Disclaimer: The interface's used will depend on what platform / slot you place the module.
On to the good stuff... I decided to add a quick summary / description of the interfaces being used below. Once you understand what the port is doing and going to do, it makes things much easier. (Note: The brief explanations do not cover everything that the interfaces will do, please see Cisco website if you want more information.)
Management Interface -
The management interface is the default interface for in-band management of the controller and connectivity to enterprise services such as AAA servers. It is also used for communications between the controller and access points. The management interface has the only consistently "pingable" in-band interface IP address on the controller. You can access the controller's GUI by entering the controller's management interface IP address in Internet Explorer's or Mozilla Firefox's address field.
For CAPWAP, the controller requires one management interface to control all inter-controller communications and one AP-manager interface to control all controller-to-access point communications, regardless of the number of ports.
AP-Manager Interface -
A controller has one or more AP-manager interfaces, which are used for all Layer 3 communications between the controller and lightweight access points after the access points have joined the controller. The AP-manager IP address is used as the tunnel source for CAPWAP packets from the controller to the access point and as the destination for CAPWAP packets from the access point to the controller. The AP-manager interface communicates through any distribution system port by listening across the Layer 3 network for access point CAPWAP or LWAPP join messages to associate and communicate with as many lightweight access points as possible.
For Cisco 4404 and WiSM Controllers, configure the AP-manager interface on all distribution system ports (1, 2, 3, and 4). For Cisco 4402 Controllers, configure the AP-manager interface on distribution system ports 1 and 2. In both cases, the static (or permanent) AP-manager interface is always assigned to distribution system port 1 and given a unique IP address. Configuring the AP-manager interface on the same VLAN or IP subnet as the management interface results in optimum access point association.
The virtual interface is used to support mobility management, Dynamic Host Configuration Protocol (DHCP) relay, and embedded Layer 3 security such as guest web authentication and VPN termination. It also maintains the DNS gateway host name used by Layer 3 security and mobility managers to verify the source of certificates when Layer 3 web authorization is enabled.
Specifically, the virtual interface plays these two primary roles:
•Acts as the DHCP server placeholder for wireless clients that obtain their IP address from a DHCP server.
•Serves as the redirect address for the web authentication login page.
Note: All controllers within a mobility group must be configured with the same virtual interface IP address. Otherwise, inter-controller roaming may appear to work, but the handoff does not complete, and the client loses connectivity for a period of time.
The virtual interface IP address is used only in communications between the controller and wireless clients. It never appears as the source or destination address of a packet that goes out a distribution system port and onto the switched network. For the system to operate correctly, the virtual interface IP address must be set (it cannot be 0.0.0.0), and no other device on the network can have the same address as the virtual interface. Therefore, the virtual interface must be configured with an unassigned and unused gateway IP address. The virtual interface IP address is not pingable and should not exist in any routing table in your network. In addition, the virtual interface cannot be mapped to a backup port.
Service-Port Interface -
The service-port interface controls communications through and is statically mapped by the system to the service port. The service port can obtain an IP address using DHCP, or it can be assigned a static IP address, but a default gateway cannot be assigned to the service-port interface. Static routes can be defined through the controller for remote network access to the service port.
Dynamic Interface -
Dynamic interfaces, also known as VLAN interfaces, are created by users and designed to be analogous to VLANs for wireless LAN clients. A controller can support up to 512 dynamic interfaces (VLANs). Each dynamic interface is individually configured and allows separate communication streams to exist on any or all of a controller's distribution system ports. Each dynamic interface controls VLANs and other communications between controllers and all other network devices, and each acts as a DHCP relay for wireless clients associated to WLANs mapped to the interface. You can assign dynamic interfaces to distribution system ports, WLANs, the Layer 2 management interface, and the Layer 3 AP-manager interface, and you can map the dynamic interface to a backup port.
You can configure zero, one, or multiple dynamic interfaces on a distribution system port. However, all dynamic interfaces must be on a different VLAN or IP subnet from all other interfaces configured on the port. If the port is untagged, all dynamic interfaces must be on a different IP subnet from any other interface configured on the port.
Dynamic AP Management -
A dynamic interface is created as a WLAN interface by default. However, any dynamic interface can be configured as an AP-manager interface, with one AP-manager interface allowed per physical port. A dynamic interface with the Dynamic AP Management option enabled is used as the tunnel source for packets from the controller to the access point and as the destination for CAPWAP packets from the access point to the controller. The dynamic interfaces for AP management must have a unique IP address and are usually configured on the same subnet as the management interface.
