Cisco Systems LAIRCTVM5K9 User's Manual
Contents
1. 12 Initially there are O zero Access Points Supported Enable the evaluation license in order to allow the AP to join Cisco CleanAir Cisco Virtual Wireless Controller gt Statistics Controller Summary Rogue Summary Managemert IP Address 10 10 11 20 Active Rogue APs Service Port IP Address 0 0 0 0 Active Rogue Chents Software Verson 7 3 1 241 Adhoc Rogues Emergency Image 7 3 1 241 Version Rogues on Wired Network System Name wwic Up Time O days O hours 2 menutes System Time Pr jun 8 10 43 14 2012 Redundancy Mode N A Profile Name of Cherts 802 118 Network State Enabled a Network Enabled Top WLANs Most Recent Traps Local Mot pup demo 13 Go to Management gt Software Activation gt Licenses Select base ap count and set the Priority to High 3 V A a 14 Click OK and Accept the EULA in order to continue i F 3 8 F 15 Click OK and reset the vWLC in order for the evaluation license to take effect f 4 4 gt 4 16 Reboot the VWLC ethtetite cisco MONTTOR WLANs CONTROLLER WIRELESS SECURITY MANAGEMENT HELP FEEDBAO Downloed File Upload File W aming changed and not saved yet Cack on Save and he configuration of the controller ts Reboot to save tiv hanges before the corntro er Config Boot rebooted of cack on Reboot without Save tc reboot tive witroter without saving the changes Scheduled Re2. This option is limited to the number of physical serial port s on the host If in a multi tenant vWLC scenario this may not be ideal e Connect via Network The vWLCs virtual serial port can be accessed using Telnet session from a remote machine to a specific port allocated for the VM on hypervisor For example if the hypervisors IP address is 10 10 10 10 and the port allocated for a VWLC VM is 9090 using telnet 10 10 10 10 9090 just like accessing a physical WLCs console using a Cisco terminal server the VWLLCs serial console can be accessed Complete these steps 1 On the VWLC Hardware tab click Add Cisco Wireless Lan Controller Virtual Machine Properties Hardware ST Show All Devices Hardware Summary 5120 MB Video card Select the type of media you would ike the virtual serial port to access Serial Port Output C Use physical serial port on the host Output to fie Connect to named pipe A Connect via Network 4 Go to Select Network Backing For Network Backing choose Server VM listens for connection For Port URI enter telnet lt host gt lt port gt for example telnet 10 10 10 10 9090 Options Hardware type Serial Port Serial port type Network serial port Serial port direction Publish Port URI teinet 10 10 10 10 9090 Use virtual serial port concentrator No Connect at power on Yes Yield CPU on poll Yes nune datestores 7 Cisco
3. case the hash validation is bypassed irrespective of whether the hash validation knob is on off Once it successfully joins the controller it will inherit the mobility group member hash configuration if configured in the controller After which it can join a virtual controller only if it has a hash key entry in its database e Clearing the AP configuration from the controller or on the AP console will result in the erasing of all the hash keys After which the AP joins the virtual controller as if it is a first time installation AP gt test capwap erase AP gt test capwap restart Time is Incorrect e At initial install it is possible that the time may be skewed or not properly synced As a result the AP may not be able to join properly In this instance check the SSC validity time stamp in order to ensure that it is correct NTP is always recommended going forward Cisco Controller gt show certificate ssc SOC Hash Wee Cae a Ow wet vei ei ees el Gr eles wi oA ee ed ee Enabled SSC Device Certificate details Subject Name C US ST California L San Jose O Cisco Virtual Wireless LAN Controller CN DEVICE vVWLC AIR CTVM K9 000C29085BB8 MATLTO support vwilc com Va hrowey s Start 2012 Jun 8th 17 52 46 GMT End 2022 Apr 17th 17 52 46 GMT Hashbd bb60436202e830802be1e8 931d539b67b2537 SSC Hash e The AP is a new AP with 7 3 and does NOT have hash can join virtual WLC readily ap show capwap client config e Th
4. drop down list a hoins TO i Oowraad totes TITA 1810715 F re wet roe panned totam IR Downoed OF bgratures pwr Oe Cutioem ded EATA Downaed verdo Derce Cart came Tewr oad weteher A Lem Mate g 101011 9 10 Cisco Prime Infrastructure will prompt for reboot parameters such as save configuration and so forth Click OK Reboot Controllers Configure gt Cowvolies gt Reboot Controllers Reboot Controllers Save Config to Flash Reboot APs Swap AP image X pimees 11 Cisco Prime Infrastructure will notify the administrator that the virtual controllers are being rebooted Reboot Controllers Configure gt Controlles gt Reboot Controllers Please wait NCS is rebooting controllers with selected configurations This operation may take a long time 12 When complete Cisco Prime Infrastructure will provide the results of the process Troubleshooting AP Considerations Known Issue AP s not joining VWLC The AP must get the hash entry from a legacy controller before it joins a VWLC e An AP must be at software version 7 3 1 35 and above to successfully join a virtual controller Virtual controllers use SSC in order to validate an AP before joining e An AP at version 7 3 can validate the SSC certificate provided by the virtual controller e After successful certificate validation an AP will check the hash key of the virtual controller in the list of stored keys in flash If it matches the s
