- Mobility Management > Mobility Configuration
- Mobility Management > Mobility Groups
- Mobility Group Member > New
- Mobility Group Member > Edit All
- Mobility Management > Mobility Anchor Configuration
- Mobility Management > Mobility Multicast Messaging
- Mobility Multicast Messaging > Edit
- Mobility Management > Switch Peer Group
- Mobility Management > Switch Peer Group Member
- Mobility Management > Mobility Controllers
- Mobility Management > Mobility Clients
Controller Tab
This tab on the menu bar enables you to access the Cisco WLC configuration details. Use the left navigation pane to access specific Cisco WLC parameters.
General
Choose CONTROLLER > General to navigate to this page.
|
|
|
|---|---|
802.3x flow control mode that you enable or disable when you choose the corresponding line on the drop-down list. By default, this option is disabled. |
|
Link Aggregation Group (LAG) mode that you can set as follows: Enabled—Enables link aggregation on the Cisco WLC. Disabled—Disables link aggregation on the Cisco WLC. LAG is disabled by default on the Cisco 5500 Series Controllers. LAG is supported on Cisco 2500, 2504, 8500, and Flex 7500 Series Controllers. For more information, see the Link Aggregation section. |
|
Broadcast forwarding that you can enable or disable. The default is disabled. |
|
IPv4 Packet forwarding policy that the controller uses. Choose one of the following options from the drop-down list:
Note Cisco 2500 Series controllers support only multicast-multicast mode, and by default the multicast IP address is zero. |
|
IPv6 Packet forwarding policy that the controller uses. Choose one of the following options from the drop-down list:
Note Cisco 2500 Series controllers support only multicast-multicast mode, and by default the multicast IP address is zero. You must configure the multicast address for IPv6 to function. |
|
Access point fallback that you can enable or disable. Determines whether or not an access point that lost a primary controller connection automatically returns to service when the primary controller becomes functional again. |
|
Select check box to configure CAPWAP Preferred Mode globally. The preferred mode can be either IPv4 or IPv6. |
|
Fast SSID Change that you can enable or disable. When you enable Fast SSID Change, the controller allows clients to move between SSIDs. When the client sends a new association request for a different SSID, the client entry in the controller connection table is cleared before the client is added to the new SSID. When FastSSID Change is disabled, the controller enforces a delay before clients are allowed to move to a new SSID. |
|
Enable to configure bridging of the link local traffic at local site. |
|
RF group name. The valid range for the RF group name is 8 to 19 characters. Radio Resource Management (RRM) neighbor packets are distributed among access points within an RF group. Cisco access points only accept RRM neighbor packets sent with this RF group name. The RRM neighbor packets sent with different RF group names are dropped. |
|
Timeout for idle clients in seconds. The factory default is 300. When the timeout expires, the client loses authentication, briefly disassociates from the access point, reassociates, and reauthenticates. The range is 90 to 100000. |
|
Timeout in seconds for the Address Resolution Protocol. By default, this is set to 300. The range is 10 to 2147483647. |
|
Bridging that you can enable or disable when you choose the corresponding line in the drop-down list. This option is disabled by default. |
|
Acceptable temperature range for operation of the controller. An alarm is triggered if the temperature raises or falls below the range. |
|
Mode that enables or disables the web authentication proxy redirection. This feature enables clients that have manual web proxy enabled in the browser to facilitate authentication with the controller. If the client’s browser is configured with manual proxy settings (on 8080 or 3128) and if the client requests any URL, the controller responds with a web page prompting the user to change the Internet settings to automatically detect the proxy settings. This is to ensure that the browser’s manual proxy settings information does not get lost. After enabling this settings, the user can get access to the network through the web authentication policy. This functionality is given for port 8080 and 3128 because these ports are the most commonly used ports for web proxy server. |
|
Port numbers on which the controller listens to web authentication proxy redirection. The default ports are 80, 8080, and 3128. If you configured the web authentication redirection port to any port other than these values, you must specify that value. |
|
The maximum number of APs that can join a controller. Zero implies there is no restriction on maximum allowed APs. |
|
Drop-down list from which you can enable or disable the global IPv6 configuration. |
|
Drop-down list from which you can select red color as the UI default color. |
|
Network Access Server identifier. The NAS-ID is sent to the RADIUS server by the controller (as a RADIUS client) using the authentication request, which is used to classify users to different groups. You can enter up to 32 alphanumeric characters. Beginning in Release 7.4 and later releases, you can configure the NAS-ID on the interface, WLAN, or an access point group. The order of priority is AP Group NAS-ID > WLAN NAS-ID > Interface NAS-ID. |
Link Aggregation
Link aggregation enables you to reduce the number of IP addresses needed to configure the ports on your controller by grouping all the physical ports and creating a link aggregation group (LAG).
You should not configure the two gigabit ports of the Catalyst 3750 Integrated Wireless LAN Controller Switch because the two internal gigabit ports on the controller are always assigned to the same LAG group. Only the 24 copper and 2 SFP gigabit ports on the Catalyst 3750 switch are visible to the end user.
Note
You cannot create more than one LAG on a controller.
Some of the advantages of creating a LAG are as follows:
- If one of the links goes down, the traffic is moved to the other links in the LAG. As long as one of the physical ports is working, the system remains functional.
- It eliminates the need to configure separate backup ports for each interface.
- Multiple AP-manager interfaces are not required because only one logical port is visible to the application.
Note When you make changes to the LAG configuration, you must reboot the controller for the changes to take effect.
When LAG is enabled on the controller, the following configuration changes occur:
802.3 Bridging
The controller supports 802.3 frames and the applications that use them, such as those typically used for cash registers and cash register servers. However, to make these applications work with the controller, the 802.3 frames must be bridged on the controller.
Support for raw 802.3 frames allows the controller to bridge non-IP frames for applications not running over IP. Only this raw 802.3 frame format is currently supported:
Note The Cisco Wireless LAN Controller Network Module for Cisco Integrated Services Routers (as well as Cisco 5500 Series Controllers) bridge 802.3 packets by default. Therefore, 802.3 bridging can now be disabled only on the Cisco WiSM and the Catalyst 3750G Wireless LAN Controller Switch.
Note By default, Cisco 5500 Series Controllers bridge all non-IPv4 packets (such as AppleTalk, IPv6, and so on).
Buttons
Inventory
Choose CONTROLLER > Inventory to navigate to this page.
