In previous posts we looked at 3850 is acting as MC/MA without having centralized controller for MC functionality. But if your environment is large, then from scalability point of view it is advisable to have a Centralized controller for MC & all your 3850/3650 switches will act as MA.
Here is a complete test setup I will be using for future posts, but in this post we will see how to get start with 5760 basic configuration.
So here is physical looks like of this product.
Since this is pretty much work as a L3 switch, it is best practice to connect this to network as VTP transparent switch. Also note that it can handle up to 128 vlans.
5760-1#sh vtp status VTP Version capable : 1 to 3 VTP version running : 2 VTP Domain Name : LTU-CA VTP Pruning Mode : Disabled VTP Traps Generation : Disabled Device ID : 44ad.d903.9d00 Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00 Feature VLAN: -------------- VTP Operating Mode : Transparent Maximum VLANs supported locally : 1005 Number of existing VLANs : 6 Configuration Revision : 0 MD5 digest : 0x36 0xFF 0xF8 0xDF 0x53 0x18 0xF6 0x52 0xE5 0x36 0xC0 0xF9 0xDF 0xA1 0xE6 0x83
If you not set it to transparent mode & connect this to a network having larger number of vlans you may see msg like below
5760-1(config-if)#
*Mar 31 23:59:34.583: %NGWC_PLATFORM_FEP-1-FRU_PS_ACCESS: Switch 1: power supply A is not responding
*Apr 1 00:02:23.112: *simSvcRcvTask: 1 wcm: %SIM-3-ADD_SIM_L2INTF_FAILED: Adding of the vlan failed: tree insertion failure.
*Apr 1 00:02:23.115: *simSvcRcvTask: 1 wcm: %LOG-3-Q_IND: Adding of the vlan failed: tree insertion failure
*Apr 1 00:02:23.131: %SPANTREE_VLAN_SW-2-MAX_INSTANCE: Platform limit of 128 STP instances exceeded. No instance created for VLAN99
Management port of 5760, you have to configure as a host. It is by default in a VRF called “Mgmt-vrf”. So you have to configure a default gateway for this VRF to reach your rest of network.
If the service port is in use, the management interface must be on a different supernet from the service-port interface
interface GigabitEthernet0/0 vrf forwarding Mgmt-vrf ip address 10.13.5.254 255.255.254.0 no ip route-cache negotiation auto ! ip route vrf Mgmt-vrf 0.0.0.0 0.0.0.0 10.13.5.250
I have connected this Mgmt port to G6/1 of my 6506-E. Mgmt port of 5760 should be connected to a switchport configured as Access vlan.
interface GigabitEthernet6/1 description 5760-MGMT-VL999 switchport switchport access vlan 999 ! interface Vlan999 description SW-MGMT ip address 10.13.5.252 255.255.254.0 no ip redirects no ip unreachables ip pim sparse-mode standby 99 ip 10.13.5.250
Once you do this port configuration you can accessible this from your network. If you want to use this port for TFTP/FTP file transfers, then you can configure it like below. *** Makesure you increase TFTP blocksize to 8192b ytes if you want to get max TFTP tranfer speeds (by default it is 512bytes). See this post for more detail ****
5760-1(config)#ip ftp ? passive Connect using passive mode password Specify password for FTP connections source-interface Specify interface for source address in FTP connections username Specify username for FTP connections ! 5760-1(config)#ip ftp username networks 5760-1(config)#ip ftp password xxxxxx 5760-1(config)#ip ftp source-interface g0/0 5760-1(config)#ip tftp ? blocksize Specify TFTP client blocksize boot-interface Force interface to use for TFTP booting min-timeout Set minimum timeout period for retransmission source-interface Specify interface for source address in TFTP connections 5760-1(config)#ip tftp source-interface g0/0 5760-1(config)#ip tftp blocksize 8192
Then you have to define a wireless management interface. I have used vlan 1600 as management interface. Also created two additional vlan for WLAN testing in future. You need to configure a default route to the gateway address of your management interface. Also you need to ensure vlan 1600 used as wireless management interface.
