Configure a Basic WLAN on the WLC

WLC Topology

The topology and addressing scheme used for the videos and this topic are shown in the figure and the table. The access point (AP) is a controller-based AP as opposed to an autonomous AP. Recall that controller-based APs require no initial configuration and are often called lightweight APs (LAPs). LAPs use the Lightweight Access Point Protocol (LWAPP) to communicate with a WLAN controller (WLC). Controller-based APs are useful in situations where many APs are required in the network. As more APs are added, each AP is automatically configured and managed by the WLC.

Topology

The AP is PoE, which means it is powered overthe Ethernet cable is attached to the switch.

Addressing Table

 
Device Interface IP Address Subnet Mask
R1 F0/0 172.16.1.1 255.255.255.0
R1 F0/1.1 192.168.200.1 255.255.255.0
S1 VLAN 1 DHCP
WLC Management 192.168.200.254 255.255.255.0
AP1 Wired 0 192.168.200.3 255.255.255.0
PC-A NIC 172.16.1.254 255.255.255.0
PC-B NIC DHCP
Wireless Laptop NIC DHCP

Log in to the WLC

Configuring a wireless LAN controller (WLC) is not that much different from configuring a wireless router. The big difference is that a WLC controls APs and provides more services and management capabilities, many of which are beyond the scope of this module.

Note: The figures in this topic that show the graphical user interface (GUI) and menus are from a Cisco 3504 Wireless Controller. However, other WLC models will have similar menus and features.

The figure shows the user logging into the WLC with credentials that were configured during initial setup.

The figure depicts a log-in prompt for a WLC GUI on a web browser.

The Network Summary page is a dashboard that provides a quick overview of the number of configured wireless networks, associated access points (APs), and active clients. You can also see the number of rogue access points and clients, as shown in the figure.

The figure depicts the Network Summary page on a WLC GUI. The Network summary tab is selected showing the number of wireless networks: 0, access points: 1, Active clients on 2.4 GHz and 5 GHz: 0, Rogue APs: 51, Rogue Clients: 5 and Interferers on 2.4 GHz and 5 GHz: 0. It also shows the access points usage in a doughnut chart and operating systems.

View AP Information

Click Access Points from the left menu to view an overall picture of the AP’s system information and performance, as shown in the next figure. The AP is using IP address 192.168.200.3. Because Cisco Discovery Protocol (CDP) is active on this network, the WLC knows that the AP is connected to the FastEthernet 0/1 port on the switch.

The figure depicts information about Access Points on a WLC GUI. The Access points tab is selected showing information about the access point. It lists the AP name, Location, Mac Address, IP address, CDP/LLDP, Ethernet Speed, Model/Domain, Power status, Serial Number, Groups, Mode/sub-mode, Max capabilities, Fabric. There is also a Performance Summary which lists the number of Clients, Channels, Configured Rate, Usage Traffic, Throughput, Transmit Power, Noise, Channel Utilization, Interference, Traffic, Air Quality, Admin Status, and Clean Air Status for both 2.4 GHz and 5GHz.

This AP in the topology is a Cisco Aironet 1815i which means you can use the command-line and a limited set of familiar IOS commands. In the example, the network administrator pinged the default gateway, pinged the WLC, and verified the wired interface.

AP1# ping 192.168.200.1
Sending 5, 100-byte ICMP Echos to 192.168.200.1, timeout is 2 seconds
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1069812.242/1071814.785/1073817.215 ms
AP1# ping 192.168.200.254
Sending 5, 100-byte ICMP Echos to 192.168.200.254, timeout is 2 seconds
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1055820.953/1057820.738/1059819.928 ms
AP1# show interface wired 0
wired0    Link encap:Ethernet  HWaddr 2C:4F:52:60:37:E8
          inet addr:192.168.200.3  Bcast:192.168.200.255  Mask:255.255.255.255
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:2478 errors:0 dropped:3 overruns:0 frame:0
          TX packets:1494 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:80
          RX bytes:207632 (202.7 KiB)  TX bytes:300872 (293.8 KiB)
AP1#

Advanced Settings

Most WLC will come with some basic settings and menus that users can quickly access to implement a variety of common configurations. However, as a network administrator, you will typically access the advanced settings. For the Cisco 3504 Wireless Controller, click Advanced in the upper right-hand corner to access the advanced Summary page, as shown in the figure. From here, you can access all the features of the WLC.

The figure depicts the Summary page on a WLC GUI. The Monitor tab is selected showing the Summary page for a Cisco 3504 Wireless controller. It shows the front of a Cisco 3504 Wireless controller and information about the controller such as Management address, Software version, System name, Uptime, Active rogue APs, Active Rogue Clients, ADhoc Rogues and Rogues on Wired Network.

