Versionen im Vergleich

Schlüssel

  • Diese Zeile wurde hinzugefügt.
  • Diese Zeile wurde entfernt.
  • Formatierung wurde geändert.

...

Hinweis
  • A change of WLAN controller interrupts all ongoing sessions (when operating as a gateway). These have to be reestablished by the end devices. 

  • In particular when operating as a Public Spot, please note that the user information, such as the accrued online time, is not transferred to other WLAN controllers. The online time for Public Spot users basically begins anew.

  • When using this Clustering solution no configuration synchronisation is done by the WLAN Controllers (HA Cluster).  To synchronize the configuration the the "LANCOM High Availability Clustering Option" is needed on both WLAN Controllers. Informations regarding the configuration of such a scenario can be found in the LCOS Reference Manualthe Knowledge Base article Setting up a WLC cluster with the Setup Wizard.



Requirements:

  • LCOS as of version 9.0 (download latest Version)
  • LANtools as of version 9.0 (download latest Version)
  • The second WLAN Controller (Slave) must must be unconfigured and still with its factory settings!
    • The option Certificate authority (CA) active in the menu Certificates → Cert. authority (CA) on the second WLAN Controller (Slave) must not be active!


Scenario:

1) Both WLAN controllers are in the same network:

...

The configuration of the WLC cluster is basically the same for both scenarios. The only difference is the way that the other WLC cluster member is announced (see step 3.).

Hinweis

When using the table "Access stations" in the menu Management → Admin → Access settings → Configuration access ways the IP address (e.g. IP address 192.168.1.1 Netmask 255.255.255.255) or the whole network of the other WLAN Controller (e.g . IP address 192.168.1.0 Netmask 255.255.255.0) has to be entered in the table in order for the devices to be able to communicate with each other!

The option WLC data tunnel active in the menu WLAN Controller → General must not be activated on any of the devices!


1) Configuring the first WLAN controller (master):

1.1) Perform the basic setup of the WLAN controller as described in this knowledge base article.

1.2) Then configure the WLAN profiles as required. Here are two examples:

1.3) Change to the menu Management → General and set a descriptive Device name.

...

2) Configuring the second WLAN controller (slave):

...


Hinweis

The second WLAN controller must be unconfigured and still with its factory settings!

2.1)  Save the configuration of the first WLAN controller as a script file.  

2.2) Open the script backup in a text editor and edit the following items:

...

2.3) Upload your customized script backup to the second WLAN controller: Right-click on the slave WLAN controller and, in the context menu, click Configuration management → Restore script from file.

...

Info

Alternatively you can

...

use LANconfig and drag & drop the script file from your folder onto the WLAN controller.

2.4) Change to the menu Management → Admin and set a Main device password.

...

Info

The Main device password is not included in a script backup, so it has to be set manually afterwards.  

2.5) Change to the menu Certificates → Cert. authority (CA) and modify the following parameters:

  • Set a checkmark next to Certificate authority (CA)  active.
  • Select the radio button This device is a sub certificate authority (Sub-CA).
  • Set a checkmark next to Automatically request a certificate for this sub-CA.
  • Adjust the Common Name (CN) of the CA Distinguished Name (i.e. /CN=LANCOM-SUB).
  • Adjust the Common Name (CN) of the RA Distinguished Name (i.e. /CN=LANCOM-SUB).

2.6) Go to the menu Automatic certificate request.

Image Removed

2.7) Enter the following parameters:

  • Address (URL): Replace the previously entered IP address 127.0.0.1 with the IP address of the master WLAN controller (in this example http://172.23.56.254/cgi-bin/pkiclient.exe).
  • CADN: Enter the CADN of the master WLAN controller (see step 1.4).
  • Challenge password: Enter the General challenge password of the master WLAN controller (see step 1.5).

Image Removed

2.8) Change to the menu Certificates → Certificate handling and enter the General challenge password of the master WLAN controller (see step 1.5).

2.97) Go to the menu Certificates → SCEP client and set a checkmark next to SCEP client usage activated.

2.108) Go to the menu CA table.

2.119) Two entries have to be created in the CA table. One entry serves to obtain a controller certificate from the device’s own certificate authority and the second entry serves to obtain the CA from the master WLAN controller.

...

  • Name: Enter a descriptive name (in this example SCEP_CA).
  • URL: Enter the URL  http://172.23.56.254/cgi-bin/pkiclient.exe . If necessary, change the IP address 172.23.56.254 to the IP address of the master WLAN controller.
  • Distinguished name: Enter the CA distinguished name of the master WLAN controller (see step 1.4).

2.1210) Go to the menu Certificate table.

2.1311) Three entries have to be created in the certificate table. These specify more detailed information for individual certificates, such as the Key length and Subject. This is necessary so that certificates with the required characteristics can be created and obtained.

...

  • Name: Enter a descriptive name (in this example RADIUS).
  • CA distinguished name: Enter the CA distinguished name of the slave WLAN controller (see step 2.5).
  • Subject: Set the Subject to /CN=RADIUS SERVER/O=LANCOM SYSTEMS/C=DE.
  • Challenge password: Enter the challenge password of the master WLAN controller (see step 1.5).
  • Extended key usage: In the selection menu, set check marks for the options serverAuth, clientAuth and critical.
  • Key length: From the drop-down menu, select 2048.
  • Usage type: From the drop-down menu, select EAP/TLS.

2.1412) This concludes the configuration of the slave WLAN controller. You can now write the configuration back to the device.

...

Change to the menu WLAN controller → General and enter a check mark for WLC tunnel active to activate the WLC cluster.

Hinweis

The option  WLC data tunnel active must not be activated


3.1) Both WLAN controllers are in the same network:

...