interface Vlan1600 ip address 10.160.49.1 255.255.254.0 ! wireless management interface vlan 1600 ! ip route 0.0.0.0 0.0.0.0 10.160.49.250 5760-1#sh vlan brief VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Te1/0/1, Te1/0/2, Te1/0/3, Te1/0/4 1410 WLN-STD-6 active 1420 WLN-STF-1 active 1600 NET-MGT-1 active
Then you can configure the 10G interfaces, depend on how many you want to activate. I have used 2x 10G as single Port Channel for this. You can bundle all 6 ports to make 60Gbps throughput. Since this is IOS based controller it is supporting LACP, PAgP or Manual (“ON” mode) . I have used mode on for simplicity.
**** HERE IS 5760 CONFIGURATION ***** interface TenGigabitEthernet1/0/5 switchport trunk native vlan 800 switchport trunk allowed vlan 1410,1420,1600 switchport mode trunk channel-group 16 mode on ! interface TenGigabitEthernet1/0/6 switchport trunk native vlan 800 switchport trunk allowed vlan 1410,1420,1600 switchport mode trunk channel-group 16 mode on ! interface Port-channel16 switchport trunk native vlan 800 switchport trunk allowed vlan 1410,1420,1600 switchport mode trunk ****** HERE IS THE CONFIG ON 6506-E ****** interface TenGigabitEthernet4/15 description 5760WLC-20G ETH-CH switchport switchport trunk native vlan 800 switchport trunk allowed vlan 1410,1420,1600 switchport mode trunk channel-group 16 mode on ! interface TenGigabitEthernet4/16 description 5760WLC-20G ETH-CH switchport switchport trunk native vlan 800 switchport trunk allowed vlan 1410,1420,1600 switchport mode trunk channel-group 16 mode on ! interface Port-channel16 description WLC5760-20G switchport switchport trunk native vlan 800 switchport trunk allowed vlan 1410,1420,1600 switchport mode trunk
You can configure Port-Channel load balancing as “src-dst-ip” instead of default “src-mac” method. 6506-E, by default doing “src-dst-ip” load balancing.
5760-1(config)#port-channel load-balance ? dst-ip Dst IP Addr dst-mac Dst Mac Addr dst-mixed-ip-port Dst IP Addr and TCP/UDP Port dst-port Dst TCP/UDP Port extended Extended Load Balance Methods src-dst-ip Src XOR Dst IP Addr src-dst-mac Src XOR Dst Mac Addr src-dst-mixed-ip-port Src XOR Dst IP Addr and TCP/UDP Port src-dst-port Src XOR Dst TCP/UDP Port src-ip Src IP Addr src-mac Src Mac Addr src-mixed-ip-port Src IP Addr and TCP/UDP Port src-port Src TCP/UDP Port 5760-1(config)#port-channel load-balance src-dst-ip 5760-1#show etherchannel load-balance EtherChannel Load-Balancing Configuration: src-dst-ip EtherChannel Load-Balancing Addresses Used Per-Protocol: Non-IP: Source XOR Destination MAC address IPv4: Source XOR Destination IP address IPv6: Source XOR Destination IP address 5760-1#sh etherchannel summary Flags: D - down P - bundled in port-channel I - stand-alone s - suspended H - Hot-standby (LACP only) R - Layer3 S - Layer2 U - in use f - failed to allocate aggregator M - not in use, minimum links not met u - unsuitable for bundling w - waiting to be aggregated d - default port Number of channel-groups in use: 1 Number of aggregators: 1 Group Port-channel Protocol Ports ------+-------------+-----------+----------------------------------------------- 16 Po16(SU) - Te1/0/5(P) Te1/0/6(P)
Make sure you configure NTP, & your 5760 is sync with it. Also username/password configured to access this via GUI
5760-1(config)#username admin privilege 15 password 0 Cisco123 5760-1#sh run | in ntp ntp server x.x.4.104 ntp server x.x.4.103 5760-1#sh run | in clock clock timezone AEST 10 0 clock summer-time AEDT recurring 1 Sun Oct 2:00 1 Sun Apr 3:00 5760-1#show ntp associations address ref clock st when poll reach delay offset disp *~x.x.4.104 x.x.131.118 2 84 128 377 0.952 3.035 4.226 +~x.x.4.103 x.x.192.50 2 92 128 377 0.963 2.782 3.103 * sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured 5760-1#sh clock 16:43:51.564 AEDT Thu Dec 12 2013
That’s pretty much the basic configuration & you should be able to access 5760 GUI using its management IP (https://10.160.49.1/wireless) using admin/Cisco123 credentials.
