Wireless Services Module (WiSM) -2 2 Data Planes are the next generation wireless data processing service modules for Cat6k after service blade WiSM and WiSM-2 1 DP. There are no differences between the WiSM-2 1DP and WiSM-2 2 DP, other than the SW release before 7.2 Cisco supported only one Data Plane on the Blade. The second DP was physically on the board, but was not activated in the software. With the release of the Controller software version 7.2.103 and new software for Sup 720 and Sup 2Tmodules, both Data Planes are activated. Therefore, support for up to 1000 access points (APs) and 15,000 clients is provided with a total throughput of 20 GBsec.
The base board of the WiSM-2 is based on the design of the 5508 wireless controller daughter board. WLAN Controller Protocol (WCP) is the “software glue” between the Supervisor and WiSM-2 Controller. WCP runs on UDP/IP, port 10000 over Service Interface. Once the WiSM-2 Controller is up, there are software heartbeats or keepalives between the supervisor and WiSM-2 Controller. The controller requests the supervisor for its slot/processor information. The controller conveys its management IP address to the Supervisor Module (when changed on-the-fly, it is conveyed to the Supervisor automatically). After every 12 hellos (240 s), the controller requests global state information about other controllers in the system.
Figure 1. Cisco Catalyst 6500 Series WiSM2 Controller
As a component of the Cisco Unified Wireless Network, this controller provides realtime communication between Cisco Access Points, the Cisco Network Control System (NCS), and the Cisco Mobility Services Engine (MSE) to deliver centralized security policies, wireless intrusion prevention system (IPS) capabilities, award-winning RF management, and quality of service (QoS). With CleanAir technology, the WiSM2 protects 802.11n performance by providing cross-network access to real-time and historic RF interference information for quick troubleshooting and resolution. With this integrated approach to large-scale wireless networking, customers can realize significant total cost of ownership (TCO) benefits by streamlining support costs and reducing planned and unplanned network downtime.
There are no specific requirements for this document.
Refer to Cisco Technical Tips Conventions for more information on document conventions.
WiSM-2 2DP features and characteristic with WLC software version 7.2.103 are summarized in the next table.
Note that Sup 720 software version 12.2.(33)SXJ2 and Sup 2T software version 15.0(1)SY1 are required for operation of the WiSM-2 2DP Controller.
Feature Parity with 5500 Appliance Controllers |
---|
Interoperability with Other Service Modules, WiSM-1 and WiSM-2 first generation |
Support Up to 1000 APs/15,000 Clients and 5,000 Tags |
License Upgrade from 100 APs in Increments Up to 1000 APs |
Data Plane (Encrypted/Unencrypted/ACL) Throughput of 20 Gbps |
Support Sup720, Sup720-10G, Sup-2T, 6500-E-Series Chassis |
Support Non-E series with high speed fans |
Sup 720 Software Version 12.2(33)SXJ2or Later |
Sup 2T Software Version 15.0(1)SY1 or Later |
Support Up to 7 Blades in a Chassis; 14 in VSS mode |
Support Up to 5 Blades in a Chassis When Other Service Modules Are Present; 10 in VSS |
Support for OEAP |
This is a list of components that are required when deploying WiSM-2 in the Catalyst chassis:
Device/Application | SW Versions |
---|---|
Catalyst 650X with 720 Sup Catalyst 650X with 2T Sup | 12.2(33)SXJ2 or later 15.0(1)SY1 or later |
Ethernet Line-Cards—Tested and Compatible with WiSM-2 | 6148, 6516, 6548, 6704-10Gb, 6708-10Gb, 6716-10Gb, 6748 and 6724 |
WiSM-2 Controllers NCS | 7.2.103.0 1.1.0.1114 |
MSE 33XX series | 7.2.103.0.64bit |
WiSM-2 operates with the Supervisor 720 and 2T family including:
Supervisor VS-S2T-10G-XL - Supervisor Engine 2T-10GE with PFC4XL
Supervisor VS-S2T-10G - Supervisor Engine 2T-10GE with PFC4
For additional supported and unsupported module lists, refer to these Release Notes.
FS3 Supervisor 720 (WS-SUP720) – Also referred to as the Supervisor 720-3a.
