Controller-based APs configuration - SaigonCTT

Cu hnh c bn WirelessLAN Controller v LightWeight Access-Point

1/ M hnh:
Fa0/1 VLAN 2 : 10.0.2.0/24
VLAN 3 : 10.0.3.0/24
TRUNK Dot1Q VLAN 10 : 10.0.10.0/24
VLAN 12 : 10.0.12.0/24
VLAN 100 : 10.0.100.0/24
Fa0/12 AP-Management interface : 10.0.100.100/24
Fa0/10 Controller management interface : 10.0.100.10/24

Port access VLAN 10 Port access VLAN 12

AP1000 AP1200

SSID: student SSID: staff SSID: student SSID: staff

VLAN 2 VLAN 3 VLAN 2 VLAN 3

2/ Mc tiu:

- Xy dng h thng mng Wireless theo m hnh Controller-based Aps

- Mi APs s Setup 2 SSID, mt dnh cho Student v mt dnh cho Staff. Gia 2 APs s thc hin
Roaming vi nhau

- SSID cho Student s thit lp ch Open, non-security. Trong khi SSID dnh cho Staff s thit lp ch
Non-open, security theo WPA/WPA2 PSK

3/ Thc hin
step 1: Cu hnh cho Switch

SW# configure terminal

SW(config)# ip routing
SW(config)# vlan 2,3,10,12,100
SW(config-vlan)# exit
SW(config)# ip dhcp pool VLAN2
SW(config-dhcp)# network 10.0.2.0 255.255.255.0
SW(config-dhcp)# default-router 10.0.2.1
SW(config-dhcp)# exit
SW(config)# ip dhcp pool VLAN3
SW(config-dhcp)# network 10.0.3.0 255.255.255.0
SW(config-dhcp)# default-router 10.0.3.1
SW(config-dhcp)# exit
SW(config)# ip dhcp pool AP1000
SW(config-dhcp)# network 10.0.10.0 255.255.255.0
SW(config-dhcp)# default-router 10.0.10.1
SW(config-dhcp)# option 43 ascii 10.0.100.10
SW(config-dhcp)# exit
SW(config)# ip dhcp pool AP1242
SW(config-dhcp)# network 10.0.12.0 255.255.255.0
SW(config-dhcp)# default-router 10.0.12.1
SW(config-dhcp)# option 43 hex f1040a00640a
SW(config-dhcp)# exit
SW(config)# ip dhcp excluded-address 10.0.2.1 10.0.2.50
SW(config)# ip dhcp excluded-address 10.0.3.1 10.0.3.50
SW(config)# ip dhcp excluded-address 10.0.10.1 10.0.10.50
SW(config)# ip dhcp excluded-address 10.0.12.1 10.0.12.50
SW(config)# interface vlan 2
SW(config-if)# ip address 10.0.2.1 255.255.255.0
SW(config-if)# no shutdown
 Controller-based APs configuration - SaigonCTT
SW(config-if)# exit
SW(config)# interface vlan 3
SW(config-if)# ip address 10.0.3.1 255.255.255.0
SW(config-if)# no shutdown
SW(config-if)# exit
SW(config)# interface vlan 10
SW(config-if)# ip address 10.0.10.1 255.255.255.0
SW(config-if)# no shutdown
SW(config-if)# exit
SW(config)# interface vlan 12
SW(config-if)# ip address 10.0.12.1 255.255.255.0
SW(config-if)# no shutdown
SW(config-if)# exit
SW(config)# interface vlan 100
SW(config-if)# ip address 10.0.100.1 255.255.255.0
SW(config-if)# no shutdown
SW(config-if)# exit
SW(config)# interface fa0/1
SW(config-if)# switchport trunk encapsulation dot1q
SW(config-if)# switchport mode trunk
SW(config)# interface fa0/10
SW(config-if)# switchport mode access
SW(config-if)# switchport access vlan 10
SW(config-if)# spanning-tree portfast
SW(config)# interface fa0/12
SW(config-if)# switchport mode access
SW(config-if)# switchport access vlan 12
SW(config-if)# spanning-tree portfast

Note: Trong m hnh s dng 2 loi AP khc nhau (AP 1020 v AP 1242), do mi loi APs c cch s dng
Option 43 khc nhau nn ta chng vo 2 VLANs khc nhau
Phng php tnh gi tr cho Option 43 nh sau:

- i vi AP 1242
Configuring Option 43 for 1100,1130,1200,1240, and 1300 Series Access points

Add the option 43 line using the following syntax:

option 43 hex <hex string>

The hex string is assembled by concatenating the TLV values shown below:

