cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2333
Views
3
Helpful
7
Replies

Cisco 9115 AP config

heyjunsun
Level 1
Level 1

hello 

 

I am setting up Cisco AP 9115
I saw the link and got to SSID creation. 
I don't know how to set up AAA server-related settings and Radius server-related settings.
I am sending the configuration that I set for reference.
 
 
 
 
 
Current configuration : 12500 bytes
!
! Last configuration change at 08:58:24 UTC Mon Oct 16 2023
!
version 16.12
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
! Call-home is enabled by Smart-Licensing.
service call-home
no platform punt-keepalive disable-kernel-core
no platform punt-keepalive settings
platform console serial
!
hostname WLCAC2A.A110.050C
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no fips authorization-key
call-home
 ! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
 ! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
 contact-email-addr sch-smart-licensing@cisco.com
 profile "CiscoTAC-1"
  active
  destination transport-method http
  no destination transport-method email
!
!
!
!
ip name-server 208.67.222.222 208.67.220.220
login on-success log
!
!
!
!
!
!
flow exporter default-flow-exporter
 destination local wlc
!
!
flow monitor default-flow-monitor
 exporter default-flow-exporter
 record wireless avc basic
!
!
crypto pki trustpoint TP-self-signed-941827864
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-941827864
 revocation-check none
 rsakeypair TP-self-signed-941827864
!
crypto pki trustpoint SLA-TrustPoint
 enrollment pkcs12
 revocation-check crl
!
!
crypto pki certificate chain TP-self-signed-941827864
 certificate self-signed 01
  3082032E 30820216 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 39343138 32373836 34301E17 0D323331 30313630 38333630
  305A170D 33303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3934 31383237
  38363430 82012230 0D06092A 864886F7 0D010101 05000382 010F0030 82010A02
  82010100 CE9CB82E F8CAA33C 5281ABAA 38E9C70F 9B16CCED 4BA0AA44 AA3654EC
  132D8831 C2F7A12F 2C44BEDC 51E3307D 21CE19C3 04C5D383 273E8CCB 3190FF01
  B4D4F485 45426F37 5CA13811 76AF4B08 43AB5B6B 3DA51DAB EFE14267 C8333706
  FBDAA9FA F6664CC8 4978697A 43D1741D 16E7A8AF 62040DC0 E5AFDEC2 6C0C7466
  5334A538 7C06570C 020ACF3B AFC3DE29 07E39308 DFE73E09 D0C86154 5F6023AA
  27B18EEC 03C4DAC8 A8881A63 56ECE52B 1B059F9C 7E9B2C46 65254BE0 71BD38D2
  79E02D40 BE168E79 2C91018A C8B91759 1C01D4AD C4F00C13 CE722398 A3E10CA3
  B78966BE B8166810 3F79BE13 23ED993A 297D7159 9DB9120C 7E449204 F6A9CBF5
  9A25C2B1 02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F
  0603551D 23041830 168014C0 27101A37 DE465DB6 4BB8FD6F E04DEC82 7CFA1730
  1D060355 1D0E0416 0414C027 101A37DE 465DB64B B8FD6FE0 4DEC827C FA17300D
  06092A86 4886F70D 01010505 00038201 0100A142 72313481 BF89A96F 566BCC60
  0E8364A0 A9CA623E 83BC78FE 65437448 4174680F 49C288AF F035C1C5 B7C0F3C2
  DC943BFA 0CAFE82A 449F46C3 25A5BEE4 4CDF4258 B4200470 6BA6EC6D 86703B29
  E2AC5E9A E31609B4 8EB27B89 E4466F52 2322C5D5 BC183D4A 46EAFFF9 25A74842
  BE2AD3EF C7C2FAB9 BF3C6018 45ABD8A7 2564D0B5 6A673DF6 8E21E0DB 6D4B174F
  D474301E 0638C5DB 5660F1D2 52A2B4DC 84AA66A6 C4319625 C87416AF 729E4E35
  FFFB917E 88534EDA 37822561 39648717 3479911A 43B2E4B8 C1B632D6 1375F087
  D8177BB5 652F9D37 21DB64D6 4B09D9A6 DC1A552F E8E2277B 08166D00 3249C93E
  8A10FA14 D50DA709 13EA30CD B7B2A895 AE63
        quit
crypto pki certificate chain SLA-TrustPoint
 certificate ca 01
  30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
  32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
  6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
  3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
  43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
  526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
  82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
  CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
  1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
  4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
  7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
  68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
  C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
  C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
  DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
  06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
  4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
  03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
  604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
  D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
  467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
  7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
  5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
  80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
  418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
  D697DF7F 28
        quit
!
memory free low-watermark processor 33020
!
license udi pid C9800-AP sn FGL2712LDY7
device classifier
username xxx privilege 15 password xxx
!
redundancy
 mode sso
!
!
!
!
class-map match-any AutoQos-4.0-RT1-Class
 match dscp ef
 match dscp cs6
class-map match-any AutoQos-4.0-RT2-Class
 match dscp cs4
 match dscp cs3
 match dscp af41
class-map match-any AutoQos-4.0-wlan-Voip-Signal-Class
 match protocol skinny
 match protocol cisco-jabber-control
 match protocol sip
 match protocol sip-tls
class-map match-any AutoQos-4.0-wlan-Voip-Data-Class
 match dscp ef
class-map match-any AutoQos-4.0-wlan-Multimedia-Conf-Class
 match protocol cisco-phone-video
 match protocol cisco-jabber-video
 match protocol ms-lync-video
 match protocol webex-media
class-map match-any AutoQos-4.0-wlan-Bulk-Data-Class
 match protocol ftp
 match protocol ftp-data
 match protocol ftps-data
 match protocol cifs
class-map match-any AutoQos-4.0-wlan-Scavanger-Class
 match protocol netflix
 match protocol youtube
 match protocol skype
 match protocol bittorrent
