CH A P T E R
7
Controlling Lightweight Access Points
This chapter describes the Cisco lightweight access points and explains how to connect them to the
controller and manage access point settings. It contains these sections:
•
The Controller Discovery Process, page 7-2
•
Cisco 1000 Series Lightweight Access Points, page 7-4
•
Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access Points, page 7-9
•
Autonomous Access Points Converted to Lightweight Mode, page 7-44
•
Cisco Workgroup Bridges, page 7-50
•
Configuring Country Codes, page 7-58
•
Migrating Access Points from the -J Regulatory Domain to the -U Regulatory Domain, page 7-64
•
Dynamic Frequency Selection, page 7-67
•
Retrieving the Unique Device Identifier on Controllers and Access Points, page 7-68
•
Performing a Link Test, page 7-70
•
Configuring Power over Ethernet, page 7-73
•
Configuring Flashing LEDs, page 7-76
Cisco Wireless LAN Controller Configuration Guide
OL-11336-02
7-1
Chapter 7
Controlling Lightweight Access Points
The Controller Discovery Process
The Controller Discovery Process
Cisco’s lightweight access points use the Lightweight Access Point Protocol (LWAPP) to communicate
between the controller and other lightweight access points on the network. In an LWAPP environment,
a lightweight access point discovers a controller by using LWAPP discovery mechanisms and then sends
it an LWAPP join request. The controller sends the access point an LWAPP join response allowing the
access point to join the controller. When the access point joins the controller, the controller manages its
configuration, firmware, control transactions, and data transactions.
Note
You must install software release 4.0.155.0 or greater on the controller before connecting 1100 and 1300
series access points to the controller. The 1120 and 1310 access points were not supported prior to
software release 4.0.155.0.
Note
The Cisco controllers cannot edit or query any access point information using the CLI if the name of the
access point contains a space.
Lightweight access points must be discovered by a controller before they can become an active part of
the network. The lightweight access points support these controller discovery processes:
•
Layer 3 LWAPP discovery—Can occur on different subnets from the access point and uses IP
addresses and UDP packets rather the MAC addresses used by Layer 2 discovery.
•
Layer 2 LWAPP discovery—Occurs on the same subnet as the access point and uses encapsulated
Ethernet frames containing MAC addresses for communications between the access point and the
controller. Layer 2 LWAPP discovery is not suited for Layer 3 environments.
•
Over-the-air provisioning (OTAP)—This feature is supported by Cisco 4400 series controllers. If
this feature is enabled on the controller, all associated access points transmit wireless LWAPP
neighbor messages, and new access points receive the controller IP address from these messages.
This feature should be disabled when all access points are installed.
•
Locally stored controller IP address discovery—If the access point was previously associated to
a controller, the IP addresses of the primary, secondary, and tertiary controllers are stored in the
access point’s non-volatile memory. This process of storing controller IP addresses on access points
for later deployment is called priming the access point.
•
DHCP server discovery—This feature uses DHCP option 43 to provide controller IP addresses to
the access points. Cisco switches support a DHCP server option that is typically used for this
capability. For more information about DHCP option 43, see the “Using DHCP Option 43” section
on page 7-47.
•
DNS discovery—The access point can discover controllers through your domain name server
(DNS). For the access point to do so, you must configure your DNS to return controller IP addresses
in response to CISCO-LWAPP-CONTROLLER.localdomain, where localdomain is the access point
domain name. When an access point receives an IP address and DNS information from a DHCP
server, it contacts the DNS to resolve CISCO-LWAPP-CONTROLLER.localdomain. When the DNS
sends a list of controller IP addresses, the access point sends discovery requests to the controllers.
Cisco Wireless LAN Controller Configuration Guide
7-2
OL-11336-02
Chapter 7
Controlling Lightweight Access Points
The Controller Discovery Process
Verifying that Access Points Join the Controller
When replacing a controller, you need to make sure that access points join the new controller.
Using the GUI to Verify that Access Points Join the Controller
Follow these steps to ensure that access points join the new controller.
Step 1
Follow these steps to configure the new controller as a master controller.
a.
Click Controller > Master Controller Mode to access the Master Controller Configuration page.
b.
Check the Master Controller Mode check box.
c.
Click Apply to commit your changes.
d.
Click Save Configuration to save your changes.
Step 2
(Optional) Flush the ARP and MAC address tables within the network infrastructure. Ask your network
administrator for more information about this step.
Step 3
Restart the access points.
Step 4
Once all the access points have joined the new controller, configure the controller not to be a master
controller by unchecking the Master Controller Mode check box on the Master Controller
Configuration page.
Using the CLI to Verify that Access Points Join the Controller
Follow these steps to ensure that access points join the new controller.
Step 1
To configure the new controller as a master controller, enter this command:
config network master-base enable
Step 2
(Optional) Flush the ARP and MAC address tables within the network infrastructure. Ask your network
administrator for more information about this step.
Step 3
Restart the access points.
Step 4
To configure the controller not to be a master controller once all the access points have joined the new
controller, enter this command:
config network master-base disable
Cisco Wireless LAN Controller Configuration Guide
OL-11336-02
7-3
Chapter 7
Controlling Lightweight Access Points
Cisco 1000 Series Lightweight Access Points
Cisco 1000 Series Lightweight Access Points
The Cisco 1000 series lightweight access point is a part of the innovative Cisco Unified Wireless
Network (UWN) Solution. When associated with controllers as described below, the Cisco 1000 series
lightweight access point provides advanced 802.11a and/or 802.11b/g access point functions in a single
aesthetically pleasing plenum-rated enclosure. Figure 7-1 shows the two types of Cisco 1000 Series
IEEE 802.11a/b/g lightweight access point: without and with connectors for external antennas.
Figure 7-1
1000 Series Lightweight Access Points
The Cisco WLAN Solution also offers 802.11a/b/g Cisco 1030 Remote Edge Lightweight Access Points,
which are Cisco 1000 series lightweight access points designed for remote deployment, radio resource
management (RRM) control via a WAN link, and which include connectors for external antennas.
The Cisco 1000 series lightweight access point is manufactured in a neutral color so it blends into most
environments (but can be painted), contains pairs of high-gain internal antennas for unidirectional
(180-degree) or omnidirectional (360-degree) coverage, and is plenum-rated for installations in hanging
ceiling spaces.
In the Cisco Wireless LAN Solution, most of the processing responsibility is removed from traditional
small office, home office (SOHO) access points and resides in the controller.
Note
New Cisco 1000 series lightweight access points for the United States, Canada, and the Philippines do
not support the UNII-2 band (5.25 to 5.35 GHz). These models are labeled AP10x0-B, where “B”
represents a new regulatory domain that replaces the previous “A” domain.
Cisco Wireless LAN Controller Configuration Guide
7-4
OL-11336-02
Chapter 7
Controlling Lightweight Access Points
Cisco 1000 Series Lightweight Access Points
Cisco 1030 Remote Edge Lightweight Access Points
The only exception to the general rule of lightweight access points being continuously controlled by
Cisco Wireless LAN Controllers is the Cisco 1030 IEEE 802.11a/b/g remote edge lightweight access
point (Cisco 1030 remote edge lightweight access point). The Cisco 1030 remote edge lightweight
access point is intended to be located at a remote site, initially configured by a Cisco Wireless LAN
Controller, and normally controlled by a Cisco Wireless LAN Controller.
However, because the Cisco 1030 remote edge lightweight access point bridges the client data
(compared with other Cisco 1000 series lightweight access points, which pass all client data through
their respective Cisco Wireless LAN Controller), if the WAN link breaks between the Cisco 1030 remote
edge lightweight access point and its Cisco Wireless LAN Controller, the Cisco 1030 remote edge
lightweight access point continues transmitting wireless LAN 1 client data through other Cisco 1030
remote edge lightweight access points on its local subnet. However, it cannot take advantage of features
accessed from the Cisco Wireless LAN Controller, such as establishing new VLANs, until
communication is reestablished.
The Cisco 1030 remote edge lightweight access point includes the traditional SOHO (small office, home
office) AP processing power, and thus can continue operating if the WAN link to its associated Cisco
Wireless LAN Controller fails. Because it is configured by its associated Cisco Wireless LAN
Controller, it has the same wireless LAN configuration as the rest of the Cisco Wireless LAN Solution.
As long as it remains connected to its Cisco Wireless LAN Controller, it varies its transmit power and
channel selection under control of the RRM, and performs the same rogue access point location as any
other Cisco 1000 series lightweight access point.
Note that the Cisco 1030 remote edge lightweight access point can support multiple wireless LANs while
it is connected to its Cisco Wireless LAN Controller. However, when it loses connection to its Cisco
Wireless LAN Controller, it supports only one wireless LAN on its local subnet.
Figure 7-2 shows a typical Cisco 1030 remote edge lightweight access point configuration:
Figure 7-2
Typical 1030 Lightweight Access Point Configuration
Cisco Wireless LAN Controller Configuration Guide
OL-11336-02
7-5
Chapter 7
Controlling Lightweight Access Points
Cisco 1000 Series Lightweight Access Points
Note that the Cisco 1030 remote edge lightweight access point must have a DHCP server available on
its local subnet, so it can obtain an IP address upon reboot. Also note that the Cisco 1030 remote edge
lightweight access points at each remote location must be on the same subnet to allow client roaming.
Cisco 1000 Series Lightweight Access Point Models
The Cisco 1000 series lightweight access point includes one 802.11a and one 802.11b/g radio. The Cisco
1000 series lightweight access point is available in the following configurations:
•
AP1010—A 1000 series access point with four high-gain internal antennas and no external antenna
adapters.
•
AP1020—A 1000 series access point with four high-gain internal antennas and one 5-GHz external
antenna adapter and two 2.4-GHz external antenna adapters.
•
AP1030—A 1030 remote edge access point with four high-gain internal antennas and one 5-GHz
external antenna adapter and two 2.4-GHz external antenna adapters.
The 1000 series access point is shipped with a color-coordinated ceiling mount base and hanging-ceiling
rail clips. You can also order projection- and flush-mount sheet metal wall mounting bracket kits. The
base, clips, and optional brackets allow quick mounting to ceiling or wall. The access point can be
powered by power over Ethernet or by an external power supply.
Cisco 1000 Series Lightweight Access Point External and Internal Antennas
The Cisco 1000 series lightweight access point enclosure contains one 802.11a or one 802.11b/g radio
and four (two 802.11a and two 802.11b/g) high-gain antennas, which can be independently enabled or
disabled to produce a 180-degree sectorized or 360-degree omnidirectional coverage area.
Note
Cisco 1000 series lightweight access points must use the factory-supplied internal or external antennas
to avoid violating FCC requirements and voiding the user’s authority to operate the equipment.
Note that the wireless LAN operator can disable either one of each pair of the Cisco 1000 series
lightweight access point internal antennas to produce a 180-degree sectorized coverage area. This feature
can be useful, for instance, for outside-wall mounting locations where coverage is only desired inside
the building, and in a back-to-back arrangement that can allow twice as many clients in a given area.
External Antenna Connectors
The AP1020 and AP1030 have male reverse-polarity TNC jacks for installations requiring
factory-supplied external directional or high-gain antennas. The external antenna option can create more
flexibility in Cisco 1000 series lightweight access point antenna placement.
Note
The AP1010 is designed to be used exclusively with the internal high-gain antenna. It has no jacks for
external antennas.
Note that the 802.11b/g 2.4 GHz Left external antenna connector is associated with the internal Side A
antenna, and that the 2.4 GHz Right external antenna connector is associated with the internal Side B
antenna. When you have 802.11b/g diversity enabled, the Left external or Side A internal antennas are
diverse from the Right external or Side B internal antennas.
Cisco Wireless LAN Controller Configuration Guide
7-6
OL-11336-02
Chapter 7
Controlling Lightweight Access Points
Cisco 1000 Series Lightweight Access Points
Also note that the 802.11a 5 GHz Left external antenna connector is separate from the internal antennas,
and adds diversity to the 802.11a transmit and receive path. Note that no external 802.11a antennas are
certified in FCC-regulated areas, but external 802.11a antennas may be certified for use in other
countries.
Antenna Sectorization
Note that the Cisco WLAN Solution supports Antenna Sectorization, which can be used to increase the
number of clients and/or client throughput a given air space. Installers can mount two Cisco 1000 series
lightweight access points back-to-back, and the Network operator can disable the second antenna in both
access points to create a 360-degree coverage area with two sectors.
Installers can also mount Cisco 1000 series lightweight access points on the periphery of a building and
disable the Side B internal antennas. This configuration can be used to supply service to the building
interior without extending coverage to the parking lot, at the cost of eliminating the internal antenna
diversity function.
Cisco 1000 Series Lightweight Access Point LEDs
Each Cisco 1000 series lightweight access point is equipped with four LEDs across the top of the case.
They can be viewed from nearly any angle. The LEDs indicate power and fault status, 2.4-GHz
(802.11b/g) Cisco radio activity, and 5-GHz (802.11a) Cisco radio activity.
This LED display allows the wireless LAN manager to quickly monitor the Cisco 1000 series
lightweight access point status. Here is the expected LED behavior. Note that the LED behavior is the
same for both Layer 2 and Layer 3 LWAPP mode until you get to step 6.
1.
During discovery, the LEDs turn on and off, one after another.
2.
The LEDs turn off, and then the Power LED turns on.
3.
If the radio state is Up, then the 2.4- or 5-GHz LED is on. If the radio state is Down, then the 2.4or 5-GHz LED is off.
4.
Before the access point joins the controller, its radio state is in the Up state in order to perform
over-the-air-provisioning (OTAP).
5.
The access point turns its radio Down and sends a join request to the controller. The controller
responds and configures the access point to turn its radio Up again.
6.
Because there are more configurations for Layer 3 mode than Layer 2 mode, you may notice a
difference in the LED behavior. In Layer 2 mode, the radio LED turns off and on so quickly that you
probably cannot see it. However, in Layer 3 mode, it takes much longer for the radio to turn off and
on, so you can see when this occurs.
For more detailed LED troubleshooting instructions, refer to the hardware installation guide for the
access point.
Cisco Wireless LAN Controller Configuration Guide
OL-11336-02
7-7
Chapter 7
Controlling Lightweight Access Points
Cisco 1000 Series Lightweight Access Points
Cisco 1000 Series Lightweight Access Point Connectors
The AP1020 and AP1030 Cisco 1000 series lightweight access points have the following external
connectors:
•
One RJ-45 Ethernet jack, used for connecting the Cisco 1000 series lightweight access point to the
network.
•
One 48 VDC power input jack, used to plug in an optional factory-supplied external power adapter.
•
Three male reverse-polarity TNC antenna jacks, used to plug optional external antennas into the
Cisco 1000 series lightweight access point: two for an 802.11b/g radio, and one for an 802.11a radio.
Note
The AP1010 Cisco 1000 Series lightweight access points are designed to be used exclusively
with the internal high-gain antennas, and have no jacks for external antennas.
The Cisco 1000 series lightweight access point communicates with a Cisco Wireless LAN Controller
using standard CAT-5 (Category 5) or higher 10/100 Mbps twisted pair cable with RJ-45 connectors.
Plug the CAT-5 cable into the RJ-45 jack on the side of the Cisco 1000 series lightweight access point.
Note that the Cisco 1000 series lightweight access point can receive power over the CAT-5 cable from
network equipment. Refer to Power over Ethernet for more information about this option.
The Cisco 1000 series lightweight access point can be powered from an optional factory-supplied
external AC-to-48 VDC power adapter. If you are powering the Cisco 1000 series lightweight access
point using an external adapter, plug the adapter into the 48 VDC power jack on the side of the Cisco
1000 series lightweight access point.
The Cisco 1000 series lightweight access point includes two 802.11a and two 802.11b/g high-gain
internal antennas, which provide omnidirectional coverage. However, some Cisco 1000 series
lightweight access points can also use optional factory-supplied external high-gain and/or directional
antennas. When you are using external antennas, plug them into the male reverse-polarity TNC jacks on
the side of the AP1020 and AP1030 Cisco 1000 series lightweight access points.
Note
Cisco 1000 Series lightweight access points must use the factory-supplied internal or external antennas
to avoid violating FCC requirements and voiding the user’s authority to operate the equipment.
