Introduction
The Cisco Catalyst 9800 Series Wireless LAN Controllers (WLCs) support various AP deployment modes, with Local Mode being one of the most commonly used configurations.
Description
Data Handling: In Local Mode, the access points (APs) tunnel client data traffic back to the WLC using the CAPWAP (Control and Provisioning of Wireless Access Points) protocol. This allows the WLC to centrally manage and apply policies to the traffic.
Control and Management: The WLC handles all control and management functions, such as authentication, security policies, and RF (radio frequency) management. This centralized approach simplifies the configuration and monitoring of the wireless network.
Enhanced Features: Local Mode supports advanced features like ClientLink (beamforming to improve client performance), CleanAir (RF spectrum analysis for interference mitigation), and FlexConnect (limited local switching for branch offices).
Roaming: Seamless client roaming between APs is facilitated by the WLC, which manages the client sessions and maintains consistent policy enforcement across the network.
High Availability: Local Mode can be used in high-availability scenarios where multiple WLCs provide redundancy, ensuring minimal disruption during WLC failovers.
AP Initialization: When an AP in Local Mode powers up, it discovers and joins the WLC. The WLC then pushes the necessary configuration and software updates to the AP.
Data Traffic Tunneling: Client data traffic from the AP is encapsulated in CAPWAP tunnels and sent to the WLC. The WLC decapsulates the traffic, applies policies, and forwards it to the appropriate destination on the wired network.
Control Traffic: The control traffic, which includes management frames, RF monitoring data, and configuration updates, also flows between the AP and WLC using the CAPWAP protocol.
Client Association: When a wireless client associates with an AP, the AP forwards the authentication requests to the WLC. The WLC authenticates the client and handles subsequent session management.
Mobility: As clients move between APs, the WLC manages the handoffs, ensuring seamless roaming and maintaining active sessions without drops or disruptions.
Local Mode Benefits
Description
Centralized Management: Simplifies network administration by centralizing control and policy enforcement on the WLC.
Advanced Features: Enables the use of sophisticated wireless features that enhance network performance and reliability.
Scalability: Supports large-scale deployments with numerous APs and clients.
Security: Centralizes security policies, making it easier to manage and enforce consistent security across the network.
Consistency: Ensures uniform policy application and network performance, regardless of client location.
The CLI output below represents the WLC default configuration.
-
–
show interface status
Port Name Status Vlan Duplex Speed Type
Te0/0/0 notconnect 1 full auto unknown media type
Te0/0/1 notconnect 1 full auto unknown media type
Te0/0/2 notconnect 1 full auto unknown media type
Te0/0/3 notconnect 1 full auto unnown media type
show running-config
Building configuration...
Current configuration : 9809 bytes
!
! Last configuration change at 12:03:10 UTC Tue May 28 2024
!
version 17.9
service timestamps debug datetime msec
service timestamps log datetime msec
service call-home
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
!
hostname WLC
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
no aaa new-model
vtp mode off
vtp version 1
!
!
!
!
!
!
!
!
!
!
login on-success log
!
!
!
!
!
!
!
subscriber templating
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
diagnostic bootup level minimal
!
!
!
redundancy
mode sso
!
!
!
!
!
vlan internal allocation policy ascending
!
!
!
class-map match-any AVC-Reanchor-Class
match protocol cisco-jabber-audio
match protocol cisco-jabber-video
match protocol webex-media
match protocol webex-app-sharing
match protocol webex-control
match protocol webex-meeting
match protocol wifi-calling
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface TenGigabitEthernet0/0/0
no negotiation auto
!
interface TenGigabitEthernet0/0/1
no negotiation auto
!
interface TenGigabitEthernet0/0/2
no negotiation auto
!
interface TenGigabitEthernet0/0/3
no negotiation auto
!
interface GigabitEthernet0
no ip address
shutdown
!
interface Vlan1
no ip address
shutdown
!
ip http server
ip http authentication local
ip http secure-server
ip forward-protocol nd
!
ip tftpp source-interface GigabitEthernet0
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
line con 0
stopbits 1
line aux 0
line vty 0 4
login
transport input ssh
line vty 5 15
login
transport input ssh
!
!
!
!
!
