B N Mobility -‐ CUWN 8.1 Features Lab – ver1
Borderless Networkers PVT-AMS October 2014 CUWN 8.1 Feature LAB
Cisco Confidential 2014 © All Rights Reserved
Page 1
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
Lab Topology In order to derive the most out of this Lab, and exercise the functionality outlined in this document, it’s important to have a network that is configured properly with IPv4 configuration on the switches and controllers. All lab resources are configured as depicted in the diagram below. Most Lab deployments are usually in lab or private network with a minimal set of Controllers, Access Points and Clients.
LabTopology* Wireless*Client* Lync*Client** Username*:podXa* Password:*Cisco123* *
SSID:*PODX/EoGRE* Security:*WPA2*/PSK*
* Wireless*Client** Cisco*AirProvision* App* * ** *
Internet* NAT*Router*
SSID:*PODX/PSK*(Universal/admin)* Security:*WPA2*/PSK* MSE:10.10.105.26*
AP2700/UX* *
SW/3750* 10.10.X0.4*
Wired*Client*10.10.X0.x* * * * CUWN*8.1*Features* /Spartan*2.0* /Universal*AP* /ATE* /BLE* /Lync*SDN*
/FlexAVC* * ** *
WLC/2504* MGMT*=*10.10.X0.2*/24*VLAN*10*
CORE/SW/3750* Vlan10:10.10.10.1* Vlan20:10.10.20.1* Vlan30:10.10.30.1* VlanX0:10.10.x0.1* *
PI:10.10.105.25*
UCS*10.10.105.50**
MS*Lync*Server*10.10.105.14**
POD*X*
*"Where"‘X’"is"the"POD"number""
Client Devices used in LAB Topology 1. Apple iPhone/ Android Phone to associate on SSID(universal-admin) for to config AP domain 2. Wired Laptop connected to POD L2 switch to access mgmt VLAN X0 the network (where x is POD number)
Cisco Confidential 2014 © All Rights Reserved
Page 2
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
3. After doing basic connectivity testing you will be required to disconnect the PC/ laptop from the Switch port and directly connect it to the WLC Service Port as part of the lab Section 1.
IP Addressing and Passwords Device DHCP Server Pod 1 DHCP Server Pod X Pod 1 Switch Pod X Switch Pod 1 WLC Pod 2 WLC Pod 3 WLC Pod X WLC Pod 1 AP Pod X AP
Vlan 10 X0 10 X0 10 20 30 X0 10 X0
IP Address 10.10.10.1 10.10.X0.1 10.10.10.4 10.10.X0.4 10.10.10.2 10.10.20.2 10.10.30.2 10.10.X0.2 DHCP DHCP
Gateway 10.10.10.1 10.10.X0.1 10.10.10.4 10.10.X0.4 10.10.10.1 10.10.10.1 10.10.X0.1 10.10.X0.1 10.10.10.1 10.10.X0.1
User Name N/A N/A N/A N/A admin admin admin admin cisco cisco
Password N/A N/A Cisco Cisco Cisco123 Cisco123 Cisco123 Cisco123 Cisco Cisco
Lab has 2 dedicated VLANs for each POD Management Vlan • •
Pod 1 10
Pod 2 20
Pod 3 30
Pod 4 40
Pod 5 50
Pod 6 60
Pod 7 70
Pod 8 80
Pod 9 90
Pod 10 100
Management Vlan used for => WLC, AP, Wireless Laptop Client, Apple Client Machine (iPAD/iPhone) Wired laptop connected to VLAN x0
Verify Controller and Switch Connectivity Lab core switch is been configured for you and you don’t have to make any changes. Please verify L2 switch and WLC connectivity for your individual Pod. To verify controller and switch connectivity use wired laptop connected to individual POD L2 switch on interface Gig1/0/13. Your laptop should have IPv4 address from management vlan of individual POD
POD 1 10
POD 2 20
POD 3 30
POD 4 40
POD 5 50
POD 6 60
POD 7 70
POD 8 80
Pod 9 90
Pod 10 100
Example below is from the Pod 9 wired workstation:
Cisco Confidential 2014 © All Rights Reserved
Page 3
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
Now being connected to your local Pod you can verify lab setup and configuration as shown in topology above. Remember individual POD switches are configured as pure L2 switches and not a core switch. Using telnet access from command prompt on the wired Lab laptops, connect to individual POD switches and controller and verify the network connectivity. POD 1 L2 switch POD 2 L2 switch POD 3 L2 switch POD X L2 switch
: 10.10.10.4 : 10.10.20.4 : 10.10.30.4 : 10.10.X0.4 [where X is the POD number]
When connected to the individual L2 switch initiate ping to it’s gateway and DHCP server and make sure connectivity is fine. Below example from Pod 9
Cisco Confidential 2014 © All Rights Reserved
Page 4
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
Section1: Day 0/1 setup 2.0 (Best Practice) Day 0/1 setup Introduction The goal of this feature in the Lab guide is to provide a set of instructions to help easily setup a WLC to operate in a small or medium office environment, where access point(s) can join and together as a simple solution, provide various services such as corporate employee or guest wireless access on the network. With this Day 0/1 setup software release, there are 2 ways to configure the 5508 Series Wireless LAN Controller: • Traditional command line interface (CLI) via serial console. • Updated method using network connection directly to the WLC GUI setup wizard This guide provides instruction only for using the WLC GUI setup wizard. Configuration via CLI is has been maintained for some time and is available on Cisco.com or at the following location: http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-6/configuration/guide/b_cg76.html General steps to configure are summarized as follow: 1. Complete the configuration checklist 2. Unpack, connect and power on the WLC. 3. Connect a client machine to Port 2 of the WLC with an Ethernet cable. 4. Open a client web browser access the WLC startup GUI 5. Enter the settings from the completed configuration checklist 6. Disconnect the WLC from client machine and connect to the network switch. 7. Connect access point(s) to the network switch. 8. Access points will join the WLC, then configured wireless network will become available. 9. Connect wireless client(s) to the available network.
