无线控制器配置基础课程.pptx

《无线控制器配置基础课程.pptx》由会员分享，可在线阅读，更多相关《无线控制器配置基础课程.pptx（110页珍藏版）》请在淘文阁 - 分享文档赚钱的网站上搜索。

1、 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID1无线控制器配置基础无线控制器配置基础Xiaogang Wu2008.10 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID2基本配置任务及过程基本配置任务及过程准备工作1. 控制器启动配置和升级控制器软件版本控制器启动配置和升级控制器软件版本2. 熟悉控制器配置界面熟悉控制器配置界面3. 连接连接AP到控制器上到控制器上配置任务1

2、. 思科思科CSSC无线客户端的安装和简单配置无线客户端的安装和简单配置2. 构建一个构建一个OPEN和一个和一个WEP的无线网络的无线网络3. 构建一个简单构建一个简单WEB认证的无线网络认证的无线网络4. 构建一个支持本地构建一个支持本地EAP认证的无线网络认证的无线网络5. 构建一个用构建一个用ACS做做AAA认证的无线网络认证的无线网络 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID3Presentation Title Size 30PTOption 2: Live准备工作

3、2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID4基本设备基本设备 控制器 4400或者2100系列 AP：1130或者1240系列 交换机： 最好是3560 POE交换机 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID52100系列无线控制器系列无线控制器 支持支持802.11a/b/g/n 支持支持PCI认证认证 WLC2100 硬件硬件8个FE口，2个上联口，6个下联口其中

4、2个FE口有以太网供电 未使用端口未使用端口2个USB端口和一个扩展槽留作将来扩展用*2106和2006不能作为guest access的anchor controller*不支持Link Aggregation*不能通过软件升级AP容量AIR-WLC2125-K92100 Series WLAN Controller for up to 25 Lightweight APs$18,890AIR-WLC2112-K92100 Series WLAN Controller for up to 12 Lightweight APs$10,070AIR-WLC2106-K92100 Series W

5、LAN Controller for up to 6 Lightweight APs$4,875 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID64400系列无线控制器系列无线控制器 1 RU 高度2口 或者 4口千兆上联 支持 12, 25, 50 or 100 AP 支持 5000 MAC地址转发表 10/100Base-TX 以太网 Service Port 9 pin 串口Console口 2 扩展槽和1个utility port目前未使用 2 热插拔电源模块插槽44xx WL

6、AN Controller 型号 4402 支持 12, 25, 和50 AP 型号 4404支持100 APs*不能通过软件升级AP容量*4400系列使用SFP光纤模块*4400系列每port支持50个AP 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID7准备工作准备工作 网线和Console线。如果是4400，需要两头是DB9接口的线，如果是2106或者ISR，需要DB9+RJ45的线 如果是4400，需要GLC光纤模块和光纤 确认控制器版本是否需要升级 (用命令show sysi

7、nfo查看系统版本) 是否需要将胖AP升级到瘦AP1200/1100/1300需要upgrade tool做升级，1250不需要工具，直接在图形化界面上升级 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID8实验拓扑示例实验拓扑示例TRUNKVLAN1/20/30/40fa0/1port 1SSCWLC说明：说明：1、VLAN1用于连接控制器、AP和ACS；2、VLAN20用于WPA/WPA2认证，认证服务器用ACS。3、VLAN30用作OPEN/WEP/GUEST客户接入3、VLAN4

8、0用作WPA/WPA2认证，认证用本地EAPSSCSSID:VLAN20SSID:VLAN30PC/AAA服务器服务器VLAN1所有3层网关设置在3层交换机上，地址254 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID9启动选项启动选项The controller boot sequence will always have these option available since this is set in PROM to ensure controller recovery op

9、tions按5清空配置 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID10系统启动界面和配置系统启动界面和配置 (OS 5.1)Would you like to terminate autoinstall? yes: System Name Cisco_51:2b:60 (31 characters max): 2106-demoAUTO-INSTALL: process terminated - no configuration loadedEnter Administrative

10、 User Name (24 characters max): ciscoEnter Administrative Password (24 characters max): ciscoRe-enter Administrative Password : ciscoManagement Interface IP Address: 192.168.10.1Management Interface Netmask: 255.255.255.0Management Interface Default Router: 192.168.10.254Management Interface VLAN Id

11、entifier (0 = untagged): Management Interface Port Num 1 to 8: 1Management Interface DHCP Server IP Address: 192.168.10.254AP Manager Interface IP Address: 192.168.10.2AP-Manager is on Management subnet, using same valuesAP Manager Interface DHCP Server (192.168.10.254): Virtual Gateway IP Address:

