vWLC Installation with AP AIR-LAP1242AG

-configure vWLC vm serial over telnet
2 ways to access vWLC:
1. by pressing any key when vWLC booted
2. configure serial over telnet in ESXi
-make sure your ESXi license either Evaluation or Enterprise
otherwise Serial over network won’t work
go to ESXi/Configuration/Software/Security Profile/Firewall Properties
tick VM serial port connected to vSPC
tick VM serial port connected over network

Image
If you want to telnet, telnet to ESXi host ip address
>telnet 10.0.100.200 3001

INFO:
-ESXi 5.5u2 IP: 10.0.100.200
-vWLC Service IP: 10.0.100.76
vWLC Management IP: 10.0.20.76
-AD+DNS+DHCP IP: 10.0.20.2

-CISCO AP subnet: 10.0.30.0/24

CISCO 3750:
-create dhcp relay in vlan 30
interface Vlan30
ip address 10.0.30.1 255.255.255.0
ip helper-address 10.0.20.2

AD:
-set dns for these records and PTR
CISCO-CAPWAP-CONTROLLER 10.0.20.76
CISCO-LWAPP-CONTROLLER 10.0.20.76
OPTIONAL:
-set dhcp option 43 for ip 10.0.20.76
Binary: 00f1040a00144c

-How AP discover Controller
1. LWAPP discovery broadcast on local subnet
2. Over-the-Air provisioning (OTAP)
3. Local stored controller IP address from prior successful join process
4. DHCP option 43
5. DNS resolution of CISCO-LWAPP-CONTROLLER

ESXi:
Check which vWLC supporting your AP
In my case since I am using 1242 AP. I can’t use vWLC 8.1 and must use 8.0
Download and install AIR-CTVM-K9-8-0-120-0.ova
Power on
When “Press any key to use this terminal as the default terminal” prompt appear, press ENTER
Would you like to terminate autoinstall? [yes]:
System Name (31 characters max): wlc
Enter Administrative User Name (24 characters max): admin
Enter Administrative Password (3 to 24 characters):
Re-enter Administrative Password:
Service Interface IP Address Configuration (static)(DHCP): static
Service Interface IP Address: 10.0.100.76
Service Interface Netmask: 255.255.255.0
Management Interface IP Address: 10.0.20.76
Management Interface Netmask: 255.255.255.0
Management Interface Default Router: 10.0.20.1
Management Interface VLAN Identifier (0 = untagged):
Management Interface Port Num (1 to 1): 1
Management Interface DHCP Server IP Address: 10.0.20.2
Virtual Gateway IP Address: 1.1.1.1
Mobility/RF Group Name: WLC
Network Name (SSID): WLC
Configure DHCP Bridging Mode [yes][No]:
Allow Static IP Addresses [YES][no]:
Configure a RADIUS Server now? [YES][no]: no
Warning! The default WLAN security policy requires a RADIUS server
Enter Country Code list (enter ‘help’ for a list of countries)[US]:
Enable 802.11b Network [YES][no]:
Enable 802.11a Network [YES][no]:
Enable 802.11g Network [YES][no]:
Enable Auto-RF [YES][no]:
Configure a NTP server now? [YES][no]:
Enter the NTP server’s IP address: 10.0.20.2
Enter a polling interval between 3600 and 604800 secs: 3600
Would you like to configure IPv6 parameters[YES][no]: no

Configuration correct? If yes, system will save it and reset. [yes][NO]: yes

>show sysinfo

Manufacturer’s Name………………………… Cisco Systems Inc.
Product Name………………………………. Cisco Controller
Product Version……………………………. 8.0.120.0
RTOS Version………………………………. 8.0.120.0
Bootloader Version…………………………. 8.0.120.0
Emergency Image Version…………………….. 8.0.120.0
Build Type………………………………… DATA + WPS
System Name……………………………….. wlc
System Location…………………………….
System Contact……………………………..
System ObjectID……………………………. 1.3.6.1.4.1.9.1.1631
IP Address………………………………… 10.0.20.76
IPv6 Address………………………………. ::
System Up Time…………………………….. 0 days 0 hrs 3 mins 34 secs
System Timezone Location…………………….
System Stats Realtime Interval………………. 5
System Stats Normal Interval………………… 180
Configured Country…………………………. US  – United States
State of 802.11b Network……………………. Enabled
State of 802.11a Network……………………. Enabled
Number of WLANs……………………………. 1
Number of Active Clients……………………. 0
Burned-in MAC Address………………………. 00:0C:29:31:C8:E1
Maximum number of APs supported……………… 200
System Nas-Id……………………………… wlc
WLC MIC Certificate Types…………………… SHA1>show system interfaces
dtl0      Link encap:Ethernet  HWaddr 00:0C:29:31:C8:E1
inet addr:10.0.20.76  Bcast:10.0.20.255  Mask:255.255.255.0
dtl0:1    Link encap:Ethernet  HWaddr 00:0C:29:31:C8:E1
inet addr:1.1.1.1  Bcast:1.1.1.1  Mask:255.255.255.255
eth0      Link encap:Ethernet  HWaddr 00:0C:29:31:C8:D7
inet addr:10.0.100.76  Bcast:10.0.100.255  Mask:255.255.255.0
eth1      Link encap:Ethernet  HWaddr 00:0C:29:31:C8:E1
inet6 addr: fe80::20c:29ff:fe31:c8e1/64 Scope:Link
lo        Link encap:Local Loopback
inet addr:127.0.0.1  Mask:255.0.0.0>ping 10.0.0.1
Send count=3, Receive count=3 from 10.0.0.1
>show run-config
automatically convert unknown ap to flexconnect mode
>config ap autoconvert flexconnect
to reset to factory default, login using Recover-Config or
(Cisco Controller) > reset system
(Cisco Controller) > recover-config
to change management vlan id
>config wlan disable all
>config interface vlan management 0
to disabe http web gui and enable https web gui
>config network webmode disable
>config network secureweb enable
Now we can access web gui through service port 10.0.100.76 or management port 10.0.20.76
https://10.0.20.76
L: admin
P:Set Date and Time
-go to COMMAND
-click Set Date and Time
change date, time and time zoneAccept Self Signet Cert
-go to Security/AAA/AP Policies
-tick Accept Self Signed Certificate (SSC)

Enable management via wireless
-go to Management/Mgmt Via Wireless/
-tick Enable Controller Management to be accessible from Wireless Clients

Set log server
-go to Management/Logs/Config
set Syslog Server IP Address(Ipv4/Ipv6)

Set NTP Server
-go to Controller/NT/Server

Set user Interface
-go to Controller/Interfaces
create a new USER interface with VLAN 30

Configure LDAP Authentication
NOTE: This config is not secure because Security\LDAP\Secure Mode (TLS) is not enabled.
I don’t know yet how to configure it
ImageImage

Image

Image

Image

Enable DHCP proxy
If DHCP is different subnet than AP then enable DHCP Proxy
-go to Controller/Advances/DHCP
tick Enable DHCP ProxyEnable MAC Filtering if needed
Image
with Local or Radius MAC Filter

-go to Security/MAC Filering

Activate eval license
-go to MANAGEMENT/Software Activation/Licenses
-change Priority from Low to High
click Set Priority
accept EULA

Reboot vWLC
-go to COMMAND
-click Reboot

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s