Cisco Wireless Control System Configuration Guide, Release 4.1
Configuring Controllers and Access Points
Downloads: This chapterpdf (PDF - 314.0KB) The complete bookPDF (PDF - 10.26MB) | Feedback

Configuring Controllers and Access Points

Table Of Contents

Configuring Controllers and Access Points

Adding Controllers

Setting Multiple Country Codes

Searching Controllers

Managing User Authentication Order

Configuring Audit Reports

Enabling Load-Based CAC for Controllers

Enabling High Density

Requirements

Optimizing the Controller to Support High Density

Configuring 802.3 Bridging

Configuring Access Points

Searching Access Points


Configuring Controllers and Access Points


This chapter describes how to configure controllers and access points in the Cisco WCS database. This chapter contains the following sections:

Adding Controllers

Setting Multiple Country Codes

Searching Controllers

Managing User Authentication Order

Configuring Audit Reports

Enabling Load-Based CAC for Controllers

Enabling High Density

Configuring 802.3 Bridging

Configuring Access Points


Adding Controllers

You can add controllers one at a time or in batches. Follow these steps to add controllers.


Step 1 Choose Configure > Controllers.

Step 2 From the Select a command drop-down menu choose Add Controllers and click GO. The Add Controller window appears (see Figure 9-1).

Figure 9-1 Add Controller Window

Step 3 Choose one of the following:

If you want to add one controller or use commas to separate multiple controllers, leave the Add Format Type drop-down menu at Device Info.

If you want to add multiple controllers by importing a CSV file, choose File from the Add Format Type drop-down menu. The CSV file allows you to generate your own import file and add the devices you want.


Note If you are adding a controller into WCS across a GRE link using IPsec or a lower MTU link with multiple fragments, you may need to adjust the MaxVar Binds PerPDU. If it is set too high, the controller may fail to be added into WCS. To adjust the MaxVarBindsPerPDU setting, do the following: 1) Stop WCS. 2) Go to the location of the the Open SnmpParameters.properties file on the server that is running WCS. 3) Edit MaxVarBindsPerPDU to 50 or lower. 4) Restart WCS.


Step 4 If you chose Device Info, enter the IP address of the controller you want to add. If you want to add multiple controllers, use a comma between the string of IP addresses.

If you chose File, click Browse... to find the location of the CSV file you want to import.

Step 5 Click OK.


Setting Multiple Country Codes

To set multiple country support for a single controller(s) that is not part of a mobility group, follow the steps below.


Step 1 Choose Configure > Controllers.

Step 2 Choose the controller for which you are adding countries.

Step 3 Select 802.11 > General from the left sidebar menu. The Controller 802.11 window appears (see Figure 9-2).

Figure 9-2 Controller 802.11

Step 4 Click the check box to choose which country you want to add. Access points are designed for use in many countries with varying regulatory requirements. You can configure a country code to ensure that it complies with your country's regulations.


Note Access points may not operate properly if they are not designed for use in your country of operation. For example, an access point with part number AIR-AP1030-A-K9 (which is included in the Americas regulatory domain) cannot be used in Australia. Always be sure to purchase access points that match your country's regulatory domain. For a complete list of country codes supported per product, refer to http://www.cisco.com/warp/public/779/smbiz/wireless/approvals.html.


Step 5 Enter the time (in seconds) after which the authentication response will timeout.

Step 6 Click Save.


Searching Controllers

Use the controls in the left sidebar to create and save custom searches:

New Search drop-down menu: Opens the Search Controllers window. Use the Search Controllers window to configure, run, and save searches.

Saved Searches drop-down menu: Lists the saved custom searches. To open a saved search, choose it from the Saved Searches list.

Edit Link: Opens the Edit Saved Searches window. You can delete saved searches in the Edit Saved Searches window.

You can configure the following parameters in the Search Controllers window:

Search for controller by

Search in

Save Search

Items per page

After you click GO, the controller search results appear:

Table 9-1 Search Results

Parameter
Options

IP Address

Local network IP address of the controller management interface. Clicking the title toggles from ascending to descending order. Clicking an IP address in the list displays a summary of the controller details.

WCS

User-defined WCS name.

Controller Name

Clicking the title toggles from ascending to descending order.

Type

Type of controller. For example, Cisco 2000 Series, Cisco 4100 Series, or Cisco 4400 Series.

Location

The geographical location (such as campus or building). Clicking the title toggles from ascending to descending order.

Mobility Group Name

Name of the controller or WPS group.

Reachability Status

Reachable or Unreachable. Clicking the title toggles from ascending to descending order.


