 Feedback
|
Table Of Contents
Cisco Mesh Access Points, Design and Deployment Guide, Release 7.0.116.0
Licensing for Mesh Access Points on a 5500 Series Controller
Cisco Indoor Mesh Access Points
Cisco Outdoor Mesh Access Points
Cisco Wireless LAN Controllers
Point-to-Multipoint Wireless Bridging
Point-to-Point Wireless Bridging
CAPWAP Discovery on a Mesh Network
Mesh Neighbors, Parents, and Children
Using the GUI to Configure ClientLink
Using the CLI to Configure ClientLink
Commands Related to ClientLink
Fresnel Zone Size in Wireless Mesh Deployments
Wireless Mesh Network Coverage Considerations
Wireless Propagation Characteristics
Indoor Mesh Interoperability with Outdoor Mesh
Connecting the Cisco 1500 Series Mesh Access Point to Your Network
Upgrading to the 7.0.116.0 Release
Mesh and Mainstream Releases on the Controller
Adding Mesh Access Points to the Mesh Network
Adding MAC Addresses of Mesh Access Points to MAC Filter
Defining Mesh Access Point Role
Configuring Multiple Controllers Using DHCP 43 and DHCP 60
Configuring External Authentication and Authorization Using a RADIUS Server
Configuring Global Mesh Parameters
Universal Client Access on Serial Backhaul Access Points
Configuring Local Mesh Parameters
Backhaul Channel Deselection on Serial Backhaul Access Point
Configuring Dynamic Channel Assignment
Using the 2.4-GHz Radio for Backhaul
Configuring Ethernet VLAN Tagging
Workgroup Bridge Interoperability with Mesh Infrastructure
Configuring Voice Parameters in Indoor Mesh Networks
Voice Call Support in a Mesh Network
Enabling Mesh Multicast Containment for Video
Locally Significant Certificates for Mesh APs
Checking the Health of the Network
Viewing Mesh Statistics for a Mesh Access Point
Viewing Mesh Statistics for a Mesh Access Point Using the GUI
Viewing Mesh Statistics for an Mesh Access Point Using the CLI
Viewing Neighbor Statistics for a Mesh Access Point
Viewing Neighbor Statistics for a Mesh Access Point Using the GUI
Viewing the Neighbor Statistics for a Mesh Access Point using the CLI
Cable Modem Serial Port Access From an AP
Mesh Access Point CLI Commands
Mesh Access Point Debug Commands
Passive Beaconing (Anti-Stranding)
Misconfiguration of the Mesh Access Point IP Address
Identifying the Node Exclusion Algorithm
Adding and Managing Mesh Access Points with Cisco WCS
Adding Campus Maps, Outdoor Areas, and Buildings with Cisco WCS
Adding a Building to a Campus Map
Adding Mesh Access Points to Maps with Cisco WCS
Monitoring Mesh Access Points Using Google Earth
Launching Google Earth in Cisco WCS
Adding Indoor Mesh Access Points to Cisco WCS
Managing Mesh Access Points with Cisco WCS
Monitoring Mesh Networks Using Maps
Mesh Statistics for a Mesh Access Point
Viewing the Mesh Network Hierarchy
Using Mesh Filters to Modify Map Display of Maps and Mesh Links
Multiple VLAN and QoS Support for WGB Wired Clients
Obtaining Documentation and Submitting a Service Request
Cisco Mesh Access Points, Design and Deployment Guide, Release 7.0.116.0
First Published: May 2, 2011Last Revised: January 10, 2013This document provides design and deployment guidelines for the deployment of secure enterprise, campus, and metropolitan Wi-Fi networks within the Cisco wireless mesh networking solution, a component of the Cisco Unified Wireless Network (CUWN).
Mesh networking employs Cisco Aironet 1500 Series outdoor mesh access points and indoor mesh access points (Cisco Aironet 1040, 1130, 1140, 1240, 1250, 1260, 3500e, and 3500i series access points) along with the Cisco Wireless LAN Controller, and Cisco Wireless Control System (WCS) to provide scalable, central management, and mobility between indoor and outdoor deployments. Control and Provisioning of Wireless Access Points (CAPWAP) protocol manages the connection of mesh access points to the network.
End-to-end security within the mesh network is supported by employing Advanced Encryption Standard (AES) encryption between the wireless mesh access points and Wi-Fi Protected Access 2 (WPA2) clients. This document also outlines radio frequency (RF) components to consider when designing an outdoor network.
The features described in this document are for the following products:
•
Cisco Aironet 1550 (1552) series outdoor 802.11n mesh access points
•
•
•
•
Mesh Network Components
The Cisco wireless mesh network has four core components:
•
Note
•
•
•
Mesh Access Points
This section includes the following topics:
•
•
•
Licensing for Mesh Access Points on a 5500 Series Controller
To use both mesh and nonmesh access points with a Cisco 5500 Series Controller, only the base license (LIC-CT5508-X) is required from the 7.0 release and later releases. For more information about obtaining and installing licenses, see Chapter 4 of the Cisco Wireless LAN Controller Configuration Guide, Release 7.0.116.0 at the following URL:
Access Point Roles
Access points within a mesh network operate in one of the following two ways:
1.
2.
Note
While the RAPs have wired connections to their controller, the MAPs have wireless connections to their controller.
MAPs communicate among themselves and back to the RAP using wireless connections over the 802.11a/n radio backhaul. MAPs use the Cisco Adaptive Wireless Path Protocol (AWPP) to determine the best path through the other mesh access points to the controller.
Figure 1 shows the relationship between RAPs and MAPs in a mesh network.
Figure 1 Simple Mesh Network Hierarchy
Network Access
Wireless mesh networks can simultaneously carry two different traffic types. They are as follows:
•
•
Wireless LAN client traffic terminates on the controller, and the Ethernet traffic terminates on the Ethernet ports of the mesh access points.
Access to the wireless LAN mesh for mesh access points is managed by the following authentication methods:
•
•
Network Segmentation
Membership to the wireless LAN mesh network for mesh access points is controlled by the bridge group names (BGNs). Mesh access points can be placed in similar bridge groups to manage membership or provide network segmentation. See the "Configuring Bridge Group Names" section.
Cisco Indoor Mesh Access Points
With the 7.0.116.0 release, indoor mesh is also available on 802.11n access points (Cisco Aironet 1040, 1140, 1250, 1260, 3500e, and 3500i series access points).
With the 7.0 release, indoor mesh is available on Cisco Aironet 1130 and 1240 series access points.
Figure 2 shows the 802.11n access points that are supported in the 7.0.116.0 release.
Figure 2 Enterprise Mesh Platform
Enterprise 11n mesh is an enhancement added to the CUWN feature to work with the 802.11n access points. Enterprise 11n mesh features are compatible with non-802.11n mesh but adds higher backhaul and client access speeds. The 802.11n indoor access points are two-radio Wi-Fi infrastructure devices for select indoor deployments. One radio can be used for local (client) access for the access point and the other radio can be configured for wireless backhaul. The backhaul is supported only on the 5-GHz radio. Enterprise 11n mesh supports P2P, P2MP, and mesh types of architectures.
You have a choice of ordering indoor access points directly into the bridge mode, so that these access points can be used directly as mesh access points. If you have these access points in a local mode (nonmesh), then you have to connect these access points to the controller and change the AP mode to the bridge mode (mesh). For more information, see the "Adding Indoor Mesh Access Points to Cisco WCS" section. This scenario can become cumbersome particularly if the volume of the access points being deployed is large and if the access points are already deployed in the local mode for a traditional nonmesh wireless coverage.
The Cisco indoor mesh access points are equipped with the following two simultaneously operating radios:
•
•
The 5-GHz radio supports the 5.15 GHz, 5.25 GHz, 5.47 GHz, and 5.8 GHz bands.
Cisco Outdoor Mesh Access Points
Cisco outdoor mesh access points comprise of the Cisco Aironet 1500 series access points. The 1500 series includes 1552 11n outdoor mesh access points, 1522 dual-radio mesh access points, and 1524 multi-radio mesh access points. There are two models of the 1524, which are the following:
•
•
Note
Cisco 1500 series mesh access points are the core components of the wireless mesh deployment. AP1500s are configured by both the controller (GUI and CLI) and Cisco WCS. Communication between outdoor mesh access points (MAPs and RAPs) is over the 802.11a/n radio backhaul. Client traffic is generally transmitted over the 802.11b/g/n radio (802.11a/n can also be configured to accept client traffic), and public safety traffic (AP1524PS only) is transmitted over the 4.9-GHz radio.
The mesh access point can also operate as a relay node for other access points not directly connected to a wired network. Intelligent wireless routing is provided by the Adaptive Wireless Path Protocol (AWPP). This Cisco protocol enables each mesh access point to identify its neighbors and intelligently choose the optimal path to the wired network by calculating the cost of each path in terms9 of the signal strength and the number of hops required to get to a controller.
AP1500s are manufactured in two different configurations: cable and noncable.
•
•
Uplinks support includes Gigabit Ethernet (1000BASE-T) and a small form-factor (SFP) slot that can be plugged for a fiber or cable modem interface. Both single mode and multimode SFPs up to 1000BASE-BX are supported. The cable modem can be DOCSIS 2.0 or DOCSIS/EuroDOCSIS 3.0 depending upon the type of mesh access point.
AP1500s are available in a hazardous location hardware enclosure. When configured, the AP1500 complies with safety standards for Class I, Division 2, Zone 2 hazardous locations. For more details, see the "Cisco 1500 Hazardous Location Certification" section.
Note
Cisco Aironet 1552 Mesh Access Point
The Cisco Aironet 1550 Series Outdoor Mesh Access Point is a modularized wireless outdoor 802.11n access point designed for use in a mesh network. The access point supports point-to-multipoint mesh wireless connectivity and wireless client access simultaneously. The access point can also operate as a relay node for other access points that are not directly connected to a wired network. Intelligent wireless routing is provided by the Adaptive Wireless Path Protocol (AWPP). This enables the access point to identify its neighbors and intelligently choose the optimal path to the wired network by calculating the cost of each path in terms of signal strength and the number of hops required to get to a controller.
The 1550 series access points leverage 802.11n technology with integrated radio and internal/external antennas. The 1552 outdoor platform consists of Multiple Input Multiple Output (MIMO) WLAN radios. It offers 2x3 MIMO with two spatial streams, Beamforming, and comes with integrated spectrum intelligence (CleanAir).
CleanAir provides full 11n data rates while detecting, locating, classifying, and mitigating radio frequency (RF) interference to provide the best client experience possible. CleanAir technology on the outdoor 11n platform mitigates Wi-Fi and non-Wi-Fi interference on 2.4-GHz radios.
The 1550 series access points have two radios—2.4-GHz and 5-GHz MIMO radios. While the 2.4-GHz radios are used primarily for local access, the 5-GHz radios are used for both local access and wireless backhaul in mesh mode.
Note
The 2-GHz b/g/n radio has the following features:
•
•
•
•
•
The 5-GHz a/n radio has the following feature:
•
Note
•
•
•
The 1550 series access points have the following features:
•
•
•
There are four models of 1552. Broadly, the models can be classified as models with external antennas and models with inbuilt antennas. The 1552C model is configured with an integrated DOCSIS/EuroDOCSIS 3.0 cable modem. DOCSIS 3.0 cable modem provides 8 DS and 4 US (8x4), 304x108 Mbps. EuroDOCSIS 3.0 cable modem provides 4 US and 4 DS (4x4), 152x108 Mbps. While a DOCSIS 2.0 cable modem could provide throughput of up to 40 Mbps only, a DOCSIS 3.0 cable modem can provide a DS throughput of 290 Mbps and a US throughput of 100 Mbps.
The 1552 Access Point is available in four models as follows:
1. 1552E2. 1552C3. 1552I4. 1552H1552E
The Cisco Aironet 1552E Outdoor Access Point is the standard model, dual-radio system with dual-band radios that are compliant with IEEE 802.11a/n (5-GHz) and 802.11b/g/n standards (2.4 GHz). The 1552E has three external antenna connections for three dual-band antennas. It has Ethernet and fiber Small Form Factor Pluggable (SFP) backhaul options, along with the option of a battery backup. This model also has a PoE-out port and can power a video surveillance camera. A highly flexible model, the Cisco Aironet 1552E is well equipped for municipal and campus deployments, video surveillance applications, mining environments, and data offload.
Figure 3 1552E (Part Number: AIR-CAP1552E-x-K9)
The 1552E model has the following features (see Figure 3):
•
•
•
•
•
•
•
•
•
•
•
•
Note
1552C
Where service providers have already invested in a broadband cable network, the Cisco next-generation outdoor wireless mesh can seamlessly extend network connectivity with the Cisco Aironet 1552C access point by connecting to its integrated cable modem interface. The Cisco Aironet 1552C Outdoor Mesh Access Point is a dual-radio system with DOCSIS 3.0/EuroDOCSIS 3.0 (8x4 HFC) cable modem for power and backhaul. It has dual-band radios that are compliant with IEEE 802.11a/n (5 GHz) and 802.11b/g/n standards (2.4 GHz). The 1552C has an integrated, three- element, dual-band antenna and easily fits within the 30 cm height restriction for service providers. This model is suitable for 3G data offload applications and public Wi-Fi.
Figure 4 1552C (Part Number: AIR-CAP1552C-x-K9)
The 1552C model has the following features (see Figure 4):
•
•
•
•
•
•
•
•
Note
1552I
The Cisco Aironet 1552I Outdoor Access Point is a low-profile, lighter weight model. The smaller size and sleeker look helps it blend with the surrounding environment. The smaller power supply also makes it an energy efficient product. The 1552I does not have PoE-Out or a fiber SFP port.
Figure 5 1552I (Part Number: AIR-CAP1552I-x-K9)
The 1552I model has the following features (see Figure 5):
•
•
•
•
•
•
Note
1552H
This access point is designed for hazardous environments like oil and gas refineries, chemical plants, mining pits, and manufacturing factories. The Cisco Aironet 1552H Outdoor Access Point is Class 1, Div 2/Zone 2 hazardous location certified. The features are similar to the 1552E model, with the exception of the battery backup.
Figure 6 1552H (Part Number: AIR-CAP1552H-x-K9)
The 1552H model has the following features (see Figure 6):
•
•
•
•
•
•
•
•
•
•
•
For more information about Cisco Aironet 1552 mesh access point hardware and installation instructions, see http://www.cisco.com/en/US/products/ps11451/prod_installation_guides_list.html.
Cisco 1522 Mesh Access Point (Part Nos. AIR-LAP1522AG-X-K9, AIR-LAP1522HZ-X-K9, AIR-LAP1522PC-X-K9)
The AP1522 mesh access point includes two radios: a 2.4-GHz and a 4.9- to 5.8-GHz radio. The 2.4-GHz (802.11b/g) radio is for client access and the 5-GHz (802.11a) radio is used as the backhaul. With the 7.0.116.0 release, 2.4 GHz is available for backhaul. This feature is applicable only to AP1522.
The 5-GHz radio is a 802.11a radio that covers the 4.9- to 5.8-GHz frequency band and is used as a backhaul. It can also be used for client access if the universal client access feature is enabled. For information about the universal access feature, see the "Viewing Global Mesh Parameter Settings" section.
Note
Note
Cisco 1524PS Mesh Access Point (Part No. AIR-LAP1524PS-X-K9)
The AP1524PS includes three radios: a 2.4-GHz, a 5.8-GHz, and a 4.9-GHz radio. The 2.4-GHz radio is for client access (nonpublic safety traffic) and the 4.9-GHz radio is for public safety client access traffic only. The 5.8-GHz radio can be used as the backhaul for both public safety and nonpublic safety traffic.
The 4.9-GHz and 5.8-GHz radios are 802.11a subband radios that support a subset of specific 802.11a channels and include a subband specific filter designed to lessen interference from other 11a subband radios within the same mesh access point.