Configure a WLAN

Wireless LAN Controllers have ports and interfaces. Ports are the sockets for the physical connections to the wired network. They resemble switch ports. Interfaces are virtual. They are created in software and are very similar to VLAN interfaces. In fact, each interface that will carry traffic from a WLAN is configured on the WLC as a different VLAN. The Cisco 3504 WLC can support 150 access points and 4096 VLANs, however it only has five physical ports, as shown in the figure. This means that each physical port can support many APs and WLANs. The ports on the WLC are essentially trunk ports that can carry traffic from multiple VLANs to a switch for distribution to multiple APs. Each AP can support multiple WLANs.

Basic WLAN configuration on the WLC includes the following steps:

  1. Create the WLAN
  2. Apply and Enable the WLAN
  3. Select the Interface
  4. Secure the WLAN
  5. Verify the WLAN is Operational
  6. Monitor the WLAN
  7. View Wireless Client Information

1. Create the WLAN

In the figure, the administrator is creating a new WLAN that will use Wireless_LAN as the name and service set identifier (SSID). The ID is an arbitrary value that is used to identify the WLAN in display output on the WLC.

The figure depicts the creation of a new WLAN on a WLC GUI. The WLANs New tab is selected with options for the Type, Profile Name, SSID and ID. The type is WLAN, the profile name is Wireless_LAN, the SSID is Wireless_LAN and the ID is 1.

2. Apply and Enable the WLAN

After clicking Apply, the network administrator must enable the WLAN before it can be accessed by users, as shown in the figure. The Enable checkbox allows the network administrator to configure a variety of features for the WLAN, as well as additional WLANs, before enabling them for wireless client access. From here, the network administrator can configure a variety of settings for the WLAN including security, QoS, policies, and other advanced settings.

The figure depicts applying and enabling the WLAN on a WLC GUI. The WLANs General tab is selected showing information about the Wireless_LAN profile. It shows the Profile name, Type, SSID, Status, Security policy, Radio policy, Interface/Interface group, Multicast VLAN Feature, Broadcast SSID and NAS-ID. There is a rectangle around the enable option indicating to enable the status of the WLAN.

3. Select the Interface

When you create a WLAN, you must select the interface that will carry the WLAN traffic. The next figure shows the selection of an interface that has already been created on the WLC. We will learn how to create interfaces later in this module.

The figure depicts securing the WLAN on a WLC GUI. The WLANs General tab is selected showing information about the Wireless_LAN profile. The Interface/Interface Group option has a rectangle around it with user_wlan selected as the option.

4. Secure the WLAN

Click the Security tab to access all the available options for securing the LAN. The network administrator wants to secure Layer 2 with WPA2-PSK. WPA2 and 802.1X are set by default. In the Layer 2 Security drop down box, verify that WPA+WPA2 is selected (not shown). Click PSK and enter the pre-shared key, as shown in the figure. Then click Apply. This will enable the WLAN with WPA2-PSK authentication. Wireless clients that know the pre-shared key can now associate and authenticate with the AP.

The figure depicts verifying the WLAN is operational on a WLC GUI. The WLANs tab on the main menu is selected and the WLANs tab on the sub-menu is selected showing the Wireless_LAN profile.

5. Verify the WLAN is Operational

Click WLANs in the menu on the left to view the newly configured WLAN. In the figure, you can verify that WLAN ID 1 is configured with Wireless_LAN as the name and SSID, it is enabled, and is using WPA2 PSK security.

The figure depicts monitoring the WLAN on a WLC GUI. The WLANs tab on the main menu is selected and the WLANs tab on the sub-menu is selected showing the Wireless_LAN profile.

6. Monitor the WLAN

Click the Monitor tab at the top to access the advanced Summary page again. Here you can see that the Wireless_LAN now has one client using its services, as shown in the figure.

The figure depicts viewing wireless client details on a WLC GUI. The Monitor tab is selected and the Client tab on the sub-menu is selected. The client tab shows a client with the MAC address of 00:13:ce:57:7c:67 and the IP address of 192.168.5.2, connected to Wireless_LAN through AP1.

7. View Wireless Client Details

Click Clients in the left menu to view more information about the clients connected to the WLAN, as shown in the figure. One client is attached to Wireless_LAN through AP1 and was given the IP address 192.168.5.2. DHCP services in this topology are provided by the router.

this is the image’s alt text

Configure a WPA2 Enterprise WLAN on the WLC