Guest

Cisco Aironet 1500 Series

Quick Start Guide: Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access Points

  • Viewing Options

  • PDF (1.9 MB)
  • Feedback
Quick Start Guide

Table Of Contents

Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access Points

About this Guide

FCC Safety Compliance Statement

Declaration of Conformity with Regard to the EU Directive 1999/5/EC (R&TTE Directive)

General Safety Guidelines

Warnings

Introduction to the Mesh Access Point

The Wireless Mesh Networking Solution

Point-to-Point Deployment

Point-to-Multipoint Deployment

Mesh Deployment

Power

External Antennas

Preparing the Access Point

Site Surveys

Avoiding Damage to Radios in a Testing Environment

Unpacking the Access Point

Package Contents

Optional Equipment

Before You Begin

Deploying the Access Point

Verifying the Wireless LAN Controller Mode

Verifying the Wireless LAN Controller Software Version

Recording the Access Point MAC Address

Adding the Access Point MAC Address to the Wireless LAN Controller
Filter List

Verifying Automatic (Zero Touch) Configuration

Verifying Controller Association

Deployment Notes

Priming the Access Point

Using a DHCP Server in a Layer 3 Mesh Network

In Case of Difficulty

Troubleshooting

Guidelines for Using the Access Point

Misconfigured Bridge Shared Secret Key

Misconfigured Access Point IP address

Verifying the Controller MAC Filter List

Controller CLI

Web Browser Interface

Obtaining Documentation

Cisco.com

Product Documentation DVD

Ordering Documentation

Documentation Feedback

Cisco Product Security Overview

Reporting Security Problems in Cisco Products

Obtaining Technical Assistance

Cisco Technical Support & Documentation Website

Submitting a Service Request

Definitions of Service Request Severity

Obtaining Additional Publications and Information

Cisco One-Year Limited Hardware Warranty Terms


Quick Start Guide

Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access Points


INCLUDING LICENSE AND WARRANTY

1 About this Guide

This guide is designed to help you install and minimally configure your Cisco Aironet 1505 or 1510 Lightweight Outdoor Mesh Access Point in a mesh network.

For additional installation, mounting, and configuration information for the 1505 or 1510 outdoor mesh access point, see the Cisco Mesh Networking Solution Deployment Guide and the Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access Point Hardware Installation Guide. For detailed configuration information, see the Cisco wireless LAN controller documentation for the controller and software release you are using. These and other documents are available on Cisco.com. Follow these steps to access these documents:


Step 1 Browse to http://www.cisco.com

Step 2 Click Technical Support and Documentation. A pop-up window appears.

Step 3 Click Technical Support and Documentation. The Technical Support and Documentation page appears.

Step 4 Select the Documentation section. The Documentation page appears.

Step 5 Click Wireless. The Wireless Support Resources page appears.

Step 6 Choose the appropriate link for the documentation you want to view or download.


FCC Safety Compliance Statement

The FCC with its action in ET Docket 96-8 has adopted a safety standard for human exposure to radio frequency (RF) electromagnetic energy emitted by FCC certified equipment. When used with approved Cisco Aironet antennas, Cisco Aironet products meet the uncontrolled environmental limits found in OET-65 and ANSI C95.1, 1991. Proper installation of this radio according to the instructions found in this manual will result in user exposure that is substantially below the FCC recommended limits.

Declaration of Conformity with Regard to the EU Directive 1999/5/EC (R&TTE Directive)

This declaration is only valid for configurations (combinations of software, firmware and hardware) provided and/or supported by Cisco Systems. The use software or firmware not supported/provided by Cisco Systems may result that the equipment is no longer compliant with the regulatory requirements.

General Safety Guidelines

Each year hundreds of people are killed or injured when attempting to install antennas. In many of these cases, the victim was aware of the danger of electrocution, but did not take adequate steps to avoid the hazard.

For your safety, and to help you achieve a good installation, please read and follow these safety pres. They may save your life!

1. Select your installation site with safety, as well as performance in mind. Remember: electric power lines and phone lines look alike. For your safety, assume that any overhead line can kill you.

2. Call your electric power company. Tell them your plans and ask them to come look at your proposed installation. This is a small inconvenience considering your life is at stake.

3. Plan your installation carefully and completely before you begin. Each person should be assigned to a specific task, and should know what to do and when to do it. One person should be in charge of the operation to issue instructions and watch for signs of trouble.

4. When installing your antenna, remember:

a. Do not use a metal ladder.

b. Do not work on a wet or windy day.

c. Do dress properly—shoes with rubber soles and heels, rubber gloves, long sleeved shirt or jacket.

5. If any part of the antenna system should come in contact with a power line, don't touch it or try to remove it yourself. Call your local power company. They will remove it safely.

If an accident should occur with the power lines call for qualified emergency help immediately.

Warnings

Safety warnings appear throughout this guide in procedures that may harm you if performed incorrectly. A warning symbol precedes each warning statement. The warnings below are general warnings that are applicable to the entire guide.

Translated versions of the safety warnings in this guide are provided in the Safety Warnings for Cisco Aironet 1500 Series Outdoor Mesh Access Points document that accompanies this guide. The translated warnings are also in Appendix A of the Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access Point Hardware Installation Guide, which is available at cisco.com.


