Cisco Mesh Networking Solution Deployment Guide
Access Point Installation and Configuration
Downloads: This chapterpdf (PDF - 350.0KB) The complete bookPDF (PDF - 730.0KB) | Feedback

Access Point Installation and Configuration

Table Of Contents

Access Point Installation and Configuration

Installing Cisco Aironet Lightweight Mesh Access Points

Configuring Cisco Aironet Lightweight Mesh Access Points

Configuring the LWAPP Mode

Configuring the Cisco Wireless LAN Controller

Configuring MAC Filtering

Zero Touch Configuration

Enabling or Disabling Zero Touch Configuration

Web User Interface

Cisco WCS User Interface

Cisco Wireless LAN Controller CLI

Configurable Cisco Aironet Lightweight Mesh Access Point Parameters

Tools for Configuring the Cisco Aironet Lightweight Mesh Access Point Parameters

Cisco Wireless LAN Controller CLI

Web User Interface

Cisco WCS User Interface


Access Point Installation and Configuration


This chapter describes how to install and configure Cisco Aironet mesh access points.

This chapter contains the following sections

"Installing Cisco Aironet Lightweight Mesh Access Points" section

Configuring Cisco Aironet Lightweight Mesh Access Points

Installing Cisco Aironet Lightweight Mesh Access Points

To install a Cisco Aironet 1030 remote edge lightweight access point, refer to the AP1020 and AP1030 Cisco Aironet 1000 Series Lightweight Access Points with External Antennas - Quick Start Guide.

To install a Cisco Aironet 1500 series lightweight outdoor access point, refer to the Quick Start Guide: Cisco Aironet 1500 Series Lightweight Outdoor Access Points.

Also refer to the Cisco Wireless LAN Controller Configuration Guide for additional information on updating and configuring the wireless LAN controllers and associated mesh access points.

After you have installed the mesh access points, follow these steps to complete your installation.

Configuring Cisco Aironet Lightweight Mesh Access Points

This section describes how to configure the mesh access points. It includes the following sections:

"Configuring the LWAPP Mode" section

"Configuring the Cisco Wireless LAN Controller" section

"Configuring MAC Filtering" section

"Zero Touch Configuration" section

"Enabling or Disabling Zero Touch Configuration" section

"Configurable Cisco Aironet Lightweight Mesh Access Point Parameters" section

"Tools for Configuring the Cisco Aironet Lightweight Mesh Access Point Parameters" section

Configuring the LWAPP Mode

In the Layer 2 LWAPP mode, mesh access points do not need to be configured. In this case, mesh access point configuration is optional. However, to use the access points without a DHCP server in the Layer 3 LWAPP mode, you need to configure the access points to use static IP.

To configure the access points to use static addresses, follow these steps:


Step 1 Switch the controller to the Layer 2 LWAPP mode.

Step 2 Repeat the following steps for every access point:

a. Connect the access point to the switch connected to the controller (connect only one access point at a time).

b. Use the switch's CLI to configure the IP address of the access point.

Step 3 Change the controller back to the Layer 3 LWAPP mode.

Step 4 Save the configuration.

Step 5 Restart the switch and Define the ap-manager interface.


Once the network is in the Layer 3 LWAPP mode, you can change the IP address of the access point from the CLI or GUI.


Caution Do not configure an access point's static address in a live network because doing so causes the access point to restart. If the access point is a RAP, then the entire network goes down.

Configuring the Cisco Wireless LAN Controller

Zero Touch configuration is enabled by default on the Cisco wireless LAN controller. To understand Zero Touch configuration, refer to "Zero Touch Configuration" section. To enable or disable Zero Touch configuration, refer to "Enabling or Disabling Zero Touch Configuration" section.

Configuring MAC Filtering

For a mesh access point to connect to a Cisco wireless LAN controller, you need to add the access point to the controller's MAC filtering list.

To add the access point to a controller's MAC filtering list, do one of the following:

In the Web user interface of the controller, choose the MAC filtering option (Security > AAA > MAC Filtering) and manually add the mesh access points.

