B  N  Mobility  -­‐  CUWN  8.1  Features  Lab  –  ver1  

Borderless Networkers PVT-AMS
October 2014
CUWN 8.1 Feature LAB

Cisco Confidential 2014 © All Rights Reserved

Page 1

 
B  N  Mobility  -­‐  CUWN  8.1  Features  Lab  –  ver1  

Lab Topology
In order to derive the most out of this Lab, and exercise the functionality outlined in this document, it’s
important to have a network that is configured properly with IPv4 configuration on the switches and
controllers. All lab resources are configured as depicted in the diagram below. Most Lab deployments are
usually in lab or private network with a minimal set of Controllers, Access Points and Clients.

LabTopology*
Wireless*Client*
Lync*Client**
Username*:podXa*
Password:*Cisco123*
*

SSID:*PODX/EoGRE*
Security:*WPA2*/PSK*

*
Wireless*Client**
Cisco*AirProvision*
App*
*
**
*

Internet*
NAT*Router*

SSID:*PODX/PSK*(Universal/admin)*
Security:*WPA2*/PSK*
MSE:10.10.105.26*

AP2700/UX*
*

SW/3750*
10.10.X0.4*

Wired*Client*10.10.X0.x*
*
*
*
CUWN*8.1*Features*
/Spartan*2.0*
/Universal*AP*
/ATE*
/BLE*
/Lync*SDN*

/FlexAVC*
*
**
*

WLC/2504*
MGMT*=*10.10.X0.2*/24*VLAN*10*

CORE/SW/3750*
Vlan10:10.10.10.1*
Vlan20:10.10.20.1*
Vlan30:10.10.30.1*
VlanX0:10.10.x0.1*
*

PI:10.10.105.25*

UCS*10.10.105.50**

MS*Lync*Server*10.10.105.14**

POD*X*

*"Where"‘X’"is"the"POD"number""

Client Devices used in LAB Topology
1. Apple iPhone/ Android Phone to associate on SSID(universal-admin) for to config AP domain
2. Wired Laptop connected to POD L2 switch to access mgmt VLAN X0 the network (where x is POD
number)

Cisco Confidential 2014 © All Rights Reserved

Page 2

 
B  N  Mobility  -­‐  CUWN  8.1  Features  Lab  –  ver1  

3. After doing basic connectivity testing you will be required to disconnect the PC/ laptop from the
Switch port and directly connect it to the WLC Service Port as part of the lab Section 1.

IP Addressing and Passwords
Device
DHCP Server Pod 1
DHCP Server Pod X
Pod 1 Switch
Pod X Switch
Pod 1 WLC
Pod 2 WLC
Pod 3 WLC
Pod X WLC
Pod 1 AP
Pod X AP

Vlan
10
X0
10
X0
10
20
30
X0
10
X0

IP Address
10.10.10.1
10.10.X0.1
10.10.10.4
10.10.X0.4
10.10.10.2
10.10.20.2
10.10.30.2
10.10.X0.2
DHCP
DHCP

Gateway
10.10.10.1
10.10.X0.1
10.10.10.4
10.10.X0.4
10.10.10.1
10.10.10.1
10.10.X0.1
10.10.X0.1
10.10.10.1
10.10.X0.1

User Name
N/A
N/A
N/A
N/A
admin
admin
admin
admin
cisco
cisco

Password
N/A
N/A
Cisco
Cisco
Cisco123
Cisco123
Cisco123
Cisco123
Cisco
Cisco

Lab has 2 dedicated VLANs for each POD
Management Vlan

Pod 1
10

Pod 2
20

Pod 3
30

Pod 4
40

Pod 5
50

Pod 6
60

Pod 7
70

Pod 8
80

Pod 9
90

Pod 10
100

Management Vlan used for => WLC, AP, Wireless Laptop Client, Apple Client
Machine (iPAD/iPhone)
Wired laptop connected to VLAN x0

Verify Controller and Switch Connectivity
Lab core switch is been configured for you and you don’t have to make any changes. Please verify L2
switch and WLC connectivity for your individual Pod.
To verify controller and switch connectivity use wired laptop connected to individual POD L2
switch on interface Gig1/0/13. Your laptop should have IPv4 address from management vlan of
individual POD

POD 1
10

POD 2
20

POD 3
30

POD 4
40

POD 5
50

POD 6
60

POD 7
70

POD 8
80

Pod 9
90

Pod 10
100

Example below is from the Pod 9 wired workstation:

Cisco Confidential 2014 © All Rights Reserved

Page 3

connect to individual POD switches and controller and verify the network connectivity. POD 1 L2 switch POD 2 L2 switch POD 3 L2 switch POD X L2 switch : 10.10.10.4 : 10.10.4 [where X is the POD number] When connected to the individual L2 switch initiate ping to it’s gateway and DHCP server and make sure connectivity is fine.   B  N  Mobility  -­‐  CUWN  8.30.10. Remember individual POD switches are configured as pure L2 switches and not a core switch.4 : 10.10.X0.4 : 10. Using telnet access from command prompt on the wired Lab laptops. Below example from Pod 9 Cisco Confidential 2014 © All Rights Reserved Page 4 .20.1  Features  Lab  –  ver1   Now being connected to your local Pod you can verify lab setup and configuration as shown in topology above.

  B  N  Mobility  -­‐  CUWN  8. provide various services such as corporate employee or guest wireless access on the network. Wireless clients (tablets. etc. Configuration via CLI is has been maintained for some time and is available on Cisco. • Updated method using network connection directly to the WLC GUI setup wizard This guide provides instruction only for using the WLC GUI setup wizard. 4. 3. Components Used • • • • • Cisco 2504 Series Wireless LAN Controller Access Points supplied in the Lab Cisco Catalyst Switch Client computer (e. The port LEDs will blink to indicate that both machines are properly connected. Cisco Confidential 2014 © All Rights Reserved Page 5 .) WLC Installation Step-by-Step 1. 8. Connect a client machine to Port 2 of the WLC with an Ethernet cable.com/c/en/us/td/docs/wireless/controller/7-6/configuration/guide/b_cg76. Access points will join the WLC. with an available wired Ethernet port.1  Features  Lab  –  ver1   Section1: Day 0/1 setup 2. Connect a PC laptop wired Ethernet port directly to Port 2 of the WLC (figure of Port 2 location is shown below).html General steps to configure are summarized as follow: 1. smartphones.0 (Best Practice) Day 0/1 setup Introduction The goal of this feature in the Lab guide is to provide a set of instructions to help easily setup a WLC to operate in a small or medium office environment. Complete the configuration checklist 2. laptop) supplied in the Lab. connect and power on the WLC. there are 2 ways to configure the 5508 Series Wireless LAN Controller: • Traditional command line interface (CLI) via serial console. Open a client web browser access the WLC startup GUI 5.com or at the following location: http://www. where access point(s) can join and together as a simple solution. then configured wireless network will become available. Connect access point(s) to the network switch. 7. With this Day 0/1 setup software release. 9. Disconnect the WLC from client machine and connect to the network switch. Unpack.g. Connect wireless client(s) to the available network.cisco. Enter the settings from the completed configuration checklist 6.

