Cisco Wireless Training
1. Cisco Wireless Architecture Agenda 2. 단독형 AP 설정 3. AP Image Converting & 컨트롤러형 AP 설정 4. WLC 설정
1. Cisco Wireless Architecture Agenda 2. 단독형 AP 설정 3. AP Image Converting & 컨트롤러형 AP 설정 4. WLC 설정
1. Cisco Wireless Architecture - Radio 의종류와속도 IEEE802.11b IEEE802.11g IEEE802.11a IEEE802.11n IEEE802.11ac 주파수대역 2.4Ghz 2.4Ghz 5Ghz 2.4Ghz / 5Ghz 2.4Ghz / 5Ghz 전송속도 11 Mbps 54Mbps 54Mbps 300Mbps 1.3Gbps - 채널설정 2.4 Ghz 5 Ghz 비중첩채널은 1, 6, 11 AP 밀도가높은지역은 4 개채널로도구성 1, 4, 8, 11
1. Cisco Wireless Architecture - WLC Architecture 단독형분산형중앙집중형컨버지드억세스 WAN Standalone APs Traffic Distributed at AP Traffic Centralized at Controller Traffic Distributed at Switch 포지셔닝소규모무선네트워크다수지점환경일반캠퍼스환경지점혹은캠퍼스환경 Purchase Decision 무선무선무선유선 / 무선 Benefits Simple and cost-effective for small networks Highly scalable for large number of remote branches Simple wireless operations with DC hosted controller Simplified operations with centralized control for Wireless Wireless Traffic visibility at the controller Wired and Wireless common operations One Enforcement Point One OS (IOS) Traffic visibility at every network layer Performance optimized for 11ac Key Considerations Limited RRM, no Rogue detection L2 roaming only WAN BW and latency requirements System throughput Catalyst 3850/3650 in the access layer
1. Cisco Wireless Architecture - WLC Architecture Local mode - 중앙집중방식 인터넷 - WLC 가다운되면모든 AP 가다운됨 BackBone Controller CAPWAP Tunnel AP DATA 및 Control traffic
1. Cisco Wireless Architecture - WLC Architecture Flex Connect mode
1. Cisco Wireless Architecture - Cisco AP 및 WLC 라인업 http://www.cisco.com/c/en/us/products/wireless/buyers-guide.html#~indoor,
1. Cisco Wireless Architecture Agenda 2. 단독형 AP 설정 3. AP Image Converting & 컨트롤러형 AP 설정 4. WLC 설정
2. 단독형 AP 설정 Console 접근 Console 연결후터미널프로그램실행 아래의값으로입력후연결
2. 단독형 AP 설정 터미널로접속되면아래와같이관리 IP 를설정 ap>en : 글로벌설정모드진입 Password: : Cisco ( 대소문자구분 ) ap#conf t : 설정모드로진입 Enter configuration commands, one per line. End with CNTL/Z. ap(config)# ap(config)#interface bvi1 : 관리인터페이스로진입 ap(config-if)# ap(config-if)#ip address 10.0.0.1 255.255.255.0 : IP 설정 ap(config)#ip default-gateway 10.0.0.254 : Gateway 설정 ap(config-if)#no shutdown : port shutdown 해제 ap(config-if)# *Dec 19 02:51:42.716: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to up *Dec 19 02:51:44.716: %LINK-3-UPDOWN: Interface BVI1, changed state to up *Dec 19 02:51:45.716: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up ap(config-if)#^z : Ctrl + z 시글로벌설정모드로바로나옴 ap#write memory : 설정저장 Building configuration... [OK] ap#
2. 단독형 AP 설정 Web 접근 cisco Cisco
2. 단독형 AP 설정 SSID 생성 사용할 SSID 입력 Security 탭의 SSID Manager 로접근 사용할 Radio 선택
2. 단독형 AP 설정 Beacon 선택 클릭 생성한 SSID 를선택 생성한 SSID 를선택 SSID 생성시 Radio 를하나만선택하면선택한 Radio 만 Beacon 선택가능 Beacon 을선택하지않으면 Client 에서생성한 SSID 가보이지않음
2. 단독형 AP 설정 암호화방식선택 Encryption manager 로접근 Cipher 선택후 AES CCMP + TKIP
2. 단독형 AP 설정 WPA 설정 ( 생성한 SSID 의암호설정 ) SSID manager 로접근 Mandatory WPAv2 사용할 Password 설정 (8 자리이상 ) Password 가 8 자리이상사용해야 802.11n 사용가능
2. 단독형 AP 설정 Radio Enable Enable Network Interfaces 로접근 다른 Radio 도동일한방법으로 Enable SSID 가하나라도생성되지않으면 Enable 되지않음
2. 단독형 AP 설정 여기까지셋팅하셨으면기본적인무선랜셋팅은완료 지금핸드폰이나노트북에서 Test 라는 SSID 가확인되시죠 ~?
