Guest

Cisco Aironet 1520 Series

Cisco Aironet 1520, 1130, 1240 Series Wireless Mesh Access Points, Design and Deployment Guide, Release 6.0

  • Viewing Options

  • PDF (8.0 MB)
  • Feedback
Cisco Aironet 1520, 1130, 1240 Series Wireless Mesh Access Points, Design and Deployment Guide, Release 6.0

Table Of Contents

Cisco Aironet 1520, 1130, 1240 Series Wireless Mesh Access Points, Design and Deployment Guide, Release 6.0

Contents

Mesh Network Components

Mesh Access Points

Licensing for Indoor Mesh Access Points on a 5500 Series Controller

Access Point Roles

Network Access

Network Segmentation

Cisco 1130 and 1240 Indoor Mesh Access Points

Cisco 1520 Series Outdoor Mesh Access Points

Cisco Wireless LAN Controllers

Cisco WCS

Mesh Deployment Modes

Wireless Mesh Network

Wireless Backhaul

Architecture Overview

CAPWAP

CAPWAP Discovery on a Mesh Network

Dynamic MTU Detection

XML Configuration File

AWPP

Traffic Flow

Mesh Neighbors, Parents, and Children

Design Considerations

Wireless Mesh Constraints

Controller Planning

Site Preparation and Planning

Site Survey

Pre-Survey Checklist

Outdoor Site Survey

Determining Line of Sight

Weather

Fresnel Zone

Fresnel Zone Size in Wireless Mesh Deployments

Hidden Nodes Interference

Co-Channel Interference

Wireless Mesh Network Coverage Considerations

Cell Planning and Distance

Wireless Propagation Characteristics

Wireless Mesh Mobility Groups

Increasing Mesh Availability

Indoor WLAN Network to Outdoor Mesh

Connecting the Cisco 1520 Series Mesh Access Point to Your Network

Upgrading to Release 6.0

Mesh and Mainstream Releases on the Controller

Software Upgrade Procedure

Adding Mesh Access Points to the Mesh Network

Adding MAC Addresses of Mesh Access Points to MAC Filter

Using the GUI to Add the MAC Address of the Mesh Access Point to the Controller Filter List

Defining Mesh Access Point Role

Verifying Layer 3 Configuration

Configuring Multiple Controllers Using DHCP 43 and DHCP 60

Configuring External Authentication and Authorization Using a RADIUS Server

Configuring Global Mesh Parameters

Configuring Local Mesh Parameters

Configuring Advanced Features

Configuring Ethernet VLAN Tagging

Client Roaming

Configuring Voice Parameters in Indoor Mesh Networks

Voice Call Support in a Mesh Network

Enabling Mesh Multicast Containment for Video

IGMP Snooping

Checking the Health of the Network

Show Mesh Commands

Viewing Mesh Statistics for a Mesh Access Point

Using the GUI to View Mesh Statistics for a Mesh Access Point

Using the CLI to View Mesh Statistics for an Mesh Access Point

Viewing Neighbor Statistics for an Mesh Access Point

Using the GUI to View Neighbor Statistics for a Mesh Access Point

Using the CLI to View Neighbor Statistics for a Mesh Access Point

Troubleshooting

Installation and Connections

Debug Commands

Remote Debug Commands

AP Console Access

Mesh Access Point CLI Commands

Mesh Access Point Debug Commands

Mesh Access Point Roles

Backhaul Algorithm

Passive Beaconing (Anti-Stranding)

DFS

Misconfiguration of BGN

Misconfiguration of the Mesh Access Point IP Address

Misconfiguration of DHCP

Identifying the Node Exclusion Algorithm

Throughput Analysis

Adding and Managing Mesh Access Points with Cisco WCS

Adding Campus Maps, Outdoor Areas, and Buildings with Cisco WCS

Adding Campus Maps

Adding Outdoor Areas

Adding a Building to a Campus Map

Adding Mesh Access Points to Maps with Cisco WCS

Monitoring Mesh Access Points Using Google Earth

Launching Google Earth in Cisco WCS

Viewing Google Earth Maps

Adding Indoor Mesh Access Points to Cisco WCS

Managing Mesh Access Points with Cisco WCS

Monitoring Mesh Networks Using Maps

Monitoring Mesh Health

Mesh Statistics for a Mesh Access Point

Viewing the Mesh Network Hierarchy

Using Mesh Filters to Modify Map Display of Maps and Mesh Links

Monitoring WGB

Viewing AP Last Reboot Reason


Cisco Aironet 1520, 1130, 1240 Series Wireless Mesh Access Points, Design and Deployment Guide, Release 6.0


Last revised: August 11, 2009

This document provides design and deployment guidelines for the deployment of secure enterprise, campus, and metropolitan Wi-Fi networks within the Cisco wireless mesh networking solution, a component of the Cisco Unified Wireless Network (CUWN).

Mesh networking employs Cisco 1520 Series outdoor mesh access points and Cisco 1130 and 1240 Series indoor mesh access points along with the Cisco wireless LAN controller, and Cisco Wireless Control System (WCS) to provide scalable, central management, and mobility between indoor and outdoor deployments. Control and Provisioning of Wireless Access Points (CAPWAP) protocol manages the connection of mesh access points to the network.

End-to-end security within the mesh network is supported by employing Advanced Encryption Standard (AES) encryption between the wireless mesh access points and Wi-Fi Protected Access 2 (WPA2) clients. This document also outlines radio frequency (RF) components to consider when designing an outdoor network.

The features for the following products are described:

Cisco Aironet 1520 (1522, 1524) Series outdoor mesh access points.

Cisco Aironet 1130 and 1240 Series indoor mesh access points.

Mesh features in Cisco wireless LAN controller releases 4.1.190.5, 4.1.191.24M, 4.1.192.xxM, 4.2.176.51M, and 5.2.x. (Mesh features are not supported in controller releases 5.0.x and 5.1.x).

Mesh features in Cisco WCS releases 4.1.90, 4.2, 5.0, 5.1, 5.2, and 6.0.

Contents

Mesh Network Components

The Cisco wireless mesh network has four core components:

Cisco Aironet 1520, 1240, and 1130 Series mesh access points


Note Cisco Aironet 1505 and 1510 mesh access points are not supported in this release.


Cisco wireless LAN controller (hereafter referred to as controller)

Cisco WCS

Mesh software architecture

Mesh Access Points

Licensing for Indoor Mesh Access Points on a 5500 Series Controller

In order to use indoor mesh access points (1130, 1240) with a 5500 series controller, a wplus license must be used on the controller. If an indoor mesh access point attempts to join a controller that is using only a base license (and not the wplus license), the following message appears in the controller trap log: "License Not Available for feature: IndoorMeshAP." To view the controller trap log, choose Monitor and click View All under "Most Recent Traps" on the controller GUI.

Refer to Chapter 4 of the Cisco Wireless LAN Controller Configuration Guide, Release 6.0 for information on obtaining and installing licenses:

http://www.cisco.com/en/US/docs/wireless/controller/6.0/configuration/guide/Controller60CG.html


Note Outdoor mesh access points (1522, 1524PS, and 1524SB) do not require a wplus license.



Note Other controller platforms (such as the 2100 and 4400 series controllers) also require a license for use with indoor mesh access points. Refer to the Cisco Enterprise Wireless Mesh Licensing and Ordering Guide:
http://www.cisco.com/en/US/products/ps6087/products_data_sheets_list.html


Access Point Roles

Access points within a mesh network operate as either a root access point (RAP) or a mesh access point (MAP).


Note All mesh access points are shipped configured as a MAP. You must reconfigure the mesh access point for it to be a RAP. At least one RAP must exist in all mesh networks.


RAPs have wired connections to their controller, and MAPs have wireless connections to their controller.

MAPs communicate among themselves and back to the RAP using wireless connections over the 802.11a radio backhaul. MAPs use the Cisco Adaptive Wireless Path Protocol (AWPP) to determine the best path through the other mesh access points to the controller.

All the possible paths between the MAPs and RAPs form the wireless mesh network. Figure 1 shows the relationship between RAPs and MAPs in a mesh network.

Figure 1 Simple Mesh Network Hierarchy

Network Access

Wireless mesh networks can simultaneously carry two different traffic types: wireless LAN client traffic and MAP Ethernet port traffic.

Wireless LAN client traffic terminates on the controller, and the Ethernet traffic terminates on the Ethernet ports of the mesh access points.

Access to the wireless LAN mesh for mesh access points is managed by:

MAC authentication—Mesh access points are added to a referenceable database to ensure they are allowed access to a given controller and mesh network. Refer to "Adding Mesh Access Points to the Mesh Network" section.

External RADIUS Authentication—Mesh access points can be externally authorized using a RADIUS server such as Cisco ACS (4.1 and later) that supports the client authentication type of Extensible Authentication Protocol-FAST (EAP-FAST) with certificates. Refer to the "Using the GUI to Enable External Authentication of Mesh Access Points" section.

Network Segmentation

Membership to the wireless LAN mesh network for mesh access points is controlled by bridge group names (BGNs). Mesh access points can be placed in like bridge groups to manage membership or provide network segmentation. Refer to "Using the GUI to Configure Antenna Gain" section.

Cisco 1130 and 1240 Indoor Mesh Access Points

Cisco 1130 and 1240 are indoor access points which are by default configured as local (non-mesh). Specific configuration on the controller is required to convert these indoor access points to mesh access points, and to assign a specific mesh role of RAP or MAP.

The Cisco 1130 and 1240 are equipped with two simultaneously operating radios: a 2.4-GHz radio used for client access and a 5-GHz radio used for data backhaul.

The 5-GHz radio supports the following bands: 5.15 GHz, 5.25 GHz, and 5.47 GHz.


Note Mesh 1242 access points are exclusive Indoor Mesh access points. These access points do not provide Outdoor Mesh support.


Cisco 1520 Series Outdoor Mesh Access Points

Cisco Aironet 1520 series outdoor mesh access points consist of the 1522 dual-radio mesh access point and the 1524 multi-radio mesh access points. There are two models of the 1524: (1) the public safety model, 1524PS, and (2) the serial backhaul model, 1524SB).


Note AP1524SB, introduced in release 6.0, is supported in the US, Canada, Singapore, and China.


Cisco 1520 Series mesh access points (hereafter referred to in general as AP1520s or specifically as AP1522, AP1524PS (public safety), or AP1524SB (serial backhaul) are the core components of the wireless mesh deployment. AP1520s are configured by both the controller (GUI, and CLI) and Cisco WCS. Communication between outdoor mesh access points (MAPs and RAPs) is over the 802.11a radio backhaul. Client traffic is generally transmitted over the 802.11b/g radio (but can be configured to accept client traffic), and public safety traffic (AP1524PS only) is transmitted over the 4.9-GHz radio.

The mesh access point can also operate as a relay node for other access points not directly connected to a wired network. Intelligent wireless routing is provided by AWPP. This Cisco protocol enables each mesh access point to identify its neighbors and intelligently choose the optimal path to the wired network by calculating the cost of each path in terms of signal strength and the number of hops required to get to a controller.

AP1520s are manufactured in two different configurations: cable and non-cable.

The cable configuration has three antenna connectors on the top of the unit, can be mounted to a cable strand, and supports power-over-cable (POC).

The non-cable configuration supports two antennas each on the top and bottom of the unit. It can be mounted to a pole or building wall and supports several power options.

AP1520s are available in a hazardous location hardware enclosure. When configured, the AP1520 complies with safety standards for Class I, Division 2, Zone 2 hazardous locations. Refer to the "Hardware Enclosure for Hazardous Conditions (AIR-LAP1522HZ-X-K9)" section for more details.


Note Refer to the Cisco Aironet 1520 Series Lightweight Outdoor Access Point Ordering Guide for power, mounting, antenna, and regulatory support by model: http://www.cisco.com/en/US/prod/collateral/wireless/ps5679/ps8368/product_data_sheet0900aecd8066a157.html


Cisco 1522 Mesh Access Point (Part Nos. AIR-LAP1522AG-X-K9, AIR-LAP1522HZ-X-K9, AIR-LAP1522PC-X-K9)

The AP1522 mesh access point, includes two radios: a 2.4-GHz, and a 4.9 to 5.8-GHz radio. The 2.4-GHz (802.11b/g) radio is for client access and the 5-GHz (802.11a) radio is used as the backhaul.

Uplinks support includes: Gigabit Ethernet (1000BaseT), and a small form-factor pluggable (SFP) slot for fiber (100BaseBX) or cable modem interface.

The 5-GHz radio is a 802.11a radio which covers the 4.9 to 5.8 GHz frequency band, and is used as a backhaul. It can also be used for client access if the universal client access feature is enabled.

For information on the universal access feature, refer to the "Viewing Global Mesh Parameter Settings" section.


Note AP1522s with serial numbers prior to FTX1150XXXX do not support 5 and 10 MHz channels on the 4.9-GHz radio; however, a 20-MHz channel is supported.



Note Those AP1522s with serial numbers after FTX1150XXXX support 5, 10 and 20 MHz channels.


Cisco 1524PS Mesh Access Point (Part No. AIR-LAP1524PS-X-K9)

The AP1524PS includes three radios: a 2.4-GHz, a 5.8-GHz, and a 4.9-GHz radio. The 2.4-GHz radio is for client access (non-public safety traffic) and the 4.9-GHz radio is for public safety client access traffic only. The 5.8-GHz radio can be used as the backhaul for both public safety and non-public safety traffic.

The 4.9-GHz and 5.8-GHz radios are 802.11a sub-band radios which support a subset of specific 802.11a channels and include a sub-band specific filter designed to lessen interference from other 11a sub-band radios within the same mesh access point.

The 4.9-GHz sub-band radio on the AP1524 supports public safety channels within the 5-MHz (channels 1 to 10), 10-MHz (channels 11-19), and 20-MHz (channels 20-26) bandwidths.

The following data rates are supported within the 5 MHz bandwidth: 1.5, 2.25, 3, 4.5, 6, 9, 12, and13.5 Mb/s. Default rate is 6 Mb/s.

The following data rates are supported within the 10 MHz bandwidth: 3, 4.5, 6, 9, 12, 18, 24, and 27 Mb/s. Default rate is 12 Mb/s.

Cisco 1524SB Mesh Access Point (Part No. AIR-LAP1524SB-X-K9)

The AP1524SB is introduced in release 6.0 and can operate as a RAP or a MAP.

The AP1524SB includes three radios: one 2.4-GHz radio, and two 5.8-GHz radios.

The 2.4-GHz radio is for client access (non-public safety traffic). The two 5.8-GHz radios serves as serial backhauls: one uplink and one downlink. The AP1524SB is suitable for linear deployments.

One of the 5.8-GHz radios can be used for universal access (client and backhaul traffic using an omni antenna), and the other 5.8-GHz radio can be used for backhaul traffic only (directional antenna required).

Each 5.8-GHz radio backhaul is configured with a different backhaul channel, so there is no need to use the same shared wireless medium between the north-bound and south-bound traffic in a mesh tree-based network.

On the RAP, the radio in slot 2 is used to extend the backhaul in the downlink direction; the radio in slot 1 is used for client access.

On the MAP, the radio in slot 2 is used for the backhaul in the uplink direction; the radio in slot 1 is used for the backhaul in the downlink direction as well as client access.

You only need to configure the RAP downlink (slot 2) channel. The MAPs automatically select their channels from the channel subset. The available channels for the 5.8 GHz band are 149, 153, 157, 161, and 165.

Figure 2 shows a channel selection example when the RAP downlink channel is 153.

Figure 2 Channel Selection Example

The antenna ports are labeled on the AP1524SB and are connected internally to the radios in each slot. The AP1524SB has six ports with three radio slots (0, 1, 2) as described in Table 1.

Table 1 AP1524SB Antenna Ports

Antenna Port
Radio Slot
Description

1

1

5 GHz-Used for backhaul and universal access. Universal access is configured only on slot 1.

Note Omni antenna required.

2

0

2 GHz-Used for client access.

3

0

2 GHz-Used for client access.

4

0

2 GHz-Used for client access.

5

---

Not connected.

6

2

5 GHz-Used for backhaul.

Note Directional antenna required.



Note Depending on product model, the AP1524SB could have either 5.0-GHz radios or 5.8-GHz sub-band radios installed in slot 1 and slot 2. Regardless of the radios installed, the AP1524SB running controller software release 6.0 is restricted to the UNII-3 channels (149, 153, 157, 161, and 165) in slot 1 and slot 2.


Hardware

Figure 3 shows the AP1520 (all models) and its bottom connectors (radio side view).

Figure 4 shows the AP1520 (all models) and its top connectors (radio cover view).

Figure 3 Cisco 1520 Series Mesh Access Point (radio side view)

1

Antenna port 4

7

AC input connector

2

Antenna port 5

8

Fiber port

3

Antenna port 6

9

PoE out port

4

Fiber port (optional)

10

LEDs

5

Cable POC port (optional)

11

PoE in port

6

Aux/Console port

 

Figure 4 Cisco 1520 Series Mesh Access Point (radio cover view)

1

Antenna port 3

4

Ground screw holes

2

Antenna port 2

5

DC power connector

3

Antenna port 1

 


Note For details on antennas and their selection, refer to the "Antennas" section.



Note For details on power, refer to the "Multiple Power Options" section.


Ethernet Ports

Ethernet connections (10/100) support bridging between mesh access points. AP1520s supports four Gigabit Ethernet interfaces.

Port 0 (g0) is a Power over Ethernet (PoE) input port-PoE (in)

Port 1 (g1) is a PoE output port-PoE (out)

Port 2 (g2) is a cable connection

Port 3 (g3) is a fiber connection

You can query the status of these four interfaces in the controller CLI and Cisco WCS.

In the controller CLI, the show mesh env summary command is used to display the status of the ports.

The Up or Down (Dn) status of the four ports is reported in the following format:

port0(PoE-in):port1(PoE-out):port2(cable):port3(fiber)

For example, rap1522.a380 in the display below shows a port status of UpDnDnDn. This indicates that:

PoE-in port 0 (g0) is Up, PoE-out port 1 (g1) is Down (Dn), Cable port 2 (g2) is Down (Dn) and Fiber port 3 (g3) is Down (Dn).

(controller)> show mesh env summary 
AP Name      Temperature(C/F) Heater Ethernet Battery 
--------     --------------- -------- ------- -------
rap1242.c9ef    N/A            N/A    UP       N/A 
rap1522.a380    29/84          OFF    UpDnDnDn N/A 
rap1522.4da8    31/87          OFF    UpDnDnDn N/A 
 
   

Multiple Power Options

Power options include:

90 to 480 VAC streetlight power

12 V DC

Cable power

PoE using a separate power injection system

For details on the power injection, its specifications, and installation refer to
http://www.cisco.com/en/US/docs/wireless/access_point/1520/power/guide/1520pwrinj.html

Internal battery backup power

802.3af-compliant PoE out to connect IP devices (such as a video cameras)

Battery Backup Module (Optional)

An optional battery backup module (part no. AIR-1520-BATT-6AH) is available for AP1520s.

The integrated battery can be used for temporary backup power during external power interruptions. The battery run time for AP1520s is as follows:

3-hour access point operation using two radios at 77oF (25oC) with PoE output port off

2-hour access point operation using two radios at 77oF (25oC) with PoE output port on

The battery pack is not supported on the access point cable configuration.


Note For a complete listing of optional hardware components for AP1520s such as mounting brackets, power injectors and power tap adapters refer to: http://www.cisco.com/en/US/prod/collateral/wireless/ps5679/ps8368/product_data_sheet0900aecd8066a157.html


Reset Button

The access point has a reset button located on the bottom of the unit (see Figure 5 ). The reset button is recessed in a small hole that is sealed with a screw and a rubber gasket. The reset button is used to perform these functions:

Reset the access point—press the reset button for less than 10 seconds. LEDs turn off during the reset and then reactivate when the reset is complete.

Disable battery backup power—Press the reset button for more than 10 seconds. LEDs turn off, then on, and then stay off.

You can also disable the battery remotely by entering this command:

config mesh battery-state disable AP_name

Switch off LEDS—Press the reset button for more than 10 seconds. LEDs turn off, then on, and then stay off.

Figure 5 Reset Button Location

1

Reset button location


To reset the access point, follow these steps:


Step 1 Use a Phillips screwdriver to remove the reset button screw. Be careful not to loose the screw.

Step 2 Use a straighten paperclip, and push the reset button for less than 10 seconds. This causes the access point to reboot (power cycle), all LEDs turn off for approximately 5 seconds and then the LEDs reactivate.

Step 3 Replace the reset button screw, and use a Phillips screwdriver to tighten to 22 to 24 in. lbs (2.49 to 2.71 Nm).


Monitoring LED Status

The four status LEDs on AP1520s are useful during the installation process to verify connectivity, radio status, access point status, and software status. However, once the access point is up and running and no further diagnosis is required, Cisco recommends turning off the LEDs to discourage vandalism.

If your access point is not working properly, look at the LEDs on the bottom of the unit. You can use them to quickly assess the unit's status.


Note LEDs are enabled or disabled using the following command: config ap led-state {enable | disable} {cisco_ap_name | all}.


There are four LED status indicators on AP1520s. Figure 6 shows the location of the AP1520 LEDs.

Figure 6 Access Point LEDs on the Bottom of the Unit

The table below describes each LED and its status.

1

Status LED—access point and software status

3

RF-1 LED—Status of the radio in slot 0 (2.4-GHz) and slot 2 (5.8-GHz for 1524SB and 4.9-GHz for 1524PS)).

2

Uplink LED—Ethernet, cable, or fiber status

4

RF-2 LED—Status of the radio in slot 1 (5.8-GHz) and the radio in slot 3.1

1 Slot 3 is disabled in this release.



Note The RF-1 and RF-2 LEDs monitor two radios simultaneously but do not identify the affected radio. For example, if the RF-1 LED displays a steady red LED, one or both of the radios in slots 0 and 2 have experienced a firmware failure. To identify the failing radio, you must use other means, such as the access point CLI or controller GUI to investigate and isolate the failure.


Table 2 lists the access point LED signals.

Table 2 Access Point LED Signals  

LED
Color 1 , 2
Meaning

Status

Off

Access is point is not powered on.

Green

Access point is operational.

Blinking green

Download or upgrade of Cisco IOS image file is in progress.

Amber

Mesh neighbor access point discovery is in progress.

Blinking amber

Mesh authentication is in progress.

Blinking red/green/amber

CAPWAP discovery is in progress.

Red

Firmware failure. Contact your support organization for assistance.

Uplink

Off

No physical connector is present. The uplink port is not operational.

Green

Uplink network is operational (cable, fiber optic, or Ethernet).

RF-1

Slot 0

2.4-GHz radio

Off

Radio is turned off.

Green

Radio is operational.

Red

Firmware failure. Contact your support organization for assistance.

RF-1

Slot 2

4.9-GHz radio

Off

Radio is turned off.

Green

Radio is operational.

Red

Firmware failure. Contact your support organization for assistance.

RF-2

Slot 1

802.11 a radio

Off

Radio is turned off.

Green

Radio is operational.

Red

Firmware failure. Contact your support organization for assistance.

RF-2

Slot 3

Disabled in this release.

1 If all LEDs are off, the access point has no power.

2 When the access point power supply is initially turned on, all LEDs are amber.


Regulatory Domains

For information on the channels and maximum power levels of the AP1520 supported within the world's regulatory domains refer to the Channels and Maximum Power Settings for Cisco Aironet Lightweight Access Points manual at:

http://www.cisco.com/en/US/docs/wireless/access_point/channels/lwapp/reference/guide/1520_chp.html

Frequency Bands

The 2.4 GHz and 5 GHz frequency bands are supported on the AP1130, AP1240 and AP1520 radios. Additionally, the 4.9 GHz public safety band is supported on the AP1524. (See Figure 7.)

Figure 7 Frequency Bands Supported By 802.11a Radios on AP1520s

The 5 GHz band is a conglomerate of three bands in the USA: 5.150 to 5.250 (UNII-1), 5.250 to 5.350 (UNII-2), 5.470 to 5.725 (UNII-2 Extended), and 5.725 to 5.850 (ISM). UNII-1 and the UNII-2 bands are contiguous and are indeed treated by 802.11a as being a continuous swath of spectrum 200MHz wide, more than twice the size of the 2.4GHz band.

The 4.9 GHz is a public safety channel within the 5-MHz (channels 1 to 10), 10-MHz (channels 11-19), and 20-MHz (channels 20-26) bandwidths.


Note Frequency depends on the regulatory domain in which the access point is installed. For additional information, refer to the Channels and Power Levels document at: http://www.cisco.com/en/US/docs/wireless/access_point/channels/lwapp/reference/guide/lw_chp2.html


Table 3 Frequency Band  

Frequency Band Terms
Description
Model Support

UNII-11

Regulations for UNII devices operating in the 5.15 to 5.25 GHz frequency band. Indoor operation only,

1130, 1240

UNII-2

Regulations for UNII devices operating in the 5.25 to 5.35 GHz frequency band. DFS and TPC are mandatory in this band.

1130, 1240, 1522

UNII-2 Extended

Regulations for UNII-2 devices operating in the 5.470 to 5.725 frequency band.

1130, 1240, 1522

ISM2

Regulations for UNII devices operating in the 5.725 to 5.850 GHz frequency band.

1130, 1240, 1522, 1524

1 UNII refers to the Unlicensed National Information Infrastructure.

2 ISM refers to Industrial Science and Mechanical.


Dynamic Frequency Selection

Previously, devices employing radar operated in frequency sub-bands without other competing services. However, controlling regulatory bodies are attempting to open and share these bands with new services like wireless mesh LANs (IEEE 802.11).

To protect existing radar services, the regulatory bodies require that devices wishing to share the newly opened frequency sub-band behave in accordance with a protocol named Dynamic Frequency Selection (DFS). DFS dictates that to be compliant, a radio devices must be capable of detecting the presence of radar signals. When a radio detects a radar signal, it is required to stop transmitting to for at least 30 minutes to protect that service.The radio then selects a different channel to transmit on but only after monitoring it. If no radar is detected on the projected channel for at least one minute then the new radio service device may begin transmissions on that channel.

The process for a radio to detect and identify a radar signal is a complicated task that sometimes leads to incorrect detects. Incorrect radar detections can occur due to a large number of factors, including due to uncertainties of the RF environment and the ability of the access point to reliably detect actual on-channel radar.

The 802.11h standard addresses DFS and Transmit Power Control (TPC) as it relates to the 5 GHz band. DFS is to avoid interference with radar and TPC is used to avoid interference with satellite feeder links.


Note DFS is mandatory in the US for frequency bands 5250 to 5350, and 5470 to 5725. DFS and TPC are mandatory for these same bands in Europe. (See Figure 8.)


Table 4 provides a summary of those regulatory domains that require DFS support.

Figure 8 DFS and TPC Band Requirements

Table 4 Channels Requiring DFS by Regulatory Domain

Regulatory Domain/ Channel (Frequency Band)
-A
-E
-C
-P
-S
-K
-T

52 (5260 MHz)

             

56 (5280 MHz)

Y

       

Y

 

60 (5300 MHz)

Y

       

Y

 

64 (5320 MHz)

Y

       

Y

 

100 (5500 MHz)

Y

Y

     

Y

Y

104 (5520 MHz)

Y

Y

     

Y

Y

108 (5540 MHz)

Y

Y

     

Y

Y

112 (5560 MHz)

Y

Y

     

Y

Y

116 (5580 MHz)

Y

Y

     

Y

Y

120 (5600 MHz)

 

Y

     

Y

Y

124 (5620 MHz)

 

Y

     

Y

Y

128 (5640 MHz)

 

Y

       

Y

132 (5660 MHz)

Y

Y

       

Y

136 (5680 MHz)

Y

Y

       

Y

140 (5700 MHz)

Y

Y

       

Y


Antennas

Overview

Antenna choice is a vital component of any wireless network deployment. Essentially, two broad types of antenna exist: directional and omni-directional. Each type of antenna has a specific use and is most beneficial in specific types of deployments. Because antennas distribute RF signal in large lobed coverage areas determined by antenna design, successful coverage is heavily reliant on antenna choice.

An antenna gives a mesh access point three fundamental properties—gain, directivity, and polarization.

Gain—A measure of the increase in power. Gain is the amount of increase in energy that an antenna adds to an RF signal.

Directivity—The shape of the transmission pattern. If the gain of the antenna goes up, the coverage area decreases. The coverage area or radiation pattern is measured in degrees. These angles are measured in degrees and are called beamwidths.


Note Beamwidth is defined as a measure of the ability of an antenna to focus radio signal energy towards a particular direction in space. Beamwidth is usually expressed in degrees HB being Horizontal Beamwidth usually the most important one with VB being the Vertical Beamwidth (up and down) radiation pattern. When viewing an antenna plot or pattern, the angle is usually measured at half-power (3 dB) points of the main lobe when referenced to the peak effective radiated power of the main lobe.



Note An 8 dBi antenna transmits with a horizontal beamwidth of 360 degrees, causing the radio waves to disperse power in all directions. Therefore, radio waves from an 8 dBi antenna do not go nearly as far as those sent from a 17 dBi patch antenna (or a third-party dish) that has a more narrow beamwidth (less than 360 degrees).


Polarization—The orientation of the electric field of the electromagnetic wave through space. Antennas can either be horizontally or vertically polarized, though other kinds of polarization are available. Both antennas in a link must have the same polarization to avoid additional unwanted signal loss. To improve performance, an antenna can sometimes be rotated to alter polarization and thus reduce interference. A general rule of thumb is that vertical polarization is preferable for sending RF waves down concrete canyons, and horizontal polarization is generally more preferable for wide area distribution. Polarization can also be harnessed to optimize for RF bleed-over when reducing RF energy to adjacent structures is important. Most omni-directional antennas ship with vertical polarization as their default.

Antenna Options

A wide variety of antennas are available to provide flexibility when deploying the mesh access points over various terrains. 5 GHz is used as a backhaul and 2.4 GHz is used for client access.

Table 5 lists the supported external 2.4- and 5-GHz antennas for AP1520s.

Table 5 External 2.4- and 5-GHz Antennas  

Part Number
Model
Gain (dBi)

AIR-ANT2450V-N

2.4-GHz compact omnidirectional1

5

AIR-ANT2480V-N

2.4-GHz omnidirectional

8.0

AIR-ANT5180V-N

5-GHz compact omnidirectional2

8.0

4.9-GHz compact omnidirectional3

7.0

AIR-ANT58G10SSA-N

5-GHz sector

9.5

AIR-ANT5114P-N

4.9- to 5-GHz patch2

14.0

AIR-ANT5117S-N

4.9- to 5-GHz 90-degree sector2

17.0

1 The compact omnidirectional antennas mount directly on the access point.

2 The compact omnidirectional antennas mount directly on the access point.

3 Use of the 4.9-GHz band requires a license and may be used only by qualified Public Safety operators as defined in section 90.20 of the FCC rules.


Refer to the Cisco Aironet Antenna and Accessories Reference Guide on Cisco antennas and accessories:

http://www.cisco.com/en/US/prod/collateral/wireless/ps7183/ps469/product_data_sheet09186a008008883b.html

Details on deployment and design, limitations and capabilities, and basic theories of antennas as well as installation scenarios, regulatory information, and technical specifications are addressed.

Table 6 summarizes the horizontal and vertical beamwidth for Cisco antennas.

Table 6 Horizontal and Vertical Beamwidth for Cisco Antennas

Antenna
Horizontal Beamwidth (degrees)
Vertical Beamwidth (degrees)

AIR-ANT5180V-N

360

16

AIR-ANT58G10SSA-N

60

60

AIR-ANT5114P-N

25

29

AIR-ANT5117S-N

90

8


N-Connectors

All antennas are equipped with N connectors.

AP1522 has three separate N-connectors to attach two 2.4-GHz antennas, and one N-connector for a 5- GHz antenna.

AP1524 has five N-connectors to attach three 2.4-GHz antennas and one N-connector for the 5.8-GHz antenna, and one N-connector for the 4.9-GHz antenna.

Each radio has at least one TX/RX port. Each radio must have an antenna connected to at least one of its available TX/RX ports.

Antenna locations for 5.8 GHz, 4.9 GHz, and 2.4 GHz are fixed and labeled.

Figure 9 shows antenna placement for a two-radio cable mesh access point.

Figure 10 shows antenna placement for a two-radio fiber mesh access point.

Figure 11 shows antenna placement for a three-radio fiber mesh access point.

Figure 9 Two Radio Cable Mesh Access Point Configuration (Hinged-side Facing Forward)

1

Clamp bracket with cable clamps (part of strand mount kit, ordered separately)

5

Cable bundle

2

5-Ghz antenna1

6

Fiber-optic connection2

3

2.4 GHz antennas2

7

Cable POC power input3

4

Strand support cable

8

Strand mount bracket (part of strand mount kit, ordered separately)

1 Illustration shows antenna for an access point with two radios.

2 Liquid tight connector not shown.

3 Stinger connector shown is user-supplied.


Figure 10 Two Radio Fiber Mesh Access Point Configuration (Hinged-side Facing Backward)

1

Stainless steal mounting straps (part of pole mount kit)

4

2-4GHz antennas

2

2.4-GHz antenna

5

Pole (wood, metal, or fiberglass), 2 to 16 in. (5.1 to 40.6 cm) diameter

3

5-GHz antenna

6

Mounting bracket (part of pole mount kit)


Figure 11 AP1524 Mesh Access Point Pole Mount Configuration (Hinged-side Facing Forward)

1

2.4-GHz antenna (Tx/Rx)

3

Fiber-optic connection

2

5-GHz antenna (Tx/Rx)

4

4.9-GHz antenna (Tx/Rx)


Figure 12 shows one of the recommend installations of an outdoor AP1520.