You can check the license level as below & if you do not have permanent license you activate evaluation license for 90days using “license right-to-use activate apcount evaluation acceptEULA ” CLI command. If it is permanent license you can activate them using “license right-to-use activate apcount <No of AP> slot {1 |2} acceptEULA “.
5760-1#show license right-to-use summary
License Name Type Count Period left
-----------------------------------------------
apcount base 0 Lifetime
apcount adder 1000 Lifetime
--------------------------------------------
Evaluation AP-Count: Disabled
Total AP Count Licenses: 1000
AP Count Licenses In-use: 0
AP Count Licenses Remaining: 1000
You have to upgrade software image depend on the IOS-XE image come with your 5760. In my case I have already upgraded it (you can follow Getting Started with 3850 post to see detail) to 3.9.6 since I am doing beta trial with 3700 series AP.
5760-1#sh ver . . . License Level: Ipservices License Type: Permanent Next reload license Level: Ipservices cisco AIR-CT5760 (i686) processor with 10485760K bytes of physical memory. Processor board ID FOC1727V0MT 2 Virtual Ethernet interfaces 6 Ten Gigabit Ethernet interfaces 2048K bytes of non-volatile configuration memory. 10485760K bytes of physical memory. 255000K bytes of Crash Files at crashinfo:. 3612840K bytes of Flash at flash:. 0K bytes of Dummy USB Flash at usbflash0:. 0K bytes of at webui:. Base Ethernet MAC Address : 44:ad:d9:03:9d:00 Motherboard Assembly Number : 73-14448-04 Motherboard Serial Number : FOC172568FD Model Revision Number : A0 Model Number : AIR-CT5760 System Serial Number : FOC1727V0MT Switch Ports Model SW Version SW Image Mode ------ ----- ----- ---------- ---------- ---- * 1 6 AIR-CT5760 03.09.06.MZP ct5760-ipservicesk9 INSTALL Configuration register is 0x201 (will be 0x102 at next reload)
Here is consolidated configuration guide (for IOS-XE3.3 which is the latest at the time of this write up) that you should refer. yes it is 1818 page guide & takes time to absorb it. 🙂
Consolidated Platform Configuration Guide, Cisco IOS XE Release3.3SE (Cisco WLC 5700 Series)
In next post, we will see how we can use this controller to associate with 3850 (MA) to register AP.
Related Posts
1. Getting Started with 3850
2. WLAN configs with 3850 – Part 1
3. WLAN configs with 3850 – Part 2
4. 3850 Password Recovery
5. Converged Access Mobility
6. 3850- Flexible Netflow
7. Wireshark Capture in 3850
8. 3850(MA) with 5760(MC)
mrn-cciew 
This is great. I have a question regarding the Ap count license. If i purchase the license for the adder in cisco do I need to physically install the LIC to the Ct5760, int the CLI or just copy it to the flash?
You just simply need to add it via CLI command.
hi nayarasi, this is a great post. jumping from 5508 to 5760 i find a lot of weird things with 5760 =). i.e. license can be easliy configured ucing cli, and even if we only purchase les than 1000 license, i can see that 1000 still can be enabled as a peremanent license. i maybe asking a few more questions about this controller soon . tia
No worries Chris, let them come in.. I will help you as much as I can
Rasika
hi again, by the way from controller ryt now is using SW version 03.03.03SE. is it advisable to upgrade to the latest version? latest that i can see if i remember correctly is 3.9.6. thanks
I am running 3.6E on my production 5760 (used as MC for 7x3850MA stacks) & no issues with that so far.