FS4 Supervisor 720-3B (WS-SUP720-3B) – This is an update of the original Supervisor 720 that adds support for a number of new hardware based features, such as MPLS and ACL counters. (EOL 1/2012).
FS5 Supervisor 720-3BXL (WS-SUP720-3BXL) – Provides the same hardware feature capabilities as a Supervisor 720-3B, but also adds increased capacity for storing up to 1 Million IPV4 routes.
FS6 Supervisor 720-3C-10GE and Supervisor 720-3CXL-10GE – Adds support for 2 x 10GE uplink ports on the front panel as well as support for a number of new hardware features, such as support for Virtual Switch Link (VSL).
Note: The Catalyst chassis on which the Cisco WiSM-2 is installed needs a Supervisor 720/2T module. This table shows the supported slots for the Cisco WiSM-2. It is not recommended to install WiSM-2 in the Supervisor slot.
Slot | 6503-E | 6504-E | 6506-E | 6509-V-E | 6513-E |
---|---|---|---|---|---|
1 | X | X | X | X | X |
2 | X | X | X | X | X |
3 | X | X | X | X | X |
4 | - | X | X | X | X |
5-6 | - | - | X | X | X |
7-8 | - | - | - | X | X |
9 | - | - | - | X | X |
10-13 | - | - | - | - | X |
Note: WiSM-2(s) are supported in the above –E Series chassis.
Slot | 6506 | 6509 | 6509-NEB-A with single HS fan tray | 6513 |
---|---|---|---|---|
1 | X | X | X | X |
2 | X | X | X | X |
3 | X | X | X | X |
4 | X | X | X | X |
5-6 | X* | X* | X* | X* |
7-8 | - | X | X | X* |
9 | - | X | X | X |
10-13 | - | - | - | X |
*Supervisor slots not recommended as WiSM-2 slots.
Note: WiSM-2(s) are supported in the above Non-E-Series chassis with HS fan trays.
Complete these steps:
Upgrade the Cat 65XX with the Cisco IOS® Software Release 12.2(33)SXJ2 provided on Cisco.com.
Note: If upgrading from WiSM-2 1DP to WiSM-2 2 DP, first you need to upgrade the Cat65XX to 12.2(33)SXJ2 before upgrading the WiSM2 to the 7.2.103.0 code to enable DP2. Also, vice versa if downgrading the Cat 65XX to below 12.2(33)SXJ2 you need to downgrade the WiSM-2 2DP to a WiSM-2 1DP image.
Only after upgrading the Catalyst IOS software the system will recognize the WiSM-2 2DP blade. Initial upgrade of the Catalyst IOS can be done by TFTPing the new IOS software to the system or by copying the image to the flash card.
The system upgrade can be done also via IOS CLI command if the system is operational and not being configured for the first time.
See this example:directory of the Flash cardof the “Disk0:”
Restart the Cat65XX by issuing a reset command from rommon or with reload in IOS clion the Cat650X. Then, reboot the system with the new image and make sure the "boot image" is pointing to the new Cat IOS image on the system or the flash disk as in the example below.
Same can be accomplished by loading the software from the IOS CLI prompt if the system is not being configured for the first time.
This example is the initial software installation from the Flash Card with the rommon prompt.
After reload with the new software the show version command shows the version of software as posted on the CCO. Make sure the proper software has been loaded. For example:
Insert the WiSM-2 board in the the 65XX- E available slot and now run the show module command on the Cat65XX as shown next. The WiSM-2 module has to be shown in the list.
If the module is not on the list reset the system again. If the module is shown in the list then proceed with the next step.
The next few steps are done to install/upgrade and configure the software on the WiSM-2 or the WiSM-2 DP card in the Cat65XX system.
You can load the software via the command line interface. Configuration via WebUI is not available at this point because the Management Interface on the wireless controller was not configured. The controller should be configured to operate properly on your network and configured with the IP addresses of your working subnets. You can configure wireless controller by directly attaching to the console ports on the WiSM-2 controller or opening a console session to the controller module from the Catalyst interface as shown here:
You can access the WiSM-2 through a session command directly now.
cat650X#session slot 2 processor 1
Note: In order to perform this command, the service VLAN and DHCP scope has to be configured in IOS at the global configuration prompt as shown in section Configuring Sup720 or Sup2T and WiSM-2 2DP communication.