Figure 12 Outdoor Pole-top Installation of a Mesh Access Point

1

Outdoor light control

3

6-AWG copper grounding wire

2

Streetlight power tap adapter

   

Maximum Ratio Combining

AP1520 radios have a much higher transmit power, better receiver sensitivity and broader outdoor temperature range as compared to AP1510 and AP1505 mesh access points.

The 5GHz radio (802.11a) is a Single in Single Out (SISO) architecture and the 2.4GHz radio (802.11 b/g) is 1x3 Single in Multiple Out (SIMO) architecture.

The 2.4 GHz radio has one transmitter and three receivers. Output power is configurable to 5 levels. With its 3 receivers enabling maximum-ratio combining (MRC), this radio has better sensitivity and range than a typical SISO 802.11b/g radio for OFDM rates.

When operating with data rates higher that 12 Mb/s, you can increase gain on a 2.4-GHz radio to 2.7 dB by adding two antennas and to 4.5 dB, by adding three antennas.

Table 7 RX Sensitivities and MRC Gain  

 
Typical sensitivity (dBM)
MRC gain
Modulation Rate
One antenna
Two antennas MRC
Three antennas MRC
Two antennas
Three antenna

1

-92.0

-92.0

-92.0

0.0

0.0

2

-91.0

-91.0

-91.0

0.0

0.0

5.5

-90.3

-90.3

-90.3

0.0

0.0

11

-90.0

-90.0

-90.0

0.0

0.0

6

-90.3

-90.3

-90.3

0.0

0.0

9

-90.3

-90.3

-90.3

0.0

0.0

12

-89.0

-89.5

-90.0

0.5

1.0

18

-88.0

-89.5

-90.0

1.5

2.0

24

-84.3

-87.0

-88.3

2.7

4.0

36

-81.3

-84.0

-85.8

2.7

4.5

48

-77.3

-80.0

-81.8

2.7

4.5

54

-76.0

-78.7

-80.5

2.7

4.5


Client Access Certified Antennas (Third-party Antennas)

You can use third-party antennas with AP1520s. However, please note the following:

Cisco does not track or maintain information about the quality, performance or reliability of the non-certified antennas and cables

RF connectivity and compliance is the customer's responsibility

Compliance is only guaranteed with Cisco antennas or antennas that are of the same design and gain as Cisco antennas

Cisco Technical Assistance Center (TAC) has no training or customer history with regard to non-Cisco antennas and cables

Hardware Enclosure for Hazardous Conditions (AIR-LAP1522HZ-X-K9)

The standard AP1520 enclosure is a ruggedized, hardened enclosure that supports the NEMA 4X and IP67 standards for protection to keep out dust, damp and water.

Hazardous Certification (Class 1, Div 2 and Zone 2)

To operate in more hazardous environments such as oil refineries, oil fields, drilling platforms, and chemical processing facilities, an upgrade to an enclosure that is approved for Class 1, Div 2 or Zone 2 certification is required.


Note Division refers to the US certifications and Zone refers to the European (EU) certification.


The hazardous locations certificate requires that all electrical power cables be run through conduit piping. This is to protect against accidental damage to the electrical wiring that could cause a spark and possible explosion.

AP1520s for hazardous locations contain an internal electrical mounting connect that receives discreet wires from a conduit interface coupler entering from the side of the housing. Once the electrical wiring is installed, a cover housing is installed over the electrical connector to prevent exposure to the electrical wiring. On the outside of the housing is a hazardous location certification label (CSA, ATEX, or IEC) that identifies the type of certifications and environments that the equipment is approved for operation.

When you select the hazardous location option as part of the ordering process, Cisco configures the system to contain the new components. Two conduit adaptors and assembly instructions placed in the shipping box provide information and assembly procedures.

No additional weatherproof enclosure is required to operate in temperature ranges of -40oC to +55oC.

Hazardous Certification (Div 1 > Div 2 and Zone 1 > Zone 2)

To meet the requirements of the Div 1 > Div 2 and Zone 1 > Zone 2 locations, Cisco recommends a TerraWave Solutions CSA certified protective Wi-Fi enclosure.

Table 8 Third-Party Antennas

Access Point Model
Enclosure Part No
Description

1240

TerraWave XEP1242

18 x12 x8 Protective Wi-Fi Enclosure Includes the Cisco 1242 Access Point

1522

TerraWave Part Number: XEP1522

18 x 12 x8 Protective Wi-Fi Enclosure Includes the Cisco 1522 Access Point


For additional details about the TerraWave enclosures refer to:

http://www.tessco.com/yts/partner/manufacturer_list/vendors/terrawave/pdf/terrawavehazardouesenclosuresjan08.pdf

Cisco Wireless LAN Controllers

The wireless mesh solution is supported by Cisco 2100 Series, Cisco 4400 Series Wireless LAN Controllers, and 5500 Series Wireless LAN Controllers. The Cisco 5500 and 4400 controllers (see Figure 13) are recommended for wireless mesh deployments because they can scale to large numbers of access points, and can support both Layer 2 and Layer 3 CAPWAP.

Figure 13 Cisco 4400 Wireless LAN Controller

For more information on the Cisco 5500, 4400, and 2100 Wireless LAN controllers, refer to:

http://www.cisco.com/en/US/products/hw/wireless/index.html#,hide-id-trigger-g1-wireless_LAN

http://www.cisco.com/en/US/products/ps7206/products_installation_and_configuration_guides_list.html

Cisco WCS

The Cisco WCS provides a graphical platform for wireless mesh planning, configuration, and management. Network managers can use Cisco WCS to design, control, and monitor wireless mesh networks from a central location.

With Cisco WCS, network administrators have a solution for RF prediction, policy provisioning, network optimization, troubleshooting, user tracking, security monitoring, and wireless LAN systems management. Graphical interfaces make wireless LAN deployment and operations simple and cost-effective. Detailed trending and analysis reports make Cisco WCS vital to ongoing network operations.

Cisco WCS runs on a server platform with an embedded database. This provides scalability necessary to manage to allow hundreds of controllers and thousands of Cisco mesh access points to be managed. Controllers can be located on the same LAN as Cisco WCS, on separate routed subnets, or across a wide-area connection.

Multiple, geographically dispersed Cisco WCS management platforms can be cost-effectively and easily managed by the Cisco WCS Navigator. Cisco WCS Navigator supports up to 20 Cisco WCS management platforms with manageability of up to 30,000 mesh access points from a single management console. Together, Cisco WCS and Cisco WCS Navigator provide a wireless LAN management solution for even the largest enterprise environments and outdoor deployments.

Figure 14 shows the interconnections between the controllers, Cisco WCS, and AP1520s.

Figure 14 Interconnections to the Solution

Mesh Deployment Modes

Mesh access points support multiple deployment modes, including the following:

Wireless mesh

WLAN backhaul

Wireless Mesh Network

In a Cisco wireless outdoor mesh network, multiple mesh access points comprise a network that provides secure, scalable outdoor wireless LANs. Figure 15 shows an example of a simple mesh network deployment composed of mesh access point (MAPs and RAPs), controllers and Cisco WCS.

The three RAPs are connected to the wired network at each location and are located on the building roof. All the downstream access points operate as MAPs and communicate using wireless links (not shown).

Both MAPs and RAPs can provide WLAN client access; however, the location of RAPs are often not suitable for providing client access. Each of the three access points in Figure 15 are located on the building roofs and are functioning as RAPs. These RAPs are connected to the network at each location.

Some of the buildings have onsite controllers to terminate CAPWAP sessions from the mesh access points but it is not a mandatory requirement as CAPWAP sessions can be back hauled to a controller over a wide-area network (WAN). (See Figure 16.)


Note For more details on CAPWAP, refer to the "Architecture Overview" section.


Figure 15 Wireless Mesh Deployment

Wireless Backhaul

In a Cisco wireless backhaul network, traffic can be bridged between MAPs and RAPs. This traffic can be from wired devices being bridged by the wireless mesh, or CAPWAP traffic from the mesh access points. This traffic is always AES encrypted when it crosses a wireless mesh link such as a wireless backhaul (Figure 16).

AES encryption is established as part of the mesh access point neighbor relationship with other mesh access points. The encryption keys used between mesh access points are derived during the EAP authentication process.

Universal Access

You can configure the backhaul (1522, 1240 and 1130) to accept client traffic over its 802.11a radio. This feature is identified as Backhaul Client Access in the controller GUI (Monitor > Wireless). When this feature is disabled, backhaul traffic is only transmitted over the 802.11a radio and client association is only allowed over the 802.11b/g radio. Refer to the "Configuring Global Mesh Parameters" section for configuration details.

Figure 16 Wireless Backhaul

Architecture Overview

CAPWAP

CAPWAP is the provisioning and control protocol used by the controller to manage access points (mesh and non-mesh) in the network. In release 5.2, CAPWAP replaces LWAPP.

Upgrading from an earlier LWAPP release (4.1.x.x or earlier) to release 5.2 is transparent. CAPWAP supports path maximum transmission unit (MTU) discovery and it is configurable on switches and routers in the backbone network.


Note Mesh features are not supported on controller releases 5.0 and 5.1.


CAPWAP is becoming the protocol of choice to manage access points. It reduces capital expenditures (CapEx) and operational expenses (OpEx) significantly, enabling the Cisco wireless mesh networking solution to be a cost-effective and secure deployment option in enterprise, campus, and metropolitan networks.

CAPWAP Discovery on a Mesh Network

CAPWAP discovery on a mesh network follows these steps:

1. A mesh access point establishes a link before starting CAPWAP discovery. Whereas, a non-mesh access point starts CAPWAP discovery using a a static IP for the mesh access point, if any.

2. The mesh access point initiates CAPWAP discovery using a static IP for the mesh access point on the layer 3 network or searches the network for its assigned primary, secondary or tertiary controller. Ten attempts are made to connect.


Note The mesh access point searches a list of controllers configured on the access point (primed) during setup.


3. If step 2 fails after 10 attempts, the mesh access point falls back to DHCP and attempts to connect in ten tries.

4. If both steps 2 and 3 fail and there is no successful CAPWAP connection to a controller, then the mesh access point falls back to LWAPP.

5. If no discovery occurs after attempting steps 2, 3 and 4, the mesh access point tries the next link.

Dynamic MTU Detection

If the MTU is changed in the network, the access point detects the new MTU value and forwards that to the controller to adjust to the new MTU. Once both the access point and the controller are set at the new MTU, all data within their path is fragmented into the new MTU. The new MTU size is used until changed. Default MTU on switches and routers is 1500 bytes.

XML Configuration File

Beginning in release 5.2, mesh features within the controller's boot configuration file are saved in an XML file in ASCII format. The XML configuration file is saved in the flash memory of the controller.


Note Release 5.2 does not support binary configuration files; however, configuration files are in the binary state immediately after an upgrade from a mesh release to controller software release 5.2. After reset, the XML configuration file is selected.



Caution Do not edit the XML file. Downloading a modified configuration file onto a controller causes a cyclic redundancy check (CRC) error on boot and the configuration is reset to the defaults.

You can easily read and modify the XML configuration file by converting it to CLI format. To convert from XML to CLI format, upload the configuration file to a TFTP or FTP server. The controller initiates the conversion from XML to CLI during the upload.

Once on the server, you can read or edit the configuration file in CLI format. When finished, you download the file back to the controller. The controller then converts the configuration file back to XML format, saves it to flash memory, and then reboots using the new configuration.


Note The controller does not support uploading and downloading of port configuration CLI commands. If you want to configure the controller ports, enter the relevant commands summarized below:


Note The commands listed below are manually entered after the software upgrade to release 5.2.


config port linktrap {port | all} {enable | disable}-Enables or disables the up and down link traps for a specific controller port or for all ports.

config port adminmode {port | all} {enable | disable}-Enables or disables the administrative mode for a specific controller port or for all ports.

config port multicast appliance port {enable | disable}-Enables or disables the multicast appliance service for a specific controller port.

config port power {port | all} {enable | disable}-Enables or disables power over Ethernet (PoE) for a specific controller port or for all ports.


CLI commands with known keywords and proper syntax are converted to XML while improper CLI commands are ignored and saved to flash memory. Any field with an invalid value is filtered out and set to a default by the XML validation engine.Validation occurs during bootup.

To see any ignored commands or invalid configuration values, enter this command:

show invalid-config


Note You can only execute this command before either the clear config or save config command. If the downloaded configuration contains a large number of invalid CLI commands, you might want to upload the invalid configuration to the TFTP or FTP server for analysis.


Access passwords are hidden (obfuscated) in the configuration file. To enable or disable access point or controller passwords, enter the following command:

config switchconfig secret-obfuscation {enable | disable}

AWPP

AWPP is designed specifically for wireless mesh networking to provide ease of deployment, fast convergence, and minimal resource consumption.

AWPP takes advantage of the CAPWAP WLAN, where client traffic is tunneled to the controller and is therefore hidden from the AWPP process. Also, the advance radio management features in the CAPWAP WLAN solution are available to the wireless mesh network and do not have to be built into AWPP.

AWPP enables a remote access point to dynamically find the best path back to a RAP for each MAP that is part of the RAP's bridge group (BGN). Unlike traditional routing protocols, AWPP takes RF details into account.

To optimize the route, a MAP actively solicits neighbor MAPs. During the solicitation, the MAP learns all of the available neighbors back to a RAP, determines which neighbor offers the best path, and then synchronizes with that neighbor. The path decisions of AWPP are based on link quality and the number of hops.

AWPP automatically determines the best path back to the CAPWAP controller by calculating the cost of each path in terms of signal strength and number of hops. After the path is established, AWPP continuously monitors conditions and changes routes to reflect changes in conditions. AWPP also performs a smoothing function to signal condition information to ensure that the ephemeral nature of RF environments does not impact network stability.

Cisco is a leading member of the Simple, Efficient, and Extensible Mesh (SEEMesh) consortium. The Cisco mesh model has become solidly embedded in one of the main contending proposals for the 802.11 task group, which is moving towards becoming a mesh standard for the industry. The combined design, known as Hybrid Wireless Mesh (routing) Protocol (HWMP), serves both the fixed type of deployments and the mobile deployments. HWMP is favored by other SEEMesh supporters because it combines low complexity with great flexibility. AWPP has been selected as the draft foundation for HWMP. Cisco Systems has taken a leading role in setting standards in the mesh field.

Traffic Flow

The traffic flow within the wireless mesh can be divided into three components:

Overlay CAPWAP traffic that flows within a standard CAPWAP access point deployment; that is, CAPWAP traffic between the CAPWAP access point and the CAPWAP controller.

Wireless mesh data frame flow.

AWPP exchanges.

Because the CAPWAP model is well known and the AWPP is a proprietary protocol, only the wireless mesh data flow is described. The key to the wireless mesh data flow is the address fields of the 802.11 frames being sent between mesh access points.

An 802.11 data frame can use up to four address fields: receiver, transmitter, destination, and source. The standard frame from a WLAN client to an AP uses only three of these address fields because the transmitter address and the source address are the same. However, in a WLAN bridging network, all four address fields are used because the source of the frame might not the transmitter of the frame, because the frame might have been generated by a device behind the transmitter.

Figure 17 shows an example of this type of framing. The source address of the frame is MAP:03:70, the destination address of this frame is the controller (the mesh network is operating in Layer 2 mode), the transmitter address is MAP:D5:60, and the receiver address is RAP:03:40.

Figure 17 Wireless Mesh Frame

As this frame is sent, the transmitter and receiver addresses change on a hop-by-hop basis. AWPP is used to determine the receiver address at each hop. The transmitter address is known because it is the current mesh access point. The source and destination addresses are the same over the entire path.

If the RAP's controller connection is Layer 3, the destination address for the frame is the default gateway MAC address, because the MAP has already encapsulated the CAPWAP in the IP packet to send it to the controller, and is using the standard IP behavior of using ARP to find the MAC address of the default gateway.

Each mesh access point within the mesh forms an CAPWAP session with a controller. WLAN traffic is encapsulated inside CAPWAP and is mapped to a VLAN interface on the controller. Bridged Ethernet traffic can be passed from each Ethernet interface on the mesh network and does not have to be mapped to an interface on the controller. (See Figure 18.)

Figure 18 Logical Bridge and WLAN Mapping

Mesh Neighbors, Parents, and Children

Relationships among mesh access points are either as a parent, child or neighbor (see Figure 19).

A parent access point offers the best route back to the RAP based on its ease values. A parent can be either the RAP itself or another MAP.

Ease is calculated using the SNR and link hop value of each neighbor. Given multiple choices, generally an access point with a higher ease value is selected.

A child access point selects the parent access point as its best route back to the RAP.

A neighbor access point is within RF range of another access point but is not selected as its parent or a child because its ease values are lower than that of the parent.

Figure 19 Parent, Child and Neighbor Access Points

Choosing the Best Parent

AWPP follows the following process in selecting parents for a RAP or MAP with a radio backhaul:

A list of channels with neighbors is generated by passive scanning in the scan state, which is a subset of all backhaul channels.

The channels with neighbors are sought by actively scanning in seek state and the backhaul channel is changed to the channel with the best neighbor.

The parent is set to the best neighbor and the parent-child handshake is completed in seek state.

Parent maintenance and optimization occurs in the maintain state.

This algorithm is run at startup and whenever a parent is lost and no other potential parent exists, and is usually followed by CAPWAP network and controller discovery. All neighbor protocol frames carry the channel information.

Parent maintenance occurs by the child node sending a directed NEIGHBOR_REQUEST to the parent and the parent responding with a NEIGHBOR_RESPONSE.

Parent optimization and refresh occurs by the child node sending a NEIGHBOR_REQUEST broadcast on the same channel on which its parent resides, and by evaluating all responses from neighboring nodes on the channel.

A parent mesh access point provides the best path back to a RAP. AWPP uses ease to determine the best path. Ease can be considered the opposite of cost, and the preferred path is the path with the higher ease.

Ease Calculation

Ease is calculated using the SNR and hop value of each neighbor, and applying a multiplier based on various SNR thresholds. The purpose of this multiplier is to apply a spreading function to the SNRs that reflects various link qualities.

In Figure 20, MAP2 prefers the path through MAP1 because the adjusted ease of (436906) though this path is greater then the ease value (262144) of the direct path from MAP2 to RAP.

Figure 20 Parent Path Selection

Parent Decision

A parent mesh access point is chosen by using the adjusted ease, which is the ease of each neighbor divided by the number of hops to the RAP:

adjusted ease = min (ease at each hop)
Hop count

SNR Smoothing

One of the challenges in WLAN routing is the ephemeral nature of RF. This must be considered when analyzing an optimal path and deciding when a change in path is required. The SNR on a given RF link can change substantially from moment to moment, and changing route paths based on these fluctuations results in an unstable network, with severely degraded performance. To effectively capture the underlying SNR but remove moment-to-moment fluctuations, a smoothing function is applied that provides an adjusted SNR.

In evaluating potential neighbors against the current parent, the parent is given 20% of bonus-ease on top of the parent's calculated ease, in order to reduce the ping-pong effect between parents. This implies that a potential parent must be significantly better in order for a child to make a switch. Parent switching is transparent to CAPWAP and other higher-layer functions.

Loop Prevention

To ensure that routing loops are not created, AWPP discards any route that contains its own MAC address. That is, routing information apart from hop information contains the MAC address of each hop to the RAP; therefore, a mesh access point can easily detect and discard routes that loop.

Design Considerations

Each outdoor wireless mesh deployment is unique, and each environment has its own challenges with available locations, obstructions, and available network infrastructure. Design requirements driven by expected users, traffic, and availability needs are also major design criteria. This section describes important these design considerations and provides an example of a wireless mesh design.

Wireless Mesh Constraints

Here are a few system characteristics to consider when designing and building a wireless mesh network. Some of these apply to the backhaul network design and others to the CAPWAP controller design:

Cisco recommends setting the backhaul rate to auto.

When the bridge data rate is set to auto, the mesh backhaul chooses the highest rate possible given its link quality and the sustainability of that rate. Bridge data rate is set on each access point individually. It is not a global setting.

Typically, 24 Mb/s is chosen as the optimal backhaul rate because it aligns with the maximum coverage of the WLAN portion of the client WLAN of the MAP; that is, the distance between MAPs using 24 Mb/s backhaul should allow for seamless WLAN client coverage between the MAPs.

A lower bit rate might allow a greater distance between mesh access points, but there are likely to be gaps in the WLAN client coverage, and the capacity of the backhaul network is reduced.

An increased bit rate for the backhaul network either requires more mesh access points or results in a reduced SNR between mesh access points, limiting mesh reliability and interconnection.

The mesh channel and bridge data rate (mesh backhaul bit rate) is set on each individual access point. It is not a global setting.


Note To set the mesh backhaul bit rate for each access point, choose Wirless > Access Points > All APs, then click an AP name and click the Mesh tab.


The required minimum LinkSNR for backhaul links per data rate is shown in Table 9.

Table 9 Backhaul Data Rates and Minimum LinkSNR Requirements

Data Rate
Minimum Required LinkSNR (dB)

54 Mb/s

31

48 Mb/s

29

36 Mb/s

26

24 Mb/s

22

18 Mb/s

18

12 Mb/s

16

9 Mb/s

15

6 Mb/s

14


The required minimum LinkSNR value is driven by the data rate and the following formula: Minimum SNR + fade margin. Table 10 summarizes the calculation by data rate.

Minimum SNR refers to an ideal state of non-interference, non-noise, and a system packet error rate (PER) of no more than 10%

Typical fade margin is approximately 9 to 10 dB

We do not recommend using data rates greater than 24 Mb/s in municipal mesh deployments as the SNR requirements do not make the distances practical

Table 10

Date Rate
Minimum SNR (dB) +
Fade Margin =
Minimum Required LinkSNR (dB)

6

5

9

14

9

6

9

15

12

7

9

16

18

9

9

18

24

13

9

22

36

17

9

26


Minimum Required LinkSNR Calculations by Data Rate

Number of backhaul hops is limited to eight, but three to four is recommended

The number of hops is recommended to be limited to three or four primarily to maintain sufficient backhaul throughput, because each mesh access point uses the same radio for transmission and reception of backhaul traffic. This means that throughput is approximately halved over every hop. For example, the maximum throughput for 24 Mb/s is approximately 14 Mb/s for the first hop, 9 Mb/s for the second hop, and 4 Mb/s for the third hop.

Number of MAPs per RAP

There is no current software limitation of how many MAPs per RAP you can configure. However, it is suggested that you limit this to 20 MAPs per RAP.

Number of controllers

The number of controllers per mobility group is limited to 72.

Number of mesh access points supported per controller. Refer to "Controller Planning"in the next section.

Controller Planning

The following items affect the number of controllers required in a mesh network:

Mesh access points (RAPs and MAPs) in the network.

The wired network that connects the RAPs and controllers can affect the total number of access points supported in the network. If this network allows the controllers to be equally available to all access points without any impact on WLAN performance, the access points can be evenly distributed across all controllers for maximum efficiency. If this is not the case, and controllers are grouped into various clusters or PoPs, the overall number of access points and coverage are reduced.

For example, you can have 72 of a Cisco 4400 series controller in a mobility group, and each 4400 series controller supports 100 local access points. This gives a total number of 7200 possible access points per mobility group.

Number of mesh access points (RAPs and MAPs) supported per controller. Refer to Table 10.

For clarity, non-mesh access points are referred to as local access points in this document.

Mesh Access Point Support by Controller Model  

Controller Model
Local AP Support (non-mesh) 1
Maximum Possible
Mesh AP Support
RAPs
MAPs
Total
Mesh AP Support

55082

250

250

1

249

250

100

150

250

150

100

250

200

0

250

44043

100

150

1

149

150

50

100

150

75

50

125

100

0

100

21063

6

11

1

10

11

2

8

10

3

6

9

4

4

8

5

2

7

6

0

6

21122

12

12

1

11

12

3

9

12

6

6

12

9

3

12

12

0

12

21252

25

25

1

24

25

5

20

25

10

15

25

15

10

25

20

5

25

25

0

25

WiSM3

300

375

1

374

375

100

275

375

250

100

350

300

0

300

1 Local AP support is the total number of non-mesh APs supported on the controller model.

2 For 5508, 2112, and 2125 controllers, the number of MAPs is equal to (local AP support - number of RAPs).

3 For 4404, 2106, and WiSM controllers, the number of MAPs is equal to ((local AP support - number of RAPs) x 2), not to exceed the maximum possible mesh AP support.



Note The Wireless LAN Controller modules NM and NME now support mesh 1520 series access points from Wireless LAN Controller (WLC) software release 5.2 onwards.


Site Preparation and Planning

This section provides implementation details and configuration examples.

Site Survey

Cisco recommends that you perform a radio site survey before installing the equipment. A site survey reveals problems such as interference, Fresnel zone, or logistics problems. A proper site survey involves temporarily setting up mesh links and taking measurements to determine whether your antenna calculations are accurate. Be sure to determine the correct location and antenna before drilling holes, routing cables, and mounting equipment.


Note When power is not readily available, use an unrestricted power supply (UPS) to temporarily power the mesh link.


Pre-Survey Checklist

Before attempting a site survey, determine the following:

How long is your wireless link?

Do you have a clear line of sight?

What is the minimum acceptable data rate within which the link runs?

Is this a point-to-point or point-to-multipoint link?

Do you have the correct antenna?

Can the access point installation area support the weight of the access point?

Do you have access to both of the mesh site locations?

Do you have the proper permits, if required?

Do you have a partner? Never attempt to survey or work alone on a roof or tower.

Have you configured the 1522 or 1524 before you go onsite? It is always easier to resolve configuration or device problems first.

Do you have the proper tools and equipment to complete your task?


Note Cellular phones or handheld two-way radios can be helpful for performing surveys.


Outdoor Site Survey

Deploying WLAN systems outdoors requires a different skill set to indoor wireless deployments. Considerations such as weather extremes, lightning, physical security, and local regulations need to be taken into account.

When determining the suitability of a successful mesh link, define how far the mesh link is expected to transmit and at what radio data rate. Remember that the data rate is not directly included in the wireless routing calculation, and that it is generally recommended that the same data rate is used throughout the same mesh (the recommended rate is 24 Mb/s).

Design recommendations for mesh links are as follows:

MAP deployment cannot exceed 35 feet in height above the street

MAPs are deployed with antennas pointed down toward the ground

Typical 5 GHz RAP-to-MAP distances are 1000 to 4000 feet.

RAP locations are typically towers or tall buildings

Typical 5 GHz MAP-to-MAP distances are 500 to 1000 feet

MAP locations are typically short building tops or streetlights

Typical 2.4 GHz MAP-to-client distances are 300 to 500 feet

Client locations are typically laptops, CPEs, or professionally house-mounted antennas

Determining Line of Sight

When determining the suitability of a successful link, you need to define how far the link is expected to transmit and at what radio data rate. Very close links, one kilometer or less, are fairly easy to achieve assuming there is clear line of sight (LOS)-a path with no obstructions.

Since mesh radio waves have very high frequency in the 5 GHz band, the radio wavelength is small; therefore, the radio waves do not travel as far as radio waves on lower frequencies, given the same amount of power. This higher frequency range makes the mesh ideal for unlicensed use because the radio waves do not travel far unless a high-gain antenna is used to tightly focus the radio waves in a given direction.

This high gain antenna configuration is recommended only for connecting RAPs to the MAPs. To optimize mesh behavior omni-directional antennas are used, because mesh links are limited to one mile (1.6 km). The curvature of the earth does not impact line-of-sight calculations because the curvature of the earth changes every six miles (9.6 km).

Weather

In addition to free space path loss and line of sight, weather can also degrade a mesh link. Rain, snow, fog, and any high humidity condition can slightly obstruct or affect line of sight, introducing a small loss (sometimes referred to as rain fade or fade margin), which has little effect on the mesh link. If you have established a stable mesh link, weather should not be a problem; however, if the link is poor to begin with, bad weather can degrade performance or cause loss of link.

Ideally you need line of sight, a white-out snow storm does not allow line of sight. Also while storms may make the rain or snow itself appear to be the problem, many times it is might be additional conditions caused by the adverse weather. For example, perhaps the antenna is on a mast pipe and the storm is blowing the mast pipe or antenna structure and that movement is causing the link to come and go, or you might have a large build-up of ice or snow on the antenna.

Fresnel Zone

A Fresnel zone is an imaginary ellipse around the visual line of sight between the transmitter and receiver. As radio signals travel through free space to their intended target, they could encounter an obstruction in the Fresnel area, degrading the signal. Best performance and range is attained when there is no obstruction of this Fresnel area. Fresnel zone, free space loss, antenna gain, cable loss, data rate, link distance, transmitter power, receiver sensitivity, and other variables play a role in determining how far your mesh link goes. Links can still occur as long as 60-70 percent of the Fresnel area is unobstructed, as illustrated in Figure 21.

Figure 22 illustrates an obstructed Fresnel zone.

Figure 21 Point-to-Point Link Fresnel Zone

Figure 22 Typical Obstructions in Fresnel Zone

It is possible to calculate the radius of the Fresnel zone (in feet) at any particular distance along the path using this equation:

F1 = 72.6 X square root (d/4 x f)

where

F1 = the first Fresnel zone radius in feet

D = total path length in miles

F = frequency (GHz)

Normally, 60 percent of the first Fresnel zone clearance is recommended, so the above formula for 60 percent Fresnel zone clearance can be expressed as: 0.60 F1= 43.3 x square root (d/4 x f). These calculations are based on a flat terrain.

Figure 23 shows the removal of an obstruction in the Fresnel zone of the wireless signal.

Figure 23 Removing Obstructions in Fresnel Zone

Fresnel Zone Size in Wireless Mesh Deployments

To give an approximation of size of the maximum Fresnel zone to be considered, at a possible minimum frequency of 4.9 GHz, the minimum value changes depending on the regulatory domain. The minimum figure quoted is a possible band allocated for public safety in the US; and maximum distance of one mile gives a Fresnel zone of clearance requirement of 9.78 ft = 43.3 x SQR(1/(4*4.9)). This clearance is relatively easy to achieve in most situations. In most deployments, distances are expected to be less than one mile, and the frequency greater than 4.9 GHz, making the Fresnel zone smaller. Every mesh deployment should consider the Fresnel zone as part of its design, but in most cases, it is not expected that meeting the Fresnel clearance requirement is an issue.

Hidden Nodes Interference

The mesh backhaul uses the same 802.11a channel for all nodes in that mesh, and this can introduce hidden nodes into the WLAN backhaul environment, as shown in Figure 24.

Figure 24 Hidden Nodes

Figure 24 shows the following three MAPs:

MAP X

MAP Y

MAP Z

If MAP X is the route back to the RAP for MAPs Y and Z, both MAP X and MAP Z might be sending traffic to MAP Y at the same time. Because of the RF environment, MAP Y can see traffic from both MAP X and Z, but MAP X and Z cannot see each other. This means that the carrier sense multi-access (CSMA) mechanism does not stop MAP X and Z from transmitting during the same time window; if either of these frames is destined for a MAP, it is corrupted by the collision between frames and requires retransmission.

Although all WLANs at some time can expect some hidden node collisions, the fixed nature of the MAPs make hidden node collisions a persistent feature of the mesh WLAN backhaul under some traffic conditions such as heavy loads and large packet streams.

Both the hidden node problem and the exposed node problem are inherent to wireless mesh networks because mesh access points share the same backhaul channel. Because these two problems can affect the overall network performance, the Cisco mesh solution seeks to mitigate these two problems as much as possible. For example, the AP1520s have at least two radios: one for backhaul access on 5GHz channel and the other for 2.4GHz client access. In addition, the radio resource management (RRM) feature enables cell breathing and automatic channel change, which can effectively decrease the collision domains in a mesh network.

There is an additional solution that can help to further mitigate these two problems. To reduce collisions and to improve stability under high load conditions, the 802.11 MAC uses an exponential backoff algorithm, where contending nodes back off exponentially and re-transmit packets whenever a perceived collision occurs. Theoretically, the more retries a node has, the smaller the collision probability will be. In practice, when there are only two contending stations and they are not hidden stations, the collision probability becomes negligible after just three retries. Collision probability increases when there are more contending stations. Therefore, when there are many contending stations in the same collision domain, a higher retry limit and a larger maximum contention window are necessary. Further, collision probability does not decrease exponentially when there are hidden nodes in the network. In this case, RTS/CTS exchange can be used to mitigate the hidden node problem.