By the way 3.6E is the latest at the moment
HTH
Rasika
hi thanks for the reply.
i will upgrade the ios to the latest one. have u tried configuring roaming/mobility with 5760? im looking at the deployment guide and notice that there is no more virtual ip address. and somehow there is a command “wireless mobility dscp 46” which was not mentioned in the guide what its usage for mobility. but seems like its for voice traffic. anyway i will try configuring mobility tomrow without this command and see whether it will work. thanks
I think this command simply give EF priority for the mobility messages.
Even without this mobility will work, this is only required if you want to prioritized mobility traffic.
Virtual IP address configured under WebAuth parameters map when configuring webauth. Otherwise no interface config like in AireOS controllers.
HTH
Rasika
hi,
i have tried testing roaming with 5760 and i got it to work. in my setup with 2×3850 switches, 2×5760 and 1 ap connecting to each wlc. routing was there, 3 different subnets etc. anyway, seems like the 5760’s mobility concept is different from 5508 in a way that 5508 needs the virtual ip address for the roaming to work properly. coz 5760 only needs virtual ip address if there is web auth requirements. am i ryt to say that? thanks
i did upgrade the ios as well to 03.06.00E and notice that the commands for upgrade are different =).
i have question about license rtu. we only bought 330 license for each controller but seems like a total of 1000 can be activated per controller with the “license right-to-use command”. initially there’s a 100 base license. i know that i need to add 230 to make it 330 but i accidently added 330 to 100 and notice that it still can be accepted. below is the capture i took. i tried adding more numbers and notice that it can still go higher till 1000. anyway i did deactiavate the 100 license to make it 330.
WLC2#license right-to-use activate apcount 330 slot 1 acceptEULA show license right-to-use summary
License Name Type Count Period left
———————————————–
apcount base 0 Lifetime
apcount adder 430 Lifetime
——————————————–
Evaluation AP-Count: Disabled
Total AP Count Licenses: 430
AP Count Licenses In-use: 0
AP Count Licenses Remaining: 430
is this normal behaviour or do i need to activate the license somewhere in cisco website? did i do it correctly? seems like the license activation with 5760 is so simple. im worried that i did it wrongly
Yes, that is normal behavior & cisco trust you & believe you do it honestly. 🙂
thanks =)
hi sir ,
my situation is very critical as i want to migrate from centralized mode to converged mode :
i have one 5706 and many 3650 work like switch and now all my configuration of terminate capwap and Wlans and interfaces , dhcp , guest conf , connecting with MSE , connecting with prim , every thing configured on 5706 as one centralized controller ,,
now i want to convert this design to converged to have one MC ( 5706 ) and many MA ( 3650 )
what shall i do
i already have a small lab but when i did the configuration which you did before in another post , yes i have status of ( MC / MA ) is up up but i can not see any WAP registered in the MA and i supposed all configuration was configured in 5760 copied to MA ( 3650 ) but nothing from that happened ,,
please help me
Let’s set up a time to have a look. What time zone r u in?
hi amr,
im not sure yet how does converged deployment works but i think u need to make sure the 3650 has a license for the ap to join in. then 3650 can only handle 25 aps per switch or stack. u have consider a lot of things i guess when migrating from centralized to converged
personally i dont like converged deployment as its troublesome the way i look at it. =) if ur deployment can be setled by centralized deployment then why bother doing converged =). sorry just my thoughts
hi sir
this my time zone
Arabia Time Zone (UTC+03:00)
Saudi Arabia, Time zone
i hope to communicate with you soon
thanks
How about 10am Thursday ur time to have a look via teamviewr?