5. i EE TE bcabost kc ahktomam VYware ESEL 5 0 0 62 1860 eehaatee 1 days remang Vetus Wnes Resowve bodon Ferformanme Codigveter What is a Host A host 6 a computer Tat uses vrtualization so feare suth as ESX or ESO to run virtual machines Hosts provide he CPU and memory resources Mat virtual machines use and pve vriual machines access to slorage and network COMME vay Virtual Controller Virtual Interfaces e Management Interface e Virtual Interface e Dynamic Interface e AP Manager Interface Switch Interface Configuration Connected to UCS Server This section provides a sample configuration of the Cisco Catalyst interface connection to the ESXi server for the virtual switch as trunk interface The management interface can be connected to an access port on the switch interface GigabitEthernet1 1 2 description ESXi Management Switchport access vlan 10 Switchport mode access I interface GigabitEthernet1 1 3 description ESXi Trunk switchport trunk encapsulation dotlqd Switchport mode trunk end Complete these steps 1 Create two separate virtual switches in order to map to the virtual controller Service and Data Port Go to ESX gt Configuration gt Networking and click Add Networking te tet Vow hen Asme Pape Help ogc oa g mmm 9 g bo sbe be paimen VWneenmr nL SOA ty a wolest one tep toy Linas Poret awe Aan Taea barve e adt Maen otomane CEI Loew eee d oore frota Pomes ome Add a labe
6. Cisco Virtual Wireless Controller Deployment Guide Document ID 113677 Introduction Prerequisites Virtual Controller Support Virtual WLAN Controller Unsupported Features Single Virtual Controller Resource Requirement Suggested Hardware Recommendations for Hosting Cisco Virtual Controllers AP Requirement Components Used Topology Conventions Release Notes Virtual Controller Installation Virtual Controller Virtual Interfaces Switch Interface Configuration Connected to UCS Server VMware Promiscuous Mode Definition Virtual Controller Settings Virtual Controller Console Port Start up the VWLC Virtual Controller Management with Cisco Prime 1 2 Upgrade the Virtual Controller Troubleshooting AP Considerations Time is Incorrect SSC Hash Related Information Introduction Prior to release 7 3 wireless LAN WLAN controller software ran on dedicated hardware you were expected to purchase The Virtual Wireless LAN Controller VWWLC runs on general hardware under an industry standard virtualization infrastructure The vWLC is ideal for small and mid size deployments with a virtual infrastructure and require an on premises controller Distributed branch environments can also benefit with a centralized virtual controller with fewer branches required up to 200 VWLCs are not a replacement of shipping hardware controllers The function and features of the vWLC offer deployment advantages and benefits of controller services whe
7. ISCO MONITOR WLANs CONTROLLER WIRELESS SECURITY MANAGEMENT COMMANDS HELP FEEDBA File Type Transfer Mode Server Details IP Address 10 10 10 103 Maximum retries 10 Timeout seconds File Path File Name 3 When the process has completed successfully you are prompted to Reboot in order for the new software image to take effect Click the link to the Reboot Page in order to continue Saye Conmmguraton MONTTOR WLANs CONTROLLER ESS SECURITY MANAGEMENT COMMANDS Download file to Controller Fie Type Code Transfer Mode TFTP Server Detalls 1P Address 310 10 10 103 Manin retries 10 Timeout seconds 6 Foe Pam f Fie Name AS CTVM_ 7_3 1 S8 aes TFTP File transfer is successful Reboot the controller for update to complete Optionally load the image to APs before rebooting to reduce network downtime For the new Code to take effect you need to reboot system Click Mere to get redirected to reboot page 4 Click Save and Reboot Save Configuration Ping Logout Refresh MONITOR WLANs OONTROLLER WIRELESS SECURITY MANAGEMENT COMMANDS HELP FEEDBACK System Reboot Warning The configuration of the controller is changed and not saved yet Click on Save and Reboot to save the changes before the controller is rebooted or click on Reboot without Save to reboot the controller without saving the changes Please be aware that in either case all the connections will be lost To regain the connection please log in
