Trn M Phc tranmyphuc1988@gmail.

com

Cu hnh M hnh mng c dng thm

Wlan Controller
I./ Mng khng dy pht trin nh vo nhu cu ca con ngi !!!
Yu cu ca doanh nghip dnh cho 1 nh trin khai v thit k mng nh sau :
1) Anh ta rt ght s b bn v vng vu ca mng c dy v quan trng hn ht , anh y mun mi lc
mi ni u c th truy cp d liu ca cng ty v vo c internet. (lu l trong phm vi ti a c
th c )
1.1 ) Nu nh doanh nghip y nh , khng yu cu nhiu lm v tc v khong cch qun tr
khng xa lm , ta c th trin khai mt mng Adhoc (C 2 cch lm , chng ta s tho lun bi
sau). Yu cu ti thiu v duy nht : ch cn 1 my c 2 card mng : card Lan i internet v
Wireless Card.+ h thng mng gm cc PC c Wireless Card.
1.2 ) Doanh nghip y va v nhu cu m rng , chnh sch qun tr h thng khng cao lm , ta c th
gii thiu cho h , m hnh n gin sau : gm 1 Access Point (AP) + h thng my tnh c card
wireless (ti a nn dng l 15 my) +( mt sever ACS gn vo cng fa0 ca AP bo mt ).
Ngoi ra , ta cng c th dng nhng phng php bo mt nh Filter Mac, Wep,Wap .ngay
trn AP. (Chng ta s ni v vn ny bi sau). Hn ch :Chng ta phi bit cu hnh AP.
2) Tuy nhin , nu nh anh ta c mt vi yu cu thm:
2.1) Ti rt ght s b bn v phc tp, doanh nghip ca ti l mt doanh nghip ln rt cn mt
mng Wireless m bo c tnh h thng + d qun l + d m rng + Chnh sch bo mt tht tt!!!
2.2) Quan trng hn ht l chng ta lm sao thit k 1 mng nh th no m bt c ai (k c anh ta ) ,
khng bit g v Wireless cng c th , m rng thm mt mng mi bng cch rt n gin :Gn AP
vo mt port ca Switch !!!
Cui cng gii quyt vn trn , nht l nguyn nhn 2.2 , tng nh khng th nhng vn c cch !!!
l m hnh ch yu gm cc LightWeight Access Point (LAP) + Wireless Lan Controller (WLC) .
Nh vy , AP m ta ni n 2.2 ) chnh l LAP (n khng cn phi cu hnh ch cm dy vo mng
l t chy)
Mt im lu : Ta c th thuyt phc khch hng rng , m bo yu cu 2 trn , nht l 2.2) (ci
ny ai cng bit l do ti sao n tn ti!!!), rng anh c th cho chng ti lm ngi cung cp LAP( tc
nhin n s cao gi hn AP bnh thng ri) nu nh cng ty cn m rng thm.

Trang 1

Trn M Phc tranmyphuc1988@gmail.com

II./ Topo mng n gin nht v mng c Wireless Lan Controller (WLC):
Sau y , ti xin gii thiu v Topo mng n gin nht v mng c WLC, m qua mi ngi c th
trin khai thm cho ph hp vi yu cu ca mnh . V d nh ta c th gn thm Switch gia Router
v LAP di y p ng nhu cu 2.2 trn , ..

V phn gn thm Module cho thit b to thnh 2 trong 1 ny c rt nhiu phng n . V d nh ta c

th gn thm module WLC vo Switch 6500 _khi Switch ny s m nhn nhiu vic : nh tuyn cho
Vlan thng v Wlan hay gn vo Router 2811 tr ln , nh thit b dng trong Topo Lab ny!!!