Cisco 1000 Series Lightweight Access Point Power Requirements
Each Cisco 1000 series lightweight access point requires a 48 VDC nominal (between 38 and 57 VDC)
power source capable of providing 7 Watts. If you use +48 VDC, the connector is center positive.
Because the power supply on the access point is isolated, a negative 48-volt supply could be used. In this
case, the ground side of the supply would go to the center pole “tip,” and the negative 48-volt side would
go to the outside “ring” portion.
Cisco 1000 series lightweight access points can receive power from the external power supply (which
draws power from a 110-220 VAC electrical outlet) plugged into the side of the access point case, or
from Power over Ethernet.
Cisco Wireless LAN Controller Configuration Guide
7-8
OL-11336-02
Chapter 7
Controlling Lightweight Access Points
Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access Points
Cisco 1000 Series Lightweight Access Point External Power Supply
The Cisco 1000 series lightweight access point can receive power from an external 110-220 VACto-48 VDC power supply or from Power over Ethernet equipment.
The external power supply plugs into a secure 110 through 220 VAC electrical outlet. The converter
produces the required 48 VDC output for the Cisco 1000 series lightweight access point. The converter
output feeds into the side of the Cisco 1000 series lightweight access point through a 48 VDC jack.
Note that the AIR-PWR-1000 external power supply can be ordered with country-specific electrical
outlet power cords. Contact Cisco when ordering to receive the correct power cord.
Cisco 1000 Series Lightweight Access Point Mounting Options
Refer to the Internal-Antenna AP1010 Cisco 1000 Series IEEE 802.11a/b/g Lightweight Access Point
Quick Start Guide or the External-Antenna AP1020 and AP1030 Cisco 1000 Series IEEE 802.11a/b/g
Lightweight Access Point Quick Start Guide for the Cisco 1000 series lightweight access point mounting
options.
Cisco 1000 Series Lightweight Access Point Physical Security
The side of the Cisco 1000 series lightweight access point housing includes a slot for a Kensington
MicroSaver Security Cable. Refer to the Kensington website for more information about their security
products, or to the Internal-Antenna AP1010 Cisco 1000 Series IEEE 802.11a/b/g Lightweight Access
Point Quick Start Guide or External-Antenna AP1020 and AP1030 Cisco 1000 Series IEEE 802.11a/b/g
Lightweight Access Point Quick Start Guide for installation instructions.
Cisco 1000 Series Lightweight Access Point Monitor Mode
The Cisco 1000 series lightweight access points and Cisco Wireless LAN Controllers can perform rogue
access point detection and containment while providing regular service. The rogue access point detection
is performed across all 801.11 channels, regardless of the Country Code selected.
However, if the administrator would prefer to dedicate specific Cisco 1000 series lightweight access
points to rogue access point detection and containment, the Monitor mode should be enabled for
individual Cisco 1000 series lightweight access points.
The Monitor function is set for all 802.11 Cisco Radios on a per-access point basis using any of the Cisco
Wireless LAN Controller user interfaces.
Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access
Points
The Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access Point (hereafter referred to as
AP1500s to address models AP1505 and AP1510) are wireless devices designed for wireless client
access and point-to-point bridging, point-to-multipoint bridging, and point-to-multipoint mesh wireless
connectivity. Outdoor access points are standalone units that can be mounted on a wall or overhang, on
a rooftop pole, or on a streetlight pole.
Cisco Wireless LAN Controller Configuration Guide
OL-11336-02
7-9
Chapter 7
Controlling Lightweight Access Points
Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access Points
AP1500s are self-contained outdoor units that can be configured with a wired backhaul connection to an
Ethernet segment for a rooftop deployment or with a wireless backhaul for a pole-top deployment.
AP1500s can be installed anywhere power is available, without the need for a network connection. Using
the Cisco Adaptive Wireless Path Protocol (AWPP), the AP1500s are able to dynamically optimize the
best route to the connected network within the mesh.
AP1500s operate with controllers to provide centralized and scalable management, high security, and
mobility and are designed to easily and securely join the mesh network. The controller manages and
monitors the mesh network through either the GUI or CLI.
Two AP1500 models are available:
•
The AP1505 is equipped with a single 2.4-GHz radio used for client access and data backhaul to
other AP1500s.
•
The AP1510 is equipped with two simultaneously operating radios: a 2.4-GHz radio used for client
access and a 5-GHz radio used for data backhaul to other AP1500s.
A wide variety of antennas is available for both the AP1505 and AP1510 to provide flexibility when
deploying them over various terrains. Wireless LAN client traffic passes through the backhaul radio of
the access point or is relayed through other AP1500s until it reaches the controller Ethernet connection.
Note
A radio site survey (temporary setup of mesh links) should be conducted prior to any physical
installation of 1500 series mesh access points to verify that there is no interference to the radio signal
path due to physical structures such as trees and buildings or equipment that may be transmitting on the
same channel (co-channel interference). For detailed information on conducting site surveys and other
factors to consider when planning your network (data rate, distance between access points, interference,
and so on), refer to the Cisco Aironet 1500 Series Wireless Mesh AP Version 5.0 Design Guide at
http://www.cisco.com/en/US/products/ps6548/tsd_products_support_series_home.html
Wireless Mesh
In a wireless mesh deployment (see Figure 7-3), multiple AP1500s are deployed as part of the same
network. One or more AP1500s have a wired connection to the controller and are designated as root
access points (RAPs). Other AP1500s that relay their wireless connections to connect to the controller
are called mesh access points (MAPs). The MAPs use the AWPP protocol to determine the best path
through the other AP1500s to the controller. The possible paths between the MAPs and RAPs form the
wireless mesh that is used to carry traffic from wireless LAN clients connected to MAPs and to carry
traffic from devices connected to MAP Ethernet ports.
The mesh network can carry two types of traffic simultaneously: wireless LAN client traffic and MAP
bridge traffic. Wireless LAN client traffic terminates on the controller, and MAP bridge traffic
terminates on the Ethernet ports of the AP1500s. You need to keep in mind two important concepts when
considering the configuration of a mesh network:
•
Sector—A collection of mesh access points connected together by the AWPP and through a single
RAP to the controller.
•
Network—A collection of sectors that cover a proximate geographic area.
Membership in the mesh network is controlled in a variety of ways:
•
Each AP1500 MAC address must be entered into the MAC filter list database to ensure that the
access points are authorized to use the controller. Each controller to which the access point may
connect must have its MAC address entered into the database.
Cisco Wireless LAN Controller Configuration Guide
7-10
OL-11336-02
Chapter 7
Controlling Lightweight Access Points
Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access Points
The MAC filter list works in conjunction with the certificate that is stored in the access point’s
nonvolatile memory to provide strong security for access points connecting to the network. As such,
the MAC filter list is required for mesh access points to be able to connect to the controller.
The MAC filter lists of all controllers on a controller subnet service set must be identical
and include all the RAPs and MAPs that may connect on that subnet. Failure to have
uniform MAC filter lists on the service set may prevent access points from being able
to communicate.
Note
•
A bridge group name can be used to logically group access points into sectors. Each sector has a
unique bridge group name. Cisco recommends that you use bridge group names whenever multiple
sectors are proximate.
An access point that is unable to connect to a sector with its bridge group name temporarily connects
to the sector with the best RF characteristics so that its bridge group name can be configured. The
access point connects for short periods of time only (roughly 30 minutes) and then disconnects to
seek the sector with the correct bridge group name. When an access point connects to the network
using a mismatched bridge group name, the parent access point does not allow it to accept children
access points or clients.
Figure 7-3
Wireless Mesh Deployment
RAP
Network
WCS
MAP 4
MAP 7
MAP 2
MAP 3
MAP 6
MAP 5
MAP 8
MAP 9
148441
MAP 1
Cisco Wireless LAN Controller Configuration Guide
OL-11336-02
7-11
Chapter 7
Controlling Lightweight Access Points
Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access Points
Configuring and Deploying the AP1500
Note
For information on unpacking and initially configuring your 1500 series mesh access points, refer to the
Cisco Aironet 1500 Series Outdoor Mesh Access Point Hardware Installation Guide. You can find this
document at this URL:
http://www.cisco.com/en/US/products/ps6548/tsd_products_support_series_home.html
Before deploying the AP1500, you must perform three procedures on the controller to ensure proper
operation:
•
Add the MAC address of the access point to the controller filter list, page 7-12
•
Configure mesh parameters, page 7-15
•
Configure bridging parameters, page 7-18
Adding the MAC Address of the Access Point to the Controller Filter List
You must add the MAC address of the access point to the controller filter list in order for the access point
to be able to associate to the controller. This process ensures that the access point is included in the
database of access points authorized to use the controller. You can add the access point using either the
GUI or the CLI.
Note
You can also download the list of access point MAC addresses and push them to the controller using the
Cisco Wireless Control System (WCS). Refer to the Cisco Wireless Control System Configuration Guide
for instructions.
Using the GUI to Add the MAC Address of the Access Point to the Controller Filter List
Follow these steps to add a MAC filter entry for the access point on the controller using the controller
GUI.
Step 1
Click Security > AAA > MAC Filtering. The MAC Filtering page appears (see Figure 7-4).
Figure 7-4
MAC Filtering Page
Cisco Wireless LAN Controller Configuration Guide
7-12
OL-11336-02
Chapter 7
Controlling Lightweight Access Points
Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access Points
Step 2
Click New. The MAC Filters > New page appears (see Figure 7-5).
Figure 7-5
MAC Filters > New Page
Step 3
In the MAC Address field, enter the MAC address of the access point. The MAC address should be
entered in the following format: xx:xx:xx:xx:xx:xx.
Step 4
From the WLAN ID drop-down box, choose “Any WLAN.”
Step 5
In the Description field, enter a description of the access point. The text that you enter identifies the
access point on the controller. You may want to include an abbreviated name and the last few digits of
the MAC address, such as ap1510:62:39:10.
Step 6
From the Interface Name drop-down box, choose the controller interface (management or configured
dynamic interface) to which the access point is to connect. Management is the most commonly used
interface.
Step 7
Click Apply to commit your changes. The access point now appears in the list of MAC filters on the
MAC Filtering page.
Step 8
Click Save Configuration to save your changes.
Step 9
Repeat this procedure to add the MAC addresses of additional access points to the list.
Using the CLI to Add the MAC Address of the Access Point to the Controller Filter List
Follow these steps to add a MAC filter entry for the access point on the controller using the controller
CLI.
Step 1
To add the MAC address of the access point to the controller filter list, enter this command:
config macfilter add ap_mac wlan_id interface [description]
A value of zero (0) for the wlan_id parameter specifies any WLAN, and a value of zero (0) for the
interface parameter specifies none. You can enter up to 32 characters for the optional description
parameter.
Cisco Wireless LAN Controller Configuration Guide
OL-11336-02
7-13
Chapter 7
Controlling Lightweight Access Points
Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access Points
Step 2
To configure an IP address in the local MAC filter database, enter this command:
config macfilter ipaddress MAC_address IP_address
where MAC_address is the MAC address of the client and IP_address is the IP address that you are
assigning to the MAC address in the local MAC filter database.
This functionality is available only in the controller CLI. This feature can be used with any passive
device that does not initiate any traffic but waits for another device to start communication. Note that in
controller software 4.1.181.0 and later, you can configure a MAC-filtering IP address for a workgroup
bridge (WGB) wired client. This allows passive WGB wired clients, such as terminal servers or printers
with static IP addresses, to be added and remain in the controller’s client table while the WGB is
associated to a controller in the mobility group.
This feature allows the controller to learn the IP address of a passive client when the client sends an IAPP
message to the controller that contains only the client’s MAC address. Upon receiving this message from
the client, the controller checks the local MAC filter list (or the anchor controller’s MAC filter list if the
client has roamed) for the client’s MAC address. If an entry is found and it contains an IP address for
the client, the controller adds the client to the controller’s client table.
Step 3
Note
Unlike the MAC filtering feature for wireless clients, you are not required to enable MAC
filtering on the WLAN for WGB wired clients.
Note
WGB wired clients using MAC filtering do not need to obtain an IP address through DHCP to
be added to the controller’s client table.
To save your changes, enter this command:
save config
Cisco Wireless LAN Controller Configuration Guide
7-14
OL-11336-02
Chapter 7
Controlling Lightweight Access Points
Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access Points
Configuring Mesh Parameters
This section provides instructions for configuring the access point to establish a connection with the
controller. You can configure the necessary mesh parameters using either the GUI or the CLI. All
parameters are applied globally.
Using the GUI to Configure Mesh Parameters
Follow these steps to configure mesh parameters using the controller GUI.
Step 1
Click Wireless > Mesh to access the Mesh page (see Figure 7-6).
Figure 7-6
Step 2
Mesh Page
Modify the mesh parameters as appropriate. Table 7-1 provides a description of each parameter and its
possible values.
Cisco Wireless LAN Controller Configuration Guide
OL-11336-02
7-15
Chapter 7
Controlling Lightweight Access Points
Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access Points
Table 7-1
Mesh Parameters
Parameter
Description
Range (RootAP to MeshAP) The optimum distance (in feet) that should exist between the root access
point (RAP) and the mesh access point (MAP). This global parameter
applies to all access points when they join the controller and all existing
access points in the network.
Range: 150 to 132,000 feet
Default: 12,000 feet
Backhaul Client Access
When this feature is enabled, Cisco Aironet 1510 Access Points allow
wireless client association over the 802.11a radio. This implies that a
1510 access point may carry both backhaul traffic and 802.11a client
traffic over the same 802.11a radio. When this feature is disabled, the
AP1510 carries backhaul traffic over the 802.11a radio and allows client
association only over the 802.11b/g radio.
Default: Disabled
Security Mode
Note
This parameter is applicable only to the AP1510 because it has
two radios. However, backhaul client access is always
automatically enabled for the AP1505’s single 802.11b/g radio.
Note
After this feature is enabled, all mesh access points reboot.
Defines the security mode for mesh access points: Pre-Shared Key
(PSK) or Extensible Authentication Protocol (EAP). Only local
authentication is supported for EAP, and it is provided by the controller.
See Chapter 5 for more information on local EAP.
Options: PSK or EAP
Default: EAP
Note
External AAA authentication is not supported.
Step 3
Click Apply to commit your changes.
Step 4
Click Save Configuration to save your changes.
Using the CLI to Configure Mesh Parameters
Follow these steps to configure global mesh parameters using the controller CLI.
Note
Step 1
Refer to the “Using the GUI to Configure Mesh Parameters” section on page 7-15 for descriptions, valid
ranges, and default values of the parameters used in the CLI commands.
To specify the maximum range (in feet) of all access points in the network, enter this command:
config mesh range feet
To see the current range, enter show mesh range.
Cisco Wireless LAN Controller Configuration Guide
7-16
OL-11336-02
Chapter 7
Controlling Lightweight Access Points
Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access Points
Step 2
Step 3
To enable or disable client association on the primary backhaul (802.11a) of an access point, enter these
commands:
•
config mesh client-access {enable | disable}
•
config ap wlan {enable | disable} 802.11a Cisco_AP
•
config ap wlan {add | delete} 802.11a wlan_id Cisco_AP
To define the security mode, enter this command:
config mesh security {eap | psk}
Step 4
To save your changes, enter this command:
save config
Using the CLI to View Mesh Parameters
Use these commands to obtain information on mesh access points:
•
show Cisco_AP—Shows the mesh configuration for the specified access point.
•
show mesh client-access —Shows the status of the client-access backhaul as either enabled or
disabled. When this option is enabled, mesh access points are able to associate with 802.11a wireless
clients over the 802.11a backhaul. This client association is in addition to the existing
communication on the 802.11a backhaul between the root and mesh access points.
•
show mesh env {summary | Cisco_AP}—Shows the internal temperature of the access point, heater
status, Ethernet status, and battery details for either all access points (summary) or a specific access
point (Cisco_AP). The access point name, role (RootAP or MeshAP), and model are also shown.
– The temperature is shown in both Fahrenheit and Celsius.
– The heater status is ON or OFF.
– The Ethernet status is UP or DOWN.
– The battery details include charge, power, serial number, temperature, version, and voltage.
Note
The battery details are reported to the access point by the externally attached third-party
battery.