8. VWLC Service Port Use named pipe In order to enable for the serial via network ESX must be configured to allow for such requests 7 Navigate to the ESX click the Configuration tab go to Software gt Security Profile and click on Properties j 623860 Evaluation 33 days remaining es Resource Allocation Performance Configuration T bad pee ma we Lee imh Aeta shon Serve bana Denon erwe AP eonia We Curent eeeere a e b b b a a By defaut remote dents are prevented from accessing services on tus host and local dents are prevented fom accessing services on remote hosts Select a check box to provide access to a service or dent Deemons wil start automatically when ther ports are opened and stop when al of ther ports are dosed or as configured 123 9 8100 8200 Start up the vWLC Complete these steps 1 Start the VWLC and select the console in order to observe the first time installation process Inventory Administration Plug ins gj nw gt e ar y a a o rx 7 Cisco Wireless Lan Controller on loca on ing a done bd 7 lt 2 Caco Weeless Lan Controller on localhost localdomain yag es File Vee i ee es 2 o stage 1 boot completed rebooting Lis sHitching to runlevel by INIT Sending processes the TERM toppi ig porteap Caen ending all processes the TERM ending all processes the KILI stopping hotplug subsystem pel pc i starting r
9. WLC a minimal network setup is required similar to the diagram shown in this section You need to simulate a location with a FlexConnect AP in a centrally switched deployment and or with the addition of local and remote sites with local DHCP better if there is also a DNS and local access to Internet Data Center File Server DHCP ONS Controller oo Cisco Prime infrastructure Control Channel internet Traffic DataCenter Data Traffic Branch Data Traf Conventions Refer to Cisco Technical Tips Conventions for more information on document conventions Release Notes Cisco Unified Wireless Network CUWN 7 3 Release Notes contain important information about this release Log in to Cisco com for the latest release notes before loading and testing software Virtual Controller Installation For deployment and management of the VWLC you will need to download any of these VMware suites to the workstation e Single ESXi server management Use VMware vSphere Client e Multiple ESXi servers requires vCenter Advance features are also tied with vCenter which needs separate licenses vMotion and so on Start the VMware vSphere Client and log in to the ESXi server VMware vSphere Client Te ecty sarage a ge ost enter Pe IP adieu amp host rare To maage mitigi hosts enter Pa P atien o rae of aoe m re Fie Edt Vies bwentoy Adminmutoa Pugs Help 6 w gt A menn gt ew
10. again after the controller is rebooted 5 Cisco Prime Infrastructure can also be useful for upgrading one virtual controller or many virtual controllers at the same time Go to Configure gt Controllers Select check box one or more virtual controllers Select Download Software TETP from the command drop down list This example uses TFTP mode for image upgrade W PA TE ESE 10 08 2715 10 39 31 5 6 Provide the Download Type TFTP server new if using external IP Address File Path and Server File Name which is the aes file type Click Download Download Software to Controller Configure gt Corroios gt Download Software to Controller Some TFTP servers may not support files larger than 32 MB Controller IP Address 10 10 11 5 10 10 21 5 10 10 31 5 o Local machine TFTP server External TFTP Server 10 10 10 103 00 56 3145 6 380 215 TOT fe terete n accent Aboot he contoter or uate to complete Optionally predoeninat ne mege i A cetoe ROO te SOL e Enon Gowers PD fee arte n eaten s Aent Pe irand Vw costae by ope Oteraly pre ere Pe aye fo AP deon rebooting te aduce wto Gowntrre DOIR ILS TTP fe tandiu n acond deee a predcoerninad na mage 9 Similar to the experience directly from the r e a DET is required when the transfer is complete In Cisco Prime Infrastructure go to Configure gt Controllers and select the virtual controller s Select Reboot Controllers from the Select a command
11. assic Theme is used to perform similar task of adding the virtual controller as well as updating the system image Go to and select Switch to Classic Theme 11 In order to add a new virtual controller select Add Controllers from the Select a command drop down list 12 Enter the IP Address Read Write SNMP Community string and click Add Add Controllers Configure gt Controllers gt Add Controllers Device Info 10 10 31 5 14 Go to Configure gt Controllers The virtual controller will be listed as Reachable once it has been successfully discovered and added Otherwise and as shown above the device will appear in the Unknown Device page if it was not discovered successfully 10 10 31 5 10 10 215 19 010 115 Upgrade the Virtual Controller In the early steps of installation the Cisco Virtual Controller initially required an OVA file for new virtual appliance creation However maintaining virtual controller features and software upgrades require a common AES file downloadable from the Cisco website Complete these steps 1 Download the AS 7_3 aes file to a target host for example the TFTP FTP server 2 Just as for legacy controllers go to the web GUI of the controller gt COMMANDS gt Download File Select the File Type Transfer Mode IP Address File Path and File Name aes file Click Download in order to start the process l tet l l Saye Configuration Ping Logout Refresh i i C
