CCNP Switch Lab 7-2 Configuring a WLAN Controller
Objectives
- Implement campus network infrastructure to support wireless.
- Configure a WLAN controller (optional).
Background
In this lab, you will configure the network infrastructure (Layer 2 and Layer 3 switches) to prepare for a wireless solution involving a wireless LAN (WLAN) controller and two lightweight wireless access points (LWAPs). The WLAN controller and LWAPs are optional and might not be present in your topology. If that is the case, read through those portions of the lab that deal with their configuration to become familiar with the process and commands.
Note: This lab uses Cisco WS-C2960-24TT-L switches with the Cisco IOS image c2960-lanbasek9-mz.122- 46.SE.bin, and Catalyst 3560-24PS with the Cisco IOS image c3560-advipservicesk9-mz.122-46.SE.bin. You can use other switches (such as a 2950 or 3550) and Cisco IOS Software versions if they have comparable capabilities and features. Depending on the switch model and Cisco IOS Software version, the commands available and output produced might vary from what is shown in this lab.
Required Resources
- 2 switches (Cisco 2960 with the Cisco IOS Release 12.2(46)SE C2960-LANBASEK9-M image or comparable)
- 1 switch (Cisco 3560 with the Cisco IOS Release 12.2(46)SE C3560-advipservicesk9-mz image or comparable)
- 1 WLAN controller (optional, however configuration instructions are provided)
- 2 LWAPs (optional)
- Console and Ethernet cables
Step 1: Prepare the switches for the lab.
a. Erase the startup-config file, delete the vlan.dat file, and reload each switch to clear the previous configurations.
b. Configure the switch hostnames as shown in the topology.
c. (Optional) To reset the WLAN controller, use the clear controller command followed by the reset system command.
Step 2: Configure VLANs, trunks, and VTP.
VLAN 1 – Management VLAN for the WLC. VLAN 2 and VLAN 3 – For hosts in the WLANs. VLAN 10 – The management computer Host C is in this VLAN. VLAN 50 – The LWAPs are in this VLAN. VLAN 100 – The AP-manager interface of the WLAN controller is in this VLAN.
a. Configure DLS1 as a VTP server, and ALS1 and ALS2 as clients in the VTP domain CISCO. Configure the switch-to-switch links shown in the diagram as 802.1Q trunks. Add VLANs 2, 3, 10, 50, and 100 to DLS1.
DLS1(config)# vtp mode server DLS1(config)# vtp domain CISCO DLS1(config)# vtp version 2 DLS1(config)# vlan 2,3,10,50,100 DLS1(config-vlan)# interface fastEthernet 0/8 DLS1(config-if)# switchport trunk encapsulation dot1q DLS1(config-if)# switchport mode trunk DLS1(config-if)# interface fastEthernet 0/10 DLS1(config-if)# switchport trunk encapsulation dot1q DLS1(config-if)# switchport mode trunk ALS1(config)# vtp mode client ALS1(config)# interface fastEthernet 0/8 ALS1(config-if)# switchport mode trunk ALS2(config)# vtp mode client ALS2(config)# interface fastEthernet 0/10 ALS2(config-if)# switchport mode trunk
b. Verify that VTP traffic has passed between the switches by comparing the non-zero VTP configuration revision using the show vtp status command.
DLS1# show vtp status VTP Version : running VTP2 Configuration Revision : 1 Maximum VLANs supported locally : 1005 Number of existing VLANs : 10 VTP Operating Mode : Server VTP Domain Name : CISCO VTP Pruning Mode : Disabled VTP V2 Mode : Enabled VTP Traps Generation : Disabled MD5 digest : 0xE3 0x5B 0x2E 0x20 0x27 0xF9 0xF1 0x1B Configuration last modified by 0.0.0.0 at 3-2-10 00:49:40 Local updater ID is 0.0.0.0 (no valid interface found) ALS1# show vtp status VTP Version : running VTP2 Configuration Revision : 1 Maximum VLANs supported locally : 255 Number of existing VLANs : 10 VTP Operating Mode : Client VTP Domain Name : CISCO VTP Pruning Mode : Disabled VTP V2 Mode : Enabled VTP Traps Generation : Disabled MD5 digest : 0xE3 0x5B 0x2E 0x20 0x27 0xF9 0xF1 0x1B Configuration last modified by 0.0.0.0 at 3-2-10 00:49:40 ALS2# show vtp status VTP Version : running VTP2 Configuration Revision : 1 Maximum VLANs supported locally : 255 Number of existing VLANs : 10 VTP Operating Mode : Client VTP Domain Name : CISCO VTP Pruning Mode : Disabled VTP V2 Mode : Enabled VTP Traps Generation : Disabled MD5 digest : 0xE3 0x5B 0x2E 0x20 0x27 0xF9 0xF1 0x1B Configuration last modified by 0.0.0.0 at 3-2-10 00:49:40
Step 3: Configure SVIs.
