Thursday, August 25, 2016

Configuring Cisco 3650/3850 Wireless Controller Module (WCM)

Converged Wireless Network Architecture

An alternative to the centralized wireless architecture, where WLCs are located near the core layer, the WLC function can be moved further down in the network hierarchy. Relocating the WLC does two things:

* The WLC function is moved closer to the LAPs (and the wireless users).

* The WLC function becomes distributed, rather than centralized.

The access layer turns out to be a convenient location for the WLCs. After all, wireless users ultimately connect to a WLC, which serves as a virtual access layer. Why not move the wireless access layer to coincide with the wired access layer? With all types of user access merged into one layer, it becomes much easier to do things link apply common access and security policies that affect all users. This is known as a converged wireless network architecture. To distinguish the two approaches, centralized controllers are known as WLCs, while converged controllers are known as Wireless Control Modules (WCMs).

There's a distinction between the centralized and converged architecture, with regards to the WLC and WCM functions. One difference is that WLCs run the Cisco AireOS software, while WCMs are based on the Cisco IOX-XE software that runs on the Catalyst switches that host the WCMs.

As you might imagine, distributing the controller function into the access layer increases the number of controllers that are needed. One controller is needed per access switch stack or chassis. The idea is to push more controllers down closer to the users, which also reduces the number of APs and clients that connect to each one. How can this be accomplished? The Cisco Catalyst 3650, 3850, and 4500 (Supervisor 8-E only) product families are commonly used as access layer switches, plus they can offer converged-access WCM functions without needing any additional hardware.

Converged Access Switch Wireless Capacities

     Platform                                 Lightweight APs Supported     Wireless Clients Supported

Catalyst 3650 (per stack)            25                                               1000

Catalyst 3850 (per stack)            50                                               2000

Catalyst 4500 (per chassis)         50                                               2000


It might seem odd that the number of supported APs is rather low, when the physical port density of a switch is rather large. For instance, a Catalyst 3850 switch stack can consist of up to 432 wired ports (nine 48-port switches), but only 50 APs can be conected to the entire stack of switches. If you think of this from a wireless perspective, it makes more sense. Each AP is connected to the switch stack by a twisted-pair cable that is limited to a length of 100 meters. Therefore, all of the APs must be located within a 100 meter radius of the access switch. There are not too many AP cells that can physically fit into that area.

One other advantage of the converged network architecture relates to wireless scalability. APs offering 802.11ac Wave 1 can use common 1-Gbps switch ports withoout limiting the throughput. Wave 2, however, has the potential to go well beyond 1 Gbps, which requires something more than a single 10/100/1000-Mbps switch port. Cisco offes proprietary Multigigabit Ethernet ports on several models in the Catalyst 3850 and 4500 families, where APs an connect over a single cables. Multigigabit Ethernet can operate at speeds of 100 Mbps, 1 Gbps, 2.5 Gbps, and 5 Gbps over Cat5e cabling and up to 10 Gbps over Cat6a cabling speeds.

The converged model also solves some connectivity problems at branch sites by bringing a fully functional WLC onsite, within the access layer switch. With a local WLC, the APs can continue to operate without a dependency upon a WLC at the main site through a WAN connection.

If the CAPWAP tunnel is relatively short in a converged network, which means the wireless devices can reach each other more efficiently. In contrast, traffic from a wireless user to a central resource such as a data center or the Internet travels through the CAPWAP tunnel, is unencapsulated at the access layer switch (and WLC), then travels up through the rest of the network layers.


I was able to get a Cisco 3650 switch for my wireless lab and configured its wireless controller module (WCM). The setup is identical with a Cisco 3850 switch. You initially configure the web GUI access on the switch and click on Wireless Web GUI.


Switch>enable
Switch#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#hostname 3650-WCM1
3650-WCM1(config)#interface vlan1
3650-WCM1(config-if)#ip address 202.7.3.5 255.255.255.224
3650-WCM1(config-if)#no shutdown
3650-WCM1(config-if)#
*Jul 28 05:10:20.363: %LINK-3-UPDOWN: Interface Vlan1, changed state to up
*Jul 28 05:10:21.364: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
3650-WCM1(config-if)#ip default-gateway 202.7.3.1
3650-WCM1(config)#username admin cisco privilege 15 password cisco
3650-WCM1(config)#end
3650-WCM1#
*Jul 28 05:14:21.885: %SYS-5-CONFIG_I: Configured from console by console




You can run the configuration wizard by going to Configuration > Wizard to configure the WCM basic settings.




