Page 1
Cisco Unified Access CT5760 Controllers and
Catalyst 3850 Switches Web GUI Deployment
Guide, Cisco IOS XE Software Release 3.2.2
Last Updated: August, 2013
Cisco Systems, Inc.
www.cisco.com
Page 2
Introduction
Introduction
This document introduces the maintenance release 3.2.2 Web GUI functionality for the Cisco Converged
Access CT5760 and Cat3850 products. This guide is designed to help you access, configure, and monitor
both products using the Web GUI interface.
CT5760 Controller
CT5760 is an innovative UADP ASIC based wireless controller deployed as a centralized controller in
the next generation unified wireless architecture. CT5760 controllers are specifically designed to
function as the Unified model central wireless controllers. They also support the newer Mobility
functionality with Converged Access switches in the wireless architecture.
CT5760 controllers are deployed behind a core switch/router. The core switch/router is the only gateway
into the network for the controller. The uplink ports connected to the core switch are configured as
EtherChannel trunk to ensure port redundancy.
This new controller is an extensible and high performing wireless controller, which can scale up to 1000
access points and 12000 clients. The controller has 6-10 Gbps data ports.
As a component of the Cisco Unified Wireless Network, the 5760 series works in conjunction with Cisco
Aironet access points, the Cisco Prime infrastructure, and the Cisco Mobility Services Engine to support
business-critical wireless data, voice, and video applications.
Catalyst 3850 Switches
Unified Access Catalyst 3850 switches are innovative UADP ASIC hardware that can support multiple
protocols and has many advantages over the current hardware platform. CAT3850 switch has an
integrated hardware based wireless support with CAPWAP and fragmentation. The CAT3850 switch has
40gig of uplink bandwidth with all port functioning at line rate.
Cisco Unified Access CT5760 Controllers and Catalyst 3850 Switches Web GUI Deployment Guide, Cisco IOS XE Software Release 3.2.2
2
Page 3
Getting Started
The CAT3850 switches provide Open Service platform. It is a 4 core CPU to leverage the OS and to host
various services. The CAT3850 hardware is the Next-Gen switching hardware.
UA CAT3850 switches have unified wired and wireless architecture. The wireless operating system is
IOS based. UA CAT3850 switches provide uniform wired and wireless policies. The CAT3850 switch
can manage 50 access points (802.11n) and support 2000 clients per stack.
Getting Started
Before you get started with enabling the WEB GUI on the Cat3850/CT5760, make sure you have the
following:
1. CLI access to the box. Console Access information is shown in the CLI/Console Access section.
2. Have one of the Supported Browser Version as listed in the section.
3. Go through the release notes for Release 3.2.2 located at:
http://www.cisco.com/en/US/docs/switches/lan/catalyst3850/software/release/3.2_0_se/release_notes/
OL28114.html#wp223882
4. Have access information such as Username/Password and networking access information.
Supported Browser Version
The following is a list of supported browser versions:
• Chrome – Ver. 26.x
• Mozilla – Ver. 20.x
• IE – Ver. 8.x, 9.x and 10.x
Cisco Unified Access CT5760 Controllers and Catalyst 3850 Switches Web GUI Deployment Guide, Cisco IOS XE Software Release 3.2.2
3
Page 4
Enabling WEB GUI on both the 5760 and 3850 Platforms
CLI/Console Access
Before you configure the switch or controller for basic operations, you must connect it to a PC that uses
a VT-100 terminal emulator (such as, HyperTerminal, ProComm, or Putty).
The controller has both EIA/TIA-232 asynchronous (RJ-45) and USB 5-pin mini Type B, 2.0 compliant
serial console ports. The default parameters for the console ports are 9600 baud, 8 data bits, 1 stop bit,
and no parity. The console ports do not support hardware flow control. Choose the serial baud rate of
9600; if you have issues, try a baud rate of 115200. The figure below shows an example of a Mac Secure
CRT; use similar configuration for PC/Windows Putty, and so on.
