Cisco Wireless LAN Controller Configuration Guide, Release 7.0
Chapter 9 - Controlling Mesh Access Points
Downloads: This chapterpdf (PDF - 1.74MB) The complete bookPDF (PDF - 34.93MB) | Feedback

Controlling Mesh Access Points

Table Of Contents

Controlling Mesh Access Points

Cisco Aironet Mesh Access Points

Access Point Roles

Network Access

Deployment Modes

Cisco Wireless Mesh Network

Wireless Backhaul

Point-to-Point Wireless Bridging

Point-to-Multipoint Wireless Bridging

Architecture Overview

CAPWAP

Cisco Adaptive Wireless Path Protocol Wireless Mesh Routing

Mesh Neighbors, Parents, and Children

Wireless Mesh Constraints

Adding Mesh Access Points to the Mesh Network

Adding MAC Addresses of Mesh Access Points to the Controller Filter List

Configuring External Authentication and Authorization Using a RADIUS Server

Configuring the AP Mode

Defining the Mesh Access Point Role

Antennas and Channel Assignment on the Serial Backhaul Access Points

Configuring Global Mesh Parameters

Configuring Local Mesh Parameters

Client Roaming

Universal Client Access on Serial Backhaul Access Points

Using the GUI to Configure Universal Client Access

Using the CLI to Configure Universal Client Access

Configuring Backhaul Channel Deselection on a Serial Backhaul Access Point

Serial Backhaul Access Point Guidelines for the Rest of the World

Configuring Backhaul Channel Deselection

Configuring Ethernet Bridging and Ethernet VLAN Tagging

Configuring Advanced Features

Configuring Voice Parameters in Mesh Networks

CAC

QoS and DSCP Marking

Guidelines for Using Voice on the Mesh Network

Voice Call Support in a Mesh Network

Using the CLI to View Voice Details for Mesh Networks

Enabling Mesh Multicast Containment for Video

Backhaul Client Access (Universal Access) for Indoor and Outdoor Mesh Access Points

Viewing Mesh Statistics and Reports

Viewing Mesh Statistics for an Access Point

Using the GUI to View Mesh Statistics for an Access Point

Using the CLI to View Mesh Statistics for an Access Point

Viewing Neighbor Statistics for an Access Point

Using the GUI to View Neighbor Statistics for an Access Point

Using the CLI to View Neighbor Statistics for an Access Point

Converting Indoor Access Points to Mesh Access Points (1130AG, 1240AG)

Changing MAP and RAP Roles for Indoor Mesh Access Points (1130AG, 1240AG)

Using the GUI to Change MAP and RAP Roles for Indoor Mesh Access Points

Using the CLI to Change MAP and RAP Roles for Indoor Mesh Access Points

Converting Indoor Mesh Access Points to Nonmesh Lightweight Access Points (1130AG, 1240AG)

Configuring Mesh Access Points to Operate with Cisco 3200 Series Mobile Access Routers

Configuration Guidelines

Using the GUI to Enable Mesh Access Points to Operate with Cisco 3200 Series Mobile Access Routers

Using the CLI to Enable Mesh Access Points to Operate with Cisco 3200 Series Mobile Access Routers


Controlling Mesh Access Points


This chapter describes Cisco indoor and outdoor mesh access points and explains how to connect them to the controller and manage access point settings. It contains these sections:

Cisco Aironet Mesh Access Points

Architecture Overview

Adding Mesh Access Points to the Mesh Network

Configuring Advanced Features

Viewing Mesh Statistics and Reports

Converting Indoor Access Points to Mesh Access Points (1130AG, 1240AG)

Changing MAP and RAP Roles for Indoor Mesh Access Points (1130AG, 1240AG)

Converting Indoor Mesh Access Points to Nonmesh Lightweight Access Points (1130AG, 1240AG)

Configuring Mesh Access Points to Operate with Cisco 3200 Series Mobile Access Routers

Cisco Aironet Mesh Access Points

Controller software release 7.0 supports these Cisco Aironet mesh access points:

Cisco Aironet 1520 series outdoor mesh access points consist of the 1522 dual-radio mesh access point and the 1524PS/Serial Backhaul multi-radio mesh access point.


Note See the Cisco Aironet 1520 Series Outdoor Mesh Access Point Hardware Installation Guide for details on the physical installation and initial configuration of the mesh access points at the following URL:

http://www.cisco.com/en/US/products/ps8368/tsd_products_support_series_home.html


Cisco Aironet 1130AG and 1240AG series indoor mesh access points.


Note AP1130 and AP1240 must be converted to operate as indoor mesh access points. See the "Converting Indoor Access Points to Mesh Access Points (1130AG, 1240AG)" section.



Note All features discussed in this chapter apply to indoor (1130, 1240) and outdoor mesh access points (1522, 1524PS/Serial Backhaul) unless noted otherwise. Mesh access point or MAP is hereafter used to refer to both indoor and outdoor mesh access points.



Note Cisco Aironet 1505 and 1510 access points are not supported in this release.



Note See the Release Notes for Cisco wireless LAN controllers and Lightweight Access Points for Release 7.0 for mesh feature summary, important notes, and software upgrade steps for migrating from 4.1.19x.xx mesh releases to controller release 7.0 at this URL:

http://www.cisco.com/en/US/products/ps6366/prod_release_notes_list.html.


Access Point Roles

Access points within a mesh network operate as either a root access point (RAP) or a mesh access point (MAP).

RAPs have wired connections to their controller, and MAPs have wireless connections to their controller.

MAPs communicate among themselves and back to the RAP using wireless connections over the 802.11a radio backhaul. MAPs use the Cisco Adaptive Wireless Path Protocol (AWPP) to determine the best path through the other mesh access points to the controller.

All the possible paths between the MAPs and RAPs form the wireless mesh network. Figure 9-1 shows the relationship between RAPs and MAPs in a mesh network.

Figure 9-1 Simple Mesh Network Hierarchy

Network Access

Wireless mesh networks can simultaneously carry two different traffic types: wireless LAN client traffic and MAP Ethernet port traffic.

Wireless LAN client traffic terminates on the controller, and the Ethernet traffic terminates on the Ethernet ports of the mesh access points.

Access to the wireless LAN mesh for mesh access points is managed by:

MAC authentication—Mesh access points are added to a database to ensure that they are allowed access to a given controller and the mesh network. See the "Adding Mesh Access Points to the Mesh Network" section.

External RADIUS authentication—Mesh access points can be externally authorized to use a RADIUS server such as Cisco ACS 4.1 and later releases that support the client authentication type of EAP-FAST with certificates. See the "Configuring RADIUS Servers" section.

Network Segmentation

Membership to the wireless LAN mesh network for mesh access points is controlled by:

Bridge group name—Mesh access points can be placed in bridge groups to manage memberships or provide network segmentation. See the "Using the GUI to Configure Antenna Gain" section.

Deployment Modes

Mesh access points support multiple deployment modes, including the following:

Wireless mesh

WLAN backhaul

Point-to-multipoint wireless bridging

Point-to-point wireless bridging

Cisco Wireless Mesh Network

In a Cisco wireless outdoor mesh network, multiple mesh access points comprise a network that provides secure, scalable outdoor wireless LANs. Figure 9-2 shows an example mesh deployment.

Figure 9-2 Wireless Mesh Deployment

Wireless Backhaul

Mesh access points can provide a simple wireless backhaul solution, which provides 802.11b/g services to wireless LAN and wired clients. This configuration is basically a wireless mesh with one MAP. Figure 9-3 shows an example of this deployment type.

Figure 9-3 Wireless Backhaul Deployment

Point-to-Point Wireless Bridging

Mesh access points can support a point-to-point bridging application. In this deployment, mesh access points extend a Layer 2 network by using the backhaul radio to bridge two segments of a switched network (see Figure 9-4). This configuration is fundamentally a wireless mesh network with one MAP and no wireless LAN clients.

Client access can be provided with Ethernet bridging enabled, although if bridging between buildings, MAP coverage from a high rooftop might not be suitable for client access.

If you intend to use an Ethernet bridged application, you must enable the bridging feature on the RAP and on all MAPs in that segment. Also, verify that any attached switches to the Ethernet ports of your MAPs are not using VLAN Trunking Protocol (VTP). VTP can reconfigure the trunked VLANs across your mesh and possibly cause a loss in connection for your RAP to its primary WLC. If improperly configured, it can take down your mesh deployment.

Figure 9-4 Wireless Point-to-Point Bridge Deployment

Point-to-Multipoint Wireless Bridging

Mesh access points support point-to-multipoint bridging applications. Specifically, a RAP acting as a root bridge connects to multiple MAPs as nonroot bridges with their associated wired LANs. By default, bridging is disabled for all MAPs. If Ethernet bridging is used, you must enable it on the controller for the respective MAP and for the RAP. See the "Configuring Ethernet Bridging and Ethernet VLAN Tagging" section for configuration details.

Figure 9-5 shows a simple point-to-multipoint deployment with one RAP and two MAPs. This configuration is fundamentally a wireless mesh network with no wireless LAN clients. Client access can be provided with Ethernet bridging enabled; however, if bridging between buildings, MAP coverage from a high rooftop might not be suitable for client access.

Figure 9-5 Wireless Point-to-Multipoint Bridge Deployment

Architecture Overview

This section describes the mesh architecture overview.

CAPWAP

CAPWAP is the provisioning and control protocol used by the controller to manage access points (mesh and nonmesh) in the network. This protocol replaces LWAPP in controller software release 5.2 or later releases.

Cisco Adaptive Wireless Path Protocol Wireless Mesh Routing

The Cisco Adaptive Wireless Path Protocol (AWPP) is designed specifically for wireless mesh networking. The path decisions of AWPP are based on the link quality and the number of hops.

Ease of deployment, fast convergence, and minimal resource consumption are also key components of AWPP.

The goal of AWPP is to find the best path back to a RAP for each MAP that is part of the RAP's bridge group. To do this, the MAP actively solicits for neighbor MAPs. During the solicitation, the MAP learns all of the available neighbors back to a RAP, determines which neighbor offers the best path, and then synchronizes with that neighbor.

Mesh Neighbors, Parents, and Children

Relationships among access points with the mesh network are labeled as parent, child, or neighbor (see Figure 9-6) as follows:

A parent access point offers the best route back to the RAP based on its ease values. A parent can be either the RAP itself or another MAP. Ease is calculated using the SNR and link hop value of each neighbor. Given multiple choices, an access point with a higher ease value is selected.

A child access point selects the parent access point as its best route back to the RAP.

A neighbor access point is within the radio frequency (RF) range of another access point but is not selected as its parent or a child because its ease values are lower than that of the parent.

Figure 9-6 Parent, Child, and Neighbor Access Points

Wireless Mesh Constraints

Consider these constraints when designing and building a wireless mesh network. Some of these apply to the backhaul network design and others to the CAPWAP controller design:

We recommend setting the backhaul rate to auto.

When the bridge data rate is set to auto, the mesh backhaul chooses the highest rate where the next higher rate cannot be used due to unsuitable conditions for that specific rate (and not because of conditions that affect all rates):

Typically, 24 Mbps is chosen as the optimal backhaul rate because it corresponds with the maximum coverage of the WLAN portion of the client WLAN of the MAP; that is, the distance between MAPs using a 24-Mbps backhaul should allow for seamless WLAN client coverage between the MAPs.

A lower bit rate might allow a greater distance between mesh access points, but there are likely to be gaps in the WLAN client coverage, and the capacity of the backhaul network is reduced.

An increased bit rate for the backhaul network either requires more mesh access points or results in a reduced SNR between mesh access points, limiting mesh reliability and interconnection.

The wireless mesh backhaul bit rate is set on the access point.


Note To set the backhaul bit rate for each access point, choose WIRELESS > Access Points > All APs, click an AP name, and choose the Mesh tab.


The required minimum LinkSNR for backhaul links per data rate is shown in Table 9-1.

Table 9-1 Backhaul Data Rates and Minimum LinkSNR Requirements 

Data Rate
Minimum Required LinkSNR (dB)

54 Mbps

31

48 Mbps

29

36 Mbps

26

24 Mbps

22

18 Mbps

18

12 Mbps

16

9 Mbps

15

6 Mbps

14


The required minimum LinkSNR is driven by the data rate and the following formula: Minimum SNR + fade margin:

The minimum SNR refers to an ideal state of non-interference, non-noise and a system packet error rate (PER) of no more than 10 percent.

The typical fade margin is approximately 9 to 10 dB.


Note We do not recommend using data rates greater than 24 Mbps in municipal mesh deployments because the SNR requirements do not make the distances practical.


Table 9-2 summarizes the calculation by data rate.