You configure the out-of-management port (Service Port in WLC).


You configure the Wireless Management which is used between the WCM and AP.




You need to select Mobility Controller (MC) for the Mobility Role in order for the Cisco 3650 to act as the wireless controller for the APs. The default role is Mobility Agent and the WCM will not register any AP.




You create the wireless SSID and choose which 802.11 radios to enable.



You set the correct time in order for the proper exchange of  DTLS certificates between WLC and AP.



A summary of the preferred settings is presented before you click Apply.



By default, the status on the WLAN SSID is disabled (uncheck) and you need to tick Enabled in order to be used by wireless clients. For quick wifi testing, I chose open authentication which means there's no Layer 2 and Layer 3 security policy were selected.





After configuring the WCM, the AP still can't upgrade it's image and found out I hit a bug with the 3.3.5 IOS-XE. So I've upgraded to 3.6.5, expanded the IOS and changed the boot file.


ERROR: Problem extracting files from archive.
Download image failed, notify controller!!! From:8.0.110.0 to 10.1.150.0, FailureCode:3
archive download: takes 48 seconds

*Jul 28 05:59:24.331: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 202.7.3.5:5246
*Jul 28 05:59:24.331: %LWAPP-3-CLIENTERRORLOG: Config load from flash failed. Initialising Cfg
*Jul 28 05:59:24.347: %LWAPP-3-CLIENTERRORLOG: Config load from flash failed. Initialising Cfg
*Jul 28 05:59:24.551: capwap_image_proc: problem extracting tar file
examining image...!

extracting info (289 bytes)
Image info:
    Version Suffix: k9w8-.152-4.JB7
    Image Name: ap1g2-k9w8-mx.152-4.JB7
    Version Directory: ap1g2-k9w8-mx.152-4.JB7
    Ios Image Size: 11213312
    Total Image Size: 11602432
    Image Feature: WIRELESS LAN|LWAPP
    Image Family: AP1G2
    Wireless Switch Management Version: 10.1.150.0
MwarVersion:0A019600.First AP Supported Version:0703010B.

Image version check passed 

Extracting files...
ap1g2-k9w8-mx.152-4.JB7/ (directory) 0 (bytes)
extracting ap1g2-k9w8-mx.152-4.
*Jul 28 05:59:34.415: AP has SHA2 MIC certificate - Using SHA1 MIC certificate for DTLS.
*Jul 28 05:59:34.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 202.7.3.5 peer_port: 5246
*Jul 28 05:59:34.315: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 202.7.3.5 peer_port: 5246
*Jul 28 05:59:34.315: %CAPWAP-5-SENDJOINJB7/file_hashes (3733 bytes)
extracting ap1g2-k9w8-mx.152-4.JB7/K5.bin (81620 bytes)!!!: sending Join Request to 202.7.3.5perform archive download capwap:/ap1g2 tar file
*Jul 28 05:59:34.323: %CAPWAP-6-AP_IMG_DWNLD: Required image not found on AP. Downloading image from Controller.
*Jul 28 05:59:34.327: Loading file /ap1g2...
!!!
extracting ap1g2-k9w8-mx.152-4.JB7/S2.bin (13992 bytes)!
extracting ap1g2-k9w8-mx.152-4.JB7/img_sign_rel_sha2.cert (1371 bytes)!
extracting ap1g2-k9w8-mx.152-4.JB7/S5.bin (111936 bytes)!!!!!