Components Used • • • • •
Cisco 2504 Series Wireless LAN Controller Access Points supplied in the Lab Cisco Catalyst Switch Client computer (e.g. laptop) supplied in the Lab, with an available wired Ethernet port. Wireless clients (tablets, smartphones, etc.)
WLC Installation Step-by-Step 1. Connect a PC laptop wired Ethernet port directly to Port 2 of the WLC (figure of Port 2 location is shown below). The port LEDs will blink to indicate that both machines are properly connected.
Cisco Confidential 2014 © All Rights Reserved
Page 5
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
2. It may take several minutes for the WLC to fully power on to make the GUI available to the PC. Do not auto configure controller.
3.
The LEDs on the front panel will provide system status: a. The system is NOT ready - LEDs is OFF. b. The controller IS ready - LED is solid green
If you don’t get a PI address (192.168.1.xyx) from WLC the manually assign a static IP address 192.168.1.X to your Laptop to access the WLC GUI (DHCP will be available in the official release) Example of network settings on Windows PC (Start à Run à CMD à ‘ipconfig’):
Cisco Confidential 2014 © All Rights Reserved
Page 6
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
4. Upon confirming that there is an IP address of 192.168.1.x assigned to your computer, open a web browser (Prefered is Chrome and Safari) and open the following URL: http://192.168.1.1
a. b. c. d.
Create a new admin account name = admin Provide the new admin account’s password = Cisco123 Confirm the password. Click on Start to continue.
Cisco Confidential 2014 © All Rights Reserved
Page 7
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
5. On the next screen, indicated Step 1 - Set Up Your Controller, fill out the required information. Again, it will be helpful to refer to your checklist and the table provided by the Lab Admin. a. System name for the WLC – PODX-WLC b. The current time zone (w.r.t country ) c. NTP Server (optional) d. Management IP address, subnet mask, and default gateway – 10.10.X0.2 and 10.10.X0.1 e. Management VLAN id (see checklist), if left unchanged (or 0), then the network switch port must be configured with a native VLAN “X0” Note: The wizard will attempt to import the clock information (date and time) from the computer via JavaScript. It is highly recommended that you confirm this before continuing. Access points rely on correct clock settings to be able to join the WLC. Note: Example below show a configuration for Pod 1.
Cisco Confidential 2014 © All Rights Reserved
Page 8
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
6. Next, or from the Step 2 - Create Your Wireless Networks, with the help from your checklist, fill out the following: a. Network name/SSID - PODX-PSK b. Security (WPA/WPA2 Personal) • WPA/WPA2 Personal – provide a pass phrase (PSK / password=Cisco123) c. Provide the DHCP server (10.10.X0.1) – if left empty, the DHCP processing is bridged to the management interface. Example of an Employee Network configured with WPA/WPA2 Personal using PSK (pre-shared key / pass phrase) for Pod1.
Cisco Confidential 2014 © All Rights Reserved
Page 9
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
Configure advanced settings in section 3 as shown in the example below. 1. Check the RF parameter Optimization box
Then you can configure the Deployment Type parameters through which you can select Low Density, Typical or High Density and also configure the RF parameters for particular type of traffic as well like Data and Voice.
Cisco Confidential 2014 © All Rights Reserved
Page 10
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
For this Lab select deployment type as ‘Typical’ and Traffic Type as ‘Data’ leave the Virtual IP Address and other values to default then click ‘Next’.
Following table depicts the default values when ‘Typical’ deployment type is selected from RF parameters.
Cisco Confidential 2014 © All Rights Reserved
Page 11
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
7. If all settings are correct, click Apply. A message with a prompt ‘System will reboot...Do you want to apply these configuration?’
Cisco Confidential 2014 © All Rights Reserved
Page 12
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
8. Click OK to apply final settings, the WLC will reboot automatically. A confirmation page will show that ‘The controller has been fully configured and will now restart’ Sometimes this message would not appear this is a known issue and will be fixed. 9. Optionally check the configuration done in the Day-0 config via the console connection
10. Disconnect your computer from the WLC port 2 and connect it to POD-Switch port 5 Please do not forget to change the laptop ip address back to dynamic/automatic dhcp option if it is statically assigned. Otherwise would not be able to access the WLC mgmt. GUI through 10.10.X0.2 11. Connect the WLC port 1 to the switch assigned trunk port. i.e port 1 of your POD Switch if not already connected. 12. Connect only AP3700 access points to the your POD switch if not already connected. i.e. AP3700 to port 3 13. Wait until access points to join the WLC
Dashboard Browse to http://10.10.X0.2 which you assigned to your PODx-WLC Please spend some time to explore the new dashboard. The admin must log into the WLC to access web UI and dashboard. This dashboard does not replace the existing legacy Monitor page on the WLC. To return to the legacy web UI page, click on the ‘Advanced’ link.
Cisco Confidential 2014 © All Rights Reserved
Page 13
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
To return back to the Dashboard screen click on the Home button as shown below.
