You are on page 1of 65

B

N Mobility - CUWN 8.1 Features Lab ver1

Borderless Networkers PVT-AMS


October 2014
CUWN 8.1 Feature LAB

Cisco Confidential 2014 All Rights Reserved

Page 1


B N Mobility - CUWN 8.1 Features Lab ver1

Lab Topology
In order to derive the most out of this Lab, and exercise the functionality outlined in this document, its
important to have a network that is configured properly with IPv4 configuration on the switches and
controllers. All lab resources are configured as depicted in the diagram below. Most Lab deployments are
usually in lab or private network with a minimal set of Controllers, Access Points and Clients.

LabTopology*
Wireless*Client*
Lync*Client**
Username*:podXa*
Password:*Cisco123*
*

SSID:*PODX/EoGRE*
Security:*WPA2*/PSK*

*
Wireless*Client**
Cisco*AirProvision*
App*
*
**
*

Internet*
NAT*Router*

SSID:*PODX/PSK*(Universal/admin)*
Security:*WPA2*/PSK*
MSE:10.10.105.26*

AP2700/UX*
*

SW/3750*
10.10.X0.4*

Wired*Client*10.10.X0.x*
*
*
*
CUWN*8.1*Features*
/Spartan*2.0*
/Universal*AP*
/ATE*
/BLE*
/Lync*SDN*

/FlexAVC*
*
**
*

WLC/2504*
MGMT*=*10.10.X0.2*/24*VLAN*10*

CORE/SW/3750*
Vlan10:10.10.10.1*
Vlan20:10.10.20.1*
Vlan30:10.10.30.1*
VlanX0:10.10.x0.1*
*

PI:10.10.105.25*

UCS*10.10.105.50**

MS*Lync*Server*10.10.105.14**

POD*X*

*"Where"X"is"the"POD"number""

Client Devices used in LAB Topology


1. Apple iPhone/ Android Phone to associate on SSID(universal-admin) for to config AP domain
2. Wired Laptop connected to POD L2 switch to access mgmt VLAN X0 the network (where x is POD
number)

Cisco Confidential 2014 All Rights Reserved

Page 2


B N Mobility - CUWN 8.1 Features Lab ver1

3. After doing basic connectivity testing you will be required to disconnect the PC/ laptop from the
Switch port and directly connect it to the WLC Service Port as part of the lab Section 1.

IP Addressing and Passwords


Device
DHCP Server Pod 1
DHCP Server Pod X
Pod 1 Switch
Pod X Switch
Pod 1 WLC
Pod 2 WLC
Pod 3 WLC
Pod X WLC
Pod 1 AP
Pod X AP

Vlan
10
X0
10
X0
10
20
30
X0
10
X0

IP Address
10.10.10.1
10.10.X0.1
10.10.10.4
10.10.X0.4
10.10.10.2
10.10.20.2
10.10.30.2
10.10.X0.2
DHCP
DHCP

Gateway
10.10.10.1
10.10.X0.1
10.10.10.4
10.10.X0.4
10.10.10.1
10.10.10.1
10.10.X0.1
10.10.X0.1
10.10.10.1
10.10.X0.1

User Name
N/A
N/A
N/A
N/A
admin
admin
admin
admin
cisco
cisco

Password
N/A
N/A
Cisco
Cisco
Cisco123
Cisco123
Cisco123
Cisco123
Cisco
Cisco

Lab has 2 dedicated VLANs for each POD


Management Vlan

Pod 1
10

Pod 2
20

Pod 3
30

Pod 4
40

Pod 5
50

Pod 6
60

Pod 7
70

Pod 8
80

Pod 9
90

Pod 10
100

Management Vlan used for => WLC, AP, Wireless Laptop Client, Apple Client
Machine (iPAD/iPhone)
Wired laptop connected to VLAN x0

Verify Controller and Switch Connectivity


Lab core switch is been configured for you and you dont have to make any changes. Please verify L2
switch and WLC connectivity for your individual Pod.
To verify controller and switch connectivity use wired laptop connected to individual POD L2
switch on interface Gig1/0/13. Your laptop should have IPv4 address from management vlan of
individual POD

POD 1
10

POD 2
20

POD 3
30

POD 4
40

POD 5
50

POD 6
60

POD 7
70

POD 8
80

Pod 9
90

Pod 10
100

Example below is from the Pod 9 wired workstation:

Cisco Confidential 2014 All Rights Reserved

Page 3


B N Mobility - CUWN 8.1 Features Lab ver1

Now being connected to your local Pod you can verify lab setup and configuration as shown in topology
above. Remember individual POD switches are configured as pure L2 switches and not a core
switch. Using telnet access from command prompt on the wired Lab laptops, connect to individual POD
switches and controller and verify the network connectivity.
POD 1 L2 switch
POD 2 L2 switch
POD 3 L2 switch
POD X L2 switch

: 10.10.10.4
: 10.10.20.4
: 10.10.30.4
: 10.10.X0.4 [where X is the POD number]

When connected to the individual L2 switch initiate ping to its gateway and DHCP server and make sure
connectivity is fine. Below example from Pod 9

Cisco Confidential 2014 All Rights Reserved

Page 4


B N Mobility - CUWN 8.1 Features Lab ver1

Section1:
Day 0/1 setup 2.0 (Best Practice)
Day 0/1 setup Introduction
The goal of this feature in the Lab guide is to provide a set of instructions to help easily setup a WLC to
operate in a small or medium office environment, where access point(s) can join and together as a simple
solution, provide various services such as corporate employee or guest wireless access on the network.
With this Day 0/1 setup software release, there are 2 ways to configure the 5508 Series Wireless LAN
Controller:
Traditional command line interface (CLI) via serial console.
Updated method using network connection directly to the WLC GUI setup wizard
This guide provides instruction only for using the WLC GUI setup wizard. Configuration via CLI is has
been maintained for some time and is available on Cisco.com or at the following location:
http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-6/configuration/guide/b_cg76.html
General steps to configure are summarized as follow:
1. Complete the configuration checklist
2. Unpack, connect and power on the WLC.
3. Connect a client machine to Port 2 of the WLC with an Ethernet cable.
4. Open a client web browser access the WLC startup GUI
5. Enter the settings from the completed configuration checklist
6. Disconnect the WLC from client machine and connect to the network switch.
7. Connect access point(s) to the network switch.
8. Access points will join the WLC, then configured wireless network will become available.
9. Connect wireless client(s) to the available network.

