Cisco Prime Infrastructure Configuration Guide, Release 1.2
Chapter 10: Managing Clients
Downloads: This chapterpdf (PDF - 422.0KB) The complete bookPDF (PDF - 16.48MB) | Feedback

Managing Clients

Table Of Contents

Managing Clients

Client Dashlets on the General Dashboard

Client Dashboard

Client Troubleshooting Dashlet

Client Distribution Dashlet

Client Authentication Type Distribution

Client Alarms and Events Summary Dashlet

Client Traffic Dashlet

Wired Client Speed Distribution Dashlet

Top 5 SSIDs by Client Count

Top 5 Switches by Switch Count

Client Posture Status Dashlet

Client Count By IP Address Type

IPv6 Assignment Distribution

User Auth Failure Count

Client Protocol Distribution

Client EAP Type Distribution

Guest Users Count

Client CCX Distribution

Top N Client Count

Client Mobility Status Distribution

Client 11u Distribution

11u Client Count

11u Client Traffic

PMIP Clients Distribution

PMIP Client Count

Top APs By Client Count

Most Recent Client Alarms

Recent 5 Guest User Accounts

Latest 5 logged in Guest Users

Clients Detected by Context Aware Service

Monitoring Clients and Users

 Filtering Clients and Users

Viewing Clients and Users

Client Attributes

Client IPv6 Addresses

Client Statistics

Client Association History

Client Event Information

Client Location Information

Wired Location History

Wireless Location History

Client CCXv5 Information

Exporting Clients and Users

Client Troubleshooting

Using the Search Feature to Troubleshoot Clients

Tracking Clients

Notification Settings

Identifying Unknown Users

Configuring the Search Results Display

Enabling Automatic Client Troubleshooting

Viewing Client Details in the Access Point Page

Viewing Currently Associated Clients

Running Client Reports

Running ISE Reports

Specifying Client Settings

Receiving Radio Measurements for a Client

Radio Measurement Results for a Client

Viewing Client V5 Statistics

Viewing Client Operational Parameters

Viewing Client Profiles

Disabling a Current Client

Removing a Current Client

Enabling Mirror Mode

Viewing a Map (High Resolution) of a Client Recent Location

Viewing a Map (High Resolution) of a Client Current Location

Running a Client Sessions Report for the Client

Viewing a Roam Reason Report for the Client

Viewing Detecting Access Point Details

Viewing Client Location History

Viewing Voice Metrics for a Client


Managing Clients


A client is a device that is connected to an access point or a switch. Prime Infrastructure supports both wired and wireless clients. After you add controllers and switches to Prime Infrastructure, the client discovery process starts. Wireless clients are discovered from managed controllers or autonomous access points. The wireless client count includes autonomous clients as well. Only in the case of switches, Prime Infrastructure polls for clients immediately after the device is added. In the case of controllers, these are polled during regular client status poll. Prime Infrastructure gets the client information from the switch and updates this information in the database. For wired clients, the client status polling to discover client associations occurs every two hours (by default). A complete polling happens twice every day to poll complete information of all wired clients connected to all switches.

Prime Infrastructure uses background tasks to perform the data polling operations. There are three tasks associated with clients:

1. Autonomous AP Client Status

2. Lighweight Client Status

3. Wired Client Status


Note You can refresh the data collection tasks (such as polling interval) from the Administration > Background Tasks page. For details, see the "Performing Background Tasks" section.



Note Prime Infrastructure enables you to track clients and be notified when these clients connect to the network. For details, see the "Tracking Clients" section.



Note For more information about enabling traps and syslogs on switches for wired client discovery, see the "Tracking Clients" section.


Not all users or devices are authenticated via 802.1x (for example, printers). In such a case, a network administrator can assign a username to a device. For details, see the "Configuring Unknown Devices" section.

If a client device is authenticated to the network through web auth, Prime Infrastructure might not have username information for the client (applicable only for wired clients).

Client status (applicable only for wired clients) is noted as connected, disconnected, or unknown:

Connected clients—Clients that are active and connected to a wired switch.

Disconnected clients—Clients that are disconnected from the wired switch.

Unknown clients—Clients that are marked as unknown when the SNMP connection to the wired switch is lost.


Note See the "Configuring Unknown Devices" section for more information about tracking clients.


Prime Infrastructure supports both identity and non-identity wired clients. The support for wired clients is based on the identity service. The identity service provides secure network access to users and devices and it also enables the network administrators to provision services and resources to the users based on their job functions.

This chapter contains the following sections:

Client Dashlets on the General Dashboard

Client Dashboard

Monitoring Clients and Users

Client Troubleshooting

Tracking Clients

Enabling Automatic Client Troubleshooting

Viewing Client Details in the Access Point Page

Viewing Currently Associated Clients

Running Client Reports

Running ISE Reports

Specifying Client Settings

Receiving Radio Measurements for a Client

Viewing Client V5 Statistics

Viewing Client Operational Parameters

Viewing Client Profiles

Disabling a Current Client

Removing a Current Client

Enabling Mirror Mode

Viewing a Map (High Resolution) of a Client Recent Location

Viewing a Map (High Resolution) of a Client Current Location

Running a Client Sessions Report for the Client

Viewing a Roam Reason Report for the Client

Viewing Detecting Access Point Details

Viewing Client Location History

Viewing Voice Metrics for a Client

Client Dashlets on the General Dashboard


Note The dashlets that you see on the dashboard are presented in the form of interactive graphs. See the "Interactive Graphs" section for more information.


When you log into Prime Infrastructure, the General dashboard displays a few client-related dashlets.

Client Count By Association/Authentication—Displays the total number of clients by Association and authentication in Prime Infrastructure over the selected period of time.

Associated client—All clients connected regardless of whether it is authenticated or not.

Authenticated client—All clients connected and passed authentication, authorization and other policies, and ready to use the network.

Client Count By Wireless/Wired—Displays the total number of wired and wireless clients in Prime Infrastructure over the selected period of time.

Client Dashboard


Note The dashlets that you see on the dashboard are presented in the form of interactive graphs. See the "Interactive Graphs" section for more information.


The Client dashboard in Prime Infrastructure home page displays the client-related dashlets. These dashlets enable you to monitor the clients on the network. The data for graphs is also polled/updated periodically and stored in Prime Infrastructure database. On the other hand, most of the information in the Client Details page are polled directly from the controller/switch.

Click the Edit Content link to choose the dashlets you want to have appear on the Client dashboard. You can choose the dashlet from the Available dashlets list and then click to add it to the left or right column. For more information on using the Edit Content link, see the "Dashboards" section. For example, if you want to see the client count in both the General and Client dashboards, you can add the same dashlet to both.

To return to the original Client dashboard before customization, click Edit Tabs, and click Reset to Factory Default.

This section describes the Client dashboard dashlets and contains the following topics:

Client Troubleshooting Dashlet

Client Distribution Dashlet

Client Alarms and Events Summary Dashlet

Client Traffic Dashlet

Wired Client Speed Distribution Dashlet

Top 5 SSIDs by Client Count

Top 5 Switches by Switch Count

Client Posture Status Dashlet

Client Count By IP Address Type

IPv6 Assignment Distribution

User Auth Failure Count

Client Protocol Distribution

Client EAP Type Distribution

Guest Users Count

Client CCX Distribution

Top N Client Count

Client Mobility Status Distribution

Client 11u Distribution

11u Client Count

11u Client Traffic

PMIP Clients Distribution

PMIP Client Count

Top APs By Client Count

Most Recent Client Alarms

Recent 5 Guest User Accounts

Latest 5 logged in Guest Users

Clients Detected by Context Aware Service

Client Troubleshooting Dashlet

To troubleshoot a client, enter a client MAC address, and then click Troubleshoot. The properties information appears.