Note
You can also view mesh environmental details on the controller GUI on the All APs > Details
page.
Information similar to the following appears when the show mesh env {summary | Cisco_AP}
command is entered:
AP Name
AP Model
AP Role
: ap:60:6b:30
: OAP1500
: MeshAP
Temperature: 33 C, 91 F
Heater
: OFF
Ethernet
: UP
Cisco Wireless LAN Controller Configuration Guide
OL-11336-02
7-17
Chapter 7
Controlling Lightweight Access Points
Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access Points
Battery S/W version
: 01.02a
Battery Serial Number : 0638F9500006
WARNING: Replace battery
Battery Input Voltage : 120.0 V
Battery Output Voltage: 55.1 V
Battery Output Power : 12.2 W
Battery Voltage
: 52.5 V
Battery Temperature
: 23 C 73 F
Battery Charge
: 100.000 %
•
show mesh neigh {detail | summary} Cisco_AP—Shows the mesh neighbors for the specified
access point.
•
show mesh path Cisco_AP—Shows the channel and signal-to-noise ratio (SNR) details for a link
between a specified access point and its neighbor.
•
show mesh per-stats Cisco_AP—Shows the percentage of packet errors for packets transmitted by
the neighbor mesh access point.
Packet error rate percentage = 1 – (the number of successfully transmitted packets/the number of
total packets transmitted)
•
show mesh queue-stats Cisco_AP—Shows the number of bronze, silver, gold, platinum, and
management queues active on the specified access point. The peak and average length of each queue
are shown as well as the overflow count.
•
show mesh security-stats Cisco_AP—Shows packet error statistics and a count of failures,
timeouts, and successes with respect to associations and authentications as well as reassociations
and reauthentications for the specified access point and its child.
Configuring Bridging Parameters
This section provides instructions for configuring the access point’s role in the mesh network and related
bridging parameters. You can configure these parameters using either the GUI or the CLI.
Using the GUI to Configure Bridging Parameters
Follow these steps to configure bridging parameters using the controller GUI.
Step 1
Click Wireless > Access Points > All APs. The All APs page appears.
Step 2
Click the name of your mesh access point to access the All APs > Details page (see Figure 7-7).
Cisco Wireless LAN Controller Configuration Guide
7-18
OL-11336-02
Chapter 7
Controlling Lightweight Access Points
Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access Points
Figure 7-7
All APs > Details Page
On this page, the AP Mode under General is automatically set to Bridge for access points that have
bridge functionality, such as the AP1510. This page also shows the following information under Mesh
Information:
Step 3
•
The bridge type, which specifies whether the access point is designed for indoor or outdoor use. This
field is set to Outdoor for the AP1510.
•
The backhaul interface, or the radio band that this access point uses to transfer data to other
AP1510s. The only possible value is 802.11a.
Under Mesh Information, choose one of the following options to specify the role of this access point in
the mesh network:
•
MeshAP—Choose this option if the AP1510 has a wireless connection to the controller. This is the
default setting.
•
RootAP—Choose this option if the AP1510 has a wired connection to the controller.
Cisco Wireless LAN Controller Configuration Guide
OL-11336-02
7-19
Chapter 7
Controlling Lightweight Access Points
Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access Points
Note
If you upgrade to software release 4.1 from a previous release, your root access points default to
the MeshAP role. You must reconfigure them for the RootAP role.
Note
You must set the root access point to RootAP. Otherwise, a mesh network is not created.
Step 4
To assign this AP1510 to a bridge group, enter a name for the group in the Bridge Group Name field.
Step 5
Check the Ethernet Bridging check box if you want to enable Ethernet bridging on the access point.
Otherwise, uncheck this check box. The default setting is disabled (or unchecked).
Note
You must enable bridging on all access points for which you want to allow bridging, including
the RAP. Therefore, if you want to allow an Ethernet on a MAP to bridge to the RAP’s Ethernet,
you must enable bridging on the RAP as well as the MAP.
Step 6
From the Bridge Data Rate drop-down box, choose a value (in Mbps) for the rate at which data is shared
between access points on the backhaul interface. The default value is 18 Mbps for the 802.11a backhaul
interface.
Step 7
Click Apply to commit your changes.
Step 8
Click Save Configuration to save your changes.
Using the CLI to Configure Bridging Parameters
Follow these steps to configure bridging parameters using the controller CLI.
Step 1
To specify that your AP1510 has bridge functionality, enter this command:
config ap mode bridge Cisco_AP
Step 2
To specify the role of this access point in the mesh network, enter this command:
config ap role {rootAP | meshAP} Cisco_AP
Use the meshAP parameter if the AP1510 has a wireless connection to the controller (this is the default
setting in software release 4.0), or use the rootAP parameter if the AP1510 has a wired connection to
the controller.
Note
Step 3
If you upgrade to software release 4.0 from a previous release, your root access points default to
the meshAP role. You must reconfigure them for the rootAP role.
To assign this AP1510 to a bridge group, enter this command:
config ap bridgegroupname set groupname Cisco_AP
Step 4
To specify the rate (in Kbps) at which data is shared between access points on the backhaul interface,
enter this command:
config ap bhrate rate Cisco_AP
The default value is 18 Kbps for the 802.11a backhaul interface.
Cisco Wireless LAN Controller Configuration Guide
7-20
OL-11336-02
Chapter 7
Controlling Lightweight Access Points
Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access Points
Step 5
To save your settings, enter this command:
save config
Configuring Voice and Video Parameters in Mesh Networks
You can configure call admission control (CAC) on the controller to manage voice and video quality on
the mesh network. CAC enables an access point to maintain controlled quality of service (QoS) when
the wireless LAN is experiencing congestion. The Wi-Fi Multimedia (WMM) protocol deployed in
CCXv3 ensures sufficient QoS as long as the wireless LAN is not congested. However, in order to
maintain QoS under differing network loads, CAC in CCXv4 is required.
Note
CAC is supported in Cisco Compatible Extensions (CCX) v4. See the “Configuring Cisco Client
Extensions” section on page 6-19 for more information on CCX.
Two types of CAC are available for lightweight access points: bandwidth-based CAC and load-based
CAC.
Note
All calls on a mesh network are bandwidth-based, so mesh access points use only bandwidth-based CAC.
Bandwidth-based, or static, CAC enables the client to specify how much bandwidth or shared medium
time is required to accept a new call. Each access point determines whether it is capable of
accommodating a particular call by looking at the bandwidth available and compares it against the
bandwidth required for the call. If there is not enough bandwidth available to maintain the maximum
allowed number of calls with acceptable quality, the access point rejects the call.
Guidelines for Deploying Bandwidth-Based CAC within a Mesh Network
Follow these guidelines when using bandwidth-based CAC in a mesh network:
•
CAC is supported only on the AP1510.
•
CAC should be deployed within a network using a staged approach to allow for network adjustments
as necessary for the best performance.
•
Voice and video cannot operate on a mesh network simultaneously.
•
Voice calls should not traverse more than one hop.
•
When using the Cisco Unified Wireless IP Phone 7921G, only 802.11g is supported.
•
All RAPs, MAPs, and grand MAPs within a given sector must be on the same controller. Use of
bridge group names (BGNs) is recommended to manage this assignment.
The QoS setting for a WLAN determines the level of bandwidth-based CAC support. To use
bandwidth-based CAC with voice applications, the WLAN must be configured for Platinum QoS. To use
bandwidth-based CAC with video applications, the WLAN must be configured for Gold QoS. Also,
make sure that WMM is enabled for the WLAN. See the “Configuring 802.3 Bridging” section on page
4-14 for QoS and WMM configuration instructions.
Cisco Wireless LAN Controller Configuration Guide
OL-11336-02
7-21
Chapter 7
Controlling Lightweight Access Points
Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access Points
Note
You must enable admission control (ACM) for CCXv4 clients that have WMM enabled. Otherwise,
bandwidth-based CAC does not operate properly.
You can configure bandwidth-based CAC for mesh networks using the controller GUI or CLI. The
instructions for configuring this feature are essentially the same for both mesh and non-mesh networks.
Follow the instructions in the “Configuring Voice and Video Parameters” section on page 4-26 to
configure voice and video parameters for both mesh and non-mesh access points. This section makes
note of any differences in configuration.
However, the instructions for viewing voice and video details using the CLI is different for mesh and
non-mesh access points. Follow the instructions in the “Using the CLI to View Voice and Video Details
for Mesh Networks” below to view these details for mesh access points.
Using the CLI to View Voice and Video Details for Mesh Networks
Use the commands in this section to view details on voice and video calls on the mesh network.
Note
Refer to Figure 7-8 when using the CLI commands and viewing their output.
Figure 7-8
Mesh Network Example
RAP 01
RAP 02
MESH
MESH
802.11A
802.11B/G
MESH
MESH
MAP 02
MAP 06
MESH
MESH
MAP 12
MAP 09
MESH
MESH
MESH
MAP 13
MAP 10
231974
MAP 11
Cisco Wireless LAN Controller Configuration Guide
7-22
OL-11336-02
Chapter 7
Controlling Lightweight Access Points
Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access Points
•
To view the total number of voice calls and the bandwidth used for voice calls on each root access
point, enter this command:
show mesh cac summary
Information similar to the following appears:
AP Name
---------mesh-rap1
mesh-rap2
•
Model
Radio
bw used/max
Radio
--------- ------ ------------- --------LAP1510 11a
3048/23437
11b/g
LAP1510 11a
0/23437
11b/g
bw used/max calls
------------ -----1016/23457
3
0/23457
0
To view the mesh tree topology for the network and the bandwidth utilization (used/maximum
available) of voice calls and video links for each access point and radio, enter this command:
show mesh cac bwused {voice | video} Cisco_AP
Information similar to the following appears:
AP Name
Model
Radio
-------------- --------- -----mesh-rap1
LAP1510
11a
|
mesh-map6
LAP1510
11a
|| mesh-map11 AP1505
11b/g
||| mesh-map12 AP1505
11b/g
|
mesh-map2
LAP1510
11a
|| mesh-map10 LAP1510
11a
|| mesh-map9
LAP1510
11a
||| mesh-map13 AP1505
11b/g
•
bw used/max
----------3048/23437
3048/23437
2032/23437
0/23437
3048/23437
3048/23437
3048/23437
0/23437
Radio
bw used/max
------- ----------11b/g
1016/23437
11b/g
0/23437
11b/g
11b/g
11b/g
0/23437
0/23437
1016/23437
Note
The bars (|) to the left of the AP Name field indicate the number of hops that the mesh access
point is from its root access point (RAP).
Note
When the radio type is the same, the backhaul bandwidth utilization (bw used/max) at each
hop is identical. For example, mesh access points map6, map2, map10, map 9, and rap1 are
all on the same radio backhaul (802.11a) and are using the same bandwidth (3048). All of
the calls are in the same interference domain. A call placed anywhere in that domain affects
the others.
To view the mesh tree topology for the network and display the number of voice calls that are in
progress by access point radio, enter this command:
show mesh cac access Cisco_AP
Information similar to the following appears:
AP Name
Model
Radio
-------------- --------- -----mesh-rap1
LAP1510
11a
|
mesh-map6
LAP1510
11a
|| mesh-map11 AP1505
11b/g
||| mesh-map12 AP1505
11b/g
|
mesh-map2
LAP1510
11a
|| mesh-map10 LAP1510
11a
|| mesh-map9
LAP1510
11a
||| mesh-map13 AP1505
11b/g
calls
----0
0
1
0
0
0
0
0
Radio
----11b/g
11b/g
11b/g
11b/g
11b/g
calls
-----1
0
0
0
1
Cisco Wireless LAN Controller Configuration Guide
OL-11336-02
7-23
Chapter 7
Controlling Lightweight Access Points
Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access Points
Note
•
Each call received by an access point radio causes the appropriate Calls summary column to
increment by one. For example, if a call is received on the 802.11b/g radio on map9, then a
value of one is added to the existing value in that radio’s Calls column. In this case, the new
call is the only active call on the 802.11b/g radio of map9. If one call is active when a new
call is received, the resulting value is two.
To view the mesh tree topology for the network and display the voice calls that are in progress, enter
this command:
show mesh cac callpath Cisco_AP
Information similar to the following appears:
AP Name
Model
Radio
-------------- --------- -----mesh-rap1
LAP1510
11a
|
mesh-map6
LAP1510
11a
|| mesh-map11 AP1505
11b/g
||| mesh-map12 AP1505
11b/g
|
mesh-map2
LAP1510
11a
|| mesh-map10 LAP1510
11a
|| mesh-map9
LAP1510
11a
||| mesh-map13 AP1505
11b/g
Note
•
calls
----2
1
1
0
1
0
0
0
Radio
----11b/g
11b/g
11b/g
11b/g
11b/g
calls
-----1
0
0
0
1
The Calls column for each mesh access point radio in a call path increments by one. For
example, for a call that initiates at map9 and terminates at rap1, one call is added to the map9
802.11b/g radio Calls column, the map2 802.11a backhaul radio Calls column, and the rap1
802.11a backhaul radio Calls column.
To view the mesh tree topology of the network, the voice calls that are rejected at the access point
radio due to insufficient bandwidth, and the corresponding access point radio where the rejection
occurred, enter this command:
show mesh cac rejected Cisco_AP
Information similar to the following appears:
AP Name
Model
Radio
-------------- -------- -----mesh-rap1
LAP1510
11a
|
mesh-map6
LAP1510
11a
|| mesh-map11 AP1505
11b/g
||| mesh-map12 AP1505
11b/g
|
mesh-map2
LAP1510
11a
|| mesh-map10 LAP1510
11a
|| mesh-map9
LAP1510
11a
||| mesh-map13 AP1505
11b/g
Note
calls
-----0
0
2
0
0
0
0
1
Radio
----11b/g
11b/g
11b/g
11b/g
11b/g
calls
-----0
4
1
0
1
If a call is rejected at the map9 802.11b/g radio, its Calls column increments by one.
Cisco Wireless LAN Controller Configuration Guide
7-24
OL-11336-02
Chapter 7
Controlling Lightweight Access Points
Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access Points
Configuring Mesh Multicast for Video Support
In mesh networks, you can configure three mesh multicast modes to manage video camera broadcasts.
Once enabled, these modes reduce unnecessary multicast transmissions within the mesh network and
conserve backhaul bandwidth.
Mesh multicast modes determine how bridging-enabled access points (RAPs and MAPs) transmit
multicasts among Ethernet LANs within a mesh network. Mesh multicast modes manage non-LWAPP
multicast traffic only. LWAPP multicast traffic is governed by a different mechanism.
The three mesh multicast modes are:
•
Regular mode—Data is multicast across the entire mesh network and all its segments by
bridging-enabled RAPs and MAPs. This is the default mode.
•
In mode—Multicast packets received from the Ethernet by a MAP are forwarded to the RAP’s
Ethernet network (see Figure 7-9). No additional forwarding occurs, which ensures the following:
– Non-LWAPP multicasts received by the RAP are not transmitted back to the MAP Ethernet
networks within the mesh network (their point of origin).
– MAP-to-MAP multicasts do not occur because they are filtered out.
•
In-out mode—The RAP and MAP both multicast but in a different manner (see Figure 7-10):
– If multicast packets are received at a MAP over Ethernet, they are transmitted to the RAP;
however, they are not transmitted to other MAP Ethernets, and the MAP-to-MAP packets are
filtered out of the multicast.
– If multicast packets are received at a RAP over Ethernet, they are sent to all the MAPs and their
respective Ethernet networks. When the in-out mode is in operation, it is important to properly
partition your network to ensure that a multicast transmitted by one RAP is not received by
another RAP on the same Ethernet segment and then transmitted back into the network.
Note
If 802.11b clients need to receive LWAPP multicasts, then multicast must be enabled
globally on the controller as well as on the mesh network (using the config network
multicast global enable CLI command). If multicast does not need to extend to 802.11b
clients beyond the mesh network, then the global multicast parameter should be disabled
(using the config network multicast global disable CLI command). For more details, refer
to the “Configuring Multicast Mode” section on page 4-18.
