Instruction to LAB team for ADV Mobility [CMX]

MGMT PC: 1. MGMT PC either Windows 7 or Windows 2008 R2 . 2. Make sure the System Date, Time & TimeZone set to current and the Activated the OS with Valid key.

3. Must have Dual NIC card. Rename the onboard NIC to Internet Do-Not-Touch connect it to
GK Internet switch and the External NIC (Second) to Lab-NIC. For Lab NIC the IP address

should be 192.168.X0.15 and subnet mask 255.255.255.0 and NO DEFAULT GATEWAY.

4. Copy the (Maps Folder) to the MGMT PC Desktop. 5. Create a folder named Copy of CMX on the MGMT PC desktop and Copy the .ova files of (AD, MSE & PI) in to it. Copy the Wireless Client to C:\Virtual Machines Folder. (If that folder not exists please create one and copy the files). File Location for pointers 4 & 5 [\\192.168.200.254\ve\Completed\Copy of CMX]. 6. Create a folder called software in C:\ drive and copy the drivers for USB Serial cable & Wireless Adaptor. 7. It is advisable to have latest version of IE, Chrome & Firefox. Make sure the Java, Flash, Direct X, .Net Framework 3.5 SP1 and Later installed. 8. For Firefox, follow these steps to enable WebGL: In the browser address line, enter about:config In the Search text box, enter webgl to filter the settings. Double click webgl.forceenabled. Make sure that webgl.disables is disabled.

9. Please use SecureCRT for the console connection and make sure PuTTY is NOT there on the Desktop. 10. Make sure you have connected and saved the console session for WLC, POD Switch & AP. 11. Keep the VMware workstation and vSphere Client running on the MGMT PC before the class commences. Make sure you logged in to the Esxi using vSphere client. 12. Power ON the Win 7 Wireless VM image on the Workstation. Remove old SSID entries from Manage wireless Networks. 13. Log in to the Win7 Wireless VM and make sure the wireless USB adapter is attached/Mapped. Make sure the wireless driver is installed on both MGMT & VM and

license is still active. If expired, reactivate it. Also ensure that the VMTools are updated.
ESXi:1. Its advisable to install ESXi 5.0 and make sure the host PC has 5.1 version of vsphere client installed [Optional]. 2. Make sure the Esxi machine has 1 TB HDD space and minimum of 32 GB RAM. 3. ESXi should have two NICs. Onboard NIC should connected to the GK Internet Giga Switch and the other one should be connected to this Classroom POD switch. 4. Make sure that No Keyboard/Mouse connected to the Esxi machine. 5. Configure the Username and Password for Esxi as per the user credentials table given below. 6. Create a Vmkernal switch inside the Esxi and assign the ip address 192.168.X0.10 and VLANID X0. 7. Make sure the Vmkernal IP is pingable from the host machine (RDP Machine). 8. Create a Virtual Machine and Name it as MGMT & assign VLANID X0. 9. All images related to the Lab must be mapped to the MGMT adapter. 10. Deploy AD, PI & MSE and configure the IP address & Password as per the Lab guide. Make sure AD license is still active. If expired, reactivate it. 11. Delete the old entries of DNS records and create new one according to the POD. 12. Make sure that the NTP is configured and running in AD. 13. Open Run cmd Type net stop w32time && net start w32time hit enter key

WLC, AP & Switch: 1. The WLC should run 7.5.102.0 as an Active image. Make sure the configuration in the WLC is cleared. 2. APs need to be hard reset properly to get the AP find its WLC without any certificate or timer issue. Please find the steps below on how to hard reset. a. Power off the AP by either plugging out the cable from PoE switch or switching off the power adapter that gives power source to the AP. b. Start pressing the HARD RESET button when the AP is powered down. c. Keep hold of the button and power on the AP by any method (either via PoE or Power adaptor) d. Keep on holding the button for full 1 minute (60 seconds) until you start to see the stable RED light. Then the AP is already in the ROMMON mode. Then you can issue the below given command. 3. DO NOT forget to issue SET BOOT command (set BOOT flash:ap3g2-k9w8-mx.1522.JB1/ap3g2-k9w8-mx.152-2.JB1) and reload (boot) 4. Please let the trainer knows about the AP model and Country code. 5. Do reset (Clear config & vlan.dat) the Switch before you pushing in the switch configuration 6. Do reset (Clear config) the Router before you pushing in the Router configuration 7. Please use good conditioned cables (Both Data Cable & Console) while connecting the devices. User Credentials:Machines Username Password IP address Esxi root cisco123 192.168.X0.10 AD Administrator C1sc0123 192.168.X0.11 WLC admin C1sc0123 192.168.X0.30 Wireless Client Administrator C1sc0123 DHCP (192.168.X0.0/24) MSE root password 192.168.X0.80 Prime Infrastructure (GUI) root Adm1n123 192.168.X0.70 Prime Infrastructure (CLI) admin Adm1n123 192.168.X0.70

