История страницы

...

Step

Description

Command

Keys

1

Configure local RADIUS server and enter its configuration mode.

wlc(config)# radius-server local

wlc(config-radius)#

2 Enable local RADIUS server. wlc(config-radius)# enable

3

Add NAS and enter its configuration mode.

wlc(config-radius)# nas <NAME>

wlc(config-radius-nas)#

<NAME> – NAS name, specified by a string of up to 235 characters.

4

Specify the authentication key.

wlc(config-radius-nas)# key ascii-text { <KEY> | encrypted <ENCRYPTED-KEY> }

<KEY> – a string of [4..64] ASCII characters;

<ENCRYPTED-KEY> – encrypted key, specified by a string of [8..128] characters.

5 Specify the network. wlc(config-radius-nas)# network <ADDR/LEN> <ADDR/LEN> – IP address and subnet mask, specified as AAA.BBB.CCC.DDD/EE, where each part of AAA – DDD takes values [0..255] and EE takes values [1..32].

6 Create a domain. wlc(config-radius)# domain <NAME> <NAME> – domain ID, specified by a string of up to 235 characters.

7

Configure virtual RADIUS server and enter its configuration mode.

wlc(config-radius)# virtual-server <NAME>

wlc(config-radius-vserver)#

<NAME> – virtual RADIUS server name, specified by a string of up to 235 characters.

8 Enable virtual RADIUS server. wlc(config-radius-vserver)# enable

9

Add RADIUS server to the list of used servers and enter server configuration mode.

wlc(config)# radius-server host
{ <IP-ADDR> | <IPV6-ADDR> }
[ vrf <VRF> ]

wlc(config-radius-server)#

<IP-ADDR> – RADIUS server IP address, specified as AAA.BBB.CCC.DDD, where each part takes values [0..255];

<IPV6-ADDR> – RADIUS server IPv6 address, specified as X:X:X:X::X, where each part takes values in HEX [0..FFFF];

<VRF> – VRF name, specified by a string of up to 31 characters.

10

Specify the authentication key.

wlc(config-radius-server)# key ascii-text { <KEY> | encrypted <ENCRYPTED-KEY> }

<KEY> – string of [4..64] ASCII characters;

<ENCRYPTED-KEY> – encrypted key, specified by a string of [8..128] characters.

11

Create AAA profile and enter its configuration mode.

wlc(config)# aaa radius-profile <NAME>

wlc(config-aaa-radius-profile)#

<NAME> – server profile name, specified by a string of up to 31 characters.

12

Specify RADIUS server in AAA profile.

wlc(config-aaa-radius-profile)# radius-server host
{ <IP-ADDR> | <IPV6-ADDR> }

<IP-ADDR> – RADIUS server IP address, specified as AAA.BBB.CCC.DDD, where each part takes values [0..255];

<IPV6-ADDR> – RADIUS server IPv6 address, specified as X:X:X:X::X, where each part takes values in HEX [0..FFFF].

13

Switch to SoftGRE controller configuration settings.

wlc(config)# softgre-controller

wlc(config-softgre-controller)#

14 Specify router IP address to be used as a source IP address in sent RADIUS packets. wlc(config-softgre-controller)# nas-ip-address <ADDR> <ADDR> – source IP address, specified as AAA.BBB.CCC.DDD, where each part takes values [0..255].

15

Set SoftGRE DATA tunnels configuration mode.

wlc(config-softgre-controller)# data-tunnel configuration { local | radius | wlc}

local – режим конфигурации, при котором параметры SoftGRE DATA туннелей получаются из локальной конфигурации маршрутизатора;

radius – режим, при котором параметры SoftGRE DATA туннелей запрашиваются у RADIUS-сервера;

wlc – режим, при котором параметры SoftGRE DATA туннелей запрашиваются у WLC.

16 Specify ААА profile. wlc(config-softgre-controller)# aaa radius-profile <NAME> <NAME> – server profile name, specified by a string of up to 31 characters.

17

Disable the exchange of ICMP messages that are used to check the availability of remote Wi-Fi tunnel gateway controller.

wlc(config-softgre-controller)# keepalive-disable

18

Allow traffic in user vlan.

wlc(config-softgre-controller)# service-vlan add {<VLAN-ID> | <LIST_ID> | <RANGE_ID> }

<VLAN-ID> – vlan number, in which the user traffic passes, takes values [2..4094];

<LIST_ID> – vlan list, comma-separated (1,2,3), takes values [2..4094];

<RANGE_ID> – vlan range, dash-separated (1-3), takes values [2..4094].

19

Enable Wi-Fi controller.

wlc(config-softgre-controller)# enable

20

Switch to SoftGRE tunnel settings.

wlc(config)# tunnel softgre <TUN>

<TUN> – device tunnel name.

21

Set SoftGRE tunnel operating mode.

wlc(config-softgre)# mode <MODE>

<MODE> – tunnel operating mode, possible options:

data – data mode;
management – management mode.

22

Set the local tunnel gateway IP address.

wlc(config-softgre)# local address <ADDR>

<ADDR> – local gateway IP address, specified as AAA.BBB.CCC.DDD, where each part takes values [0..255].

