- Preface
- Chapter 1: Overview
- Chapter 2: Getting Started
- Chapter 3: Configuring Security Solutions
- Chapter 4: Performing System Tasks
- Chapter 5: Adding and Using Maps
- Chapter 6: Monitoring Wireless Devices
- Chapter 7: Managing WCS User Accounts
- Chapter 8: Configuring Mobility Groups
- Chapter 9: Configuring Access Points
- Chapter 10: Configuring Controllers and Switches
- Chapter 11: Managing Clients
- Chapter 12: Using Templates
- Chapter 13: Mobility Services
- Chapter 14: Performing Maintenance Operations
- Chapter 15: Configuring Hybrid REAP
- Chapter 16: Alarms and Events
- Chapter 17: Running Reports
- Chapter 18: Administrative Tasks
- Chapter 19: Tools Menu
- Chapter 20: Virtual Domains
- Chapter 21: Google Earth Maps
- Appendix A: Troubleshooting and Best Practices
- Appendix B: WCS and End User Licenses
- Appendix C: Conversion of a WLSE Autonomous Deployment to a WCS Controller Deployment
- Index
Performing System Tasks
This chapter describes how to use Cisco WCS to perform system-level tasks. It contains these sections:
•
Adding a Controller to the WCS Database
•Using WCS to Update System Software
•Downloading Vendor Device Certificates
•Downloading Vendor CA Certificates
•Using WCS to Enable Long Preambles for SpectraLink NetLink Phones
•Creating an RF Calibration Model
Adding a Controller to the WCS Database
Follow these steps to add a controller to the WCS database.
Note Cisco recommends that you manage controllers through the controller dedicated service port for improved security. However, when you manage controllers that do not have a service port (such as 2000 series controllers) or for which the service port is disabled, you must manage those controllers through the controller management interface.
Step 1 Log into the WCS user interface.
Step 2 Click Configure > Controllers to display the All Controllers page.
Step 3 From the Select a command drop-down list, choose Add Controller, and click Go.
Step 4 On the Add Controller page, enter the controller IP address, network mask, and required SNMP settings.
Step 5 Click OK. WCS displays a Please Wait dialog box while it contacts the controller and adds the current controller configuration to the WCS database. It then returns you to the Add Controller page.
Step 6 If WCS does not find a controller at the IP address that you entered for the controller, the Discovery Status dialog displays this message:
No response from device, check SNMP.
Check these settings to correct the problem:
•The controller service port IP address might be set incorrectly. Check the service port setting on the controller.
•WCS might not have been able to contact the controller. Make sure that you can ping the controller from the WCS server.
•The SNMP settings on the controller might not match the SNMP settings that you entered in WCS. Make sure that the SNMP settings configured on the controller match the settings that you entered in WCS.
Step 7 Add additional controllers if desired.
Additional Functionality with Location Appliance
Cisco 2700 series location appliances operate within the Cisco Wireless LAN Solution infrastructure. Location appliances compute, collect, and store historical location data using Cisco wireless LAN controllers and access points to track the physical location of wireless devices.
The location appliance can track up to 2,500 elements. You can track the following elements: client stations, active asset tags, rogue clients and access points. Updates on the locations of elements being tracked are provided to the location server from the Cisco wireless LAN controller.
Only those elements designated for tracking by the controller are viewable in Cisco WCS maps, queries, and reports. No events and alarms are collected for non-tracked elements, and they are not used in calculating the 2,500 element limit.
You can modify the following tracking parameters using Cisco WCS:
•Enable and disable which element locations (client stations, active asset tags, and rogue clients and access points) you actively track
•Set limits on how many of a specific element you want to track
You can set limits on how many of a specific element you wish to track. For example, given a limit of 2,500 trackable units, you could set a limit to track only 1,500 client stations. Once the tracking limit is met, the number of elements not being tracked is summarized on the Tracking Parameters page.
•Disable tracking and reporting of ad hoc rogue clients and access points
Note Even though all clients are loaded in the map, the display has a limit of 250 clients per floor to prevent overcrowding. You can do an advanced search of the map to see the items of interest.
Selectable filters enable you to search collected data and display specific elements on a map. For example, a biomedical user may want to display only active Wi-Fi tags that are tracking key medical equipment rather than access points or clients for a given floor.
Using WCS to Update System Software
Follow these steps to update controller (and access point) software using WCS.
Step 1 Enter the ping ip-address command to be sure that the WCS server can contact the controller. If you use an external TFTP server, enter ping ip-address to be sure that the WCS server can contact the TFTP server.
Note When you are downloading through a controller distribution system (DS) network port, the TFTP server can be on the same or a different subnet because the DS port is routable.
Step 2 Click the Configure > Controllers to navigate to the All Controllers page.
Step 3 Select the check box of the desired controller, choose Download Software (TFTP or FTP) from the Select a Command drop-down list, and click Go. WCS displays the Download Software to Controller page.
Step 4 If you use the built-in WCS TFTP server, select the TFTP Server on WCS System check box. If you use an external TFTP server, unselect this check box and add the external TFTP server IP address.
Step 5 Click Browse and navigate to the software update file (for example, AS_2000_release.aes for 2000 series controllers). The files are uploaded to the root directory which was configured for use by the TFTP server. You can change to a different directory.
Note Be sure that you have the correct software file for your controller.
Step 6 Click Download. WCS downloads the software to the controller, and the controller writes the code to flash RAM. As WCS performs this function, it displays its progress in the Status field.