Figure 1 Mac Secure CRT Example
Enabling WEB GUI on both the 5760 and 3850 Platforms
Currently, Cat3850 and CT5760 ships with the first release labeled as 3.2.01. If you have an existing
CAT3850/CT5760 and want to use the GUI to configure or monitor your wireless network, please follow
the steps below:
1. Console to the 3850/5760 platform. Save your current configuration and upgrade to 3.2.2 release
available on cisco.com. Upgrade procedure can be found in the link below:
http://www.cisco.com/en/US/docs/switches/lan/catalyst3850/software/release/3.2_0_se/
system_management/appendix/swiosfs.html#wp1311040
Note During the upgrade, firmware will be upgraded and therefore it will take few more additional minutes
than the regular upgrade. Please do not turn off the unit during the upgrade.
2. After upgrading to 3.2.2 version, the web GUI functionality will be enabled. By default, https is
enabled. You can access the web GUI through https, but if you want to enable http access, you can
do so by issuing the following IOS CLI command:
3. Using the IOS CLI, you will need to create a username and password to access the GUI. You can
configure a local username by issuing the following command:
Controller(config)#username admin privilege 15 password Cisco123. Or you can configure
it to use credentials using an authentication server. Make sure the user has privilege 15 access level.
Controller(config)#ip http server
Cisco Unified Access CT5760 Controllers and Catalyst 3850 Switches Web GUI Deployment Guide, Cisco IOS XE Software Release 3.2.2
4
Page 5
4. To access the GUI, you can configure the out of band management port (GigE 0/0) or use existing
reachable configured interfaces through the network.
5. Now, you will be able to access the Web GUI interface. Open a browser and type your
controller/switch IP address. Example: https://10.10.10.5/. Please refer to the configuration
examples below for additional Web GUI access information.
Note If you have an out of the box or brand new 5760 or 3850, please console to the box and go through the
Startup Wizard as outlined in the deployment guide located at:
http://www.cisco.com/en/US/docs/wireless/technology/5760_deploy/Supported_Features.html
Configuration Examples
If you require additional information regarding any of the field while going through the deployment
guide, please refer to the GUI Online Help available after you have successfully accessed the GUI
through the steps below.
Configuration Examples
GUI Access for CT5760/3850 Example
Complete these steps:
Step 1 For GUI access, open a browser and type your controller IP address. By default https is enabled, for
example:
https://10.10.10.5
username: admin
Password: Cisco123
Note You can setup username/password using the following CLI command:
Controller(config)#username admin privilege 15 password Cisco123. This is an example and not
the default username and password.
Cisco Unified Access CT5760 Controllers and Catalyst 3850 Switches Web GUI Deployment Guide, Cisco IOS XE Software Release 3.2.2
5
Page 6
Configuration Examples
Once you login, you will be directed to the following page:
Step 2 Click Wireless WEB GUI, this will direct you to the home page shown below:
Cisco Unified Access CT5760 Controllers and Catalyst 3850 Switches Web GUI Deployment Guide, Cisco IOS XE Software Release 3.2.2
6
Page 7
Configuration Examples
Basic Configuration for CT5760/3850 Example
In this section you will perform basic controller and management configuration using the GUI Wizard
of the CT5760 or CAT 3850.
Step 3 Under the Configuration tab, choose the option Wizard.
Step 4 Configure Admin username and password.
Cisco Unified Access CT5760 Controllers and Catalyst 3850 Switches Web GUI Deployment Guide, Cisco IOS XE Software Release 3.2.2
7
Page 8
Configuration Examples
Step 5 Configure SNMP information—You can configure SNMP trap in this section, give a Location and
Contact and proceed to the next step.
Step 6 Management Interface Configuration—You can use the out of band Management Port to access the
controller. Enter the IP address and Netmask value and proceed to the next screen for Wireless
management configuration.
Cisco Unified Access CT5760 Controllers and Catalyst 3850 Switches Web GUI Deployment Guide, Cisco IOS XE Software Release 3.2.2
8
Page 9
Configuration Examples
Step 7 Wireless Management Configuration—Here, you can configure Wireless Management interface on the
5760 and assign it for a specific VLAN. Please assign VLAN IP and default gateway.
Step 8 RF Mobility and Country Code settings—Here, you can enter the RF Mobility configuration and select
a country code. As an example, enter rfdemo as the RF mobility name and choose US for Country Code.
