Setup Cisco Catalyst 9800 Controller On Your Laptop
In this article, we will explain how to install the new Cisco Catalyst 9800-CL controller on a VM (under VMFusion) on macOS.
The goal here is to have a lab controller that you can bring with you wherever you go and can be booted anytime and intended to be used for testing purposes.
This is the first article of a series of Cisco Catalyst 9800-CL article.
Note: If you want to know how to set it up on a VMware ESXI platform, please check out Rowell Dionicio‘s article: https://rowelldionicio.com/deploying-cisco-catalyst-9800-controller-on-vmware-esxi/
STEP 1: DOWNLOAD THE CONTROLLER IMAGE
Here is the link (you will have to log in using your Cisco credentials): https://software.cisco.com/download/home/286322605/type/282046477/release/Gibraltar-16.11.1b
STEP 2: CREATE A NEW VM IN VMWARE FUSION VM
STEP 3: CHANGE THE VM SETTINGS USING THE GUI
STEP 4: CHANGE THE VM SETTINGS USING THE CONFIGURATION FILE (.VMX)
Before we start the VM, we need to adjust the network settings. In my case, the network settings were greyed out in the VM settings. So I couldn’t modify them using the GUI. I had to modify the configuration file of the VM in order to adjust the network settings.
/Users/francoisverges/Virtual Machines.localized/C9800-Lab.vmwarevm/C9800-Lab.vmx
Here is what we need to do:
- Network Adapter 1: Configure the first network interface as a “custom” interface on a local network. This will be used as the management interface of the controller.
- Network Adapter 2: Configure the second network interface behind the Wi-Fi card. This will be used to connect the Wi-Fi clients to the internet.
semfio (0) > pwd /Users/francoisverges/Virtual Machines.localized/C9800-Lab.vmwarevm semfio (0) > nano C9800-Lab.vmx
Here is how to configure the first network adapter in the configuration file, change your configuration file accordingly:
ethernet0.connectionType = "custom" ethernet0.addressType = "generated" ethernet0.virtualDev = "vmxnet3" ethernet0.linkStatePropagation.enable = "TRUE" ethernet0.present = "TRUE" ethernet0.vnet = "vmnet2" ethernet0.bsdName = "en7"
ethernet1.connectionType = "custom" ethernet1.addressType = "generated" ethernet1.virtualDev = "vmxnet3" ethernet1.present = "TRUE" ethernet1.vnet = "vmnet4" ethernet1.bsdName = "en0" ethernet1.displayName = "Wi-Fi" ethernet1.linkStatePropagation.enable = "TRUE"
STEP 5: START THE VM FOR THE FIRST TIME
STEP 6: CATALYST 9800 INITIAL SETUP VIA CLI
I usually like to perform the inital setup via CLI. The new Catalyst 9800 allows you to do it. But first, you need to decline the autoinstall.
When asked to start the initial configuration dialog, write “no”. Then press RETURN when asked to terminate the autoinstall. Press RETURN one more time and you should then see the WLC prompt:
--- System Configuration Dialog --- Would you like to enter the initial configuration dialog? [yes/no]: no Would you like to terminate the autoinstall? [yes] Press RETURN to get started! WLC>
Then you will need to configure the following:
- Configure the enable password
- Create an admin account
- Configure the network interface G1
- Configure a default route
- Configure the country code
- Configure which interface will be used for management purposes (G1 in our case)
- Generate the certificate that will be used to establish DTLS connections with the APs
WLC(config)# enable secret secret_password WLC(config)# username admin privilege 15 secret user_password WLC(config)# interface g1 WLC(config-if)# no switchport WLC(config-if)# ip address 10.0.0.10 255.255.255.0 WLC(config-if)# shut WLC(config-if)# no shut WLC(config-if)# exit WLC(config)# ip route 0.0.0.0 0.0.0.0 10.0.0.1 WLC(config)# ap dot11 5ghz shutdown Disabling the 802.11a network may stand mesh APs Are you sure you want to continue? (y/n)[y]: WLC(config)# ap dot11 24ghz shutdown Disabling the 802.11b network may stand mesh APs Are you sure you want to continue? (y/n)[y]: WLC(config)# ap country CA WLC(config)# wireless management interface g1 WLC(config)# exit WLC# wireless config vwlc-ssc key-size 2048 signature-algo sha256 password 0 SemFio1234! WLC# show wireless management trustpoint
Notes:
- The IP address used here is specific to my setup. Please use one relevant to your network topology.
- The passwords have not been disclosed here, please replace “secret_password” and “user_password” by the passwords you want to use
- Configure these items in the proper order if you want to avoid issues
- The last command doesn’t configure anything, it is just used to validate that the trustpoint has been generated properly
- Since we are disabling the 802.11a and 802.11b radios to configure the country code, you will have to renable them later if you want your APs to be operational
Mission accomplished! You should now have the controller up and running. The next step would be to add an AP and configure an SSID.
RESOURCES
- Cisco Catalyst C9800-CL Wireless Controller Virtual Deployment Guide: www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-8/b_c9800_wireless_controller_virtual_dg.html
- Catalyst 9800 CL Install Guide: www.cisco.com/c/en/us/td/docs/wireless/controller/9800/9800-cloud/installation/b-c9800-cl-install-guide.pdf
- Release Notes for Cisco Catalyst 9800 Series Wireless Controller, Cisco IOS XE Gibraltar 16.11.x: www.cisco.com/c/en/us/td/docs/wireless/controller/9800/16-11/release-notes/rn-16-11-9800.html
- C9800-CL for my Homelab by Tim Saas: http://wifi-blog.com/2019/01/31/c9800-cl-for-my-homlab/
[…] some of the odd traps that the Day-0 provisioning GUI will force on you. François Vergès wrote an awesome blog around how he preformed this. I have shamelessly copied his last section into this section of the […]