In Cisco WCS, go to the MAC filtering template (Configure > Templates > Security > MAC Filtering); create a list of bridging mesh access points, and send them to multiple Cisco wireless LAN controllers.

Zero Touch Configuration

If Zero Touch configuration is enabled on the Cisco wireless LAN controller, the mesh access point does the following to accomplish a secure Zero Touch:

1. When a mesh access point is first installed, it tries to find its role automatically. If it has a wired connection to a LAN with a Cisco wireless LAN controller, it assumes the role of RAP; otherwise it becomes a PAP.

2. Next, the mesh access point determines the backhaul channel.

If it is a RAP, it already has a secure LWAPP connection to the Cisco wireless LAN controller and uses the configured RAP backhaul interface (Default: 802.11a).

If it is a PAP, it scans the backhaul interfaces and channels for neighbor mesh access points. When it finds a neighbor mesh access point with the same bridge group name and a path back to the Cisco wireless LAN controller, it makes that mesh access point its parent. If the PAP finds more than one neighbor mesh access point, it uses a least-cost algorithm to determine which parent has the best path back to the Cisco wireless LAN controller.


Note When the mesh networking solution includes one or more mesh access points, make sure that all the access points can operate on the same channel as that of the root access point.


3. To set up a secure LWAPP connection with the Cisco wireless LAN controller, the PAP sends its default shared secret key and MAC address to set up a temporary secured connection. The Cisco wireless LAN controller validates the MAC address against the allowed devices list, and if found, it sends the shared secret key to the PAP and disconnects.The PAP stores the shared secret key and uses it to set up a secure LWAPP connection.

4. If a PAP loses connection to the Cisco wireless LAN controller, it searches for valid neighbors using the mesh access point bridge group name and scans the backhaul interfaces and channels. When it finds a neighbor mesh access point, it makes that mesh access point its parent. If it already has a shared secret key, it uses that key and tries to set up a secure LWAPP connection to the Cisco wireless LAN controller. If the shared secret key does not work, it uses the shared default secret key and attempts to get a new shared secret key.


Note The RAP offers service in one band for the clients and uses another band for backhaul (communication between the mesh access points).



Note Zero Touch configuration may not work if the RAP is a Cisco Aironet 1030 remote edge lightweight access point, and the PAP is a Cisco Aironet 1500 series lightweight outdoor access point. The Cisco Aironet 1030 remote edge lightweight access point defaults to channel 52, and the Cisco Aironet 1500 series lightweight outdoor access point cannot operate on that channel.


Enabling or Disabling Zero Touch Configuration

You can enable or disable Zero Touch configuration using the Web user interface or Cisco WCS.

Web User Interface

Path: Wireless > Bridging

Table 2-1 describes the bridging parameters.

Table 2-1 Bridging Parameters 

Parameter
Description

Zero Touch Configuration

By default, this check box is checked.

When you disable this option, the Cisco wireless LAN controller does not provide the shared secret key. For the mesh access point to establish a connection to the Cisco wireless LAN controller, pre-configure the mesh access point shared secret key using the Cisco wireless LAN controller CLI as described in the Cisco Wireless LAN Controller Command Reference.

When you enable this option, the mesh access point gets the shared secret key from the Cisco wireless LAN controller with the default shared key.

Usage: As the administrator, you can enable this feature and allow all the mesh access points to join the network. After the network is stabilized, you can disable this feature, which further secures your networks against any rogue access points that might try and get the shared secret key from the Cisco wireless LAN controller.

Note Even when you enable this option, the mesh access points are checked against the MAC filter list before they are allowed to communicate with the Cisco wireless LAN controller.

Key Format

Specify the Shared Secret Key format. It can be ASCII or Hex.

Bridging Shared Secret Key

This field is enabled only if the Zero Touch Configuration option is enabled. This is the key that is provided to the mesh access points for them to establish a secure LWAPP connection with the Cisco wireless LAN controller. The key should be at least 32 characters long in Hex or ASCII format.

A default shared secret key is assigned at the manufacturing stage. It is not visible to you.