The 4.9-GHz subband radio on the AP1524 supports public safety channels within the 5-MHz (channels 1 to 10), 10-MHz (channels 11 to 19), and 20-MHz (channels 20 to 26) bandwidths.
•
•
Cisco 1524SB Mesh Access Point (Part No. AIR-LAP1524SB-X-K9)
The AP1524SB includes three radios: one 2.4-GHz radio and two 5-GHz radios.
The 2.4-GHz radio is for client access (nonpublic safety traffic). The two 5-GHz radios serve as serial backhauls: one uplink and one downlink. The AP1524SB is suitable for linear deployments.
Note
Each 5-GHz radio backhaul is configured with a different backhaul channel. There is no need to use the same shared wireless medium between the north-bound and south-bound traffic in a mesh tree-based network.
On the RAP, the radio in slot 2 is used to extend the backhaul in the downlink direction; the radio in slot 1 is used only for client access and not mesh.
On the MAP, the radio in slot 2 is used for the backhaul in the uplink direction; the radio in slot 1 is used for the backhaul in the downlink direction.
You only need to configure the RAP downlink (slot 2) channel. The MAPs automatically select their channels from the channel subset. The available channels for the 5.8-GHz band are 149, 153, 157, 161, and 165.
Figure 7 shows an example of channel selection when the RAP downlink channel is 153.
Figure 7 Channel Selection Example
Fall Back Mode
Slot 1 in a 5-GHz radio in a MAP can act as an uplink radio for the backhaul in any one of the following scenarios:
•
•
•
•
When a slot 1 radio takes over a slot 2 radio, it is called Fall Back Mode. The slot 2 radio is made inactive on a noninterfering channel. The hardware is reduced to AP1522 (two radios). The slot 1 radio (omni antenna) is extended to the uplink. A period of 15 minutes is set on a timer to attempt a rescan to find a parent on the slot 2 radio again. The timer is similar to the default BGN timer.
Figure 8 shows an example of the Fall Back Mode.
Figure 8 Fall Back Mode
The antenna ports are labeled on the AP1524SB and are connected internally to the radios in each slot. The AP1524SB has six ports with three radio slots (0, 1, 2) as described in Table 1.
Note
Hardware
This section describes the connectors and ports for the 1552 and 1520 access point models.
The 1550 Series
Figure 9, Figure 10, Figure 11, Figure 12, and Figure 13 show the connectors for the 1552 models.
Figure 9 Access Point Models AIR-CAP1552E-x-K9 and AIR-CAP1552H-x-K9 Bottom Connectors
Figure 10 Console Port for Access Point Models AIR-CAP1552E-n-K9 and AIR-CAP1552H-n-K9
Figure 11 Access Point Model AIR-CAP1552I-x-K9 Bottom Connectors
Figure 12 Access Point AIR-CAP1552C-x-K9 Bottom/Side Connector
F-Connector adapter for cable POC (optional)
Console port
Not used
LEDs (Status, Up Link, RF1, RF2)
Not used
Not used
Figure 13 Access Point DC Power Connector and Ground Lug (All Models)
The 1520 Series
Figure 14 shows the AP1520 (all models) and its bottom connectors (radio side view).
Figure 15 shows the AP1520 (all models) and its top connectors (radio cover view).
Figure 14 Cisco 1520 Series Mesh Access Point (Radio Side View)
Antenna port 4
AC input connector
Antenna port 5
Fiber port
Antenna port 6
PoE out port
Fiber port (optional)
LEDs
Cable POC port (optional)
PoE in port
Aux/Console port
Figure 15 Cisco 1520 Series Mesh Access Point (Radio Cover View)
Note
Note
For more information about antenna configurations for all the 1552 models, see "Antenna Configurations for 1552" section.
Ethernet Ports
AP1500s support four Gigabit Ethernet interfaces.
•
•
•
•
You can query the status of these four interfaces in the controller CLI and Cisco WCS.
In the controller CLI, the show mesh env summary command is used to display the status of the ports.
•
–
•
–
(controller)> show mesh env summaryAP Name Temperature(C/F) Heater Ethernet Battery-------- --------------- -------- ------- -------rap1242.c9ef N/A N/A UP N/Arap1522.a380 29/84 OFF UpDnDnDn N/Arap1522.4da8 31/87 OFF UpDnDnDn N/AMultiple Power Options
For the 1550 Series
Power options include the following:
•
–
–
•
–
–
•
–
•
•
–
•
–
•
This port also performs Auto-MDIX, which enables to connect crossover or straightthrough cables.
The 1550 series access points can be connected to more than one power source. The access points detect the available power sources and switch to the preferred power source using the following default prioritization:
•
•
•
•
Table 2 lists the power options available for the 1552 access point models.
For the 1520 Series
Power options include the following:
•
•
•
•
–
http://www.cisco.com/en/US/docs/wireless/access_point/1520/power/guide/1520pwrinj.html•
•
This port also performs Auto-MDIX, which allows to connect crossover or straightthrough cables.
Battery Backup Module (Optional)
Battery backup six-ampere hour module is available for the following:
•
•
The integrated battery can be used for temporary backup power during external power interruptions.
The battery run time for AP1520s is as follows:
•
•
The battery run time for AP1550s is as follows:
•
•
The battery pack is not supported on the access point cable configuration.
Note
Reset Button
A 1500 series access point has a reset button located on the bottom of the unit. The reset button is recessed in a small hole that is sealed with a screw and a rubber gasket. The reset button can be used to perform the following functions:
•
•
–
config mesh battery-state disable AP_name
•
Figure 16, Figure 17, and Figure 18 show the reset button locations for various 1500 series access points.
Figure 16 Reset Button Location - Models AIR-CAP1552E-x-K9 and AIR-CAP1552H-x-K9
Figure 17 Reset Button Location - Models AIR-CAP1552C-x-K9 and AIR-CAP1552I-x-K9
Figure 18 Reset Button Location for 1520 Series
To reset the access point, follow these steps:
Step 1
Step 2
Step 3
Monitoring LED Status
The four-status LEDs on AP1500s are useful during the installation process to verify connectivity, radio status, access point status, and software status. However, once the access point is up and running and no further diagnosis is required, we recommend that you turn off the LEDs to discourage vandalism.
If your access point is not working as expected, see the LEDs at the bottom of the unit. You can use them to quickly assess the unit's status.
Note
config ap led-state {enable | disable} {cisco_ap_name | all}
There are four LED status indicators on AP1500s. Figure 19 shows the location of the AP1500 LEDs.
Figure 19 Access Point LEDs at the Bottom of the Unit
The table below describes each LED and its status.
Status LED—Access point and software status
RF-1 LED—Status of the radio in slot 0 (2.4-GHz) and slot 2 (5.8-GHz for 1524SB and 4.9-GHz for 1524PS)).
Uplink LED—Ethernet, cable, or fiber status
RF-2 LED—Status of the radio in slot 1 (5.8-GHz) and the radio in slot 3.1
1 Slot 3 is disabled in this release.
Note
Table 3 lists the access point LED signals.
1 If all LEDs are off, the access point has no power.
2 When the access point power supply is initially turned on, all LEDs are amber.
Serial Backhaul Access Point Guidelines for the Rest of the World (ROW)
In the 7.0 release, new 1524 SKUs are released, with both 802.11a radio units supporting the entire 5-GHz band from 4.9 GHz to 5.8 GHz. This release also opens the 5-GHz band for the -A domain as well on the existing hardware. The radios can also operate in UNII-2 (5.25 to 5.35 GHz), UNII-2 plus (5.47 to 5.725 GHz), and the upper ISM (5.725 to 5.850 GHz) bands.
The public safety band (4.94 to 4.99 GHz) is not supported for backhaul and for client access.
For information about the channels and maximum power levels of the AP1500 supported within the world's regulatory domains, see the Channels and Maximum Power Settings for Cisco Aironet Lightweight Access Points manual at:
•
•
Table 4 provides a complete overview of channels supported in each domain. In addition to 5 channels in the upper ISM band, there are 4 channels in the UNII-2 band and 11 channels in the UNII-2 Plus band. For outdoor APs, there are 5 channels in the upper ISM band, 3 channels in the UNII-2 band, and 8 channels in the UNII-2 Plus band.
Table 4 Channels Supported Per Regulatory Domain
4940-5100 MHz
184
4920
Yes
188
4949
Yes
22/192
4960
Yes
26/196
4980
Yes
8
5040
Yes
12
5060
Yes
5250-5350 MHz
52
5260
56
5280
DFS
DFS
60
5300
DFS
DFS
64
5320
DFS
DFS
5470-5725 MHz
100
5500
DFS
DFS
DFS
DFS
DFS
104
5520
DFS
DFS
DFS
DFS
DFS
108
5540
DFS
DFS
DFS
DFS
DFS
112
5560
DFS
DFS
DFS
DFS
DFS
116
5580
DFS
DFS
DFS
DFS
DFS
120
5580
DFS
DFS
124
5620
DFS
DFS
128
5640
DFS
132
5660
DFS
DFS
DFS
DFS
136
5680
DFS
DFS
DFS
DFS
140
5700
DFS
DFS
DFS
DFS
5725-5850 MHz
149
5745
Yes
Yes
DFS
Yes
Yes
Yes
153
5765
Yes
Yes
DFS
Yes
Yes
Yes
157
5785
Yes
Yes
DFS
Yes
Yes
Yes
161
5805
Yes
Yes
DFS
Yes
Yes
Yes
165
5825
Yes
Yes
Yes
Yes
Yes
Note
Channels marked DFS are additional DFS-enabled channels and require checks for radar detection.
This table is for up to 8 dBi antennas. For higher gain antennas, see http://www.cisco.com/en/US/docs/wireless/access_point/channels/lwapp/reference/guide/1520_chp.html.
For more information about AP1550 series RF Tx power levels, see http://www.cisco.com/en/US/docs/wireless/access_point/channels/lwapp/reference/guide/1550pwr_chn.pdf
With the expansion of the channel set, DFS-enabled channels are also supported. Radar detection and automatic channel reassignment in case of radar detection on RAP/MAPs are also supported. When there is a channel change, it is also propagated to the corresponding parent/child access point (if applicable) so that the channel change is synchronized between the parent and child so that there is no link downtime. For example, if radar is detected on the uplink radio of a child access point, the parent is informed so that it can change the channel of the downlink radio. The parent in turn informs the child about the channel change, so that the child access point can set the new channel on its uplink radio as well and does not have to scan again to rejoin the parent on the new channel.
For countries in the Middle East such as Saudi Arabia and Kuwait, a new regulatory domain for outdoor APs, the -M domain, has been mandated. With this release, outdoor APs will now support this new -M domain. Earlier, these countries were part of the -E domain, which supported a channel set of 100 to 140. However, in the -M domain, channels 149 to 161 are also supported with the 100 to 140 band (see Table 4 for details). Also, in the -M domain, channels 149 to 161 are DFS enabled, unlike other domains such as -A, -C, -N, and so on, where these channels are non-DFS. Radar detection is also enabled on these channels. Because the countries that are now part of the -M domain (that is, Saudi Arabia and Kuwait) were earlier part of the -E domain, both the -E domain and the -M domain APs are supported, when any of these countries is configured on the controller, which ensures backward compatibility with the existing -E domain APs in these countries. However, you will have to ensure that only a valid set of channels (the channels common to both the -E and the -M domains) is selected as part of the 802.11a DCA list, and that the backhaul channel deselection feature is enabled to ensure correct operation of the -E domain APs, as these APs can support 100 to 140 channels and not the extended list of 149 to 161 channels available in the -M domain.
Discontinuation of the 116 and 132 Channels from the UNII-2 Extended Band
With the 7.0 release, in AP1522 and AP1524SB platforms, in addition to the 5 channels in the upper ISM band, there are 3 channels in the UNII-2 band and 8 channels in the UNII-2 Extended band. There are 11 channels in the UNII-2 Extended band, but only 8 are applicable in the outdoors due to stringent dynamic frequency selection (DFS) conditions for Canada because Canada requires a channel availability check every 10 minutes compared to every 60 seconds in the USA. The 120 (5600 MHz), 124 (5620 MHz), and 128 (5640 MHz) channels have had to be dropped.
The Federal Communications Commission (FCC) has issued a guideline to protect Terminal Doppler Weather Radar (TDWR) systems operating in the 5600- to 5650-MHz band from interference. Also, the UNII-2 Wi-Fi operating channels are interfering with the TDWR band. Therefore, with the 7.0.116.0 release, the 116 and 132 channels are dropped in addition to the 120, 124, and 128 channels. The guidelines also require that you avoid operation in the TDWR band and operate at least 30 MHz away from the TDWR operation frequencies when devices are installed within 35 km (about 21 miles) or the line-of-sight of the TDWR sites.
Note
Note
Frequency Bands
Both the 2.4-GHz and 5-GHz frequency bands are supported on the indoor and outdoor access points. Additionally, the 4.9-GHz public safety band is supported on AP1524PS. (See Figure 20.)
Figure 20 Frequency Bands Supported By 802.11a Radios on AP1520s
The 5-GHz band is a conglomerate of three bands in the USA: 5.150 to 5.250 (UNII-1), 5.250 to 5.350 (UNII-2), 5.470 to 5.725 (UNII-2 Extended), and 5.725 to 5.850 (ISM). UNII-1 and the UNII-2 bands are contiguous and are treated by 802.11a as being a continuous swath of spectrum 200-MHz wide, more than twice the size of the 2.4-GHz band. See Table 5.
The 4.9 GHz is a public safety channel within the 5-MHz (channels 1 to 10), 10-MHz (channels 11 to 19), and 20-MHz (channels 20 to 26) bandwidths.
Note
Table 5 Frequency Band
UNII-11
Regulations for UNII devices operating in the 5.15- to 5.25-GHz frequency band. Indoor operation only,
1130, 1240, and all 11n Indoor APs
UNII-2
Regulations for UNII devices operating in the 5.25- to 5.35-GHz frequency band. DFS and TPC are mandatory in this band.
1130, 1240, all 11n indoor APs, 1522, 1524SB, and 1552 (except -A domain)
UNII-2 Extended
Regulations for UNII-2 devices operating in the 5.470 to 5.725 frequency band.
1130, 1240, all 11n indoor APs, 1522, 1524SB, 1552 (except -A domain)
ISM2
Regulations for UNII devices operating in the 5.725 to 5.850 GHz frequency band.
1130, 1240, all 11n indoor APs, 1522, 1524 (AP1524PS and AP1524SB), 1552
1 UNII refers to the Unlicensed National Information Infrastructure.
2 ISM refers to Industrial Science and Mechanical.
Note
The DFS algorithms work as expected. The DFS algorithms can be implemented in the ETSI and other domains, but not in the -A domain. The product certification is pending the FCC approval and it might take up to 4 months to get the product certified. After the product is certified, we will provide a new software that will afford the UNII-2 and UNII-2 Extended bands to be used for the 1552 access points in the -A domain.
Note
For regulatory information, see http://www.cisco.com/en/US/prod/collateral/wireless/ps5679/ps5861/product_data_sheet0900aecd80537b6a.html
Dynamic Frequency Selection
Previously, devices employing radar operated in frequency subbands without other competing services. However, controlling regulatory bodies are attempting to open and share these bands with new services like wireless mesh LANs (IEEE 802.11).
To protect existing radar services, the regulatory bodies require that devices wishing to share the newly opened frequency subband behave in accordance with the Dynamic Frequency Selection (DFS) protocol. DFS dictates that to be compliant, a radio device must be capable of detecting the presence of radar signals. When a radio detects a radar signal, it is required to stop transmitting to for at least 30 minutes to protect that service.The radio then selects a different channel to transmit on but only after monitoring it. If no radar is detected on the projected channel for at least one minute, then the new radio service device may begin transmissions on that channel.
