232 CCNA Wireless Official Exam Certification Guide
Step 3. Manually update images.
Step 4. Change the active boot image.
Step 5. Clear the configuration.
The correct choice at this point is to run the primary image. When the HTML interface is
accessible, you can upgrade the code on the controller. Because this is covered in
Chapter 19, “Maintaining Wireless Networks,” it will not be covered now. Of course, you
can also manually update the image, as seen in Step 3. Alternatively, you can change the
active boot image or clear the configuration file.
Performing Initial CLI Configurations
Initially, the controller looks for a configuration file. If the controller finds such a file, it
loads it and then prompts you for a username and password. If no configuration exists,
you see a prompt to run through a dialog and a message stating that the certificate was
not found, as in Example 13-2.
Example 13-2 Certificate Not Found Message
Starting LOCP: ok
Starting CIDS Services: ok
Starting Ethernet-over-IP: ok
Starting Management Services:
Web Server: ok
CLI: ok
Secure Web: Web Authentication Certificate not found (error).
(Cisco Controller)
Welcome to the Cisco Wizard Configuration Tool
Use the ‘-’ character to backup
System Name [Cisco_32:af:43]:
For the CCNA Wireless exam, you should be familiar with the CLI Wizard Configuration
tool. This tool is designed for quick setup of the controller. Example 13-3 shows a CLI
Wizard configuration.
Note During the startup script, any time that you make a mistake after pressing the Enter
key, you can move back a step to fix the error by pressing the ( - ) key.

Example 13-3 CLI Wizard Configuration
Welcome to the Cisco Wizard Configuration Tool
Use the ‘-’ character to backup
System Name [Cisco_32:af:43]: WLC_1
Enter Administrative User Name (24 characters max): admin
Key
Topi
c
15_1587202115_ch13.qxp 9/29/08 2:41 PM Page 232
Chapter 13: Simple Network Configuration and Monitoring with the Cisco Controller 233
Enter Administrative Password (24 characters max): *****
Re-enter Administrative Password : *****
Service Interface IP Address Configuration [none][DHCP]: 10.1.1.1
Invalid response
Service Interface IP Address Configuration [none][DHCP]: none
Service Interface IP Address: 10.1.1.1
Service Interface Netmask: 255.255.255.0
Enable Link Aggregation (LAG) [yes][NO]:
Management Interface IP Address: 192.168.1.75
Management Interface Netmask: 255.255.255.0
Management Interface Default Router: 192.168.1.1
Management Interface VLAN Identifier (0 = untagged):
Management Interface Port Num [1 to 2]: 1
Management Interface DHCP Server IP Address: 192.168.1.1
AP Transport Mode [layer2][LAYER3]:
AP Manager Interface IP Address: 192.168.1.80
AP-Manager is on Management subnet, using same values
AP Manager Interface DHCP Server (192.168.1.1):
Virtual Gateway IP Address: 1.1.1.1
Mobility/RF Group Name: CP_Mobile1

Enable Symmetric Mobility Tunneling [yes][NO]: no
Network Name (SSID): OpenAccess
Allow Static IP Addresses [YES][no]:
Configure a RADIUS Server now? [YES][no]:
Enter the RADIUS Server’s Address: -
Configure a RADIUS Server now? [YES][no]: no
Warning! The default WLAN security policy requires a RADIUS server.
Please see documentation for more details.
Enter Country Code list (enter ‘help’ for a list of countries) [US]:
Enable 802.11b Network [YES][no]:
Enable 802.11a Network [YES][no]:
Enable 802.11g Network [YES][no]:
Enable Auto-RF [YES][no]:
Configuration saved!
Resetting system with new configuration
Configuration saved!
Resetting system with new configuration
Bootloader 4.1.171.0 (Apr 27 2007 - 05:19:36)
Motorola PowerPC ProcessorID=00000000 Rev. PVR=80200020
CPU: 833 MHz
CCB: 333 MHz
DDR: 166 MHz
LBC: 41 MHz
continues
15_1587202115_ch13.qxp 9/29/08 2:41 PM Page 233
234 CCNA Wireless Official Exam Certification Guide
L1 D-cache 32KB, L1 I-cache 32KB enabled.
I2C: ready`
DTT: 1 is 31 C
DRAM: DDR module detected, total size:512MB.