class-map match-any AutoQos-4.0-wlan-Transaction-Class
 match protocol cisco-jabber-im
 match protocol ms-office-web-apps
 match protocol salesforce
 match protocol sap
!
policy-map AutoQos-4.0-wlan-ET-SSID-Input-AVC-Policy
 class AutoQos-4.0-wlan-Voip-Data-Class
  set dscp ef
 class AutoQos-4.0-wlan-Voip-Signal-Class
  set dscp cs3
 class AutoQos-4.0-wlan-Multimedia-Conf-Class
  set dscp af41
 class AutoQos-4.0-wlan-Transaction-Class
  set dscp af21
 class AutoQos-4.0-wlan-Bulk-Data-Class
  set dscp af11
 class AutoQos-4.0-wlan-Scavanger-Class
  set dscp cs1
 class class-default
  set dscp default
policy-map AutoQos-4.0-wlan-ET-SSID-Output-Policy
 class AutoQos-4.0-RT1-Class
  set dscp ef
 class AutoQos-4.0-RT2-Class
  set dscp af31
 class class-default
!
!
!
!
interface GigabitEthernet0
 mac-address 0000.5e00.0101
 ip dhcp client client-id GigabitEthernet0
 ip dhcp client broadcast-flag clear
 ip address 172.18.104.231 255.255.255.0
 no negotiation auto
!
interface Vlan100
 description 100
 no ip address
!
ip http server
ip http authentication local
ip http secure-server
ip http secure-trustpoint CISCO_IDEVID_SUDI
ip http client source-interface GigabitEthernet0
ip forward-protocol nd
ip tftp blocksize 8192
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0 250
ip dns server
!
!
!
!
control-plane
!
banner exec ^C
########################################################################################################
#                                                                                                      #
#      Welcome to the Cisco Catalyst 9800-AP Embedded Wireless Controller command line interface.      #
#                                                                                                      #
# Please see command reference guide for the complete list of supported commands for this release:     #
#                                                                                                      #
########################################################################################################
^C
!
line con 0
 stopbits 1
line vty 0 4
 login local
 transport input ssh
line vty 5 15
 login local
 transport input ssh
!
ntp server 0.ciscome.pool.ntp.org
ntp server 1.ciscome.pool.ntp.org
ntp server 2.ciscome.pool.ntp.org
!
!
!
!
!
wireless aaa policy default-aaa-policy
wireless cts-sxp profile default-sxp-profile
no wireless ipv6 ra wired
wireless management interface GigabitEthernet0
wireless profile airtime-fairness default-atf-policy 0
wireless profile flex default-flex-profile
 description "default flex profile"
wireless profile image-download default
 description "default image download profile"
wireless profile mesh default-mesh-profile
 description "default mesh profile"
wireless profile policy DBLIFE_18104
 autoqos mode enterprise-avc
 no central association
 no central dhcp
 no central switching
 description "For 18104"
 service-policy input AutoQos-4.0-wlan-ET-SSID-Input-AVC-Policy
 service-policy output AutoQos-4.0-wlan-ET-SSID-Output-Policy
 vlan 100
 no shutdown
wireless profile policy default-policy-profile
 no central association
 no central switching
 description "default policy profile"
 http-tlv-caching
 ipv4 flow monitor default-flow-monitor input
 ipv4 flow monitor default-flow-monitor output
wireless tag site default-site-tag
 description "default site tag"
 no local-site
wireless tag policy DBLIFE_18104
 description "For the 18104"
 wlan DBLIFE_18104 policy DBLIFE_18104
wireless tag policy default-policy-tag
 description "default policy-tag"
wireless tag rf DBLIFE_18104
 24ghz-rf-policy Low_Client_Density_rf_24gh
 5ghz-rf-policy 80mhz
 description "For the 18104"
wireless tag rf default-rf-tag
 description "default RF tag"
wireless fabric control-plane default-control-plane
wlan DBLIFE_18104 1 DBLIFE_18104
 ccx aironet-iesupport
 security wpa psk set-key ascii xxx
 security wpa akm psk
 no shutdown
ap dot11 24ghz rf-profile Low_Client_Density_rf_24gh
 coverage data rssi threshold -90
 coverage level 2
 coverage voice rssi threshold -90
 description "pre configured Low Client Density rfprofile for 2.4gh radio"
 high-density rx-sop threshold low
 tx-power v1 threshold -65
 no shutdown
ap dot11 24ghz rf-profile High_Client_Density_rf_24gh
 description "pre configured High Client Density rfprofile for 2.4gh radio"
 high-density rx-sop threshold medium
 rate RATE_11M disable
 rate RATE_12M mandatory
 rate RATE_1M disable
 rate RATE_2M disable
 rate RATE_5_5M disable
 rate RATE_6M disable
 tx-power min 7
 no shutdown
ap dot11 24ghz rf-profile Typical_Client_Density_rf_24gh
 description "pre configured Typical Client Density rfprofile for 2.4gh radio"
 rate RATE_11M disable
 rate RATE_12M mandatory
 rate RATE_1M disable
 rate RATE_2M disable
 rate RATE_5_5M disable
 rate RATE_6M disable
 no shutdown
ap dot11 5ghz rf-profile 80mhz
 channel chan-width 80
 no shutdown
ap dot11 5ghz rf-profile Low_Client_Density_rf_5gh
 coverage data rssi threshold -90
 coverage level 2
 coverage voice rssi threshold -90
 description "pre configured Low Client Density rfprofile for 5gh radio"
 high-density rx-sop threshold low
 tx-power v1 threshold -60
 no shutdown
ap dot11 5ghz rf-profile High_Client_Density_rf_5gh
 description "pre configured High Client Density rfprofile for 5gh radio"
 high-density rx-sop threshold medium
 rate RATE_6M disable
 rate RATE_9M disable
 tx-power min 7
 tx-power v1 threshold -65
 no shutdown
ap dot11 5ghz rf-profile Typical_Client_Density_rf_5gh
 description "pre configured Typical Density rfprofile for 5gh radio"
 no shutdown
ap tag-source-priority 2 source filter
ap tag-source-priority 3 source ap
ap profile DBLIFE_18104
 description "For the 18104"
 hyperlocation ble-beacon 0
 hyperlocation ble-beacon 1
 hyperlocation ble-beacon 2
 hyperlocation ble-beacon 3
 hyperlocation ble-beacon 4
 ntp ip 172.20.15.235
ap profile default-ap-profile
 description "default ap profile"
ap ac2a.a110.050c
 policy-tag DBLIFE_18104
 rf-tag DBLIFE_18104
end