Note If the client is not currently associated, most of the information does not appear.


For details about client troubleshooting see the "Client Troubleshooting" section.

Client Distribution Dashlet

This dashlet shows how many clients are on your network presently. You can see how clients are distributed by protocol, EAP type, and authentication type.

Protocol

802.11—wireless client protocol

802.3—wired client protocol.


Note You can click a protocol to access the list of users belonging to that protocol. For example, if you click the 802.3 protocol, you can directly access the list of the wired clients and users in the Clients and Users page.


EAP-Type—Represents Extensible Authentication Protocol (EAP) types such as EAP-FAST, PEAP, and so on

Authentication Type—Represents types such as WPA (TKIP), WPA2 (AES), open, and so on

You can choose to display this information in table form or in a pie chart. The pie charts are clickable. If you hover your mouse cursor over a particular portion of the pie chart, a heading and percentage appears, and you can then click the pie chart piece to open a filtered list. When you click the number (next to the header `Client Distribution') represented by Client Distribution, you get a list of clients represented by this number (the same page that you see when you choose Monitor > Clients and Users). You can filter the data that is displayed in client distribution by clicking the Dashlet Options icon and choosing either controller IP, SSID, or floor area.


Note The Edited label next to the Client Distribution count indicates that the dashlet has been customized. If you reset to the default page, the Edited label is cleared.


Client Authentication Type Distribution

This Client Authentication Type graph shows the number of clients for each authentication type. You can choose to display this information in table form or in a pie chart. When you click the number represented by Total Clients, you get a list of clients represented by this number (the same page that you see when you choose Monitor > Clients and Users). You can filter the data that is displayed in client authentication type distribution by clicking the Dashlet Options icon and choosing either controller IP, SSID, or floor area.

Client Alarms and Events Summary Dashlet

This dashlet shows the most recent client alarms of both wired and wireless clients.

Client Association Failure

Client Authentication Failure

Client WEP Key Decryption Error

Client WPA MIC Error Counter Activated

Client Excluded

Autonomous AP Client Authentication Failure

Wired Client Authentication Failure

Wired Client Authorization Failure

Wired Client Critical VLAN Assigned

Wired Client Auth fail VLAN Assigned

Wired Client Guest VLAN Assigned

Wired Client Security Violation


Note For more information about the alarms and events, see the "Alarm and Event Dictionary" section.


Click the number in the Total column to open the Events page (the same page that you see when you choose Monitor > Events).

Client Traffic Dashlet

Controllers keep counters for the number of bytes transferred and received for each client. Prime Infrastructure reads the number every 15 minutes and then calculates the difference, comparing the prior polling. This client traffic data is then aggregated every hour, every day, and every week. It shows the average and maximum values in megabytes per second for both downstream and upstream traffic. You can display the information in table form or in an area chart. When generating the chart based on the floor, Prime Infrastructure adds up all client traffic on this floor. You can filter the data that is displayed in client traffic by clicking the Dashlet Options icon and choosing either controller IP, SSID, or floor area.

For wireless clients, client traffic information comes from controller. For wired clients, the client traffic information comes form ISE, and therefore you need to enable accounting information and other necessary functions on switches.

If you click View History, the Client Traffic Historical Charts dashlet appears for the various time frames. The Client Traffic Historical Charts dashlet shows the client traffic over the last 6 hours, last day, last week, last month, and last year. The blue line shows the authenticated client count and the orange line shows the associated client count. The upper right-hand corner shows when the chart was last updated.

Wired Client Speed Distribution Dashlet

This dashlet displays the wired client speeds and the client count for each speed. There are three different speeds on which clients run:

10 Mbps

100 Mbps

1 Gbps


Note The ports are in the Auto Negotiate mode by default. For example, you get 100 Mbps speed for a client that runs in 100 Mbps speed.


Top 5 SSIDs by Client Count

This dashlet shows the count of currently associated and authenticated clients. You can choose to display the information in table form or in an area chart.


Note In Prime Infrastructure 1.0, the WGB, Wired Guest, and OEAP 600 (Office Extended Access Point 600) are tracked as wireless clients.


Top 5 Switches by Switch Count

This dashlet displays the five switches that have the most clients as well as the number of clients associated to the switch.

Client Posture Status Dashlet

Prime Infrastructure collects the posture status information from the Identity Services Engine (ISE). You need to add an ISE for authorization and authentication purpose. For information about adding an ISE, see the "Adding an Identity Services Engine" section on page 16-1324. After you enable necessary functions in ISE, Prime Infrastructure shows the data in the Client Posture Status dashlet.

This dashlet displays the client posture status and the number of clients in each of the following status categories:

Compliant

Non-compliant

Unknown

Pending

Not Applicable

Error

Client Count By IP Address Type

This dashlet displays a chart which shows client count trend over time by different IP addresses types. The types include IPv4, IPv6, Dual-Stack and Unknown.

IPv6 Assignment Distribution

This dashlet displays a pie chart which shows distribution of all clients based on how their IPv6 addresses get assigned. The type include Unknown, DHCPv6, Self-Assigned, and SLACC or Static.

User Auth Failure Count

This dashlet displays a chart which shows user authentication failure count trend over time.

Client Protocol Distribution

This dashlet displays the current client count distribution by protocols.

Client EAP Type Distribution

This dashlet displays the count based on the EAP type.

Guest Users Count

This dashlet displays Guest client count over a specified time.

Client CCX Distribution

This dashlet displays a pie chart which shows client distribution among different CCX versions.

Top N Client Count

This dashlet displays a bar chart which shows top N elements based on client count. The elements include SSID, APs, Controller, Endpoint Type, Vendor, Switches, and Anchor Controllers. It is a generic top N chart to replace different individual topN charts.

Client Mobility Status Distribution

This dashlet displays a pie chart which shows client distribution between local (not anchored) and anchored.

Client 11u Distribution

This dashlet displays a pie chart which shows 11u clients over non-11u clients.

11u Client Count

This dashlet displays a chart which shows 11u client count trend over time.

11u Client Traffic

This dashlet displays a chart which shows 11u client traffic trend over time.

PMIP Clients Distribution

This dashlet displays a pie chart which shows PMIP client over non-PMIP clients.

PMIP Client Count

This dashlet displays a chart which shows PMIP client count trend over time.

Top APs By Client Count

This dashlet displays the Top APs by client count.

Most Recent Client Alarms

This dashlet displays the most recent client alarms.

Recent 5 Guest User Accounts

This dashlet displays the most recent guest user accounts created or modified.

Latest 5 logged in Guest Users

This dashlet displays the most recent guest users to log in.

Clients Detected by Context Aware Service

This dashlet displays the client count detected by the context aware service within the previous 15 minutes.

Monitoring Clients and Users

Using the Monitor Clients and Users feature, you can view all the clients in your network—both wired and wireless. In addition, you can view the client association history and statistical information. These tools are useful when users complain of network performance as they move throughout a building with their laptop computers. The information might help you assess what areas experience inconsistent coverage and which areas have the potential to drop coverage.

The Client Detail page shows the association history graph to represent the time-based data. The information helps you identify, diagnose, and resolve client issues.


Note Some of the features mentioned in this chapter are not applicable for wired clients (for example, disabling or removing).


Choose Monitor > Clients and Users to view both wired and wireless clients information. The Clients and Users page appears. In the Clients and Users page, you see the clients in tabular format with different tools available at the top of the table.