512 MB
8540 in PCI Host Mode.
8540 is the PCI Arbiter.
Memory Test PASS
After the controller reboots, you are prompted for a username. This, of course, is the user-
name that you created in the CLI Wizard:
Enter User Name (or ‘Recover-Config’ this one-time only to reset configura-
tion to factory defaults)
User: admin
Password:*****
(Cisco Controller) >
After you are authenticated, you can become familiar with some of the commands avail-
able to you in the CLI. Press the question mark key (?) to get a list of commands. Similar
to the Cisco routers and security appliances, the ? can follow a letter to give you a list of
commands that begin with that letter. For example, issuing the p? command shows that
ping is available. Use the space key to complete the command if it is unique. Ping is a com-
mon utility that helps to verify connectivity. Another common command is the command
to save your work. Unlike Cisco routers, copy run start does not work here. Instead, you
use the save config command. In Example 13-4, you can see the process of saving the
configuration. After you issue the command, you are asked to verify. You need not press
Enter after making your selection. Simply press the letter y for yes and press n for no.
Example 13-4 Saving Your Configuration from the CLI
(Cisco Controller) >save config
Are you sure you want to save? (y/n) y
Configuration Saved!
(Cisco Controller) >
Just as routers have a global configuration mode, so does the controller. Accessing the
configuration mode of the controller is a little different from what you might expect. You
use the config command followed by what it is you want to configure. For example, if you
want to configure 802.11a parameters, you type config 802.11a ?. You need to type the ?

because you have to enter the complete string, and the question mark helps you find the
syntax, as demonstrated in Example 13-5.
15_1587202115_ch13.qxp 9/29/08 2:41 PM Page 234
Chapter 13: Simple Network Configuration and Monitoring with the Cisco Controller 235
Example 13-5 Using the ? Help Facility
(Cisco Controller) >config 802.11a ?
11nSupport Configure 802.11n-5Ghz parameters.
antenna Configures the 802.11a antenna
beaconperiod Configures the 802.11a beacon interval (20 1000)
cac Configure Call Admission Control parameters for 802.11a radios.
channel Configures the 802.11a channel
chan_width Configure 802.11a channel width
disable Disables 802.11a.
dtim Configures the 802.11a DTIM Period
enable Enables 802.11a.
fragmentation Configures the 802.11a Fragmentation Threshold
l2roam Configures 802.11a l2roam information.
pico-cell Configures the 802.11a pico-cell mode
picocell-V2 Configures the 802.11a picocell-V2 mode
rate Configures 802.11a operational rates.
txPower Configures the 802.11a Tx Power Level
dtpc Configures the 802.11a DTPC Setting
tsm Configures the 802.11a Traffic stream Metrics option
exp-bwreq Configures the 802.11a Expedited BW Request option
(Cisco Controller) >config 802.11a
You can also perform debug commands from the CLI interface. This is important because
these commands are not available from the web interface.
Note: debug commands, although useful, can be dangerous. They take up a lot of re-
sources, so use them sparingly. Also, they turn off when your session times out.
Performing Initial Web Configurations

You can connect to the web interface without ever running though the CLI by browsing to
the default IP address on the controller, which is 192.168.1.1. Assume, for the purposes of
demonstration, that the controller IP address is 192.168.1.50. This is the IP address that has
been assigned to the management interface. When you browse to the controller after us-
ing the Setup dialog, you use HTTPS, as seen in Figure 13-1.
After you have accessed the Controller Login page, click the Login button. You then see
the controller Summary page, shown in Figure 13-2.
Navigating the Web Interface of the Controller
It is beneficial to take time to understand the controller interface. The main menus along
the top of the interface are as follows:
■ MONITOR
■ WLANs
15_1587202115_ch13.qxp 9/29/08 2:41 PM Page 235
236 CCNA Wireless Official Exam Certification Guide
Figure 13-1 Browsing to the Controller
Figure 13-2 Controller Summary
15_1587202115_ch13.qxp 9/29/08 2:41 PM Page 236
Chapter 13: Simple Network Configuration and Monitoring with the Cisco Controller 237
Figure 13-3 WIRELESS Submenus
■ CONTROLLER
■ WIRELESS
■ SECURITY
■ MANAGEMENT
■ COMMANDS
■ HELP
Also, along the top right you have access to links that save your configuration, access a
ping utility, log out, and refresh the page.
When you select one of the top-level configuration tabs, the menu in the left margin of
the screen changes. The change enables configuration and monitoring options that pertain
to the main level with which you are working. For example, if you are working in the