Old IOS (with bug)

Switch  Ports Model                    SW Version         SW Image                      Mode
------     -----   -----                        ----------               ----------                         ----
*    1     28    WS-C3650-24PS      03.03.05SE        cat3k_caa-universalk9   INSTALL


New IOS 

Switch  Ports  Model                         SW Version        SW Image                 Mode  
------     -----    -----                            ----------            ----------                       ----  
*    1     28       WS-C3650-24PS      03.06.05.E        cat3k_caa-universalk9 BUNDLE

3650-WCM1#dir
Directory of flash:/

 7746  -rw-     2097152  Jul 28 2016 07:20:02 +00:00  nvram_config
 7747  -rw-    79122052   Jun 3 2015 12:12:02 +00:00  cat3k_caa-base.SPA.03.03.05SE.pkg
 7748  -rw-     6521532   Jun 3 2015 12:12:02 +00:00  cat3k_caa-drivers.SPA.03.03.05SE.pkg
 7749  -rw-    34530288   Jun 3 2015 12:12:02 +00:00  cat3k_caa-infra.SPA.03.03.05SE.pkg
 7750  -rw-    34846028   Jun 3 2015 12:12:02 +00:00  cat3k_caa-iosd-universalk9.SPA.150-1.EZ5.pkg
 7751  -rw-    25170832   Jun 3 2015 12:12:02 +00:00  cat3k_caa-platform.SPA.03.03.05SE.pkg
 7752  -rw-    77456192   Jun 3 2015 12:12:02 +00:00  cat3k_caa-wcm.SPA.10.1.150.0.pkg
 7753  -rw-        1247   Jun 3 2015 12:12:14 +00:00  packages.conf
 7754  -rw-         556  Jul 28 2016 07:19:58 +00:00  vlan.dat
 7755  -rw-   303753780  Jul 28 2016 07:10:50 +00:00  cat3k_caa-universalk9.SPA.03.06.05.E.152-2.E5.bin
 7756  drwx        4096  Jul 28 2016 07:19:21 +00:00  dc_profile_dir
 7759  -rw-        7483  Jul 28 2016 07:31:45 +00:00  wnweb.tgz

3650-WCM1#software expand file flash:/cat3k_caa-universalk9.SPA.03.06.05.E.15  
flash:/cat3k_caa-universalk9.SPA.03.06.05.E.152-2.E5.bin
Preparing expand operation ...
[1]: Expanding bundle flash:cat3k_caa-universalk9.SPA.03.06.05.E.152-2.E5.bin
[1]: Copying package files
[1]: A different version of provisioning file packages.conf already exists in flash:.
    The provisioning file from the expanded bundle will be saved as
    flash:cat3k_caa-universalk9.SPA.03.06.05.E.152-2.E5.conf
[1]: Package files copied
[1]: Finished expanding bundle flash:cat3k_caa-universalk9.SPA.03.06.05.E.152-2.E5.bin

3650-WCM1(config)#no boot system switch all flash:cat3k_caa-universalk9.SPA.03.06.05.E.152-2.E5.bin
3650-WCM1(config)#boot system switch all flash:packages.conf
3650-WCM1(config)#end
3650-WCM1#write memory
Warning: Attempting to overwrite an NVRAM configuration previously written
by a different version of the system image.
Overwrite the previous NVRAM configuration?[confirm]
*Jul 28 07:55:03.051: %SYS-5-CONFIG_I: Configured from console by console3650-WCM1#reload
Reload command is being issued on Active unit, this will reload the whole stack
Proceed with reload? [confirm]


<OUTPUT TRUNCATED>


3650-WCM1#show version
Cisco IOS Software, IOS-XE Software, Catalyst L3 Switch Software (CAT3K_CAA-UNIV
ERSALK9-M), Version 03.06.05.E RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2016 by Cisco Systems, Inc.
Compiled Thu 02-Jun-16 09:03 by prod_rel_team


Cisco IOS-XE software, Copyright (c) 2005-2015 by cisco Systems, Inc.
All rights reserved.  Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0.  The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY.  You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0.
(http://www.gnu.org/licenses/gpl-2.0.html) For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.


ROM: IOS-XE ROMMON
BOOTLDR: CAT3K_CAA Boot Loader (CAT3K_CAA-HBOOT-M) Version 1.2, RELEASE SOFTWARE
 (P)

3650-WCM1 uptime is 27 minutes
Uptime for this control processor is 30 minutes
System returned to ROM by reload at 07:13:18 UTC Thu Jul 28 2016
System image file is "flash:cat3k_caa-universalk9.SPA.03.06.05.E.152-2.E5.bin"
Last reload reason: Reload command

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

License Level: Ipbase
License Type: Permanent
Next reload license Level: Ipbase

cisco WS-C3650-24PS (MIPS) processor with 4194304K bytes of physical memory.
Processor board ID FDO1922EABC
1 Virtual Ethernet interface
28 Gigabit Ethernet interfaces
2048K bytes of non-volatile configuration memory.
4194304K bytes of physical memory.
250456K bytes of Crash Files at crashinfo:.
1609272K bytes of Flash at flash:.
0K bytes of Dummy USB Flash at usbflash0:.
0K bytes of  at webui:.

