思科無線控制器可以通過多種方式進行管理。包括Console、SSH、Telnet、HTTP、HTTPS等方式;
1、Console
A direct serial connection to the controller console port,The default username is admin, and the default password is admin
You need these items to connect to the serial port:
-
A computer that is running a terminal emulation program such as Putty, SecureCRT, or similar
-
A standard Cisco console serial cable with an RJ45 connector
Configure terminal emulator program with default settings:
-
9600 baud (你可以通過命令去WLC上修改對應的波特率)
-
(Cisco Controller) >config serial baudrate
[1200/2400/4800/9600/19200/38400/57600/115200] Enter serial speed.
-
-
8 data bits
-
1 stop bit
-
No parity
-
No hardware flow control
To log on to the controller CLI through the serial port, follow these steps:
如下是WLC5508, 5520,8510,8540以及新的Catalyst Wireless Controller 9800的Console port:
系統提示符可以是最多31個字符的任何字母數字字符串。 您可以通過輸入config prompt命令進行更改。
eg:
(Cisco Controller) >config prompt Test-vWLC
(Test-vWLC) >
(Test-vWLC) >
(Test-vWLC) >
(Test-vWLC) >
1、HTTP和HTTPS
如果使用HTTP和HTTPS去管理無線控制器,需要開啟WEB和WEB-Secure
Choose The HTTP-HTTPS Configuration page is displayed.
如果通過CLI來配置:
(Test-vWLC) >config network webmode enable
(Test-vWLC) >config network secureweb enable
You must reboot for the change to take effect. 《注意開啟secureweb開啟,需要重啟!默認就是開啟的》
- Enable or disable secure web mode with increased security by entering this command:
config network secureweb cipher-option high {enable | disable}
This command allows users to access the controller GUI using “https://ip-address” but only from browsers that support 128-bit (or larger) ciphers. The default value is disabled.
When high ciphers is enabled, SHA1, SHA256, SHA384 keys continue to be listed and TLS 1.0 is disabled. This is applicable to webauth and webadmin but not for NMSP.
- Enable or disable SSLv2 for web administration by entering this command:
config network secureweb cipher-option sslv2 {enable | disable}
If you disable SSLv2, users cannot connect using a browser configured with SSLv2 only. They must use a browser that is configured to use a more secure protocol such as SSLv3 or later. The default value is disabled.
- Enable 256 bit ciphers for a SSH session by entering this command:
config network ssh cipher-option high {enable | disable}
- (Optional) Generate a new certificate by entering this command:
config certificate generate webadmin
After a few seconds, the controller verifies that the certificate has been generated
查看命令:
(Test-vWLC) >show network summary
RF-Network Name............................. MG
Web Mode.................................... Enable
Secure Web Mode............................. Enable
Secure Web Mode Cipher-Option High.......... Disable
Secure Web Mode Cipher-Option SSLv2......... Disable
Secure Web Mode RC4 Cipher Preference....... Disable
OCSP........................................ Disabled
OCSP responder URL..........................
Secure Shell (ssh).......................... Enable
Telnet...................................... Disable
.......
(Test-vWLC) >show certificate summary
Web Administration Certificate................... 3rd Party
Web Authentication Certificate................... Locally Generated
Certificate compatibility mode:.................. off
3、Telnet和SSH
Choose
CLI配置:
(Test-vWLC) >config network telnet enable
(Test-vWLC) >config network ssh enable
(Test-vWLC) >config sessions timeout 0 《關閉會話超時》
(Test-vWLC) >config sessions maxsessions
[0-5] Enter sessions as integer. 《最大會話只能是5個》
(Test-vWLC) >config loginsession
close Close active telnet session(s).
(Test-vWLC) >config loginsession close
[<session ID>/all] Enter session ID.
Configure SSH access host-key by entering these commands:
- Generate or regenerate SSH host key by entering this command:
config network ssh host-key generate
This command generates a 1024-bit key.
- Use device certificate private key as SSH host key by entering this command:
config network ssh host-key use-device-certificate-key
This command generates a 2048-bit key.
查看命令:
(Test-vWLC) >show network summary
RF-Network Name............................. MG
Web Mode.................................... Enable
Secure Web Mode............................. Enable
Secure Web Mode Cipher-Option High.......... Disable
Secure Web Mode Cipher-Option SSLv2......... Disable
Secure Web Mode RC4 Cipher Preference....... Disable
OCSP........................................ Disabled
OCSP responder URL..........................
Secure Shell (ssh).......................... Enable
Telnet...................................... Enable
Ethernet Multicast Forwarding............... Disable
Ethernet Broadcast Forwarding............... Disable
查看會話情況,並關閉某會話session
(Test-vWLC) >show loginsession
ID User Name Login Type Connection From Idle Time Session Time
-- --------------- ---------- --------------------------------------------- ------------ ------------
01 lcj Ssh 10.0.0.1 00:00:00 00:48:58
(Test-vWLC) >config loginsession close 01
****此時斷開了連接****
4、為特定的用戶配置Telnet權限
你必須全局啟用Telnet權限。 默認情況下,所有管理用戶都啟用了Telnet權限。SSH sessions are not affected by this feature.
CLI配置:
config mgmtuser telnet user-name {enable | disable}
5、配置通過無線管理WLC
The management over wireless feature allows you to monitor and configure local controllers using a wireless client. This feature is supported for all management tasks except uploads to and downloads from (transfers to and from) the controller.(除了從WLC上傳和下載任務)
限制情況:
-
Management over Wireless can be disabled only if clients are on central switching.(默認關閉)
-
Management over Wireless is not supported for FlexConnect local switching clients. However, Management over Wireless works for non-web authentication clients if you have a route to the controller from the FlexConnect site.(Flex 本地轉發的客戶端不支持;如果你從Flex站點到WLC有路由,除了WEB認證的客戶端外,可以實現無線管理WLC)
配置:
Choose Management > Mgmt Via Wireless to open the Management Via Wireless page.
CLI配置:
(Test-vWLC) >config network mgmt-via-wireless enable
查看狀態:
(Test-vWLC) >show network summary
RF-Network Name............................. MG
Web Mode.................................... Enable
Secure Web Mode............................. Enable
Secure Web Mode Cipher-Option High.......... Disable
Secure Web Mode Cipher-Option SSLv2......... Disable
Secure Web Mode RC4 Cipher Preference....... Disable
.....
AP Join Priority............................ Disable
Mgmt Via Wireless Interface................. Enable
Mgmt Via Dynamic Interface.................. Disable
Bridge MAC filter Config.................... Enable
.....
開啟通過動態Dynamic Interfaces 管理WLC:
默認情況下禁用動態接口,如果需要也可以啟用大多數或所有管理功能。 啟用后,所有動態接口都可用於管理員訪問控制器。 您可以根據需要使用訪問控制列表(ACL)來限制此訪問。
應該只能通過CLI:config network mgmt-via-dynamic-interface {enable | disable}
注意:通過Remote管理(如Web或SSH等)方式管理WLC,需要注意web管理或SSH等管理方式是否enable,如果沒有打開需要開啟,另外,值得注意的是,如果本地安裝有VMware虛擬機等應用,應該避免VMware的網卡和WLC的mangement interface處於同一個網段。