You can use “ software install file ” command to install new software onto your switch. 106 thoughts on “Getting Started with 3850”.
Distributing, installing, updating and uninstalling software applications are common tasks in all enterprises. These tasks include a lot of processes and usually take up a lot of administrators' time and resources. Each of these tasks has to be completed in individual computers. The Software Deployment feature in Desktop Central enables administrators to distribute, install, update and uninstall software applications remotely as well as automatically. Features The Software Deployment feature in Desktop Central enables you to complete the following tasks:.
Create a repository of packages. This enables administrators to re-use packages any number of times to install or uninstall the software applications. Deploy both MSI and EXE-based software applications. Use the set of predefined templates to deploy software applications.
Cisco 3850 Software Install File Flash
Perform pre-deployment activities for software installation/ uninstallation. Install software applications as a specific user using the Run As option. Copy the installables to computers before installing software applications. Schedule deployment of software applications. Uninstall MSI and EXE-based software applications.
Desktop Central's Windows Installer feature improves the administrator's productivity by supporting remote MSI & EXE software/application deployment. Desktop Central can automatically install MSI & EXE software to users or computers at a scheduled time. Desktop Central supports software installation to users and computers or mass installation to OUs, Domains and Sites. Creating Software Repositories Software repositories are used to store software packages. These packages can either be for MSI-based software applications or EXE-based software applications. A software package added in Desktop Central will have the location of the installation files along with the installation and uninstallation commands. A package once added can be used to deploy the software any number of times by just defining a configuration.
Pre-Deployment Activities For ensuring a smooth and successful software deployment, Desktop Central provides the option to validate a set of conditions before a software installation/ uninstallation. The pre-deployment activities include checking for previous software versions, running processes of dependant executables, free disk space etc. Upon validation of each of these conditions, you can decide on proceeding with or skipping the installation/ uninstallation. Scheduled Software Deployment Desktop Central allows administrators to schedule a software deployment to users and computers after a specified time. This is very useful in deploying the software after business hours to ensure users/computers are not affected due to this deployment. The network traffic will also be minimum at off hours. Visibility on Software Installation Status Desktop Central does not stop with just installing MSI/EXE software in the user machines; it also provides the status of the installation for the administrator to check whether the installation was successful in all the configured systems.
The software installation status is made available in the Desktop Central client, which can be accessed from anywhere in the network through a web browser. Uninstalling MSI and EXE-based Software In addition to installation of Windows software, Desktop Central also provides an ability to uninstall the MSI software applications that have been installed using Desktop Central. The details of the installed software are maintained under the configurations. The administrator can just open the configuration, edit it and choose to remove the software that was previously installed.
For more details, refer to the topic in the online help. Deploying Software Applications Using Templates The Templates tab in the Software Deployment section comprises of predefined applications that you can use to create packages automatically. This functionality downloads binaries from the respective vendors' websites to create packages automatically. You can create a single package or multiple packages from the Templates tab and deploy them to target computers.
In this post we will see how to configure a Cisco3850 switch for basic wireless connectivity. This is part of Converged Access product platform & you should have some familiarity with new architecture (which will not discussed in this post). Here ae the few key points you need to remember when using 3850 as WLC.
You have to attach your access points directly to your 3850 switches (yes, every wiring closet you should have this in order to all building AP to be connect to this new environment) 2. Wireless management vlan & AP management vlan should be identical.
If you configure vlan 21 as wireless management in 3850 switch all your APs connected to this switch should be on access vlan 21. You need to have Mobility Controller (MC) functionality in your network (MC functionality can be in the same 3850 switch, another 3850 switch or 5508/5760 centralized controller). By default, when you enable wireless management, switch will act as Mobility Agent (MA) & not able to register an AP without a MC since license are reside on MC. “ipbase” or “ipservices” feature set to be there for MC functionality.”lanbase” cannot be used for MC functionality switch stack. Given 3850 switch stack can support maximum 50 APs. In my lab setup I have two 3850 switches stacked together.
Before getting started, we will ensure we will have latest software code on this switch. At the time of this write up, IOS-XE 3.2.3SE is the latest code available for this 3850 platform.