Base Ethernet MAC Address          : d8:b1:90:3a:21:23
Motherboard Assembly Number        : 73-15128-05
Motherboard Serial Number          : FDO19211DEF
Model Revision Number              : G0
Motherboard Revision Number        : A0
Model Number                       : WS-C3650-24PS
System Serial Number               : FDO1922EGHI


Switch Ports Model                    SW Version        SW Image                    Mode
------ ----- -----                            ----------              ----------                        ----
*    1 28    WS-C3650-24PS      03.06.05.E          cat3k_caa-universalk9  INSTALL

 
3650-WCM1#show boot
---------------------------
Switch 1
---------------------------
Current Boot Variables:
BOOT variable = flash:packages.conf;

Boot Variables on next reload:
BOOT variable = flash:packages.conf;
Allow Dev Key = yes
Manual Boot = no
Enable Break = no




You can safely delete unwanted files using the software clean command.

3650-WCM1#software ?
  auto-upgrade  Initiate auto upgrade for switches running incompatible
                software
  clean         Clean unused package files from local media
  commit        Commit the provisioned software and cancel the automatic
                rollback timer
  expand        Expand a software bundle to local storage, default location is
                where the bundle currently resides
  install       Install software
  rollback      Rollback the committed software


3650-WCM1#software clean
Preparing clean operation ...
[1]: Cleaning up unnecessary package files
[1]: No path specified, will use booted path flash:packages.conf
[1]: Cleaning flash:
[1]: Preparing packages list to delete ...
     In use files, will not delete:
       cat3k_caa-base.SPA.03.03.05SE.pkg
       cat3k_caa-drivers.SPA.03.03.05SE.pkg
       cat3k_caa-infra.SPA.03.03.05SE.pkg
       cat3k_caa-iosd-universalk9.SPA.150-1.EZ5.pkg
       cat3k_caa-platform.SPA.03.03.05SE.pkg
       cat3k_caa-wcm.SPA.10.1.150.0.pkg
       packages.conf
[1]: Files that will be deleted:
    cat3k_caa-base.SPA.03.06.05E.pkg
    cat3k_caa-drivers.SPA.03.06.05E.pkg
    cat3k_caa-infra.SPA.03.06.05E.pkg
    cat3k_caa-iosd-universalk9.SPA.152-2.E5.pkg
    cat3k_caa-platform.SPA.03.06.05E.pkg
    cat3k_caa-universalk9.SPA.03.06.05.E.152-2.E5.bin
    cat3k_caa-universalk9.SPA.03.06.05.E.152-2.E5.conf
    cat3k_caa-wcm.SPA.10.2.150.0.pkg

[1]: Do you want to proceed with the deletion? [yes/no]: yes
[1]: Clean up completed

 
3650-WCM1#dir
Directory of flash:/

 7746  -rw-     2097152  Jul 28 2016 08:01:08 +00:00  nvram_config
 7747  -rw-    79122052   Jun 3 2015 12:12:02 +00:00  cat3k_caa-base.SPA.03.03.05SE.pkg
 7748  -rw-     6521532   Jun 3 2015 12:12:02 +00:00  cat3k_caa-drivers.SPA.03.03.05SE.pkg
 7749  -rw-    34530288   Jun 3 2015 12:12:02 +00:00  cat3k_caa-infra.SPA.03.03.05SE.pkg
 7750  -rw-    34846028   Jun 3 2015 12:12:02 +00:00  cat3k_caa-iosd-universalk9.SPA.150-1.EZ5.pkg
 7751  -rw-    25170832   Jun 3 2015 12:12:02 +00:00  cat3k_caa-platform.SPA.03.03.05SE.pkg
 7752  -rw-    77456192   Jun 3 2015 12:12:02 +00:00  cat3k_caa-wcm.SPA.10.1.150.0.pkg
 7753  -rw-        1247   Jun 3 2015 12:12:14 +00:00  packages.conf
 7754  -rw-         556  Jul 28 2016 08:00:46 +00:00  vlan.dat
 7756  drwx        4096  Jul 28 2016 07:19:21 +00:00  dc_profile_dir
 7759  -rw-        7483  Jul 28 2016 07:31:45 +00:00  wnweb.tgz
1621966848 bytes total (1359265792 bytes free)