Configure all the switch virtual interfaces (SVIs) shown in the diagram for DLS1.
DLS1(config)# interface vlan 1 DLS1(config-if)# ip address 172.16.1.1 255.255.255.0 DLS1(config-if)# no shutdown DLS1(config-if)# interface vlan 2 DLS1(config-if)# ip address 172.16.2.1 255.255.255.0 DLS1(config-if)# interface vlan 3 DLS1(config-if)# ip address 172.16.3.1 255.255.255.0 DLS1(config-if)# interface vlan 10 DLS1(config-if)# ip address 172.16.10.1 255.255.255.0 DLS1(config-if)# interface vlan 50 DLS1(config-if)# ip address 172.16.50.1 255.255.255.0 DLS1(config-if)# interface vlan 100 DLS1(config-if)# ip address 172.16.100.1 255.255. 255.0
Step 4: Configure DHCP.
DHCP gives out dynamic IP addresses on a subnet to network devices or hosts rather than statically setting the addresses. This is useful when dealing with LWAPs, which usually do not have an initial configuration. The WLAN controller that the LWAP associates with defines the configuration. A lightweight access point can dynamically receive an IP address and then communicate over IP with the WLAN controller. In this scenario, you also use DHCP to assign IP addresses to hosts that connect to the WLANs.
a. Configure DLS1 to exclude the first 150 addresses from each subnet from DHCP to avoid conflicts with static IP addresses using the ip dhcp excluded-address low-address [high-address] global configuration command.
DLS1(config)# ip dhcp excluded-address 172.16.1.1 172.16.1.150 DLS1(config)# ip dhcp excluded-address 172.16.2.1 172.16.2.150 DLS1(config)# ip dhcp excluded-address 172.16.3.1 172.16.3.150 DLS1(config)# ip dhcp excluded-address 172.16.10.1 172.16.10.150 DLS1(config)# ip dhcp excluded-address 172.16.50.1 172.16.50.150 DLS1(config)# ip dhcp excluded-address 172.16.100.1 172.16.100.150
b. To advertise on different subnets, create DHCP pools with the ip dhcp pool name command. After a pool is configured for a subnet, the Cisco IOS DHCP server processes requests on that subnet, because it is enabled by default. From the DHCP pool prompt, set the network and mask to use with the network address /mask command. Set a default gateway with the default-router address command. VLAN 50 also uses the option command, which allows you to specify a DHCP option. In this case, option 43 is specified (a vendor-specific option), which gives the LWAPs the IP address of the WLAN controller AP Manager interface. It is specified in a hexadecimal TLV (type, length, value) format. This configuration uses f104ac106464, which is made up of the following:
- f1 is the hardcoded type of option.
- 04 represents the length of the value (an IP address is 4 octets).
- ac106464 is the hexadecimal representation of 172.16.100.100, which is going to be the AP manager address of the WLAN controller.
DHCP option 60 specifies the identifier that access points will use in DHCP.
Note: This lab uses Cisco Aironet 1240 series access points.
DLS1(config)# ip dhcp pool pool1 DLS1(dhcp-config)# network 172.16.1.0 /24 DLS1(dhcp-config)# default-router 172.16.1.1 DLS1(dhcp-config)# ip dhcp pool pool2 DLS1(dhcp-config)# network 172.16.2.0 /24 DLS1(dhcp-config)# default-router 172.16.2.1 DLS1(dhcp-config)# ip dhcp pool pool3 DLS1(dhcp-config)# network 172.16.3.0 /24 DLS1(dhcp-config)# default-router 172.16.3.1 DLS1(dhcp-config)# ip dhcp pool pool10 DLS1(dhcp-config)# network 172.16.10.0 /24 DLS1(dhcp-config)# default-router 172.16.10.1 DLS1(dhcp-config)# ip dhcp pool pool50 DLS1(dhcp-config)# network 172.16.50.0 /24 DLS1(dhcp-config)# default-router 172.16.50.1 DLS1(dhcp-config)# option 43 hex f104ac106464 DLS1(dhcp-config)# option 60 ascii "Cisco AP c1240" DLS1(dhcp-config)# ip dhcp pool pool100 DLS1(dhcp-config)# network 172.16.100.0 /24 DLS1(dhcp-config)# default-router 172.16.100.1
Step 5: Configure infrastructure wireless support.