You can verify whether the Day 0/1 setup 2.0 (best practice) features are enabled by checking that predefined RF profiles getting created under WIRELESS->RF Profiles
Cisco Confidential 2014 © All Rights Reserved
Page 14
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
Also , under WIRELESS->Advanced-> System Profile/ Network Profile you should see the following
Below are examples of some of the BP features enabled with Day-0 wizard installation. The features showing * are in process of being implemented in the new release Feature
8.1
AVC Visibility
Yes( 2504 Only)
mDNS Snooping
Yes (2504 Only)
New MDNS Profile for printer, http
Yes
Local Profiling
Yes
Band Select
Yes
DHCP Proxy
Yes
Secure Web access
Yes
Virtual IP 192.0.2.1
Yes (configurable)
RRM-‐DCA Auto
Yes
RRM-‐TPC Auto
Yes
CleanAir Enabled
Yes
EDRRM Enabled
Yes
Channel Width 40 MHz
Yes
Aironet IE Disabled
Yes
Management over Wireless
No
Cisco Confidential 2014 © All Rights Reserved
Page 15
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
2.4 Low Data Rates Disabled
Yes (Network profile)
Load Balancing
Yes (Network profile)
Rogue Threshold Enabled
Yes
Client Exclusion Enabled
Yes
FastSSID Enabled*
Yes
Infra MFP
Yes
Multicast Forwarding Mode
Yes
SNMPv3 (delete default)
Yes
Mobility Name
Yes
RF Group same as Mobility Name
Yes
DHCP Required on Guest WLAN
Yes
5 GHz Channel Bonding*
Yes
Note: Before proceeding to the next section configure an RF Group Name according to your pods (e.g. pod1, pod2…podx where x is the pod number) From WLC main menu CONTROLLER->General then configure the name as podx (where x is the pod number).
You have reached the end of the Lab guide for the Day 0/1 setup software release. Please proceed to the next section of the Lab.
Cisco Confidential 2014 © All Rights Reserved
Page 16
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
Section 2:
Air Time Entitlement (ATE) Traditional (wired) implementations of QOS regulate egress bandwidth. With wireless networking, the transmission medium is via radio waves that transmit data at varying rates. Instead of regulating egress bandwidth, it makes more sense to regulate the amount of airtime needed to transmit frames. Air Time Entitlement (ATE) is a form of wireless QOS that regulates downlink airtime (as opposed to egress bandwidth). Large scale, high density Wi-Fi deployments are driving this feature. Wireless Network owners are mandating that their applications be allocated some fixed percentage of the total bandwidth of the Wi-Fi network. At the same time, with capital sharing being considered with multiple cellular providers, ATE is needed to ensure fairness of usage across operators. Before a frame is transmitted, the ATE budget for that client/UP/SSID is checked to ensure that there is sufficient airtime budget to transmit the frame. Each client/UP/SSID can be thought of as having a token bucket (1 token == 1 microsecond of airtime). If the token bucket contains enough airtime to transmit the frame, it is transmitted over the air. Otherwise, the frame can either be dropped or deferred. While the concept of dropping a frame is obvious, deferring a frame deserves further explanation. Deferring a frame means that the frame is not admitted into the Access Category Queue (ACQ). Instead, it remains in the Client Priority Queue (CPQ) and may be transmitted at a later time when the corresponding token bucket contains a sufficient number of tokens (unless the CPQ reaches capacity, at which point the frame will be dropped regardless). The majority of the work involved for ATE takes place on the access points. The wireless controller is used simply to configure the feature and display results.
Cisco Confidential 2014 © All Rights Reserved
Page 17
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
Note: • • • •
• • • •
ATE policies are applied only in the downlink direction (AP transmitting frames to client). ATE policies are applied only on wireless data frames; management and control frames will be ignored. When ATE is configured per-client, each client is granted equal airtime. ATE will be configured to either drop or defer frames that exceed their airtime policies. If the frame is deferred, it will be buffered and transmit at some point in the future when the offending client/UP/SSID has a sufficient airtime budget. Of course, there is a limit as to how many frames can be buffered. If this limit is crossed, frames will be dropped regardless. ATE can be globally enabled/disabled ATE can be enabled/disabled on an individual access point Legacy, 802.11n, and 802.11ac (TBD) frames will be supported. ATE results and statistics will be available on the wireless controller (TBD).
Global ATE configuration commands Note: For this exercise make sure only AP3700 is enable and keep AP2700 disabled. This is because currently there are some known issues of ATE on AP2700 in this code. In this Lab exercise we will configure two WLAN s on the controller and assign one SSID=PODX-ate98 entitlement of 98% and another SSID = PODX-ate2 entitlement of the 2%. Then we will connect clients to one WLAN at a time and use media stream applications such as YouTube and observe performance with 98% and 2% Entitlement. 1. Create two SSIDs on the Pod X controller PODX-ate98 and PODX-ate2 with WPA/PSK and password=Cisco123.
2. On the Controller CLI configure ATE for SSID config ate mode ssid This command sets the mode (granularity) at which ATE is performed to SSID. Cisco Confidential 2014 © All Rights Reserved
Page 18
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
3. In the next step configure two bucket IDs and Weight for the two corresponding SSIDs. One bucket # 1 with weight 98% and the second #2 Weight 2%. config ate bucket 1 98 config ate bucket 2 2
4. Disable WLAN PODX-ATE98 and PODX-ATE2 5. In the next step assign WLAN created previously to the buckets accordingly. SSID PodXate98 to bucket 1 and PodX-ate2 to bucket 2. config wlan ate bucket # assign bucket to wlan (wlan must be down) Make sure corresponding WLAN numbers match the bucket ID # with a specific weight as shown in the example below.