23

Enable the SoftGRE tunnel configuration use for automatic tunneks creations with the same mode and local address.

wlc(config-softgre)# default-profile

24 Enable tunnel. wlc(config-softgre)# enable

25

Switch to the controller configuration.

wlc(config)# wlc

26

Create a profile for access points general settings configuration.

wlc(config-wlc)# ap-profile <NAME>

wlc(config-wlc-ap-profile)#

<NAME> – profile name, specified by a string of up to 235 characters.

27

Set a password for access points connection.

wlc(config-wlc-ap-profile)# password ascii-text { <CLEAR-TEXT> | encrypted <HASH_SHA512> }

wlc(config-wlc-ap-profile)# exit

<CLEAR-TEXT> – password, specified by [8-64] characters.

<HASH_SHA512> – sha512 password hash, specified by [16-128] characters.

28

Create a configuration profile for the radio interface operating in the 2.4 GHz frequency range.

wlc(config-wlc)# radio-2g-profile <NAME>

<NAME> – profile name, specified by a string of up to 235 characters.

29

Configure the automatic channel bandwidth reduction mode when the airwaves are busy.

wlc(config-wlc-radio-2g-profile)# obss-coexistence {on | off}

on – automatic channel bandwidth reduction mode is enabled;

off – automatic channel bandwidth reduction mode is disabled;

30

Set the radio interface operation mode.

wlc(config-wlc-radio-2g-profile)# work-mode <WORK-MODE>

<WORK-MODE> – operation mode, possible options:

bg, nax, bgnax – for 2.4 GHz frequency range.

31

Set the channel list for dynamic channel selection.

wlc(config-wlc-radio-2g-profile)# limit-channels <CHANNEL>[,<CHANNEL>]

<CHANNEL> – number of the channel used, possible options:
For 2g channels chose from the bandwidth:
[1.. 13].

32

Set the channel bandwidth.

wlc(config-wlc-radio-2g-profile)# bandwidth <BANDWIDTH>

<BANDWIDTH> – channel bandwidth, possible options:

20;
40L;
40U.

33

Set the power level for radio interface.

wlc(config-wlc-radio-2g-profile)# tx-power {minimal | low | middle | high | maximal}

The possible values of the parameter, depending on the access point model, set the following power values in dBm:

	2.4 GHz
	min	low	middle	high	max
WEP-1L	11	12	14	15	16
WEP-2L	11	12	14	15	16
WOP-2L	11	12	14	15	16
WOP-20L	8	10	12	14	16
WEP-200L	4	7	10	13	16
WEP-30L	0	4	8	12	16
WOP-30L	0	4	8	12	16
WOP-30LS	0	3	6	9	11
WEP-3ax	6	8	11	14	16

34

Create a configuration profile for the radio interface operating in the 5 GHz frequency range.

wlc(config-wlc)# radio-5g-profile <NAME>

<NAME> – profile name, specified by a string of up to 235 characters.

35

Configure the automatic channel bandwidth reduction mode when the airwaves are busy.

wlc(config-wlc-radio-5g-profile)# obss-coexistence {on | off}

on – automatic channel bandwidth reduction mode is enabled;

off – automatic channel bandwidth reduction mode is disabled.

36

Set the radio interface operation mode.

wlc(config-wlc-radio-5g-profile)# work-mode <WORK-MODE>

<WORK-MODE> – operation mode, possible options:

anacax – for 5 GHz frequency range.

37

Set the channel list for dynamic channel selection.

wlc(config-wlc-radio-5g-profile)# limit-channels <CHANNEL>[,<CHANNEL>]

<CHANNEL> – number of the channel used, possible options:
For 5g each 4 channel chose from the bandwidth:
[36.. 64]
[100.. 144]
[149.. 165]

38

Set the channel bandwidth.

wlc(config-wlc-radio-5g-profile)# bandwidth <BANDWIDTH>

<BANDWIDTH> – channel bandwidth, possible options:

20;
40L;
40U;
80.

39

Set the power level for radio interface.

wlc(config-wlc-radio-5g-profile)# tx-power {minimal | low | middle | high | maximal}

The possible values of the parameter, depending on the access point model, set the following power values in dBm:

	5 GHz
	min	low	middle	high	max
WEP-1L	11	13	15	17	19
WEP-2L	11	13	15	17	19
WOP-2L	11	13	15	17	19
WOP-20L	11	13	15	17	19
WEP-200L	8	11	14	17	19
WEP-30L	0	5	10	15	19
WOP-30L	0	5	10	15	19
WOP-30LS	0	3	6	9	11
WEP-3ax	10	12	15	17	19

40

Set the dynamic frequency selection mode.

wlc(config-wlc-radio-5g-profile)# dfs {auto | disabled | forced}

auto — enabled;

disabled — disabled. DFS channels are not available for selection;

forced — disabled. DFS channels are available for selection.