This section contains the following topics:

 Filtering Clients and Users

Viewing Clients and Users

Configuring the Search Results Display

 Filtering Clients and Users

In the Clients and Users list page, all associated clients are displayed by default. There are 17 preset filters that allow you to view a subset of clients (see Table 10-1).


Note The WGB, Wired Guest, and OEAP 600 (Office Extended Access Point 600) are tracked as wireless clients.



Note Sorting on non-indexed column causes serious performance issue when loading the client list page. Prime Infrastructure only remembers sorting column which is indexed including MAC Address, IP Address, Username, AP MAC Address and SSID. You can still sort the table by any column. But after you leave this page, Prime Infrastructure will not remember the last used sorting column if it is not indexed.


Table 10-1 lists the preset filters that are available in the Clients and Users page. Choose the filter you want to show from the Show drop-down list.

Table 10-1 Client List Filters 

Filter
Results

All

All clients including inactive clients.

Note Generally, "All" filter means no filters. All SSID returns all clients connected to all controllers such as PMIP, WGB, or wired guest clients.

2.4 GHz Clients

All clients using 2.4 GHz radio band.

5 GHz Clients

All clients using 5.0 GHz radio band.

All Lightweight Clients

All clients connected to lightweight APs.

All Autonomous Clients

All clients connected to autonomous APs.

All Wired Clients

All clients directly connected to a switch managed by Prime Infrastructure.

Associated Clients

All clients connected to the network regardless of whether they are authenticated or not.

Clients detected by MSE

All clients detected by MSE including wired and wireless clients.

Clients detected in last 24 hours

All clients detected in the last 24 hours.

Clients Known by ISE

Shows all the clients that are authenticated by ISE.

Clients with Problems

Clients that are associated, but have not yet completed policy.

Excluded Clients

All lightweight wireless clients excluded by the controller.

FlexConnect Locally Authenticated

Clients connected to FlexConnect APs and authenticated locally.

New Clients detected in last 24 hours

New Clients detected in the last 24 hours.

On Network Clients

Clients that have gone through authentication/authorization and are able to send and receive data. This means the clients that have completed all set policies and are on the network. The clients are not Identity clients and are always appear as `On Network'.

WGB Clients

All WGB clients.

Note If an access point is bridge capable, and the AP mode is set to Bridge, you can view clients identified as WGBs. WGB clients bridge wireless to wired. Any Cisco IOS access point can take on the role of a WGB, acting as a wireless client with a wired client connected to it. The information about this WGB is propagated to the controller and appears as a client in both Prime Infrastructure and WLC.

All IPv4 Address Clients

Clients which have IPv4 addresses (wired and wireless).

All IPv6 Address Clients

Clients which have IPv6 addresses (wired and wireless).

All Dual-Stack Clients

Clients which have both IPv4 and IPv6 address (wired and wireless).


In addition, you can use the filter icon () to filter the records that match the filter rules. If you want to specify a filter rule, choose All from the Show drop-down list before you click .


Note When you select a preset filter and click the filter icon, the filter criteria is dimmed. You can only see the filter criteria but cannot change it. When the All option is selected to view all the entries, clicking the filter icon shows the quick filter options, where you can filter the data using the filterable fields. You can also enter text in the free form text box for table filtering.



Note When you perform advanced client filtering on IPv6 addresses, each octet that you specify must be a complete octet. If you specify a partial octet, the filtering might not show correct results. The following example shows how the advanced client filtering works on IPv6 addresses.
This example assumes that you have the following IP addresses in the system:
10.10.40.1
10.10.40.2
10.10.40.3
10.10.240.1
Fec0::40:20
Fe80::240:20

If you search for all IP addresses containing 40, you get the following result:

10.10.40.1
10.10.40.2
10.10.40.3
Fec0::40:20

The IP addresses that contain 240 are not filtered because the filtering feature expects you to enter a complete octet.


Viewing Clients and Users


Note You can use the advanced search feature to narrow the client list based on specific categories and filters. See the "Using the Search Feature" section section or the "Advanced Search" section for more information.
You can also filter the current list using the Show drop-down list. See the " Filtering Clients and Users" section for more information.



Note See the "Configuring the Search Results Display" section for other available client parameters. See the " Filtering Clients and Users" section for information on filtering this client list.



Note To view complete details in the Monitor > Client and Users page and to perform operations such as Radio Measurement, users in User Defined groups require permission before they access the Monitor Clients, View Alerts & Events, Configure Controllers, and Client Location pages.


To view clients and users, follow these steps:


Step 1 Choose Monitor > Clients and Users to view both wired and wireless clients information. The Clients and Users page appears.

The Clients and Users table displays a few columns by default. If you want display the additional columns that are available, click , and then click Columns. The available columns appear. Select the columns that you want to show in the Clients and Users table. When you click anywhere in a row, the row is selected and the client details are shown.

The following columns are available in the Clients and Users table:

MAC Address—Client MAC address.

IP Address—Client IP address.

The IP address that appears in the IP Address column is determined by a predefined priority order. The first IP address available in the following order appears in the IP address field:

IPv4 address.

IPv6 unique global address. If there are multiple addresses of this type, most recent IPv6 address the client received are shown, because a user can have two global IPv6 addresses but one might be from an older router advertisement that is being aged out.

IPv6 unique local address. If there are multiple IPv6 unique local addresses, the most recent one is used.

IPv6 link-local address. The IPv6 clients always have at least one link-local address.

The following are the different IPv6 address types:

Link-local Unicast—The link-local addresses are designed to be used for addressing on a single link for purposes such as auto-address configuration, neighbor discovery, or when no routers are present.

Site-local Unicast—The site-local addresses are designed to be used for addressing inside of a site without the need for a global prefix.

Global Unicast—The global unicast address uniquely identifies the client in the global network and is equivalent to a public IPv4 address. A client can have multiple global unicast addresses.


Note When there is more than one IP address of the same type, only the most recent IP address of that type appears, and the rest appear in the QuickView page when you hover your mouse cursor over the QuickView (+) icon.


IP Address Type—The IP address type such as IPv4 and IPv6.

Global Unique—The aggregate global unicast address of an IPv6 address. This field is populated only if a client is assigned a global unique IPv6 address.

Unique Local—The local unicast address of an IPv6 address. This field is populated only if a client is assigned a local unique IPv6 address.

Link Local—The link-local unicast address of an IPv6 address. This field is populated only if a client is assigned a link-local IPv6 address.

User Name—Username based on 802.1x authentication or Web authentication. Unknown is displayed for a client connected without a username.

Type—Indicates the client type.

Indicates a lightweight client

indicates a wired client

Indicates an autonomous client

Vendor—Device vendor derived from OUI.

AP Name—Wireless only

Device Name—Network authentication device name, for example, WLC, switch.

Location—Map location of connected device.

ISE—Yes/No. This column represents whether the client is authenticated using the ISE, which is added to Prime Infrastructure.

Endpoint Type—Endpoint type as reported by the ISE, available only when the ISE is added (for example, iPhone, iPad, Windows workstation).

Posture—Latest client posture status

SSID—Wireless only

Profile Name—Wireless only

VLAN——Indicates the access VLAN ID for this client.

Status—Current client status

Idle—Normal operation; no rejections of client association requests.

Auth Pending—Completing a AAA transaction.

Authenticated—802.11 authentication complete.

Associated—802.11 association complete. This is also used by wired clients to represent that a client is currently connected to the network.

Power Save—Client is in power save mode.

Disassociated—802.11 disassociation complete. This is also used by wired clients to represent that a client is currently not on the network.

To Be Deleted—The client that is deleted after disassociation.

Excluded—Automatically disabled by the system due to perceived security threat.

Interface—Controller interface (wireless) or switch interface (wired) that the client is connected to.