Lab Topology Diagram:-

G0/1- AP-1 G0/2 WLC G0/3 Esxis Second NIC card. G0/4 Host Machines Second NIC, [Lab NIC]. G0/5 Internet

Switch Configuration(Sample- Replace X with the POD number)

Switch:
hostname CMX-SW ! vlan X0,X1,X2,X3,X4 ! enable secret 5 $1$NAo5$B4zS81umF.BGhsNzASCUS. ! ! ! ip routing ip dhcp excluded-address 192.168.X0.1 192.168.X0.100 ip dhcp excluded-address 192.168.X1.1 192.168.X1.100 ip dhcp excluded-address 192.168.X2.1 192.168.X2.100 ip dhcp excluded-address 192.168.X3.1 192.168.X3.100 ip dhcp excluded-address 192.168.X4.1 192.168.X4.100 ip dhcp excluded-address 192.168.X5.1 192.168.X5.100 ! ip dhcp pool vlanX0 network 192.168.X0.0 255.255.255.0 default-router 192.168.X0.1 domain-name primeinfra.com option 43 hex f104.c0a8.0a1e dns-server 192.168.10.X1 8.8.8.8 ! ip dhcp pool vlanX1 network 192.168.X1.0 255.255.255.0 default-router 192.168.X1.1 domain-name primeinfra.com dns-server 192.168.10.X1 8.8.8.8 ! ip dhcp pool vlanX2 network 192.168.X2.0 255.255.255.0 default-router 192.168.X2.1 domain-name primeinfra.com dns-server 192.168.X0.11 8.8.8.8 domain-name primeinfra.com ! ip dhcp pool vlanX3 network 192.168.X3.0 255.255.255.0 default-router 192.168.X3.1 dns-server 192.168.X0.11 8.8.8.8 domain-name primeinfra.com ! ip dhcp pool vlanX4 network 192.168.X4.0 255.255.255.0 default-router 192.168.X4.1

Change the Hex value according to the WLC IP. The First four digits f104 is standard and next two sets of 4 digits only is the IP address of the WLC.

domain-name primeinfra.com dns-server 192.168.10.X1 8.8.8.8 ! nmsp enable ! spanning-tree mode pvst spanning-tree extend system-id ! interface GigabitEthernet 2/0/1 description PODX_AP-1 switchport access vlan X0 switchport mode access no shut ! interface GigabitEthernet 2/0/2 description PODX_WLC switchport trunk encapsulation dot1q switchport mode trunk no shut ! interface GigabitEthernet 2/0/3 description PODX_ESXI switchport trunk encapsulation dot1q switchport mode trunk no shut ! interface GigabitEthernet 2/0/4 description PODX_MGMT switchport access vlan X0 switchport mode access no shut ! interface GigabitEthernet 2/0/5 description Internet switchport trunk encapsulation dot1q switchport mode trunk no shut ! interface Vlan1 no ip address shutdown ! interface VlanX0 ip address 192.168.X0.1 255.255.255.0 no shut ! interface VlanX1 ip address 192.168.X1.1 255.255.255.0

no shut ! interface VlanX2 ip address 192.168.X2.1 255.255.255.0 no shut ! interface VlanX3 ip address 192.168.X3.1 255.255.255.0 no shut ! interface VlanX4 ip address 192.168.X4.1 255.255.255.0 no shut ! ip sla enable reaction-alerts snmp-server community cisco RW ! ! line con 0 line vty 0 4 password cisco login line vty 5 15 login ! end

Verification: AD: 1. Deploy the AD-1 OVA file and change the IP address to 192.168.X0.11/24. No need Gateway 2. Restart the NTP service [Open Run cmd Type net stop w32time && net start w32time hit enter key ] DNS Records Creation Since DNS server plays an important role when it comes to keeping the network up and accessible, it becomes important for the administrators to keep a close eye on the DNS records, and verify their validity on a regular basis. DNS records are the entries of the computer names along with their corresponding IP addresses in the DNS server database. Although there can be several DNS record types that a DNS server database can have, some of the most commonly used and important DNS records include:

Host (A) Host (A) records are the names of the computers along with their corresponding IPv4 IP addresses that are registered with the DNS server. Host (AAAA) Host (AAAA) records are the names of the computers along with their corresponding IPv6 IP addresses that are registered with the DNS server. Task 1: Add a Reverse Lookup zone Step 1 Step 1 Step 2 Step 3 Step 4 Log on to Windows server 2008 server[AD] with user name and password as Administrator /C1sc0123 From the desktop screen, click Start. From the Start menu, go to Administrative Tools DNS. From the DNS Manager, on the left, expand AD. Expand Reverse Lookup Zone, Right click on the existing entry and delete it.