The AP still won't register unless you activate the AP license and accept the End User License Agreement (EULA).


 *Jul 28 08:04:45.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 202.7.3.5 peer_port: 5246
*Jul 28 08:04:45.323: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 202.78.30.5 peer_port: 5246
*Jul 28 08:04:45.323: %CAPWAP-5-SENDJOIN: sending Join Request to 202.7.3.5
*Jul 28 08:04:50.323: %CAPWAP-5-SENDJOIN: sending Join Request to 202.7.3.5
*Jul 28 08:04:50.703: %CDP_PD-4-POWER_OK: All radios disabled - NEGOTIATED inline power source
*Jul 28 08:05:44.711: %DTLS-5-ALERT: Received WARNING : Close notify alert from 202.7.3.5
*Jul 28 08:05:44.711: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 202.7.3.5:5246
*Jul 28 08:05:54.783: AP has SHA2 MIC certificate - Using SHA1 MIC certificate for DTLS.
*Jul 28 08:05:55.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 202.7.3.5 peer_port: 5246
*Jul 28 08:05:55.315: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 202.7.3.5 peer_port: 5246
*Jul 28 08:05:55.315: %CAPWAP-5-SENDJOIN: sending Join Request to 202.7.3.5
*Jul 28 08:06:00.442: *%CAPWAP-3-AP_DB_ALLOC: 1 wcm:  Unable to alloc AP entry in database for 202.7.3.29:12956  

3650-WCM1#show license ?
  right-to-use  Displays all the RTU licenses.

3650-WCM1#show license right-to-use ?
  default   Displays the default license information.
  detail    Displays details of all the licenses in the stack.
  eula      Displays the EULA text.
  mismatch  Displays mismatch license information.
  slot      Specify switch number
  summary   Displays consolidated stack wide license information.
  usage     Displays the usage details of all licenses.
  |         Output modifiers
  <cr>

3650-WCM1#show license right-to-use summary
  License Name    Type     Count   Period left
-----------------------------------------------
  ipbase       permanent   N/A      Lifetime
  apcount      base            0          Lifetime
  apcount      adder          0          Lifetime

--------------------------------------------

License Level In Use: ipbase
License Level on Reboot: ipbase
Evaluation AP-Count: Disabled
Total AP Count Licenses: 0
AP Count Licenses In-use: 0
AP Count Licenses Remaining: 0


3650-WCM1#license ?
  right-to-use  Configure RTU license.

3650-WCM1#license right-to-use ?
  activate    activate particular license level
  deactivate  deactivate particular license level

3650-WCM1#license right-to-use activeate ?
  apcount     configure the AP-count licenses on the switch
  ipbase      activate ipbase license on the switch
  ipservices  activate Ipservices license on the switch
  lanbase     activate lanbase license on the switch

3650-WCM1#license right-to-use activate apcount ?
  <1-50>      configure the number of adder licenses
  evaluation  activate evaluation license

3650-WCM1#license right-to-use activate apcount 50 ?
  slot  Specify switch number

3650-WCM1#license right-to-use activate apcount 50 slot ?
  <1-9>  Specify switch number

3650-WCM1#license right-to-use activate apcount 50 slot 1 ?
  acceptEULA  automatically accept the  EULA for the given license
  <cr>


3650-WCM1#license right-to-use activate apcount 50 slot 1 acceptEULA
% switch-1:stack-mgr:ACTIVATION FAIL : Total AP Count Licenses exceed maximum limit
3650-WCM1#license right-to-use activate apcount 5 slot 1 acceptEULA
3650-WCM1#
*Jul 28 08:09:29.765: %SMN_HBL_LICENSE-6-AP_ADD: 1 stack-mgr:  5 adder AP-count
licenses are added



You can do this via WCM GUI by going to Administration > Licenses.