Warning This warning symbol means danger. You are in a situation that could cause bodily injury. Before you work on any equipment, be aware of the hazards involved with electrical circuitry and be familiar with standard practices for preventing accidents. Use the statement number provided at the end of each warning to locate its translation in the translated safety warnings that accompanied this device. Statement 1071
SAVE THESE INSTRUCTIONS



Warning Only trained and qualified personnel should be allowed to install, replace, or service this equipment. Statement 1030



Warning Ultimate disposal of this product should be handled according to all national laws and regulations. Statement 1040


2 Introduction to the Mesh Access Point

The Cisco Aironet 1505 and 1510 Lightweight Outdoor Mesh Access Points (hereafter called the access point) are wireless devices that make up the 1500 series family. They are designed for wireless client access and point-to-point bridging, point-to-multipoint bridging, and point-to-multipoint mesh wireless connectivity. The access points are standalone units that can be mounted on a building wall or overhang, on a rooftop pole, or on a street light pole.

The 1505 model differs from the 1510 because it has only one (802.11b/g) radio. The 1505 does not use an 802.11a radio and its 5-GHz antenna connector is removed. Both client and wireless backhaul is performed using the 802.11b/g radio.


Warning Be very careful when connecting the street light adapter to Category 3 pole-top power. If you are not careful, you may electrocute yourself or fall. Statement 363



Note At the presen t time, Cisco mesh networks can be built with either 1505 or 1510 mesh trees. A mesh tree consists of mesh access points connected to a wired Rooftop Access Point (RAP). In a future software release, both models will be able to share a mesh tree.


The access point provides client access and wireless backhaul that supports 6- to 54-Mbps data rates without the need for a license. The 1510 model dedicates its 5-GHz radio for backhaul operations to reach a wired network and uses its 2.4-GHz radio for wireless clients. The 1505 model uses its 2.4-GHz radio for wireless clients and wireless backhaul operations. Both models can also operate as a relay node for other access points not directly connected to a wireless network. Intelligent wireless routing is provided by AWPP, which enables each access point to identify its neighbors and intelligently choose the optimal path to the wired network by calculating the cost of each path in terms of signal strength and the number of wireless hops required to get to a controller.


Note Cisco recommends an 18-Mbps data rate on the backhaul.


Both models operate with Cisco wireless LAN controllers and Cisco Wireless Control System (WCS) to provide centralized and scalable management, high security, and mobility. Designed to support zero-configuration deployments, the 1505 and 1510 access points easily and securely join the mesh network and are available to manage and monitor the network through the controller and WCS graphical or command-line interface.

The Wireless Mesh Networking Solution

The mesh networking solution, which is a part of the Cisco unified wireless network solution, enables two or more access points to communicate with each other over one or more wireless hops to join multiple LANs or to extend 802.1b wireless coverage. The access points are configured, monitored, and operated from and through any Cisco wireless LAN controller deployed in the mesh networking solution.

The 1505 and 1510 access points are capable of operating in one of two primary radio roles:

Root access point (RAP)— The access point to which you connect to a wireless LAN controller (via a switch). A RAP is a parent node to any bridging or mesh network. A wireless LAN controller can have one or more RAPs parenting the same or different wireless networks, thereby creating redundancy. A roof-top access point is sometimes referred to as a RAP.

Mesh access point (MAP). The access point that has no wired connection to a wireless LAN controller. Formerly referred to as a pole-top access point (PAP), a MAP has a wireless connection through the backhaul interface to other MAPs and finally to a RAP and then to the wireless LAN controller. MAPs may also have a wired Ethernet connection to a LAN and serve as a bridge endpoint for the LAN using a point-to-point or point-to-multipoint connection.

In wireless LAN controller software version 4.0, the default mode for an access point is a MAP. Therefore, if you want to use an access point as a RAP, you must configure it as one before deploying it on your mesh network.


Note Do not connect a RAP directly to a Cisco wireless LAN controller. A switch or router between the wireless LAN controller and the RAP is required because Cisco wireless LAN controllers do not forward Ethernet traffic coming from an LWAPP-enabled port.


The Cisco mesh networking solution supports three possible general deployment types:

Point-to-point

Point-to-multipoint

Mesh

Point-to-Point Deployment

In this simplest configuration, the access points provide wireless access and backhaul to wireless clients and can simultaneously support bridging between one LAN and a termination to a remote Ethernet device or another Ethernet LAN. Figure 1 shows a one-hop point-to-point deployment.

Figure 1 Point-to-Point Deployment

1

Cisco wireless LAN controller

5

Wireless backhaul

2

LAN 1

6

MAP

3

Router or switch—Required for bridging LAN at point 2 and LAN at point 7

7

Optional wired connection to Ethernet termination device or LAN 2; requires router or switch at point 3

4

RAP

8

Wireless clients


Point-to-Multipoint Deployment

In this configuration, the access points provide wireless access and backhaul to wireless clients, and can simultaneously support bridging between one LAN and one or more terminations to Ethernet devices or other Ethernet LANs. Figure 2 shows a two-hop point-to-multipoint deployment.

Regardless of the number of hops in the point-to-point deployment, the access points on each branch are configured to communicate only with the access points on their branch, and not with access points on other branches.

Figure 2 Point-to-Multipoint Deployment

1

Cisco wireless LAN controller

6

MAP

2

LAN 1

7

MAP

3

Router or switch—required when network is used for bridging or LAN at point 2 and LAN at point 8

8

Optional wired connection to Ethernet termination device or LAN 2; requires a router or switch at point 3

4

RAP

9

Wireless clients

5

Wireless backhaul

   

Mesh Deployment

In this deployment, the access points provide wireless access and backhaul to wireless clients, and can simultaneously support bridging between one LAN and one or more terminations to Ethernet devices or other Ethernet LANs. Figure 3 shows a typical mesh deployment.