Components Used

Cisco 2504 Series Wireless LAN Controller


Access Points supplied in the Lab
Cisco Catalyst Switch
Client computer (e.g. laptop) supplied in the Lab, with an available wired Ethernet port.
Wireless clients (tablets, smartphones, etc.)

WLC Installation Step-by-Step


1. Connect a PC laptop wired Ethernet port directly to Port 2 of the WLC (figure of Port 2 location
is shown below). The port LEDs will blink to indicate that both machines are properly
connected.

Cisco Confidential 2014 All Rights Reserved

Page 5


B N Mobility - CUWN 8.1 Features Lab ver1

2. It may take several minutes for the WLC to fully power on to make the GUI available to the PC.
Do not auto configure controller.

3.

The LEDs on the front panel will provide system status:


a. The system is NOT ready - LEDs is OFF.
b. The controller IS ready - LED is solid green

If you dont get a PI address (192.168.1.xyx) from WLC the manually assign a static IP address
192.168.1.X to your Laptop to access the WLC GUI (DHCP will be available in the official release)
Example of network settings on Windows PC (Start Run CMD ipconfig):

Cisco Confidential 2014 All Rights Reserved

Page 6


B N Mobility - CUWN 8.1 Features Lab ver1

4. Upon confirming that there is an IP address of 192.168.1.x assigned to your computer, open a
web browser (Prefered is Chrome and Safari) and open the following URL:
http://192.168.1.1

a.
b.
c.
d.

Create a new admin account name = admin


Provide the new admin accounts password = Cisco123
Confirm the password.
Click on Start to continue.

Cisco Confidential 2014 All Rights Reserved

Page 7


B N Mobility - CUWN 8.1 Features Lab ver1

5. On the next screen, indicated Step 1 - Set Up Your Controller, fill out the required information.
Again, it will be helpful to refer to your checklist and the table provided by the Lab Admin.
a. System name for the WLC PODX-WLC
b. The current time zone (w.r.t country )
c. NTP Server (optional)
d. Management IP address, subnet mask, and default gateway 10.10.X0.2 and 10.10.X0.1
e. Management VLAN id (see checklist), if left unchanged (or 0), then the network switch
port must be configured with a native VLAN X0
Note: The wizard will attempt to import the clock information (date and time) from the computer via
JavaScript. It is highly recommended that you confirm this before continuing. Access points rely on
correct clock settings to be able to join the WLC.
Note: Example below show a configuration for Pod 1.

Cisco Confidential 2014 All Rights Reserved

Page 8


B N Mobility - CUWN 8.1 Features Lab ver1

6. Next, or from the Step 2 - Create Your Wireless Networks, with the help from your checklist,
fill out the following:
a. Network name/SSID - PODX-PSK
b. Security (WPA/WPA2 Personal)
WPA/WPA2 Personal provide a pass phrase (PSK / password=Cisco123)
c. Provide the DHCP server (10.10.X0.1) if left empty, the DHCP processing is bridged
to the management interface.
Example of an Employee Network configured with WPA/WPA2 Personal using PSK (pre-shared key /
pass phrase) for Pod1.

Cisco Confidential 2014 All Rights Reserved

Page 9


B N Mobility - CUWN 8.1 Features Lab ver1

Configure advanced settings in section 3 as shown in the example below.


1. Check the RF parameter Optimization box

Then you can configure the Deployment Type parameters through which you can select Low Density,
Typical or High Density and also configure the RF parameters for particular type of traffic as well like
Data and Voice.

Cisco Confidential 2014 All Rights Reserved

Page 10


B N Mobility - CUWN 8.1 Features Lab ver1

For this Lab select deployment type as Typical and Traffic Type as Data leave the Virtual IP Address
and other values to default then click Next.

Following table depicts the default values when Typical deployment type is selected from RF
parameters.

Cisco Confidential 2014 All Rights Reserved

Page 11


B N Mobility - CUWN 8.1 Features Lab ver1

7. If all settings are correct, click Apply. A message with a prompt System will reboot...Do you
want to apply these configuration?

Cisco Confidential 2014 All Rights Reserved

Page 12


B N Mobility - CUWN 8.1 Features Lab ver1

8. Click OK to apply final settings, the WLC will reboot automatically. A confirmation page will
show that The controller has been fully configured and will now restart Sometimes this
message would not appear this is a known issue and will be fixed.
9. Optionally check the configuration done in the Day-0 config via the console connection

10. Disconnect your computer from the WLC port 2 and connect it to POD-Switch port 5
Please do not forget to change the laptop ip address back to dynamic/automatic dhcp option if it is
statically assigned. Otherwise would not be able to access the WLC mgmt. GUI through
10.10.X0.2
11. Connect the WLC port 1 to the switch assigned trunk port. i.e port 1 of your POD Switch if not
already connected.
12. Connect only AP3700 access points to the your POD switch if not already connected. i.e. AP3700
to port 3
13. Wait until access points to join the WLC

Dashboard
Browse to http://10.10.X0.2 which you assigned to your PODx-WLC
Please spend some time to explore the new dashboard. The admin must log into the WLC to access web
UI and dashboard. This dashboard does not replace the existing legacy Monitor page on the WLC. To
return to the legacy web UI page, click on the Advanced link.

Cisco Confidential 2014 All Rights Reserved

Page 13


B N Mobility - CUWN 8.1 Features Lab ver1

To return back to the Dashboard screen click on the Home button as shown below.

