Those are not my first steps with wireless controllers or wireless networking. I had my first touch of enterprise-class wireless networks like 7-8 years ago when Cisco WLC controllers hit the market and lead the evolving world of wireless networking. Working for Cisco Gold Partner back then gave me the opportunity to configure few both autonomous and centrally managed wireless networks at different scale. I also performed a security audit of one quite big installation. Back then there was no virtual vWLC controller back then.
Why am I getting back to the Cisco wireless solutions now? I got Cisco AIR-CAP3702 access point lately, so it was excellent opportunity to refresh my knowledge and look at the past few years changes. It is a popular enterprise model that can work either as an autonomous access point or managed via a controller. So this model is for tests and PoC labs for me, so I decided to check what has changed in Cisco wireless world.
My view on enterprise wireless networking
Wireless networking was an area of technology that was not interesting for me. Not that it is boring, useless or not valuable, it is just not the area I positioned myself as a specialist. However, I never ignored it. I looked at how wireless market evolved and how Cisco wanted to adapt to it. In my opinion, Cisco more or less failed (but other top vendors like Juniper failed even more!). I saw their attempts to provide SOHO devices by acquiring Linksys – it was good at the beginning but got worse and worse with every new model. I used three generations of Linksys devices at my home, so I think I was a loyal customer that now has his own opinion. I had little experience with Meraki. Right now thanks to my friends I own and use at home Aerohive access point and it is excellent. If you are not a privacy or security freak, it will suit you and your company in many scenarios. I may write about that other time.
Deploying vWLC controller VM
If you want to get familiar with Cisco Wireless LAN Controllers, you need to have at least two things – the controller itself and access point. The WLC software is available as a virtual appliance you can run on ESXi hypervisor or even on VMware Workstation. You can ask your sales representative or Cisco partner for controller image – there is one with 60-days trial license. I got the latest one which is 18.104.22.168. The access point needs to be compatible with the controller version you will use so if you plan to buy used hardware on eBay check first if it is supported by software you get from Cisco.
Installation is straightforward – you just import the OVA or install ISO. There are two things that you need to be aware of if you run in on VMware Workstation:
- The NICs are by default bridged to your LAN adapter. By default, the controller uses subnet 192.168.1.0/24, and have address 192.168.1.1 preconfigured. So if you have the same subnet and gateway in your LAN then booting up the VM will cause problems
- When you boot the VM every time, you will be asked to press any key on the VM console. Try to do this immediately. The bootloader will prompt for this for few seconds, and then it hangs.
If you install vWLC on ESXi then just don’t connect the VM interfaces on vSwitch to LAN where IP addresses will overlap.
Next configuration steps are also straightforward – you need to provide IP addresses or select DHCP, setup NTP server, admin login and password, setup first SSID and enable WLAN interfaces. vWLC reboots to apply those changes.
The vWLC management panel listens on port 443 on Management Port you had to configure during setup. There is no redirection from port 80. The first surprise for me was that default page is static with only with the ‘Login’ button – you provide credentials in system dialog window. Lately, I prefer logging in the way Microsoft supplied in Azure or Office365 where you have default page to provide username then it redirects you to another page where you enter the password. The second page you can customize with company logo – I treat it as additional security. In WLC you can only customize WebAuth page.
Another surprise was the default dashboard page.
This page contains only essential information on WLC, access points, and performance. There is not much space for customization, all you can do is reorganize or remove dashlets. If you need more detailed information or performing the configuration, you need to click ‘Advanced’ link. The advanced page is a disappointment for me – it looks exactly like years ago when I stopped working with wireless networks. I wonder if I should be happy that it does not require Adobe Flash to work? I expected progress – competitors do it better!
There are two licensing models you can use – classic RTU (Right-to-Use) or Cisco Smart-Licensing. In the RTU, you buy licenses for features and hardware you want to use. The Smart-Licensing gives the enterprises more flexibility – you buy tokens that you assign to multiple devices. However, this solution is preferably for larger businesses only. Most users will use RTU licenses which are the default.
Additionally, the RTU licensing gives you 60 days of free trial. To activate trial license go to Management -> Software Activation -> Licenses, then click on the license ap_count, and enable it by accepting the EULA.
Now you are ready to register your first access point and create a wireless network. You should also delete the default SSID that was defined during installation.
Check my other post – Manual upgrade of lightweight access point