Trn M Phc tranmyphuc1988@gmail.

com

Cu hnh M hnh mng c dng thm Wlan Controller

I./ Mng khng dy pht trin nh vo nhu cu ca con ngi !!!
Yu cu ca doanh nghip dnh cho 1 nh trin khai v thit k mng nh sau : 1) Anh ta rt ght s b bn v vng vu ca mng c dy v quan trng hn ht , anh y mun m i lc m i ni u c th truy cp d liu ca cng ty v vo c internet. (lu l trong phm vi ti a c th c ) 1.1 ) Nu nh doanh nghip y nh , khng yu cu nhiu lm v tc v khong cch qun tr khng xa lm , ta c th trin khai mt mng Adhoc (C 2 cch lm , chng ta s tho lun bi sau). Yu cu ti thiu v duy nht : ch cn 1 my c 2 card mng : card Lan i internet v Wireless Card.+ h thng mng gm cc PC c Wireless Card. 1.2 ) Doanh nghip y va v nhu cu m rng , chnh sch qun tr h thng khng cao lm , ta c th gii thiu cho h , m hnh n gin sau : gm 1 Access Point (AP) + h thng my tnh c card wireless (ti a nn dng l 15 my) +( mt sever ACS gn vo cng fa0 ca AP bo mt ). Ngoi ra , ta cng c th dng nhng phng php bo mt nh Filter Mac, Wep,Wap .ngay trn AP. (Chng ta s ni v vn ny bi sau). Hn ch :Chng ta phi bit cu hnh AP. 2) Tuy nhin , nu nh anh ta c mt vi yu cu thm: 2.1) Ti rt ght s b bn v phc tp, doanh nghip ca ti l mt doanh nghip ln rt cn mt mng Wireless m bo c tnh h thng + d qun l + d m rng + Chnh sch bo mt tht tt!!! 2.2) Quan trng hn ht l chng ta lm sao thit k 1 mng nh th no m bt c ai (k c anh ta ) , khng bit g v Wireless cng c th , m rng thm mt mng mi bng cch rt n gin :Gn AP vo mt port ca Switch !!! Cui cng gii quyt vn trn , nht l nguyn nhn 2.2 , tng nh khng th nhng vn c cch !!! l m hnh ch yu gm cc LightWeight Access Point (LAP) + Wireless Lan Controller (WLC) . Nh vy , AP m ta ni n 2.2 ) chnh l LAP (n khng cn phi cu hnh ch cm dy vo mng l t chy) Mt im lu : Ta c th thuyt phc khch hng rng , m bo yu cu 2 trn , nht l 2.2) (ci ny ai cng bit l do ti sao n tn ti!!!), rng anh c th cho chng ti lm ngi cung cp LAP( tc nhin n s cao gi hn AP bnh thng ri) nu nh cng ty cn m rng thm.

Trang 1

Trn M Phc tranmyphuc1988@gmail.com

II./ Topo mng n gin nht v mng c Wireless Lan Controller (WLC):
Sau y , ti xin gii thiu v Topo mng n gin nht v mng c WLC, m qua m i ngi c th trin khai thm cho ph hp vi yu cu ca mnh . V d nh ta c th gn thm Switch gia Router v LAP di y p ng nhu cu 2.2 trn , ..

V phn gn thm Module cho thit b to thnh 2 trong 1 ny c rt nhiu phng n . V d nh ta c th gn thm module WLC vo Switch 6500 _khi Switch ny s m nhn nhiu vic : nh tuyn cho Vlan thng v Wlan hay gn vo Router 2811 tr ln , nh thit b dng trong Topo Lab ny!!!

Trang 2

Trn M Phc tranmyphuc1988@gmail.com

Sau y s l m hnh , ta s trin khai trong bi ny

Trang 3

Trn M Phc tranmyphuc1988@gmail.com

Mt s ch thch trc khi bt u bi Lab:

m i ngi d hnh dung sau y l hnh nh ca Wireless Lan Module:

Khi dng cu lnh :show ip interface brief trong mode priviledge ca Router 2811, ta s thy interdace dng giao tip ca WLCModule l :interface Wlan-controller 1/0 hiu thm v a ch qun tr (IP manager + IP Ap-manager ) ta c th tham kho trong gio trnh v Wireless ca BCMSN. y l 2 interface mc nh (static) cn phi c cho WLC. Nhim v ch yu 2 interface y l :

1. IP manager :dng qun tr ton b WLC , cn phi c cu hnh WLC bng giao din Web. bi Lab ny l 192.168.1.24

2. IP AP-manager dng qun tr cc LAP bi Lab ny l 192.168.1.25

Trang 4

Trn M Phc tranmyphuc1988@gmail.com

Ngoi nhng ch thch lin quan n Topo mng, ti xin b sung thm v cc kin thc ca :
1) DHCP

Trang 5

Trn M Phc tranmyphuc1988@gmail.com

2) NAT DHCP (Dynamic Host Control Protocol ) : Mt giao thc dng cp pht ng a ch Ip cho mt host. NAT : (Network Address Translate): Dng chuyn i a ch mng ni b thnh da ch bn ngoi , nh m mc ch gip cho mng ni b c th truyn thng c vi Internet hay th gii bn ngoi ca mng.