Table 9-2 Minimum Required LinkSNR Calculations by Data Rate 

Date Rate
Minimum SNR (dB) +
Fade Margin =
Minimum Required LinkSNR (dB)

6

5

9

14

9

6

9

15

12

7

9

16

18

9

9

18

24

13

9

22

36

17

9

26


The number of backhaul hops is limited to eight, but three to four is recommended The number of hops is recommended to be limited to three to four primarily to maintain sufficient backhaul throughput, because each mesh AP uses the same radio for transmission and reception of backhaul traffic, which means that throughput is approximately halved over every hop. For example, the maximum throughput for 24 Mbps is approximately 14 Mbps for the first hop, 9 Mbps for the second hop, and 4 Mbps for the third hop.

The number of MAPs per RAP has no current software limitation of how many MAPs per RAP you can configure. However, we recommend that you limit this to 20 MAPs per RAP.

The number of controllers per mobility group is limited to 72.

The number of mesh access points that are supported per controller is shown in Table 9-3.

Table 9-3 Mesh Access Point Support by Controller Model 

Controller Model
Local AP Support (non-mesh) 1
Maximum Possible Mesh AP Support

5508

500

500

4404

100

150

2106

6

11

2112

12

12

2125

25

25

WiSM

300

375

1 Local AP support is the total number of nonmesh APs supported on the controller model.


Adding Mesh Access Points to the Mesh Network

This section describes a process where the controller is already active in the network and is operating in Layer 3 mode. Layer 3 mode is recommended for large deployments.

Before adding a mesh access point to a network, do the following:

1. Add the MAC address of the MAP to the controller's MAC filter. See the "Adding MAC Addresses of Mesh Access Points to the Controller Filter List" section.

To configure external authentication of MAC addresses using an external RADIUS server, see the "Configuring External Authentication and Authorization Using a RADIUS Server" section.

2. Configure the DCA channels for the mesh access points. See the "Using the GUI to Configure Dynamic Channel Assignment" section for details.

3. Configure the AP mode for the mesh access point. See the "Configuring the AP Mode" section.


Note Step 3 is not required for 1520 series access points. The default mode for 1520 series access points is Bridge.


4. Define the role (RAP or MAP) for the mesh access point. See the "Defining the Mesh Access Point Role" section.

5. Configure the channel assignment on the RAP for serial backhaul (if desired). See the "Antennas and Channel Assignment on the Serial Backhaul Access Points" section.

6. Configure a primary, secondary, and tertiary controller for each MAP. See the "Verifying that Access Points Join the Controller" and "Configuring Backup Controllers" sections in Chapter 7.

7. Configure global mesh parameters. See the "Configuring Global Mesh Parameters" section.

8. Configure universal client access. See the "Universal Client Access on Serial Backhaul Access Points" section.

9. Configure channels for serial backhaul. This step is applicable for serial backhaul access points only. See the "Configuring Backhaul Channel Deselection on a Serial Backhaul Access Point" section.

10. Configure bridging parameters as follows (see the "Configuring Ethernet Bridging and Ethernet VLAN Tagging" section):

a. Configure bridge group names.

b. Assign IP addresses to MAPs if you are using DHCP.

If you are using DHCP, configure Option 43 and Option 60. See the Cisco Aironet 1520 Series Outdoor Mesh Access Point Hardware Installation Guide.

11. Configure mobility groups (if desired) and assign controllers. See Chapter 14 "Configuring Mobility Groups."

12. Configure advanced features such as using voice and video in the network. See the "Configuring Advanced Features" section.

Adding MAC Addresses of Mesh Access Points to the Controller Filter List

You must enter the MAC address for all mesh access points that you want to use in the mesh network into the appropriate controller. A controller only responds to discovery requests from outdoor radios that appear in its authorization list. MAC filtering is enabled by default on the controller, so only the MAC addressed need be configured.

You can add the access point using either the GUI or the CLI.


Note You can also download the list of access point MAC addresses and push them to the controller using the Cisco Wireless Control System (WCS). See the Cisco Wireless Control System Configuration Guide, Release 7.0, for instructions.


Using the GUI to Add MAC Addresses of Mesh Access Points to the Controller Filter List

To add a MAC filter entry for the access point on the controller using the controller GUI, follow these steps:


Step 1 Choose Security > AAA > MAC Filtering to open the MAC Filtering page (see Figure 9-7).

Figure 9-7 MAC Filtering Page

Step 2 Click New to open the MAC Filters > New page (see Figure 9-8).

Figure 9-8 MAC Filters > New Page

Step 3 In the MAC Address text box, enter the MAC address of the mesh access point.


Note For 1522 and 1524PS/Serial Backhaul outdoor mesh access points, enter the BVI MAC address of the mesh access point into the controller as a MAC filter. For 1130 and 1240 indoor mesh access points, enter the Ethernet MAC address. If the required MAC address does not appear on the exterior of the mesh access point, enter the sh int | i Hardware command from the access point console to determine the BVI and Ethernet MAC addresses.


Step 4 From the Profile Name drop-down list, choose Any WLAN.

Step 5 In the Description text box, enter a description of the access point. The text that you enter identifies the mesh access point on the controller.


Note You might want to include an abbreviation of its name and the last few digits of the MAC address, such as ap1522:62:39:10. You can also note details on its location, such as roof top or pole top or its cross streets.


Step 6 From the Interface Name drop-down list, choose the controller interface to which the access point is to connect.

Step 7 Click Apply to commit your changes. The access point now appears in the list of MAC filters on the MAC Filtering page.

Step 8 Click Save Configuration to save your changes.

Step 9 Repeat this procedure to add the MAC addresses of additional access points to the list.


Using the CLI to Add MAC Addresses of Mesh Access Points to the Controller Filter List

To add a MAC filter entry for the access point on the controller using the controller CLI, follow these steps:


Step 1 Add the MAC address of an access point to the controller filter list by entering this command:

config macfilter add ap_mac wlan_id interface [description]

A value of zero (0) for the wlan_id parameter specifies any WLAN, and a value of zero (0) for the interface parameter specifies none. You can enter up to 32 characters for the optional description parameter.

Step 2 Save your changes by entering this command:

save config


Configuring External Authentication and Authorization Using a RADIUS Server

Controller software release 5.2 or later releases support external authorization and authentication of mesh access points using a RADIUS server such as Cisco ACS 4.1 and later releases. The RADIUS server must support the client authentication type of EAP-FAST with certificates.

Before you employ external authentication within the mesh network, you must make these changes:

Configure the RADIUS server to be used as an AAA server on the controller.

Configure the controller on the RADIUS server.

Add the mesh access point configured for external authorization and authentication to the user list of the RADIUS server. For additional details, see the "Adding a Username to a RADIUS Server" section.

Configure EAP-FAST on the RADIUS server and install the certificates. EAP-FAST authentication is required if mesh access points are connected to the controller using an 802.11a interface; the external RADIUS servers need to trust Cisco Root CA 2048. For information on installing and trusting the CA certificates, see the "Configuring RADIUS Servers" section.


Note If mesh access points connect to a the controller using a Fast Ethernet or Gigabit Ethernet interface, only MAC authorization is required.



Note This feature also supports local EAP and PSK authentication on the controller.


Configuring RADIUS Servers

To install and trust the CA certificates on the RADIUS server, follow these steps:


Step 1 Using Internet Explorer, download the CA certificates for Cisco Root CA 2048:

http://www.cisco.com/security/pki/certs/crca2048.cer

http://www.cisco.com/security/pki/certs/cmca.cer

Step 2 Install the certificates as follows:

a. From the CiscoSecure ACS main menu, click, choose System Configuration > ACS Certificate Setup > ACS Certification Authority Setup.

b. In the CA certificate file box, type the CA certificate location (path and name). For example: c:\Certs\crca2048.cer.

c. Click Submit.

Step 3 Configure the external RADIUS servers to trust the CA certificate as follows:

a. From the CiscoSecure ACS main menu, choose System Configuration > ACS Certificate Setup > Edit Certificate Trust List. The Edit Certificate Trust List appears.

b. Select the check box next to the Cisco Root CA 2048 (Cisco Systems) certificate name.

c. Click Submit.

d. To restart ACS, choose System Configuration > Service Control, and then click Restart.



Note For additional configuration details on Cisco ACS servers, see the following URLs:

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_installation_and_configuration_guides_list.html (Windows)


Adding a Username to a RADIUS Server

Add MAC addresses of mesh access point that are authorized and authenticated by external RADIUS servers to the user list of that server prior to enabling RADIUS authentication for a mesh access point.

For remote authorization and authentication, EAP-FAST uses the manufacturer's certificate (CERT) to authenticate the child mesh access point. Additionally, this manufacturer certificate-based identity serves as the username for the mesh access point in user validation.

For Cisco IOS-based mesh access points, in addition to adding the MAC address to the user list, you need to enter the platform_name_string-MAC_address string to the user list (for example, c1240-001122334455). The controller first sends the MAC address as the username; if this first attempt fails, then the controller sends the platform_name_string-MAC_address string as the username.

Example: RADIUS Server Username Entry

For each mesh access point, two entries must be added to the RADIUS server, the platform_name_string-MAC_address string, then a hyphen delimited MAC Address. For example:

platform_name_string-MAC_address

User: c1520-aabbccddeeff

Password: cisco

Hyphen Delimited MAC Address

User: aa-bb-cc-dd-ee-ff

Password: aa-bb-cc-dd-ee-ff


Note The platform AP1552 uses a platform name of c1520.


Using the GUI to Enable External Authentication of Mesh Access Points

To enable external authentication for a mesh access point using the controller GUI, follow these steps:


Step 1 Click Wireless > Mesh to open the Mesh page (see Figure 9-9).

Figure 9-9 Mesh Page

Step 2 From the Security Mode drop-down list, choose EAP.

Step 3 Select the Enabled check boxes for the External MAC Filter Authorization and Force External Authentication options.

Step 4 Click Apply to commit your changes.

Step 5 Click Save Configuration to save your changes.


Using the CLI to Enable External Authentication of Mesh Access Points

Enable external authentication for mesh access points using the CLI by entering these commands:

config mesh security eap

config macfilter mac-delimiter colon

config mesh security rad-mac-filter enable

config mesh radius-server index enable

config mesh security force-ext-auth enable (Optional)

Using the CLI to View Security Statistics

To view security statistics for mesh access points using the CLI, enter this command:

show mesh security-stats Cisco_AP

This command shows packet error statistics and a count of failures, timeouts, and association and authentication successes as well as reassociations and reauthentications for the specified access point and its child.

Configuring the AP Mode


Note This procedure is not required for 1520 series access points. The default mode for 1520 series access points is Bridge.


By default, access points are configured as Local. To configure the mesh access points, you first must change the access point mode to Bridge using the GUI or CLI.

Using the GUI to Configure the AP Mode

To configure the AP mode using the GUI, follow these steps:


Step 1 Choose Wireless to open the All APs page.

Step 2 Click the name of an access point. The All APs > Details (General) page appears (see Figure 9-10).

Figure 9-10 All APs > Details for (General) Page

Step 3 Choose Bridge from the AP Mode drop-down list.

Step 4 Click Apply to commit your changes and to cause the access point to reboot.


Using the CLI to Configure the AP Mode

To configure the AP mode using the CLI, enter this command:

config ap mode bridge Cisco_AP

Defining the Mesh Access Point Role

By default, the 152x mesh access points are shipped with a radio role set to MAP. You must reconfigure a mesh access point to act as a RAP.


Note In order to use the AP1130 and AP1240 indoor mesh access points with a Cisco 5500 Series Controller, you must use a base license on the controller.


Using the GUI to Configure the AP Role

To configure the role of a mesh access point using the GUI, follow these steps:


Step 1 Choose Wireless to open the All APs page.

Step 2 Click the name of an access point. The All APs > Details (General) page appears.

Step 3 Choose the Mesh tab (see Figure 9-11).

Figure 9-11 All APs > Details for (Mesh) Page

Step 4 Choose RootAP or MeshAP from the AP Role drop-down list.

Step 5 Click Apply to commit your changes and to cause the access point to reboot.


Using the CLI to Configure the AP Role

To configure the role of a mesh access point using the CLI, enter this command:

config ap role {rootAP | meshAP} Cisco_AP

Antennas and Channel Assignment on the Serial Backhaul Access Points

The serial backhaul access point is introduced in controller software Release 6.0. The serial backhaul access point has two backhaul radios: one uplink and one downlink. The serial backhaul access point is suitable for linear deployments.

The serial backhaul mesh access point operates as a RAP or a MAP. The antenna ports are labeled on the serial backhaul access point and are connected internally to the radios in each slot. The serial backhaul access point has six ports with three radio slots (0, 1, 2) as described in Table 9-4.

Table 9-4 Serial Backhaul Access Point Antenna Ports 

Antenna Port
Radio Slot
Description

1

1

5 GHz
Used for backhaul and universal client access

2

0

2.4 GHz
Used for client access

3

0

2.4 GHz
Used for client access

4

0

2.4 GHz
Used for client access

5

-

Not connected

6

2

5 GHz
Used for backhaul

Note We recommend that you use the directional antenna on the MAPs for uplink on the slot 2 radio.



Note Depending on the product model, the serial backhaul access point could have either 5.0-GHz radios or 5.8-GHz sub-band radios installed in slot 1 and slot 2.