The default escape character is Ctrl-^, then x. You can also type 'exit' at the remote prompt to end the session
After configuring the WiSM-2 Controller and show sysinfo command, you should see this output with Mgmt interface IP address of 10.70.0.10, for example:
Note: Refer to the WLC configuration guide.
If you need to reset the WiSM-2 Controller in the Catalyst, use this command:
(Config)# hw module <#> reset
Note: Save the controller configuration changes or modifications before you issue the reset command.
If you need to reset the controller to factory defaults, watch the screen while attached to the console port on the WiSM-2 Controller, for the reset option to come up and then hit the <esc> key. In the controller menu, choose option 4 to reset the controller to factory defaults.
To power OFF or ON the WiSM-2 wireless controller in the catalyst chassis, use this command:
(Config)#power enable module <#>
Complete these steps:
Upgrade the Cat 65XX with the Cisco IOS Software Release 15.0(1)SY1 provided on Cisco.com.
Note: If you have a WiSM trunk that includes VLANs in the range of 1 to 1000 and you intend to use only 1 to 10, enter this command:
no wism module x controller y allowed-vlan 11-1000
Note: If upgrading from WiSM-2 1DP to WiSM-2 2 DP, first you need to upgrade the Cat65XX to 15.0(1)SY1 before you upgrade the WiSM2 to the 7.2.103.0 code to enable DP2. Also, vice versa if downgrading the Cat 65XX to earlier than 15.0(1)SY1 you need to downgrade the WiSM-2 2DP to a WiSM-2 1DP image.
Only after upgrading the Catalyst IOS software the system will recognize the WiSM-2 2DP blade. Initial upgrade of the Catalyst IOS can be done by TFTPing the new IOS software to the system, or by copying the image to the flash card. The system upgrade can also be done via IOS CLI command if the system is operational and not being configured for the first time.
See this example: directory of the Flash card of the “Disk0:”
Restart the Cat65XX by issuing a reset command from rommon or with reload in IOS clion the Cat650X. Then, reboot the system with the new image and make sure the "boot image" is pointing to the new Cat IOS image on the system or the flash disk as in the next example.
The same can be accomplished by loading the software from the IOS CLI prompt if the system is not being configured for the first time.
This example is the initial software installation from the Flash Card with the rommon prompt.
After reload with the new software, the show version command shows the version of software as posted on CCO. Make sure the proper software has been loaded.
Insert the WiSM-2 board in the 65XX- E available slot and run the show module command on the Cat65XX as shown here. The WiSM-2 module has to be shown in the list.
If the module is not on the list, reset the system again. If the module is shown in the list, then proceed with the next step.
The next few steps are done to install/upgrade and configure the software on the WiSM-2 or the WiSM-2 card in the Cat65XX system.
You can load the software first time via the command line interface. Configuration via WebUI is not available at this point because the Management Interface on the wireless controller was not configured. The controller should be configured to operate properly on your network and configured with the IP addresses of your working subnets. You can configure the wireless controller by directly attaching to the console ports on the WiSM-2 controller, or opening a console session to the controller module from the Catalyst interface as shown below:
You can access the WiSM-2 through a session command directly now.
cat650X#session slot 2 processor 1
Note: In order to perform this command, the service VLAN and DHCP scope has to be configured in IOS at the global configuration prompt as shown in Configuring Sup720 or Sup2T and WiSM-2 2DP communication.
The default escape character is Ctrl-^, then x. You can also type 'exit' at the remote prompt to end the session
After configuring the WiSM-2 (not shown in this DG) Controller and show sysinfo command, you should see this output with Mgmt interface IP address of 10.70.0.10. For example:
Note: Refer to the WLC configuration guide.
If you need to reset the WiSM-2 Controller to get to the controller’s initial configuration menu in the Catalyst, use this reset command.
Note: Save the controller configuration changes or modifications before issuing the reset command.
(Config)# hw module <#> reset
If you need to reset the controller to factory defaults, watch the screen while attached to the console port on the WiSM-2 controller, for the reset option to come up and then hit the <esc> key. From the controller menu, choose option 4 in order to reset the controller to factory defaults.