On ALS1 and ALS2, configure the switch port of each access point with the spanning-tree portfast command so that the access point receives an IP address from DHCP immediately, thereby avoiding spanning-tree delays. All control and data traffic between the controller and the access points passes over this VLAN to this interface. Configure the ports going to the access points to be in VLAN 50. DLS1 will route the traffic between the VLANs. Configure the interface on DLS1 that connects to the WLAN controller as an 802.1Q trunk.
DLS1(config)# interface fastEthernet 0/5 DLS1(config-if)# switchport trunk encapsulation dot1q DLS1(config-if)# switchport mode trunk ALS1(config)# interface fastEthernet 0/5 ALS1(config-if)# switchport mode access ALS1(config-if)# switchport access vlan 50 ALS1(config-if)# spanning-tree portfast ALS2(config)# interface fastEthernet 0/5 ALS2(config-if)# switchport mode access ALS2(config-if) # switchport access vlan 50 ALS2(config-if)# spanning-tree portfast
Step 6: Configure the switch port for the management host.
a. Host C is attached to DLS1 and is running Microsoft Windows. Configure the switch port to which the host is attached to be in VLAN 10 and enable PortFast.
DLS1(config)# interface fastEthernet 0/6 DLS1(config-if)# switchport mode access DLS1(config-if)# switchport access vlan 10 DLS1(config-if)# spanning-tree portfast
b. Configure the host with an IP address in VLAN 10, which will (optionally) be used to access the HTTP web interface of the WLAN controller. Configure the IP address 172.16.10.50/24 with the default gateway 172.16.10.1.
c. From Host C, ping the DLS1 VLAN 10 interface. You should receive responses. If you do not, troubleshoot, verifying the VLAN of the switch port, and the IP address and subnet mask on each device on VLAN 10.
C: \> ping 172.16.10.1 Pinging 172.16.10.1 with 32 bytes of data: Reply from 172.16.10.1: bytes=32 time=1ms TTL=255 Reply from 172.16.10.1: bytes=32 time<1ms TTL=255 Reply from 172.16.10.1: bytes=32 time<1ms TTL=255 Reply from 172.16.10.1: bytes=32 time<1ms TTL=255 Ping statistics for 172.16.10.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 1ms, Average = 0ms
Step 7: Enable IP routing on DLS1.
a. Enabling IP routing on DLS1 lets DLS1 route between all subnets shown in the diagram. DLS1 can effectively route between all the VLANs configured because it has an SVI in each subnet.
DLS1(config)# ip routing
b. Each IP subnet is shown in the output of the show ip route command issued on DLS1.
DLS1# show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 172.16.0.0/24 is subnetted, 6 subnets C 172.16.50.0 is directly connected, Vlan50 C 172.16.10.0 is directly connected, Vlan10 C 172.16.1.0 is directly connected, Vlan1 C 172.16.2.0 is directly connected, Vlan2 C 172.16.3.0 is directly connected, Vlan3 C 172.16.100.0 is directly connected, Vlan100
Step 8: (Optional) Configure initial settings on the WLAN controller.
When you restart the WLAN controller, a configuration wizard prompts you to enter basic configuration attributes. You have entered the wizard interface when you see “Welcome to the Cisco Wizard Configuration Tool.” Pressing Enter at a prompt accepts the default for a configuration option. The default is in square brackets. If there is more than one choice in square brackets, the default is the option in capital letters.
a. The first prompt asks for a hostname. Use the default. Use cisco as both the username and password.
Welcome to the Cisco Wizard Configuration Tool
Use the ‘ -‘ character to backup
System Name [Cisco_49:43:c0]:
Enter Administrative User Name (24 characters max): cisco
Enter Administrative Password (24 characters max): cisco
b. Enter the management interface information. The management interface communicates with the management workstation in VLAN 1. The interface number is 1, because this is the port trunked from the controller to the switch. The VLAN number is 0 for untagged. It is untagged because VLAN 1 is the native 802.1Q VLAN and is, therefore, sent untagged through 802.1Q trunks.
Management Interface IP Address: 172.16.1.100 Management Interface Netmask: 255.255.255.0 Management Interface Default Router: 172.16.1.1 Management Interface VLAN Identifier (0 = untagged): 0 Management Interface Port Num [1 to 4]: 1 Management Interface DHCP Server IP Address: 172.16.1.1
c. Configure an interface to communicate with the access points. This will be in VLAN 100 and is tagged as such on the trunk.
