Scribd
Upload
716 views30 pages

WLC - Basic Concepts & Troubleshooting - sCRIB

The document discusses wireless LAN controllers (WLC), including basic concepts, models, specifications, ports and interfaces, default setup, high availability modes, Cisco WLC and AP supportability, menu specifications, configuration verification, code/file configuration, and troubleshooting. It provides an overview of WLCs and how they are used to centrally manage wireless networks and access points. Key information covered includes common WLC models, default configuration, high availability and redundancy modes, methods for accessing and configuring Cisco APs managed by the WLC, and steps for basic verification and troubleshooting.

Uploaded by

shrilath
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
716 views30 pages

WLC - Basic Concepts & Troubleshooting - sCRIB

The document discusses wireless LAN controllers (WLC), including basic concepts, models, specifications, ports and interfaces, default setup, high availability modes, Cisco WLC and AP supportability, menu specifications, configuration verification, code/file configuration, and troubleshooting. It provides an overview of WLCs and how they are used to centrally manage wireless networks and access points. Key information covered includes common WLC models, default configuration, high availability and redundancy modes, methods for accessing and configuring Cisco APs managed by the WLC, and steps for basic verification and troubleshooting.

Uploaded by

shrilath
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 30

WIRELESS LAN CONTROLLER

(WLAN)
- Basics Concepts & Troubleshooting

AT&T Proprietary (Internal Use Only)


Not for use or disclosure outside the AT&T companies except under written agreement
AGENDA
Wireless LAN Controller Basic
Models & Specification
WLC Ports & Interfaces
Default Setup
HA Mode & VSS Setup
Cisco WLC Supportability
Cisco AP Supportability
Working with the Cisco WLC
Menu Specification
Basic Verification
Code/File Configuration
Troubleshooting
Terminology
References
2

AT&T Proprietary (Internal Use Only)


Not for use or disclosure outside the AT&T companies except under written agreement
Wireless LAN Controller

(WLC)
Provide a single solution to configure, manage and support corporate wireless
networks, regardless of their size and locations.
Used in combination with the Lightweight Access Point Protocol (LWAPP) to
manage light-weight access points in large quantities by the network administrator or
network operations center.
WLAN controller automatically handles the configuration of LWAP.
When the AP joins a WLC, a Control And Provisioning of Wireless Access Points
protocol (CAPWAP) tunnel is formed
between the two devices. All traffic, which
includes all client traffic, is sent through
the CAPWAP tunnel.
A device that connects to a WI-FI Network
is Wi-Fi Client. (Eg: laptop, printer, smartphone or camera)

LWAP being used from 2004 & CAPWAP


being used from 2009 which provides, DTLS
security & supports IPV6, NAT .

AT&T Proprietary (Internal Use Only) Subject to restrictions on first slide. 3


MODELS &
Cisco Wireless Controllers currently offered These include:
SPECIFICATION
Cisco Virtual Controller

Controller for ISR G2


2500 Series - 5 to 50 APs
3650 Series
5500 Series - 12 to 500 APs
5760 Series
3850 Series
WiSM2 - Upto 1000 APs
Flex 7500 Series
8500 Series

AT&T Proprietary (Internal Use Only) Subject to restrictions on first slide. 4


WLC PORT &
INTERFACES

Management Interface - in-band interface IP address on the controller. (The


management interface acts like an AP-manager interface by default, and the access
points can join on this interface).
Console Port Used to connect a terminal or PC to access the CLI to configure.
Service Port - used for Out Of Bound (OOB) Management.
Redundancy Port - used for High-Availability (HA) deployment designs when
there are two WLCs available.
SFP/Ethernet Distribution System Ports - Small form-factor pluggable/connects
the controller to a neighbor switch and serves as the data path between these two
devices.
Virtual Interface - help to manage & support Wireless Clients by providing DHCP
relay functionality, guest web authentication, VPN termination and other services..
AT&T Proprietary (Internal Use Only) Subject to restrictions on first slide. 5
DEFAULT SETUP

AT&T Proprietary (Internal Use Only) Subject to restrictions on first slide. 6


High Availability (SSO) Setup
HA is for box-to-box redundancy
High Availability (HA) feature (that is, AP SSO) set
within the Cisco WLC software release version 7.3
and 7.4 allows the access point (AP) to establish a
CAPWAP tunnel with the Active WLC and share a
mirror copy of the AP database with the Standby
WLC.
Only one CAPWAP tunnel maintained at a time
between the APs and the WLC that is in an Active
state.
AP SSO support is to reduce major downtime in
wireless networks due to failure conditions that may Redundancy Mode.................................. SSO

occur due to box failover or network failover.