This page identifies Cisco WLAN Solution product information assigned by the manufacturer.
Interfaces
Choose CONTROLLER > Interfaces to navigate to this page.
- To edit the parameters for an interface, click the interface name (Interfaces > Edit).
- To remove an interface, hover your cursor over the blue drop-down arrow for the interface and choose Remove. You are prompted for confirmation of the interface removal.
Buttons
Interfaces > New
Choose CONTROLLER > Interfaces and then New to navigate to this page.
Add a new Cisco WLC operator-defined interface by entering the following parameters:
- Interface Name—Enter the name of the new operator-defined interface without any spaces. The interface name can be up to 32 characters and can include special characters.
- VLAN Id—Enter the VLAN identifier for this new interface, or enter 0 for an untagged VLAN.
Note IPv6 is not supported on Dynamic Interface.
Buttons
- Back: Returns to the previous page.
- Apply: Displays the Interfaces > Edit page and continues configuring the new operator-defined interface.
Interfaces > Edit
Choose CONTROLLER > Interfaces and then click on an interface name to navigate to this page.
The top of this page displays the operator-defined Interface Name, and may include the interface MAC address.
Edit Management, VLAN, Operator-Defined, Service Port, Virtual, and AP-Manager interfaces as described in the following tables.
Management Interface Parameters
Note If you made any changes to the management interface, reboot the controller so that your changes take effect.
Note The IPv4 and IPv6 configurations cannot be changed in redundancy mode.
Redundancy-Management Interface Parameters
|
|
|
|---|---|
|
|
|
|
|
|
IP Address 1 |
|
Operator-Defined Interface Parameters
|
|
|
|---|---|
|
|
|
|
|
|
Guest LAN. Select the check box to indicate that this is a guest LAN. |
|
Quarantine1 |
Quarantine LAN. Select the check box to indicate that this VLAN is a quarantine VLAN. When a client is assigned to a quarantine VLAN, its data switching is always central. |
Quarantine VLAN Id 1 |
Quarantine VLAN ID. Enter a nonzero value for the quarantine VLAN ID. Note We recommend that you configure unique quarantine VLANs throughout your network. If multiple controllers are configured in the same mobility group and access interfaces on all controllers are in the same subnet, you must have the same quarantine VLAN if there is only one NAC appliance in the network. If multiple controllers are configured in the same mobility group and access interfaces on all controllers are in different subnets, you must have different quarantine VLANs if there is only one NAC appliance in the network. |
Network Access Server Identifier (NAS-ID) for a VLAN interface. The NAS-ID is sent to the RADIUS server by the controller through an authentication request to classify users to different groups so that the RADIUS server can send a customized authentication response. |
|
|
|
|
Backup port. If the primary port for an interface fails, the interface moves to the backup port. |
|
Enable Dynamic AP Management 1 |
Note Only one AP-manager interface is allowed per physical port. A dynamic interface that is marked as an AP-manager interface cannot be used as a WLAN interface. 
|
|
|
|
IP Address 1 |
|
Netmask 1 |
|
Gateway 1 |
|
|
|
|
Primary DHCP Server 1 |
Interface that uses this DHCP server first to obtain an IP address. |
Secondary DHCP Server 1 |
Interface that uses this DHCP server as a backup to obtain an IP address. |
Drop-down list from which you can choose the DHCP Proxy Mode that can be one of the following:
Note Disabled: The DHCP Proxy mode is disabled by default when the interface uses IPv6 address. DHCP does not support IPv6. |
|
Check box that allows you to enable the DHCP Option 82 on the dynamic interface. DHCP option 82 provides additional security when DHCP is used to allocate network addresses. |
|
Option 82-Link Select pads the extra information to get the IP address in the required subnet. |
|
Allows to specify the required interface/subnet on which the DHCP client require an IP address. |
|
Enables the VPN select. This is used in conjunction with the link select relay source. |
|
VPN Select-VRF Name is a string that is used to select a DHCP pool based on the VRF name. |
|
VPN Select-VPN ID is an ASCII value that is used to select a DHCP pool based on the identifier. |
|
|
|
|
Any of the access control lists currently displayed on the Access Control Lists page. Note Applying an ACL to the management interface does not affect wired devices. To block access to wired devices, configure an ACL on the upstream device port. |
|
|
|
|
Drop-down list from which you can choose the mDNS profile for the interface. Interface mDNS profiles have higher priority than WLAN mDNS profiles. Clients receive service advertisements only for the services associated with the profile. |
|
|
|
Service Port Interface Parameters
Virtual Interface Parameters
Note If you made any changes to the virtual interface, reboot the controller so that your changes take effect.
|
|
|
|---|---|
|
|
|
|
|
|
Gateway IP address. Any fictitious, unassigned IP address (such as 10.1.10.1) to be used by Layer 3 Security and Mobility managers. Reboot the Cisco WLC to have this change take effect. |
|
Gateway hostname. Used by Layer 3 Security and Mobility managers to verify the source of certificates when Web Auth is enabled. Reboot the Cisco WLC to have this change take effect. |
|
| Note You must configure the virtual gateway address to enable Layer 3 Web Auth, configured on the Editing WLANs page. |
|
AP-Manager Interface Parameter
Note For Cisco 5500 Series Controllers, you do not have to configure an AP-manager interface because the management interface acts like an AP-manager interface by default.
|
|
|
|---|---|
|
|
|
|
|
|
IP address of the Cisco WLC Layer 3 CAPWAP protocol manager. This IP address cannot be the same IP address used by the management interface. |
|
|
|
|
Backup port. If the primary port for an interface fails, the interface moves to the backup port. |
|
AP-Manager interface. Select the check box to indicate that the interface is an AP-manager interface. Note This enables only IPv4 based AP manager for dynamic interface. |
|
|
|
|
DHCP server that the interface uses first to obtain an IP address. |
|
DHCP server that the interface uses as a backup to obtain an IP address. |
|
|
|
|
Access control list names currently available on the Access Control Lists page. |
|
Buttons
- Back: Returns to the previous page.
- Apply: Sends data to the Cisco WLC, but the data is not preserved across a power cycle; these parameters are stored temporarily in volatile RAM.
Note Applying interface changes may cause WLANs to temporarily drop client connections. You are prompted to confirm the changes if this is the case.
