Wireless Management on Cisco 1000 Series Integrated Services Routers


Note


To achieve simplification and consistency, the Cisco SD-WAN solution has been rebranded as Cisco Catalyst SD-WAN. In addition, from Cisco IOS XE SD-WAN Release 17.12.1a and Cisco Catalyst SD-WAN Release 20.12.1, the following component changes are applicable: Cisco vManage to Cisco Catalyst SD-WAN Manager, Cisco vAnalytics to Cisco Catalyst SD-WAN Analytics, Cisco vBond to Cisco Catalyst SD-WAN Validator, Cisco vSmart to Cisco Catalyst SD-WAN Controller, and Cisco Controllers to Cisco Catalyst SD-WAN Control Components. See the latest Release Notes for a comprehensive list of all the component brand name changes. While we transition to the new names, some inconsistencies might be present in the documentation set because of a phased approach to the user interface updates of the software product.
Table 1. Feature History

Feature Name

Release Information

Description

Wireless Management on Cisco ISR 1000 Series Routers (supporting WiFi 5 WLAN module)

Cisco IOS XE Catalyst SD-WAN Release 17.6.1a

Cisco vManage Release 20.6.1

This feature enables you to configure wireless LAN settings on WiFi 5-capable Cisco 1000 Series Integrated Services Routers using Cisco SD-WAN Manager.

With Cisco SD-WAN Manager, you can automate the wireless LAN controller configuration and provide wireless connectivity without the need for another external controller to configure and manage the wireless settings on the routers.

Wireless Management on Cisco ISR 1000 Series Routers (supporting WiFi 6 WLAN module)

Cisco IOS XE Catalyst SD-WAN Release 17.9.1a

Cisco vManage Release 20.9.1

This feature enables you to configure wireless LAN settings on WiFi 6-capable Cisco 1000 Series Integrated Services Routers using Cisco SD-WAN Manager.

The Embedded Wireless Controller on Cisco 1000 Series Integrated Services Routers helps you provide wireless connectivity without the need for another external controller to configure and manage the wireless settings on the routers.

Supported Devices for Wireless Management on Cisco ISR 1000 Series Routers

The following table displays a list of Cisco ISR 1000 Series routers that include the WLAN module and supporting WiFi 5.

Table 2. Cisco ISR 1000 Series Routers

Device Family

Device Name

Release Version

Cisco ISR 1000 Series Routers with WLAN module supporting WiFi 5

  • C1101-4PLTEPW

  • C1109-4PLTE2PW

  • C1111-4PW

  • C1111-8PLTEEAW

  • C1111-8PW

  • C1112-8PLTEEAW

  • C1112-8PW

  • C1113-8PLTEEAW

  • C1113-8PMW

  • C1113-8PW

  • C1116-4PLTEEAW

  • C1116-4PW

  • C1117-4PLTEEAW

  • C1117-4PLTELAW

  • C1117-4PMLTEEAW

  • C1117-4PMW

  • C1117-4PW

  • C1121-8PLTEPW

  • C1121X-8PLTEPW

Cisco IOS XE Catalyst SD-WAN Release 17.6.1a

Cisco vManage Release 20.6.1

Cisco ISR 1000 Series Routers with WLAN module supporting WiFi 6

  • C1131X-8PLTEPW

  • C1131-8PLTEPW

  • C1131X-8PW

  • C1131-8PW

Cisco IOS XE Catalyst SD-WAN Release 17.9.1a

Cisco vManage Release 20.9.1

Prerequisites for Wireless Management on Cisco ISR 1000 Series Routers

  • Add the management interface of the Wireless LAN (WLAN) module to a specific VLAN in order to access servers such as DHCP and RADIUS.

  • Configure a DHCP server to assign the IP address for the access point.

  • Configure a switch virtual interface (SVI) on the Cisco ISR 1000 Services Router for virtual WLAN controller management.

Restrictions for Wireless Management on Cisco ISR 1000 Series Routers

  • You can configure only one access point on the LAN side of the router that is configured with Cisco Mobility Express. However, you can connect other external access points to the router that are not configured with Cisco Mobility Express.

  • Ensure that there are no other accessible wireless controllers on the LAN side.