WIRELESS tab, the left menus include the following configuration areas, as seen in Figure
13-3:
■ Access Points
■ Mesh
■ HREAP Groups
■ 802.11a/n
15_1587202115_ch13.qxp 9/29/08 2:41 PM Page 237
238 CCNA Wireless Official Exam Certification Guide
■ 802.11b/g/n
■ QoS
Each top-level heading you change results in a new side menu.
Configuring the Controller Using the Web Interface
For this example, you build basic wireless connectivity. The process is as follows:
■ Build the controller interface.
■ Create the WLAN and tie it to the interface.
■ Modify security settings.
Building the controller interface is required because, as you might recall from the begin-
ning of this chapter, the interface is a logical entity. It is not a physical port that you can
touch, although the interface you create will end up having access to the network via one
of the physical ports. After you have created the interface, you need to create the WLAN.
The WLAN defines the wireless side, whereas the interface creates the wired side of the
configuration. You then need to bind these two to each other so that users on the wireless
side can access the wired side of the network.
The default settings for a WLAN apply certain security settings that prohibit a user from
connecting without additional configuration. The last step in creating a functional WLAN
allowing anyone access with no security is to modify the security settings of the WLAN.
The following sections detail the process.
Building the Controller Interface
Step 1. Create an interface in the controller that ties to the VLAN that you want the
GUESTNET users on.

CONTROLLER > Interfaces > New
Step 2. Populate the fields with the appropriate values for the Interface Name and
VLAN Id fields, as shown in Figure 13-4. Click Apply.
Step 3. Define the IP address for this interface. This should be an address that resides
on the same subnet as the GUEST_LAN network.
In Figure 13-5, the IP address is 172.30.1.50, and the gateway is 172.30.1.1.
Step 4. Next, on the same configuration page shown in Figure 13-5, select a physical
port for this GUEST_LAN to use to access the wired network. In the example,
port 1 is used because it is a trunk back to the switch that accesses the wired
network.
Step 5. The next step involves defining the DHCP servers. These servers assign IP ad-
dresses to the clients that access the network. In the example, the DHCP
server is 172.30.1.1, which is the same as the gateway. The controller queries
this DHCP server when clients need IP addresses.
Step 6. Click Apply.
Key
Topi
c
15_1587202115_ch13.qxp 9/29/08 2:41 PM Page 238
Chapter 13: Simple Network Configuration and Monitoring with the Cisco Controller 239
Figure 13-4 Creating the GUEST_LAN Interface
Figure 13-5 Adding an IP Address to the GUEST_LAN Interface
15_1587202115_ch13.qxp 9/29/08 2:41 PM Page 239
240 CCNA Wireless Official Exam Certification Guide
Note You will receive a message indicating that WLANS are disabled temporarily when
you click Apply. This is normal.
After you click Apply, you are returned to the list of interfaces seen in Figure 13-6. Notice
that physical interfaces are listed here, such as the service-port, ap-manager, and manage-
ment. These interfaces are tied to VLANs that you can access via the physical connec-
tion—port 1. Port 1 is connected to a switch and is operating as an 802.1Q trunk.

The GUEST_LAN interface that you created ties the controller to the wired network over
port 1 on VLAN 80. No WLAN is associated with it, and no AP is sending beacons adver-
tising GUEST_LAN access. That part has yet to be configured.
Creating the WLAN and Tying It to the Interface
The next piece of the configuration is creating the wireless side.
Step 1. Choose WLANs > New.
You see a configuration page that assigns an arbitrary WLAN ID to the
WLAN that you are creating. In the case of Figure 13-7, the WLAN ID is 2.
Step 2. Give the WLAN a profile name.
Step 3. Give the WLAN an SSID. In this case, the SSID chosen is GUESTNET.
Figure 13-6 Interface Listing
15_1587202115_ch13.qxp 9/29/08 2:41 PM Page 240
Chapter 13: Simple Network Configuration and Monitoring with the Cisco Controller 241
Figure 13-7 Creating the WLAN Profile Name
Step 4. Click Apply.
The next page that you arrive at has four tabs, seen in Figure 13-8. These tabs
allow you to configure the General, Security, QoS, and Advanced settings for
the WLAN.
Step 5. On the General tab, make sure of the following:
■ The WLAN Status is Enabled. If it is not, the WLAN settings are not sent
to all APs.
Note: Skip the Security Policies field. You will change this in the Security tab.
■ For the Radio Policy, if All is left selected, all radios are available for the
GUESTNET network. It is common to allow 802.11b/g for guests and then
use 802.11a for private WLANs, because 802.11b/g usually experience
more interference than 802.11a. For guests, quality of service is probably
not the highest concern; however, it is for internal users. For now, just leave
Radio Policy at the default value of All.
Step 6. Next is the important step of choosing the interface in the Interface drop-
down that ties this GUESTNET WLAN to the guest_lan physical interface on

VLAN 80. If you choose the wrong interface here, people can end up on the
wrong network.
15_1587202115_ch13.qxp 9/29/08 2:41 PM Page 241