—WCS (Wireless Control System)
The WCS is a controller management system, that allows you to push out config
to your multiple controllers, you can use templates to push standard config
to your controllers, you can also monitor clients and location devices.
SNMP is used to monitor and manage controllers
add a controller -> Configure -> Add controller
Option 150 on DHCP allows you to piont new controllers to the WCS to get config
—Clientlink
.11n is required to do beam forming (when a client has one radio to focus the isotropic
radio waves on the client)
If you have the older a/b/g then under the WIRELESS -> 802.11b/g/n TAB you can
enable clientlink this will allow the older clients which do not have .11n to
still be able to use beam forming, this is possible because the AP then calculates
the beamforming without getting feedback from the client like what usually happens
with .11n
—Cleanair
can be turned on under WIRELESS -> 802.11abgn ->CLEANAIR -> ENABLE cleanair.
Make sure your AP’s support clean air first, if detecting interference will change the channel, this can cause interference with co-exsiting channels.
Under the monitor tab you can get reports of interference from other devices
—Contain
If you mark a Rogue AP as malicious and set the status to contain, you will constantly
send de-auth messages to the client and get them to disconnect, you can specify
how many AP’s can be used to contain a rogue AP.
It works by spoofing the SSID and sending the messages to the client, this works
only when the management frames are not using management protection.
—Flexconnect
you can configure the flexconnect, h-reap properties under the WLAN -> SSID -> ADVANCED TAB
—Cell Edge (Client roaming)
You can set, at what RSSI point a client should start looking to cut over to another AP, this can be set under
WIRELESS -> 802.11abgn -> CLIENT ROAMING. 80 should be a absolute maximum for data, 65 average if you have voice.
—Mobility Groups
Mobility is the ability to roam between AP’s even AP’s on different controllers
seemlessly, by default traffic is symetrically tunneled back to the orginal WLC
on protocol 97 ethernet over IP Tunnel which is encypted.
A mobility domain contains multiple mobility groups, for mobility to work
all WLC’s must be running the same version of code.
The Mobility domain can be set under CONTROLLER -> GENERAL
A member of the mobility group can be added on a WLC under CONTROLLER -> Mobility group
The mobility anchor refers to a the WLC that you are tunneling traffic back to.
—Mobility Auto-Anchor
Can be used to force all traffic to go to another WLC first, This is done by
setting WLAN -> SSID arrow -> MOBILITY ANCHOR
—Autonomous Mode
other than LWAP you can have a standalone mode that does not require a WLC,
we use a BVI interface that has an IP address that is linked to both
the ethernet port and the radio.
A limitation of the Automonous AP is that it only broadcasts 1 SSID,
The other wif SSID need to have a manual entry on the client
There is a web management utility that can configure Automonous AP’s.
passwords
username: <blank>
password Cisco
Telnet
Cisco
Cisco
Console cable
enable: Cisco
—Converting Autonomous Mode to LWAP (one metheod)
1. telnet into the AutoAP
Cisco
Cisco
2. Run the command
archive download-sw tftp://(tftpserver IP)/c1130-k9w7-tar.124-25d.JA2.tar
3. wr
—IOS Recovery / Convert to Autonomous mode
Step 1 The static IP address of the PC on which your TFTP server software runs should be between 10.0.0.2 and 10.0.0.30.
Step 2 Make sure that the PC contains the access point image file (such as c1200-k9w7-tar.122-15.JA.tar for a 1200 series access point) in the TFTP server folder and that the TFTP server is activated.
Step 3 Set the timeout value on the TFTP server to 30 seconds.
Step 4 On the PC where the TFTP server is located, perform these steps:
a. Disable any software firewall products, such as Windows firewall, ZoneAlarm firewall, McAffee firewall, or others.
b. Ensure all Windows files are visible. From Windows Explorer, click Tools > Folder Options > View > Show hidden files and folders.