12、1.1.1.1Mobility/RF Group Name: demo 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID11系统启动界面（续）系统启动界面（续）Enable Symmetric Mobility Tunneling yesNO: yesNetwork Name (SSID): open Allow Static IP Addresses YESno: Configure a RADIUS Server now? YESno: noWarning! The default

13、WLAN security policy requires a RADIUS server.Please see documentation for more details.Enter Country Code list (enter help for a list of countries) US: CNEnable 802.11b Network YESno: Enable 802.11a Network YESno: Enable 802.11g Network YESno: Enable Auto-RF YESno: Configure a NTP server now? YESno

14、: noConfigure the system time now? YESno: Enter the date in MM/DD/YY format: 09/28/08Enter the time in HH:MM:SS format: 17:11:00Configuration correct? If yes, system will save it and reset. yesNO: yesConfiguration saved!Resetting system with new configuration.非常重要，非常重要，Controller的的wireless的的domain要和

15、要和AP一致。一致。 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID12配置配置3层交换机层交换机p dhcp excluded-address 192.168.10.1ip dhcp excluded-address 192.168.10.254ip dhcp excluded-address 192.168.10.2!ip dhcp pool AP network 192.168.10.0 255.255.255.0 default-router 192.168.10.254 !i

16、nterface FastEthernet0/1 switchport trunk encapsulation dot1q switchport mode trunkinterface Vlan1 ip address 192.168.10.254 255.255.255.0!interface Vlan20 ip address 192.168.20.254 255.255.255.0! interface Vlan30 ip address 192.168.30.254 255.255.255.0!interface Vlan40 ip address 192.168.40.254 255

17、.255.255.0line vty 0 4 privilege level 15 password cisco login 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID13配置配置WEB访问访问1、使用直通网线，连接交换机的trunk接口到控制器端口12、配置PC机的IP地址 192.168.10.100/24或者DHCP，网关192.168.10.2543、测试PC能否Ping 通Controller的地址：192.168.10.13、用https:/192.168.10.1访问

18、控制器，如果要开启http访问，需要在系统里打开。 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID14使用使用IE浏览器进行浏览器进行WEB访问访问 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID15如果要升级控制器系统软件如果要升级控制器系统软件 tftp 服务器推荐tftpd32 支持64M以上文件传输 2006 Cisco Systems, Inc. All rights

19、 reserved.Cisco ConfidentialPresentation_ID16在在CCO上下载新版本上下载新版本支持室内室外 mesh 版本支持802.11n和其他新功能的普通版本 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID17Upgrade Path to Controller Software Release 5.0.148.0 or aboveCurrent Software Release Upgrade Path to 5.0.148.0 Software 3

20、.2.78.0 or later 3.2 release Upgrade to a 4.1 release before upgrading to 5.0.148.0. 4.0.155.5 or later 4.0 release Upgrade to a 4.1 or 4.2 release before upgrading to 5.0.148.0 4.1.171.0 or later 4.1 release You can upgrade directly to 5.0.148.0. 4.2.61.0 or later 4.2 release You can upgrade direct

21、ly to 5.0.148.0. 注意：由于配置存储格式不同，从3.x-4.x 升级到5.x后，原来的部分配置可能丢失 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID18Upgrade Path to Controller Software Release 4.1.171.0 Current Software Release Upgrade Path to 4.1.171.0 Software 3.2.78.0 Upgrade to 4.0.206.0 or a later 4.0 r

22、elease before upgrading to 4.1.171.0. 3.2.116.21 3.2.150.10 3.2.171.6 3.2.193.5 If your controller is configured with the new J3 country code, upgrade to 3.2.195.10 or a later 3.2 release. If your controller is not configured for the new J3 country code, you can upgrade to 3.2.195.10 or a later 3.2

23、release or to 4.0.206.0 or a later 4.0 release. 3.2.195.10 or later 3.2 release You can upgrade directly to 4.1.171.0. 4.0.155.5 Upgrade to 4.0.206.0 or a later 4.0 release before upgrading to 4.1.171.0. 4.0.179.11 4.0.206.0 or later 4.0 release You can upgrade directly to 4.1.171.0. 2006 Cisco Syst

24、ems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID19控制器软件升级控制器软件升级 命令行方式命令行方式 Step1. ping server-ip-address 测试控制器与TFTP server的连通性 Step2. transfer download mode tftp 设置传输使用的协议：tftp Step3. transfer download datatype code 设置传输的数据类型 Step4. transfer download serverip server-ip-address 指定tftp

25、 server的IP地址 Step5. transfer download filename filename 制定Image的文件名 Step6. transfer download start 开始传输文件，确认时如果回答No,则显示TFTP的参数设置 Step7. reset system WLC的系统重新启动注：TFTP服务器软件推荐tftpd32，可以在网上免费下载，支持64M以上大文件传输 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID20控制器软件升级控制器软件升级 图形