Co-Channel Interference

In addition to hidden node interference, co-channel interference can also impact performance. Co-channel interference occurs when adjacent radios on the same channel interfere with the performance of the local mesh network. This interference takes the form of collisions or excessive deferrals by CSMA. In both cases, performance of the mesh network is degraded. With appropriate channel management, co-channel interference on the wireless mesh network can be minimized.

Wireless Mesh Network Coverage Considerations

This section provides a summary of items that must be considered for maximum wireless LAN coverage in an urban or suburban area, to adhere to compliance conditions for respective domains.

The following recommendations assumes a flat terrain with no obstacles (green field deployment).

Cisco always recommends a site survey before taking any real estimations for the area and creating a bill of materials.

Cell Planning and Distance

RAP-to-MAP ratio is the starting point. For general planning purposes, the current ratio is 20 MAPs per RAP.

Cisco recommends the following values for cell planning and distance in non-voice networks:

RAP-to-MAP ratio-Recommended maximum ratio is 20 MAPs per RAP.

AP-to-AP distance-A spacing of no more than of 2,000 ft between each mesh access point is recommend. When you are extending the mesh network on the backhaul (no client access), use a cell radius of 1,000 ft.

Hop count-Three to four hops

One square mile in ft (52802), is nine cells and you can cover one square mile with approximately three or four hops. (See Figure 25 and Figure 26.)

For 2.4-GHz, the local access cell size radius is 600 feet. One cell size comes out to be 1.310 x 106, so the there are 25 cells per square mile. (See Figure 27 and Figure 28.)

Figure 25 Cell Radius of 1000 Feet and Access Point Placement for Non-Voice Mesh Networks

Figure 26 Path Loss Exponent 2.3 to 2.7

Figure 27 Cell Radius of 600 Feet and Access Point Placement for Non-Voice Mesh Networks

Figure 28 Path Loss Exponent 2.5 to 3.0

Figure 29 shows a schematic of the wireless mesh layout.

The RAP shown in Figure 29 is simply a starting point. The goal is to use the RAP location in combination with RF antenna design to ensure that there is a good RF link to the MAPs within the core of the cell. This means that the physical location of the RAP can be on the edge of the cell, and a directional antenna is used to establish a link into the center of the cell. Therefore, the wired network location of a RAP might play host to the RAPs of multiple cells, as shown in Figure 29.

Figure 29 PoP with Multiple RAPs

When the basic cell composition is settled, the cell can be replicated to cover a greater area. When replicating the cells, a decision needs to be made whether to use the same backhaul channel on all cells or to change backhaul channels with each cell. In the example shown in Figure 30, various backhaul channels (B2, C2 and D2) per cell have been chosen to reduce the co-channel interference between cells.

Figure 30 Multiple RAP and MAP Cells

Choosing various channels reduces the co-channel interference at the cell boundaries, at the expense of faster mesh convergence, because MAPs must fall back to seek mode to find neighbors in adjacent cells. In areas of high traffic density, co-channel interference has the highest impact, and this is likely to be around the RAPs. If RAPs are clustered in one location, a different channel strategy is likely to give optimal performance; if RAPs are dispersed among the cells, using the same channel is less likely to degrade performance.

When laying out multiple cells, use channel planning similar to standard WLAN planning to avoid overlapping channels, as shown in Figure 31.

Figure 31 Laying out Various Cells

If possible, the channel planning should also minimize channel overlap in cases where the mesh has expanded to cover the loss of a RAP connection, as shown in Figure 32.

Figure 32 Failover Coverage

Collocating Mesh Access Points

The following recommendations provide guidelines for determining the required antenna separation when collocating AP1520s on the same tower. The recommended minimum separations for antennas, transmit powers, and channel spacing are addressed.

The goal of proper spacing and antenna selection is to provide sufficient isolation by way of antenna radiation pattern, free space path loss, and adjacent or alternate adjacent channel receiver rejection in order to provide independent operation of the collocated units. The goal is to have negligible throughput degradation due to CCA hold-off, and negligible receive sensitivity degradation due to receive noise floor increase.

Antenna proximity must be obeyed, and is dependent upon adjacent and alternate adjacent channel usage.

Collocating AP1520s on Adjacent Channels

If two collocated AP1520s are operating on adjacent channels such as channel 149 (5745 MHz) and channel 152 (5765 MHz), the minimum vertical separation between the two AP1520s is 40 feet. (This is true for mesh access points equipped with either 8 dBi omni-directional or 17 dBi high-gain directional patch antennas).

If two collocated AP1520s are operating on channels 1, 6 or 11 (2412 to 2437 MHz) with a 5.5 dBi omni-directional antenna, then the minimum vertical separation is 8 feet.

Collocating AP1520s on Alternate Adjacent Channels

If two collocated AP1520s are operating on alternate adjacent channels such as channel 149 (5745 MHz) and channel 157 (5785 MHz), the minimum vertical separation between the two AP1520s is 10 feet. (This is true for mesh access points equipped with either 8 dBi omni-directional or 17 dBi high-gain directional patch antennas).

If two collocated AP1520s are operating on alternate adjacent channels 1 and 11 (2412 and 2462 MHz) with a 5.5 dBi omni-directional antenna, then the minimum vertical separation is 2 feet.

In summary, 5-GHz antenna isolation determines mesh access point spacing requirements and antenna proximity must be obeyed, and is dependent upon adjacent and alternate adjacent channel usage.

Special Considerations for Indoor Mesh Networks

Voice is only supported on indoor mesh networks in release 5.2 and 6.0.<verify>

Quality of Service (QoS) is supported on the local 2.4 GHz client access radio and on the 5-GHz and 4.9-GHz backhauls.

Cisco also supports static Call Admission Control (CAC) in CCXv4 clients which provides CAC between the access point and the client.

RAP-to-MAP ratio-Recommended ratio is 3 to 4 MAPs per RAP.

AP-to-AP distance-A spacing of no more than of 200 ft between each mesh access point is recommend with a cell radius of 100 ft.

Hop count-No more than 2 hops

RF considerations for client access on voice networks:

Coverage hole of 2 to 10 percent

Cell coverage overlap of 15 to 20 percent

RSSI and SNR values that are at least 15 dB higher than data requirements. For example, an RSSI of -67dBm is recommended on an 11 or 12 Mb/s link with an SNR of no more than 25 dB. Likewise, an RSSI of -56 dBm is recommended on a 56 Mb/s link with an SNR of no more than 40 dB.

An RSSI of -62 dBm is recommended on a 24 Mb/s 802.11a backhaul when universal access is configured and client traffic is present.

Packet error rate (PER) must be configured for a value of one percent or less.

Channel with the lowest utilization (CU) must be used. Check the CU when no traffic is running.

Radio resource manager (RRM) can be used to implement the recommended RSSI, PER, CU, cell coverage and coverage hole settings on the 802.11b/g radio. (RRM is not yet enabled on the 802.11a radio).

Figure 33 Cell Radius of 1000 Feet and Access Point Placement for Voice Mesh Networks


Note Refer to "Guidelines For Using Voice On The Mesh Network" section for additional voice considerations when configuring voice on your network.


Wireless Propagation Characteristics

Table 11 provides a comparison of the 2.4 GHz and 5 GHz bands.

The 2.4 GHz band does provide better propagation characteristics than 5 GHz, but 2.4 GHz is an unlicensed band and has historically been affected with more noise and interference to date than the 5 GHz band. In addition, because there are only three backhaul channels in 2.4 GHz, co-channel interference would result. Therefore, the best method to achieve comparable capacity is by reducing system gain (that is, transmit power, antenna gain, receive sensitivity, and path loss) to create smaller cells. Keep in mind that these smaller cells require more access points per square mile (greater access point density).

Table 11 Comparison of 2.4-GHz and 5-GHz Bands

2.4 GHz Band Characteristics
5 GHz Band Characteristics

3 channels

20 channels

More prone to co-channel interference

No co-channel interference

Lower power

Higher power

Data rates less than 6 Mb/s

Data rates 6 Mb/s and greater (up to 54 Mb/s).

Lower SNR requirements given lower data rates

Higher SNR requirements given higher data rates

Better propagation characteristics than 5 GHz but more susceptible to noise and interference

Worse propagation characteristics than 2.4 GHz but less susceptible to noise and interference

Unlicensed band. Widely available throughout the world.

Not as widely available in the world as 2.4-GHz. Licenses in some countries.


Therefore, 2.4GHz has more penetration capability across the obstacles due to larger wavelength. In addition, 2.4 GHz has lower date rates which increases the success of the signal to reach the other end.

Wireless Mesh Mobility Groups

Keep in mind that a wireless mesh network built using the maximum number of controllers in a mobility group is not truly the maximum size of WLAN coverage because this is simply the maximum size of the mobility group. The WLANs that are part of a mobility group can be replicated in another mobility group, and a WLAN client is able to roam between these mobility groups.

Roaming between mobility groups is done at Layer 3 roaming.

Multiple Controllers

The consideration in distance of the CAPWAP controllers from other CAPWAP controllers in the mobility group, and the distance of the CAPWAP controllers from the RAPs, is similar to the consideration of an CAPWAP WLAN deployment in an enterprise.

There are operational advantages to centralizing CAPWAP controllers, and these advantages need to be traded off against the speed and capacity of the links to the CAPWAP APs and the traffic profile of the WLAN clients using these mesh access points.

If the WLAN client traffic is expected to be focused on particular sites such as the Internet or a data center, centralizing the controllers at the same sites as these traffic focal points gives the operational advantages without sacrificing traffic efficiency.

If the WLAN client traffic is more peer-to-peer, a distributed controller model might be a better fit. It is likely that a majority of the WLAN traffic are clients in the area, with a smaller amount of traffic going to other locations. Given that many peer-to-peer applications can be sensitive to delay and packet loss, it is best to ensure that traffic between peers takes the most efficient path.

Given that most deployments see a mix of client-server traffic and peer-to peer traffic, it is likely that a hybrid model of CAPWAP controller placement is used, where points of presence (PoPs) are created with clusters of controllers placed in strategic locations in the network.

In all cases, remember that the CAPWAP model used in the wireless mesh network is designed for campus networks; that is, it expects a high-speed, low-latency network between the CAPWAP mesh access points and the CAPWAP controller.

Increasing Mesh Availability

In the "Cell Planning and Distance" section, a wireless mesh cell of one square mile was created and then built upon. This wireless mesh cell has similar properties to the cells used to create a cellular phone network because the smaller cells (rather than the defined maximum cell size) can be created to cover the same physical area, providing greater availability or capacity. This is done by adding RAPs to the cell. Just as in the larger mesh deployment, the decision is whether to use RAPs on the same channel, as shown in Figure 34, or to use RAPs placed on different channels, as shown in Figure 35. The addition of RAPs into an area adds capacity and resilience to that area.

Figure 34 Two RAPs per Cell with the Same Channel

Figure 35 Two RAPs per Cell on Different Channels

Multiple RAPs

If multiple RAPs are to be deployed, the purpose for deploying these RAPs needs to be considered. If the RAPs are being deployed to provide hardware diversity, the additional RAP(s) should be deployed on the same channel as the primary RAP to minimize the convergence time in a scenario where the mesh transfers from one RAP to another. When planning RAP hardware diversity, the 32 MAPs per RAP limitation should be remembered.

If additional RAPs are deployed to primarily provide additional capacity, then the additional RAPs should be deployed on a different channel than its neighboring RAPs to minimize the interference on the backhaul channels.

Adding a second RAP on a different channel also reduces the collision domain through channel planning or through RAP cell splitting. Channel planning allocates different non-overlapping channels to mesh nodes in the same collision domain to minimize the collision probability. RAP cell splitting is a simple, yet effective, way to reduce the collision domain. Instead of deploying one RAP with omni-directional antennas in a mesh network, two or more RAPs with directional antennas can be deployed. These RAPs collocate with each other and operate on different frequency channels, thus dividing a large collision domain into several smaller ones that operate independently.

If the mesh access point bridging features are being used with multiple RAPs, these RAPs should all be on the same subnet to ensure that a consistent subnet is provided for bridge clients.

If you build your mesh with multiple RAPs on different subnets, MAP convergence times increase if a MAP has to failover to another RAP on a different subnet. One way to limit this from happening is to use different BGNs for segments in your network that are separated by subnet boundaries.

Indoor WLAN Network to Outdoor Mesh

Mobility groups can be shared between outdoor mesh networks and indoor WLAN networks. It is also possible for a controller to control indoor (1130, 1240) and outdoor mesh access points (1522, 1524) simultaneously. The same WLANs are broadcast out both the indoor outdoor mesh access points.

Connecting the Cisco 1520 Series Mesh Access Point to Your Network

The wireless mesh terminates on two points on the wired network. The first location is where the RAP attaches to the wired network, and where all bridged traffic connects to the wired network. The second location is where the CAPWAP controller connects to the wired network; this is where WLAN client traffic from the mesh network connects to the wired network. This is shown schematically in Figure 36. The WLAN client traffic from CAPWAP is tunneled at Layer 2, and matching WLANs should terminate on the same switch VLAN as where the controllers are collocated. The security and network configuration for each of the WLANs on the mesh depend on the security capabilities of the network to which the controller is connected.


Note When an HSRP configuration is in operation on a mesh network, Cisco recommends the In-Out multicast mode be configured. For more details on multicast configuration, refer to "Using the CLI to Enable Multicast on the Mesh Network" section.


Figure 36 Mesh Network Traffic Termination

Upgrading to Release 6.0

Mesh and Mainstream Releases on the Controller

After controller release 4.1.185.0, all mesh features were extracted from the main software base and a new mesh release software base for the controller was created. This mesh software base remained distinct from the main software base of the controller until release 5.2.

In release 5.2, features developed in the three controller mesh releases, 4.1.190.5, 4.1.191.22M, and 4.1.192.xxM, were merged back into the main controller software base.

Figure 37 provides a graphical display of the parallel mesh and main software bases of the controller.


Note Cisco has announced an end of life (EOL) for both the AP1505 and AP1510 mesh access points. The last sale date was November 30, 2008. Customers are encouraged to migrate their networks to AP1520s.



Note Releases 5.2 and later do not support AP1505 and AP1510. However, the controller mesh maintenance release for 4.2.xM (4.2.176.51M and later) provides continued support for the AP1505 and AP1510. No releases beyond 4.2,xM support AP1505 and AP1510.


Cisco recommends upgrading to release 5.2 (from the latest mesh release, 4.1.192.xxM), before upgrading to release 6.0. Upgrading directly to the intermediate release 5.2 from either 4.1.190.05 or 4.1.191.22M is not supported.


Caution Cisco recommends that you save the configuration from the latest mesh release (4.1.192.xxM) before upgrading to controller release 5.2. You can then reapply the configuration if you need to downgrade.

Figure 37 Mesh and Mainstream Controller Software Releases

Software Upgrade Procedure

When you upgrade the controller's software, the software on the controller's associated mesh access points is also automatically upgraded. When a mesh access point is loading software, each of its LED blinks in succession.


Caution Do not power down the controller or any mesh access point during this process; otherwise, you might corrupt the software image. Upgrading a controller with a large number of mesh access points can take as long as 30 minutes, depending on the size of your network. The mesh access points must remain powered, and the controller must not be reset during this time.


Caution Controller software release 6.0 is greater than 32 MB; therefore, you must verify that your TFTP server supports files this size. Two TFTP servers that support files of this size are tftpd and the TFTP server within Cisco WCS. If you download the software and your TFTP server does not support greater than 32 MB file size, the following error message appears: TFTP failure while storing in flash.


Caution Upgrade to release 5.2 from the latest 4.1.192.xxM mesh release prior to upgrading to release 6.0. Upgrading directly to release 5.2 from either 4.1.190.05 or 4.1.191.22M is not supported. For details on upgrading to latest version of 4.1.192.xxM from an earlier mesh release, refer to the "Upgrade Compatibility Matrix" in the Release Notes for Cisco Wireless LAN Controllers and Mesh Access Points for Release 4.1.192.35M (or later) at: http://www.cisco.com/en/US/products/ps6366/prod_release_notes_list.html


Note When upgrading to an intermediate software release as part of the 4.1.192.xxM to release 5.2 and then to release 6.0 controller software upgrade, ensure that all mesh access points associated with the controller are at the same intermediate release before preceding to install the next intermediate or final version of software. In large networks, it can take some time to download the software on each mesh access point.



Note If you are upgrading from mesh release 4.1.191.22M to the latest 4.1.192.xxM before upgrading to the release 5.2 (prior to upgrading to release 6.0), you must manually reset the controller immediately after the upgrade without saving the configuration. Be sure to check the RRM configurations after the upgrade to see if all match your earlier configurations.



Caution A backup of your controller configuration file is recommended prior to any software upgrade. Without this backup, you will need to manually reconfigure the controller should the configuration file be lost or corrupted or if you need to downgrade.

To upgrade the mesh controller software using the controller GUI, follow these steps.


Step 1 Upload your controller configuration files to a backup server.

Step 2 Follow these steps to obtain the mesh controller software and the associated boot images from the Software Center on Cisco.com:

a. Click this URL to go to the Software Center:

http://www.cisco.com/kobayashi/sw-center/sw-wireless.shtml

b. Click Wireless Software.

c. Click Wireless LAN Controllers.

d. Click Standalone Controllers, Wireless Integrated Routers, or Wireless Integrated Switches.

e. Click the controller product name.

f. Click Wireless LAN Controller Software.

g. Click a controller software release.


Note Verify that the software release is 6.0.


h. Click the filename (filename.aes).

i. Click Download.

j. Read Cisco's End User Software License Agreement and then click Agree.

k. Save the file to your hard drive.

Step 3 Copy the controller software file (filename.aes) and the boot image to the default directory on your TFTP server.

Step 4 Click Commands > Download File to open the Download File to Controller window.

Step 5 From the File Type drop-down box, choose Code.

Step 6 In the IP Address field, enter the IP address of the TFTP server.

Step 7 The default values of 10 retries and 6 seconds for the Maximum Retries and Timeout fields should work without any adjustment. However, you can change these values. To do so, enter the maximum number of times that the TFTP server attempts to download the software in the Maximum Retries field and the amount of time (in seconds) that the TFTP server attempts to download the software in the Timeout field.

Step 8 In the File Path field, enter the directory path of the controller software.

Step 9 In the File Name field, enter the name of the software file (filename.aes).

Step 10 Click Download to download the software to the controller. A message appears indicating the status of the download.

Step 11 Disable any WLANs on the controller.

Step 12 After the download is complete, click Reboot.

Step 13 If prompted to save your changes, click Save and Reboot.

Step 14 Click OK to confirm your decision to reboot the controller.

Step 15 After the controller reboots, re-enable the WLANs.

Step 16 If desired, reload your latest configuration file to the controller.

Step 17 To verify that the release 6.0 controller software is installed on your controller, click Monitor on the controller GUI and look at the Software Version field under Controller Summary.


Adding Mesh Access Points to the Mesh Network

This section assumes that the controller is already active in the network and is operating in Layer 3 mode.


Note Controllers ports that mesh access points connect to should be untagged.


Before adding a mesh access point to a network, do the following:

1. Add the MAC address of the mesh access point to the controller's MAC filter. Refer to the "Adding MAC Addresses of Mesh Access Points to MAC Filter" section.

2. Define the role (RAP or MAP) for the mesh access point. Refer to the "Defining Mesh Access Point Role" section.

3. Verify that Layer 3 is configured on the controller. Refer to the "Verifying Layer 3 Configuration" section.

4. Configure a primary, secondary, and tertiary controller for each mesh access point. Refer to the "Configuring Multiple Controllers Using DHCP 43 and DHCP 60" section.

a. Configure a backup controller. Refer to "Configuring Backup Controllers" procedure.

5. Configure external authentication of MAC addresses using an external RADIUS server. Refer to the "Configuring External Authentication and Authorization Using a RADIUS Server" section.

6. Configure global mesh parameters. Refer to the "Configuring Global Mesh Parameters" section.

7. Configure local mesh parameters. Refer to the "Configuring Local Mesh Parameters" section.

8. Configure antenna parameters. Refer to the "Configuring Antenna Gain" section.

9. Configure the DCA channels for the mesh access points. Refer to the "Configuring Dynamic Channel Assignment" section for details.

10. Configure mobility groups (if desired) and assign controllers. Refer to Chapter 12, "Configuring Mobility Groups" in the Cisco Wireless LAN Controller Configuration Guide, Release 5.2 at:

http://www.cisco.com/en/US/products/ps6366/products_installation_and_configuration_guides_list.html

11. Configure Ethernet Bridging (if desired). Refer to the "Configuring Ethernet Bridging" section.

12. Configure advanced features such Ethernet VLAN tagging network, video and voice. Refer to the "Configuring Advanced Features" section.

Adding MAC Addresses of Mesh Access Points to MAC Filter

You must enter the MAC address for all mesh access points that you want to use in the mesh network into the appropriate controller. A controller only responds to discovery requests from outdoor radios that appear in its authorization list. MAC filtering is enabled by default on the controller, so only the MAC addresses need to be configured. If the Access Point has an SSC and has been added to the AP Authorization List, then the MAC address of the AP need not be added to the MAC Filtering List.

You can add the mesh access point using either the GUI or the CLI.


Note You can also download the list of mesh access point MAC addresses and push them to the controller using Cisco WCS. Refer to the Cisco Wireless Control System Configuration Guide, Release 6.0:
http://www.cisco.com/en/US/docs/wireless/wcs/6.0/configuration/guide/WCS60cg.html


Using the GUI to Add the MAC Address of the Mesh Access Point to the Controller Filter List

Follow these steps to add a MAC filter entry for the mesh access point on the controller using the controller GUI.


Step 1 Click Security > AAA > MAC Filtering. The MAC Filtering window appears (see Figure 38).

Figure 38 MAC Filtering Window

Step 2 Click New. The MAC Filters > New window appears (see Figure 39).

Figure 39 MAC Filters > New Window

Step 3 Enter the MAC address of the mesh access point.


Note For 1522, 1524PS, and 1524SB outdoor mesh access points, enter the BVI MAC address of the mesh access point into the controller as a MAC filter. For 1130 and 1240 indoor mesh access points, enter the Ethernet MAC. If the required MAC address does not appear on the exterior of the mesh access point, enter the following command at the access point console to display the BVI and Ethernet MAC addresses: sh int | i Hardware.


Step 4 From the Profile Name drop-down box, select Any WLAN.

Step 5 In the Description field, enter a description of the mesh access point. The text that you enter identifies the mesh access point on the controller.


Note You might want to include an abbreviation of its name and the last few digits of the MAC address, such as ap1522:62:39:10. You can also note details on its location such as roof top, pole top or its cross streets.


Step 6 From the Interface Name drop-down box, choose the controller interface to which the mesh access point is to connect.

Step 7 Click Apply to commit your changes. The mesh access point now appears in the list of MAC filters on the MAC Filtering window.

Step 8 Click Save Configuration to save your changes.

Step 9 Repeat this procedure to add the MAC addresses of additional mesh access points to the list.


Using the CLI to Add the MAC Address of the Mesh Access Point to the Controller Filter List

To add a MAC filter entry for the mesh access point on the controller using the controller CLI, follow these steps


Step 1 To add the MAC address of the mesh access point to the controller filter list, enter this command:

config macfilter add ap_mac wlan_id interface [description]

A value of zero (0) for the wlan_id parameter specifies any WLAN, and a value of zero (0) for the interface parameter specifies none. You can enter up to 32 characters for the optional description parameter.

Step 2 To save your changes, enter this command:

save config


Defining Mesh Access Point Role

By default, AP1520s are shipped with a radio role set to MAP. You must reconfigure a mesh access point to act as a RAP.

General Notes about MAP and RAP Association With The Controller

A MAP always sets the Ethernet port as the primary backhaul if it is UP, and secondarily the 802.11a radio. This gives the network administrator time to reconfigure the mesh access point as a RAP, initially. For faster convergence on the network, Cisco recommends that you not connect any Ethernet device to the MAP until it has joined the mesh network.

A MAP that fails to connect to a controller on a UP Ethernet port, sets the 802.11a radio as the primary backhaul. If a MAP fails to find a neighbor or fails to connect to a controller through a neighbor, the Ethernet port is set as the primary backhaul again.

A MAP connected to a controller over an Ethernet port does not build a mesh topology (unlike a RAP).

A RAP always sets the Ethernet port as the primary backhaul.

If the Ethernet port is DOWN on a RAP, or a RAP fails to connect to a controller on a UP Ethernet port, the 802.11a radio is set as the primary backhaul for 15 minutes. Failing to find a neighbor or failing to connect to a controller via any neighbor on the 802.11a radio causes the primary backhaul to go into the scan state. The primary backhaul begins its scan with the Ethernet port.

Using the GUI to Configure the AP Role

To configure the role of a mesh access point using the GUI, follow these steps:


Step 1 Click Wireless to open the All APs page.

Step 2 Click the name of an access point. The All APs > Details (General) page appears.

Step 3 Click the Mesh tab (see Figure 40).

Figure 40 All APs > Details for (Mesh) Page

Step 4 Choose RootAP or MeshAP from the AP Role drop-down box.

Step 5 Click Apply to commit your changes and to cause the access point to reboot.


Using the CLI to Configure the AP Role

To configure the role of a mesh access point using the CLI, enter the following command:

config ap role {rootAP | meshAP} Cisco_AP

Verifying Layer 3 Configuration

Verify that the initial controller that the mesh access point is to associate with is at Layer 3.

To verify that the controller is configured for Layer 3, follow these steps.


Step 1 Open your web-browser and enter the IP address of your controller. Be sure to precede the IP address with https://. A login screen appears.

Step 2 Enter your username and password.

The default case-sensitive username and password are admin and admin. The summary window appears.

Step 3 From the top menu bar, click Controller. The controller general window appears.

Step 4 Verify that the LWAPP Transport Modes is set to Layer 3. If it is not, change it to Layer 3 and click Apply.

Step 5 Save any changes.

Step 6 From the menu bar, click Monitor to return to the Monitor summary window.

Step 7 Proceed to the "Configuring Multiple Controllers Using DHCP 43 and DHCP 60" section to assign a primary, secondary and tertiary controller.


Configuring Multiple Controllers Using DHCP 43 and DHCP 60

To configure DHCP Option 43 and 60 for mesh access points in the embedded Cisco IOS DHCP server, follow these steps:


Step 1 Enter configuration mode at the Cisco IOS CLI.

Step 2 Create the DHCP pool, including the necessary parameters such as default router and name server. The commands used to create a DHCP pool are as follows:

ip dhcp pool pool name 
network IP Network Netmask 
default-router Default router 
dns-server DNS Server 

Where:

pool name is the name of the DHCP pool, such as AP1520
IP Network is the network IP address where the controller resides, such as 10.0.15.1
Netmask is the subnet mask, such as 255.255.255.0
Default router is the IP address of the default router, such as 10.0.0.1
DNS Server is the IP address of the DNS server, such as 10.0.10.2
 
   

Step 3 Add the option 60 line using the following syntax:

option 60 ascii "VCI string" 
For the VCI string, use one of the values below. The quotation marks must be included.
For Cisco 1520 series access points, enter "Cisco AP c1520"
For Cisco 1240 series access points, enter "Cisco AP c1240"
For Cisco 1130 series access points, enter "Cisco AP c1130"
 
   

Step 4 Add the option 43 line using the following syntax:

option 43 hex hex string 
 
   

The hex string is assembled by concatenating the TLV values shown below:

Type + Length + Value

Type is always f1(hex). Length is the number of controller management IP addresses times 4 in hex. Value is the IP address of the controller listed sequentially in hex.

For example, suppose that there are two controllers with management interface IP addresses, 10.126.126.2 and 10.127.127.2. The type is f1(hex). The length is 2 * 4 = 8 = 08 (hex). The IP addresses translate to 0a7e7e02 and 0a7f7f02. Assembling the string then yields f1080a7e7e020a7f7f02.

The resulting Cisco IOS command added to the DHCP scope is listed below:

option 43 hex f1080a7e7e020a7f7f02
 
   

Configuring Backup Controllers

A single controller at a centralized location can act as a backup for mesh access points when they lose connectivity with the primary controller in the local region. Centralized and regional controllers need not be in the same mobility group. Using the controller GUI or CLI, you can specify the IP addresses of the backup controllers, which allows the mesh access points to fail over to controllers outside of the mobility group.

You can also configure primary and secondary backup controllers (which are used if primary, secondary, or tertiary controllers are not specified or are not responsive) for all access points connected to the controller as well as various timers, including the heartbeat timer and discovery request timers.


Note The fast heartbeat timer is not supported on mesh access points. The fast heartbeat timer is only configured on access points in local and hybrid-REAP modes.


The mesh access point maintains a list of backup controllers and periodically sends primary discovery requests to each entry on the list. When the mesh access point receives a new discovery response from a controller, the backup controller list is updated. Any controller that fails to respond to two consecutive primary discovery requests is removed from the list. If the mesh access point's local controller fails, it chooses an available controller from the backup controller list in this order: primary, secondary, tertiary, primary backup, secondary backup. The mesh access point waits for a discovery response from the first available controller in the backup list and joins the controller if it receives a response within the time configured for the primary discovery request timer. If the time limit is reached, the mesh access point assumes that the controller cannot be joined and waits for a discovery response from the next available controller in the list.


Note When a mesh access point's primary controller comes back online, the mesh access point disassociates from the backup controller and reconnects to its primary controller. The mesh access point falls back to its primary controller and not to any secondary controller for which it is configured. For example, if a mesh access point is configured with primary, secondary, and tertiary controllers, it fails over to the tertiary controller when the primary and secondary controllers become unresponsive and waits for the primary controller to come back online so that it can fall back to the primary controller. The mesh access point does not fall back from the tertiary controller to the secondary controller if the secondary controller comes back online; it stays connected to the tertiary controller until the primary controller comes back up.



Note If you inadvertently configure a controller that is running software release 6.0 with a failover controller that is running a different software release (such as 4.2, 5.0, 5.1, or 5.2), the mesh access point might take a long time to join the failover controller because the mesh access point starts the discovery process in LWAPP and then changes to CAPWAP discovery.


Using the GUI to Configure Backup Controllers

Using the controller GUI, follow these steps to configure primary, secondary, and tertiary controllers for a specific mesh access point and to configure primary and secondary backup controllers for all mesh access points.


Step 1 Click Wireless > Access Points > Global Configuration to open the Global Configuration window. (See Figure 41.)

Figure 41 Global Configuration Window


Note The fast heartbeat timer is not supported on mesh access points.


Step 2 In the AP Primary Discovery Timeout field, enter a value between 30 and 3600 seconds (inclusive) to configure the access point primary discovery request timer. The default value is 120 seconds.

Step 3 If you want to specify a primary backup controller for all access points, enter the IP address of the primary backup controller in the Back-up Primary Controller IP Address field and the name of the controller in the Back-up Primary Controller Name field.


Note The default value for the IP address is 0.0.0.0, which disables the primary backup controller.


Step 4 If you want to specify a secondary backup controller for all access points, enter the IP address of the secondary backup controller in the Back-up Secondary Controller IP Address field and the name of the controller in the Back-up Secondary Controller Name field.


Note The default value for the IP address is 0.0.0.0, which disables the secondary backup controller.


Step 5 Click Apply to commit your changes.

Step 6 If you want to configure primary, secondary, and tertiary backup controllers for a specific point, follow these steps:

a. Click Access Points > All APs to open the All APs window.

b. Click the name of the access point for which you want to configure primary, secondary, and tertiary backup controllers.

c. Click the High Availability tab. (See Figure 42.)

Figure 42 All APs > Details for (High Availability) Window

d. If desired, enter the name and IP address of the primary backup controller for this access point in the Primary Controller fields.


Note Entering an IP address for the backup controller is optional in this step and the next two steps. If the backup controller is outside the mobility group to which the mesh access point is connected (the primary controller), then you need to provide the IP address of the primary, secondary, or tertiary controller, respectively. The controller name and IP address must belong to the same primary, secondary, or tertiary controller. Otherwise, the mesh access point cannot join the backup controller.


e. If desired, enter the name and IP address of the secondary backup controller for this mesh access point in the Secondary Controller fields.

f. If desired, enter the name and IP address of the tertiary backup controller for this mesh access point in the Tertiary Controller fields.

g. No change is required to the AP Failover Priority value. The default value for mesh access points is critical and it cannot be modified.

h. Click Apply to commit your changes.

Step 7 Click Save Configuration to save your changes.


Using the CLI to Configure Backup Controllers

Using the controller CLI, follow these steps to configure primary, secondary, and tertiary controllers for a specific mesh access point and to configure primary and secondary backup controllers for all mesh access points.


Step 1 To configure a primary controller for a specific mesh access point, enter this command:

config ap primary-base controller_name Cisco_AP [controller_ip_address]


Note The controller_ip_address parameter in this command and the next two commands is optional. If the backup controller is outside the mobility group to which the mesh access point is connected (the primary controller), then you need to provide the IP address of the primary, secondary, or tertiary controller, respectively. In each command, the controller_name and controller_ip_address must belong to the same primary, secondary, or tertiary controller. Otherwise, the mesh access point cannot join the backup controller.


