282 CCNA Wireless Official Exam Certification Guide multiaccess point management. On top of the basic transport layer, the controller sup- ports Cisco Secure Guest Access and Voice-over-WLAN advanced mobility services. As part of the Smart Business Communications System, this controller is managed by the Cisco Configuration Assistant, easing deployment and decreasing the cost of ongoing maintenance. A single Cisco 526 controller supports up to six Cisco 521 access points, and up to two controllers can be deployed per network, delivering the capacity, simplicity, and price point that is appropriate for the SMB. 1 The Cisco 526 Wireless Express controller supports the following features: ■ Secure network access for guest users ■ Support for Cisco voice-over-WLAN optimization ■ Easy management with CCA ■ Support for Cisco LWAPP ■ Support for up to six access points per controller and up to 2 controllers per network, for a total of 12 access points ■ Multiaccess point RRM ■ Support for a wide range of authentication mechanisms to enable scalable security ar- chitectures and minimize security interoperability issues (WEP, MAC filtering, WPA, WPA2, WebAuth, 802.1X, and EAP) ■ Wired/wireless network virtualization Comparing the Cisco Mobility Express Architecture to the CUWN When you compare the Cisco Mobility Express Architecture to the Cisco Unified Wire- less Network, you will find that the model is similar; however, the protocols are different. The Mobility Express solution does not use the full enterprise class version of LWAPP; rather, it uses a subset of LWAPP. In addition, the Cisco 521 AP cannot communicate with CUWN wireless LAN controllers. Likewise, the Cisco 526 cannot communicate with APs from the 1100 series or higher. The 526 supports control of up to 12 APs in a small net- work. Configuring the 521 AP and 526 Controller In general, you can configure the Mobility Express solution in three ways, none of which are performed on the AP. You do not even need to directly access the AP. Instead, on the controller itself, use either the CLI, which is normally used for basic setup and initializa- tion, or the web interface. After a basic setup on the controller, you can use the Configu- ration Assistant management tool. Each of these methods is discussed in the following sections. Using the CLI to Configure the Controller To configure the Cisco Mobility Express solution, you need a console connection to the Cisco 526. You do not need to do anything on the AP because the controller takes care of 17_1587202115_ch15.qxp 9/29/08 2:40 PM Page 282 Chapter 15: Cisco Mobility Express 283 it. After you have a console connection, you can power on the device and view the boot process. In Example 15-1, notice that if you press the Esc key, you are presented with multiple boot options. The normal selection is to run the primary image. Example 15-1 Booting the Cisco 526 Controller Booting Primary Image Press <ESC> now for additional boot options Boot Options Please choose an option from below: 1. Run primary image (Version 4.2.61.8) (active) 2. Run backup image (Version 4.1.154.22) 3. Manually upgrade primary image 4. Change active boot image 5. Clear Configuration Please enter your choice: Continuing with the boot process, Example 15-2 shows the tests that are performed as the device initializes. Example 15-2 Tests During the Boot Process CISCO SYSTEMS Embedded BIOS Version 1.0(12)6 08/21/06 17:26:53.43 Low Memory: 632 KB High Memory: 251 MB PCI Device Table. Bus Dev Func VendID DevID Class Irq 00 01 00 1022 2080 Host Bridge 00 01 02 1022 2082 Chipset En/Decrypt 11 00 0C 00 1148 4320 Ethernet 11 00 0D 00 177D 0003 Network En/Decrypt 10 00 0F 00 1022 2090 ISA Bridge 00 0F 02 1022 2092 IDE Controller 00 0F 03 1022 2093 Audio 10 00 0F 04 1022 2094 Serial Bus 9 00 0F 05 1022 2095 Serial Bus 9 Evaluating BIOS Options Launch BIOS Extension to setup ROMMON Cisco Systems ROMMON Version (1.0(12)7) #2: Fri Oct 13 10:52:36 MDT 2006 continues 17_1587202115_ch15.qxp 9/29/08 2:40 PM Page 283 284 CCNA Wireless Official Exam Certification Guide Platform AIR-WLC526-K9 Launching BootLoader Cisco Bootloader (Version 4.0.191.0) .o88b. d888888b .d8888. .o88b. .d88b. d8P Y8 `88’ 88’ YP d8P Y8 .8P Y8. 