You can verify whether the Day 0/1 setup 2.0 (best practice) features are enabled by checking that
predefined RF profiles getting created under WIRELESS->RF Profiles

Cisco Confidential 2014 All Rights Reserved

Page 14


B N Mobility - CUWN 8.1 Features Lab ver1

Also , under WIRELESS->Advanced-> System Profile/ Network Profile you should see the following

Below are examples of some of the BP features enabled with Day-0 wizard installation. The features
showing * are in process of being implemented in the new release
Feature

8.1

AVC Visibility

Yes( 2504 Only)

mDNS Snooping

Yes (2504 Only)

New MDNS Profile for printer, http

Yes

Local Profiling

Yes

Band Select

Yes

DHCP Proxy

Yes

Secure Web access

Yes

Virtual IP 192.0.2.1

Yes (configurable)

RRM-DCA Auto

Yes

RRM-TPC Auto

Yes

CleanAir Enabled

Yes

EDRRM Enabled

Yes

Channel Width 40 MHz

Yes

Aironet IE Disabled

Yes

Management over Wireless

No

Cisco Confidential 2014 All Rights Reserved

Page 15


B N Mobility - CUWN 8.1 Features Lab ver1

2.4 Low Data Rates Disabled

Yes (Network profile)

Load Balancing

Yes (Network profile)

Rogue Threshold Enabled

Yes

Client Exclusion Enabled

Yes

FastSSID Enabled*

Yes

Infra MFP

Yes

Multicast Forwarding Mode

Yes

SNMPv3 (delete default)

Yes

Mobility Name

Yes

RF Group same as Mobility Name

Yes

DHCP Required on Guest WLAN

Yes

5 GHz Channel Bonding*

Yes

Note: Before proceeding to the next section configure an RF Group Name according to your pods (e.g.
pod1, pod2podx where x is the pod number)
From WLC main menu CONTROLLER->General then configure the name as podx (where x is the pod
number).

You have reached the end of the Lab guide for the Day 0/1 setup software release. Please proceed to the
next section of the Lab.

Cisco Confidential 2014 All Rights Reserved

Page 16


B N Mobility - CUWN 8.1 Features Lab ver1

Section 2:

Air Time Entitlement (ATE)


Traditional (wired) implementations of QOS regulate egress bandwidth. With wireless
networking, the transmission medium is via radio waves that transmit data at varying rates.
Instead of regulating egress bandwidth, it makes more sense to regulate the amount of airtime
needed to transmit frames. Air Time Entitlement (ATE) is a form of wireless QOS that regulates
downlink airtime (as opposed to egress bandwidth). Large scale, high density Wi-Fi
deployments are driving this feature. Wireless Network owners are mandating that their
applications be allocated some fixed percentage of the total bandwidth of the Wi-Fi network. At
the same time, with capital sharing being considered with multiple cellular providers, ATE is
needed to ensure fairness of usage across operators.
Before a frame is transmitted, the ATE budget for that client/UP/SSID is checked to ensure that
there is sufficient airtime budget to transmit the frame. Each client/UP/SSID can be thought of
as having a token bucket (1 token == 1 microsecond of airtime). If the token bucket contains
enough airtime to transmit the frame, it is transmitted over the air. Otherwise, the frame can
either be dropped or deferred. While the concept of dropping a frame is obvious, deferring a
frame deserves further explanation. Deferring a frame means that the frame is not admitted into
the Access Category Queue (ACQ). Instead, it remains in the Client Priority Queue (CPQ) and
may be transmitted at a later time when the corresponding token bucket contains a sufficient
number of tokens (unless the CPQ reaches capacity, at which point the frame will be dropped
regardless). The majority of the work involved for ATE takes place on the access points. The
wireless controller is used simply to configure the feature and display results.

Cisco Confidential 2014 All Rights Reserved

Page 17


B N Mobility - CUWN 8.1 Features Lab ver1

Note:

ATE policies are applied only in the downlink direction (AP transmitting frames to
client).
ATE policies are applied only on wireless data frames; management and control
frames will be ignored.
When ATE is configured per-client, each client is granted equal airtime.
ATE will be configured to either drop or defer frames that exceed their airtime
policies. If the frame is deferred, it will be buffered and transmit at some point in the
future when the offending client/UP/SSID has a sufficient airtime budget. Of course,
there is a limit as to how many frames can be buffered. If this limit is crossed, frames
will be dropped regardless.
ATE can be globally enabled/disabled
ATE can be enabled/disabled on an individual access point
Legacy, 802.11n, and 802.11ac (TBD) frames will be supported.
ATE results and statistics will be available on the wireless controller (TBD).

Global ATE configuration commands


Note: For this exercise make sure only AP3700 is enable and keep AP2700 disabled. This is
because currently there are some known issues of ATE on AP2700 in this code.
In this Lab exercise we will configure two WLAN s on the controller and assign one
SSID=PODX-ate98 entitlement of 98% and another SSID = PODX-ate2 entitlement of the 2%.
Then we will connect clients to one WLAN at a time and use media stream applications such as
YouTube and observe performance with 98% and 2% Entitlement.
1. Create two SSIDs on the Pod X controller PODX-ate98 and PODX-ate2 with WPA/PSK
and password=Cisco123.

2. On the Controller CLI configure ATE for SSID


config ate mode ssid
This command sets the mode (granularity) at which ATE is performed to SSID.
Cisco Confidential 2014 All Rights Reserved

Page 18


B N Mobility - CUWN 8.1 Features Lab ver1

3. In the next step configure two bucket IDs and Weight for the two corresponding SSIDs. One
bucket # 1 with weight 98% and the second #2 Weight 2%.
config ate bucket 1 98
config ate bucket 2 2

4. Disable WLAN PODX-ATE98 and PODX-ATE2


5. In the next step assign WLAN created previously to the buckets accordingly. SSID PodXate98 to bucket 1 and PodX-ate2 to bucket 2.
config wlan ate <wlan id> bucket <bucket id> # assign bucket to wlan (wlan must be
down)
Make sure corresponding WLAN numbers match the bucket ID # with a specific weight as
shown in the example below.