Step 2 To configure a secondary controller for a specific mesh access point, enter this command:

config ap secondary-base controller_name Cisco_AP [controller_ip_address]

Step 3 To configure a tertiary controller for a specific mesh access point, enter this command:

config ap tertiary-base controller_name Cisco_AP [controller_ip_address]

Step 4 To configure a primary backup controller for all mesh access points, enter this command:

config advanced backup-controller primary backup_controller_name backup_controller_ip_address

Step 5 To configure a secondary backup controller for all mesh access points, enter this command:

config advanced backup-controller secondary backup_controller_name backup_controller_ip_address


Note To delete a primary or secondary backup controller entry, enter 0.0.0.0 for the controller IP address.


Step 6 To configure the mesh access point primary discovery request timer, enter this command:

config advanced timers ap-primary-discovery-timeout interval

where interval is a value between 30 and 3600 seconds. The default value is 120 seconds.

Step 7 To configure the mesh access point discovery timer, enter this command:

config advanced timers ap-discovery-timeout interval

where interval is a value between 1 and 10 seconds (inclusive). The default value is 10 seconds.

Step 8 To configure the 802.11 authentication response timer, enter this command:

config advanced timers auth-timeout interval

where interval is a value between 10 and 600 seconds (inclusive). The default value is 10 seconds.

Step 9 To save your changes, enter this command:

save config

Step 10 To view a mesh access point's configuration, enter these commands:

show ap config general Cisco_AP

show advanced backup-controller

show advanced timers

show mesh config

Information similar to the following appears for the show ap config general Cisco_AP command:

Cisco AP Identifier.............................. 1
Cisco AP Name.................................... AP5
Country code..................................... US  - United States
Regulatory Domain allowed by Country............. 802.11bg:-AB    802.11a:-AB
AP Country code.................................. US  - United States
AP Regulatory Domain............................. 802.11bg:-A    802.11a:-N
Switch Port Number .............................. 1
MAC Address...................................... 00:13:80:60:48:3e
IP Address Configuration......................... DHCP
IP Address....................................... 1.100.163.133
...
Primary Cisco Switch Name........................ 1-4404
Primary Cisco Switch IP Address.................. 2.2.2.2
Secondary Cisco Switch Name...................... 1-4404
Secondary Cisco Switch IP Address................ 2.2.2.2
Tertiary Cisco Switch Name....................... 2-4404
Tertiary Cisco Switch IP Address................. 1.1.1.4
 
   

Information similar to the following appears for the show advanced backup-controller command:

AP primary Backup Controller .................... controller1 10.10.10.10
AP secondary Backup Controller ............... 0.0.0.0 

Information similar to the following appears for the show advanced timers command:

Authentication Response Timeout (seconds)........ 10
Rogue Entry Timeout (seconds).................... 1300
AP Heart Beat Timeout (seconds).................. 30
AP Discovery Timeout (seconds)................... 10
AP Primary Discovery Timeout (seconds)........... 120
 
   

Information similar to the following appears for the show mesh config command:

Mesh Range....................................... 12000
Backhaul with client access status............... disabled
Background Scanning State........................ enabled
Mesh Security
Security Mode................................. EAP
External-Auth................................. disabled
Use MAC Filter in External AAA server......... disabled
Force External Authentication................. disabled
Mesh Alarm Criteria
Max Hop Count................................. 4
Recommended Max Children for MAP.............. 10
Recommended Max Children for RAP.............. 20
Low Link SNR.................................. 12
High Link SNR................................. 60
Max Association Number........................ 10
Association Interval.......................... 60 minutes
Parent Change Numbers......................... 3
Parent Change Interval........................ 60 minutes
Mesh Multicast Mode.............................. In-Out
Mesh Full Sector DFS............................. enabled
Mesh Ethernet Bridging VLAN Transparent Mode..... enabled
 
   

Configuring External Authentication and Authorization Using a RADIUS Server

External authorization and authentication of mesh access points using a RADIUS server such as Cisco ACS (4.1 and later) is supported in release 5.2 and later. The RADIUS server must support the client authentication type of EAP-FAST with certificates.

Before you employ external authentication within the mesh network, you must make these changes:

ïConfigure the RADIUS server to be used as an AAA server must be configured on the controller.

The controller must also be configured on the RADIUS server.

Add the mesh access point configured for external authorization and authentication to the user list of the RADIUS server.

For additional details, refer to the "Adding a Username to a RADIUS Server" section.

Configure EAP-FAST on the RADIUS server and install the certificates. EAP-FAST authentication is required if mesh access points are connected to the controller using an 802.11a interface; the external RADIUS servers need to trust Cisco Root CA 2048. For information on installing and trusting the CA certificates, see the "Configuring RADIUS Servers" section.


Note If mesh access points connect to a the controller using a Fast Ethernet or Gigabit Ethernet interface, only MAC authorization is required.



Note This feature also supports local EAP and PSK authentication on the controller.


Configuring RADIUS Servers

Follow these steps to install and trust the CA certificates on the RADIUS server:


Step 1 Using Internet Explorer, download the CA certificates for Cisco Root CA 2048:

http://www.cisco.com/security/pki/certs/crca2048.cer

http://www.cisco.com/security/pki/certs/cmca.cer

Step 2 Install the certificates:

a. From the CiscoSecure ACS main menu, click, click System Configuration > ACS Certificate Setup > ACS Certification Authority Setup.

b. In the CA certificate file box, type the CA certificate location (path and name). For example: c:\Certs\crca2048.cer.

c. Click Submit.

Step 3 Configure the external RADIUS servers to trust the CA certificate.

a. From the CiscoSecure ACS main menu, choose System Configuration > ACS Certificate Setup > Edit Certificate Trust List. The Edit Certificate Trust List appears.

b. Check the check box next to the Cisco Root CA 2048 (Cisco Systems) certificate name.

c. Click Submit.

d. To restart ACS, choose System Configuration > Service Control, and then click Restart.



Note For additional configuration details on Cisco ACS servers, refer to the following links:

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_installation_and_configuration_guides_list.html (Windows)

http://www.cisco.com/en/US/products/sw/secursw/ps4911/ (UNIX)


Adding a Username to a RADIUS Server

Add MAC addresses of mesh access point that are authorized and authenticated by external RADIUS servers to the user list of that server prior to enabling RADIUS authentication for a mesh access point.

For remote authorization and authentication, EAP-FAST uses the manufacturer's certificate (CERT) to authenticate the child mesh access point. Additionally, this manufacturer certificate-based identity serves as the username for the mesh access point in user validation.

For IOS-based mesh access points (1130, 1240, 1522, 1524), in addition to adding the MAC address to the user list, you need to enter the platform_name_string-Ethernet_MAC_address string to the user list (for example, c1240-001122334455). The controller first sends the MAC address as the username; if this first attempt fails, then the controller sends the platform_name_string-Ethernet_MAC_address string as the username.


Note If you enter only the platform_name_string-Ethernet_MAC_address string to the user list, you will see a first-try failure log on the AAA server; however, the IOS-based mesh access point will still be authenticated on the second attempt using the platform_name_string-Ethernet_MAC_address string as the username.



Note The password must match the username (for example, c1520-001122334455).<verify still true for 6.0>


Using the GUI to Enable External Authentication of Mesh Access Points

To enable external authentication for a mesh access point using the GUI, follow these steps.


Step 1 In the controller GUI, click Wireless > Mesh. The Mesh window appears (see Figure 43).

Figure 43 Mesh Window

Step 2 In the security section, select the EAP option from the Security Mode drop-down menu.

Step 3 Check the Enabled check boxes for the External MAC Filter Authorization and Force External Authentication options.

Step 4 Click Apply.

Step 5 Click Save Configuration.


Using the CLI to Enable External Authentication of Mesh Access Points

To enable external authentication for mesh access points using the CLI, enter the following commands:

a. config mesh security eap

b. config macfilter mac-delimiter colon

c. config mesh security rad-mac-filter enable

d. config mesh radius-server index enable

e. config mesh security force-ext-auth enable (Optional)

Using the CLI to View Security Statistics

To view security statistics for mesh access points using the CLI, enter the following command:

show mesh security-stats Cisco_AP

Command shows packet error statistics and a count of failures, timeouts, and association and authentication successes as well as reassociations and reauthentications for the specified access point and its child.

Configuring Global Mesh Parameters

This section provides instructions for configuring the mesh access point to establish a connection with the controller including:

Setting the maximum range between RAP and MAP (not applicable to AP1130 and AP1240)

Enabling a backhaul to carry client traffic

Defining if VLAN tags are forwarded or not

Defining the authentication mode (EAP or PSK) and method (local or external) for mesh access points including security settings (local and external authentication).

You can configure the necessary mesh parameters using either the GUI or the CLI. All parameters are applied globally.

Using the GUI to Configure Global Mesh Parameters

To configure global mesh parameters using the controller GUI, follow these steps.


Step 1 Click Wireless > Mesh (see Figure 44).

Figure 44 Mesh Window

Step 2 Modify the mesh parameters as appropriate. Table 12 describes each parameter.

.

Table 12 Global Mesh Parameters  

Parameter
Description

Range (RootAP to MeshAP)

The optimum distance (in feet) that should exist between the root access point (RAP) and the mesh access point (MAP). This global parameter applies to all mesh access points when they join the controller and all existing mesh access points in the network.

Range: 150 to 132,000 feet

Default: 12,000 feet

Note After this feature is enabled, all mesh access points reboot.

IDS (Rogue and Signature Detection)

When you enable this feature, IDS reports are generated for all traffic on the backhaul. These reports can be useful for university or enterprise outdoor campus areas, or for public safety users who want to find out who is operating in 4.9 GHz.

When you disable this feature, no IDS reports are generated, which preserves bandwidth on the backhaul.

Note IDS reporting is enabled for all indoor mesh access points and cannot be disabled.

Note IDS reporting is disabled by default for all outdoor mesh access points.

Backhaul Client Access

Note This parameter applies to mesh access points with two or more radios (1524SB, 1522, 1240 and 1130) excluding the 1524PS.

When this feature is enabled, it allows wireless client association over the 802.11a radio. This implies that a 802.11a can carry both backhaul traffic and 802.11a client traffic over the same 802.11a radio.

When this feature is disabled, only backhaul traffic is sent over the 802.11a radio and client association is only over the 802.11b/g radio.

Default: Disabled

Note After this feature is enabled, all mesh access points reboot.

VLAN Transparent

This feature determines how a mesh access point handles VLAN tags for Ethernet bridged traffic.

Note Refer to the "Configuring Advanced Features" section for overview and additional configuration details.

If VLAN Transparent is enabled, then VLAN tags are not handled and packets are bridged as untagged packets.

Note No configuration of Ethernet ports is required when VLAN transparent is enabled. The Ethernet port passes both tagged and untagged frames without interpreting the frames.

If VLAN Transparent is disabled, then all packets are handled according to the VLAN configuration on the port (trunk, access, or normal mode).

Note If the Ethernet port is set to Trunk mode, then Ethernet VLAN tagging must be configured. Refer to "Using the GUI to Enable Ethernet Bridging" section.

Note For an overview of normal, access, and trunk Ethernet port use, refer to the "Ethernet Port Notes" section.

Note To use VLAN tagging, you must uncheck the VLAN Transparent check box.

Note VLAN Transparent is enabled as a default to ensure a smooth software upgrade from 4.1.192.xxM releases to release 5.2. Release 4.1.192.xxM does not support VLAN tagging (see Figure 44).

Default: Enabled.

Security Mode

Defines the security mode for mesh access points: Pre-Shared Key (PSK) or Extensible Authentication Protocol (EAP).

Note EAP must be selected if external MAC filter authorization using a RADIUS server is configured.

Note Local EAP or PSK authentication is performed within the controller if the External MAC Filter Authorization parameter is disabled (check box unchecked).

Options: PSK or EAP

Default: EAP

External MAC Filter Authorization

MAC filtering uses the local MAC filter on the controller by default.

When external MAC filter authorization is enabled, if the MAC address is not found in the local MAC filter, then the MAC address in the external RADIUS server is used.

This protects your network against rogue mesh access points by preventing mesh access points that are not defined on the external server from joining.

Before employing external authentication within the mesh network, the following configuration is required:

ïThe RADIUS server to be used as an AAA server must be configured on the controller.

The controller must also be configured on the RADIUS server.

The mesh access point configured for external authorization and authentication must be added to the user list of the RADIUS server.

For remote authorization and authentication, EAP-FAST uses the manufacturer's certificate (CERT) to authenticate the child mesh access point. Additionally, this manufacturer certificate-based identity serves as the username for the mesh access point in user validation.

For IOS-based mesh access points (1130, 1240, 1522, 1524), the platform name of the mesh access point is located in front of its Ethernet address within the certificate; therefore, their username for external RADIUS servers is platform_name_string-Ethernet MAC address such as c1520-001122334455.

The certificates must be installed and EAP-FAST must be configured on the RADIUS server.

Note When this capability is not enabled, by default, the controller authorizes and authenticates mesh access points using the MAC address filter.

Default: Disabled.

Force External Authorization

When enabled along with EAP and External MAC Filter Authorization parameters, external authorization and authentication of mesh access points is done by default by an external RADIUS server (such as Cisco 4.1 and later). The RADIUS server overrides local authentication of the MAC address by the controller which is the default.

Default: Disabled.


Step 3 Click Apply to commit your changes.

Step 4 Click Save Configuration to save your changes.


Using the CLI to Configure Global Mesh Parameters

Follow these steps to configure global mesh parameters including authentication methods using the controller CLI.


Note Refer to the "Using the GUI to Configure Global Mesh Parameters" section for descriptions, valid ranges, and default values of the parameters used in the CLI commands.



Step 1 To specify the maximum range (in feet) of all mesh access points in the network, enter this command:

config mesh range feet

To see the current range, enter show mesh range.

Step 2 To enable or disable IDS reports for all traffic on the backhaul, enter this command:

config mesh ids-state {enable | disable}

Step 3 To specify the rate (in Mb/s) at which data is shared between access points on the backhaul interface, enter this command:

config ap bhrate {rate | auto} Cisco_AP

Step 4 To enable or disable client association on the primary backhaul (802.11a) of a mesh access point, enter these commands:

config mesh client-access {enable | disable}

config ap wlan {enable | disable} 802.11a Cisco_AP

config ap wlan {add | delete} 802.11a wlan_id Cisco_AP

Step 5 To enable or disable VLAN transparent, enter this command:

config mesh ethernet-bridging vlan-transparent {enable | disable}

Step 6 To define a security mode for the mesh access point, enter one of the following commands:

a. To provide local authentication of the mesh access point by the controller, enter this command: config mesh security {eap | psk}

b. To store the MAC address filter in an external RADIUS server for authentication instead of the controller (local), enter these commands:

config macfilter mac-delimiter colon

config mesh security rad-mac-filter enable

config mesh radius-server index enable

c. To provide external authentication on a RADIUS server and define a local MAC filter on the controller, enter these commands:

config mesh security eap

config macfilter mac-delimiter colon

config mesh security rad-mac-filter enable

config mesh radius-server index enable

config mesh security force-ext-auth enable

d. To provide external authentication on a RADIUS server using a MAC username (such as c1520-123456) on the RADIUS server, enter these commands:

config macfilter mac-delimiter colon

config mesh security rad-mac-filter enable

config mesh radius-server index enable

config mesh security force-ext-auth enable

Step 7 To save your changes, enter this command:

save config


Using the CLI to View Global Mesh Parameter Settings

Use these commands to obtain information on global mesh settings:

Use these commands to obtain information on global mesh settings:

show mesh client-accessShows the status of the client-access backhaul as either enabled or disabled. When this option is enabled, mesh access points are able to associate with 802.11a wireless clients over the 802.11a backhaul. This client association is in addition to the existing communication on the 802.11a backhaul between the root and mesh access points.

controller >show mesh client-access
Backhaul with client access status: enabled
 
   

show mesh ids-state—Shows the status of the IDS reports on the backhaul as either enabled or disabled.

controller >show mesh ids-state
Outdoor Mesh IDS(Rogue/Signature Detect): .... Disabled

show mesh config-Displays global configuration settings.

(Cisco Controller) > show mesh config
Mesh Range....................................... 12000
Mesh Statistics update period.................... 3 minutes
Backhaul with client access status............... disabled
Background Scanning State........................ enabled
Backhaul Amsdu State............................. disabled
 
   
Mesh Security
Security Mode................................. EAP
External-Auth................................. disabled
Use MAC Filter in External AAA server......... disabled
Force External Authentication................. disabled
 
   
Mesh Alarm Criteria
Max Hop Count................................. 4
Recommended Max Children for MAP.............. 10
Recommended Max Children for RAP.............. 20
Low Link SNR.................................. 12
High Link SNR................................. 60
Max Association Number........................ 10
Association Interval.......................... 60 minutes
Parent Change Numbers......................... 3
Parent Change Interval........................ 60 minutes
 
   
Mesh Multicast Mode.............................. In-Out
Mesh Full Sector DFS............................. enabled
 
   
Mesh Ethernet Bridging VLAN Transparent Mode..... enabled

Configuring Local Mesh Parameters

After configuring global mesh parameters, you must configure the following local mesh parameters for these specific features if in use in your network:

Ethernet Bridging. Refer to the "Configuring Ethernet Bridging" section.

Bridge Group Name. Refer to the"Configuring Ethernet Bridging" section.

Workgroup Bridge. Refer to "Configuring Workgroup Bridges" section.

Public Safety Band Settings. Refer to the "Configuring Public Safety Band Settings" section.

Cisco 3200 Series Association and Interoperability. Refer to "Configuring Interoperability with the Cisco 3200" section.

Power and Channel Setting. Refer to "Configuring Power and Channel Settings" section.

Antenna Gain Settings. Refer to the "Configuring Antenna Gain" section.

Dynamic Channel Assignment. Refer to "Configuring Dynamic Channel Assignment" section

Configuring Ethernet Bridging

For security reasons the Ethernet port on all MAPs is disabled by default. It can be enabled only by configuring Ethernet Bridging on the root and its respective MAPs.

Ethernet bridging has to be enabled for two scenarios:

1. When you want to use the Mesh nodes as bridges. (See Figure 45.)


Note You do not need to configure VLAN tagging to use Ethernet bridging for point-to-point and point-to-multipoint bridging deployments.


2. When you want to connect any Ethernet device such as a video camera on the MAP using its Ethernet port. This is the first step to enable VLAN tagging.

Figure 45 Point-to-Multipoint Bridging

Using the GUI to Enable Ethernet Bridging

To enable Ethernet Bridging on a RAP or MAP using the GUI, follow these steps:


Step 1 Click Wireless > All APs.

Step 2 Click the AP name link of the mesh access point on which you want to enable Ethernet bridging.

Step 3 At the details window, select the Mesh tab. (See Figure 46.)

Figure 46 All APs > Details for (Mesh) Window

Step 4 Select either RootAP or MeshAP from the AP Role drop-down menu, if not already selected.

MeshAP—Select this option if the AP1520 has a wireless connection to the controller. This is the default setting.

RootAP—Select this option if the AP1520 has a wired connection to the controller.


Note At least one mesh access point must be set to RootAP in the mesh network.


Step 5 To assign this mesh access point to a bridge group, enter a name for the group in the Bridge Group Name field.

Step 6 Check the Ethernet Bridging check box to enable Ethernet bridging or uncheck it to disable this feature.

Step 7 Select the appropriate backhaul rate for the 802.11a backhaul interface from the Bridge Data Rate drop-down menu. Cisco recommends setting the backhaul rate to auto.

When the bridge data rate is set to auto, the mesh backhaul chooses the highest rate possible given its link quality and the ability to sustain of that rate.

Step 8 Click Apply to commit your changes. An Ethernet Bridging section appears at the bottom of the window listing each of the Ethernet ports of the mesh access point.


Configuring Bridge Group Names

Bridge group names (BGN) controls the association of mesh access points. BGNs can logically group radios to avoid two networks on the same channel from communicating with each other. The setting is also useful if you have more than one RAP in your network in the same sector (area). BGN is a string of 10 characters maximum.

A BGN of NULL VALUE is assigned by default by manufacturing. Although not visible to you, it allows a mesh access point to join the network prior to your assignment of your network-specific BGN.

If you have two RAPs in your network in the same sector (for more capacity), Cisco recommends that you configure the two RAPs with the same BGN, but on different channels.

Using the CLI to Configure BGN

To configure a BGN, follow these steps:


Step 1 Using the CLI, enter the following command:

T


Note The mesh access point reboots after BGN configuration.



Caution Be careful when configuring BGN on a live network. Always start BGN assignment from the farthest-most node (last node, bottom of mesh tree) and move up towards the RAP. This ensures that no mesh access points are dropped due to mixed BGNs (old and new BGNs) within the same network.

Step 2 To verify the BGN, enter the following command:

(Cisco controller) > show ap config general AP_Name

Information similar to the following displays to the screen.

Verifying BGN Using the GUI

To verify BGN using the GUI, follow these steps:


Step 1 Click Wireless > Access Points > AP Name. the details window for the selected mesh access point appears.

Step 2 Click the Mesh tab. Details for the mesh access point including BGN appears. (See Figure 47.)

Figure 47 AP Name > Mesh


Configuring Workgroup Bridges

A workgroup bridge (WGB) is used to connect wired networks over a single wireless segment. It does this by informing the mesh access point of all the clients that the WGB has on its wired segment via IAPP messages. In addition to the IAPP control messages, the data packets for WGB clients contains an extra MAC address in the 802.11 header (4 MAC header, versus the normal 3 MAC data headers). The extra MAC in the header is the address of the workgroup bridge itself. This extra MAC address is used to route the packet to and from the clients.

WGB association is supported on both the 2.4-GHz (802.11b/g) and 5-GHz (802.11a) radios on the AP1522, and the 2.4-GHz (802.11b) and 4.9-GHz (public safety) radios on the AP1524PS; however, WGB client mode cannot be configured on the AP1522 or AP1524.

Supported platforms are autonomous WGBs AP1130, AP1240, AP1310, and the Cisco 3200 Mobile Router (hereafter referred to as Cisco 3200) which configured as WGB can associate with a mesh access point.

Figure 48 WGB Example


Note Refer to the "Cisco Workgroup Bridges" section in Chapter 7 of the Cisco Wireless LAN Controller Configuration Guide, Release 6.0 for configuration steps at: http://www.cisco.com/en/US/products/ps6366/products_installation_and_configuration_guides_list.html


Supported Workgroup Bridge Modes and Capacities

The 1130, 1240, and 1310 autonomous mesh access points must be running Cisco IOS release 12.4(3g)JA or later (on 32-MB access points) or Cisco IOS release 12.3(8)JEB or later (on 16-MB access points). Cisco IOS releases prior to 12.4(3g)JA and 12.3(8)JEB are not supported.


Note If your mesh access point has two radios, you can only configure workgroup bridge mode on one of the radios. Cisco recommends that you disable the second radio. Workgroup bridge mode is not supported on access points with three radios such as the AP1524.


Client mode WGB (BSS) is supported; however, infrastructure WGB is not supported. The client mode WGB is not able to trunk VLANs as is an infrastructure WGB.

Multicast traffic is not reliably transmitted to WGB because no ACKs are returned by the client. Whereas, multicast traffic is unicast to infrastructure WGBs and ACKs are received back.

If one radio is configured as WGB in an IOS access point, then the second radio cannot be a WGB or a Repeater.

Mesh access points can support up to 200 clients including wireless clients, WGBs, and wired clients behind the associated WGBs.

WGBs operating with Cisco IOS release 12.4(3g)JA cannot associate with mesh access points if the WLAN is configured with WPA1 (TKIP) +WPA2 (AES), and the corresponding WGB interface is configured with only one of these encryptions (either WPA1 or WPA2).

Figure 49 displays WPA security settings for WGB (controller GUI).

Figure 50 displays WPA-2 security settings for WGB (controller GUI).

Figure 49 WPA Security Settings for WGB

Figure 50 WPA-2 Security Settings for WGB

To view the status of a WGB client, follow these steps:


Step 1 Click Monitor > Clients.

Step 2 At the client summary window, click on the MAC address of the client or search for the client using its MAC address.

Step 3 In the window that appears, note that the client type is identified as WGB (far right). (See Figure 51.)

Figure 51 Clients are Identified as WGB

Step 4 Click on MAC address of the client to view configuration details.

If a wireless client, the window seen in Figure 52 appears.

If a wired client, the window seen in Figure 53 appears.

Figure 52 Monitor > Clients > Detail Window (Wireless WGB Client)

Figure 53 Monitor > Clients > Detail Window (Wired WGB Client)


Configuring Public Safety Band Settings

A public safety band (4.9-GHz) is supported on the AP1522 and AP1524PS. (See Figure 54.)

Figure 54 AP 1524PS Diagram Showing Radio Placement

For the AP1524PS, the 4.9-GHz radio is independent of 5-GHz radio and is not used for the backhaul. On the AP1524PS, the 4.9-GHz band is enabled by default.

In Japan, 4.9 GHz is enabled by default as 4.9 GHz is unlicensed.

For AP1522s, you can enable the 4.9 GHz public safety band on the backhaul. This can only be done at the global level and cannot be done on per mesh access point basis.

For client access on the 4.9 GHz band on the AP1522, one has to enable the feature universal client access.

For public safety only deployments, the AP1522 and the AP1524PS must each be connected to its own separate RAP-based tree. For such deployments, the 1522 must use the 4.9-GHz backhaul and the1524PS must be in its own RAP tree and use the 5.8-GHz backhaul.

In some parts of the world including the US, you can only have public safety traffic on the 4.9-GHz backhaul. Check the destination countries compliance before installing.

The 4.9-GHz sub-band radio on the AP1524PS supports public safety channels within the 5-MHz (channels 1 to 10), 10-MHz (channels 11-19), and 20-MHz (channels 20-26) bandwidths.

The following data rates are supported within the 5 MHz bandwidth: 1.5, 2.25, 3, 4.5, 6, 9, 12, and 13.5 Mb/s. Default rate is 6 Mb/s.

The following data rates are supported within the 10 MHz bandwidth: 3, 4.5, 6, 9, 12, 18, 24, and 27 Mb/s. Default rate is 12 Mb/s.


NoteThose AP1522s with serial numbers prior to FTX1150XXXX do not support 5 and 10 MHz channels on the 4.9-GHz radio; however, a 20-MHz channel is supported.

Those AP1522s with serial numbers after FTX1150XXXX support 5, 10 and 20 MHz channels.


Enabling the 4.9-GHz Band

When you attempt to enable the 4.9 GHz band, you get a warning that the band is a licensed band in most parts of the world. (See Figure 55.)

Figure 55 Public Safety Warning During Configuration

To verify that a public safety band is on the mesh access point using the CLI, enter:

(Cisco controller) show mesh public-safety
Global Public Safety status: enabled
 
   

To verify that a public safety band is on the mesh access point using the GUI:

Wireless > Access Points > 802.11a radio > Configure (from Antenna drop-down menu)

Configuring Interoperability with the Cisco 3200

Cisco AP1522 and AP1524PS can interoperate with the Cisco 3200 on the public safety channel (4.9-GHz) as well as the 2.4-GHz access and 5.8-GHz backhaul.

The Cisco 3200 creates an in-vehicle network in which devices such as PCs, surveillance cameras, digital video recorders, printers, PDAs, and scanners can share wireless networks such as cellular or WLAN based services back to the main infrastructure. This allows data collected from in-vehicle deployments such as a police cars to be integrated into the overall wireless infrastructure.

This section provides configuration guidelines and step-by-step instructions for configuring interoperability between the Cisco 3200 and the AP1522 and the AP1524PS.

For specific interoperability details between series 1130, 1240, and 1520 (1522, 1524PS) mesh access points and Cisco 3200, refer to Table 13.

Table 13 Mesh Access Points and Cisco 3200 Interoperability

Mesh Access Point Model
Cisco 3200 Model

15221

c32012 , c32023 , c32054

1524PS

c3201, c3202

1130, 1240 configured as indoor mesh access points with universal access

c3201, c3205

1 Universal access must be enabled on the AP1522 if connecting to a Cisco 3200 on the 802.11a radio or 4.9-GHz band.

2 Model c3201 is a Cisco 3200 with a 802.11b/g radio (2.4-GHz).

3 Model c3202 is a Cisco 3200 with a 4-9-GHz sub-band radio.

4 Model c3205 is a Cisco 3200 with a 802.11a radio (5.8-GHz sub-band).


Table 14 identifies mesh access points and their respective frequency bands that support WGB.

Table 14 WGB Interoperability Chart 

RAP/MAP (5-GHz Backhaul)
WGB
 

3200

1240

1130

1310

4.9-GHz (5, 10, 20 MHz)

5-GHz

2.4-GHz

5-GHz

2.4-GHz

5-GHz

2.4-GHz

2.4-GHz

1524PS/1524PS

X

X

X

X

X

1522/1522

X

X

X

X

X

X

X

X

1524PS/1522

X

X

X

X

X

X

X

1522/1524PS

X

X

X

X

X

1240/1130

X

X

X

X

X

X

X



Note In the above table, X means Supported and — means Not Supported.


Configuration Guidelines

For the AP1522 or AP1524PS and Cisco 3200 to interoperate on the public safety network, the following configuration guidelines must be met:

Client access must be enabled on the backhaul (Mesh global parameter). This feature is not supported on the AP1524PS.

Public safety must be enabled globally on all mesh access points (MAPs) in the mesh network.

Channel number assignment on the AP1522 or AP1524PS must match those on the Cisco 3200 radio interfaces.

Channels 20 (4950 GHz) through 26 (4980 GHz) and sub-band channels 1-19 (5 and 10 MHz) are used for Cisco 3200 interoperability. This configuration change is made on the controller. No changes are made to the mesh access point configuration.

Channel assignments are only made to the RAP. Updates to the MAP are propagated by the RAP.

The default channel width for Cisco 3200s is 5 MHz. You must either change the channel width to 10 or 20-MHz to enable WGBs to associate with the AP1522 and AP1524PS or change the channel on the AP1522 or AP1524PS to a channel in the 5-MHz (channels 1 to 10) or 10-MHz band (channels 11 to 19).

Radio (802.11a) must be disabled when configuring channels and then re-enabled when using the CLI.

When using the GUI, enabling and disabling of the 802.11a radio for channel configuration is not required.

Cisco 3200s can scan channels within but not across the 5, 10 or 20-MHz bands.

Using the GUI to Enable AP1522 and AP1524PS to Associate with Cisco 3200

To enable AP1522 and AP1524PS to associate with Cisco 3200, follow these steps.


Step 1 To enable the backhaul for client access, click Wireless > Mesh to access the Mesh window.

Step 2 Check the Backhaul Client Access Enabled check box to allow wireless client association over the 802.11a radio. Click Apply.


Note You are prompted with a message to allow reboot of all the mesh access points to enable Backhaul Client Access on a network. Click OK.


Step 3 To assign the channel to use for the backhaul (channels 20 through 26), click Wireless > Access Points > Radio and select 802.11a/n from the Radio sub-heading. A summary window for all 802.11a radios displays.

Step 4 At the Antenna drop-down menu for the appropriate RAP, select Configure. The window seen in Figure 56 displays.

Figure 56 Wireless > Access Points > Radio > 802.11 a/n > Configure Window

Step 5 At the RF Backhaul Channel Assignment section, select the Custom option for the Assignment Method option and select any channel between 1 and 26.

Step 6 Click Apply to commit your changes.

Step 7 Click Save Configuration to save your changes.


Using the CLI to Enable 1522 and 1524PS Association with Cisco 3200

To enable an AP1522 or AP1524PS to associate with Cisco 3200, follow these steps.


Step 1 To enable client access mode on the AP1522 and AP1524, enter this command:

config mesh client-access enable

Step 2 To enable the public safety on a global basis, enter this command:

config mesh public-safety enable all

Step 3 To enable the public safety channels, enter these commands:

a. On the AP1522, enter these commands:

config 802.11a disable Cisco_MAP

config 802.11a channel ap Cisco_MAP channel number

config 802.11a enable Cisco_MAP

b. On the AP1524PS, enter these commands:

config 802.11-a49 disable Cisco_MAP

config 802.11-a49 channel ap Cisco_MAP channel number

config 802.11-a49 enable Cisco_MAP


Note Enter config 802.11-a58 enable Cisco_MAP to enable a 5.8-GHz radio.



Note For both the AP1522 and AP1524PS, channel number is equal to any value 1 to 26.


Step 4 To save your changes, enter this command:

save config

Step 5 To verify your configuration, enter these commands:

show mesh public-safety

show mesh client-access

show ap config 802.11a summary (1522 only)

show ap config 802.11-a49 summary (1524PS only)


Note Enter show config 802.11-a58 summary to display configuration details for a 5.8-GHz radio.



Configuring Power and Channel Settings

The backhaul channel (802.11a/n) can be configured on a RAP. MAPs tune to the RAP channel. The local access can be configured independently for MAPs.

Using the GUI to Configure Power and Channels Settings

To configure power and channel using the controller GUI, follow these steps.


Step 1 From the Controller GUI, click Wireless > Access Points > 802.11a/n (see Figure 57).