No preempt functionality. Active/Standby decision
can be made based on manual configuration.

AT&T Proprietary (Internal Use Only) Subject to restrictions on first slide. 7


Virtual Switching System HA Setup
WiSM is the most innovative, unified, scalable wireless solution in the industry.
The first controller is considered the WiSM-A card, while the second controller is
considered the WiSM-B card. Interfaces and IP addressing have to be considered
on both cards independently.
WiSM-A manages 150 access points, while WiSM-B manages a separate lot of
150 access points. These controllers can be grouped together in a mobility group,
forming a cluster.
To find the status of the the status of the WiSM module
# show wism status
# show wism mod 3 controller 1 status
# show module
The WiSMs are hot-swappable blades.

AT&T Proprietary (Internal Use Only) Subject to restrictions on first slide. 8


Cisco WLC
All WLC models support GUI and CLI based configuration.
Supportability
GUI Https (Enabled) & Http (Disabled)
CUI - SSH (Enabled) & Telnet (Disabled)
SNMP - V2
* The CLI is mandatory only during the initial configuration and most often
configured via their nicely designed web GUI.

AT&T Proprietary (Internal Use Only) Subject to restrictions on first slide. 9


Cisco AP
Supportability
Methods of Accessing AP
Console
No GUI support
AP Remote Commands

Enable Telnet/SSH in LWAPs: (Both will be disabled by


default)
WLC CLI - # config ap [telnet/ssh] enable <ap name>
WLC GUI : Wireless -> All Aps -> Select AP
Advanced Select [Telnet/SSH] Apply

Need to set a username & password :


config ap username <username> password <password> all

AP must be associated to WLC and remote


commands in WLC cli will redirects AP console output
to WLC sessions. Eg : Debug AP enable <AP name>

AT&T Proprietary (Internal Use Only) Subject to restrictions on first slide. 10


WLC Menu
Specification

AT&T Proprietary (Internal Use Only) Subject to restrictions on first slide. 11


Front View of 5500
WLC

AT&T Proprietary (Internal Use Only) Subject to restrictions on first slide. 12


Verifying General
WLC Basic info *** config paging disable
- show sysinfo Configuration

System Memory, Out of Memory Issues


- show memory stat
- show buffers
- show process memory

Run-Config includes detailed information with regards to the joined APs


and associated RF information, etc.
- show run-config
- show run-config commands

Configuration of the WLC without such AP information for quick


review
- show run-config no-ap
Syslogs from the WLC
- show msglog
- show traplog
To get AP info
- show ap summary
- show ap join stats summary all
- show ap eventlog <Cisco_AP>

For Client Info


- show client summary
- show client detail <client mac>
AT&T Proprietary (Internal Use Only) Subject to restrictions on first slide. 13
WLC Config/Code File
GUI

Configuration
Commands > Upload File > Configuration > Upload as shown in the image.

Download File for pushing the IOS into WLC (Note: For File Path, you can insert a dot (.) as long as the image is in the root
directory of your TFTP server. This way, you do not have to enter the path were the image is saved).

CLI
transfer upload datatype config /Code
transfer upload mode tftp
transfer upload serverip <tftp-Server IP>
transfer upload path /
transfer upload filename <desired-filename> AS_5500_7_6_130_33.aes
transfer upload start (>config boot primary (backup (To Swap the Image)
AT&T Proprietary (Internal Use Only) Subject to restrictions on first slide. 14
AP Pre-download Code via
WLC

*Primary Image This is the image that loads when the AP is booted
*Backup Image This is the image that is stored as a backup

NOTE: DO NOT REBOOT


THE WLC AT THIS STAGE,
we will reboot it and the APs
after the Pre-download
Image.