Protocol

802.11—wireless

802.3—wired

Speed—Ethernet port speed (wired only). Displays "N/A" for wireless.

Association Time—Last association start time (for wireless client). For a wired client, this is the time when the client is connected to a switch port. This column is blank for a client that is associated but has problems being on the network.

Session Length—Session length.

First Seen—Indicates the date and time when the client was first detected.

Authentication Type—WPA, WPA2, 802.1x, MAC Auth Bypass, or Web Auth.

Authorization Profile Names—Authorization profiles applied to this client by the ISE. This contains data only when the ISE is added and the client is authenticated by the ISE.

Traffic (MB)—Traffic (transmitted/received) in this session in MB.

Average Session Throughput (kbps)—Average session throughput in kbps.

Automated Test Run—Indicates whether the client is in auto test mode. This is applicable for wireless clients only.

AP MAC Address—Wireless only.

AP IP Address—Wireless only.

Anchor Controller—Lightweight wireless only.

On Network—Shows Yes for the clients that are associated and have successfully finished authentication, if required.

CCX—Lightweight wireless only.

Client Host Name—Wired and wireless. Result of DNS reverse lookup.

Device IP Address—IP address of the connected device (WLC, switch. or autonomous AP).

Port—Switch port on WLC.

E2E—Lightweight wireless only.

Encryption Cipher—Wireless only.

MSE—MSE server managing this client.

RSSI—Wireless only.

SNR—Wireless only.

Router Advertisements Dropped—The router advertisements that are dropped for each client for a particular session.

Session ID—Audit-session-ID used in the ISE and on the switch.

FlexConnect Local Authentication—Indicates if the FlexConnect Local Authentication is enabled for this client.

WGB Status—Indicates the status of the work group bridge mode.

Mobility Status—Indicates the mobility status of the wireless client.

SNMP NAC State—Indicates the state of the NAC appliance in out-of-band mode.

Step 2 Select a client or user. The following information appears:

Client Attributes

Client Statistics


Note Client Statistics shows statistical information after the client details are shown.


Client Association History

Client Event Information

Client Location Information

Wired Location History

Client CCXv5 Information


The following attributes are populated only when the ISE is added to Prime Infrastructure:

ISE

Endpoint Type

Posture

Authorization Profile Names


Note Prime Infrastructure queries the ISE for client authentication records for the last 24 hours to populate this data. If the client is connected to the network 24 hours before it is discovered in Prime Infrastructure, you might not see the ISE-related data in the table. You might see the data in client details page. To work around this, reconnect the client to the network. The ISE information is shown in the table after the next client background task run.


Client Attributes

When you select a client from the Clients and Users list, the client attributes appear in the Clients and Users list. Clients are identified using the MAC address.


Note The details that appear in the Client Attributes group box are from the device, whereas the details that appear in the Clients and Users list are from the database. Therefore, there can be some discrepancy between the details that appear in the Clients and Users list and the Client Attributes group box.



Note For wired clients, the information comes from the switch. Also, the data that appears in the details page is live data collected on demand from the controller/switch/ISE.


These details include the following client details:

General—Lists the generation information such as User Name, MAC address, and so on.


Note Click the icon next to the username to access the correlated users of a user.


Session—Lists the client session information.

Security (wireless and Identity wired clients only)—Lists Security policy, authentication information, and EAP type.


Note The identity clients are the clients whose authentication types are 802.1x, MAC Auth Bypass or Web Auth. For non-identity clients, the authentication type is N/A.



Note The data that appears in the Client Attributes group box differs depending on the type of client: identity and non-identity clients. For identity clients, you can see the security information such as Authentication status, Audit Session ID, and so on.


Statistics (wireless only)

Traffic—Shows the client traffic information.


Note For wireless clients, client traffic information comes from controller. For wired clients, the client traffic information comes form the ISE, therefore you must enable accounting information and other necessary functions on the switches.


Client IPv6 Addresses

When you select an IPv6 client from the Clients and Users list, the client IPv6 address details appear. These details come from the controller directly.

For the wired clients that have IPv6 addresses, Prime Infrastructure discovers the client addresses from the IPv6 neighbors table on the switch.

These details include the following information:

IP Address—Client IPv6 address.

Scope

Address Type

Discovery Time

Client Statistics

The Client Statistics includes the following information for the selected client:

Client AP Association History

Client RSSI History (dBm)—History of RSSI (Received Signal Strength Indicator) as detected by the access point with which the client is associated.

Client SNR History—History of SNR (signal-to-noise ratio of the client RF session) as detected by the access point with which the client is associated

Bytes Sent and Received (Kbps)—Bytes sent and received with the associated access point.

Packets Sent and Received (per second)—Packets sent and received with the associated access point.

Data rate over time


Note Hover your mouse cursor over points on the graph for additional statistical information.



Note This information is presented in interactive graphs. See the "Interactive Graphs" section for more information.


Client Association History

The Association History dashlet displays information regarding the last ten association times for the selected client. This information can help in troubleshooting the client.

Client Association History (for wireless clients) includes the following information:

Date and time of association

Duration of association

Username

IP address

Access point name

Controller name

SSID

Protocol

Amount of traffic (MB)

Hostname

Roam reason (such as No longer seen from controller or New association detected)

Client Association History (for wired clients) includes the following information:

Date and time of association

Duration of association

Username

IP address

Access point and controller name

Map location

SSID

Protocol

Amount of traffic (MB)

Hostname

Roam reason (such as No longer seen from controller or New association detected)


Note Click the Edit View link to add, remove or reorder columns in the Current Associated Clients table. See the "Configuring the List of Access Points Display" section for adding new parameters than can be added through Edit View.


Client Event Information

The Client Event dashlet of the Client Details page displays all events for this client including the event type as well as the date and time of the event.

Click an event type to view its details. See the "Monitoring Failure Objects" section for more information.

Client Location Information

The following location parameters appear (if available) for the selected client:

Map Area—The map area in which the client was last located.

ELIN—The Emergency Location Identification Number. This is applicable only to the wired clients that are located by MSE.

Civic Address—The fields on the Civic Address tab are populated if a civic address is imported for a client. This is applicable only to the wired clients that are located by MSE.

Advanced—Detailed information about the client. The fields on this tab are populated if a civic address is imported for a client.

For more information on importing Civic information for the client, see the "Configuring a Switch Location" section.

Wired Location History

You can view the Location History for wired clients.


Note The wired clients must be located by MSE and the history for wired clients must be enabled on the MSE.


The following Location History information is displayed for a client:

Timestamp

State

Port Type

Slot

Module

Port

User Name

IP Address

Switch IP

Server Name

Map Location

Civic Location

Wireless Location History

You can view the Location History for wireless clients.


Note The wireless clients must be located by MSE and the history for wired clients must be enabled on the MSE.


Client CCXv5 Information

CCXv5 clients are client devices that support Cisco Compatible Extensions Version 5 (CCXv5). Reports specific to CCXv5 clients provide client details that enhance client diagnostics and troubleshooting.


Note The CCXv5 manufacturing information is displayed for CCXv5 clients only.


To view specific client details, perform a client search using the applicable search parameters. For more information on performing a client search, see the "Client CCXv5 Information" section or the "Advanced Search" section.

CCXv5 information is displayed in the Monitor Clients > Client Details page. CCXv5 information includes the following:

CCXv5 Manufacturing Information:

Organizationally Unique Identifier—The IEEE assigned organizational unique identifier, for example, the first 3 bytes of the MAC address of the wireless network connected device.

ID—The manufacturer identifier of the wireless network adapter.

Model—Model of the wireless network adapter.

Serial Number—Serial number of the wireless network adapter.