26、界面图形界面电脑上设置好Tftp软件；填入Tftp地址和文件名后，选择右侧的 download 按钮开始。完成后按提示reboot。 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID21Presentation Title Size 30PTOption 2: Live熟悉无线控制器Controller配置界面 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID22命令行命令行 (C

27、LI)基本命令基本命令cisco 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID23命令行命令行 (CLI) “clear” Commands 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID24命令行命令行 (CLI) “config” Commands and more 2006 Cisco Systems, Inc. All rights reserved.Cisco Co

28、nfidentialPresentation_ID25命令行命令行 (CLI) “debug” Command 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID26命令行命令行 (CLI) “help” Commands 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID27命令行命令行 (CLI) “show” Commands 2006 Cisco Systems, Inc. A

29、ll rights reserved.Cisco ConfidentialPresentation_ID28命令行命令行 (CLI) “transfer” Commands 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID29使用使用IE浏览器进行浏览器进行WEB访问访问 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID30控制器上查看和设置无线网络控制器上查看和设置无线网络SSI

30、D 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID31控制器配置页面控制器配置页面配置接口配置接口配置控制器配置控制器做做DHCP服务服务器器定义无线组定义无线组参看和配置参看和配置端口端口 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID32配置接口页面配置接口页面 2006 Cisco Systems, Inc. All rights reserved.Cisco Confi

31、dentialPresentation_ID33设置控制器做设置控制器做DHCP服务器服务器 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID34定义移动组定义移动组 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID35设置端口页面设置端口页面 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresen

32、tation_ID36多个控制器时，设定主控制器多个控制器时，设定主控制器 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID37点击点击WIRELESS/ALL APs 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID38安全页面安全页面Radius服务器配置服务器配置本地用户数据库本地用户数据库MAC地址过滤地址过滤WEB认证相关认证相关配置配置本地本地EAP 2006 Cisc

33、o Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID39管理界面管理界面定义能够进行定义能够进行Controller管管理的管理用户理的管理用户 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID40控制器维护管理界面控制器维护管理界面系统和配置文系统和配置文件的上传、下件的上传、下载配置载配置控制器软重启控制器软重启 2006 Cisco Systems, Inc. All rights reserve

34、d.Cisco ConfidentialPresentation_ID41AP射频模块配置界面射频模块配置界面 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID42AP发射功率调节发射功率调节(AP1131) Tx Power Num Of Supported Power Levels . 6 Tx Power Level 1 . 14 dBm Tx Power Level 2 . 11 dBm Tx Power Level 3 . 8 dBm Tx Power Level 4 . 5

35、dBm Tx Power Level 5 . 2 dBm Tx Power Level 6 . -1 dBmAP1242的level 1 是 17dBm 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID435.1版本对版本对HA的增强的增强Failover等级全局HA配置 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID44Presentation Title Size 30PTO

36、ption 2: Live连接AP到控制器 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID45Controller里的里的Port还有还有Vlan以及以及Interface的对应关系的对应关系 Controller必需配置的接口带内管理接口“Management Interface”LWAPP Tunnel 终结接口“AP Manager Interface”桥接的无线客户端接口“Dynamic Interfaces”. 二三层漫游而设的虚拟接口“Virtual Interface”

37、可选接口:服务接口带外管理接口带外管理接口*2100系列和WLCM没有service port 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID46确认控制器国家版本与确认控制器国家版本与AP一致一致目前版本支持同时支持多国家 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID47确认时间配置无误确认时间配置无误 2006 Cisco Systems, Inc. All rights

38、 reserved.Cisco ConfidentialPresentation_ID48在路由器或者在路由器或者3层交换机设置层交换机设置DHCP在在AP和控制器不在同一网段的情况下，建立和控制器不在同一网段的情况下，建立AP能够获取能够获取IP Address 的地址池，加上的地址池，加上Option 43WLC-router(config)#ip dhcp pool LWAPP-APWLC-router(dhcp-config)#network 192.168.10.0 255.255.255.0WLC-router(dhcp-config)#default-router 192.168

39、.0.254WLC-router(dhcp-config)#option 43 ascii 192.168.10.1“/很重要！通过很重要！通过Option 43 可以让可以让AP在获取和控制器不同网段在获取和控制器不同网段IP Address的时候，能够知道的时候，能够知道Controller的所在。的所在。如果如果AP和控制器在一个网段和广播域，则可以不配置和控制器在一个网段和广播域，则可以不配置option 43WLC-router(dhcp-config)#exitWLC-router(config)#ip dhcp excluded-address 192.168.0.254 200