Interface Groups
Interface groups are logical groups of interfaces. Interface groups facilitate user configuration where an interface group can be reused either while configuring multiple WLANs or while overriding a WLAN interface per AP group. An interface group can contain either quarantine or nonquarantine interfaces.
A WLAN can be mapped to a single interface or multiple interfaces using an interface group. Wireless clients that are associated to this WLAN get their IP addresses from a pool of subnets that are identified by the interfaces using a MAC based hashing algorithm.
VLAN select feature also enables you to associate a client to different subnets based on the foreign controller that they are connected to. The anchor controller maintains a mapping between the foreign MAC and the interface group.
Choose CONTROLLER > Interface Groups to navigate to this page.
- To edit the parameters for an interface, click the interface name (Interfaces > Edit).
- To remove an interface group, hover your cursor over the blue drop-down arrow for the interface group and choose Remove. You are prompted for confirmation of the interface group removal.
Note A WLAN can be mapped to a single interface or multiple interfaces. A maximum of 20 interfaces can be added to an interface group.
Buttons
Interface Groups > Add Group
Choose CONTROLLER > Interface Groups and then click Add Group to navigate to this page.
Add a new Cisco WLC operator-defined interface group by entering the following parameters:
Buttons
Interface Groups > Edit
Choose CONTROLLER > Interface Groups and then click on an interface group name to navigate to this page.
|
|
|
|---|---|
Add Interface button that allows you to add an interface to the interface group. You can choose the interface to add from the Interface Name drop-down list. |
Buttons
Multicast
Choose CONTROLLER > Multicast to navigate to this page.
This page enables you to configure Internet Group Management Protocol (IGMP) snooping and to set the IGMP timeout.
When you enable IGMP snooping, the controller gathers IGMP reports from the clients and then sends each access point a list of the clients that are listening to any multicast group. The access points then forward multicast packets only to those clients.
Buttons
Network Routes
This page provides a summary of existing IPv4 and IPv6 based service port network routes to network or element management systems on a different subnet. You can choose IP Address, IP Netmask, or Gateway IP Address.
Network Routes > IPv4 Routes
This page provides a summary of existing IPv4 based service port network routes to network or element management systems on a different subnet. You can choose IP Address, IP Netmask, or Gateway IP Address.
Buttons
IPv4 Routes > New
Choose CONTROLLER > Network Routes > IPv4 Routes and then click New to navigate to this page.
Buttons
Apply: Sends data to the Cisco WLC but the data is not preserved across a power cycle; these parameters are stored temporarily in volatile RAM.
Network Routes > IPv6 Routes
Choose CONTROLLER > Network Routes > IPv6 Routes to navigate to this page.
This page provides a summary of existing IPv6 based service port network routes to network or element management systems on a different subnet. You can choose IP Address, IP Netmask, or Gateway IP Address.
Buttons
IPv6 Routes > New
Choose CONTROLLER > Network Routes > IPv6 Routes and then click New to navigate to this page.
To add a new network route for the service port.
Buttons
Apply: Sends data to the Cisco WLC but the data is not preserved across a power cycle; these parameters are stored temporarily in volatile RAM.
Redundancy
In a high availability (HA) architecture, one controller is in the Active state and a second controller is in the Standby state, which continuously monitors the health of the Active controller through a direct wired connection over a dedicated HA port. Both controllers share the same configurations including the IP address of the management interface.
Choose CONTROLLER > Redundancy to configure the redundancy parameters and peer network routes:
- To enable redundancy and configure redundancy parameters on the primary and secondary controllers, choose CONTROLLER > Redundancy > Global Configuration.
- To configure service port network routes for the peer controller, choose CONTROLLER > Redundancy > Peer Network Route.
Redundancy > Global Configuration
Choose CONTROLLER > Redundancy > Global Configuration to navigate to this page.
You can enable redundancy and configure redundancy parameters on the primary and secondary controllers.
The controllers reboot to negotiate the HA role based on the configuration. The standby controller downloads the configuration from the active controller and reboots. In the next bootup process, after the role of the controller is determined, the standby controller tries to validate the configuration again to establish itself as the controller in the Standby state.
After the controllers are rebooted and the XML configuration is synchronized, the active controller transitions to the Active state, and the standby controller transitions to the Standby HOT state. From this point, GUI, Telnet, and SSH for the standby controller on the management interface do not work because all the configurations and management have to be done through the active controller. The standby controller can only be managed through the console or the service port. Also, when a controller transitions to the Standby HOT state, the Standby keyword is automatically appended to the prompt of the controller.
To see the redundancy status of the active controller, choose Monitor > Redundancy > Summary to navigate the Redundancy Summary page.
Buttons
Redundancy > Peer Network Route
Choose CONTROLLER > Redundancy > Peer Network Route to navigate to this page.
This page provides a summary of existing service port network routes of the peer controller to network or element management systems on a different subnet. You can view the IP address, IP netmask, and gateway IP address. To remove a peer network route, hover your cursor over the blue drop-down arrow for the route and choose Remove. You are prompted to confirm the Network Route removal.
Buttons
Internal DHCP Server
Choose CONTROLLER > Internal DHCP Server to navigate to this page. From here you can choose the following:
See Internal DHCP Server > DHCP Scope for more information.
- CONTROLLER > Internal DHCP Server > DHCP Allocated Lease to view the MAC address, the IP address, and the remaining lease time for wireless clients.
See Internal DHCP Server > DHCP Allocated Lease for more information.
Note This feature is not supported in Cisco Flex 7500 and 8500 Series controllers.
Internal DHCP Server > DHCP Scope
Choose CONTROLLER > Internal DHCP Server > DHCP Scope to navigate to this page.
The controllers have built-in DHCP relay agents. However, when you want network segments that do not have a separate DHCP server, the controllers can have built-in DHCP scopes (Dynamic Host Configuration Protocol servers) that assign IP addresses and subnet masks to wireless clients, direct-connect access points, appliance-mode access points on the management interface, and DHCP requests that are relayed from access points. (Only lightweight access points are supported.)
Typically, one Cisco WLC can have one or more DHCP scopes that each provide a range of IP addresses. This page shows the existing DHCP server scope names.
Each DHCP Scope displays the following entries, which are a subset of those set on the DHCP Scope > Edit page:
- Scope Name
- Address Pool—IP address range. This pool must be unique for each DHCP scope and must not include the static IP addresses of routers and other servers
- Lease Time—Number of seconds that an IP address is granted to a client or access point
- Status—Scope is Enabled or Disabled
Click the scope name to go to the DHCP Scope > Edit page to change the DHCP scope settings.
