Initially configure a Cisco Catalyst 9800 Series Wireless Controller

The following is the initial configuration process of C9800-80-K9.

1. Configure IP address and default route

## trunk or access
interface TenGigabitEthernet0/0/7
 switchport access vlan 62
 switchport mode access

interface Vlan62
 ip address

ip route

Updated on November 5, 2020
Or configure the IP address in the port instead of SVI

haifeli#sh run int gigabitEthernet 1
Building configuration...

Current configuration : 136 bytes
interface GigabitEthernet1
 no switchport
 ip address
 negotiation auto
 no mop enabled
 no mop sysid

haifeli#sh run | sec ip route
ip route

2. Configure SSH

WLC(config)#line vty 0 10
WLC(config-line)#transport input ssh 
WLC(config-line)#login local 

WLC#conf t
WLC(config)#hostname haifeli-C9800
haifeli-C9800(config)#ip domain name
haifeli-C9800(config)#ip ssh version 2
haifeli-C9800(config)#crypto key generate rsa 
The name for the keys will be:
Choose the size of the key modulus in the range of 512 to 4096 for your
  General Purpose Keys. Choosing a key modulus greater than 512 may take
  a few minutes.

How many bits in the modulus [1024]: 
% Generating 1024 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 0 seconds)

3. Configure password

haifeli-C9800(config)#enable password 0 Cisco123
haifeli-C9800(config)#username admin privilege 15 password 0 Cisco123

4. Configure https

haifeli-C9800(config)#crypto key generate rsa modulus 2048 label web
haifeli-C9800(config)#ip http secure-server 
haifeli-C9800(config)#ip http secure-trustpoint web
haifeli-C9800(config)#crypto pki trustpoint web
haifeli-C9800(ca-trustpoint)#enrollment selfsigned 
haifeli-C9800(ca-trustpoint)#rsakeypair web
haifeli-C9800(config)#crypto pki enroll web
% Include the router serial number in the subject name? [yes/no]: yes
% Include an IP address in the subject name? [no]: yes
Enter Interface name or IP Address[]:
Generate Self Signed Router Certificate? [yes/no]: yes

Router Self Signed Certificate successfully created

Update on June 15, 2021

You may encounter the following errors when logging in to the GUI of the 9800.

%WEBSERVER-5-LOGIN_FAILED: Chassis 1 R0/0: nginx: Login Un-Successful from host using crypto cipher 'ECDHE-RSA-AES128-GCM-SHA256'

This is because you have not configured the HTTP authentication method. The following command may help you to solve this problem.

WLC(config)#ip http authentication local 

5. Configure country code

haifeli-C9800(config)#ap country IN
% 802.11bg/802.11a  Network must be disabled
haifeli-C9800(config)#ap dot11 24ghz shutdown 
Disabling the 802.11b network may strand mesh APs.
Are you sure you want to continue? (y/n)[y]: y
haifeli-C9800(config)#ap dot11 5 shutdown 
Disabling the 802.11a network may strand mesh APs.
Are you sure you want to continue? (y/n)[y]: y
haifeli-C9800(config)#ap country IN
Changing country code could reset channel and RRM grouping configuration. If running in RRM One-Time mode, reassign channels after this command. Check customized APs for valid channel values after this command. 
Are you sure you want to continue? (y/n)[y]: y

haifeli-C9800(config)#no ap dot11 24ghz shutdown 
haifeli-C9800(config)#no ap dot11 5 shutdown

6. Configure management interface

haifeli-C9800(config)#wireless management interface vlan 62
haifeli-C9800#wireless config vwlc-ssc key-size 2048 signature-algo sha256 password 0 

3 Responses

  1. xin says:

    good tutorial

  2. Bosco says:

    Fantastic! Thanks

  3. Alejandro says:

    Nice info

Leave a Reply

Your email address will not be published.