Cisco Wireless LAN Controller Configuration Guide
OL-11336-02
7-25
Chapter 7
Controlling Lightweight Access Points
Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access Points
Figure 7-9
Mesh In Multicast Implementation
RAP
MAP 1
MAP 2
211458
In
MAP 3
Figure 7-10
Mesh In-Out Multicast Implementation
Out
RAP
MAP 1
Out
MAP 2
MAP 3
211457
In
Using the CLI to Configure the Mesh Multicast Mode
Follow these steps to enable multicast on a mesh network using the controller CLI.
Step 1
To enable multicast mode on a mesh network, enter this command:
config mesh multicast {regular | in | in-out}
Step 2
To save your changes, enter this command:
save config
Cisco Wireless LAN Controller Configuration Guide
7-26
OL-11336-02
Chapter 7
Controlling Lightweight Access Points
Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access Points
Step 3
To verify your configuration, enter this command:
show network
Information similar to the following appears:
RF-Network Name............................. wcs
Web Mode.................................... Enable
Secure Web Mode............................. Enable
Secure Shell (ssh).......................... Enable
Telnet...................................... Enable
Ethernet Multicast Mode..................... Disable
Mode: Ucast
Ethernet Broadcast Mode..................... Disable
User Idle Timeout........................... 300 seconds
ARP Idle Timeout............................ 300 seconds
ARP Unicast Mode............................ Disabled
Cisco AP Default Master..................... Disable
Mgmt Via Wireless Interface................. Disable
Mgmt Via Dynamic Interface.................. Disable
Bridge MAC filter Config.................... Enable
Bridge Security Mode........................ EAP
Mesh Multicast Mode......................... Regular
Over The Air Provisioning of AP's........... Enable
Mobile Peer to Peer Blocking................ Disable
AP Fallback ................................... Enable
Web Auth Redirect Ports .................... 80
Fast SSID Change ........................... Disabled
802.3 Bridging ............................. Disable
Viewing Mesh Statistics for an Access Point
This section explains how to use the controller GUI or CLI to view mesh statistics for specific access
points.
Note
You can modify the Statistics Timer interval setting on the All APs > Details page of the controller GUI.
Using the GUI to View Mesh Statistics for an Access Point
Follow these steps to view mesh statistics for a specific access point using the controller GUI.
Step 1
Click Wireless > Access Points > All APs to access the All APs page (see Figure 7-11).
Cisco Wireless LAN Controller Configuration Guide
OL-11336-02
7-27
Chapter 7
Controlling Lightweight Access Points
Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access Points
Figure 7-11
Step 2
All APs Page
To view statistics for a specific access point, hover your cursor over the blue drop-down arrow for the
desired access point and choose Statistics. The All APs > Access Point Name > Statistics page for the
selected access point appears (see Figure 7-12).
Cisco Wireless LAN Controller Configuration Guide
7-28
OL-11336-02
Chapter 7
Controlling Lightweight Access Points
Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access Points
Figure 7-12
All APs > Access Point Name > Statistics Page
This page shows the role of the access point in the mesh network, the name of the bridge group to which
the access point belongs, the backhaul interface on which the access point operates, and the number of
the physical switch port. It also displays a variety of mesh statistics for this access point. Table 7-2
describes each of the statistics.
Cisco Wireless LAN Controller Configuration Guide
OL-11336-02
7-29
Chapter 7
Controlling Lightweight Access Points
Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access Points
Table 7-2
Mesh Access Point Statistics
Statistics
Parameter
Description
Mesh Node Stats
Malformed Neighbor
Packets
The number of malformed packets received from the
neighbor. Examples of malformed packets include
malicious floods of traffic such as malformed or short
DNS packets and malformed DNS replies.
Poor Neighbor SNR
Reporting
The number of times the signal-to-noise ratio falls below
12 dB on the backhaul link.
Excluded Packets
The number of packets received from excluded neighbor
mesh access points.
Insufficient Memory
Reporting
The number of insufficient memory conditions.
Rx Neighbor Requests The number of broadcast and unicast requests received
from the neighbor mesh access points.
Rx Neighbor
Responses
The number of responses received from the neighbor
mesh access points.
Tx Neighbor Requests The number of unicast and broadcast requests sent to the
neighbor mesh access points.
Tx Neighbor
Responses
The number of responses sent to the neighbor mesh
access points.
Parent Changes Count The number of times a mesh access point (child) moves
to another parent.
Queue Stats
Neighbor Timeouts
Count
The number of neighbor timeouts.
Gold Queue
The average and peak number of packets waiting in the
gold (video) queue during the defined statistics time
interval.
Silver Queue
The average and peak number of packets waiting in the
silver (best effort) queue during the defined statistics
time interval.
Platinum Queue
The average and peak number of packets waiting in the
platinum (voice) queue during the defined statistics time
interval.
Bronze Queue
The average and peak number of packets waiting in the
bronze (background) queue during the defined statistics
time interval.
Management Queue
The average and peak number of packets waiting in the
management queue during the defined statistics time
interval.
Cisco Wireless LAN Controller Configuration Guide
7-30
OL-11336-02
Chapter 7
Controlling Lightweight Access Points
Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access Points
Table 7-2
Mesh Access Point Statistics (continued)
Statistics
Parameter
Description
Mesh Node
Security Stats
Transmitted Packets
The number of packets transmitted during security
negotiations by the selected mesh access point.
Received Packets
The number of packets received during security
negotiations by the selected mesh access point.
Association Request
Failures
The number of association request failures that occur
between the selected mesh access point and its parent.
Association Request
Timeouts
The number of association request timeouts that occur
between the selected mesh access point and its parent.
Association Requests
Successful
The number of successful association requests that occur
between the selected mesh access point and its parent.
Authentication
Request Failures
The number of failed authentication requests that occur
between the selected mesh access point and its parent.
Authentication
Request Timeouts
The number of authentication request timeouts that occur
between the selected mesh access point and its parent.
Authentication
Requests Successful
The number of successful authentication requests
between the selected mesh access point and its parent.
Reassociation Request The number of failed reassociation requests between the
Failures
selected mesh access point and its parent.
Reassociation Request The number of reassociation request timeouts between
Timeouts
the selected mesh access point and its parent.
Reassociation
Requests Successful
The number of successful reassociation requests between
the selected mesh access point and its parent.
Reauthentication
Request Failures
The number of failed reauthentication requests between
the selected mesh access point and its parent.
Reauthentication
Request Timeouts
The number of reauthentication request timeouts that
occur between the selected mesh access point and its
parent.
Reauthentication
Requests Successful
The number of successful reauthentication requests that
occur between the selected mesh access point and its
parent.
Unknown Association The number of unknown association requests received by
Requests
the parent mesh access point from its child. The unknown
association requests often occur when a child is an
unknown neighbor mesh access point.
Invalid Association
Requests
The number of invalid association requests received by
the parent mesh access point from the selected child mesh
access point. This state may occur when the selected
child is a valid neighbor but is not in a state that allows
association.
Cisco Wireless LAN Controller Configuration Guide
OL-11336-02
7-31
Chapter 7
Controlling Lightweight Access Points
Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access Points
Table 7-2
Mesh Access Point Statistics (continued)
Statistics
Parameter
Description
Mesh Node
Security Stats
(continued)
Unknown
Reauthentication
Requests
The number of unknown reauthentication requests
received by the parent mesh access point node from its
child. This state may occur when a child mesh access
point is an unknown neighbor.
Invalid
Reauthentication
Requests
The number of invalid reauthentication requests received
by the parent mesh access point from a child. This state
may occur when a child is a valid neighbor but is not in a
proper state for reauthentication.
Unknown
Reassociation
Requests
The number of unknown reassociation requests received
by the parent mesh access point from a child. This state
may occur when a child mesh access point is an unknown
neighbor.
Invalid Reassociation
Requests
The number of invalid reassociation requests received by
the parent mesh access point from a child. This state may
occur when a child is a valid neighbor but is not in a
proper state for reassociation.
Using the CLI to View Mesh Statistics for an Access Point
Use these commands to view mesh statistics for a specific access point using the controller CLI.
•
To view packet error statistics; a count of failures, timeouts, and successes with respect to
associations and authentications; and reassociations and reauthentications for a specific access
point, enter this command:
show mesh security-stats Cisco_AP
Information similar to the following appears:
AP MAC : 00:0B:85:5F:FA:F0
Packet/Error Statistics:
----------------------------x Packets 14, Rx Packets 19, Rx Error Packets 0
Parent-Side Statistics:
-------------------------Unknown Association Requests 0
Invalid Association Requests 0
Unknown Re-Authentication Requests 0
Invalid Re-Authentication Requests 0
Unknown Re-Association Requests 0
Invalid Re-Association Requests 0
Unknown Re-Association Requests 0
Invalid Re-Association Requests 0
Child-Side Statistics:
-------------------------Association Failures 0
Association Timeouts 0
Association Successes 0
Authentication Failures 0
Authentication Timeouts 0
Authentication Successes 0
Re-Association Failures 0
Cisco Wireless LAN Controller Configuration Guide
7-32
OL-11336-02
Chapter 7
Controlling Lightweight Access Points
Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access Points
Re-Association Timeouts 0
Re-Association Successes 0
Re-Authentication Failures 0
Re-Authentication Timeouts 0
Re-Authentication Successes 0
•
To view the number of packets in the queue by type, enter this command:
setting show mesh queue-stats Cisco_AP
Information similar to the following appears:
Queue Type Overflows Peak length Average length
---------- --------- ----------- -------------Silver
0
1
0.000
Gold
0
4
0.004
Platinum
0
4
0.001
Bronze
0
0
0.000
Management 0
0
0.000
Overflows—The total number of packets dropped due to queue overflow.
Peak Length—The peak number of packets waiting in the queue during the defined statistics time
interval.
Average Length—The average number of packets waiting in the queue during the defined statistics
time interval.
Viewing Neighbor Statistics for an Access Point
This section explains how to use the controller GUI or CLI to view neighbor statistics for a selected
access point. It also describes how to run a link test between the selected access point and its parent.
Using the GUI to View Neighbor Statistics for an Access Point
Follow these steps to view neighbor statistics for a specific access point using the controller GUI.
Step 1
Click Wireless > Access Points > All APs to access the All APs page (see Figure 7-13).
Cisco Wireless LAN Controller Configuration Guide
OL-11336-02
7-33
Chapter 7
Controlling Lightweight Access Points
Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access Points
Figure 7-13
Step 2
All APs Page
To view neighbor statistics for a specific access point, hover your cursor over the blue drop-down arrow
for the desired access point and choose Neighbor Information. The All APs > Access Point Name >
Neighbor Info page for the selected access point appears (see Figure 7-14).
Figure 7-14
All APs > Access Point Name > Neighbor Info Page
This page lists the parent, children, and neighbors of the access point. It provides each access point’s
name and radio MAC address.
Step 3
To perform a link test between the access point and its parent or children, follow these steps:
a.
Hover your cursor over the blue drop-down arrow of the parent or desired child and choose
LinkTest. A pop-up window appears (see Figure 7-15).
Cisco Wireless LAN Controller Configuration Guide
7-34
OL-11336-02
Chapter 7
Controlling Lightweight Access Points
Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access Points
Figure 7-15
b.
Click Submit to start the link test. The link test results appear on the Mesh > LinkTest Results page
(see Figure 7-16).
Figure 7-16
c.
Link Test Window
Mesh > LinkTest Results Page
Click Back to return to the All APs > Access Point Name > Neighbor Info page.
Cisco Wireless LAN Controller Configuration Guide
OL-11336-02
7-35
Chapter 7
Controlling Lightweight Access Points
Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access Points
Step 4
To view the details for any of the access points on this page, follow these steps:
a.
Hover your mouse over the blue drop-down arrow for the desired access point and choose Details.
The All APs > Access Point Name > Link Details > Neighbor Name page appears (see Figure 7-17).
Figure 7-17
b.
Step 5
All APs > Access Point Name > Link Details > Neighbor Name Page
Click Back to return to the All APs > Access Point Name > Neighbor Info page.
To view statistics for any of the access points on this page, follow these steps:
a.
Hover your mouse over the blue drop-down arrow for the desired access point and choose Stats. The
All APs > Access Point Name > Mesh Neighbor Stats page appears (see Figure 7-18).
Figure 7-18
b.
All APs > Access Point Name > Mesh Neighbor Stats Page
Click Back to return to the All APs > Access Point Name > Neighbor Info page.
Cisco Wireless LAN Controller Configuration Guide
7-36
OL-11336-02
Chapter 7
Controlling Lightweight Access Points
Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access Points
Using the CLI to View Neighbor Statistics for an Access Point
Use these commands to view neighbor statistics for a specific access point using the controller CLI.
•
To view the mesh neighbors for a specific access point, enter this command:
show mesh neigh {detail | summary} Cisco_AP
Information similar to the following appears when you request a summary display:
AP Name/Radio Mac Channel
----------------- ------mesh-45-rap1
165
00:0B:85:80:ED:D0 149
00:17:94:FE:C3:5F 149
7
•
Snr-Up
-----15
5
0
Snr-Down
-------18
6
0
Link-Snr Flags State
-------- ------ ------16
0x86b UPDATED NEIGH PARENT BEACON
5
0x1a60 NEED UPDATE BEACON DEFAULT
0x860
BEACON
To view the channel and signal-to-noise ratio (SNR) details for a link between an access point and
its neighbor, enter this command:
show mesh path Cisco_AP
Information similar to the following appears:
AP Name/Radio Mac Channel Snr-Up Snr-Down Link-Snr Flags State
----------------- ------- ------ -------- -------- ------ ------mesh-45-rap1
165
15
18
16
0x86b UPDATED NEIGH PARENT BEACON
mesh-45-rap1 is a Root AP.
•
To view the percentage of packet errors for packets transmitted by the neighbor mesh access point,
enter this command:
show mesh per-stats Cisco_AP
Information similar to the following appears:
Neighbor MAC Address 00:0B:85:5F:FA:F0
Total Packets transmitted: 104833
Total Packets transmitted successfully: 104833
Total Packets retried for transmission: 33028
Neighbor MAC Address 00:0B:85:80:ED:D0
Total Packets transmitted: 0
Total Packets transmitted successfully: 0
Total Packets retried for transmission: 0
Neighbor MAC Address 00:17:94:FE:C3:5F
Total Packets transmitted: 0
Total Packets transmitted successfully: 0
Total Packets retried for transmission: 0
Note
Packet error rate percentage = 1 – (number of successfully transmitted packets/number of
total packets transmitted).
Cisco Wireless LAN Controller Configuration Guide
OL-11336-02
7-37
Chapter 7
Controlling Lightweight Access Points
Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access Points
Background Scanning in Mesh Networks
Background scanning allows Cisco Aironet 1505 and 1510 Access Points to actively and continuously
monitor neighboring channels for more optimal paths and parents. Because the access points are
searching on neighboring channels as well as the current channel, the list of optimal alternate paths and
parents is greater.
Identifying this information prior to the loss of a parent results in a faster transfer and the best link
possible for the access points. Additionally, access points might switch to a new channel if a link on that
channel is found to be better than the current channel in terms of fewer hops, stronger signal-to-noise
ratio (SNR), and so on.
Background scanning on other channels and data collection from neighbors on those channels are
performed on the primary backhaul between two access points:
•
For 1510 access points, the primary backhaul operates on the 802.11a link.
•
For 1505 access points, the primary backhaul operates on the 802.11b/g link.
You can enable background scanning on a global basis using the controller CLI.
Note
Latency might increase for voice calls when they are switched to a new channel.
Note
In the EMEA regulatory domain, locating neighbors on other channels might take longer given DFS
requirements.
Background Scanning Scenarios
A few scenarios are provided below to better illustrate how background scanning operates.
In Figure 7-19, when the mesh access point (MAP1) initially comes up, it is aware of both root access
points (RAP1 and RAP2) as possible parents. It chooses RAP2 as its parent because the route through
RAP2 is better in terms of hops, SNR, and so on. Once the link is established, background scanning
(once enabled) continuously monitors all channels in search of a more optimal path and parent. RAP2
continues to act as parent for MAP1 and communicate on channel 2 until either the link goes down or a
more optimal path is located on another channel.