Step 5 Rename the access point image file in the TFTP server folder to c1200-k9w7-tar.default for a 1200 series access point, c1130-k9w7-tar.default for an 1130 series access point, c1240-k9w7-tar.default for a 1240 series access point, and c1250-k9w7-tar.default for a 1250 series access point.
Step 6 Connect the PC to the access point using a Category 5 (CAT5) Ethernet cable.
Step 7 Disconnect power from the access point.
Step 8 Press and hold MODE while you reconnect power to the access point.
Step 9 Hold the MODE button until the status LED turns red (approximately 20 to 30 seconds) and then release.
Step 10 Wait until the access point reboots, as indicated by all LEDs turning green followed by the Status LED blinking green.
Step 11 After the access point reboots, reconfigure it using the GUI or the CLI.
—IOS Recovery / Convert to Automous mode (c1700 notes)
-Name file ap3g2-k9w7-tar.default
-Power on holding MODE for 30 seconds until red light appears
—Converting LWAP to Autonomous Mode (Vice verser) Factory Restore Recovery
Step 1 The static IP address of the PC on which your TFTP server software runs should be between 10.0.0.2 and 10.0.0.30.
Step 2 Make sure that the PC contains the access point image file (such as c1200-k9w7-tar.122-15.JA.tar for a 1200 series access point) in the TFTP server folder and that the TFTP server is activated.
Step 3 Set the timeout value on the TFTP server to 30 seconds.
Step 4 On the PC where the TFTP server is located, perform these steps:
a. Disable any software firewall products, such as Windows firewall, ZoneAlarm firewall, McAffee firewall, or others.
b. Ensure all Windows files are visible. From Windows Explorer, click Tools > Folder Options > View; then uncheck the Hide extensions for known file types check box.
Step 5 Rename the access point image file in the TFTP server folder to c1200-k9w7-tar.default for a 1200 series access point, c1130-k9w7-tar.default for an 1130 series access point, c1240-k9w7-tar.default for a 1240 series access point, and c1250-k9w7-tar.default for a 1250 series access point.
Step 6 Connect the PC to the access point using a Category 5 (CAT5) Ethernet cable.
Step 7 Disconnect power from the access point.
Step 8 Press and hold MODE while you reconnect power to the access point.
Step 9 Hold the MODE button until the status LED turns red (approximately 20 to 30 seconds) and then release.
Step 10 Wait until the access point reboots, as indicated by all LEDs turning green followed by the Status LED blinking green.
Step 11 After the access point reboots, reconfigure it using the GUI or the CLI.
—Debugging
show debug
debug disable-all
debug capwap events enable
debug mac addr
debug dot1x
show client summary
LWAPP – Modes
Can operate L2 and L3 mode, L2 mode is being depricated and is no longer used. The AP must be on the same
broadcast segment (VLAN) as the WLC
L3 mode uses IP to communicate between the AP and the WLC.
AP to WLC
source port above 1024 UDP
–LWAPP
destination port 12222 UDP (For DATA) Destination WLC
destination port 12223 UDP (For Control) Destination WLC
–CAPWAP
destination port 5246 UDP (For DATA)
destination port 5247 UDP (For Control)
WLC to AP
Source port 12222(DATA)
Source port 12223(Control)
Destination port Random High port
—Traffic Journey
//TO TRAFFIC
Laptop sends a packet to AP -> AP Encodes the packet with an LWAPP Encapsulation UDP 12222 -> WLC removes
the LWAPP Encapsulation and forwards to the client/default gateway
//RETURN TRAFFIC
Destination sends traffic to the WLC -> WLC Puts a LWAPP Encapsulation on it and sends to the AP, AP Sends
to the client
—Mobility group
This is a group of Wireless lan controllers that share information about roaming clients, a WLC can only be a
member of 1 mobility a group and 1 Mobility domain (Group of Mobility groups).
It is possible to have information sent between different mobility groups, SSID and firmware of WLC must be
the same.
The mobility information must be added to each WLC in the controller page. this information includes a
MAC address and Management IP of other WLC in the mobility domain.
—L3 Roaming
This is when a Client moves closer to another access piont which is on another VLAN or subnet.