Trang 6

Trn M Phc tranmyphuc1988@gmail.com

By gi chng ta bt u cu hnh cho bi Lab

O1.) Bc dng chung cho c 2 cch cu hnh bng cu lnh v bng giao din Web:
Bc 1 : Ta xa ht tt c cu hnh ca cc thit b (khng cn xa cu hnh LAP) 1.) i vi Router, ta vo mode privilege nh cu lnh : #erase start .Sau nh tip
#reload

2.) Sau khi router khi ng tr li ta cu hnh a ch Ip cho interface wlancontroller1/0 bng cu lnh :
(config-if)#ip address 192.168.1.1 255.255.255.0 (config-if)#no shut

3.)Sau , ta nhn Ctrl+Z tr v mode priviledge v nh tip cu lnh

:#service wlan-controller 1/0 session

4..) Ta telnet vo WCLModule ( kt thc phin telnet ta nhn kt hp 3 phm Ctrl + Shilf + 6 , sau nhn x, mun vo li WCL , mode priviledge ca Router ta nhn Enter 2 ln . Tip theo ,khi vo cu hnh khi ng ,ta nh user: cisco password :cisco . Sau ta s vo du nhc nh sau :(Cisco Controller) >.G nh hng dn xa cu hnh ca WLCModule.:
(Cisco Controller) >clear config Are you sure you want to clear the configuration? (y/n) y Configuration Cleared! (Cisco Controller) >reset system The system has unsaved changes. Would you like to save them now? (y/N) n Configuration Not Saved! Are you sure you would like to reset the system? (y/N) y

Trang 7

Trn M Phc tranmyphuc1988@gmail.com Bc 2 : Ci t cc thng s khi to ban u ca WCLModule:

Enter Administrative User Name (24 characters max): phuc # to username Enter Administrative Password (24 characters max): *****# to password Management Interface IP Address: 192.168.1.24 # To ip manager Management Interface Netmask: 255.255.255.0 #Subnetmask Management Interface Default Router: 192.168.1.1 # a ch ca intface WLC 1/0 Management Interface VLAN Identifier (0 = untagged): 0 Management Interface Port Num [1]: Management Interface DHCP Server IP Address: 192.168.1.24# Ip manager AP Manager Interface IP Address: 192.168.1.25 # Ip Ap-manager AP-Manager is on Management subnet, using same values AP Manager Interface DHCP Server (192.168.1.24): # press Enter Virtual Gateway IP Address: 1.1.1.1 # N s l a ch DHCP server cho user Mobility/RF Group Name: vnpro Network Name (SSID): vlan1# y l tn ca Vlan1 dng qun tr SSID Allow Static IP Addresses [YES][no]: no #cu hnh Ip ng Configure a RADIUS Server now? [YES][no]: no Warning! The default WLAN security policy requires a RADIUS server. Please see documentation for more details. Enter Country Code (enter 'help' for a list of countries) [US]: no Enable 802.11b Network [YES][no]: yes Enable 802.11a Network [YES][no]: yes Enable 802.11g Network [YES][no]: yes Enable Auto-RF [YES][no]: no Configure a NTP server now? [YES][no]: no Configure the system time now? [YES][no]: no Warning! No AP will come up unless the time is set. Please see documentation for more details. Configuration correct? If yes, system will save it and reset. [yes][NO]: yes

Trang 8

Trn M Phc tranmyphuc1988@gmail.com Bc 3 : Cu hnh cho Router 2811

interface FastEthernet0/0 ip address 192.168.4.1 255.255.255.0# gn ip address cho fa0/0

ip nat inside # p chiu vo cho qu trnh NAT

interface FastEthernet0/1 ip address 10.215.219.10 255.255.255.0#c th gn ng bng cu lnh ip address dhcp

ip nat outside # p chiu ra ca qu trnh NAT

ip dhcp pool lap # Pool a ch ng gn cho cng fa0 ca LAP network 192.168.4.0 255.255.255.0 default-router 192.168.4.1 # a ch cng fa0/0

option 43 hex f104.c0a8.0119 # Tham kho thm ch thch cui bi option 60 ascii "Cisco AP c1130"# Tham kho thm ch thch cui bi