The process for a radio to detect and identify a radar signal is a complicated task that sometimes leads to incorrect detects. Incorrect radar detections can occur due to a large number of factors, including due to uncertainties of the RF environment and the ability of the access point to reliably detect actual on-channel radar.
The 802.11h standard addresses DFS and Transmit Power Control (TPC) as it relates to the 5-GHz band. Use DFS to avoid interference with radar and TPC to avoid interference with satellite feeder links.
Note
Figure 21 DFS and TPC Band Requirements
Antennas
Overview
Antenna choice is a vital component of any wireless network deployment. There are two broad types of antennas:
•
•
Each type of antenna has a specific use and is most beneficial in specific types of deployments. Because antennas distribute RF signal in large lobed coverage areas determined by antenna design, successful coverage is heavily reliant on antenna choice.
An antenna gives a mesh access point three fundamental properties: gain, directivity, and polarization:
•
•
Note
(Horizontal Beamwidth); usually, the most important one is expressed in a VB (Vertical Beamwidth) (up and down) radiation pattern. When viewing an antenna plot or pattern, the angle is usually measured at half-power (3 dB) points of the main lobe when referenced to the peak effective radiated power of the main lobe.
Note
•
Antenna Options
A wide variety of antennas are available to provide flexibility when you deploy the mesh access points over various terrains. 5 GHz is used as a backhaul and 2.4 GHz is used for client access.
Table 6 lists the supported external 2.4- and 5-GHz antennas for AP1500s.
Table 6 External 2.4- and 5-GHz Antennas
AIR-ANT2450V-N
2.4-GHz compact omnidirectional1
5
AIR-ANT-2455V-N
2.4-GHz compact omnidirectional
5.5
AIR-ANT2480V-N
2.4-GHz omnidirectional
8.0
AIR-ANT5180V-N
5-GHz compact omnidirectional2
8.0
4.9-GHz compact omnidirectional3
7.0
AIR-ANT5140V-N
5-GHz right-angle omnidirectional
4.0
AIR-ANT58G10SSA-N
5-GHz sector
9.5
AIR-ANT5114P-N
4.9- to 5-GHz patch2
14.0
AIR-ANT5117S-N
4.9- to 5-GHz 90-degree sector2
17.0
AIR-ANT2547V-N
2.4- to 5-GHz dual-band omnidirectional
4 dBi at 2.4 GHz and 7 dBi at 5 GHz
1 The compact omnidirectional antennas mount directly on the access point.
2 The compact omnidirectional antennas mount directly on the access point.
3 Use of the 4.9-GHz band requires a license and may be used only by qualified Public Safety operators as defined in section 90.20 of the FCC rules.
See the Cisco Aironet Antenna and Accessories Reference Guide on Cisco antennas and accessories at
The deployment and design, limitations and capabilities, and basic theories of antennas as well as installation scenarios, regulatory information, and technical specifications are addressed in detail.
Table 7 summarizes the horizontal and vertical beamwidth for Cisco antennas.
N-Connectors
All external antennas are equipped with male N-connectors.
AP1552 E/H have three N-connectors to connect dual-band antennas.
AP1552 C/I have no N-connectors as they come with inbuilt antennas.
AP1522 has three separate N-connectors to attach two 2.4-GHz antennas and one N-connector for a 5- GHz antenna.
AP1524PS and AP1524SB have five N connectors to attach three 2.4-GHz antennas and two N connectors for 5-GHz/4.9-GHz bands.
Each radio has at least one TX/RX port. Each radio must have an antenna connected to at least one of its available TX/RX ports.
Antenna locations for 5.8 GHz, 4.9 GHz, and 2.4 GHz are fixed and labeled.
Figure 22 shows antenna placement for a two-radio cable mesh access point.
Figure 23 shows antenna placement for a two-radio fiber mesh access point.
Figure 24 shows antenna placement for a three-radio fiber mesh access point.
Figure 22 1522C Two Radio Cable Mesh Access Point Configuration (Hinged-Side Facing Forward)
Clamp bracket with cable clamps (part of strand mount kit, ordered separately)
Cable bundle
5-GHz antenna1 (Tx/Rx)
Fiber-optic connection2
2.4-GHz antennas2 (Tx/Rx)
Cable POC power input3
2.4-GHz antennas (Rx)2
Strand mount bracket (part of strand mount kit, ordered separately)
Strand support cable
1 Illustration shows antenna for an access point with two radios.
2 Liquid tight connector not shown.
3 Stinger connector shown is user-supplied.
Figure 23 AP 1522 Two Radio Fiber Mesh Access Point Configuration (Hinged-Side Facing Backward)
Figure 24 AP1524SB and AP1524PS Mesh Access Point Pole Mount Configuration (Hinged-Side Facing Forward)
2.4-GHz antenna (Rx)
Fiber-optic connection
5-GHz antenna (Tx/Rx)
5-GHz/4.9-GHz antenna (Tx/Rx)
2.4-GHz antenna (Tx/Rx)
Antenna Configurations for 1552
The 1552 access point supports the following two types of antennas designed for outdoor use with radios operating in the 2.4-GHz and 5-GHz frequency:
•
•
Two types of mounting configurations are available: the cable strand mount and the pole mount.
The 1552 models C and I access points are equipped with three new integrated dual-band antennas, with 2 dBi gain at 2.4 GHz and 4 dBi gain at 5 GHz. The antenna works in cable strand mount and low cost, low profile applications.
Figure 25 1552C Cable Mount
Figure 26 1552I Pole/Wall Mount
The 1552 E and H access points are equipped with three N-type radio frequency (RF) connectors (antenna ports 4, 5, and 6) on the bottom of the unit for external antennas to support multiple input multiple output (MIMO) operation as shown in Figure 27. When using the optional Cisco Aironet AIR-ANT2547V-N Dual-Band Omnidirectional Antenna, the 2.4- and 5-GHz antennas connect directly to the access point. These antennas have 4 dBi gain at 2.4 GHz and 7 dBi gain at 5 GHz.
Figure 27 1552 E Pole/Wall Mount
Figure 28 shows one of the recommended installations of an outdoor AP1500.
Figure 28 Outdoor Pole-top Installation of a Mesh Access Point
The AP1500 series was designed building on the long experience we have had in deploying outdoor access points over the past few years. This includes consideration for resistance to lightning effects. The AP1500 series employs some lightning arrestor circuitry on the Ethernet & Power ports. On input Ethernet port, Gas Discharge Tubes (GDT) are used on the Power Entry Module (PEM) to mitigate lightning effect. On the AC Power, GDTs are also used along with fuses to mitigate a high-current condition. For the DC power, a fuse is used to mitigate a high-current condition.
While not a common practice, users may want to consider adding additional lightning protection at the antenna ports for added protection.
Client Access Certified Antennas (Third-Party Antennas)
You can use third-party antennas with AP1500s. However, note the following:
•
•
•
•
Maximum Ratio Combining
To understand how this works, consider a single transmitter 802.11a/g client sending an uplink packet to an 802.11n access point with multiple transceivers. The access point receives the signal on each of its three receive antennas.
Each received signal has a different phase and amplitude based on the characteristics of the space between the antenna and the client. The access point processes the three received signals into one reinforced signal by adjusting their phases and amplitudes to form the best possible signal. The algorithm used, called maximum ratio combining (MRC), is typically used on all 802.11n access points (see Figure 29). MRC only helps in the uplink direction, enabling the access point to "hear" the client better.
Figure 29 Reinforcement of Received Signal via MRC Algorithm
For the 1520 Series
AP1520 radios have a much higher transmit power, better receiver sensitivity, and broader outdoor temperature range as compared to AP1510 and AP1505 mesh access points.
•
•
When operating with data rates higher than 12 Mbps, you can increase gain on a 2.4-GHz radio to 2.7 dB by adding two antennas and to 4.5 dB, by adding three antennas. For information about RX sensitivities and MRC gain, see Table 8.
For the 1550 Series
In the 1552 series mesh access point, MRC gain is different than the 1520 series mesh access points. The 1520 series access points do not have 802.11n functionality. In the 2.4-GHz band, it has only one transmitter and up to three receivers. Therefore, it is SIMO (Single in Multiple out) in 2.4 GHz. In the 5-GHz band, it has only one transmitter and one receiver. Therefore, it is SISO (Single in Single out) in the 5-GHz band. The MRC gain is important only for the 2.4-GHz radio in the 1552 access points. The MRC is not available for the 5-GHz radio. The 2.4-GHz radio has one Tx and up to three Rx antennas depending on the AP configuration.
In the 1522 access points, users have an option to use one, two, or three 2.4-GHz Rx antennas. With this option, users get around 3 dB MRC gain with 2 Rx antennas and a 4.5-dB MRC gain with 3 Rx antennas for data rates of 24 Mbps or higher.
For the 1552 access points, both the 2.4- and 5-GHz radios are 2x3 MIMO. Therefore, they have two transmitters and three receivers. Because the antennas are dual band and there is no option to have less than three Rx antennas, the MRC is added to the RX sensitivity always as it is embedded into the baseband chipset.
The number for typical Rx sensitivity in our customer data sheet assume 3 Rx antennas for both the 1520 and the 1550 series access points.
With the chipset used in the AP1520 series radios, there was a start-of-packet problem at lower data rates that wiped out the gain. Therefore, the MRC gain became useful from a data rate of 12 Mbps onwards in the 1520 series access points. This problem has been corrected in the current chipset used in the 1552 access points. The MRC gain has improved for lower data rates as well in the 1552 access points. You get a 4.7-dB improvement in sensitivity with the 2x3 MIMO radio over a 1x1 SISO implementation.
Table 9 and Table 10 list the MRC gain for the AP1552 11a/g and AP1552 11n respectively.
Note
Cisco 1500 Hazardous Location Certification
The standard AP1500 enclosure is a ruggedized, hardened enclosure that supports the NEMA 4X and IP67 standards for protection to keep out dust, damp and water.
Hazardous Certification (Class 1, Div 2, and Zone 2)
To operate in occasional hazardous environments, such as oil refineries, oil fields, drilling platforms, chemical processing facilities, and open-pit mining, special certification is required and the certification is labeled as Class 1, Div 2, or Zone 2.
Note
Cisco has Hazardous Certified SKUs for USA and EU: AIR-LAP1522HZ-x-K9, AIR-LAP1524HZ-x-K9, and AIR-LAP1552H-x-K9. These SKUs are modified, as per the certification requirements. The hazardous locations certificate requires that all electrical power cables be run through conduit piping to protect against accidental damage to the electrical wiring that could cause a spark and possible explosion. Access points for hazardous locations contain an internal electrical mounting connect that receives discrete wires from a conduit interface coupler entering from the side of the housing. After the electrical wiring is installed, a cover housing is installed over the electrical connector to prevent exposure to the electrical wiring. The outside of the housing has a hazardous location certification label (CSA, ATEX, or IEC) that identifies the type of certifications and environments that the equipment is approved for operation.
Note
Power Entry Module for ATEX (EU) is Power entry module Groups IIC, IIB, IIA with T5 (120º C) temp code.
Hazardous Certification (Div 1 > Div 2 and Zone 1 > Zone 2)
Class 1, Division 1/Zone 1 is for environments with full-time ignitable concentrations of flammable gases, vapors, or liquids. To meet the requirements of the Div 1 > Div 2 and Zone 1 > Zone 2 locations, we recommend a TerraWave Solutions CSA certified protective Wi-Fi enclosure (see Table 11).
For more information about the TerraWave enclosures, see
Table 12 lists the hardware features across different AP1500 models at a glance.
Note
Cisco Wireless LAN Controllers
The wireless mesh solution is supported by Cisco 5500, Cisco 4400, Cisco 2500, and Cisco 2100 Series Wireless LAN Controllers. We recommend the Cisco 5500 and 4400 Series Controllers (see Figure 30) for wireless mesh deployments because they can scale to large numbers of access points and can support Layer 3 CAPWAP.
Figure 30 Cisco 5500 Wireless LAN Controller
For more information about the Cisco 5500, 4400, 2500, and 2100 Series Wireless LAN Controllers, see:
http://www.cisco.com/en/US/products/hw/wireless/index.html#,hide-id-trigger-g1-wireless_LAN
and http://www.cisco.com/en/US/products/ps7206/products_installation_and_configuration_guides_list.html
Cisco WCS
The Cisco WCS provides a graphical platform for wireless mesh planning, configuration, and management. Network managers can use Cisco WCS to design, control, and monitor wireless mesh networks from a central location.
With Cisco WCS, network administrators have a solution for RF prediction, policy provisioning, network optimization, troubleshooting, user tracking, security monitoring, and wireless LAN systems management. Graphical interfaces make wireless LAN deployment and operations simple and cost-effective. Detailed trending and analysis reports make Cisco WCS vital to ongoing network operations.
Cisco WCS runs on a server platform with an embedded database, which provides scalability that allows hundreds of controllers and thousands of Cisco mesh access points to be managed. Controllers can be located on the same LAN as Cisco WCS, on separate routed subnets, or across a wide-area connection.
Multiple, geographically dispersed Cisco WCS management platforms can be cost-effectively and easily managed by the Cisco WCS Navigator. Cisco WCS Navigator supports up to 20 Cisco WCS management platforms with manageability of up to 30,000 mesh access points from a single management console. Together, Cisco WCS and Cisco WCS Navigator provide a wireless LAN management solution for even the largest enterprise environments and outdoor deployments.
Figure 31 shows the interconnections between the controllers, Cisco WCS, and AP1500s.
Figure 31 Interconnections to the Solution
Mesh Deployment Modes
Mesh access points support multiple deployment modes, including the following:
•
•
•
•
Wireless Mesh Network
In a Cisco wireless outdoor mesh network, multiple mesh access points comprise a network that provides secure, scalable outdoor wireless LAN. Figure 32 shows an example of a simple mesh network deployment composed of mesh access point (MAPs and RAPs), controllers, and Cisco WCS.
The three RAPs are connected to the wired network at each location and are located on the building roof. All the downstream access points operate as MAPs and communicate using wireless links (not shown).
Both MAPs and RAPs can provide WLAN client access; however, the location of RAPs are often not suitable for providing client access. All the three access points in Figure 32 are located on the building roofs and are functioning as RAPs. These RAPs are connected to the network at each location.
Some of the buildings have onsite controllers to terminate CAPWAP sessions from the mesh access points but it is not a mandatory requirement because CAPWAP sessions can be back hauled to a controller over a wide-area network (WAN) (see Figure 33).
Note
Figure 32 Wireless Mesh Deployment
Wireless Backhaul
In a Cisco wireless backhaul network, traffic can be bridged between MAPs and RAPs. This traffic can be from wired devices that are being bridged by the wireless mesh or CAPWAP traffic from the mesh access points. This traffic is always AES encrypted when it crosses a wireless mesh link such as a wireless backhaul (see Figure 33).
AES encryption is established as part of the mesh access point neighbor relationship with other mesh access points. The encryption keys used between mesh access points are derived during the EAP authentication process.
Only 5 GHz backhaul is possible on all mesh access points except 1522 in which either 2.4 or 5 GHz radio can be configured as a backhaul radio (see Configuring Advanced Features).
Figure 33 Wireless Backhaul
Universal Access
You can configure the backhaul on mesh access points to accept client traffic over its 802.11a radio. This feature is identified as Backhaul Client Access in the controller GUI (Monitor > Wireless). When this feature is disabled, backhaul traffic is transmitted only over the 802.11a or 802.11a/n radio and client association is allowed only over the 802.11b/g or 802.11b/g/n radio. For more information about the configuration, see the "Configuring Advanced Features" section.
