232 CCNA Wireless Official Exam Certification Guide Step 3. Manually update images. Step 4. Change the active boot image. Step 5. Clear the configuration. The correct choice at this point is to run the primary image. When the HTML interface is accessible, you can upgrade the code on the controller. Because this is covered in Chapter 19, “Maintaining Wireless Networks,” it will not be covered now. Of course, you can also manually update the image, as seen in Step 3. Alternatively, you can change the active boot image or clear the configuration file. Performing Initial CLI Configurations Initially, the controller looks for a configuration file. If the controller finds such a file, it loads it and then prompts you for a username and password. If no configuration exists, you see a prompt to run through a dialog and a message stating that the certificate was not found, as in Example 13-2. Example 13-2 Certificate Not Found Message Starting LOCP: ok Starting CIDS Services: ok Starting Ethernet-over-IP: ok Starting Management Services: Web Server: ok CLI: ok Secure Web: Web Authentication Certificate not found (error). (Cisco Controller) Welcome to the Cisco Wizard Configuration Tool Use the ‘-’ character to backup System Name [Cisco_32:af:43]: For the CCNA Wireless exam, you should be familiar with the CLI Wizard Configuration tool. This tool is designed for quick setup of the controller. Example 13-3 shows a CLI Wizard configuration. Note During the startup script, any time that you make a mistake after pressing the Enter key, you can move back a step to fix the error by pressing the ( - ) key. Example 13-3 CLI Wizard Configuration Welcome to the Cisco Wizard Configuration Tool Use the ‘-’ character to backup System Name [Cisco_32:af:43]: WLC_1 Enter Administrative User Name (24 characters max): admin Key Topi c 15_1587202115_ch13.qxp 9/29/08 2:41 PM Page 232 Chapter 13: Simple Network Configuration and Monitoring with the Cisco Controller 233 Enter Administrative Password (24 characters max): ***** Re-enter Administrative Password : ***** Service Interface IP Address Configuration [none][DHCP]: 10.1.1.1 Invalid response Service Interface IP Address Configuration [none][DHCP]: none Service Interface IP Address: 10.1.1.1 Service Interface Netmask: 255.255.255.0 Enable Link Aggregation (LAG) [yes][NO]: Management Interface IP Address: 192.168.1.75 Management Interface Netmask: 255.255.255.0 Management Interface Default Router: 192.168.1.1 Management Interface VLAN Identifier (0 = untagged): Management Interface Port Num [1 to 2]: 1 Management Interface DHCP Server IP Address: 192.168.1.1 AP Transport Mode [layer2][LAYER3]: AP Manager Interface IP Address: 192.168.1.80 AP-Manager is on Management subnet, using same values AP Manager Interface DHCP Server (192.168.1.1): Virtual Gateway IP Address: 1.1.1.1 Mobility/RF Group Name: CP_Mobile1 Enable Symmetric Mobility Tunneling [yes][NO]: no Network Name (SSID): OpenAccess Allow Static IP Addresses [YES][no]: Configure a RADIUS Server now? [YES][no]: Enter the RADIUS Server’s Address: - Configure a RADIUS Server now? [YES][no]: no Warning! The default WLAN security policy requires a RADIUS server. Please see documentation for more details. Enter Country Code list (enter ‘help’ for a list of countries) [US]: Enable 802.11b Network [YES][no]: Enable 802.11a Network [YES][no]: Enable 802.11g Network [YES][no]: Enable Auto-RF [YES][no]: Configuration saved! Resetting system with new configuration Configuration saved! Resetting system with new configuration Bootloader 4.1.171.0 (Apr 27 2007 - 05:19:36) Motorola PowerPC ProcessorID=00000000 Rev. PVR=80200020 CPU: 833 MHz CCB: 333 MHz DDR: 166 MHz LBC: 41 MHz continues 15_1587202115_ch13.qxp 9/29/08 2:41 PM Page 233 234 CCNA Wireless Official Exam Certification Guide L1 D-cache 32KB, L1 I-cache 32KB enabled. I2C: ready` DTT: 1 is 31 C DRAM: DDR module detected, total size:512MB. 512 MB 8540 in PCI Host Mode. 8540 is the PCI Arbiter. Memory Test PASS After the controller reboots, you are prompted for a username. This, of course, is the user- name that you created in the CLI Wizard: Enter User Name (or ‘Recover-Config’ this one-time only to reset configura- tion to factory defaults) User: admin Password:***** (Cisco Controller) > After you are authenticated, you can become familiar with some of the commands avail- able to you in the CLI. Press the question mark key (?) to get a list of commands. Similar to the Cisco routers and security appliances, the ? can follow a letter to give you a list of commands that begin with that letter. For example, issuing the p? command shows that ping is available. Use the space key to complete the command if it is unique. Ping is a com- mon utility that helps to verify connectivity. Another common command is the command to save your work. Unlike Cisco routers, copy run start does not work