Cisco Wireless LAN Controller Configuration Guide
7-38
OL-11336-02
Chapter 7
Controlling Lightweight Access Points
Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access Points
Figure 7-19
Mesh Access Point (MAP 1) Selects a Parent
RAP1
Channel 1 = 153
MAP1
Channel 2 = 161
230615
RAP2
In Figure 7-20, the link between MAP1 and RAP2 is lost. Data from ongoing background scanning
identifies RAP1 and channel 1 as the next best parent and communication path for MAP1 so that link is
established immediately without the need for additional scanning after the link to RAP2 goes down.
Figure 7-20
Background Scanning Identifies a New Parent
RAP1
Channel 1 = 153
MAP1
RAP2
230614
Channel 2 = 161
Cisco Wireless LAN Controller Configuration Guide
OL-11336-02
7-39
Chapter 7
Controlling Lightweight Access Points
Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access Points
Using the CLI to Enable Background Scanning
Follow these steps to enable background scanning through the CLI.
Step 1
To enable or disable background scanning on the controller, enter this command:
config mesh background-scanning {enable | disable}
The default value is enabled.
Step 2
To verify that background scanning is enabled, enter this command:
show mesh background-scanning
Using the CLI to View Neighboring Access Points and Channels
Use these commands to see neighboring access points and channels.
1.
To view all access points associated to the controller, enter this command:
show ap summary
2.
To view neighboring access points on all channels, enter this command:
show mesh neigh {summary | detail} ap-name
Routing Around Interference
You can configure a wireless secondary backhaul between two Cisco Aironet 1510 Access Points to
provide a temporary path for traffic that cannot be sent on the primary backhaul due to intermittent
interference. Traffic is automatically diverted, as necessary, on a packet-by-packet basis from the
primary backhaul to the secondary backhaul.
Note
You can configure a secondary backhaul only on mesh access points that have two radios, such as the
AP1510. This feature is not available on mesh access points with only one radio, such as the AP1505.
Possible causes of interference include:
•
Hidden node collisions (packets from a hidden node are sent to the access point at the same time as
an expected packet transmission)
•
Fading (signal attenuation)
•
Radio interference on the channel from a non-802.11 source
•
Background scanning of channels by the access point
Note
See the “Background Scanning in Mesh Networks” section on page 7-38 for more details on
background scanning.
Cisco Wireless LAN Controller Configuration Guide
7-40
OL-11336-02
Chapter 7
Controlling Lightweight Access Points
Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access Points
The secondary backhaul communication path is between the two 802.11b/g radios in the AP1510s while
the primary backhaul continues to operate between the 802.11a radios using the Adaptive Wireless Point
Protocol (AWPP). The secondary backhaul is not for load balancing. It is solely a backup path for the
primary backhaul.
You can enable a secondary backhaul on a global basis using the controller CLI.
Using the CLI to Configure a Secondary Backhaul
Follow these steps to configure a secondary backhaul through the CLI.
Step 1
To enable or disable a secondary backhaul on the controller, enter this command:
config mesh secondary-backhaul {enable | disable} force-same-secondary-channel
Step 2
To verify the status of the secondary backhaul, enter this command:
show mesh secondary-backhaul
Step 3
To view statistics related to secondary backhaul usage, enter this command:
show mesh secbh-stats Cisco_AP
Viewing Transmit Power Levels for 1500 Series Access Points
In controller software release 4.1.178.0 and greater, power levels for the AP1505 and AP1510 are
reported as either Tx Power Level 1 or Tx Power Level 2. Previously, only a maximum transmission
power (Max Tx Power) was reported.
Note
•
Tx Power Level 1 = The maximum power level that exists across all of the data rates
•
Tx Power Level 2 = Tx Power Level 1 minus 3 dBm
The CLI command summary displays the dBm value for power levels 1 and 2, but this reading is not
available on the controller GUI.
Using the GUI to View Transmit Power Levels for 1500 Series Access Points
Follow these steps to view transmit power levels for an AP1505 or AP1510 using the GUI.
Step 1
Click Wireless > Access Points > Radios > 802.11a/n or 802.11b/g/n to access the 802.11a/n (or
802.11b/g/n) Radios page.
Step 2
Hover your cursor over the blue drop-down arrow for the desired access point and choose Detail. The
802.11a/n (or 802.11b/g/n) AP Interfaces > Details page appears (see Figure 7-21).
Cisco Wireless LAN Controller Configuration Guide
OL-11336-02
7-41
Chapter 7
Controlling Lightweight Access Points
Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access Points
Figure 7-21
802.11a/n AP Interfaces > Details Page
This page shows the current transmit power level under the “Tx Power” section.
Using the CLI to View Transmit Power Levels for 1500 Series Access Points
To view transmit power levels for an AP1505 or AP1510 using the CLI, enter these commands:
show ap config 802.11a Cisco_AP
show ap config 802.11b Cisco_AP
Note
The show ap config 802.11a Cisco_AP command is not applicable to the AP1505 because it has only
one radio, the 802.11b/g/n.
Cisco Wireless LAN Controller Configuration Guide
7-42
OL-11336-02
Chapter 7
Controlling Lightweight Access Points
Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access Points
Information similar to the following appears:
show ap config 802.11a mesh-RAP-45
Tx Power
Num Of Supported Power Levels .............
Tx Power Level 1 ..........................
Tx Power Level 2 ..........................
Tx Power Configuration ....................
Current Tx Power Level ....................
2
26 dBm
23 dBm
CUSTOMIZED
2
show ap config 802.11b mesh-RAP-45
Tx Power
Num Of Supported Power Levels .............
Tx Power Level 1 ..........................
Tx Power Level 2 ..........................
Tx Power Configuration ....................
Current Tx Power Level ....................
2
24 dBm
21 dBm
AUTOMATIC
1
Verifying Power on 1500 Series Access Points
You can attach an LED indicator to the Power over Ethernet (PoE) connector of AC-powered Cisco
Aironet 1505 and 1510 Access Points to verify that power is on (see Figure 7-22).
A steady green color indicates that the access point is receiving power and that LWAPP is connected and
ready to serve clients. You may notice a blinking green light between the initial and final steady green
light as the LED confirms LWAPP connectivity.
Note
Note
1500 series access points with a serial number of WCN10160121 or greater support the use of the LED
indicator.
•
Do not install the LED indicator if the access point has an Ethernet connection to the network.
•
As an alternative, you can verify power on the access point using the power injector LED (if in use)
or verify that the access point and the controller are communicating by examining the log file.
For details on installing the LED indicator, refer to the Cisco Aironet Series 1500 Access Point LED
Indicator Installation Instructions at this URL:
http://www.cisco.com/en/US/docs/wireless/access_point/1500/installation/guide/LED1500.html
Cisco Wireless LAN Controller Configuration Guide
OL-11336-02
7-43
Chapter 7
Controlling Lightweight Access Points
Autonomous Access Points Converted to Lightweight Mode
Figure 7-22
AP1510 with LED Indicator
1
5-GHz antenna bracket
6
5-GHz connector (N-Type)
2
Vent (do not remove)
7
AC power cable
3
2.4-GHz connector (N-Type)
8
LED indicator
4
Power over Ethernet (PoE) connector
9
Protective connector cover
5
AC power connector
Autonomous Access Points Converted to Lightweight Mode
You can use an upgrade conversion tool to convert autonomous Cisco Aironet 1100, 1130AG, 1200,
1240AG, and 1300 Series Access Points to lightweight mode. When you upgrade one of these access
points to lightweight mode, the access point communicates with a controller and receives a configuration
and software image from the controller.
Note
The conversion tool adds the self-signed certificate (SSC) key-hash to only one of the controllers on the
Cisco WiSM. After the conversion has been completed, add the SSC key-hash to the second controller
on the Cisco WiSM by copying the SSC key-hash from the first controller to the second controller. To
copy the SSC key-hash, open the AP Policies page of the controller GUI (Security > AAA > AP
Policies) and copy the SSC key-hash from the SHA1 Key Hash column under AP Authorization List (see
Figure 7-23). Then, using the second controller’s GUI, open the same page and paste the key-hash into
the SHA1 Key Hash field under Add AP to Authorization List. If you have more than one Cisco WiSM,
use WCS to push the SSC key-hash to all the other controllers.
Cisco Wireless LAN Controller Configuration Guide
7-44
OL-11336-02
Chapter 7
Controlling Lightweight Access Points
Autonomous Access Points Converted to Lightweight Mode
Figure 7-23
AP Policies Page
Refer to the Upgrading Autonomous Cisco Aironet Access Points to Lightweight Mode document for
instructions on upgrading an autonomous access point to lightweight mode. You can find this document
at this URL:
http://cisco-images.cisco.com/en/US/docs/wireless/access_point/conversion/lwapp/upgrade/guide/lwap
note.html
Guidelines for Using Access Points Converted to Lightweight Mode
Keep these guidelines in mind when you use autonomous access points that have been converted to
lightweight mode:
•
Converted access points support 2006, and 4400, and WiSM controllers only. When you convert an
autonomous access point to lightweight mode, the access point can communicate with Cisco 2006
series controllers, and 4400 series controllers, or the controllers on a Cisco WiSM only.
•
Access points converted to lightweight mode do not support Wireless Domain Services (WDS).
Converted access points communicate only with Cisco wireless LAN controllers and cannot
communicate with WDS devices. However, the controller provides functionality equivalent to WDS
when the access point associates to it.
•
Access points converted to LWAPP mode support 8 BSSIDs per radio and a total of 8 wireless LANs
per access point. (Cisco 1000 series access points support 16 BSSIDs per radio and 16 wireless
LANs per access point.) When a converted access point associates to a controller, only wireless
LANs with IDs 1 through 8 are pushed to the access point.
•
Access points converted to lightweight mode do not support Layer 2 LWAPP. Access Points
converted to lightweight mode must get an IP address and discover the controller using DHCP, DNS,
or IP subnet broadcast.
•
After you convert an access point to lightweight mode, the console port provides read-only access
to the unit.
•
The 1130AG and 1240AG access points support hybrid-REAP mode. See Chapter 12 for details.
Cisco Wireless LAN Controller Configuration Guide
OL-11336-02
7-45
Chapter 7
Controlling Lightweight Access Points
Autonomous Access Points Converted to Lightweight Mode
Reverting from Lightweight Mode to Autonomous Mode
After you use the upgrade tool to convert an autonomous access point to lightweight mode, you can
convert the access point from a lightweight unit back to an autonomous unit by loading a Cisco IOS
release that supports autonomous mode (Cisco IOS release 12.3(7)JA or earlier). If the access point is
associated to a controller, you can use the controller to load the Cisco IOS release. If the access point is
not associated to a controller, you can load the Cisco IOS release using TFTP. In either method, the
access point must be able to access a TFTP server that contains the Cisco IOS release to be loaded.
Using a Controller to Return to a Previous Release
Follow these steps to revert from lightweight mode to autonomous mode using a wireless LAN
controller:
Step 1
Log into the CLI on the controller to which the access point is associated.
Step 2
Enter this command:
config ap tftp-downgrade tftp-server-ip-address filename access-point-name
Step 3
Wait until the access point reboots and reconfigure the access point using the CLI or GUI.
Using the MODE Button and a TFTP Server to Return to a Previous Release
Follow these steps to revert from lightweight mode to autonomous mode by using the access point
MODE (reset) button to load a Cisco IOS release from a TFTP server:
Step 1
The PC on which your TFTP server software runs must be configured with a static IP address in the range
of 10.0.0.2 to 10.0.0.30.
Step 2
Make sure that the PC contains the access point image file (such as c1200-k9w7-tar.123-7.JA.tar for a
1200 series access point) in the TFTP server folder and that the TFTP server is activated.
Step 3
Rename the access point image file in the TFTP server folder to c1200-k9w7-tar.default for a 1200
series access point.
Step 4
Connect the PC to the access point using a Category 5 (CAT5) Ethernet cable.
Step 5
Disconnect power from the access point.
Step 6
Press and hold the MODE button while you reconnect power to the access point.
Note
Step 7
The MODE button on the access point must be enabled. Follow the steps in the “Disabling the
Reset Button on Access Points Converted to Lightweight Mode” section on page 7-50 to check
the status of the access point MODE button.
Hold the MODE button until the status LED turns red (approximately 20 to 30 seconds), and release the
MODE button.
Cisco Wireless LAN Controller Configuration Guide
7-46
OL-11336-02
Chapter 7
Controlling Lightweight Access Points
Autonomous Access Points Converted to Lightweight Mode
Step 8
Wait until the access point reboots as indicated by all LEDs turning green followed by the Status LED
blinking green.
Step 9
After the access point reboots, reconfigure the access point using the GUI or the CLI.
Authorizing Access Points
Depending on whether access points have manufacturing-installed certificates (MICs), the controller
may either use self-signed certificates (SSCs) to authenticate access points or send the authorization
information to a RADIUS server.
Authorizing Access Points Using SSCs
The lightweight access point protocol (LWAPP) secures the control communication between the access
point and controller by means of a secure key distribution requiring X.509 certificates on both the access
point and controller. LWAPP relies on a priori provisioning of the X.509 certificates. Cisco Aironet
access points shipped before July 18, 2005 do not have a MIC, so these access points create an SSC when
upgraded to operate in lightweight mode. Controllers are programmed to accept local SSCs for
authentication of specific access points and do not forward those authentication requests to a RADIUS
server. This behavior is acceptable and secure.
Authorizing Access Points Using MICs
You can configure controllers to use RADIUS servers to authorize access points using MICs. The
controller uses an access point’s MAC address as both the username and password when sending the
information to a RADIUS server. For example, if the MAC address of the access point is 000b85229a70,
both the username and password used by the controller to authorize the access point are 000b85229a70.
Note
The lack of a strong password by the use of the access point’s MAC address should not be an issue
because the controller uses MIC to authenticate the access point prior to authorizing the access point
through the RADIUS server. Using MIC provides strong authentication.
Note
If you use the MAC address as the username and password for access point authentication on a RADIUS
AAA server, do not use the same AAA server for client authentication.
Using DHCP Option 43
Cisco 1000 series access points use a string format for DHCP option 43, whereas Cisco Aironet access
points use the type-length-value (TLV) format for DHCP option 43. DHCP servers must be programmed
to return the option based on the access point’s DHCP Vendor Class Identifier (VCI) string (DHCP
Option 60). Table 7-3 lists the VCI strings for Cisco access points capable of operating in lightweight
mode.
Cisco Wireless LAN Controller Configuration Guide
OL-11336-02
7-47
Chapter 7
Controlling Lightweight Access Points
Autonomous Access Points Converted to Lightweight Mode
Table 7-3
VCI Strings For Lightweight Access Points
Access Point
VCI String
Cisco 1000 Series
Airespace 1200
Cisco Aironet 1130 Series
Cisco AP c1130
Cisco Aironet 1200 Series
Cisco AP c1200
Cisco Aironet 1240 Series
Cisco AP c1240
This is the format of the TLV block:
•
Type: 0xf1 (decimal 241)
•
Length: Number of controller IP addresses * 4
•
Value: List of the IP addresses of controller management interfaces
Refer to the product documentation for your DHCP server for instructions on configuring DHCP option
43. The Upgrading Autonomous Cisco Aironet Access Points to Lightweight Mode document contains
example steps for configuring option 43 on a DHCP server.
Using a Controller to Send Debug Commands to Access Points Converted to
Lightweight Mode
Enter this command to enable the controller to send debug commands to an access point converted to
lightweight mode:
config ap remote-debug [enable | disable | exc-command] Cisco_AP
When this feature is enabled, the controller sends debug commands to the converted access point as
character strings. You can send any debug command supported by Cisco Aironet access points that run
Cisco IOS software in lightweight mode.
Converted Access Points Send Crash Information to Controller
When a converted access point unexpectedly reboots, the access point stores a crash file on its local flash
memory at the time of crash. After the unit reboots, it sends the reason for the reboot to the controller.
If the unit rebooted because of a crash, the controller pulls up the crash file using existing LWAPP
messages and stores it in the controller flash memory. The crash info copy is removed from the access
point flash memory when the controller pulls it from the access point.
Converted Access Points Send Radio Core Dumps to Controller
When a radio module in a converted access point generates a core dump, the access point stores the core
dump file of the radio on its local flash memory at the time of the radio crash. It sends a notification
message to the controller indicating which radio generated a core dump file. The controller sends a trap
alerting the network administrator, and the administrator can retrieve the radio core file from the access
point.