Point-to-Multipoint Wireless Bridging
In the point-to-multipoint bridging scenario, a RAP acting as a root bridge connects multiple MAPs as nonroot bridges with their associated wired LANs. By default, this feature is disabled for all MAPs. If Ethernet bridging is used, you must enable it on the controller for the respective MAP and for the RAP. Figure 34 shows a simple deployment with one RAP and two MAPs, but this configuration is fundamentally a wireless mesh with no WLAN clients. Client access can still be provided with Ethernet bridging enabled, although if bridging between buildings, MAP coverage from a high rooftop might not be suitable for client access.
Figure 34 Point-to-Multipoint Bridging Example
Point-to-Point Wireless Bridging
In a point-to-point bridging scenario, a 1500 Series Mesh AP can be used to extend a remote network by using the backhaul radio to bridge two segments of a switched network (see Figure 35). This is fundamentally a wireless mesh network with one MAP and no WLAN clients. Just as in point-to-multipoint networks, client access can still be provided with Ethernet bridging enabled, although if bridging between buildings, MAP coverage from a high rooftop might not be suitable for client access.
If you intend to use an Ethernet bridged application, we recommend that you enable the bridging feature on the RAP and on all MAPs in that segment. You must verify that any attached switches to the Ethernet ports of your MAPs are not using VLAN Trunking Protocol (VTP). VTP can reconfigure the trunked VLANs across your mesh and possibly cause a loss in connection for your RAP to its primary WLC. An incorrect configuration can take down your mesh deployment.
Figure 35 Point-to-Point Bridging Example
For security reasons the Ethernet port on the MAPs is disabled by default. It can be enabled only by configuring Ethernet Bridging on the Root and the respective MAPs (see Figure 36).
Ethernet bridging has to be enabled for the following two scenarios:
1. When you want to use the mesh nodes as bridges.2. When you want to connect Ethernet devices such as a video camera on the MAP using its Ethernet port.Figure 36 Wireless > All APs > Details
Ensure that you enable Ethernet bridging for every parent mesh AP taking the path from the mesh AP in question to the controller. For example, if you enable Ethernet bridging on MAP2 in Hop 2, then you must also enable Ethernet bridging on MAP1 (parent MAP), and on the RAP connecting to the controller.
Range Parameters have to be configured for longer links under the Wireless > Mesh tab. Optimum distance (in feet) should exist between the root access point (RAP) and the farthest mesh access point (MAP). Range from the RAP bridge to the MAP bridge has to be mentioned in feet (see Figure 37).
Figure 37 Configuring Range Parameters
The following global parameter applies to all mesh access points when they join the controller and all existing mesh access points in the network:
Range: 150 to 132,000 feet
Default: 12,000 feet
Configuring Mesh Range Using the CLI
To configure the distance between the nodes doing the bridging, use the config mesh range command (see Figure 39). Figure 38 shows how to display the mesh range by entering the show mesh config command.
Figure 38 Displaying Mesh Range Details
Figure 39 Configuring Mesh Range
Note
Note
Cisco 1520 Series Outdoor Mesh Range Calculation Utility: http://www.cisco.com/en/US/products/ps8368/products_implementation_design_guides_list.html
Range Calculator for 1550 Series Outdoor Mesh Access Points: http://www.cisco.com/en/US/products/ps11451/products_implementation_design_guides_list.html
Assumptions for AP1522 Range Calculator
•
•
•
•
•
Assumptions for AP1552 Range Calculator
•
•
•
•
•
•
•
•
•
Architecture Overview
This section describes the architecture overview of a mesh network.
CAPWAP
CAPWAP is the provisioning and control protocol used by the controller to manage access points (mesh and nonmesh) in the network. In release 5.2, CAPWAP replaced LWAPP.
Upgrading from an earlier LWAPP release (4.1.x.x or earlier) to release 5.2 is transparent. CAPWAP supports path maximum transmission unit (MTU) discovery and it is configurable on switches and routers in the backbone network.
Note
CAPWAP significantly reduces capital expenditures (CapEx) and operational expenses (OpEx), which enables the Cisco wireless mesh networking solution to be a cost-effective and secure deployment option in enterprise, campus, and metropolitan networks.
CAPWAP Discovery on a Mesh Network
The process for CAPWAP discovery on a mesh network is as follows:
1.
2.
Note
3.
4.
5.
Dynamic MTU Detection
If the MTU is changed in the network, the access point detects the new MTU value and forwards that to the controller to adjust to the new MTU. After both the access point and the controller are set at the new MTU, all data within their path are fragmented into the new MTU. The new MTU size is used until it is changed. The default MTU on switches and routers is 1500 bytes.
XML Configuration File
Starting from release 5.2, mesh features within the controller's boot configuration file are saved in an XML file in ASCII format. The XML configuration file is saved in the flash memory of the controller.
Note
Caution
You can easily read and modify the XML configuration file by converting it to CLI format. To convert from XML to CLI format, upload the configuration file to a TFTP or an FTP server. The controller initiates the conversion from XML to CLI during the upload.
Once on the server, you can read or edit the configuration file in CLI format. Then, you can download the file back to the controller. The controller converts the configuration file back to XML format, saves it to flash memory, and reboots using the new configuration.
Note
Note
•
•
•
•
CLI commands with known keywords and proper syntax are converted to XML while improper CLI commands are ignored and saved to flash memory. Any field with an invalid value is filtered out and set to a default value by the XML validation engine.Validation occurs during bootup.
To see any ignored commands or invalid configuration values, enter the following command:
show invalid-config
Note
Access passwords are hidden (obfuscated) in the configuration file. To enable or disable access point or controller passwords, enter the following command:
config switchconfig secret-obfuscation {enable | disable}
AWPP
AWPP is designed specifically for wireless mesh networking to provide ease of deployment, fast convergence, and minimal resource consumption.
AWPP takes advantage of the CAPWAP WLAN, where client traffic is tunneled to the controller and is therefore hidden from the AWPP process. Also, the advance radio management features in the CAPWAP WLAN solution are available to the wireless mesh network and do not have to be built into AWPP.
AWPP enables a remote access point to dynamically find the best path back to a RAP for each MAP that is part of the RAP's bridge group (BGN). Unlike traditional routing protocols, AWPP takes RF details into account.
To optimize the route, a MAP actively solicits neighbor MAP. During the solicitation, the MAP learns all of the available neighbors back to a RAP, determines which neighbor offers the best path, and then synchronizes with that neighbor. The path decisions of AWPP are based on the link quality and the number of hops.
AWPP automatically determines the best path back to the CAPWAP controller by calculating the cost of each path in terms of the signal strength and number of hops. After the path is established, AWPP continuously monitors conditions and changes routes to reflect changes in conditions. AWPP also performs a smoothing function to signal condition information to ensure that the ephemeral nature of RF environments does not impact network stability.
Traffic Flow
The traffic flow within the wireless mesh can be divided into three components:
1.
2.
3.
As the CAPWAP model is well known and the AWPP is a proprietary protocol, only the wireless mesh data flow is described. The key to the wireless mesh data flow is the address fields of the 802.11 frames being sent between mesh access points.
An 802.11 data frame can use up to four address fields: receiver, transmitter, destination, and source. The standard frame from a WLAN client to an AP uses only three of these address fields because the transmitter address and the source address are the same. However, in a WLAN bridging network, all four address fields are used because the source of the frame might not be the transmitter of the frame, because the frame might have been generated by a device behind the transmitter.
Figure 40 shows an example of this type of framing. The source address of the frame is MAP:03:70, the destination address of this frame is the controller (the mesh network is operating in Layer 2 mode), the transmitter address is MAP:D5:60, and the receiver address is RAP:03:40.
Figure 40 Wireless Mesh Frame
As this frame is sent, the transmitter and receiver addresses change on a hop-by-hop basis. AWPP is used to determine the receiver address at each hop. The transmitter address is known because it is the current mesh access point. The source and destination addresses are the same over the entire path.
If the RAP's controller connection is Layer 3, the destination address for the frame is the default gateway MAC address, because the MAP has already encapsulated the CAPWAP in the IP packet to send it to the controller, and is using the standard IP behavior of using ARP to find the MAC address of the default gateway.
Each mesh access point within the mesh forms an CAPWAP session with a controller. WLAN traffic is encapsulated inside CAPWAP and is mapped to a VLAN interface on the controller. Bridged Ethernet traffic can be passed from each Ethernet interface on the mesh network and does not have to be mapped to an interface on the controller (see Figure 41).
Figure 41 Logical Bridge and WLAN Mapping
Mesh Neighbors, Parents, and Children
Relationships among mesh access points are as a parent, child, or neighbor (see Figure 42).
•
–
•
•
Figure 42 Parent, Child, and Neighbor Access Points
Choosing the Best Parent
AWPP follows this process in selecting parents for a RAP or MAP with a radio backhaul:
•
•
•
•
This algorithm is run at startup and whenever a parent is lost and no other potential parent exists, and is usually followed by CAPWAP network and controller discovery. All neighbor protocol frames carry the channel information.
Parent maintenance occurs by the child node sending a directed NEIGHBOR_REQUEST to the parent and the parent responding with a NEIGHBOR_RESPONSE.
Parent optimization and refresh occurs by the child node sending a NEIGHBOR_REQUEST broadcast on the same channel on which its parent resides, and by evaluating all responses from neighboring nodes on the channel.
A parent mesh access point provides the best path back to a RAP. AWPP uses ease to determine the best path. Ease can be considered the opposite of cost, and the preferred path is the path with the higher ease.
Ease Calculation
Ease is calculated using the SNR and hop value of each neighbor, and applying a multiplier based on various SNR thresholds. The purpose of this multiplier is to apply a spreading function to the SNRs that reflects various link qualities.
Figure 43 shows the parent path selection where MAP2 prefers the path through MAP1 because the adjusted ease value (436906) though this path is greater then the ease value (262144) of the direct path from MAP2 to RAP.
Figure 43 Parent Path Selection
Parent Decision
A parent mesh access point is chosen by using the adjusted ease, which is the ease of each neighbor divided by the number of hops to the RAP:
adjusted ease = min (ease at each hop)
Hop countSNR Smoothing
One of the challenges in WLAN routing is the ephemeral nature of RF, which must be considered when analyzing an optimal path and deciding when a change in path is required. The SNR on a given RF link can change substantially from moment to moment, and changing route paths based on these fluctuations results in an unstable network, with severely degraded performance. To effectively capture the underlying SNR but remove moment-to-moment fluctuations, a smoothing function is applied that provides an adjusted SNR.
In evaluating potential neighbors against the current parent, the parent is given 20 percent of bonus-ease on top of the parent's calculated ease, to reduce the ping-pong effect between parents. A potential parent must be significantly better for a child to make a switch. Parent switching is transparent to CAPWAP and other higher-layer functions.
Loop Prevention
To ensure that routing loops are not created, AWPP discards any route that contains its own MAC address. That is, routing information apart from hop information contains the MAC address of each hop to the RAP; therefore, a mesh access point can easily detect and discard routes that loop.
Design Considerations
Each outdoor wireless mesh deployment is unique, and each environment has its own challenges with available locations, obstructions, and available network infrastructure. Design requirements driven by expected users, traffic, and availability needs are also major design criteria. This section describes important design considerations and provides an example of a wireless mesh design.
Wireless Mesh Constraints
The following are a few system characteristics to consider when you design and build a wireless mesh network. Some of these characteristics apply to the backhaul network design and others to the CAPWAP controller design:
Wireless Backhaul Data Rate
Backhaul is used to create only the wireless connection between the access points. The backhaul interface by default is 802.11a or 802.11a/n depending upon the access point. The rate selection is important for effective use of the available RF spectrum. The rate can also affect the throughput of client devices, and throughput is an important metric used by industry publications to evaluate vendor devices.
Dynamic Rate Adaptation (DRA) introduces a process to estimate optimal transmission rate for packet transmissions. It is important to select rates correctly. If the rate is too high, packet transmissions fail resulting in communication failure. If the rate is too low, the available channel bandwidth is not used, resulting in inferior products, and the potential for catastrophic network congestion and collapse.
Data rates also affect the RF coverage and network performance. Lower data rates, for example 6 Mbps, can extend farther from the access point than can higher data rates, for example 300 Mbps. As a result, the data rate affects cell coverage and consequently the number of access points required. Different data rates are achieved by sending a more redundant signal on the wireless link, allowing data to be easily recovered from noise. The number of symbols sent out for a packet at the 1-Mbps data rate is higher than the number of symbols used for the same packet at 11 Mbps. Therefore, sending data at the lower bit rates takes more time than sending the equivalent data at a higher bit rate, resulting in reduced throughput.
A lower bit rate might allow a greater distance between MAPs, but there are likely to be gaps in the WLAN client coverage, and the capacity of the backhaul network is reduced. An increased bit rate for the backhaul network either requires more MAPs or results in a reduced SNR between MAPs, limiting mesh reliability and interconnection. For more information about configuring wireless backhaul data rate, see "Configuring Wireless Backhaul Data Rate" section.
Note
The required minimum LinkSNR for backhaul links per data rate is shown in Table 13.
Table 13 Backhaul Data Rates and Minimum LinkSNR Requirements
54
31
48
29
36
26
24
22
18
18
12
16
9
15
6
14
•
Table 14 summarizes the calculation by data rate.
–
–
Table 14
6
5
9
14
9
6
9
15
12
7
9
16
18
9
9
18
24
13
9
22
36
17
9
26
Minimum Required LinkSNR Calculations by Data Rate
•
LinkSNR = Minimum SNR - MRC + Fade Margin (9 dB)
If we consider only 802.11n rates, then Table 16 shows LinkSNR requirements with AP1552 for 2.4 and 5 GHz.
Note
•
The number of hops is recommended to be limited to three or four primarily to maintain sufficient backhaul throughput, because each mesh access point uses the same radio for transmission and reception of backhaul traffic, which means that throughput is approximately halved over every hop. For example, the maximum throughput for 24 Mbps is approximately 14 Mbps for the first hop, 9 Mbps for the second hop, and 4 Mbps for the third hop.
•
There is no current software limitation on how many MAPs per RAP you can configure. However, it is suggested that you limit the number to 20 MAPs per RAP.
•
–
•
ClientLink Technology
Many networks still support a mix of 802.11a/g and 802.11n clients. Because 802.11a/g clients (legacy clients) operate at lower data rates, the older clients can reduce the capacity of the entire network. Cisco's ClientLink technology can help solve problems related to adoption of 802.11n in mixed-client networks by ensuring that 802.11a/g clients operate at the best possible rates, especially when they are near cell boundaries.
Advanced signal processing has been added to the Wi-Fi chipset. Multiple transmit antennas are used to focus transmissions in the direction of the 802.11a/g client, increasing the downlink signal-to-noise ratio and the data rate over range, thereby reducing coverage holes and enhancing the overall system performance. This technology learns the optimum way to combine the signal received from a client and then uses this information to send packets in an optimum way back to the client. This technique is also referred to as MIMO (multiple-input multiple-output) beamforming, transmit beamforming, or cophasing, and it is the only enterprise-class and service provider-class solution in the market that does not require expensive antenna arrays.
The 802.11n systems take advantage of multipath by sending multiple radio signals simultaneously. Each of these signals, called a spatial stream, is sent from its own antenna using its own transmitter. Because there is some space between these antennas, each signal follows a slightly different path to the receiver, a situation called spatial diversity. The receiver has multiple antennas as well, each with its own radio that independently decodes the arriving signals, and each signal is combined with signals from the other receiver radios. This results in multiple data streams receiving at the same time. This enables a higher throughput than previous 802.11a/g systems, but requires an 802.11n capable client to decipher the signal. Therefore, both AP and client need to support this capability. Due to the complexity of issues, in the first generation of mainstream 802.11n chipsets, neither the AP nor client chipsets implemented 802.11n transmit beamforming. Therefore, the 802.11n standard transmit beamforming will be available eventually, but not until the next generation of chipsets take hold in the market. We intend to lead in this area going forward.
