Configure the WLC for NAT
Apr 26, 2013 In this post we will see how to control access to WLC for different type of users using TACACS (ACS 5.2). I will create 3 different user type (Admin, User, Guest) where 'Admin' user have full access to WLC (modify, add, delete, etc), 'User' having access to 'WLAN' & 'WIRELESS' section of the WLC to. Configure SSH WLC(config)#line vty 0 10 WLC(config-line)#transport input ssh WLC(config-line)#login local WLC(config-line)#end WLC#conf t WLC(config)#hostname haifeli-C9800 haifeli-C9800(config)#ip domain name lihaifeng.net haifeli-C9800(config)#ip ssh version 2 haifeli-C9800(config)#crypto key generate rsa The name for the keys will be: haifeli-C9800.lihaifeng.net Choose the size of the.
The Internet edge firewall translates the IP address of the WLCmanagement interface in the DMZ to a publicly reachable IP addressso Cisco OfficeExtend Access Points at teleworker locations canreach the WLC. However, in order for the Cisco OfficeExtend AccessPoints to be able to communicate with the WLC, the publiclyreachable address must also be configured on the WLC managementinterface.
To configure the WLC for NAT, perform the following steps:
ProcedureCisco Wcs
Step 1 | In Controller >Interfaces, click the management interface. | ||
Step 2 | Select Enable NAT Address. | ||
Step 3 | In the NAT IP Address box, enter the publiclyreachable IP address, and then click Apply. (Example:172.16.130.20)
|
Configuring the Time Zone
To configure the time zone, perform the following steps:
ProcedureStep 1 | Navigate to Commands >Set Time. |
Step 2 | In the Location list, choose the time zone thatcorresponds to the locationof the WLC. |
Step 3 | Click Set Timezone. |
Configuring SNMP
Cisco Wlc Default Login
ProcedureStep 1 | In Management >SNMP > Communities, clickNew. | ||
Step 2 | Enter the Community Name.(Example: cisco) | ||
Step 3 | Enter the IP Address. (Example:10.4.48.0) | ||
Step 4 | Enter the IP Mask. (Example:255.255.255.0) | ||
Step 5 | In the Status list, chooseEnable, and then clickApply. | ||
Step 6 | In Management >SNMP > Communities, clickNew. | ||
Step 7 | Enter the Community Name.(Example: cisco123) | ||
Step 8 | Enter the IP Address. (Example:10.4.48.0) | ||
Step 9 | Enter the IP Mask. (Example:255.255.255.0) | ||
Step 10 | In the Access Mode list, chooseRead/Write. | ||
Step 11 | In the Status list, chooseEnable, and then clickApply. | ||
Step 12 | Navigate to Management >SNMP > Communities. | ||
Step 13 | Point to the blue box for the public community,and then click Remove. | ||
Step 14 | On the 'Are you sure you want to delete?'message,click OK . | ||
Step 15 | Repeat Step 13 and Step 14 for the privatecommunity. | ||
Step 16 | Navigate to Management >SNMP > General and disableSNMP v3 Mode, and click Apply. Figure 1. | ||
Step 17 | Navigate to Management >SNMP Communities > SNMP V3Users. | ||
Step 18 | On the right side of the default UserName, point and click the blue down arrow, and then clickRemove. | ||
Step 19 | Press OK to confirm that youare sure you want to delete, then press SaveConfiguration.
|
Configuring Wireless User Authentication
ProcedureStep 1 | In Security >AAA > Radius >Authentication, click New. |
Step 2 | Enter the Server IP Address.(Example: 10.4.48.15) |
Step 3 | Enter and confirm the SharedSecret. (Example: SecretKey) |
Step 4 | To the right of Management,clear Enable, and then clickApply. |
Step 5 | To the right of Management, clearEnable, and then clickApply. |
Step 6 | Enter the Server IP Address.(Example: 10.4.48.15) |
Step 7 | Enter and confirm the SharedSecret, and then click Apply. (Example:SecretKey) |
Here is the way you set up login banner for WLC. First of all you have to create your banner in notepad and save it as a .txt file. Then you have to download this onto WLC using a TFTP server. You can use WCS (as it has TFTP server running on it) or you can use a different TFTP server as well. I have created a txt file called “WLC-banner.txt” for this.
Then you have to go “Commands > Download File” section & select File Type as “Login Banner” & transfer mode as “TFTP”. Fill the rest of detail as required & then initiate the download.
You can do the same via CLI as well. Here is the config commands to download this banner onto WLC via CLI.
Once download process is complete you can verify this by log out & login to the controller (either CLI or GUI). Here is my login screen afterwords.
Here you will see it once log in via CLI
You can clear the login banner via “Commands > Login Banner > Clear” as shown in the below.
In CLI, you can use “clear login-banner” command to do this.