Configuring the Catalyst 3750G Integrated Wireless LAN Controller Switch


The Catalyst 3750G Integrated Wireless LAN Controller Switch is an integrated Catalyst 3750 switch and Cisco 4400 series wireless LAN controller that supports up to 25 or 50 lightweight access points. The switch and the internal controller run separate software versions, which must be upgraded separately. Although the interaction between the switch and the controller is minimal, these software images must be compatible for the wireless LAN controller switch to operate correctly. See the Catalyst 3750 switch release notes for switch and controller software compatibility information.


Note When using the wireless LAN controller switch in a stack, you should load this image on all switches in the stack. However, wireless capability is available only on the Catalyst 3750G Integrated Wireless LAN Controller Switch.


The integrated controller runs software for the Cisco 4402 wireless controller. For information about the controller software release, see the Release Notes for Cisco Wireless LAN Controllers and Lightweight Access Point, Release 4.0.x.0. For controller software upgrade procedure, see the Cisco Wireless LAN Controller Configuration Guide Release 4.0.

If the switch and controller software are not compatible, you need to upgrade or downgrade the software so that they are compatible:

When the Wireless LAN Control Protocol (WCP) version in the Catalyst 3750 image and the controller image do not match, the switch generates syslog message. If the system still functions, you should upgrade or downgrade software to synchronize the images.

If WCP stops working, you can use the second console port on the switch to upgrade or downgrade controller software. If WCP stops working, the switch resets the wireless LAN controller approximately every 320 seconds.

This appendix contains information that applies to the software running on the switch, and describes only features that are specific to the wireless LAN controller switch. For information about the switch commands specific to the Catalyst 3750G switch, see the command reference for this release.

This appendix contains these sections:

Understanding the Wireless LAN Controller Switch

Configuring the Wireless LAN Controller Switch

Displaying Internal Wireless Controller Information

Understanding the Wireless LAN Controller Switch

The Catalyst 3750G Integrated Wireless LAN Controller Switch is a Layer 3 IEEE 802.3af-compliant switch with an integrated wireless LAN controller capable of supporting up to 25 or 50 lightweight access points. The switch combines the Catalyst 3750 switch infrastructure with wireless LAN controller and access points to provide an IEEE 802.11 mobile wireless solution.

The wireless LAN controller switch has these features:

Layer 2 and Layer 3 wireless mobility

wireless LAN controller in appliance mode using Layer 3 Lightweight Access Point Protocol (LWAPP) to control access points in the same or different subnet than the controller

Layer 3 roaming

single point of ingress for wireless traffic

integration of wireless traffic with existing wired network infrastructure.

Layer 2 switching and Layer 3 routing capability

software parity with the Catalyst 3750 IP base, IP services, and advanced IP services crypto and noncrypto images

optimized for 25 and 50 access points and up to 500 wireless users

Power over Ethernet ports for powering access points or other network appliances, such as IP phones

The Catalyst 3750G switch software handles all the switch features, including routing, bridging, access control lists (ACLs), and quality of service (QoS). The controller handles all wireless functionality. The Catalyst 3750G switch and the internal wireless controller are connected internally through two Gigabit Ethernet links. These links are automatically configured to direct the switch wireless traffic toward the controller, requiring minimal configuration by the user.

The Wireless LAN Controller Switch and Switch Stacks

The wireless LAN controller switch can coexist with other Catalyst 3750 switches in a switch stack. However, for controller functionality, all switches in the stack should be running software that supports the controller. To support wireless controller redundancy, there should be at least two wireless LAN controller switches in a stack. A stack should contain no more than four wireless LAN controller switches.

The wireless LAN controller switch can be a master switch or a member switch in a stack. Stacking behavior for a wireless LAN controller switch is consistent with that of other Catalyst 3750 switches. For wireless functionality, you can configure the access points so that if one wireless LAN controller switch in a stack shuts down, the access points and wireless clients controlled by the controller in this switch automatically migrate to the controller of another wireless LAN controller switch in the stack, The traffic for wireless clients experiences a short interruption due to reassociation and reauthentication.

In a switch stack, each switch holds a unique switch number (1 to 9). This same switch number is used to access the controller in a switch in a stack or a standalone switch, where the switch number is 1 by default. For example, to access the controller in stack member 3, use the session 3 processor 1 privileged EXEC command (where processor 1 represents the controller). To access the controller in a standalone switch, use the command session 1 processor 1.


Note Always power off a switch before adding or removing it from a switch stack.