Remove a DHCP Scope by hovering your cursor over the blue drop-down arrow and choosing Remove. You are prompted to confirm the DHCP Scope removal.
Buttons
DHCP Scope > New
Choose CONTROLLER > Internal DHCP Server > DHCP Scope and then click New to navigate to this page.
The controllers have built-in DHCP relay agents. However, if you want network segments that do not have a separate DHCP server, the controllers also have built-in DHCP scopes (servers) that assign IP addresses and subnet masks to wireless clients, direct-connect access points, appliance-mode access points on the management interface, and DHCP requests that are relayed from access points. (Only lightweight access points are supported.)
Typically, one Cisco WLC can have one or more DHCP scopes that each provide a range of IP addresses. This page enables you to add a DHCP server scope name.
Add a new DHCP scope by entering the DHCP scope name and then clicking Apply. The Cisco WLAN Solution saves the DHCP scope name and returns you to the Internal DHCP Server > DHCP Scope page. On the Internal DHCP Server > DHCP Scope page, click the scope name to set the DHCP scope parameters on the DHCP Scope > Edit page.
Buttons
DHCP Scope > Edit
Choose CONTROLLER > Internal DHCP Server > DHCP Scope and then click the scope name to navigate to this page.
The controllers have built-in DHCP relay agents. However, when you want network segments that do not have a separate DHCP server, the controllers also have built-in DHCP scopes (servers) that assign IP addresses and subnet masks to wireless clients, direct-connect access points, appliance-mode access points on the management interface, and DHCP requests that are relayed from access points. (Only lightweight access points are supported.)
Typically, one Cisco WLC can have one or more DHCP scopes that each provide a range of IP addresses. This page enables you to edit a DHCP server scope.
This page shows the name of the DHCP Scope you are editing.
|
|
|
|---|---|
Starting IP address in the range assigned to clients and access points. This pool must be unique for each DHCP scope. The pool must not include the static IP addresses of routers and other servers. |
|
Ending IP address in the range assigned to clients and access points. This pool must be unique for each DHCP scope. The pool must not include the static IP addresses of routers and other servers. |
|
Network served by this DHCP scope. This IP address is used by the management interface with the netmask applied, listed on the Interfaces page. |
|
How many seconds an IP address is granted to a client or access point, from 120 to 8640000. |
|
Optional DNS (Domain Name System) domain name of this DHCP scope for use with one or more DNS servers. |
|
IP address of the optional DNS servers. Each DNS server must be able to update a client DNS entry to match the IP address assigned by this DHCP scope. |
|
IP address of the optional Microsoft NetBIOS (Network Basic Input Output System) name servers, such as a WINS (Windows Internet Naming Service) server. |
|
Setting that enables you to configure the DHCP scope. The values can be Enable or Disable. |
Buttons
Internal DHCP Server > DHCP Allocated Lease
Choose CONTROLLER > Internal DHCP Server > DHCP Allocated Leases to navigate to this page.
This page displays the MAC address, the IP address, and the remaining lease time for wireless clients.
Mobility Management
Choose CONTROLLER > Mobility Management to navigate to this page. From here you can choose the following:
- CONTROLLER > Mobility Management > Mobility Configuration to configure hierarchical mobility on the controller.
See Mobility Management > Mobility Configuration for more information.
See Mobility Management > Mobility Groups for more information.
- CONTROLLER > Mobility Management > Mobility Anchor Config to configure the symmetric mobility tunneling for mobile clients.
See Mobility Management > Mobility Anchor Configuration for more information.
- CONTROLLER > Mobility Management > Multicast Messaging to configure the controller to use multicast to send the Mobile Announce messages.
See Mobility Management > Mobility Multicast Messaging for more information.
- CONTROLLER > Mobility Management > Switch Peer Group to view existing mobility switch peer groups and their details.
See Mobility Management > Switch Peer Group for more information.
- CONTROLLER > Mobility Management > Switch Peer Group Member to add or remove members to the switch peer group.
See Mobility Management > Switch Peer Group Member for more information.
- CONTROLLER > Mobility Management > Mobility Controller to view all the mobility controllers and their link status.
See Mobility Management > Mobility Controllers for more information.
- CONTROLLER > Mobility Management > Mobility Clients to view all the mobility clients and their parameters.
See Mobility Management > Mobility Clients for more information.
Mobility Management > Mobility Configuration
Choose CONTROLLER > Mobility Management > Mobility Configuration to navigate to this page.
This page allows you to enable hierarchical mobility and configure its parameters.
Buttons
Mobility Management > Mobility Groups
Choose CONTROLLER > Mobility Management > Mobility Groups to navigate to this page.
This page lists existing mobility group members by their MAC address and IP address and also indicates whether the mobility group member is local (this Cisco WLC) or remote (any other mobility group member). The first entry is the local Cisco WLC, which cannot be deleted. The following entries are other controllers in the mobility group that can be deleted at any time by choosing Remove. You can also view the hash key of the virtual controller in your domain.
Note You can ping any of the static mobility group members by choosing Ping.
You set the Mobility Group Name that is set on the General page.
Buttons
- New : Adds a new mobility group member.
- Edit All: Displays the Mobility Group Member > Edit All page.
Mobility Group Member > New
Choose CONTROLLER > Mobility Management > Mobility Groups and then click New to navigate to this page.
This page enables you to add mobility group members.
- Member IP Address—Enables you to enter the management interface IP address of the controller to be added. Both, IPv4 and IPv6 are supported.
Note If you are configuring the mobility group in a network where network address translation (NAT) is enabled, enter the IP address sent to the controller from the NAT device rather than the controller’s management interface IP address. Otherwise, mobility will fail among controllers in the mobility group.
Also, client mobility among controllers works only if you enable auto-anchor mobility or symmetric mobility tunneling. Asymmetric tunneling is not supported when mobility controllers are behind a NAT device.
- Member MAC Address—Enables you to enter the MAC address of the controller to be added. Both, IPv4 and IPv6 are supported.
- Group Name—Enables you to enter the name of the mobility group.
Note The mobility group name is case sensitive.
- Hash—Enables you to configure hash key of the peer mobility controller. This is not supported for IPv6 members.