Enable WLAN PODX-ATE98 and PODX-ATE2 2. With the next command configure how to control what ATE does with a packet that violate its airtime policy. Packets can either be dropped or deferred. If packets are deferred, they get buffered in the AP where they will be transmitted at a later time when there is a sufficient airtime budget. Configure Violation as dropped as in the example shown below Cisco Confidential 2014 © All Rights Reserved
Page 19
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
config ate violation drop 3. Show ATE configuration on the WLANs with the following commands show ate config wlan # show bucket + wlan combinations show ate config all # show settings by APs
4. Connect a wireless Client of your choosing to SSID in your POD ie PodX-ate98 and observe the effect of the ATE on this WLAN. Run some video stream such YouTube. 5. Connect a wireless Client to SSID in your POD ie PodX-ate2 and observe the affects of the ATE on that WLAN. You should see YouTube is much slower on this WLAN. 6. Change the buckets to something like 90% and 10% and observe the video changes. 7. There are no debugs and Statistics in code rite now
Cisco Confidential 2014 © All Rights Reserved
Page 20
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
Section 3: BLE (Bluetooth Low Energy) Bluetooth Low Energy or Bluetooth LE, marketed as Bluetooth Smart, is a wireless personal area network technology designed and marketed by the Bluetooth Special Interest Group aimed at novel applications in the healthcare, fitness, security, and home entertainment industries. Compared to Classic Bluetooth, Bluetooth Smart is intended to provide considerably reduced power consumption and cost while maintaining a similar communication range. Mobile operating systems including iOS, Android, Windows Phone and BlackBerry, as well as OS X, Linux, and Windows 8, natively support Bluetooth Smart. Bluetooth Smart is not backward-compatible with the previous, often called Classic, Bluetooth protocol. The Bluetooth 4.0 specification permits devices to implement either or both of the LE and Classic systems. Bluetooth Smart uses the same 2.4 GHz radio frequencies as Classic Bluetooth, which allows dual-mode devices to share a single radio antenna. BLE does, however, use a simpler modulation system and uses a different set of channels. Instead of the Classic Bluetooth 79 1-MHz channels, Bluetooth Smart has 40 2-MHz channels. Within a channel, data is transmitted using Gaussian frequency shift modulation, similar to Classic Bluetooth's Basic Rate scheme. The bit rate is 1Mbit/s, and the maximum transmit power is 10 mW. You also probably heard of BLE beacons or iBeacons (Apple’s version of BLE) come up in your conversations with customers or partners. BLE uses Bluetooth 4.0 for advertising and granular location. As noted above, BLE is supported in most newer smartphones and can enhance indoor Wi-Fi location deployments with additional levels of granularity and faster refresh rates. If you are thinking about beacons, the best solution is a hybrid environment where Wi-Fi is enhanced with BLE. This solution helps mitigate the operational costs and complexity of handling rogue or stolen beacons, while offering a richer location landscape for your deployment. Cisco is doing three things to help in this area: 1 – Improve Location Accuracy: Cisco is improving Wi-Fi based location in order to reduce the difference between Wi-Fi and BLE. Better Wi-Fi location accuracy will allow you to reduce the number of BLE beacons required for granular location applications. Cisco is working towards goals of 1-3m accuracy; 5-6 second refresh rate, and 2 second latency. *Please note: not all use cases require the fast refresh rates offered by BLE. 2 – Manage BLE: Cisco wireless infrastructure can see, read, and position BLE beacons with existing Cisco CleanAir AP’s – there is no need for new hardware. This will help you keep track of beacons, ensure they have not moved, identify rogue and/or duplicate beacons. We are working on Wi-Fi-based visibility (and potentially moving into active management) to help streamline BLE management. 3 –Integrate BLE with Access Points: We’ve identified that there is potential here to help you deploy fewer beacons and reduce worries around battery replacement/theft/movement while built-in centralized management.
Cisco Confidential 2014 © All Rights Reserved
Page 21
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
Configuring BLE/iBeacon detection and Classification BLE (iBeacon) device operates/beacons in 2.4 Ghz band. The Cleanair needs to be enabled on 802.11b network in order for the AP to discover it. 1- Go to WLC main menu WIRELESS->802.11b/g/n->CleanAir and enable cleanair by checking
the box if it is disabled.
2- Now from the WLC CLI and issue the following command to enable ibeacon detection (PODx-WLC)> config 802.11b cleanair device enable iBeacon To verify if any BLE/iBeacon is reported by the AP to the WLC issue the command (PODx-WLC)> test cleanair show idr all //This will show all the interferers// Note : In the lab there are few iBeacons present and you should see them
Cisco Confidential 2014 © All Rights Reserved
Page 22
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
3- You can also use the following show command to see if the ibeacons are detected by the specific AP. (PODx-WLC)> show 802.11b cleanair device ap
As the iBeacons are being detected as rogue devices we need to classify them and this is done through the PI/MSE in this lab setup.