Information About Wireless Management on Cisco ISR 1000 Series Routers

A WLAN module supporting WiFi 5 is provisioned on a Cisco ISR 1000 Series Routers for wireless connectivity. Cisco Mobility Express, a virtual wireless LAN controller, is installed in the WLAN module to provide wireless LAN access. The wireless settings for wireless LAN access are available on Cisco Mobility Express, and these settings can be configured and managed using Cisco SD-WAN Manager

C1131 Cisco IOS XE Catalyst SD-WAN devices includes an Embedded Wireless Controller (EWC) that supports WiFi 6. The EWC also serves as a virtual wireless controller that is installed on the WLAN module. The wireless settings for wireless LAN access are available on the EWC; these settings can be configured and managed using Cisco SD-WAN Manager.

Configure Wireless Management on Cisco ISR 1000 Series Routers

To configure and manage wireless settings on Cisco ISR 1000 Series Routers:

  1. From the Cisco SD-WAN Manager menu, choose Configuration > Templates.

  2. Click Feature Templates.

  3. Click Add Template to select an appropriate device model.


    Note


    In Cisco vManage Release 20.7.x and earlier releases, Feature Templates is titled as Feature.


  4. In the left pane, from Select Devices, choose a Cisco ISR 1000 Series Router for which you are creating a template.

  5. Under OTHER TEMPLATES, click ISR1K Wireless to select it as the feature template.

  6. In the Template Name field, enter a name for the feature template.

    This field is mandatory and can contain only uppercase and lowercase letters, the digits 0 to 9, hyphens (-), and underscores (_). It cannot contain spaces or any other characters.

  7. In the Description field, enter a description for the feature template.

    This field is mandatory, and it can contain all characters and spaces.

  8. Enter the Wi-Fi SSID details for setting up a wireless LAN:

    Parameter Name

    Description

    Wireless Network Name (SSID)

    Enter a name for the wireless SSID.

    It can be a string from 4 to 32 characters. The SSID must be unique.

    VLAN (Range 1-4094)

    Enter a VLAN ID for the wireless LAN traffic.

    Security Type

    Choose a security type:

    • WPA2 Enterprise: Choose this option for an enterprise where you authenticate and authorize network users with a remote RADIUS server.

    • WPA2 Personal: Choose this option to authenticate users who want to access the wireless network using a passphrase.

    • Open: Choose this option to allow access to the wireless network without authentication.

    RADIUS Server IP

    (Optional) This field is available if you choose the WPA2 Enterprise option as the security type. Enter the IP address of the RADIUS server.

    Authentication Port

    (Optional) This field is available if you choose the WPA2 Enterprise option as the security type. Enter the authentication port number of the RADIUS server.

    Shared Secret

    (Optional) This field is available if you choose the WPA2 Enterprise option as the security type. Enter the shared secret key of the RADIUS server.

    Passphrase

    (Optional) This field is available if you choose the WPA2 Personal option as the security type. Set a pass phrase. This pass phrase provides users with access to the wireless network.

    Admin State

    Choose an admin state.

    Radio Type

    Choose one of the following radio types:

    • 2.4GHz

    • 5GHz

    • Both

    Broadcast SSID

    Choose On to broadcast the SSID. Choose Off if you do not want the SSID to be visible to all the wireless clients.

    QoS Profile

    Choose a QoS profile.

  9. Enter the General details for the wireless LAN:

    Parameter Name

    Description

    Country

    Choose the country where the ISR is installed.

    Username

    Specify the username of Cisco Mobility Express.

    If you are using a C1131 Cisco IOS XE Catalyst SD-WAN device specify the username for the EWC.

    Password

    Specify the password for Cisco Mobility Express or the EWC.

  10. Enter the Advanced details for the wireless LAN:

    Parameter Name

    Description

    Controller IP Address

    Note

     

    For Cisco IOS XE Catalyst SD-WAN Release 17.6.1a, and Cisco vManage Release 20.6.1 and earlier releases, this field is displayed as ME IP Address.

    Specify the Management IP address of Cisco Mobility Express or EWC.

    Subnet Mask

    Specify the subnet mask for the Management IP address.

    Default Gateway

    Specify the default gateway address of Cisco Mobility Express or EWC.

    2.4GHz Shutdown

    Click Yes to shut down the 2.4 GHz radio type. Click No to not shut down this radio type.

    5GHz Shutdown

    Click Yes to shut down the 5 GHz radio type. Click No to not shut down this radio type.

  11. Click Save to save your wireless configuration.

Configure Wireless Management on Cisco ISR 1000 Series Routers Using a CLI Template

This section provides sample CLI configurations to configure and manage wireless settings on Cisco ISR 1000 Series Routers using the CLI templates.

Configure Radio Profile Using a CLI Template

For more information about using CLI templates, see CLI Add-On Feature Templates and CLI Templates.