2. 단독형 AP 설정 채널확인 inssider 라는프로그램을통해주변무선환경을측정 중첩되지않는채널로변경
2. 단독형 AP 설정 채널변경 중첩되지않는 6 번채널로변경 클라이언트가접속되어있는상태에서채널을변경하면모든클라이언트가접속이끊어진다. 초기무선랜설계시 AP 위치를파악하고중첩되지않는채널을잘설계해야한다. 채널중첩시무선랜속도저하및클라이언트접속이되지않는현상이발생한다.
1. Cisco Wireless Architecture Agenda 2. 단독형 AP 설정 3. AP Image Converting & 컨트롤러형 AP 설정 4. WLC 설정
3. AP Image Converting & 컨트롤러형 AP 설정 단독형에서컨트롤러형으로변환하는방법 - AP와 PC간 1:1 연결후 PC에서 TFTP Server 실행 - TFTP Server 폴더에해당장비의 contoller형이미지를넣어둠 - CLI에서아래의명령어입력 AP#archive download-sw /overwrite /force-reload tftp://tftp서버 IP/OS 파일명 ( 확장자까지 ) - 명령어입력후 TFTP에서파일전송이시작된다 컨트롤러형에서단독형으로변환하는방법 - 다운로드한 IOS 소프트웨어를 c[ 모델명 ]-k9w7-tar.default 으로파일명을변경함 Ex) c1100-k9w7-tar.default,c1130-k9w7-tar.default, c1200-k9w7-tar.default 등 ) - TFTP 프로그램이설치되어있는 PC 를 10.0.0.2-50 사이의 IP 로설정함 - AP 의 Reset 버튼을누른채전원을킴 ( 버튼을 LED 가빨간색이될때까지약 30 초간계속눌러줌 ) - AP 가 Recovery Mode 로 (10.0.0.1) 설정되고 Default IOS 이미지를 TFTP 로부터다운로드
3. AP Image Converting & 컨트롤러형 AP 설정 단독형에서컨트롤러형으로변환 ap3g2-k9w7-tar.152-2.jb.tar ap3g2-k9w8-tar.152-2.jb.tar : k9w7 일경우단독형 OS : k9w8 일경우컨트롤러형 OS
3. AP Image Converting & 컨트롤러형 AP 설정 컨트롤러형으로변환후 Username: cisco *Mar 1 00:00:55.111: Logging LWAPP message to 255.255.255.255. Password: AP0006.f63c.f183>en Password: AP0006.f63c.f183# AP0006.f63c.f183# AP0006.f63c.f183# AP0006.f63c.f183# AP0006.f63c.f183# AP0006.f63c.f183#sh ver Cisco IOS Software, C3600 Software (AP3G2-K9W8-M), Version 15.2(2)JB, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2012 by Cisco Systems, Inc. Compiled Mon 10-Dec-12 23:52 by prod_rel_team ROM: Bootstrap program is C3600 boot loader BOOTLDR: C3600 Boot Loader (AP3G2-BOOT-M) LoaderVersion 12.4(25e)JAY, RELEASE SOFTWARE (fc1) AP0006.f63c.f183 uptime is 2 minutes System returned to ROM by power-on System image file is "flash:/ap3g2-k9w8-mx.152-2.jb/ap3g2-k9w8-xx.152-2.jb" Last reload reason: 변환이완료되면단독형이였을때프롬프트가 ap> 에서 AP0006.f63c.f18> mac 주소로변하게됨 Show version 으로 system image file 을확인
3. AP Image Converting & 컨트롤러형 AP 설정 IP, GW, WLC IP Setting AP0006.f63c.f183#capwap ap ip address 10.0.0.1 255.255.255.0 You should configure Domain and Name Server from controller CLI/GUI. AP0006.f63c.f183# AP0006.f63c.f183#capwap ap ip default-gateway 10.0.0.254 AP0006.f63c.f183# AP0006.f63c.f183#capwap ap controller ip address 10.0.0.253 AP0006.f63c.f183# AP0006.f63c.f183#sh capwap ip config : AP의 IP 셋팅 : Gateway 셋팅 : WLC IP 셋팅 : 셋팅확인 LWAPP Static IP Configuration IP Address 10.0.0.1 IP netmask 255.255.255.0 Default Gateway 10.0.0.254 Primary Controller 10.0.0.253 AP0006.f63c.f183# 컨트롤러 AP 에서의셋팅은 IP 셋팅외엔없음 별도의셋팅저장은없음 ( 셋팅값을입력하면자동저장됨 ) WLC 와 join 이되지않으면계속해서 Search 하다가계속재부팅함