The two 5-GHz radios are used for the serial backhaul, which provides uplink and downlink access. Each 5-GHz radio backhaul is configured with a different backhaul channel, so there is no need to use the same shared wireless medium between the north-bound and south-bound traffic in a mesh tree-based network.

On the RAP, the radio in slot 2 is used to extend the backhaul in the downlink direction; the radio in slot 1 is used for client access.

On the MAP, the radio in slot 2 is used for the backhaul in the uplink direction; the radio in slot 1 is used for the backhaul in the downlink direction as well as client access.

You only need to configure the RAP downlink (slot 2) channel. The MAPs automatically select their channels from the channel subset. The subset is either the entire channel set supported as per domain or is limited to the DCA list if the backhaul channel deselection feature is enabled.

Figure 9-12 shows a channel selection example when the RAP downlink channel is 153.

Figure 9-12 Channel Selections Examples

Using the GUI to Configure the Channels on the Serial Backhaul

To configure channels on the serial backhaul on the RAP using the controller GUI, follow these steps:


Step 1 Choose Wireless > Access Points > Radios > 802.11a/n to open the 802.11a/n Radios page (see Figure 9-13).

Figure 9-13 802.11a/n Radios Page

Step 2 Hover your cursor over the blue drop-down arrow for the RAP antenna in slot 2 (the backhaul downlink) and choose Configure. The 802.11a/n Cisco APs > Configure page appears (see Figure 9-14).

Figure 9-14 802.11a/n Cisco APs > Configure Page

Step 3 For the RF Backhaul Channel Assignment, choose the Custom assignment method, and select a channel from the drop-down list. The available channels for the 5GHz band are 149, 153, 157, 161, and 165.

Step 4 For the Tx Power Level Assignment, choose the Custom assignment method, and select a power level. Valid values are 1 through 5; the default value is 1.


Note Radio Resource Management (RRM) is disabled by default; RRM cannot be enabled for the backhaul.


Step 5 Click Apply to commit your changes.

Step 6 From the 802.11a/n Radios page, verify that uplink and downlink channels have been assigned (see Figure 9-15).

Figure 9-15 Channel Assignment


Using the CLI to Configure the Channels on the Serial Backhaul

To configure channels on the serial backhaul on the RAP using the controller CLI, follow these steps:


Step 1 Configure the backhaul channel on the radio in slot 2 of the RAP by entering this command:

config slot 2 channel ap Cisco_RAPSB channel

Step 2 Configure the transmit power level on the radio in slot 2 of the RAP by entering this command:

config slot 2 txPower ap Cisco_RAPSB power

Valid values are 1 through 5; the default value is 1.

Step 3 Display the configurations on the mesh access points by entering these commands:

show mesh path Cisco_RAPSB

Information similar to the following appears:

AP Name/Radio      Channel Rate Link-Snr Flags    State
-----------------  ------- ---- -------- -------  -----
 
   
MAP1SB             161     auto 60       0x10ea9d54 UPDATED NEIGH PARENT BEACON
RAPSB              153     auto 51       0x10ea9d54 UPDATED NEIGH PARENT BEACON
RAPSB             is a Root AP.
 
   

show mesh backhaul RAPSB

Information similar to the following appears:

Current Backhaul Slot(s)......................... 1, 2,
 
   
Basic Attributes for Slot  1
    Radio Type................................... RADIO_TYPE_80211a
    Radio Role................................... ACCESS
    Administrative State ........................ ADMIN_ENABLED
    Operation State ............................. UP
    Current Tx Power Level ...................... 1
    Current Channel ............................. 165
    Antenna Type................................. EXTERNAL_ANTENNA
    External Antenna Gain (in .5 dBm units)...... 0
 
   
Basic Attributes for Slot  2
    Radio Type................................... RADIO_TYPE_80211a
    Radio Role................................... RADIO_DOWNLINK
    Administrative State ........................ ADMIN_ENABLED
    Operation State ............................. UP
    Current Tx Power Level ...................... 3
    Current Channel ............................. 153
    Antenna Type................................. EXTERNAL_ANTENNA
    External Antenna Gain (in .5 dBm units)...... 0
 
   

show ap channel MAP1SB

Information similar to the following appears:

802.11b/g Current Channel ................. 11
Slot Id ................................... 0
Allowed Channel List....................... 1,2,3,4,5,6,7,8,9,10,11
802.11a(5.8Ghz) Current Channel ........... 161
Slot Id ................................... 1
Allowed Channel List....................... 149,153,157,161,165
802.11a(5.8Ghz) Current Channel ........... 153
Slot Id ................................... 2
Allowed Channel List....................... 149,153,157,161,165
 
   

Configuring Global Mesh Parameters

This section provides instructions for configuring the access point to establish a connection with the controller including:

Setting the maximum range between RAP and MAP (not applicable to 1130 and 1240 indoor mesh access points).

Enabling a backhaul to carry client traffic.

Defining whether VLAN tags are forwarded or not.

Defining the authentication mode (EAP or PSK) and method (local or external) for mesh access points including security settings (local and external authentication).

You can configure the necessary mesh parameters using the controller GUI or CLI. All parameters are applied globally.

Using the GUI to Configure Global Mesh Parameters

To configure global mesh parameters using the controller GUI, follow these steps:


Step 1 Choose Wireless > Mesh to open the Mesh page (see Figure 9-16).

Figure 9-16 Mesh Page

Step 2 Modify the mesh parameters as appropriate. Table 9-5 describes each parameter.

Table 9-5 Global Mesh Parameters 

Parameter
Description

Range (RootAP to MeshAP)

Note This parameter applies to outdoor mesh access points.

The optimum distance (in feet) that should exist between the root access point (RAP) and the mesh access point (MAP). This global parameter applies to all access points when they join the controller and all existing access points in the network.

The range is 150 to 132,000 feet.

The default is 12,000 feet.

Note After this feature is enabled, all outdoor mesh access points reboot.

IDS (Rogue and Signature Detection

Note This parameter applies to outdoor mesh access points.

When you enable this feature, IDS reports are generated for all traffic on the backhaul. These reports can be useful for university or enterprise outdoor campus areas, or for public safety users who want to find out who is operating in 4.9 GHz.

When you disable this feature, no IDS reports are generated, which preserves the bandwidth on the backhaul.

Note IDS reporting is enabled for all indoor mesh access points and cannot be disabled.

The default is Disabled.

Backhaul Client Access

Note This parameter applies to mesh access points with two or more radios (Serial Backhaul, 1522, 1240 and 1130) excluding the 1524PS.

When this feature is enabled, mesh access points allow wireless client association over the 802.11a radio. Therefore, a mesh access point can carry both backhaul traffic and 802.11a client traffic over the same 802.11a radio.

When this feature is disabled, the mesh access point carries backhaul traffic over the 802.11a radio and allows client association only over the 802.11b/g radio.

The default is Disabled.

Note After this feature is enabled, all mesh access points reboot.

VLAN Transparent

This feature determines how a mesh access point handles VLAN tags for Ethernet bridged traffic.

Note See the "Configuring Advanced Features" section for overview and additional configuration details.

If VLAN Transparent is enabled, then VLAN tags are not handled and packets are bridged as untagged packets.

Note No configuration of Ethernet ports is required when VLAN transparent is enabled. The Ethernet port passes both tagged and untagged frames without interpreting the frames.

If VLAN Transparent is disabled, then all packets are handled according to the VLAN configuration on the port (trunk, access, or normal mode).

Note If the Ethernet port is set to Trunk mode, then Ethernet VLAN tagging must be configured. See the "Configuring Ethernet Bridging and Ethernet VLAN Tagging" section.

Note To use VLAN tagging, you must unselect the VLAN Transparent check box.

Note VLAN Transparent is enabled as a default to ensure a smooth software upgrade from 4.1.192.xxM releases to release 5.2. Release 4.1.192.xxM does not support VLAN tagging.

Default: Enabled.

Security Mode

This feature defines the security mode for mesh access points: Preshared Key (PSK) or Extensible Authentication Protocol (EAP).

Note EAP must be selected if external MAC filter authorization using a RADIUS server is configured.

Note Local EAP or PSK authentication is performed within the controller if the External MAC Filter Authorization parameter is disabled (the check box is unselected).

The options are PSK or EAP.

The default is EAP

External MAC Filter Authorization

MAC filtering uses the local MAC filter on the controller by default.

When this feature is enabled, if the MAC address is not found in the local MAC filter, then the MAC address in the external RADIUS server is used.

This feature protects your network against rogue mesh access points by preventing access points that are not defined on the external server from joining.

Before you employ external authentication within the mesh network, the following configuration is required:

The RADIUS server to be used as an AAA server must be configured on the controller.

The controller must also be configured on the RADIUS server.

The mesh access point configured for external authorization and authentication must be added to the user list of the RADIUS server.

For remote authorization and authentication, EAP-FAST uses the manufacturer's certificate (CERT) to authenticate the child mesh access point. Additionally, this manufacturer certificate-based identity serves as the username for the mesh access point in user validation.

For Cisco IOS-based mesh access points (1130, 1240, 1522, 1524), in addition to adding the MAC address to the user list, you need to enter the platform_name_string-Ethernet_MAC_address string (for example, c1240-001122334455). The controller first sends the MAC address as the username; if this first attempt fails, the controller sends the platform_name_string-Ethernet_MAC_address string as the username.

Note If you only enter the platform_name_string-Ethernet_MAC_address string to the user list, you will see a first-try failure log on the AAA server; however, the IOS-based mesh access point will still be authenticated on the second attempt using the platform_name_string-Ethernet_MAC_address string as the username.

The certificates must be installed and EAP-FAST must be configured on the RADIUS server. See the "Configuring RADIUS Servers" section section for information on installing certificates.

Note When this feature is disabled, the controller authorizes and authenticates mesh access points using the MAC address filter.

The default is Disabled.

Force External Authorization

When this feature is enabled with EAP and External MAC Filter Authorization parameters, an external RADIUS server (such as Cisco 4.1 and later releases) handles external authorization and authentication for mesh access points by default. The RADIUS server overrides local authentication of the MAC address by the controller which is the default.

The default is Disabled.


Step 3 Click Apply to commit your changes.

Step 4 Click Save Configuration to save your changes.


Using the CLI to Configure Global Mesh Parameters

To configure global mesh parameters using the controller CLI, follow these steps:


Note See the "Using the GUI to Configure Global Mesh Parameters" section for descriptions, valid ranges, and default values of the parameters used in the CLI commands.



Step 1 Specify the maximum range (in feet) of all access points in the network by entering this command:

config mesh range feet

To see the current range, enter the show mesh range command.

Step 2 Enable or disable IDS reports for all traffic on the backhaul by entering this command:

config mesh ids-state {enable | disable}

Step 3 Specify the rate (in MBPS) at which data is shared between access points on the backhaul interface by entering this command:

config ap bhrate {rate | auto} Cisco_AP

Step 4 Enable or disable client association on the primary backhaul (802.11a) of an access point by entering these commands:

config mesh client-access {enable | disable}

config ap wlan {enable | disable} 802.11a Cisco_AP

config ap wlan {add | delete} 802.11a wlan_id Cisco_AP

Step 5 Enable or disable VLAN transparent by entering this command:

config mesh ethernet-bridging vlan-transparent {enable | disable}

Step 6 Define a security mode for the mesh access point by entering one of these commands:

To provide local authentication of the mesh access point by the controller, enter this command:

config mesh security {eap | psk}

To store MAC address filter in an external RADIUS server for authentication instead of the controller (local), enter these commands:

config macfilter mac-delimiter colon

config mesh security rad-mac-filter enable

config mesh radius-server index enable

To provide external authentication on a RADIUS server and define a local MAC filter on the controller, enter these commands:

config mesh security eap

config macfilter mac-delimiter colon

config mesh security rad-mac-filter enable

config mesh radius-server index enable

config mesh security force-ext-auth enable

To provide external authentication on a RADIUS server using a MAC username (such as c1520-123456) on the RADIUS server, enter these commands:

config macfilter mac-delimiter colon

config mesh security rad-mac-filter enable

config mesh radius-server index enable

config mesh security force-ext-auth enable

Step 7 Save your changes by entering this command:

save config


Using the CLI to View Global Mesh Parameter Settings

Use these commands to obtain information on global mesh settings:

show mesh client-accessShows the status of the client-access backhaul as either enabled or disabled. When this option is enabled, mesh access points are able to associate with 802.11a wireless clients over the 802.11a backhaul. This client association is in addition to the existing communication on the 802.11a backhaul between the root and mesh access points.

controller > show mesh client-access
Backhaul with client access status: enabled
 
   

show mesh ids-state—Shows the status of the IDS reports on the backhaul as either enabled or disabled.

controller > show mesh ids-state
Outdoor Mesh IDS(Rogue/Signature Detect): .... Disabled
 
   

show mesh env {summary | Cisco_AP}Shows the temperature, heater status, and Ethernet status for either all access points (summary) or a specific access point (Cisco_AP). The access point name, role (RootAP or MeshAP), and model are also shown.