Note You must configure the hash only if the peer mobility controller is a virtual controller.
Buttons
Mobility Group Member > Edit All
Choose CONTROLLER > Mobility Management > Mobility Groups and then click Edit All to navigate to this page.
This page enables you to edit all the existing Mobility Group members’ MAC addresses, IPv4 and IPv6 addresses in a text box and then to cut and paste all the entries from one Cisco WLC to the other controllers in the mobility group.
Note From Release 8.0, Cisco WLC supports IPv6. The remaining entires will be ignored.
You can edit existing entries in the box and/or paste new entries into the box. In all cases, leave one space between the MAC address and IP address on each line.
The text box on this page makes it easy to avoid data-entry errors while copying the mobility group members list to all the controllers in the same mobility group. Some guidelines are as follows:
- Notice that the text box starts with the local Cisco WLC MAC address and IPv4/IPv6 address.
- In the text box, add the MAC addresses, IPv4/IPv6 addresses, and the mobility group name for the rest of the controllers in the same geographical location (such as a campus or building) that you want to add to the static mobility group.
- When you have added all the Cisco WLC MAC addresses and IP v4/IPv6 addresses to the static mobility group, you can cut and paste the complete list into the corresponding boxes in the Mobility Group Member > Edit All pages in other mobility group member Web User Interface pages.
Note The mobility Group supports a maximum of 72 mobility peers.
Buttons
Mobility Management > Mobility Anchor Configuration
Choose CONTROLLER > Mobility Management > Mobility Anchor Config to navigate to this page. This page enables you to configure the symmetric mobility tunneling for mobile client features.
Guest N+1 Redundancy
The guest N+1 redundancy feature enables the foreign controller to periodically send ping requests to each anchor controller in the mobility group and enables you to configure the number and interval of requests sent to each anchor controller. Once a failed anchor controller is detected, all of the clients anchored to this controller are deauthenticated so that they can quickly become anchored to another controller.
When using the guest N+1 redundancy and mobility failover features with a firewall, ensure that the following ports are open:
- UDP 16666 for tunnel control traffic
- UDP 16667 for encrypted traffic
- IP Protocol 97 for user data traffic
- TCP 161 and 162 for SNMP
To view the current state of the data and control paths of controllers that have already been configured as mobility anchors, use the Mobility Anchors page.
Symmetric Mobility Tunneling
Note When controllers in the mobility list are running different software releases (such as 5.2, 6.0, and 7.0), Layer 2 or Layer 3 client roaming is not supported between them. It is supported only between controllers running the same release.
The controller provides inter-subnet mobility for clients roaming from one access point to another within a wireless LAN. This mobility is asymmetric so that the client traffic to the wired network is routed directly through the foreign controller.
This mechanism breaks when an upstream router has reverse path filtering (RPF) enabled. In this case, the client traffic is dropped at the router because the RPF check ensures that the path back to the source address matches the path from which the packet is coming.
When symmetric mobility tunneling is enabled, all client traffic is sent to the anchor controller and can then successfully pass the RPF check.
You should also enable symmetric mobility tunneling if a firewall installation in the client packet path may drop the packets whose source IP address does not match the subnet on which the packets are received.
Note Although a Cisco 2000 Series Controller cannot be designated as an anchor for a WLAN when using auto-anchor mobility, it can serve as an anchor in symmetric mobility tunneling to process and forward the upstream client data traffic tunneled from the foreign controller.
Mobility Anchor Config Parameters
Buttons
Mobility Management > Mobility Multicast Messaging
Choose CONTROLLER > Mobility Management > Multicast Messaging to navigate to this page.
The controller provides inter-subnet mobility for clients by sending mobility messages to other member controllers. There can be up to 72 members in the list with up to 24 in the same mobility group. The controller sends a Mobile Announce message to members in the mobility list each time a new client associates to it.
You can configure the controller to use multicast to send the Mobile Announce messages. This behavior enables the controller to send only one copy of the message to the network, which designates it to the multicast group that contains all the mobility members. To derive the maximum benefit from multicast messaging, we recommend that it be enabled or disabled on all group members.
- Enable Multicast Messaging—Enables the controller to use multicast to send the Mobile Announce messages. If you leave it unselected, the controller uses unicast mode to send the Mobile Announce messages. The default value is unselected.
- Local Group Multicast IPv4 Address—Enables you to enter the multicast group IPv4 address for the local mobility group. This address is used for multicast mobility messaging.
Note To use multicast messaging, you must configure the IPv4 address for the local mobility group.
- Local Group Multicast IPv6 Address—Enables you to enter the multicast group IPv6 address for the local mobility group. This address is used for multicast mobility messaging.
- Mobility Group—Lists the names of all the currently configured mobility groups.
Note For Release 8.0, IPv6 is not supported for mobility multicast.
Buttons
Mobility Multicast Messaging > Edit
Choose CONTROLLER > Mobility Management > Multicast Messaging and then click the name of the local mobility group to navigate to this page.
- Mobility Group—Lists the name of all the mobility group.
- Local Group Multicast IP Address—Enables you to enter the multicast group IP address for the nonlocal mobility group. This address is used for multicast mobility messaging.
Note If you do not configure the multicast IP address for nonlocal groups, the controller uses unicast mode to send mobility messages to those members.
Buttons
Mobility Management > Switch Peer Group
Choose CONTROLLER > Mobility Management > Switch Peer Group to navigate to this page.
This page lists all the switch peer groups and their details like bridge domain ID, multicast IP address, and status of the multicast mode. Click the name of the switch peer group to navigate to the Edit page and update the parameters if required.
Mobility Management > Switch Peer Group Member
Choose CONTROLLER > Mobility Management > Switch Peer Member to navigate to this page.
This page lists all the members of the switch peer group along with their group name, IP address, and public IP address.
Buttons
Mobility Management > Mobility Controllers
Choose CONTROLLER > Mobility Management > Mobility Controllers to navigate to this page.
This page lists all the mobility controllers. Mobility Controllers are controllers that provide mobility management services for an inter proximity group.
You can see the total number of mobility controllers and details like IP address, MAC address, client count, and link status.
Buttons
Mobility Management > Mobility Clients
Choose CONTROLLER > Mobility Management > Mobility Clients to navigate to this page.