Downloading Vendor Device Certificates
Each wireless device (controller, access point, and client) has its own device certificates. For example, the controller is shipped with a Cisco-installed device certificate. This certificate is used by EAP-TLS and EAP-FAST (when not using PACs) to authenticate wireless clients during local EAP authentication. However, if you wish to use your own vendor-specific device certificate, it must be downloaded to the controller.
Follow the instructions below to download a vendor-specific device certificate to the controller.
Step 1 Choose Configure > Controllers.
Step 2 You can download the certificates in one of two ways:
a. Click the check box of the controller you choose.
b. Choose Download Vendor Device Certificate from the Select a command drop-down list, and click Go.
or
a. Click the URL of the desired controller in the IP Address column.
b. Choose System > Commands from the left sidebar menu.
c. Choose TFTP or FTP in the Upload/Download Command section.
d. Choose Download Vendor Device Certificate from the Upload/Download Commands drop-down list, and click Go.
Step 3 In the Certificate Password text box, enter the password which was used to protect the certificate.
Step 4 Specify if the certificate to download is on the TFTP server or on the local machine. If it is on the TFTP server, the name must be supplied in the Server File Name parameter. If the certificate is on the local machine, you must specify the file path in the Local File Name parameter using the Browse button.
Step 5 Enter the TFTP server name in the Server Name parameter. The default is for the WCS server to act as the TFTP server.
Step 6 Enter the server IP address.
Step 7 In the Maximum Retries text box, enter the maximum number of times that the TFTP server attempts to download the certificate.
Step 8 In the Timeout text box, enter the amount of time (in seconds) that the TFTP server attempts to download the certificate.
Step 9 In the Local File Name text box, enter the directory path of the certificate.
Step 10 Click OK.
Downloading Vendor CA Certificates
Controllers and access points have a Certificate Authority (CA) certificate that is used to sign and validate device certificates. The controller is shipped with a Cisco-installed CA certificate. This certificate may be used by EAP-TLS and EAP-FAST (when not using PACs) to authenticate wireless clients during local EAP authentication. However, if you wish to use your own vendor-specific CA certificate, it must be downloaded to the controller. Follow the instructions in this section to download vendor CA certificate to the controller.
Step 1 Click Configure > Controllers.
Step 2 You can download the certificates in one of two ways:
a. Click the check box of the controller you choose.
b. Choose Download Vendor CA Certificate from the Select a command drop-down list, and click Go.
or
a. Click the URL of the desired controller in the IP Address column.
b. Choose System > Commands from the left sidebar menu.
c. Choose Download Vendor CA Certificate from the Upload/Download Commands drop-down list, and click Go.
Step 3 Specify if the certificate to download is on the TFTP server or on the local machine. If it is on the TFTP server, the name must be supplied in the Server File Name parameter in Step 9. If the certificate is on the local machine, you must specify the file path in the Local File Name parameter in Step 8 using the Browse button.
Step 4 Enter the TFTP server name in the Server Name parameter. The default is for the WCS server to act as the TFTP server.
Step 5 Enter the server IP address.
Step 6 In the Maximum Retries text box, enter the maximum number of times that the TFTP server attempts to download the certificate.
Step 7 In the Timeout text box, enter the amount of time (in seconds) that the TFTP server attempts to download the certificate.
Step 8 In the Local File Name text box, enter the directory path of the certificate.
Step 9 Click OK.
Using WCS to Enable Long Preambles for SpectraLink NetLink Phones
A radio preamble (sometimes called a header) is a section of data at the head of a packet. It contains information that wireless devices need when sending and receiving packets. Short preambles improve throughput performance, so they are enabled by default. However, some wireless devices, such as SpectraLink NetLink phones, require long preambles.
To optimize the operation of SpectraLink NetLink phones on your wireless LAN, follow these steps to use WCS to enable long preambles.
Step 1 Log into the WCS user interface.
Step 2 Click Configure > Controllers to navigate to the All Controllers page.
Step 3 Click the IP address of the desired controller.
Step 4 In the sidebar, click 802.11b/g/n > Parameters.
Step 5 If the IP Address > 802.11b/g/n Parameters page shows that short preambles are enabled, continue to the next step. However, if short preambles are disabled, which means that long preambles are enabled, the controller is already optimized for SpectraLink NetLink phones, and you do not need to continue this procedure.
Step 6 Enable long preambles by unchecking the Short Preamble check box.
Step 7 Click Save to update the controller configuration.
Step 8 To save the controller configuration, click System > Commands in the sidebar, Save Config To Flash from the Administrative Commands drop-down list, and Go.
Step 9 To reboot the controller, click Reboot from the Administrative Commands drop-down list and Go.
Step 10 Click OK when the following message appears:
Please save configuration by clicking "Save Config to flash". Do you want to continue
rebooting anyways?
The controller reboots. This process may take some time, during which WCS loses its connection to the controller.
Note You can view the controller reboot process with a CLI session.
Creating an RF Calibration Model
If you would like to further refine WCS Location tracking of client and rogue access points across one or more floors of a building, you have the option of creating an RF calibration model that uses physically collected RF measurements to fine-tune the location algorithm. When you have multiple floors in a building with the same physical layout as the calibrated floor, you can save time calibrating the remaining floors by using the same RF calibration model for the remaining floors.
The calibration models are used as RF overlays with measured RF signal characteristics that can be applied to different floor areas. This allows the Cisco Unified Wireless Network Solution installation team to lay out one floor in a multi-floor area, use the RF calibration tool to measure and save the RF characteristics of that floor as a new calibration model, and apply that calibration model to all the other floors with the same physical layout. See Chapter 5 for calibration instructions.
Feedback