Note When you change the shared secret key, the Cisco wireless LAN controller automatically sends the change to all of the RAPs, which causes the PAPs to lose connectivity until they are able to obtain the new shared secret key from the Cisco wireless LAN controller.

Confirm Shared Secret Key

Confirm the shared secret key.


Click Apply to save the changes made.

For more information, refer to the Cisco Web User Interface Online Help.

Cisco WCS User Interface

Path: Configure > Controllers (click an IP address item, click 802.11, and then click Bridging to access this page).

A section of the screen is displayed below.

The field parameters are the same as in Web user interface. Refer to "Web User Interface" section for details.

Click Save to save the changes or click Audit to validate the changes made.

For more information, refer to the Cisco WCS User Interface Online Help.

Cisco Wireless LAN Controller CLI

Table 2-2 lists the commands to configure Zero Touch configuration using the Cisco wireless LAN controller CLI.

Table 2-2 Zero Touch Configuration Commands

Parameter
Commands

Zero Touch Configuration

config network zero-config {enable | disable}

This command let's you enable or disable Zero Touch configuration.

Bridging Shared Secret Key

config network bridging-shared-secret name

This command lets you specify the key that is provided to the mesh access points for them to establish a secure LWAPP connection with the Cisco wireless LAN controller.

The key should be at least 32 characters long in Hex or ASCII format.

Key Format

config network bridging-shared-secret key

This command lets you specify the Shared Secret Key format. It can be ASCII or Hex.


Configurable Cisco Aironet Lightweight Mesh Access Point Parameters

Table 2-3 lists the mesh access point parameters that you can configure:

Table 2-3 Configurable Mesh Access Point Parameters (continued)

Parameter
Values
Description

Shared Secret Key

Any key in ASCII or Hex format that is at least 32 characters long.

A default shared secret key is assigned at the manufacturing stage. It is not visible to you.

The shared secret key is provided by the Cisco wireless LAN controller during the connection process. This can be set manually to avoid using the default shared secret key to get the key from the Cisco wireless LAN controller.

If the shared secret key is not correct, the access point uses the default shared key to get the key from the Cisco wireless LAN controller.

Role

Auto

RAP

PAP

Default: Auto

Indicates if a mesh access point is a RAP or PAP.

Auto: When the mesh access point comes up, it automatically determines if it can be a RAP or PAP.

RAP/PAP: The access point's role is pre-defined by you.

Ethernet Bridging

Enabled

Disabled

Default: Disabled

Specifies whether ethernet bridging on the access point is enabled or disabled.

Bridge Group Name

This is a string of a maximum of 10 characters.

A default mesh access point bridge group name is assigned at the manufacturing stage. It is not visible to you. The Bridge Group Name field appears blank in the GUI until you change it.

Use bridge group names to logically group the mesh access points to avoid two networks on the same channel from communicating with each other.

For the mesh access points to communicate, they must have the same bridge group name.

Note For configurations with multiple RAPs, make sure that all RAPs have the same bridge group name to allow failover from one RAP to another.
Conversely, for configurations where separate sectors are required, make sure that each RAP and associated PAPs have separate bridge group names.

Data Rate

A rate in Mbps.

Default for 802.11a: 18 Mbps

This is the rate at which data is shared between the mesh access points. This is fixed for a whole network.

Default data rate is 18 Mbps, which you should use for the backhaul.

Valid data rates:

for 802.11a: 6, 9, 12, 18, 24, 36, 48, 54

Note NEVER change the data rate for a deployed mesh networking solution. If you do, each RAP and PAP may need to be manually reconfigured to restore the network.


Tools for Configuring the Cisco Aironet Lightweight Mesh Access Point Parameters

The mesh access point parameters can be configured to varying levels using Cisco WCS, the Cisco wireless LAN controller command line interface (CLI) or the Cisco wireless LAN controller Web user interface). Table 2-4 lists the details.