Step 9 Mobility Configuration—Here, you can change the Mobility Group Name and other Mobility timers.
Please click Next to go to the next screen.
Cisco Unified Access CT5760 Controllers and Catalyst 3850 Switches Web GUI Deployment Guide, Cisco IOS XE Software Release 3.2.2
9
Page 10
Configuration Examples
Step 10 Creating a WLAN—You can create a WLAN in this screen. It is disabled by default. Create an 802.1x
Step 11 Enabling 802.11 Radios—Radios were disabled once the country code was changed in earlier steps.
WLAN name. In this example, it is NGWC1-1x.
Enable the radio by checking th 802.11a/n and 802.11 b/g/n check boxes.
10
Step 12 Time Settings—You can choose between two modes: Manual and NTP. In the following example, choose
NTP and use 10.10.10.1 as the NTP Server IP Address.
Step 13 Save and apply the Wizard
Cisco Unified Access CT5760 Controllers and Catalyst 3850 Switches Web GUI Deployment Guide, Cisco IOS XE Software Release 3.2.2
Page 11
Configuration Examples
Step 14 Confirmation Message–Please wait few seconds until the configurations are applied. You should see the
success message below. Click OK and this concludes the initial Wizard configuration.
Note This concludes the Initial Wizard setup. Next section describes the AAA configuration.
AAA Configuration for 802.1x WLAN Example
In this section you will setup AAA configuration.
Step 15 Configuring AAA settings for 802.1x WLAN—Under the Configuration tab, choose Security.
Cisco Unified Access CT5760 Controllers and Catalyst 3850 Switches Web GUI Deployment Guide, Cisco IOS XE Software Release 3.2.2
11
Page 12
Configuration Examples
This opens the AAA configuration page:
Step 16 Radius Server Configuration—Expand the Radius tab and click New
Cisco Unified Access CT5760 Controllers and Catalyst 3850 Switches Web GUI Deployment Guide, Cisco IOS XE Software Release 3.2.2
12
Page 13
Configuration Examples
Enter the ISE/Radius server information as shown below and then click Apply.
Confirmation message:
Click OK and you should see the following window.
Cisco Unified Access CT5760 Controllers and Catalyst 3850 Switches Web GUI Deployment Guide, Cisco IOS XE Software Release 3.2.2
13
Page 14
Configuration Examples
Step 17 Server Group Creation—Go to Server Group > Radius > New
Once you click Apply, a confirmation pop-up appears:
Click OK and confirm that the server group cisco is created.
Step 18 Creating AAA Method Lists for Authentication/Accounting/Authorization—Go to AAA > Method
Lists > Authentication > New
Cisco Unified Access CT5760 Controllers and Catalyst 3850 Switches Web GUI Deployment Guide, Cisco IOS XE Software Release 3.2.2
14
Page 15
Once you click Apply, a confirmation pop-up appears:
Configuration Examples
Click OK and confirm that the server group cisco is created.
Repeat the same step for Accounting and Authorization:
Accounting
Cisco Unified Access CT5760 Controllers and Catalyst 3850 Switches Web GUI Deployment Guide, Cisco IOS XE Software Release 3.2.2
15
Page 16
Configuration Examples
Authorization
This concludes the Radius and AAA configuration. Next section explains WLAN settings. Before
moving on, please save your configuration by clicking Save Configuration in the upper right hand side
of the GUI.
801.1x WLAN Configuration Example
In this section you will perform 802.1x WLAN configuration using ISE as a radius server
Step 19 Enabling 802.1x on the entire system.
Under Configuration tab, navigate to Controller > System > General
Cisco Unified Access CT5760 Controllers and Catalyst 3850 Switches Web GUI Deployment Guide, Cisco IOS XE Software Release 3.2.2
16
Page 17
Configuration Examples
Enable Dot1x System Auth Control and click Apply. Once you get a confirmation message, move to
the next step.
Step 20 Edit WLAN Configuration and Assign VLAN—Under Configuration tab, choose Wireless
Navigate to Wireless > WLAN, you should see the WLAN summary page:
Cisco Unified Access CT5760 Controllers and Catalyst 3850 Switches Web GUI Deployment Guide, Cisco IOS XE Software Release 3.2.2
17
Page 18
Configuration Examples
Select WLAN NGWC1-1x, you can now edit its settings.