AP Manager Interface IP Address: 172.16.100.100 AP Manager Interface Netmask: 255.255.255.0 AP Manager Interface Default Router: 172.16.100.1 AP Manager Interface VLAN Identifier (0 = untagged): 100 AP Manager Interface Port Num [1 to 4]: 1 AP Manager Interface DHCP Server (172.16.1.1): 172.16.100.1
d. Configure the virtual gateway IP address as 1.1.1.1 (this is acceptable because you are not using this for routing). The virtual gateway IP address is typically a fictitious, unassigned IP address, such as the address we are using here, to be used by Layer 3 Security and Mobility managers. Virtual Gateway IP Address: 1.1.1.1
e. Configure the mobility group and network name as ccnppod. Allow static IP addresses by pressing Enter, but do not configure a RADIUS server now.
Mobility/RF Group Name: ccnppod Network Name (SSID): ccnppod Allow Static IP Addresses [YES][no] : [Enter] Configure a RADIUS Server now? [YES][no] : no Warning! The default WLAN security policy requires a RADIUS server. Please see documentation for more details. f. Use the defaults for the rest of the settings (press Enter at each prompt). Enter Country Code (enter 'help' for a list of countries) [US]: [Enter] Enable 802.11b Network [YES][no] : [Enter] Enable 802.11a Network [YES] [no] : [Enter] Enable 802.11g Network [YES][no] : [Enter] Enable Auto-RF [YES][no] : [Enter] Configuration saved! Resetting system with new configuration...
Note: Wireless equipment varies from country to country. Make sure to use the appropriate country code.
Step 9: (Optional) Configure the prompt and access methods on the WLAN controller.
a. When the WLAN controller has finished restarting, log in with the username cisco and password cisco.
User: cisco
Password: cisco
b. Change the controller prompt to WLAN_CONTROLLER with the config prompt name command. Notice that the prompt changes.
(Cisco Controller) > config prompt WLAN_CONTROLLER (WLAN_CONTROLLER) >
c. Enable Telnet and HTTP access to the WLAN controller. HTTPS access is enabled by default, but unsecured HTTP is not.
(WLAN_CONTROLLER) > config network telnet enable (WLAN_CONTROLLER) > config network webmode enable
d. Save your configuration with the save config command, which is similar to the Cisco IOS copy run start command.
(WLAN_CONTROLLER) > save config Are you sure you want to save? (y/n) y Configuration Saved!
e. To verify the configuration, you can use the show interface summary, show wlan summary, and show run-config commands on the WLAN controller.
Device Configurations (Instructor version)
Switch DLS1
hostname DLS1 ! ip routing ! ip dhcp excluded-address 172.16.1.1 172.16.1.150 ip dhcp excluded-address 172.16.2.1 172.16.2.150 ip dhcp excluded-address 172.16.3.1 172.16.3.150 ip dhcp excluded-address 172.16.10.1 172.16.10.150 ip dhcp excluded-address 172.16.50.1 172.16.50.150 ip dhcp excluded-address 172.16.100.1 172.16.100.150 ! ip dhcp pool pool1 network 172.1.1.0 255.255.255.0 default-router 172.16.1.1 ! ip dhcp pool pool2 network 172.16.2.0 255.255.255.0 default-router 172.16.2.1 ! ip dhcp pool pool3 network 172.16.3.0 255.255.255.0 default-router 172.16.3.1 ! ip dhcp pool pool10 network 172.16.10.0 255.255.255.0 default-router 172.16.10.1 ! ip dhcp pool pool50 network 172.16.50.0 255.255.255.0 default-router 172.16.50.1 option 43 hex f104.ac10.6464 option 60 ascii ""Cisco AP c1240"" ! ip dhcp pool pool100 network 172.16.100.0 255.255.255.0 default-router 172.16.100.1 ! interface FastEthernet0/5 switchport trunk encapsulation dot1q switchport mode trunk !i nterface FastEthernet0/6 switchport access vlan 10 switchport mode access spanning-tree portfast ! interface FastEthernet0/8 switchport trunk encapsulation dot1q switchport mode trunk ! interface FastEthernet0/10 switchport trunk encapsulation dot1q switchport mode trunk ! interface Vlan1 ip address 172.16.1.1 255.255.255.0 no shutdown ! interface Vlan2 ip address 172.16.2.1 255.255.255.0 ! interface Vlan3 ip address 172.16.3.1 255.255.255.0 ! interface Vlan10 ip address 172.16.10.1 255.255.255. 0 ! interface Vlan50 ip address 172.16.50.1 255.255.255.0 ! interface Vlan100 ip address 172.16.100.1 255.255.255.0 end
Switch ALS1
hostname ALS1 ! interface FastEthernet0/5 switchport access vlan 50 switchport mode access spanning-tree portfast ! interface FastEthernet0/8 switchport mode trunk end
Switch ALS2
hostname ALS2 ! interface FastEthernet0/5 switchport access vlan 50 switchport mode access spanning-tree portfast ! interface FastEthernet0/10 switchport mode trunk end
More Resources