Regardless of the number of hops in the point-to-multipoint deployment, the access points on each branch are configured to communicate with all other access points within range in the deployment. Also, when any of the backhaul links fail, the access points automatically re-route the backhaul traffic using another path.

Figure 3 Mesh Deployment

1

Cisco wireless LAN controller

5

Wireless backhaul

2

LAN 1

6

MAP

3

Router or switch—required when network is used for bridging LAN at point 2 and LAN at point 7

7

Optional wired connection to Ethernet termination device or LAN 2; requires a router or switch at point 3

4

RAP

8

Wireless clients


Figure 4 shows a typical outdoor mesh access point installation using the 1510 model.

Figure 4 Typical Outdoor Mesh Access Point Installation Using the 1510 Model

1

Building roof overhang

7

Ground

2

Shielded Ethernet cable

8

AC power module

3

Water drip loop

9

Power injector

4

Lightning arrestor (user supplied)

10

Ethernet (Category 5) cable

5

10 AWG copper grounding wire (user supplied)

11

Controller

6

Ground rod (user supplied)

   

Power


Warning Installation of the equipment must comply with local and national electrical codes. Statement 1074



Warning This equipment must be externally grounded using a customer-supplied ground wire before power is applied. Contact the appropriate electrical inspection authority or an electrician if you are uncertain that suitable grounding is available. Statement 366



Warning Do not work on the system or connect or disconnect cables during periods of lightning activity. Statement 1001


The access point receives inline power from the Cisco Aironet power injector which connects to a 100-240 VAC power source. Shielded Ethernet cables provide Ethernet data and DC power from the power injector, or an optional AC power cable provides power from the AC power source to the access point. The power injector is a separate unit designed for operation in a sheltered indoor environment. The power injector also functions as an Ethernet repeater by connecting to a Category 5 LAN backbone and using the Ethernet cable interface to the access point. The access point senses the Ethernet and power signals and automatically switches internal circuitry to match the cable connections.


Caution To provide inline PoE, you must use the power injector (AIR- PWRINJ1500=) specified for the access point . Other power injectors, PoE switches, and 802.3af power sources may not provide adequate power, which may cause the access point to malfunction and cause over-current conditions at the power source. You must ensure that the switch port connected to the access point has PoE turned off.


Caution Do not place the power injector in an unprotected outdoor environment because water might get into the unit.

External Antennas


Warning In order to comply with radio frequency (RF) exposure limits, the antennas for this product should be positioned no less than 6.56 ft (2 m) from your body or nearby persons. Statement 339



Warning Do not locate the antenna near overhead power lines or other electric light or power circuits, or where it can come into contact with such circuits. When installing the antenna, take extreme care not to come into contact with such circuits, because they may cause serious injury or death. For proper installation and grounding of the antenna, please refer to national and local codes (for example, U.S.:NFPA 70, National Electrical Code, Article 810, Canada: Canadian Electrical Code, Section 54). Statement 1052


The 1505 model is equipped with one N-Type antenna connector, which serves the external 2.4-GHz antenna. The 1510 model is equipped with two N-Type antenna connectors. The connector on the front of the unit serves the external 2.4-GHz antenna. The connector on the end of the unit serves the external 5-GHz antenna.

Both models can also be equipped with optional Cisco omnidirectional external antennas or third-party external antennas, subject to local regulatory requirements. When you are installing third-party antennas, they must be waterproof and installed with all waterproofing steps recommended by the third-party manufacturer.


Note To meet regulatory restrictions, the access point and external antennas must be professionally installed.


3 Preparing the Access Point

Because the access point is a radio device, it is susceptible to common causes of interference that can reduce throughput and range. Follow these basic guidelines to ensure the best possible performance:

For information on planning and initially configuring your Cisco mesh network, refer to the Deployment Guide: Cisco Mesh Networking Solution or the Cisco Aironet 1500 Series Wireless Mesh AP Design Guide. These documents are available on cisco.com.

Perform a site survey before beginning the installation.

Do not install the access point in an area where structures, trees, or hills obstruct radio signals to and from the access point.

You can install the access point at any height, but best throughput is achieved when the access points are mounted at the same height.


Note To perform path loss calculation and to determine how far apart to install access points, consult an RF planning expert.


Site Surveys

Cisco recommends that you perform a site survey before installing the equipment. A site survey reveals problems that can be resolved before the network is operational. A proper site survey involves temporarily setting up mesh links and taking measurements to determine whether your antenna calculations are accurate. Determine the correct locations and antenna types before you drill holes and route cables and mounting equipment.


Tip When power is not readily available during a site survey, use an unrestricted power supply (UPS) to temporarily power the mesh link.


Consider the following operating and environmental conditions when performing a site survey:

How long is your wireless link?

Do you have a clear line of sight?

What is the minimum acceptable data rate within the link?

Do you have the correct antenna?

Do you have access to both of the mesh site locations?

Do you have the proper permits, if required?

Do you have a partner? Never attempt to survey or work alone on a roof or tower.

Have you configured the access points before you go onsite? It is always easier to resolve configurations or device problems first.

Do you have the proper tools and equipment to complete your survey?

