Tags
In most of the practical scenarios, you have to place a 5760 controller in a existing CUWN (Cisco Unified Wireless Network) environment. In this post we will see how to configure a WLAN on 5760 to support those CUWN setup.
As shown in the above diagram we will use L3502-2 AP to register to 5760-1 controller. In this case CAPWAP will be terminate on 5760 itself as AP connected to a 3750X series switch where it does not have integrated WLC functionality. Make sure your 5760 has basic configurations (Refer Getting Started with 5760 for detail)
Here is the AP configuration. Let’s delete its NVRAM to forget about previously known WLCs (in this way it will not try to register for previously known WLCs). Then once it boots up, it will get DHCP IP & try to find a WLC. In this example we will configure the WLC IP statically on AP.LAP#debug capwap con
LAP#debug capwap console cli This command is meant only for debugging/troubleshooting Any configuration change may result in different behavior from centralized configuration. CAPWAP console CLI allow/disallow debugging is on LAP#erase /all nvram: Erasing the nvram filesystem will remove all files! Continue? [confirm] [OK] Erase of nvram: complete L3502-2#reload *Dec 16 01:58:14.647: %SYS-7-NV_BLOCK_INIT: Initialized the geometry of nvram Proceed with reload? [confirm] Writing out the event log to flash:/event.log . . . *Dec 16 01:58:50.640: %CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source *Dec 16 01:58:51.474: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.161.32.11, mask 255.255.254.0, hostname APccef.4872.0fc3 *Dec 16 01:58:51.735: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up *Dec 16 01:58:52.735: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up *Dec 16 01:58:52.829: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up *Dec 16 01:58:53.830: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up Translating "CISCO-CAPWAP-CONTROLLER.ltu.edu.au"...domain server (x.x.2.2) *Dec 16 01:59:01.461: %CAPWAP-3-ERRORLOG: Did not get log server settings from DHCP. *Dec 16 01:59:01.464: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROLLER.ltu.edu.au
Once you configure the 5760 as primary controller for this AP it will successfully register to it.
APccef.4872.0fc3#capwap ap primary-base 5760-1 10.160 *Dec 16 02:04:08.490: %CAPWAP-3-ERRORLOG: Selected MWAR '5760-1'(index 0). *Dec 16 02:04:08.490: %CAPWAP-3-ERRORLOG: Go join a capwap controller *Dec 16 02:01:55.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.160.49.1 peer_port: 5246 *Dec 16 02:01:55.223: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.160.49.1 peer_port: 5246 *Dec 16 02:01:55.223: %CAPWAP-5-SENDJOIN: sending Join Request to 10.160.49.1 *Dec 16 02:01:55.440: capwap-config-view: Not present *Dec 16 02:01:55.522: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down *Dec 16 02:01:55.528: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset *Dec 16 02:01:55.537: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller 5760-1 *Dec 16 02:01:55.588: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up *Dec 16 02:01:56.522: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down *Dec 16 02:01:56.553: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down *Dec 16 02:01:56.560: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset *Dec 16 02:01:56.588: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down *Dec 16 02:01:57.548: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up *Dec 16 02:01:57.579: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up *Dec 16 02:01:57.585: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down *Dec 16 02:01:57.592: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset *Dec 16 02:01:58.579: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up *Dec 16 02:01:58.586: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down *Dec 16 02:01:58.611: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up *Dec 16 02:01:59.073: %CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source *Dec 16 02:01:59.611: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
Now if you look at 5760 end you can see the successful AP registration. We will change the AP name to L3502-2 using “ap name <old_name> name <new_name>” CLI command.
5760-1#show ap summary Number of APs: 1 Global AP User Name: Not configured Global AP Dot1x User Name: Not configured AP Name AP Model Ethernet MAC Radio MAC State ---------------------------------------------------------------------------------------- APccef.4872.0fc3 3502I ccef.4872.0fc3 2c3f.382b.5260 Registered 5760-1#ap name APccef.4872.0fc3 name L3502-2 5760-1#show ap summary Number of APs: 1 Global AP User Name: Not configured Global AP Dot1x User Name: Not configured AP Name AP Model Ethernet MAC Radio MAC State ---------------------------------------------------------------------------------------- L3502-2 3502I ccef.4872.0fc3 2c3f.382b.5260 Registered
Let’s create a WLAN called “LTUWireless” with open authentication. (In a later post we will change it to dot1x with AAA override). Since I am creating it as open, I do not want to many users connect to it. So I disabled the “broadcast SSID” feature.