1. Cisco Wireless Architecture Agenda 2. 단독형 AP 설정 3. AP Image Converting & 컨트롤러형 AP 설정 4. WLC 설정
WLC & AP Basic Positioning 방화벽 백본스위치 WLC2504 PoE 스위치 AP
테스트구성도 2960S WLC2504 10.0.0.254 Trunk Port 2 번 Trunk Port 1 번 Trunk Port 1 번 10.0.0.253 IP Range Management : 10.0.0.1/24 Gateway : 10.0.0.254 VLAN ID : 10 10.0.0.1 Service : 192.168.10.1/24 Gateway : 192.168.10.254 VLAN ID : 20 AP2602i Work : 172.16.10.1/24 Gateway : 172.16.10.254 VLAN ID : 30
WLC 초기부팅시 Auto install Would you like to terminate autoinstall? [yes]: AUTO-INSTALL: starting now... System Name [Cisco_27:2d:44] (31 characters max): WLC2504 AUTO-INSTALL: no interfaces registered. AUTO-INSTALL: process terminated -- no configuration loaded : 장비의이름 Enter Administrative User Name (24 characters max): cisco : 장비접속 username Enter Administrative Password (3 to 24 characters): ********* : 장비접속 password Re-enter Administrative Password : ********* : password 확인 Enable Link Aggregation (LAG) [yes][no]: no Management Interface IP Address: 10.0.0.253 Management Interface Netmask: 255.255.255.0 Management Interface Default Router: 10.0.0.254 Management Interface VLAN Identifier (0 = untagged): Management Interface Port Num [1 to 4]: 1 Management Interface DHCP Server IP Address: 10.0.0.254 Virtual Gateway IP Address: 1.1.1.1 Multicast IP Address: 239.0.0.1 : WLC port를 LACP Port로구성할것인가 : 매니지먼트포트 IP 셋팅 : 매니지먼트포트넷마스크셋팅 : 매니지먼트 VLAN ID : 매니지먼트포트넘버 : DHCP 서버 IP : 가상게이트웨이주소 : 멀티캐스트 IP 주소 Mobility/RF Group Name: CUWN Network Name (SSID): Test_2 : 사용할 SSID Configure DHCP Bridging Mode [yes][no]: no
WLC 초기부팅시 Auto install Allow Static IP Addresses [YES][no]: yes : Static IP 사용유무 Configure a RADIUS Server now? [YES][no]: no Warning! The default WLAN security policy requires a RADIUS server. Please see documentation for more details. Enter Country Code list (enter 'help' for a list of countries) [US]: KE Enable 802.11b Network [YES][no]: yes Enable 802.11a Network [YES][no]: yes Enable 802.11g Network [YES][no]: yes Enable Auto-RF [YES][no]: yes : 국가코드선택 (KR or KE) : KE 로해야 5Ghz 대역을더사용할수있음 Configure a NTP server now? [YES][no]: no Configure the system time now? [YES][no]: no Warning! No AP will come up unless the time is set. Please see documentation for more details. Would you like to configure IPv6 parameters[yes][no]: no Configuration correct? If yes, system will save it and reset. [yes][no]: yes Cleaning up DHCP server configuration Configuration saved! Resetting system with new configuration... Restarting system. 초기셋업이완료되고재부팅이된다.