8P 88 `8bo. 8P 88 88 8b 88 `Y8b. 8b 88 88 Y8b d8 .88. db 8D Y8b d8 `8b d8’ `Y88P’ Y888888P `8888Y’ `Y88P’ `Y88P’ Booting Primary Image Press <ESC> now for additional boot options Detecting hardware . . . . Generating Secure Shell DSA Host Key Generating Secure Shell RSA Host Key Generating Secure Shell version 1.5 RSA Host Key XML config selected Cisco is a trademark of Cisco Systems, Inc. Software Copyright Cisco Systems, Inc. All rights reserved. Cisco AireOS Version 4.2.61.8 Initializing OS Services: ok Initializing Serial Services: ok Initializing Network Services: ok Starting ARP Services: ok Starting Trap Manager: ok Starting Network Interface Management Services: ok Starting System Services: ok Starting FIPS Features: Not enabled Starting Fast Path Hardware Acceleration: ok Starting Switching Services: ok Starting QoS Services: ok Starting Policy Manager: ok Starting Data Transport Link Layer: ok Starting Access Control List Services: ok Starting System Interfaces: ok Starting Client Troubleshooting Service: ok 17_1587202115_ch15.qxp 9/29/08 2:40 PM Page 284 Chapter 15: Cisco Mobility Express 285 Starting Management Frame Protection: ok Starting LWAPP: ok Starting Certificate Database: ok Starting VPN Services: ok Starting Security Services: ok Starting Policy Manager: ok Starting Authentication Engine: ok Starting Mobility Management: ok Starting Virtual AP Services: ok Starting AireWave Director: ok Starting Network Time Services: ok Starting Cisco Discovery Protocol: ok Starting Broadcast Services: ok Starting Power Over Ethernet Services: ok Starting Logging Services: ok Starting DHCP Server: ok Starting IDS Signature Manager: ok Starting RFID Tag Tracking: ok Starting Mesh Services: ok Starting TSM: ok Starting LOCP: ok Starting CIDS Services: ok Starting Ethernet-over-IP: ok Starting Management Services: Web Server: ok CLI: ok Secure Web: Web Authentication Certificate not found (error). dhcp pool 192.168.1.100(0xc0a80164) — 192.168.1.102(0xc0a80166), network 192.168.1.0(0xc0a80100) netmask 255.255.255.0(0xffffff00), default gateway 0xc0 internal dhcp server is config successfully (Cisco Controller) Upon completing the boot sequence, a controller with no configuration prompts you to perform the setup using the Cisco Wizard Configuration tool, as demonstrated in Example 15-3. Be prepared to provide the following information: ■ Hostname of the device ■ Username of the administrator ■ Password for the administrator ■ Management interface information ■ AP-Manager interface information ■ Virtual gateway IP address 17_1587202115_ch15.qxp 9/29/08 2:40 PM Page 285 286 CCNA Wireless Official Exam Certification Guide Example 15-3 Cisco Wizard Configuration Welcome to the Cisco Wizard Configuration Tool Use the ‘-’ character to backup System Name [Cisco_be:7a:e0]: 526-3 Enter Administrative User Name (24 characters max): admin3 Enter Administrative Password (24 characters max): ***** Re-enter Administrative Password : ***** Management Interface IP Address: 10.30.1.100 Management Interface Netmask: 255.255.255.0 Management Interface Default Router: 10.30.1.254 Management Interface VLAN Identifier (0 = untagged): 0 Management Interface Port Num [1 to 2]: 1 Management Interface DHCP Server IP Address: 10.30.1.253 AP Manager Interface IP Address: 10.30.1.101 AP-Manager is on Management subnet, using same values AP Manager Interface DHCP Server (10.30.1.253): Virtual Gateway IP Address: 1.1.1.1 Mobility/RF Group Name: CP-POD3 Enable Symmetric Mobility Tunneling [yes][NO]: NO Network Name (SSID): IUWNE-301 Allow Static IP Addresses [YES][no]: YES Configure a RADIUS Server now? [YES][no]: no Warning! The default WLAN security policy requires a RADIUS server. Please see documentation for more details. Enter Country Code list (enter ‘help’ for a list of countries) [US]: US Enable 802.11b Network [YES][no]: yes Enable 802.11g Network [YES][no]: yes Enable Auto-RF [YES][no]: yes Configure a NTP server now? [YES][no]: no Configure the system time now? [YES][no]: no Warning! No AP will come up unless the time is set. Please see documentation for more