Cấu hình WLC2504
Sơ đồ hoàn công: https://drive.google.com/file/d/15732NnLI0iTfKTtQNfhDZcdBimVEpvBM/view
Matrix: https://www.cisco.com/c/en/us/td/docs/wireless/compatibility/matrix/compatibility-matrix.html
https://www.wiresandwi.fi/blog/cisco-wlc-or-ap-device-certificate-expired-what-you-can-do
https://community.cisco.com/t5/wireless-mobility-knowledge-base/mic-and-ssc-certificates-expired-on-cisco-ap/ta-p/4720040
debug capwap console cli
capwap ap ip address 10.0.0. 255.255.255.0
capwap ap ip default-gateway 10.0.0.56
capwap ap controller ip address 10.0.0.56
capwap ap hostname THUVIEN_NGOAI
capwap ap ip address 10.0.0.64 255.255.255.0
capwap ap ip default-gateway 10.0.0.1
capwap ap controller ip address 10.0.0.254
-------------------------------- ---- -------- --------------- ------- ------ --
Bỏ qua việc check thời gian hết hạn
WLC> config ap cert-expiry-ignore mic enable
WLC> config ap cert-expiry-ignore ssc enable
Interface Name Port Vlan Id IP Address Type Ap Mgr Gu est
-------------------------------- ---- -------- --------------- ------- ------ -- ---
a1_vlan7_ip_48.1/20 2 7 192.168.48.2 Dynamic No No
g3_vlan20_ip_64.1/21 2 20 192.168.64.2 Dynamic No No
management 1 untagged 10.0.0.250 Static Yes No
nhah2_vlan21_ip_72.1/21 2 21 192.168.72.2 Dynamic No No
thuvien_vlan22_ip_80.1/21 2 22 19280.2 Dynamic No No
virtual N/A N/A 1.1.1.1 Static No No
(2504) >config interface address management <IP address> <netmask> <gateway>
(2504) >config interface vlan management <vlan>
sh ip int brief
debug capwap console cl
config t
interface BVI1
ip address 10.0.0.252 255.255.255.0
end
wr mem
Cac buoc cau Upgrade Firmware cho AP tu image down ve cua cisco
Dat IP card mang LAN
192.168.1.10
255.255.255.0
192.168.1.1
Cai tftpd tro den thu muc chua image
Ket noi console
Ketnoi AP qua POE den may tinh tai cong LAN
Giu phim reset AP
Cam nguon POE vao AP
Doi 20s buong tay
Tran AP xuat hien dau nhac ap:
Cau hinh IP de copy image tu TFTP server sang flash cuar AP
set IP_ADDR 192.168.1.11
set NETMASK 255.255.255.0
set DEFAULT_ROUTE 192.168.1.1
tftp_init
flash_init
tar -xtract tftp://10.0.0.111/ap3g2-k9w8-tar.153-3.JBB4.tar flash:
:boot de khoi dong lai
H3_P33_Hceres#sh running-config ?
aaa Show AAA configurations
all Configuration with defaults
brief configuration without certificate data
class-map Show class-map information
flow Global Flow configuration subcommands
full full configuration
identity Show identity profile/policy information
interface Show interface configuration
linenum Display line numbers in output
map-class Show map class information
partition Configuration corresponding a partition
policy-map Show policy-map information
ssid Show Dot11 SSID information
view View options
vnet Show Virtual NETwork aware configuration
vrf Show VRF aware configuration
| Output modifiers
<cr>
H3_P33_Hceres#sh running-config brief
Building configuration...
Current configuration : 3724 bytes
!
! Last configuration change at 08:12:27 UTC Sun Feb 18 2018
version 15.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname H3_P33_Hceres
!
!
logging rate-limit console 9
enable secret 5 $1$p6gP$eH6ZGX3Z4YVF7r4ll4fkm.
!
aaa new-model
!
!
aaa authentication login default local
!
!
!
!
!
aaa session-id common
no ip routing
no ip cef
!
!
!
!
!
!
eap profile lwapp_eap_profile
method fast
!