We realized that for the current generation of 802.11n APs, while the second transmit path was being well utilized for 802.11n clients (to implement spatial diversity), it was not being fully used for 802.11a/g clients. In other words, for 802.11 a/g clients, some of the capabilities of the extra transmit path was lying idle. In addition, we realized that for many networks, the performance of the installed 802.11 a/g client base would be a limiting factor on the network.
To take advantage of this fallow capacity and greatly enhance overall network capacity by bringing 802.11 a/g clients up to a higher performance level, we created an innovation in transmit beamforming technology, called ClientLink.
ClientLink uses advanced signal processing techniques and multiple transmit paths to optimize the signal received by 802.11a/g clients in the downlink direction without requiring feedback. Because no special feedback is required, Cisco ClientLink works with all existing 802.11a/g clients.
Cisco ClientLink technology effectively enables the access point to optimize the SNR exactly at the position where the client is placed. ClientLink provides a gain of almost 4 dB in the downlink direction. Improved SNR yields many benefits, such as a reduced number of retries and higher data rates. For example, a client at the edge of the cell that might previously have been capable of receiving packets at 12 Mbps could now receive them at 36 Mbps. Typical measurements of downlink performance with ClientLink show as much as 65 percent greater throughput for 802.11a/g clients. By allowing the Wi-Fi system to operate at higher data rates and with fewer retries, ClientLink increases the overall capacity of the system, which means an efficient use of spectrum resources.
ClientLink in the 1552 access points is based on ClientLink capability available in AP3500s. Therefore, the access point has the ability to beamform well to nearby clients and to update beamforming information on 802.11ACKs. Therefore, even if there is no dedicated uplink traffic, the ClientLink works well, which is beneficial to both TCP and UDP traffic streams. There are no RSSI watermarks, which the client has to cross to take advantage of this Beamforming with Cisco 802.11n access points.
ClientLink can beamform to 15 clients at a time. Therefore, the host must select the best 15 if the number of legacy clients exceeds 15 per radio. AP1552 has two radios, which means that up to 30 clients can be beamformed in time domain.
Although ClientLink is applied to legacy OFDM portions of packets, which refers to 11a/g rates (not 11b) for both indoor and outdoor 802.11n access points, there is one difference between ClientLink for indoor 11n and ClientLink for outdoor 11n. For indoor 11n access points, SW limits the affected rates to 24, 36, 48, and 54 Mbps. This is done to avoid clients sticking to a far away AP in an indoor environment. SW also does not allow ClientLink to work for those rates for 11n clients because the throughput gain is so minimal. However, there is a demonstrable gain for pure legacy clients. For outdoor 11n access points, we do need more coverage. Thus, three more additional legacy data rates lower than 24 Mbps have been added. ClientLink for outdoors is applicable to legacy data rates of 9, 12, 18, 24, 36, 48, and 54 Mbps.
Using the GUI to Configure ClientLink
To configure ClientLink (Beamforming) using the controller GUI, follow these steps:
Step 1
a.
Figure 44 802.11a Global Parameters Page
b.
c.
Step 2
Step 3
Step 4
Step 5
Note
Step 6
a.
b.
Figure 45 802.11a/n Cisco APs > Configure Page
Step 7
Note
Step 8
Step 9
Using the CLI to Configure ClientLink
To configure ClientLink (Beamforming) using the controller CLI, follow these steps:
Step 1
config {802.11a | 802.11b} disable network
Step 2
config {802.11a | 802.11b} beamforming global {enable | disable}
The default value is disabled.
Note
Step 3
config {802.11a | 802.11b} beamforming ap Cisco_AP {enable | disable}
The default value is disabled if beamforming is disabled on the network and enabled if beamforming is enabled on the network.
Step 4
config {802.11a | 802.11b} enable network
Step 5
save config
Step 6
show {802.11a | 802.11b}
Information similar to the following appears:
802.11a Network.................................. Enabled11nSupport....................................... Enabled802.11a Low Band........................... Enabled802.11a Mid Band........................... Enabled802.11a High Band.......................... Enabled...Pico-Cell-V2 Status.............................. DisabledTI Threshold..................................... -50Legacy Tx Beamforming setting................. EnabledStep 7
show ap config {802.11a | 802.11b} Cisco_AP
Information similar to the following appears:
Cisco AP Identifier.............................. 14Cisco AP Name.................................... 1250-1Country code..................................... US - United StatesRegulatory Domain allowed by Country............. 802.11bg:-A 802.11a:-A...Phy OFDM parametersConfiguration ............................. AUTOMATICCurrent Channel ........................... 149Extension Channel ......................... NONEChannel Width.............................. 20 MhzAllowed Channel List....................... 36,40,44,48,52,56,60,64,100,......................................... 104,108,112,116,132,136,140,......................................... 149,153,157,161,165TI Threshold .............................. -50Legacy Tx Beamforming Configuration ....... CUSTOMIZEDLegacy Tx Beamforming ..................... ENABLED
Commands Related to ClientLink
The following commands are related to ClientLink:
•
–
–
–
•
–
The output is displayed as follows:
Legacy Beamforming: Configured Yes, Active Yes, RSSI Threshold -50 dBmLegacy Beamforming: Configured Yes, Active Yes, RSSI Threshold -60 dBm–
The output is displayed as follows:
RBF Table:Index Client MAC Reserved Valid Tx BF Aging1 0040.96BA.45A0 Yes Yes Yes NoController Planning
The following items affect the number of controllers required in a mesh network:
•
The wired network that connects the RAP and controllers can affect the total number of access points supported in the network. If this network allows the controllers to be equally available to all access points without any impact on WLAN performance, the access points can be evenly distributed across all controllers for maximum efficiency. If this is not the case, and controllers are grouped into various clusters or PoPs, the overall number of access points and coverage are reduced.
For example, you can have 72 Cisco 4400 Series Controllers in a mobility group, and each Cisco 4400 Series Controller supports 100 local access points, which gives a total number of 7200 possible access points per mobility group.
•
For clarity, nonmesh access points are referred to as local access points in this document.
Table 17 Mesh Access Point Support by Controller Model
55082
500
500
1
499
500
100
400
500
150
350
500
200
300
500
44043
100
150
1
149
150
50
100
150
75
50
125
100
0
100
25044
50
50
1
49
50
2
48
50
5
45
50
9
41
50
21063
6
11
1
10
11
2
8
10
3
6
9
4
4
8
5
2
7
6
0
6
21122
12
12
1
11
12
3
9
12
6
6
12
9
3
12
12
0
12
21252
25
25
1
24
25
5
20
25
10
15
25
15
10
25
20
5
25
25
0
25
WiSM3
300
375
1
374
375
100
275
375
250
100
350
300
0
300
WiSM23
500
500
1
499
500
100
400
500
150
350
500
200
300
500
1 Local AP support is the total number of nonmesh APs supported on the controller model.
2 For 5508, 2112, and 2125 controllers, the number of MAPs is equal to (local AP support - number of RAPs).
3 For 4404, 2106, and WiSM controllers, the number of MAPs is equal to ((local AP support - number of RAPs) x 2), not to exceed the maximum possible mesh AP support.
4 For 2504.
Note
Note
Mesh APs (MAPs/RAPs) are counted as full APs on Cisco 5508 Controllers.
With other controller platforms, MAPs are counted as half APs.
Data Plane Transport Layer Security (DTLS) is not supported on mesh access points.
Site Preparation and Planning
This section provides implementation details and configuration examples.
Site Survey
We recommend that you perform a radio site survey before installing the equipment. A site survey reveals problems such as interference, Fresnel zone, or logistics problems. A proper site survey involves temporarily setting up mesh links and taking measurements to determine whether your antenna calculations are accurate. Determine the correct location and antenna before drilling holes, routing cables, and mounting equipment.
Note
Pre-Survey Checklist
Before attempting a site survey, determine the following:
•
•
•
•
•
•
•
•
•
•
•
Note
Outdoor Site Survey
Deploying WLAN systems outdoors requires a different skill set to indoor wireless deployments. Considerations such as weather extremes, lightning, physical security, and local regulations need to be taken into account.
When determining the suitability of a successful mesh link, define how far the mesh link is expected to transmit and at what radio data rate. Remember that the data rate is not directly included in the wireless routing calculation, and we recommend that the same data rate is used throughout the same mesh (the recommended rate is 24 Mbps).
Design recommendations for mesh links are as follows:
•
•
•
•
•
•
•
•
Determining a Line of Sight
When you determine the suitability of a successful link, you must define how far the link is expected to transmit and at what radio data rate. Very close links, one kilometer or less, are fairly easy to achieve assuming there is a clear line of sight (LOS)-a path with no obstructions.
Because mesh radio waves have very high frequency in the 5-GHz band, the radio wavelength is small; therefore, the radio waves do not travel as far as radio waves on lower frequencies, given the same amount of power. This higher frequency range makes the mesh ideal for unlicensed use because the radio waves do not travel far unless a high-gain antenna is used to tightly focus the radio waves in a given direction.
This high-gain antenna configuration is recommended only for connecting a RAP to the MAP. To optimize mesh behavior, omnidirectional antennas are used because mesh links are limited to one mile (1.6 km). The curvature of the earth does not impact line-of-sight calculations because the curvature of the earth changes every six miles (9.6 km).
Weather
In addition to free space path loss and line of sight, weather can also degrade a mesh link. Rain, snow, fog, and any high humidity condition can slightly obstruct or affect the line of sight, introducing a small loss (sometimes referred to as rain fade or fade margin), which has little effect on the mesh link. If you have established a stable mesh link, the weather should not be a problem; however, if the link is poor to begin with, bad weather can degrade performance or cause loss of link.
Ideally, you need a line of sight; a white-out snow storm does not allow a line of sight. Also, while storms may make the rain or snow itself appear to be the problem, many times it might be additional conditions caused by the adverse weather. For example, perhaps the antenna is on a mast pipe and the storm is blowing the mast pipe or antenna structure and that movement is causing the link to come and go, or there might be a large build-up of ice or snow on the antenna.
Fresnel Zone
A Fresnel zone is an imaginary ellipse around the visual line of sight between the transmitter and receiver. As radio signals travel through free space to their intended target, they could encounter an obstruction in the Fresnel area, degrading the signal. Best performance and range are attained when there is no obstruction of this Fresnel area. Fresnel zone, free space loss, antenna gain, cable loss, data rate, link distance, transmitter power, receiver sensitivity, and other variables play a role in determining how far your mesh link goes. Links can still occur as long as 60-70 percent of the Fresnel area is unobstructed, as illustrated in Figure 46.
Figure 46 Point-to-Point Link Fresnel Zone
Figure 47 illustrates an obstructed Fresnel zone.
Figure 47 Typical Obstructions in a Fresnel Zone
It is possible to calculate the radius of the Fresnel zone (in feet) at any particular distance along the path using the following equation:
F1 = 72.6 X square root (d/4 x f)
where
F1 = the first Fresnel zone radius in feet
D = total path length in miles
F = frequency (GHz)
Normally, 60 percent of the first Fresnel zone clearance is recommended, so the above formula for 60 percent Fresnel zone clearance can be expressed as follows:
0.60 F1= 43.3 x square root (d/4 x f)
These calculations are based on a flat terrain.
Figure 48 shows the removal of an obstruction in the Fresnel zone of the wireless signal.
Figure 48 Removing Obstructions in a Fresnel Zone
Fresnel Zone Size in Wireless Mesh Deployments
To give an approximation of size of the maximum Fresnel zone to be considered, at a possible minimum frequency of 4.9 GHz, the minimum value changes depending on the regulatory domain. The minimum figure quoted is a possible band allocated for public safety in the USA, and a maximum distance of one mile gives a Fresnel zone of clearance requirement of 9.78 ft = 43.3 x SQR(1/(4*4.9)). This clearance is relatively easy to achieve in most situations. In most deployments, distances are expected to be less than one mile, and the frequency greater than 4.9 GHz, making the Fresnel zone smaller. Every mesh deployment should consider the Fresnel zone as part of its design, but in most cases, it is not expected that meeting the Fresnel clearance requirement is an issue.
Hidden Nodes Interference
The mesh backhaul uses the same 802.11a channel for all nodes in that mesh, which can introduce hidden nodes into the WLAN backhaul environment, as shown in Figure 49.
Figure 49 Hidden Nodes
Figure 49 shows the following three MAPs:
•
•
•
If MAP X is the route back to the RAP for MAP Y and Z, both MAP X and MAP Z might be sending traffic to MAP Y at the same time. MAP Y can see traffic from both MAP X and Z, but MAP X and Z cannot see each other because of the RF environment, which means that the carrier sense multi-access (CSMA) mechanism does not stop MAP X and Z from transmitting during the same time window; if either of these frames is destined for a MAP, it is corrupted by the collision between frames and requires retransmission.
Although all WLANs at some time can expect some hidden node collisions, the fixed nature of the MAP makes hidden node collisions a persistent feature of the mesh WLAN backhaul under some traffic conditions such as heavy loads and large packet streams.
Both the hidden node problem and the exposed node problem are inherent to wireless mesh networks because mesh access points share the same backhaul channel. Because these two problems can affect the overall network performance, the Cisco mesh solution seeks to mitigate these two problems as much as possible. For example, the AP1500s have at least two radios: one for backhaul access on a 5-GHz channel and the other for 2.4-GHz client access. In addition, the radio resource management (RRM) feature enables cell breathing and automatic channel change, which can effectively decrease the collision domains in a mesh network.
There is an additional solution that can help to further mitigate these two problems. To reduce collisions and to improve stability under high load conditions, the 802.11 MAC uses an exponential backoff algorithm, where contending nodes back off exponentially and retransmit packets whenever a perceived collision occurs. Theoretically, the more retries a node has, the smaller the collision probability will be. In practice, when there are only two contending stations and they are not hidden stations, the collision probability becomes negligible after just three retries. The collision probability increases when there are more contending stations. Therefore, when there are many contending stations in the same collision domain, a higher retry limit and a larger maximum contention window are necessary. Further, collision probability does not decrease exponentially when there are hidden nodes in the network. In this case, an RTS/CTS exchange can be used to mitigate the hidden node problem.
Functional Routing of Three Radio MAPs
Because a directional antenna is required to be attached to the slot 2 radios, you should align and RF tune each link to minimize the hidden node effect. For example, a MAP at location C should be aligned to the MAP at location B. The MAP at location C should not be able to see AP at location A (see Figure 50). First, align the antennas and then optimize each link by tuning the RF power. A channel is reused after 4 hops. A maximum number of 8 hops is supported.
Figure 50 Functional Routing Example
Slot Bias Options
When a 1524SB AP is switched on, either slot 1 or slot 2 can be used for an uplink depending on the strength of the signal. AWPP treats both slots equally. For a MAP, slot 2 is the preferred (biased) uplink slot, that is, the slot that is used to connect to the parent AP. Slot 1 is the preferred downlink slot. When both radio slots are available for use and if slot 1 is used for an uplink backhaul, a 15-minute timer is started. At the end of 15 minutes, the AP scans for a channel in slot 2 so that slot 2 might be used for an uplink backhaul again. This process is called slot bias.
We recommend that you use directional antenna on slot 2 for a proper linear functionality. We also recommend that you ensure that slot 2 is selected for a strong uplink. However, there may be some scenarios where directional antennas are used on both the backhaul radios for mobility. When the AP is powered on, the parent can be selected in either direction. If slot 1 is selected, the AP should not go to the scanning mode after 15 minutes, that is, you should disable the slot bias.
Disabling Slot Bias
In the 7.0.116.0 release, you can use the config mesh slot-bias disable to disable slot bias so that the APs can be stable on slot 1.