12. boot Pease De aware thoat n author case af the Reset to Factory cComectons wil be lost To regain the conmecton Detault please log m agam after the controller rebooted Set Time Login Banner 17 Log back in to the VWLC and note that the 200 APs are now supported with the evaluation license enabled MONITOR WLANs CONTROLLER WIRELESS SECURITY MANAGEMENT CO Cisco Virtual Wireless Controller Controller Summary Rogue Summary Managemen IP Address 10 10 11 20 Active Rogue APs Service Port IP Address 0 0 0 0 Active Rogue Chents m SE iR Software Version ERL Adhoc Rogue Emergency Image 18 Connect an AP and monitor for the join message to occur 19 From the browser go to WIRELESS and confirm that the AP has joined MONITOR WLANs CONTROLLER WIRELESS SECURITY Current Filter Number of APs AP Name AP Model AIR CAP3S021 A K9 20 Click the AP and change the AP Mode to FlexConnect Only FlexConnect is supported central and local switching in the 7 3 release MONITOR WLANS CONTROLLER WIRELESS SECURITY General General AP Name APT866 1267 67af Location default location AP MAC Address f8 66 f2 67 67 af Base Radio MAC 8 b 27 92 47 d0 Admin Status Enable v AP Mode ocal Ooeratonal Status Rogue Detector 21 It may be useful to consider using the autoconvert function of the controller for example any mode AP joining the VWLC will be converted automatically to FlexConnect Is
13. deration is to add the hash shown in the SSC output above to the mobility group member Cisco Controller gt config mobility group member add 10 10 11 30 Cisco Controller gt config mobility group member hash 10 10 11 30 bd7bb60436202e830802be1e8 931d539b67b2537 Related Information e FlexConnect Feature Matrix e Cisco LAP Documentation e Flex 7500 Wireless Branch Controller Deployment Guide e Technical Support amp Documentation Cisco Systems Contacts amp Feedback Help Site Map 2012 2013 Cisco Systems Inc All rights reserved Terms amp Conditions Privacy Statement Cookie Policy Trademarks of Cisco Systems Inc Updated Sep 04 2012 Document ID 113677
14. e AP may have an older SSC hash either from an old installation or joining other controllers It is possible to configure the WLC to not validate SSC allow APs to join the vWLC then re enabling the validation again Cisco Controller gt configure certificate ssc hash validation disable o Perform the test capwap lt erase restart gt command in order to clear AP capwap settings and initiate join process AP 866 f267 6 af test capwap erase AP 866 f267 6 7 af test capwap restart restart capwap AP 866 267 6 af Jun S LAe27t22469 SDTLS S SEND ALERT send FATAL Close Notify Alert To DOO aah ZO 2A Jun 9 12 27222 2 5252 sWIDS 6 DISABLED IDS Signature is removed and disabled xJun 9 12 27 22 529 LWAPP 3 CLIENTERRORLOG LWAPP LED Init incorrect led state 255 Jun 9 12 27 22 897 Starting Ethernet promiscuous mode Jun 9 12 27 32 903 tCAPWAP 3 ERRORLOG Go join a capwap controller Jun 29 2227 525 000 CAPWAP 5 DILSREQSEND DILS Connection request sent peer_ip 10 10 11 20 peer_port 5246 Jun 9 12 27 23 276 SCAPWAP 5 DITLSREOSUCC DTLS connection created successfully peer_ip 10 10 11 20 peer_port 5246 Jun 9 2 20523 2 765 sCAPWAP 5 SENDIOIN sending Join Request to 10 10 21 20 e As part of the mobility configuration if there is a virtual controller in the network the administrator needs to add a hash key of the virtual controller in all the peer controllers If adding another peer controller the consi
15. e bor mils hilt reboot Heboot ing Restarting cent Tasks 7 A icrosoft Vindows Version 6 1 7601 pyright c 20099 Microsoft Corporation Rll rights reserved Uscere Dene telnet 10 10 10 10 9099 gt 4 The Telnet session will now manage the console to the VWLC Ciscoe Bootloader Version 7 o88b d888888b d8888 o88b d8Bb dsp YR 88 88 YP d8P Y8 8P Y8 8P AR Bho 8P 88 88 Hb BB 8b Bb BB BY Y8b ds O68 db 8D Y 8b d8 8b as YBAP vyesessseP seeay BRP YBP Booting Prinary Image ress CESC now for additional boot options Booting Prinary inage Note Only one mode of console can be operational at any time such as a VM console by key interrupt at startup or serial console physical network It is not possible to maintain both at the same time 5 Continue to wait until the VWLC has come online fully and prompts you to start the configuration tool wizard arting Ethernet over IP ok arting DILS server enabled in CAPVWAP arting Cleanfliir ok starting VIPS ok arting SSHPM LSC PROU LIST ok arting RHC Services ok Starting SXP Services ok e arting PMC HS ok arting IPv6 Services ok arting Config Sync Manager ok art ing Hotspot Services ok arting Management Services Web Server CLI ok Secure Web Veb Authentication Certificate not found Cerror gt If vou cannot a cess managenent interface via HITPS please rec