!
wireless aaa policy default-aaa-policy
wireless cts-sxp profile default-sxp-profile
wireless profile airtime-fairness default-atf-policy 0
wireless profile flex default-flex-profile
description "default flex profile"
wireless profile mesh default-mesh-profile
description "default mesh profile"
wireless profile multi-bssid default-multi-bssid-profile
description "Default multi bssid profile"
wireless profile radio default-radio-profile
description "Preconfigured default radio profile"
wireless profile policy default-policy-profile
description "default policy profile"
wireless tag site default-site-tag
description "default site tag"
wireless tag policy default-policy-tag
description "default policy-tag"
wireless tag rf default-rf-tag
description "default RF tag"
wireless fabric control-plane default-control-plane
ap dot11 24ghz rf-profile Low_Client_Density_rf_24gh
coverage data rssi threshold -90
coverage level 2
coverage voice rssi threshold -90
description "pre configured Low Client Density rfprofile for 2.4gh radio"
high-density rx-sop threshold low
rate RATE_12M supported
rate RATE_24M supported
rate RATE_6M supported
tx-power v1 threshold -65
no shutdown
ap dot11 24ghz rf-profile High_Client_Density_rf_24gh
description "pre configured High Client Density rfprofile for 2.4gh radio"
high-density rx-sop threshold medium
rate RATE_11M disable
rate RATE_12M mandatory
rate RATE_1M disable
rate RATE_24M supported
rate RATE_2M disable
rate RATE_5_5M disable
rate RATE_6M disable
tx-power min 7
no shutdown
ap dot11 24ghz rf-profile Typical_Client_Density_rf_24gh
description "pre configured Typical Client Density rfprofile for 2.4gh radio"
rate RATE_11M disable
rate RATE_12M mandatory
rate RATE_1M disable
rate RATE_24M supported
rate RATE_2M disable
rate RATE_5_5M disable
rate RATE_6M disable
no shutdown
ap dot11 24ghz rate RATE_12M supported
ap dot11 24ghz rate RATE_24M supported
ap dot11 24ghz rate RATE_6M supported
ap dot11 6ghz rf-profile default-rf-profile-6ghz
description "default rfprofile for 6GHz radio"
rate RATE_12M mandatory
rate RATE_24M mandatory
rate RATE_6M mandatory
no shutdown
ap dot11 5ghz rf-profile Low_Client_Density_rf_5gh
coverage data rssi threshold -90
coverage level 2
coverage voice rssi threshold -90
description "pre configured Low Client Density rfprofile for 5gh radio"
high-density rx-sop threshold low
rate RATE_12M mandatory
rate RATE_24M mandatory
rate RATE_6M mandatory
tx-power v1 threshold -60
no shutdown
ap dot11 5ghz rf-profile High_Client_Density_rf_5gh
description "pre configured High Client Density rfprofile for 5gh radio"
high-density rx-sop threshold medium
rate RATE_12M mandatory
rate RATE_24M mandatory
rate RATE_6M disable
rate RATE_9M disable
tx-power min 7
tx-power v1 threshold -65
no shutdown
ap dot11 5ghz rf-profile Typical_Client_Density_rf_5gh
description "pre configured Typical Density rfprofile for 5gh radio"
rate RATE_12M mandatory
rate RATE_24M mandatory
rate RATE_6M mandatory
no shutdown
ap dot11 5ghz rate RATE_12M mandatory
ap dot11 5ghz rate RATE_24M mandatory
ap dot11 5ghz rate RATE_6M mandatory
ap dot11 6ghz rrm monitor measurement 600
ap tag-source-priority 2 source filter
ap tag-source-priority 3 source ap
ap profile default-ap-profile
description "default ap profile"
trapflags ap crash
trapflags ap noradiocards
trapflags ap register
end
Topology
The following topology has been used for this guide. A layer 3 switch is responsible for the routing between all subnets and it also handles all layer 2 traffic. The WLC and the AP are connected to the switch.
The following configuration has been used on the layer 3 switch.
-
–
LABSW01
hostname LABSW01
!
ip routing
!
ip domain name configure-networks.com
ip dhcp excluded-address 172.16.5.1 172.16.5.11
ip dhcp excluded-address 172.16.4.1 172.16.4.11
ip dhcp excluded-address 172.16.3.1 172.16.3.11
!
ip dhcp pool CLIENTS10
network 172.16.4.0 255.255.255.0
default-router 172.16.4.1
dns-server 8.8.8.8
!
ip dhcp pool CLIENTS20
network 172.16.5.0 255.255.255.0
default-router 172.16.5.1
dns-server 8.8.8.8
!
ip dhcp pool WLAN-MGMT
network 172.16.3.0 255.255.255.0
default-router 172.16.3.1
dns-server 8.8.8.8
!
!
vtp mode transparent
!
!
spanning-tree mode rapid-pvst
spanning-tree portfast default
spanning-tree portfast bpduguard default
spanning-tree extend system-id
spanning-tree vlan 1-5 priority 4096
!