Managing User Authentication Order

You can control the order in which authentication servers are used to authenticate a controller's management users.


Step 1 Choose Configure > Controllers.

Step 2 Click an IP address.

Step 3 From the left sidebar menu, choose Management > Authentication Priority.

Step 4 The local database is searched first. Choose either RADIUS or TACACS+ for the next search. If authentication using the local database fails, the controller uses the next type of server.

Step 5 Click Save.

Configuring Audit Reports

You can display an audit report for the selected controllers. The report displays the time of the audit, the IP address of the selected controller, and the synchronization status.


Step 1 Choose Configure > Controllers.

Step 2 Check the check boxes of the controllers for which you want audit reports.

Step 3 Choose View Audit Reports from the Select a command drop-down list and click GO.

Enabling Load-Based CAC for Controllers

Load-based CAC incorporates a measurement scheme that takes into account the bandwidth consumed by all traffic types from itself, from co-channel access points, and by co-located channel interference. Load-based CAC also covers the additional bandwidth consumption resulting from PHY and channel impairment.

In load-based CAC, the access point periodically measures and updates the utilization of the RF channel, channel interference, and the additional calls that the access point can admit. The access point admits a new call only if the channel has enough unused bandwidth to support that call. By doing so, load-based CAC prevents over-subscription of the channel and maintains QoS under all conditions of WLAN loading and interference.

To enable load-based CAC for a controller template, refer to the "Configuring a Voice Parameter Template (for 802.11a or 802.11b/g)" section on page 10-52.

To enable load-based CAC for a controller using the WCS web interface, follow these steps.


Step 1 Click Configure > Controllers.

Step 2 Click the IP address link of the controller.

Step 3 Click Voice Parameters under 802.11a or 802.11b/g.

The 802.11a (or 802.11b/g) Voice Parameters page appears (see Figure 9-3).

Figure 9-3 802.11a Voice Parameters Page

Step 4 Click the check box to enable bandwidth CAC. For end users to experience acceptable audio quality during a VoIP phone call, packets must be delivered from one endpoint to another with low latency and low packet loss. To maintain QoS under differing network loads, call admission control (CAC) is required. CAC on an access point allows it to maintain controlled QoS when the network is experiencing congestion and keep the maximum allowed number of calls to an acceptable quantity.

Step 5 Determine if you want to enable load-based CAC for this radio band. Doing so incorporates a measurement scheme that considers the bandwidth consumed by all traffic types from itself, from co-channel access points, and by co-located channel interference.

Step 6 Enter the percentage of maximum bandwidth allowed.

Step 7 Enter the percentage of reserved roaming bandwidth.

Step 8 Click the check box if you want to enable expedited bandwidth as an extension of CAC for emergency calls. You must have an expedited bandwidth IE that is CCXv5 compliant so that a TSPEC request is given higher priority.

Step 9 Click the check box if you want to enable metric collection. Traffic stream metrics are a series of statistics about VoIP over your wireless LAN, and they inform you of the QoS of the wireless LAN. For the access point to collect measurement values, traffic stream metrics must be enabled. When this is enabled, the controller begins collecting statistical data every 90 seconds for the 802.11b/g interfaces from all associated access points. If you are using VoIP or video, this feature should be enabled.

Step 10 Click Save.


Enabling High Density

The high density deployments are enabled with Cisco Unified Wireless Network software release 4.1 in conjunction with the Cisco and Intel Business Class Suite Version 2 initiative.

The high density networking feature is designed for large, multi-cell high density wireless networks in which it can be challenging to populate a site with a large number of lightweight access points to manage the cumulative bandwidth load while dimishing the contention between access points and still maintaining quality of service. To optimize RF channel capacity and improve network performance, the high density (or pico cell) mode parameters are introduced.

With this feature you can manually configure the transmit power, receiver sensitivity thresholds, and clear channel assessment sensitivity threshold of Intel client devices and Cisco Aironet lightweight access points in order to create optimal high-density deployments. When a client that supports high density associates to an access point with high-density enabled, they exchange specific 802.11 information element s (IEs) that instruct the client to adhere to the access point's advertised received sensitivity threshold, CCA sensitivity threshold, and transmit power levels. These three parameters reduce the effective cell size by adjusting the received signal strength before an access point and client consider the channel accessible for the transfer of packets. When all access points and clients raise the signal standard in this way throughout a high density area, access points can be deployed closer together, minimizing interference with each other and managing environmental and distant rogue signals.


Note High density is off by default. There are deployment risks involved if you change from the predetermined values. Do not attempt to configure pico cell functionality within your wireless LAN without the advice of Cisco technical support. Non-standard installation is not supported.