The SSID Must be the same, the traffic is then tunnelled back to the orginal controller.
There are 2 tpyes of tunnels that can handle this
When you have multiple WLC’s you must use the same IP for the virtual interface IE 1.1.1.1 if you are in the
same mobility group, If you do not roaming will not be seamless.
//Assymetrical tunnel(Default)
This is when a client roams to another subnet that is handled by another WLC handled by another mobility group.
Traffic is routed directly
to the client, return traffic goes to the orginal WLC that connected the client and is tunneled to the new
WLC
//symetrical tunnel
This is when a client roams to another subnet that is handled by another wLC in another Mobility group.
The traffic is then tunneled back to the orginal WLC “called anchored” and then sent to the destination.
Return traffic is then sent back to the orginal WLC and forwared to the sender.
—Mobility
Requirements are
-Must have the same code of firmware on the WLC
-Must be in the same mobility domain
-Must have the same SSID
-Virtual IP Address must be the same
-Must be the same L2/L3 AP connection type
Romaing between AP’s in the same controller takes 10ms
Roaming between controllers takes less than 20ms
—Set Mobility Domain (Can have 48 wLC’s)
Controller -> General
—Set Mobility Peers (Can have 24 WLC’s per Mobility Group)
Controller -> Mobility management
—Cisco Mobilty Express
This is the cut down version from the full blown enterprise version, 526 controller only works with 526 AP’s.
—MFP
Because management frames are sent in clear txt when a client is beginning to associate to to an AP
It is possible for someone to spoof reply frames to a client.
MFP is the process of sending a hashed value with the control messages that verifies the integrity of the
message. AP’s not running MFP, in the wLC you will be able to see how many clients it has.
—LEAP (xxx extensible auth protocol)
Means that the WLC is preforming user authentication, instead of AD, can be used as a good backup if the RADIUS
server is down.
LEAP can be configured under SECURITY -> LEAP PROFILE -> NEW -> SETTINGS
SECURITY -> LOCAL NET USERS -> NEW -> SETTINGS
WLANS -> AAA Servers -> LEAP + LEAP Profile
—EAP-TLS
Most complex implementation of certificate based Authenication, requires the pc to have a certificate
the Radius server to have a certificate. The certificate contains information like a username which can
authenticate the machine.
Once certifice has been checked, symetrical authentication is negotiated between the client and WLC,
This allows for faster encryption and decryption of packets.
—EAP-FAST
This is the quick way to setup EAP-TLS without certificates,
—PEAP
This is the fake EAP-TLS sends a fake certificate, uses a certificate on the server
—WPA Personal vs WPA Enterprise
WPA personal uses a PSK password key, Enterprise uses a RADIUS server to authenticate clients
—802.11i
This is the industry Standard for WPA2, does not support PSK authentication must happen on the RADIUS server
—Flexconnect REAP and H-REAP
REAP and H-REAP has been replaced by flexconnect, can be used to switch traffic locally.
Flex-connect comes in 3 distint flavours
//WAN Up (Centrally switched) = Tunneled back to the wLC
//WAN UP (Locally Switched) = switched back to the WLC
//WAN DOWN (locally switched) = Locally switched, some features will not work
//Configuration Flex-connect locally switched
1. Create your SSID
WLAN -> Create new -> Advanced -> Flexconnect local switched
2. Place your AP into Flexconnect Mode
Wireless -> AP -> Mode -> Flexconnect
3. Set your MGT vlan for the AP
Wireless -> AP -> Flexconnect -> Native vlan 175
4. Configure the Switch as a trunk port
int fa0/2
switchport mode trunk
switchport trunk native vlan 175
5. Create your flex-connect group and add AP
Wireless -> FlexConnect Groups -> New
-> Add AP from list
6. Create your SSID / VLAN mapping
Wireless -> AP -> Flexconnect -> VLAN mapping -> SSID = vlan 170
7. Create your Central DHCP Mapping
Wireless -> Flex-connect Groups -> Central DHCP
-> WLAN id : 3
-> Tick Central DHCP
-> Add
—Rogue Mode
Listen on the wire for ARP requests of wireless access pionts
—Listen mode
Listen on the wireless for attacks and rogues
—Sniffer mode
send the data back to be analysed.