Switch Setup (VLAN) Switch> Switch>en Switch#conf t Switch(config)#vlan 10 Switch(config-vlan)#name Mgmt Switch(config-vlan)#vlan 20 Switch(config-vlan)#name Service Switch(config-vlan)#vlan 30 Switch(config-vlan)#name Work Switch(config-vlan)#exit Switch(config)# Switch(config)# Switch(config)#interface vlan 10 Switch(config-if)#ip address 10.0.0.254 255.255.255.0 Switch(config-if)#no shutdown Switch(config-if)#exit Switch(config-if)# Switch(config)#interface vlan 20 Switch(config-if)#ip address 192.168.10.254 255.255.255.0 Switch(config-if)#no shutdown Switch(config-if)#exit Switch(config)# Switch(config)#interface vlan 30 Switch(config-if)#ip address 172.16.10.254 255.255.255.0 Switch(config-if)#no shutdown Switch(config-if)#exit Switch(config)# Switch(config)# : VLAN10 생성 : VLAN Name 설정 : VLAN20 생성 : VLAN Name 설정 : VLAN30 생성 : VLAN Name 설정 : 가상인터페이스 VLAN10 생성 : IP 설정 : Port Down 해제 : 가상인터페이스 VLAN20 생성 : IP 설정 : Port Down 해제 : 가상인터페이스 VLAN30 생성 : IP 설정 : Port Down 해제
Switch Setup (Port) Switch(config)# Switch(config)#interface gigabitethernet gi1/0/1 Switch(config-if)#switchport mode trunk Switch(config-if)#switchport trunk allowed vlan 10,20,30 Switch(config-if)#switchport trunk native vlan 10 Switch(config)#no shutdown Switch(config-if)#exit Switch(config)# Switch(config)#interface gigabitethernet 1/0/2 Switch(config-if)#switchport mode trunk Switch(config-if)#switchport trunk allowed vlan 10,20,30 Switch(config-if)#switchport trunk native vlan 10 Switch(config)#no shutdown Switch(config-if)#exit : WLC와연결될포트로진입 : Port mode를 Trunk로설정 : Trunk port로통신될수있는 VLAN만지정 : Tag 되지않은프레임이올때인식할 native VLAN 설정 : Port Down 해제 : AP가연결된포트로진입 : Port mode를 Trunk로설정 : Trunk port로통신될수있는 VLAN만지정 : Tag 되지않은프레임이올때인식할 native VLAN 설정 : Port Down 해제
AP Join 확인 AP0006.f63c.f183#ping 10.0.0.253 Sending 5, 100-byte ICMP Echos to 10.0.0.253, timeout is 2 seconds:!!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms AP0006.f63c.f183# AP0006.f63c.f183# Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255) *Jan 20 19:57:41.907: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROLLER *Jan 20 19:57:51.907: %CAPWAP-3-ERRORLOG: Go join a capwap controller examining image...! extracting info (283 bytes) Image info: Version Suffix: k9w8-.153-3.ja Image Name: ap3g2-k9w8-mx.153-3.ja Version Directory: ap3g2-k9w8-mx.153-3.ja Ios Image Size: 225792 Total Image Size: 13455872 Image Feature: WIRELESS LAN LWAPP Image Family: AP3G2 Wireless Switch Management Version: 8.0.100.0 Extracting files... ap3g2-k9w8-mx.153-3.ja/ (directory) 0 (bytes) extracting ap3g2-k9w8-mx.153-3.ja/v2.bin (12826 bytes)! extracting ap3g2-k9w8-mx.153-3.ja/y2.bin (5830 bytes) extracting ap3g2-k9w8-mx.153-3.ja/file_hashes (7254 bytes)! extracting ap3g2-k9w8-mx.153-3.ja/8004.img (561134 bytes) *Oct 22 21:41:51.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.0.0.253 peer_port: 5246 *Oct 22 21:41:51.611: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.0.0.253 peer_port: 5246 *Oct 22 21:41:51.611: %CAPWAP-5-SENDJOIN: sending Join Request to 10.0.0.253perform archive download!!!capwap:/ap3g2 tar file *Oct 22 21:41:51.615: %CAPWAP-6-AP_IMG_DWNLD: Required image not found on AP. Downloading image from Controller. *Oct 22 21:41:51.619: Loading file /ap3g2...