Radio—Radio type of the client.

MAC Address—MAC address assigned to the client.

Antenna Type—Type of antenna connected to the wireless network adapter.

Antenna Gain—The peak gain of the dBi of the antenna for directional antennas and the average gain in dBi for omni-directional antennas connected to the wireless network adapter. The gain is in multiples of 0.5 dBm. An integer value 4 means 4 x 0.5 = 2 dBm of gain.


Note Click More to view the following additional CCXv5 parameters.


Automated Troubleshooting Report—If the automated test runs, this report displays the location of automated troubleshooting log AUTO_TS_LOG<ClientMac>.txt. If no automated test runs, Not Exists appears.

Click Export to save the .zip file. The file contains three logs: automated troubleshoot report, frame log, and watch list log.


Note The Settings > Client page allows you to enable automatic client troubleshooting on a diagnostic channel. This feature is only available for Cisco Compatible Extension clients version 5. See the "Processing Diagnostic Trap" section for more information.


Radio Receiver Sensitivity—Displays receiver sensitivity of the wireless network adapter including the following:

Radio

Data Rate

Minimum and Maximum RSSI

CCXV5 Capability Information—Displays the Capability Information parameters for CCXv5 clients only.

Radio

Client Status—Success or failure.

Service Capability—Service capabilities such as voice, streaming (uni-directional) video, interactive (bi-directional) video.

Radio Channels—Identifies the channels for each applicable radio.

Transmit Data Rates—Identifies the transmission data rates (Mbps) for each radio.

Transmit Power Values—Identifies the transmission power values including:

Power mode

Radio

Power (dBm)

Exporting Clients and Users

You can quickly export your clients and users list into a CSV file (spreadsheet format with comma-separated values).


Note The columns that are shown in the Clients and Users table are only exported to the CSV file.


To export the clients and users list, follow these steps:


Step 1 Choose Monitor > Clients and Users.

Step 2 Click the icon on the toolbar. A dialog box appears.

Step 3 In the File Download dialog box, click Save.


Client Troubleshooting

You can begin troubleshooting several ways: by entering a MAC address on the Client dashboard, by using the search function, or by selecting a row in the Monitor > Clients and Users page. Any of these methods provides all the information necessary to troubleshoot historical client issues. You can monitor the status of the connection, verify the current and past locations of a user, and troubleshoot client connectivity problems. You might want to use the client troubleshooting option if a user experiences repeated connectivity issues. The Client Details page shows SNR over time, RSSI over time, client reassociations, client reauthentications, and any RRM events. An administrator can correlate reassociations and reauthentications and determine if the problem was with the network or client.


Note You can troubleshoot current client issues only. You cannot troubleshoot the historic client issues. However, for location assisted clients, you can find the location history.



Note The client troubleshooting feature is available for identity wired clients only. This feature is not available for non-identity wired clients.


Prime Infrastructure provides integrated management for wired and wireless devices or clients. You can monitor and troubleshoot both wired and wireless clients. SNMP is used to discover clients and collect client data. The ISE is polled periodically to collect client statistics and other attributes to populate related dashboard dashlets and reports. If the ISE is added to the systems and devices are authenticating to it, the Client Details page displays security information.

To launch the Client Troubleshooting tool, select a client, and then click the icon indicated above the IP address that you want to troubleshoot. The Troubleshooting Client page appears.

The troubleshooting page displays the following states for wired clients:

Link Connectivity

802.1X Authentication

MAC Authentication

Web Authentication

IP Connectivity

Authorization

Successful Connection


Note The exact states displayed depend on the level of security used by the client.


The following are the security mechanisms used by clients:

802.1X

MAC Authentication

Web Authentication

Table 10-2 summarizes the validity of states against the security types. The states are arranged in the order the client goes through.

Table 10-2 Security Mechanisms 

Security/ Client State
Link Connectivity
802.1X Authentication
MAC Authentication
Web Authentication
IP Connectivity
Authorization

802.1X

X

X

-

-

X

X

MAC Authentication

X

-

X

-

X

X

Web Authentication

X

-

-

X

X

X


Table 10-3 provides the list of problems and suggested actions depending on the state in which a client failed:

Table 10-3 Client State, Problem, and Suggested Action 

Client State
Problem
Suggested Action

Link Connectivity

Cannot find the client in network

Check whether the client cable is plugged into the network

Check whether the client is using the proper cable to connect to the network

Make sure that the port to which client is connected is not disabled administratively.

Make sure that the port to which client is connected is not error disabled.

Check whether the speed and duplex are set to Auto on the port to which the client is connected.

Authentication in progress

If the client has been in this state for a long time, check the following:

Check whether the supplicant on the client is configured properly as required.

Modify the timers related to authentication method and try again.

If you are not sure which authentication method works with the client, use the fall back authentication feature.

Try disconnecting and reconnecting.

802.1X Authentication

802.1X Authentication Failure

Check whether the RADIUS server(s) is reachable from the switch.

Check whether the client choice of EAP is supported by RADIUS server(s).

Check whether the username/password/certificate of the client is valid.

See whether the certificates used by RADIUS server are accepted by the client.

MAC Authentication

MAC Authentication Failure

Check whether the RADIUS server(s) is reachable from the switch.

Check whether the MAC address of the client is in the list of known clients on the RADIUS server.

Check whether the MAC address of the client is not in the list of excluded clients.

Web Authentication

Client could not be authenticated through web/guest interface

Check that the guest credentials are valid and not expired.

Check whether the client can be redirected to the login page.

Check whether the RADIUS server is reachable.

Confirm that pop-ups are not blocked.

Check that the DNS resolution on the client is working.

Check that the client is not using any proxy settings.

Check whether the client can access https://<virtual-ip>/login.html

Check whether the browser of the client accepts the self-signed certificate offered by the controller.

IP Connectivity

Client could not complete DHCP interaction

Check whether the DHCP server is reachable.

Check whether the DHCP server is configured to serve the WLAN.

Check whether the DHCP scope is exhausted.

Check whether multiple DHCP servers are configured with overlapping scopes.

Check that the local DHCP server is present if DHCP bridging mode is enabled (move it to second) client is configured to get the address from the DHCP server.

Check if the client has static IP configured and ensure that the client generates IP traffic.

Authorization

Authorization Failure

Check that the VLAN defined for authorization is available on the switch.

Check that the default port ACL is configured for ACL authorization.

Successful Connection

None

None.


Using the Search Feature to Troubleshoot Clients

Client search is the primary method used to locate clients. For a detailed description of the search feature, see to the "Using the Search Feature" section.

To troubleshoot a client using the Search feature, follow these steps:


Step 1 Choose Monitor > Clients and Users.

Step 2 Type the full or partial client MAC address in the Advanced Search text box, and click Search. The Search Results page appears.

Step 3 Click View List to see the clients that match the search criteria in the Clients page. The Monitor > Clients and Users page appears.


Note You can click the Reset link to set the table to the default display so that the search criteria is no longer applied.


Step 4 Select a client, and then click the icon indicated above the IP address that you want to troubleshoot. The Troubleshooting Client page appears. If you are troubleshooting a Cisco Compatible Extension v5 client (wireless), your Troubleshooting Client page has additional tabs.


Note If you receive a message that the client does not seem to be connected to any access point, you must reconnect the client and click Refresh.



Note You can use the detach/clone icon located in the top right corner of the page to detach the current page into a new window/tab.



Note Click Go back to return to the page from where you launched client troubleshooting. For example, if you have launched client troubleshooting from the list page, you can return to the list page.


The summary page briefly describes the problem and recommends a course of action.