Trang 2

Trn M Phc tranmyphuc1988@gmail.com

Sau y s l m hnh , ta s trin khai trong bi ny

Trang 3

Trn M Phc tranmyphuc1988@gmail.com

Mt s ch thch trc khi bt u bi Lab:

mi ngi d hnh dung sau y l hnh nh ca Wireless Lan Module:

Khi dng cu lnh :show ip interface brief trong mode priviledge ca Router 2811, ta s thy
interdace dng giao tip ca WLCModule l :interface Wlan-controller 1/0
hiu thm v a ch qun tr (IP manager + IP Ap-manager ) ta c th tham kho trong gio trnh
v Wireless ca BCMSN. y l 2 interface mc nh (static) cn phi c cho WLC. Nhim
v ch yu 2 interface y l :

1. IP manager :dng qun tr ton b WLC , cn phi c cu hnh WLC bng

giao din Web. bi Lab ny l 192.168.1.24

2. IP AP-manager dng qun tr cc LAP bi Lab ny l 192.168.1.25

Trang 4

Trn M Phc tranmyphuc1988@gmail.com

Ngoi nhng ch thch lin quan n Topo mng, ti xin b sung thm v cc kin thc
ca :
1) DHCP

Trang 5

Trn M Phc tranmyphuc1988@gmail.com

2) NAT
DHCP (Dynamic Host Control Protocol ) : Mt giao thc dng cp pht ng a ch
Ip cho mt host.
NAT : (Network Address Translate): Dng chuyn i a ch mng ni b thnh da
ch bn ngoi , nhm mc ch gip cho mng ni b c th truyn thng c vi
Internet hay th gii bn ngoi ca mng.

Trang 6

Trn M Phc tranmyphuc1988@gmail.com

By gi chng ta bt u cu hnh cho bi Lab

O1.) Bc dng chung cho c 2 cch cu hnh bng cu lnh v bng giao din
Web:
Bc 1 : Ta xa ht tt c cu hnh ca cc thit b (khng cn xa cu hnh LAP)
1.)

i vi Router, ta vo mode privilege nh cu lnh : #erase start .Sau nh tip

#reload

2.) Sau khi router khi ng tr li ta cu hnh a ch Ip cho interface wlancontroller1/0 bng cu lnh :
(config-if)#ip address 192.168.1.1 255.255.255.0
(config-if)#no shut

3.)Sau , ta nhn Ctrl+Z tr v mode priviledge v nh tip cu lnh

:#service wlan-controller 1/0 session

4..) Ta telnet vo WCLModule ( kt thc phin telnet ta nhn kt hp 3 phm Ctrl + Shilf + 6
, sau nhn x, mun vo li WCL , mode priviledge ca Router ta nhn Enter 2 ln . Tip
theo ,khi vo cu hnh khi ng ,ta nh user: cisco password :cisco . Sau ta s vo du
nhc nh sau :(Cisco Controller) >.G nh hng dn xa cu hnh ca WLCModule.:
(Cisco Controller) >clear config
Are you sure you want to clear the configuration? (y/n) y
Configuration Cleared!
(Cisco Controller) >reset system
The system has unsaved changes.
Would you like to save them now? (y/N) n
Configuration Not Saved!
Are you sure you would like to reset the system? (y/N) y