Cisco Wireless LAN Controller Configuration Guide
7-48
OL-11336-02
Chapter 7
Controlling Lightweight Access Points
Autonomous Access Points Converted to Lightweight Mode
The retrieved core file is stored in the controller flash and can subsequently be uploaded through TFTP
to an external server for analysis. The core file is removed from the access point flash memory when the
controller pulls it from the access point.
Follow these steps to retrieve the radio core dump file using the controller CLI.
Step 1
To transfer the radio core dump file from the access point to the controller, enter this command:
config ap crash-file get-radio-core-dump slot Cisco_AP
For the slot parameter, enter the slot ID of the radio that crashed.
Step 2
To verify that the file was downloaded to the controller, enter this command:
show ap crash-file
Information similar to the following appears:
Local Core Files:
lrad_AP1130.rdump0 (156)
The number in parentheses indicates the size of the file. The size should be greater than zero if a core
dump file is available.
Step 3
To transfer the file from the controller to a TFTP server, enter these commands:
transfer upload datatype radio-core-dump
transfer upload filename filename
transfer upload serverip tftp_server_ip
transfer upload start
Enabling Memory Core Dumps from Converted Access Points
By default, access points converted to lightweight mode do not send memory core dumps to the
controller. To enable this feature, enter this command:
config ap core-dump enable tftp-server-ip-address filename {compress | uncompress} {ap-name | all}
•
For tftp-server-ip-address, enter the IP address of the TFTP server to which the access point sends
core files. The access point must be able to reach the TFTP server.
•
For filename, enter a filename that the access points uses to label the core file.
•
Enter compress to configure the access point to send compressed core files. Enter uncompress to
configure the access point to send uncompressed core files.
•
For ap-name, enter the name of a specific access point, or enter all to enable memory core dumps
from all access points converted to lightweight mode.
Cisco Wireless LAN Controller Configuration Guide
OL-11336-02
7-49
Chapter 7
Controlling Lightweight Access Points
Cisco Workgroup Bridges
Display of MAC Addresses for Converted Access Points
There are some differences in the way that controllers display the MAC addresses of converted access
points on information pages in the controller GUI:
•
On the AP Summary page, the controller lists the Ethernet MAC addresses of converted access
points.
•
On the AP Detail page, the controller lists the BSS MAC addresses and Ethernet MAC addresses of
converted access points.
•
On the Radio Summary page, the controller lists converted access points by radio MAC address.
Disabling the Reset Button on Access Points Converted to Lightweight Mode
You can disable the reset button on access points converted to lightweight mode. The reset button is
labeled MODE on the outside of the access point.
Use this command to disable or enable the reset button on one or all converted access points associated
to a controller:
config ap reset-button {enable | disable} {ap-name | all}
The reset button on converted access points is enabled by default.
Configuring a Static IP Address on an Access Point Converted to Lightweight
Mode
After an access point converted to lightweight mode associates to a controller, enter this command to
configure a static IP address on the access point:
config ap static-ip enable ap-name ip-address mask gateway
Note
If you configure an access point to use a static IP address that is not on the same subnet on which the
access point’s previous DHCP address was, the access point falls back to a DHCP address after the
access point reboots. If the access point falls back to a DHCP address, the show ap config general
ap-name CLI command correctly shows that the access point is using a fallback IP address. However,
the GUI shows both the static IP address and the DHCP address, but it does not identify the DHCP
address as a fallback address.
Cisco Workgroup Bridges
A workgroup bridge (WGB) is a mode that can be configured on an autonomous IOS access point to
provide wireless connectivity to a lightweight access point on behalf of clients that are connected by
Ethernet to the WGB access point. A WGB connects a wired network over a single wireless segment by
learning the MAC addresses of its wired clients on the Ethernet interface and reporting them to the
lightweight access point using Internet Access Point Protocol (IAPP) messaging. The WGB provides
wireless access connectivity to wired clients by establishing a single wireless connection to the
lightweight access point. The lightweight access point treats the WGB as a wireless client. See the
example in Figure 7-24.
Cisco Wireless LAN Controller Configuration Guide
7-50
OL-11336-02
Chapter 7
Controlling Lightweight Access Points
Cisco Workgroup Bridges
Figure 7-24
WGB Example
Hub
Switch
Wired
clients
Access point
WGB
Controller
DHCP/ACS
/TFTB/FTP
Note
If the lightweight access point fails, the WGB attempts to associate to another access point.
Figure 7-25 shows how a WGB is connected in a basic mesh network.
Figure 7-25
WGB in Mesh Network
WGB2
Switch
Controller
MAP2
RAP
MESH
MESH
MAP1
230771
MESH
WGB1
Switch
Cisco Wireless LAN Controller Configuration Guide
OL-11336-02
7-51
Chapter 7
Controlling Lightweight Access Points
Cisco Workgroup Bridges
Guidelines for Using WGBs
Follow these guidelines for using WGBs on your network:
•
The WGB can be any autonomous access point that supports the workgroup bridge mode and is
running Cisco IOS Release 12.4(3g)JA or later (on 32-MB access points) or Cisco IOS Release
12.3(8)JEB or later (on 16-MB access points). These access points include the AP1120, AP1121,
AP1130, AP1231, AP1240, and AP1310. Cisco IOS Releases prior to 12.4(3g)JA and 12.3(8)JEB
are not supported.
Note
If your access point has two radios, you can configure only one for workgroup bridge mode.
This radio is used to connect to the lightweight access point. Cisco recommends that you
disable the second radio.
Note
The controller supports only Cisco WGB products. Linksys and OEM WGB devices are not
supported. Although the Cisco Wireless Unified Solution does not support the Linksys
WET54G and WET11B Ethernet Bridges, you can use these devices in a Wireless Unified
Solution configuration if you follow these guidelines:
1. Connect only one device to the WET54G or WET11B.
2. Enable the MAC cloning feature on the WET54G or WET11B to clone the connected
device.
3. Install the latest drivers and firmware on devices connected to the WET54G or WET11B.
This guideline is especially important for JetDirect printers because early firmware versions
might cause problems with DHCP.
Note: Because these devices are not supported in the Cisco Wireless Unified Solution, Cisco
Technical Support cannot help you troubleshoot any problems associated with them.
Perform one of the following to enable the workgroup bridge mode on the WGB:
– On the WGB access point GUI, choose Workgroup Bridge for the role in radio network on the
Settings > Network Interfaces page.
– On the WGB access point CLI, enter this command: station-role workgroup-bridge
Note
See the sample WGB access point configuration in the “Sample WGB Configuration”
section on page 7-54.
•
The WGB can associate only to lightweight access points (except the Cisco Airespace AP1000
series access points, which are not supported).
•
Only WGBs in client mode (which is the default value) are supported. Those in infrastructure mode
are not supported. Perform one of the following to enable client mode on the WGB:
– On the WGB access point GUI, choose Disabled for the Reliable Multicast to WGB parameter.
– On the WGB access point CLI, enter this command: no infrastructure client.
Note
VLANs are not supported for use with WGBs.
Cisco Wireless LAN Controller Configuration Guide
7-52
OL-11336-02
Chapter 7
Controlling Lightweight Access Points
Cisco Workgroup Bridges
Note
•
See the sample WGB access point configuration in the “Sample WGB Configuration”
section on page 7-54.
These features are supported for use with a WGB:
– Guest N+1 redundancy
– Local EAP
•
These features are not supported for use with a WGB:
– Cisco Centralized Key Management (CCKM)
– Hybrid REAP
– Idle timeout
– Web authentication
Note
If a WGB associates to a web-authentication WLAN, the WGB is added to the exclusion
list, and all of the WGB wired clients are deleted.
•
In a mesh network, a WGB can associate to any mesh access point, regardless of whether it acts as
a root access point or a mesh access point.
•
Wired clients connected to the WGB are not authenticated for security. Instead, the WGB is
authenticated against the access point to which it associates. Therefore, Cisco recommends that you
physically secure the wired side of the WGB.
•
With Layer 3 roaming, if you plug a wired client into the WGB network after the WGB has roamed
to another controller (for example, to a foreign controller), the wired client’s IP address displays
only on the anchor controller, not on the foreign controller.
•
If a wired client does not send traffic for an extended period of time, the WGB removes the client
from its bridge table, even if traffic is continuously being sent to the wired client. As a result, the
traffic flow to the wired client fails. To avoid the traffic loss, prevent the wired client from being
removed from the bridge table by configuring the aging-out timer on the WGB to a large value using
the following IOS commands on the WGB:
configure terminal
bridge bridge-group-number aging-time seconds
exit
end
where bridge-group-number is a value between 1 and 255, and seconds is a value between 10 and
1,000,000 seconds. Cisco recommends configuring the seconds parameter to a value greater than the
wired client’s idle period.
•
When you delete a WGB record from the controller, all of the WGB wired clients’ records are also
deleted.
•
Wired clients connected to a WGB inherit the WGB’s QoS and AAA override attributes.
•
These features are not supported for wired clients connected to a WGB:
– MAC filtering
– Link tests
– Idle timeout
Cisco Wireless LAN Controller Configuration Guide
OL-11336-02
7-53
Chapter 7
Controlling Lightweight Access Points
Cisco Workgroup Bridges
•
You do not need to configure anything on the controller to enable the WGB to communicate with
the lightweight access point. However, to ensure proper communication, you should create a WLAN
on the controller that matches the SSID and security method that was configured on the WGB.
Sample WGB Configuration
Here is a sample configuration of a WGB access point using static WEP with a 40-bit WEP key:
ap#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
ap(config)#dot11 ssid WGB_with_static_WEP
ap(config-ssid)#authentication open
ap(config-ssid)#guest-mode
ap(config-ssid)#exit
ap(config)#interface dot11Radio 0
ap(config)#station-role workgroup-bridge
ap(config-if)#encry mode wep 40
ap(config-if)#encry key 1 size 40 0 1234567890
ap(config-if)#WGB_with_static_WEP
ap(config-if)#end
To verify that the WGB is associated to an access point, enter this command on the WGB:
show dot11 association
Information similar to the following appears:
ap#show dot11 associations
802.11 Client Stations on Dot11Radio0:
SSID [FCVTESTING] :
MAC Address
IP address
Device
000b.8581.6aee 10.11.12.1
WGB-client
ap#
Name
map1
Parent
-
State
Assoc
Using the GUI to View the Status of Workgroup Bridges
Follow these steps to view the status of WGBs on your network using the controller GUI.
Step 1
Click Wireless > Clients to access the Clients page (see Figure 7-26).
Cisco Wireless LAN Controller Configuration Guide
7-54
OL-11336-02
Chapter 7
Controlling Lightweight Access Points
Cisco Workgroup Bridges
Figure 7-26
Clients Page
The WGB field on the right side of the page indicates whether any of the clients on your network are
workgroup bridges.
Step 2
Click the MAC address of the desired client. The Clients > Detail page appears (see Figure 7-27).
Figure 7-27
Clients > Detail Page
Cisco Wireless LAN Controller Configuration Guide
OL-11336-02
7-55
Chapter 7
Controlling Lightweight Access Points
Cisco Workgroup Bridges
The Client Type field under Client Properties shows “WGB” if this client is a workgroup bridge, and the
Number of Wired Client(s) field shows the number of wired clients that are connected to this WGB.
Step 3
To see the details of any wired clients that are connected to a particular WGB, follow these steps:
a.
Click Back on the Clients > Detail page to return to the Clients page.
b.
Hover your cursor over the blue drop-down arrow for the desired WGB and choose Show Wired
Clients. The WGB Wired Clients page appears (see Figure 7-28).
Figure 7-28
Note
c.
WGB Wired Clients Page
If you ever want to disable or remove a particular client, hover your cursor over the blue
drop-down arrow for the desired client and choose Remove or Disable, respectively.
Click the MAC address of the desired client to see more details for this particular client. The Clients
> Detail page appears (see Figure 7-29).
Figure 7-29
Clients > Detail Page
The Client Type field under Client Properties shows “WGB Client,” and the rest of the fields on this
page provide additional information for this client.
Cisco Wireless LAN Controller Configuration Guide
7-56
OL-11336-02
Chapter 7
Controlling Lightweight Access Points
Cisco Workgroup Bridges
Using the CLI to View the Status of Workgroup Bridges
Follow these steps to view the status of WGBs on your network using the controller CLI.
Step 1
To see any WGBs on your network, enter this command:
show wgb summary
Information similar to the following appears:
Number of WGBs................................... 1
MAC Address
IP Address AP Name Status
----------------- ---------- -------- -----00:0d:ed:dd:25:82 10.24.8.73
a1
Assoc
Step 2
WLAN
---3
Auth Protocol Clients
----- --------- -------Yes
802.11b
1
To see the details of any wired clients that are connected to a particular WGB, enter this command:
show wgb detail wgb_mac_address
Information similar to the following appears:
Number of wired client(s): 1
MAC Address
IP Address AP Name Mobility
------------------- ---------- -------- --------00:0d:60:fc:d5:0b
10.24.8.75
a1
Local
WLAN
Auth
----- ----3
Yes
Using the CLI to Debug WGB Issues
Use the commands in this section if you experience any problems with the WGB.
1.
2.
To enable debugging for IAPP messages, errors, and packets, enter these commands:
•
debug iapp all enable—Enables debugging for IAPP messages.
•
debug iapp error enable—Enables debugging for IAPP error events.
•
debug iapp packet enable—Enables debugging for IAPP packets.
If you experience a roaming issue, enter this command:
debug mobility handoff enable
3.
4.
If you experience an IP assignment issue and DHCP is used, enter these commands:
•
debug dhcp message enable
•
debug dhcp packet enable
If you experience an IP assignment issue and static IP is used, enter these commands:
•
debug dot11 mobile enable
•
debug dot11 state enable
Cisco Wireless LAN Controller Configuration Guide
OL-11336-02
7-57
Chapter 7
Controlling Lightweight Access Points
Configuring Country Codes
Configuring Country Codes
Controllers and access points are designed for use in many countries with varying regulatory
requirements. The radios within the access points are assigned to a specific regulatory domain at the
factory (such as -E for Europe), but the country code enables you to specify a particular country of
operation (such as FR for France or ES for Spain). Configuring a country code ensures that each radio’s
broadcast frequency bands, interfaces, channels, and transmit power levels are compliant with
country-specific regulations.
Generally, you configure one country code per controller, the one matching the physical location of the
controller and its access points. However, controller software release 4.1 allows you to configure up to
20 country codes per controller. This multiple-country support enables you to manage access points in
various countries from a single controller.
Note
Although the controller supports different access points in different regulatory domains (countries), it
requires all radios in a single access point to be configured for the same regulatory domain. For example,
you should not configure a Cisco 1231 access point’s 802.11b/g radio for the US (-A) regulatory domain
and its 802.11a radio for the Great Britain (-E) regulatory domain. Otherwise, the controller allows only
one of the access point’s radios to turn on, depending on which regulatory domain you selected for the
access point on the controller. Therefore, make sure that the same country code is configured for both of
the access point’s radios.
For a complete list of country codes supported per product, go to
http://cisco-images.cisco.com/en/US/docs/wireless/access_point/conversion/lwapp/upgrade/guide/lwap
note.html
Guidelines for Configuring Multiple Country Codes
Follow these guidelines when configuring multiple country codes:
•
The multiple-country feature is not supported for use with Cisco Aironet mesh access points. If a
mesh access point is already connected to the controller, multiple-country configuration is rejected.
If multiple-country support is configured, mesh access points are not permitted to join the controller.
•
When the multiple-country feature is being used, all controllers intended to join the same RF group
must be configured with the same set of countries, configured in the same order.
•
When multiple countries are configured and the radio resource management (RRM) auto-RF feature
is enabled, the auto-RF feature is limited to only the channels that are legal in all configured
countries and to the lowest power level common to all configured countries. The access points are
always able to use all legal frequencies, but non-common channels can only be assigned manually.
Note
If an access point was already set to a higher legal power level or is configured manually,
the power level is limited only by the particular country to which that access point is
assigned.