To power OFF or ON the WiSM-2 Wireless Controller in the catalyst chassis, use this command:
(Config)#power enable module <#>
Complete these steps in order to configure Sup 720/2T – WiSM-2 communication:
Cat65XX-E SUP module will communicate to the WiSM-2 board via internal Service port interface on the WiSM-2 card. Please follow the steps below to configure properly the interfaces and VLANs on the Cat65XX to communicate properly with the WiSM-2 blade. The Service port on the WiSM-2 card should be configured for DHCP address or static IP address.
Note: Service Port IP address should be on the different subnet from the Management interfaces of the controller.
Create a VLAN in the Supervisor 720 or 2T. This VLAN is local to the chassis and is used for communication between Cisco WiSM and Catalyst Supervisor 720 or 2T over a Gigabit interface on the Supervisor and service-port in the Cisco WiSM.
Note: All VLAN numbers and IP addresses are examples.
Example:
!--- Assign an appropriate IP address and !--- subnet mask for VLAN 22 interface Vlan22 ip address 192.168.2.1 255.255.254.0
If during controller configuration you chose DHCP address for the Service Port, then proceed as follows:
Create a DHCP scope for the service port of the Cisco WiSM in Supervisor 720/2T or on a standalone DHCP server. For example:
ipdhcp pool wism-service-port network 192.168.2.0 255.255.255.0 default-router 192.168.2.1
Then associate the VLAN for the service port.
For example:
!---Configure this command to use vlan 22 !--- in order to communicate with the service-port. wism service-vlan 22
Issue the show wism status command in order to verify that the Cisco WiSM received an IP address from the DHCP server.
Cat650X# show wism status
Manual LAG configuration is not supported in Cisco IOS Software Releases 12.2(33) SXI and later. Auto-lag will be created by the system automatically for you.
Example:
!--- Create the VLAN in the Supervisor 720/2T !--- in order to communicate with the management port !--- Assign an appropriate IP address and subnet !--- mask for VLAN 70 ! interface Vlan70 description Management VLAN for WiSM-2 ip address 10.70.0.5 255.255.255.0 end !
The Supervisor automatically creates a port-channel interface for the independent controller in the Cisco WiSM-2 as soon as the module is detected. Usually the port-channels have a high number, such as 405 below. For example:
Cat650X#showip interface brief
Additionally, make sure that you allow VLANs that are configured in the Cisco WiSM-2 through the port-channel and Gigabit interfaces with these commands. Make sure the VLANs are also active.
Cat-6K(config)# wism module {#} controller {#} allowed-vlan {vlan range} Cat-6K(config)# wism module {#} controller {#} native-vlan {vlan id} Cat-6K(config)# wism module {#} controller {#} qos{trust/vlan-based}<dscp/cos/ip-precedence> - Trust state of theLAGInterface
Note: Configure the controller with this command, for example:
! wism module 3 controller 1 allowed-vlan 10-120 wism module 3 controller 1 native-vlan70 wism module 3 controller 1 qosvlan-based !
Note: See Appendix A for a complete example of the Cat6504 configuration.
This command should be enabled for policing the wireless to wired traffic on cat6K:
Cat-6K(config)#wism module {#} controller {#} qosvlan-based- VLAN Based QoS-
Verify the above configuration command execution with this command:
#show wism module 3 controller 1 status
Summary: The Cisco WiSM-2 controller is inserted into the appropriate slot and powered on. The basic configuration is completed with completion of the steps above.With the completion of basic configuration, you can configure the Cisco WiSM-2 controller through the console CLI or through the Cisco WiSM-2 controller web-interface. In order to use the session command, you have to make sure that the service port on the Cisco WiSM-2 is assigned a static or DHCP assigned IP address. You need to configure WLC separately in the Cisco WiSM-2 module, initially from the CLI and then from the web interface.
Now you can connect to the controller management Interface via GUI or console session with your laptop connected with Ethernet or Wireless connection and continue configuration.
Check the Licenses available on the controller if the count is zero please contact License TAC support team to refresh the Licenses.
Make the APs join the WiSM-2 across a Layer 2/3 network switch.