—SE-Connect mode
Allows you to listen on other spectrums for interference, must have a built in hardware chip in the AP.
—Mobility Anchor (AKA AUto-anchor mobility)
Automatically send all traffic to a particular controller. Often used for Guest SSID’s to
send that traffic to the DMZ. Each WLC can suppot up to 40 Tunnels
//Set the Auto-Mobility Anchor –WLAN –>SSID –>Mobility-Anchor
—Multiple b/g/n clients
you will find that the first b client to connect to the wifi will half the speed of the 802.11g data rate
the reason for this is that, now all clients are sending RTS and CTS messages before tranmsmitting there
OFDM messages
—Different Modulations
When a client is annoucing something to the network is uses the lowest possible modulation so that
all clients can hear the anouncement.
—CAPWAP vs LWAP
After release WLC 5.2 CAPWAP is the default protocol for Communicating with clients,
CAPWAP is backwards compatible with LWAPP L3, CAPWAP is the universal standard,
CAPWAP uses UDP port 5246 and UDP Port 5247 for Data and Control.
CAPWAP encrypts all its data and control frames to the WLC, supports NAT-T, ipv6, PAth-MTU to safe
guard against packet fragmentation.
—Registering a Lightwieght access point to a controller
WLC
//debug lwap events enable = see debugs of AP’s registering
//debug lwapp packet enable = see debugs of AP’s registering
option 1, Have it on the same subnet as the subnet as the WLC, broadcast messages will find the WLC
The broadcast is sent out on 255.255.255.0
option 2, If running version 4.2 and below of the WLC It can learn the WLC IP from OTAP messages
broadcast by other wireless lan controllers
option 3, If the LAP has been joined to a WLC previously it will have config stored in the NVRAM
where to find the WLC.
option 4, Configure DHCP option 43
//Configuring Option 43 for 1000, 1500, and 1550 Series Access Points
-option 60 ascii = “VCI” Value for example “Cisco AP c1130”
-option 43 ascii = “10.126.126.2,10.127.127.2”
//Configuring Option 43 for 1100, 1130, 1200, 1240, 1250, 1300, 1520, and 1550 Series Access Points
-Option 60 ascii = “VCI” value for example “Cisco AP c1130”
-option 43 hex = “value” eg “f1080a7e7e020a7f7f02”
value is “(f1) + (<number of WLC’s> x 4) + (IP’s)
eg, 2 wlc’s IP of 10.126.126.2 and 10.127.127.2
= (f1) + (2 x 4) + 0a7e7e02 and 0a7f7f02
= f1080a7e7e020a7f7f02
option 5, Configure a DNS entry for CISCO-LWAPP-CONTROLLER.domain.com
Option 6, Forward broadcast packets to the WLC
ip-helper address x.x.x.x
ip forward-protocol udp 12223 //Use this line for LWAPP
ip forward-protocol udp 5246 //Use this line for CAPWAP
—Which WLC will the LAP connect to?
The WLC sends a response back to the LAP with information
Criteria 1 – If the LAP has been previously configured with one of the controllers as a Primary or a secondary
controller then choose this
Criteria 2 – If the AP is configured to have a preference of the primary and secondard controller choose this
Criteria 3 – If none of the above information can not be found, use the Controller with the most amount of capacity
—Hidden Terminal
With DCF (distributed coord function) each client is responsible CTS and RTS messages, there is a possibility
of another wifi device that can transmit to the AP but not have the range to get its RTS and CTS messages to another
client, packets can then collide, you are more susepitable to this when the power is turned up beyond the
capabilities of the Wifi client.
—Clean Air
This is the ability for Cisco WAP pionts to dynamically change the channel they are broadcasting on to
reduce the amount of intefer while communicating. supported on the 3500 and 3600 series.