16. et et wmnicd 7 Click Next 8 Here you see vSwitch1 is created for VWLC Service Port Click Add Networking in order to repeat for the Data Port eee a RS ee Tvk CO days remaining Vitwel Mederes Resource Alocsnona Petormmexe Kdr ah Lore sers Groups Everts Perwssiora A eare Prope tes Poe An o vrata io hw p ix NCS Ape a U Maregermert Netnore Raerderd Dabei viwa WLC Service Port 9 For the new vSwitch select the physical NIC s connected on a trunk port if there are multiple NICs portgroup assigned to an etherchannel on the switch 10 Add the NIC Select which vSohere standard switch wil handle the network traffic for this connection You may also create a ne adapters isted below vSphere standard switch using the unclaimed network Intel Corporation 82576 Gigabit Network Connection r E ver 1000 Fu None C UsevSwitchi wasl Mache Pot Geono Phy nce Adactes VM Network 2 8 B amis 11 Click Next 12 Provide a label in this example VWLC Data Port 13 For VLAN ID select ALL 4095 since this is connected to a switch trunk port Use network labels to identify migration compatible commections common to two or more hosts Commecton Type Network Access Connection Settings EC Data Port fione 0 z sssesenm serscreremenansamansanmemnnnan n anan am Preven vWLC Data Port 14 Click Next until you complete the steps to add the vSwitch VMware Promiscuous M
17. led network to hande wrtual madre network tafe C Woherse The WMhermne TOP stack handles traffic for the folowing ES services wSphere wooden GCSI NFS ord host maragene 3 Create a vSwitch and assign a physical NIC in order to connect the vWLC service port The service port does not have to be connected to any part of the network typically disconnected unused As a result any NIC even disconnected can be used for this vSwitch Add Network Wizard Virtual Machines Network Access Virtual machines reach networks Prough upirk adapters attached to vSohere standard guitches Select whch wSohere standard switch wil handle the network traffic for this connection You may also create a nev v phere standard swich using the unclamned network adapters isted below Create a vSphere standard switch Cisco Systems Inc Cisco VIC Ethernet NIC F B wrk Down None r OD aw Down None Intel Corporation 62576 Gigabit Network Connection r D wkd 1000 Ful 20 90 11 224 20 10 11 224 WLAN 11 Use vSeitcho Intel Corporation 82576 Gigabit Network Conmection 4 Click Next 5 Provide a label in this example VYWLC Service Port 6 Select None 0 for VLAN ID as the service port is typically an access port Add Network Wizard Ree Be aadi MAUA D Wo Virtual Machines Connection Settings Use network labels to identify migration compatiile connections comman to two or more hosts TT Service Port 0 bd Penica Aem
18. ode Definition Promiscuous mode is a security policy which can be defined at the virtual switch or portgroup level in vSphere ESX ESXi A virtual machine Service Console or VMkernel network interface in a portgroup which allows the use of promiscuous mode can see all network traffic traversing the virtual switch By default a guest operating system s virtual network adapter only receives frames that are meant for it Placing the guest s network adapter in promiscuous mode causes it to receive all frames passed on the virtual switch that are allowed under the VLAN policy for the associated portgroup This can be useful for intrusion detection monitoring or if a sniffer needs to analyze all traffic on the network segment The vWLC Data Port requires the assigned vSwitch to accept Promiscuous mode for proper operations Complete these steps 1 Locate vSwitch2 assigned for VWLC Data Port and click Properties localhost ocaldomain VMware ESXi 5 0 0 623860 Evaluation 33 days remaining Configuration ime Bilt ee ate Hardware View vSphere Standard Switch Health Status Networking Processors POY Standard Switch vSwitch0 norega nual Machre Port Grog Pry sca Adapt Networking VM Network oW vma 1000 Ful OD Storage Adapters gt virtual machine Network Adapters se Advanced Settings NCS Power Management terval Bor I Management Network Software Licensed Features Time Configuration ONS and Routing Standard S