Make Wireless Clients connect to the AP, and send traffic to external servers and other wireless clients and traffic (for example, ping) makes it through without any drops.
This completes Basic Sup 720/2T and Wism-2 configuration. Additional configuration changes can be made via the WebUI interface similar to any other Wireless controller. This WiSM-2 deployment guide does not provide details about the wireless controller configuration.
Note: Refer to the WLC configuration guide for more information.
Similar to any other wireless controller, the WiSM-2 Controller can be configured from the NCS. NCSver1.1 or later is required for NCS to recognize and configure WiSM-2 2DP Controllers. The next screen shot shows how a NCS manages WiSM and WiSM-2 Controllers. It shows the slots they are inserted and the internal port they connected to.
Note: WiSM always comes up as two controllers, and the new WiSM-2 shows as one controller.
The key enabler of the VSS technology is a special link that binds the two chassis together. This is called a Virtual Switch Link (VSL).
Note: Supervisor 720-3C-10GE, 720-3CXL-10GE orSupervisor VS-S2T-10G-XL, VS-S2T-10G are required to support VSS mode.
The most important change with the Cisco WiSM in a VSS environment is the way you access and manage it. In a Cisco Virtual Switching System environment, a switch ID is required for many commands used to administer the WiSM-2.
The slots start from 17 and ends in 29 for 13 slot chassis for Switch 1, and from 33 and ends in 45 for 13 slot chassis switch 2.
Cat650X# show module switch {#} slot {#}
Example: show module switch 2 slot 11
Cat650X#show wismstatus - Shows the WiSM-2 modules in VSS switch.
Manual LAG configuration is not supported in Cisco IOS Software Releases 12.2(33)SXJ and later. Auto-lag configuration will be configured for you by the system.
The Supervisor Module automatically creates two port−channel interfaces for the two independent controllers in the VSS switch for WiSM-2s as soon as the module is detected. Usually the port−channels have a high number. The etherchannel for WiSM-2 starts from 689 and ends in 746.
The Cat65XX-E VS-Module will communicate to the WiSM-2 boards via internal Service VLAN that has to be defined similar to I single chassis configuration:
(Cat-6K)# wism service-vlan {vlan id}
Example of configuration on the Cat6500:
interface vlan22 ip address 192.168.2.1 255.255.254.0 wism service-vlan 22
Create a DHCP scope for the Service Port of the Cisco WiSM-2 in Supervisor 720/2T or on a standalone DHCP server. For example:
ipdhcp pool wism-service-port network 192.168.2.0 255.255.255.0 default-router 192.168.2.1
Allow VLANs that are configured in the Cisco WiSM-2 through the port-channel and Gigabit interfaces with these commands:
Cat-6K(config)# wism switch (#) module {#} controller 1 allowed-vlan {vlan range} Cat-6K(config)# wism switch (#) module {#} controller 1 native-vlan {vlan id} Cat-6K(config)# wism switch (#) module {#} controller 1 qos trust <dscp/cos/ip-precedence> - !--- Trust state of the Interface Cat-6K(config)# wism switch (#) module {#} controller 1 qosvlan-based - !--- VLAN Based QoS should be enabled for policing the wireless to wired traffic on Cat6K
In order to verify the proper module installations in the VSS mode, issue these commands:
showwism switch 2 module 4 controller 1 status
show interface status switch 2 module 4
Cat6500#Show module switch all – Verifies the modules in the 2 VSS switches.
Now, you can connect to the controller management Interface via GUI or console session with your laptop connected with Ethernet or Wireless connection and continue the configuration.
Check the Licenses available on the controller if the count is zero please contact License TAC support team to refresh the Licenses.
Make the APs join the WiSM-2 across a Layer 2/3 network switch.
Make Wireless Clients connect to the AP and send traffic to external servers and other wireless clients and traffic (for example, ping) makes it through without any drops.
This completes Basic Sup 720 or Sup 2T and WiSM-2 configuration. Additional configuration changes can be made via the WebUI interface just like on any other Wireless controller. This WiSM-2 deployment guide will not go into details of the wireless controller configuration.
