If you plan to demonstrate Enterprise Networking or Security content utilizing an onsite access point (AIR-CAP model) at a non-Cisco site, follow the steps below to ensure a successful experience.
- Demonstrating at a non-Cisco Site Using an On-site Access Point
- Using a dCloud Registered ISR
- Using an Access Point Only
- Firewall Port Requirements to Support Your Session
- Configuring a Static IP Address on the Access Point
- Configuring Controller IP Address on the Access Point
Demonstrating at a non-Cisco Site Using an Onsite Access Point
There are two ways to prepare:
- Using a router registered and configured for Cisco dCloud (highly recommended).
- Using an access point (AP) only.
Using a dCloud Registered ISR
- Prior to arriving at the remote site, make sure your devices are enabled:
- Ensure your router is configured for use with dCloud.
- Test your router connectivity prior to going to your remote site by connecting your laptop to the same wired port that your router will use.
- Test connectivity to dCloud. Success on VPN means you can use your router on this connection.
- Plug the WAN port of the router into an Internet connection.
- Schedule and complete a practice session using the router.
- If using an external AP, attach it to one of the LAN ports on the router. Ensure the private address for the wireless LAN controller is configured on the AP as indicated in the AP provisioning section of the associated content guide.
- Ensure that there is wired VPN connectivity at the customer site for your router.
- Once at the remote site:
- Plug in your router. It will find your scheduled session.
- Test for proper VPN connectivity using steps 1b and 1c above.
Using an Access Point Only
- Prior to arriving at the remote site, make sure you are familiar with provisioning your AP with a wireless LAN controller IP address. This information is in the AP Provisioning section of your script.
- Prior to arriving at the remote site, have an associate at the remote site test bandwidth and VPN connectivity using the same wired connection that will be used for the session.
- If the BYOD Data, BYOD Control, and VPN Ready tests are not successful, ensure that the firewall configuration allows the protocols and ports specified in Firewall Port Requirements to Support Your Session. Note, using a router avoids data and control port (CAPWAP) issues.
- Verify with the remote site that the access point will receive an IP address.
- Check to see if a firewall is blocking access points from receiving IP addresses, or if switchport security prevents access.
- You may need to request a static IP address and default gateway address from the customer. See Configuring a Status IP Address on the Access Point for details.
- Once at the remote site:
- Plug into the port that will be used for the session with a wired laptop and then verify connectivity by using the bandwidth and VPN connectivity test link from Step 2 above.
- In the dCloud UI, locate your session and click View. Click Review Session Info and then locate the public address with the description of the wireless LAN controller.
- Configure the public address of the wireless LAN controller on your access point. See Configuring Controller IP address on the Access Point.
- If the connection test was successful, attach the configured access point to the network using the same port where the test was conducted.
The AP connects to the demo system with an LED color of solid green. The SSIDs may NOT be visible on your endpoint device until you complete the AP Verification explained in the demonstration guide you will complete. You are now ready to conduct the demonstration.
Firewall Port Requirements to Support Your Session
If not using a router, UDP 5246 and 5247 should be opened to:
- Americas data center: 188.8.131.52/23
- EMEAR data center: 184.108.40.206/26, 220.127.116.11/26 and 18.104.22.168/25
- APJ data center: 22.214.171.124/26 and 126.96.36.199/25
- GC data center: 188.8.131.52/25
AnyConnect and router VPN: Use TCP 443 for most networks.
Configuring a Static IP Address on the Access Point
Once a static IP address is configured on the AP, it does not need to be removed. If the AP cannot connect the network via the static IP address, it will automatically use DHCP to connect.
- Console into the AP. Log in with the default credentials of Cisco/Cisco.
- Issue these commands to assign a static IP address to your AP:
capwap ap ip address <address> <subnet mask> (Enter the IP address and subnet mask provided by the customer)
capwap ap ip default-gateway <address> (Enter the IP address provided by the customer)
show capwap ip config (This will verify that the above commands were successful)
Configuring Controller IP address on the Access Point
- Console into the access point. Log in with the default credentials of Cisco/Cisco.
- Enter the following command:
capwap ap controller ip address <WLC Public IP>