I was still unable to register the AP to WCM and it's useful to observe the console logs on the AP. I was able to successfully register an AIR-SAP 1602E AP after configuring switch port G1/0/1 to access port.


*Jul 28 08:37:36.025: %CAPWAP-3-AP_PORT_CFG: AP connected port Gi1/0/1 is not an access port.
*Jul 28 08:37:36.027: *%CAPWAP-3-DATA_TUNNEL_CREATE_ERR2: 1 wcm:  Failed to create CAPWAP data tunnel with interface id: 0xde95c00000000c for AP: a055.4fc2.c2a0 Error Reason: Capwap Data Tunnel create retry exceeded max retry count. 
*Jul 28 08:37:54.145: *%CAPWAP-3-INVALID_STATE_EVENT: 1 wcm:  Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination 
*Jul 28 08:38:04.148: *%CAPWAP-3-INVALID_STATE_EVENT: 1 wcm:  Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination[...It occurred 3 times/sec!.]  
*Jul 28 08:38:14.147: *%CAPWAP-3-INVALID_STATE_EVENT: 1 wcm:  Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination 
*Jul 28 08:38:24.148: *%CAPWAP-3-INVALID_STATE_EVENT: 1 wcm:  Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination[...It occurred 3 times/sec!.] 

3650-WCM1#sh run int g1/0/1
Building configuration...

Current configuration : 38 bytes
!
interface GigabitEthernet1/0/1
end

3650-WCM1(config)#interface g1/0/1
3650-WCM1(config-if)#switchport host
switchport mode will be set to access
spanning-tree portfast will be enabled
channel group will be disabled
3650-WCM1#
*Jul 28 08:42:48.343: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/1, changed state to down
*Jul 28 08:42:49.344: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/1, changed state to down
*Jul 28 08:42:49.513: %SYS-5-CONFIG_I: Configured from console by console
*Jul 28 08:42:50.188: %ILPOWER-7-DETECT: Interface Gi1/0/1: Power Device detected: IEEE PD
*Jul 28 08:42:55.543: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/1, changed state to up
*Jul 28 08:42:56.542: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/1, changed state to up
*Jul 28 08:43:00.188: %ILPOWER-5-POWER_GRANTED: Interface Gi1/0/1: Power granted

3650-WCM1#show wireless ?
  authentication     Show information and stats  about wireless authentication
  band-select        Displays Band Select Configuration
  client             Show wireless active clients
  country            Show the configured countries and channel information
  detail             Displays Wireless Configuration
  dot11-padding      Display over-the-air frame padding setting
  dot11h             Show 802.11h configuration
  dtls               Show the DTLS server status
  exclusionlist      Show exclusion list
  flow-control       Display WCM CMI flow-control details
  interface          Show wireless interface status and configuration
  ipv6               Show IPv6 parameters
  linktest           Shows linktest
  load-balancing     Shows Aggressive Load Balancing configuration
  media-stream       Display Multicast-direct Configuration State
  mgmt-via-wireless  Show management access from wireless client setting
  mobility           Show Mobility Management Configuration
  multicast          Displays Multicast information
  performance        Shows Aggressive Load Balancing configuration
  pmk-cache          Show information about the PMK cache
  probe              Show the advanced probe request configuration
  sip                SIP parameters
  summary            Show summary of wireless network
  vlan               VLAN information
  wgb                Show active work-group bridges (WGB)
  wps                Show WPS Configuration

3650-WCM1#show wireless client ?
  ap                    Cisco access point information
  calls                 Wireless client calls
  dot11                 Show 802.11 parameters
  location-calibration  wireless client location calibration
  mac-address           Wireless client MAC address
  probing               Show probing clients
  summary               Show active clients
  tclas                 Show TCLAS associated with a client and User Priority
  timers                Display 802.11 system timers
  username              Shows wireless client information
  voice                 Wireless client voice parameters
  wifidirect            Show wifidirect related attributes


The AIR-SAP1602E was able to register to the WCM and my iPhone was able to associate to SSID WCM-LAB.



