Setup Cisco Catalyst 9800 Controller On Your Laptop
In this article, we will explain how to install the new Cisco Catalyst 9800-CL controller on a VM (under VMFusion) on macOS.
The goal here is to have a lab controller that you can bring with you wherever you go and can be booted anytime and intended to be used for testing purposes.
This is the first article of a series of Cisco Catalyst 9800-CL article.
Note: If you want to know how to set it up on a VMware ESXI platform, please check out Rowell Dionicio‘s article: https://rowelldionicio.com/deploying-cisco-catalyst-9800-controller-on-vmware-esxi/
STEP 1: DOWNLOAD THE CONTROLLER IMAGE
The first step is to download the new Cisco Catalyst 9800-CL Wireless Controller for Cloud. The latest version available to me was called Gibraltar-16.11.1b. It might be different for you if you are downloading it at a later date.
Here is the link (you will have to log in using your Cisco credentials): https://software.cisco.com/download/home/286322605/type/282046477/release/Gibraltar-16.11.1b
For this setup, we will download the .iso file. Note that you can now download the controller code for free. The licences are not tied to the AP.
STEP 2: CREATE A NEW VM IN VMWARE FUSION VM
Note: In this article, we will present how to create a VM to support the new Wireless controller using VMWare Fusion on MacOS.
Open VMWare Fusion, and select the menu “File / New…” to create the new VM. In the new window opening, select the “Create a custom virtual machine” as shown below:
The operating system to select is “Linux / Other Linux 4.x or later kernel 64-bit” as shown below:
Select “Legacy BIOS” as the boot firmware as shown below:
Select Create a new virtual disk as shown below:
Validate that all the settings are good and click on Finish. VMware will ask you to save your vm and to choose a name. Note: I have chosen “C9800-Lab” for my VM name.
STEP 3: CHANGE THE VM SETTINGS USING THE GUI
We are now going to use the GUI to adjust the RAM allocated to the VM and load the iso file. We need to change the default settings to allocate at least 4Gig of RAM. In order to do so, click on the settings icon located on the top-righthand corner of the Virtual Machine Library window:
Click on the “Processors & Memory” icon to change the RAM settings:
Adjust the Memory to 4096MB (Note: this is aimed to be used in a lab environment, please refer to Cisco deployment guides in order size the VM properly):
Click on “Show All” to go back to apply the new settings.
Then click on “CD/DVD (IDE)” in order to load the iso file previously downloaded on Cisco website:
In the drop down menu, click on “Choose a disc or disc image…” and select the .iso file download before (the name should look like this: C9800-CL-universalk9.16.11.01b.iso).
Click on “Show All” to go back to apply the new settings.
STEP 4: CHANGE THE VM SETTINGS USING THE CONFIGURATION FILE (.VMX)
Before we start the VM, we need to adjust the network settings. In my case, the network settings were greyed out in the VM settings. So I couldn’t modify them using the GUI. I had to modify the configuration file of the VM in order to adjust the network settings.
On macOS, the VM configuration file was located at the following location (/replace “C9800-Lab” by the name your chose for your VM and “francoisverges” by your macos username/):
/Users/francoisverges/Virtual Machines.localized/C9800-Lab.vmwarevm/C9800-Lab.vmx
Here is what we need to do:
- Network Adapter 1: Configure the first network interface as a “custom” interface on a local network. This will be used as the management interface of the controller.
- Network Adapter 2: Configure the second network interface behind the Wi-Fi card. This will be used to connect the Wi-Fi clients to the internet.
In order to configure your VM network interfaces, you will have to know the name of the interfaces used on your Mac. Open your favourite terminal application and use the `ifconfig` command in order to find it out. In my case, en0 is the name of the Wi-Fi interface and en7 is the name of my ethernet interface:
In your terminal application, open the VM configuration file in order to change its configuration:
semfio (0) > pwd /Users/francoisverges/Virtual Machines.localized/C9800-Lab.vmwarevm semfio (0) > nano C9800-Lab.vmx
Here is how to configure the first network adapter in the configuration file, change your configuration file accordingly:
ethernet0.connectionType = "custom" ethernet0.addressType = "generated" ethernet0.virtualDev = "vmxnet3" ethernet0.linkStatePropagation.enable = "TRUE" ethernet0.present = "TRUE" ethernet0.vnet = "vmnet2" ethernet0.bsdName = "en7"
Here is how to configure the second network adapter in the configuration file, change your configuration file accordingly:
ethernet1.connectionType = "custom" ethernet1.addressType = "generated" ethernet1.virtualDev = "vmxnet3" ethernet1.present = "TRUE" ethernet1.vnet = "vmnet4" ethernet1.bsdName = "en0" ethernet1.displayName = "Wi-Fi" ethernet1.linkStatePropagation.enable = "TRUE"
Here is how the network interfaces were configure on my macbook:
STEP 5: START THE VM FOR THE FIRST TIME
In order to start the VM for the first time, go back to the settings icon located on the top-righthand corner of the Virtual Machine Library window:
Select the “Startup Disk” menu:
Select the “CD/DVD” option and click on “Restart” to start the VM for the first time as shown below:
The controller will boot. The first time, VMWare Fusion might ask you to enter your MacOS password a couple of time. Once the bootup process will be done, you will be ready to perform the initial configurations.