Along with these configuration changes, you can further optimize the pico cell deployment as follows:

Requirements

High density has the following restrictions:

Only Cisco lightweight access points (except the AP1030 and 1500 series mesh access points) and the Intel PRO/Wireless 3945ABG and Intel Wireless WiFi Link 4965AGN clients are supported.

Only 802.11a networks with high density deployments are supported.


Note Cisco recommends the use of high density only in new WLAN deployments in which all clients and lightweight access points support the high-density feature.


Optimizing the Controller to Support High Density

To optimize a controller to support high density, you need to enable pico cell mode v2. A method to mitigate the inter-cell contention problem in high-density networks is to adjust the access point and client receiver sensitivity, CCA sensitivity, and transmit power parameters in a relatively cooperative manner. By adjusting these variables, the effective cell size can be reduced, not by lowering the transmit power but by increasing the necessary received power before an access point and client consider the channel sufficiently clear for packet transfer. These similar values can be set in the Controller Templates portion of the GUI. Refer to Adding Controller Templates, page 10-1. Follow these steps to configure high density.


Note If you enable pico cell, the default values for auto RF change according to the values suggested for Intel 3945ABG clients. The transmit power is set to 10 dBm, CCA sensitivity threshold to -65 dBm, and receiver sensitivity threshold to -65 dBm.



Step 1 Choose Configure > Controllers.

Step 2 Go to 802.11a/n > Parameters and ensure that the 802.11a Network Status check box is not enabled.

Step 3 From the left sidebar menu, choose 802.11a/n > Parameters. The window as shown in Figure 9-4 appears.

Figure 9-4 Pico Cell Parameter

Step 4 In the General portion of this window, you see a Pico Cell Mode parameter. If you click the link next to this parameter, the window shown in Figure 9-5 appears. You can also get to this window by directly choosing 802.11a/n > Pico Cell from the left sidebar menu.

Figure 9-5 Pico Cell Parameters Window


Note If the Pico Cell Mode parameter is set to Disabled or V1, the Pico Cell V2 parameters are grayed out.


Step 5 From the Pico Cell Mode drop-down menu, choose V2. By choosing V2, the high-density parameters for the access point and clients share the same values and make communication symmetrical. This selection also allows you to enter values for Rx sensitivity, CCA sensitivity, and transmit power, although the defaulted minimum and maximum values represent the Cisco recommended values for most networks.


Note Choose V1 only if you are using a legacy Airespace branded product acquired prior to their acquisition by Cisco. Cisco recommends that you choose V2 if you want to enable pico cell mode.


Step 6 Set the Rx sensitivity threshold based on the desired receiver sensitivity for 802.11a radios. The Current column shows what is currently set on the access point and clients, and the Min and Max columns show the range to which the access points and clients should adapt. The valid ranges for Current, Min, and Max columns are -127 to 127 dBm. The defaults are -65 dBm (current), -127 dBm (Min), and 127 dBm (Max). Receiver signal strength values outside of this range are blocked.

Step 7 Set the CCA sensitivity threshold based on when the access point or client considers the channel clear enough for activity. The Current column shows what is currently set on the access point and clients, and the Min and Max columns show the range to which the access points and clients should adapt. The valid ranges for Current, Min, and Max columns are -127 to 127 dBm. The defaults are -65 dBm (current), -127 dBm (Min), and 127 dBm (Max). CCA values outside of this range are blocked.

Step 8 The transmit power of the radio that will be used by the client. The valid ranges for Current, Min, and Max columns are -127 to 127 dBm. The defaults are 10 dBm (current), 0 dBm (Min), and 17 dBm (Max).

Step 9 Click Save to save these values. Click Audit to see a comparison of how WCS configuration matches up with controller configurations. Before choosing Reset to Defaults, you must turn off the 802.11a network.

Step 10 Return to 802.11a > Parameters and check the 802.11a Network Status check box to turn the network back on.


Configuring 802.3 Bridging

The controller supports 802.3 frames and applications that use them, such as those typically used for cash registers and cash register servers. However, to make these applications work with the controller, the 802.3 frames must be bridged on the controller.

Support for raw 802.3 frames allows the controller to bridge non-IP frames for applications not running over IP. Only this raw 802.3 frame format is currently supported.

You can configure 802.3 bridging using WCS release 4.1 or later. Follow these steps.


Step 1 Click Configure > Controllers.

Step 2 Click System > General to access s the General page.

Step 3 From the 802.3 Bridging drop-down menu, choose Enable to enable 802.3 bridging on your controller or Disable to disable this feature. The default value is Disable.