AT&T Proprietary (Internal Use Only) Subject to restrictions on first slide. 15


Issues/Solution - During upgrade
Troubleshooting 1
Troubleshooting 2

Issues/Solution - If the AP cant join the controller


Troubleshooting 3
Troubleshooting 4
Troubleshooting 5
Troubleshooting 6

AT&T Proprietary (Internal Use Only) Subject to restrictions on first slide. 16


Troubleshooting 1 (During
Error Code : Transfer cannot happen because at least one AP is upgrading
Upgrade)
Solution 1:
To push the image to individual Aps

> config ap image predownload primary all


config ap image predownload {primary | backup} {ap_name|all}
> config ap image swap all

AT&T Proprietary (Internal Use Only) Subject to restrictions on first slide. 17


Troubleshooting 2 (During
Error Code : Transfer cannot happen because at least one AP is upgrading

Upgrade)
Solution 2: Issue during upgrade of FUS & Code Upgrade. APs are shown in downloading state in
secondary Controller for long time.
Go to WLC GUI security > Ap Policies > check the authorize mics against list this will make the
AP not to join this WLC
Then reboot the WLC using: WLC > reset system forced
After it boots again, upgrade it to X Version.
wireless > country > remove US and add CN again
(to block new APs from joining)

AT&T Proprietary (Internal Use Only) Subject to restrictions on first slide. 18


WLC/AP Basic Debug
The below are the few commands, to view the entire process of WLC in the CLI mode

Commands
debug lwapp events enableShows discovery packets and join packets. (Ref Below)
debug lwapp packet enable Shows packet level information of the discovery and join packets.
(> config session timeout 120)

debug pm pki enableShows certificate validation process.


debug disable-allTurns off debugs.
From the LAP:

If the controller debugs do not indicate a join


request, Start the debug process from the LAP
as long as the LAP has a console port.
enable mode (default password is Cisco):

debug ip udpShows the join/discovery


packets to the controller as well as DHCP and
DNS queries
(all of these are UDP packets. Port 12223 is the
controllers source port).

debug lwapp client eventShows LWAPP


events for the AP.
19
undebug allDisables debugs on the AP.
AT&T Proprietary (Internal Use Only) Subject to restrictions on first slide.
Troubleshooting
Issue : LWAP Does Not Join the Controller, Why?
BASIC CHECKs :
3
1. Make sure the AP is getting an address from DHCP .
2. Try pinging the AP from the controller.
3. Check if the configuration on the switch is done right so that packet to the VLANs are
not blocked.
4. If pings are successful, ensure the AP following the discovery method
5. Each time the AP reboots, it initiates the WLC discovery sequence and tries to locate the
AP. Reboot the AP and check if it joins the WLC.
6. AP authorization list enabled on the WLC; LAP not in the authorization list

Interface Groups > Edit & Ap Groups > Edit

20
Contd.

AT&T Proprietary (Internal Use Only) Subject to restrictions on first slide. 21


Troubleshooting
Issue : LWAP Does Not Join the Controller, Firewall Blocking Necessary Ports
4
Ensure the following ports are enabled on the firewall for the LAP to join and
communicate with the controller.
You must enable these ports:
Enable these UDP ports for LWAPP traffic:
Data - 12222
Control - 12223
Enable these UDP ports for mobility traffic:
16666 - 16666
16667 - 16667
Enable UDP ports 5246 and 5247 for CAPWAP traffic.
TCP 161 and 162 for SNMP (for the Wireless Control System [WCS])
These ports are optional (depending on your requirements):
UDP 69 for TFTP
TCP 80 and/or 443 for HTTP or HTTPS for GUI access
TCP 23 and/or
AT&T Proprietary 22Usefor
(Internal Telnet
Only) orrestrictions
Subject to SSH for CLI
on first access
slide. 22
Troubleshooting
Issue : Certificate and Time
Issue : Mismatch in Regulatory
the5 (Does not include valid certificate in
Domain (AP RegDomain check for
country AU failed) CERTIFICATE_PAYLOAD from AP
MACADDRESS)
The WLC can supports multiple regulatory
AP and controller needs to exchange certificate to create a
domains but each regulatory domain must be
secure tunnel for communication. These Certificates
selected before an LAP can join from that have creation and expiry date. If the time and date on
domain. WLC are wrong, the AP certificate will be refused
because if it is not valid yet or not valid anymore.