STEP 6: CATALYST 9800 INITIAL SETUP VIA CLI
I usually like to perform the inital setup via CLI. The new Catalyst 9800 allows you to do it. But first, you need to decline the autoinstall.
When asked to start the initial configuration dialog, write “no”. Then press RETURN when asked to terminate the autoinstall. Press RETURN one more time and you should then see the WLC prompt:
--- System Configuration Dialog --- Would you like to enter the initial configuration dialog? [yes/no]: no Would you like to terminate the autoinstall? [yes] Press RETURN to get started! WLC>
Then you will need to configure the following:
- Configure the enable password
- Create an admin account
- Configure the network interface G1
- Configure a default route
- Configure the country code
- Configure which interface will be used for management purposes (G1 in our case)
- Generate the certificate that will be used to establish DTLS connections with the APs
Use the following commands in order to configure all these items:
WLC(config)# enable secret secret_password WLC(config)# username admin privilege 15 secret user_password WLC(config)# interface g1 WLC(config-if)# no switchport WLC(config-if)# ip address 10.0.0.10 255.255.255.0 WLC(config-if)# shut WLC(config-if)# no shut WLC(config-if)# exit WLC(config)# ip route 0.0.0.0 0.0.0.0 10.0.0.1 WLC(config)# ap dot11 5ghz shutdown Disabling the 802.11a network may stand mesh APs Are you sure you want to continue? (y/n)[y]: WLC(config)# ap dot11 24ghz shutdown Disabling the 802.11b network may stand mesh APs Are you sure you want to continue? (y/n)[y]: WLC(config)# ap country CA WLC(config)# wireless management interface g1 WLC(config)# exit WLC# wireless config vwlc-ssc key-size 2048 signature-algo sha256 password 0 SemFio1234! WLC# show wireless management trustpoint
Notes:
- The IP address used here is specific to my setup. Please use one relevant to your network topology.
- The passwords have not been disclosed here, please replace “secret_password” and “user_password” by the passwords you want to use
- Configure these items in the proper order if you want to avoid issues
- The last command doesn’t configure anything, it is just used to validate that the trustpoint has been generated properly
- Since we are disabling the 802.11a and 802.11b radios to configure the country code, you will have to renable them later if you want your APs to be operational
Once these configurations are done on the Catalyst 9800 controller, you should be able to ping it from your laptop:
If this works well, you should now be able to open a browser, and navigate to https://10.0.0.10 to connect to the controller GUI. Use the admin username defined earlier to login and gain access to the GUI:
To be continued…
Mission accomplished! You should now have the controller up and running. The next step would be to add an AP and configure an SSID.
RESOURCES
- Cisco Catalyst C9800-CL Wireless Controller Virtual Deployment Guide: www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-8/b_c9800_wireless_controller_virtual_dg.html
- Catalyst 9800 CL Install Guide: www.cisco.com/c/en/us/td/docs/wireless/controller/9800/9800-cloud/installation/b-c9800-cl-install-guide.pdf
- Release Notes for Cisco Catalyst 9800 Series Wireless Controller, Cisco IOS XE Gibraltar 16.11.x: www.cisco.com/c/en/us/td/docs/wireless/controller/9800/16-11/release-notes/rn-16-11-9800.html
- C9800-CL for my Homelab by Tim Saas: http://wifi-blog.com/2019/01/31/c9800-cl-for-my-homlab/
[…] some of the odd traps that the Day-0 provisioning GUI will force on you. François Vergès wrote an awesome blog around how he preformed this. I have shamelessly copied his last section into this section of the […]