here. Instead, you use the save config command. In Example 13-4, you can see the process of saving the configuration. After you issue the command, you are asked to verify. You need not press Enter after making your selection. Simply press the letter y for yes and press n for no. Example 13-4 Saving Your Configuration from the CLI (Cisco Controller) >save config Are you sure you want to save? (y/n) y Configuration Saved! (Cisco Controller) > Just as routers have a global configuration mode, so does the controller. Accessing the configuration mode of the controller is a little different from what you might expect. You use the config command followed by what it is you want to configure. For example, if you want to configure 802.11a parameters, you type config 802.11a ?. You need to type the ? because you have to enter the complete string, and the question mark helps you find the syntax, as demonstrated in Example 13-5. 15_1587202115_ch13.qxp 9/29/08 2:41 PM Page 234 Chapter 13: Simple Network Configuration and Monitoring with the Cisco Controller 235 Example 13-5 Using the ? Help Facility (Cisco Controller) >config 802.11a ? 11nSupport Configure 802.11n-5Ghz parameters. antenna Configures the 802.11a antenna beaconperiod Configures the 802.11a beacon interval (20 1000) cac Configure Call Admission Control parameters for 802.11a radios. channel Configures the 802.11a channel chan_width Configure 802.11a channel width disable Disables 802.11a. dtim Configures the 802.11a DTIM Period enable Enables 802.11a. fragmentation Configures the 802.11a Fragmentation Threshold l2roam Configures 802.11a l2roam information. pico-cell Configures the 802.11a pico-cell mode picocell-V2 Configures the 802.11a picocell-V2 mode rate Configures 802.11a operational rates. txPower Configures the 802.11a Tx Power Level dtpc Configures the 802.11a DTPC Setting tsm Configures the 802.11a Traffic stream Metrics option exp-bwreq Configures the 802.11a Expedited BW Request option (Cisco Controller) >config 802.11a You can also perform debug commands from the CLI interface. This is important because these commands are not available from the web interface. Note: debug commands, although useful, can be dangerous. They take up a lot of re- sources, so use them sparingly. Also, they turn off when your session times out. Performing Initial Web Configurations You can connect to the web interface without ever running though the CLI by browsing to the default IP address on the controller, which is 192.168.1.1. Assume, for the purposes of demonstration, that the controller IP address is 192.168.1.50. This is the IP address that has been assigned to the management interface. When you browse to the controller after us- ing the Setup dialog, you use HTTPS, as seen in Figure 13-1. After you have accessed the Controller Login page, click the Login button. You then see the controller Summary page, shown in Figure 13-2. Navigating the Web Interface of the Controller It is beneficial to take time to understand the controller interface. The main menus along the top of the interface are as follows: ■ MONITOR ■ WLANs 15_1587202115_ch13.qxp 9/29/08 2:41 PM Page 235 236 CCNA Wireless Official Exam Certification Guide Figure 13-1 Browsing to the Controller Figure 13-2 Controller Summary 15_1587202115_ch13.qxp 9/29/08 2:41 PM Page 236 Chapter 13: Simple Network Configuration and Monitoring with the Cisco Controller 237 Figure 13-3 WIRELESS Submenus ■ CONTROLLER ■ WIRELESS ■ SECURITY ■ MANAGEMENT ■ COMMANDS ■ HELP Also, along the top right you have access to links that save your configuration, access a ping utility, log out, and refresh the page. When you select one of the top-level configuration tabs, the menu in the left margin of the screen changes. The change enables configuration and monitoring options that pertain to the main level with which you are working. For example, if you are working in the WIRELESS tab, the left menus include the following configuration areas, as seen in Figure 13-3: ■ Access Points ■ Mesh ■ HREAP Groups ■ 802.11a/n 15_1587202115_ch13.qxp 9/29/08 2:41 PM Page 237 238 CCNA Wireless Official Exam Certification Guide ■ 802.11b/g/n ■ QoS Each top-level heading you change results in a new side menu. Configuring the Controller Using the Web Interface For this example, you build basic wireless connectivity. The process is as follows: ■ Build the controller interface. ■ Create the WLAN and tie it to the interface. ■ Modify security settings. Building the controller interface is required because, as you might recall from the begin- ning of this chapter, the interface is a logical entity. It is not a physical port that you can touch, although the interface you create will end up having access to the network via one of the physical ports. After you have created the interface, you need to create the WLAN. The WLAN defines the wireless side, whereas the