—Mobility Services Engine
This is the ability to have heat maps and locate clients and rogue AP’s visually.
—Backup models
//Redudancy force-switchover !Make the AP’s fail over to the secondary WLC
//High Availability HA
Two controllers operating in a pair. You can purchase HA skew licenses so that both do not need
150 licences (X2) You could buy 150 (1x) SKEW HA license
IP Addresses Used
Primary Secondardy
Management IP 10.61.9.66 10.61.10.66 ! Note after HA only the primary 10.61.9.66 will function
Redundancy Mgt IP 10.61.9.175 10.61.10.175 !Note This ip works like a standby HSRP IP address and is placed on the same VLAN as the Management IP address.
Redundancy Port IP 169.254.9.175 169.254.10.175 !Note this is a physical port on the WLC which must be patched and placed on the same VLAN as the standby Controllers Redundancy Port.
Peer Service IP 10.61.2.182 !The peer service port is used for CLI access into the standby controller in the event of HA failure
//Configuration
Controller -> Redundancy -> Global Configuration
Redundancy Mgt IP -> IP address must be on the same VLAN as the Management Interface (eg. 10.61.10.67 VLAN 10) Vlan 10 will be auto populated from the Mgt interface
Peer Redundancy MGT IP -> IP address must be on the same VLAN as the Management Interface (eg. 10.61.10.68 VLAN 10) Vlan 10 will be auto populated from the Mgt interface
Redudancy Port IP -> 169.254.X.X (X.X) Auto popluated from the Redundancy MGT IP. Sent through to the trunk, on the native VLAN
Peer Redudancy Port IP -> 169.254.X.X (X.X) Auto popluated from the Redundancy MGT IP. Sent through to the trunk, on the native VLAN
SSO = Enabled
//N+ 1
Can be configured under Controller -> Redundancy. Means you have 1 primary + 1 backup
Does not support SSO(stateful switch over)
When an AP fails over to a secondary WLC After 90 days warning messages will be sent out. make sure
your backup WLC has enough licenses to support the failover.
//N+N +1
Can be configured under Controller -> Redundancy. Means you have 1 primary + 1 Secondary 1 backup
—AP Priority
If you only have say 50 licenses on the “+1” in the N + 1 model then we need to configure
AP priority.
Wireless -> Global configuration -> Enable AP priority
Wireless -> AP -> HA -> Priority
CLI Set the priority
See AP names “show ap summary”
config ap priority 4
—Interfaces
//service-Interface – Out of band management, not mandatory, no default gateway.
//AP-Manager – This is the interface that is the source of traffic heading to WAP’s, WAPs send to the
IP address of the AP-manager.
//Management – This is the IP address used for the WebGUI, we use this to point the ip-helper address
information to.
//Virtual Interface – Used for Web Authorization. Piont your DHCP server, to this virtual ip address of the
controller 1.1.1.1 if the dhcp scope is located on the controller.
//dynamic Interface – Vlan sub interface for SSID’s which contain an ssid and send out
dot1q tagged packets to the switch.
—802.11e
This is the quality of service that is available with wifi, there are 0-7 classes of traffic according to the
standard, however cisco is only using 4 classes (Platinium, Gold, silver and bronze)
The QOS can be set under WLAN ->SSID ->QOS -> Type.
7920 AP CAC is call access control, the AP decides if there is enough bandwidth to make the call.
7920 Client CAC is the call access control, the phone decides if there is enough bandwidth to make the call.
The path of the traffic flows like the following,
//Client to AP
This uses the WMM 802.11e on the client to set each packet according to the type of traffic.
The Client marks voice traffic with WMM 6, and file transfer traffic as WMM0
Note: WLAN must be set to WMM allowed
Note: EDCA (Wireless-> 802.11 -> EDCA) Values must be set to allow shorter contention backoff timers for the Voice Traffic
//AP to Switch
The AP will remark the WMM value set on the client to the DSCP value on the outer CAPWAP packet.