Step 4 Click Save to commit your changes.


Configuring Access Points

Choose Configure > Access Points to see a summary of all access points in the Cisco WCS database. Click the link under AP Name to see detailed information about that access point name. The following window appears (see Figure 9-6).

Figure 9-6 Detailed Access Point Information

.


Note There is no need to add access points to the Cisco WCS database. The operating system software automatically detects and adds an access point to the Cisco WCS database as it associates with existing controllers in the Cisco WCS database.


Some of the parameters on the window are supplied.

The General portion displays the Ethernet MAC, the Base Radio MAC, and the IP Address.

The Versions portion of the window displays the software and boot version.

The Inventory Information portion displays the model, IOS version, and serial number of the access point, provides which certificate type is required, and determines whether H-REAP mode is supported or not.

The Radio Interfaces portion provides the current status of the 802.11a and 802.11b/g radios such as admin status, channel number, power level, antenna mode, antenna diversity, and antenna type.

Follow the steps below to set the configurable parameters.


Step 1 Enter the name assigned to the access point.

Step 2 Use the drop-down menu to choose a country code to establish multiple country support. Access points are designed for use in many countries with varying regulatory requirements. You can configure a country code to ensure that the access point complies with your country's regulations. Consider the following when setting the country code:

You can configure up to 20 countries per controller.

Because only one auto-RF engine and one list of available channels exist, configuring multiple countries will limit the channels available to auto-RF in the common channels. A common channel is one that is legal in each and every configured country.

When you configure access points for multiple countries, the auto-RF channels are limited to the highest power level available in every configured country. A particular access point may be set to exceed these limitations (or you may manually set the levels in excess of these limitations), but auto-RF won't automatically choose a non-common channel or raise the power level beyond that available in all countries.


Note Access points may not operate properly if they are not designed for use in your country of operation. For example, an (-A) access point with part number AIR-AP1030-A-K9 (which is included in the Americas regulatory domain) cannot be used in Europe (-E). Always be sure to purchase access points that match your country's regulatory domain. For a complete list of country codes supported per product, refer to http://www.cisco.com/warp/public/779/smbiz/wireless/approvals.html.


Step 3 If you want to enable the access point for administrative purposes, check the Enabled check box.

Step 4 If you click Enabled at the AP Static IP check box, a static IP address is always assigned to the access point rather than getting an IP address dynamically upon reboot.

Step 5 Choose the role of the access point from the AP Mode drop-down menu. A reboot is not required after the mode is changed. The available modes are as follows:

Local — This is the normal operation of the access point and the default AP Mode choice. With this mode, data clients are serviced while configured channels are scanned for noise and rogues. The access point goes off-channel for 50 ms and listens for rogues. It cycles through each channel for the period specified under the Auto RF configuration.

Monitor — This is radio receive only mode and allows the access point to scan all configured channels every 12 seconds. Only deauthentication packets are sent in the air with an access point configured this way. A monitor mode access point detects rogues, but it cannot connect to a suspicious rogue as a client to prepare for the sending of RLDP packets.

Rogue Detector — In this mode, the access point radio is turned off, and the access point listens to wired traffic only. The controllers that operate in this mode monitor the rogue access points. The controller sends all the rogue access point and client MAC address lists to the rogue detector, and the rogue detector forwards this information to the WLC. The MAC address list is compared to what the WLC access points heard over the network. If the MAC addresses match, you can determine which rogue access points are connected on the wired network.

Sniffer Mode — Operating in sniffer mode, the access point captures and forwards all the packets on a particular channel to a remote machine that runs Airopeek. These packets contain information such as timestamp, signal strength, packet size, and so on. This feature can only be enabled if you run Airopeek, which is a third-party network analyzer software that supports the decoding of data packets. For more information on Airopeek, see http://www.wildpackets.com/products.

HREAP —Choose HREAP from the AP Mode drop-down menu to enable hybrid REAP for up to six access points. The HREAP access points can switch client data traffic locally and perform client authentication locally when their connection to the controller is lost.

Step 6 In the Primary, Secondary, and Tertiary Controller fields, you can define the order in which controllers are accessed.

Step 7 The AP Group Name drop-down shows all access point group names that have been defined using WLANS > AP Group VLANs, and you can specify whether this access point is tied to any group.

Step 8 Enter a description of the physical location where the access point was placed.

Step 9 In the Stats Collection Period parameter, enter the time in which the access point sends .11 statistics to the controller. The valid range is 0 to 65535 seconds. A value of 0 means statistics should not be sent.