Controller and Switch Interaction

The Catalyst 3750G switch and its internal controller are managed separately. You can manage the switch by using the switch CLI, eXpresso, or CNA. You can manage the controller by using the controller CLI, the embedded controller GUI, or WCS. To use the GUI or WCS, you must configure the controller management interface, either through the 3750 CLI, the controller CLI, eXpresso, or Express Setup. See the Catalyst 3750 Integrated Wireless LAN Controller Switch Getting Started Guide for how to use eXpresso and express setup. To access the controller CLI, enter the session switch-number processor 1 privileged EXEC command.

When you power on the wireless LAN controller switch, POST is performed separately by both the Catalyst 3750 switch and by the wireless controller. Both maintain separate configuration files, which must be separately saved or cleared.

Note these switch and controller interactions:

The Catalyst 3750G switch and the controller maintain separate configuration files. They are not automatically synchronized.

When the switch resets, this automatically resets the controller. When the controller is reset by the switch, the controller configuration is not automatically saved.

Password recovery functions separately on the switch and on the controller.

You can trigger the password recovery procedure on the switch by pressing the switch Mode button. (See "Troubleshooting"for information about the switch password recovery procedure.)

Password recovery on the controller can be performed by selecting clear config from a hidden boot-up menu accessible if the user initiates an escape from the controller bootup process. This requires serial console access to the controller through the second console port.

Internal Ports

The two internal Gigabit Ethernet ports connect the switch and controller hardware. These ports carry the wireless control and data traffic, as well as the switch and controller management traffic. The links are automatically configured to allow internal traffic between the switch and the controller. In addition, an internal VLAN ID is chosen by the Catalyst 3750G switch and communicated to the controller. You cannot configure the internal VLAN.

In order to operate correctly with the controller, the internal ports (identified as Gigabit Ethernet ports 27 and 28) must have these characteristics:

IEEE 802.1Q trunk mode

static Ether Channel ports with Port Aggregation Protocol (PAgP) and Link Aggregation Control Protocol (LACP) disabled

generation of Dynamic Trunking Protocol (DTP) frames disabled)

spanning tree protocol (STP) Port Fast mode enabled

Cisco Discovery Protocol (CDP) disabled

UniDirectional Link Detection (UDLD) disabled

The ports are automatically configured with these parameters, including membership in an EtherChannel port group, and you should not change these configurations. However, it is important that the EtherChannel port group should be unique on the switch and in the stack; no other ports should belong to the port group that contains the internal ports. If a switch stack includes more than one wireless LAN controller switch, the internal port channel number must be different within each switch.

You can reconfigure the port channel number if necessary, and you can explicitly configure these ports with other parameters. However, you should not configure features that limit traffic flow, such as ACLs, VLAN maps, and IP source guard.

Configuring the Wireless LAN Controller Switch

You configure the wireless LAN controller switch by using the same commands that you use to configure any Catalyst 3750 switch (standalone or in a switch stack). This section describes only the configuration specific to the wireless LAN controller switch and includes these sections:

Internal Port Configuration

Reconfiguring the Internal Ports

Accessing the Controller

Internal Port Configuration

As explained in the "Internal Ports" section, the internal ports connecting the switch and controller are Gigabit Ethernet ports 27 and 28. You should not change the parameters defined in that section as required for switch and controller interaction. This is a sample configuration for the internal ports:

!
interface Port-channel41
 switchport trunk encapsulation dot1q
 switchport mode trunk
 switchport nonegotiate
end

!
interface GigabitEthernet2/0/27
 description This interface is permanently connected to wireless controller
  switchport trunk encapsulation dot1q 
  switchport mode trunk 
  switchport nonegotiate 
  no cdp enable 
  channel-group 41 mode on 
  spanning-tree portfast trunk 
  end

!
interface GigabitEthernet2/0/28
description This interface is permanently connected to wireless controller
  switchport trunk encapsulation dot1q 
  switchport mode trunk 
  switchport nonegotiate 
  no cdp enable 
  channel-group 41 mode on 
  spanning-tree portfast trunk 
  end

You can also configure other parameters on these ports in interface configuration mode. For example, by default, all traffic on all VLANs are sent to the controller. You should limit the VLANs that are allowed on the internal trunk by using the switchport trunk allowed vlan interface configuration command. You enter interface configuration mode for an internal port the same as any other port. For example, if the wireless LAN controller switch is a standalone switch or switch number 1 in a stack, use this command to enter interface configuration mode for internal port 27:

Switch(config)# gigabitethernet1/0/27
Switch(config-if)# 

The internal ports are automatically configured to belong to a static Ether Channel that has PAgP and LACP disabled. No other ports (internal or otherwise) in the switch stack should be members of this EtherChannel. To identify the internal port channel number that the switch has automatically configured, use the show etherchannel summary privileged EXEC command.

This output shows that the internal ports on switch 1 in the stack belong to port channel 40. You should not use this port channel for any other ports in the stack.