Step 5 Step 6 Step 7 Step 8 Step 9 Step 10 Step 11 Step 12 Step 13

Right-click the Reverse Lookup Zones folder, and click New Zone . A zone configuration wizard appears. Click Next. Select the Primary Zone and Click Next. Leave the default settings and click Next. Select the IPV4 Reverse look up Zone and Click Next. Enter the your pods Network address : 192.168.X0 (Where X is your pod number) Click Next Leave the default settings and click Next. Review the configuration and click Finish.

Task 2: Add a Forward Lookup Zone To add Host (A) DNS records manually to the DNS database, administrators must follow the steps given as below: Step 1 Step 2 Step 3 From the DNS Manager, on the left, expand AD, Expand Forward Lookup Zone. Right-click primeinfra.com. From the displayed context menu, click New Host (A or AAAA).

Step 4

On New Host box, type host Name along with the IP address of the target host computer in the Name (uses parent domain name if blank) and IP address fields respectively.

Step 5

Step 6 Step 7 Step 8 Step 9

Once done, click Add Host. Optionally, Create associated pointer (PTR) record checkbox can also be checked to automatically generate a PTR entry of the target computer in the Reverse Lookup Zones before clicking Add Host button. On the displayed message box, click OK. Back on the New Host box, click Done. Repeat the Step 3to Step 5 for all the components (MSE & WLC) Close DNS Manager snap-in when done.

PI Virtual Appliance Configuration Step 1 At the login prompt, enter the setup command.

Step 2

Step 3

Prime Infrastructure configuration script starts. The script takes you through the initial configuration steps for Prime Infrastructure virtual appliance. In the first sequence of steps, you configure network settings. When prompted, enter the following settings by referring the image below. a. The hostname for the virtual appliance. PI-X b. The IP address for the virtual appliance. 192.168.X0.70 c. The IP default subnet mask for the IP address entered. 255.255.255.0 d. The IP address of the default gateway for the network environment in which you are creating the virtual machine. 192.168.X0.1 e. The default DNS domain for the target environment. primeinfra.com f. The IP address or hostname of the primary IP nameserver in the network. 192.168.X0.11 g. At the Add/Edit another nameserver prompt? N h. Enter Primary NTP Server: 192.168.X0.11 i. Add/Edit Secondary server? N j. Enter the Timezone: Asia/Singapore k. Enter username [admin]: admin l. Enter password: Adm1n123 m. Enter password again: Adm1n123 n. Configure HA? No

Step 4

Step 5

Step 6

Step 7

Enter the username for the user account used to access Prime Infrastructure system running on the virtual machine. The default username is admin, but you can change this to another username by typing it here. Enter the password for Prime Infrastructure. The password must be at least eight characters and must include both lowercase and uppercase letters and at least one number. It cannot include the username or default Cisco passwords. After you enter the password, the script verifies the network settings you configured. For example, it attempts to reach the default gateway that you have configured. After verifying the network settings, the script starts Prime Infrastructure installation processes. This process can take several minutes, during which there is no screen feedback. When finished, the following banner appears on the screen: === Initial Setup for Application: Prime Infrastructure === After this banner appears, the configuration starts with database scripts and reboots the server as shown in the console: Running database cloning script... logger: invalid option -- l usage: logger [-is] [-f file] [-p pri] [-t tag] [-u socket] [ message ... ] Running database creation script... logger: invalid option -- l usage: logger [-is] [-f file] [-p pri] [-t tag] [-u socket] [ message ... ] Setting Timezone, temporary workaround for DB... Generating configuration... Rebooting...

Step 8 Step 9

Step 10 Step 11 Step 12

Log in as admin and enter the admin password. Launch Internet Explorer 8 or 9 or Mozilla Firefox 11.0 or 12.0 on a different computer than the one on which you installed and started Prime Infrastructure. In the address line of browser, enter https://192.168.X0.70. Prime Infrastructure user interface displays the Login page. Enter your username. The default username is root. Enter the root password you created during setup.

MSE Configuration:
Step 1

Log in to the MSE console with these credentials: root/password. Upon the initial boot up, the MSE prompts the administrator to launch the setup script. Enter yes to this prompt. If the MSE does not prompt for setup, enter the following command: /opt/mse/setup/setup.sh.

Step 2 Step 3

Step 4

Configure the host name by entering choice 2.

Step 5

Configure the Domain name by entering choice 3.

Step 6

Configure Ethernet interface parameters [eth0] by entering choice 5. eth0 IP Address 192.168.X0.80 Network Mask 255.255.255.0 Default Gateway 192.168.X0.1 Replace X with your Pod number.

Step 7

Configure the DNS domain name by entering choice 3.