Enable WLAN PODX-ATE98 and PODX-ATE2


2. With the next command configure how to control what ATE does with a packet that violate
its airtime policy. Packets can either be dropped or deferred. If packets are deferred, they
get buffered in the AP where they will be transmitted at a later time when there is a
sufficient airtime budget.
Configure Violation as dropped as in the example shown below
Cisco Confidential 2014 All Rights Reserved

Page 19


B N Mobility - CUWN 8.1 Features Lab ver1

config ate violation drop


3. Show ATE configuration on the WLANs with the following commands
show ate config wlan # show bucket + wlan combinations
show ate config all
# show settings by APs

4. Connect a wireless Client of your choosing to SSID in your POD ie PodX-ate98 and
observe the effect of the ATE on this WLAN. Run some video stream such YouTube.
5. Connect a wireless Client to SSID in your POD ie PodX-ate2 and observe the affects of the
ATE on that WLAN. You should see YouTube is much slower on this WLAN.
6. Change the buckets to something like 90% and 10% and observe the video changes.
7. There are no debugs and Statistics in code rite now

Cisco Confidential 2014 All Rights Reserved

Page 20


B N Mobility - CUWN 8.1 Features Lab ver1

Section 3:
BLE (Bluetooth Low Energy)
Bluetooth Low Energy or Bluetooth LE, marketed as Bluetooth Smart, is a wireless personal area network
technology designed and marketed by the Bluetooth Special Interest Group aimed at novel applications in
the healthcare, fitness, security, and home entertainment industries. Compared to Classic Bluetooth,
Bluetooth Smart is intended to provide considerably reduced power consumption and cost while
maintaining a similar communication range. Mobile operating systems including iOS, Android, Windows
Phone and BlackBerry, as well as OS X, Linux, and Windows 8, natively support Bluetooth Smart.
Bluetooth Smart is not backward-compatible with the previous, often called Classic, Bluetooth protocol.
The Bluetooth 4.0 specification permits devices to implement either or both of the LE and Classic
systems. Bluetooth Smart uses the same 2.4 GHz radio frequencies as Classic Bluetooth, which allows
dual-mode devices to share a single radio antenna. BLE does, however, use a simpler modulation system
and uses a different set of channels. Instead of the Classic Bluetooth 79 1-MHz channels, Bluetooth Smart
has 40 2-MHz channels. Within a channel, data is transmitted using Gaussian frequency shift modulation,
similar to Classic Bluetooth's Basic Rate scheme. The bit rate is 1Mbit/s, and the maximum transmit
power is 10 mW.
You also probably heard of BLE beacons or iBeacons (Apples version of BLE) come up in your
conversations with customers or partners. BLE uses Bluetooth 4.0 for advertising and granular location.
As noted above, BLE is supported in most newer smartphones and can enhance indoor Wi-Fi location
deployments with additional levels of granularity and faster refresh rates.
If you are thinking about beacons, the best solution is a hybrid environment where Wi-Fi is enhanced
with BLE. This solution helps mitigate the operational costs and complexity of handling rogue or stolen
beacons, while offering a richer location landscape for your deployment.
Cisco is doing three things to help in this area:
1 Improve Location Accuracy: Cisco is improving Wi-Fi based location in order to reduce the
difference between Wi-Fi and BLE. Better Wi-Fi location accuracy will allow you to reduce the number
of BLE beacons required for granular location applications. Cisco is working towards goals of 1-3m
accuracy; 5-6 second refresh rate, and 2 second latency. *Please note: not all use cases require the fast
refresh rates offered by BLE.
2 Manage BLE: Cisco wireless infrastructure can see, read, and position BLE beacons with existing
Cisco CleanAir APs there is no need for new hardware. This will help you keep track of beacons,
ensure they have not moved, identify rogue and/or duplicate beacons. We are working on Wi-Fi-based
visibility (and potentially moving into active management) to help streamline BLE management.
3 Integrate BLE with Access Points: Weve identified that there is potential here to help you deploy
fewer beacons and reduce worries around battery replacement/theft/movement while built-in centralized
management.

Cisco Confidential 2014 All Rights Reserved

Page 21


B N Mobility - CUWN 8.1 Features Lab ver1

Configuring BLE/iBeacon detection and Classification


BLE (iBeacon) device operates/beacons in 2.4 Ghz band. The Cleanair needs to be enabled on
802.11b network in order for the AP to discover it.
1- Go to WLC main menu WIRELESS->802.11b/g/n->CleanAir and enable cleanair by checking

the box if it is disabled.

2- Now from the WLC CLI and issue the following command to enable ibeacon detection
(PODx-WLC)> config 802.11b cleanair device enable iBeacon
To verify if any BLE/iBeacon is reported by the AP to the WLC issue the command
(PODx-WLC)> test cleanair show idr all //This will show all the interferers//
Note : In the lab there are few iBeacons present and you should see them

Cisco Confidential 2014 All Rights Reserved

Page 22


B N Mobility - CUWN 8.1 Features Lab ver1

3- You can also use the following show command to see if the ibeacons are detected by the specific AP.
(PODx-WLC)> show 802.11b cleanair device ap <AP Name>

As the iBeacons are being detected as rogue devices we need to classify them and this is done through the
PI/MSE in this lab setup.

Note: In this lab we are using PI and MSE to show the visibility and
configuration of iBeacons. But going forward the BLE/iBeacon
visibility and configuration will only be available on MSE (MSE
10.x) This PI is demo code just use it as a reference for this lab only.
4- Now login to the PI (10.10.105.26 root/Public123) and see your respective POD-WLCs are already
add to the PI.
Note : If the WLC is not on the PI then add it from PI main menu bar go to Operate->Device Work
Center and add your respective POD WLCs

Cisco Confidential 2014 All Rights Reserved

Page 23


B N Mobility - CUWN 8.1 Features Lab ver1

5- Configure the device parameters according to your pod and click Add button
WLC IP Address = 10.10.X0.2 ; Community= private ; Telnet= admin/Cisco123

6- The WLC should get added to the PI as seen below

Cisco Confidential 2014 All Rights Reserved

Page 24


B N Mobility - CUWN 8.1 Features Lab ver1

7- Now add your respective POD-APs to the map by going to PI main menu then click Operate->Maps

8- There is a single map (conference room) for all the pods. Click on the maps and then Site Maps
System Campus>SJC5>Conference room

9- Only when you do not see your POD AP on the map then Add the access point by selecting Add
Access Points from Select a command drop down menu on the right side of the page then click Go
button.