!
vlan 2
name NWMGMT
!
vlan 3
name WLAN-MGMT
!
vlan 4
name CLIENTS10
!
vlan 5
name CLIENTS20
!
!
interface Port-channel1
description LABWLC-UPLINK
switchport trunk allowed vlan 2-5
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/0/1
description TO-INTERNET
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/2
description ACCESS-POINT
switchport access vlan 3
switchport mode access
switchport nonegotiate
device-tracking
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/3
description ACCESS-POINT
switchport access vlan 3
switchport mode access
switchport nonegotiate
device-tracking
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/4
description CLIENTS10
switchport access vlan 4
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/5
description CLIENTS20
switchport access vlan 5
switchport mode access
switchport nonegotiate
device-tracking
spanning-tree portfast
spanning-tree bpduguard enable
!
!
interface TenGigabitEthernet1/1/3
description LABWLC-UPLINK
switchport trunk allowed vlan 2-5
switchport mode trunk
switchport nonegotiate
channel-group 1 mode active
!
interface TenGigabitEthernet1/1/4
description LABWLC-UPLINK
switchport trunk allowed vlan 2-5
switchport mode trunk
switchport nonegotiate
channel-group 1 mode active
!
interface Vlan1
description TO-INTERNET
ip address 172.16.1.1 255.255.255.0
!
interface Vlan2
description NWMGMT
ip address 172.16.2.1 255.255.255.0
!
interface Vlan3
description WLAN-MGMT
ip address 172.16.3.1 255.255.255.0
!
interface Vlan4
description CLIENTS10
ip address 172.16.4.1 255.255.255.0
!
interface Vlan5
description CLIENTS20
ip address 172.16.5.1 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 172.16.1.254
!
end
show commands
LABSW01#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, m - OMP
n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
H - NHRP, G - NHRP registered, g - NHRP registration summary
o - ODR, P - periodic downloaded static route, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
& - replicated local route overrides by connected
Gateway of last resort is 172.16.1.254 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 172.16.1.254
172.16.0.0/16 is variably subnetted, 10 subnets, 2 masks
C 172.16.1.0/24 is directly connected, Vlan1
L 172.16.1.1/32 is directly connected, Vlan1
C 172.16.2.0/24 is directly connected, Vlan2
L 172.16.2.1/32 is directly connected, Vlan2
C 172.16.3.0/24 is directly connected, Vlan3
L 172.16.3.1/32 is directly connected, Vlan3
C 172.16.4.0/24 is directly connected, Vlan4
L 172.16.4.1/32 is directly connected, Vlan4
C 172.16.5.0/24 is directly connected, Vlan5
L 172.16.5.1/32 is directly connected, Vlan5
LABSW01#
LABSW01#
LABSW01#show ip int brief | ex assi
Interface IP-Address OK? Method Status Protocol
Vlan1 172.16.1.1 YES manual up up
Vlan2 172.16.2.1 YES manual up up
Vlan3 172.16.3.1 YES manual up up
Vlan4 172.16.4.1 YES manual up up
Vlan5 172.16.5.1 YES manual up up
LABSW01#
LABSW01#
LABSW01#show cdp neigh
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay
Device ID Local Intrfce Holdtme Capability Platform Port ID
LABWLC01.configure-networks.com
Ten 1/1/3 152 R I C9800-40- Ten 0/0/1
LABWLC01.configure-networks.com
Ten 1/1/4 133 R I C9800-40- Ten 0/0/0
Total cdp entries displayed : 2
LABSW01#
LABSW01#
LABSW01#show int status
Port Name Status Vlan Duplex Speed Type
Gi1/0/1 TO-INTERNET connected 1 a-full a-100 10/100/1000BaseTX
Gi1/0/2 ACCESS-POINT notconnect 3 auto auto 10/100/1000BaseTX
Gi1/0/3 ACCESS-POINT notconnect 3 auto auto 10/100/1000BaseTX
Gi1/0/4 CLIENTS10 connected 4 a-full a-1000 10/100/1000BaseTX
Gi1/0/5 CLIENTS20 notconnect 5 auto auto 10/100/1000BaseTX
Gi1/0/6 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/7 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/8 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/9 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/10 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/11 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/12 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/1/1 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/1/2 notconnect 1 auto auto 10/100/1000BaseTX
Te1/1/3 LABWLC-UPLINK connected trunk full 10G SFP-10GBase-SR
Te1/1/4 LABWLC-UPLINK connected trunk full 10G SFP-10GBase-SR
Po1 LABWLC-UPLINK connected trunk a-full a-10G N/A
LABSW01#
0 Comments