The temperature is shown in both Fahrenheit and Celsius.

The heater status is ON or OFF.

The Ethernet status is UP or DOWN.


Note The battery status appears as N/A (not applicable) in the show mesh env Cisco_AP status display because it is not provided for access points.


controller > show mesh env summary
 
   
AP Name             Temperature(C/F)  Heater  Ethernet  Battery
------------------  ----------------  ------  --------  -------
SB_RAP1              39/102           OFF     UpDnNANA  N/A
SB_MAP1              37/98            OFF     DnDnNANA  N/A
SB_MAP2              42/107           OFF     DnDnNANA  N/A
SB_MAP3              36/96            OFF     DnDnNANA  N/A
 
   
controller > show mesh env SB_RAP1
 
   
AP Name.......................................... SB_RAP1
AP Model......................................... AIR-LAP1522AG-A-K9
AP Role.......................................... RootAP
 
   
Temperature...................................... 39 C, 102 F
Heater........................................... OFF
Backhaul......................................... GigabitEthernet0
 
   
GigabitEthernet0 Status.......................... UP
    Duplex....................................... FULL
    Speed........................................ 100
    Rx Unicast Packets........................... 988175
    Rx Non-Unicast Packets....................... 8563
    Tx Unicast Packets........................... 106420
    Tx Non-Unicast Packets....................... 17122
GigabitEthernet1 Status.......................... DOWN
  POE Out........................................ OFF
 
   
Battery.......................................... N/A
 
   

Configuring Local Mesh Parameters

After configuring global mesh parameters, you must configure the following local mesh parameters:

Antenna Gain—See the "Configuring Antenna Gain" section.

Workgroup Bridge Groups—See the "Workgroup Bridge Groups on Mesh Access Points" section.

Configuring Antenna Gain

Using the controller GUI or controller CLI, configure the antenna gain for the access point to match that of the installed antenna.


Note See the "External Antennas" section of the Cisco Aironet 1520 Series Outdoor Mesh Access Points Getting Started Guide for a summary of supported antennas and their antenna gains at http://www.cisco.com/en/US/docs/wireless/access_point/1520/quick/guide/ap1520qsg.html


Using the GUI to Configure Antenna Gain

To configure the antenna gain using the controller GUI, follow these steps:


Step 1 Choose Wireless > Access Points > Radios > 802.11a/n to open the 802.11a/n Radios page (see Figure 9-17).

Figure 9-17 802.11a/n Radios Page

Step 2 Hover your cursor over the blue drop-down arrow for the mesh access point antenna that you want to configure and choose Configure. The 802.11a/n Cisco APs > Configure page appears (see Figure 9-18).

Figure 9-18 802.11a/n Cisco APs > Configure Page

Step 3 Under Antenna Parameters, enter the antenna gain in 0.5-dBm units in the Antenna Gain text box. For example, 2.5 dBm is 5.


Note You can configure gain settings only on external antennas. The value that you enter must match the value specified by the vendor for that antenna.


Step 4 Click Apply to commit your changes.

Step 5 Click Save Configuration to save your changes.


Using the CLI to Configure Antenna Gain

To configure the antenna gain using the controller CLI, follow these steps:


Step 1 Configure the antenna gain for the 802.11a backhaul radio by entering this command:

config 802.11a antenna extAntGain antenna_gain Cisco_AP

where antenna_gain is in 0.5-dBm units (for example, 2.5 dBm = 5).

Step 2 Save your changes by entering this command:

save config


Workgroup Bridge Groups on Mesh Access Points

A workgroup bridge (WGB) connects a wired network over a single wireless segment by learning the MAC addresses of its wired clients on the Ethernet interface and reporting them to the mesh access point using Internet Access Point Protocol (IAPP) messaging. The mesh access point treats the WGB as a wireless client.

When configured as a WGB, the 1130, 1240, and 1310 autonomous access points as well as the series 3200 mobile access router (MAR) can associate with mesh access points. The mesh access points can be configured as RAPs or MAPs. WGB association is supported on both the 2.4-GHz (802.11b) and 5-GHz (802.11a) radio on the 1522 and the 2.4-GHz (802.11b) and 4.9-GHz (public safety radio) on the 1524PS.

Non-Cisco workgroup bridges are supported on Mesh access points.


Note See the "Cisco Workgroup Bridges" section for configuration details.


Supported Workgroup Modes and Capacities

The 1130, 1240, 1310 autonomous access point must be running Cisco IOS release 12.4(3g)JA or later releases (on 32-MB access points) or Cisco IOS release 12.3(8)JEB or later releases (on 16-MB access points). Cisco IOS releases prior to 12.4(3g)JA and 12.3(8)JEB are not supported.


Note If your mesh access point has two radios, you can only configure workgroup bridge mode on one of the radios. We recommend that you disable the second radio. Workgroup bridge mode is not supported on access points with three radios such as 1524.


Client mode WGB (BSS) is supported; however, infrastructure WGB is not supported.

Mesh access points can support up to 200 clients including wireless clients, WGBs, and wired clients behind the associated WGBs.

WGBs operating with Cisco IOS Release 12.4(3g)JA cannot associate with mesh access points if the WLAN is configured with WPA1 (TKIP) +WPA2 (AES), and the corresponding WGB interface is configured with only one of these encryptions (either WPA1 or WPA2).

Client Roaming

High-speed roaming of Cisco Compatible Extension (CX), version 4 (v4) clients is supported at speeds up to 70 Mbph in outdoor mesh deployments of 1522 and 1524 mesh access points. An application example might be maintaining communication with a terminal in an emergency vehicle as it moves within a mesh public network.

Three Cisco CX v4 Layer 2 client roaming enhancements are supported:

Access point assisted roaming—This feature helps clients save scanning time. When a Cisco CX v4 client associates to an access point, it sends an information packet to the new access point listing the characteristics of its previous access point. Roaming time decreases when the client recognizes and uses an access point list built by compiling all previous access points to which each client was associated and sent (unicast) to the client immediately after association. The access point list contains the channels, BSSIDs of neighbor access points that support the client's current SSID(s), and time elapsed since disassociation.

Enhanced neighbor list—This feature focuses on improving a Cisco CX v4 client's roam experience and network edge performance, especially when servicing voice applications. The access point provides its associated client information about its neighbors using a neighbor-list update unicast message.

Roam reason report—This feature enables Cisco CX v4 clients to report the reason why they roamed to a new access point. It also allows you to build and monitor a roam history.


Note Client roaming is enabled by default.


Universal Client Access on Serial Backhaul Access Points


Note This feature is intended only for WGB clients and not for normal wireless clients.


The serial backhaul access point consists of three radio slots. Radios in slot 0 operate in a 2.4-GHz band and are used for client access. The downlink and uplink radios operate in a 5-GHz band and are primarily used for backhaul. With the Universal Client Access feature, client access is allowed over slot 1 radios with the extended universal client access feature and client access is also allowed over slot 2 radios.

The two 802.11a backhaul radios use the same MAC address. There may be instances where the same WLAN maps to the same BSSID on more than one slot.

By default, client access is disabled over both the backhaul radios.

Follow these guidelines for enabling or disabling a radio slot:

You can enable client access on a downlink radio even if client access on an uplink radio is disabled.

You can enable client access on an uplink radio only when client access on a downlink radio is enabled.

If you disable client access on a downlink radio the client access on an uplink is automatically disabled.

All the mesh access points reboot when client access is enabled or disabled. Only serial backhaul access points reboot when extended client access is enabled.

You can configure client access over both the backhaul radio from either one of these interfaces:

Controller GUI. See the "Using the GUI to Configure Universal Client Access" section for more information.

Controller CLI. See the "Using the CLI to Configure Universal Client Access" section for more information.

Wireless Control System (WCS) GUI.


Note For more information about configuring client access using the WCS GUI, see the Cisco Wireless Control System Configuration Guide.


Using the GUI to Configure Universal Client Access

To configure universal client access using the controller GUI, follow these steps:


Step 1 Choose Wireless > Mesh > Mesh Settings to open the mesh page.

Step 2 Select the Backhaul Client Access check box.

Step 3 Select the Extended Backhaul Client Access check box.

Step 4 Click Apply to commit your changes.

Information similar to the following appears:

Changing Backhaul Client Access will reboot all Mesh APs. Are you sure you want to continue?

Step 5 Click OK.

Information similar to the following appears:

Enabling client access on both backhaul slots will have same BSSIDs on both slots. All Mesh APs will be rebooted. Are you sure you want to continue?

Step 6 Click OK.

The universal client access is now configured on both the backhaul radios of the serial backhaul access point.


Using the CLI to Configure Universal Client Access

To enable universal client access over both the backhaul radios using the controller CLI, follow these steps:


Step 1 Configure the mesh client access by entering this command:

config mesh client-access enable extended

Information similar to the following appears:

Enabling client access on both backhaul slots
Same BSSIDs will be used on both slots
All Mesh APs will be rebooted
Are you sure you want to start? (y/N)
 
   

Step 2 Check the status of backhaul client access and backhaul with client access extended by entering this command:

show mesh client-access

Information similar to the following appears:

Backhaul with client access status: enabled
Backhaul with client access extended status(3 radio AP): enabled
 
   

Step 3 Disable the client access on both the backhaul radios by entering this command:

config mesh client-access disable

Information similar to the following appears:

All Mesh APs will be rebooted
Are you sure you want to start? (y/N)
 
   

Step 4 Enable client access only on the downlink radio and not on the uplink radio by entering this command:

config mesh client-access enable

Information similar to the following appears:

All Mesh APs will be rebooted
Are you sure you want to start? (y/N)

Note To disable client access only on the uplink radio from the CLI, enter the config mesh client-access enable command.



Note There is no explicit command to disable client access only on the downlink radio.



Configuring Backhaul Channel Deselection on a Serial Backhaul Access Point

The backhaul channel deselection feature helps you to restrict the set of channels that are available to be assigned for the serial backhaul MAPs and RAPs. Because 1524 MAP channels are automatically assigned, this feature helps to regulate the set of channels that get assigned to the mesh access points. For example, if you do not want channel 165 to get assigned to any 1524 mesh access point, you need to remove channel 165 from the DCA list and enable this feature.

This feature is best suited in an interoperability scenario with indoor MAPs or work group bridges, that support a channel set that is different from outdoor access points. For example, channel 165 is supported by outdoor access points but not by indoor access points in -A domain. By enabling the backhaul channel deselection feature, you can restrict the channel assignment to only those channels that are common to both indoor and outdoor access points.

This section contains the following topics:

Serial Backhaul Access Point Guidelines for the Rest of the World

Configuring Backhaul Channel Deselection

Serial Backhaul Access Point Guidelines for the Rest of the World

From software release 7.0 release or later releases, new 1524 SKUs are released, with both 802.11a radio units that support an entire 5-GHz band from 4.9-GHz to 5-GHz and radios that operate in UNII-2 (5.25 - 5.35 GHz), UNII-2 plus (5.47 to 5.725-GHz), and upper ISM (5.725 to 5.850-GHz) bands.

The public safety band (4.94 to 4.99 GHz) is not supported for backhaul and client access.

With the expansion of the channel set, dynamic frequency selection (DFS)-enabled channels, radar detection, and automatic channel reassignment in case of radar detection on RAP/MAPs are also supported. When there is a channel change, the change propagates to the corresponding parent/child access point (if applicable) so that the change is synchronized between the parent and child and there is no link downtime. For example, if radar is detected on the uplink radio of a child access point, the parent is informed so that it can change the channel of the downlink radio. The parent informs the child about the channel change, so that the child access point can set the new channel on its uplink radio and does not have to scan again to rejoin the parent on the new channel.

Configuring Backhaul Channel Deselection

This section contains the following topics:

Using the GUI to Configure Backhaul Channel Deselection

Using the CLI to Configure Backhaul Channel Deselection

Using the GUI to Configure Backhaul Channel Deselection

To configure the backhaul channel deselection using the controller GUI, follow these steps:


Step 1 Choose Controller > Wireless > 802.11a/n > RRM > DCA to open the Dynamic Channel Assignment Algorithm page.

Step 2 Choose one or more channels to include in the DCA list.

The channels included in the DCA list are not assigned to the access points associated to this controller during the automatic channel assignment.

Step 3 Choose Wireless > Mesh to open the mesh page.

Step 4 Select the Mesh DCA Channels check box to enable backhaul channel deselection using the DCA list. This option is applicable for serial backhaul access points.

Step 5 After enabling the backhaul deselection option, choose Wireless > Access Points > Radios > 802.11a/n to configure the channel for the RAP downlink radio.

Step 6 From the list of access points, click on the Antenna drop-down list for a RAP and choose Configure.

The Configure page appears.

Step 7 From the RF Backhaul Channel assignment area, choose Custom.

Step 8 Choose a channel for the RAP downlink radio from the drop-down list that appears when you choose the Custom option.