Note: In this lab we are using PI and MSE to show the visibility and configuration of iBeacons. But going forward the BLE/iBeacon visibility and configuration will only be available on MSE (MSE 10.x) This PI is demo code just use it as a reference for this lab only. 4- Now login to the PI (10.10.105.26 root/Public123) and see your respective POD-WLCs are already add to the PI. Note : If the WLC is not on the PI then add it from PI main menu bar go to Operate->Device Work Center and add your respective POD WLCs
Cisco Confidential 2014 © All Rights Reserved
Page 23
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
5- Configure the device parameters according to your pod and click ‘Add’ button WLC IP Address = 10.10.X0.2 ; Community= private ; Telnet= admin/Cisco123
6- The WLC should get added to the PI as seen below
Cisco Confidential 2014 © All Rights Reserved
Page 24
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
7- Now add your respective POD-AP’s to the map by going to PI main menu then click Operate->Maps
8- There is a single map (conference room) for all the pods. Click on the maps and then Site Maps System Campus>SJC5>Conference room
9- Only when you do not see your POD AP on the map then Add the access point by selecting ‘Add Access Points’ from ‘Select a command ‘drop down menu on the right side of the page then click ‘Go’ button.
Cisco Confidential 2014 © All Rights Reserved
Page 25
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
10- This will to take you to ‘Add Access Points’ page. There will be multiple access points showing up on the list please select the one with your POD number and Click ‘OK’ button
Note: Once the AP is added then switch PI mode to Classic view as iBeacons configuration is currently only available in PI classic view. 11- Hover your cursor to ‘root’ on top right side of the PI GUI then select “Switch To Classic Theme”
12- Go to Monitor and then click on BLE Beacons, this will give you list of iBeacons discovered and will show up as rogues.
Cisco Confidential 2014 © All Rights Reserved
Page 26
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
13- Similarly, from PI main menu navigate to Configure tab and click BLE Beacons
14- List of the iBeacons will show up click on the one of the iBeacon device Mac Address. As we don’t have individual beacons for the pods just use the next step for the reference. Note: In most cases you will have the Beacons which have a MAC or UUID but the ones in the lab are Estimote ibeacons which don’t have this information visible on the device physically (The mac address is hand written on the back side of the some of ibeacon devices in the lab)
15- Not a requirement but you can name the device as you like e.g BLE-1 where Then click ‘Save’
Cisco Confidential 2014 © All Rights Reserved
Page 27
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
16- Once the device name is changed add that device to known list, from ‘-Select a command-‘ drop down menu on the right side of the page select ‘Add BLE Beacons to Known-List’ and click ‘Go’shown below.
17- Now go the map and check if BLE Beacons are populated on the map. Please make sure under the Floor Settings that all the BLE filters are enabled. You should be able to see the iBeacons on the map some showing up as rogues (Yellow) and ones configured as known (Green) and if there is any missing iBeacon it will show up as Red
Cisco Confidential 2014 © All Rights Reserved
Page 28
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
Cisco Confidential 2014 © All Rights Reserved
Page 29
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
Section 4: Lync SDN
• Classify Lync Voice, Video, Desktop Sharing and File Transfer • Automate QoS policy to control any given Lync call. • Supports 5508, WISM2 and 8510 controller and HA. • Supports L2/3 roaming where policy and call info are maintained. • In Mobility group, all Controllers register with SDN server and show same call data across all controllers • Report/Monitor and assist with diagnostics of endpoint detail: Call status Call type Source/Destination URIs MOS Jitter Call Duration
Cisco Confidential 2014 © All Rights Reserved
Page 30
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
Step1: Global Lync Configuration 1- From WLC maain menu go to WIRELESS->Lync Server enable Lync server by checking the box, assign a port number (15790) and protocol (http) and hit Apply
Global Lync Configuration from WLC CLI config lync-sdn enable/disable config lync-sdn port config lync-sdn protocol http/https show lync-sdn summary
Cisco Confidential 2014 © All Rights Reserved
Page 31
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
Step2: Lync WLAN Configuration Navigate to the WLANs and select the WLAN on which you want to have Lync service enabled (PODxPSK for the lab) under ‘Advanced’ tab scroll down to Lync-> Lync Server then select ‘Enabled’
Lync WLAN configuration from CLI config wlan lync enable/disable
Step 3: WLAN QoS Configuration On the same WLAN go to the QoS tab Enable Application Visibility (Enabling AV is not mandatory but we are doing this in the lab to see if the Lync calls are getting classified and recognized)
Cisco Confidential 2014 © All Rights Reserved
Page 32
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
Step4 : Configure ACL for Lync From WLC main menu go to SECURITY->Access Control Lists and click New
Give intuitive ACL name ( in our example we named it lync) and click Apply
Now click on the ACL name and configure ACL rules by clicking ‘Add New Rule’ button
Configure the rules as shown below and hit Apply.
Cisco Confidential 2014 © All Rights Reserved
Page 33
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
Similarly, configure other rules as shown below
Now apply this ACL as CPU ACL. In the official release user would not need to configure this ACL but will be enabled by default once configuring Lync.
NOTE: If you misconfigured the ACL and lock your self out use the following command to disable the ACL (WLC)>config acl cpu none
Cisco Confidential 2014 © All Rights Reserved
Page 34
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
Step5: Initiating a Lync AUDIO Call From your laptop which is provided to you have a MS-Lync client username /password as following then click Sign In
, open the application and enter
POD1 username =
[email protected] password =Cisco123 POD2 username =
[email protected] password =Cisco123 PODX username =
[email protected] password =Cisco123 where X is pod number
Once Signed In, in the search bar enter
[email protected] address to find the contact. To initiate a voice call click the greyed out phone icon button appearing at the bottom of the contact screen.