41

Create a RADIUS server configuration profile.

wlc(config-wlc)# radius-profile <RADIUS-ID>

wlc(config-wlc-radius-profile)#

<RADIUS-ID> – RADIUS server ID, specified by a string of up to 235 characters.

42 Specify the RADIUS server IP address that is responsible for authentication. wlc(config-wlc-radius-profile)# auth-address <ADDR> <ADDR> – RADIUS server IP address, specified as AAA.BBB.CCC.DDD, where each part takes values [0..255].

43

Specify the RADIUS server password that is responsible for authentication.

wlc(config-wlc-radius-profile)# auth-password ascii-text { <CLEAR-TEXT> | encrypted <HASH_SHA512> }

<CLEAR-TEXT> – password, specified by [8-64] characters.

<HASH_SHA512> – sha512 password hash, specified by [16-128] characters.

44 Specify the domain. wlc(config-wlc-radius-profile)# domain <NAME> <NAME> – domain ID, specified by a string of up to 235 characters.

45

Create SSID configuration profile.

wlc(config-wlc)# ssid-profile <NAME>

wlc(config-wlc-ssid-profile)#

<NAME> – SSID profile name, specified by a string of up to 235 characters.

46

Set profile description.

wlc(config-wlc-ssid-profile)# description <DESCRIPTION>

<DESCRIPTION> – description, specified by a string of up to 255 characters.

47

Configure the frequency range in which the SSID will broadcast.

wlc(config-wlc-ssid-profile)# band <BAND>

<BAND> – frequency range, possible options:

2g;
5g.

48 Specify user vlan. wlc(config-wlc-ssid-profile)# vlan-id <ID> <ID> – vlan ID, takes values [0-4094].

49

Set the SSID connection security mode.

wlc(config-wlc-ssid-profile)# security-mode <MODE>

<MODE> – security mode, possible options:

WPA;
WPA2;
WPA2_1X;
WPA2_WPA3;
WPA2_WPA3_1X;
WPA3;
WPA3_1X;
WPA_1X;
WPA_WPA2;
WPA_WPA2_1X;
off.

WPA3 security mode is supported only on WEP-3ax, WEP-30L, WOP-30L, WOP-30LS access points.

If mixed security mode (e.g., WPA2_WPA3) is selected, WPA3 will be applied only to APs that support it, and the other APs will use the second mode (WPA2).

50 Specify the RADIUS server profile. wlc(config-wlc-ssid-profile)# radius-profile <RADIUS-ID> <RADIUS-ID> – RADIUS server ID, specified by a string of up to 235 characters.

51 Specify the SSID name that will broadcast to users. wlc(config-wlc-ssid-profile)# ssid <NAME> <NAME> – SSID name, specified by a string of up to 32 characters. Titles containing a space must be enclosed in quotation marks.

52 Enable SSID. wlc(config-wlc-ssid-profile)# enable

53

Create the location profile.

wlc(config-wlc)# ap-location <NAME>

wlc(config-wlc-ap-location)#

<NAME> – local configuration profile name , specified by a string of up to 235 characters.

54

Set profile description.

wlc(config-wlc-ap-location)# description <DESCRIPTION>

<DESCRIPTION> – description, specified by a string of up to 255 characters.

55

Specify the radio interface configuration profiles for the access points.

wlc(config-wlc-ap-location)# radio-5g-profile <NAME>

wlc(config-wlc-ap-location)# radio-2g-profile <NAME>

<NAME> – profile name, specified by a string of up to 235 characters.

56

Specify the general settings profile for the access points.

wlc(config-wlc-ap-location)# ap-profile <PROFILE-ID>

<PROFILE-ID> – profile ID, specified by a string of up to 235 characters and must match the name of the described profile from ap-profile.

57

Specify the SSID profile to be assigned to the access points.

wlc(config-wlc-ap-location)# ssid-profile <NAME>

<NAME> – SSID profile name, specified by a string of up to 235 characters.

58

Create an address space for accessing the controller.

wlc(config-wlc)# ip-pool <NAME>

wlc(config-wlc-ip-pool)#

<NAME> – address space name, specified by a string of up to 235 characters.

59

Specify the access points network.

wlc(config-wlc-ip-pool)# network <ADDR/LEN>

<ADDR/LEN> – IP address and network mask, specified as AAA.BBB.CCC.DDD/EE, where each part of AAA – DDD takes values [0..255] and EE takes values [1..32].

60

Specify the location profile name that is applied to the specified address space.

wlc(config-wlc-ip-pool)# ap-location <NAME>

<NAME> – location name, specified by a string of up to 235 characters.

61

Switch to the service activator settings.

wlc(config-wlc)# service-activator

wlc(config-wlc-service-activator)#

62

Configure automatic registration of access points on the controller.

wlc(config-wlc-service-activator)# aps join auto

63 Specify the controller IP address that is visible for access points. wlc(config-wlc)# outside-address <ADDR> <ADDR> – controller IP address, specified as AAA.BBB.CCC.DDD, where each part takes values [0..255].

64 Enable the controller. wlc(config-wlc)# enable

...

Дерево страниц

Сравнение версий

Старая версия 1

Новая версия 2

Ключ