Step 21 Apply Security Settings—Under Security tab, Layer 2. Make sure WPA+WPA2 is selected as Layer 2
Security and 802.1x is selected as Auth Key Mgmt
Under WLAN > Security > AAA Server, type cisco as the Authentication and Accounting Methods
that was created earlier under AAA.
Cisco Unified Access CT5760 Controllers and Catalyst 3850 Switches Web GUI Deployment Guide, Cisco IOS XE Software Release 3.2.2
18
Page 19
Under WLAN > Advanced, enable Allow AAA Override
Configuration Examples
Now click Apply to enable the WLAN and its settings.
Once you click Apply, you will be prompted with the message below. Click OK.
Cisco Unified Access CT5760 Controllers and Catalyst 3850 Switches Web GUI Deployment Guide, Cisco IOS XE Software Release 3.2.2
19
Page 20
Configuration Examples
Confirmation message appears. Click OK.
Step 22 Saving Config—Once client verification is done, save the configuration by selecting Save
Configuration in the upper right hand side of the screen.
Creating a Switch Peer Group (SPG) on Mobility Controller 5760 Example
In this section, you will be able to configure Switch Peer Group (SPG) and add members (Mobility
Agent) to the Group on the Mobility Controller (MC).
Step 23 On the 5760 controller GUI, navigate to Configuration > Controller > Mobility Management
Cisco Unified Access CT5760 Controllers and Catalyst 3850 Switches Web GUI Deployment Guide, Cisco IOS XE Software Release 3.2.2
20
Page 21
Configuration Examples
Step 24 Under Mobility Management tab, select Switch Peer Group tab. Click New and create a new Switch
Peer Group (SPG1).
Step 25 Create new Switch Peer Group SPG1 and Click Apply
Step 26 Click OK
Cisco Unified Access CT5760 Controllers and Catalyst 3850 Switches Web GUI Deployment Guide, Cisco IOS XE Software Release 3.2.2
21
Page 22
Configuration Examples
Step 27 Go to Switch Peer Group tab and verify that SPG1 is created. Select SPG1
Step 28 Add member in SPG1 by clicking new
Step 29 Add public and private Mobility Agent (MA) IP address. Example = 10.10.10.2
Cisco Unified Access CT5760 Controllers and Catalyst 3850 Switches Web GUI Deployment Guide, Cisco IOS XE Software Release 3.2.2
22
Page 23
Step 30 Click OK
Configuration Examples
You can repeat this step to add additional MA to the switch group or create a different SPG name.
Step 31 Go to Switch Peer Group tab and verify that Switch peer group Member Count is 1.
Cisco Unified Access CT5760 Controllers and Catalyst 3850 Switches Web GUI Deployment Guide, Cisco IOS XE Software Release 3.2.2
23
Page 24
Configuration Examples
Step 32 Click SPG1 and verify that your MA address, and control and data link status is Down. That is normal
for now since you will be configuring the 3850 (MA) in the upcoming steps.
Configuring Mobility between Mobility Agent (3850) and Mobility Controller
(5760) Example
Step 33 Follow the same steps outlined in the Basic Configuration for the CT5760/3850 Example to access and
configure the 3850 switch. In this example, we will start with the Initial Wizard Configuration. Please
note that there are differences between the 3850 and the 5760 Initial Wizard configuration.
Open a browser and type your 3850 IP address. For example:
https://10.10.10.2
Enter username: admin
Password: Cisco123
Cisco Unified Access CT5760 Controllers and Catalyst 3850 Switches Web GUI Deployment Guide, Cisco IOS XE Software Release 3.2.2
24
Page 25
Step 34 Landing Page for MA UA-C3850-24P. Select Wireless Web GUI
Configuration Examples
Step 35 Login to the Home page of the 3850 and verify the software version, System model and system name.
Cisco Unified Access CT5760 Controllers and Catalyst 3850 Switches Web GUI Deployment Guide, Cisco IOS XE Software Release 3.2.2
25
Page 26
Configuration Examples
Step 36 Under Configuration Tab, choose Wizard
Step 37 Configure admin username and password.