Trang 7

Trn M Phc tranmyphuc1988@gmail.com

Bc 2 : Ci t cc thng s khi to ban u ca WCLModule:
Enter Administrative User Name (24 characters max): phuc # to username
Enter Administrative Password (24 characters max): *****# to password
Management Interface IP Address: 192.168.1.24 # To ip manager
Management Interface Netmask: 255.255.255.0 #Subnetmask
Management Interface Default Router: 192.168.1.1 # a ch ca intface WLC 1/0
Management Interface VLAN Identifier (0 = untagged): 0
Management Interface Port Num [1]:
Management Interface DHCP Server IP Address: 192.168.1.24# Ip manager
AP Manager Interface IP Address: 192.168.1.25 # Ip Ap-manager
AP-Manager is on Management subnet, using same values
AP Manager Interface DHCP Server (192.168.1.24): # press Enter
Virtual Gateway IP Address: 1.1.1.1 # N s l a ch DHCP server cho user
Mobility/RF Group Name: vnpro
Network Name (SSID): vlan1# y l tn ca Vlan1 dng qun tr SSID
Allow Static IP Addresses [YES][no]: no #cu hnh Ip ng
Configure a RADIUS Server now? [YES][no]: no
Warning! The default WLAN security policy requires a RADIUS server.
Please see documentation for more details.
Enter Country Code (enter 'help' for a list of countries) [US]: no
Enable 802.11b Network [YES][no]: yes
Enable 802.11a Network [YES][no]: yes
Enable 802.11g Network [YES][no]: yes
Enable Auto-RF [YES][no]: no
Configure a NTP server now? [YES][no]: no
Configure the system time now? [YES][no]: no
Warning! No AP will come up unless the time is set.
Please see documentation for more details.
Configuration correct? If yes, system will save it and reset. [yes][NO]: yes

Trang 8

Trn M Phc tranmyphuc1988@gmail.com

Bc 3 : Cu hnh cho Router 2811

interface FastEthernet0/0
ip address 192.168.4.1 255.255.255.0# gn ip address cho fa0/0

ip nat inside # p chiu vo cho qu trnh NAT

interface FastEthernet0/1
ip address 10.215.219.10 255.255.255.0#c th gn ng bng cu lnh ip address dhcp

ip nat outside # p chiu ra ca qu trnh NAT

ip dhcp pool lap # Pool a ch ng gn cho cng fa0 ca LAP
network 192.168.4.0 255.255.255.0
default-router 192.168.4.1 # a ch cng fa0/0

option 43 hex f104.c0a8.0119 # Tham kho thm ch thch cui bi

option 60 ascii "Cisco AP c1130"# Tham kho thm ch thch cui bi
!
ip dhcp pool vlan2
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
dns-server 203.162.4.190
!
ip dhcp pool vlan3
network 192.168.3.0 255.255.255.0
default-router 192.168.3.1
dns-server 203.162.4.190
interface wlan-controller1/0.2 # To Sub interface WLC1/0
encapsulation dot1Q 2 # chun ng gi
ip address 192.168.2.1 255.255.255.0 # Ip add = Ip add ca default-router tng ng

ip nat inside # Cu lnh rt quan trng thng hay qun

!
interface wlan-controller1/0.3
encapsulation dot1Q 3
ip address 192.168.3.1 255.255.255.0

ip nat inside

# ip route 0.0.0.0 0.0.0.0 10.215.219.254# Cu lnh thng hay qun khi

NAT , n dng to default route n ADSL router cho ton mng ,
ta c th i Internet. Nu m thiu cu lnh ny , ta ch c th PING
n n m khng th ra Internet!!!

Bc cui cng :
Ta cu hnh NAT nh hng dn trn !!!!# Xem phn b sung
bn trn
Tm lc nhng ci quan trng trong cu hnh Router m ta thng hay qun :
1) a ch intface i ni ra ngoi mng (Fa0/1) nn cho Server DHCP cp a ch ng cho n trnh trng
hp trng a ch.
2) option 43 hex f104.c0a8.0119# c0a8.0119 phi l a ch IP AP-Manager
3) l cu lnh Ip nat inside # Mi ngi thng qun khng t n vo cc
II./ Hai cch cuWLC
hnh cho Wireless Lan Controller Module :
Subinterface
4) Cui cng l ip route 0.0.0.0 0.0.0.0 <default-gateway router ADSL hay
intface router k cn>
Trang 9

Trn M Phc tranmyphuc1988@gmail.com

O2.)C hai cch theo ti u hay :

Giao din Web

Giao din Command Line :

u im : Nhanh, tin li
v rt trc quan

u im : Mi cu lnh ta nh ,
u yu cu bn thn phi nm r
vn m mnh cn cu hnh

Nhc im: S khng

hiu r bn cht ca vn
bng giao din
Command Line c .

