How to make the Cisco Access Points work with Hosted EVE-NG on Cloudmylab platform
Purpose
The purpose of this document is to help cloudmylab Customers and partners to set up a base Cisco Wireless Lab
Pre-Requisites
1. WLC version 8.5.X
2. AP version 15.3.3 JF 1 or higher
3. AP 3502i
Refer to the WLC version Release notes for Supported Access Points
Topology
Pre-configuration on CML
|
Device type |
IP address |
|
Transit Router for the topology ( IOSv or CSR1000v |
172.16.14.141 |
|
WLC |
Any Ip in Range 172.16.14.142-172.16.14.150 |
|
DHCP Server |
172.16.14.3 |
ยท Do not use any other IP for the router. Else the locally routed subnets won't be reachable
|
Locally Routed Subnet for Wireless |
10.1.100.0/24 |
|
Locally routed Subnet Gateway on Transit Router |
10.1.100.1 |
Router Base config
|
hostname transit-router ! ip dhcp excluded-address 10.1.100.1 10.1.100.2 ! ip dhcp pool WIRE network 10.1.100.0 255.255.255.0 default-router 10.1.100.1 dns-server 8.8.8.8 option 43 hex f104.ac10.0e8d (Considering the WLC IP is 172.16.14.141) ! interface GigabitEthernet0/0 IP address 10.1.100.1 255.255.255.0 duplex auto speed auto media-type rj45 ! interface GigabitEthernet0/1 ip address 172.16.14.142 255.255.255.0 (Please make sure that you use this IP for the Router interface connected to CLOUD1) duplex auto speed auto media-type rj45 ! ip route 0.0.0.0 0.0.0.0 172.16.14.1 |
** We do not route the 10.1.100.0/24 subnet to any other IP.
Option 43 Hex Calculator: https://shimi.net/services/opt43/
Switch Base config
|
interface Vlan1 ip address 10.1.100.2 255.255.255.0 ! ip route 0.0.0.0 0.0.0.0 10.1.100.1 |
AP visibility check
|
Switch#show cdp nei Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone, D - Remote, C - CVTA, M - Two-port Mac Relay
Device ID Local Intrfce Holdtme Capability Platform Port ID transit-router Gig 0/2 129 R B Gig 0/0 AP588d.0995.2df3 Gig 0/1 162 T B I AIR-CAP35 Gig 0
Total cdp entries displayed : 2 |
WLC base configuration
|
System Name [Cisco_06:00:01] (31 characters max) |
POD16XX |
|
Enter Administrative User Name (24 characters max) |
admin |
|
Enter Administrative Password (3 to 24 characters) |
Cisco123 |
|
Re-enter Administrative Password |
Cisco123 |
|
Service Interface IP Address Configuration [static][DHCP] |
DHCP |
|
Management Interface IP Address |
172.16.14.141 |
|
Management Interface Netmask |
255.255.255.0 |
|
Management Interface Default Router |
172.16.14.1 |
|
Management Interface VLAN Identifier (0 = untagged) |
0 |
|
Management Interface Port Num [1 to 1] |
1 |
|
Management Interface DHCP Server IP Address |
172.16.14.3 |
|
Virtual Gateway IP Address |
192.0.2.1 |
|
Mobility/RF Group Name |
POD1685 |
|
Network Name (SSID) |
POD1685 |
|
Configure DHCP Bridging Mode [yes][NO] |
no |
|
Allow Static IP Addresses [YES][no] |
yes |
|
Configure a RADIUS Server now? [YES][no] |
no |
|
Enter Country Code list (enter 'help' for a list of countries) [US] |
US |
|
Enable 802.11b Network [YES][no] |
yes |
|
Enable 802.11a Network [YES][no] |
yes |
|
Enable 802.11g Network [YES][no] |
yes |
|
Enable Auto-RF [YES][no] |
yes |
|
Configure a NTP server now? [YES][no] |
no |
|
Configure the system time now? [YES][no] |
no |
|
Would you like to configure IPv6 parameters[YES][no] |
no |
|
Configuration correct? If yes, system will save it and reset. [yes][NO] |
yes |
Additional WLC Configuration: DNS
|
config network dns serverip 208.67.222.222 |
This configuration is needed for reaching the NTP Server
Additional WLC Configuration: NTP
|
config time ntp server 1 pool.ntp.org |
|
(Cisco Controller) >show time
Time............................................. Wed Apr 6 08:53:50 2022
Timezone delta................................... 0:0 Timezone location................................