To disable slot bias, enter the following command:
(Cisco Controller) > config mesh slot-bias disable
Note
Usage Guidelines
Follow these guidelines for the config mesh slot-bias disable command:
•
•
•
•
•
•
•
•
Commands Related to Slot Bias
The following commands related to slot bias:
•
(Cisco Controller) > show mesh configMesh Range....................................... 12000Mesh Statistics update period.................... 3 minutesBackhaul with client access status............... enabledBackhaul with extended client access status...... disabledBackground Scanning State........................ enabledBackhaul Amsdu State............................. enabledMesh SecuritySecurity Mode................................. EAPExternal-Auth................................. disabledUse MAC Filter in External AAA server......... disabledForce External Authentication................. disabledMesh Alarm CriteriaMax Hop Count................................. 4Recommended Max Children for MAP.............. 10Recommended Max Children for RAP.............. 20Low Link SNR.................................. 12High Link SNR................................. 60Max Association Number........................ 10Association Interval.......................... 60 minutesParent Change Numbers......................... 3Parent Change Interval........................ 60 minutesMesh Multicast Mode.............................. In-OutMesh Full Sector DFS............................. enabledMesh Ethernet Bridging VLAN Transparent Mode..... enabledMesh DCA channels for serial backhaul APs........ disabledMesh Slot Bias................................... disabled•
a.
(Cisco Controller) > debug ap enable AP_nameb.
(Cisco Controller) > debug ap command show mesh config AP_name(Cisco Controller) > debug ap command show mesh adjacency parent AP_namePreferred Parent Selection
You can configure a preferred parent for a MAP. This feature gives more control to you and enables you to enforce a linear topology in a mesh environment. You can skip AWPP and force a parent to go to a preferred parent.
Preferred Parent Selection Criteria
The child AP selects the preferred parent based on the following criteria:
•
•
•
•
•
•
Note
Configuring a Preferred Parent
To configure a preferred parent, enter the following command:
(Cisco Controller) > config mesh parent preferred AP_name MACwhere:
•
•
Note
The following example shows how to configure the preferred parent for the MAP1SB access point, where 00:24:13:0f:92:00 is the preferred parent's MAC address:
(Cisco Controller) > config mesh parent preferred MAP1SB 00:24:13:0f:92:0fRelated Commands
The following commands are related to preferred parent selection:
•
(Cisco Controller) > config mesh parent preferred AP_name none•
(Cisco Controller) > show ap config general AP_nameThe following example shows how to get the configuration information for the MAP1SB access point, where 00:24:13:0f:92:00 is the MAC address of the preferred parent:
(Cisco Controller) > show ap config general MAP1SBCisco AP Identifier.............................. 9Cisco AP Name.................................... MAP1SBCountry code..................................... US - United StatesRegulatory Domain allowed by Country............. 802.11bg:-A 802.11a:-AAP Country code.................................. US - United StatesAP Regulatory Domain............................. 802.11bg:-A 802.11a:-ASwitch Port Number .............................. 1MAC Address...................................... 12:12:12:12:12:12IP Address Configuration......................... DHCPIP Address....................................... 209.165.200.225IP NetMask....................................... 255.255.255.224CAPWAP Path MTU.................................. 1485Domain...........................................Name Server......................................Telnet State..................................... DisabledSsh State........................................ DisabledCisco AP Location................................ default locationCisco AP Group Name.............................. default-groupPrimary Cisco Switch Name........................ 4404Primary Cisco Switch IP Address.................. 209.165.200.230Secondary Cisco Switch Name......................Secondary Cisco Switch IP Address................ Not ConfiguredTertiary Cisco Switch Name....................... 4404Tertiary Cisco Switch IP Address................. 3.3.3.3Administrative State ............................ ADMIN_ENABLEDOperation State ................................. REGISTEREDMirroring Mode .................................. DisabledAP Mode ......................................... LocalPublic Safety ................................... Global: Disabled, Local: DisabledAP subMode ...................................... WIPSRemote AP Debug ................................. DisabledS/W Version .................................... 5.1.0.0Boot Version ................................... 12.4.10.0Mini IOS Version ................................ 0.0.0.0Stats Reporting Period .......................... 180LED State........................................ EnabledPoE Pre-Standard Switch.......................... EnabledPoE Power Injector MAC Addr...................... DisabledPower Type/Mode.................................. PoE/Low Power (degraded mode)Number Of Slots.................................. 2AP Model......................................... AIR-LAP1252AG-A-K9IOS Version...................................... 12.4(10:0)Reset Button..................................... EnabledAP Serial Number................................. serial_numberAP Certificate Type.............................. Manufacture InstalledManagement Frame Protection Validation........... Enabled (Global MFP Disabled)AP User Mode..................................... CUSTOMIZEDAP username..................................... mariaAP Dot1x User Mode............................... Not ConfiguredAP Dot1x username............................... Not ConfiguredCisco AP system logging host..................... 255.255.255.255AP Up Time....................................... 4 days, 06 h 17 m 22 sAP LWAPP Up Time................................. 4 days, 06 h 15 m 00 sJoin Date and Time............................... Mon Mar 3 06:19:47 2008Ethernet Port Duplex............................. AutoEthernet Port Speed.............................. AutoAP Link Latency.................................. EnabledCurrent Delay................................... 0 msMaximum Delay................................... 240 msMinimum Delay................................... 0 msLast updated (based on AP Up Time).............. 4 days, 06 h 17 m 20 sRogue Detection.................................. EnabledAP TCP MSS Adjust................................ DisabledMesh preferred parent............................ 00:24:13:0f:92:00Co-Channel Interference
In addition to hidden node interference, co-channel interference can also impact performance. Co-channel interference occurs when adjacent radios on the same channel interfere with the performance of the local mesh network. This interference takes the form of collisions or excessive deferrals by CSMA. In both cases, performance of the mesh network is degraded. With appropriate channel management, co-channel interference on the wireless mesh network can be minimized.
Wireless Mesh Network Coverage Considerations
This section provides a summary of items that must be considered for maximum wireless LAN coverage in an urban or suburban area, to adhere to compliance conditions for respective domains.
The following recommendations assume a flat terrain with no obstacles (green field deployment).
We always recommend that you perform a site survey before taking any real estimations for the area and creating a bill of materials.
Cell Planning and Distance
For 1520 Series
The RAP-to-MAP ratio is the starting point. For general planning purposes, the current ratio is 20 MAPs per RAP.
We recommend the following values for cell planning and distance in nonvoice networks:
•
•
•
–
•
Figure 51 Cell Radius of 1000 Feet and Access Point Placement for Nonvoice Mesh Networks
Figure 52 Path Loss Exponent 2.3 to 2.7
Figure 53 Cell Radius of 600 Feet and Access Point Placement for Nonvoice Mesh Networks
Figure 54 Path Loss Exponent 2.5 to 3.0
For the 1550 Series
As seen in the previous section, for a Greenfield deployment with the AP1520 series, we recommend a cell radius of 600 feet, and an AP to AP distance of 1200 feet. Normally, an AP to AP distance that is twice the AP to client distance is recommended. That is, if we halve the AP to AP distance, we will get the approximate cell radius.
The AP1550 series offers comparatively better range and capacity as it has the 802.11n functionality. It has advantages of ClientLink (Beamforming) in downstream, better receiver sensitivities because of MRC in upstream, multiple transmitter streams and a few other advantages of 802.11n such as channel combining and so on. The 1552 access points can provide comparatively larger and higher capacity cells.
Note
Comparison of Link Budgets of AP1520 Series and AP1552 Series in 2.4- and 5-GHz Bands (-A Domain)
For the 2.4-GHz band 1520s and 1552s have almost the same Tx power, but 1552s have 3 dB better Rx sensitivity because of improved MRC (see Table 18).
Table 18 Link Budget Comparison for the 2.4-GHz band in -A Domain
Frequency Band
2412-2462 MHz
2412-2462 MHz
Center Frequencies
Air Interface
802.11b/g/n
802.11b/g
Channel Bandwidth
20 MHz
20 MHz
No. of Tx Spatial Streams
2
1
PHY Data Rates
Up to 144 Mbps1
Up to 54 Mbps
Tx Power Conducted
28 dBm, Composite2
27 dBm
Maximum power, data rate dependent
Rx Sensitivity
-94 dBm at 6 Mbps
-79 dBm at 54 Mbps
-73 dBm at 300 Mbps3
-90 dBm at 6 Mbps
-80 dBm at 54 Mbps
Includes 4.7 dB MRC gain for AP1552
No. of Receive Channels
3
3
Rx Diversity
MRC
MRC
Antenna Cable loss
0.5 dB, with external antenna
0.5 dB
Antenna gain without ClientLink (Beamforming)
3 dual-band omnidirectional antenna 1552 E/H: 4 dBi each
1552 C/I: 2 dBi each
(3-element low profile Radom)
5.5 dBi or 8 dBi omnidirectional
Antenna gain with ClientLink (Beamforming)
8 dBi or 6 dBi
5.5 dBi or 8 dBi (No BF)
1 40-MHz channel bonding in 2.4 GHz is not applicable. Therefore, the maximum data rate is 144 Mbps.
2 Composite power is the power when we have two Tx streams enabled in AP1552.
3 1552 has 3 dB better receiver sensitivity when compared to 1520 series APs.
Note
For the 5-GHz band, 1520s and 1552s have almost the same Tx power, but 1552s have approximately 4 dB better Rx sensitivity because of the availability of MRC in 5 GHz (see Table 19).
Table 19 Link Budget Comparison for the 5-GHz band in -A Domain
Frequency Band
5745-5825 MHz
5745-5825 MHz
Center Frequencies
Air Interface
802.11a/n
802.11a
Channel Bandwidth
20 MHz, 40 MHz
20 MHz
No. of Tx Spatial Streams
2
1
PHY Data Rates
Up to 300 Mbps
Up to 54 Mbps
Tx Power Conducted
28 dBm, Composite
28 dBm
Maximum power, data rate dependent
Rx Sensitivity
-92 dBm at 6 Mbps
-76 dBm at 54 Mbps
-72 dBm at 300 Mbps1
-88 dBm at 6 Mbps
-73 dBm at 54 Mbps
Includes 4.7 dB MRC gain for AP1552
No. of Receive Channels
3
1
Rx Diversity
MRC
No MRC2
Antenna Cable loss
0.5 dB
0.5 dB
Antenna gain without ClientLink (Beamforming)
3 dual-band omnidirectional antenna 1552 E/H: 7 dBi each
1552 C/I: 4 dBi each
(3 element low profile Radom)
8 dBi, 14 dBi, 17 dBi
Antenna gain with ClientLink (Beamforming)
11 dBi (omnidirectional), 8 dBi panel array
8 dBi (No BF)
1 1552 has ~4 dB better Rx sensitivity as compared to 1520 series APs.
2 Maximum Ratio Combining not available for 1522 in 5 GHz.
The 20-MHz channel bonding to form a 40-MHz channel is available in 5 GHz. Therefore, we can go up to a data rate of 300 Mbps.
As discussed in the previous section, Path Loss Exponents (PLE) and Link Budget windows work together. For a full clear path, PLE is 2.0. For AP to AP, there is comparatively more clearance than AP to client. For AP to AP, PLE can be taken as 2.3 because it can be assumed that the height of both APs is about 10 meters, which means a good line of sight (but without Fresnel zone clearance).
For AP to client, PLE should be greater than or equal to 2.5 because the client is only 1 meter high. Therefore, there will be less Fresnel zone clearance. This applies to both the 2.4-GHz and 5-GHz bands.
Let us consider AP to AP link budget in 5 GHz for -A domain because 5 GHz is used as a backhaul for mesh. We can take a legacy data rate of 9 Mbps to estimate the range (see Table 20).
Note
The AP1552 models with inbuilt antennas (1552C/I) have the same system gain as AP1522s for 5-GHz backhaul giving the AP to AP distance of 2722 feet. A fade margin of 9 dB is assumed for four 9s availability. This is inconsistent with the assumption to calculate the required SNR values in the Wireless Mesh Constraints section.
Link Budget Analysis for AP to Client (-A Domain)
This section contains link budget analysis for AP to Client, so that we know how much far away a client can go from the AP with a system gain value in each band. In this analysis, the focus is on the system gain for upstream and downstream. Ideally, link should be balanced for upstream and downstream, but practically it may not happen. Generally, there is a higher antenna gain and higher Tx power available on the AP rather than on the client. But, this can also be opposite in a few regulatory domains because of different EIRP limit enforcements. Therefore, the lowest of both upstream and downstream should be taken to calculate AP to client distance because that will be the decision factor. For example, if there is a higher downstream gain than upstream, then upstream should be the decision maker for cell size rather than downstream because the upstream system gain allows only client to connect to the AP.
The regulatory domain values of Tx EIRP and Rx sensitivities decide whether upstream or downstream will have the lower system gain. The cell size should be governed by upstream and not downstream.
Because most of the clients available are 2.4-GHz clients, the focus is on 2.4-GHz AP to client and take this approach to recommend the cell sizes.
For the AP to client link budget in 2.4 GHz, let us assume a client Tx power of 20 dB and an antenna gain of 0 dBi (see Table 21). For -A domain EIRP limit is 36 dBm for 2.4- and 5-GHz bands.
.
The -A domain AP to client link budget in 2.4 GHz band is limited by upstream. That is, the upstream has lower system gain, and therefore, the decision factor will be upstream.
Cell sizes for AP to Client in 2.4 GHz for different AP1552 models can be decided by picking the lowest of the following two:
•
•
Because most of the clients available are 2.4-GHz clients, we recommend the cell size taking 2.4 GHz values into consideration (see Table 22).
.
For AP to AP distance we can take double the AP to Client distance (see Table 23).
.
Table 23 Recommendations for Cell Radius
1552 C/I
250 meters (800 feet)
500 meters (1600 feet)
1552 E/H
300 meters (1000 feet)
600 meters (2000 feet)
Figure 55 shows the AP-to-Client cell radius at 2.4 GHz.
Figure 55 AP-to-Client Cell Radius at 2.4 GHz
The following assumptions are made:
•
•
•
•
•
AP Densities result as follows:
•
•
With these recommendations, the likelihood of getting healthy cells is more.
Note
Comparison of Link Budgets of AP1520 Series and AP1552 Series in 2.4- and 5-GHz Bands (-E Domain)
In the -E Domain, EIRP limits are comparatively much lower. EIRP limit for 2.4 Ghz is 20 dBm and for 5 GHz is 30 dBm.
Let us consider 5 GHz because it is used as a backhaul for mesh. We can take a legacy data rate of 9 Mbps to estimate the range (see Table 24).
Note
Table 24 AP to AP RF Link Budget, 5.6 GHz: 9 Mbps (-E domain)
The AP1552 models with inbuilt antennas (1552C/I) have the same system gain as AP1522s for 5 GHz backhaul giving the AP to AP distance of 1543 feet.
Link Budget Analysis for AP to Client (-E Domain)
This section contains link budget analysis for AP to Client in the 2.4-GHz band. In this analysis, the focus is on the system gain for upstream and downstream. Ideally, the link should be balanced for upstream and downstream, but practically it may not happen. Therefore, the decision factor for the cell radius will be the lowest of both upstream and downstream.
For AP to client link budget in 2.4 GHz, let us assume a client Tx power of 20 dB and an antenna gain of 0 dBi (see Table 25).
For -E domain, the EIRP limit is 20 dBm for the 2.4-GHz band and 30 dBm for the 5-GHz band.
.
The AP to client link budget in the 2.4-GHz band on the -E domain is limited by downstream. Therefore, downstream has a lower system gain. Thus, the decision factor will be downstream.
Cell sizes for AP to Client in 2.4 GHz for different AP1552 models can be decided by picking the lowest of the following two:
•
•
Because most of the clients available are 2.4-GHz clients, we recommend the cell size taking 2.4 GHz values into consideration (see Table 26).