You may want to verify that the router actually recognizes the module first, just in case.
Home_3825#sh inventory
NAME: "Integrated Service Engine for Modular and Integrated Services Routers on Slot 2", DESCR: "Integrated Service Engine for Modular and Integrated Services Routers"
PID: NME-AIR-WLC8-K9 , VID: V02 , SN: XXXXXXXX
Home_3825#show ip interface brief
In2/0 10.1.22.1 YES manual up up
This is what the module interface will look like (In1/0 | In2/0)
The module in the router that I am using is configured already, well as far along as this blog will take us. (Your's probably wont have an IP address and it will be shut down)
We need to log into the WLCM to start the initial configuration.
First, we need to give the module an IP address and no shut the interface before we can begin our "session" with the module. If we try and session in with the two commands just mentioned, you will get the error below.
Home_3825#service-module integrated-Service-Engine 2/0 session
IP address needs to be configured on interface Integrated-Service-Engine2/0
The IP address that you give this interface will be the default-gateway IP for the additional interfaces we will be adding later so choose wisely.
Home_3825(config)#inter integrated-Service-Engine 2/0
Home_3825(config-if)#ip add 10.1.22.1 255.255.255.0
Home_3825(config-if)#no shut
Try to think of this interface just like you would any other layer 3 interface. (e.g. GigabitEthernet0/0)
Lets open a session into the module!
Home_3825#service-module integrated-Service-Engine 2/0 session
Trying 10.1.22.1, 2130 ... Open
Username: Cisco
Password: cisco
Once you are in a session, to get back out. ( control + shift + 6 ) X) If you want to permanantely back out, once your at the router interface type: #disconnect < --- enter
We are now asked for credentials to log into the WLCM to begin working on its initial configuration. I wanted to make sure the module was reverted back to factory-default.
User:Cisco
Password:cisco
(Cisco Controller) >clear config
Are you sure you want to clear the configuration? (y/n) y
Configuration Cleared!
(Cisco Controller) >reset
(Cisco Controller) reset>system
The system has unsaved changes.
Would you like to save them now? (y/N) N
Configuration Not Saved!
Are you sure you would like to reset the system? (y/N) y
System will now restart!
------------------------------------------
Just like anything Cisco, exit out of the configuration wizard to begin. It will present you with a different "wizard", this one is the one you want plus you can't cancel out of this one.
*** autoinstall must be terminated in order to run the configuration wizard.
Would you like to terminate autoinstall? [yes]:
System Name [Cisco_cc:cb:60] (31 characters max): Your_clever_WLCM_name
Enter Administrative User Name (24 characters max): jdoe
Enter Administrative Password (24 characters max): password
Re-enter Administrative Password : password
Management Interface IP Address: 10.1.22.18
Management Interface Netmask: 255.255.255.0
Management Interface Default Router: 10.1.22.1
Management Interface VLAN Identifier (0 = untagged): 0
Management Interface Port Num [1]: 1
Management Interface DHCP Server IP Address: 10.1.22.18
AP Manager Interface IP Address: 10.1.22.19
AP-Manager is on Management subnet, using same
values AP Manager Interface DHCP Server (10.1.22.18): 10.1.22.18
Virtual Gateway IP Address: 22.22.22.22
Mobility/RF Group Name: wlan-22-mg
Network Name (SSID): wlan-22
Configure DHCP Bridging Mode [yes][NO]: n
Configure DHCP Bridging Mode [yes][NO]: NO
Allow Static IP Addresses [YES][no]: no
Configure a RADIUS Server now? [YES][no]: no
Warning! The default WLAN security policy requires a RADIUS server.
Please see documentation for more details.
Enter Country Code list (enter 'help' for a list of countries) [US]:
Enable 802.11b Network [YES][no]: yes
Enable 802.11a Network [YES][no]: yes
Enable 802.11g Network [YES][no]: yes
Enable Auto-RF [YES][no]:
Configure a NTP server now? [YES][no]: yes
Enter the NTP server's IP address: 10.1.2.1
Enter a polling interval between 3600 and 604800 secs: 604800
Configuration correct? If yes, system will save it and reset. [yes][NO]: yes
Configuration saved!
Resetting system with new configuration...
When the module come's back up after the reboot, you should see something similar to this:
(Cisco Controller) config>
And now, you should be able to type the management IP into a web browser, hit enter and see something similar to this:
Login with the UN / PW you supplied as you were setting things up, and you are all set!
More to come...