Avoiding Damage to Radios in a Testing Environment

The radios on outdoor units (bridges) have higher transmit power levels than radios on indoor units (access points). When you test high power radios in a link, you must avoid exceeding the receiver's maximum receive input level. At levels above normal the operating range, packet error rate (PER) performance is degraded. At even higher levels, the receiver can be permanently damaged. To avoid receiver damage and PER degradation, you can use one of the following techniques:

Separate the omnidirectional antennas by at least 2 ft (0.6 m) to avoid receiver damage or by at least 25 ft (7.6 m) to avoid PER degradation.


Note These distances assume free space path loss and are conservative estimates. Required separation distances for damage and performance degradation levels in actual deployments will be less due to non line-of-sight propagation conditions.


Reduce the configured transmit power to the minimum level.

Use directional antennas and keep them away from each other.

Cable the radios together using a combination of attenuators, combiners, or splitters to achieve a total attenuation of at least 60 dB.

For a radiated test bed, the following equation describes the relationships among transmit power, antenna gain, attenuation, and receiver sensitivity:

txpwr + tx gain + rx gain - [attenuation due to antenna spacing] < max rx input level

Where:

txpwr = Radio transmit power level
tx gain = transmitter antenna gain
rx gain = receiver antenna gain

For a conducted test bed, the following equation describes the relationships among transmit power, antenna gain, and receiver sensitivity:

txpwr - [attenuation due to coaxial components] < max rx input level


Caution Under no circumstances should you connect the antenna port from one access point to the antenna port of another access point without using an RF attenuator. If you connect antenna ports you must not exceed the maximum survivable receive level of 0 dBm. Never exceed 0 dBm or damage to the access point can occur. Using attenuators, combiners, and splitters having a total of at least 60 dB of attenuation ensures that the receiver is not damaged and PER peformance is not degraded.

Unpacking the Access Point


Note When you are unpacking the access point, do not remove the foam blocks attached to the antenna connectors. The foam protects the antenna connectors during installation.


Follow these steps to unpack the access point:


Step 1 Open the shipping container and carefully remove the contents.

Step 2 Return all packing materials to the shipping container and save it.

Step 3 Ensure that all items listed in the "Package Contents" section are included in the shipment. Check each item for damage. If any item is damaged or missing, notify your authorized Cisco sales representative.


Package Contents

Each access point package contains the following items:

One model 1505 or 1510 access point

Installed mounting plate (attached to the back of the access point)

Ground lug with screw and washer

Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access Point Mounting Instructions

Translated Safety Warnings for Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access Points

This guide

Cisco product registration and Cisco documentation feedback cards

Optional Equipment

Depending on what you ordered, the following optional equipment may be part of your shipment:

Street light adapter (AIR-PWR-ST-LT-TAP=)

Power cables

15-ft (4.6 m) (AIR-CORD1500-15NA=) for use in the US and Canada.

40-ft (12.2 m) (AIR-CORD1500-40NA=) for light pole installations in the US and Canada.

40-ft (12.2 m) (AIR-CORD1500-40UE=) for use outside the US and Canada. One end of the power cord is terminated with an access point AC power connector and the other end is unterminated.

Ethernet cable

150-ft (45.72-m) Ethernet cable (AIR-ETH1500-150=)

Other lengths (user supplied)

Power injector (AIR-PWRINJ1500=)

Pole mount kit (AIR-ACCPMK1500=)

Cisco Aironet external antennas

Third-party lightning arrestors as required by local authorities

Before You Begin


Warning Read the installation instructions before connecting the system to the power source. Statement 1004



Warning Use the captive connector cap on the unused mil spec connector to prevent water intrusion and possible safety hazards. Statement 362


Before you begin the installation process:

Review the typical installation illustration (Figure 4).

Become familiar with the access point connectors (Figure 5 and Figure 6 on page 15).

Verify that the switch you are using to connect the controller is configured properly.


Note For additional installation, mounting and safety information for the 1505 or 1510 outdoor mesh access point, see the Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access Point Hardware Installation Guide, which is available on Cisco.com, and Safety Warnings for Cisco Aironet 1500 Series Outdoor Mesh Access Points, which accompanies this guide.



Note At the presen t time, Cisco mesh networks can be built with either 1505 or 1510 mesh trees. A mesh tree consists of mesh access points connected to a wired Rooftop Access Point (RAP). In a future software release, both models will be able to share a mesh tree.


Figure 5 1505 Model Access Point Connectors

1

Vent (do not remove)

3

Ethernet connector (PoE) connector

2

2.4-GHz antenna connector

4

Power connector


Figure 6 1510 Model Access Point Connectors

1

5-GHz antenna bracket

4

Ethernet connector (PoE) connector

2

Vent (do not remove)

5

Power connector

3

2.4-GHz antenna connector (N-Type)

6

5-GHz antenna connector (N-Type)


4 Deploying the Access Point


Warning Do not operate the unit near unshielded blasting caps or in an explosive environment unless the device has been modified to be especially qualified for such use. Statement 364


The access point can be deployed on Layer 2 or Layer 3 networks. Layer 2 is the default mode for a newly configured wireless LAN controller. While Layer 2 is more convenient for pre configuring access points, Cisco recommends that you configure your mesh networks for Layer 3. This guide assumes that you will be deploying your access point on a Layer 3 network and a DHCP server is available.

Before deploying the access point, make sure the the controller to which the access point will associate is properly configured by performing the following operations:

Verify that the wireless LAN controller is set to Layer 3 mode

Verify the wireless LAN controller software version

Record the access point MAC address

Enter the access point MAC address to the wireless LAN controller filter list

Verify that automatic (zero touch) configuration is enabled on the wireless LAN controller

Verifying the Wireless LAN Controller Mode

Follow these steps to verify that the wireless LAN controller mode is set to Layer 3:


Step 1 Open your web-browser and enter the IP address of your wireless LAN controller. Be sure to precede the IP address with https://. A login screen appears.