Nhc im : khng trc quan,

kh nh v phc tp hn giao
din Web

Nhng c th cu hnh cho nhng trng hp tng t mt cch nhanh chng bng giao din Web.
Theo ti , chng ta nn tham kho v cu hnh theo giao din Command line trc :

C1 :Giao din command Line:

Bc 1 : To 2 dynamic interface c tn l Vlan 2 v Vlan3
(Cisco Controller)config > interface create vlan2
(Cisco Controller)config > interface create vlan3

2 # 2 l Vlan ID
3

Bc 2 : t Ip address , Subnet-mask, v Default Gateway cho nhng interface trn:

Cisco Controller) config >interface address vlan2 92.168.2.254 255.255.255.0 192.168.2.1
(Cisco Controller) config> interface address vlan3 192.168.3.254 255.255.255.0 192.168.3.1

Default gateway phi l ip address ca Subinterface Wlan-Controller tng ng trn Router .

Bc 3 :To Wlan 2, 3 tng ng vi SSID vlan2 v vlan3
(Cisco Controller)config >wlan create 2 vlan2 # 2 l Wlan ID, vlan2 l SSID
(Cisco Controller)config >wlan create 3 vlan3

Bc 4: Rng buc Wlan vo Dynamic inteface tng ng va mi to trn:

(Cisco Controller)config >wlan interface 2 vlan2 #2 l WlanID, vlan2 l dynamic interface
(Cisco Controller)config >wlan interface 3 vlan3

Bc 5 : Cu hnh dynamic interface va to vi IP address DHCP server tng ng , ta c th

forward IP khi DHCP client yu cu. IP address DHCP server c cu hnh trn Router , n cng chnh
l a ch ca Sub interface WLC tng ng.
(Cisco Controller) config>interface dhcp vlan2 192.168.2.1
(Cisco Controller) config >interface dhcp vlan3 192.168.3.1

Trang 10

Trn M Phc tranmyphuc1988@gmail.com

Bc 6 : Mc nh th chng thc Dot1X c bt ln , do a v ch open authentication
(khng cn chng thc) , ta dng cu lnh sau tt chc nng chng thc Dot1X:
(Cisco Controller)config >wlan security 802.1X disable 2
(Cisco Controller)config >wlan security 802.1X disable 3

y l iu quan trng m trong gio trnh Cisco khng c ghi :Rt d b hiu nhm :
1) Khi cu hnh khi to , WLC hi : Network Name (SSID):=> y
chnh l tn ca Wlan1, Wlan1 thng c chc nng qun tr m
thi. Do nu bn nh vo Vlan2 , th gi s trong m hnh lab
ny , bn s b li
2) Mc nh trong WCL . Wlan lun ch Disable tr Wlan qun tr
lun Enable. V th ta dng lnh

(Cisco controller)>show wlan summary

=>Bn s thy tnh trng ca cc Wlan
(Cisco controller)config> Wlan enable <vlan ID>
=> Bn enable nhng Wlan cn thit
3) iu lu nh na : Bn c th ng t PC ping n cc
a ch khc nhng khng th ping n IP Ap-manager
4) Ti th v thy rng d trin khai access-list trn
router , ta vn khng cn dng n nhm lnh:
ip helper-address (mode interface)
ip forward-protocol udp port
5) Nu nh bn cu hnh trong cu lnh Option 43 l a ch
khc Ip AP-manager n s khin cho LAP, khi kt ni s
khi ng li lin tc v n khng xin c cu hnh t
WLC.(N khi ng li vi mc ch l xin li ln na)
00:1a:6c:8e:f3:78 Received LWAPP DISCOVERY REQUEST from AP 00:1a:6c:8e:f3:78 to
00:1b:53:bd:4e:c0 on port '1'
00:19:aa:00:23:d8 Successful transmission of LWAPP Discovery-Response to AP
00:1a:6c:8e:f3:78 on Port 1
00:1a:6c:8e:f3:78 Received LWAPP JOIN REQUEST from AP 00:1a:6c:8e:f3:78 to
00:1b:53:bd:4e:c0 on port '1'
00:1a:6c:8e:f3:78 LWAPP Join-Request has invalid certificate in CERTIFICATE_PAYLOAD
from AP 00:1a:6c:8e:f3:78. Make sure controller time is set!
00:1a:6c:8e:f3:78 Unable to free public key for AP 00:1A:6C:8E:F3:78
spamDeleteLCB: stats timer not initialized for AP 00:1a:6c:8e:f3:78
spamDeleteLCB: stats timer not initialized for AP 00:1a:6c:8e:f3:78