Figure 57 Access Points > 802.11a/n Radios Window


Note In Figure 57, radio slots are displayed for each radio. For an AP1524SB, the 802.11a radio will display for slots 1 and 2 that operate on the 5.8-GHz band. For an AP1524PS, the 802.11a radio will display for slots 1 and 2, operating on the 5.8-GHz and 4.9-GHz bands respectively.


Step 2 Select configure from the antenna drop-down menu for the 802.11 a/n radio. The configure window appears (see Figure 58).


Note For the 1524SB, select the antenna drop-down for a RAP with a radio role of downlink.


Figure 58 802.11a/n Cisco APs > Configure Window

Step 3 Assign a channel (assignment methods of global and custom) for the radio.


Note When assigning a channel to the AP1524SB, choose the Custom assignment method, and select one of the supported channels for the 5.8-GHz band: 149, 153, 157, 161, or 165.


Step 4 Assign Tx power levels (global and custom) for the radio.

There are five selectable power levels for the 802.11a backhaul for AP1520s.

AP1522 supports ISM, UNII-2 band and UNII-2 Extended bands.

AP1524 supports the ISM band (5.8 GHz).


Note The default Tx power level on the backhaul is the highest power level (Level 1).



Note Radio Resource Management (RRM) is OFF (disabled) by default. RRM cannot be turned ON (enabled) for the backhaul.


Step 5 Click Apply when power and channel assignment are complete.

Step 6 From the 802.11 a/n Radios window, verify that channel assignments were made correctly (see Figure 59).

Figure 59 Channel Assignment


Using the CLI to Configure the Channels on the Serial Backhaul

To configure channels on the serial backhaul of the RAP using the controller CLI, follow these steps:


Step 1 To configure the backhaul channel on the radio in slot 2 of the RAP, enter this command:

config slot 2 channel ap Cisco_RAPSB channel

The available channels for the 5.8-GHz band are 149, 153, 157, 161, and 165.

Step 2 To configure the transmit power level on the radio in slot 2 of the RAP, enter this command:

config slot 2 txPower ap Cisco_RAPSB power

Valid values are 1 through 5; the default value is 1.

Step 3 To display the configurations on the mesh access points, enter these commands:

show mesh path MAP

Information similar to the following appears:

AP Name/Radio      Channel Rate Link-Snr Flags    State
-----------------  ------- ---- -------- -------  -----
 
   
MAP1SB             161     auto 60       0x10ea9d54 UPDATED NEIGH PARENT BEACON
RAPSB              153     auto 51       0x10ea9d54 UPDATED NEIGH PARENT BEACON
RAPSB             is a Root AP.
 
   

show mesh backhaul RAPSB

Information similar to the following appears:

Current Backhaul Slot(s)......................... 1, 2,
 
   
Basic Attributes for Slot  1
    Radio Type................................... RADIO_TYPE_80211a
    Radio Role................................... ACCESS
    Administrative State ........................ ADMIN_ENABLED
    Operation State ............................. UP
    Current Tx Power Level ...................... 1
    Current Channel ............................. 165
    Antenna Type................................. EXTERNAL_ANTENNA
    External Antenna Gain (in .5 dBm units)...... 0
 
   
Basic Attributes for Slot  2
    Radio Type................................... RADIO_TYPE_80211a
    Radio Role................................... RADIO_DOWNLINK
    Administrative State ........................ ADMIN_ENABLED
    Operation State ............................. UP
    Current Tx Power Level ...................... 3
    Current Channel ............................. 153
    Antenna Type................................. EXTERNAL_ANTENNA
    External Antenna Gain (in .5 dBm units)...... 0
 
   

show ap channel MAP1SB

Information similar to the following appears:

802.11b/g Current Channel ................. 11
Slot Id ................................... 0
Allowed Channel List....................... 1,2,3,4,5,6,7,8,9,10,11
802.11a(5.8Ghz) Current Channel ........... 161
Slot Id ................................... 1
Allowed Channel List....................... 149,153,157,161,165
802.11a(5.8Ghz) Current Channel ........... 153
Slot Id ................................... 2
Allowed Channel List....................... 149,153,157,161,165
 
   

Configuring Antenna Gain

You must configure the antenna gain for the mesh access point to match that of the antenna installed using the controller GUI or controller CLI.


Note Refer to Table 5 for details on supported antennas and their gains.


Using the GUI to Configure Antenna Gain

To configure antenna parameters using the controller GUI, follow these steps.


Step 1 Click Wireless > Access Points > Radio > 802.11a/n to open the 802.11a/n Radios window.

Step 2 For the mesh access point antenna you want to configure, hover over the blue arrow (far right) to display antenna options. Choose Configure. (See Figure 60.)


Note Only external antennas have configurable gain settings.


Figure 60 802.11a/n Radios Window

Step 3 In the Antenna Parameters section, enter the antenna gain.

Gain is entered in 0.5 dBm units. For example, 2.5 dBm = 5. (See Figure 61.)


Note The entered gain value must match that value specified by the vendor for that antenna.


Figure 61 802.11 a/n Cisco APs > Configure Window

Step 4 Click Apply and Save Configuration to save the changes.


Using the CLI to Configure Antenna Gain

Enter this command to configure antenna gain for the 802.11a backhaul radio using the controller CLI.

config 802.11a antenna extAntGain antenna_gain AP_name

where gain is entered in 0.5 dBm units (for example, 2.5 dBm =5).

Configuring Dynamic Channel Assignment

Using the controller GUI, follow these steps to specify the channels that the dynamic channel assignment (DCA) algorithm considers when selecting the channels to be used for RRM scanning. This functionality is helpful when you know that the clients do not support certain channels because they are legacy devices or they have certain regulatory restrictions.

The steps outlined in this section are only relevant to mesh networks.


Step 1 To disable the 802.11a or 802.11b/g network, follow these steps:

a. Click Wireless > 802.11a/n or 802.11b/g/n > Network to open the 802.11a (or 802.11b/g) Global Parameters window.

b. Uncheck the 802.11a (or 802.11b/g) Network Status check box.

c. Click Apply to commit your changes.

Step 2 Click Wireless > 802.11a/n or 802.11b/g/n > RRM > DCA to open the 802.11a (or 802.11b/g) > RRM > Dynamic Channel Assignment (DCA) window. (See Figure 62.)

Figure 62 802.11a > RRM > Dynamic Channel Assignment (DCA) Window

Step 3 Choose one of the following options from the Channel Assignment Method drop-down box to specify the controller's DCA mode:

Automatic—Causes the controller to periodically evaluate and, if necessary, update the channel assignment for all joined mesh access points. This is the default value.

Freeze—Causes the controller to evaluate and update the channel assignment for all joined mesh access points, if necessary, but only when you click Invoke Channel Update Once.


Note The controller does not evaluate and update the channel assignment immediately after you click Invoke Channel Update Once. It waits for the next interval to elapse.


OFF—Turns off DCA and sets all mesh access point radios to the first channel of the band, which is the default value. If you choose this option, you must manually assign channels on all radios.

Step 4 From the Interval drop-down box, choose one of the following options to specify how often the DCA algorithm is allowed to run: 10 minutes, 1 hour, 2 hours, 3 hours, 4 hours, 6 hours, 8 hours, 12 hours, or 24 hours. The default value is 10 minutes.

Step 5 From the AnchorTime drop-down box, choose a number to specify the time of day when the DCA algorithm is to start. The options are numbers between 0 and 23 (inclusive) representing the hour of the day from 12:00 a.m. to 11:00 p.m.

Step 6 Check the Avoid Foreign AP Interference check box to cause the controller's RRM algorithms to consider 802.11 traffic from foreign access points (those not included in your wireless network) when assigning channels to lightweight access points, or uncheck it to disable this feature. For example, RRM may adjust the channel assignment to have access points avoid channels close to foreign access points. The default value is checked.

Step 7 Check the Avoid Cisco AP Load check box to cause the controller's RRM algorithms to consider 802.11 traffic from Cisco lightweight access points in your wireless network when assigning channels, or uncheck it to disable this feature. For example, RRM can assign better reuse patterns to access points that carry a heavier traffic load. The default value is unchecked.

Step 8 Check the Avoid Non-802.11a (802.11b) Noise check box to cause the controller's RRM algorithms to consider noise (non-802.11 traffic) in the channel when assigning channels to lightweight access points, or uncheck it to disable this feature. For example, RRM may have access points avoid channels with significant interference from non-access point sources, such as microwave ovens. The default value is checked.

Step 9 From the DCA Channel Sensitivity drop-down box, choose one of the following options to specify how sensitive the DCA algorithm is to environmental changes such as signal, load, noise, and interference when determining whether to change channels:

Low—The DCA algorithm is not particularly sensitive to environmental changes.

Medium—The DCA algorithm is moderately sensitive to environmental changes.

High—The DCA algorithm is highly sensitive to environmental changes.

The default value is Medium. The DCA sensitivity thresholds vary by radio band, as noted in

Table 15 DCA Sensitivity Thresholds  

Option
2.4-GHz DCA Sensitivity Threshold
5-GHz DCA Sensitivity Threshold

High

5 dB

5 dB

Medium

15 dB

20 dB

Low

30 dB

35 dB


Table 15.

Step 10 For 802.11a/n networks only, choose one of the following Channel Width options to specify the channel bandwidth supported for all 802.11n radios in the 5-GHz band:

20 MHz—The 20-MHz channel bandwidth (default)


Note To override the globally configured DCA channel width setting, you can statically configure an access point's radio for 20-MHz mode on the 802.11a/n Cisco APs > Configure window. If you ever then change the static RF channel assignment method to Global on the access point radio, the global DCA configuration overrides the channel width configuration that the access point was previously using.


This window also shows the following non-configurable channel parameter settings:

Channel Assignment Leader—The MAC address of the RF group leader, which is responsible for channel assignment.

Last Auto Channel Assignment—The last time RRM evaluated the current channel assignments.

Step 11 In the DCA Channel List section, the DCA Channels field shows the channels that are currently selected. To choose a channel, check its check box in the Select column. To exclude a channel, uncheck its check box.

Range:
802.11a—36, 40, 44, 48, 52, 56, 60, 64, 100, 104, 108, 112, 116, 132, 136, 140, 149, 153, 157, 161, 165, 190, 196
802.11b/g—1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11

Default:
802.11a—36, 40, 44, 48, 52, 56, 60, 64, 100, 104, 108, 112, 116, 132, 136, 140, 149, 153, 157, 161
802.11b/g—1, 6, 11


Note These extended UNII-2 channels in the 802.11a band do not appear in the channel list: 100, 104, 108, 112, 116, 132, 136, and 140. If you have Cisco Aironet 1520 series mesh access points in the -E regulatory domain, you must include these channels in the DCA channel list before you start operation. If you are upgrading from a previous release, verify that these channels are included in the DCA channel list. To include these channels in the channel list, check the Extended UNII-2 Channels check box.


Step 12 If you are using AP1520s in your network, you need to set the 4.9-GHz channels in the 802.11a band on which they are to operate. The 4.9-GHz band is for public safety client access traffic only. To choose a 4.9-GHz channel, check its check box in the Select column. To exclude a channel, uncheck its check box.

Range:
802.11a—1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26

Default:
802.11a—20, 26

Step 13 Click Apply to commit your changes.

Step 14 To re-enable the 802.11a or 802.11b/g network, follow these steps:

a. Click Wireless > 802.11a/n or 802.11b/g/n > Network to open the 802.11a (or 802.11b/g) Global Parameters window.

b. Check the 802.11a (or 802.11b/g) Network Status check box.

c. Click Apply to commit your changes.

Step 15 Click Save Configuration to save your changes.


Note To see why the DCA algorithm changed channels, click Monitor and then View All under Most Recent Traps. The trap provides the MAC address of the radio that changed channels, the previous channel and the new channel, the reason why the change occurred, the energy before and after the change, the noise before and after the change, and the interference before and after the change.



Configuring Advanced Features

"Configuring Ethernet VLAN Tagging" section

"Configuring Voice Parameters in Indoor Mesh Networks" section

"Enabling Mesh Multicast Containment for Video" section

Configuring Ethernet VLAN Tagging

Ethernet VLAN tagging allows specific application traffic to be segmented within a wireless mesh network and then forwarded (bridged) to a wired LAN (access mode) or bridged to another wireless mesh network (trunk mode).

A typical public safety access application using Ethernet VLAN tagging is placement of video surveillance cameras at various outdoor locations within a city. Each of these video cameras has a wired connection to a MAP. The video of all these cameras is then streamed across the wireless backhaul to a central command station on a wired network (see Figure 63).

Figure 63 Ethernet VLAN Tagging

Ethernet Port Notes

Ethernet VLAN tagging allows Ethernet ports to be configured as normal, access, or trunk in both indoor and outdoor implementations.


Note When VLAN Transparent is disabled, the default Ethernet port mode is normal. VLAN Transparent must be disabled for VLAN tagging to operate and to allow configuration of Ethernet ports. To disable VLAN Transparent, a global parameter, refer to "Configuring Global Mesh Parameters" section.


Normal mode-In this mode, the Ethernet port does not accept or send any tagged packets. Tagged frames from clients are dropped.

Use the normal mode in applications when only a single VLAN is in use or there is no need to segment traffic in the network across multiple VLANs.

Access Mode-In this mode, only untagged packets are accepted. All incoming packets are tagged with user-configured VLANs called access-VLAN.

Use the access mode for applications in which information is collected from devices connected to the MAP such as cameras or PCs and then forwarded to the RAP. The RAP then applies tags and forwards traffic to a switch on the wired network.

Trunk mode-This mode requires the user to configure a native VLAN and an allowed VLAN list (no defaults). In this mode, both tagged and untagged packets are accepted. Untagged packets are accepted and are tagged with the user-specified native VLAN. Tagged packets are accepted if they are tagged with a VLAN in the allowed VLAN list.

Use the trunk mode for bridging applications such as forwarding traffic between two MAPs resident on separate buildings within a campus.

Ethernet VLAN tagging operates on Ethernet ports that are not used as backhauls.

Ethernet VLAN Tagging Guidelines

For security reasons the Ethernet port on a mesh access point (RAP and MAP) is disabled by default. It is enabled by configuring Ethernet Bridging on the mesh access point port.

Ethernet bridging must be enabled on all the mesh access points in the mesh network to allow Ethernet VLAN tagging to operate.

VLAN mode must be set as non-VLAN transparent (global mesh parameter). Refer to "Using the CLI to Configure Global Mesh Parameters" section.

VLAN transparent is enabled by default. To set as non-VLAN transparent you must uncheck the VLAN transparent option in the global mesh parameters window (see Figure 64).

Figure 64 Wireless > Mesh Window

VLAN tagging can only be configured on Ethernet interfaces.

On AP1520s, three of the four ports can be used as secondary Ethernet interfaces: port 0-PoE in, port 1-PoE out, and port 3- fiber. Port 2 - cable cannot be configured as a secondary Ethernet interface.

In Ethernet VLAN tagging, port 0-PoE in on the RAP is used to connect to the trunk port of the switch of the wired network. Port 1-PoE out on the MAP is used to connect to external devices such as video cameras.

Backhaul interfaces (802.11a radios) act as primary Ethernet interfaces. Backhauls function as trunks in the network and carry all VLAN traffic between the wireless and wired network. No configuration of primary Ethernet interfaces is required.

For indoor mesh networks (AP1130, AP1240), the VLAN tagging feature functions as it does for outdoor mesh networks. Any access port that is not acting as a backhaul is secondary and can be used for VLAN tagging.

VLAN tagging cannot be implemented on indoor access point RAPs because they do not have a secondary Ethernet port, and their primary port is used as a backhaul. However, VLAN tagging can be enabled on MAPs with a single Ethernet port because the Ethernet port on a MAP is not functioning as a backhaul and is therefore a secondary port.

VLAN tagging cannot be implemented on RAPs because they no have a secondary Ethernet port, and their primary port is used as a backhaul. However, VLAN tagging can be enabled on MAPs with a single Ethernet port because the Ethernet port on a MAP is not functioning as a backhaul and is therefore a secondary port.

No configuration changes are applied to any Ethernet interface acting as a backhaul. A warning displays if you attempt to modify the backhaul's configuration. The configuration is only applied after the interface is no longer acting as backhaul (see Figure 65).

Figure 65 Warning Message Displays for Backhaul Configuration Attempts

No configuration is required to support VLAN tagging on any 802.11a backhaul Ethernet interface within the mesh network.

This includes the RAP uplink Ethernet port. The required configuration happens automatically using a registration mechanism.

Any configuration changes to an 802.11a Ethernet link acting as a backhaul are ignored and a warning results. When the Ethernet link no longer functions as a backhaul the modified configuration is applied.

VLAN configuration is not allowed on port-02-cable modem port of AP1520s. VLANs can be configured on ports 0 (PoE-in), 1 (PoE-out) and 3 (fiber).

Up to 16 VLANs are supported on each sector. Therefore, the cumulative number of VLANs supported by a RAP's children (MAPs) cannot exceed 16.

The switch port connected to the RAP must be a trunk.

The trunk port on the switch and the RAP trunk port must match.

The RAP must always connect to the native VLAN ID 1 on a switch. The RAP's primary Ethernet interface is by default the native VLAN of 1.

The switch port in the wired network that is attached to the RAP (port 0-PoE in) must be configured to accept tagged packets on its trunk port. The RAP forwards all tagged packets received from the mesh network to the wired network.

No VLANs, other than those destined for the mesh sector, should be configured on the switch trunk port.

A configured VLAN on a MAP Ethernet port cannot function as a Management VLAN.

Configuration is effective only when an mesh access point is in CAPWAP RUN state and VLAN-Transparent mode is disabled.

Whenever there is a case of roaming or CAPWAP restart, an attempt is made to apply configuration again.

VLAN Registration

To support a VLAN on an mesh access point, all the uplink mesh access points must also support the same VLAN. It is required for the segregation of traffic belonging to different VLANs. The activity by which an mesh access point communicates its requirements for a VLAN and gets response from a parent is known as VLAN registration.


Note VLAN registration occurs automatically. No user intervention is required.


The steps of VLAN registration are summarized below:

1. Whenever an Ethernet port on a mesh access point is configured with a VLAN, the port requests its parent to support that VLAN.

2. If the parent is able to support the request, it creates a bridge group for the VLAN and propagates the request to its parent. This propagation continues until the RAP is reached.

3. When the request reaches the RAP, it checks whether it is able to support the VLAN request. If yes, the RAP creates a bridge group and a sub-interface on its uplink Ethernet interface to support the VLAN request.

4. If the mesh access point is not able to support the VLAN request by its child, at any point, the mesh access point replies with a negative response. This response is propagated to downstream mesh access points until the mesh access point which requested the VLAN is reached.

5. Upon receiving the negative response from its parent, the requesting mesh access point defers the configuration of the VLAN. However, the configuration is stored for future attempts. As it is possible, given the dynamic nature of mesh, another parent and its uplink mesh access points, might be able to support it in the case of roaming or a CAPWAP reconnect.

Using the GUI to Enable Ethernet VLAN Tagging

You must enable Ethernet Bridging before you can configure VLAN tagging. Refer to the "Configuring Ethernet Bridging" procedure.

To enable VLAN tagging on a RAP or MAP using the GUI, follow these steps.


Step 1 After enabling Ethernet Bridging, click Wireless > All APs.

Step 2 Click the AP name link of the mesh access point on which you want to enable VLAN tagging.

Step 3 At the details window, select the Mesh tab. (See Figure 66.)

Figure 66 All APs > Details for (Mesh) Window

Step 4 Click the Ethernet Bridging check box to enable the feature and click Apply.

An Ethernet Bridging section appears at the bottom of the window listing each of the four Ethernet port of the mesh access point.An Ethernet Bridging section appears at the bottom of the window listing each of the four Ethernet port of the mesh access point.

1. If configuring a MAP access port, click gigabitEthernet1 (port 1-PoE out).

a. Select access from the mode drop-down menu. (See Figure 67.)

b. Enter a VLAN ID. The VLAN ID can be any value between 1 and 4095.

c. Click Apply.


Note VLAN ID 1 is not reserved as the default VLAN.



Note A maximum of 16 VLANs in total are supported across all of a RAP's subordinate MAPs.


Figure 67 VLAN Access Mode

2. If configuring a RAP or MAP trunk port, click gigabitEthernet0 (port 0-PoE in).

a. Select trunk from the mode drop-down menu. (See Figure 68.)

b. Enter a native VLAN ID for incoming traffic. The native VLAN ID can be any value between 1 and 4095. Do not assign any value assigned to a user-VLAN (access).

c. Click Apply.

A trunk VLAN ID field and a summary of configured VLANs appears at the bottom of the screen. The trunk VLAN ID field is for outgoing packets.

d. Enter a trunk VLAN ID for outgoing packets:

If forwarding untagged packets, do not change the default trunk VLAN ID value of zero. (MAP-to-MAP bridging, campus environment)

If forwarding tagged packets, enter a VLAN ID (1 to 4095) that is not already assigned. (RAP to switch on wired network).

e. Click Add to add the trunk VLAN ID to the allowed VLAN list. The newly added VLAN displays under the Configured VLANs section on the window.


Note To remove a VLAN from the list, select the Remove option from the arrow drop-down to the right of the desired VLAN.


Figure 68 All APs > AP > VLAN Mappings Window

Step 5 Click Apply.

Step 6 Click Save Configuration to save your changes.


Using the CLI to Configure Ethernet VLAN Tagging

To configure a MAP access port, enter this command:

config ap ethernet 1 mode access enable AP1520-MAP 50

where AP1520-MAP is the variable AP_name and 50 is the variable access_vlan ID

To configure a RAP or MAP trunk port, enter this command:

config ap ethernet 0 mode trunk enable AP1520-MAP 60

where AP1520-MAP is the variable AP_name and 60 is the variable native_vlan ID

To add a VLAN to the VLAN allowed list of the native VLAN, enter this command:

config ap ethernet 0 mode trunk add AP1522-MAP3 65

where AP1522-MAP 3 is the variable AP_name and 65 is the variable vlan ID

Using the CLI to View Ethernet VLAN Tagging Configuration Details

To view VLAN configuration details for Ethernet interfaces on a specific mesh access point (AP Name) or all mesh access points (summary), enter one of the following commands:

To see if VLAN transparent mode is enabled or disabled, enter the following command:

Client Roaming

High-speed roaming of Cisco Compatible Extension (CX), version 4 (v4) clients is supported at speeds up to 70 mph in outdoor mesh deployments of AP1522s and AP1524s. An example application might be maintaining communication with a terminal in an emergency vehicle as it moves within a mesh public network.

Three Cisco CX v4 Layer 2 client roaming enhancements are supported:

Access point assisted roaming—This feature helps clients save scanning time. When a Cisco CX v4 client associates to an access point, it sends an information packet to the new access point listing the characteristics of its previous access point. Roaming time decreases when the client recognizes and uses an access point list built by compiling all previous access points to which each client was associated and sent (unicast) to the client immediately after association. The access point list contains the channels, BSSIDs of neighbor access points that support the client's current SSID(s), and time elapsed since disassociation.

Enhanced neighbor list—This feature focuses on improving a Cisco CX v4 client's roam experience and network edge performance, especially when servicing voice applications. The access point provides its associated client information about its neighbors using a neighbor-list update unicast message.

Roam reason report—This feature enables Cisco CX v4 clients to report the reason why they roamed to a new access point. It also allows network administrators to build and monitor a roam history.


Note Client roaming is enabled by default.


Configuring Voice Parameters in Indoor Mesh Networks

You can configure call admission control (CAC) and QoS on the controller to manage voice and video quality on the mesh network.

The indoor mesh access points (1130 and 1240) are 802.11e capable, and QoS is supported on the local 2.4-GHz access radio and the 5-GHz backhaul radio. CAC is supported on the backhaul and the CCXv4 clients (which provides CAC between the mesh access point and the client).


Note Voice is only supported on indoor mesh networks.


CAC

CAC enables a mesh access point to maintain controlled quality of service (QoS) when the wireless LAN is experiencing congestion. The Wi-Fi Multimedia (WMM) protocol deployed in CCXv3 ensures sufficient QoS as long as the wireless LAN is not congested. However, in order to maintain QoS under differing network loads, CAC in CCXv4 or later is required.


Note CAC is supported in Cisco Compatible Extensions (CCX) v4 or later. Refer to Chapter 6 of the Cisco Wireless LAN Controller Configuration Guide, Release 5.2 at: http://www.cisco.com/en/US/products/ps6366/products_installation_and_configuration_guides_list.html


Two types of CAC are available for access points: bandwidth-based CAC and load-based CAC. All calls on a mesh network are bandwidth-based, so mesh access points use only bandwidth-based CAC.

Bandwidth-based, or static CAC enables the client to specify how much bandwidth or shared medium time is required to accept a new call. Each access point determines whether it is capable of accommodating a particular call by looking at the bandwidth available and compares it against the bandwidth required for the call. If there is not enough bandwidth available to maintain the maximum allowed number of calls with acceptable quality, the mesh access point rejects the call.

QoS and DSCP Marking

Cisco supports 802.11e on the local access and on the backhaul. Mesh access points prioritize user traffic based on classification, and therefore all user traffic is treated on a best-effort basis.

Resources available to users of the mesh vary, according to the location within the mesh, and a configuration that provides bandwidth limitation in one point of the network can result in oversubscription in other parts of the network.

Similarly, limiting clients on their percentage of RF is not suitable for mesh clients. The limiting resource is not the client WLAN, but the resources available on the mesh backhaul.

Similar to wired Ethernet networks, 802.11 WLANs employ Carrier Sense Multiple Access (CSMA), but instead of using collision detection (CD), WLANs use collision avoidance (CA). This means that instead of each station trying to transmit as soon as the medium is free, WLAN devices will use a collision avoidance mechanism to prevent multiple stations from transmitting at the same time.

The collision avoidance mechanism uses two values, called CWmin and CWmax. CW stands for contention window. The CW determines what additional amount of time an endpoint should wait, after the interframe space (IFS), to attend to transmit a packet. Enhanced distributed coordination function (EDCF) is a model that allows end devices that have delay-sensitive multi-media traffic to modify their CWmin and CWmax values to allow for statically greater (and more frequent) access to the medium.

Cisco access points support EDCF-like QoS. This provides up to eight queues for QoS.

These queues can be allocated in several different ways:

Based on TOS / DiffServ settings of packets

Based on Layer 2 or Layer 3 access lists

Based on VLAN

Based on dynamic registration of devices (IP phones)

AP1520s, in conjunction with Cisco controllers, provides a minimal integrated services capability at the controller, in which client streams have maximum bandwidth caps, and a more robust differentiated services (diffServ) capability based on the IP DSCP values and QoS WLAN overrides.

When the queue capacity has been reached, additional frames are dropped (tail drop).

Encapsulations

There are several encapsulations used by the mesh system. These include CAPWAP control and data between the controller and RAP, over the mesh backhaul, and between the mesh access point and its client(s). The encapsulation of bridging traffic (non-controller traffic from a LAN) over the backhaul is the same as the encapsulation of CAPWAP data.

There are two encapsulations between the controller and the RAP. The first is for CAPWAP control, and the second for CAPWAP data. In the control instance, CAPWAP is used as a container for control information and directives. In the instance of CAPWAP data, the entire packet, including the Ethernet and IP headers, is sent in the CAPWAP container. (See Figure 69.)

Figure 69 Encapsulations

For the backhaul, there is only one type of encapsulation, encapsulating MESH traffic. However, two types of traffic are encapsulated: bridging traffic and CAPWAP control and data traffic. Both types of traffic are encapsulated in a proprietary mesh header.

In the case of bridging traffic, the entire packet Ethernet frame is encapsulated in the mesh header (See Figure 70).

All backhaul frames are treated identically, regardless of whether they are MAP to MAP, RAP to MAP, or MAP to RAP.

Figure 70 Encapsulating Mesh Traffic

Queuing on the Mesh Access Point

The mesh access point uses a high speed CPU to process ingress frames, Ethernet, and wireless on a first-come first-serve basis. These are queued for transmission to the appropriate output device, either Ethernet or wireless. Egress frames can be destined for either the 802.11 client network, the 802.11 backhaul network, or Ethernet.

AP1520s support four FIFOs for wireless client transmissions. These FIFOs correspond to the 802.11e platinum, gold, silver, and bronze queues, and obey the 802.11e transmission rules for those queues. The FIFOs have a user configurable queue depth.

Likewise, the backhaul (frames destined for another outdoor mesh access point) uses four FIFOs, though user traffic is limited to gold, silver, and bronze. The platinum queue is used exclusively for CAPWAP control traffic and Voice, and has been reworked from the standard 802.11e parameters for CWmin, CWmax, and so on, to provide more robust transmission but higher latencies.

Similarly, the 802.11e parameters for CWmin, CWmax, and so on, for the gold queue have been reworked to provide lower latency at the expense of slightly higher error rate and aggressiveness. The purpose of these changes is to provide a channel more conducive to video applications.

Frames destined for Ethernet are queued as FIFO, up to the maximum available transmit buffer pool (256 frames). There is a support for Layer 3 IP Differentiated Services Code Point (DSCP), so marking of the packets is there as well.

In the controller to RAP path for the data traffic, the outer DSCP value is set to the DSCP value of the incoming IP frame. If the interface is in tagged mode, the controller sets the 802.1Q VLAN ID, and derives the 802.1p UP (outer) from 802.1p UP incoming and the WLAN default priority ceiling. Frames with VLAN ID 0 are not tagged (See Figure 71).

Figure 71 Controller to RAP Path

For CAPWAP control traffic the IP DSCP value is set to 46, and the 802.1p user priority is set to 7. Prior to transmission of a wireless frame over the backhaul, regardless of node pairing (RAP/MAP) or direction, the DSCP value in the outer header is used to determine a backhaul priority. The following sections describe the mapping between the four backhaul queues the mesh access point uses and the DSCP values shown in Backhaul Path QoS (Table 16).

Table 16 Backhaul Path QoS

DSCP Value
Backhaul Queue

2, 4, 6, 8 to 23

Bronze

26, 32 to 63

Gold

46 to 56

Platinum

All others including 0

Silver



Note The platinum backhaul queue is reserved for CAPWAP control traffic, IP control traffic, and voice packets. DHCP, DNS and ARP requests are also transmitted at the platinum QoS level. The mesh software inspects each frame to determine whether it is an CAPWAP control or IP control frame in order to protect the platinum queue from use by non-CAPWAP applications.


For a MAP to the client path, there are two different procedures, depending on whether the client is a WMM client or a normal client. If the client is a WMM client, the DSCP value in the outer frame is examined, and the 802.11e priority queue is used (Table 17).

Table 17 MAP to Client Path QoS

DSCP Value
Backhaul Queue

2, 4, 6, 8 to 23

Bronze

26, 32 to 45, 47

Gold

46, 48 to 63

Platinum

All others including 0

Silver


If the client is not a WMM client, the WLAN override (as configured at the controller) determines the 802.11e queue (bronze, gold, platinum, or silver), on which the packet is transmitted.

For client towards mesh access point, there are modifications made to incoming client frames in preparation for transmission on the mesh backhaul or Ethernet. For WMM clients, MAP illustrates the way in which the outer DSCP value is set from an incoming WMM client frame.

Figure 72 MAP to RAP Path

The minimum of the incoming 802.11e user priority and the WLAN override priority is translated using the information listed in Table 18 to determine the DSCP value of the IP frame. For example, if the incoming frame has as its value a priority indicating the gold priority, but the WLAN is configured for silver priority, the minimum priority of silver is used to determine the DSCP value.

Table 18 DSCP to Backhaul Queue Mapping

DSCP Value
802.11e UP
Backhaul Queue
Packet Types

2, 4, 6, 8 to 23

1, 2

Bronze

Lowest priority packets, if any

26, 32 to 34

4, 5

Gold

Video packets

46 to 56

6, 7

Platinum

CAPWAP control, AWPP, DHCP/DNS, ARP packets, voice packets

All others including 0

0, 3

Silver

Best effort, CAPWAP data packets


In the event that there is no incoming WMM priority, the default WLAN priority is used to generate the DSCP value in the outer header. In the event that the frame is an originated CAPWAP control frame, the DSCP value of 46 is placed in the outer header.

With the 5.2 code enhancements, DSCP information is preserved in AWPP header.

All wired client traffic is restricted to a maximum 802.1p UP value of 5, except DHCP/DNS and ARP packets, which goes through the platinum queue.

The non-WMM wireless client traffic gets the default QoS priority of its WLAN. While, the WMM wireless client traffic may have maximum 802.11e value of 6, but they must be below the QoS profile configured for its WLAN. If admission control is configured, WMM clients must use TSPEC signaling and get admitted by CAC.

The CAPWAPP data traffic carries wireless client traffic and hence has the same priority and treatment as wireless client traffic.

Now that the DSCP value is determined, the rules described earlier for the backhaul path from RAP to MAP are used to further determine the backhaul queue on which the frame is transmitted. Frames transmitted from the RAP to the controller are not tagged. The outer DSCP values are left intact, as they were first constructed.