NTP Servers NTP Version.................................. 3 NTP Polling Interval......................... 600
Index NTP Key Index NTP Server Status NTP Msg Auth Status ------- --------------------------------------------------------------------- 1 0 pool.ntp.org In Sync AUTH DISABLED |
Additional WLC Configuration: SSC Validation Disable, and MIC disable
|
config certificate ssc hash validation disable config ap cert-expiry-ignore mic enable
|
Additional WLC Configuration: Eval License Enable
|
Cisco Controller) >license activate ap-count eval
Feature Name : ap-count
Right to Use
Enabling additional access points supported by this controller product may require the purchase of supplemental or "adder" licenses. You may remove supplemental licenses from one controller and transfer to another controller in the same product family. NOTE: licenses embedded in the controller at time of shipment are not transferrable.
By clicking "I AGREE" (or "I ACCEPT") below, you warrant and represent that you have purchased sufficient supplemental licenses for the access points to be enabled.
All supplemental licenses are subject to the terms and conditions of the Cisco end user license agreement (http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html), together with any applicable supplemental end user license agreements, or SEULA's.
Pursuant to such terms, Cisco is entitled to confirm that your access point enablement is properly licensed.
If you do not agree with any of the above, do not proceed further and
--More-- or (q)uit CLICK "DECLINE" below.
ACCEPT? [y/n]: y
Successfully activated the license
|
Save your config
|
(Cisco Controller) >save config
Are you sure you want to save? (y/n) y |
AP base config
|
AP588d.0995.2df3#debug capwap console cli This command is meant only for debugging/troubleshooting Any configuration change may result in different behavior from centralized configuration.
CAPWAP console CLI allow/disallow debugging is on AP588d.0995.2df3#clear capwap private-config AP588d.0995.2df3#reload Proceed with reload? [confirm] |
At this point in time post reload, AP will go through the motions of upgrade, downloading configurations etc., please be patient.
Final Verification for AP joining the WLC
|
Cisco Controller) >show ap summary
Number of APs.................................... 1
Global AP User Name.............................. Not Configured Global AP Dot1x User Name........................ Not Configured
AP Name Slots AP Model Ethernet MAC Location Country IP Address Clients DSE Location ------------------------------ ----- -------------------- ----------------- -------------------- ---------- --------------- ------- -------------- AP588d.0995.2df3 2 AIR-CAP3502I-A-K9 58:8d:09:95:2d:f3 default location 10.1.100.59 0 [0 ,0 ,0 ] |
Documentation Reference and Troubleshooting
https://community.cisco.com/t5/wireless/ap-air-sap1602e-couldn-t-join-the-controller/td-p/3740055
https://community.cisco.com/t5/wireless/cannot-join-ap-with-controller/td-p/3178637
https://support.cloudmylab.com/portal/en/kb/articles/ap-not-registering-to-vwlc
Related Articles
Do you provide IOU/IOL for EVE-NG Hosted Service?
No. However, if you have the image, you can upload it yourself after you sign Liability Waiver formAP not registering to vWLC
%CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: X.X.X103 peer_port: 5246 %DTLS-5-SEND_ALERT: Send FATAL : Unexpected message Alert to X.X.X103:5246 %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to X.X.X103:5246 ...CISCO VIRL HOSTED SERVICE – BYOL
If you have your own licenses but do not have the hardware resources to setup a Cisco VIRL lab. Cloudmylab can provide you a VIRL environment that you can customize and use your own licenses. You get access to Start/Stop the virtual machine hosting ...EVE-NG Professional Subscription Access Guide
Hello Cloudmylab Family Member You must have received the access details by now, so let's get you Started Getting Access to the Pod There are two methods you can get access to the access detail as mentioned below. You can alternatively log in to your ...EVE-NG Community Lab Access Guide
Getting Access to the Pod There are two methods you can get access to the access detail as mentioned below. Check for the Url and Port Number in the email from support@cloudmylab.com Login with the credentials provided Once you login you will see a ...