3650-WCM1#show ap summary
Number of APs: 1

Global AP User Name: Not configured
Global AP Dot1x User Name: Not configured

AP Name                           AP Model  Ethernet MAC    Radio MAC       State
--------------------------------------------------------------------------------
--------
APa89d.2103.29b8                  1602E     a89d.2103.29b8  a055.4fc2.c2a0  Registered

3650-WCM1#show wlan summary

Number of WLANs: 1

WLAN Profile Name                     SSID                           VLAN Status

--------------------------------------------------------------------------------

1    WCM-LAB                          WCM-LAB                        1    UP

3650-WCM1#show wireless client summary
Number of Local Clients : 1


MAC Address    AP Name                          WLAN State              Protocol
--------------------------------------------------------------------------------
d025.9890.1cd9 APa89d.2103.29b8                 1    UP                 11n(2.4)

3650-WCM1#show wireless client mac-address d025.9890.1cd9 detail

Client MAC Address : d025.9890.1cd9
Client Username: N/A
AP MAC Address : a055.4fc2.c2a0
AP Name: APa89d.2103.29b8
AP slot : 0
Client State : Associated
Wireless LAN Id : 1
Wireless LAN Name: WCM-LAB
BSSID : a055.4fc2.c2a0
Connected For : 402 secs
Protocol : 802.11n - 2.4 GHz
Channel : 11
Client IIF-ID : 0xe9780000000013
ASIC : 0
IPv4 Address : 202.7.3.13
IPv6 Address : Unknown
Association Id : 1
Authentication Algorithm : Open System
Status Code : 0
Session Timeout : 0
Client CCX version : No CCX support
Input Policy Name  : unknown
Input Policy State : None
Output Policy Name  : unknown
Output Policy State : None
802.1P Priority Tag : Not supported
WMM Support : Enabled
U-APSD Support : Disabled
Power Save : ON
Current Rate : m7
Supported Rates : 1.0,2.0,5.5,11.0,6.0,9.0,12.0,18.0,24.0,36.0,48.0,54.0,1.0,2.0
,5.5,11.0,6.0,9.0,12.0,18.0,24.0,36.0,48.0,54.0
Mobility State : Local
Mobility Move Count : 0
Security Policy Completed : Yes
Policy Manager State : RUN
Policy Manager Rule Created : Yes
NPU Fast Fast Notified : Yes
Last Policy Manager State : DHCP_REQD
Client Entry Create Time : 3022 seconds
Policy Type : N/A
Encryption Cipher : None
Management Frame Protection : No
Protected Management Frame - 802.11w : No
EAP Type : Not Applicable
Interface : default
VLAN : 1
Quarantine VLAN : 0
Access VLAN : 1
WFD capable : No
Manged WFD capable : No
Cross Connection capable : No
Support Concurrent Operation : No
Client Capabilities
  CF Pollable : Not implemented
  CF Poll Request : Not implemented
  Short Preamble : Implemented
  PBCC : Not implemented
  Channel Agility : Not implemented
  Listen Interval : 20
  Fast BSS Transition : Not implemented
Fast BSS Transition Details :
Client Statistics:
  Number of Bytes Received : 340571
  Number of Bytes Sent : 1851951
  Number of Packets Received : 2086
  Number of Packets Sent : 2133
  Number of EAP Id Request Msg Timeouts : 0
  Number of EAP Request Msg Timeouts : 0
  Number of EAP Key Msg Timeouts : 0
  Number of Data Retries : 372
  Number of RTS Retries : 0
  Number of Duplicate Received Packets : 3
  Number of Decrypt Failed Packets : 0
  Number of Mic Failured Packets : 0
  Number of Mic Missing Packets : 0
  Number of Policy Errors : 0
  Radio Signal Strength Indicator : -50 dBm
  Signal to Noise Ratio : 49 dB
Assisted-Roaming  Prediction List:
Nearby AP Statistics:
  APa89d.2103.29b8(slot0)
    antenna0: 293 seconds ago -78 dBm







Below is the complete show run output.

3650-WCM1#sh run
Building configuration...