Bridging Backhaul Packets

Bridging services are treated a little differently from regular controller-based services. There is no outer DSCP value in bridging packets because they are not CAPWAP encapsulated. Therefore, the DSCP value in the IP header as it was received by the mesh access point is used to index into the table as described in the path from mesh access point to mesh access point (backhaul).

Bridging Packets from and to a LAN

Packets received from a station on a LAN are not modified in any way. There is no override value for the LAN priority. Therefore, in bridging mode the LAN must be properly secured. The only protection offered to the mesh backhaul is that non-CAPWAP control frames that map to the platinum queue are demoted to the gold queue.

Packets are transmitted to the LAN precisely as they are received on the Ethernet ingress at entry to the mesh.

The only way to integrate QoS between Ethernet ports on AP1520 and 802.11a is by tagging Ethernet packets with DSCP. AP1520s will take the Ethernet packet with DSCP and place it in the appropriate 802.11e queue.

AP1520s do not tag DSCP itself:

On the ingress port, the 1520 sees a DSCP tag and encapsulates the Ethernet frame and apply the corresponding 802.11e priority.

On the egress port, the AP1520 decapsulates the Ethernet frame and places it on the wire with an untouched DSCP field.

Ethernet devices such as video cameras, should have the capability to mark the bits with DSCP value to take advantage of QoS.


Note QoS only is relevant when there is congestion on the network.


Guidelines For Using Voice On The Mesh Network

Voice is only supported on indoor mesh access points, 1130 and 1240.

When voice is operating on a mesh network, calls must not traverse more than two hops.

Each sector must be configured to require no more than two hops for voice.

RF considerations for voice networks:

Coverage hole of 2 to 10 percent

Cell coverage overlap of 15 to 20 percent

RSSI and SNR values that are at least 15 dB higher than data requirements. For example, Cisco recommends an RSSI of -67 dBm for an 11 or 12 Mb/s link and an SNR of no more than 25 dB. Likewise, an RSSI of -56 dBm for a 56 Mb/s link is recommended with an SNR of no more than 40 dB.

An RSSI of -62 dBm is recommended on a 24 Mb/s 802.11a backhaul when universal access is configured and client traffic is present.

Packet error rate (PER) must be configured for a value of one percent or less.

Channel with the lowest utilization (CU) must be used. Check the CU when no traffic is running.

Radio resource manager (RRM) can be used to implement the recommended RSSI, PER, CU, cell coverage and coverage hole settings on the 802.11 b/g radio. RRM is not supported on the 802.11a radio.

On the 802.11a or 802.11b/g/n > Global parameters window:

Enable dynamic target power control (DTPC)

Disable all data rates less than 11 Mb/s

On the 802.11a or 802.11b/g/n > Voice parameters window:

Load-based CAC must be disabled

Enable admission control (ACM) for CCXv4 or v5 clients that have WMM enabled. Otherwise, bandwidth-based CAC does not operate properly.

Set the maximum RF bandwidth to 50%

Set the reserved roaming bandwidth to 6%

Enable traffic stream metrics

On the 802.11a or 802.11b/g/n > EDCA parameters window:

Set the EDCA profile for the interface as voice optimized

Disable low latency MAC

On the QoS > Profile window:

Create a voice profile and select 802.1q as the wired QoS protocol type

On the WLANs > Edit > QoS window:

Select a QoS of platinum for voice and gold for video on the backhaul

Select allowed as the WMM policy

On the WLANs > Edit > QoS window:

Select CCKM for authorization (auth) key management (mgmt) if you want to support fast roaming. Refer to the "Client Roaming" section.

On the x > y window:

Disable voice active detection (VAD)

Voice Call Support in a Mesh Network

Table 19 lists a projected minimum and maximum of voice calls supported by radio type and mesh access point role (RAP or MAP) for planning purposes.

Table 19 Theoretical Voice Call Support on a Mesh Network  

Mesh Access Point Role
Radio
Minimum Calls Supported 1
Maximum Calls Supported 2

RAP

802.11a

14

18

 

802.11b/g/n

14

18

MAP1

802.11a

6

9

 

802.11b/g/n

11

18

MAP2

802.11a

4

7

 

802.11b/g/n

5

9

1 Bandwidth of 855 Mb/s with 50% of the bandwidth reserved for voice calls.

2 Bandwidth of 1076 Mb/s with 50% of the bandwidth reserved for voice calls.


show

Table 20 Actual Calls Possible In A Clean Ideal Environment1

No of calls
802.11a radio
802.11b radio

RAP

12

12

MAP1

7

10

MAP2

4

8

1 Traffic was bidirectional 64K voice flows. VoCoder type: G.711, PER <= 1%. Network setup was daisy-chained with no calls traversing more than 2 hops. No external interference.


While making a call, observe the MOS score of the call on the 7921 phone. A MOS score between 3.5 and 4 is acceptable.

Table 21 MOS Ratings

MOS rating
User satisfaction

> 4.3

Very satisfied

   4.0

Satisfied

   3.6

Some users dissatisfied

   3.1

Many users dissatisfied

< 2.58

      —


Using the CLI to View Voice Details for Mesh Networks

Use the commands in this section to view details on voice and video calls on the mesh network.


Note Refer to Figure 73 when using the CLI commands and viewing their output.


Figure 73 Mesh Network Example

To view the total number of voice calls and the bandwidth used for voice calls on each RAP, enter this command:

show mesh cac summary

Information similar to the following appears:

 
   
AP Name          Slot#   Radio  BW Used/Max  Calls
------------    -------  -----  -----------  -----
SB_RAP1              0   11b/g     0/23437    0
                     1   11a       0/23437    2
SB_MAP1              0   11b/g     0/23437    0
                     1   11a       0/23437    0
SB_MAP2              0   11b/g     0/23437    0
                     1   11a       0/23437    0
SB_MAP3              0   11b/g     0/23437    0
                     1   11a      0/23437    0 

To view the mesh tree topology for the network and the bandwidth utilization (used/maximum available) of voice calls and video links for each mesh access point and radio, enter this command:

show mesh cac bwused {voice | video} AP_name

Information similar to the following appears:

AP Name       Slot#    Radio      BW Used/Max
------------- -------  -----      -----------
SB_RAP1         0      11b/g       1016/23437
                1      11a         3048/23437
|SB_MAP1        0      11b/g       0/23437
                1      11a         3048/23437
||  SB_MAP2     0      11b/g       2032/23437
                1      11a         3048/23437
||| SB_MAP3     0      11b/g       0/23437
                1      11a         0/23437

Note The bars (|) to the left of the AP Name field indicate the number of hops that the MAP is from its RAP.



Note When the radio type is the same, the backhaul bandwidth utilization (bw used/max) at each hop is identical. For example, mesh access points map1, map2, map3, and rap1 are all on the same radio backhaul (802.11a) and are using the same bandwidth (3048). All of the calls are in the same interference domain. A call placed anywhere in that domain affects the others.


To view the mesh tree topology for the network and display the number of voice calls that are in progress by mesh access point radio, enter this command:

show mesh cac access AP_name

Information similar to the following appears:
 
   
AP Name             Slot#   Radio     Calls
-------------      -------  -----    -----
SB_RAP1              0      11b/g      0
                     1      11a        0
|   SB_MAP1          0      11b/g      0
                     1      11a        0
||  SB_MAP2          0      11b/g      1
                     1      11a        0
||| SB_MAP3          0      11b/g      0
                     1      11a        0
 
   

Note Each call received by a mesh access point radio causes the appropriate calls summary column to increment by one. For example, if a call is received on the 802.11b/g radio on map2, then a value of one is added to the existing value in that radio's calls column. In this case, the new call is the only active call on the 802.11b/g radio of map2. If one call is active when a new call is received, the resulting value is two.


To view the mesh tree topology for the network and display the voice calls that are in progress, enter this command:

show mesh cac callpath AP_name

Information similar to the following appears:
 
   
AP Name             Slot#   Radio     Calls
-------------      -------  -----    -----
SB_RAP1              0      11b/g      0
                     1      11a        1
|   SB_MAP1          0      11b/g      0      
                     1      11a        1
||  SB_MAP2          0      11b/g      1
                     1      11a        1
||| SB_MAP3          0      11b/g      0
                     1      11a        0
 
   

Note The calls column for each mesh access point radio in a call path increments by one. For example, for a call that initiates at map2 (show mesh cac call path SB_MAP2) and terminates at rap1 by way of map1, one call is added to the map2 802.11b/g and 802.11a radio calls column, one call to the map1 802.11a backhaul radio calls column, and one call to the rap1 802.11a backhaul radio calls column.


To view the mesh tree topology of the network, the voice calls that are rejected at the mesh access point radio due to insufficient bandwidth, and the corresponding mesh access point radio where the rejection occurred, enter this command:

show mesh cac rejected AP_name

Information similar to the following appears:

 
   
AP Name             Slot#   Radio     Calls
-------------      -------  -----    -----
SB_RAP1              0      11b/g      0
                     1      11a        0
|   SB_MAP1          0      11b/g      0
                     1      11a        0
||  SB_MAP2          0      11b/g      1
                     1      11a        0
||| SB_MAP3          0      11b/g      0
                     1      11a        0
 
   

Note If a call is rejected at the map2 802.11b/g radio, its calls column increments by one.


To view the number of bronze, silver, gold, platinum, and management queues active on the specified access point. The peak and average length of each queue are shown as well as the overflow count.

show mesh queue-stats AP_name

Information similar to the following appears:

Queue Type  Overflows  Peak length  Average length
 ----------  ---------  -----------  --------------
 Silver      0          1            0.000
 Gold        0          4            0.004
 Platinum    0          4            0.001
 Bronze      0          0            0.000
 Management  0          0            0.000
 
   

OverflowsThe total number of packets dropped due to queue overflow.

Peak LengthThe peak number of packets waiting in the queue during the defined statistics time interval.

Average LengthThe average number of packets waiting in the queue during the defined statistics time interval.

Enabling Mesh Multicast Containment for Video

You can use the controller CLI to configure three mesh multicast modes to manage video camera broadcasts on all mesh access points. When enabled, these modes reduce unnecessary multicast transmissions within the mesh network and conserve backhaul bandwidth.

Mesh multicast modes determine how bridging-enabled access points MAPs and RAPs send multicasts among Ethernet LANs within a mesh network. Mesh multicast modes manage non-CAPWAP multicast traffic only. CAPWAP multicast traffic is governed by a different mechanism.

The three mesh multicast modes are:

Regular modeData is multicast across the entire mesh network and all its segments by bridging-enabled RAPs and MAPs.

In modeMulticast packets received from the Ethernet by a MAP are forwarded to the RAP's Ethernet network. No additional forwarding occurs, which ensures that non-CAPWAP multicasts received by the RAP are not sent back to the MAP Ethernet networks within the mesh network (their point of origin), and MAP to MAP multicasts do not occur because they are filtered out.

In mode is the default mode.


Note When an HSRP configuration is in operation on a mesh network, Cisco recommends the In-Out multicast mode be configured.


In-out modeThe RAP and MAP both multicast but in a different manner:

If multicast packets are received at a MAP over Ethernet, they are sent to the RAP; however, they are not sent to other MAP over Ethernet, and the MAP to MAP packets are filtered out of the multicast.

If multicast packets are received at a RAP over Ethernet, they are sent to all the MAPs and their respective Ethernet networks. When the in-out mode is in operation, it is important to properly partition your network to ensure that a multicast sent by one RAP is not received by another RAP on the same Ethernet segment and then sent back into the network.


Note If 802.11b clients need to receive CAPWAP multicasts, then multicast must be enabled globally on the controller as well as on the mesh network (using the config network multicast global enable CLI command). If multicast does not need to extend to 802.11b clients beyond the mesh network, the global multicast parameter should be disabled (using the config network multicast global disable CLI command).


Using the CLI to Enable Multicast on the Mesh Network

To enable multicast mode on the mesh network to receive multicasts from beyond the mesh networks, enter these commands:

config network multicast global enable

config mesh multicast {regular | in | in-out}

To enable multicast mode only the mesh network (multicasts do not need to extend to 802.11b clients beyond the mesh network), enter these commands:

config network multicast global disable

config mesh multicast {regular | in | in-out}


Note Multicast for mesh networks cannot be enabled using the controller GUI.


IGMP Snooping

IGMP snooping delivers improved RF usage through selective multicast forwarding, and optimizes packet forwarding in voice and video applications.

A mesh access point transmits multicast packets only if a client is associated with the mesh access point that is subscribed to the multicast group. So, when IGMP snooping is enabled, only that multicast traffic relevant to given hosts is forwarded.

To enable IGMP snooping on the controller, enter:

configure network multicast igmp snooping enable

A client sends an IGMP join which travels through the mesh access point to the controller. The controller intercepts the join and creates a table entry for the client in the multicast group. The controller then proxies the IGMP join through the upstream switch or router.

You can query the status of the IGMP groups on a router by entering the following command:

router# show ip gmp groups
IGMP Connected Group Membership
 
   
Group Address    Interface   Uptime  Expires    Last Reporter
233.0.0.1        Vlan119     3w1d    00:01:52   10.1.1.130
 
   

In the case of layer 3 roaming, an IGMP query is sent to the client's WLAN. The controller modifies the client's response before forwarding, and changes the source IP address to the controller's dynamic interface IP address.

The network hears the controller's request for the multicast group and forwards the multicast to the new controller.

Checking the Health of the Network

Show Mesh Commands

The show mesh commands are grouped under the following headings:

Viewing General Mesh Network Details

Viewing Mesh Access Point Details

Viewing Public Safety Setting

Viewing Security Settings and Statistics

To view a summary of possible show mesh commands, enter this command:

(Cisco Controller) >show mesh ?   
               
env            Show mesh environment.
backhaul       Show mesh AP backhaul info.
neigh          Show AP neigh list.
path           Show AP path.
astools        show mesh astools list
stats          Show AP stats.
secbh-stats    Show Mesh AP secondary backhaul stats.
per-stats      Show AP Neighbor Packet Error Rate stats.
queue-stats    Show AP local queue stats.
security-stats Show AP security stats.
ap             Show mesh ap summary
config         Show mesh configurations.
secondary-backhaul Show mesh secondary-backhaul
ids-state      Show mesh ids-state
client-access  Show mesh backhaul with client access.
public-safety  Show mesh public safety.
background-scanning Show mesh background-scanning state.
cac            Show mesh cac.

Viewing General Mesh Network Details

show mesh env {summary | AP_name}Shows the temperature, heater status, and Ethernet status for either all access points (summary) or a specific access point (AP_name). The access point name, role (RootAP or MeshAP), and model are also shown.

The temperature is shown in both Fahrenheit and Celsius.

The heater status is ON or OFF.

The Ethernet status is UP or DOWN.


Note Battery status appears as N/A (not applicable) in the show mesh env AP_name status display because it is not provided for access points.


controller > show mesh env summary
 
   
AP Name             Temperature(C/F)  Heater  Ethernet  Battery
------------------  ----------------  ------  --------  -------
SB_RAP1              39/102           OFF     UpDnNANA  N/A
SB_MAP1              37/98            OFF     DnDnNANA  N/A
SB_MAP2              42/107           OFF     DnDnNANA  N/A
SB_MAP3              36/96            OFF     DnDnNANA  N/A
 
   
controller >show mesh env SB_RAP1
AP Name.......................................... SB_RAP1
AP Model......................................... AIR-LAP1522AG-A-K9
AP Role.......................................... RootAP
 
   
Temperature...................................... 39 C, 102 F
Heater........................................... OFF
Backhaul......................................... GigabitEthernet0
GigabitEthernet0 Status.......................... UP
    Duplex....................................... FULL
    Speed........................................ 100
    Rx Unicast Packets........................... 988175
    Rx Non-Unicast Packets....................... 8563
    Tx Unicast Packets........................... 106420
    Tx Non-Unicast Packets....................... 17122
GigabitEthernet1 Status.......................... DOWN
POE Out........................................ OFF
Battery.......................................... N/A
 
   

show mesh ap summary: Revised to show the CERT MAC field which shows a MAC address within an AP certificate that can be used to assign a username for external authentication.

(Cisco Controller) >show mesh ap summary
AP Name AP Model           BVI MAC            CERT MAC          Hop Bridge Group Name
------- ---------------    -----------------  ---------------- ---- -----------------
R1      LAP1520            00:0b:85:63:8a:10  00:0b:85:63:8a:10 0    y1
R2      LAP1520            00:0b:85:7b:c1:e0  00:0b:85:7b:c1:e0 1    y1
H2      AIR-LAP1522AG-A-K9 00:1a:a2:ff:f9:00  00:1b:d4:a6:f4:60 1
Number of Mesh APs............................... 3
Number of RAPs................................... 2
Number of MAPs................................... 1
 
   

show mesh path-Displays MAC Addresses, access point role, SNR ratios (dBs) for uplink and downlink (SNRUp, SNRDown) and link SNR for a particular path.

(Cisco Controller) >show mesh path mesh-45-rap1
AP Name/Radio Mac Channel Snr-Up Snr-Down Link-Snr Flags State
----------------- ------- ------ -------- -------- ------ -------
mesh-45-rap1      165     15     18       16       0x86b UPDATED NEIGH PARENT BEACON
mesh-45-rap1 is a Root AP.
 
   

show mesh neighbor summary-Displays summary information about mesh neighbors. Neighbor information includes MAC addresses, parent-child relationships, and uplink and downlink (SNRUp, SNRDown).

(Cisco Controller) >show mesh neighbor summary ap1500:62:39:70
AP Name/Radio Mac Channel Snr-Up Snr-Down Link-Snr Flags  State
mesh-45-rap1      165     15     18       16       0x86b  UPDATED NEIGH PARENT BEACON
00:0B:85:80:ED:D0 149     5      6        5        0x1a60 NEED UPDATE BEACON DEFAULT
00:17:94:FE:C3:5F 149     7      0        0        0x860  BEACON

Note After review of the show mesh... commands above, you should be able to see the relationships between the nodes of your network and verify the RF connectivity by seeing the SNR values for every link.


show mesh ap tree: Displays mesh access points within a tree structure (hierarchy).

(Cisco Controller) >show mesh ap tree
R1(0,y1)
|-R2(1,y1)
|-R6(2,y1)
|-H2(1,default)
Number of Mesh APs............................... 4
Number of RAPs................................... 1
Number of MAPs................................... 3

Viewing Mesh Access Point Details

To view a mesh access point's configuration, enter these commands:

show ap config general Cisco_AP-Displays system specifications for a mesh access point.

(Cisco Controller) > show ap config general aps
Cisco AP Identifier.............................. 1
Cisco AP Name.................................... AP5
Country code..................................... US  - United States
Regulatory Domain allowed by Country............. 802.11bg:-AB    802.11a:-AB
AP Country code.................................. US  - United States
AP Regulatory Domain............................. 802.11bg:-A    802.11a:-N
Switch Port Number .............................. 1
MAC Address...................................... 00:13:80:60:48:3e
IP Address Configuration......................... DHCP
IP Address....................................... 1.100.163.133
...
Primary Cisco Switch Name........................ 1-4404
Primary Cisco Switch IP Address.................. 2.2.2.2
Secondary Cisco Switch Name...................... 1-4404
Secondary Cisco Switch IP Address................ 2.2.2.2
Tertiary Cisco Switch Name....................... 2-4404
Tertiary Cisco Switch IP Address................. 1.1.1.4
 
   

show mesh astools stats [Cisco_AP] -Displays anti-stranding statistics for all outdoor mesh access points or a specific mesh access point.

(Cisco Controller) > show mesh astools stats
 
   
Total No of Aps stranded : 0
> (Cisco Controller) > show mesh astools stats sb_map1
 
   
Total No of Aps stranded : 0
 
   

show advanced backup-controller-Displays configured primary and secondary backup controllers.

(Cisco Controller) > show advanced backup-controller
AP primary Backup Controller .................... controller1 10.10.10.10
AP secondary Backup Controller ............... 0.0.0.0 

show advanced timers-Displays setting for system timers.

(Cisco Controller) > show advanced timer
Authentication Response Timeout (seconds)........ 10
Rogue Entry Timeout (seconds).................... 1300
AP Heart Beat Timeout (seconds).................. 30
AP Discovery Timeout (seconds)................... 10
AP Primary Discovery Timeout (seconds)........... 120
 
   

show ap slots-Displays slot information for mesh access points.

(Cisco Controller) > show ap slots
Number of APs.................................... 3
AP Name Slots AP Model            Slot0    Slot1   Slot2    Slot3
--------------------------------  ------  -------  ------   ------
R1       2    LAP1520            802.11A  802.11BG
H1       3    AIR-LAP1521AG-A-K9 802.11BG 802.11A  802.11A
H2       4    AIR-LAP1521AG-A-K9 802.11BG 802.11A  802.11A 802.11BG

Viewing Global Mesh Parameter Settings

Use this command to obtain information on global mesh settings:

show mesh config-Displays global mesh configuration settings.

(Cisco Controller) > show mesh config
Mesh Range....................................... 12000
Backhaul with client access status............... disabled
Background Scanning State........................ enabled
Mesh Security
Security Mode................................. EAP
External-Auth................................. disabled
Use MAC Filter in External AAA server......... disabled
Force External Authentication................. disabled
Mesh Alarm Criteria
Max Hop Count................................. 4
Recommended Max Children for MAP.............. 10
Recommended Max Children for RAP.............. 20
Low Link SNR.................................. 12
High Link SNR................................. 60
Max Association Number........................ 10
Association Interval.......................... 60 minutes
Parent Change Numbers......................... 3
Parent Change Interval........................ 60 minutes
Mesh Multicast Mode.............................. In-Out
Mesh Full Sector DFS............................. enabled
Mesh Ethernet Bridging VLAN Transparent Mode..... enabled
 
   

Viewing Bridge Group Settings

show mesh forwarding table—Shows all configured bridges and their MAC table entries.

show mesh forwarding interfaces—Displays bridge groups and the interfaces within each bridge group. Useful for troubleshooting bridge group membership.

Viewing VLAN Tagging Settings

show mesh forwarding vlan mode—Shows the configured VLAN Transparent mode (enabled or disabled).

show mesh forwarding vlan statistics—Displays statistics for the VLAN and the path.

show mesh forwarding vlans—Displays supported VLANs.

show mesh ethernet vlan statistics—Displays statistics for the Ethernet interface.

Viewing DFS Details

show mesh dfs history-Displays a history of radar detections by channels and resulting outages.

(Cisco Controller) > show mesh dfs history
ap1520#show mesh dfs history
Channel 100 detects radar and is unusable (Time Elapsed: 18 day(s), 22 hour(s), 10 
minute(s), 24 second(s)).
Channel is set to 136 (Time Elapsed: 18 day(s), 22 hour(s), 10 minute(s), 24 
second(s)).
Channel 136 detects radar and is unusable (Time Elapsed: 18 day(s), 22 hour(s), 9 
minute(s), 14 second(s)).
Channel is set to 161 (Time Elapsed: 18 day(s), 22 hour(s), 9 minute(s), 14 
second(s)).
Channel 100 becomes usable (Time Elapsed: 18 day(s), 21 hour(s), 40 minute(s), 24 
second(s)).
Channel 136 becomes usable (Time Elapsed: 18 day(s), 21 hour(s), 39 minute(s), 14 
second(s)).
Channel 64 detects radar and is unusable (Time Elapsed: 0 day(s), 1 hour(s), 20 
minute(s), 52 second(s)).
Channel 104 detects radar and is unusable (Time Elapsed: 0 day(s), 0 hour(s), 47 
minute(s), 6 second(s)).
Channel is set to 120 (Time Elapsed: 0 day(s), 0 hour(s), 47 minute(s), 6 second(s)).
 
   

show mesh dfs channel channel number-Displays a history of radar detections and outages for a specified channel

(Cisco Controller) > show mesh dfs channel 104
ap1520#show mesh dfs channel 104
Channel 104 is available
Time elapsed since radar last detected: 0 day(s), 0 hour(s), 48 minute(s), 11 
second(s).

Viewing Public Safety Setting

show mesh public-safety-Verifies that the 4.8-GHz public safety band is enabled.

(Cisco controller) show mesh public-safety
Global Public Safety status: enabled

Viewing Security Settings and Statistics

show mesh security-stats AP_name—Shows packet error statistics and a count of failures, timeouts, and successes with respect to associations and authentications as well as reassociations and reauthentications for the specified access point and its child.

(Cisco controller) > show mesh security-stats ap417
 
   
AP MAC : 00:0B:85:5F:FA:F0
Packet/Error Statistics:
-----------------------------
Tx Packets 14, Rx Packets 19, Rx Error Packets 0
Parent-Side Statistics:
--------------------------
Unknown Association Requests 0
Invalid Association Requests 0
Unknown Re-Authentication Requests 0
Invalid Re-Authentication Requests 0
Unknown Re-Association Requests 0
Invalid Re-Association Requests 0
Unknown Re-Association Requests 0
Invalid Re-Association Requests 0
Child-Side Statistics:
--------------------------
Association Failures 0
Association Timeouts 0
Association Successes 0
Authentication Failures 0
Authentication Timeouts 0
Authentication Successes 0
Re-Association Failures 0
Re-Association Timeouts 0
Re-Association Successes 0
Re-Authentication Failures 0
Re-Authentication Timeouts 0
Re-Authentication Successes 0

Viewing Mesh Statistics for a Mesh Access Point

This section explains how to use the controller GUI or CLI to view mesh statistics for specific mesh access points.


Note You can modify the Statistics Timer interval setting on the All APs > Details window of the controller GUI.


Using the GUI to View Mesh Statistics for a Mesh Access Point

To view mesh statistics for a specific mesh access point using the controller GUI, follow these steps.


Step 1 Click Wireless > Access Points > All APs to open the All APs window. (See Figure 74.)

Figure 74 All APs Window

Step 2 To view statistics for a specific mesh access point, hover your cursor over the blue drop-down arrow for the desired mesh access point and choose Statistics. The All APs > AP Name > Statistics window for the selected mesh access point appears. (See Figure 75.)

Figure 75 All APs > Access Point Name > Statistics Window

This window shows the role of the mesh access point in the mesh network, the name of the bridge group to which the mesh access point belongs, the backhaul interface on which the access point operates, and the number of the physical switch port. It also displays a variety of mesh statistics for this mesh access point. Table 22 describes each of the statistics.

Table 22 Mesh Access Point Statistics 

Statistics
Parameter
Description

Mesh Node Stats

Malformed Neighbor Packets

The number of malformed packets received from the neighbor. Examples of malformed packets include malicious floods of traffic such as malformed or short DNS packets and malformed DNS replies.

Poor Neighbor SNR Reporting

The number of times the signal-to-noise ratio falls below 12 dB on the backhaul link.

Excluded Packets

The number of packets received from excluded neighbor mesh access points.

Insufficient Memory Reporting

The number of insufficient memory conditions.

Rx Neighbor Requests

The number of broadcast and unicast requests received from the neighbor mesh access points.

Rx Neighbor Responses

The number of responses received from the neighbor mesh access points.

Tx Neighbor Requests

The number of unicast and broadcast requests sent to the neighbor mesh access points.

Tx Neighbor Responses

The number of responses sent to the neighbor mesh access points.

Parent Changes Count

The number of times a mesh access point (child) moves to another parent.

Neighbor Timeouts Count

The number of neighbor timeouts.

Queue Stats

Gold Queue

The average and peak number of packets waiting in the gold (video) queue during the defined statistics time interval.

Silver Queue

The average and peak number of packets waiting in the silver (best effort) queue during the defined statistics time interval.

Platinum Queue

The average and peak number of packets waiting in the platinum (voice) queue during the defined statistics time interval.

Bronze Queue

The average and peak number of packets waiting in the bronze (background) queue during the defined statistics time interval.

Management Queue

The average and peak number of packets waiting in the management queue during the defined statistics time interval.

Mesh Node Security Stats

Transmitted Packets

The number of packets transmitted during security negotiations by the selected mesh access point.

Received Packets

The number of packets received during security negotiations by the selected mesh access point.

Association Request Failures

The number of association request failures that occur between the selected mesh access point and its parent.

Association Request Timeouts

The number of association request timeouts that occur between the selected mesh access point and its parent.

Association Requests Successful

The number of successful association requests that occur between the selected mesh access point and its parent.

Authentication Request Failures

The number of failed authentication requests that occur between the selected mesh access point and its parent.

Authentication Request Timeouts

The number of authentication request timeouts that occur between the selected mesh access point and its parent.

Authentication Requests Successful

The number of successful authentication requests between the selected mesh access point and its parent.

Reassociation Request Failures

The number of failed reassociation requests between the selected mesh access point and its parent.

Reassociation Request Timeouts

The number of reassociation request timeouts between the selected mesh access point and its parent.

Reassociation Requests Successful

The number of successful reassociation requests between the selected mesh access point and its parent.

Reauthentication Request Failures

The number of failed reauthentication requests between the selected mesh access point and its parent.

Reauthentication Request Timeouts

The number of reauthentication request timeouts that occur between the selected mesh access point and its parent.

Reauthentication Requests Successful

The number of successful reauthentication requests that occur between the selected mesh access point and its parent.

Unknown Association Requests

The number of unknown association requests received by the parent mesh access point from its child. The unknown association requests often occur when a child is an unknown neighbor mesh access point.

Invalid Association Requests

The number of invalid association requests received by the parent mesh access point from the selected child mesh access point. This state may occur when the selected child is a valid neighbor but is not in a state that allows association.

Mesh Node Security Stats (continued)

Unknown Reauthentication Requests

The number of unknown reauthentication requests received by the parent mesh access point node from its child. This state may occur when a child mesh access point is an unknown neighbor.

Invalid Reauthentication Requests

The number of invalid reauthentication requests received by the parent mesh access point from a child. This state may occur when a child is a valid neighbor but is not in a proper state for reauthentication.

Unknown Reassociation Requests

The number of unknown reassociation requests received by the parent mesh access point from a child. This state may occur when a child mesh access point is an unknown neighbor.

Invalid Reassociation Requests

The number of invalid reassociation requests received by the parent mesh access point from a child. This state may occur when a child is a valid neighbor but is not in a proper state for reassociation.


Using the CLI to View Mesh Statistics for an Mesh Access Point

Use these commands to view mesh statistics for a specific mesh access point using the controller CLI.

To view packet error statistics; a count of failures, timeouts, and successes with respect to associations and authentications; and reassociations and reauthentications for a specific mesh access point, enter this command:

show mesh security-stats AP_name

Information similar to the following appears:

AP MAC : 00:0B:85:5F:FA:F0
Packet/Error Statistics:
-----------------------------
x Packets 14, Rx Packets 19, Rx Error Packets 0
 
   
Parent-Side Statistics:
--------------------------
Unknown Association Requests 0
Invalid Association Requests 0
Unknown Re-Authentication Requests 0
Invalid Re-Authentication Requests 0
Unknown Re-Association Requests 0
Invalid Re-Association Requests 0
Unknown Re-Association Requests 0
Invalid Re-Association Requests 0
 
   
Child-Side Statistics:
--------------------------
Association Failures 0
Association Timeouts 0
Association Successes 0
Authentication Failures 0
Authentication Timeouts 0
Authentication Successes 0
Re-Association Failures 0
Re-Association Timeouts 0
Re-Association Successes 0
Re-Authentication Failures 0
Re-Authentication Timeouts 0
Re-Authentication Successes 0 

To view the number of packets in the queue by type, enter this command:

show mesh queue-stats AP_name

Information similar to the following appears:

Queue Type  Overflows  Peak length  Average length
 ----------  ---------  -----------  --------------
 Silver      0          1            0.000
 Gold        0          4            0.004
 Platinum    0          4            0.001
 Bronze      0          0            0.000
 Management  0          0            0.000
 
   

OverflowsThe total number of packets dropped due to queue overflow.

Peak LengthThe peak number of packets waiting in the queue during the defined statistics time interval.

Average LengthThe average number of packets waiting in the queue during the defined statistics time interval.

Viewing Neighbor Statistics for an Mesh Access Point

This section explains how to use the controller GUI or CLI to view neighbor statistics for a selected mesh access point. It also describes how to run a link test between the selected mesh access point and its parent.

Using the GUI to View Neighbor Statistics for a Mesh Access Point

To view neighbor statistics for a specific mesh access point using the controller GUI, Follow these steps.


Step 1 Click Wireless > Access Points > All APs to open the All APs window. (See Figure 76.)

Figure 76 All APs Window

Step 2 To view neighbor statistics for a specific mesh access point, hover your cursor over the blue drop-down arrow for the desired mesh access point and choose Neighbor Information. The All APs > Access Point Name > Neighbor Info window for the selected mesh access point appears (see Figure 77).

Figure 77 All APs > Access Point Name > Neighbor Info Window

This window lists the parent, children, and neighbors of the mesh access point. It provides each mesh access point's name and radio MAC address.

Step 3 To perform a link test between the mesh access point and its parent or children, follow these steps:

a. Hover your cursor over the blue drop-down arrow of the parent or desired child and choose LinkTest. A pop-up window appears (see Figure 78).

Figure 78 Link Test Window

b. Click Submit to start the link test. The link test results appear on the Mesh > LinkTest Results window (see Figure 79).