Cisco Confidential 2014 © All Rights Reserved
Page 35
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
[email protected] is your lab proctors account ask one of the proctors to receive a call. Once the connection is made you will see the guy in the hat (forgot to bring it to Amsterdam)
To monitor the call navigate to MONITOR->Lync SDN->Active Calls and you should be able to see the lync-call status
Cisco Confidential 2014 © All Rights Reserved
Page 36
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
While the call is on, start the camera and check that the call is upgraded to Video call:
Note: In this demo code Clicking the index number would not reveal any call details as these changes are not integrated for this demo build, that’s just an empty template we are showing for Demo. But these values will be there in the official release.
Once the call is ended there is an option to see the call stats like MOS value and jitter under MONITORLync->History Calls.
Cisco Confidential 2014 © All Rights Reserved
Page 37
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
The call history details are not available on the GUI in this demo code but will be available in the official release. For now you can view historical call details from WLC cli through following show command Show lync-sdn history-calls detail
Cisco Confidential 2014 © All Rights Reserved
Page 38
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
Section 5: FlexConnect AVC (local Switching) How AVC Works
AVC on FlexConnect AP
Cisco Confidential 2014 © All Rights Reserved
Page 39
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
Step1: Configure WLAN for Local Switching 1-‐ To configure the WLAN to perform local switching go to WLC main menu WLANs. Select the WLAN on which you want to enable local switching (PODx-PSK for the lab). From Advanced tab scroll down to FlexConnect parameters and Enable ‘FlexConnect Local Switching’ by checking the box. Then hit ‘Apply’
Step2: Configure AP mode and Add AP to FlexConnect Group 1- Convert the PODx-AP to FlexConnect mode. Go to WIRELESS click on the AP name which you want to convert to FlexConnect and from General tab select AP Mode to FlexConnect and click ‘Apply’
2- When the AP converts to Flexconnect you will be able to see the Flexconnect tab. From FlexConnect tab enable VLAN Support and set Native VLAN ID to your individual POD management VLAN e.g. POD1 =VLAN 10, POD2 =VLAN 20, PODX = VLAN X0 (where x is the pod number). Then hit ‘Apply’
Cisco Confidential 2014 © All Rights Reserved
Page 40
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
3- Go back to FlexConnect tab and click on to VLAN Mappings button.
4- Under WLAN VLAN Mapping configure the VLAN ID to VLAN X1 which will be the locally switched VLAN (e.g POD1=VLAN11, POD2=VLAN21…PODX=VLANX1)
5- Now create a FlexConnect group by going to WLC main menu WIRELESS->FlexConnect Groups click ‘New’
Cisco Confidential 2014 © All Rights Reserved
Page 41
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
6- Assign a name to FlexConnect Group PodX-flex and click ‘Apply’ or you can use any intuitive name to assign it to your individual pod.
7- Under the General tab ‘Enable’ Application Visibility then add FlexConnect AP to the group by checking the box ‘Select Aps from current controller’. The AP will appear under ‘AP Name’ drop down list then click the ‘Add AP’ button and hit ‘Apply’ Note: Under Application Visibility we have three different options ‘Wlan Specific/Enable/Disable’ for the purpose of the lab we are just using ‘Enable’ option. FlexConnect Group specific AVC configuration takes precedence over WLAN AVC configuration
8-The AP should appear as being added to the group.
Cisco Confidential 2014 © All Rights Reserved
Page 42
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
9-‐ Associate a client to this WLAN (PODx-PSK), once connected verify that the client gets an IP address from a local switched VLAN X1 (i.e. VLAN 11=10.10.11.0/24 for POD1, VLAN 21=10.10.21.0/24 for POD2…VLANX1 for PODX *where X is the Pod number) you can check this by going to client’s detail from WLC Monitor->Clients then click on the clients MAC address. Below example is of a client associated to WLAN POD6-PSK
10- Once the client is in run state and able to pass traffic browse to different websites (YouTube, Google, Facebook, etc.) or run different applications so the client pass the data traffic. To see the application visibility stats go to the WLC main menu Monitor->Applications->FlexConnect>FlexConnect Group click on the group name
Cisco Confidential 2014 © All Rights Reserved
Page 43
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
You will be able to see Application statistics under the Aggregate tab. The stats can be viewed for Max of 30 records and by default it is set to 10.
The above application stats are per FlexConnect group, you can also monitor application visibility per client as well. On the same page click on the Clients under Applications->FlexConnect->FlexConnect Groups->Clients then click on the client mac add
Cisco Confidential 2014 © All Rights Reserved
Page 44
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
Summary •
FlexConnect Group specific AVC configuration takes precedence over WLAN AVC config
•
No AP Specific AVC configuration.