168.LED is solid green If you don’t get a PI address (192. The controller IS ready . b. Do not auto configure controller. The system is NOT ready .   B  N  Mobility  -­‐  CUWN  8.X to your Laptop to access the WLC GUI (DHCP will be available in the official release) Example of network settings on Windows PC (Start à Run à CMD à ‘ipconfig’): Cisco Confidential 2014 © All Rights Reserved Page 6 .xyx) from WLC the manually assign a static IP address 192.1.1  Features  Lab  –  ver1   2.168.1. 3. It may take several minutes for the WLC to fully power on to make the GUI available to the PC.LEDs is OFF. The LEDs on the front panel will provide system status: a.

b. open a web browser (Prefered is Chrome and Safari) and open the following URL: http://192.1. d.168. c.x assigned to your computer.1 a. Click on Start to continue.168. Upon confirming that there is an IP address of 192. Create a new admin account name = admin Provide the new admin account’s password = Cisco123 Confirm the password.   B  N  Mobility  -­‐  CUWN  8. Cisco Confidential 2014 © All Rights Reserved Page 7 .1.1  Features  Lab  –  ver1   4.

r.Set Up Your Controller.   B  N  Mobility  -­‐  CUWN  8.1 e. subnet mask. Management VLAN id (see checklist). On the next screen. Cisco Confidential 2014 © All Rights Reserved Page 8 . It is highly recommended that you confirm this before continuing.t country ) c.10. and default gateway – 10. System name for the WLC – PODX-WLC b. it will be helpful to refer to your checklist and the table provided by the Lab Admin. a. The current time zone (w.2 and 10. then the network switch port must be configured with a native VLAN “X0” Note: The wizard will attempt to import the clock information (date and time) from the computer via JavaScript. fill out the required information.1  Features  Lab  –  ver1   5. Again. Management IP address. NTP Server (optional) d. Note: Example below show a configuration for Pod 1. Access points rely on correct clock settings to be able to join the WLC. if left unchanged (or 0).10.X0.X0. indicated Step 1 .

fill out the following: a. Security (WPA/WPA2 Personal) • WPA/WPA2 Personal – provide a pass phrase (PSK / password=Cisco123) c.1  Features  Lab  –  ver1   6. the DHCP processing is bridged to the management interface.X0.Create Your Wireless Networks. Next. Cisco Confidential 2014 © All Rights Reserved Page 9 .   B  N  Mobility  -­‐  CUWN  8. Example of an Employee Network configured with WPA/WPA2 Personal using PSK (pre-shared key / pass phrase) for Pod1. with the help from your checklist. Provide the DHCP server (10.PODX-PSK b. Network name/SSID . or from the Step 2 .10.1) – if left empty.

Check the RF parameter Optimization box Then you can configure the Deployment Type parameters through which you can select Low Density. 1.1  Features  Lab  –  ver1   Configure advanced settings in section 3 as shown in the example below. Cisco Confidential 2014 © All Rights Reserved Page 10 .   B  N  Mobility  -­‐  CUWN  8. Typical or High Density and also configure the RF parameters for particular type of traffic as well like Data and Voice.

Cisco Confidential 2014 © All Rights Reserved Page 11 .1  Features  Lab  –  ver1   For this Lab select deployment type as ‘Typical’ and Traffic Type as ‘Data’ leave the Virtual IP Address and other values to default then click ‘Next’.   B  N  Mobility  -­‐  CUWN  8. Following table depicts the default values when ‘Typical’ deployment type is selected from RF parameters.

If all settings are correct.Do you want to apply these configuration?’ Cisco Confidential 2014 © All Rights Reserved Page 12 ..   B  N  Mobility  -­‐  CUWN  8. A message with a prompt ‘System will reboot.. click Apply.1  Features  Lab  –  ver1   7.

Connect only AP3700 access points to the your POD switch if not already connected. Wait until access points to join the WLC Dashboard Browse to http://10.2 11. Cisco Confidential 2014 © All Rights Reserved Page 13 . 9. 12. Optionally check the configuration done in the Day-0 config via the console connection 10. This dashboard does not replace the existing legacy Monitor page on the WLC. the WLC will reboot automatically.10. Otherwise would not be able to access the WLC mgmt.10. Click OK to apply final settings.e port 1 of your POD Switch if not already connected.X0. To return to the legacy web UI page. Connect the WLC port 1 to the switch assigned trunk port. i. i. A confirmation page will show that ‘The controller has been fully configured and will now restart’ Sometimes this message would not appear this is a known issue and will be fixed. GUI through 10.e.   B  N  Mobility  -­‐  CUWN  8. click on the ‘Advanced’ link.2 which you assigned to your PODx-WLC Please spend some time to explore the new dashboard.1  Features  Lab  –  ver1   8.X0. Disconnect your computer from the WLC port 2 and connect it to POD-Switch port 5 Please do not forget to change the laptop ip address back to dynamic/automatic dhcp option if it is statically assigned. The admin must log into the WLC to access web UI and dashboard. AP3700 to port 3 13.