on Debug trn ti nh trn WLC :

(Cisco-controller)>debug Wlan events
Ngoi ra bn c th t tn cho WLC bng cu lnh
(Cisco-controller)config>

Trang 11

Trn M Phc tranmyphuc1988@gmail.com

C2 Cu hnh bng giao din Web

Bc 1 : Ta dng cp cho ni t port fa0/0 trn Router n PC. Sau ta t IP cho card LAN nh sau :

Ta bt buc phi gn default Gateway cho PC chnh l Ip ca cng fa0/0. Sau :

Ta s vo giao din sau :

Trang 12

Trn M Phc tranmyphuc1988@gmail.com

Bc 2 : Ta cu hnh WLCModule trong ca s CONTROLLER:

Trang 13

Trn M Phc tranmyphuc1988@gmail.com

Bc 3: Ta cu hnh WLCModule trong ca s WLANS

Trang 14

Trn M Phc tranmyphuc1988@gmail.com

Trang 15

Trn M Phc tranmyphuc1988@gmail.com

III./ Nhng thao tc cui cng v s m rng m hnh mng ny theo mt s

nhu cu c bn ca nh qun tr v khch hng :
O1.) Nhng thao tc cui cng:
Ni cho vui l thao tc cui cng , ch n rt n gin , mt BABY cng c th lm c l ni cp t
port fa0/0 n port fa0 trn LAP. Nh vy l ta c mt h thng mng mi dnh cho 1 vn phng nh i
Internet v giao lu d liu vi nhau
Cui cng chng ta s sng tay vi thao tc Click . click v click
Bc 1: t Cisco Aironet 802.11 a/b/g Wireless Adapter vo NIC slot trn Laptop

Bc 2:
Bn hy Double Click vo biu tng ny , sau ta s vo ca s sau :

Trang 16

Trn M Phc tranmyphuc1988@gmail.com

Trang 17

Trn M Phc tranmyphuc1988@gmail.com

Trang 18

Trn M Phc tranmyphuc1988@gmail.com

Bc 3 : Coi nh phn Ci t :OK . Gi n phn ni PC vo mng Wireless ta va to trn KEKKE

Trang 19

Trn M Phc tranmyphuc1988@gmail.com

Trang 20

Trn M Phc tranmyphuc1988@gmail.com

Trang 21

Trn M Phc tranmyphuc1988@gmail.com

Trang 22

Trn M Phc tranmyphuc1988@gmail.com

O2.) Ni v s m rng c th ca m hnh mng ny :

2.1) n gin v thc t nht:
1) Ta c th thay th Router 2811 l mt Switch 6500, va iu khin Vlan thng v c Wlan!!!
Tuy nhin , n s khng kinh t bng Router ri!!!
2) Kt ni gia Router v LAP , ta c th thm mt Switch bnh thng thi , to mi trng .
3) C th gn thm Server ci ACS hoc thc thi chc thc WAP.

2.2) i hi kinh t v k thut:

1) C th Loadbalancing gia 2 Wireless LAN Controller .
2) C th Redundancy gia 2 Wireless LAN Controller, ci ny b die th ci kia th ch !!

Trang 23