Figure 79 Mesh > LinkTest Results Window

c. Click Back to return to the All APs > Access Point Name > Neighbor Info window.

Step 4 To view the details for any of the mesh access points on this window, follow these steps:

a. Hover your mouse over the blue drop-down arrow for the desired mesh access point and choose Details. The All APs > Access Point Name > Link Details > Neighbor Name window appears (see Figure 80).

Figure 80 All APs > Access Point Name > Link Details > Neighbor Name Window

b. Click Back to return to the All APs > Access Point Name > Neighbor Info window.

Step 5 To view statistics for any of the mesh access points on this window, follow these steps:

a. Hover your mouse over the blue drop-down arrow for the desired mesh access point and choose Stats. The All APs > Access Point Name > Mesh Neighbor Stats window appears (see Figure 81).

Figure 81 All APs > Access Point Name > Mesh Neighbor Stats Window

b. Click Back to return to the All APs > Access Point Name > Neighbor Info window.


Using the CLI to View Neighbor Statistics for a Mesh Access Point

Use these commands to view neighbor statistics for a specific mesh access point using the controller CLI.

To view the mesh neighbors for a specific mesh access point, enter this command:

show mesh neigh {detail | summary} AP_Name

Information similar to the following appears when you request a summary display:

AP Name/Radio Mac   Channel Snr-Up Snr-Down Link-Snr Flags 	State
-----------------  ------- ------ -------- -------- ------ 	-------
mesh-45-rap1       165     15     18       16       0x86b 		 UPDATED NEIGH PARENT BEACON
00:0B:85:80:ED:D0  149      5      6        5       0x1a60 	NEED UPDATE BEACON DEFAULT
00:17:94:FE:C3:5F  149 	  7      0         0 	 	  0x860    	 BEACON 

To view the channel and signal-to-noise ratio (SNR) details for a link between a mesh access point and its neighbor, enter this command:

show mesh path AP_Name

Information similar to the following appears:

AP Name/Radio Mac  Channel Snr-Up Snr-Down Link-Snr Flags 	State
-----------------  ------- ------ -------- -------- ------ 	-------
mesh-45-rap1       165     15     18       16       0x86b 	UPDATED NEIGH PARENT BEACON
mesh-45-rap1 is a Root AP. 

To view the percentage of packet errors for packets transmitted by the neighbor mesh access point, enter this command:

show mesh per-stats AP_Name

Information similar to the following appears:

Neighbor MAC Address 00:0B:85:5F:FA:F0
Total Packets transmitted: 104833
Total Packets transmitted successfully: 104833
Total Packets retried for transmission: 33028
 
   
Neighbor MAC Address 00:0B:85:80:ED:D0
Total Packets transmitted: 0
Total Packets transmitted successfully: 0
Total Packets retried for transmission: 0
 
   
Neighbor MAC Address 00:17:94:FE:C3:5F
Total Packets transmitted: 0
Total Packets transmitted successfully: 0
Total Packets retried for transmission: 0

Note Packet error rate percentage = 1 - (number of successfully transmitted packets/number of total packets transmitted).


Troubleshooting

This section provides troubleshooting information.

Installation and Connections

1. Connect the mesh access point that you want to be the RAP to the controller.

2. Deploy the radios (MAPs) at the desired locations.

3. Using the CLI, enter the command, show mesh ap summary to see all MAPs and RAPs on the controller. (See Figure 82.)

Figure 82 Show Mesh AP summary

1. From the controller GUI, click Wireless to see the mesh access point (RAP and MAP) summary. (See Figure 83.)

Figure 83 All APs Summary Window

2. Click AP Name to see the details window and then select the Interfaces tab to see the active radio interfaces.

Radio slot in use, radio type, sub-band in use, and operational status (UP or DOWN) are summarized.

AP1524 supports 3 radio slots: Slot 0 - 2.4 GHz, Slot 1-5.8 GHz, and Slot 2- 4.9 GHz

AP1522 supports 2 radio slots: Slot 0 2.4 GHz, and Slot 1 - 4.9 to 5.8 GHz

If you have more than one controller connected to the same mesh network, then you must specify the name of the primary controller using global configuration for every mesh access point or specify the primary controller on every node, otherwise the least loaded controller is the preferred. If the mesh access points were previously connected to a controller, they already have learned a controller's name.

After configuring the controller name, the mesh access point reboots.

3. Click Wireless > AP Name to check the mesh access point's primary controller on the AP details window.

Debug Commands

The following two commands are very helpful to see the messages being exchanged between mesh access points and the controller.

(Cisco Controller) >debug capwap events enable
(Cisco Controller) >debug disable-all
 
   

You can use the debug command to see the flow of packet exchanges that occur between the mesh access point and the controller. The mesh access point initiates the discovery process. An exchange of credentials takes place during the Join phase to authenticate that the mesh access point is allowed to join the mesh network.

Upon a successful join completion, the mesh access point sends an CAPWAP configuration request. The controller responds with a configuration response. When a Configure Response is received from the controller, the mesh access point evaluates each configuration element and then implements them.

Remote Debug Commands

You can log on to the mesh access point console for debugging either through a direct connection to the AP console port or through the remote debug feature on the controller.

To invoke remote debug on the controller, enter the following commands:

(Cisco controller) > debug ap enable ap name
(Cisco controller) > debug ap command "command" ap name

AP Console Access

AP1520s have a console port. A console cable is not shipped with the mesh access point. You must open the hinged side of the mesh access point to access the console port and then bring the cable outside from the Aux port to connect it to the laptop.


Note For details on opening the mesh access point, refer to the Cisco Aironet 1520 Series Outdoor Mesh Access Point Mounting Instructions document at: http://www.cisco.com/en/US/docs/wireless/access_point/1520/mounting/installation/guide/1520mountInst.html#wp40299


The AP1520s have console access security embedded in the code to prevent unauthorized access on the console port and provide enhanced security.

The login ID and password for console access are configured from the controller. You can use the following commands to push the user-id/password combination to the specified mesh access point or all access points.

You must verify whether the user-id/password pushed from the controller is used as user-id and password on the mesh access point. It is a non-volatile setting. Once set, a login ID and password is saved in the private config of the mesh access point.

Once you have a successful login, the trap is sent to Cisco WCS. If a user fails to login 3 times consecutively, login failure traps are sent to the controller and Cisco WCS.


Caution A mesh access point must be reset to the Factory Default settings before moving from one location to another.

Mesh Access Point CLI Commands

You can enter these commands directly on the mesh access point using the AP console port or you can use the remote debug feature from the controller.

Mesh Access Point Debug Commands

You can enter these commands directly on the mesh access point using the AP console port or you can use the remote debug feature from the controller.

debug mesh ethernet bridging—Debugs Ethernet bridging.

debug mesh ethernet config—Debugs access and trunk port configuration associated with VLAN tagging.

debug mesh ethernet registration—Debugs VLAN registration protocol. Associated with VLAN tagging.

debug mesh forwarding table—Debugs the forwarding table containing bridge groups.

debugs mesh forwarding packet bridge-group—Debugs bridge group configuration.

Mesh Access Point Roles

By default, the AP1520s are shipped with a radio role set to MAP. Therefore, you must change the radio role on a mesh access point for it to function as RAP.

You can change this configuration on the mesh access point by statically setting them as rooftop access points or mesh access points with the following command:

(Cisco Controller) > config ap role {rootAP | mesh AP | default}

To change the radio role can also be changed using the GUI,:

1. Click Wireless > Access Points > All APs to open the All APs window.

2. Click the name of the mesh access point that you want to change. Click Mesh tab.

3. From the AP Role drop-down menu, choose MeshAP or RootAP to specify this mesh access point as a MAP or RAP, respectively.

4. Click Apply to commit your changes. The mesh access point reboots.

5. Click Save Configuration to save your changes.


Note Cisco recommends a Fast Ethernet connection between the MAP and controller when changing from a MAP to RAP. After a RAP-to-MAP conversion, the MAP's connection to the controller is a wireless backhaul rather than a Fast Ethernet connection. It is the responsibility of the user to ensure that the Fast Ethernet connection of the RAP being converted is disconnected before the MAP starts up so that the MAP can join over the air.


Backhaul Algorithm

A backhaul is used to create only the wireless connection between mesh access points.

The backhaul interface by default is 802.11a. You cannot change the backhaul interface to 802.11b/g.

The 24 Mb/s data rate is selected by default for AP1520s.

The backhaul algorithm has been designed to fight against stranded mesh access point conditions. This also adds a high-level of resiliency for each mesh node.

The algorithm can be summarized as follows:

MAP always sets the Ethernet port as primary backhaul if it is UP, otherwise it is the 802.11a radio. (This gives the network administrator the ability to configure it as a RAP the first time and recover it in-house). For fast convergence of the network, Cisco recommends that you not connect any Ethernet device to the MAP for its initial joining to the mesh network.

A MAP failing to connect to a WLAN controller on an Ethernet port that is UP, sets the 802.11a radio as the primary backhaul. Failing to find a neighbor or failing to connect to a WLAN controller via any neighbor on 802.11a radio causes the primary backhaul to be UP on the Ethernet port again. MAP will give preference to the parent which has the same BGN.

A MAP connected to a controller over an Ethernet port does not build a mesh topology (unlike a RAP).

A RAP always sets the Ethernet port as the primary backhaul.

If the Ethernet port on a RAP is DOWN, or a RAP fails to connect to a controller on an Ethernet port that is UP, the 802.11a radio is set as the primary backhaul. Failing to find a neighbor or failing to connect to a controller via any neighbor on the 802.11a radio will make the RAP go to SCAN state after 15 minutes and starts with the Ethernet port first.

Keeping the roles of mesh nodes distinct using the above algorithm greatly helps avoid a mesh access point from being in an unknown state and becoming stranded in a live network.

Passive Beaconing (Anti-Stranding)

When enabled, passive beaconing allows a stranded mesh access point to broadcast its debug messages over-the-air using a 802.11b/g radio. A neighboring mesh access point that is listening to the stranded mesh access point and has a connection to a controller, can pass those messages to the controller over CAPWAP. Passive beaconing prevents a mesh access point that has no wired connection from being stranded.

Debug logs can also be sent as distress beacons on a non-backhaul radio so that a neighboring mesh access point can be dedicated to listen for the beacons.

The following steps are automatically initiated at the controller when a mesh access point loses its connection to the controller:

Identifies MAC address of stranded mesh access point

Finds a nearby neighbor that is CAPWAP connected

Sends commands through remote debug

Cycles channels to follow the mesh access point

User only has to know the MAC address of the stranded AP to make use of this feature.

A mesh access point is considered stranded if it goes through a lonely timer reboot. When the lonely timer reboot is triggered, the mesh access point, which is now stranded, enables passive beaconing, the anti-stranding feature.

This feature can be divided into three parts:

Strand detection by stranded mesh access point

Beacons sent out by stranded mesh access point

Latch the 802.11b radio to a channel (1,6,11)

Enable debugs

Broadcast the standard debug messages as distress beacons

Send Latest Crash info file

Receive beacons. (Neighboring mesh access point with remote debugging enabled).

Deployed mesh access points constantly look for stranded mesh access points. Periodically, mesh access points send a list of stranded mesh access points and SNR information to the controller. The controller maintains a list of the stranded mesh access points within its network.

When the command "debug mesh astools troubleshoot <mac-addr> start" is run, the controller will run through the list to find the stranded mesh access point mac-addr

A message is sent to the best neighbor to start listening to the stranded access point. The listening mesh access point will get the distress beacons from the stranded mesh access point and sends it to the controller.

Once a mesh access point dons the role of a listener, it will not purge the stranded mesh access point from its internal list, until it stops listening to the stranded mesh access point. While a stranded mesh access point is being debugged, if a neighbor of that mesh access point reports a better SNR to the controller than the current listener by some percentage, then the listener of the stranded mesh access point is changed to the new listener (with better SNR) immediately.

End user commands are below:

config mesh astools [enable/disable]: This command will enable or disable the astools on the mesh access points. If disabled, APs will no longer send stranded AP list to the controller

show mesh astools stats: This command shows the list of stranded APs and their listeners if they have any

debug mesh astools troubleshoot <mac-addr> start: sends a message to the best neighbor of the <mac-addr> to start listening

debug mesh astools troubleshoot <mac-addr> stop: sends a message to the best neighbor of the <mac-addr> to stop listening

clear mesh stranded [all/<mac of b/g radio>]: clears stranded ap entries

Controller Console will be swamped with Debug messages from stranded APs for 30 minutes.

DFS

DFS in RAP

RAP performs the following steps as a response to radar detection:

1. RAP sends a message to the controller that the channel is infected with Radar. Channel is marked as infected channel on the RAP and on the controller.

2. RAP blocks the channel for 30 minutes. This 30 minutes period is called non-occupancy period.

3. Controller sends the TRAP, indicating that the radar has been detected on the channel. TRAP remains until the non-occupancy period expires.

4. RAP has 10 seconds to move away from the channel. This is called channel move time. This is defined as the time for the system to clear the channel and is measured from the end of the radar burst to the end of the final transmission on the channel.

5. RAP enters the quiet mode. In the quiet mode, RAP stops data transmissions. Beacons are still generated and probe responses are still delivered. Quite mode exists until the channel move time is over (10 seconds).

6. Controller picks up a new random channel and sends the channel information to the RAP.

7. RAP receives the new channel information and sends channel change frames. (unicast, encrypted) to MAPs, and each MAP sends the same information to its lower children down the sector. Each mesh access point sends the channel change frames once every 100 msecs for a total of five times.

8. RAP tunes to the new channel and enters into the silent mode. During the silent mode, only the receiver is ON. RAP keeps scanning the new channel for any radar presence for 60 seconds. This is called channel availability check (CAC).

9. MAPs tune to the new channel and enter into the silent mode. During the silent mode, only the receiver is ON. MAPs keeps scanning the new channel for any radar presence for 60 seconds.

10. If radar is not detected, RAP resumes full functionality on this new channel and the whole sector tunes to this new channel.

DFS in MAP

MAP performs the following steps as a response to radar detection:

1. MAP sends a radar seen indication to the parent and ultimately to the RAP indicating that the channel is infected. RAP sends this message to the controller. The message will look like it is coming from the RAP. MAP, RAP and controller mark the channel as infected for 30 minutes.

2. MAP blocks the channel for 30 minutes. This 30 minutes period is called non-occupancy period.

3. Controller sends the TRAP, indicating that the radar has been detected on the channel. TRAP remains until the non-occupancy period expires.

4. MAP has 10 seconds to move away from the channel. This is called channel move time. This is defined as the time for the system to clear the channel and is measured from the end of the radar burst to the end of the final transmission on the channel.

5. MAP enters the quiet mode. In the quiet mode, MAP stops data transmissions. Beacons are still generated and probe responses are still delivered. Quite mode exists until the channel move time is over (10 seconds).

6. Controller picks up a new random channel and sends the channel to the RAP.

7. RAP receives the new channel information and sends channel change frames (unicast, encrypted) to MAPs, and each MAP sends the same information to its lower children down the sector. Each mesh access point sends the channel change frames once every 100 msecs for a total of five times.

8. Each mesh access point tunes to the new channel and enters into silent mode. During silent mode only the receiver is ON. There is no packet transmission happening. AP keeps scanning the new channel for any radar presence for 60 seconds. This is called channel availability check (CAC). The MAPs should not disconnect from the controller. The network should remain stable during this one minute period.

DFS functionality allows a MAP that detects a radar signal to transmit that up to the RAP, which then acts as if it has experienced radar and moves the sector. This is termed the coordinated channel change. This functionally can be turned on or off on the controller. Coordinated channel change is enabled by default.

To enable DFS, enter:

(Cisco Controller) > config mesh full-sector-dfs enable
 
   

To verify that DFS is enabled on the network, enter:

(Cisco Controller) > show network

Note A MAP that detects radar should send a message to the RAP, unless the parent has a different BGN, in which case it does not send messages for a coordinated sector change. Instead the MAP reenters the SCAN state and search on non-radar seen channels for a new parent.



Note Ensure that none of your mesh access points are using DEFAULT BGN.



Note A repeated radar event on the MAP (radar triggers once, then almost immediately again), will cause the MAP to disconnect.


Preparation in a DFS Environment

To verify that your controller is set to the correct country domain, enter:

(Cisco Controller) > show country
 
   

To check mesh access point country and channel setting on controller, enter:

(Cisco Controller)> show ap config 802.11a ap name
 
   

To identify channels available for mesh, enter:

(Cisco Controller)> show ap config 802.11a ap name
 
   

Look for the allowed channel list.

Allowed Channel List....................... 100,104,108,112,116,120,124, 
......................................... 128,132,136,140 
 
   

To identify channels available for mesh on the AP console (or using remote debug from the controller, enter:

ap1520-rap # show mesh channels
 
   
HW: Dot11Radio1, Channels: 
100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140
 
   

An asterisk next to a channel indicates that radar has been seen on the channel.

Please do a spot check on the mesh access points for radar information using the following remote debug commands from the controller:

To invoke remote debug:

(Cisco Controller) > debug ap enable <ap name> 
(Cisco Controller) > debug ap command <command> <ap name> 
 
   

Debug commands to see radar detection and past radar detections on the DFS channel are:

show mesh dfs channel <channel number>
show mesh dfs history
 
   

Information similar to these example displays.

ap1520-rap # show mesh dfs channel 132

Channel 132 is available 
Time elapsed since radar last detected: 0 day(s), 7 hour(s), 6 minute(s), 51 
second(s).
 
   

The RAPs should then be run through the channels to determine whether there is active radar on each of the channels.

ap1520-rap # show mesh dfs channel 132 
 
   
Radar detected on channel 132, channel becomes unusable (Time Elapsed: 0 day(s), 7 
hour(s), 7 minute(s), 11 second(s)). 
Channel is set to 100 (Time Elapsed: 0 day(s), 7 hour(s), 7 minute(s), 11 second(s)). 
Radar detected on channel 116, channel becomes unusable (Time Elapsed: 0 day(s), 7 
hour(s), 6 minute(s), 42 second(s)). 
Channel is set to 64 (Time Elapsed: 0 day(s), 7 hour(s), 6 minute(s), 42 second(s)). 
Channel 132 becomes usable (Time Elapsed: 0 day(s), 6 hour(s), 37 minute(s), 10 
second(s)). 
Channel 116 becomes usable (Time Elapsed: 0 day(s), 6 hour(s), 36 minute(s), 42 
second(s)). 

Monitoring DFS

DFS history should be run every morning or more frequently to detect the radar. This information does not get erased and is stored on the mesh access point flash. Therefore, you only need to match up times.

ap1520-rap # show controller dot11Radio 1 
 
   

Information similar to this displays:

 
   
interface Dot11Radio1 
Radio Hammer 5, Base Address 001c.0e6c.9c00, BBlock version 0.00, Software version 
0.05.30 
Serial number: FOC11174XCW 
Number of supported simultaneous BSSID on Dot11Radio1: 16 
Carrier Set: ETSI (OFDM) (EU) (-E) 
Uniform Spreading Required: Yes 
Current Frequency: 5540 MHz Channel 108 (DFS enabled) 
Allowed Frequencies: *5500(100) *5520(104) *5540(108) *5560(112) *5580(116) *560 
0(120) *5620(124) *5640(128) *5660(132) *5680(136) *5700(140) 
* = May only be selected by Dynamic Frequency Selection (DFS) 
Listen Frequencies: 5180(36) 5200(40) 5220(44) 5240(48) 5260(52) 5280(56) 5300(6 
0) 5320(64) 5500(100) 5520(104) 5540(108) 5560(112) 5580(116) 5660(132) 5680(136 
) 5700(140) 5745(149) 5765(153) 5785(157) 5805(161) 5825(165) 4950(20) 4955(21) 
4960(22) 4965(23) 4970(24) 4975(25) 4980(26) 
 
   

Note An asterisk indicates that this channel has DFS enabled.


Frequency Planning

Use alternate adjacent channels in adjacent sectors. If you have two RAPs deployed at the same location, you must leave one channel in between.

Weather radars operate within the band 5600 to 5650 MHz, which means that channel 124 and 128 might be affected, but also channel 120 and 132 might suffer from weather radar activity.

If the mesh access point does detect radar, the controller and the mesh access point both will retain the channel as the configured channel. The controller retains it in volatile memory associated with the mesh access point, and the mesh access point has it stored in its flash as configuration. After the 30 minute quiet period, the controller returns the mesh access point to the static value, regardless of whether the mesh access point has been configured with a new channel or not. In order to overcome this, configure the mesh access point with a new channel, and reboot the mesh access point.

Once radar is reliably detected on a channel, that channel, and the two surrounding channels, should be added to the RRM exclusion list, as follows:

(Cisco Controller) > config advanced 802.11a channel delete <channel>
 
   

A mesh access point will go to a new channel as picked by RRM, and it will not consider excluded channels.

In the case where radar is detected on channel 124, for instance, channels 120, 124, and 128 should be added to the exclusion list. In addition, do not configure RAPs to operate on those channels.

Good SNRs

For European installations, the minimum recommendation is increased to 20 dB of SNR. The extra dBs are used to mitigate the effects of radar interference with packet reception, which is not observed in non DFS environments.

AP Placement

Collocated mesh access points should have a minimum of 10 feet of vertical separation or 100 feet of horizontal separation.

Check Packet Error Rate

Mesh access points that have an high error rate, greater than 1%, should have mitigation applied to them, by changing the channels used in the case of noise and interference, by adding additional mesh access points in the transmission path, moving the mesh access points to different sectors, or by adding additional mesh access points.

Misconfiguration of BGN

A mesh access point can be wrongly provisioned with a bridgegroupname and placed in a group other than it was intended. Depending on the network design, this mesh access point might or might not be able to reach out and find its correct sector or tree. If it cannot reach a compatible sector, the mesh access point can become stranded.

In order to recover such a stranded mesh access point, the concept of default bridgegroupname has been introduced in the software. Therefore, when a mesh access point is unable to connect to any other mesh access point with its configured bridgegroupname, it attempts to connect with the bridgegroupname of default.

The algorithm of detecting this strand condition and recovery is as follows:

1. Passively scan and find all neighbor nodes, regardless of their bridgegroupname.

2. The mesh access point attempts to connect to the neighbors heard with my own bridgegroupname using AWPP.

3. If Step 2 fails, attempt connecting with default bridgegroupname using AWPP.

4. For each failed attempt in Step 3, exclusion-list the neighbor and attempt to connect the next best neighbor.

5. If the AP fails to connect with all neighbors in Step 4, reboot the mesh access point.

6. If connected with a default bridgegroupname for 15 minutes, the mesh access point will go into a scan state.

When an mesh access point is able to connect with the default bridgegroupname, the parent node reports the mesh access point as a default child/node/neighbor entry on the controller, so that a network administrator is Cisco WCS. Such a mesh access point behaves as a normal (non-mesh) access point and accepts any client, other mesh nodes as its children, and it can pass any data traffic through.


Note Do not confuse an unassigned BGN (null value) with DEFAULT, which is a mode the access point uses to connect when it cannot find its own BGN.


To check the current state of an mesh access point's BGN, enter this command (CLI):

(Cisco Controller)> show mesh path Map3:5f:ff:60 
00:0B:85:5F:FA:60 state UPDATED NEIGH PARENT DEFAULT (106B), snrUp 48, snrDown 48, linkSnr 
49 
00:0B:85:5F:FB:10 state UPDATED NEIGH PARENT BEACON (86B) snrUp 72, snrDown 63, linkSrn 57 
00:0B:85:5F:FA:60 is RAP
 
   

To check the current state of a mesh access point's, check neighbor information for the mesh access point (GUI):

Select Wireless > All APs > AP Name > Neighbor info (Figure 84 and Figure 85).

Figure 84 Neighbor Information for Child

Figure 85 Neighbor Information for Parent

Misconfiguration of the Mesh Access Point IP Address

Although most practical Layer 3 networks are deployed using DHCP IP address management, manual IP address management and allocating IP addresses statically to each mesh node might be preferred by some network administrators. Manual mesh access point IP address management can be a nightmare for large networks, but it might make sense in small to medium size networks (approx. 10-100 mesh nodes) given the number of mesh nodes are relatively small compared to client hosts.

Statically configuring the IP address on a mesh node has the possibility of putting a MAP on a wrong network, such as a subnet or VLAN. This could prevent a mesh access point from successfully resolving the IP gateway, eventually failing to discover a WLAN controller. In such a scenario, the mesh access point falls back to its DHCP mechanism and automatically attempts to find a DHCP server and obtains an IP address from it. This fallback mechanism prevents a mesh node from being potentially stranded from a wrongly configured static IP address and allows it to obtain a correct address from a DHCP server on the network.

When you are manually allocating IP addresses, Cisco recommends that you make IP addressing changes from the furthest mesh access point child first and then work your way back to the RAP. This also applies if you relocate equipment. For example, if you uninstall a mesh access point and redeploy it in another physical location of the mesh network that has a different addressed subnet.

Another option is to take a controller in Layer 2 mode with a RAP to the location with the misconfigured MAP. Set the bridge group name on the RAP to match the MAP that needs the configuration change. Add the MAP's MAC address to the controller. When the misconfigured MAP comes up in the mesh access point summary detail, configure it with an IP address.

Misconfiguration of DHCP

Despite the DHCP fallback mechanism, there is still a possibility that a mesh access point can become stranded, if any of the following conditions exist:

There is no DHCP server on the network.

There is a DHCP server on the network, but it does not offer an IP address to the AP, or if it gives a wrong IP address to the AP (for example, on a wrong VLAN or subnet).

These conditions can strand a mesh access point that is configured with or without a wrong static IP address or with DHCP. Therefore, it is necessary to ensure that when a mesh access point is unable to connect after exhausting all DHCP discovery attempts or DHCP retry counts or IP gateway resolution retry counts, it attempts to find a controller in Layer 2 mode. In other words, a mesh access point attempts to discover a controller in Layer 3 mode first and in this mode, attempts with both static IP (if configured) or DHCP (if possible). The AP then attempts to discover a controller in Layer 2 mode. After finishing a number of Layer 3 and Layer 2 mode attempts, the mesh access point changes its parent node and re-attempts DHCP discovery. Additionally, the software exclusion-lists notes the parent node through which it was unable to obtain the correct IP address.

Identifying the Node Exclusion Algorithm

Depending on the mesh network design, it is entirely possible that a node finds another node "best" according to its routing metric (even recursively true), yet it is unable to provide the node with a connection to the correct controller or correct network. It is the typical honeypot access point scenario caused by either misplacement, provisioning, design of the network, or by the dynamic nature of an RF environment exhibiting conditions that optimize the AWPP routing metric for a particular link in a persistent or transient manner. Such conditions are generally difficult to recover from in most networks and could blackhole or sinkhole a node completely, taking it out from the network. Possible symptoms include, but are not limited to:

A node connects to the honeypot, but cannot resolve the IP gateway when configured with static IP address, or cannot obtain the correct IP address from DHCP server, or cannot connect to a WLAN controller.

A node ping-pongs between a few honeypots or circles between many honeypots (in worst-case scenarios).

Cisco mesh software tackles this difficult scenario using a sophisticated node exclusion-listing algorithm. This node exclusion-listing algorithm uses an exponential backoff and advance technique much like TCP sliding window or 802.11 MAC.

The basic idea relies on the following five major steps:

1. Honeypot detection—The honeypots are first detected via the following steps.

A parent node is set by the AWPP module, by:

A static IP attempt in CAPWAP module.

A DHCP attempt in the DHCP module.

A CAPWAP attempt to find and connect to a controller fails.

2. Honeypot conviction—When a honeypot is detected, it is placed in a exclusion-list database with its conviction period to remain on the list. The default is 32 minutes. Other nodes are then attempted as parents in the following order, falling back to the next, upon failing the current mechanism:

On the same channel.

Across different channels (first with its own bridgegroupname and then with default).

Another cycle, by clearing conviction of all current exclusion-list entries.

Rebooting the AP.

3. Non-honeypot credit—It is often possible that a node is not a really a honeypot, but appears to be due to some transient backend condition, such as:

The DHCP server is either not up-and-running yet, has failed temporarily, or requires a reboot.

The WLAN controller is either not up-and-running yet, has failed temporarily, or requires a reboot.

The Ethernet cable on the RAP was accidentally disconnected.

Such non-honeypots must be credited properly from their serving times so that a node can come back to them as soon as possible.

4. Honeypot expiration—Upon expiration, an exclusion-list node must be removed from the exclusion-list database and return to normal state for future consideration by AWPP.

5. Honeypot reporting—Honeypots are reported to the controller via LWAPP mesh neighbor message to the controller, which shows these on the Bridging Information window. A message is also displayed the first-time an exclusion-listed neighbor is seen. In subsequent software release, an SNMP trap will be generated on the controller for this condition so that Cisco WCS can record the occurrence. Figure 86 shows the bridging details.

Figure 86 Excluded Neighbor

Because there could be many nodes attempting to join or re-join the network after an expected or unexpected event, a hold-off time of 16 minutes is implemented. This means that no nodes are exclusion-listed during this period of time after system initialization.

This exponential backoff and advance algorithm is unique and has the following useful properties:

It allows a node to correctly identify the parent nodes whether it is a true honeypot or is just experiencing temporary outage conditions.

It credits the good parent nodes according to the time it has enabled a node to stay connected with the network and the crediting requires lesser and lesser time over period in order to bring the exclusion-list conviction period to be very low for real transient conditions and not so low for transient to moderate outages.

It has built-in hysteresis for encountering the initial condition issue where many nodes try to discover each other only to find that those are not really meant to be in the same network.

It has built-in memory for nodes that can appear as neighbors sporadically so they are not accidentally considered as parents if they were, or are supposed to be, on the exclusion-list database.

The node exclusion-listing algorithm is constructed to guard the mesh network against serious stranding, which was observed in customers' networks. It integrates into AWPP in such a way that a node can quickly (re-)converge and find the correct network under many kinds of adversities.

Throughput Analysis

Throughput depends on packet error rate and hop count.

Throughput is calculated as:

Throughput = BR * 0.5 * 1/n * PSR

BR = Raw backhaul rate, i.e. 18, 24 Mb/s

n = Backhaul hop count

PSR = Packet success rate = (1.0-PER) = (0.0 .. 1.0)

Two assumptions apply to this calculation:

There is no other traffic on the mesh

1/n factor is based on all hops hearing each other.

Generally, the throughput numbers per hop are as shown in Table 23.

Table 23 Throughput Numbers Per Hop

Hops
Throughput

One

Approximately 14 Mb/s

Two

Approximately 8 Mb/s

Three

Approximately 3 Mb/s

Four

Approximately up to 1 Mb/s


Capacity and throughput are orthogonal concepts. Throughput is one user's experience at node N and total area capacity is calculated over the entire sector of N-nodes and is based on the number of ingress and egress RAPs, assuming separate non-interfering channels.

For example, 4 RAPs at 10 Mb/s each deliver 40 Mb/s total capacity. So, one user at 2 hops out, logically under each RAP, could get 5Mb/s each of TPUT, but consume 40 Mb/s of backhaul capacity.

With the Cisco Mesh solution, the per-hop latency is less than 10 msecs, and the typical latency numbers per hop range from 1~3 msecs. Overall jitter is also less than 3 msecs.

Throughput depends on the type of traffic being passed through the network. Traffic can be User Datagram Protocol (UDP) or Transmission Control Protocol (TCP). UDP sends a packet over Ethernet with a source and destination address and a UDP protocol header. It does not expect an acknowledgement (ACK). There is no assurance that the packet is delivered at the application layer.

TCP is similar to UDP but it is a reliable packet delivery mechanism. There are packet acknowledgments and a sliding window technique is used to allow the sender to transmit multiple packets before waiting for an ACK. There is a maximum amount of data the client will transmit (called a TCP socket buffer window) before it stops sending data. Sequence numbers are used to track packets sent and to ensure that they arrive in the correct order. TCP uses cumulative ACKs and the receiver reports how much of the current stream has been received. An ACK might cover any number of packets, up to the TCP window size.

TCP uses slow start and multiplicative decrease to respond to network congestion or packet loss. When a packet is lost, the TCP window will be cut in half and the back-off retransmission timer will be increased exponentially. Wireless is subject to packet loss due to interference issues and TCP will react to this packet loss. There is also a slow start recovery algorithm that is used to avoid swamping a connection when recovering from packet loss. The natural effect of these algorithms in a lossy network environment is to lessen the overall throughput of a traffic stream.

By default, the maximum segment size (MSS) of TCP is 1460 bytes, which results in a 1500-byte IP datagram. Therefore, TCP fragments any data packet that is larger than 1460 bytes, which can cause at least 30% throughput drop. In addition, the Cisco controller encapsulates IP datagrams in the 48-byte CAPWAP tunnel header as illustrated in Figure 87. Therefore, any data packet that is longer than 1394 bytes is also fragmented by the controller, which results in up to 15% throughput decrease.

Figure 87 CAPWAP Tunneled Packets

Adding and Managing Mesh Access Points with Cisco WCS

To configure and monitor mesh networks from Cisco WCS you must first import campus and outdoor maps into Cisco WCS and add buildings. Thereafter, you can add mesh access points to the map and configure and monitor mesh access points from Cisco WCS.