0 (best practice) features are enabled by checking that predefined RF profiles getting created under WIRELESS->RF Profiles Cisco Confidential 2014 © All Rights Reserved Page 14 .   B  N  Mobility  -­‐  CUWN  8.1  Features  Lab  –  ver1   To return back to the Dashboard screen click on the Home button as shown below. You can verify whether the Day 0/1 setup 2.

under WIRELESS->Advanced-> System Profile/ Network Profile you should see the following Below are examples of some of the BP features enabled with Day-0 wizard installation.0.  http Yes Local  Profiling Yes Band  Select Yes DHCP  Proxy Yes Secure  Web  access Yes Virtual  IP  192.1  Features  Lab  –  ver1   Also .1 AVC  Visibility Yes(  2504  Only)   mDNS  Snooping Yes  (2504  Only) New  MDNS  Profile  for  printer. The features showing * are in process of being implemented in the new release Feature 8.2.   B  N  Mobility  -­‐  CUWN  8.1 Yes  (configurable) RRM-­‐DCA  Auto Yes RRM-­‐TPC  Auto Yes CleanAir  Enabled Yes EDRRM  Enabled Yes Channel  Width  40  MHz Yes Aironet  IE  Disabled Yes Management  over  Wireless No Cisco Confidential 2014 © All Rights Reserved Page 15 .

Cisco Confidential 2014 © All Rights Reserved Page 16 .1  Features  Lab  –  ver1   2. You have reached the end of the Lab guide for the Day 0/1 setup software release.   B  N  Mobility  -­‐  CUWN  8. Please proceed to the next section of the Lab. pod2…podx where x is the pod number) From WLC main menu CONTROLLER->General then configure the name as podx (where x is the pod number).4  Low  Data  Rates  Disabled Yes  (Network  profile) Load  Balancing Yes  (Network  profile) Rogue  Threshold  Enabled Yes Client  Exclusion  Enabled Yes FastSSID  Enabled* Yes   Infra  MFP Yes   Multicast  Forwarding  Mode Yes SNMPv3  (delete  default) Yes Mobility  Name Yes RF  Group  same  as  Mobility  Name Yes DHCP  Required  on  Guest  WLAN Yes 5  GHz  Channel  Bonding* Yes Note: Before proceeding to the next section configure an RF Group Name according to your pods (e. pod1.g.

While the concept of dropping a frame is obvious. the transmission medium is via radio waves that transmit data at varying rates. Air Time Entitlement (ATE) is a form of wireless QOS that regulates downlink airtime (as opposed to egress bandwidth). Instead of regulating egress bandwidth.   B  N  Mobility  -­‐  CUWN  8. it makes more sense to regulate the amount of airtime needed to transmit frames. it remains in the Client Priority Queue (CPQ) and may be transmitted at a later time when the corresponding token bucket contains a sufficient number of tokens (unless the CPQ reaches capacity. If the token bucket contains enough airtime to transmit the frame.1  Features  Lab  –  ver1   Section  2:     Air Time Entitlement (ATE) Traditional (wired) implementations of QOS regulate egress bandwidth. Large scale. Cisco Confidential 2014 © All Rights Reserved Page 17 . ATE is needed to ensure fairness of usage across operators. Wireless Network owners are mandating that their applications be allocated some fixed percentage of the total bandwidth of the Wi-Fi network. Each client/UP/SSID can be thought of as having a token bucket (1 token == 1 microsecond of airtime). the frame can either be dropped or deferred. At the same time. Otherwise. with capital sharing being considered with multiple cellular providers. With wireless networking. The majority of the work involved for ATE takes place on the access points. The wireless controller is used simply to configure the feature and display results. at which point the frame will be dropped regardless). Deferring a frame means that the frame is not admitted into the Access Category Queue (ACQ). the ATE budget for that client/UP/SSID is checked to ensure that there is sufficient airtime budget to transmit the frame. high density Wi-Fi deployments are driving this feature. it is transmitted over the air. Instead. deferring a frame deserves further explanation. Before a frame is transmitted.

each client is granted equal airtime. ATE can be globally enabled/disabled ATE can be enabled/disabled on an individual access point Legacy.   B  N  Mobility  -­‐  CUWN  8.1  Features  Lab  –  ver1   Note: • • • • • • • • ATE policies are applied only in the downlink direction (AP transmitting frames to client). ATE policies are applied only on wireless data frames. If the frame is deferred. In this Lab exercise we will configure two WLAN s on the controller and assign one SSID=PODX-ate98 entitlement of 98% and another SSID = PODX-ate2 entitlement of the 2%.11n. This is because currently there are some known issues of ATE on AP2700 in this code. Then we will connect clients to one WLAN at a time and use media stream applications such as YouTube and observe performance with 98% and 2% Entitlement. there is a limit as to how many frames can be buffered. Create two SSIDs on the Pod X controller PODX-ate98 and PODX-ate2 with WPA/PSK and password=Cisco123. 802. On the Controller CLI configure ATE for SSID config ate mode ssid This command sets the mode (granularity) at which ATE is performed to SSID. ATE will be configured to either drop or defer frames that exceed their airtime policies. Of course. and 802. management and control frames will be ignored. Global ATE configuration commands Note: For this exercise make sure only AP3700 is enable and keep AP2700 disabled. ATE results and statistics will be available on the wireless controller (TBD). it will be buffered and transmit at some point in the future when the offending client/UP/SSID has a sufficient airtime budget. frames will be dropped regardless. Cisco Confidential 2014 © All Rights Reserved Page 18 . 1. 2. When ATE is configured per-client.11ac (TBD) frames will be supported. If this limit is crossed.

1  Features  Lab  –  ver1   3. config ate bucket 1 98 config ate bucket 2 2 4.   B  N  Mobility  -­‐  CUWN  8. config wlan ate <wlan id> bucket <bucket id> # assign bucket to wlan (wlan must be down) Make sure corresponding WLAN numbers match the bucket ID # with a specific weight as shown in the example below. Enable WLAN PODX-ATE98 and PODX-ATE2 2. SSID PodXate98 to bucket 1 and PodX-ate2 to bucket 2. Configure Violation as dropped as in the example shown below Cisco Confidential 2014 © All Rights Reserved Page 19 . Packets can either be dropped or deferred. In the next step assign WLAN created previously to the buckets accordingly. Disable WLAN PODX-ATE98 and PODX-ATE2 5. One bucket # 1 with weight 98% and the second #2 Weight 2%. they get buffered in the AP where they will be transmitted at a later time when there is a sufficient airtime budget. In the next step configure two bucket IDs and Weight for the two corresponding SSIDs. With the next command configure how to control what ATE does with a packet that violate its airtime policy. If packets are deferred.