•
WLAN AVC configuration will be pushed to Flex APs where WLAN is broadcast
Cisco Confidential 2014 © All Rights Reserved
Page 45
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
Section 6: Universal Domain AP The aim of introducing Universal SKU AP is to address the worldwide regulatory compliance requirement based on geo-location of the Cisco Wireless Access Points. Solution will collapse all current regulatory domains into a single SKU Access Points. This will be applicable only to newer -UX PIDs introduced and will not affect existing APs that are preconfigured with a specific regulatory configuration. Universal Access Point would be configured to correct Regulatory Domain in two phases Manual Identification (Through Cisco AirProvision App) Automatic Identification (Through NDP propagation) Manual Identification • Smart Phone based solution( Cisco AirProvision app) communicates with Universal Access Point on a secure channel. • For new installations user needs to prime at least one AP in the RF neighborhood by Manual Identification method • AP’s primed at a different country/reg. domain will rely on Manual identification to automatically correct country configuration • Upon failure of Automatic identification, Universal AP will fallback to Manual identification Automatic Identification • The process relies on Cisco Infrastructure to identify and apply Reg. Domain and Country configurations • Cisco proprietary Neighbor Discovery mechanism identifies secure Cisco Universal APs in the RF neighborhood • Universal AP learns domain configurations from the adjacent neighbor’s 802.11 beacons frame and filters invalid and malicious rogues • Adjacent Universal APs will have NDP propagation flag set that will be used to propagate valid country and reg. domain to the rest of the APs
Cisco Confidential 2014 © All Rights Reserved
Page 46
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
Step1: Associating Universal AP to WLC Universal AP doesn’t require any particular configurations on WLC to allow Universal AP to associate. Connect the universal SKU AP (AP2700 in the lab) to the POD-Switch Port 4, once the AP has joined the controller and downloaded the code, you can check the AP model and SKU by going to WIRELESS tab from WLC main menu bar. There are two APs on your pod AP2700 and AP3700 disable AP3700 before starting this portion of the lab. Also, make sure that you have assign
For the this lab exercise configure the AP2700 name according to your pods as PODx-AP2700UX if not already configured (where X is the POD number) by going to AP General tab. Also, prime it to your WLC, under High Availability tab assign your primary controller as your PODWLC name (PODx-WLC) and ip address 10.10.X0.2 then click ‘Apply’.
Note: You will see the APs LED blinking red and green even though the AP has obtained the ip address and joined the controller. This is because there is no regulatory domain set on the AP and it has not been primed with the correct domain. To check if the AP is not already primed for a specific country domain, Click on the AP Name and under Advanced tab the Regulatory Domains shows –UX for both radios. Notice that the ‘Country Code’ is also showing ‘UX’ and Universal Prime Status set to ‘Unprimed’
Cisco Confidential 2014 © All Rights Reserved
Page 47
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
NOTE: You can configure multiple country domains on the WLC as well to test the AP join. As it’s a Universal SKU AP (-UXK9) it should join the WLC regardless of the country domain set on the WLC. But for the lab we are using country domain as US (In the lab if you see that the AP is already primed (then just clear the AP configuration and once the AP joins back to WLC it should have country code as UX and status as Unprimed)
Step 2: WLAN Configuration Now to configure a WLAN through which an administrator can prime the AP to a correct regulatory domain go to WLAN->Advanced tab and scroll down to Universal Admin Support and enable ‘Universal Admin’ by checking the box and click ‘Apply’ Make sure that the WLAN should have the security set to PSK or 802.1x as open authentication WLAN won’t allow universal admin support.
Cisco Confidential 2014 © All Rights Reserved
Page 48
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
Step3 : SmartPhone Application (AirProvision App) SmartPhone Application to migrate Universal AP into correct regulatory domain is supported on following versions of SmartPhone Operating Systems • • •
Android Jelly Bean 4.3 or higher Apple iOS 7.0 or higher Windows Mobile OS 8.0
Currently, the AirProvision App is in a pilot program and not available to everyone. This limit will be taken off soon. For this lab exercise please ask the proctor for a phone once you reach this portion of the lab and return back the phone once you are done configuring the UX -AP. Air Provision App installation steps: 1- To get the app, type in cs.co/estore from your mobile device browser and it will open the following page you can install the app from there. Note: If you already have AirProvision app installed on your phone, please update that to the latest version 1.3 as there are some bugs in the older version.
Cisco Confidential 2014 © All Rights Reserved
Page 49
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
2- Open the app and it will take you cisco CCO login page
3- use your CCO credentials to sign in
Cisco Confidential 2014 © All Rights Reserved
Page 50
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
4- You can Log in with CCO credentials and access the estore app. Now go to All Apps 5- Select the AirProvision and install this App.
Cisco Confidential 2014 © All Rights Reserved
Page 51
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
Step 4:Configuring Universal AP through Airprovision App 1- Connect the client (iPhone or Android phone) to the universal admin enabled SSID PodX-PSK. Make sure the client associates to AP on 2.4GHz radio (its by design because the 2.4 channel is consistent through different domains) 2- Open the Airprovision app and it will ask for the username /password. Enter your CCO or CEC credentials and login. Also enable location services for the app
Cisco Confidential 2014 © All Rights Reserved
Page 52
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
3- When the location service is enabled, it will take you to the universal AP login where username and password shows up as default. User cannot change these credentials just press Log In. If you have an Android phone please refer to point 6 of this section
It will show AP configuration page where you can see Configure and Audit tabs. This provides the status of the universal AP as shown below. Currently, the AP is not provisioned so it states the following under configure and Audit tab AP Provision = No 2.4 GHz= -UX 5 GHz= -UX Configured Country= UX
Cisco Confidential 2014 © All Rights Reserved
Page 53
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
4- Now press Configure button at the bottom of the screen.
5- The AP will reboot and join back with the regulatory domain it has received through the GPS /Location services. You can check that by going to the WIRELESS->AP Name->Advanced tab and now the Regulatory Domain is changed from –UX to –A which is the correct regulatory domain. Also, the country code should say US and as the AP is primed through the app the Universal Prime status shows Web App.
Cisco Confidential 2014 © All Rights Reserved
Page 54
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
Also, you can insure this by connecting the client (iphone or Android phone) to the universal admin enabled SSID (POD6-PSK in my setup) and then login to the Airproviosion app you will see that the Universal AP is configured correctly as follow AP Provision = Yes 2.4 GHz= -A 5 GHz= -A Configured Country= US
Note: Once the AP is primed with the correct domain the NDP will be used to propagate valid country and reg. domain to the rest of the Universal domain APs on the network. As we do not have more Universal APs available in the lab we are not showcasing that feature but following would have been seen if you have other UX APs in your network.