! ip dhcp pool vlan2 network 192.168.2.0 255.255.255.0 default-router 192.168.2.1 dns-server 203.162.4.190 ! ip dhcp pool vlan3 network 192.168.3.0 255.255.255.0 default-router 192.168.3.1 dns-server 203.162.4.190 interface wlan-controller1/0.2 # To Sub interface WLC1/0 encapsulation dot1Q 2 # chun ng gi ip address 192.168.2.1 255.255.255.0 # Ip add = Ip add ca default-router tng ng

ip nat inside # Cu lnh rt quan trng thng hay qun

! interface wlan-controller1/0.3 encapsulation dot1Q 3 ip address 192.168.3.1 255.255.255.0

ip nat inside

# ip route 0.0.0.0 0.0.0.0 10.215.219.254# Cu lnh thng hay qun khi NAT , n dng to default route n ADSL router cho ton mng , ta c th i Internet. Nu m thiu cu lnh ny , ta ch c th PING n n m khng th ra Internet!!!

Bc cui cng : Ta cu hnh NAT nh hng dn trn !!!!# Xem phn b sung bn trn Tm lc nhng ci quan trng trong cu hnh Router m ta thng hay qun :
1) a ch intface i n i ra ngoi mng (Fa0/1) nn cho Server DHCP cp a ch ng cho n trnh trng hp trng a ch. 2) option 43 hex f104.c0a8.0119# c0a8.0119 phi l a ch IP AP-Manager 3) l cu lnh Ip nat inside # Mi ngi thng qun khng t n vo cc II./ Hai cch cuWLC hnh cho Wireless Lan Controller Module : Subinterface 4) Cui cng l ip route 0.0.0.0 0.0.0.0 <default-gateway router ADSL hay intface router k cn> Trang 9

Trn M Phc tranmyphuc1988@gmail.com

O2.)C hai cch theo ti u hay : Giao din Web

u im : Nhanh, tin li v rt trc quan

Giao din Command Line :

u im : Mi cu lnh ta nh , u yu cu bn thn phi nm r vn m mnh cn cu hnh Nhc im : khng trc quan, kh nh v phc tp hn giao din Web

Nhc im: S khng hiu r bn cht ca vn bng giao din Command Line c .

Nhng c th cu hnh cho nhng trng hp tng t mt cch nhanh chng bng giao din Web. Theo ti , chng ta nn tham kho v cu hnh theo giao din Command line trc :

C1 :Giao din command Line:

Bc 1 : To 2 dynamic interface c tn l Vlan 2 v Vlan3
(Cisco Controller)config > interface create vlan2 (Cisco Controller)config > interface create vlan3 2 # 2 l Vlan ID 3

Bc 2 : t Ip address , Subnet-mask, v Default Gateway cho nhng interface trn:

Cisco Controller) config >interface address vlan2 92.168.2.254 255.255.255.0 192.168.2.1 (Cisco Controller) config> interface address vlan3 192.168.3.254 255.255.255.0 192.168.3.1

Default gateway phi l ip address ca Subinterface Wlan-Controller tng ng trn Router . Bc 3 :To Wlan 2, 3 tng ng vi SSID vlan2 v vlan3
(Cisco Controller)config >wlan create 2 vlan2 # 2 l Wlan ID, vlan2 l SSID (Cisco Controller)config >wlan create 3 vlan3

Bc 4: Rng buc Wlan vo Dynamic inteface tng ng va mi to trn:

(Cisco Controller)config >wlan interface 2 vlan2 #2 l WlanID, vlan2 l dynamic interface (Cisco Controller)config >wlan interface 3 vlan3

Bc 5 : Cu hnh dynamic interface va to vi IP address DHCP server tng ng , ta c th forward IP khi DHCP client yu cu. IP address DHCP server c cu hnh trn Router , n cng chnh l a ch ca Sub interface WLC tng ng.
(Cisco Controller) config>interface dhcp vlan2 192.168.2.1 (Cisco Controller) config >interface dhcp vlan3 192.168.3.1

Trang 10

Trn M Phc tranmyphuc1988@gmail.com Bc 6 : Mc nh th chng thc Dot1X c bt ln , do a v ch open authentication (khng cn chng thc) , ta dng cu lnh sau tt chc nng chng thc Dot1X:
(Cisco Controller)config >wlan security 802.1X disable 2 (Cisco Controller)config >wlan security 802.1X disable 3

y l iu quan trng m trong gio trnh Cisco khng c ghi :Rt d b hiu nhm : 1) Khi cu hnh khi to , WLC hi : Network Name (SSID):=> y
chnh l tn ca Wlan1, Wlan1 thng c chc nng qun tr m thi. Do nu bn nh vo Vlan2 , th gi s trong m hnh lab ny , bn s b li 2) Mc nh trong WCL . Wlan lun ch Disable tr Wlan qun tr lun Enable. V th ta dng lnh

