Cisco Wireless LAN Controller Basic Configuration

Below is a basic Wireless LAN Controller Configuration that worked! My setup is exactly like in the below picture, WLC is connected to a Cisco Layer 2 PoE Switch which inturn is connected to a Cisco ADSL router to reach internet.

WLC Basic Configuration

A. Cisco WLC 2504 Basic Configuration:

When the WLC boots at factory defaults, the bootup script runs the configuration wizard, which assists you to complete the initial configuration settings.

AUTO-INSTALL: process terminated -- no configuration loaded
 Enter Administrative User Name (24 characters max): hnsadmin
 Enter Administrative Password (3 to 24 characters): ************
 Re-enter Administrative Password : ************
 Enable Link Aggregation (LAG) [yes][NO]: no
 Management Interface IP Address: 10.10.10.2
 Management Interface Netmask: 255.255.255.0
 Management Interface Default Router: 10.10.10.1
 Management Interface VLAN Identifier (0 = untagged): 0
 Management Interface Port Num [1 to 4]: 1
 Management Interface DHCP Server IP Address: 10.10.10.1
 Virtual Gateway IP Address: 1.1.1.1
 Multicast IP Address: 239.0.0.1
 Mobility/RF Group Name: HNS-WIRELESS
 Network Name (SSID): HNSCORP
 Configure DHCP Bridging Mode [yes][NO]: no
 Allow Static IP Addresses [YES][no]: no
 Configure a RADIUS Server now? [YES][no]: no
Warning! The default WLAN security policy requires a RADIUS server.
 Please see documentation for more details.
Enter Country Code list (enter 'help' for a list of countries) [US]: IN
 Enable 802.11b Network [YES][no]: yes
 Enable 802.11g Network [YES][no]: yes
 Enable Auto-RF [YES][no]: yes
 Configure a NTP server now? [YES][no]: no
 Configure the system time now? [YES][no]: no
Warning! No AP will come up unless the time is set.
 Please see documentation for more details.
Configuration correct? If yes, system will save it and reset. [yes][NO]: yes
 Cleaning up DHCP server configuration
 Configuration saved!
 Resetting system with new configuration...
  • Management Interface VLAN IdentifierUse Valid VLAN Identifier. When Native VLAN is configured on the switch port to which the Management Interface on the controller is connected, then the controller should NOT tag the frames (Specify as 0 or just press Enter).
  • Management Interface Port Num – 1. There are 1 to 4 Gigabit Ethernet ports are available, you can choose from any one of them.
  • Virtual Gateway IP Address – Use any unused IP address in your network, typically 1.1.1.1. This IP address is used as DHCP relay (after and mobility, Mobility Management and Layer 3 security (like Guest Web Authentication, VPN termination).
  • Multicast IP Address – use an IP address from 239.0.0.0-239.255.255.255, Multicast messaging between the WLC and the AP is used when sending multicast traffic to the AP’s clients that are subscribed to the multicast messaging at the AP. This way it is still one message sent across the network and not a message-per-AP as in unicast-multicast mode. Multicast is needed when using bonjour protocol, video stream, Vocera Broadcast, Drager mobile systems
  • DHCP Bridging Mode – There are 2 modes of DHCP operation
  1. DHCP Proxy Mode (default) – The real DHCP Server IP address is not exposed in the air. The controller modifies and relays all DHCP transactions to provide helper function, and address certain security issues.The controller’s virtual IP address is normally used as the source IP address of all DHCP transactions to the client.
  2. DHCP Bridge Mode – The DHCP bridging feature is designed to make the controller’s role in the DHCP transaction entirely transparent to the client. The real IP of the DHCP server is seen in the Offer and Ack packets instead of the controller’s virtual IP address.
  • Allow Static IP Addresses – Do you want your clients to supply their own IP address?

 

B. Post Configuration of WLC 2504

  • Specify NTP Server – Go to Controller > NTP > ‘Server’ option to specify your NTP server.
 
C. Cisco Layer 2 Switch Configuration:
Port connected to WLC:-
 interface GigabitEthernet0/1
 switchport trunk native vlan 10
 switchport trunk encapsulation dot1q
 switchport mode trunk
 spanning-tree portfast
 !
  • If you have not specified “switchport trunk native vlan 10” in the switch port, you should have specified 10 in the Management Interface VLAN Identifier in WLC configuration.
Port connected to AP:-
 interface GigabitEthernet0/23
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
 !
  • Cisco lightweight APs do not understand VLAN tagging and should only be connected to the access ports of the neighbor switch.