Switch# show etherchannel summary
Flags:  D - down        P - in port-channel
        I - stand-alone s - suspended
        H - Hot-standby (LACP only)
        R - Layer3      S - Layer2
        U - in use      f - failed to allocate aggregator
        u - unsuitable for bundling
        w - waiting to be aggregated
        d - default port

Number of channel-groups in use: 36
Number of aggregators:           36

Group  Port-channel  Protocol    Ports
------+-------------+-----------+----------------------------
1      Po1(SD)         LACP      Gi2/0/1(D)
<output truncated>
33     Po33(SD)        LACP      Gi2/0/17(D)
40     Po40(SU)         -        Gi1/0/27(P) Gi1/0/28(P)

Reconfiguring the Internal Ports

You should not modify the automatic configuration of the internal ports, but if they somehow lose the automatic configuration, you should reconfigure the ports to that configuration.

Beginning in privileged EXEC mode, follow these steps to configure the internal ports to the automatic configuration:

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

interface interface-id

Specify one of the internal ports, and enter interface configuration mode. The internal ports are gigabitethernet switch-number/0/27 and gigabitethernet switch-number/0/28.

Step 3 

channel-group channel-group-number mode on

Assign the port to a channel group, and disable PAgP and LACP.

For channel-group-number, the range is 1 to 48.

Selecting mode on forces the port to channel without PAgP or LACP.

Note No other ports in the switch stack should be members of this channel group.

Step 4 

exit

Return to privileged EXEC mode.

Step 5 

interface interface-id

Specify the other internal port, and enter interface configuration mode.

Step 6 

channel-group channel-group-number mode on

Assign the port to the same channel group used in Step 3.

Step 7 

exit

Return to privileged EXEC mode.

Step 8 

interface port-channel channel-group-number

Enter interface configuration mode for the port channel that includes the internal ports.

Step 9 

channel-group channel-group-number mode on

Assign the port to the same channel group used in Step 3.

Step 10 

switchport mode trunk

Set the internal ports to trunk mode.

Step 11 

switchport trunk encapsulation dot1q

Set the trunk encapsulation method to IEEE 802.1Q.

Step 12 

switchport no negotiate

Disable generation of DTP frames.

Step 13 

spanning tree portfast

Enable STP Port Fast mode.

Step 14 

no cdp

Disable CDP.

Step 15 

no udld

Disable UDLD (the default is disabled).

Step 16 

switchport trunk allowed vlan remove vlan-list

Control the VLAN traffic sent to the controller by not allowing VLAN traffic on the trunk from specified VLANs.

Step 17 

exit

Return to privileged EXEC mode.

Step 18 

show running-config

Verify your entries.

Step 19 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

Accessing the Controller

You can configure the internal wireless controller by using the embedded controller GUI, WCS, or the controller CLI. You use the management interface IP address to access the controller GUI from a browser or from WCS.

You access the controller CLI from the master switch in a switch stack or from a standalone wireless LAN controller switch by using the session stack-member-number processor 1privileged EXEC command. This command takes you to the controller CLI to enter controller configuration commands. This example assumes that switch 2 in a stack is the wireless LAN controller switch:

Switch# session 1 processor 1
(Cisco Controller)
User:

See the Cisco Wireless LAN Controller Configuration Guide Release 4.0 for controller CLI configuration information.

Displaying Internal Wireless Controller Information

To use access the controller GUI, you need to enter the management interface IP address. From the switch CLI, you can enter the show platform wireless-controller privileged EXEC command with or without keywords to display the management IP address, as well as other information about the internal controller as shown in this example.

Switch# show platform wireless-controller
Wireless Controller in Switch 2 
Operational Status of the Controller : operational
Service VLAN                         : 4095
Service Port Mac Address             : 000b.8540.3783
Service IP Address                   : 127.0.1.2
Management IP Address                : 22.2.2.2
Management VLAN                      : 7
Software Version                     : 3.3.0.3
Keepalive Version(controller/switch) : 1/1
Keepalives Missed                    : 0
Controller accepts http/https        : 0/1
Controller's Status Line             : up
Watchdog resets of Controller        : 0
Controller resets total              : 0
Unacknowledged control messages      : 0

Wireless Controller in Switch 3
Operational Status of the Controller : operational
Service VLAN                         : 4095
Service Port Mac Address             : 000b.8540.33e3
Service IP Address                   : 127.0.1.3
Management IP Address                : 8.8.8.8
Management VLAN                      : 8
Software Version                     : 3.3.0.3
Keepalive Version(controller/switch) : 1/1
Keepalives Missed                    : 0
Controller accepts http/https        : 0/1
Controller's Status Line             : up
Watchdog resets of Controller        : 0
Controller resets total              : 0
Unacknowledged control messages      : 0