1  Features  Lab  –  ver1   config ate violation drop 3. Change the buckets to something like 90% and 10% and observe the video changes. Run some video stream such YouTube. You should see YouTube is much slower on this WLAN. 5. 7. Show ATE configuration on the WLANs with the following commands show ate config wlan # show bucket + wlan combinations show ate config all # show settings by APs 4. There are no debugs and Statistics in code rite now Cisco Confidential 2014 © All Rights Reserved Page 20 . Connect a wireless Client of your choosing to SSID in your POD ie PodX-ate98 and observe the effect of the ATE on this WLAN. 6.   B  N  Mobility  -­‐  CUWN  8. Connect a wireless Client to SSID in your POD ie PodX-ate2 and observe the affects of the ATE on that WLAN.

Android. This will help you keep track of beacons. Bluetooth Smart is intended to provide considerably reduced power consumption and cost while maintaining a similar communication range. You also probably heard of BLE beacons or iBeacons (Apple’s version of BLE) come up in your conversations with customers or partners. Cisco Confidential 2014 © All Rights Reserved Page 21 . is a wireless personal area network technology designed and marketed by the Bluetooth Special Interest Group aimed at novel applications in the healthcare.0 specification permits devices to implement either or both of the LE and Classic systems. as well as OS X. and home entertainment industries. 5-6 second refresh rate. while offering a richer location landscape for your deployment. As noted above. the best solution is a hybrid environment where Wi-Fi is enhanced with BLE. and position BLE beacons with existing Cisco CleanAir AP’s – there is no need for new hardware. and the maximum transmit power is 10 mW. Bluetooth Smart has 40 2-MHz channels.0 for advertising and granular location. Linux. 3 –Integrate BLE with Access Points: We’ve identified that there is potential here to help you deploy fewer beacons and reduce worries around battery replacement/theft/movement while built-in centralized management. Better Wi-Fi location accuracy will allow you to reduce the number of BLE beacons required for granular location applications. 2 – Manage BLE: Cisco wireless infrastructure can see. often called Classic. Windows Phone and BlackBerry. which allows dual-mode devices to share a single radio antenna.4 GHz radio frequencies as Classic Bluetooth. and Windows 8. ensure they have not moved. Within a channel.1  Features  Lab  –  ver1   Section 3: BLE (Bluetooth Low Energy) Bluetooth Low Energy or Bluetooth LE. Bluetooth protocol. Cisco is working towards goals of 1-3m accuracy. This solution helps mitigate the operational costs and complexity of handling rogue or stolen beacons. read. however. If you are thinking about beacons. BLE does. security. Cisco is doing three things to help in this area: 1 – Improve Location Accuracy: Cisco is improving Wi-Fi based location in order to reduce the difference between Wi-Fi and BLE. Bluetooth Smart is not backward-compatible with the previous. and 2 second latency.   B  N  Mobility  -­‐  CUWN  8. data is transmitted using Gaussian frequency shift modulation. The Bluetooth 4. We are working on Wi-Fi-based visibility (and potentially moving into active management) to help streamline BLE management. identify rogue and/or duplicate beacons. Compared to Classic Bluetooth. *Please note: not all use cases require the fast refresh rates offered by BLE. BLE uses Bluetooth 4. similar to Classic Bluetooth's Basic Rate scheme. natively support Bluetooth Smart. use a simpler modulation system and uses a different set of channels. The bit rate is 1Mbit/s. Mobile operating systems including iOS. BLE is supported in most newer smartphones and can enhance indoor Wi-Fi location deployments with additional levels of granularity and faster refresh rates. Bluetooth Smart uses the same 2. marketed as Bluetooth Smart. fitness. Instead of the Classic Bluetooth 79 1-MHz channels.

11b/g/n->CleanAir and enable cleanair by checking the box if it is disabled.Go to WLC main menu WIRELESS->802.11b network in order for the AP to discover it.4 Ghz band.   B  N  Mobility  -­‐  CUWN  8.11b cleanair device enable iBeacon To verify if any BLE/iBeacon is reported by the AP to the WLC issue the command (PODx-WLC)> test cleanair show idr all //This will show all the interferers// Note : In the lab there are few iBeacons present and you should see them Cisco Confidential 2014 © All Rights Reserved Page 22 .1  Features  Lab  –  ver1   Configuring BLE/iBeacon detection and Classification BLE (iBeacon) device operates/beacons in 2. 2. The Cleanair needs to be enabled on 802. 1.Now from the WLC CLI and issue the following command to enable ibeacon detection (PODx-WLC)> config 802.

Note : If the WLC is not on the PI then add it from PI main menu bar go to Operate->Device Work Center and add your respective POD WLCs Cisco Confidential 2014 © All Rights Reserved Page 23 . Note: In this lab we are using PI and MSE to show the visibility and configuration of iBeacons. (PODx-WLC)> show 802.x) This PI is demo code just use it as a reference for this lab only. 4.You can also use the following show command to see if the ibeacons are detected by the specific AP.Now login to the PI (10.105.26 root/Public123) and see your respective POD-WLCs are already add to the PI. But going forward the BLE/iBeacon visibility and configuration will only be available on MSE (MSE 10.11b cleanair device ap <AP Name> As the iBeacons are being detected as rogue devices we need to classify them and this is done through the PI/MSE in this lab setup.1  Features  Lab  –  ver1   3.   B  N  Mobility  -­‐  CUWN  8.10.

Telnet= admin/Cisco123 6.X0.10.1  Features  Lab  –  ver1   5. Community= private .Configure the device parameters according to your pod and click ‘Add’ button WLC IP Address = 10.The WLC should get added to the PI as seen below Cisco Confidential 2014 © All Rights Reserved Page 24 .   B  N  Mobility  -­‐  CUWN  8.2 .

Only when you do not see your POD AP on the map then Add the access point by selecting ‘Add Access Points’ from ‘Select a command ‘drop down menu on the right side of the page then click ‘Go’ button.1  Features  Lab  –  ver1   7.Now add your respective POD-AP’s to the map by going to PI main menu then click Operate->Maps 8.   B  N  Mobility  -­‐  CUWN  8. Click on the maps and then Site Maps System Campus>SJC5>Conference room 9.There is a single map (conference room) for all the pods. Cisco Confidential 2014 © All Rights Reserved Page 25 .