Cisco Wireless LAN Controller Configuration Guide
7-58
OL-11336-02
Chapter 7
Controlling Lightweight Access Points
Configuring Country Codes
•
When multiple countries are configured, only channels that are common to all configured countries
are allowed. Each access point radio can only be in one country and only operates if it has a
regulatory domain that is supported by that country. The controller allow only access points that
have radios with regulatory domains that match one or more of the country codes, as defined within
the controller table. The regulatory domain check is per radio, not per access point. So, if one of
the radios has a regulatory domain that doesn't match, that radio is shutdown, but the access point is
allowed to join the controller and the other radio remains up.
For example, the regulatory domain rules for GB, NZ and US are listed below:
– GB (United Kingdom) allows only 802.11bg radios and 802.11a radios for –E regulatory
domains.
– NZ (New Zealand) allows only 802.11bg radios for the –N and A regulatory domains, and
802.11a radios for the –N regulatory domain.
– US (United States) allows only 802.11bg and 802.11a radios for the –A or –B regulatory
domains.
If a 1230 AP contains 2 radios: 802.11bg(-A) and 802.11a(-E) then the 802.11bg(-A) radio only
works when located in New Zealand (NZ) or the United States (US), but the 802.11a(-E) radio only
works when in the United Kinbdom (GB). Anything else is illegal.
It is recommended that you install 2 radios with compatible regulatory domains into a single access
point, such as –A and –A or –E and –E or –A and –N.
•
When multiple countries are configured, the 802.11a network is disabled for all countries if any
country does not support the 802.11a radio or there are no common channels on the 802.11a radio.
You can configure country codes through the controller GUI or CLI.
Using the GUI to Configure Country Codes
Follow these steps to configure country codes using the GUI.
Step 1
Step 2
Follow these steps to disable the 802.11a and 802.11b/g networks:
a.
Click Wireless > 802.11a > Network.
b.
Uncheck the 802.11a Network Status Enabled check box.
c.
Click Apply to commit your changes.
d.
Click Wireless > 802.11b/g > Network.
e.
Uncheck the 802.11b/g Network Status Enabled check box.
f.
Click Apply to commit your changes.
Click Wireless > Country to access the Country page (see Figure 7-30).
Cisco Wireless LAN Controller Configuration Guide
OL-11336-02
7-59
Chapter 7
Controlling Lightweight Access Points
Configuring Country Codes
Figure 7-30
Country Page
Step 3
Check the check box for each country where your access points are installed.
Step 4
If you checked more than one check box in Step 3, a message appears indicating that RRM channels and
power levels are limited to common channels and power levels. Click OK to continue or Cancel to
cancel the operation.
Step 5
Click Apply to commit your changes.
Step 6
If you selected multiple country codes in Step 3, each access point is assigned to a country. Follow these
steps to see the default country chosen for each access point and to choose a different country if
necessary.
Note
a.
If you ever remove a country code from the configuration, any access points currently assigned
to the deleted country reboot and when they rejoin the controller, they get re-assigned to one of
the remaining countries if possible.
Perform one of the following:
– Leave the 802.11a and 802.11b/g networks disabled.
– Re-enable the 802.11a and 802.11b/g networks and then disable only the access points for
which you are configuring a country code. To disable an access point, click Wireless > Access
Points > All APs, click the link of the desired access point, choose Disable from the Admin
Status drop-down box, and click Apply.
b.
Click Wireless > Access Points > All APs to access the All APs page.
c.
Click the link for the desired access point. The All APs > Details page appears (see Figure 7-31).
Cisco Wireless LAN Controller Configuration Guide
7-60
OL-11336-02
Chapter 7
Controlling Lightweight Access Points
Configuring Country Codes
Figure 7-31
All APs > Details Page
d.
The default country for this access point appears in the Country Code drop-down box. If the access
point is installed in a country other than the one shown, choose the correct country from the
drop-down box. The box contains only those country codes that are compatible with the regulatory
domain of at least one of the access point’s radios.
e.
Click Apply to commit your changes.
f.
Repeat these steps to assign all access points joined to the controller to a specific country.
g.
Re-enable any access points that you disabled in Step a.
Step 7
Re-enable the 802.11a and 802.11b/g networks, provided you did not re-enable them in Step 6.
Step 8
Click Save Configuration to save your settings.
Using the CLI to Configure Country Codes
Follow these steps to configure country codes using the CLI.
Step 1
To see a list of all available country codes, enter this command:
show country supported
Step 2
Enter these commands to disable the 802.11a and 802.11b/g networks:
config 802.11a disable network
config 802.11b disable network
Cisco Wireless LAN Controller Configuration Guide
OL-11336-02
7-61
Chapter 7
Controlling Lightweight Access Points
Configuring Country Codes
Step 3
To configure the country codes for the countries where your access points are installed, enter this
command:
config country code1[,code2,code3,...]
If you are entering more than one country code, separate each by a comma (for example, config country
US,CA,MX). Information similar to the following appears:
Changing country code could reset channel configuration.
If running in RFM One-Time mode, reassign channels after this command.
Check customized APs for valid channel values after this command.
Are you sure you want to continue? (y/n) y
Step 4
Enter Y when prompted to confirm your decision. Information similar to the following appears:
Configured Country............................. Multiple Countries:US,CA,MX
Auto-RF for this country combination is limited to common channels and power.
KEY: * = Channel is legal in this country and may be configured manually.
A = Channel is the Auto-RF default in this country.
. = Channel is not legal in this country.
C = Channel has been configured for use by Auto-RF.
x = Channel is available to be configured for use by Auto-RF.
(-) = Regulatory Domains allowed by this country.
------------:+-+-+-+-+-+-+-+-+-+-+-+-+-+802.11BG
:
Channels
:
1 1 1 1 1
: 1 2 3 4 5 6 7 8 9 0 1 2 3 4
------------:+-+-+-+-+-+-+-+-+-+-+-+-+-+US (-AB)
: A * * * * A * * * * A . . .
CA (-AB)
: A * * * * A * * * * A . . .
MX (-NA)
: A * * * * A * * * * A . . .
Auto-RF
: C x x x x C x x x x C . . .
------------:+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+802.11A
:
1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
Channels
: 3 3 3 4 4 4 4 4 5 5 6 6 0 0 0 1 1 2 2 2 3 3 4 4 5 5 6 6
--More-- or (q)uit
: 4 6 8 0 2 4 6 8 2 6 0 4 0 4 8 2 6 0 4 8 2 6 0 9 3 7 1 5
------------:+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+US (-AB)
: . A . A . A . A A A A A * * * * * . . . * * * A A A A *
CA (-ABN) : . A . A . A . A A A A A * * * * * . . . * * * A A A A *
MX (-N)
: . A . A . A . A A A A A . . . . . . . . . . . A A A A *
Auto-RF : . C . C . C . C C C C C . . . . . . . . . . . C C C C x
Step 5
To verify your country code configuration, enter this command:
show country
Step 6
To see the list of available channels for the country codes configured on your controller, enter this
command:
show country channels
Cisco Wireless LAN Controller Configuration Guide
7-62
OL-11336-02
Chapter 7
Controlling Lightweight Access Points
Configuring Country Codes
Information similar to the following appears:
Configured Country............................. Multiple Countries:US,CA,MX
Auto-RF for this country combination is limited to common channels and power.
KEY: * = Channel is legal in this country and may be configured manually.
A = Channel is the Auto-RF default in this country.
. = Channel is not legal in this country.
C = Channel has been configured for use by Auto-RF.
x = Channel is available to be configured for use by Auto-RF.
(-) = Regulatory Domains allowed by this country.
------------:+-+-+-+-+-+-+-+-+-+-+-+-+-+802.11BG
:
Channels
:
1 1 1 1 1
: 1 2 3 4 5 6 7 8 9 0 1 2 3 4
------------:+-+-+-+-+-+-+-+-+-+-+-+-+-+US (-AB)
: A * * * * A * * * * A . . .
CA (-AB)
: A * * * * A * * * * A . . .
MX (-NA)
: A * * * * A * * * * A . . .
Auto-RF
: C x x x x C x x x x C . . .
------------:+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+802.11A
:
1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
Channels
: 3 3 3 4 4 4 4 4 5 5 6 6 0 0 0 1 1 2 2 2 3 3 4 4 5 5 6 6
--More-- or (q)uit
: 4 6 8 0 2 4 6 8 2 6 0 4 0 4 8 2 6 0 4 8 2 6 0 9 3 7 1 5
------------:+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+US (-AB)
: . A . A . A . A A A A A * * * * * . . . * * * A A A A *
CA (-ABN) : . A . A . A . A A A A A * * * * * . . . * * * A A A A *
MX (-N)
: . A . A . A . A A A A A . . . . . . . . . . . A A A A *
Auto-RF : . C . C . C . C C C C C . . . . . . . . . . . C C C C x
------------:+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
Step 7
To save your settings, enter this command:
save config
Step 8
To see the countries to which your access points have been assigned, enter this command:
show ap summary
Information similar to the following appears:
Number of APs.................................... 2
AP Name Slots AP Model
-------- ------ ----------------ap1
2
AP1030
ap2
2
AIR-AP1242AG-A-K9
Step 9
Ethernet MAC
----------------00:0b:85:5b:8e:c0
00:14:1c:ed:27:fe
Location
---------------default location
default location
Port
Country
------- -------1
US
1
US
If you entered multiple country codes in Step 3, follow these steps to assign each access point to a
specific country:
a.
Perform one of the following:
– Leave the 802.11a and 802.11b/g networks disabled.
– Re-enable the 802.11a and 802.11b/g networks and then disable only the access points for
which you are configuring a country code. To re-enable the networks, enter these commands:
config 802.11a enable network
config 802.11b enable network
To disable an access point, enter this command:
config ap disable ap_name
Cisco Wireless LAN Controller Configuration Guide
OL-11336-02
7-63
Chapter 7
Controlling Lightweight Access Points
Migrating Access Points from the -J Regulatory Domain to the -U Regulatory Domain
b.
To assign an access point to a specific country, enter this command:
config ap country code {ap_name | all}
Make sure that the country code you choose is compatible with the regulatory domain of at least one
of the access point’s radios.
Note
If you enabled the networks and disabled some access points and then run the config ap
country code all command, the specified country code is configured on only the disabled
access points. All other access points are ignored.
For example, if you enter config ap country mx all, information similar to the following appears:
To change country code: first disable target AP(s) (or disable all networks).
Changing the country may reset any customized channel assignments.
Changing the country will reboot disabled target AP(s).
Are you sure you want to continue? (y/n) y
AP Name
--------ap2
ap1
c.
Country
-------US
MX
Status
-------enabled (Disable AP before configuring country)
changed (New country configured, AP rebooting)
To re-enable any access points that you disabled in Step a, enter this command:
config ap enable ap_name
Step 10
If you did not re-enable the 802.11a and 802.11b/g networks in Step 9, enter these commands to
re-enable them now:
config 802.11a enable network
config 802.11b enable network
Step 11
To save your settings, enter this command:
save config
Migrating Access Points from the -J Regulatory Domain to the
-U Regulatory Domain
The Japanese government has changed its 5-GHz radio spectrum regulations. These regulations allow a
field upgrade of 802.11a 5-GHz radios. Japan allows three frequency sets:
•
J52 = 34 (5170 MHz), 38 (5190 MHz), 42 (5210 MHz), 46 (5230 MHz)
•
W52 = 36 (5180 MHz), 40 (5200 MHz), 44 (5220 MHz), 48 (5240 MHz)
•
W53 = 52 (5260 MHz), 56 (5280 MHz), 60 (5300 MHz), 64 (5320 MHz)
Cisco has organized these frequency sets into the following regulatory domains:
•
-J regulatory domain = J52
•
-P regulatory domain = W52 + W53
•
-U regulatory domain = W52
Cisco Wireless LAN Controller Configuration Guide
7-64
OL-11336-02
Chapter 7
Controlling Lightweight Access Points
Migrating Access Points from the -J Regulatory Domain to the -U Regulatory Domain
Regulatory domains are used by Cisco to organize the legal frequencies of the world into logical groups.
For example, most of the European countries are included in the -E regulatory domain. Cisco access
points are configured for a specific regulatory domain at the factory and, with the exception of this
migration process, never change. The regulatory domain is assigned per radio, so an access point’s
802.11a and 802.11b/g radios may be assigned to different domains.
Note
Controllers and access points may not operate properly if they are not designed for use in your country
of operation. For example, an access point with part number AIR-AP1030-A-K9 (which is included in
the Americas regulatory domain) cannot be used in Australia. Always be sure to purchase controllers
and access points that match your country’s regulatory domain.
The Japanese regulations allow the regulatory domain that is programmed into an access point’s radio to
be migrated from the -J domain to the -U domain. New access points for the Japanese market contain
radios that are configured for the -P regulatory domain. -J radios are no longer being sold. In order to
make sure that your existing -J radios work together with the new -P radios in one network, you need to
migrate your -J radios to the -U domain.
Country codes, as explained in the previous section, define the channels that can be used legally in each
country. These country codes are available for Japan:
•
JP—Allows only -J radios to join the controller
•
J2—Allows only -P radios to join the controller
•
J3—Uses the -U frequencies but allows both -U and -P radios to join the controller
Note
After migration, you need to use the J3 country code. If your controller is running software
release 4.1 or greater, you can use the multiple-country feature, explained in the previous
section, to choose both J2 and J3. Then you can manually configure your -P radios to use the
channels not supported by J3.
Refer to the Channels and Maximum Power Settings for Cisco Aironet Lightweight Access Points
document for the list of channels and power levels supported by access points in the Japanese regulatory
domains.
Guidelines for Migration
Follow these guidelines before migrating your access points to the -U regulatory domain:
•
You can migrate only Cisco Aironet 1000, 1130, 1200, and 1240 lightweight access points that
support the -J regulatory domain and Airespace AS1200 access points. Other access points cannot
be migrated.
•
Your controller and all access points must be running software release 4.1 or greater or software
release 3.2.193.0.
Note
•
Software release 4.0 is not supported. If you migrate your access points using software
release 3.2.193.0, you cannot upgrade to software release 4.0. You can upgrade only to
software release 4.1 or greater or to a later release of the 3.2 software.
You must have had one or more Japan country codes (JP, J2, or J3) configured on your controller at
the time you last booted your controller.
Cisco Wireless LAN Controller Configuration Guide
OL-11336-02
7-65
Chapter 7
Controlling Lightweight Access Points
Migrating Access Points from the -J Regulatory Domain to the -U Regulatory Domain
•
You must have at least one access point with a -J regulatory domain joined to your controller.
•
You cannot migrate your access points from the -U regulatory domain back to the -J domain. The
Japanese government has made reverse migration illegal.
Note
You cannot undo an access point migration. Once an access point has been migrated, you
cannot return to software release 4.0. Migrated access points will have non-functioning
802.11a radios under software release 4.0.
Migrating Access Points to the -U Regulatory Domain
Follow these steps to migrate your access points from the -J regulatory domain to the -U regulatory
domain using the controller CLI. This process cannot be performed using the controller GUI.
Step 1
To determine which access points in your network are eligible for migration, enter this command:
show ap migrate
Information similar to the following appears:
These 1 APs are eligible for migration:
00:14:1c:ed:27:fe AIR-AP1242AG-J-K9ap1240
“J”Reg. Domain
No APs have already been migrated.
Step 2
Enter these commands to disable the 802.11a and 802.11b/g networks:
config 802.11a disable network
config 802.11b disable network
Step 3
Enter this command to change the country code of the access points to be migrated to J3:
config country J3
Step 4
Wait for any access points that may have rebooted to rejoin the controller.
Step 5
Enter this command to migrate the access points from the -J regulatory domain to the -U regulatory
domain:
config ap migrate j52w52 {all | ap_name}
Information similar to the following appears:
Migrate APs with 802.11A Radios in the “J” Regulatory Domain to the “U” Regulatory Domain.
The “J” domain allows J52 frequencies, the “U” domain allows W52 frequencies.
WARNING: This migration is permanent and is not reversible, as required by law.
WARNING: Once migrated the 802.11A radios will not operate with previous OS versions.
WARNING: All attached “J” radios will be migrated.
WARNING: All migrated APs will reboot.
WARNING: All migrated APs must be promptly reported to the manufacturer.