AT&T Proprietary (Internal Use Only) Subject to restrictions on first slide. 23


Troubleshooting
Issue : LWAP Does Not Join the Controller
6
Solution : To manually make a LWAP bind to Controller
We can use the below commands:-

lwap ap ip address 9.73.4.6 255.255.255.128 --> To statically provide an IP to the


LWAP in case its failing to get one

lwap ap ip default-gateway 9.73.4.1


lwap ap cont ip add 9.57.120.163
lwap ap hostname mdm-ap-1fv004-a
To enable console access on LAP >debug capwap console cli
Note :
"lwap" will be replaced by "capwap" in command line based on the type of LWAP we
are using.
The default enable password is Cisco.
The static information configured with the CLI commands is used by the AP to join a
controller. After joining the controller, the user can configure new settings on the
LAP via the controller.
AT&T Proprietary (Internal Use Only) Subject to restrictions on first slide. 24
GOOD TO KNOW About
1. AP Part Numbers: LAP vs AP
WLC
AIR-LAP1142N-A-K9 (LWAP) c1130-k9w8-mx.124-23c.JZ
AIR-AP1142N-A-K9 ( AP) c1140-k9w7-mx.124-21a.JY
2. There is no password recovery option on the Wireless LAN Controller (WLC).
You need to set the WLC to factory defaults and refigure it.
From 8.0 Version We have Restore-Password Option to recover password.
3. For 5500 Series Controllers, you are not required to configure an AP-manager
interface. The management interface acts as an AP-manager interface by default, and
the access points can join on this interface.
4. Wireless LAN Controllers support only SSHv2.
5. Local user database is limited to a maximum of 2048 entries at the Security >
General page.
6. Mobility, or roaming, is a wireless LAN clients ability to maintain its association
seamlessly from one access point to another securely and with as little latency as
possible.

AT&T Proprietary (Internal Use Only) Subject to restrictions on first slide. 25


Prime
Infrastruture
Cisco Prime Infrastructure 3.0
is a network management
supports lifecycle management of your entire network
tool that

infrastructure from one graphical interface.

AT&T Proprietary (Internal Use Only) Subject to restrictions on first slide. 26



Terminol
Wi-Fi: stands for Wireless Fidelity and is used to define any of the IEEE 802.11 wireless
standards. ogy
SNR (Signal-to-Noise Ratio) is a ratio based value that evaluates your signal based on the
noise being seen
Basic Service Set (BSS): uses only a single AP to create a WLAN
Extended Service Set (ESS): uses more than one AP to create a WLAN, allows roaming in
a larger area than a single AP.
Service Set Identifier (SSID) is the unique name shared among all devices on the same
wireless network.
AES stands for Advanced Encryption Standard and is a totally separate cipher system.
Extensible Authentication Protocol (EAP) [RFC 3748] is the transport protocol optimized
for authentication.
EAP-TLS: Creates a TLS session within EAP, between the Supplicant and the
Authentication Server.
Protected EAP (PEAP): Uses, as EAP-TTLS, an encrypted TLS-tunnel.
Remote Authentication Dial-In User Service (RADIUS) - Authentication Server
Link aggregation (LAG) bundles all of the controllers distribution system ports into a
single 802.3ad port channel.
Power over Ethernet (POE) is a technology that lets network cables carry electrical power.
Manufacturer Installed
AT&T Proprietary (Internal Use Certificate (MIC)
Only) Subject to & Self-Signed
restrictions on first slide. Certificates (SSCs). 27
AT&T Proprietary (Internal Use Only) Subject to restrictions on first slide. 28
References

WLC :
https://www.cisco.com/c/en/us/support/wireless/5500-series-wireless-
controllers/products-tech-notes-list.html

Troubleshooting:
https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-
wlan/200480-Troubleshooting-Guide-for-Wireless-Clien.html

https://www.cisco.com/c/en/us/support/docs/wireless/aironet-340-series/8117-
connectivity.html

HA Mode:
https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/7-
5/High_Availability_DG.html

Mobility Group:
https://rscciew.wordpress.com/2014/07/10/mobility-configuring-on-wlc/

29

AT&T Proprietary (Internal Use Only) Subject to restrictions on first slide.


AT&T Proprietary (Internal Use Only) Subject to restrictions on first slide. 30

You might also like