Step 2 Enter your username and password. The default case-sensitive username and password are admin and admin. The Summary page appears.

Step 3 From the top menu bar, click CONTROLLER. The Controller General page appears.

Step 4 Verify that the LWAPP Transport Mode is set to Layer 3. If it is not, change it to Layer 3 and click Apply.

Step 5 From the menu bar, click MONITOR to return to the Monitor Summary page.


Verifying the Wireless LAN Controller Software Version

On the Summary page, you can verify the software version that the wireless LAN controller is running. If you want to upgrade to a later version, provide the IP address of your TFTP server and then define the path and name of the file you wish to download. If you choose to download new software, make sure you save any configuration changes you made before rebooting the controller.

Recording the Access Point MAC Address

Use a text file to record the MAC address of all the access points you intend to deploy in your network. Having a file of access point MAC addresses will be of considerable value for future testing. While you are compiling the list, you might want to change the name of the access point to something you can easily remember. The name can contain up to 32 characters. The following example, fisher_street:ea:co contains the last four HEX characters of the access point MAC address.

Adding the Access Point MAC Address to the Wireless LAN Controller
Filter List

The wireless LAN controller maintains an access point authorization MAC address list and responds to discovery requests from access points on that list. Follow these steps to add the access point MAC address (or MAC addresses) to the Wireless LAN controller filter list:


Step 1 If you are not logged onto the wireless LAN controller, log on now. The Summary page appears.

Step 2 On the menu bar, click SECURITY. The Security RADIUS Authentication Server page appears.

Step 3 Under AAA in the left frame, click MAC Filtering. The Security MAC Filtering page appears.

Step 4 Click New. The MAC Filters New page appears.

Step 5 Enter the MAC address of the access point in the MAC Address field. You can also use the config macfilter add command to add a MAC filter entry to the controller.

Step 6 Select a WLAN ID or Any WLAN from the WLAN ID pop-up menu.

Step 7 Enter a description (32 characters maximum) of the access point in the Description field.

Step 8 Choose an interface from the Interface Name pop-up menu.

Step 9 Click Apply.

Step 10 Repeat this process to add other access points to the list.


Note You can also use the controller CLI command config macfilter add to add a MAC filter entry on the controller.


Step 11 On the menu bar, click Monitor to return to the Monitor Summary page.


Verifying Automatic (Zero Touch) Configuration

Automatic (Zero Touch) configuration is the default. Follow these steps to verify that automatic configuration of access points:


Step 1 If you are not logged onto the wireless LAN controller, log on now. The Monitor Summary page appears.

Step 2 On the menu bar, click Wireless. The Wireless All APs page appears.

Step 3 In the left frame under Wireless, click Mesh. The Wireless Mesh page appears.

Step 4 Make sure the Enable Zero Touch Configuration check box is checked. If it is not, check it and go to Step 5.


Note You can also use the config network zero-config command to enable automatic configuration.


Step 5 Select a key format and enter a shared secret key in the Shared Secret Key field.


Note The shared secret key is used by the wireless LAN controller to establish a secure LWAPP connection to the access point. The key can contain up to 32 hex or ASCII characters.



Note You can also use the config network bridging-shared-secret CLI command to set the shared secret key. To see the shared secret key in clear text, use the show network command.


Step 6 Click Apply.

Step 7 Log out from the wireless LAN controller and close your web browser.


Verifying Controller Association

To verify that your access point is associated to the wireless LAN controller, perform these steps:


Step 1 Log into your controller web interface (https) using a web browser.

Step 2 Click Wireless and verify that your access point MAC address is listed under Ethernet MAC.

Step 3 Log out of the controller and close your web browser.


Deployment Notes

Priming the Access Point

For Layer 3 mesh networks, you need to preconfigure IP addresses for the access points if you do not intend to use an internal or external DHCP server. This preconfiguration process is known as priming the access point.

To prime the access point, ensure that the wireless LAN controller is running in Layer 2 mode. Connect the access point directly to the intermediate Ethernet switch between the access points and the wireless LAN controller. The access points must be on the same subnet or VLAN as the wireless LAN controller.


Note Cisco Aironet 2006 Series Wireless LAN Controllers do not support Layer 2 mode.


The priming process consists of the following steps:


Step 1 Log into the controller.

Step 2 Make sure the wireless LAN controller is in Layer 2 mode.

Step 3 Connect the access point to the same VLAN as the management interface of the intermediate Ethernet switch connected to the wireless LAN controller.

Step 4 Configure the IP address using the CLI or web-browser interface.

Step 5 Return the wireless LAN controller to the Layer 3 mode.

Step 6 Save the configuration and reboot the wireless LAN controller.


Using a DHCP Server in a Layer 3 Mesh Network

To use a DHCP server in a Layer 3 mesh network, make sure the wireless LAN controller is in Layer 3 mode. You must also configure DHCP option 43 on the DHCP server. After the controller is restarted, the access point receives IP addresses from the DHCP server.

Configuring DHCP Option 43

You can use DHCP Option 43 to provide a list of controller IP addresses to the access points, enabling each access point to find and join a controller. This section contains a DHCP Option 43 configuration example on a Windows 2003 Enterprise DHCP server for use with Cisco Aironet lightweight access points. For other DHCP server implementations, consult the product documentation for configuring DHCP Option 43.