File Download Software Install Program
You can refer for more details of the features/restrictions/etc. Let’s copy this new image to flash of our 3850. 3850-1# copy tftp://192.168.20.51/firmware/cat3kcaa-universalk9.SPA.03.02.03.SE.150-1.EX3.bin flash: Destination filename cat3kcaa-universalk9.SPA.03.02.03.SE.150-1.EX3.bin? Accessing tftp://192.168.20.51/firmware/cat3kcaa-universalk9.SPA.03.02.03.SE.150-1.EX3.bin. Loading firmware/cat3kcaa-universalk9.SPA.03.02.03.SE.150-1.EX3.bin from 192.168.20.51 (via Vlan999):!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
OK - 223743040 bytes There are two modes called “INSTALL” & “BUNDLE” available in these new switches. If you want to boot in “INSTALL” mode you have to copy the image onto flash first. In “BUNDLE” mode, you can still keep the image on TFTP & boot from there if required. But in BUNDLE mode switch require more memory to do this function & preferred method is do it via “INSTALL” mode. You can use “ software install file ” command to install new software onto your switch. At the end it will prompt to reload the switch as shown below. 3850-1# software install file flash:cat3kcaa-universalk9.SPA.03.02.03.SE.150-1.EX3.bin Preparing install operation.
I am really surprise to know that AP has to connect directly and also in the same VLAN. At present, we have 5508 in melbourne where all the APs from Malaysia, Brisbane, Sydney, Canberra and Hobart are registered. Of course, they are in different VLAN. Recently, I have deployed Cisco 3850 in Sydney and having plan to make that as a foreign controller and 5508 as an anchor controller, which will be providing Guest wi-fi. But, after knowing these fact, I am bit confused about the solution?
Hi Rasika I love this device, I have seen so many applications such as login with Facebook credentials and other cases that are publish on the Cisco Website, where do I find some information on how to do this kind of configuration (the facebook one); I know I need the Mobility Engine and other stuffs. I want some information about this, because I want to make some implementations like that, this is something new for me, as a CCNA Wireless; I hope I’m not the only noob guy here Best Regards Alvaro Rugama. Since APs need to directly connect to 3850, if you have a single stack at your branch, then APs will be down when 3850 goes down. So you won’t be able to register them to 5508. Even if you have multiple 3850 stacks at your branch (one acting as MC) & MC is down, still other APs will work in MAs. They won’t failback to 5508.
So bottom line is, you can have mobility configured for guest type WLAN services, but for AP perspective you cannot register branch APs to central office 5508 in case of branch 3850 failure. HTH Rasika. I just wrote to you on another thread, yet here is the answer! Do you have a Cisco hyperlink that covers your last sentence in more detail (So bottom line is, you can have mobility configured for guest type WLAN services, but for AP perspective you cannot register branch APs to central office 5508 in case of branch 3850 failure)?
In my scenario, was keen to have one (1) “5508” hosting LAPs (primary controller), then – if it falls over – (2) have all the LAPS swing to “3508” integrated controller (secondary controller) Grateful either way to have the Cisco link so I can get the terminology correctly. Hi, I’m wondering if you can use a 5760 as a MC and have your 3850’s as MA’s and also use the MC as a static mobility anchor for Guest.
Since the 5760 supports multiple LAG’s you could connect one LAG into the core for wireless management, and another into the DMZ to drop off guest and cut out the requirement for a guest anchor. Do you know if a MC can also act as a static mobility anchor for MA’s that are registered to it, or does this require a mobility peer which is only MC to MC tunnel? Hello Rasika, I will get my hands on several stacks next month. I posted a question to the cisco 3850 community about the licensing.
So i am not sure if you have come acros this secenario yet. Basically, I will have a stack of 3 x 3850’s MC will be the master stack and apply the AP adder license to each member Les say i have 10 AP licenses, i would apply 4 on the master stack, 4 on the second and 2 on the last stack member as I intend to connect that many APs So coming actually to the upgrade license to operate the wireless function. If i apply and active the MC on the master stack, i believe that there will no redundancy in the event the master stack fails.