.
For AP to AP distance we can take double the AP to Client distance (see Table 27).
.
Table 27 Recommendations for Cell Radius
1552 C/I
180 meters (600 feet)
360 meters (1200 feet)
1552 E/H
180 meters (600 feet)
360 meters (1200 feet)
Note
Cisco 1520 Series Outdoor Mesh Range Calculation Utility: http://www.cisco.com/en/US/products/ps8368/products_implementation_design_guides_list.html
Range Calculator for 1550 Series Outdoor Mesh Access Points: http://www.cisco.com/en/US/products/ps11451/products_implementation_design_guides_list.html
Assumptions for AP1522 Range Calculator
•
•
•
•
•
Assumptions for AP1552 Range Calculator
•
•
•
•
•
•
•
•
•
The RAPs shown in Figure 56 are simply a starting point. The goal is to use the RAP location in combination with the RF antenna design to ensure that there is a good RF link to the MAP within the core of the cell, which means that the physical location of the RAPs can be on the edge of the cell, and a directional antenna is used to establish a link into the center of the cell. Therefore, the wired network location of a RAP might play host to the RAP of multiple cells, as shown in Figure 56.
Figure 56 PoP with Multiple RAPs
When the basic cell composition is settled, the cell can be replicated to cover a greater area. When replicating the cells, a decision needs to be made whether to use the same backhaul channel on all cells or to change backhaul channels with each cell. In the example shown in Figure 57, various backhaul channels (B2, C2, and D2) per cell have been chosen to reduce the co-channel interference between cells.
Figure 57 Multiple RAP and MAP Cells
Choosing various channels reduces the co-channel interference at the cell boundaries, at the expense of faster mesh convergence, because MAPs must fall back to seek mode to find neighbors in adjacent cells. In areas of high-traffic density, co-channel interference has the highest impact, which is likely to be around the RAP. If RAPs are clustered in one location, a different channel strategy is likely to give optimal performance; if RAPs are dispersed among the cells, using the same channel is less likely to degrade performance.
When you lay out multiple cells, use channel planning similar to standard WLAN planning to avoid overlapping channels, as shown in Figure 58.
Figure 58 Laying out Various Cells
If possible, the channel planning should also minimize channel overlap in cases where the mesh has expanded to cover the loss of a RAP connection, as shown in Figure 59.
Figure 59 Failover Coverage
Collocating Mesh Access Points
The following recommendations provide guidelines to determine the required antenna separation when you collocate AP1500s on the same tower. The recommended minimum separations for antennas, transmit powers, and channel spacing are addressed.
The goal of proper spacing and antenna selection is to provide sufficient isolation by way of antenna radiation pattern, free space path loss, and adjacent or alternate adjacent channel receiver rejection to provide independent operation of the collocated units. The goal is to have negligible throughput degradation due to a CCA hold-off, and negligible receive sensitivity degradation due to a receive noise floor increase.
You must follow antenna proximity requirements, which depend upon the adjacent and alternate adjacent channel usage.
Collocating AP1500s on Adjacent Channels
If two collocated AP1500s operate on adjacent channels such as channel 149 (5745 MHz) and channel 152 (5765 MHz), the minimum vertical separation between the two AP1500s is 40 feet (12.192 meters) (the requirement applies for mesh access points equipped with either 8 dBi omnidirectional or 17 dBi high-gain directional patch antennas).
If two collocated AP1500s operate on channels 1, 6, or 11 (2412 to 2437 MHz) with a 5.5-dBi omnidirectional antenna, then the minimum vertical separation is 8 feet (2.438 meters).
Collocating AP1500s on Alternate Adjacent Channels
If two collocated AP1500s operate on alternate adjacent channels such as channel 149 (5745 MHz) and channel 157 (5785 MHz), the minimum vertical separation between the two AP1500s is 10 feet (3.048 meters) (the requirements applies for mesh access points equipped with either 8-dBi omnidirectional or 17-dBi high-gain directional patch antennas).
If two collocated AP1500s operate on alternate adjacent channels 1 and 11 (2412 MHz and 2462 MHz) with a 5.5-dBi omnidirectional antenna, then the minimum vertical separation is 2 feet (0.609 meters).
In summary, a 5-GHz antenna isolation determines mesh access point spacing requirements and antenna proximity must be followed and is dependent upon the adjacent and alternate adjacent channel usage.
Special Considerations for Indoor Mesh Networks
Note these considerations for indoor mesh networks:
•
•
•
•
•
–
–
•
•
–
–
–
–
–
–
–
Check the CU when no traffic is running
–
Figure 60 Cell Radius of 100 Feet (30.4 meters) and Access Point Placement for Voice Mesh Networks
Note
Figure 61 Cell Radius of 125 Feet (38 meters) and Access Point Placement for Indoor 11n Mesh Networks
Note
Wireless Propagation Characteristics
Table 28 provides a comparison of the 2.4-GHz and 5-GHz bands.
The 2.4-GHz band provides better propagation characteristics than 5 GHz, but 2.4 GHz is an unlicensed band and has historically been affected with more noise and interference to date than the 5-GHz band. In addition, because there are only three backhaul channels in 2.4 GHz, co-channel interference would result. Therefore, the best method to achieve comparable capacity is by reducing system gain (that is, transmit power, antenna gain, receive sensitivity, and path loss) to create smaller cells. These smaller cells require more access points per square mile (greater access point density).
2.4 GHz has more penetration capability across the obstacles due to a larger wavelength. In addition, 2.4 GHz has lower date rates which increases the success of the signal to reach the other end (see Configuring Advanced Features).
CleanAir
The 1550 series leverages 802.11n technology with integrated radio and internal/external antennas. The 1550 series access points are based on the same chipset as the present CleanAir capable Aironet 3500 APs. In other words, the 1550 series access points are capable of doing CleanAir.
With the 7.0.116.0 release, 3500 series access points can mesh with each other and can also provide CleanAir functionality.
CleanAir in mesh (1552 and 3500) can be implemented on the 2.4-GHz radio and provides clients complete 802.11n data rates while detecting, locating, classifying, and mitigating radio frequency (RF) interference. This provides a carrier class management and customer experience and ensures that you have control over the spectrum in the deployed location. CleanAir enabled RRM technology on the outdoor 11n platform detects, quantifies, and mitigates Wi-Fi and non-Wi-Fi interference on 2.4-GHz radios. AP1552 supports CleanAir in 2.4 GHz client access mode. AP3500 in bridge (mesh) mode also supports CleanAir in 2.4 GHz client access only and not on the backhaul.
CleanAir AP Modes of Operation
Bridge (Mesh) Mode AP (recommended)—AP1552 in bridge mode (mesh) offers complete CleanAir functionality in the 2.4-GHz band. Bridge (mesh) mode is equivalent of Local Mode (LMAP) for nonmesh CleanAir access points as far as CleanAir functionality is concerned. AP1552 comes only in the Bridge mode and the mode cannot be changed. A mesh access point performs CleanAir function and also serves clients on the assigned channel similar to the way the Cisco Indoor CleanAir AP3500 (nonmesh mode) operating in LMAP mode serving clients on its assigned channel. The mesh AP also monitors the spectrum only on that channel.
Similar CleanAir functionality is applicable to AP3500 in mesh mode. When AP3500 is in nonmesh mode, the AP can perform CleanAir function in LMAP or Monitor Mode. When AP3500 is in mesh mode, the AP can perform CleanAir function in bridge (mesh) mode on 2.4 GHz, serving clients at the same time on the assigned channel.
Tight silicon integration with the Wi-Fi radio allows the CleanAir hardware to listen between traffic on the channel that is currently being served with no penalty to throughput of attached clients. That is, line rate detection without interrupting client traffic.
AP1552 in 2.4 GHz client access offers Radio Resource Management (RRM) which helps to mitigate the interference from WiFi interferers. RRM is not available for the 5 GHz backhaul. There are no CleanAir dwells processed during normal off channel scans. Normally, a CUWN Local Mode AP executes an off channel passive scan of the alternate available channels in 2.4 GHz. Off-channel scans are used for system maintenance such as RRM metrics and rogue detection. The frequency of these scans is not sufficient to collect back-to-back dwells required for positive device classification. Thus, information collected during this scan is suppressed by the system. Increasing the frequency of off-channel scans is also not desirable because it takes away the time that the radio services traffic.
A CleanAir Mesh AP only scans one channel of each band continuously. In a normal deployment density, there should be many access points on the same channel, and at least one on each channel, assuming RRM is handling channel selection. In 2.4 GHz, access points have sufficient density to ensure at least three points of classification. An interference source that uses narrow band modulation (operates on or around a single frequency) is only detected by access points that share the frequency space. If the interference is a frequency hopping type (uses multiple frequencies—generally covering the whole band), it is detected by every access point that can hear it operating in the band.
Monitor Mode AP (optional) (MMAP)—A CleanAir monitor mode AP is dedicated and does not serve client traffic. The monitor mode ensures that all bands-channels are routinely scanned. The monitor mode is not available for AP1552 and 3500 in bridge (mesh) mode because in a mesh environment, access points also talk to each other on the backhaul. If a mesh AP (MAP) is in the monitor mode, then it cannot perform mesh operation. Also, it is not possible for AP1552 or AP3500 (bridge mode) to be in a dedicated monitor mode.
Spectrum Expert Connect Mode (optional) (SE Connect)—An SE Connect AP is configured as a dedicated spectrum sensor that allows connection of the Cisco Spectrum Expert application running on a local host to use the CleanAir AP as a remote spectrum sensor for the local application. This mode allows viewing of the raw spectrum data such as FFT plots and detailed measurements. This mode is intended for only remote troubleshooting.
Note
Pseudo MAC (PMAC) and Merging
PMAC and Merging phenomenon is similar to the one for 3500 access points in local mode. A PMAC is calculated as part of the device classification and included in the interference device record (IDR). Each AP generates the PMAC independently. While it is not identical for each report (at a minimum the measured RSSI of the device is likely different at each AP), it is similar. The function of comparing and evaluating PMACs is called merging. The PMAC is not exposed to customer interfaces. Only the results of merging are available in the form of a cluster ID.
The same device can be detected by multiple APs. All the PMACs and IDRs are analyzed on the controller and a report is generated called a device cluster, which shows the APs detecting the device and the device cluster showing the AP which is hearing the device as strongest.
In this merging spatial proximity, RF proximity (RF neighbor relationship) work together. If there are six similar IDRs with 5 APs nearby and another one from an AP that is far away, it is unlikely that it is the same interferer. Therefore, a cluster is formed taking all these into account. MSE and the controller first rely on RF Neighbor lists to establish spatial proximity in a merge.
PMAC Convergence and Merging depends upon the following factors:
•
•
•
•
So RRM on 2.4 GHz in mesh also plays a key role in deciding the merging aspect. APs should be RF neighbors for any possibility of Merging. RF Neighbor list is consulted and spatial relationships for IDRs are taken into account for Merging.
Because there is no Monitor Mode in mesh, a single controller merging occurs on the controller. The result of a controller merge is forwarded to the MSE (if present) along with all of the supporting IDRs.
For more than one WLC (possible in outdoor deployments), merging occurs on the MSE. MSE does more advanced merging and extracts location and historical information for interferers. No Location is performed on controller merged interferers. Location is done on the MSE.
Figure 62 Pseudo MAC Merging in Outdoors
After PMAC signature merging, you can identify which AP can hear the device, and which AP is the centre of a cluster. In Figure 62, the values are relevant to the band selected. The label R on AP indicates that the AP is a RAP and the line between APs shows the mesh relationship.
Event Driven Radio Resource Management and Persistence Device Avoidance
There are two key mitigation features that are present with CleanAir. Both rely directly on information that can only be gathered by CleanAir. Event Driven Radio Resource Management (EDRRM) and Persistence Device Avoidance (PDA). For mesh networks, they work exactly the same way as for nonmesh networks in the 2.4-GHz band.
Note
CleanAir Access Point Deployment Recommendations
CleanAir is a passive technology that does not affect the normal operation of Wi-Fi networks. There is no inherent difference between a CleanAir deployment and a mesh deployment.
Locating a non-Wi-Fi device has a lot of variables to consider. Accuracy increases with power, duty cycle, and the number of channels hearing the device. This is advantageous because higher power, higher duty cycle, and devices that impact multiple channels are considered to be severe with respect to interference to networks.
Note
There are a lot of variables in the world of consumer electronics and unintentional electrical interference. Any expectation of accuracy that is derived from current Client or Tag location accuracy models does not apply to non-Wi-Fi location and CleanAir features.
Important notes to consider:
•
•
•
•
•
In most deployments, it is difficult to have a coverage area that does not have at least three APs nearby on the same channel in the 2.4-GHz band. In locations where there is minimal density, while the location resolution is likely not supported, the active user channel is protected.
Deployment considerations are dependent upon planning the network for desired capacity and ensuring that you have the correct components and network paths in place to support CleanAir functions. RF proximity and the importance of RF Neighbor Relations cannot be understated. It is important to keep in mind the PMAC and the merging process. If a network does not have a good RF design, the neighbor relations is affected, which in turn affects CleanAir performance.
The AP Density recommendations for CleanAir remain the same as normal mesh AP deployment as described in Cell Planning and Distance.
Location resolution in the Outdoors is to the nearest AP. Devices are located near the AP which is physically closest to the device. It is advisable to assume closest AP resolution.
It is possible to deploy a few1520 APs (non-CleanAir) with an installation that consists of 1552 APs (CleanAir). This deployment can work from a client and coverage standpoint as these access points are fully interoperable with each other. The complete CleanAir functionality depends on all access points being CleanAir enabled. Detection can be affected, and mitigation is not recommended.
A CleanAir AP actively serving clients can only monitor the assigned channel that it is serving. In an area where you have multiple access points serving clients in close proximity, the channels being served by CleanAir access points can drive CleanAir features. Legacy non-CleanAir access points rely on RRM, and mitigate interference issues, but not report the type and severity as CleanAir access points do to the system level.
For more information about mixed systems, see http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080b4bdc1.shtml.
Enabling CleanAir
To enable CleanAir functionality in the system, you first need to enable CleanAir on the controller through Wireless > 802.11a/b > CleanAir (see Figure 63). CleanAir is disabled by default. But, CleanAir is enabled by default on the AP interface.
Figure 63 CleanAir Parameters
After you enable CleanAir, it takes 15 minutes for normal system propagation of Air Quality information because the default reporting interval is 15 minutes. However, you can see the results instantly at the CleanAir detail level on the radio by going to Monitor > Access Points > 802.11a/n or 802.11b/n.
Licensing
With an entry CleanAir system, the requirements are a CleanAir AP and a controller on 7.0 or later releases. For AP1552, you need to have controller on release 7.0.116.0. Adding WCS allows the displays to be enhanced and additional information to be correlated within the system. Adding the MSE further enhances the available features and provides History and Location of specific interference devices. There is no additional license requirement for CleanAir features; the CleanAir AP is the license. Adding WCS can be done with a basic license. Adding the MSE to the system requires a WCS Plus license, and Context-Aware license selection for the MSE.
For purposes of interference location with the MSE, each interference device counts as a location target in Context-Aware. There are 100 Permanent Interferers licenses embedded in MSE. Interferer Licenses open as CleanAir APs are detected, in stages of 5 per CleanAir AP. This condition remains for AP1552. An Interference device is the same as a client or a tag from a license quantity standpoint. This should only use a small percentage of the available seats because there should be far less interference devices than clients or tags to track. Users do have control over what types of interference devices to detect and located from the controller configuration menus.
Cisco Context-Aware licenses can be managed and limited by class of target (client, tag, interference) giving users complete control over how license seats are used.
Note
If you have too many Bluetooth devices, it is advisable to switch off the tracing of these devices because they might take up too many CAS licenses.