Cisco Unified Access CT5760 Controllers and Catalyst 3850 Switches Web GUI Deployment Guide, Cisco IOS XE Software Release 3.2.2
26
Page 27
Configuration Examples
Step 38 You can configure SNMP trap in this section, give a Location and Contact to proceed to next step.
Step 39 Management Interface Configuration—You can use the out of band Management Port to access the
switch. Enter the IP address/Netmask shown in the screen below and proceed to next screen for
Wireless management configuration.
Step 40 Wireless Management Configuration—Here, you can configure Wireless Management interface on the
3850 and assign it for a specific VLAN. Assign VLAN IP and default gateway.
Note AP is connected to Interface Gig1/0/3 marked as access port.
Cisco Unified Access CT5760 Controllers and Catalyst 3850 Switches Web GUI Deployment Guide, Cisco IOS XE Software Release 3.2.2
27
Page 28
Configuration Examples
Step 41 Enter RF mobility domain name as rfdemo and Country code US
28
Step 42 Enter Mobility configuration. Define Mobility role as Mobility Agent and enter Mobility Controller
public and private IP Address as 10.10.10.5. This is where you point the MA to the MC.
Step 43 Enter WLAN ID as 1 and SSID/Profile information as ngwc1-1x.
Cisco Unified Access CT5760 Controllers and Catalyst 3850 Switches Web GUI Deployment Guide, Cisco IOS XE Software Release 3.2.2
Page 29
Step 44 Enable Radios as shown below and click Next
Configuration Examples
Step 45 Set time as NTP or Manual
Step 46 Enter NTP server as 10.10.10.1 as an example and click Next
Cisco Unified Access CT5760 Controllers and Catalyst 3850 Switches Web GUI Deployment Guide, Cisco IOS XE Software Release 3.2.2
29
Page 30
Configuration Examples
Step 47 At Save Wizard page verify Mobility Configuration, WLAN and Wireless Management configuration
for your Network
Step 48 Apply Changes and verify that all the configurations are successfully applied.
Note It will take few seconds for the changes to be applied. Do not click multiple times.
Cisco Unified Access CT5760 Controllers and Catalyst 3850 Switches Web GUI Deployment Guide, Cisco IOS XE Software Release 3.2.2
30
Page 31
Configuration Examples
Step 49 The below figure displays the final success page where you can verify your configuration changes.
Cisco Unified Access CT5760 Controllers and Catalyst 3850 Switches Web GUI Deployment Guide, Cisco IOS XE Software Release 3.2.2
31
Page 32
Configuration Examples
Exercise—Verify New Mobility on MA 3850 and MC 5760
Step 50 On Mobility Agent 3850, navigate to Configuration > Controller > Mobility Management
Step 51 Select Mobility Global Config and verify the Mobility role as Mobility Agent and Mobility Controller
IP address as your MC 10.10.10.5
Cisco Unified Access CT5760 Controllers and Catalyst 3850 Switches Web GUI Deployment Guide, Cisco IOS XE Software Release 3.2.2
32
Page 33
Configuration Examples
Step 52 Now switch back to your Mobility Controller.
https://10.10.10.5
Step 53 Go to Configuration > Controller > Mobility Management > Switch Peer Group and then click
SPG1.
Step 54 Check your MA IP address 10.10.10.2 and verify that the control link status and data link status is UP.
If link is still showing down then refresh the page. It usually takes around a minute for the link to show
as UP.
Cisco Unified Access CT5760 Controllers and Catalyst 3850 Switches Web GUI Deployment Guide, Cisco IOS XE Software Release 3.2.2
33
Page 34
Configuration Examples
Step 55 Now, go to Monitor > Controller > Mobility > Mobility Statistics
Step 56 Verify the Mobility statistics.
Cisco Unified Access CT5760 Controllers and Catalyst 3850 Switches Web GUI Deployment Guide, Cisco IOS XE Software Release 3.2.2
34
Page 35
Configuration Examples
Monitoring: Verify AP Registration Example
In this section, you will monitor and verify AP and Client connectivity.
Step 57 Go to Monitor > Wireless > Access Points
Step 58 At Access Point tab > All APs verify that you see your AP connected and it is operationally UP.
