Initially configure a Cisco Catalyst 9800 Series Wireless Controller
The following is the initial configuration process of C9800-80-K9.
1. Configure IP address and default route
## trunk or access interface TenGigabitEthernet0/0/7 switchport access vlan 62 switchport mode access interface Vlan62 ip address 10.106.62.111 255.255.255.0 ip route 0.0.0.0 0.0.0.0 10.106.62.1
Updated on November 5, 2020
Or configure the IP address in the port instead of SVI
haifeli#sh run int gigabitEthernet 1 Building configuration... Current configuration : 136 bytes ! interface GigabitEthernet1 no switchport ip address 10.106.37.33 255.255.255.0 negotiation auto no mop enabled no mop sysid end haifeli#sh run | sec ip route ip route 0.0.0.0 0.0.0.0 10.106.37.1 haifeli#
2. Configure SSH
WLC(config)#line vty 0 10 WLC(config-line)#transport input ssh WLC(config-line)#login local WLC(config-line)#end WLC#conf t WLC(config)#hostname haifeli-C9800 haifeli-C9800(config)#ip domain name lihaifeng.net haifeli-C9800(config)#ip ssh version 2 haifeli-C9800(config)#crypto key generate rsa The name for the keys will be: haifeli-C9800.lihaifeng.net Choose the size of the key modulus in the range of 512 to 4096 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [1024]: % Generating 1024 bit RSA keys, keys will be non-exportable... [OK] (elapsed time was 0 seconds)
3. Configure password
haifeli-C9800(config)#enable password 0 Cisco123 haifeli-C9800(config)#username admin privilege 15 password 0 Cisco123
4. Configure https
haifeli-C9800(config)#crypto key generate rsa modulus 2048 label web haifeli-C9800(config)#ip http secure-server haifeli-C9800(config)#ip http secure-trustpoint web haifeli-C9800(config)#crypto pki trustpoint web haifeli-C9800(ca-trustpoint)#enrollment selfsigned haifeli-C9800(ca-trustpoint)#rsakeypair web haifeli-C9800(ca-trustpoint)#exit haifeli-C9800(config)#crypto pki enroll web % Include the router serial number in the subject name? [yes/no]: yes % Include an IP address in the subject name? [no]: yes Enter Interface name or IP Address[]: 10.106.62.111 Generate Self Signed Router Certificate? [yes/no]: yes Router Self Signed Certificate successfully created
Update on June 15, 2021
You may encounter the following errors when logging in to the GUI of the 9800.
%WEBSERVER-5-LOGIN_FAILED: Chassis 1 R0/0: nginx: Login Un-Successful from host 192.168.10.52 using crypto cipher 'ECDHE-RSA-AES128-GCM-SHA256'
This is because you have not configured the HTTP authentication method. The following command may help you to solve this problem.
WLC(config)#ip http authentication local
5. Configure country code
haifeli-C9800(config)#ap country IN % 802.11bg/802.11a Network must be disabled haifeli-C9800(config)#ap dot11 24ghz shutdown Disabling the 802.11b network may strand mesh APs. Are you sure you want to continue? (y/n)[y]: y haifeli-C9800(config)#ap dot11 5 shutdown Disabling the 802.11a network may strand mesh APs. Are you sure you want to continue? (y/n)[y]: y haifeli-C9800(config)# haifeli-C9800(config)#ap country IN Changing country code could reset channel and RRM grouping configuration. If running in RRM One-Time mode, reassign channels after this command. Check customized APs for valid channel values after this command. Are you sure you want to continue? (y/n)[y]: y haifeli-C9800(config)#no ap dot11 24ghz shutdown haifeli-C9800(config)#no ap dot11 5 shutdown
6. Configure management interface
haifeli-C9800(config)#wireless management interface vlan 62 haifeli-C9800#wireless config vwlc-ssc key-size 2048 signature-algo sha256 password 0
good tutorial
Fantastic! Thanks
Nice info