Cisco Confidential 2014 All Rights Reserved

Page 25


B N Mobility - CUWN 8.1 Features Lab ver1

10- This will to take you to Add Access Points page. There will be multiple access points
showing up on the list please select the one with your POD number and Click OK button

Note: Once the AP is added then switch PI mode to Classic view as iBeacons configuration is
currently only available in PI classic view.
11- Hover your cursor to root on top right side of the PI GUI then select Switch To Classic Theme

12- Go to Monitor and then click on BLE Beacons, this will give you list of iBeacons discovered and will
show up as rogues.

Cisco Confidential 2014 All Rights Reserved

Page 26


B N Mobility - CUWN 8.1 Features Lab ver1

13- Similarly, from PI main menu navigate to Configure tab and click BLE Beacons

14- List of the iBeacons will show up click on the one of the iBeacon device Mac Address. As we dont
have individual beacons for the pods just use the next step for the reference.
Note: In most cases you will have the Beacons which have a MAC or UUID but the ones in the lab are
Estimote ibeacons which dont have this information visible on the device physically (The mac address is
hand written on the back side of the some of ibeacon devices in the lab)

15- Not a requirement but you can name the device as you like e.g BLE-1 where Then click Save

Cisco Confidential 2014 All Rights Reserved

Page 27


B N Mobility - CUWN 8.1 Features Lab ver1

16- Once the device name is changed add that device to known list, from -Select a command- drop
down menu on the right side of the page select Add BLE Beacons to Known-List and click Goshown
below.

17- Now go the map and check if BLE Beacons are populated on the map. Please make sure under the
Floor Settings that all the BLE filters are enabled. You should be able to see the iBeacons on the map
some showing up as rogues (Yellow) and ones configured as known (Green) and if there is any missing
iBeacon it will show up as Red

Cisco Confidential 2014 All Rights Reserved

Page 28


B N Mobility - CUWN 8.1 Features Lab ver1

Cisco Confidential 2014 All Rights Reserved

Page 29


B N Mobility - CUWN 8.1 Features Lab ver1

Section 4:
Lync SDN

Classify Lync Voice, Video, Desktop Sharing and File Transfer


Automate QoS policy to control any given Lync call.
Supports 5508, WISM2 and 8510 controller and HA.
Supports L2/3 roaming where policy and call info are maintained.
In Mobility group, all Controllers register with SDN server and show same call data across all
controllers
Report/Monitor and assist with diagnostics of endpoint detail:
Call status
Call type
Source/Destination
URIs
MOS
Jitter
Call Duration

Cisco Confidential 2014 All Rights Reserved

Page 30


B N Mobility - CUWN 8.1 Features Lab ver1

Step1: Global Lync Configuration


1- From WLC maain menu go to WIRELESS->Lync Server enable Lync server by checking the
box, assign a port number (15790) and protocol (http) and hit Apply

Global Lync Configuration from WLC CLI


config lync-sdn enable/disable
config lync-sdn port <port-no>
config lync-sdn protocol http/https
show lync-sdn summary

Cisco Confidential 2014 All Rights Reserved

Page 31


B N Mobility - CUWN 8.1 Features Lab ver1

Step2: Lync WLAN Configuration


Navigate to the WLANs and select the WLAN on which you want to have Lync service enabled (PODxPSK for the lab) under Advanced tab scroll down to Lync-> Lync Server then select Enabled

Lync WLAN configuration from CLI


config wlan lync enable/disable <wlan-id>

Step 3: WLAN QoS Configuration


On the same WLAN go to the QoS tab Enable Application Visibility (Enabling AV is not mandatory but
we are doing this in the lab to see if the Lync calls are getting classified and recognized)

Cisco Confidential 2014 All Rights Reserved

Page 32


B N Mobility - CUWN 8.1 Features Lab ver1

Step4 : Configure ACL for Lync


From WLC main menu go to SECURITY->Access Control Lists and click New

Give intuitive ACL name ( in our example we named it lync) and click Apply

Now click on the ACL name and configure ACL rules by clicking Add New Rule button

Configure the rules as shown below and hit Apply.

Cisco Confidential 2014 All Rights Reserved

Page 33


B N Mobility - CUWN 8.1 Features Lab ver1

Similarly, configure other rules as shown below

Now apply this ACL as CPU ACL. In the official release user would not need to configure this ACL but
will be enabled by default once configuring Lync.

NOTE: If you misconfigured the ACL and lock your self out use the following
command to disable the ACL
(WLC)>config acl cpu none

Cisco Confidential 2014 All Rights Reserved

Page 34


B N Mobility - CUWN 8.1 Features Lab ver1

Step5: Initiating a Lync AUDIO Call


From your laptop which is provided to you have a MS-Lync client
username /password as following then click Sign In

, open the application and enter

POD1 username = pod1a@corpdemo.net password =Cisco123


POD2 username = pod2a@corpdemo.net password =Cisco123
PODX username = podXa@corpdemo.net password =Cisco123 where X is pod number

Once Signed In, in the search bar enter pod1b@corpdemo.net address to find the contact. To initiate a
voice call click the greyed out phone icon button appearing at the bottom of the contact screen.

Cisco Confidential 2014 All Rights Reserved

Page 35


B N Mobility - CUWN 8.1 Features Lab ver1

podxb@corpdemo.net is your lab proctors account ask one of the proctors to receive a call. Once the
connection is made you will see the guy in the hat (forgot to bring it to Amsterdam)

To monitor the call navigate to MONITOR->Lync SDN->Active Calls and you should be able to see the
lync-call status

Cisco Confidential 2014 All Rights Reserved

Page 36


B N Mobility - CUWN 8.1 Features Lab ver1

While the call is on, start the camera and check that the call is upgraded to Video call:

Note: In this demo code Clicking the index number would not reveal any call details as these changes are
not integrated for this demo build, thats just an empty template we are showing for Demo. But these
values will be there in the official release.