Type + Length + Value

Type is always f1(hex). Length is the number of controller management IP

addresses times 4 in hex. Value is the IP address of the controller listed
sequentially in hex. For example, suppose that there are two controllers with
management interface IP addresses,
10.126.126.2 and 10.127.127.2. The type is f1(hex). The length is 2*4=8=08(hex).
The IP addresses translate to 0a7e7e02 and 0a7f7f02. Assembling the string then
yields f1080a7e7e020a7f7f02. The resulting Cisco IOS command added to the DHCP
cope is listed below:
option 43 hex f1080a7e7e020a7f7f02

- i vi AP 1020
Orther Cisco Lightweight APs, Add the option 43 line using the following syntax:
Option 43 ascii comma separated IP address list

For example, if you configure Option 43 for Cisco 1000 series APs with the
controller IP Management IP addresses 192.168.10.5 and 192.168.10.20 add this line
to the DHCP pool in the Cisco IOS CLI:
option 43 ascii "192.168.10.5,192.168.10.20"
 Controller-based APs configuration - SaigonCTT
Step 2: Kim tra kt qu cu hnh trn Switch

SW#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route

Gateway of last resort is not set

10.0.0.0/24 is subnetted, 5 subnets

C 10.0.10.0 is directly connected, Vlan10
C 10.0.12.0 is directly connected, Vlan12
C 10.0.2.0 is directly connected, Vlan2
C 10.0.3.0 is directly connected, Vlan3
C 10.0.100.0 is directly connected, Vlan100

Step 3: Cu hnh Controlller

a/ Khai bo Username / Password
Enter Administrative User Name (24 characters max): cisco
Enter Administrative Password (24 characters max): *****
Re-enter Administrative Password : *****
b/ Khai bo a ch Management interface qun l Controller, ch nh
Management Interface VLAN, s Interface, a ch ca DHCP server
Management Interface IP Address: 10.0.100.10
Management Interface Netmask: 255.255.255.0
Management Interface Default Router: 10.0.100.1
Management Interface VLAN Identifier (0 = untagged): 100
Management Interface Port Num [1 to 4]: 1
Management Interface DHCP Server IP Address: 10.0.100.1
c/ Khai bo a ch Interface giao tip vi Access-point
AP Manager Interface IP Address: 10.0.100.100

AP-Manager is on Management subnet, using same values

AP Manager Interface DHCP Server (10.0.100.1):

Virtual Gateway IP Address: 1.1.1.1

Mobility/RF Group Name: test

Enable Symmetric Mobility Tunneling [yes][NO]:

Network Name (SSID): test

Allow Static IP Addresses [YES][no]:

Configure a RADIUS Server now? [YES][no]: no

Warning! The default WLAN security policy requires a RADIUS server.
Please see documentation for more details.
Enter Country Code list (enter 'help' for a list of countries) [US]:

Enable 802.11b Network [YES][no]:

Enable 802.11a Network [YES][no]:
Enable 802.11g Network [YES][no]:
Enable Auto-RF [YES][no]:

Configure a NTP server now? [YES][no]: no

Configure the system time now? [YES][no]: no

Warning! No AP will come up unless the time is set.

Please see documentation for more details.

Configuration correct? If yes, system will save it and reset. [yes][NO]: yes
 Controller-based APs configuration - SaigonCTT
Configuration saved!
Resetting system with new configuration...
d/ Sau khi Controller khi ng xong:

(Cisco Controller)> config prompt WLAN_CONTROLLER

(WLAN_CONTROLLER)> config network webmode enable
(WLAN_CONTROLLER)> save config

Remote vo a ch management ca Controller . Ta thy n nhn c 2 access-point . ( Sau khi nhn c

DHCP , AP1020 join vo Controller kh nhanh , khong 30s . i vi AP1242 , cc bn chu kh i khong 3
pht n join xong ) .

Hnh 1

Hnh 2
 Controller-based APs configuration - SaigonCTT
Remove Profile khi to lc cu hnh Controller

Hnh 3

Cu hnh cc dynamic Interface cho Controller

Hnh 4

To Dynamic Interface (tip theo)

Hnh 5
 Controller-based APs configuration - SaigonCTT
To Dynamic Interface to cho interface VLAN 2 v VLAN 3 (tip theo)

Hnh 6

Hnh 7

To cc WLAN SSID

Hnh 8
 Controller-based APs configuration - SaigonCTT
To cc WLAN SSID (tip theo)

Hnh 9
To cc WLAN SSID (tip theo)

Hnh 10
To cc WLAN SSID (tip theo)

Hnh 11
 Controller-based APs configuration - SaigonCTT
To cc WLAN SSID (tip theo)

Hnh 12

To cc WLAN SSID (tip theo)

Hnh 13