WLC 에서 AP Join 확인 (CLI) (Cisco Controller) >show ap summary Number of APs... 1 Global AP User Name... Not Configured Global AP Dot1x User Name... Not Configured AP Name Slots AP Model Ethernet MAC Location Country IP Address Clients ------------------ ----- -------------------- ----------------- ---------------- ------- --------------- ------- AP0006.f63c.f183 2 AIR-CAP2602I-K-K9 00:06:f6:3c:f1:83 default location KE 10.0.0.1 0 (Cisco Controller) >
WLC 에서 AP Join 확인 (GUI) WLC 초기설정시셋팅한 Management IP 입력 창이열리지않을땐 htpps:// 로접근
WLC 에서 AP Join 확인 (GUI)
WLC Main menu
WLC Setup 순서 1 Controller Interface 생성 실제서비스할대역의가상인터페이스생성 2 WLAN 생성 서비스할 SSID 및암호생성 서비스할대역에맞춰생성한 Controller 가상인터페이스선택 3 AP Group 생성 복수개의 WLAN 생성시서비스할 AP 분류를위해 AP 그룹생성 4 AP Mode 선택및 AP Group 맵핑 서비스할 WLAN 이맵핑된 AP 그룹선택과 AP Mode 선택 (local, Flexconnect 등..)
Controller Interface 생성 클릭 CONTROLLER TAB -> Interfaces -> New 클릭하여가상인터페이스생성 가상인터페이스는서비스할대역의 IP Range 중선택
Controller Interface 생성 가상인터페이스의이름과 VLAN ID 셋팅
Controller Interface 생성 Port 선택 * LAG 모드시포트선택불필요 VLAN 20 의가상인터페이스 IP DHCP 서버 IP
Controller Interface 생성 서비스할 VLAN20,30 가상인터페이스생성
WLAN 생성 신규 WLAN 생성
WLAN 생성 생성할 SSID 입력
WLAN 생성 Radio Up 과같은개념 서비스할대역으로생성한가상인터페이스를선택
WLAN 생성 WPA+WPA2 선택 (default) 모두셋팅후 apply 암호인증방식을 PSK 로선택 8 자리이상암호입력
WLAN 생성 동일한방법으로 Test_Service 도생성 (Password 없음 )
AP Group 생성 Add Group 선택 AP 별로 SSID 를다르게가져가기위해서 AP Group 을생성 Group 을생성하지않으면기본적으로 default-group 에모든 AP 가속해있다
AP Group 생성 생성할 AP Group 명을입력후 Add
AP Group 생성 해당 Group 에서서비스할 WLAN(SSID) 선택 해당 WLAN 에속한 WLC 가상인터페이스선택
AP Group 생성 선택한 WLAN 이 Add 되었는지확인
AP Group 생성 동일한방법으로 Work Group 도생성
AP Mode 선택및 AP Group 맵핑 Join 된 AP 를선택
AP Mode 선택및 AP Group 맵핑 AP 이름변경
AP Mode 선택및 AP Group 맵핑 WLC Name 과 IP 입력
AP Mode 선택및 AP Group 맵핑 AP Group 선택 AP Group 을선택하면 AP 가재부팅되었다가다시연결되고 AP Group 에선택된 WLAN 의 SSID 만 Broadcast 를한다 이로써기본적인컨트롤러형 AP 셋팅은완료된다.
Flexconnect mode
Flexconnect mode 연결된스위치에셋팅한 Native Vlan ID 를입력
Flexconnect mode AP 가서비스하는 WLAN 으로진입후 Flexconnect local switching 을체크해준다 (Learn Client IP Address 는자동체크됨 ) 이후 CAPWAP 컨트롤트래픽을제외한모든트래픽은 WLC 를거치지않고 local switching 이됨