Refer to the following sections for details:

"Adding Campus Maps, Outdoor Areas, and Buildings with Cisco WCS" section

"Adding Mesh Access Points to Maps with Cisco WCS" section

"Monitoring Mesh Access Points Using Google Earth" section

"Adding Indoor Mesh Access Points to Cisco WCS" section

"Managing Mesh Access Points with Cisco WCS" section

"Monitoring WGB" section

"Viewing AP Last Reboot Reason" section

Adding Campus Maps, Outdoor Areas, and Buildings with Cisco WCS

For mesh networks, maps and items on those maps (buildings and mesh access points) are added to Cisco WCS in the following order:

1. Add campus map

2. Add outdoor area map

3. Add buildings

4. Add mesh access points

Detailed steps for adding these maps and components are noted below.

Adding Campus Maps

To add a single campus map to the Cisco WCS database, follow these steps.


Step 1 Save the map in .PNG, .JPG, .JPEG, or .GIF format.


Note The map can be any size because Cisco WCS automatically resizes the map to fit its working areas.


Step 2 Browse to and import the map from anywhere in your file system.

Step 3 Click Monitor > Maps to display the Maps window.

Step 4 From the Select a command drop-down menu, choose New Campus and click GO.

Step 5 On the Maps > New Campus window, enter the campus name and campus contact name.

Step 6 Browse to and choose the image filename containing the map of the campus and click Open.

Step 7 Check the Maintain Aspect Ratio check box to prevent length and width distortion when Cisco WCS resizes the map.

Step 8 Enter the horizontal and vertical span of the map in feet.


Note The horizontal and vertical span should be larger than any building or floor plan to be added to the campus.


Step 9 Click OK to add this campus map to the Cisco WCS database. Cisco WCS displays the Maps window, which lists maps in the database, map types, and campus status.


Adding Outdoor Areas

To add an outdoor area to a campus map, follow these steps.


Note You can add outdoor areas to a campus map in the Cisco WCS database regardless of whether you outdoor area maps are in the database.



Step 1 If you want to add a map of the outdoor area to the database, save the map in .PNG, .JPG, .JPEG, or .GIF format. Then browse to and import the map from anywhere in your file system.


Note You do not need a map to add an outdoor area. You can simply define the dimensions of the area to add it to the database. The map can be any size because Cisco WCS automatically resizes the map to fit the workspace.


Step 2 Click Monitor > Maps to display the Maps window.

Step 3 Click the desired campus. Cisco WCS displays the Maps > Campus Name window.

Step 4 From the Select a command drop-down menu, choose New Outdoor Area and click GO.

Step 5 On the Campus Name > New Outdoor Area window, follow these steps to create a manageable outdoor area:

a. Enter the outdoor area name.

b. Enter the outdoor area contact name.

c. If desired, enter or browse to the filename of the outdoor area map.

d. Enter an approximate outdoor horizontal span and vertical span (width and depth on the map) in feet.


Tip You can also use Ctrl-click to resize the bounding area in the upper left corner of the campus map. As you change the size of the bounding area, the Horizontal Span and Vertical Span parameters of the outdoor area change to match your actions.


e. Click Place to put the outdoor area on the campus map. Cisco WCS creates an outdoor area rectangle scaled to the size of the campus map.

f. Click on the outdoor area rectangle and drag it to the desired position on the campus map.

g. Click Save to save this outdoor area and its campus location to the database. Cisco WCS saves the outdoor area name in the outdoor area rectangle on the campus map.


Note A hyperlink associated with the outdoor area takes you to the corresponding Map window


Step 6 Click Save.


Adding a Building to a Campus Map

You can add buildings to the Cisco WCS database regardless of whether you have added campus maps to the database. This section explains how to add a building to a campus map or a standalone building (one that is not part of a campus) to the Cisco WCS database.

To add a building to a campus map in the Cisco WCS database, follow these steps.


Step 1 Click Monitor > Maps to display the Maps window.

Step 2 Click the desired campus. Cisco WCS displays the Maps > Campus Name window.

Step 3 From the Select a command drop-down menu, choose New Building and click GO.

Step 4 On the Campus Name > New Building window, follow these steps to create a virtual building in which to organize related floor plan maps:

a. Enter the building name.

b. Enter the building contact name.

c. Enter the number of floors and basements.

d. Enter an approximate building horizontal span and vertical span (width and depth on the map) in feet.


Tip The horizontal and vertical span should be larger than or the same size as any floors that you might add later.You can also use Ctrl-click to resize the bounding area in the upper left corner of the campus map. As you change the size of the bounding area, the Horizontal Span and Vertical Span parameters of the building change to match your actions.


e. Click Place to put the building on the campus map. Cisco WCS creates a building rectangle scaled to the size of the campus map.

f. Click on the building rectangle and drag it to the desired position on the campus map.


Note After adding a new building, you can move it from one campus to another without having to recreate it.


g. Click Save to save this building and its campus location to the database. Cisco WCS saves the building name in the building rectangle on the campus map.


Note A hyperlink associated with the building takes you to the corresponding Map window.


Step 5 Click Save.


Adding Mesh Access Points to Maps with Cisco WCS

After you add the .PNG, .JPG, .JPEG, or .GIF format floor plan and outdoor area maps to the Cisco WCS database, you can position mesh access point icons on the maps to show where they are installed in the buildings.

To add mesh access points to floor plan and outdoor area maps, follow these steps.


Step 1 Click the desired floor plan or outdoor area map in the Coverage Areas component of the General tab. Cisco WCS displays the associated coverage area map.

Step 2 From the Select a command drop-down menu, choose Add Access Points and click GO.

Step 3 On the Add Access Points window, choose the mesh access points to add to the map.

Step 4 Click OK to add the mesh access points to the map and display the Position Access Points map.


Note The mesh access point icons appear in the upper left area of the map.


Step 5 Click and drag the icons to indicate their physical locations.

Step 6 Click each icon and choose the antenna orientation in the sidebar (See Figure 88).

Figure 88 Antenna Sidebar

The antenna angle is relative to the map's X axis. Because the origin of the X (horizontal) and Y (vertical) axes is in the upper left corner of the map, 0 degrees points side A of the mesh access point to the right, 90 degrees points side A down, 180 degrees points side A to the left, and so on. The antenna elevation is used to move the antenna vertically, up or down, to a maximum of 90 degrees.

Make sure each mesh access point is in the correct location on the map and has the correct antenna orientation. Accurate mesh access point positioning is critical when you use the maps to find coverage holes and rogue access points.

Refer to this location for further information about the antenna elevation and azimuth patterns:

http://www.cisco.com/en/US/products/hw/wireless/ps469/tsd_products_support_series_home.html

Step 7 Click Save to store the mesh access point locations and orientations. Cisco WCS computes the RF prediction for the coverage area. These RF predictions are popularly known as heat maps because they show the relative intensity of the RF signals on the coverage area map. Figure 89 shows an RF prediction heat map.


Note This display is only an approximation of the actual RF signal intensity because it does not take into account the attenuation of various building materials, such as drywall or metal objects, nor does it display the effects of RF signals bouncing off obstructions.


Figure 89 RF Prediction Heat Map


Monitoring Mesh Access Points Using Google Earth

Cisco WCS supports both Google Earth Map Plus or Pro and displays, when present, mesh access points and their links.

Launching Google Earth in Cisco WCS

Cisco WCS supports both Google Earth Map Plus or Pro and displays, when present, mesh access points and their links.

To launch Google Earth maps, follow these steps.


Step 1 Launch Google Earth plus or pro and add a new folder.

Step 2 Create a mesh access points placemark on Google Earth plus or pro.


Note You must use the exact name of the mesh access point when creating the placement mark to ensure Cisco WCS can recognize these mesh access points.


Step 3 Place the mesh access point placemarks in the new folder. Save the folder as a .KML file.

Step 4 In Cisco WCS, click Monitor > Google Earth Maps. Select Import Google KML from the Select a command drop-down menu.

Step 5 Import the new Google KML folder (see Figure 90). It displays in the folder name summary.

Figure 90 Importing New Folder into Google Earth

Step 6 Click the launch icon next to the new folder to launch the Google Earth map from Cisco WCS.


Viewing Google Earth Maps

You can view campus maps, mesh access point and link information using Google maps.

To view Google Earth maps, follow these steps.


Step 1 Log in to Cisco WCS.

Step 2 Choose Monitor > Google Earth Maps. The Google Earth Maps window displays all folders and the number of mesh access points included within each folder.

Step 3 Click Launch for the map you want to view. Google Earth opens in a separate window and displays the location and its mesh access points. (see Figure 91.)


Note To use this feature, you must have Google Earth installed on your computer and configured to auto-launch when data is sent from the server. You can download Google Earth from Google's web site.


Figure 91 Google Earth Map Window

Step 4 Click Launch for the map you want to view. Google Earth opens in a separate window and displays the location and its mesh access points.


Note To use this feature, you must have Google Earth installed on your computer and configured to auto-launch when data is sent from the server. You can download Google Earth from Google's web site.


Figure 92 Google Earth Map With Mesh Access Point Details

Figure 93 Google Earth Map With Mesh Link Details

To view details for a Google Earth Map folder, follow these steps.


Step 1 From the Google Earth Map window, click the folder name to open the details window for this folder. The Google Earth Details window provide the mesh access point names and MAC or IP addresses.


Note To delete a mesh access point, select the applicable check box and click Delete.
To delete the entire folder, select the check box next to Folder Name and click Delete. Deleting a folder also deletes all subfolders and mesh access points inside the folder.


Step 2 Click Cancel to close the details window.


Adding Indoor Mesh Access Points to Cisco WCS

By default, the indoor mesh access points (AP1130, AP1240) are in local mode. Prior to a mesh installation, you must first connect all indoor mesh access points to the controller and change the mode to bridge mode.

To do so, connect all the indoor access points (AP1130, AP1240) to the layer 3 network on the same subnet as the Management IP address.

Add the MAC address of the indoor mesh access points into the MAC filter list on the controller. All indoor access points will then join the controller in local mode.

You can then change local mode to bridge mode in the controller for every indoor access point (See Figure 94).

Figure 94 All APs > AP Details Controller Window

After changing the indoor access points to bridge mode on the controller, add these indoor mesh access points into Cisco WCS.

You cannot initially configure AP1130 and AP1240 into bridge mode from Cisco WCS.

Managing Mesh Access Points with Cisco WCS

Cisco WCS is a complete platform for enterprise-wide WLAN systems management. It provides a wide range of tools for visualizing and controlling the mesh, including histograms of signal-to-noise ratio, mesh detail information, mesh access point neighbor and link information, seven-day temporal link information, and tools to identify and avoid RF interference.

This section addresses the following Cisco WCS monitoring capabilities:

"Monitoring Mesh Networks Using Maps" section

"Monitoring Mesh Health" section

"Mesh Statistics for a Mesh Access Point" section

"Viewing the Mesh Network Hierarchy" section

"Using Mesh Filters to Modify Map Display of Maps and Mesh Links" section

Monitoring Mesh Networks Using Maps

You can access and view details for the following elements from a mesh network map in Cisco WCS:

Mesh Link Statistics

Mesh Access Points

Mesh Access Point Neighbors

Details on how this information is accessed and the information displayed for each of these items is detailed in the following sections.

Monitoring Mesh Link Statistics Using Maps

You can view the SNR for a specific mesh network link, view the number of packets transmitted and received on that link, and initiate a link test from the Monitor > Maps display.

To view details on a specific mesh link between two mesh access points or a mesh access point and a root access point, follow these steps.


Step 1 In Cisco WCS, choose Monitor > Maps.

Step 2 Click the Map Name that corresponds to the outdoor area, campus, building, or floor you want to monitor.

Step 3 Move the cursor over the link arrow for the target link (see Figure 95). A Mesh Link window appears.


Note The AP Mesh Info check box under the Layers drop-down menu must be checked for links to appear on the map.


Figure 95 Mesh Link Details Window

Step 4 Click either Link Test, Child to Parent or Link Test, or Parent to Child. After the link test is complete, a results window appears (see Figure 96).


Note A link test runs for 30 seconds.



Note You cannot run link tests for both links (child-to-parent and parent-to-child) at the same time.


Figure 96 Link Test Results

Step 5 To view a graphical representation of SNR statistics over a period of time, click the arrow on the link. A window with multiple SNR graphs appears (see Figure 97).

The following graphs are displayed for the link:

SNR UpPlots the RSSI values of the neighbor from the perspective of the mesh access point.

SNR DownPlots the RSSI values that the neighbor reports to the mesh access point.

Link SNRPlots a weighed and filtered measurement based on the SNR Up value.

The Adjusted Link Metric Plots the value used to determine the least cost path to the root mesh access point. This value is the ease to get to the rooftop access point and accounts for the number of hops. The lower the ease value, the less likely the path is used.

The Unadjusted Link Metric Plots the least cost path to get to the root access point unadjusted by the number of hops. The higher the value for the unadjusted link, the better the path.

Figure 97 Mesh SNR Graphs Window (Top)


Monitoring Mesh Access Points Using Maps

You can view the following summary information for a mesh access point from a mesh network map:

Parent

Number of children

Hop count

Role

Group name

Backhaul interface

Data Rate

Channel


Note This information is in addition to the information shown for all mesh access points (MAC address, mesh access point model, controller IP address, location, height of mesh access point, mesh access point up time, and CAPWAP up time).


To view summary and detailed configuration information for a mesh access point from a mesh network map, follow these steps.


Step 1 In Cisco WCS, choose Monitor > Maps.

Step 2 Click the Map Name that corresponds to the outdoor area, campus, building, or floor location of the mesh access point you want to monitor.

Step 3 To view summary configuration information for a mesh access point, move the cursor over the mesh access point that you want to monitor. A window with configuration information for the selected mesh access point appears (see Figure 98).

Figure 98 Mesh AP Summary Panel

Step 4 To view detailed configuration information for a mesh access point, click the arrow portion of the mesh access point label. The configuration details for the mesh access point appears (see Figure 99).


Note For more details on the View Mesh Neighbors link in the mesh access point panel above, see the "Monitoring Mesh Access Point Neighbors Using Maps" section. If the mesh access point has an IP address, a Run Ping Test link is also visible at the bottom of the mesh access point panel.


Figure 99 Mesh AP Detail Window

Step 5 At the Access Point configuration window, follow these steps to view configuration details for the mesh access point.

a. Choose the General tab to view the overall configuration of the mesh access point such as AP name, MAC address, AP Up time, associated controllers (registered and primary) operational status, and software version.


Note The software version for mesh access points is appended the letter m and the word mesh in parentheses.


b. Choose the Interface tab to view configuration details for the interfaces supported on the mesh access point. Interface options are radio and Ethernet.

c. Choose the Mesh Links tab to view parent and neighbors' details (name, MAC address, packet error rate, and link details) for the mesh access point. You can also initiate link tests from this panel.

d. Choose the Mesh Statistics tab to view details on the bridging, queue, and security statistics for the mesh access point. For more details on mesh statistics, refer to the "Mesh Statistics for a Mesh Access Point" section.


Monitoring Mesh Access Point Neighbors Using Maps

To view details on neighbors of a mesh access point from a mesh network map, follow these steps.


Step 1 Choose Monitor > Maps.

Step 2 Click the Map Name that corresponds to the outdoor area, campus, building, or floor you want to monitor.

Step 3 To view detailed information on mesh links for a mesh access point, click the arrow portion of the access point label. The Access Points screen appears.

Step 4 Click the Mesh Links tab (see Figure 100).

Figure 100 Access Points > Mesh Links Panel


Note You can also mesh link details for neighbors of a selected mesh access point by clicking on the View Mesh Neighbors link on the mesh access point configuration summary panel that displays when you mouse over a mesh access point on a map. (See Figure 101.)



Note Signal-to-noise (SNR) only appears on the View Mesh Neighbors panel. (See Figure 101.)


Figure 101 View Mesh Neighbors Panel


Note In addition to listing the current and past neighbors in the panel that displays, labels are added to the mesh access points map icons to identify the selected mesh access point, the neighbor mesh access point, and the child mesh access point. Select the clear link of the selected mesh access point to remove the relationship labels from the map.



Note The drop-down menus at the top of the mesh neighbors window indicate the resolution of the map (100%) displayed and how often the information displayed is updated (5 mins). You can modify these default values.



Monitoring Mesh Health

Mesh Health monitors the overall health of outdoor and indoor mesh access points, except as noted. Tracking this environmental information is particularly critical for mesh access points that are deployed outdoors. The following factors are monitored:

Temperature: Displays the internal temperature of the mesh access point in Fahrenheit and Celsius (AP1520s only).

Heater status: Displays the heater as on or off (AP1520s only).

AP Up time: Displays how long the mesh access point has been active to receive and transmit.

CAPWAP Join Taken Time: Displays how long it took to establish the CAPWAP connection.

CAPWAP Up Time: Displays how long the CAPWAP connection has been active.

Mesh Health information is displayed in the General Properties panel for mesh access points.

To view the mesh health details for a specific mesh access point, follow these steps.


Step 1 Choose Monitor > Access Points. A listing of access points appears (see Figure 102).


Note You can also use the New Search button to display the mesh access point summary shown below. With the New Search option, you can further define the criteria of the access points that display. Search criteria include AP Type, AP Mode, Radio Type, and 802.11n Support.


Figure 102 Monitor > Access Points

Step 2 Click the AP Name link to display details for that mesh access point. The General Properties panel for that mesh access point appears (see Figure 103).


Note You can also access the General properties panel for a mesh access point from a Cisco WCS map window. To display the panel, click the arrow portion of the mesh access point label. A tabbed panel appears and displays the General properties panel for the selected access point.


Figure 103 AP Name > General Properties Window

To add, remove, or reorder columns in the table, click the Edit View link. Table 24 displays optional access point parameters available from the Edit View window.

Table 24 Monitor Access Points Additional Search Results Parameters  

Column
Options

AP Type

Indicates the type of access point (unified or autonomous).

Antenna Azim. Angle

Indicates the horizontal angle of the antenna.

Antenna Diversity

Indicates if antenna diversity is enabled or disabled. Antenna diversity refers to the access point sampling the radio signal from two integrated antenna ports in order to choose the preferred antenna.

Antenna Elev. Angle

Indicates the elevation angle of the antenna.

Antenna Gain

The peak gain of the dBi of the antenna for directional antennas and the average gain in dBi for omni-directional antennas connected to the wireless network adapter. The gain is in multiples of 0.5 dBm. An integer value 4 means 4 x 0.5 - 2 dBm of gain.

Antenna Mode

Indicates the antenna mode such as omni, directional, or non-applicable.

Antenna Name

Indicates the antenna name or type.

Antenna Type

Indicates whether the antenna is internal or external.

Audit Status

Indicates one of the following audit statuses:

Mismatch—Config differences were found between Cisco WCS and controller during the last audit.

Identical—No config differences were found during the last audit.

Not Available—Audit status is unavailable.

Bridge Group Name

Indicates the name of the bridge group used to group the access points, if applicable.

CDP Neighbors

Indicates all directly connected Cisco devices.

Channel Control

Indicates whether the channel control is automatic or custom.

Channel Number

Indicates the channel on which the Cisco radio is broadcasting.

Controller Port

Indicates the number of controller ports.

Node Hops

Indicates the number of hops between access point.

POE Status

Indicates the Power-over-Ethernet status of the access point. The possible values include:

Low—The access point draws low power from the Ethernet.

Lower than 15.4 volts—The access point draws lower than 15.4 volts from the Ethernet.

Lower than 16.8 volts—The access point draws lower than 16.8 volts from the Ethernet.

Normal—The power is high enough for the operation of the access point.

Not Applicable—The power source is not from the Ethernet.

Primary Controller

Indicates the name of the primary controller for this access point.

Radio MAC

Indicates the radio's MAC address.

Reg. Domain Supported

Indicates whether or not the regulatory domain is supported.

Serial Number

Indicates the access point's serial number.

Slot

Indicates the slot number.

Tx Power Control

Indicates whether the transmission power control is automatic or custom.

Tx Power Level

Indicates the transmission power level.

Up Time

Indicates how long the access point has been up in days, hours, minutes, and seconds.

WLAN Override Names

Indicates the WLAN override profile names.

WLAN Override

Indicates whether WLAN Override is enabled or disabled. Each access point is limited to sixteen WLAN profiles. Each access point broadcasts all WLAN profiles unless the WLAN override feature is enabled. The WLAN override feature allows you to disable any of the 16 WLAN profiles per access point.



Mesh Statistics for a Mesh Access Point

Mesh Statistics are reported when a child mesh access point authenticates or associates with a parent mesh access point.

Security entries are removed and no longer displayed when the child mesh access point disassociates from the controller.

The following mesh security statistics are displayed for mesh access points:

Bridging

Queue

Security

To view the mesh statistics for a specific mesh access point, follow these steps.


Step 1 Choose Monitor > Access Points. A listing of access points appears. (See Figure 104.)


Note You can also use the New Search button to display the access point summary. With the New Search option, you can further define the criteria of the access points that display. Search criteria include AP Name, IP address, MAC address, Controller IP or Name, Radio type, and Outdoor area.


Step 2 Click the AP Name link of the target mesh access point.

A tabbed panel appears and displays the General Properties window for the selected mesh access point.

Step 3 Click the Mesh Statistics tab (see Figure 104). A three-tabbed Mesh Statistics panel appears.


Note The Mesh Statistics tab and its subordinate tabs (Bridging, Queue and Security) only appear for mesh access points. The Mesh Link Alarms and Mesh Link Events links are accessible from each of the three tabbed panels.



Note You can also access the Mesh Securities panel for a mesh access point from a Cisco WCS map. To display the panel, click the arrow portion of the mesh access point label.


Figure 104 Monitor > Access Points > AP Name > Mesh Statistics

Summaries of the Bridging, Queue and Security Statistics and their definitions are provided in Table 25, Table 26 and Table 27 respectively.

Table 25 Bridging Mesh Statistics 

Parameter
Description

Role

The role of the mesh access point. Options are mesh access point (MAP) and root access point (RAP).

Bridge Group Name (BGN)

The name of the bridge group to which the MAP or RAP is a member. Assigning membership in a BGN is recommended. If one is not assigned, a MAP is by default assigned to a default BGN.

Backhaul Interface

The radio backhaul for the mesh access point.

Routing State

The state of parent selection. Values that display are seek, scan and maint. Maint displays when parent selection is complete.

Malformed Neighbor Packets

The number of malformed packets received from the neighbor. Examples of malformed packets include malicious floods of traffic such as malformed or short DNS packets and malformed DNS replies.

Poor Neighbor SNR

The number of times the signal-to-noise ratio falls below 12 dB on the backhaul link.

Excluded Packets

The number of packets received from excluded neighbor mesh access points.

Insufficient Memory

The number of insufficient memory conditions.

RX Neighbor Requests

The number of broadcast and unicast requests received from the neighbor mesh access points.

RX Neighbor Responses

The number of responses received from the neighbor mesh access points.

TX Neighbor Requests

The number of unicast and broadcast requests sent to the neighbor mesh access points.

TX Neighbor Responses

The number of responses sent to the neighbor mesh

access points.

Parent Changes

The number of times a mesh access point (child) moves to another parent.

Neighbor Timeouts

The number of neighbor timeouts.

Node Hops

The number of hops between the MAP and the RAP. Click the value link to display a sub-panel which enables you to configure details of what is reported, how often the node hop value is updated, and view a graphical representation of the report.


Table 26 Queue Mesh Statistics 

Parameter
Description

Silver Queue

The average and peak number of packets waiting in the silver (best effort) queue during the defined statistics time interval. Packets dropped and queue size is also summarized.

Gold Queue

The average and peak number of packets waiting in the gold (video) queue during the defined statistics time interval. Packets dropped and queue size is also summarized.

Platinum Queue

The average and peak number of packets waiting in the platinum (voice) queue during the defined statistics time interval. Packets dropped and queue size is also summarized.

Bronze Queue

The average and peak number of packets waiting in the bronze (background) queue during the defined statistics time interval. Packets dropped and queue size is also summarized.

Management Queue

The average and peak number of packets waiting in the management queue during the defined statistics time interval. Packets dropped and queue size is also summarized.


Table 27 Security Mesh Statistics 

Parameter
Description

Association Request Failures

Summarizes the total number of association request failures that occur between the selected mesh access point and its parent.

Association Request Success

Summarizes the total number of successful association requests that occur between the selected mesh access point and its parent.

Association Request Timeouts

Summarizes the total number of association request time outs that occur between the selected mesh access point and its parent.

Authentication Request Failures

Summarizes the total number of failed authentication requests that occur between the selected mesh access point and its parent.

Authentication Request Success

Summarizes the total number of successful authentication requests between the selected mesh access point and its parent mesh node.

Authentication Request Timeouts

Summarizes the total number of authentication request timeouts that occur between the selected mesh access point and its parent.

Invalid Association Request

Summarizes the total number of invalid association requests received by the parent mesh access point from the selected child mesh access point. This state might occur when the selected child is a valid neighbor but is not in a state that allows association.

Invalid Reassociation Request

Summarizes the total number of invalid reassociation requests received by the parent mesh access point from a child. This might happen when a child is a valid neighbor but is not in a proper state for reassociation.

Invalid Reauthentication Request

Summarizes the total number of invalid reauthentication requests received by the parent mesh access point from a child. This may happen when a child is a valid neighbor but is not in a proper state for reauthentication.

Packets Received

Summarizes the total number of packets received during security negotiations by the selected mesh access point.

Packets Transmitted

Summarizes the total number of packets transmitted during security negotiations by the selected mesh access point.

Reassociation Request Failures

Summarizes the total number of failed reassociation requests between the selected mesh access point and its parent.

Reassociation Request Success

Summarizes the total number of successful reassociation requests between the selected mesh access point and its parent.

Reassociation Request Timeouts

Summarizes the total number of reassociation request timeouts between the selected mesh access point and its parent.

Reauthentication Request Failures

Summarizes the total number of failed reauthentication requests between the selected mesh access point and its parent.

Reauthentication Request Success

Summarizes the total number of successful reauthentication requests that occurred between the selected mesh access point and its parent.

Reauthentication Request Timeouts

Summarizes the total number of reauthentication request timeouts that occurred between the selected mesh access point and its parent.

Unknown Association Requests

Summarizes the total number of unknown association requests received by the parent mesh access point from its child. The unknown association requests often occur when a child is an unknown neighbor mesh access point.

Unknown Reassociation Request

Summarizes the total number of unknown reassociation requests received by the parent mesh access point from a child. This might happen when a child mesh access point is an unknown neighbor.

Unknown Reauthentication Request

Summarizes the total number of unknown reauthentication requests received by the parent mesh access point node from its child. This might occur when a child mesh access point is an unknown neighbor.


Viewing the Mesh Network Hierarchy

You can view the parent-child relationship of mesh access points within a mesh network in an easily navigable display. You can also filter which mesh access points display on the Map view, by selecting only mesh access points of interest.

To view the mesh network hierarchy for a selected network, follow these steps.


Step 1 Choose Monitor > Maps.

Step 2 Select the map you want to display.

Step 3 Click the Layers arrow to expand that menu. (See Figure 105.)

Figure 105 Monitor > Maps > Selected Map

Step 4 Check the AP Mesh Info check box if it is not already checked.


Note The AP Mesh Info check box is only selectable if mesh access points are present on the map. It must be checked to view the mesh hierarchy.


Step 5 Click the AP Mesh Info arrow to display the mesh parent-child hierarchy.

Step 6 Click the plus (+) sign next to a mesh access point to display its children.

All subordinate mesh access points are displayed when a negative (-) sign displays next to the parent mesh access point entry. For example, in Figure 105, the mesh access point, indoor-mesh-45-rap2, has only one child, indoor-mesh-44-map2.

Step 7 Move the cursor over the colored dot next to each mesh access point child to view details on the link between it and its parent. Table 28 summarizes the parameters that display.

The color of the dot also provides a quick reference point of the SNR strength.

A green dot represents a high SNR (above 25 dB).

An amber dot represents an acceptable SNR (20-25 dB).

A red dot represents a low SNR (below 20 dB).

A black dot indicates a root access point.

Table 28 Bridging Link Information  

Parameter
Description

Information fetched on

Date and time that information was compiled.

Link SNR

Link signal-to-noise ratio (SNR).

Link Type

Hierarchical link relationship.

SNR Up

Signal-to-noise radio for the uplink (dB).

SNR Down

Signal-to-noise radio for the downlink (dB).

PER

The packet error rate for the link.

Tx Parent Packets

The TX packets to a node while acting as a parent.

Rx Parent Packets

The RX packets to a node while acting as a parent.

Time of Last Hello

Date and time of last hello.



Using Mesh Filters to Modify Map Display of Maps and Mesh Links

In the mesh hierarchical window, you can also define mesh filters to determine which mesh access points display on the map based on hop values as well as what labels display for mesh links.

Mesh access points are filtered by the number of hops between them and their root access point.

To use mesh filtering, follow these steps.


Step 1 To modify what label and color displays for a mesh link, follow these steps:

a. In the Mesh Parent-Child Hierarchical View, select an option from the Link Label drop-down menu. Options are None, Link SNR, and Packet Error Rate.

b. In the Mesh Parent-Child Hierarchical View, select an option from the Link Color drop-down menu to define which parameter (Link SNR or Packet Error Rate) determines the color of the mesh link on the map.


Note The color of the link provides a quick reference point of the SNR strength or Packet Error Rate.


Table 29 Definition for SNR and Packet Error Rate Link Color

Link Color
Link SNR
Packet Error Rate (PER)

Green

Represents a SNR above 25 dB (high value)

Represents a PER of one percent (1%) or lower

Amber

Represents a SNR between 20 and 25 dB (acceptable value)

Represents a PER that is less than ten percent (10%) and greater than one percent (1%)

Red

Represents a SNR below 20 dB (low value)

Represents a PER that is greater than ten percent (10%)



Note The Link label and color settings are reflected on the map immediately (see Figure 106). You can display both SNR and PER values simultaneously.


Figure 106 Mesh Filter and Hope Count Configuration Panel

Step 2 To modify which mesh access points display based on the number of hops between them and their parents, do the following:

a. In the Mesh Parent-Child Hierarchical View, click the Quick Selections drop-down menu.

b. Select the appropriate option from the menu. A description of the options is provided in Table 30.

Table 30 Quick Selection Options  

Parameter
Description

Select only Root APs

Choose this setting if you want the map view to display root access points only.

Select up to 1st hops

Choose this setting if you want the map view to display 1st hops only.

Select up to 2nd hops

Choose this setting if you want the map view to display 2nd hops only.

Select up to 3rd hops

Choose this setting if you want the map view to display 3rd hops only.

Select up to 4th hops

Choose this setting if you want the map view to display 4th hops only.

Select All

Select this setting if you want the map view to display all access points.


c. Click Update Map View to refresh the screen and redisplay the map view with the selected options.


Note Map view information is retrieved from the Cisco WCS database and is updated every 15 minutes.



Note You can also check or uncheck the check boxes of mesh access points in the mesh hierarchical view to modify which mesh access points are displayed. For a child access point to be visible, the parent access point to root access point must be selected.



Monitoring WGB

You can monitor WGB clients separately.

To view details on WGB clients, follow these steps.


Step 1 In Cisco WCS, click Monitor > WGBs. The following window appears. (see Figure 107.)

Figure 107 Monitor > WGBs

Step 2 Click WGB Clients tab to see a summary of WGB clients. (See Figure 108.)

Figure 108 Monitor > WGBs > WGB Clients Panel


Viewing AP Last Reboot Reason

Cisco WCS now reports the reason for the most recent reboot on the general panel of the access point details window (Monitor > Access Points > AP Name). (See Figure 109.)

Figure 109 Access Point > AP Name

Listed below is a summary of each of the possible Last Reboot Reasons that might be reported and its definition:

none-Access point reported a reboot reason unknown to the controller

dot11gModeChange-Change of 802.11g mode change occurred

ipAddressSet-Set of static IP address

ip AddressReset-Reset of static IP address

rebootFromController-Reboot of access point initiated from the controller

dhcpFallbackFail-Fallback to DHCP did not occur

discoveryFail-Discovery was not sent

noJoinResponse-Join response was not received

denyJoin-Join attempt at the controller was denied

noConfigResponse-Config Response was not received

configController-Configured or master controller found

imageUpgrade Success-Upgrade of image successful

imageOpcodeInvalid-Invalid image data opcode

imageCheckSumInvalid-Invalid image md 5 checksum

imageDataTimeout-Image data message timed-out

configFileInvalid-Invalid config file

imageDownloadError-Process error during the image download

rebootFromConsole-Reboot command initiated from AP console

rapOverAir-Root access point (RAP) is connected over the air

brownout-Power failure caused reboot

powerLow-Low power caused a reboot

crash-Software failure caused crash

powerHigh-Power spike caused reboot

powerLoss-Power loss caused reboot

powerCharge-Change in power source caused reboot

componentFailure-Component failure caused reboot

watchdog-Watch dog timer reset caused reboot