1  Features  Lab  –  ver1   10.   B  N  Mobility  -­‐  CUWN  8. Cisco Confidential 2014 © All Rights Reserved Page 26 .This will to take you to ‘Add Access Points’ page. There will be multiple access points showing up on the list please select the one with your POD number and Click ‘OK’ button Note: Once the AP is added then switch PI mode to Classic view as iBeacons configuration is currently only available in PI classic view. 11.Hover your cursor to ‘root’ on top right side of the PI GUI then select “Switch To Classic Theme” 12.Go to Monitor and then click on BLE Beacons. this will give you list of iBeacons discovered and will show up as rogues.

Not a requirement but you can name the device as you like e.   B  N  Mobility  -­‐  CUWN  8.List of the iBeacons will show up click on the one of the iBeacon device Mac Address.1  Features  Lab  –  ver1   13. As we don’t have individual beacons for the pods just use the next step for the reference. from PI main menu navigate to Configure tab and click BLE Beacons 14. Note: In most cases you will have the Beacons which have a MAC or UUID but the ones in the lab are Estimote ibeacons which don’t have this information visible on the device physically (The mac address is hand written on the back side of the some of ibeacon devices in the lab) 15.Similarly.g BLE-1 where Then click ‘Save’ Cisco Confidential 2014 © All Rights Reserved Page 27 .

17.1  Features  Lab  –  ver1   16.Now go the map and check if BLE Beacons are populated on the map.   B  N  Mobility  -­‐  CUWN  8. from ‘-Select a command-‘ drop down menu on the right side of the page select ‘Add BLE Beacons to Known-List’ and click ‘Go’shown below. You should be able to see the iBeacons on the map some showing up as rogues (Yellow) and ones configured as known (Green) and if there is any missing iBeacon it will show up as Red Cisco Confidential 2014 © All Rights Reserved Page 28 . Please make sure under the Floor Settings that all the BLE filters are enabled.Once the device name is changed add that device to known list.

  B  N  Mobility  -­‐  CUWN  8.1  Features  Lab  –  ver1               Cisco Confidential 2014 © All Rights Reserved Page 29 .

Video. • Supports 5508. • In Mobility group.1  Features  Lab  –  ver1   Section  4:   Lync  SDN           • Classify Lync Voice.   B  N  Mobility  -­‐  CUWN  8. WISM2 and 8510 controller and HA. all Controllers register with SDN server and show same call data across all controllers • Report/Monitor and assist with diagnostics of endpoint detail: Call status Call type Source/Destination URIs MOS Jitter Call Duration Cisco Confidential 2014 © All Rights Reserved Page 30 . Desktop Sharing and File Transfer • Automate QoS policy to control any given Lync call. • Supports L2/3 roaming where policy and call info are maintained.

From WLC maain menu go to WIRELESS->Lync Server enable Lync server by checking the box.1  Features  Lab  –  ver1   Step1: Global Lync Configuration 1.   B  N  Mobility  -­‐  CUWN  8. assign a port number (15790) and protocol (http) and hit Apply Global Lync Configuration from WLC CLI config lync-sdn enable/disable config lync-sdn port <port-no> config lync-sdn protocol http/https show lync-sdn summary Cisco Confidential 2014 © All Rights Reserved Page 31 .

1  Features  Lab  –  ver1   Step2: Lync WLAN Configuration Navigate to the WLANs and select the WLAN on which you want to have Lync service enabled (PODxPSK for the lab) under ‘Advanced’ tab scroll down to Lync-> Lync Server then select ‘Enabled’ Lync WLAN configuration from CLI config wlan lync enable/disable <wlan-id> Step 3: WLAN QoS Configuration On the same WLAN go to the QoS tab Enable Application Visibility (Enabling AV is not mandatory but we are doing this in the lab to see if the Lync calls are getting classified and recognized) Cisco Confidential 2014 © All Rights Reserved Page 32 .   B  N  Mobility  -­‐  CUWN  8.

1  Features  Lab  –  ver1   Step4 : Configure ACL for Lync From WLC main menu go to SECURITY->Access Control Lists and click New Give intuitive ACL name ( in our example we named it lync) and click Apply Now click on the ACL name and configure ACL rules by clicking ‘Add New Rule’ button Configure the rules as shown below and hit Apply. Cisco Confidential 2014 © All Rights Reserved Page 33 .   B  N  Mobility  -­‐  CUWN  8.

1  Features  Lab  –  ver1   Similarly. In the official release user would not need to configure this ACL but will be enabled by default once configuring Lync. NOTE: If you misconfigured the ACL and lock your self out use the following command to disable the ACL (WLC)>config acl cpu none Cisco Confidential 2014 © All Rights Reserved Page 34 .   B  N  Mobility  -­‐  CUWN  8. configure other rules as shown below Now apply this ACL as CPU ACL.

in the search bar enter pod1b@corpdemo.   B  N  Mobility  -­‐  CUWN  8. open the application and enter POD1 username = pod1a@corpdemo. To initiate a voice call click the greyed out phone icon button appearing at the bottom of the contact screen.net password =Cisco123 POD2 username = pod2a@corpdemo.1  Features  Lab  –  ver1   Step5: Initiating a Lync AUDIO Call From your laptop which is provided to you have a MS-Lync client username /password as following then click Sign In .net password =Cisco123 where X is pod number Once Signed In. Cisco Confidential 2014 © All Rights Reserved Page 35 .net password =Cisco123 PODX username = podXa@corpdemo.net address to find the contact.

1  Features  Lab  –  ver1   podxb@corpdemo.   B  N  Mobility  -­‐  CUWN  8. Once the connection is made you will see the guy in the hat (forgot to bring it to Amsterdam) To monitor the call navigate to MONITOR->Lync SDN->Active Calls and you should be able to see the lync-call status Cisco Confidential 2014 © All Rights Reserved Page 36 .net is your lab proctors account ask one of the proctors to receive a call.