I believe that i need to order a separate license and apply this onto the 2nd stack switch so that this can take over the wifi etc. In the event of a failure on stack 1 (master). I could not find anything useful on CCO relating to this topic yet unfortunately, so i am reaching out to you as you are considered as an helpful and clever expert that that field. Best wishes Markus. Firstly, Thank you for a brilliant post.
I wanted to know what your thoughts are on management vlans. In our wired only infrsatrutcutre we have a management VLAN already. We want wireless now, if we use the wireless ability of the c3850 should we create another management VLAN specifically for wireless devices and keep it separate from wired management devices (e.g.
Other switches) or use the existing management vlan we have in place for AP amangement and wireless management? What do you think is best? Hi navarasj, thank YOu first for Your informational blog about 3850 with integrated WLAN.
I’m also sitting in front of a new box of this type having only experience with 5508 WLCs. Please help me with a question regarding AP licencing on this device. I’m worried with the way how to activate WLAN AP licenses on this box. You are using the simple command in Your Post to activate 25 licenses 3850-1#license right-to-use activate apcount 25 slot 2 acceptEULA I expected that one have to use a activation code or license key that was bought and received from Cisco on beforehand. To me it looks like You can activate licences with this command without buying them and entering a activation code!?
Please advise Thanks Wini. Great discussion. I have a 5508 as MC and several 3850 stacks as MA. Now we are deploying a big site with many 3850 stacks.
We have this time same Layer2 for all stacks on the wireless management. I see when deploying the first one that some APs not belonging to the switch (physyically) join my 3850, download software. But after they reboot they don´t seem to be able to join again. Wonder if anyone has tried this design and if it will create any problems? I will try to add the next stack and see how this goes. Perhaps it is only a problem when the AP join first and after they got their own 3850 up and running as MA they won´t cross join stacks again. I may post my results later on if I get a conclusion.
Hi Nayarasi Thanks for a great blog! Im just about to start a wireless converged access project and i have some question i hope you can help me with. Im deploying a solution with a central 5760 as MC and totally 6 3850 as MA, can i deploy all this on the same mgmt vlan? And also the same SPG? Can all the layer 3 interface for client vlan be attached to the Core switch in the network or do i need to configure this on the 3850? Do you also know of a good documentation of setting up 5760 in HA (stacking)?
Hi Erik, If 5760 & 3850 will be in same layer 2 network, yes you can put management into same vlan. (in my case 5760 with L3 separation) If all 3850 stacks are in close by buildings where users roam frequently, then you can put all of them in same SPG.
If you have layer 2 access, where all your SVI defined on core/distribution switch, then I would not define any user SVI on 3850 stacks. Simply enable DHCP snooping for those vlans on 3850 & leave SVI on distribution/core. Only SVI required on 3850 are wireless management & switch management SVI if they are two different. Otherwise simply one SVI.
Here is a 5760 HA configuration doc, hope it is useful to you ( I haven’t configure this by myself) HTH Rasika. Hi Rasika, Your blog is awesome and i gained a lot of knowledge from mrncciew. I am having a doubt regarding IP addressing in converged access.
I am having 3×3850 as my MA, 5508 as MC and 5508 as GA. We need to have 2 ssid’s, guest and corporate ssid.so how many vlans we should create? My guess is this 3850 – 1 x vlan-corp, 1 x vlan-WifiMgmt 5800 MC – 1 x vlan-corp, 1 x vlan-WifiMgmt 5800 GA – 1 x vlan-guest, 1 x vlan-Wifimgmt Or do i need to create guest vlan in 5800 MC? Also in 3850 MA? Also, does the WifiMgmt vlan for 3850, 5800-MC, 5800-GA needs to be Layer2? The GA sits in DMZ and 5800-MC sits in server farm. Appreciate your help and please keep writing.
Regards, dathan. Hi Rasika Thanks for the sharing. I have deployed my office wireless (Cisco 3650) using the same concept you mentioning in this article. However, the management decided to have another SSID for guest access by using the same architect we have. My existing network infra hardware are these. 1 x Cisco Catalyst 3650 switch (provision as MC) 6 x Cisco Aironet 2700i 1 x Fortigate firewall 100D My questions is, will i able to create another SSID for guest and assign them to use the DMZ by using the same architect? Best regards, Adam.