 

 

7 Replies 7

Faizal AB
Level 1
Level 1

Hi Heyjunsun,

Refer the following link to set up through the mobile phone. After that, you can attached to your network.

https://www.youtube.com/watch?v=PEJzT8CqkP8

Introduction to Cisco WiFi 6 & Over-The-Air Provisioning Cisco Catalyst C9120AXI-EWC-K #CiscoPitchTheFuture Guide on how to change the software of your AP from lightweight AP to EWC AP as below: https://www.youtube.com/watch?v=NBt370eiQ3I

hello Faizal AB 

thank you for your reply. 

I don't want to set it up through my phone. I want to set it up through a console cable or Webui.

hello JPavonM 

thank you for your reply

The third URL you sent me says

Software release numbers

Cisco EWC on Catalyst Access Points is supported beginning with Release 16.12.2s.

but i used version C9800-AP-universalk9.16.12.04a 

Do I need an upgrade to use EWC?
 

JPavonM
VIP
VIP

No you don't have to, but it is recommended to upgrade to latest TAC recommended release, and seeing that 17.6 is coming to EoL soon, I would recommend you to upgrade to 17.9.5 at the end of January.

https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/214749-tac-recommended-ios-xe-builds-for-wirele.html

Take into account the upgrade path for the new code (https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/17-9/release-notes/rn-17-9-9800.html#Cisco_Concept.dita_59a2987f-2633-4630-8c7b-a8e8aecdeaf7)

Hello JPavonM 

thank you for your reply

Can't I set it up in question format when booting up like 1832AP?

example 

Enter the time zone location index (type 'help' to see a list of time zones): 26

Configure Management Interface IP Address [STATIC][DHCP]: STATIC

I have a terminal configuration, but it's hard to set it to WEBUI 

and Is there a way to check the app type? CAPWAP? WLC? 

 

 

It's a completely different operating system.
1832 ME runs AireOS
9115 EWC runs IOS-XE.
You can do the basic config from CLI on console.  When you login it prompts you:
###########################################################################################
# Welcome to the Cisco Catalyst 9800-AP Embedded Wireless Controller command line interface. #
# Please see command reference guide for the complete list of supported commands for this release: #
# https://www.cisco.com/c/en/us/td/docs/wireless/embedded_wireless_controller_configuration_guide.html #
###########################################################################################

Once you have IP access to the EWC you can use the GUI to complete the config.

You really need to upgrade to latest IOS as per TAC recommended link below.  Newer IOS has wizards to walk you through all basic config tasks.

Note that you should have DHCP to provide 2 IP addresses for EWC (controller part) and AP (client serving part) of the AP otherwise you'll need to configure static IP on EWC then connect to the AP shell and configure static IP there too.  Much easier to just use DHCP initially and then you can configure static for EWC if you want to or reserve IPs on your DHCP server if you don't want them to change.

Review Cisco Networking for a $25 gift card