  Once the call is ended there is an option to see the call stats like MOS value and jitter under MONITORLync->History Calls. start the camera and check that the call is upgraded to Video call: Note: In this demo code Clicking the index number would not reveal any call details as these changes are not integrated for this demo build.1  Features  Lab  –  ver1   While the call is on.   B  N  Mobility  -­‐  CUWN  8. Cisco Confidential 2014 © All Rights Reserved Page 37 . But these values will be there in the official release. that’s just an empty template we are showing for Demo.

For now you can view historical call details from WLC cli through following show command Show lync-sdn history-calls detail <call id> Cisco Confidential 2014 © All Rights Reserved Page 38 .   B  N  Mobility  -­‐  CUWN  8.1  Features  Lab  –  ver1   The call history details are not available on the GUI in this demo code but will be available in the official release.

1  Features  Lab  –  ver1   Section 5: FlexConnect AVC (local Switching) How AVC Works   AVC  on  FlexConnect  AP         Cisco Confidential 2014 © All Rights Reserved Page 39 .   B  N  Mobility  -­‐  CUWN  8.

PODX = VLAN X0 (where x is the pod number). Go to WIRELESS click on the AP name which you want to convert to FlexConnect and from General tab select AP Mode to FlexConnect and click ‘Apply’ 2.Convert the PODx-AP to FlexConnect mode.   B  N  Mobility  -­‐  CUWN  8.When the AP converts to Flexconnect you will be able to see the Flexconnect tab. Then hit ‘Apply’     Step2: Configure AP mode and Add AP to FlexConnect Group 1. POD1 =VLAN 10.1  Features  Lab  –  ver1   Step1: Configure WLAN for Local Switching   1-­‐  To configure the WLAN to perform local switching go to WLC main menu WLANs. Then hit ‘Apply’ Cisco Confidential 2014 © All Rights Reserved Page 40 . Select the WLAN on which you want to enable local switching (PODx-PSK for the lab). From Advanced tab scroll down to FlexConnect parameters and Enable ‘FlexConnect Local Switching’ by checking the box. POD2 =VLAN 20.g. From FlexConnect tab enable VLAN Support and set Native VLAN ID to your individual POD management VLAN e.

POD2=VLAN21…PODX=VLANX1) 5.   B  N  Mobility  -­‐  CUWN  8.g POD1=VLAN11.Under WLAN VLAN Mapping configure the VLAN ID to VLAN X1 which will be the locally switched VLAN (e.Now create a FlexConnect group by going to WLC main menu WIRELESS->FlexConnect Groups click ‘New’ Cisco Confidential 2014 © All Rights Reserved Page 41 . 4.Go back to FlexConnect tab and click on to VLAN Mappings button.1  Features  Lab  –  ver1   3.

1  Features  Lab  –  ver1   6.Assign a name to FlexConnect Group PodX-flex and click ‘Apply’ or you can use any intuitive name to assign it to your individual pod. The AP will appear under ‘AP Name’ drop down list then click the ‘Add AP’ button and hit ‘Apply’ Note: Under Application Visibility we have three different options ‘Wlan Specific/Enable/Disable’ for the purpose of the lab we are just using ‘Enable’ option.   B  N  Mobility  -­‐  CUWN  8.Under the General tab ‘Enable’ Application Visibility then add FlexConnect AP to the group by checking the box ‘Select Aps from current controller’. 7. Cisco Confidential 2014 © All Rights Reserved Page 42 . FlexConnect Group specific AVC configuration takes precedence over WLAN AVC configuration   8-The AP should appear as being added to the group.

e.0/24 for POD1. Below example is of a client associated to WLAN POD6-PSK         10. once connected verify that the client gets an IP address from a local switched VLAN X1 (i.10. Google. To see the application visibility stats go to the WLC main menu Monitor->Applications->FlexConnect>FlexConnect Group click on the group name Cisco Confidential 2014 © All Rights Reserved Page 43 .10. etc.Once the client is in run state and able to pass traffic browse to different websites (YouTube.1  Features  Lab  –  ver1       9-­‐  Associate a client to this WLAN (PODx-PSK). VLAN 21=10.   B  N  Mobility  -­‐  CUWN  8.11.0/24 for POD2…VLANX1 for PODX *where X is the Pod number) you can check this by going to client’s detail from WLC Monitor->Clients then click on the clients MAC address. Facebook.) or run different applications so the client pass the data traffic. VLAN 11=10.21.

    The above application stats are per FlexConnect group. The stats can be viewed for Max of 30 records and by default it is set to 10.   B  N  Mobility  -­‐  CUWN  8.1  Features  Lab  –  ver1           You will be able to see Application statistics under the Aggregate tab. On the same page click on the Clients under Applications->FlexConnect->FlexConnect Groups->Clients then click on the client mac add   Cisco Confidential 2014 © All Rights Reserved Page 44 . you can also monitor application visibility per client as well.

  B  N  Mobility  -­‐  CUWN  8. • WLAN AVC configuration will be pushed to Flex APs where WLAN is broadcast Cisco Confidential 2014 © All Rights Reserved Page 45 .1  Features  Lab  –  ver1         Summary   • FlexConnect Group specific AVC configuration takes precedence over WLAN AVC config • No AP Specific AVC configuration.

Domain and Country configurations • Cisco proprietary Neighbor Discovery mechanism identifies secure Cisco Universal APs in the RF neighborhood • Universal AP learns domain configurations from the adjacent neighbor’s 802. This will be applicable only to newer -UX PIDs introduced and will not affect existing APs that are preconfigured with a specific regulatory configuration. • For new installations user needs to prime at least one AP in the RF neighborhood by Manual Identification method • AP’s primed at a different country/reg. Universal AP will fallback to Manual identification Automatic Identification • The process relies on Cisco Infrastructure to identify and apply Reg.1  Features  Lab  –  ver1   Section 6: Universal Domain AP The aim of introducing Universal SKU AP is to address the worldwide regulatory compliance requirement based on geo-location of the Cisco Wireless Access Points.   B  N  Mobility  -­‐  CUWN  8. Solution will collapse all current regulatory domains into a single SKU Access Points.11 beacons frame and filters invalid and malicious rogues • Adjacent Universal APs will have NDP propagation flag set that will be used to propagate valid country and reg. Universal Access Point would be configured to correct Regulatory Domain in two phases Manual Identification (Through Cisco AirProvision App) Automatic Identification (Through NDP propagation) Manual Identification • Smart Phone based solution( Cisco AirProvision app) communicates with Universal Access Point on a secure channel. domain to the rest of the APs Cisco Confidential 2014 © All Rights Reserved Page 46 . domain will rely on Manual identification to automatically correct country configuration • Upon failure of Automatic identification.