(Cisco controller)>show wlan summary =>Bn s thy tnh trng ca cc Wlan (Cisco controller)config> Wlan enable <vlan ID> => Bn enable nhng Wlan cn thit 3) iu lu nh na : Bn c th ng t PC ping n cc a ch khc nhng khng th ping n IP Ap-manager 4) Ti th v thy rng d trin khai access-list trn router , ta vn khng cn dng n nhm lnh: ip helper-address (mode interface) ip forward-protocol udp port 5) Nu nh bn cu hnh trong cu lnh Option 43 l a ch khc Ip AP-manager n s khin cho LAP, khi kt ni s khi ng li lin tc v n khng xin c cu hnh t WLC.(N khi ng li vi mc ch l xin li ln na)
00:1a:6c:8e:f3:78 Received LWAPP DISCOVERY REQUEST from AP 00:1a:6c:8e:f3:78 to 00:1b:53:bd:4e:c0 on port '1' 00:19:aa:00:23:d8 Successful transmission of LWAPP Discovery-Response to AP 00:1a:6c:8e:f3:78 on Port 1 00:1a:6c:8e:f3:78 Received LWAPP JOIN REQUEST from AP 00:1a:6c:8e:f3:78 to 00:1b:53:bd:4e:c0 on port '1' 00:1a:6c:8e:f3:78 LWAPP Join-Request has invalid certificate in CERTIFICATE_PAYLOAD from AP 00:1a:6c:8e:f3:78. Make sure controller time is set! 00:1a:6c:8e:f3:78 Unable to free public key for AP 00:1A:6C:8E:F3:78 spamDeleteLCB: stats timer not initialized for AP 00:1a:6c:8e:f3:78 spamDeleteLCB: stats timer not initialized for AP 00:1a:6c:8e:f3:78

on Debug trn ti nh trn WLC : (Cisco-controller)>debug Wlan events Ngoi ra bn c th t tn cho WLC bng cu lnh (Cisco-controller)config>

Trang 11

Trn M Phc tranmyphuc1988@gmail.com

C2 Cu hnh bng giao din Web

Bc 1 : Ta dng cp cho ni t port fa0/0 trn Router n PC. Sau ta t IP cho card LAN nh sau :

Ta bt buc phi gn default Gateway cho PC chnh l Ip ca cng fa0/0. Sau :

Ta s vo giao din sau :

Trang 12

Trn M Phc tranmyphuc1988@gmail.com

Bc 2 : Ta cu hnh WLCModule trong ca s CONTROLLER:

Trang 13

Trn M Phc tranmyphuc1988@gmail.com

Bc 3: Ta cu hnh WLCModule trong ca s WLANS

Trang 14

Trn M Phc tranmyphuc1988@gmail.com

Trang 15

Trn M Phc tranmyphuc1988@gmail.com

III./ Nhng thao tc cui cng v s m rng m hnh mng ny theo mt s nhu cu c bn ca nh qun tr v khch hng :
O1.) Nhng thao tc cui cng: Ni cho vui l thao tc cui cng , ch n rt n gin , mt BABY cng c th lm c l ni cp t port fa0/0 n port fa0 trn LAP. Nh vy l ta c mt h thng mng mi dnh cho 1 vn phng nh i Internet v giao lu d liu vi nhau Cui cng chng ta s sng tay vi thao tc Click . click v click Bc 1: t Cisco Aironet 802.11 a/b/g Wireless Adapter vo NIC slot trn Laptop

Bc 2: Bn hy Double Click vo biu tng ny , sau ta s vo ca s sau :

Trang 16

Trn M Phc tranmyphuc1988@gmail.com

Trang 17

Trn M Phc tranmyphuc1988@gmail.com

Trang 18

Trn M Phc tranmyphuc1988@gmail.com

Bc 3 : Coi nh phn Ci t :OK . Gi n phn n i PC vo mng Wireless ta va to trn KEKKE

Trang 19

Trn M Phc tranmyphuc1988@gmail.com

Trang 20

Trn M Phc tranmyphuc1988@gmail.com

Trang 21

Trn M Phc tranmyphuc1988@gmail.com

Trang 22

Trn M Phc tranmyphuc1988@gmail.com

O2.) Ni v s m rng c th ca m hnh mng ny : 2.1) n gin v thc t nht:

1) Ta c th thay th Router 2811 l mt Switch 6500, va iu khin Vlan thng v c Wlan!!! Tuy nhin , n s khng kinh t bng Router ri!!! 2) Kt ni gia Router v LAP , ta c th thm mt Switch bnh thng thi , to mi trng . 3) C th gn thm Server ci ACS hoc thc thi chc thc WAP.

2.2) i hi kinh t v k thut:

1) C th Loadbalancing gia 2 Wireless LAN Controller . 2) C th Redundancy gia 2 Wireless LAN Controller, ci ny b die th ci kia th ch !!

Trang 23