Note: WMM must be set to allowed under the WLAN profile
Note: the switchport to the AP must be marked as “trust mls qos dscp”
Note: If the QOS profile is set say Gold/Silver/Bronze, then it will be capped at a max of CS4,CS2,CS0
When changing QOS Profiles we need to disable the network first (Wireless -> 802.11-> Network)
//Switch to WLC
As the WLC will sit on a trunk to the switch the COS value 802.1p is used, The switchport
connected to the WLC must be configured as “mls qos trust cos”
Traffic going from the WLC will use the Cos-DSCP mapping table to add on a DSCP value
Traffic going to the WLC will use the DSCP-COS mapping table to add on a Cos Value
Note: Cos values for Traffic for that SSID will be capped at the Max Cos value in the QOS profile
going from or to the WLC.
//Switch to Switch
If on trunks we need to trust mls qos cos
If on L3 switchports we need to trust mls qos dscp
CLIENT -> AP -> WLC -> LAN
SIFS COS/DSCP DSCP DSCP
802.11e CAPWAP 802.3 802.3
//QOS profile.
This sets the maximium allowed QOS value for a packet.
Also max TCP/UDP session bandwidth allowed.
—Self healing
This is the ability for an AP if a radio is broken to get the client to connect to the other
radio inside the AP.
—Split MAC Operation
Put some of the intelligence back in the AP, to controll some of the local traffic.
Handles the following information
-802.11 encyption/decyption to the client
-monitoring for noise
-All time specific operations
—Updating a Controller
When you update a controller remember that additionally the outage that occurs is the AP’s
will reboot and get a new copy of software. 10 AP’s are upgraded/downgraded at a time.
make sure all WLC’s are running the same version or AP’s changing association will be
upgraded/downgraded.
You cannot upload or download a file from the WLC when you are connected over the WLAN.
—Upfade
This is the phenomeon when multiple signals from multipath arrive at the same time boosting
the signal of the WLAN.
—AP Failover HA Order of Operations
a) AP Statically configured value found under WIRELESS -> AP -> High Availability
b) Globally defined values under WIRELESS -> Global Configuration
c) Mobility Group, WLC with the least amount of AP’s connected.
//Configuration
CLI Set the priority
See AP names “show ap summary”
config ap primary-base WLC1 LAP1 x.x.x.x
—Deploying a WLC
debug capwap packet enable
1. Import the OVA
2. Set the serviceport IP (out of band management)
3. Set the mangement IP, gateway + Subnet mask + Vlan tag
3a. Set NTP + Timezone or else AP connection will fail
4. Configure the vSwitch to be vlan 4096 (ALL)
4a. -Under the security Tab of the vSwitch tick promiscious mode = Accept.