19. onfigure Virtual Interface License fiqent ok J V VJ VI cE vV LD SD 7 2 Ve Ve errr nrnrrerr fe Cisco Controller lelconme to the Cisco Vizard Configuration Tool se the character to backup fould you like to terminate autoinstall yes 6 Configure the management interface address mask gateway Configure Management Interface VLAN ID if tagged Continue with the remainder ge leinet 10 10 10 1 i system Name Cisco _88 5b c2 31 characters max UTO INSTALL no interfaces registered INSTALL process terminated no configuration loaded Administrative User Name 24 characters max admin nter Administrative Password C3 to 24 characters ssh e enter Administrative Password me service Interface IP Address Configuration static LDHCP I anagement Interface IP Address 10 18 11 20 anagement Interface Netmask 255 255 255 8 anagenment Interface Default Router 180 18 11 1 anagenment interface ULAN Identifier lt 8 untagged 11 anagenment Interface Port Num i to 1 1 anagenment Interface DHCP Server IP Address 10 10 108 1 irtual Gateway IP Address 1 1 1 1 obility RF Group Name deno 7 Similar to all network device s configuring the NTP is crucial The virtual controller must have the correct clock as it is possible to have an incorrect clock on the ESX host or from manual configuration which may result in APs not joining in the process Enter Country Code list Center hel
20. orm AIR CTVM K9 e Hardware Cisco UCS UCS Express HP and IBM servers e VMware OS ESX ESXi 4 x 5 x e FlexConnect Mode central and local switching e Licensing Node locked licenses to UDI eval 60 days e Maximum number of access points APs 200 e Maximum number of Clients 3000 e Maximum number of sites up to 200 e Throughput performance up to 500 Mbps per virtual controller e Management with Cisco Prime Infrastructure 1 2 and above Virtual WLAN Controller Unsupported Features e Data DTLS e OFAP no data DTLS e Rate Limiting e Internal DHCP server e Mobility Guest Anchor e Multicast Unicast mode e PMIPv6 e Outdoor Mesh Access Points an Outdoor AP with FlexConnect mode will work Single Virtual Controller Resource Requirement e CPU 1 virtual CPU e Memory 2 GB e Disk Space 8 GB e Network Interfaces 2 or more virtual Network Interface cards vNICs Suggested Hardware Recommendations for Hosting Cisco Virtual Controllers e UCS R210 2121605W Rack Mount Server 2 RU 2 Intel Xeon CPU X5670 2 93 GHz 16 G memory e IBM x3550 M3 Server 2 Intel Xeon 5600 series processors with 4 cores each and each core capable of doing hyper threading which gives you 16 CPUs in total 3 6 GHz 12G memory e ISR G2 Services Ready Engine SRE using UCS Express Stretch goal SRE 700 Single Core Intel Core Duo 1 86 GHz with 4 GB memory SRE 900 Dual Core Intel Core Duo 1 86 GHz with 4 GB memory upg
21. p for a list of countries USI 802 1ib Network YE 8602 iia Network LYE F Sltnol Siltnol gt BH2 11qg Network YES no Enable Auto RF YES Iino Configure a NIP server now YES Iino yes Enter the NTP server s FP address tv 1 TeTi interval between 3600 and 6404800 secs 8 Complete the configuration and allow the vWLC to reset Configuration correct If yes system will save it and reset yes J NO yes Configuration saved esetting systern with new configuration Lonfiguration saved Resetting systen with new configuration 9 It is suggested that you ping the VWLC management interface in order to ensure that it has come online Log in to the VWLC i f ion J f f Ion ion ae he tinecin EILIA i tinetin Cinetin 10 You can issue the show interface summary command and ping the gateway from the VWLC lserltadnin Password i e Cisco Controller gt show interface sun Number of Interfaces Interface Nane Port Ulan IP Address see mnagenent 186 16 11 290 service port ri 0 0 0 0 irtual ri P e Pe Cisco Controller gt ping 189 108 11 1 send count 3 Receive count 3 from 10 10 11i i Cisco Controller gt 11 Connect to VWLC management using a web browser Windows Secunty The server 10 10 1120 at Cisco Controller requires a username and petsword gt admin w p anes reserved CSCO he Chti ySetes ini arks are the prope
22. ps amp Sites G Add Device ff Bulk Import C Device Name Reachability IP Address Device Type Collection Status D Svc Reacrutie 10 10 21 5 Osco Vitus Wr Managed O Stecvmc E Roscratie 10 10 315 Cisco Vitus Wir Managed A B owon ons 6 When the virtual controller is discovered it is listed as Managed and Reachable shown in green Add any other virtual controller s at this point if available ALL f Edit Ye Delete Sync Groups amp Sites G Add Device jj Duk Import O DeviceName Reachability IP Address Device Type O SiteA vWLC Reachable 10 10 11 5 Cisco Virtual Wireless LAN Co O SiteB vwic E Reachable 10 10 21 5 Cisco Virtual Wireless LAN Co O Sitec vwic E Reachable 10 10 31 5 Cisco Virtual Wireless LAN Co 7 The new controller will be listed in Device Type gt Cisco VIRTUAL Series Wireless LAN Controller BR rms ctr ete teen SY eee image Mareg TT image Daarom Qo Autometer Dement Br L Cee ee mas pe o Gowen Ooie gt Chae VET aks Gene Wrowss LAN Cont rete Cann VIRTUAL Series Wiretess LAN Controtie meer OO ee ee i O Dm my Pa DT Soissa V etry Cee ee D acme G tere CE EIF Caco vina Vevetese LAN Corowter racer a ar D seme O arn 110215 eco Viha Wireline LAN Gortuter 73s D wae G arm tS Osco Virai Wreiess LAN Coroner ETT Top N CPU Utizaton 2 Ceketene Once F SeBomwC 101021 5 Seco e 101031 5 Smam C 101011 5 mokoan Eoso E7 B o o 9 For the remainder of this guide the Cl