Step 9 Click Apply to save and commit your changes.

Step 10 Click Save Configuration to save your changes.


Using the CLI to Configure Backhaul Channel Deselection

To configure backhaul channel deselection using the controller CLI, follow these steps:


Step 1 Review the channel list already configured in the DCA list by entering this command:

show advanced 802.11a channel

Information similar to the following appears:

> show advanced 802.11a channel
Automatic Channel Assignment
  Channel Assignment Mode........................ AUTO
  Channel Update Interval........................ 600 seconds
  Anchor time (Hour of the day).................. 0
  Channel Update Contribution.................... SNI..
  CleanAir Event-driven RRM option............... Enabled
  CleanAir Event-driven RRM sensitivity.......... Medium
  Channel Assignment Leader...................... 09:2b:16:28:00:03
  Last Run....................................... 286 seconds ago
  DCA Sensitivity Level.......................... MEDIUM (15 dB)
  DCA 802.11n Channel Width...................... 20 MHz
  DCA Minimum Energy Limit....................... -95 dBm
  Channel Energy Levels
    Minimum...................................... unknown
    Average...................................... unknown
    Maximum...................................... unknown
  Channel Dwell Times
    Minimum...................................... 0 days, 17 h 02 m 05 s
    Average...................................... 0 days, 17 h 46 m 07 s
    Maximum...................................... 0 days, 18 h 28 m 58 s
  802.11a 5 GHz Auto-RF Channel List
 
   
--More-- or (q)uit
    Allowed Channel List......................... 36,40,44,48,52,56,60,64,116,
                                                  140
    Unused Channel List.......................... 100,104,108,112,120,124,128,
                                                  132,136
  DCA Outdoor AP option.......................... Disabled
 
   

Step 2 Add a channel to the DCA list by entering this command:

config advanced 802.11a channel add channel number

where channel number is the channel number that you want to add to the DCA list.

You can delete a channel from the DCA list by entering this command:

config advanced 802.11a channel delete channel number

where channel number is the channel number that you want to delete from the DCA list.

Before you add or delete a channel to or from the DCA list, ensure that the 802.11a network is disabled.


Note You can disable the 802.11a network by entering the config 802.11a disable network command.


> config 802.11a disable network
 
   

Information similar to the following appears:

Disabling the 802.11a network may strand mesh APs. Are you sure you want to continue? 
(y/n)y

You cannot directly delete a channel from the DCA list if it is assigned to any 1524 RAP. To delete a channel assigned to a RAP, you must first change the channel assigned to the RAP and then enter the config advanced 802.11a channel delete channel number command.

 
   
> config advanced 802.11a channel delete 116 

Information similar to the following appears:

 
   
  802.11a 5 GHz Auto-RF:
    Allowed Channel List......................... 36,40,44,48,52,56,60,64,116,
                                                  132,140
 DCA channels for cSerial Backhaul Mesh APs is enabled.
 DCA list should have at least 3 non public safety channels supported by Serial Backhaul 
Mesh APs.
 Otherwise, the Serial Backhaul Mesh APs can get stranded.
Are you sure you want to continue? (y/N)y
 
   
 
   
 Failed to delete channel.
 Reason: Channel 116 is configured for one of the Serial Backhaul RAPs.
Disable mesh backhaul dca-channels or configure a different channel for Serial Backhaul 
RAPs.
 
   
> config advanced 802.11a channel delete 132
 
   

Information similar to the following appears:

 
   
  802.11a 5 GHz Auto-RF:
    Allowed Channel List......................... 36,40,44,48,52,56,60,64,116,
                                                  132,140
 DCA channels for Serial Backhaul Mesh APs is enabled.
 DCA list should have at least 3 non public safety channels supported by Serial Backhaul 
Mesh APs.
 Otherwise, the Serial Backhaul Mesh APs can get stranded.
Are you sure you want to continue? (y/N)y
 
   

Step 3 Once a suitable DCA list has been created, enable the backhaul channel deselection feature for mesh access points by entering this command:

config mesh backhaul dca-channels enable

Step 4 Disable the backhaul channel deselection feature for mesh access points by entering this command:

config mesh backhaul dca-channels disable


Note You do not need to disable the 802.11a network to enable or disable this feature.


Information similar to the following appears:

> config mesh backhaul dca-channels enable
  802.11a 5 GHz Auto-RF:
    Allowed Channel List......................... 36,40,44,48,52,56,60,64,116,
                                                  140
 Enabling DCA channels for c1524 mesh APs will limit the channel set to the DCA channel 
list.
 DCA list should have at least 3 non public safety channels supported by Serial Backhaul 
Mesh APs.
 Otherwise, the Serial Backhaul Mesh APs can get stranded.
 Are you sure you want to continue? (y/N)y
 
   
 
   

Step 5 Check the current status of the backhaul channel deselection feature by entering this command:

show mesh config

Information similar to the following appears:

Mesh Range....................................... 12000
Mesh Statistics update period.................... 3 minutes
Backhaul with client access status............... enabled
Background Scanning State........................ enabled
Backhaul Amsdu State............................. disabled
 
   
Mesh Security
   Security Mode................................. PSK
   External-Auth................................. enabled
      Radius Server 1............................ 9.43.0.101
   Use MAC Filter in External AAA server......... disabled
   Force External Authentication................. disabled
 
   
Mesh Alarm Criteria
   Max Hop Count................................. 4
   Recommended Max Children for MAP.............. 10
   Recommended Max Children for RAP.............. 20
   Low Link SNR.................................. 12
   High Link SNR................................. 60
   Max Association Number........................ 10
   Association Interval.......................... 60 minutes
   Parent Change Numbers......................... 3
 
   
--More-- or (q)uit
   Parent Change Interval........................ 60 minutes
 
   
 
   
Mesh Multicast Mode.............................. In-Out
Mesh Full Sector DFS............................. enabled
 
   
 
   
Mesh Ethernet Bridging VLAN Transparent Mode..... enabled
 
   
Mesh DCA channels for Serial Backhaul APs................ disabled
 
   
 
   

Step 6 Assign a particular channel to the 1524 RAP downlink radio by entering this command:

config slot slot number channel ap ap-name channel number

where

slot number refers to the slot of the downlink radio to which the channel is assigned.

ap-name refers to the name of the access point on which the channel is configured.

channel number refers to the channel that is assigned to a slot on the access point.

Slot 2 of 1524 RAP acts as a downlink radio. If you enable backhaul channel deselection, then you can assign only those channels that are available.

Information similar to the following appears:

> config slot 2 channel ap Controller-RAP2-1524 136
 
   
Mesh backhaul dca-channels is enabled. Choose a channel from the DCA list.
 
   

Configuring Ethernet Bridging and Ethernet VLAN Tagging

Ethernet bridging is used in two mesh network scenarios:

Point-to-point and point-to-multipoint bridging between MAPs (untagged packets). A typical trunking application might be bridging traffic between buildings within a campus (see Figure 9-19).


Note You do not need to configure VLAN tagging to use Ethernet bridging for point-to-point and point-to-multipoint bridging deployments.


Figure 9-19 Point-to-Multipoint Bridging

Ethernet VLAN tagging allows specific application traffic to be segmented within a wireless mesh network and then forwarded (bridged) to a wired LAN (access mode) or bridged to another wireless mesh network (trunk mode).

A typical public safety access application using Ethernet VLAN tagging is the placement of video surveillance cameras at various outdoor locations within a city. Each of these video cameras has a wired connection to a MAP. The video of all these cameras is then streamed across the wireless backhaul to a central command station on a wired network (see Figure 9-20).

Figure 9-20 Ethernet VLAN Tagging

Ethernet VLAN Tagging Guidelines

Follow these guidelines when tagging Ethernet VLANs:

For security reasons, the Ethernet port on a mesh access point (RAP and MAP) is disabled by default. It is enabled by configuring Ethernet bridging on the mesh access point port.


Note Exceptions are allowed for a few protocols even though Ethernet bridging is disabled. For example, following are some of the protocols that are allowed:

1. Spanning Tree Protocol (STP)
2. Address Resolution Protocol (ARP)
3. Control And Provisioning of Wireless Access Points (CAPWAP)
4. Bootstrap Protocol (BOOTP) packets

Due to the exceptions and to prevent loop issues, we recommend that you do not connect two MAPs to each other over their Ethernet ports, unless they are configured as Trunk ports on different Native VLANs, and each is connected to a similarly configured switch.


You must enable Ethernet bridging on all the access points in the mesh network to allow Ethernet VLAN tagging to operate.

Set the VLAN mode as non-VLAN transparent (global mesh parameter). See the "Configuring Global Mesh Parameters" section. VLAN transparent is enabled by default. To set as non-VLAN transparent, you must unselect the VLAN transparent option in the global mesh parameters window.

VLAN configuration on a mesh access point is applied only if all the uplink mesh access points are able to support that VLAN. If uplink access points are not able to support the VLAN, then the configuration is stored rather than applied.

You can configure VLAN tagging on Ethernet interfaces as follows:

On 152x mesh access points, three of the four ports can be used as secondary Ethernet interfaces: port 0-PoE in, port 1-PoE out, and port 3 (fiber). You cannot configure port 2 (cable) as a secondary Ethernet interface.

In Ethernet VLAN tagging, port 0-PoE on the RAP is used to connect to the trunk port of the switch of the wired network. Port 1-PoE out on the MAP is used to connect to external devices such as video cameras.

Backhaul interfaces (802.11a radios) act as primary Ethernet interfaces. Backhauls function as trunks in the network and carry all VLAN traffic between the wireless and wired network. No configuration of primary Ethernet interfaces is required.

You must configure the switch port in the wired network that is attached to the RAP (port 0-PoE in) to accept tagged packets on its trunk port. The RAP forwards all tagged packets that are received from the mesh network to the wired network.

No configuration is required to support VLAN tagging on any 802.11a backhaul Ethernet interface within the mesh network. No configuration is required for RAP uplink Ethernet port because the configuration occurs automatically using a registration mechanism. Any configuration changes to an 802.11a Ethernet link acting as a backhaul are ignored and a warning results. When the Ethernet link no longer functions as a backhaul, the modified configuration is applied.

VLAN configuration is not allowed on the port-02-cable modem port of an 152x access point. You can configure VLANs on ports 0 (PoE-in), 1 (PoE-out), and 3 (fiber).

When bridging between two MAPs, enter the distance (mesh range) between the two access points that are bridging. This feature is not applicable to applications in which you are forwarding traffic connected to the MAP to the RAP, access mode.

Up to 16 VLANs are supported on each sector. The number of VLANs supported by a RAP's children (MAPs) cannot exceed 16.

Ethernet ports on access points function as either access or trunk ports within an Ethernet tagging deployment.

In the access mode, only untagged packets are accepted. All packets that are tagged with a user- configured VLAN are called access-VLANs. For this mode to take effect, the global VLAN mode should be non-VLAN transparent.

This option is used for applications in which information is collected from devices that are connected to the MAP, such as cameras or PCs, and then forwarded to the RAP. The RAP then applies tags and forwards traffic to a switch on the wired network.

Trunk mode—This mode requires the user to configure a native VLAN and an allowed VLAN list (no defaults). In this mode, both tagged and untagged packets are accepted. Untagged packets are always accepted and are tagged with the user-specified native VLAN. Tagged packets are accepted if they are tagged with a VLAN in the allowed VLAN list. For this mode to take effect, the global VLAN mode should be non-VLAN transparent. This option is used for bridging applications such as forwarding traffic between two MAPs that are resident on separate buildings within a campus.

The switch port connected to the RAP must be a trunk. The trunk port on the switch and the RAP trunk port must match.

A configured VLAN on a MAP Ethernet port cannot function as a Management VLAN.

The RAP must always connect to the native VLAN1 on a switch. The RAP's primary Ethernet interface is by default, which is the native VLAN1.


Note You cannot bridge VLAN1 when using VLAN-Opaque Ethernet bridging because VLAN1 is the internal native VLAN within a mesh network. This setting cannot be changed.


Using the GUI to Enable Ethernet Bridging and VLAN Tagging

To enable Ethernet bridging on a RAP or MAP using the controller GUI, follow these steps:


Step 1 Choose Wireless > Access Points > All APs to open the All APs page.

Step 2 Click the name of the access point for which you want to enable Ethernet bridging.

Step 3 Choose the Mesh tab to open the All APs > Details for (Mesh) page (see Figure 9-21).

Figure 9-21 All APs > Details for (Mesh) Page

Step 4 Assign this access point to a bridge group by entering a name for the group in the Bridge Group Name text box.

Step 5 Select the Ethernet Bridging check box to enable Ethernet bridging or unselect it to disable this feature.

Step 6 Choose the appropriate backhaul rate for the 802.11a backhaul interface from the Bridge Data Rate drop-down list. We recommend setting the backhaul rate to auto.

When the bridge data rate is set to auto, the mesh backhaul picks the highest rate where the next higher rate cannot be used due to unsuitable conditions for that specific rate (and not because of conditions that affect all rates).