Current configuration : 4761 bytes
!
! Last configuration change at 08:51:04 UTC Thu Jul 28 2016 by admin
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname 3650-WCM1
!
boot-start-marker
boot system switch all flash:packages.conf
boot-end-marker
!
!
vrf definition Mgmt-vrf
 !
 address-family ipv4
 exit-address-family
 !       
 address-family ipv6
 exit-address-family
!
!
username cisco privilege 15 password 0 cisco
user-name admin
 creation-time 1469684619
 privilege 15
 password 0 cisco
 type mgmt-user
no aaa new-model
switch 1 provision ws-c3650-24ps
!
ip device tracking
!
!
vtp mode transparent
!
crypto pki trustpoint TP-self-signed-3953284901
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3953284901
 revocation-check none
 rsakeypair TP-self-signed-3953284901
!
!
crypto pki certificate chain TP-self-signed-3953284901
 certificate self-signed 01
  30820241 308201AA A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 33393533 32383439 3031301E 170D3136 30373238 30383031
  30355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 39353332
  38343930 3130819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  81009B73 AB18BF83 1F81AD63 B3D205A6 DAFD3B85 0DA217D9 E7E194AB FC7263E6
  7D08F79C E27D4344 1FABC8D2 5A0CE2E8 25793D61 CDD8470A 5C7BF1C0 3D03BAE6
  59413AD7 9C69A4ED 678A4763 F89B1880 17552BA3 5405777D ED107017 6D8F7EFC
  86DB704A 39374E05 79AECB5E B2D2018D BC6B8230 32ACDCDD 7EF721C2 A2955409
  871F0203 010001A3 69306730 0F060355 1D130101 FF040530 030101FF 30140603
  551D1104 0D300B82 09333635 302D5743 4D31301F 0603551D 23041830 1680149C
  2C1404EB 132EA53A A1A2573F 8C4E0445 5FE51030 1D060355 1D0E0416 04149C2C
  1404EB13 2EA53AA1 A2573F8C 4E04455F E510300D 06092A86 4886F70D 01010405
  00038181 00306B05 C7FBB70E A190E144 D99462D7 77A443DA 31511829 CE1FDA7F
  206889E7 275A278B EABEBC87 43D6A1F3 833495F5 B67CE347 1A3E2B9F 4549FB0F
  90E47E42 5B17176A 8DB24C37 B6731CE2 C8B0A95C A530C4E1 9EE2B784 FB48A6DD
  A6F97AB3 EA8C7BF9 8DDF0712 F36F30CB 9CE3634B 7110BBBF 7AFC17AD 5BFC1A9F
  9CBDD137 90
        quit
!
!
!
!
!
diagnostic bootup level minimal
spanning-tree mode pvst
spanning-tree extend system-id
!
redundancy
 mode sso
!
!
!
class-map match-any non-client-nrt-class
  match non-client-nrt
!
policy-map port_child_policy
 class non-client-nrt-class
    bandwidth remaining ratio 10
!
!        
!
!
!
!
interface GigabitEthernet0/0
 vrf forwarding Mgmt-vrf
 ip address 192.168.1.10 255.255.255.0
 ip helper-address 192.168.1.1
 negotiation auto
!
interface GigabitEthernet1/0/1
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!        
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface Vlan1
 ip address 202.7.3.5 255.255.255.224
 ip helper-address 202.7.3.1
!
ip default-gateway 202.7.3.1
ip http server
ip http authentication local
ip http secure-server
!
!
!
snmp-server location WCM Lab
snmp-server contact John Lagura
!
!
line con 0
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 login
line vty 5 15
 login
!        
wsma agent exec
 profile httplistener
 profile httpslistener
wsma agent config
 profile httplistener
 profile httpslistener
wsma agent filesys
 profile httplistener
 profile httpslistener
wsma agent notify
 profile httplistener
 profile httpslistener
!
wsma profile listener httplistener
 transport http
!
wsma profile listener httpslistener
 transport https
wireless mobility controller
wireless management interface Vlan1
wireless rf-network WCM
wlan WCM-LAB 1 WCM-LAB
 ip dhcp server 202.7.3.1
 no security wpa
 no security wpa akm dot1x
 no security wpa wpa2
 no security wpa wpa2 ciphers aes
 no shutdown
ap country SG
ap group default-group
end

No comments:

Post a Comment