This page lists the total number of mobility clients and their parameters.
|
|
|
|---|---|
Time when the mobility client associated with the Mobility Controller. |
|
Ports
Choose CONTROLLER > Ports to navigate to this page.
This page displays the status of each physical port on the Cisco WLC.
- To edit global parameters across all ports, click Configure All to open the Ports > Configure page.
- To edit the parameters for a single port, click the port number link for the port you want to configure. This action brings up a Ports > Configure page.
Note The Cisco 5500 Series and the Cisco Flex 7500 Series Controllers do not support the Spanning Tree Protocol.
Note The physical mode and status may reflect different values depending on the link status. For example, the physical mode may be set to Auto while the actual link is running at 10 Mbps half duplex.
|
|
|
|---|---|
STP Status2 |
|
Configuration of the port physical interface. Available values are as follows: Note In Cisco NM-AIR-WLC6-K9, Cisco 5500 Series, and Cisco Flex 7500 Series controllers, the physical mode is always set to Auto. |
|
Port that is set to send a trap when the link status changes. Values include Enable or Disable. |
|
|
2.The Cisco 5500 and Cisco Flex 7500 Series Controllers do not support the Spanning Tree Protocol. |
Buttons
Ports > Configure
Choose CONTROLLER > Ports and then click ConfigureAll to navigate to this page.
This page enables you to change the parameters of all front-panel physical ports on the Cisco WLC simultaneously.
Note The Cisco 5500 Series and Cisco Flex 7500 Series Controllers do not support the Spanning Tree Protocol.
|
|
|
|
|---|---|---|
| Sets the state of all ports to Don’t Apply, Enable or Disable. |
||
Note In Cisco NM-AIR-WLC6-K9, 5500 series, and 7500 series controllers, the physical mode is always set to Auto. |
||
| Sets all ports to send or not to send a trap when link status changes. The factory default is Don’t Apply. |
||
STP Mode3 |
Sets the spanning tree mode on all ports. The factory default is Don’t Apply. |
Note In this state, the forwarding delay timer is ignored on link up. |
|
3.The Cisco 5500 Series and Cisco Flex 7500 Series Controllers do not support the Spanning Tree Protocol. |
Buttons
Ports > Configure
Choose CONTROLLER > Ports and then click on a Port No to navigate to this page.
This page enables you to change the parameters of a single physical port on the Cisco WLC.
General Port Configuration
Spanning Tree Protocol Configuration
Note The Cisco 5500 Series and Cisco Flex 7500 Series Controllers do not support the Spanning Tree Protocol.
Buttons
NTP
Choose CONTROLLER > NTP to navigate to this page. From here you can choose the following:
See NTP > NTP Servers for more information.
See NTP > NTP Keys for more information.
NTP > NTP Servers
Choose CONTROLLER > NTP > Server to navigate to this page. Use this page to set the Network Time Protocol parameters.
Click a server index number to go to the NTP Server > Edit page to change the NTP server IP address.
Remove an NTP server entry by hovering your cursor over the blue drop-down arrow and choosing Remove. You are prompted for confirmation of the NTP server removal.
Ping the NTP server by hovering your cursor over the blue drop-down arrow and choosing Ping.
Buttons
- Apply: Sends data to the Cisco WLC but the data is not preserved across a power cycle; these parameters are stored temporarily in volatile RAM.
- New: Adds a new item to a list. To set up a new NTP server, click to open the NTP Server > New page.
NTP Server > New
Choose CONTROLLER > NTP > Server and click New to navigate to this page. This page enables you to add a new NTP server.
Buttons
NTP Server > Edit
Choose CONTROLLER > NTP and then click the server index number to navigate to this page. This page enables you to change the NTP server.
Buttons
NTP > NTP Keys
Choose CONTROLLER > NTP > Keys to navigate to this page. This page enables you to set the Network Time Protocol keys.
|
|
|
|---|---|
Click a index number to go to the NTP Keys > Edit page to change the NTP key details.
Remove an NTP key entry by hovering your cursor over the blue drop-down arrow and choosing Remove. You are prompted for confirmation of the NTP key removal.
Buttons
New: Adds a new item to a list. To add a new NTP key, click to open the NTP Keys > New page.
NTP Keys > New
Choose CONTROLLER > NTP > Keys and then click New to navigate to this page. This page enables you to associate a new NTP key to a Server index.
|
|
|
|---|---|
NTP server index to which you want to associate the NTP key. |
|
Buttons
NTP Keys > Edit
Choose CONTROLLER > NTP > Keys and then click the index number to navigate to this page. This page enables you to change the NTP key.
|
|
|
|---|---|
NTP server index to which you want to associate the NTP key. |
|
Buttons
CDP
Controller Configuration
Choose CONTROLLER > CDP > Controller Configuration to navigate to this page. This page enables you to configure the Cisco Discovery Protocol (CDP).
Cisco Discovery Protocol Overview
The Cisco Discovery Protocol (CDP) is a device discovery protocol that runs on all Cisco-manufactured equipment. A device enabled with CDP sends out periodic interface updates to a multicast address in order to make itself known to neighboring devices.
The default value for the frequency of periodic transmissions is 60 seconds, and the default advertised time-to-live value is 180 seconds. The second and latest version of the protocol, CDPv2, introduces new time-length-values (TLVs) and provides a reporting mechanism that allows for more rapid error tracking, reducing down time.
CDPv1 and CDPv2 are supported on the following devices:
- Cisco Flex 7500 and 5500 Series Controllers
- Lightweight access points
- An access point connected directly to a Cisco Flex 7500 and 5500 Series Controller
This support enables network management applications to discover Cisco devices.
The following TLVs are supported by both the controller and the access point:
- Device-ID TLV: 0x0001—The hostname of the controller, the access point, or the CDP neighbor.
- Address TLV: 0x0002—The IP address of the controller, the access point, or the CDP neighbor.
- Port-ID TLV: 0x0003—The name of the interface on which CDP packets are sent out.
- Capabilities TLV: 0x0004—The capabilities of the device. The controller sends out this TLV with a value of Host: 0x10, and the access point sends out this TLV with a value of Transparent Bridge: 0x02.
- Version TLV: 0x0005—The software version of the controller, the access point, or the CDP neighbor.
- Platform TLV: 0x0006—The hardware platform of the controller, the access point, or the CDP neighbor.
- Power Available TLV: 0x001a—The amount of power available to be transmitted by Power Sourcing Equipment to permit a device to negotiate and select an appropriate power setting.
