Category Archives: Cisco

Posts that have to do with infrastructures and configuring cisco devices.

Howto Configure a Wireless Mesh Network using a Cisco Wireless LAN Controller (WLC)

Leave a reply

In this howto I want to show you how to create a Wireless Mesh network using Cisco AP’s and a Cisco Wireless LAN Controller. In this example I use a Cisco WLC with firmware 7.4 and Cisco 2600 series Access Points.

Some Mesh terminology first. When configuring a Mesh network you can configure your access points in 1 of 2 AP modes: Roof-Top AP (often called Root-AP) (RAP) or Mesh AP (MAP). The RAP will be the only access point that has a wired connection to the LAN. The MAP’s will be connected to other MAP’s or to the RAP using a wireless backhaul. In this example the 5 Ghz radio will be used for the backhaul. The backhaul is always encrypted using AES. The 2.4 Ghz range is used for leveraging wireless to end-users.

Second, Configure your WLC like the way you normally would, connect all access points to the LAN, create a WLAN and verify the AP’s are joined to the controller by logging in to the controller with a browser and navigate to the Wireless tab. You should see your access points here.

Now, let’s take a look at the steps needed for configuration of the wireless mesh network:

1. Configure AP Authentication:

If you skip this step and setup your access points as a bridge, they will not come back online again. Configuring AP Authentication can be done by adding the mac address of the AP’s to the controller’s database. This can be done in 2 ways:

Continue reading

Cisco 1600 / 2600 / 3600 AP: Convert Lightweight IOS to Autonomous IOS

Leave a reply

While the above seems rather easy to do using previously available methods, I stumbled upon a problem when wanting to convert a lightweight 2600 AP to autonomous mode. On the 1142 platform, I used the following commands:

debug capwap console cli
debug capwap client no-reload
archive download-sw /overwrite tftp://x.x.x.x/c1140-k9w8-tar.152-2.JA.tar

However, when using the same trick on a 2600 AP, it resets the BVI1 interface to use DHCP in the middle of the firmware download process, cancelling the firmware download:


Premature end of tar file
ERROR: Problem extracting files from archive.
Download image failed, notify controller!!! From:7.4.1.37 to 7.4.1.37, FailureCode:3

The procedure to convert the AP to autonomous mode is the following:

  • Restart the Access Point
  • While it loads the image in flash, press Escape, you’ll enter ROMMON mode
The system boot has been aborted. The following
commands will finish loading the operating system
software:

ether_init
tftp_init
boot
  • Set the IP address for the gigabit 0 interface:
ap: set IP_ADDR 10.0.2.1
ap: set netmask 255.255.255.0

Cisco WLC Guest WLAN and Firewall DHCP Servers – Not such a good marriage

Leave a reply

In small to medium WLAN deployments I’d like to use a Cisco WLC hooked up directly to a firewall to consolidate a guest WLAN. The firewall’s built-in DHCP then becomes a nice feature to have guest computers receive their IP addresses and settings.

Lately it has come to my attention that initially this setup fails when the DHCP proxy on the Cisco WLC is enabled. Since this is the case in the default configuration, this article focuses on what the DHCP proxy does and why it interferes with the firewall’s DHCP server.

What is the WLC DHCP Proxy?

When a client on the wireless networks connects it sends out an DHCP discover to look for an DHCP server and after the connection with a DHCP server is established it will send out an DHCP request to request an IP address. Both the discover and request are broadcasts.

This is where the DHCP Proxy comes into play. When WLC DHCP Proxy mode is enabled, the wireless lan controller will intercept the broadcast packets and sends them as unicast to the configured DHCP server. Also the packets that originate from the DHCP server and are headed back to the client are intercepted by the WLC, this time replacing the originating source IP of the DHCP server with a virtual IP address. The client now thinks that the WLC is the actual DHCP server.

Advantages of this approach are both functionality and security: The WLC now works as a IP-helper to redirect DHCP request, and the IP address of the real DHCP server is not transmitted through the air.

If you want to have more detailed information on the proces, take a look at this document at cisco.com.

Issues with DHCP Servers on firewalls

Continue reading

Configuring a Cisco WLC with a non-expiring (permanent) guest account

Leave a reply

Just a quick post on configuring guest accounts with an infinite lifetime.

Recently a client of the company I work for told me he was unable to configure a guest account in his Cisco Wireless LAN Controller (WLC) with an infinite lifetime. While trying to accomplish this, the controller would reply with a message stating that the lifetime can only be configured with a range that is configured between 5 minutes and 30 days.

While it is indeed possible to configure an account with a non-expiring lifetime, it is not possible to configure an existing guest account with a lifetime of 0 using the GUI. The following text from the Cisco WLC Config guide confirms this:

You can change a guest user account with a nonzero lifetime to another lifetime value at any time while the account is active. However, to make a guest user account permanent using the controller GUI, you must delete the account and create it again. If desired, you can use the config netuser lifetime user_name 0 command to make a guest user account permanent without deleting and recreating it.

As can be seen, it is also possible to login on the controller using SSH and enter the “config netuser lifetime username 0″ to make the change without deleting and re-creating the desired user.

Configuring a Cisco Wireless LAN Controller (WLC) with multiple AP-Manager Interfaces

Leave a reply

In certain Cisco Wireless Lan Controllers (WLC) the functionality to connect your controller to upstream switches using a Link Aggregation (LAG) is not available. An example of such a WLC is the Cisco WLC 2504.

To be able to connect your access points in a redundant way, you can configure multiple AP-Manager interfaces on your WLC. This article shows the neccesary steps and explains how Access Points know that there are multipe interfaces available to route traffic. This howto was written using WLC Controller release version 7 but should work with other releases also.

Differences between LAG and Multiple AP-Manager Interfaces.

From the WLC Config Guide:

  • With LAG, all of the controller ports need to connect to the same neighbor switch. If the neighbor switch goes down, the controller loses connectivity.
  • With multiple AP-manager interfaces, you can connect your ports to different neighbor devices. If one of the neighbor switches goes down, the controller still has connectivity.

Howto configure multiple AP-Manager Interfaces.

  • Log on to your WLC using the web console and navigate to Interfaces.
  • Add a new interface
  • Configure the interface as follows:

Continue reading