Step 7 Click Apply to commit your changes. An Ethernet Bridging area appears at the bottom of the page listing each of the Ethernet ports of the mesh access point.

Step 8 You can perform one of the following procedures to configure the Ethernet Ports. The options are as follows:

Configure the ethernet port as the access port

Configure the ethernet port as the trunk port

Configure the ethernet port as the access port

To configure the ethernet port as the access port, follow these steps:

a. Click gigabitEthernet1 (port 0-PoE in), gigabitEthernet1( port 1-PoE out), or gigabitEthernet1 ( port 3- fiber).
b. Select access from the mode drop-down list.
c. Enter a VLAN ID. The VLAN ID can be any value between 2 and 4095.

Note You cannot bridge VLAN1 when using VLAN-Opaque Ethernet bridging because VLAN1 is the internal native VLAN within a mesh network. This setting cannot be changed.



Note A maximum of 16 VLANs are supported across all of a RAP's subordinate MAPs.



Note The RAP's wired connection to the controller needs no configuration and should be left as normal because this is a backhaul interface and automatically passes all VLANs.


Configure the ethernet port as the trunk port

To configure the ethernet port as the trunk port, follow these steps:

If you are configuring the ethernet port as a trunk port, follow these steps (see Figure 9-22):

a. Click gigabitEthernet1 (port 0-PoE in), gigabitEthernet1( port 1-PoE out), or gigabitEthernet1 ( port 3- fiber).
b. Choose trunk from the mode drop-down list.
c. Enter a native VLAN ID for incoming traffic. The native VLAN ID can be any value between 2 and 4095. Do not assign any value assigned to a user-VLAN (access).
d. Enter a trunk VLAN ID for outgoing packets.
e. If forwarding untagged packets, do not change the default trunk VLAN ID value of zero (such as MAP-to-MAP bridging in a campus environment).
f. If forwarding tagged packets, enter a VLAN ID (2 to 4095) that is not already assigned (a RAP to a switch on a wired network).
g. Click Add to add the trunk VLAN ID to the allowed VLAN list. The newly added VLAN displays under the Configured VLANs area.

Note To remove a VLAN from the list, choose Remove from the blue arrow > drop-down list to the right of the desired VLAN.


Figure 9-22 All APs > AP > VLAN Mappings Page

Step 9 Click Apply to commit your changes.

Step 10 Click Save Configuration to save your changes.

Table 9-6 describes display-only parameters on the mesh page.

Table 9-6 Display Parameters for Access Points

Parameter
Description

Bridge type

Bridge type: outdoor (152x access points) or indoor (1130 or 1240 access points).

Backhaul Interface

Radio band that this MAP uses to transfer data to other MAPs. The only possible value is 802.11a.

Ethernet Link Status

Up or down status of the Ethernet link of the AP152x. The Up or Down (Dn) status of the four Ethernet ports is reported in the following format: port0:port1:port2:port3. For example, UpDnDnDn indicates that port0 is Up and ports 1, 2, and 3 are Down (Dn).

Note If NA displays in the status string, then the port has no wired connection to that port.

Heater Status

Status of ON or OFF.

Internal Temperature

Internal temperature of the 1522 and 1524PS/serial backhaul access point.



Using the CLI to Configure Ethernet Bridging Parameters

To configure Ethernet bridging on a RAP or MAP using the controller CLI, follow these steps:


Step 1 Specify that your AP152x has bridge functionality by entering this command:

config ap mode bridge Cisco_AP

Step 2 Specify the role of this access point in the mesh network by entering this command:

config ap role {rootAP | meshAP} Cisco_AP

Use the meshAP parameter if the access point has a wireless connection to the controller or use the rootAP parameter if the access point has a wired connection to the controller.


Note The default access point role is meshAP.


Step 3 Assign the access point to a bridge group by entering this command:

config ap bridgegroupname set groupname Cisco_AP

Step 4 Enable Ethernet bridging on the access point by entering this command:

config mesh ethernet-bridging vlan transparent disable

Step 5 Specify the rate (in mbps) at which data is shared between access points on the backhaul interface by entering this command:

config ap bhrate {rate | auto} Cisco_AP

When the bridge data rate is set to auto, the mesh backhaul picks the highest rate where the next higher rate cannot be used due to unsuitable conditions for that rate (and not because of conditions that affect all rates).

Step 6 Save your changes by entering this command:

save config


Using the CLI to Configure Ethernet VLAN Tagging

VLAN1 is not reserved as the default VLAN.

A maximum of 16 VLANs are supported across all of a RAP's subordinate MAPs.

A VLAN ID can be any value between 1 and 4095. Do not assign any value assigned to another VLAN.

To configure a MAP access port, enter this command:

config ap ethernet 1 mode access enable AP1520-MAP 50

where AP1520-MAP is the variable Cisco_AP and 50 is the variable access_vlan ID.

To configure a RAP or MAP trunk port, enter this command:

config ap ethernet 0 mode trunk enable AP1520-MAP 60

where AP1520-MAP is the variable Cisco_AP and 60 is the variable native_vlan ID.

To add a VLAN to the VLAN allowed list of the native VLAN, enter this command:

config ap ethernet 0 mode trunk add AP1522-MAP3 65

where AP1522-MAP 3 is the variable Cisco_AP and 65 is the variable vlan ID.

Configuring Advanced Features

This section contains the following topics:

Configuring Voice Parameters in Mesh Networks

Enabling Mesh Multicast Containment for Video

Configuring Voice Parameters in Mesh Networks

You can configure call admission control (CAC) and QoS on the controller to manage voice quality on the mesh network.


Note Voice is supported only on indoor mesh networks (1130 and 1240 access points).


CAC

CAC enables an access point to maintain controlled quality of service (QoS) when the wireless LAN is experiencing congestion. The Wi-Fi Multimedia (WMM) protocol deployed in CCXv3 ensures sufficient QoS as long as the wireless LAN is not congested. However, in order to maintain QoS under different network loads, CAC in CCXv4 or later releases is required.


Note CAC is supported in Cisco Compatible Extensions (CCX) v4 or later releases. See the "Configuring Cisco Client Extensions" section on page 6-19 for more information on CCX.


All calls on a mesh access point use bandwidth-based CAC. Load-based CAC is not supported.

Bandwidth-based, or static CAC enables the client to specify how much bandwidth or shared medium time is required to accept a new call. Each access point determines whether it can accommodate a particular call by looking at the available bandwidth and comparing it against the bandwidth required for the call. If not enough bandwidth is available to maintain the maximum allowed number of calls with acceptable quality, the access point rejects the call.

QoS and DSCP Marking

QoS 802.11e is supported on the access and backhaul radios of mesh access points. MAPs can prioritize client traffic based on the QoS setting that is defined on the controller. CAC is implemented on the backhaul.

Mesh access points recognize DSCP markings from devices. DSCP is performed on the originating Cisco 7920 voice handset (client) and the terminating voice handset or terminal. No DSCP marking is performed on the controller, MAP, or CAC.


Note QoS only is relevant when there is congestion on the network.


You can configure bandwidth-based CAC and QoS for mesh networks using the controller GUI or CLI. The instructions for configuring these features is the same for both mesh and nonmesh networks with the exception of QoS settings.

Follow the instructions in the "Configuring Voice and Video Parameters" section to configure voice and video parameters. See the "Guidelines for Using Voice on the Mesh Network" section for mesh-specific configuration guidelines for voice including QoS.

The instructions for viewing voice and video details using the CLI are different for mesh and nonmesh access points.

Follow the instructions in the "Using the CLI to View Voice Details for Mesh Networks" section to view details for mesh access points.

Guidelines for Using Voice on the Mesh Network

Follow these guidelines when using voice on the mesh network:

Voice is only supported on indoor mesh access points, 1130 and 1240.

When voice is operating on a mesh network, calls must not traverse more than two hops. You must configure each sector to require no more than two hops for voice.

On the 802.11a or 802.11b/g/n > Global parameters page, do the following:

Enable dynamic target power control (DTPC)

Disable all data rates less than 11 Mbps

On the 802.11a or 802.11b/g/n > Voice parameters page, do the following:

Disable load-based CAC

Enable admission control (ACM) for CCXv4 or v5 clients that have WMM enabled. Otherwise, bandwidth-based CAC does not operate properly.

Set the maximum RF bandwidth to 50 percent.

Set the reserved roaming bandwidth to 6 percent.

Enable traffic stream metrics.

On the 802.11a or 802.11b/g/n > EDCA parameters page, do the following:

Set the EDCA profile for the interface as voice optimized.

Disable low latency MAC.

On the QoS > Profile page, do the following:

Create a voice profile and choose 802.1q as the wired QoS protocol type.

On the WLANs > Edit > QoS page, do the following:

Select a QoS of platinum for voice and gold for video on the backhaul.

Choose allowed as the WMM policy.

On the WLANs > Edit > QoS page, do the following:

Choose CCKM for authorization (auth) key management (mgmt) if you want to support fast roaming. See the "Client Roaming" section.

On the x > y page, do the following:

Disable voice active detection (VAD).

Voice Call Support in a Mesh Network

Table 9-7 lists a projected minimum and maximum of voice calls supported by the radio type and mesh access point role (RAP or MAP) for planning purposes.

Table 9-7 Projected Voice Call Support on a Mesh Network 

Mesh Access Point Role
Radio
Minimum Calls Supported 1
Maximum Calls Supported 2

RAP

802.11a

14

18

802.11b/g/n

14

18

MAP1

802.11a

6

9

802.11b/g/n

11

18

MAP2

802.11a

4

7

802.11b/g/n

5

9

1 Bandwidth of 855 transmit units (TUs) with 50% of the bandwidth reserved for voice calls.

2 Bandwidth of 1076 TUs with 50% of the bandwidth reserved for voice calls.


Using the CLI to View Voice Details for Mesh Networks

See to Figure 9-23 when using the CLI commands and viewing their output.

Figure 9-23 Mesh Network Example

Use the commands in this section to view details on voice calls on the mesh network:

View the total number of voice calls and the bandwidth used for voice calls on each root access point by entering this command:

show mesh cac summary

Information similar to the following appears:

 
   
AP Name          Slot#   Radio  BW Used/Max  Calls
------------    -------  -----  -----------  -----
SB_RAP1              0   11b/g     0/23437    0
                     1   11a       0/23437    2
SB_MAP1              0   11b/g     0/23437    0
                     1   11a       0/23437    0
SB_MAP2              0   11b/g     0/23437    0
                     1   11a       0/23437    0
SB_MAP3              0   11b/g     0/23437    0
                     1   11a       0/23437    0
 
   

View the mesh tree topology for the network and the bandwidth utilization (used/maximum available) of voice calls and video links for each access point and radio by entering this command:

show mesh cac bwused {voice | video} Cisco_AP

Information similar to the following appears:

AP Name       Slot#    Radio      BW Used/Max
------------- -------  -----      -----------
SB_RAP1         0      11b/g       1016/23437
                1      11a         3048/23437
|SB_MAP1        0      11b/g       0/23437
                1      11a         3048/23437
||  SB_MAP2     0      11b/g       2032/23437
                1      11a         3048/23437
||| SB_MAP3     0      11b/g       0/23437
                1      11a         0/23437
 
   

Note The bars (|) to the left of the AP Name field indicate the number of hops that the mesh access point is away from its root access point (RAP).



Note When the radio type is the same, the backhaul bandwidth used (bw used/max) at each hop is identical. For example, mesh access points map1, map2, map3, and rap1 are all on the same radio backhaul (802.11a) and are using the same bandwidth (3048). All of the calls are in the same interference domain. A call placed anywhere in that domain affects the others.


View the mesh tree topology for the network and display the number of voice calls that are in progress by access point radio by entering this command:

show mesh cac access Cisco_AP

Information similar to the following appears:

 
   
AP Name             Slot#   Radio     Calls
-------------      -------  -----    -----
SB_RAP1              0      11b/g      0
                     1      11a        0
|   SB_MAP1          0      11b/g      0
                     1      11a        0
||  SB_MAP2          0      11b/g      1
                     1      11a        0
||| SB_MAP3          0      11b/g      0
                     1      11a        0
 
   

Note Each call that is received by an access point radio causes the appropriate calls summary column to increment by one. For example, if a call is received on the 802.11b/g radio on map2, then a value of one is added to the existing value in that radio's calls column. In this case, the new call is the only active call on the 802.11b/g radio of map2. If one call is active when a new call is received, the resulting value is two.


View the mesh tree topology for the network and display the voice calls that are in progress by entering this command:

show mesh cac callpath Cisco_AP

Information similar to the following appears:

 
   
AP Name             Slot#   Radio     Calls
-------------      -------  -----    -----
SB_RAP1              0      11b/g      0
                     1      11a        1
|   SB_MAP1          0      11b/g      0      
                     1      11a        1
||  SB_MAP2          0      11b/g      1
                     1      11a        1
||| SB_MAP3          0      11b/g      0
                     1      11a        0
 
   

Note The calls column for each mesh access point radio in a call path increments by one. For example, for a call that initiates at map2 (show mesh cac call path SB_MAP2) and terminates at rap1 by way of map1, one call is added to the map2 802.11b/g and 802.11a radio calls column, one call to the map1 802.11a backhaul radio calls column, and one call to the rap1 802.11a backhaul radio calls column.