Step 10 Choose Enable for Mirror Mode if you want to duplicate (to another port) all of the traffic originating from or terminating at a single client device or access point. Mirror mode is useful in diagnosing specific network problems but should only be enabled on an unused port since any connections to this port become unresponsive.

Step 11 You can globally configure MFP on a controller. When you do, management frame protection and validation are enabled by default for each joined access point, and access point authentication is automatically disabled. After MFP is globally enabled on a controller, you can disable and re-enable it for individual WLANs and access points.

If you click to enable MFP Frame Validation, three main functions are performed:

Management frame protection — When management frame protection is enabled, the access point protects the management frames it transmits by adding a message integrity check information element (MIC IE) to each frame. Any attempt to copy, alter, or replay the frame invalidates the MIC, causing those receiving access points which were configured to detect MFP frames to report the discrepancy.

Management frame validation — When management frame validation is enabled, the access point validates every management frame it receives from other access points in the network. When the originator is configured to transmit MFP frames, the access point ensures that the MIC IE is present and matches the content of the management frame. If it receives any frame that does not contain a valid MIC IE, it reports the discrepancy to the network management system. In order to report this discrepancy, the access point must have been configured to transmit MFP frames. Likewise, for the timestamps to operate properly, all controllers must be Network Transfer Protocol (NTP) synchronized.

Event reporting — The access point notifies the controller when it detects an anomaly, and the controller aggregates the received anomaly events and reports the results through SNMP traps to alert the network manager.

Step 12 Click the Cisco Discovery Protocol check box if you want to enable it. CDP is a device discovery protocol that runs on all Cisco-manufactured equipment, such as routers, bridges, and communication servers. Each device sends periodic messages to a multicast address and listens to the messages that others send in order to learn about neighboring devices. When the device boots, it sends a CDP packet specifying whether the device is inline power enabled so that the requested power can be supplied.


Note Changing access point parameters temporarily disables an access point and might result in loss of connectivity to some clients.


Step 13 Select the role of the mesh access point from the AP Role drop-down menu. The default setting is MAP.


Note An access point in a mesh network functions as either a root access point (RAP) or mesh access point (MAP).


Step 14 Enter the name of the bridge group to which the access point belongs. The name can have up to 10 characters.


Note Bridge groups are used to logically group the mesh access points to avoid two networks on the same channel from communicating with each other.



Note For mesh access points to communicate, they must have the same bridge group name.



Note For configurations with multiple RAPs, make sure that all RAPs have the same bridge group name to allow failover from one RAP to another.



Note For configurations where separate sectors are required, make sure that each RAP and its associated MAPs have separate bridge group names.


The Type parameter displays whether the mesh access point is an indoor or outdoor access point, and the Backhaul Interface parameter displays the access point radio that is being used as the backhaul for the access point.

Step 15 Select the data rate for the backhaul interface from the drop-down menu. Data rates available are dictated by the backhaul interface. The default rate is 18 Mbps.


Note This data rate is shared between the mesh access points and is fixed for the whole mesh network.



Note Do NOT change the data rate for a deployed mesh networking solution.


Step 16 Choose the Enable option from the Ethernet Briding drop-down menu to enable Ethernet bridging for the mesh access point.

Step 17 If you need to perform a hardware reset on this access point, click the Reset AP Now button.

Step 18 If you need to clear the access point configuration and reset all values to the factory default, click the Clear Config button.

Searching Access Points

Use the controls in the left sidebar to create and save custom searches:

New Search drop-down menu: Opens the Search Access Points window. Use the Search Access Points window to configure, run, and save searches.

Saved Searches drop-down menu: Lists the saved custom searches. To open a saved search, choose it from the Saved Searches list.

Edit Link: Opens the Edit Saved Searches window. You can delete saved searches in the Edit Saved Searches window.

You can configure the following parameters in the Search Access Points window:

Search By

Radio Type

Search in

Save Search

Items per page

After you click GO, the access point search results appear:

Table 9-2 Search Results

Parameter
Options

AP Name

Name assigned to the access point. Click the access point name item to display details.

WCS

WCS name where access point was detected.

Ethernet MAC

MAC address of the access point.

IP Address

IP address of the access point.

Radio

Protocol of the access point is either 802.11a or 802.11b/g.

Map Location

Campus, building, and floor location.

Controller

IP address of the controller.

Admin Status

Administration site of the access point (Enabled or Disabled).

AP Type

Access point radio frequency type.

Operational Status

Displays the operational status of the Cisco radios (Up or Down).

Alarm Status

Alarms are color coded as follows:

Clear = No Alarm

Red = Critical Alarm

Orange = Major Alarm

Yellow = Minor Alarm