Note Some Cisco Compatible Extension features do not function properly when you use a web browser other than Mozilla Firefox 11.0 or later or Internet Explorer 8 or later on a Windows workstation.


Step 5 To view log messages logged against the client, click the Log Analysis tab.

Step 6 To begin capturing log messages about the client from the controller, click Start. To stop log message capture, click Stop. To clear all log messages, click Clear.


Note Log messages are captured for ten minutes and then stopped automatically. You must click Start to continue.


Step 7 To select log messages to display, click one of the links under Select Log Messages (the number between parentheses indicates the number of messages). The messages appear in the group box. The message includes the following information:

A status message

The controller time

A severity level of info or error (errors are displayed in red)

The controller to which the client is connected

Step 8 To display the event history of a client, click the Event History tab.

Event History provides messages related to connectivity events for this client. In this example, the client failed to successfully authenticate. The date/time information is provided to assist the network administrator in troubleshooting this client.

Step 9 To view the event log, click the Event Log tab. Click Start to begin capturing log messages from the client. When a sufficient number of messages have been collected, click Stop.


Note The Client Troubleshooting Event log and Messaging features are available to CCX Version 6 clients only if the Management Service version is 2 and later.


Step 10 If you click the ACS View Server tab, you can interact with the Cisco Access Control (ACS) System View Server. This tab displays the latest authentication records received either from an ACS View server or Identity Services Engine (ISE), whichever is configured in Prime Infrastructure. You must have View Server credentials established before you can access this tab. (The tab shows the server list as empty if no view servers are configured.) See the "Configuring ACS View Server Credentials" section for steps on establishing credentials.

If the ACS View Server is already configured, you can select a time range and click Submit to retrieve the authentication records from the ACS View Server. Prime Infrastructure uses the ACS View NS API to retrieve the records.

Step 11 You can click the Identity Services Engine tab to view information about the ISE authentication. Enter the date and time ranges to retrieve the historical authentication and authorization information, and click Submit. The results of the query are displayed in the Authentication Records portion of the page.

Step 12 You can click the CleanAir tab to view information about the air quality parameters and the active interferers for the CleanAir enabled access point. This tab provides the following information about the air quality detected by the CleanAir-enabled access point.

AP Name—Click to view the access point details. See the "Monitoring Access Points Details" section for more information.

AP MAC Address

Radio

CleanAir Capable—Indicates if the access point is CleanAir Capable.

CleanAir Enabled—Indicates if CleanAir is enabled on this access point.

Admin Status—Enabled or disabled.

Operational Status—Displays the operational status of the Cisco Radio(s) (Up or Down).

Channel—The channel upon which the Cisco Radio is broadcasting.

Extension Channel—Indicates the secondary channel on which the Cisco Radio is broadcasting.

Channel Width—Indicates the channel bandwidth for this radio interface. See the "Configuring 802.11a/n RRM Dynamic Channel Allocation" section for more information on configuring channel bandwidth.

Power Level—Access Point transmit power level: 1 = Maximum power allowed per Country Code setting, 2 = 50% power, 3 = 25% power, 4 = 6.25 to 12.5% power, and 5 = 0.195 to 6.25% power.

The power levels and available channels are defined by the Country Code setting, and are regulated on a country by country basis.

Average AQ Index—Average air quality index.

Minimum AQ Index—Minimum air quality index.

The following information about the active interferers is displayed:

Interferer Name—The name of the interfering device.

Affected Channels—The channel the interfering device is affecting.

Detected Time—The time at which the interference was detected.

Severity—The severity index of the interfering device.

Duty Cycle(%)—The duty cycle (in percentage) of the interfering device.

RSSI(dBm)—The Received Signal Strength Indicator of the interfering device.

Click CleanAir Details to know more about the air quality index.

Step 13 (Optional) If Cisco Compatible Extension Version 5 or Version 6 clients are available, you can click the Test Analysis tab.


Note The Client Troubleshooting Test Analysis feature is available to CCX Version 6 clients only if Management Service version is 2 and later.


The Test Analysis tab allows you to run a variety of diagnostic tests on the client. Select the check box for the applicable diagnostic test, enter any appropriate input information, and click Start. The following diagnostic tests are available:

DHCP—Executes a complete DHCP Discover/Offer/Request/ACK exchange to determine that the DHCP is operating properly between the controller and the client.

IP Connectivity—Causes the client to execute a ping test of the default gateway obtained in the DHCP test to verify that IP connectivity exists on the local subnet.

DNS Ping—Causes the client to execute a ping test of the DNS server obtained in the DHCP test to verify that IP connectivity exists to the DNS server.

DNS Resolution—Causes the DNS client to attempt to resolve a network name known to be resolvable to verify that name resolution is functioning correctly.

802.11 Association—Directs an association to be completed with a specific access point to verify that the client is able to associate properly with a designated WLAN.

802.1X Authentication—Directs an association and 802.1X authentication to be completed with a specific access point to verify that the client is able to properly complete an 802.1x authentication.

Profile Redirect—At any time, the diagnostic system might direct the client to activate one of the configured WLAN profiles and to continue operation under that profile.


Note To run the profile diagnostic test, the client must be on the diagnostic channel. This test uses the profile number as an input. To indicate a wildcard redirect, enter 0. With this redirect, the client is asked to disassociate from the diagnostic channel and to associate with any profile. You can also enter a valid profile ID. Because the client is on the diagnostic channel when the test is run, only one profile is returned in the profile list. You should use this profile ID in the profile redirect test (when wildcard redirecting is not desired).


Step 14 (Optional) If Cisco Compatible Extension Version 5 or Version 6 clients are available, a Messaging tab appears. Use this tab to send an instant text message to the user of this client. From the Message Category drop-down list, choose a message, and click Send.


Note The Client Troubleshooting Event log and Messaging features are available to CCX Version 6 clients only if the Management Service version is 2 and later.


Step 15 You can click the Identity Services Engine tab to view information about the identity services parameters. You must have an Identity Services Engine (ISE) configured before you can access this tab. (The tab shows the server list as empty if no ISEs are configured.)


Note If the ISE is not configured it provides a link to add an ISE to Prime Infrastructure.


The ISE provides authentication records to Prime Infrastructure via REST API. The network administrator can choose a time period for retrieving authentication records from the ISE.

Step 16 To view the client location history, click the Context Aware History tab.

Step 17 Close the Troubleshooting Client page.


Tracking Clients

This feature enables you to track clients and be notified when these clients connect to the network.

To track clients, follow these steps:


Step 1 Choose Monitor > Clients and Users.

Step 2 Click Track Clients. The Track Clients dialog box appears listing the currently tracked clients.


Tip This table supports a maximum of 2000 rows. To add or import new rows, you must first remove some older entries.


Step 3 To track a single client, click Add, and then enter the following parameters:

Client MAC address

Expiration—Choose Never or enter a date.

Step 4 To track multiple clients, click Import. This allows you to import a client list from a CSV file. Enter MAC Address and username.

A sample CSV file can be downloaded that provides data format:

# MACAddress, Expiration: Never/Date in MM/DD/YYYY format
00:40:96:b6:02:cc,10/07/2010
00:02:8a:a2:2e:60,Never

Notification Settings

To specify notification settings for the tracked clients, follow these steps:


Step 1 Choose Monitor > Clients and Users.

Step 2 Click Track Clients. The Track Clients dialog box appears listing the currently tracked clients.

Step 3 Select the tracked client(s) for which you want to specify notification settings.

