Configure 6506 WiSM modules for SPWifi

Document

Feb 13, 2012 9:57 AM
Feb 13th, 2012


Introduction

How to install and configure a wireless LAN controller for the SP Wifi architecture, specifically using the Cisco6506 WiSM modules.

Description

This refers to the temporary WiSM modules installed in the 6506 (before we can by WiSM2) Installed in Slot-4 of the Cisco6506. Contains two WLC’s (called the “WiSM-A” and “WiSM-B” cards).

The “Service Port” is only used for communication between the WiSM and the 6506-Supervisor card.

show wism module 4 controller 1 status

show wism module 4 controller 2 status

(WiSM-slot4-2) >show inventory

Burned-in MAC Address............................ 00:1B:54:DD:DA:E0

Maximum number of APs supported.................. 150

NAME: "Chassis"    , DESCR: "Cisco Wireless Controller"

PID: WS-SVC-WISM-1-K9,  VID: V01,  SN: FAS112001XZ

To login into the CLI of the WLC, use:

session slot 4 processor 1

Setup the service interfaces to communicate between the SUP720 and WiSM module

1. In the Cisco6506 configuration

interface Vlan104

description AP to WLC-APmanager via CAPWAP

ip address 10.1.4.1 255.255.255.0

end

ip dhcp pool wism-service-pool

network 10.1.4.0 255.255.255.0

   default-router 10.1.4.1

wism service-vlan 104

ip dhcp excluded-address 10.1.4.1 10.1.4.2

Configuring WLC-2 to connect with the ISG’s on VLAN 10,20,30,40

Connected to the Cisco6506 through interface port-channel-408 (the WiSM-A WLC is connected to port-channel 407).  These port-channel numbers were automatically chosen by the Cisco6506 when the WiSM module was inserted.  Each WLC connects to the 6506 through 6 ports (Gi4/1-4 and Gi4/5-8).

2. 6506 configuration

The following two lines create a Virtual Private Routing table between the WLC’s and ISG’s, which includes VLAN-210 (the services VLAN). This is the routing-table which unauthorized traffic uses to reach the ISG and DHCP-server.

ip vrf SPWIFI

rd 100:1

interface Vlan10

ip vrf forwarding SPWIFI

ip address 10.1.10.4 255.255.255.0

no shutdown

interface Vlan20

ip vrf forwarding SPWIFI

ip address 10.1.20.4 255.255.255.0

no shutdown

interface Vlan30

ip vrf forwarding SPWIFI

ip address 10.1.30.4 255.255.255.0

no shutdown

interface Vlan40

ip vrf forwarding SPWIFI

ip address 10.1.40.4 255.255.255.0

no shutdown

interface Vlan210

description Services VLAN

ip vrf forwarding SPWIFI

ip address 192.168.210.4 255.255.255.0

no shutdown

There are two port-channels trunking each of the 4 vlans (po407, po408), which connect to the two WiSM cards.  These are automatically created and connected to the Gi4/1-8 ports by the auto-LAG feature.  The “wism module” commands configure these port-channels for trunking exactly like normal “port-channel switchport trunk” commands would, as shown below:

wism module 4 controller 2 allowed-vlan 10,20,30,40,75,110,210

wism module 4 controller 2 native-vlan 75

wism module 4 controller 2 qos-trust dscp

3. WLC config

config interface create vl10 10

config interface create vl20 20

config interface create vl30 30

config interface create vl40 40

config interface create  radius 210

config interface address dynamic-interface vl10 10.1.10.6 255.255.255.0 10.1.10.4

config interface address dynamic-interface vl20 10.1.20.6 255.255.255.0 10.1.20.4

config interface address dynamic-interface vl30 10.1.30.6 255.255.255.0 10.1.30.4

config interface address dynamic-interface vl40 10.1.40.6 255.255.255.0 10.1.40.4

config interface address dynamic-interface radius 192.168.210.6 255.255.255.0 192.168.210.4

config interface dhcp dynamic-interface vl10 primary 192.168.210.16

config interface dhcp dynamic-interface vl20 primary 192.168.210.16

config interface dhcp dynamic-interface vl30 primary 192.168.210.16

config interface dhcp dynamic-interface vl40 primary 192.168.210.16

config dhcp opt-82 remote-id apMac:ssid

config interface dhcp management option-82 enable

config interface dhcp ap-manager option-82 disable

config radius auth add 1 192.168.210.9 1812 ascii OperateLab06

config radius acct add 1 192.168.210.9 1813 ascii OperateLab06

config radius acct ipsec disable 1

config radius acct enable 1

config radius auth ipsec disable 1

config wlan security wpa wpa1 enable 1

config wlan security wpa wpa2 ciphers aes enable 1

config wlan security wpa wpa1 ciphers tkip enable 1

config wlan security wpa wpa2 enable 1

config wlan security wpa wpa2 ciphers aes enable 1

config wlan security wpa wpa2 ciphers tkip enable 1

config wlan security wpa akm 802.1x enable 1

config wlan radius_server auth add 1 1

config wlan radius_server auth enable 1

config wlan radius_server acct add 1 1

config wlan radius_server acct enable 1

aaa auth mgmt radius local

show aaa auth

config wlan broadcast-ssid enable 1

config wlan enable 1

config interface group create SPWIFI_group

config interface group interface add SPWIFI_group vl10

config interface group interface add SPWIFI_group vl20

config interface group interface add SPWIFI_group vl30

config interface group interface add SPWIFI_group vl40

config wlan interface 1 SPWIFI_group

The above commands add a new Radius authentication-server and a new Radius accounting-server. 

The WiSM module has 4 physical ports (shown in “show port summary”), which are aggregated into one LAG (shown in “show interface summary”).


Average Rating: 0 (0 ratings)

Actions

Login or Register to take actions

This Document

Posted February 13, 2012 at 9:57 AM
Stats:
Comments:0 Avg. Rating:0
Views:1287 Contributors:0
Shares:0
Tags: No tags.

Documents Leaderboard