Once the call is ended there is an option to see the call stats like MOS value and jitter under MONITORLync->History Calls.

Cisco Confidential 2014 All Rights Reserved

Page 37


B N Mobility - CUWN 8.1 Features Lab ver1

The call history details are not available on the GUI in this demo code but will be available in the official
release. For now you can view historical call details from WLC cli through following show command
Show lync-sdn history-calls detail <call id>

Cisco Confidential 2014 All Rights Reserved

Page 38


B N Mobility - CUWN 8.1 Features Lab ver1

Section 5: FlexConnect AVC (local Switching)


How AVC Works

AVC on FlexConnect AP


Cisco Confidential 2014 All Rights Reserved

Page 39


B N Mobility - CUWN 8.1 Features Lab ver1

Step1: Configure WLAN for Local Switching



1- To configure the WLAN to perform local switching go to WLC main menu WLANs. Select the
WLAN on which you want to enable local switching (PODx-PSK for the lab). From Advanced tab scroll
down to FlexConnect parameters and Enable FlexConnect Local Switching by checking the box. Then
hit Apply

Step2: Configure AP mode and Add AP to FlexConnect Group


1- Convert the PODx-AP to FlexConnect mode. Go to WIRELESS click on the AP name which you want
to convert to FlexConnect and from General tab select AP Mode to FlexConnect and click Apply

2- When the AP converts to Flexconnect you will be able to see the Flexconnect tab.
From FlexConnect tab enable VLAN Support and set Native VLAN ID to your individual POD
management VLAN e.g. POD1 =VLAN 10, POD2 =VLAN 20, PODX = VLAN X0 (where x is the pod
number). Then hit Apply

Cisco Confidential 2014 All Rights Reserved

Page 40


B N Mobility - CUWN 8.1 Features Lab ver1

3- Go back to FlexConnect tab and click on to VLAN Mappings button.

4- Under WLAN VLAN Mapping configure the VLAN ID to VLAN X1 which will be the locally
switched VLAN (e.g POD1=VLAN11, POD2=VLAN21PODX=VLANX1)

5- Now create a FlexConnect group by going to WLC main menu WIRELESS->FlexConnect Groups
click New

Cisco Confidential 2014 All Rights Reserved

Page 41


B N Mobility - CUWN 8.1 Features Lab ver1

6- Assign a name to FlexConnect Group PodX-flex and click Apply or you can use any intuitive name
to assign it to your individual pod.

7- Under the General tab Enable Application Visibility then add FlexConnect AP to the group by
checking the box Select Aps from current controller. The AP will appear under AP Name drop
down list then click the Add AP button and hit Apply
Note: Under Application Visibility we have three different options Wlan Specific/Enable/Disable
for the purpose of the lab we are just using Enable option. FlexConnect Group specific AVC
configuration takes precedence over WLAN AVC configuration


8-The AP should appear as being added to the group.

Cisco Confidential 2014 All Rights Reserved

Page 42


B N Mobility - CUWN 8.1 Features Lab ver1



9- Associate a client to this WLAN (PODx-PSK), once connected verify that the client gets an IP address
from a local switched VLAN X1 (i.e. VLAN 11=10.10.11.0/24 for POD1, VLAN 21=10.10.21.0/24 for
POD2VLANX1 for PODX *where X is the Pod number) you can check this by going to clients detail
from WLC Monitor->Clients then click on the clients MAC address. Below example is of a client
associated to WLAN POD6-PSK


10- Once the client is in run state and able to pass traffic browse to different websites (YouTube, Google,
Facebook, etc.) or run different applications so the client pass the data traffic.
To see the application visibility stats go to the WLC main menu Monitor->Applications->FlexConnect>FlexConnect Group click on the group name

Cisco Confidential 2014 All Rights Reserved

Page 43


B N Mobility - CUWN 8.1 Features Lab ver1



You will be able to see Application statistics under the Aggregate tab. The stats can be viewed for Max of
30 records and by default it is set to 10.


The above application stats are per FlexConnect group, you can also monitor application visibility per
client as well. On the same page click on the Clients under Applications->FlexConnect->FlexConnect
Groups->Clients then click on the client mac add

Cisco Confidential 2014 All Rights Reserved

Page 44


B N Mobility - CUWN 8.1 Features Lab ver1

Summary

FlexConnect Group specific AVC configuration takes precedence over WLAN AVC config

No AP Specific AVC configuration.

WLAN AVC configuration will be pushed to Flex APs where WLAN is broadcast

Cisco Confidential 2014 All Rights Reserved

Page 45


B N Mobility - CUWN 8.1 Features Lab ver1

Section 6:
Universal Domain AP
The aim of introducing Universal SKU AP is to address the worldwide regulatory compliance
requirement based on geo-location of the Cisco Wireless Access Points. Solution will collapse all
current regulatory domains into a single SKU Access Points. This will be applicable only to
newer -UX PIDs introduced and will not affect existing APs that are preconfigured with a
specific regulatory configuration.
Universal Access Point would be configured to correct Regulatory Domain in two phases
Manual Identification (Through Cisco AirProvision App)
Automatic Identification (Through NDP propagation)
Manual Identification
Smart Phone based solution( Cisco AirProvision app) communicates with Universal
Access Point on a secure channel.
For new installations user needs to prime at least one AP in the RF neighborhood by
Manual Identification method
APs primed at a different country/reg. domain will rely on Manual identification to
automatically correct country configuration
Upon failure of Automatic identification, Universal AP will fallback to Manual
identification
Automatic Identification
The process relies on Cisco Infrastructure to identify and apply Reg. Domain and
Country configurations
Cisco proprietary Neighbor Discovery mechanism identifies secure Cisco Universal APs
in the RF neighborhood
Universal AP learns domain configurations from the adjacent neighbors 802.11 beacons
frame and filters invalid and malicious rogues
Adjacent Universal APs will have NDP propagation flag set that will be used to
propagate valid country and reg. domain to the rest of the APs