Send the AP list and your company name to: [email protected]
This AP is eligible for migration:
00:14:1c:ed:27:fe AIR-AP1242AG-J-K9ap1240
Begin to migrate Access Points from “J”(J52) to “U”(W52). Are you sure? (y/n)
Step 6
Enter Y when prompted to confirm your decision to migrate.
Cisco Wireless LAN Controller Configuration Guide
7-66
OL-11336-02
Chapter 7
Controlling Lightweight Access Points
Dynamic Frequency Selection
Step 7
Wait for all access points to reboot and rejoin the controller. This process may take up to 15 minutes,
depending on access point. The AP1130, AP1200, and AP1240 reboot twice; all other access points
reboot once.
Step 8
Enter this command to verify migration for all access points:
show ap migrate
Information similar to the following appears:
No APs are eligible for migration.
These 1 APs have already been migrated:
00:14:1c:ed:27:fe AIR-AP1242AG-J-K9ap1240
Step 9
“U”Reg. Domain
Enter these commands to re-enable the 802.11a and 802.11b/g networks:
config 802.11a enable network
config 802.11b enable network
Step 10
Send an email with your company name and the list of access points that have been migrated to this email
address: [email protected]. We recommend that you cut and paste the output from the show
ap migrate command in Step 8 into the email.
Dynamic Frequency Selection
The Cisco UWN Solution complies with regulations that require radio devices to use dynamic frequency
selection (DFS) to detect radar signals and avoid interfering with them.
When a lightweight access point with a 5-GHz radio operates on one of the 15 channels listed in
Table 7-4, the controller to which the access point is associated automatically uses DFS to set the
operating frequency.
When you manually select a channel for DFS-enabled 5-GHz radios, the controller checks for radar
activity on the channel for 60 seconds. If there is no radar activity, the access point operates on the
channel you selected. If there is radar activity on the channel you selected, the controller automatically
selects a different channel, and after 30 minutes, the access point retries the channel you selected.
Note
After radar has been detected on a DFS-enabled channel, it cannot be used for 30 minutes.
Note
The Rogue Location Detection Protocol (RLDP) and rogue containment are not supported on the
channels listed in Table 7-4.
Note
The maximum legal transmit power is greater for some 5-GHz channels than for others. When the
controller randomly selects a 5-GHz channel on which power is restricted, it automatically reduces
transmit power to comply with power limits for that channel.
Cisco Wireless LAN Controller Configuration Guide
OL-11336-02
7-67
Chapter 7
Controlling Lightweight Access Points
Retrieving the Unique Device Identifier on Controllers and Access Points
Table 7-4
5-GHz Channels on Which DFS Is Automatically Enabled
52 (5260 MHz)
104 (5520 MHz)
124 (5620 MHz)
56 (5280 MHz)
108 (5540 MHz)
128 (5640 MHz)
60 (5300 MHz)
112 (5560 MHz)
132 (5660 MHz)
64 (5320 MHz)
116 (5580 MHz)
136 (5680 MHz)
100 (5500 MHz)
120 (5600 MHz)
140 (5700 MHz)
Using DFS, the controller monitors operating frequencies for radar signals. If it detects radar signals on
a channel, the controller takes these steps:
•
It changes the access point channel to a channel that has not shown radar activity within the last 30
minutes. (The radar event is cleared after 30 minutes.) The controller selects the channel at random.
•
If the channel selected is one of the channels in Table 7-4, it scans the new channel for radar signals
for 60 seconds. If there are no radar signals on the new channel, the controller accepts client
associations.
•
It records the channel that showed radar activity as a radar channel and prevents activity on that
channel for 30 minutes.
•
It generates a trap to alert the network manager.
Retrieving the Unique Device Identifier on Controllers and
Access Points
The unique device identifier (UDI) standard uniquely identifies products across all Cisco hardware
product families, enabling customers to identify and track Cisco products throughout their business and
network operations and to automate their asset management systems. The standard is consistent across
all electronic, physical, and standard business communications. The UDI consists of five data elements:
•
The orderable product identifier (PID)
•
The version of the product identifier (VID)
•
The serial number (SN)
•
The entity name
•
The product description
The UDI is burned into the EEPROM of controllers and lightweight access points at the factory. It can
be retrieved through either the GUI or the CLI.
Cisco Wireless LAN Controller Configuration Guide
7-68
OL-11336-02
Chapter 7
Controlling Lightweight Access Points
Retrieving the Unique Device Identifier on Controllers and Access Points
Using the GUI to Retrieve the Unique Device Identifier on Controllers and
Access Points
Follow these steps to retrieve the UDI on controllers and access points using the GUI.
Step 1
Click Controller > Inventory to access the Inventory page (see Figure 7-32).
Figure 7-32
Inventory Page
This page shows the five data elements of the controller UDI.
Step 2
Click Wireless to access the All APs page.
Step 3
Click the name of the desired access point. The All APs > Details page appears (see Figure 7-33).
Figure 7-33
All APs > Details Page
This page shows the five data elements of the access point UDI under Inventory Information.
Cisco Wireless LAN Controller Configuration Guide
OL-11336-02
7-69
Chapter 7
Controlling Lightweight Access Points
Performing a Link Test
Using the CLI to Retrieve the Unique Device Identifier on Controllers and
Access Points
Enter these commands to retrieve the UDI on controllers and access points using the CLI:
•
show inventory—Shows the UDI string of the controller. Information similar to the following
appears:
NAME: "Chassis"
, DESCR: "Cisco Wireless Controller"
PID: WS-C3750G-24PS-W24, VID: V01, SN: FLS0952H00F
•
show inventory ap ap_id—Shows the UDI string of the access point specified.
Performing a Link Test
A link test is used to determine the quality of the radio link between two devices. Two types of link-test
packets are transmitted during a link test: request and response. Any radio receiving a link-test request
packet fills in the appropriate fields and echoes the packet back to the sender with the response type set.
The radio link quality in the client-to-access point direction can differ from that in the access
point-to-client direction due to the asymmetrical distribution of transmit power and receive sensitivity
on both sides. Two types of link tests can be performed: a ping test and a CCX link test.
With the ping link test, the controller can test link quality only in the client-to-access point direction.
The RF parameters of the ping reply packets received by the access point are polled by the controller to
determine the client-to-access point link quality.
With the CCX link test, the controller can also test the link quality in the access point-to-client direction.
The controller issues link-test requests to the client, and the client records the RF parameters [received
signal strength indicator (RSSI), signal-to-noise ratio (SNR), etc.] of the received request packet in the
response packet. Both the link-test requestor and responder roles are implemented on the access point
and controller. Therefore, not only can the access point or controller initiate a link test to a CCX v4
client, but a CCX v4 client can initiate a link test to the access point or controller.
The controller shows these link-quality metrics for CCX link tests in both directions (out: access point
to client; in: client to access point):
•
Signal strength in the form of RSSI (minimum, maximum, and average)
•
Signal quality in the form of SNR (minimum, maximum, and average)
•
Total number of packets that are retried
•
Maximum retry count for a single packet
•
Number of lost packets
•
Data rate of a successfully transmitted packet
The controller shows this metric regardless of direction:
•
Link test request/reply round-trip time (minimum, maximum, and average)
Cisco Wireless LAN Controller Configuration Guide
7-70
OL-11336-02
Chapter 7
Controlling Lightweight Access Points
Performing a Link Test
The 4.1 release of controller software supports CCX versions 1 through 4. CCX support is enabled
automatically for every WLAN on the controller and cannot be disabled. The controller stores the CCX
version of the client in its client database and uses it to limit the features for this client. If a client does
not support CCXv4, the controller performs a ping link test on the client. If a client supports CCXv4,
the controller performs a CCX link test on the client. If a client times out during a CCX link test, the
controller switches to the ping link test automatically. See the “Configuring Cisco Client Extensions”
section on page 6-28 for more information on CCX.
Note
CCX is not supported on the AP1030.
Follow the instructions in this section to perform a link test using either the GUI or the CLI.
Using the GUI to Perform a Link Test
Follow these steps to run a link test using the GUI.
Step 1
Click Wireless > Clients to access the Clients page (see Figure 7-34).
Figure 7-34
Step 2
Clients Page
Hover your cursor over the blue drop-down arrow for the desired client and choose LinkTest. A link test
page appears (see Figure 7-35).
Note
You can also access this page by clicking the MAC address of the desired client and then clicking
the Link Test button on the top of the Clients > Detail page.
Cisco Wireless LAN Controller Configuration Guide
OL-11336-02
7-71
Chapter 7
Controlling Lightweight Access Points
Performing a Link Test
Figure 7-35
Link Test Page
This page shows the results of the CCX link test.
Note
Step 3
If the client and/or controller does not support CCX v4, the controller performs a ping link test
on the client instead, and a much more limited link test page appears.
Click OK to exit the link test page.
Using the CLI to Perform a Link Test
Use these commands to run a link test using the CLI.
1.
To run a link test, enter this command:
linktest ap_mac
When CCX v4 is enabled on both the controller and the client being tested, information similar to
the following appears:
CCX Link Test to 00:0d:88:c5:8a:d1.
Link Test Packets Sent...................................... 20
Link Test Packets Received................................. 10
Link Test Packets Lost (Total/AP to Client/Client to AP).... 10/5/5
Link Test Packets round trip time (min/max/average)......... 5ms/20ms/15ms
RSSI at AP (min/max/average)................................ -60dBm/-50dBm/-55dBm
RSSI at Client (min/max/average)............................ -50dBm/-40dBm/-45dBm
SNR at AP (min/max/average)................................. 40dB/30dB/35dB
SNR at Client (min/max/average)............................. 40dB/30dB/35dB
Transmit Retries at AP (Total/Maximum)...................... 5/3
Transmit Retries at Client (Total/Maximum).................. 4/2
Transmit rate: 1M
2M
5.5M
6M
9M 11M 12M 18M
24M
36M 48M 54M 108M
Packet Count:
0
0
0
0
0
0
0
0
0
2
0
18
0
Transmit rate: 1M
2M
5.5M
6M
9M 11M 12M 18M
24M
36M 48M 54M 108M
Packet Count:
0
0
0
0
0
0
0
0
0
2
0
8
0
Cisco Wireless LAN Controller Configuration Guide
7-72
OL-11336-02
Chapter 7
Controlling Lightweight Access Points
Configuring Power over Ethernet
When CCX v4 is not enabled on either the controller or the client being tested, fewer details appear:
Ping Link Test to 00:0d:88:c5:8a:d1.
Link Test Packets Sent..........................
Link Test Packets Received......................
Local Signal Strength...........................
Local Signal to Noise Ratio.....................
2.
20
20
-49dBm
39dB
To adjust the link-test parameters that are applicable to both the CCX link test and the ping test, enter
these commands from config mode:
config > linktest frame-size size_of_link-test_frames
config > linktest num-of-frame number_of_link-test_request_frames_per_test
Configuring Power over Ethernet
When an LWAPP-enabled access point (such as an AP1131 or AP1242) is powered by a power injector
that is connected to a Cisco pre-Intelligent Power Management (pre-IPM) switch, you need to configure
power over Ethernet (PoE), also known as inline power. You can configure PoE through either the GUI
or the CLI.
Using the GUI to Configure Power over Ethernet
Follow these steps to configure PoE using the controller GUI.
Step 1
Click Wireless and then the name of the desired access point. The All APs > Details page appears (see
Figure 7-36).
Cisco Wireless LAN Controller Configuration Guide
OL-11336-02
7-73
Chapter 7
Controlling Lightweight Access Points
Configuring Power over Ethernet
Figure 7-36
Step 2
All APs > Details Page
Perform one of the following:
•
Check the Pre-Standard State check box if the access point is being powered by a high-power
Cisco switch. These switches provide more than the traditional 6 Watts of power but do not support
the intelligent power management (IPM) feature. These switches include:
– WS-C3550, WS-C3560, WS-C3750,
– C1880,
– 2600, 2610, 2611, 2621, 2650, 2651,
– 2610XM, 2611XM, 2621XM, 2650XM, 2651XM, 2691,
– 2811, 2821, 2851,
– 3620, 3631-telco, 3640, 3660,
– 3725, 3745,
– 3825, and 3845.
•
Uncheck the Pre-Standard State check box if power is being provided by a power injector or by a
switch not on the above list.
Cisco Wireless LAN Controller Configuration Guide
7-74
OL-11336-02
Chapter 7
Controlling Lightweight Access Points
Configuring Power over Ethernet
Step 3
Check the Power Injector State check box if the attached switch does not support IPM and a power
injector is being used. If the attached switch supports IPM, you do not need to check this check box.
Step 4
If you checked the Power Injector State check box in the previous step, the Power Injector Selection
parameter appears. This parameter enables you to protect your switch port from an accidental overload
if the power injector is inadvertently bypassed. Choose one of these options from the drop-down box to
specify the desired level of protection:
•
Installed—This option examines and remembers the MAC address of the currently connected
switch port and assumes that a power injector is connected. Choose this option if your network
contains older Cisco 6-Watt switches and you want to avoid possible overloads by forcing a
double-check of any relocated access points.
Note
Each time an access point is relocated, the MAC address of the new switch port will fail to
match the remembered MAC address, and the access point will remain in low-power mode.
You must then physically verify the existence of a power injector and reselect this option to
cause the new MAC address to be remembered.
•
Override—This option allows the access point to operate in high-power mode without first
verifying a matching MAC address. It is acceptable to use this option if your network does not
contain any older Cisco 6-Watt switches that could be overloaded if connected directly to a 12-Watt
access point. The advantage of this option is that if you relocate the access point, it continues to
operate in high-power mode without any further configuration. The disadvantage of this option is
that if the access point is connected directly to a 6-Watt switch, an overload will occur.
•
Foreign—This option causes the Injector Switch MAC Address parameter to appear. The Injector
Switch MAC Address parameter allows the remembered MAC address to be modified by hand.
Choose this option if you know the MAC address of the connected switch port and do not wish to
automatically detect it using the Installed option.
Step 5
Click Apply to commit your changes.
Step 6
Click Save Configuration to save your settings.
Using the CLI to Configure Power over Ethernet
Use these commands to configure PoE using the controller CLI.
1.
config ap power injector enable ap installed
This command is recommended if your network contains any older Cisco 6-Watt switches that could
be accidentally overloaded if connected directly to a 12-Watt access point. The access point
remembers that a power injector is connected to this particular switch port. If you relocate the access
point, you must reissue this command after the presence of a new power injector is verified.
Note
Make sure CDP is enabled before issuing this command. Otherwise, this command will fail.
See the previous section for information on enabling CDP.
Cisco Wireless LAN Controller Configuration Guide
OL-11336-02
7-75
Chapter 7
Controlling Lightweight Access Points
Configuring Flashing LEDs
2.
config ap power injector enable ap override
This command removes the safety checks and allows the access point to be connected to any switch
port. It is acceptable to use this command if your network does not contain any older Cisco 6-Watt
switches that could be overloaded if connected directly to a 12-Watt access point. The access point
assumes that a power injector is always connected. If you relocate the access point, it continues to
assume that a power injector is present.
Configuring Flashing LEDs
Controller software release 4.0 and greater enables you to flash the LEDs on an access point in order to
locate it. All IOS lightweight access points (1000, 1100, and 1200) support this feature.
Use these commands to configure LED flashing from the Privileged Exec mode of the controller.
Note
The output of these commands is sent only to the controller console, regardless of whether the commands
were issued on the console or in a TELNET/SSH CLI session.
1.
To enable the controller to send commands to the access point from its CLI, enter this command:
config ap remote-debug enable Cisco_AP
2.
To cause a specific access point to flash its LEDs for a specified number of seconds, enter this
command:
config ap remote-debug exc-command “led flash seconds” Cisco_AP
You can enter a value between 1 and 3600 seconds for the seconds parameter.
3.
To disable LED flashing for a specific access point, enter this command:
config ap remote-debug exc-command “led flash disable” Cisco_AP
This command disables LED flashing immediately. For example, if you run the previous command
(with the seconds parameter set to 60 seconds) and then disable LED flashing after only 20 seconds,
the access point’s LEDs stop flashing immediately.
Cisco Wireless LAN Controller Configuration Guide
7-76
OL-11336-02