Table 2-4 Mesh Access Point Parameter Configuration Tools

Tool
Parameter
Role
Shared Secret Key
Bridge
Group Name
Data Rate
Ethernet Bridging

Cisco wireless LAN controller CLI

Yes

Yes

Yes

Yes

Yes

Cisco wireless LAN controller Web user interface

No

Yes

No

Yes

Yes

Cisco WCS

No

Yes

No

Yes

Yes



Note The following section provides only a general overview of the configuration methods. Refer to the individual guides for detailed information.


Cisco Wireless LAN Controller CLI

Table 2-5 lists the commands to configure the mesh access point parameters using the Cisco wireless LAN controller CLI.

Table 2-5 CLI-Configurable Mesh Access Point Parameters

Parameter
Commands

Data Rate (Mbps)

config ap bhrate rate ap-name

The data rates for 802.11a can be: 6, 9, 12, 18, 24, 36, 48, 54

Bridge Group Name

config ap bridgegroupname set name

The name is a string of up to 10 characters.

Role

config ap role role

The role can be Auto, RAP, or PAP. By default, the role is set to Auto.

Bridging Shared Secret Key

config network bridging-shared-secret name

This command lets you specify the key that is provided to the mesh access points for them to establish a secure LWAPP connection with the Cisco Wireless LAN controller. The key should be at least 32 characters long in Hex or ASCII format.

Ethernet Bridging

config ap bridging {Enable | Disable}

Use this command to enable or disable Ethernet-to-Ethernet bridging on Cisco access points.


Table 2-6 lists related commands.

Table 2-6 CLI Commands for Viewing Backhaul Interface and Data Rate Information

Purpose
Use This CLI Command

To view the current backhaul interface

show ap bhmode <ap-name>

To view the current data rate

show ap bhrate <ap-name>


For more information, refer to the Cisco Wireless LAN Controller Command Reference.

Web User Interface

Table 2-7 lists the path to be used in the Web user interface to configure the mesh access point parameters.

Table 2-7 Web User Interface Path for Configuring Mesh Access Point Parameters

Parameter
Path

Data Rate (Mbps)

Wireless > Access Points > All APs

Click Detail. The Data Rate and Ethernet Bridging parameters are in the Bridging Information section.

Ethernet Bridging


A section of the screen is displayed below.

Table 2-8 describes the parameters.

Table 2-8 Bridging Information Parameters 

Parameter
Description

AP Role

Not an editable field. Specifies if the mesh access point is a RAP or PAP.

Role can be configured using the CLI.

Bridge Type

Not an editable field. Specifies whether the mesh access point is an indoor or outdoor access point. Configure using the CLI.

Bridge Group Name

Not an editable field. Specifies the mesh access point bridge group name.

Bridge Data Rate

Set the data rate. The drop-down list displays the data rates depending on the backhaul interface.

Ethernet Bridging

Check this check box to enable Ethernet bridging.


Click Apply to save your changes.

For more information, refer to the Cisco Web User Interface Online Help.

Cisco WCS User Interface

Table 2-9 lists the path in the Cisco WCS user interface to configure the mesh access point parameters.

Table 2-9 WCS User Interface Path for Configuring Mesh Access Point Parameters

Parameter
Path

Data Rate (Mbps)

Configure > Access Points

Click the name of the access point. The Data Rate and Ethernet Bridging parameters are in the Bridging Information section.

Ethernet Bridging


A section of the screen is displayed below.

Table 2-10 describes the parameters.

Table 2-10 Bridging Information Parameters 

Parameter
Description

Role

Not an editable field. Specifies whether the mesh access point is a RAP or PAP.

Role can be configured using Zero Touch configuration.

Bridge Group Name

Not an editable field. Specifies the mesh access point bridge group name.

Type

Not an editable field. Specifies if the mesh access point is an indoor or outdoor AP.

Backhaul Interface

Not an editable field. Specifies the backhaul setting of the mesh access point.

Data Rate (Mbps)

Set the data rate. The drop-down list displays the data rates depending on the backhaul interface set.

Ethernet Bridging

Check this check box to enable Ethernet bridging.


Click Save or Audit to validate the changes made.

For more information, refer to the Cisco WCS User Interface Online Help.