Step 4 Specify the notification settings. There are three options for notifications:

a. Purged Expired Entries—You can set the duration to keep tracked clients in Prime Infrastructure database. Clients can be purged as follows:

after 1 week

after 2 weeks

after 1 month

after 2 months

after 6 months

kept indefinitely

b. Notification Frequency—You can specify when Prime Infrastructure sends a notification of a tracked client:

on first detection

on every detection

c. Notification Method—You can specify that the tracked client event generates an alarm or sends an e-mail.

Step 5 Click Save.


Identifying Unknown Users

Not all users or devices are authenticated via 802.1x (for example, printers). In such a case, a network administer can assign a username to a device.

If a client device is authenticated to the network through web auth, Prime Infrastructure might not have username information for the client (applicable only for wired clients).

Clients are marked as unknown when the NMSP connection to the wired switch is lost. A client status (applicable only for wired client) is noted as connected, disconnected, or unknown:

Connected clients—Clients that are active and connected to a wired switch.

Disconnected clients—Clients that are disconnected from the wired switch.

Unknown clients—Clients that are marked as unknown when the NMSP connection to the wired switch is lost.

To view the unknown devices, follow these steps:


Step 1 Choose Monitor > Clients and Users.

Step 2 Click Identify Unknown Users.

Step 3 Click Add to assign client MAC addresses to username.

Step 4 Enter the MAC address and username.


Note Once a client and MAC address have been added, Prime Infrastructure uses this data for client lookup based on the matching MAC address.


Step 5 Click Add.

Step 6 Repeat Step 3 to Step 5 to enter a MAC Address and its corresponding username for each client.

Step 7 Click Save.


Note This table supports a maximum of 10,000 rows. To add or import new rows, you must first remove some older entries.



Configuring the Search Results Display

The Edit View page allows you to add, remove, or reorder columns in the Clients table.

To edit the available columns in the Clients table, follow these steps:


Step 1 Choose Monitor > Clients and Users.

Step 2 Click the Edit View link.

Step 3 To add an additional column to the Clients table, click to highlight the column heading in the left column. Click Show to move the heading to the right column. All items in the right column are displayed in the Clients table.

Step 4 To remove a column from the Clients table, click to highlight the column heading in the right column. Click Hide to move the heading to the left column. All items in the left column are not displayed in the Clients table.

Step 5 Use the Up/Down buttons to specify the order in which the information appears in the table. Highlight the desired column heading and click Up or Down to move it higher or lower in the current list.

Step 6 Click Reset to restore the default view.

Step 7 Click Submit to confirm the changes.


Note Additional client parameters include: AP MAC Address, Anchor Controller, Authenticated, CCX, Client Host Name, Controller IP Address, Controller Port, E2E, Encryption Cipher, MSE, RSSI, SNR, and FlexConnect Local Authentication.



Enabling Automatic Client Troubleshooting

In the Settings > Client page, you can enable automatic client troubleshooting on a diagnostic channel. This feature is available only for Cisco Compatible Extension clients Version 5.

To enable automatic client troubleshooting, follow these steps:


Step 1 Choose Administration > Settings.

Step 2 From the left sidebar menu, choose Client.

Step 3 Select the Automatically troubleshoot client on diagnostic channel check box.


Note When the check box is selected, Prime Infrastructure processes the diagnostic association trap. When it is not selected, Prime Infrastructure raises the trap, but automated troubleshooting is not initiated.


Step 4 Click Save.


Viewing Client Details in the Access Point Page

You can also view the client information from the access point page. Choose Monitor > Access Points. Click an access point URL from the column to see details about that access point. Click the Current Associated Clients tab.

Viewing Currently Associated Clients

You can also view the currently associated clients (wired) from the switch details page. Choose Monitor > Controllers, select an IP address, and choose Clients > Current Associated Clients from the left sidebar menu.

Running Client Reports

You can run client reports such as busiest clients, client count, client sessions, client summary, throughput, unique clients and v5 clients statistics from the Report Launch pad. See the "Creating and Running a New Report" section.

Running ISE Reports

You can also launch ISE reports from the Report Launch pad. See the "Creating and Running a New Report" section. For more information about running the ISE reports, see the ISE online help.

Specifying Client Settings

The Administration > Settings > Client page allows you to specify various client settings. For details, see "Configuring Clients" section.

Receiving Radio Measurements for a Client

In the client page, you can receive radio measurements only if the client is Cisco Compatible Extensions v2 (or higher) and is in the associated state (with a valid IP address). If the client is busy when asked to do the measurement, it determines whether to honor the measurement or not. If it declines to make the measurement, it shows no data from the client.


Note This feature is available to CCX Version 6 clients only if the Foundation service version is 1 or later.


To receive radio measurements, follow these steps:


Step 1 Choose Monitor > Clients and Users.

Step 2 Choose a client from the Client Username column.


Note You can also perform a search for a specific client using Prime Infrastructure Search feature. See the "Using the Search Feature" section or the "Advanced Search" section for more information.


Step 3 From the Test drop-down list, choose Radio Measurement.


Note The Radio Measurement option only appears if the client is Cisco Compatible Extensions v2 (or higher) and is in the associated state (with a valid IP address).


Step 4 Select the check box to indicate if you want to specify beacon measurement, frame measurement, channel load, or noise histogram.

Step 5 Click Initiate. The different measurements produce differing results. See the "Radio Measurement Results for a Client" section for more information.


Note The measurements take about 5 milliseconds to perform. A message from Prime Infrastructure indicates the progress. If the client chooses not to perform the measurement, that is communicated.



Radio Measurement Results for a Client

Depending on the measurement type requested, the following information might appear:

Beacon Response

Channel—The channel number for this measurement

BSSID—6-byte BSSID of the station that sent the beacon or probe response

PHY—Physical Medium Type (FH, DSS, OFDM, high rate DSS or ERP)

Received Signal Power—The strength of the beacon or probe response frame in dBm

Parent TSF—The lower 4 bytes of serving access point TSF value

Target TSF—The 8-byte TSF value contained in the beacon or probe response

Beacon Interval—The 2-byte beacon interval in the received beacon or probe response

Capability information—As found in the beacon or probe response

Frame Measurement

Channel—Channel number for this measurement

BSSID—BSSID contained in the MAC header of the data frames received

Number of frames—Number of frames received from the transmit address

Received Signal Power—The signal strength of 802.11 frames in dBm

Channel Load

Channel—The channel number for this measurement

CCA busy fraction—The fractional duration over which CCA indicated the channel was busy during the measurement duration defined as ceiling (255 times the duration the CCA indicated channel was busy divided by measurement duration)

Noise Histogram

Channel—The channel number for this measurement

RPI density in each of the eight power ranges

Viewing Client V5 Statistics

To access the Statistics request page, follow these steps:


Step 1 Choose Monitor > Clients and Users.

Step 2 Choose a client from the Client Username column.

Step 3 From the Test drop-down list, choose V5 Statistics.


Note This menu is shown only for CCX v5 and later clients.


Step 4 Click Go.

Step 5 Select the desired type of stats (Dot11 Measurement or Security Measurement).

Step 6 Click Initiate to initiate the measurements.


Note The duration of measurement is five seconds.


Step 7 Depending on the V5 Statistics request type, the following counters are displayed in the results page:

Dot11 Measurement

Transmitted Fragment Count

Multicast Transmitted Frame Count

Failed Count

Retry Count

Multiple Retry Count

Frame Duplicate Count

Rts Success Count

Rts Failure Count

Ack Failure Count

Received Fragment Count

Multicast Received Frame Count

FCS Error Count—This counter increments when an FCS error is detected in a received MPDU.