40、6 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID49在在IOS设备配置设备配置Option 43 对于1000/1500系列，直接写option 43 ascii “192.168.10.5,129.168.10.20“ 对于1100和1200，需要写option 60和option 43 假设要连接1240，控制器地址为192.168.10.5和192.168.10.20ip dhcp pool APnetwork 192.168.10.0 /24default-router 192.168

41、.10.254dns-server 192.168.10.100option 60 ascii “Cisco AP c1240 “option 43 hex f108c0a80a05c0a80a14 VCI String1130的是Cisco AP c1130 类型= f1长度 = 2 x 4 = 08192.168.10.5192.168.10.20 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID50可以在可以在console上打开上打开debug观察观察AP加入情况加入情况(Cis

42、co Controller) debug lwapp events enable (Cisco Controller) *Oct 04 19:20:19.154: 00:1a:e3:d0:19:50 Received LWAPP DISCOVERY REQUEST from AP 00:1a:e3:d0:19:50 to 00:1e:13:51:2b:60 on port 8*Oct 04 19:20:19.154: Received a packet which is a (type = DISCOVERY_REQUEST) with session id 0*Oct 04 19:20:19

43、.154: Join Priority Processing status = 0, Incoming Aps Priority 1, MaxLrads = 6,joined Aps =0*Oct 04 19:20:19.155: 00:1a:e3:d0:19:50 Successful transmission of LWAPP Discovery Response to AP 00:1a:e3:d0:19:50 on port 8*Oct 04 19:20:19.156: 00:1a:e3:d0:19:50 Received LWAPP DISCOVERY REQUEST from AP

44、00:1a:e3:d0:19:50 to ff:ff:ff:ff:ff:ff on port 8*Oct 04 19:20:19.156: Received a packet which is a (type = DISCOVERY_REQUEST) with session id 0*Oct 04 19:20:19.156: Join Priority Processing status = 0, Incoming Aps Priority 1, MaxLrads = 6,joined Aps =0*Oct 04 19:20:19.156: 00:1a:e3:d0:19:50 Success

45、ful transmission of LWAPP Discovery Response to AP 00:1a:e3:d0:19:50 on port 8*Oct 04 19:20:31.162: 00:1a:e3:d0:19:50 Received LWAPP JOIN REQUEST from AP 00:1a:e3:d0:19:50 to 00:1e:13:51:2b:67 on port 8*Oct 04 19:20:31.162: Received a packet which is a (type = JOIN_REQUEST) with session id 0*Oct 04

46、19:20:31.177: 00:1a:e3:d0:19:50 AP AP001b.5302.28f8: txNonce 00:1E:13:51:2B:60 rxNonce 00:1A:E3:D0:19:50 *Oct 04 19:20:31.177: 00:1a:e3:d0:19:50 LWAPP Join Request MTU path from AP 00:1a:e3:d0:19:50 is 1500, remote debug mode is 0*Oct 04 19:20:31.177: DTL Adding AP 1 - 192.168.10.10*Oct 04 19:20:31.

47、177: 00:1a:e3:d0:19:50 Successfully added NPU Entry for AP 00:1a:e3:d0:19:50 (index 1)Switch IP: 192.168.10.2, Switch Port: 12223, intIfNum 8, vlanId 0AP IP: 192.168.10.10, AP Port: 8847, nex*Oct 04 19:20:31.911: 00:1a:e3:d0:19:50 Successful transmission of LWAPP Join Reply to AP 00:1a:e3:d0:19:50*O

48、ct 04 19:20:31.912: 00:1a:e3:d0:19:50 spam_lrad.c:1589 - Operation State 0 = 4*Oct 04 19:20:31.913: 00:1a:e3:d0:19:50 Register LWAPP event for AP 00:1a:e3:d0:19:50 slot 0*Oct 04 19:20:31.914: 00:1a:e3:d0:19:50 Register LWAPP event for AP 00:1a:e3:d0:19:50 slot 1*Oct 04 19:20:33.192: 00:1a:e3:d0:19:5

49、0 Received LWAPP CONFIGURE REQUEST from AP 00:1a:e3:d0:19:50 to 00:1e:13:51:2b:67*Oct 04 19:20:33.194: 00:1a:e3:d0:19:50 Updating IP info for AP 00:1a:e3:d0:19:50 - static 0, 192.168.10.10/255.255.255.0, gtw 192.168.10.254*Oct 04 19:20:33.194: 00:1a:e3:d0:19:50 Updating IP 192.168.10.10 = 192.168.10

50、.10 for AP 00:1a:e3:d0:19:50*Oct 04 19:20:33.194: 00:1b:53:02:28:f8 Building Config Response Msg for 00:1b:53:02:28:f8 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID51确认确认AP连接到控制器连接到控制器图形界面命令行 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation