're also able to manually configure one of the access points
as a preferred primary should we choose. In the event of any failure of the primary embedded
controller, the secondary controller will come up immediately using the same IP address and
configuration as the primary controller. All right one additional thing that I wanted to
comment on before we finish this up... As you can see I've switched to the software management page
that we can get to by going over to administration and then software management. And you'll
see a couple of interesting things here. So one thing to note about the embedded wireless
controller, is that with a normal controller we would expect that the controller is going to
keep all of the software images loaded and handy for when a new access point comes online and
joins. The controller is then going to send that software image to the new access point as
it joins the controller to upgrade it and get it to the software version that we wanted on. In the
case of the embedded wireless controller, since we don't have a lot of space on the AP itself, we're
going to need to configure an external data source to keep those software images. So on this
page we're going to have a couple of options.. and as you can see under mode we're going
to see TFTP, SFTP, CCO, and desktop. So TFTP and SFTP are going to be pretty much
what you might expect. We're going to define an external image server with an IP address, as
well as a path on the server if that's needed. For desktop we're going to load the images
directly from the pc that we're connected to. So if I went and just downloaded the images
straight from cisco.com onto my laptop, I could directly upload from there. Lastly we
have the option for CCO, in which case you're going to specify your cisco.com username and
password. And you can automatically download the images straight from Cisco's website itself. You
even have the option to allow the controller to automatically check for software updates regularly
and you can define whether or not you want it to download the latest software version or
the latest recommended software version. Alright well that's all I had
for today. Thanks for watching!!!