Step 8

Configure the time zone by entering the choice 8.

Step 9

Configure the NTP settings by entering the choice 12.

Step 10

Accept the change to the configuration by entering the choice 23.

MSE Commands

Run this command in order to determine the status of MSE services: [root@MSE ~]# getserverinfo

Run this command in order to start the contextaware engine for client tracking: [root@MSE ~]# /etc/init.d/msed start

Run this command in order to determine the status of the contextaware engine for client tracking: [root@MSE ~]# /etc/init.d/msed status

Run this command in order to stop the contextaware engine for client tracking: [root@MSE ~]# /etc/init.d/msed stop

Run this command in order to perform diagnostics: [root@MSE ~]# rundiag

WLC Configuration: In this task, you will connect to your remote WLAN controller serial interface by using the remote lab terminal server, and you will go through the initial CLI setup for your respective Cisco WLC. Activity Procedure Complete these steps:
Step 1

After powered on WLC, the initial configuration is required before start accessing GUI. Step 13 Terminate AUTOINSTALL by issuing No command for manual configuration Enter parameters as given here and summarized in the lab table.
System Name [Cisco_34:26:a3]: CMX-X Enter Administrative User Name (24 characters max): admin Enter Administrative Password (24 characters max): C1sc0123 Re-enter Administrative Password : C1sc0123 Enable link Aggregation (LAG) [yes][NO]: No Management Interface IP Address: 192.168.X0.30 Management Interface Netmask: 255.255.255.0 Management Interface Default Router: 192.168.X0.1 Management Interface VLAN Identifier (0 = untagged): X0 Management Interface Port Num [1 to 4]: 1

Note

The port number is important because it must match the connection leading from the WLAN controller to the network infrastructure. Management Interface DHCP Server IP Address:
192.168.X0.1

Note

Later, your controller will be configured as a DHCP server. When using an internal WLAN controller DHCP server, the IP address needs to match the management interface. Therefore, the DHCP server and management address will be the same and will point to itself for this lab. The remaining DHCP configuration will be completed later, via the GUI. Virtual Gateway IP Address: 1.1.1.1

Note

The virtual gateway provides Layer 3 features such as the DHCP relay to wireless clients. This value must match among mobility groups. Multicast IP : 239.X0.10.10 Mobility/RF Group Name: podx

Note

The Mobility/RF group allows multiple wireless controllers to be clustered into one logical controller group, to allow dynamic RF adjustments and roaming for wireless clients.

Network Name (SSID): CMX-X Configure DHCP Bridging Mode [Yes] [no] : No Allow Static IP Addresses [YES][no]: Yes Configure a RADIUS Server now? [YES][no]: No
Note

By default, one WLAN SSID is already configured on the WLC and uses server-based authentication. If you skip RADIUS configuration during the startup wizard, the result is a preconfigured SSID that uses 802.1X EAP, requiring a RADIUS server but without one defined. Use this choice is to prevent open authentication security vulnerabilities. Enter Country Code list (enter 'help' for a list of countries) [US]: US Enable 802.11b Network [YES][no]: Yes Enable 802.11a Network [YES][no]: Yes Enable 802.11g Network [YES][no]: Yes

Note

On your controller, enable all radios: 802.11b, 802.11g, and 802.11a. The AP for this controller has only one 802.11a radio. You still allow all protocols, so that if an 802.11b/g AP joins the controller, its radios will be enabled. Enable Auto-RF [YES][no]: Yes Configure a NTP server now? [YES][no]: Yes Enter the NTP servers IP address: 192.168.X0.11 Enter a polling interval between 3600 and 604800 secs: 3600

Note

You do not configure the time on this controller. In a real deployment, you would configure the time during the initial configuration of the controller. In this remote lab scenario, the time has already been configured and is consistent with the time of the other devices in the lab. Configuration correct? If yes, system will save it and reset. [Yes][NO]: Yes

SNMP Configuration [WLC] Complete these steps:

Step 1

Step 2

Open Internet Explorer or Firefox and connect to https://192.168.X0.30, where X is your assigned pod number. You should see a login window similar to the one shown here.

Step 3

Step 4 Step 5 Step 6

Log into the Cisco WLC using the following values: Username: admin Password: C1sc0123 Choose Wireless Tab and verify the AP is Joined to WLC. Choose Management > SNMP > Communities. If public or private appears in the Community Name column, hover your cursor over the blue drop-down arrow for the desired community and choose Remove to delete this community. Click New to create a new community. The SNMP v1 / v2c Community > New page appears. Enter the information as mentioned below and Click on Apply to save the Configuration. Community name: cisco IP Address: 192.168.X0.70 IP mask: 255.255.255.0 Access Mode: Read/Write Status: Enable

Step 7

Step 8

Congratulations!! You have Successfully Setup the lab