I have air-cap2702i-a-k9 directly connected to 3850 gi 1/0/4. I followed your instructions but AP is still not joining in. What am I missing? Ipservices permanent N/A Lifetime Switch Ports Model SW Version SW Image Mode —— —– —– ———- ———- —- 1 32 WS-C3850-24P 03.02.03.SE cat3kcaa-universalk9 INSTALL Switch#show ap summary Number of APs: 0 Global AP User Name: Not configured Global AP Dot1x User Name: Not configured Switch#show int gi 1/0/4 GigabitEthernet1/0/4 is up, line protocol is up (connected) Switch#show run int vlan21 Building configuration Current configuration: 63 bytes! Interface Vlan21 ip address 192.168.21.1 255.255.255.0 end Switch#show run int gi 1/0/4 Building configuration Current configuration: 113 bytes!
Interface GigabitEthernet1/0/4 switchport access vlan 21 switchport mode access spanning-tree portfast end wireless mobility controller wireless management interface Vlan21. Hi Rasika, I went through the forum and its very useful and it help us to understand things easily. We were trying to connect one 3702 AP with 3650 WLC and note that it will not directly connected with 3650 WLC.WLC acting as an MC. Also our setup with foreign-anchor topology.
3650 acting as a foreign controller and 2504 acting as a Anchor and its placed in DMZ Zone. 3702 AP sends the join request and download the IOS image from WLC but the registration wasn’t successful and again started with downloading process. When i checked with cisco, they were saying that 3650 wlc will support non directly attached AP.
3650 IOS Version 3.7.3 Appreciate your help and thoghts. Hello Pert and Rasika I’m using Denali 16.2.1 code on the 3650 and Also can not figure out why I can not SSH to my switch when connected over WIFI. When Wired it works without issues.
I have the following command entered wireless mgmt-via-wireless but I’m still unable to SSH to the unit. The other issue that is bothering me is that my “PSK” password shows in clear text in the running config. Rasika I found an earlier post you had on support forms that shows a workaround using a ASCII to HEX conversion that I used as a workaround but I was hoping there was a command that can do this. Hello Rasika, I am just wondering if you had ever tried guest management with Cisco ISE on Catalyst 3650. The follow are some of the config I use but could not achieve guest management. The switch is running version Denali 16.1.2, RELEASE SOFTWARE (fc1).
It has RACL and DACL define in switch and ISE respectively. Sign In. We define our parameter as: parameter-map type webauth global type webauth virtual-ip ipv4 1.1.1.1 redirect for-login redirect portal ipv4 172.16.6.151 intercept-https-enable! The above was apply on wlan for guest.
But redirection did not work. Because I am not able to lay hand on spare switch I could not test further because this current switch is in production. I need to conclude if the issues is with IOS version or the config.
If you have done it before with the same IOS version then it means it is possible at least it will give me an head up. Thanks in advance. Hello from Me. I am Michael.
My question is about a 3850 acting as switch and soon as wlc parallel. You say upper that the AP must be directly connected to the switch (3850). This is for the first time or the AP must stay connected on 3850? After the AP takes the software from the controller (3850) then can I place the AP some ware in my network and the AP belong in 3850 ‘s APs database? I have already an 5508 In HA and recently I bought a 3850 switch and now I want to exploit the 50 license of the swich. Follow Blog via Email Enter your email address to follow this blog and receive notifications of new posts by email. Join 1,241 other followers Blog Stats.
3,310,130 hits Recent Posts. Popular Now!.
Follow me on Twitter Categories. Blogs I Follow. Archives. (1). (2).
(1). (1). (1). (2). (3).
(1). (1). (2). (1).
(1). (1). (1).
(1). (1). (1).
(1). (2). (2). (12). (26).
(20). (14). (2).
(5). (3). (3). (1).
(10). (12). (4). (3).
(6). (6).
(10). (10). (23). (26). (50).
(17). (14). (14). (9). (5). (1).
(1). (1).
(1) G+.