Cisco Unified Access CT5760 Controllers and Catalyst 3850 Switches Web GUI Deployment Guide, Cisco IOS XE Software Release 3.2.2
35
Page 36
Configuration Examples
Click the AP and you can check the radio stats, Channel assignment, and RF Parameters
Monitoring: Verify Client Connectivity Example
Step 59 Connecting a Client to your 802.1x WLAN—Go to Monitor > Clients and check that the client is
connected.
Cisco Unified Access CT5760 Controllers and Catalyst 3850 Switches Web GUI Deployment Guide, Cisco IOS XE Software Release 3.2.2
36
Page 37
Client Details
Configuration Examples
Configure Mobility Oracle, Mobility Peer and Verify Statistics on MC 5760
Example
Step 60 Now login back to Mobility Controller 5760 GUI using https://10.10.10.5 and navigate to
Configuration > Controller > Mobility Management and enable Mobility Oracle as shown below.
Click Apply.
Step 61 Click OK
Cisco Unified Access CT5760 Controllers and Catalyst 3850 Switches Web GUI Deployment Guide, Cisco IOS XE Software Release 3.2.2
37
Page 38
Configuration Examples
Step 62 Go to Mobility Peer tab and verify that only MC is showing and the link status is shown as UP
Step 63 Now navigate to Monitor > Mobility > Mobility Oracle Summary and verify that the client count is
shown as 1.
Cisco Unified Access CT5760 Controllers and Catalyst 3850 Switches Web GUI Deployment Guide, Cisco IOS XE Software Release 3.2.2
38
Page 39
Configuration Examples
Step 64 Click the IP address and verify your client details on MO as shown below:
Cisco Unified Access CT5760 Controllers and Catalyst 3850 Switches Web GUI Deployment Guide, Cisco IOS XE Software Release 3.2.2
39
Page 40
Configuration Examples
Managing CT5760/Cat3850 with Cisco Prime Infrastructure 2.0 Example
In this section you will:
• Configure SNMP on CT5760
• Add CT5760/Cat3850 to Cisco Prime Infrastructure
• Manage basic CT5760/Cat3850 functions on Prime Infrastructure
Step 65 SNMP strings Configurations—Navigate to 5760 Web GUI: Configuration > Controller >
Management > Protocol Management > SNMP > Communities
Configure SNMP strings for private and public.
Repeat the same step for a public Community
Step 66 Log in to PI 2.0.
Cisco Unified Access CT5760 Controllers and Catalyst 3850 Switches Web GUI Deployment Guide, Cisco IOS XE Software Release 3.2.2
40
Page 41
Step 67 Navigate to PI > Operate > Device Work Center.
Configuration Examples
Step 68 Click Add Device.
Step 69 Enter the CT5760 parameters:
a. IP address – CT5760 mgt IP
b. Read-Write SNMP string (private)
c. Telnet credentials
• Username = admin
Cisco Unified Access CT5760 Controllers and Catalyst 3850 Switches Web GUI Deployment Guide, Cisco IOS XE Software Release 3.2.2
41
Page 42
Configuration Examples
• User password = admin
• iEnable password = cisco
• HTTP credentials can be IGNORED
Step 70 Confirm Prime Infrastructure discovery of the CT5760—If reachable and successful, the status will
show as complete with the correct device type.
Step 71 Repeat the same steps by creating SNMP community strings on the 3850 and adding it to Prime
Infrastructure.
Step 72 Explore Cisco Prime Infrastructure GUI in management of CT5760, e.g. client statistics, details, reports
and so on.
Cisco Unified Access CT5760 Controllers and Catalyst 3850 Switches Web GUI Deployment Guide, Cisco IOS XE Software Release 3.2.2
42
Page 43
Configuration Examples
Cisco Unified Access CT5760 Controllers and Catalyst 3850 Switches Web GUI Deployment Guide, Cisco IOS XE Software Release 3.2.2
43
Page 44
Configuration Examples
Cisco Unified Access CT5760 Controllers and Catalyst 3850 Switches Web GUI Deployment Guide, Cisco IOS XE Software Release 3.2.2
44
Loading...