5760-1(config)#wlan LTUWireless 21 LTUWireless 5760-1(config-wlan)#no broadcast-ssid 5760-1(config-wlan)#client vlan 1420 5760-1(config-wlan)#no security wpa
Let’s create the dynamic interface for clients on vlan 1420
5760-1(config-if)#do sh vlan brief VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- . . 1410 WLN-STD-6 active 1420 WLN-STF-1 active 1600 NET-MGT-1 active 5760-1(config)#interface vlan 1420 5760-1(config-if)#ip address 10.142.39.253 255.255.248.0 5760-1(config-if)#ip helper-address x.x.x.100 5760-1(config-if)#ip helper-address x.x.x.200
Now let’s create a AP group called “LTU-CUWN” & put this WLAN onto it. Then you need to add L3502-2 AP onto the group we created.(Note that AP will reboot & register again to 5760)
5760-1(config)#ap group LTU-CUWN 5760-1(config-apgroup)#wlan LTUWireless 5760-1(config-wlan-apgroup)#? default Set a command to its defaults exit Exit sub-mode no Negate a command or set its defaults radio-policy Configures Radio Policy on given AP-Group vlan Configures the WLANs vlan 5760-1(config-wlan-apgroup)#vlan ? WORD Specify the vlan name or vlan id 5760-1(config-wlan-apgroup)#vlan 1420 5760-1#ap name L3502-2 ap-groupname LTU-CUWN Changing the AP's group name will cause the AP to reboot. Are you sure you want to continue? (y/n)[y]: y
Here is WLAN summary information.
5760-1#show wlan summary Number of WLANs: 1 WLAN Profile Name SSID VLAN Status -------------------------------------------------------------------------------- 21 LTUWireless LTUWireless 1420 UP 5760-1#show wlan id 21 WLAN Profile Name : LTUWireless ================================================ Identifier : 21 Network Name (SSID) : LTUWireless Status : Enabled Broadcast SSID : Disabled Max Associated Clients per WLAN : 0 Max Associated Clients per AP per WLAN : 0 Max Associated Clients per AP Radio per WLAN : 0 AAA Policy Override : Disabled Network Admission Control NAC-State : Disabled Number of Active Clients : 1 Exclusionlist Timeout : 60 Session Timeout : Infinity CHD per WLAN : Enabled Webauth DHCP exclusion : Disabled Interface : 1420 Interface Status : Up Multicast Interface : Unconfigured WLAN IPv4 ACL : WLAN IPv6 ACL : unconfigured DHCP Server : Default DHCP Address Assignment Required : Disabled DHCP Option 82 : Disabled DHCP Option 82 Format : ap-mac DHCP Option 82 Ascii Mode : Disabled DHCP Option 82 Rid Mode : Disabled QoS Service Policy - Input Policy Name : unknown Policy State : None QoS Service Policy - Output Policy Name : unknown Policy State : None QoS Client Service Policy Input Policy Name : unknown Output Policy Name : unknown WMM : Allowed WifiDirect : Disabled Channel Scan Defer Priority: Priority (default) : 4 Priority (default) : 5 Priority (default) : 6 Scan Defer Time (msecs) : 100 Media Stream Multicast-direct : Disabled CCX - AironetIe Support : Enabled CCX - Gratuitous ProbeResponse (GPR) : Disabled CCX - Diagnostics Channel Capability : Disabled Dot11-Phone Mode (7920) : Invalid Wired Protocol : None Peer-to-Peer Blocking Action : Disabled Radio Policy : All DTIM period for 802.11a radio : 1 DTIM period for 802.11b radio : 1 Local EAP Authentication : Disabled Mac Filter Authorization list name : Disabled Accounting list name : Disabled 802.1x authentication list name : Disabled Security 802.11 Authentication : Open System Static WEP Keys : Disabled 802.1X : Disabled Wi-Fi Protected Access (WPA/WPA2) : Disabled FT Support : Disabled FT Reassociation Timeout : 20 FT Over-The-DS mode : Enabled PMF Support : Disabled PMF Association Comeback Timeout : 1 PMF SA Query Time : 200 CKIP : Disabled IP Security : Disabled L2TP : Disabled Web Based Authentication : Disabled Conditional Web Redirect : Disabled Splash-Page Web Redirect : Disabled Auto Anchor : Disabled Sticky Anchoring : Enabled Cranite Passthru : Disabled Fortress Passthru : Disabled PPTP : Disabled Infrastructure MFP protection : Enabled Client MFP : Optional but inactive (WPA2 not configured) Webauth On-mac-filter Failure : Disabled Webauth Authentication List Name : Disabled Webauth Parameter Map : Disabled Tkip MIC Countermeasure Hold-down Timer : 60 Call Snooping : Disabled Passive Client : Disabled Non Cisco WGB : Disabled Band Select : Disabled Load Balancing : Disabled IP Source Guard : Disabled Assisted-Roaming Neighbor List : Enabled Prediction List : Disabled Dual Band Support : Enabled AVC Visibility : Disabled
Now you can test your client connectivity.As you can see my AnyConnect client get connect to this SSID.
You can verify clients detail on 5760 CLI as well.