This is because there is no regulatory domain set on the AP and it has not been primed with the correct domain.1  Features  Lab  –  ver1   Step1: Associating Universal AP to WLC Universal AP doesn’t require any particular configurations on WLC to allow Universal AP to associate. make sure that you have assign For the this lab exercise configure the AP2700 name according to your pods as PODx-AP2700UX if not already configured (where X is the POD number) by going to AP General tab.10. To check if the AP is not already primed for a specific country domain.X0. Note: You will see the APs LED blinking red and green even though the AP has obtained the ip address and joined the controller. There are two APs on your pod AP2700 and AP3700 disable AP3700 before starting this portion of the lab.2 then click ‘Apply’. Connect the universal SKU AP (AP2700 in the lab) to the POD-Switch Port 4. prime it to your WLC. under High Availability tab assign your primary controller as your PODWLC name (PODx-WLC) and ip address 10. once the AP has joined the controller and downloaded the code. you can check the AP model and SKU by going to WIRELESS tab from WLC main menu bar. Also. Click on the AP Name and under Advanced tab the Regulatory Domains shows –UX for both radios. Notice that the ‘Country Code’ is also showing ‘UX’ and Universal Prime Status set to ‘Unprimed’ Cisco Confidential 2014 © All Rights Reserved Page 47 .   B  N  Mobility  -­‐  CUWN  8. Also.

  B  N  Mobility  -­‐  CUWN  8. Cisco Confidential 2014 © All Rights Reserved Page 48 .1  Features  Lab  –  ver1   NOTE: You can configure multiple country domains on the WLC as well to test the AP join. As it’s a Universal SKU AP (-UXK9) it should join the WLC regardless of the country domain set on the WLC. But for the lab we are using country domain as US (In the lab if you see that the AP is already primed (then just clear the AP configuration and once the AP joins back to WLC it should have country code as UX and status as Unprimed) Step 2: WLAN Configuration Now to configure a WLAN through which an administrator can prime the AP to a correct regulatory domain go to WLAN->Advanced tab and scroll down to Universal Admin Support and enable ‘Universal Admin’ by checking the box and click ‘Apply’ Make sure that the WLAN should have the security set to PSK or 802.1x as open authentication WLAN won’t allow universal admin support.

1  Features  Lab  –  ver1   Step3 : SmartPhone Application (AirProvision App) SmartPhone Application to migrate Universal AP into correct regulatory domain is supported on following versions of SmartPhone Operating Systems • • • Android Jelly Bean 4.   B  N  Mobility  -­‐  CUWN  8.3 or higher Apple iOS 7. For this lab exercise please ask the proctor for a phone once you reach this portion of the lab and return back the phone once you are done configuring the UX -AP. please update that to the latest version 1.0 Currently. Cisco Confidential 2014 © All Rights Reserved Page 49 .To get the app.0 or higher Windows Mobile OS 8. Note: If you already have AirProvision app installed on your phone. Air Provision App installation steps: 1. the AirProvision App is in a pilot program and not available to everyone.3 as there are some bugs in the older version. This limit will be taken off soon. type in cs.co/estore from your mobile device browser and it will open the following page you can install the app from there.

 
B  N  Mobility  -­‐  CUWN  8.1  Features  Lab  –  ver1  

2- Open the app and it will take you cisco CCO login page

3- use your CCO credentials to sign in

Cisco Confidential 2014 © All Rights Reserved

Page 50

 
B  N  Mobility  -­‐  CUWN  8.1  Features  Lab  –  ver1  

4- You can Log in with CCO credentials and access the estore app. Now go to All Apps
5- Select the AirProvision and install this App.

Cisco Confidential 2014 © All Rights Reserved

Page 51

 
B  N  Mobility  -­‐  CUWN  8.1  Features  Lab  –  ver1  

Step 4:Configuring Universal AP through Airprovision App
1- Connect the client (iPhone or Android phone) to the universal admin enabled SSID PodX-PSK.
Make sure the client associates to AP on 2.4GHz radio (its by design because the 2.4 channel is
consistent through different domains)
2- Open the Airprovision app and it will ask for the username /password. Enter your CCO or CEC
credentials and login. Also enable location services for the app

Cisco Confidential 2014 © All Rights Reserved

Page 52

This provides the status of the universal AP as shown below.When the location service is enabled.   B  N  Mobility  -­‐  CUWN  8. If you have an Android phone please refer to point 6 of this section It will show AP configuration page where you can see Configure and Audit tabs.1  Features  Lab  –  ver1   3. it will take you to the universal AP login where username and password shows up as default. User cannot change these credentials just press Log In. Currently.4 GHz= -UX 5 GHz= -UX Configured Country= UX Cisco Confidential 2014 © All Rights Reserved Page 53 . the AP is not provisioned so it states the following under configure and Audit tab AP Provision = No 2.

Also.Now press Configure button at the bottom of the screen. You can check that by going to the WIRELESS->AP Name->Advanced tab and now the Regulatory Domain is changed from –UX to –A which is the correct regulatory domain. the country code should say US and as the AP is primed through the app the Universal Prime status shows Web App. Cisco Confidential 2014 © All Rights Reserved Page 54 .The AP will reboot and join back with the regulatory domain it has received through the GPS /Location services.   B  N  Mobility  -­‐  CUWN  8. 5.1  Features  Lab  –  ver1   4.

1  Features  Lab  –  ver1   Also. As we do not have more Universal APs available in the lab we are not showcasing that feature but following would have been seen if you have other UX APs in your network. Cisco Confidential 2014 © All Rights Reserved Page 55 . you can insure this by connecting the client (iphone or Android phone) to the universal admin enabled SSID (POD6-PSK in my setup) and then login to the Airproviosion app you will see that the Universal AP is configured correctly as follow AP Provision = Yes 2.   B  N  Mobility  -­‐  CUWN  8.4 GHz= -A 5 GHz= -A Configured Country= US Note: Once the AP is primed with the correct domain the NDP will be used to propagate valid country and reg. domain to the rest of the Universal domain APs on the network.