Note In DHCP Option 43, you should use the IP address of the controller management interface.



Note DHCP Option 43 is limited to one access point type per DHCP pool. You must configure a separate DHCP pool for each access point type.


Lightweight access points use the type-length-value (TLV) format for DHCP option 43. DHCP servers must be programmed to return the option based on the access point's DHCP Vendor Class Identifier (VCI) string (DHCP Option 60). Cisco Aironet 1500 Series Lightweight Mesh Access Points use the following comma separated string TLV format for DHCP Option 43:

Cisco AP.LAP1510

To configure DHCP Option 43 in the embedded Cisco IOS DHCP server, follow these steps:


Step 1 Enter configuration mode at the Cisco IOS command line interface.

Step 2 Create the DHCP pool, including the necessary parameters such as default router and name server as shown in the following example:

ip dhcp pool <pool name>
network <IP Network> <Netmask>
default-router <Default router>
dns-server <DNS Server>

<pool name> is the name of the DHCP pool, such as AP1000

<IP Network> is the network IP address where the controller resides, such as 10.0.18.1

<Netmask> is the subnet mask, such as 255.255.255.0

<Default router> is the IP address of the default router, such as 10.0.0.1

<DNS Server> is the IP address of the DNS server, such as 10.0.10.2


Step 3 Add the Option 60 line using the following syntax:

option 60 ascii "Cisco AP.LAP1510"

Step 4 Add the Option 43 line using the following syntax:

option 43 ascii <comma separated IP address list>

For example, if you are configuring Option 43 for Cisco Aironet 1000 series access points using the controller IP addresses 10.126.126.2 and 10.127.127.2, add the following line to the DHCP pool in the Cisco IOS CLI. Be sure to include the quotation marks:

option 43 ascii "10.126.126.2, 10.127.127.2"


5 In Case of Difficulty

If you followed the instructions in previous sections of this guide, you should have no trouble getting your access point deployed in your network. However, if you did experience difficulty, help is available from Cisco. Before contacting Cisco, look for a solution to your problem in the following places:

The troubleshooting section of this guide

The troubleshooting section of the Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access Point Hardware Installation Guide

The Tools and Resources section on the Technical Support and Documentation page at cisco.com.

Follow these steps to contact the Technical Assistance Center on cisco.com:


Step 1 Open your browser and go to http://www.cisco.com/.

Step 2 Click Technical Support and Documentation. A pop-up window appears.

Step 3 In the pop-up window, click Technical Support and Documentation. The Technical Support and Documentation page appears.

Step 4 In the Contact Cisco for Support frame, click Email or phone Technical Support. The Technical Support and Documentation Cisco Worldwide Contacts page appears.

Step 5 Follow the instructions on the page.


Troubleshooting


Caution No serviceable parts inside. Do not open.

This section provides troubleshooting procedures for basic problems with the access point. For the most up-to-date, detailed troubleshooting information, refer to the Cisco Technical Support and Documentation website at cisco.com.

Guidelines for Using the Access Point

You should keep these guidelines in mind when you use the access point:

The access points can only communicate with controllers and cannot operate independently.

The access point communicates only with controllers and does not support Wireless Domain Services (WDS). The access points cannot communicate with WDS devices. However, the controller provides functionality equivalent to WDS when an access point associates to it.

The access point supports Layer 2 or Layer 3 LWAPP communications with the controllers. In Layer 2 operation, the access point and the controller must be on the same subnet and communicate with each other using MAC addresses in encapsulated Ethernet frames. This operation is not scalable to larger networks and not recommended by Cisco.

In Layer 3 operation, the access point and the controller can be on the same or different subnets. The access point communicates with the controller using standard IP packets. Layer 3 operation is scalable and is recommended by Cisco. A Layer 3 access point on a different subnet than the controller requires a DHCP server on the access point subnet and a route to the controller. The route to the controller must have destination UDP ports 12222 and 12223 open for LWAPP communications. The routes to the primary, secondary, and tertiary controllers must allow IP packet fragments.

Before deploying your mesh access points ensure that the following has been done:

Your controllers are connected to switch ports that are configured as trunk ports.

Your mesh access points are connected to switch ports that are configured as untagged access ports.

A DHCP server is reachable by your mesh access points and has been configured with Option 43. Option 43 is used to provide the IP addresses of the Management Interfaces of your controllers. Typically, a DHCP server can be configured on a Cisco switch.

Optionally a DNS server can be configured to enable a local domain Cisco LWAPP controller (CISCO-LWAPP-CONTROLLER.<local domain>) to resolve to the IP address of the Management Interface of your controller.

Your controllers are configured and reachable by the mesh access points.

Your controllers are configured with the MAC addresses of the mesh access points and zero configuration is enabled.

Misconfigured Bridge Shared Secret Key

If an mesh access point has a misconfigured bridge shared secret key, it is not allowed to join the mesh network. If Zero Touch Configuration is enabled on your controller, the mesh access point can obtain the shared secret key from the controller or a neighbor access points.

If Zero Touch Configuration has been turned off, you might need to re-enable the feature to allow the mesh access point to get a new bridge shared secret key.

Misconfigured Access Point IP address

IP address misconfiguration can occur when you are re-addressing a segment of your mesh network and you start at the mesh access point connected to the wired network (RAP). To avoid this problem, always start the IP addressing changes from the farthest access point and work your way back to the root access point. This problem might also happen if you move equipment such as uninstalling an mesh access point and then redeploying with a different IP subnet in another physical location on the mesh network.