23. radable to 8 GB AP Requirement e All 802 11n APs with required software version 7 3 are supported e APs will be operating in FlexConnect mode only e AP autoconvert to FlexConnect is supported on controller e New APs ordered will ship with 7 3 software from manufacturing e Existing APs must be upgraded to 7 3 software before joining a virtual controller Note The Virtual Controller in release 7 3 uses Self Signed Certificates SSC as against the Manufacturing Installed Certificates MIC in the traditional controller The AP will be able to validate the SSC certificate provided by the virtual controller before joining See AP Considerations in the Troubleshooting section for more details Components Used The information in this document is based on these software and hardware versions e Cisco Catalyst Switch e Wireless LAN Controllers Virtual Appliance e Wireless LAN Controller 7 3 Software e Cisco Prime Infrastructure 1 2 e 802 11n Access Points in FlexConnect Mode e DHCP server e DNS Server e NTP e Wireless Client Laptop Smartphone and Tablets Apple 10S Android Windows and Mac The information in this document was created from the devices in a specific lab environment All of the devices used in this document started with a cleared default configuration If your network is live make sure that you understand the potential impact of any command Topology In order to properly implement and test the Cisco V
24. re data centers with virtualization infrastructure exist or are considered Advantages of the VWLC e Flexibility in hardware selection based on your requirements e Reduced cost space requirements and other overheads since multiple boxes can be replaced with single hardware running multiple instances of controllers network management devices NCS and other servers ISE MSE VSG firewall e Independent and mutually exclusive instances allow administrators to use multiple virtual controllers to manage different campuses or even to manage multiple customer sites using the same hardware e Enable features provided by the virtualization software including High Availability failover protection and ease of migration VMware benefits with the VWLC e vSphere A virtualization infrastructure package from VMware which includes ESX ESXi hypervisor VMotion DRS HA Fault Tolerance vSphere Distributed Switch and more e vCenter Server The VMware vCenter Server formerly VMware VirtualCenter provides a scalable and extensible platform that forms the foundation for virtualization management Centralized control and visibility at every level of virtual infrastructure Pro active management with vSphere Scalable and extensible management platform with a broad partner ecosystem Cisco CUWN in a BOX ESX ESXi Hypervisor UCS x86 Servers Sena peme fs 22 O E CG Prerequisites Virtual Controller Support e Platf
25. rint Maps Hardware Exit Health Sta E Processors 8 Browse to the location of the OVA file downloaded from Cisco site and click Next Users Demo Desktop AS_CTVM_7_3_1 24Love Enter a URL to download and install the OVF package from the Internet or specty a location accessible from your computer such as a local hard drive a network share or a CODO dive 9 Click Next Disk Format Network Mapping Ready to Complete Speafy a name and location for the deployed template source OVE Template Details Name and Location Disk Format Network Mapping Ready to Complete Disk Format Network Mapping Ready to Complete ill 12 Accept the Network Mapping default and click Next Ready to Complete Are these the optens you want to use When you cick Finish the deployment task wil be started SOHO os OVF file Download ste Size ondisk Name Host Cluste Datastore Disk provisioning Network Mapping C Users Demo Desktop AS_CTVM_7_3_1 ilove 146 8 MS 8 1 GB Cisco Wireless Lan Controler localhost datastorel 7 Thick Provision Lazy Zeroed VM Network to VM Network Two important things to note regarding upgrading virtual controllers e The OVA image is needed only for first time installation e The AES image can be subsequently used for upgrading downgrading Virtual Controller Settings After creating the virtual controller configure the virtual machine set