Cisco Confidential 2014 © All Rights Reserved
Page 55
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
6- Airprovioning through Android Phone From the an Android phone the App behaves little different i.e once you open the Airprovision App it asks for CCO credentials then to connect to the universal admin enabled SSID from the list of discovered SSIDs. Once you connect to the SSID then the procedure is pretty much the same as with iPhone.
Cisco Confidential 2014 © All Rights Reserved
Page 56
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
Cisco Confidential 2014 © All Rights Reserved
Page 57
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
Appendix- Day 0/1 setup Day 0 Checklist Configuration Checklist The following checklist will help to make the installation process easier, as you will use when using the GUI wizard to configure the WLC. While most of the information from the list is mandatory, there is some information that is also optional (*). Please take a moment to learn the Lab Diagram above and the tables with WLC configurations for your specific PodX and then record the information below or directly into the Day 0/1 setup Day-0 configuration screens. 1. Network switch requirement (see above reference for switch configuration example) a. WLC switch port number assigned WLC assigned switch port: __________________ b. Is the switch port configured as trunk? c. Is there a management VLAN? Management VLAN id: __________________ d. Is there a guest VLAN? Guest VLAN id: __________________* 2. WLC Settings a. New admin account name: __________________ b. Admin account password __________________ c. System name for the WLC __________________ d. The current time zone __________________* e. Is there a NTP server available? NTP server IP address: __________________* f. Management networking: IP address __________________ Subnet mask __________________ Default gateway __________________ g. Management VLAN id (use 1c) __________________ 3. Corporate Wireless Network a. Corporate wireless name/SSID __________________* b. Is a RADIUS server required (Enterprise)? If NO (WPA/WPA2 Personal)
Cisco Confidential 2014 © All Rights Reserved
(Y / N) (Y / N) (Y / N) (Y / N)*
(Y / N)*
(Y / N)
Page 58
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
Corporate passphrase (PSK)__________________ If YES (WPA/WPA2 Enterprise) RADIUS server IP address: __________________ RADIUS shared secret __________________ c. Is a DHCP server known? DHCP server IP address: __________________* 4. Guest Wireless Network - skip to 5 if not required. a. Guest wireless name/SSID __________________ b. Is a password required for guest? If NO – skip to 4c. If YES Guest passphrase (PSK): __________________ c. Guest VLAN id (use 1d) __________________ d. Guest networking IP address __________________ Subnet mask __________________ Default gateway __________________
(Y / N)*
(Y / N)
5. End of checklist, continue to WLC installation.
Cisco Confidential 2014 © All Rights Reserved
Page 59
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
Reference Only: NOT part of the lab as WLC2504 doesn’t support EoGRE tunnel
EoGRE Ethernet over GRE (EoGRE) is a new aggregation solution for aggregating WiFi traffic from hotspots. This solution enables customer premises equipment (CPE) devices to bridge the Ethernet traffic coming from an end host, and encapsulate the traffic in Ethernet packets over an IP GRE tunnel. When the IP GRE tunnels are terminated on a service provider broadband network gateway, the end host’s traffic is terminated and subscriber sessions are initiated for the end host. In our lab setup we are using ASR1K as a tunnel gateway.
CAPWAP Cntrl
CAPWAP Data
EoGRE
WLC
Tunnel Gateway (TGW) – ASR1K
1. To demonstrate EoGRE feature we will create another SSID, from WLC main menu go to WLANs and Click the Go button. Create a WLAN with naming convention as “POD-EoGRE”. Map this WLAN to management interface with Security set to ‘None’
Cisco Confidential 2014 © All Rights Reserved
Page 60
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
Basic EoGRE tunnel configuration
Currently, the EoGRE configuration is only available through CLI. Login to your POD WLC console or telnet to the WLC from the wired Laptop then execute the following commands. Step 1: Assign a Tunnel Gateway Address: (WLC)>config tunnel eogre tgw ipv4-address Cisco Confidential 2014 © All Rights Reserved
Page 61
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
(WLC)>config tunnel eogre tgw add ASR1K ipv4-address 10.10.200.5
Step2: Create Tunnel Profile: (WLC)>config tunnel profile create podX
//where X is the POD number//
Step3: Create/ Define Tunnel Profile Rule: (WLC)>config tunnel profile rule add podX nai-filter (WLC)>config tunnel profile rule add podX nai-filter * eogre vlan 0 ASR1K Step4: Add /Associate Tunnel Profile to the WLAN: From the WLC GUI go to the WLAN on which you are enabling EoGRE (PODx-EoGRE) now under Advanced->Tunnel Profile and select your podx profile.
To verify and check if the tunnel is properly configured on the WLC run the following Show commands (WLC)> show tunnel eogre gateway summary
Cisco Confidential 2014 © All Rights Reserved
Page 62
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
(WLC)> show tunnel profile summary
In this lab exercise the ASR1K is pre-configured for EoGRE tunnel and a DHCP pool. For your reference the tunnel configuration on ASR1K which is as follows
Now connect a wireless client to the SSID PODX-EoGRE you should get an ip address from 10.55.55.0 subnet, which is configured on the ASR1K.
Cisco Confidential 2014 © All Rights Reserved
Page 63
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
You can also verify that the client is associated through EoGRE tunnel by running show client detail command on your POD WLC
Cisco Confidential 2014 © All Rights Reserved
Page 64
B N Mobility -‐ CUWN 8.1 Features Lab – ver1
Cisco Confidential 2014 © All Rights Reserved
Page 65