Another option to fix this misconfigured IP address is to physically take a controller in Layer 2 mode with a root access point to the location of the misconfigured mesh access point. Set the bridge group name for the root access point to match the misconfigured access point. Add the access point's MAC address to the controller's filter list and enable Zero Touch Configuration. When the misconfigured access point appears in the controller's Summary page, configure the access point with an IP address.

Verifying the Controller MAC Filter List

Prior to activating your access point, ensure that the access point has been added to the controller MAC filter list. To view the MAC addresses added to the controller MAC filter list, you can use the controller CLI or controller web-browser interface.

Controller CLI

Use the show macfilter summary command to view the MAC addresses added to the controller filter list.

Web Browser Interface

Log into your controller web browser interface (https) and choose SECURITY > MAC Filters to view the MAC addresses added to the controller list.

6 Obtaining Documentation

Cisco documentation and additional literature are available on Cisco.com. Cisco also provides several ways to obtain technical assistance and other technical resources. These sections explain how to obtain technical information from Cisco Systems.

Cisco.com

You can access the most current Cisco documentation at this URL:

http://www.cisco.com/techsupport

You can access the Cisco website at this URL:

http://www.cisco.com

You can access international Cisco websites at this URL:

http://www.cisco.com/public/countries_languages.shtml

Product Documentation DVD

The Product Documentation DVD is a comprehensive library of technical product documentation on a portable medium. The DVD enables you to access multiple versions of installation, configuration, and command guides for Cisco hardware and software products. With the DVD, you have access to the same HTML documentation that is found on the Cisco website without being connected to the Internet. Certain products also have PDF versions of the documentation available.

The Product Documentation DVD is available as a single unit or as a subscription. Registered Cisco.com users (Cisco direct customers) can order a Product Documentation DVD (product number DOC-DOCDVD= or DOC-DOCDVD=SUB) from Cisco Marketplace at this URL:

http://www.cisco.com/go/marketplace/

Ordering Documentation

Registered Cisco.com users may order Cisco documentation at the Product Documentation Store in the Cisco Marketplace at this URL:

http://www.cisco.com/go/marketplace/

Nonregistered Cisco.com users can order technical documentation from 8:00 a.m. to 5:00 p.m. (0800 to 1700) PDT by calling 1 866 463-3487 in the United States and Canada, or elsewhere by calling 011 408 519-5055. You can also order documentation by e-mail at tech-doc-store-mkpl@external.cisco.com or by fax at 1 408 519-5001 in the United States and Canada, or elsewhere at 011 408 519-5001.

7 Documentation Feedback

You can rate and provide feedback about Cisco technical documents by completing the online feedback form that appears with the technical documents on Cisco.com.

You can submit comments about Cisco documentation by using the response card (if present) behind the front cover of your document or by writing to the following address:

Cisco Systems
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883

We appreciate your comments.

8 Cisco Product Security Overview

Cisco provides a free online Security Vulnerability Policy portal at this URL:

http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

From this site, you will find information about how to:

Report security vulnerabilities in Cisco products.

Obtain assistance with security incidents that involve Cisco products.

Register to receive security information from Cisco.

A current list of security advisories, security notices, and security responses for Cisco products is available at this URL:

http://www.cisco.com/go/psirt

To see security advisories, security notices, and security responses as they are updated in real time, you can subscribe to the Product Security Incident Response Team Really Simple Syndication (PSIRT RSS) feed. Information about how to subscribe to the PSIRT RSS feed is found at this URL:

http://www.cisco.com/en/US/products/products_psirt_rss_feed.html

Reporting Security Problems in Cisco Products

Cisco is committed to delivering secure products. We test our products internally before we release them, and we strive to correct all vulnerabilities quickly. If you think that you have identified a vulnerability in a Cisco product, contact PSIRT:

For Emergencies only — security-alert@cisco.com

An emergency is either a condition in which a system is under active attack or a condition for which a severe and urgent security vulnerability should be reported. All other conditions are considered nonemergencies.

For Nonemergencies — psirt@cisco.com

In an emergency, you can also reach PSIRT by telephone:

1 877 228-7302

1 408 525-6532


Tip We encourage you to use Pretty Good Privacy (PGP) or a compatible product (for example, GnuPG) to encrypt any sensitive information that you send to Cisco. PSIRT can work with information that has been encrypted with PGP versions 2.x through 9.x.

Never use a revoked or an expired encryption key. The correct public key to use in your correspondence with PSIRT is the one linked in the Contact Summary section of the Security Vulnerability Policy page at this URL:

http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

The link on this page has the current PGP key ID in use.

If you do not have or use PGP, contact PSIRT at the aforementioned e-mail addresses or phone numbers before sending any sensitive material to find other means of encrypting the data.


9 Obtaining Technical Assistance

Cisco Technical Support provides 24-hour-a-day award-winning technical assistance. The Cisco Technical Support & Documentation website on Cisco.com features extensive online support resources. In addition, if you have a valid Cisco service contract, Cisco Technical Assistance Center (TAC) engineers provide telephone support. If you do not have a valid Cisco service contract, contact your reseller.