The following TLVs are supported only by the access point:
- Full/Half Duplex TLV: 0x000b—The full- or half-duplex mode of the Ethernet link on which CDP packets are sent out. This TLV is not supported on access points that are connected directly to a Cisco 5500 Series Controller.
- Power Consumption TLV: 0x0010—The maximum amount of power consumed by the access point. This TLV is not supported on access points that are connected directly to a Cisco Flex 7500, 5500, Series Controllers.
- Power Request TLV:0x0019—The amount of power to be transmitted by a powerable device in order to negotiate a suitable power level with the supplier of the network power.
Note Changing the CDP configuration on the controller does not change the CDP configuration on the access points that are connected to the controller. You must enable and disable CDP separately for each access point.
Parameters and Descriptions
For information on displaying CDP neighbor information, see the following topics:
Buttons
PMIPv6
Proxy Mobile IPv6 (PMIPv6) is a network-based mobility management protocol. The controller uses the PMIPv6 protocol and works with the Mobile Access Gateway (MAG) and ASR5K, the partner Local Mobility Anchor (LMA), to provide seamless mobility of mobile clients. MAG tracks the mobile node and signals the mobile node’s LMA.
Choose CONTROLLER > PMIP to navigate to this page. From here you can choose the following:
See PMIPv6 > General for more information.
See PMIPv6 > LMA for more information.
See PMIPv6 > Profile for more information.
PMIPv6 > General
Choose CONTROLLER > PMIP > General to configure global parameters for PMIPv6.
Note For timer parameters, default values appear in the UI when you reconfigure the domain name.
PMIPv6 > LMA
Choose CONTROLLER > PMIP > LMA to add new and view existing Local Mobility Anchor (LMA) to the controller.
Click New to add a new LMA to the controller.
|
|
|
|---|---|
Name of the LMA connected to the controller. The LMA name can be up to 127 case-sensitive, alphanumeric characters. |
|
Buttons
PMIPv6 > Profile
Choose CONTROLLER > PMIPv6 > Profile to navigate to this page. This page lists existing PMIPv6 profiles.
Buttons
Click a PMIPv6 profile to edit the configurations of the PMIPv6 profile.
PMIPv6 Profile > New
Choose CONTROLLER > PMIPv6 > Profile and then click New to navigate to this page. This page allows you to create a new PMIPv6 profile.
Buttons
PMIPv6 Profile > Edit
Choose CONTROLLER > PMIP > Profile and then click on any profile to navigate to this page. This page allows you to add more NAIs and remove any of the existing NAIs.
Button
Tunneling
EoGRE
Choose CONTROLLER > Tunneling > EoGRE to navigate to this page.
Profiles
Choose CONTROLLER > Tunneling > Profiles to navigate to this page.
|
|
|
|---|---|
The heartbeat is used in the failover mechanism for the AP to detect if the Active TGW went down |
|
IPv6
Neighbor Binding Timers
Choose CONTROLLER > IPv6 > Neighbor Binding Timers to navigate to this page. This page enables you to configure the Neighbor Binding timers.
Parameters and Descriptions
Buttons
RA Throttle Policy
Choose CONTROLLER > IPv6 > RA Throttle Policy to navigate to this page. This page enables you to configure the RA Throttle Policy.
The purpose of the RA Throttle Policy is to limit the amount of multicast Router Advertisements (RA) circulating on the wireless network.
Parameters and Descriptions
Buttons
RA Guard
Choose CONTROLLER > IPv6 > RA Guard to navigate to this page. This page enables you to configure router advertisement (RA) filtering.
RA Guard is a Unified Wireless solution to drop RA from wireless clients. It is configured globally, and by default it is enabled.
Buttons
mDNS
Multicast DNS (mDNS) Service Discovery provides a way to announce and discover devices like printers, computers, and services on the local network. mDNS performs DNS queries over IP multicast. mDNS supports zero configuration IP networking. mDNS uses the multicast IP address 224.0.0.251 as the destination address and 5353 as the UDP destination port.
Choose CONTROLLER > mDNS > General to navigate to this page. From here, you can choose the following:
See mDNS > General for more information.
- CONTROLLER > mDNS > Profiles to view the mDNS profiles configured on the controller and create new mDNS profiles.
See mDNS > Profiles for more information.
- CONTROLLER > mDNS > Domain Names to view the domain names and other details of the service providers.
See mDNS > Domain Names for more information.
- CONTROLLER > mDNS > mDNS Browser t o view the domain names and other details of the service providers.
See mDNS Browser for more information.
See mDNS Service Groups for more information.
mDNS > General
Choose CONTROLLER > mDNS > General to navigate to this page. This page enables you to configure the global mDNS parameters and update the Master Services database.
To view the details of an mDNS service, hover your cursor over the blue drop-down arrow of a service, and choose Details. The mDNS > Service > Detail page appears, for more information, see mDNS > Service > Detail.
mDNS > Service > Detail
Choose CONTROLLER > mDNS > General, hover your cursor over the blue drop-down arrow for a service, and choose Details to navigate to this page. This page enables you to view the details of each service.
mDNS > Profiles
Choose CONTROLLER > mDNS > Profiles to view the mDNS profiles configured on the controller and create new mDNS profiles.
After creating a new profile, you must map the profile to an interface group, an interface, or a WLAN. Clients receive service advertisements only for the services associated with the profile. The controller gives the highest priority to the profiles associated to interface groups, followed by the interface profiles, and then the WLAN profiles. Each client is mapped to a profile based on the order of priority.
By default, the controller has an mDNS profile, default-mdns-profile. You cannot delete this default profile.
For more information, see the following topics:
- Mapping mDNS Profiles to an Interface Group
- Mapping mDNS Profiles to an Interface
- Mapping mDNS Profiles to a WLAN
|
|
|
|---|---|
Name of the mDNS profile. You can create a maximum of 16 profiles. |
|
Buttons
Mapping mDNS Profiles to an Interface Group
To map a profile to an interface group, follow these steps:
Step 1 Choose CONTROLLER > Interface Groups and click the Interface Group name to navigate to the Interface Groups > Edit page.
Step 2 Choose an mDNS profile from the drop-down list.
Mapping mDNS Profiles to an Interface
To map a profile to an interface, follow these steps:
Step 1 Choose CONTROLLER > Interfaces and then click on an interface name to navigate to the Interfaces > Edit page.