!
crypto pki trustpoint cisco-m2-root-cert
revocation-check none
rsakeypair Cisco_IOS_M2_MIC_Keys
!
crypto pki trustpoint Cisco_IOS_M2_MIC_cert
revocation-check none
rsakeypair Cisco_IOS_M2_MIC_Keys
!
crypto pki trustpoint airespace-old-root-cert
revocation-check none
rsakeypair Cisco_IOS_MIC_Keys
!
crypto pki trustpoint airespace-device-root-cert
revocation-check none
rsakeypair Cisco_IOS_MIC_Keys
!
crypto pki trustpoint Cisco_IOS_MIC_cert
revocation-check none
rsakeypair Cisco_IOS_MIC_Keys
match certificate ciscomic allow expired-certificate
!
crypto pki trustpoint virtual_wlc_trust_point
revocation-check crl
match certificate vwlcssc allow expired-certificate
!
!
!
crypto pki certificate map ciscomic 10
issuer-name co cn = cisco manufacturing ca, o = cisco systems
!
crypto pki certificate map vwlcssc 1
subject-name co o = cisco virtual wireless lan controller
!
crypto pki certificate chain cisco-m2-root-cert
certificate ca 01
crypto pki certificate chain Cisco_IOS_M2_MIC_cert
certificate 293645C90000000989A9
certificate ca 02
crypto pki certificate chain airespace-old-root-cert
certificate ca 00
crypto pki certificate chain airespace-device-root-cert
certificate ca 03
crypto pki certificate chain Cisco_IOS_MIC_cert
certificate 1A33B88500000006854F
certificate ca 6A6967B3000000000003
crypto pki certificate chain virtual_wlc_trust_point
username quangtv secret 5 $1$DdSE$5v8NndO15U9DExXQONiuN.
!
!
lldp run
bridge irb
!
!
!
interface Dot11Radio0
no ip route-cache
antenna gain 0
stbc
ampdu transmit priority 1
ampdu transmit priority 2
ampdu transmit priority 3
mbssid
power client local
packet retries 64 drop-packet
station-role root
no cdp enable
!
interface Dot11Radio1
no ip route-cache
antenna gain 0
peakdetect
stbc
ampdu transmit priority 1
ampdu transmit priority 2
ampdu transmit priority 3
mbssid
speed 6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15. a1ss9 a2ss9 a3ssnone
power client local
packet retries 64 drop-packet
station-role root
no cdp enable
!
interface GigabitEthernet0
no ip route-cache
duplex auto
speed auto
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface GigabitEthernet1
no ip route-cache
shutdown
duplex auto
speed auto
bridge-group 1
bridge-group 1 spanning-disabled
!
interface BVI1
mac-address 380e.4d65.f684
ip address 192.168.56.103 255.255.240.0
no ip route-cache
ipv6 address dhcp
ipv6 address autoconfig
ipv6 enable
!
interface Virtual-WLAN0
no ip route-cache
!
ip forward-protocol nd
no ip http server
ip ssh version 2
!
!
logging origin-id string AP:380e.4d65.f684
logging facility kern
logging host 255.255.255.255
!
!
bridge 1 protocol ieee
bridge 1 route ip
parser view capwap-config-view
secret 5 $1$e0OJ$XxhzQ10oTUxfgJQsg9wap/
commands configure include all capwap
commands exec include all enable
commands exec include configure terminal
commands exec include configure
commands exec include all show capwap
commands exec include show running-config
commands exec include show
!
!
line con 0
line vty 0 4
transport input all
line vty 5 15
transport input all
!
capwap ap pause-time 100
end
H3_P33_Hceres#
Xóa AP khỏi Controller
debug capwap console cli
clear capwap ap controller ip address
Các bước Reset AP và thêm vào Controller
1. Reset AP 1702
- Connect the console cable
- Unplug the power or network cable if connected to a POE switch
- Press and hold the Mode button
- Plug the power back into the AP
- Wait until the output on the console says button is pressed. Wait for button to be released…
- Once that message is displayed release the button and allow the AP to boot
- You should now be at the ap: prompt
- Enter the command: delete flash:private-multiple-fs
- Press y when prompted
- Type reset to reboot the AP y
After the AP has rebooted login to the AP using the default username/password (the password - is case sensitive, upper case C):
- Username: Cisco \ Password: Cisco
| Nếu không được thêm 1 DNS: CISCO-CAPWAP-CONTROLLER.huce.edu.vn=>192.168.48.2 |
2. Thêm vào Controller
debug capwap console cli
capwap ap ip address 192.168.48.47 255.255.240.0
capwap ap ip default-gateway 192.168.48.1
capwap ap controller ip address 192.168.48.2
capwap ap hostname AP_NEW