Cisco Confidential 2014 All Rights Reserved

Page 46


B N Mobility - CUWN 8.1 Features Lab ver1

Step1: Associating Universal AP to WLC


Universal AP doesnt require any particular configurations on WLC to allow Universal AP to
associate. Connect the universal SKU AP (AP2700 in the lab) to the POD-Switch Port 4,
once the AP has joined the controller and downloaded the code, you can check the AP model and
SKU by going to WIRELESS tab from WLC main menu bar.
There are two APs on your pod AP2700 and AP3700 disable AP3700 before starting this
portion of the lab. Also, make sure that you have assign

For the this lab exercise configure the AP2700 name according to your pods as PODx-AP2700UX if not already configured (where X is the POD number) by going to AP General tab. Also,
prime it to your WLC, under High Availability tab assign your primary controller as your PODWLC name (PODx-WLC) and ip address 10.10.X0.2 then click Apply.

Note: You will see the APs LED blinking red and green even though the AP has obtained the ip
address and joined the controller. This is because there is no regulatory domain set on the AP
and it has not been primed with the correct domain.
To check if the AP is not already primed for a specific country domain, Click on the AP Name
and under Advanced tab the Regulatory Domains shows UX for both radios.
Notice that the Country Code is also showing UX and Universal Prime Status set to
Unprimed

Cisco Confidential 2014 All Rights Reserved

Page 47


B N Mobility - CUWN 8.1 Features Lab ver1

NOTE: You can configure multiple country domains on the WLC as well to test the AP join. As
its a Universal SKU AP (-UXK9) it should join the WLC regardless of the country domain set
on the WLC. But for the lab we are using country domain as US
(In the lab if you see that the AP is already primed (then just clear the AP configuration
and once the AP joins back to WLC it should have country code as UX and status as
Unprimed)

Step 2: WLAN Configuration


Now to configure a WLAN through which an administrator can prime the AP to a correct
regulatory domain go to WLAN->Advanced tab and scroll down to Universal Admin Support
and enable Universal Admin by checking the box and click Apply
Make sure that the WLAN should have the security set to PSK or 802.1x as open
authentication WLAN wont allow universal admin support.

Cisco Confidential 2014 All Rights Reserved

Page 48


B N Mobility - CUWN 8.1 Features Lab ver1

Step3 : SmartPhone Application (AirProvision App)


SmartPhone Application to migrate Universal AP into correct regulatory domain is supported on
following versions of SmartPhone Operating Systems

Android Jelly Bean 4.3 or higher


Apple iOS 7.0 or higher
Windows Mobile OS 8.0

Currently, the AirProvision App is in a pilot program and not available to everyone. This limit
will be taken off soon. For this lab exercise please ask the proctor for a phone once you reach
this portion of the lab and return back the phone once you are done configuring the UX -AP.
Air Provision App installation steps:
1- To get the app, type in cs.co/estore from your mobile device browser and it will open the
following page you can install the app from there.
Note: If you already have AirProvision app installed on your phone, please update
that to the latest version 1.3 as there are some bugs in the older version.

Cisco Confidential 2014 All Rights Reserved

Page 49


B N Mobility - CUWN 8.1 Features Lab ver1

2- Open the app and it will take you cisco CCO login page

3- use your CCO credentials to sign in

Cisco Confidential 2014 All Rights Reserved

Page 50


B N Mobility - CUWN 8.1 Features Lab ver1

4- You can Log in with CCO credentials and access the estore app. Now go to All Apps
5- Select the AirProvision and install this App.

Cisco Confidential 2014 All Rights Reserved

Page 51


B N Mobility - CUWN 8.1 Features Lab ver1

Step 4:Configuring Universal AP through Airprovision App


1- Connect the client (iPhone or Android phone) to the universal admin enabled SSID PodX-PSK.
Make sure the client associates to AP on 2.4GHz radio (its by design because the 2.4 channel is
consistent through different domains)
2- Open the Airprovision app and it will ask for the username /password. Enter your CCO or CEC
credentials and login. Also enable location services for the app

Cisco Confidential 2014 All Rights Reserved

Page 52


B N Mobility - CUWN 8.1 Features Lab ver1

3- When the location service is enabled, it will take you to the universal AP login where username
and password shows up as default. User cannot change these credentials just press Log In.
If you have an Android phone please refer to point 6 of this section

It will show AP configuration page where you can see Configure and Audit tabs. This provides
the status of the universal AP as shown below. Currently, the AP is not provisioned so it states
the following under configure and Audit tab
AP Provision = No
2.4 GHz= -UX
5 GHz= -UX
Configured Country= UX

Cisco Confidential 2014 All Rights Reserved

Page 53


B N Mobility - CUWN 8.1 Features Lab ver1

4- Now press Configure button at the bottom of the screen.

5- The AP will reboot and join back with the regulatory domain it has received through the GPS
/Location services. You can check that by going to the WIRELESS->AP Name->Advanced tab
and now the Regulatory Domain is changed from UX to A which is the correct regulatory
domain. Also, the country code should say US and as the AP is primed through the app the
Universal Prime status shows Web App.

Cisco Confidential 2014 All Rights Reserved

Page 54


B N Mobility - CUWN 8.1 Features Lab ver1

Also, you can insure this by connecting the client (iphone or Android phone) to the universal admin
enabled SSID (POD6-PSK in my setup) and then login to the Airproviosion app you will see that the
Universal AP is configured correctly as follow
AP Provision = Yes
2.4 GHz= -A
5 GHz= -A
Configured Country= US

Note: Once the AP is primed with the correct domain the NDP will be used to propagate valid
country and reg. domain to the rest of the Universal domain APs on the network. As we do not
have more Universal APs available in the lab we are not showcasing that feature but following
would have been seen if you have other UX APs in your network.