View the mesh tree topology of the network, the voice calls that are rejected at the access point radio because of insufficient bandwidth, and the corresponding access point radio where the rejection occurred by entering this command:

show mesh cac rejected Cisco_AP

Information similar to the following appears:

 
   
AP Name             Slot#   Radio     Calls
-------------      -------  -----    -----
SB_RAP1              0      11b/g      0
                     1      11a        0
|   SB_MAP1          0      11b/g      0
                     1      11a        0
||  SB_MAP2          0      11b/g      1
                     1      11a        0
||| SB_MAP3          0      11b/g      0
                     1      11a        0
 
   

Note If a call is rejected at the map2 802.11b/g radio, its calls column increments by one.


View the number of bronze, silver, gold, platinum, and management queues active on the specified access point by entering this command:

show mesh queue-stats {Cisco_AP | all}

The peak and average length of each queue are shown as well as the overflow count.

Information similar to the following appears:

Queue Type  Overflows  Peak length  Average length
 ----------  ---------  -----------  --------------
 Silver      0          1            0.000
 Gold        0          4            0.004
 Platinum    0          4            0.001
 Bronze      0          0            0.000
 Management  0          0            0.000
 
   

The fields in the output are described as follows:

OverflowsThe total number of packets dropped because of queue overflow.

Peak LengthThe peak number of packets waiting in the queue during the defined statistics time interval.

Average LengthThe average number of packets waiting in the queue during the defined statistics time interval.

Enabling Mesh Multicast Containment for Video

You can use the controller CLI to configure three mesh multicast modes to manage video camera broadcasts on all mesh access points. When enabled, these modes reduce unnecessary multicast transmissions within the mesh network and conserve backhaul bandwidth.

Mesh multicast modes determine how bridging-enabled access points (mesh access points [MAPs] and root access points [RAPs]) send multicasts among Ethernet LANs within a mesh network. Mesh multicast modes manage non-CAPWAP multicast traffic only. CAPWAP multicast traffic is governed by a different mechanism.

The three mesh multicast modes are as follows:

Regular modeData is multicast across the entire mesh network and all its segments by bridging-enabled RAPs and MAPs.

In modeMulticast packets received from the Ethernet by a MAP are forwarded to the RAP's Ethernet network. No additional forwarding occurs, which ensures that non-CAPWAP multicasts that are received by the RAP are not sent back to the MAP Ethernet networks within the mesh network (their point of origin), and MAP-to-MAP multicasts do not occur because they are filtered out. This mode is the default mode.

In-out modeThe RAP and MAP both multicast but in a different manner:

If multicast packets are received at a MAP over Ethernet, they are sent to the RAP; however, they are not sent to other MAP Ethernet networks and the MAP-to-MAP packets are filtered out of the multicast.

If multicast packets are received at a RAP over Ethernet, they are sent to all the MAPs and their respective Ethernet networks. When the in-out mode is in operation, you must properly partition your network to ensure that a multicast sent by one RAP is not received by another RAP on the same Ethernet segment and then sent back into the network.


Note If 802.11b clients need to receive CAPWAP multicasts, then you must globally enable multicast on the controller and on the mesh network by using the config network multicast global enable command. If multicast does not need to extend to 802.11b clients beyond the mesh network, you should disable the global multicast parameter by using the config network multicast global disable command.


Using the CLI to Enable Multicast on the Mesh Network

Use these commands to enable multicast mode on the mesh network:

config network multicast global enable

config mesh multicast {regular | in | in-out}

To enable multicast mode only the mesh network (multicasts do not need to extend to 802.11b clients beyond the mesh network), enter these commands:

config network multicast global disable

config mesh multicast {regular | in | in-out}


Note Multicast for mesh networks cannot be enabled using the controller GUI.


Backhaul Client Access (Universal Access) for Indoor and Outdoor Mesh Access Points

You can configure the backhaul for mesh access points (serial backhaul, 1522, 1240 and 1130) to accept client traffic. When this feature is enabled, mesh access points allow wireless client association over the 802.11a radio. This universal access allows an access point to carry both backhaul traffic and 802.11a client traffic over the same 802.11a radio. When this feature is disabled, backhaul traffic is only transmitted over the 802.11a radio and client association is only allowed over the 802.11b/g radio.

After this feature is enabled, all mesh access points reboot.

By default, this feature is disabled.


Note This parameter applies to mesh access points with two or more radios (serial backhaul, 1522, 1240 and 1130) excluding the 1524PS.



Note When using the outdoor Mesh AP 1522, if you disable the 'b' radio either using the GUI/CLI, on rebooting the AP, the 'b' radio is enabled (that is, the status is UP) by default.


To enable this feature on the controller, select the Backhaul Client Access check box on the Wireless > Mesh window. See the "Configuring Global Mesh Parameters" section.

Viewing Mesh Statistics and Reports

This section describes how to view mesh statistics and reports on the controller GUI and CLI.

Viewing Mesh Statistics for an Access Point

This section describes how to use the controller GUI or CLI to view mesh statistics for specific access points.


Note You can modify the Statistics Timer interval setting on the All APs > Details page of the controller GUI.


Using the GUI to View Mesh Statistics for an Access Point

To view mesh statistics for a specific access point using the controller GUI, follow these steps:


Step 1 Choose Wireless > Access Points > All APs to open the All APs page (see Figure 9-24).

Figure 9-24 All APs Page

Step 2 View statistics for a specific access point by hovering your cursor over the blue drop-down arrow for the desired access point and choosing Statistics. The All APs > Access Point Name > Statistics page for the access point appears (see Figure 9-25).

Figure 9-25 All APs > Access Point Name > Statistics Page

This page shows the role of the access point in the mesh network, the name of the bridge group to which the access point belongs, the backhaul interface on which the access point operates, and the number of the physical switch port. It also displays a variety of mesh statistics for this access point. Table 9-8 describes each of the statistics.

Table 9-8 Mesh Access Point Statistics 

Statistics
Parameter
Description

Mesh Node Stats

Malformed Neighbor Packets

Number of malformed packets received from the neighbor. Examples of malformed packets include malicious floods of traffic such as malformed or short DNS packets and malformed DNS replies.

Poor Neighbor SNR Reporting

Number of times the signal-to-noise ratio falls below 12 dB on the backhaul link.

Excluded Packets

Number of packets received from excluded neighbor mesh access points.

Insufficient Memory Reporting

Number of insufficient memory conditions.

Rx Neighbor Requests

Number of broadcast and unicast requests received from the neighbor mesh access points.

Rx Neighbor Responses

Number of responses received from the neighbor mesh access points.

Tx Neighbor Requests

Number of unicast and broadcast requests sent to the neighbor mesh access points.

Tx Neighbor Responses

Number of responses sent to the neighbor mesh access points.

Parent Changes Count

Number of times a mesh access point (child) moves to another parent.

Neighbor Timeouts Count

Number of neighbor timeouts.

Queue Stats

Gold Queue

Average and peak number of packets waiting in the gold (video) queue during the defined statistics time interval.

Silver Queue

Average and peak number of packets waiting in the silver (best effort) queue during the defined statistics time interval.

Platinum Queue

Average and peak number of packets waiting in the platinum (voice) queue during the defined statistics time interval.

Bronze Queue

Average and peak number of packets waiting in the bronze (background) queue during the defined statistics time interval.

Management Queue

Average and peak number of packets waiting in the management queue during the defined statistics time interval.

Mesh Node Security Stats

Transmitted Packets

Number of packets transmitted during security negotiations by the selected mesh access point.

Received Packets

Number of packets received during security negotiations by the selected mesh access point.

Association Request Failures

Number of association request failures that occur between the selected mesh access point and its parent.

Association Request Timeouts

Number of association request timeouts that occur between the selected mesh access point and its parent.

Association Requests Successful

Number of successful association requests that occur between the selected mesh access point and its parent.

Authentication Request Failures

Number of failed authentication requests that occur between the selected mesh access point and its parent.

Authentication Request Timeouts

Number of authentication request timeouts that occur between the selected mesh access point and its parent.

Authentication Requests Successful

Number of successful authentication requests between the selected mesh access point and its parent.

Reassociation Request Failures

Number of failed reassociation requests between the selected mesh access point and its parent.

Reassociation Request Timeouts

Number of reassociation request timeouts between the selected mesh access point and its parent.

Reassociation Requests Successful

Number of successful reassociation requests between the selected mesh access point and its parent.

Reauthentication Request Failures

Number of failed reauthentication requests between the selected mesh access point and its parent.

Reauthentication Request Timeouts

Number of reauthentication request timeouts that occur between the selected mesh access point and its parent.

Reauthentication Requests Successful

Number of successful reauthentication requests that occur between the selected mesh access point and its parent.

Unknown Association Requests

Number of unknown association requests received by the parent mesh access point from its child. The unknown association requests often occur when a child is an unknown neighbor mesh access point.

Invalid Association Requests

Number of invalid association requests received by the parent mesh access point from the selected child mesh access point. This state may occur when the selected child is a valid neighbor but is not in a state that allows association.

Mesh Node Security Stats (continued)

Unknown Reauthentication Requests

Number of unknown reauthentication requests received by the parent mesh access point node from its child. This state may occur when a child mesh access point is an unknown neighbor.

Invalid Reauthentication Requests

Number of invalid reauthentication requests received by the parent mesh access point from a child. This state may occur when a child is a valid neighbor but is not in a proper state for reauthentication.

Unknown Reassociation Requests

Number of unknown reassociation requests received by the parent mesh access point from a child. This state may occur when a child mesh access point is an unknown neighbor.

Invalid Reassociation Requests

Number of invalid reassociation requests received by the parent mesh access point from a child. This state may occur when a child is a valid neighbor but is not in a proper state for reassociation.


Using the CLI to View Mesh Statistics for an Access Point

Use these commands to view mesh statistics for a specific access point using the controller CLI:

To view packet error statistics; a count of failures, timeouts, association and authentication successes; and reassociations and reauthentications for a specific access point, enter this command:

show mesh security-stats {Cisco_AP | all}

Information similar to the following appears:

AP MAC : 00:0B:85:5F:FA:F0
Packet/Error Statistics:
-----------------------------
x Packets 14, Rx Packets 19, Rx Error Packets 0
 
   
Parent-Side Statistics:
--------------------------
Unknown Association Requests 0
Invalid Association Requests 0
Unknown Re-Authentication Requests 0
Invalid Re-Authentication Requests 0
Unknown Re-Association Requests 0
Invalid Re-Association Requests 0
Unknown Re-Association Requests 0
Invalid Re-Association Requests 0
 
   
Child-Side Statistics:
--------------------------
Association Failures 0
Association Timeouts 0
Association Successes 0
Authentication Failures 0
Authentication Timeouts 0
Authentication Successes 0
Re-Association Failures 0
Re-Association Timeouts 0
Re-Association Successes 0
Re-Authentication Failures 0
Re-Authentication Timeouts 0
Re-Authentication Successes 0 

To view the number of packets in the queue by type, enter this command:

show mesh queue-stats Cisco_AP

Information similar to the following appears:

Queue Type  Overflows  Peak length  Average length
 ----------  ---------  -----------  --------------
 Silver      0          1            0.000
 Gold        0          4            0.004
 Platinum    0          4            0.001
 Bronze      0          0            0.000
 Management  0          0            0.000
 
   

OverflowsThe total number of packets dropped because of queue overflow.

Peak LengthThe peak number of packets waiting in the queue during the defined statistics time interval.

Average LengthThe average number of packets waiting in the queue during the defined statistics time interval.

Viewing Neighbor Statistics for an Access Point

This section describes how to use the controller GUI or CLI to view neighbor statistics for a selected access point. It also describes how to run a link test between the selected access point and its parent.

Using the GUI to View Neighbor Statistics for an Access Point

To view neighbor statistics for an access point using the controller GUI, follow these steps:


Step 1 Choose Wireless > Access Points > All APs to open the All APs page (see Figure 9-26).

Figure 9-26 All APs Page

Step 2 View neighbor statistics for a specific access point by hovering your cursor over the blue drop-down arrow for the desired access point and choosing Neighbor Information. The All APs > Access Point Name > Neighbor Info page for the access point appears (see Figure 9-27).

Figure 9-27 All APs > Access Point Name > Neighbor Info Page

This page lists the parent, children, and neighbors of the access point. It provides each access point's name and radio MAC address.

Step 3 Perform a link test between the access point and its parent or children by following these steps:

a. Hover your cursor over the blue drop-down arrow of the parent or child and choose LinkTest. A dialog box window appears (see Figure 9-28).