5760-1#sh wireless client summary Number of Local Clients : 1 MAC Address AP Name WLAN State Protocol -------------------------------------------------------------------------------- a088.b435.c2f0 L3502-2 21 UP 11n(5) 5760-1#show wireless client mac-address a088.b435.c2f0 detail Client MAC Address : a088.b435.c2f0 Client Username: N/A AP MAC Address : 2c3f.382b.5260 AP Name: L3502-2 AP slot : 1 Client State : Associated Wireless LAN Id : 21 Wireless LAN Name: LTUWireless BSSID : 2c3f.382b.526f Connected For : 536 secs Protocol : 802.11n - 5 GHz Channel : 161 Client IIF-ID : 0x5b3c8000000013 ASIC : 0 IPv4 Address : 10.142.35.243 IPv6 Address : Unknown Association Id : 1 Authentication Algorithm : Open System Status Code : 0 Session Timeout : 0 Client CCX version : 4 Client E2E version : 1 Input Policy Name : unknown Input Policy State : None Output Policy Name : unknown Output Policy State : None 802.1P Priority Tag : 0 WMM Support : Enabled U-APSD Support : Disabled Power Save : OFF Current Rate : m15 Supported Rates : 6.0,9.0,12.0,18.0,24.0,36.0,48.0,54.0,6.0,9.0,12.0,18.0,24.0,36.0,48.0,54.0 Mobility State : Local Mobility Move Count : 0 Security Policy Completed : Yes Policy Manager State : RUN Policy Manager Rule Created : Yes NPU Fast Fast Notified : Yes Last Policy Manager State : DHCP_REQD Client Entry Create Time : 430790 seconds Policy Type : N/A Encryption Cipher : None Management Frame Protection : No Protected Management Frame - 802.11w : No EAP Type : Not Applicable Interface : WLN-STF-1 VLAN : 1420 Quarantine VLAN : 0 Access VLAN : 1420 WFD capable : No Manged WFD capable : No Cross Connection capable : No Support Concurrent Operation : No Client Capabilities CF Pollable : Not implemented CF Poll Request : Not implemented Short Preamble : Not implemented PBCC : Not implemented Channel Agility : Not implemented Listen Interval : 90 Fast BSS Transition : Not implemented Fast BSS Transition Details : Client Statistics: Number of Bytes Received : 152628 Number of Bytes Sent : 13707 Number of Packets Received : 1158 Number of Packets Sent : 182 Number of EAP Id Request Msg Timeouts : 0 Number of EAP Request Msg Timeouts : 0 Number of EAP Key Msg Timeouts : 0 Number of Data Retries : 0 Number of RTS Retries : 0 Number of Duplicate Received Packets : 1 Number of Decrypt Failed Packets : 0 Number of Mic Failured Packets : 0 Number of Mic Missing Packets : 0 Number of Policy Errors : 0 Radio Signal Strength Indicator : -52 dBm Signal to Noise Ratio : 41 dB Assisted-Roaming Prediction List: Nearby AP Statistics: L3502-2(slot1) antenna0: 29 seconds ago -53 dBm antenna1: 29 seconds ago -50 dBm L3502-2(slot0) antenna0: 29 seconds ago -50 dBm antenna1: 29 seconds ago -43 dB
In next post we will see configuring RADIUS on 5760 & make the WLAN is dot1x.
Related Posts
1. Getting Started with 3850
2. Getting Started with 5760
3. WLAN configs with 3850 – Part 1
4. WLAN configs with 3850 – Part 2
5. 3850(MA) with 5760(MC)
6. 5760 with 802.1x WLAN
7. 5760 AVC Configuration
mrn-cciew 
we got 4 of these 3850 switches and i cannot simply wrap my head for a proper design…if you stack them up like using two switches per stack i.e. it gives you a capability to connect 50 AP’s per stack ..none of the floors can be big enough for that many AP’s. (unless a very dense deployment keeping in view the dictate of connecting AP directly to this switch), If we plan to use an individual 3850 switch on each floor i.e. 8 floors and 10 K each for this switch means 80K ..looks kinda unjustifiable . and cannot find much documentation about the inexpensive version of it…3650’s..they both looks sort of same on paper, but i doubt that 3650 would not be able to handle that much of load..will appreciate if you can give some insights to 3650 and its caveats..
Hi Aman,
Below should give you answer to your query. 3850 support 50 AP & 3650 support 25AP & stack bandwidth is much more higher in 3850.
Click to access qa_c67-729531.pdf
When you look at justification, this should consider as your Access Switch infrastructure upgrade (not wireless upgrade). In summary if you have 3750 in your Access layer then 3850 would be the comparable product, if you have 3560 then 3650 would be the comparable product.
HTH
Rasika
COULD YOU EXPLAIN TO ME ON HOW TO CONFIGURE QOS ON THE 5760 CA CONTROLLER RUNING IN CUWN MODE , I MEAN ALL AP ARE TERMINATED ON THE CONTROLLER , WHAT IS THE BEST SSID IOS QOS THAT I CAN RUN TO ALIGN WITH THE INFRA QOS, I KNOW THAT I CN CREAT CALSS-MAP, POLICY-MAP AND ASSIGNE SPECIFIC BANDWIDTH FOR THE DOWNSTREAM TRAFFIC , WHAT ABOUT QUEUE , IM CONFUSED , DO YOU HAVE AN EXAMPLE .
Hey there! This post could not be written any better!
Reading through this post reminds me of my previous room mate!
He always kept talking about this. I will forward this post to him.
Pretty sure he will have a good read. Many thanks for sharing!