Note


By default, CLI templates execute commands in global config mode.


radio-profile 24ghz  
shutdown 
exit 
radio-profile 5ghz  
no shutdown 

Configure WLAN Profile Using a CLI Template

For more information about using CLI templates, see CLI Add-On Feature Templates and CLI Templates.


Note


By default, CLI templates execute commands in global config mode.


wlan-profile wlan-profile-sample-1 
vlan-id 100  
ssid sample-ssid-1   
data-security personal 
passphrase 0 Pass-Phrase-Sample123# 
qos-type silver 
wlan-profile wlan-profile-sample-2 
vlan-id 200 
ssid sample-ssid-2 
data-security enterprise 
aaa radius-server 10.2.3.4 auth-port 1812 shared-secret 0 EsrdT_23sss
 
qos-type gold 
nobroadcast-ssid 

Configure General WLAN Settings Using a CLI Template

For more informationabout using CLI templates, see CLI Add-On Feature Templates and CLI Templates.


Note


By default, CLI templates execute commands in global config mode.


wireless-lan country US 
wireless-lan mgmt ip address10.16.1.100 255.255.255.0 default-gateway 192.168.1.1 
wireless-lan mgmt credential username admin password 0 sRe32dfst#asd 

Here is the complete configuration example that shows that show how to configure and manage wireless settings on Cisco ISR 1000 Series Routers.

wlan-profile TEST-Enterprise
radio-band all
vlan-id 300
ssid TEST-Enterprise
data-security enterprise
aaa radius-server 192.168.100.20 auth-port 1812 shared-secret 6 EsrdT_23sss
qos-type silver


wlan-profile TEST-Personal
radio-band all
ssid TEST-Personal
data-security personal
passphrase 0 IdSvs23452#
qos-type silver


radio-profile 24ghz
channel auto
channel-bandwidth auto


radio-profile 5ghz
channel auto
channel-bandwidth auto


wireless-lan mgmt ip address 192.168.1.11 255.255.255.0 default-gateway 192.168.1.1
wireless-lan mgmt credential username admin password 6 sRe32dfst#asd
wireless-lan country US

Monitor Wireless Configuration on Cisco ISR 1000 Series Routers

To monitor the wireless settings that are configured on Cisco ISR 1000 Series Routers using Cisco SD-WAN Manager, perform this procedure :

  1. From the Cisco SD-WAN Manager menu, navigate to Monitor > Network.

  2. Choose a router from the list of the routers.

  3. Click Real Time in the left pane.

  4. From the Device Options drop-down list, choose one of the following options:

    Device Option

    Description

    Wireless Radio

    Displays the radio parameters of the wireless LAN.

    Wireless SSID

    Displays information about the wireless SSID.

    Wireless Clients

    Displays information about the wireless clients in the wireless LAN.

Configuration Example for Wireless Configuration on Cisco ISR 1000 Series Routers

The following is an example of wireless configuration of a Cisco ISR 1000 Series Routers:

wlan-profile TEST-Enterprise
radio-band all
vlan-id 300
ssid TEST-Enterprise
data-security enterprise
aaa radius-server 192.168.100.20 auth-port 1812 shared-secret 6 EsrdT_23sss
qos-type silver


wlan-profile TEST-Personal
radio-band all
ssid TEST-Personal
data-security personal
passphrase 0 IdSvs23452#
qos-type silver


radio-profile 24ghz
channel auto
channel-bandwidth auto


radio-profile 5ghz
channel auto
channel-bandwidth auto


wireless-lan mgmt ip address 192.168.1.11 255.255.255.0 default-gateway 192.168.1.1
wireless-lan mgmt credential username admin password 6 sRe32dfst#asd
wireless-lan country US

Troubleshooting Wireless Configuration on Cisco ISR 1000 Series Routers

Access Point Cannot Connect to Cisco Mobility Express or EWC

Problem

An access point is not able to connect to the Cisco Mobility Express or EWC.

Possible Causes

This problem is most likely to occur when there is no DCHP server in the management VLAN (the native VLAN of interface Wlan-GigabitEthernet).

Solution

Add the management interface of the WLAN module to a specific VLAN in order to access servers like DHCP and RADIUS. See Prerequisites for Wireless Management on Cisco ISR 1000 Series Routers

A DHCP server is required in the native VLAN of the WiFi module to assign IP address for the access point. Without IP address, the access point will not able to connect to Cisco Mobility Express or EWC.