interface creates the wired side of the configuration. You then need to bind these two to each other so that users on the wireless side can access the wired side of the network. The default settings for a WLAN apply certain security settings that prohibit a user from connecting without additional configuration. The last step in creating a functional WLAN allowing anyone access with no security is to modify the security settings of the WLAN. The following sections detail the process. Building the Controller Interface Step 1. Create an interface in the controller that ties to the VLAN that you want the GUESTNET users on. CONTROLLER > Interfaces > New Step 2. Populate the fields with the appropriate values for the Interface Name and VLAN Id fields, as shown in Figure 13-4. Click Apply. Step 3. Define the IP address for this interface. This should be an address that resides on the same subnet as the GUEST_LAN network. In Figure 13-5, the IP address is 172.30.1.50, and the gateway is 172.30.1.1. Step 4. Next, on the same configuration page shown in Figure 13-5, select a physical port for this GUEST_LAN to use to access the wired network. In the example, port 1 is used because it is a trunk back to the switch that accesses the wired network. Step 5. The next step involves defining the DHCP servers. These servers assign IP ad- dresses to the clients that access the network. In the example, the DHCP server is 172.30.1.1, which is the same as the gateway. The controller queries this DHCP server when clients need IP addresses. Step 6. Click Apply. Key Topi c 15_1587202115_ch13.qxp 9/29/08 2:41 PM Page 238 Chapter 13: Simple Network Configuration and Monitoring with the Cisco Controller 239 Figure 13-4 Creating the GUEST_LAN Interface Figure 13-5 Adding an IP Address to the GUEST_LAN Interface 15_1587202115_ch13.qxp 9/29/08 2:41 PM Page 239 240 CCNA Wireless Official Exam Certification Guide Note You will receive a message indicating that WLANS are disabled temporarily when you click Apply. This is normal. After you click Apply, you are returned to the list of interfaces seen in Figure 13-6. Notice that physical interfaces are listed here, such as the service-port, ap-manager, and manage- ment. These interfaces are tied to VLANs that you can access via the physical connec- tion—port 1. Port 1 is connected to a switch and is operating as an 802.1Q trunk. The GUEST_LAN interface that you created ties the controller to the wired network over port 1 on VLAN 80. No WLAN is associated with it, and no AP is sending beacons adver- tising GUEST_LAN access. That part has yet to be configured. Creating the WLAN and Tying It to the Interface The next piece of the configuration is creating the wireless side. Step 1. Choose WLANs > New. You see a configuration page that assigns an arbitrary WLAN ID to the WLAN that you are creating. In the case of Figure 13-7, the WLAN ID is 2. Step 2. Give the WLAN a profile name. Step 3. Give the WLAN an SSID. In this case, the SSID chosen is GUESTNET. Figure 13-6 Interface Listing 15_1587202115_ch13.qxp 9/29/08 2:41 PM Page 240 Chapter 13: Simple Network Configuration and Monitoring with the Cisco Controller 241 Figure 13-7 Creating the WLAN Profile Name Step 4. Click Apply. The next page that you arrive at has four tabs, seen in Figure 13-8. These tabs allow you to configure the General, Security, QoS, and Advanced settings for the WLAN. Step 5. On the General tab, make sure of the following: ■ The WLAN Status is Enabled. If it is not, the WLAN settings are not sent to all APs. Note: Skip the Security Policies field. You will change this in the Security tab. ■ For the Radio Policy, if All is left selected, all radios are available for the GUESTNET network. It is common to allow 802.11b/g for guests and then use 802.11a for private WLANs, because 802.11b/g usually experience more interference than 802.11a. For guests, quality of service is probably not the highest concern; however, it is for internal users. For now, just leave Radio Policy at the default value of All. Step 6. Next is the important step of choosing the interface in the Interface drop- down that ties this GUESTNET WLAN to the guest_lan physical interface on VLAN 80. If you choose the wrong interface here, people can end up on the wrong network. 15_1587202115_ch13.qxp 9/29/08 2:41 PM Page 241 . CCNA Wireless Official Exam Certification Guide ■ 802.11b/g/n ■ QoS Each top-level heading you change results in a new side menu. Configuring the Controller Using the Web Interface For this example,. follows: ■ MONITOR ■ WLANs 15_1587202115_ch13.qxp 9/29/08 2:41 PM Page 235 236 CCNA Wireless Official Exam Certification Guide Figure 13-1 Browsing to the Controller Figure 13-2 Controller Summary 15_1587202115_ch13.qxp. 232 CCNA Wireless Official Exam Certification Guide Step 3. Manually update images. Step 4. Change the active boot image. Step