Cisco Confidential 2014 All Rights Reserved

Page 55


B N Mobility - CUWN 8.1 Features Lab ver1

6- Airprovioning through Android Phone


From the an Android phone the App behaves little different i.e once you open the Airprovision App it
asks for CCO credentials then to connect to the universal admin enabled SSID from the list of discovered
SSIDs. Once you connect to the SSID then the procedure is pretty much the same as with iPhone.

Cisco Confidential 2014 All Rights Reserved

Page 56


B N Mobility - CUWN 8.1 Features Lab ver1

Cisco Confidential 2014 All Rights Reserved

Page 57


B N Mobility - CUWN 8.1 Features Lab ver1

Appendix- Day 0/1 setup Day 0 Checklist


Configuration Checklist
The following checklist will help to make the installation process easier, as you will use when using the
GUI wizard to configure the WLC. While most of the information from the list is mandatory, there is
some information that is also optional (*). Please take a moment to learn the Lab Diagram above and the
tables with WLC configurations for your specific PodX and then record the information below or directly
into the Day 0/1 setup Day-0 configuration screens.
1. Network switch requirement (see above reference for switch configuration example)
a. WLC switch port number assigned
WLC assigned switch port:
__________________
b. Is the switch port configured as trunk?
c. Is there a management VLAN?
Management VLAN id:
__________________
d. Is there a guest VLAN?
Guest VLAN id:
__________________*
2. WLC Settings
a. New admin account name:
__________________
b. Admin account password
__________________
c. System name for the WLC
__________________
d. The current time zone
__________________*
e. Is there a NTP server available?
NTP server IP address:
__________________*
f. Management networking:
IP address
__________________
Subnet mask
__________________
Default gateway
__________________
g. Management VLAN id (use 1c) __________________
3. Corporate Wireless Network
a. Corporate wireless name/SSID __________________*
b. Is a RADIUS server required (Enterprise)?
If NO (WPA/WPA2 Personal)

Cisco Confidential 2014 All Rights Reserved

(Y / N)
(Y / N)
(Y / N)
(Y / N)*

(Y / N)*

(Y / N)

Page 58


B N Mobility - CUWN 8.1 Features Lab ver1

Corporate passphrase (PSK)__________________


If YES (WPA/WPA2 Enterprise)
RADIUS server IP address: __________________
RADIUS shared secret
__________________
c. Is a DHCP server known?
DHCP server IP address:
__________________*
4. Guest Wireless Network - skip to 5 if not required.
a. Guest wireless name/SSID
__________________
b. Is a password required for guest?
If NO skip to 4c.
If YES
Guest passphrase (PSK):
__________________
c. Guest VLAN id (use 1d)
__________________
d. Guest networking
IP address
__________________
Subnet mask
__________________
Default gateway
__________________

(Y / N)*

(Y / N)

5. End of checklist, continue to WLC installation.

Cisco Confidential 2014 All Rights Reserved

Page 59


B N Mobility - CUWN 8.1 Features Lab ver1

Reference Only:
NOT part of the lab as WLC2504 doesnt support EoGRE tunnel

EoGRE
Ethernet over GRE (EoGRE) is a new aggregation solution for aggregating WiFi traffic from
hotspots. This solution enables customer premises equipment (CPE) devices to bridge the
Ethernet traffic coming from an end host, and encapsulate the traffic in Ethernet packets over an
IP GRE tunnel. When the IP GRE tunnels are terminated on a service provider broadband
network gateway, the end hosts traffic is terminated and subscriber sessions are initiated for the
end host. In our lab setup we are using ASR1K as a tunnel gateway.

CAPWAP
Cntrl

CAPWAP
Data

EoGRE

WLC

Tunnel Gateway
(TGW) ASR1K

1. To demonstrate EoGRE feature we will create another SSID, from WLC main menu go to WLANs
and Click the Go button. Create a WLAN with naming convention as POD<Number>-EoGRE.
Map this WLAN to management interface with Security set to None

Cisco Confidential 2014 All Rights Reserved

Page 60


B N Mobility - CUWN 8.1 Features Lab ver1

Basic EoGRE tunnel configuration

Currently, the EoGRE configuration is only available through CLI. Login to your POD WLC
console or telnet to the WLC from the wired Laptop then execute the following commands.
Step 1: Assign a Tunnel Gateway Address:
(WLC)>config tunnel eogre tgw <add/delete/modify> <gateway name> ipv4-address <ip>
Cisco Confidential 2014 All Rights Reserved

Page 61


B N Mobility - CUWN 8.1 Features Lab ver1

(WLC)>config tunnel eogre tgw add ASR1K ipv4-address 10.10.200.5

Step2: Create Tunnel Profile:


(WLC)>config tunnel profile create podX

//where X is the POD number//

Step3: Create/ Define Tunnel Profile Rule:


(WLC)>config tunnel profile rule add podX nai-filter <nai-string>
(WLC)>config tunnel profile rule add podX nai-filter * eogre vlan 0 ASR1K
Step4: Add /Associate Tunnel Profile to the WLAN:
From the WLC GUI go to the WLAN on which you are enabling EoGRE (PODx-EoGRE) now
under Advanced->Tunnel Profile and select your podx profile.

To verify and check if the tunnel is properly configured on the WLC run the following Show
commands
(WLC)> show tunnel eogre gateway summary

Cisco Confidential 2014 All Rights Reserved

Page 62


B N Mobility - CUWN 8.1 Features Lab ver1

(WLC)> show tunnel profile summary

In this lab exercise the ASR1K is pre-configured for EoGRE tunnel and a DHCP pool. For your
reference the tunnel configuration on ASR1K which is as follows

Now connect a wireless client to the SSID PODX-EoGRE you should get an ip address from
10.55.55.0 subnet, which is configured on the ASR1K.

Cisco Confidential 2014 All Rights Reserved

Page 63


B N Mobility - CUWN 8.1 Features Lab ver1

You can also verify that the client is associated through EoGRE tunnel by running show client
detail command on your POD WLC

Cisco Confidential 2014 All Rights Reserved

Page 64


B N Mobility - CUWN 8.1 Features Lab ver1

Cisco Confidential 2014 All Rights Reserved

Page 65

You might also like