26. sue this command in order to implement Cisco Controller gt config ap autoconvert flexconnect enable Virtual Controller Management with Cisco Prime 1 2 Cisco Prime Infrastructure version 1 2 is the minimum release required to centrally manage one or more Cisco Virtual Controller s Management for the Cisco Virtual Controller is no different than legacy physical controllers in comparison to Cisco WCS or NCS Cisco Prime Infrastructure 1 2 provides configuration software management monitoring reporting and troubleshooting of virtual controllers Refer to Cisco Prime Infrastructure documentation as required for administrative and management support 1 Log in to Cisco Prime Infrastructure server as root By default the management view selection is Lifecycle Theme which is new beginning with release version 1 2 The Classic Theme shown later will be more familiar to administrators who have been working in Cisco WCS and NCS Cisco Prime Infrastructure w Version 1 2 Username root pasmar 2 Go to Operate gt Device Work Center 3 In Device Work Center click Add Device FB Discovery 2 Configuration ALL 4 Enter the IP Address and SNMP Community string Read Write By default the SNMP RW for the controller is Private Click Add 5 Cisco Prime Infrastructure will discover and synchronize with the virtual controller Click refresh in order to update the screen ALL jf Edit YE Delete SB sync Grou
27. tings to map networking and add a virtual serial console Complete these steps 1 Select the VWLC and click Edit virtual machine settings 10 10 1 0 10 File Edit View Inventory Ac Basic Tasks gt Power on the virtual machine gt Edit GE inii settings 2 Select Network adapter 1 to VWLC Service Port vSwitch created in ESX networking ane E a r A A O Memory 5120 MB CPUs 1 Video card Video card WMCI device Restricted SCSI controller LSI Logic Parallel Parc disk 1 Virtual Disk l CD DVD drive 1 detastorel 7 Cisco GD Network adapter VM Network d Floppy drive 1 floppy 1 Network adapter 1 edite VWLC Service Port di Floppy drive i 4 Confirm the correct mapping O CD DVD drive 1 datastorei 7 Cisco Ge Network adapter 1 edite WWLC Service Port G Network adapter 2 edite WWLC Data Port Floppy drive 1 Virtual Controller Console Port The console port gives access to the console prompt of the WLC As a result the VM can be provisioned with serial ports in order to connect to these In the absence of serial ports the vSphere Client Console is connected to the console on the VWWLC VMware ESXi supports a virtual serial console port that can be added to the VWLC VM The serial port can be accessed in one of these two ways e Physical Serial Port on the Host The vWLCs virtual serial port is mapped to the hardware serial port on the server
28. tored hash validation is passed and the AP moves to the RUN state If hash validation fails it will disconnect from the controller and restart the discovery process e The hash validation which is an extra authorization step will be performed only if the AP is joining a virtual controller There will be a knob to turn on off hash key validation e By default hash validation is enabled which means that the AP needs to have the virtual controller hash key in its flash before it can successfully complete association with the virtual controller If the knob is turned off the AP will bypass the hash validation and move directly to the RUN state e The hash key can be configured in the controller mobility configurations which gets pushed to all the APs which are joined The AP will save this configuration until it successfully associates to another controller After which it inherits the hash key configuration from the new controller e Typically APs can join a traditional controller download the hash keys and then join a virtual controller However if it is joined to a traditional controller the hash validation knob can be turned off and it can join any virtual controller The administrator can decide to keep the knob on or off This information is captured in Cisco bug ID CSCua55382 Exceptions o If the AP does not have any hash key in its flash it will bypass the hash validation assuming that it is a first time installation In this
29. witch vSewitchl Authenicaton Services I VWL Service Port Vrtual Machine Startup Shutdorwn Virtua Machine Swanpfile Location Security Profile Standard Switch wSwitch2 emove Proper f e Host Cache Configuration Viewual Machine Port Digicel Adacter wWLC Data Port ee BB vmaic3 1000 Ful system Resource Alocaton ked 2 Select the VMNet assigned to the VWLC Data Port note that the default Security Promiscuous Mode is set to Reject and click Edit nella Port Group gt VWLC Data Port 4095 General Security Traffic Shaping NIC Teaming 5 Confirm the change and click Close Ports Network adapters Configuration Summary raf vSwiteh 120 Ports vWLC Data Port VNCDataPot Virtual Machine Al 4085 The virtual controller software is posted as an ovf package in the Cisco software center You can download the ova ovf package and install to any other virtual application The software comes with a free 60 day evaluation license After the VM is started the evaluation license can be activated and a purchased license can be automatically installed and activated later 6 Download the virtual controller OVA image to the local disk 7 Go to ESX gt File gt Deploy OVF Template in order to start the installation File Edit View Inventory Administration Plug it New tory gt ep 1 Export r Report gt ALA Browse VA Marketplace Getting Started P
Download Pdf Manuals
Related Search