i am afraid it will not fit because this solution at one of customer and my lab is limited by configuration ( just for test )
but my question if i want to do this migration what steps shall i do :
all wap now registered on centralized 5760 and all configuration like ( ssid , aaa , guest wlan , etc )
and my first step as i told you i prepare MA , MC to be up up ,,,
and for wap registered problem may be because i did not put in the same wireless management interface vlan for ( MA ) , i think it will register after i do this ,, but after access points register to the new ( MA ) ,,,
1 – what about the whole remaining configuration which done before on 5760 ,
shall i configure it again on MA or what
2 – and if this from scratch not like my case ( migration ) ,, where i configure the whole wireless configuration ( ssid , aaa , guest wlan , connecting with MSE , Prime , etc )
many thanks for answers
now WAP registered after putted WAP in the same wireless management vlan
and no problem with registeration but the problem as i told you with the remaining whole configuration ,,, shall i configure all wireless configuration on all MA
i think it does not make sense
All SSID, AAA, configuration has to be done on your 3650s. RRM releated config done on MC/5760.
I would not advice to migrate everything from centralized to CA, unless you are very sure about configs & how it works.
Best approach would be migrate one 3650 stack to converge access & test it thoroughly.
HTH
Rasika
mmmmmmmm ,, just only RRM that i can configure on 5700 ,,
what if i have about 40 MA i should repeat all configuration ,
Rasika , can i have any way to contact you by phone or chat like facebook , skybe
Yes, you have to repeat configuration on all your MAs.
Best way to do is a have a switch template configuration where you load the standard config in each MA.
You can contact me via skype “mrncciew” & can have a chat.
HTH
Rasika
do you mean my wireless network can be ( 5700 can work local and centralized in the same time ,,
and what if i have guest configuration in 5700 pointing directly to a firewall
how can i configure it on converged mode ,,, shall i make a MA is a foreign and MC(5700) is Ancore
Hi Rasika,
i have a question about multicast. is it a requirement to enable the multicast? any advantage and disadvantage that you can list? thanks for the help
Hi,
Do i need to do any setting on WLAN profile in order to assign static IP for the client on this 5760 WLC. WLC is running with 03.07.00E code.
Thanks,
Hi
i am using one wlc 5760 and layer 2 switch
connectivity i am using trunk connectivity b/w wlc and layer 2 switch.
i want to access the web of WLc 5760
In wLc5760 i had configure
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
ip address 10.1.1.2 255.255.255.0
no ip route-cache
negotiation auto
!
ip route vrf Mgmt-vrf 0.0.0.0 0.0.0.0 10.1.1.1
interface Vlan 1
ip address 192.168.1.10 255.255.255.0
!
wireless management interface vlan 1600
!
Layer 2 switch
vlan 1
ip address 192.168.1.12 255.255.255
then i can access the web of Wlc with ip address 192.168.1.10
or
i need layer 3 device for intervlan routing
Could you perhaps give an advice for which software version should be used 3.3.5, 3.6.2or 3.7.1 ?
There are no features added to 3.6.2 or 3.7.1 which i require for my case however 3.7.1 has the most bug fixes i suppose, but it has only been released last week (30th of April).
Any suggestions on which versions is most stabile and supports HA SSO for the 5760?
I would go with 3,3.5 if no requirement for new feature. That is the most stable code as per my knowledge.
HTH
Rasika
Thanks will see how it goes and let you know!
what does this statement mean in your sh version output
Configuration register is 0x201 (will be 0x102 at next reload)
Same as yours,
Configuration register is 0x201 (will be 0x102 at next reload)
HTH
Rasika
what does that statement mean ?, is this normal in WLC 5760 ? even after reload, that statement appears.
Yes, it is normal
Hi,
Do APs need to be in the same wireless management VLAN? What if i have many APs & i need to separate them on different VLANs?
Thanks.
If you want to register AP to a 5760, then AP can be on any VLAN as long as AP has L3 reachability to 5760 mgmt.
Rasika
Pingback: WLC Enable on Cisco 3850 | hiteshlodhi
Hi, I am running version 03.03.05SE ct5760-ipservicesk9. Please can you advise on upgrade version.
3.6.4 is the one I would suggest