IF YOU DO NOT DO THIS TRAFFIC CANNOT FLOW ONTO THE SWITCH
5. Configure the trunk to the ESX server
5. Apply the vSwitch to the WLC.
6. Activate the demo license
-Nagviagte to https://IP
-Management -> Software Activation -> Licenses -> Base-AP-Count
-Set priority to “High” Accept the EULA
-(Error EULA not accepted = CMD “license modify priority base-ap-count high”)
-Reboot the WLC
7. Configure the AP on an Access VLAN ( Trunk for Flexconnect/H-REAP)
8. Set your DHCP options for the scope
DHCP Server -> Predefined Options -> Add
-Option 60 string = “VCI” value for example “Cisco AP c1130”
DHCP Server -> IPv4 -> Right Click -> Define Vendor Class -> Add “wlc”
DHCP Server -> Predefined Options -> Add
-option 43 hex = “value” eg “f1080a7e7e020a7f7f02”
value is “(f1) + (<number of WLC’s> x 4) + (IP’s)
eg, 2 wlc’s IP of 10.126.126.2 and 10.127.127.2
= (f1) + (2 x 4) + 0a7e7e02 and 0a7f7f02
= f1080a7e7e020a7f7f02
DHCP Server -> Scope Options -> Scope options -> Right click Configure Options -> Advanced -> vWLC
8a. Assign Scope options to the scope
DHCP Server -> Scope Options -> Scope options -> Right click Configure Options
Tick the 2 new options created in step 8
8b. Create the DNS entry for CISCO-CAPWAP-CONTROLLER.domain.com
CISCO-LWAPP-CONTROLLER.cisco.com
9. Create your WLAN
-Assign your SSID
-Broadcast Settings
-Interface
-Security settings
10.Create your Interface
– Set your DHCP information
– IP address
– VLAN
10a) If you are going straight to version 8.x with a vwlc, the AP’s must first be joined to a
7.3x verion vwlc to update its firmware. Version must be a least c1130-k9w8-tar.124-25e.JAM.tar
11. For vWLC put the AP in Flexconnect mode. Local will not function
Wireless -> AP -> Mode -> Flexconnect
11. Enable 2.4 Ghz RF Frequencies
Wireless -> 802.11b/g/n -> Enable 802.11g supportk
12. For vWLC change the mode to Flexconnect. Only Flexconnect is supported on the vWLC.
13. Check the AP Groups are allowing the SSID on the AP
WLAN-> Advanced -> AP Groups -> Edit
-ADD the AP + sSID’s
14. I needed to manually enable the interface on the AP
SSH -> AP
conf t
int Dot11Radio0
shutdown
no shutdown
conf t
int Dot11Radio1
shutdown
no shutdown
—Reset AP Configuration 1131ag
I just got my hands on a used Aironet 1131AG access point and of course the person before me did not give the enable secret. I had no choice but to reset the access point back to it’s factory default.
1. Unplug the power.
2. Hold the mode button down.
3. Plug power back in with mode button still pressed down.
4. When the status LED turns amber let go of the mode button.
The access point should boot back up with a brand new configuration
—Reset Clear AP Configuration WLC
show ap summary
clear ap config AP001b.d5bd.f10e
—Set the Primary controller via WLC for the AP
show ap summary
config ap primary-base vWLC AP001b.d5bd.f10e 10.1.175.5
—Reboot AP via command line
show ap summary
ap reset AP001b.d5bd.f10e
—Change SSH/Telnet Timeout timer
config sessions timeout 0
—LACP Portchannel Etherchannel Configuration
1. Enable LAG on the WLC
Controller -> General -> LAG Mode on next reboot -> Enable
2. Configure the LACP on the switch
interface GigabitEthernet1/0/11
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode on
spanning-tree portfast trunk
!
interface GigabitEthernet1/0/12
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode on
spanning-tree portfast trunk
end
!
interface Port-channel1
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree portfast trunk
—Converting a 3700i or 2700 series access piont firmware
Step 1 Configure the PC on which your TFTP server software runs with a static IP address in the range of 10.0.0.2 to 10.0.0.30.
Step 2 Make sure that the PC contains the access point image file (such as ap3g2-k9w7-tar.152-4.JB4.tar for a 2700 or 3700 series access point) in the TFTP server folder and that the TFTP server is activated.
Step 3 Rename the access point image file in the TFTP server folder to ap3g2-k9w7-tar.default for a 2700 or a 3700 series access point.
Step 4 Connect the PC to the access point using a Category 5 (CAT5) Ethernet cable.
Step 5 Disconnect power from the access point.
Step 6 Press and hold the MODE button while you reconnect power to the access point.
Note
The MODE button on the access point must be enabled. Follow the steps in the “Disabling the Reset Button on Access Points Converted to Lightweight Mode” section on page 8-45 to select the status of the access point MODE button.
Step 7 Hold the MODE button until the status LED turns red (approximately 20 to 30 seconds), and release the MODE button.
Step 8 Wait until the access point reboots as indicated by all LEDs turning green followed by the Status LED blinking green.
Step 9 After the access point reboots, reconfigure the access point using the GUI or the CLI.
—Enable https UCS 200 5520 WLC
port adminmode all enable
network webmode enable
network secureweb enable