Cisco Technical Support & Documentation Website

The Cisco Technical Support & Documentation website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The website is available 24 hours a day, at this URL:

http://www.cisco.com/techsupport

Access to all tools on the Cisco Technical Support & Documentation website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a user ID or password, you can register at this URL:

http://tools.cisco.com/RPF/register/register.do


Note Use the Cisco Product Identification (CPI) tool to locate your product serial number before submitting a web or phone request for service. You can access the CPI tool from the Cisco Technical Support & Documentation website by clicking the Tools & Resources link under Documentation & Tools. Choose Cisco Product Identification Tool from the Alphabetical Index drop-down list, or click the Cisco Product Identification Tool link under Alerts & RMAs. The CPI tool offers three search options: by product ID or model name; by tree view; or for certain products, by copying and pasting show command output. Search results show an illustration of your product with the serial number label location highlighted. Locate the serial number label on your product and record the information before placing a service call.


Submitting a Service Request

Using the online TAC Service Request Tool is the fastest way to open S3 and S4 service requests. (S3 and S4 service requests are those in which your network is minimally impaired or for which you require product information.) After you describe your situation, the TAC Service Request Tool provides recommended solutions. If your issue is not resolved using the recommended resources, your service request is assigned to a Cisco engineer. The TAC Service Request Tool is located at this URL:

http://www.cisco.com/techsupport/servicerequest

For S1 or S2 service requests, or if you do not have Internet access, contact the Cisco TAC by telephone. (S1 or S2 service requests are those in which your production network is down or severely degraded.) Cisco engineers are assigned immediately to S1 and S2 service requests to help keep your business operations running smoothly.

To open a service request by telephone, use one of the following numbers:

Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227)
EMEA: +32 2 704 55 55
USA: 1 800 553-2447

For a complete list of Cisco TAC contacts, go to this URL:

http://www.cisco.com/techsupport/contacts

Definitions of Service Request Severity

To ensure that all service requests are reported in a standard format, Cisco has established severity definitions.

Severity 1 (S1)—An existing network is down, or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.

Severity 2 (S2)—Operation of an existing network is severely degraded, or significant aspects of your business operations are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation.

Severity 3 (S3)—Operational performance of the network is impaired, while most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.

Severity 4 (S4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.

10 Obtaining Additional Publications and Information

Information about Cisco products, technologies, and network solutions is available from various online and printed sources.

The Cisco Product Quick Reference Guide is a handy, compact reference tool that includes brief product overviews, key features, sample part numbers, and abbreviated technical specifications for many Cisco products that are sold through channel partners. It is updated twice a year and includes the latest Cisco offerings. To order and find out more about the Cisco Product Quick Reference Guide, go to this URL:

http://www.cisco.com/go/guide

Cisco Marketplace provides a variety of Cisco books, reference guides, documentation, and logo merchandise. Visit Cisco Marketplace, the company store, at this URL:

http://www.cisco.com/go/marketplace/

Cisco Press publishes a wide range of general networking, training and certification titles. Both new and experienced users will benefit from these publications. For current Cisco Press titles and other information, go to Cisco Press at this URL:

http://www.ciscopress.com

Packet magazine is the Cisco Systems technical user magazine for maximizing Internet and networking investments. Each quarter, Packet delivers coverage of the latest industry trends, technology breakthroughs, and Cisco products and solutions, as well as network deployment and troubleshooting tips, configuration examples, customer case studies, certification and training information, and links to scores of in-depth online resources. You can access Packet magazine at this URL:

http://www.cisco.com/packet

11 Cisco One-Year Limited Hardware Warranty Terms

There are special terms applicable to your hardware warranty and various services that you can use during the warranty period. Your formal Warranty Statement, including the warranties and license agreements applicable to Cisco software, is available on Cisco.com. Follow these steps to access and download the Cisco Information Packet and your warranty and license agreements from Cisco.com.

1. Launch your browser, and go to this URL:

http://www.cisco.com/univercd/cc/td/doc/es_inpck/cetrans.htm

The Warranties and License Agreements page appears.

2. To read the Cisco Information Packet, follow these steps:

a. Click the Information Packet Number field, and make sure that the part number 78-5235-03B0 is highlighted.

b. Select the language in which you would like to read the document.

c. Click Go.

The Cisco Limited Warranty and Software License page from the Information Packet appears.

d. Read the document online, or click the PDF icon to download and print the document in Adobe Portable Document Format (PDF).


Note You must have Adobe Acrobat Reader to view and print PDF files. You can download the reader from Adobe's website: http://www.adobe.com


3. To read translated and localized warranty information about your product, follow these steps:

a. Enter this part number in the Warranty Document Number field:

78-10747-01C0

b. Select the language in which you would like to view the document.

c. Click Go.

The Cisco warranty page appears.

d. Read the document online, or click the PDF icon to download and print the document in Adobe Portable Document Format (PDF).

You can also contact the Cisco service and support website for assistance:

http://www.cisco.com/public/Support_root.shtml.

Duration of Hardware Warranty

One (1) Year

Replacement, Repair, or Refund Policy for Hardware

Cisco or its service center will use commercially reasonable efforts to ship a replacement part within ten (10) working days after receipt of a Return Materials Authorization (RMA) request. Actual delivery times can vary, depending on the customer location.

Cisco reserves the right to refund the purchase price as its exclusive warranty remedy.

To Receive a Return Materials Authorization (RMA) Number

Contact the company from whom you purchased the product. If you purchased the product directly from Cisco, contact your Cisco Sales and Service Representative.

Complete the information below, and keep it for reference.

Company product purchased from

 

Company telephone number

 

Product model number

 

Product serial number

 

Maintenance contract number