Step 2 Choose an mDNS profile from the drop-down list.
Mapping mDNS Profiles to a WLAN
To map a profile to a WLAN, follow these steps:
Step 1 Choose WLANs and click the Profile name to navigate to the WLANs > Edit page.
Step 2 Select the mDNS check box.
Step 3 Choose an mDNS profile from the drop-down list.
mDNS Profile > Edit
Choose CONTROLLER > mDNS > Profiles and click the Profile name to navigate to the mDNS Profile > Edit page. You can view the following details of the profile:
- Profile Name
- Profile ID
- Service Count
- Number of interfaces attached
- Number of interface groups attached
- Number of WLANs attached
To add more services to the profile, choose a service from the Service drop-down list and click Add. You can choose from a list of services that are configured in the Master service database. To update the Master service database, choose CONTROLLER > mDNS > General.
mDNS > Domain Names
Choose CONTROLLER > mDNS > Domain Names to view the domain names and other details of the service providers.
Each service advertisement contains a record that maps the domain name of the service provider to the IP address. The mapping also contains details such as the client MAC address, the VLAN ID, the TTL, and the IPv4 address.
mDNS Browser
Choose CONTROLLER > mDNS > mDNS Browser to view the total number of services added in the master database.
mDNS Service Groups
Choose CONTROLLER > mDNS > mDNS Policies to view total number of mDNS Service groups.
| Total number of mDNS Service groups. This includes admin created / ISE dynamic policy / SNMP. |
|
|---|---|
Creating mDNS Service Group
To map a profile to an service group, follow these steps:
Step 1 Choose CONTROLLER > mDNS >mDNS Policies and click the Add Group button.
Step 2 Enter a service group name in the mDNS Service Group Name textbox.
Step 3 Add a description for the service group in the Description textbox.
Step 4 Click on Add button to create a new mDNS Service Group.
mDNS Service Group > Edit
Choose CONTROLLER > mDNS > Policies and click the mDNS Service Group Name to navigate to the mDNS Service Groups > Edit page. You can add a MAC Address and a rule to the Service Group.
Advanced
DHCP
Choose CONTROLLER > Advanced > DHCP to navigate to this page. This page enables you to set the following DHCP parameters:
|
|
|
|---|---|
Drop-down list from which you can choose to enable or disable DHCP proxy on a global basis, rather than on a WLAN basis. DHCP proxy is enabled by default. When DHCP proxy is enabled on the controller, the controller unicasts DHCP requests from the client to the configured servers. Consequently, at least one DHCP server must be configured on either the interface associated with the WLAN or the WLAN itself. |
|
Provides additional security when DHCP is used to allocate network addresses. Specifically, it enables the controller to act as a DHCP relay agent to prevent DHCP client requests from untrusted sources. The controller can be configured to add option 82 information to DHCP requests from clients before forwarding the requests to the DHCP server. Note For DHCP option 82 to work as expected, you must enable DHCP proxy. Note DHCP option 82 is not supported for use with auto-anchor mobility. See Mobility Anchors for information about anchor mobility.
|
|
Sets the DHCP timeout in seconds. This value is applicable globally. The valid range is 5 to 120 seconds. |
Buttons
Master Controller Configuration
Choose CONTROLLER > Advanced > Master Controller Mode to navigate to this page.
This page enables the Cisco WLC to be configured as the master Cisco WLC for your access points that are connected in appliance mode. When there is a master Cisco WLC enabled, all newly added access points with no primary, secondary, or tertiary controllers assigned associate with the master Cisco WLC on the same subnet. This feature enables you to verify the access point configuration and assign primary, secondary, and tertiary controllers to the access point using the All AP Details page.
Note The master Cisco WLC is normally used only while adding new access points to the Cisco Wireless LAN Solution (Cisco WLAN Solution). When no more access points are being added to the network, you should disable the master Cisco WLC.
Note Because the master Cisco WLC is normally not used in a deployed network, the master Cisco WLC setting is disabled upon reboot or OS code upgrade.
Buttons
Controller Spanning Tree Configuration
Choose CONTROLLER > Advanced > Spanning Tree to navigate to this page.
Note The Cisco 5500 Series Controllers do not support the Spanning Tree Protocol.
The Spanning Tree Protocol (STP) is a link management protocol. Cisco WLANs implement the IEEE 802.1D standard for media access control bridges.
Using the spanning tree algorithm provides redundancy while preventing undesirable loops in a network that are created by multiple active paths between stations. STP enables only one active path at a time between any two network devices (which prevents the loops) but establishes the redundant links as a backup if the initial link fails.
This page enables you to configure the spanning tree algorithm, modify its characteristics, and view statistics.
Buttons
Voice Prioritization Configuration
Choose CONTROLLER > Advanced > Preferred Call to navigate to this page.
Note The Cisco 4400, 5500 Series Controllers, and all nonmesh access points do not support the voice prioritization feature.
The voice prioritization supports the admission of preferred calls for clients that use SIP-based CAC for bandwidth allocation in the controller. Voice prioritization is available only for SIP-based calls, not for TSPEC based calls. The controller gives the highest priority to preferred calls even if there is no bandwidth available in the configured voice pool. The controller should facilitate the urgency of these calls in any way possible without altering the quality of existing calls. If the bandwidth is available, it checks the normal flow and allocates the bandwidth to those calls.
You can configure up to six preferred call numbers. When a call comes to one of the configured preferred numbers, the controller does not check for the CAC limit on the configured voice pool. The controller admits the preferred call if there is some free bandwidth in the 85 percent of the total bandwidth pool. The bandwidth allocation is the same even for roaming-in preferred calls.
The following are the prerequisites for voice prioritization to work:
- WLAN QoS should be set to platinum.
- The ACM should be enabled for the radio.
- The WLAN should have SIP call snooping enabled.
- SIP-based CAC should be enabled.
|
|
|
|---|---|
Remove a call index entry by hovering your cursor over the blue drop-down arrow and choosing Remove. You are prompted for confirmation of the preferred call removal.
Buttons
Add Number: Adds a new preferred call number to the list. To add a new preferred call, click open the Voice Prioritization > Add Number page.
Voice Prioritization > New
Choose CONTROLLER > Preferred Call and then click Add Number to navigate to this page. This page enables you to add a new preferred number.
Feedback