This completes VSS installation of the WiSM-2 2DP modules in the Catalyst VSS configuration. Additional configuration changes can be made via the WebUI interface similar to any other wireless controller.
This WiSM-2 deployment guide does not provide details about the wireless controller configuration.
Complete these steps:
Upload the configuration file from WiSM1 and save it.
Issue the transfer uploaddatatypeconfig command in order to specify the file type.
Issue the transfer upload mode TFTP command in order to define the mode of file transfer.
(FTP also can be used. Modify the commands accordingly.)
Issue the transfer upload serverip 'TFTP_server_IP_address' command in order to define the TFTP server IP address.
Issue the transfer upload path 'TFTP_server_path' command in order to define the path of the TFTP default directory where the config file needs to be uploaded.
Issue the transfer upload filename <filename> command in order to specify the filename.
Issue the transfer upload start command to upload the file.
The same can be done from the WebUI.
Perform the initial configuration on the WiSM-2 to bring up the controller. Make sure there is reachability to the TFTP server via service port/distribution system network.
Download the configuration file saved from WiSM to WiSM-2. Follow this procedure similar to step 1:
Issue the transfer downloaddatatypeconfig command in order to specify the file type.
Issue the transfer download mode tftp command in order to define the mode of file transfer. (FTP also can be used. Modify the commands accordingly.)
Issue the transfer download serverip 'TFTP_server_IP_address' command in order to define the TFTP server IP address.
Issue the transfer download path 'TFTP_server_path' command in order to define the path of the TFTP default directory where the config file needs to be uploaded.
Issue the transfer download filename<filename> command in order to specify the filename.
Issue the transfer download start command to upload the file.
The same can be done from WebUI.
Once the configuration file is downloaded to the controller, the controller will reset and boot.
Issue the show invalid-config command on the controller. It should show any invalid configurations.
Note: You might see invalid commands related to the AP-manager that shows up. This is expected because WiSM-2 2 does not have a separate AP-manager.
Check the APs joining and if clients can pass traffic.
CAT6504-MA#sh run Building configuration... Current configuration : 4804 bytes ! ! Last configuration change at 20:34:02 UTC Tue Apr 12 2011 ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption service counters max age 10 ! hostname CAT6504-MA ! boot-start-marker boot system flash s72033-adventerprisek9_wan_dbg-mz.SIERRA_INTEG_100903 boot-end-marker ! no logging console ! noaaa new-model ! ipdhcp excluded-address 192.168.1.1 192.168.1.10 ipdhcp excluded-address 192.168.2.1 192.168.2.20 ipdhcp excluded-address 192.168.0.1 192.168.0.20 ! ipdhcp pool wism-service-port network 192.168.2.0 255.255.255.0 default-router 192.168.2.1 ! nomlsacltcam share-global mlsnetflow interface mlscef error action freeze ! spanning-tree mode pvst no spanning-tree optimize bpdu transmission spanning-tree extend system-id wism service-vlan 22 wism module 3 controller 1 allowed-vlan 10-100 wism module 3 controller 1 native-vlan 70 wism module 3 controller 1 qosvlan-based diagnosticbootup level minimal port-channel per-module load-balance ! redundancy main-cpu auto-sync running-config modesso ! vlan internal allocation policy ascending vlan access-log ratelimit 2000 ! interface Port-channel3 switchport switchport trunk encapsulation dot1q switchport trunk native vlan 70 switchport mode trunk mlsqos trust dscp ! interface GigabitEthernet1/1 --More-- switchport mode trunk mlsqos trust dscp ! interface GigabitEthernet1/1 switchport switchport trunk encapsulation dot1q switchport trunk native vlan 10 switchport mode trunk ! interface GigabitEthernet1/2 noip address ! Truncated ….. interface Vlan22 description communication VLAN btween Sup720 and WiSM-2 ip address 192.168.2.1 255.255.254.0 ! interface Vlan70 ip address 10.70.0.5 255.255.255.0 ! ip classless ip forward-protocol nd ! noip http server ! control-plane ! dial-peercor custom ! line con 0 linevty 0 4 login linevty 5 15 login ! end CAT6504-MA#
Revision | Publish Date | Comments |
---|---|---|
1.0 |
20-Feb-2012 |
Initial Release |