details. Configuration correct? If yes, system will save it and reset. [yes][NO]: yes Key Topi c 17_1587202115_ch15.qxp 9/29/08 2:40 PM Page 286 Chapter 15: Cisco Mobility Express 287 Figure 15-3 Login Screen to the 526 Controllers After you have completed the configuration from the CLI, you can browse to the IP ad- dress of the management interface. Using the Web Browser to Configure the Controller To access the controller via a web browser, enter the IP address of the management inter- face of the controller preceded by https://. This is either the IP address you configured in the CLI Wizard or the default address of 192.168.1.1. In Figure 15-3, you can see the login page for the controller that will appear. Notice that the connection is secure via HTTPS. Click the Login button and enter a user- name and password before performing any configuration. After you are logged in, you are presented with a Summary page, as seen in Figure 15-4. The Summary page gives you a look at the controller status, the AP status, and the top WLANs. Changes are logged as you make them, and you can see them on the Summary page. 17_1587202115_ch15.qxp 9/29/08 2:40 PM Page 287 288 CCNA Wireless Official Exam Certification Guide Figure 15-4 Summary Page Note: The Wireless Express controller web interface is quite similar to the WLC web in- terface used in the CUWN architecture. When it comes to the controllers, you do not need to do much work. The AP and con- trollers will find each other. You can see in Figure 15-5 that the All APs option from the WIRELESS menu is showing an AP that has been discovered. When you select the AP name, you are taken to a page that allows you to enter details spe- cific to that AP, such as its name and its primary controller, as shown in Figure 15-6. You can also enable or disable the AP from this menu. Other options include resetting the AP and clearing the AP configuration. Using the Cisco Configuration Assistant With the configuration as is, you can access the Configuration Assistant. The Cisco Con- figuration Assistant (CCA) is a management tool that installs on a Windows computer and is based on an application called Cisco Network Assistant, which has been modified to support the Cisco Mobility solution. After you have installed the CCA, you can access it via a desktop shortcut. When the application launches, you need to connect to or create a community. When you log in for the first time, you create a community. A community is a group name for your Mobility Express network. Figure 15-7 shows the configuration page that you see when creating a community. Key Topi c 17_1587202115_ch15.qxp 9/29/08 2:40 PM Page 288 Chapter 15: Cisco Mobility Express 289 Figure 15-5 The All APs List Figure 15-6 Details Page for AP Configuration 17_1587202115_ch15.qxp 9/29/08 2:40 PM Page 289 290 CCNA Wireless Official Exam Certification Guide Figure 15-7 Creating a Community CCA will discover the standalone APs. The APs will appear in the CCA interface. If you are running CCA 1.5 or later, you can migrate the standalone APs to lightweight APs. CCA will also discover WLCs using IP discovery and the Cisco Discovery Protocol (CDP). CDP is a Cisco proprietary protocol that can gain information about directly connected Cisco devices. CCA has a topology view shown in Figure 15-8; by right-clicking on a de- vice in the topology, you can access the device and configure it, as seen in Figure 15-9. 17_1587202115_ch15.qxp 9/29/08 2:40 PM Page 290 Chapter 15: Cisco Mobility Express 291 Figure 15-8 CCA Topology View Figure 15-9 Configuration Menu in Topology View 17_1587202115_ch15.qxp 9/29/08 2:40 PM Page 291 . gateway IP address 17_1587202115_ch15.qxp 9/29/08 2:40 PM Page 285 286 CCNA Wireless Official Exam Certification Guide Example 15-3 Cisco Wizard Configuration Welcome to the Cisco Wizard Configuration. Summary page. 17_1587202115_ch15.qxp 9/29/08 2:40 PM Page 287 288 CCNA Wireless Official Exam Certification Guide Figure 15-4 Summary Page Note: The Wireless Express controller web interface is quite similar. 282 CCNA Wireless Official Exam Certification Guide multiaccess point management. On top of the basic transport layer, the