Figure 9-28 Link Test Dialog Box

b. Click Submit to start the link test. The link test results appear on the Mesh > LinkTest Results page (see Figure 9-29).

Figure 9-29 Mesh > LinkTest Results Page

c. Click Back to return to the All APs > Access Point Name > Neighbor Info page.

Step 4 View the details for any of the access points on this page as follows:

a. Hover your cursor over the blue drop-down arrow for the desired access point and choose Details. The All APs > Access Point Name > Link Details > Neighbor Name page appears (see Figure 9-30).

Figure 9-30 All APs > Access Point Name > Link Details > Neighbor Name Page

b. Click Back to return to the All APs > Access Point Name > Neighbor Info page.

Step 5 View statistics for any of the access points on this page as follows:

a. Hover your cursor over the blue drop-down arrow for the desired access point and choose Stats. The All APs > Access Point Name > Mesh Neighbor Stats page appears (see Figure 9-31).

Figure 9-31 All APs > Access Point Name > Mesh Neighbor Stats Page

b. Click Back to return to the All APs > Access Point Name > Neighbor Info page.


Using the CLI to View Neighbor Statistics for an Access Point

Use these commands to view neighbor statistics for a specific access point:

View the mesh neighbors for a specific access point by entering this command:

show mesh neigh {detail | summary} {Cisco_AP | all}

Information similar to the following appears:

AP Name/Radio Mac  Channel Snr-Up Snr-Down Link-Snr Flags 	State
-----------------  ------- ------ -------- -------- ------ 	-------
mesh-45-rap1       165     15     18       16       0x86b 		 UPDATED NEIGH PARENT BEACON
00:0B:85:80:ED:D0  149      5      6        5       0x1a60 	NEED UPDATE BEACON DEFAULT
00:17:94:FE:C3:5F 	 149 	 	 	 	  7      0 	 	 	 	 	 	 0 	 	   0x860    	 BEACON 

View the channel and signal-to-noise ratio (SNR) details for a link between an access point and its neighbor by entering this command:

show mesh path Cisco_AP

Information similar to the following appears:

AP Name/Radio Mac  Channel Snr-Up Snr-Down Link-Snr Flags 	State
-----------------  ------- ------ -------- -------- ------ 	-------
mesh-45-rap1       165     15     18       16       0x86b 	UPDATED NEIGH PARENT BEACON
mesh-45-rap1 is a Root AP. 

View the percentage of packet errors for packets transmitted by the neighbor mesh access point by entering this command:

show mesh per-stats {Cisco_AP | all}

Information similar to the following appears:

Neighbor MAC Address 00:0B:85:5F:FA:F0
Total Packets transmitted: 104833
Total Packets transmitted successfully: 104833
Total Packets retried for transmission: 33028
Neighbor MAC Address 00:0B:85:80:ED:D0
Total Packets transmitted: 0
Total Packets transmitted successfully: 0
Total Packets retried for transmission: 0
 
   
Neighbor MAC Address 00:17:94:FE:C3:5F
Total Packets transmitted: 0
Total Packets transmitted successfully: 0
Total Packets retried for transmission: 0

Note Packet error rate percentage = 1 - (number of successfully transmitted packets/number of total packets transmitted).


Converting Indoor Access Points to Mesh Access Points (1130AG, 1240AG)

Before you can install an 1130AG or 1240AG indoor access point into an indoor mesh deployment, follow these steps:


Step 1 Convert the autonomous access point (k9w7 image) to a lightweight access point.

For information about this process, see this URL:

http://cisco-images.cisco.com/en/US/docs/wireless/access_point/conversion/lwapp/upgrade/guide/lwapnote.html

Step 2 Convert the lightweight access point to either a mesh access point (MAP) or root access point (RAP) as follows:


Note Indoor mesh access points (1130 and 1240) can function as either a RAP or a MAP. By default, all are configured as MAPs.


To convert the access point to a mesh access point using the CLI, perform one of the following:

To convert from a lightweight access point to a MAP, enter this command:

config ap mode bridge Cisco_AP

The mesh access point reloads.

To convert from a lightweight access point to a RAP, enter these CLI commands:

config ap mode bridge Cisco_AP

config ap role rootAP Cisco_AP

The mesh access point reloads and is configured to operate as a RAP.

To convert the access point to a mesh access point using the GUI, follow these steps:

a. Choose Wireless and click on the AP Name link for the 1130 or 1240 indoor access point you want to convert.
b. At the General Properties panel, choose Bridge from the AP Mode drop-down list.

The access point reboots.

c. At the Mesh panel, choose either RootAP or MeshAP from the AP Role drop-down list.
d. Click Apply to commit your changes.
e. Click Save Configuration to save your changes.

Changing MAP and RAP Roles for Indoor Mesh Access Points (1130AG, 1240AG)

Cisco 1130 and 1240 series indoor mesh access points can function as either RAPs or MAPs.

Using the GUI to Change MAP and RAP Roles for Indoor Mesh Access Points

To change an indoor mesh access point from one role to another using the controller GUI, follow these steps:


Step 1 Choose Wireless > Access Points > All APs to open the All APs page.

Step 2 Click the name of the 1130 or 1240 series access point that you want to change.

Step 3 Click the Mesh tab.

Step 4 From the AP Role drop-down list, choose MeshAP or RootAP to specify this access point as a MAP or RAP, respectively.

Step 5 Click Apply to commit your changes. The access point reboots.

Step 6 Click Save Configuration to save your changes.


Note We recommend that you use a Fast Ethernet connection between the MAP and controller when changing from a MAP to RAP.



Note After a RAP-to-MAP conversion, the MAP's connection to the controller is a wireless backhaul rather than a Fast Ethernet connection. You must ensure that the Fast Ethernet connection of the RAP being converted is disconnected before the MAP starts up so that the MAP can join over the air.



Note We recommend that your power source for MAPs is either a power supply or power injector. We do not recommend that you use PoE as a power source for MAPs.



Using the CLI to Change MAP and RAP Roles for Indoor Mesh Access Points

To change an indoor mesh access point from one role to another using the controller CLI, follow these steps:


Step 1 Change the role of an indoor access point from MAP to RAP or from RAP to MAP by entering this command:

config ap role {rootAP | meshAP} Cisco_AP

The access point reboots after you change the role.

Step 2 Save your changes by entering this command:

save config


Converting Indoor Mesh Access Points to Nonmesh Lightweight Access Points (1130AG, 1240AG)

The access point reboots after you enter the conversion commands in the controller CLI or perform the steps on the controller or the Cisco WCS.


Note We recommend that you use a Fast Ethernet connection to the controller for the conversion from a mesh (bridge) to nonmesh (local) access point. If the backhaul is a radio, after the conversion, you must enable Ethernet and then reload the access image.



Note When a root access point is converted back to a lightweight access point, all of its subordinate mesh access points lose connectivity to the controller. A mesh access point is unable to service its clients until the mesh access point is able to connect to a different root access point in the vicinity. Likewise, clients might connect to a different mesh access point in the vicinity to maintain connectivity to the network.


To convert an indoor mesh access point (MAP or RAP) to a nonmesh lightweight access point using the CLI, enter this command.

config ap mode local Cisco_AP

The access point reloads.

To convert an indoor mesh access point (MAP or RAP) to a nonmesh lightweight access point using the GUI, follow these steps:

a. Choose Wireless and click on the AP Name link for the 1130 or 1240 indoor access point you want to convert.

b. At the General Properties panel, choose Local from the AP Mode drop-down list.

c. Click Apply to apply changes.

d. Click Save Configuration to save your changes.

To convert an indoor mesh access point (MAP or RAP) to a nonmesh lightweight access point using Cisco WCS, follow these steps:

a. Choose Configure > Access Points and click on the AP Name link for the 1130 or 1240 indoor access point you want to convert.

b. At the General Properties panel, choose Local as the AP Mode (left side).

c. Click Save.

Configuring Mesh Access Points to Operate with Cisco 3200 Series Mobile Access Routers

Outdoor access points (1522, 1524PS) can interoperate with the Cisco 3200 Series Mobile Access Router (MAR) on the public safety channel (4.9 GHz) as well as the 2.4-GHz access and 5-GHz backhaul.

The Cisco 3200 creates an in-vehicle network in which devices such as PCs, surveillance cameras, digital video recorders, printers, PDAs, and scanners can share wireless networks such as cellular or WLAN- based services back to the main infrastructure. Data that is collected from in-vehicle deployments, such as a police car can be integrated into the overall wireless infrastructure. For specific interoperability details between series 1130, 1240, and 1520 mesh access points and series 3200 mobile access routers, see Table 9-9.

Table 9-9 Mesh Access Points and MAR 3200 Interoperability

Mesh Access Point Model
MAR Model

15221

c32012 , c32023 , c32054

1524PS

c3201, c3202

1130, 1240 configured as indoor mesh access points with universal access

c3201, c3205

1 Universal access must be enabled on the 1522 if connecting to a MAR on the 802.11a radio or 4.9-GHz band.

2 Model c3201 is a MAR with a 802.11b/g radio (2.4 GHz).

3 Model c3202 is a MAR with a 4-9-GHz sub-band radio.

4 Model c3205 is a MAR with a 802.11a radio (5.8-GHz sub-band).


Configuration Guidelines

Follow these guidelines to allow the 1522 or 1524PS mesh access point and Cisco MAR 3200 to interoperate on the public safety network:

Client access must be enabled on the backhaul (Mesh global parameter).

Public Safety must be enabled globally on all mesh access points (MAPs) in the mesh network.

Channel number assignments on the 1522 or 1524PS must match those on the Cisco 3200 radio interfaces:

Channels 20 (4950 GHz) through 26 (4980 GHz) and sub-band channels 1 through 19 (5 and 10 MHz) are used for MAR interoperability. This configuration change is made on the controller. No changes are made to the access point configuration.

Channel assignments are made only to the RAP. Updates to the MAP are propagated by the RAP.

The default channel width for MAR 3200s is 5 MHz. You must do one of the following:

Change the channel width to 10 or 20 MHz to enable WGBs to associate with series 1520 mesh access points.

Change the channel on the 1522 or 1524PS to a channel in the 5-MHz (channels 1 to 10) or 10-MHz band (channels 11 through 19) as follows:

When using the CLI, you must disable the 802.11a radio prior to configuring its channels. You reenable the radio after the channels are configured.

When using the GUI, enabling and disabling the 802.11a radio for channel configuration is not required.

Cisco MAR 3200s can scan channels within but not across the 5-, 10-, or 20-MHz bands.

Using the GUI to Enable Mesh Access Points to Operate with Cisco 3200 Series Mobile Access Routers

To enable the 1522 and 1524PS mesh access points to associate to the Cisco 3200 series MAR using the controller GUI, follow these steps:


Step 1 Enable the backhaul for client access by choosing Wireless > Mesh to open the Mesh page.

Step 2 Select the Backhaul Client Access check box to allow wireless client association over the 802.11a radio.

Step 3 Click Apply to commit your changes.

Step 4 When prompted to allow a reboot of all the mesh access points on the network, click OK.

Step 5 Choose Wireless > Access Points > Radios > 802.11a/n to open the 802.11a/n Radios page.

Step 6 Hover your cursor over the blue drop-down arrow for the appropriate RAP and choose Configure. The 802.11a/n (4.9 GHz) > Configure page appears (see Figure 9-32).

Figure 9-32 802.11 a/n (4.9GHz) > Configure Page

Step 7 Under the RF Channel Assignment section, choose the Custom option for Assignment Method and select a channel between 1 and 26.

Step 8 Click Apply to commit your changes.

Step 9 Click Save Configuration to save your changes.


Using the CLI to Enable Mesh Access Points to Operate with Cisco 3200 Series Mobile Access Routers

To enable the 1522 and 1524PS mesh access points to associate to the Cisco 3200 series MAR using the controller CLI, follow these steps:


Step 1 Enable client access mode on the 1522 and 1524PS mesh access points by entering this command:

config mesh client-access enable

Step 2 Enable public safety on a global basis by entering this command:

config mesh public-safety enable all

Step 3 Enable the public safety channels by entering these commands:

For the 1522 access point, enter these commands:

config 802.11a disable Cisco_MAP

config 802.11a channel ap Cisco_MAP channel_number

config 802.11a enable Cisco_MAP

For the 1524PS, enter these commands:

config 802.11-a49 disable Cisco_MAP

config 802.11-a49 channel ap Cisco_MAP channel_number

config 802.11-a49 enable Cisco_MAP


Note Enter the config 802.11-a58 enable Cisco_MAP command to enable a 5-GHz radio.



Note For both the 1522 and 1524PS mesh access points, valid values for the channel number is 1 through 26.


Step 4 Save your changes by entering this command:

save config

Step 5 Verify your configuration by entering these commands:

show mesh public-safety

show mesh client-access

show ap config 802.11a summary (for 1522 access points only)

show ap config 802.11-a49 summary (for 1524PS access points only)


Note Enter the show config 802.11-a58 summary command to view configuration details for a 5-GHz radio.