  B  N  Mobility  -­‐  CUWN  8. Once you connect to the SSID then the procedure is pretty much the same as with iPhone.e once you open the Airprovision App it asks for CCO credentials then to connect to the universal admin enabled SSID from the list of discovered SSIDs.1  Features  Lab  –  ver1   6.Airprovioning through Android Phone From the an Android phone the App behaves little different i. Cisco Confidential 2014 © All Rights Reserved Page 56 .

  B  N  Mobility  -­‐  CUWN  8.1  Features  Lab  –  ver1       Cisco Confidential 2014 © All Rights Reserved Page 57 .

Is there a NTP server available? NTP server IP address: __________________* f. Management networking: IP address __________________ Subnet mask __________________ Default gateway __________________ g. Is the switch port configured as trunk? c. While most of the information from the list is mandatory. WLC Settings a. Is there a management VLAN? Management VLAN id: __________________ d. System name for the WLC __________________ d. New admin account name: __________________ b. as you will use when using the GUI wizard to configure the WLC. Admin account password __________________ c.   B  N  Mobility  -­‐  CUWN  8. Corporate wireless name/SSID __________________* b. Network switch requirement (see above reference for switch configuration example) a.Day 0/1 setup Day 0 Checklist Configuration Checklist The following checklist will help to make the installation process easier. there is some information that is also optional (*). Management VLAN id (use 1c) __________________ 3.1  Features  Lab  –  ver1   Appendix. Is there a guest VLAN? Guest VLAN id: __________________* 2. Is a RADIUS server required (Enterprise)? If NO (WPA/WPA2 Personal) Cisco Confidential 2014 © All Rights Reserved (Y / N) (Y / N) (Y / N) (Y / N)* (Y / N)* (Y / N) Page 58 . Corporate Wireless Network a. Please take a moment to learn the Lab Diagram above and the tables with WLC configurations for your specific PodX and then record the information below or directly into the Day 0/1 setup Day-0 configuration screens. 1. WLC switch port number assigned WLC assigned switch port: __________________ b. The current time zone __________________* e.

Is a password required for guest? If NO – skip to 4c. End of checklist. Guest wireless name/SSID __________________ b. Guest Wireless Network . If YES Guest passphrase (PSK): __________________ c.1  Features  Lab  –  ver1   Corporate passphrase (PSK)__________________ If YES (WPA/WPA2 Enterprise) RADIUS server IP address: __________________ RADIUS shared secret __________________ c. Guest VLAN id (use 1d) __________________ d. Cisco Confidential 2014 © All Rights Reserved Page 59 .   B  N  Mobility  -­‐  CUWN  8. Is a DHCP server known? DHCP server IP address: __________________* 4. a. continue to WLC installation. Guest networking IP address __________________ Subnet mask __________________ Default gateway __________________ (Y / N)* (Y / N) 5.skip to 5 if not required.

the end host’s traffic is terminated and subscriber sessions are initiated for the end host. Map this WLAN to management interface with Security set to ‘None’ Cisco Confidential 2014 © All Rights Reserved Page 60 .1  Features  Lab  –  ver1   Reference Only: NOT part of the lab as WLC2504 doesn’t support EoGRE tunnel EoGRE Ethernet over GRE (EoGRE) is a new aggregation solution for aggregating WiFi traffic from hotspots. To demonstrate EoGRE feature we will create another SSID.   B  N  Mobility  -­‐  CUWN  8. This solution enables customer premises equipment (CPE) devices to bridge the Ethernet traffic coming from an end host. In our lab setup we are using ASR1K as a tunnel gateway. CAPWAP   Cntrl CAPWAP   Data   EoGRE WLC Tunnel  Gateway   (TGW)  –  ASR1K 1. and encapsulate the traffic in Ethernet packets over an IP GRE tunnel. Create a WLAN with naming convention as “POD<Number>-EoGRE”. When the IP GRE tunnels are terminated on a service provider broadband network gateway. from WLC main menu go to WLANs and Click the Go button.

Step 1: Assign a Tunnel Gateway Address: (WLC)>config tunnel eogre tgw <add/delete/modify> <gateway name> ipv4-address <ip> Cisco Confidential 2014 © All Rights Reserved Page 61 . the EoGRE configuration is only available through CLI. Login to your POD WLC console or telnet to the WLC from the wired Laptop then execute the following commands.   B  N  Mobility  -­‐  CUWN  8.1  Features  Lab  –  ver1   Basic EoGRE tunnel configuration Currently.

1  Features  Lab  –  ver1   (WLC)>config tunnel eogre tgw add ASR1K ipv4-address 10.5 Step2: Create Tunnel Profile: (WLC)>config tunnel profile create podX //where X is the POD number// Step3: Create/ Define Tunnel Profile Rule: (WLC)>config tunnel profile rule add podX nai-filter <nai-string> (WLC)>config tunnel profile rule add podX nai-filter * eogre vlan 0 ASR1K Step4: Add /Associate Tunnel Profile to the WLAN: From the WLC GUI go to the WLAN on which you are enabling EoGRE (PODx-EoGRE) now under Advanced->Tunnel Profile and select your podx profile.200.10. To verify and check if the tunnel is properly configured on the WLC run the following Show commands (WLC)> show tunnel eogre gateway summary Cisco Confidential 2014 © All Rights Reserved Page 62 .   B  N  Mobility  -­‐  CUWN  8.

which is configured on the ASR1K.55. Cisco Confidential 2014 © All Rights Reserved Page 63 .0 subnet.   B  N  Mobility  -­‐  CUWN  8.55. For your reference the tunnel configuration on ASR1K which is as follows Now connect a wireless client to the SSID PODX-EoGRE you should get an ip address from 10.1  Features  Lab  –  ver1   (WLC)> show tunnel profile summary In this lab exercise the ASR1K is pre-configured for EoGRE tunnel and a DHCP pool.

1  Features  Lab  –  ver1   You can also verify that the client is associated through EoGRE tunnel by running show client detail command on your POD WLC Cisco Confidential 2014 © All Rights Reserved Page 64 .   B  N  Mobility  -­‐  CUWN  8.

1  Features  Lab  –  ver1   Cisco Confidential 2014 © All Rights Reserved Page 65 .   B  N  Mobility  -­‐  CUWN  8.