Transmitted Frame Count

Security

Pairwise Cipher

Tkip ICV Errors

Tkip Local Mic Failures

Tkip Replays

Ccmp Replays

Ccmp Decryp Errors

Mgmt Stats Tkip ICV Errors

Mgmt Stats Tkip Local Mic Failures

Mgmt Stats Tkip Replays

Mgmt Stats Ccmp Replays

Mgmt Stats Ccmp Decrypt Errors

Mgmt Stats Tkip MHDR Errors

Mgmt Stats Ccmp MHDR Errors

Mgmt Stats Broadcast Disassociate Count

Mgmt Stats Broadcast Deauthenticate Count

Mgmt Stats Broadcast Action Frame Count


Viewing Client Operational Parameters

To view specific client operational parameters, follow these steps:


Step 1 Choose Monitor > Clients and Users.

Step 2 Choose a client from the Client Username column.

Step 3 From the Test drop-down list, choose Operational Parameters.

The following information is displayed:

Operational Parameters:

Device Name—User-defined name for device.

Client Type—Client type can be any of the following:

laptop(0)

pc(1)

pda(2)

dot11mobilephone(3)

dualmodephone(4)

wgb(5)

scanner(6)

tabletpc(7)

printer(8)

projector(9)

videoconfsystem(10)

camera(11)

gamingsystem(12)

dot11deskphone(13)

cashregister(14)

radiotag(15)

rfidsensor(16)

server(17)

SSID—SSID being used by the client.

IP Address Mode—The IP address mode such as static configuration or DHCP.

IPv4 Address—IPv4 address assigned to the client.

IPv4 Subnet Address—IPv4 subnet address assigned to the client.

IPv6 Address—IPv6 address assigned to the client.

IPv6 Subnet Address—IPv6 address assigned to the client.

Default Gateway—The default gateway chosen for the client.

Operating System—Identifies the operating system that is using the wireless network adaptor.

Operating System Version—Identifies the version of the operating system that is using the wireless network adaptor.

WNA Firmware Version—Version of the firmware currently installed on the client.

Driver Version—

Enterprise Phone Number—Enterprise phone number for the client.

Cell Phone Number—Cell phone number for the client.

Power Save Mode—Displays any of the following power save modes: awake, normal, or maxPower.

System Name—

Localization—

Radio Information:

Radio Type—The following radio types are available:

unused(0)

fhss(1)

dsss(2)

irbaseband(3)

ofdm(4)

hrdss(5)

erp(6)

Radio Channel—Radio channel in use.

DNS/WNS Information:

DNS Servers—IP address for DNS server.

WNS Servers—IP address for WNS server.

Security Information:

Credential Type—Indicates how the credentials are configured for the client.

Authentication Method—Method of authentication used by the client.

EAP Method—Method of Extensible Authentication Protocol (EAP) used by the client.

Encryption Method—Encryption method used by the client.

Key Management Method—Key management method used by the client.


Viewing Client Profiles

To view specific client profile information, follow these steps:


Step 1 Choose Monitor > Clients and Users.

Step 2 Choose a client from the Client Username column.

Step 3 From the More drop-down list, choose Profiles.

The following information is displayed:

Profile Name—List of profile names as hyperlinks. Click to display the profile details.

SSID—SSID of the WLAN to which the client is associated.


Disabling a Current Client

To disable a current client, follow these steps:


Step 1 Choose Monitor > Clients and Users.

Step 2 Choose a client that you want to disable.

Step 3 Click Disable. The Disable Client page appears.

Step 4 Enter a description in the Description text box.

Step 5 Click OK.


Note Once a client is disabled, it cannot join any network/ssid on controller(s). To reenable the client, choose Configure > Controllers > IP Address > Security > Manually Disabled Clients, and remove the client entry.



Removing a Current Client

To remove a current client, follow these steps:


Step 1 Choose Monitor > Clients and Users.

Step 2 Choose a client that you want to remove.

Step 3 Choose Remove.

Step 4 Click Remove to confirm the deletion.


Enabling Mirror Mode

When enabled, mirror mode enables you to duplicate (to another port) all of the traffic originating from or terminating at a single client device or access point.


Note Mirror mode is useful in diagnosing specific network problems but should only be enabled on an unused port as any connections to this port become unresponsive.


To enable mirror mode, follow these steps:


Step 1 Choose Monitor > Clients and Users.

Step 2 Choose a client from the Client Username column.

Step 3 From the More drop-down list, choose Enable Mirror Mode.

Step 4 Click Go.


Viewing a Map (High Resolution) of a Client Recent Location

To display a high-resolution map of the client recent location, follow these steps:


Step 1 Choose Monitor > Clients and Users.

Step 2 Choose a client from the Client Username column.

Step 3 From the More drop-down list, choose Recent Map (High Resolution).

Step 4 Click Go.


Viewing a Map (High Resolution) of a Client Current Location

To display a high-resolution map of the client present location, follow these steps:


Step 1 Choose Monitor > Clients and Users.

Step 2 Choose a client from the Client Username column.

Step 3 From the More drop-down list, choose Present Map (High Resolution).

Step 4 Click Go.


Running a Client Sessions Report for the Client

To view the most recent client session report results for this client, follow these steps:


Step 1 Choose Monitor > Clients and Users.

Step 2 Choose a client from the Client Username column.

Step 3 From the More drop-down list, choose Client Sessions Report.

Step 4 Click Go. The Client Session report details display. See the "Client Sessions" section for more information.


Viewing a Roam Reason Report for the Client

To view the most recent roam report for this client, follow these steps:


Step 1 Choose Monitor > Clients and Users.

Step 2 Choose a client from the Client Username column.

Step 3 From the More drop-down list, choose Roam Reason.

Step 4 Click Go.

This page displays the most recent roam report for the client. Each roam report has the following information:

New AP MAC address

Old (previous) AP MAC address

Previous AP SSID

Previous AP channel

Transition time—Time that it took the client to associate to a new access point.

Roam reason—Reason for the client roam.


Viewing Detecting Access Point Details

To display details of access points that can hear the client including at which signal strength/SNR, follow these steps:


Step 1 Choose Monitor > Clients and Users.

Step 2 Choose a client from the Client Username column.

Step 3 From the More drop-down list, choose Detecting APs.

Step 4 Click Go.


Viewing Client Location History

To display the history of the client location based on RF fingerprinting, follow these steps:


Step 1 Choose Monitor > Clients and Users.

Step 2 Choose a client from the Client Username column.

Step 3 From the More drop-down list, choose Location History.

Step 4 Click Go.


Viewing Voice Metrics for a Client

To view traffic stream metrics for this client, follow these steps:


Step 1 Choose Monitor > Clients and Users.

Step 2 Choose a client from the Client Username column.

Step 3 From the More drop-down list, choose Voice Metrics.

Step 4 Click Go.

The following information appears:

Time—Time that the statistics were gathered from the access point(s).

QoS

AP Ethernet MAC

Radio

% PLR (Downlink)—Percentage of packets lost on the downlink (access point to client) during the 90 second interval.

% PLR (Uplink)—Percentage of packets lost on the uplink (client to access point) during the 90 second interval.

Avg Queuing Delay (ms) (Uplink)—Average queuing delay in milliseconds for the uplink. Average packet queuing delay is the average delay of voice packets traversing the voice queue. Packet queue delay is measured beginning when a packet is queued for transmission and ending when the packet is successfully transmitted. It includes time for re-tries, if needed.

% Packets > 40 ms Queuing Delay (Downlink)——Percentage of queuing delay packets greater than 40 ms.

% Packets 20ms—40ms Queuing Delay (Downlink)—Percentage of queuing delay packets greater than 20 ms.

Roaming Delay—Roaming delay in milliseconds. Roaming delay, which is measured by clients, is measured beginning when the last packet is received from the old access point and ending when the first packet is received from the new access point after a successful roam.