Figure 64 MSE Context-Aware Element Manager
Wireless Mesh Mobility Groups
A mobility group allows controllers to peer with each other to support seamless roaming across controller boundaries. APs learn the IP addresses of the other members of the mobility group after the CAPWAP Join process. A controller can be a member of a single mobility group which can contain up to 24 controllers. Mobility is supported across 72 controllers. There can be up to 72 members (WLCs) in the mobility list with up to 24 members in the same mobility group (or domain) participating in client hand-offs. The IP address of a client does not have to be renewed in the same mobility domain. Renewing the IP address is irrelevant in the controller-based architecture when you use this feature.
Multiple Controllers
The consideration in distance of the CAPWAP controllers from other CAPWAP controllers in the mobility group, and the distance of the CAPWAP controllers from the RAP, is similar to the consideration of an CAPWAP WLAN deployment in an enterprise.
There are operational advantages to centralizing CAPWAP controllers, and these advantages need to be traded off against the speed and capacity of the links to the CAPWAP APs and the traffic profile of the WLAN clients using these mesh access points.
If the WLAN client traffic is expected to be focused on particular sites, such as the Internet or a data center, centralizing the controllers at the same sites as these traffic focal points gives the operational advantages without sacrificing traffic efficiency.
If the WLAN client traffic is more peer-to-peer, a distributed controller model might be a better fit. It is likely that a majority of the WLAN traffic are clients in the area, with a smaller amount of traffic going to other locations. Given that many peer-to-peer applications can be sensitive to delay and packet loss, you should ensure that traffic between peers takes the most efficient path.
Given that most deployments see a mix of client-server traffic and peer-to peer traffic, it is likely that a hybrid model of CAPWAP controller placement is used, where points of presence (PoPs) are created with clusters of controllers placed in strategic locations in the network.
The CAPWAP model used in the wireless mesh network is designed for campus networks; that is, it expects a high-speed, low-latency network between the CAPWAP mesh access points and the CAPWAP controller.
Increasing Mesh Availability
In the "Cell Planning and Distance" section, a wireless mesh cell of one square mile was created and then built upon. This wireless mesh cell has similar properties to the cells used to create a cellular phone network because the smaller cells (rather than the defined maximum cell size) can be created to cover the same physical area, providing greater availability or capacity. This process is done by adding a RAP to the cell. Similar to the larger mesh deployment, the decision is whether to use RAP on the same channel, as shown in Figure 65, or to use RAPs placed on different channels, as shown in Figure 66. The addition of RAPs into an area adds capacity and resilience to that area.
Figure 65 Two RAPs per Cell with the Same Channel
Figure 66 Two RAPs per Cell on Different Channels
Multiple RAPs
If multiple RAPs are to be deployed, the purpose for deploying these RAPs needs to be considered. If the RAPs are being deployed to provide hardware diversity, the additional RAP(s) should be deployed on the same channel as the primary RAP to minimize the convergence time in a scenario where the mesh transfers from one RAP to another. When you plan RAP hardware diversity, consider the 32 MAPs per RAP limitation.
If additional RAPs are deployed to primarily provide additional capacity, then the additional RAPs should be deployed on a different channel than its neighboring RAP to minimize the interference on the backhaul channels.
Adding a second RAP on a different channel also reduces the collision domain through channel planning or through RAP cell splitting. Channel planning allocates different nonoverlapping channels to mesh nodes in the same collision domain to minimize the collision probability. RAP cell splitting is a simple, yet effective, way to reduce the collision domain. Instead of deploying one RAP with omnidirectional antennas in a mesh network, two or more RAPs with directional antennas can be deployed. These RAPs collocate with each other and operate on different frequency channels. This process divides a large collision domain into several smaller ones that operate independently.
If the mesh access point bridging features are being used with multiple RAPs, these RAPs should all be on the same subnet to ensure that a consistent subnet is provided for bridge clients.
If you build your mesh with multiple RAPs on different subnets, MAP convergence times increase if a MAP has to fail over to another RAP on a different subnet. One way to limit this process from happening is to use different BGNs for segments in your network that are separated by subnet boundaries.
Indoor Mesh Interoperability with Outdoor Mesh
Complete interoperability of indoor mesh access points with the outdoor ones is supported. It helps to bring coverage from outdoors to indoors. We recommend indoor mesh access points for indoor use only, and these access points should be deployed outdoors only under limited circumstances as described below.
Caution
Mobility groups can be shared between outdoor mesh networks and indoor WLAN networks. It is also possible for a single controller to control indoor and outdoor mesh access points simultaneously. The same WLANs are broadcast out of both indoor and outdoor mesh access points.
Connecting the Cisco 1500 Series Mesh Access Point to Your Network
The wireless mesh terminates on two points on the wired network. The first location is where the RAP attaches to the wired network, and where all bridged traffic connects to the wired network. The second location is where the CAPWAP controller connects to the wired network; this location is where the WLAN client traffic from the mesh network connects to the wired network (see Figure 67). The WLAN client traffic from CAPWAP is tunneled at Layer 2, and matching WLANs should terminate on the same switch VLAN where the controllers are collocated. The security and network configuration for each of the WLANs on the mesh depend on the security capabilities of the network to which the controller is connected.
Note
Figure 67 Mesh Network Traffic Termination
Upgrading to the 7.0.116.0 Release
This section describes how to upgrade to the 7.0.116.0 release.
Mesh and Mainstream Releases on the Controller
After controller release 4.1.185.0, all mesh features were extracted from the main software base and a new mesh release software base for the controller was created. This mesh software base remained distinct from the main software base of the controller until release 5.2.
In release 5.2, features developed in the three controller mesh releases, 4.1.190.5, 4.1.191.22M, and 4.1.192.xxM, were merged with the main controller software base.
Table 29 lists the mesh and controller software releases and the compatible access points.
Note
Note
If you are using the mesh release, 4.1.192.xxM, we recommend that you upgrade to release 5.2 before upgrading to release 7.0. Upgrading directly to the intermediate release 5.2 from either 4.1.190.05 or 4.1.191.22M is not supported.
Caution
Software Upgrade Procedure
When you upgrade the controller's software, the software on the controller's associated mesh access points is also automatically upgraded. When a mesh access point is loading software, each of its LED blinks in succession.
Caution
Caution
Caution
Note
Note
Caution
Caution
To upgrade the mesh controller software using the controller GUI, follow these steps:
Step 1
Step 2
a.
http://www.cisco.com/cisco/software/navigator.html
b.
c.
d.
e.
f.
g.
Note
h.
i.
j.
k.
Step 3
Step 4
Step 5
Step 6
Step 7
Step 8
Step 9
Step 10
Step 11
Step 12
Step 13
Step 14
Step 15
Step 16
Step 17
Adding Mesh Access Points to the Mesh Network
This section assumes that the controller is already active in the network and is operating in Layer 3 mode.
Note
Before adding a mesh access point to a network, do the following:
1.
2.
3.
a.
4.
5.
6.
7.
8.
9.
10.
11.
http://www.cisco.com/en/US/products/ps6366/products_installation_and_configuration_guides_list.html
12.
13.
Adding MAC Addresses of Mesh Access Points to MAC Filter
You must enter the MAC address for all mesh access points that you want to use in the mesh network into the appropriate controller. A controller only responds to discovery requests from outdoor radios that appear in its authorization list. MAC filtering is enabled by default on the controller, so only the MAC addresses need to be configured. If the access point has an SSC and has been added to the AP Authorization List, then the MAC address of the AP does not need to be added to the MAC Filtering List.
You can add the mesh access point using either the GUI or the CLI.
Note
Adding the MAC Address of the Mesh Access Point to the Controller Filter List Using the GUI
To add a MAC filter entry for the mesh access point on the controller using the controller GUI, follow these steps.
Step 1
Figure 68 MAC Filtering Page
Step 2
Figure 69 MAC Filters > New Page
Step 3
Note
Step 4
Step 5
Note
Step 6
Step 7
Step 8
Step 9
Adding the MAC Address of the Mesh Access Point to the Controller Filter List Using the CLI
To add a MAC filter entry for the mesh access point on the controller using the controller CLI, follow these steps:
Step 1
config macfilter add ap_mac wlan_id interface [description]
A value of zero (0) for the wlan_id parameter specifies any WLAN, and a value of zero (0) for the interface parameter specifies none. You can enter up to 32 characters for the optional description parameter.
Step 2
save config
Defining Mesh Access Point Role
By default, AP1500s are shipped with a radio role set to MAP. You must reconfigure a mesh access point to act as a RAP.
General Notes about MAP and RAP Association With The Controller
The general notes are as follows:
•
•
•
•
•
Configuring the AP Role Using the GUI
To configure the role of a mesh access point using the GUI, follow these steps:
Step 1
Step 2
Step 3
Figure 70 All APs > Details for (Mesh) Page
Step 4
Step 5
Configuring the AP Role Using the CLI
To configure the role of a mesh access point using the CLI, enter the following command:
config ap role {rootAP | meshAP} Cisco_AP
Configuring Multiple Controllers Using DHCP 43 and DHCP 60
To configure DHCP Option 43 and 60 for mesh access points in the embedded Cisco IOS DHCP server, follow these steps:
Step 1
Step 2
ip dhcp pool pool namenetwork IP Network Netmaskdefault-router Default routerdns-server DNS Serverwhere:
pool name is the name of the DHCP pool, such as AP1520IP Network is the network IP address where the controller resides, such as 10.0.15.1Netmask is the subnet mask, such as 255.255.255.0Default router is the IP address of the default router, such as 10.0.0.1DNS Server is the IP address of the DNS server, such as 10.0.10.2Step 3
option 60 ascii "VCI string"For the VCI string, use one of the values below. The quotation marks must be included.
For Cisco 1550 series access points, enter "Cisco AP c1550"For Cisco 1520 series access points, enter "Cisco AP c1520"For Cisco 1240 series access points, enter "Cisco AP c1240"For Cisco 1130 series access points, enter "Cisco AP c1130"Step 4
option 43 hex hex stringThe hex string is assembled by concatenating the TLV values shown below:
Type + Length + Value
Type is always f1(hex). Length is the number of controller management IP addresses times 4 in hex. Value is the IP address of the controller listed sequentially in hex.
For example, suppose that there are two controllers with management interface IP addresses 10.126.126.2 and 10.127.127.2. The type is f1(hex). The length is 2 * 4 = 8 = 08 (hex). The IP addresses translate to 0a7e7e02 and 0a7f7f02. Assembling the string then yields f1080a7e7e020a7f7f02.
The resulting Cisco IOS command added to the DHCP scope is listed below:
option 43 hex f1080a7e7e020a7f7f02
Configuring Backup Controllers
A single controller at a centralized location can act as a backup for mesh access points when they lose connectivity with the primary controller in the local region. Centralized and regional controllers need not be in the same mobility group. Using the controller GUI or CLI, you can specify the IP addresses of the backup controllers, which allows the mesh access points to fail over to controllers outside of the mobility group.
You can also configure primary and secondary backup controllers (which are used if primary, secondary, or tertiary controllers are not specified or are not responsive) for all access points connected to the controller as well as various timers, including the heartbeat timer and discovery request timers.
Note
The mesh access point maintains a list of backup controllers and periodically sends primary discovery requests to each entry on the list. When the mesh access point receives a new discovery response from a controller, the backup controller list is updated. Any controller that fails to respond to two consecutive primary discovery requests is removed from the list. If the mesh access point's local controller fails, it chooses an available controller from the backup controller list in this order: primary, secondary, tertiary, primary backup, and secondary backup. The mesh access point waits for a discovery response from the first available controller in the backup list and joins the controller if it receives a response within the time configured for the primary discovery request timer. If the time limit is reached, the mesh access point assumes that the controller cannot be joined and waits for a discovery response from the next available controller in the list.
Note
Note
Configuring Backup Controllers Using the GUI
Using the controller GUI, follow these steps to configure primary, secondary, and tertiary controllers for a specific mesh access point and to configure primary and secondary backup controllers for all mesh access points:
Step 1
Figure 71 Global Configuration Page
Note
Step 2
Step 3
Note
Step 4
Note
Step 5
Step 6
a.
b.
c.
Figure 72 All APs > Details for (High Availability) Page
d.
Note
e.
f.
g.
h.
Step 7
Configuring Backup Controllers Using the CLI
Using the controller CLI, follow these steps to configure primary, secondary, and tertiary controllers for a specific mesh access point and to configure primary and secondary backup controllers for all mesh access points.
Step 1
config ap primary-base controller_name Cisco_AP [controller_ip_address]
Note
Step 2
config ap secondary-base controller_name Cisco_AP [controller_ip_address]
Step 3
config ap tertiary-base controller_name Cisco_AP [controller_ip_address]
Step 4
config advanced backup-controller primary backup_controller_name backup_controller_ip_address
Step 5
config advanced backup-controller secondary backup_controller_name backup_controller_ip_address
Note
Step 6
config advanced timers ap-primary-discovery-timeout interval
where interval is a value between 30 and 3600 seconds. The default value is 120 seconds.
Step 7
config advanced timers ap-discovery-timeout interval
where interval is a value between 1 and 10 seconds (inclusive). The default value is 10 seconds.
Step 8
config advanced timers auth-timeout interval
where interval is a value between 10 and 600 seconds (inclusive). The default value is 10 seconds.
Step 9
save config
Step 10
•
•
•
•
Information similar to the following appears for the show ap config general Cisco_AP command:
Cisco AP Identifier.............................. 1Cisco AP Name.................................... AP5Country code..................................... US - United StatesRegulatory Domain allowed by Country............. 802.11bg:-AB 802.11a:-ABAP Country code.................................. US - United StatesAP Regulatory Domain............................. 802.11bg:-A 802.11a:-NSwitch Port Number .............................. 1MAC Address...................................... 00:13:80:60:48:3eIP Address Configuration......................... DHCPIP Address....................................... 1.100.163.133...Primary Cisco Switch Name........................ 1-4404Primary Cisco Switch IP Address.................. 2.2.2.2Secondary Cisco Switch Name...................... 1-4404Secondary Cisco Switch IP Address................ 2.2.2.2Tertiary Cisco Switch Name....................... 2-4404Tertiary Cisco Switch IP Address................. 1.1.1.4Information similar to the following appears for the show advanced backup-controller command:
AP primary Backup Controller .................... controller1 10.10.10.10AP secondary Backup Controller ............... 0.0.0.0Information similar to the following appears for the show advanced timers command:
Authentication Response Timeout (seconds)........ 10Rogue Entry Timeout (seconds).................... 1300AP Heart Beat Timeout (seconds).................. 30AP Discovery Timeout (seconds)................... 10AP Primary Discovery Timeout (seconds)........... 120Information similar to the following appears for the show mesh config command:
Mesh Range....................................... 12000Backhaul with client access status............... disabledBackground Scanning State........................ enabledMesh SecuritySecurity Mode................................. EAPExternal-Auth................................. disabledUse MAC Filter in External AAA server......... disabledForce External Authentication................. disabledMesh Alarm CriteriaMax Hop Count................................. 4Recommended Max Children for MAP.............. 10Recommended Max Children for RAP.............. 20Low Link SNR.................................. 12High Link SNR................................. 60Max Association Number........................ 10Association Interval.......................... 60 minutesParent Change Numbers......................... 3Parent Change Interval........................ 60 minutesMesh Multicast Mode.............................. In-OutMesh Full Sector DFS............................. enabledMesh Ethernet Bridging VLAN Transparent Mode..... enabled
Configuring External Authentication and Authorization Using a RADIUS Server
External authorization and authentication of mesh access points using a RADIUS server such as Cisco ACS (4.1 and later) is supported in release 5.2 and later releases. The RADIUS server must support the client authentication type of EAP-FAST with certificates.
Before you employ external authentication within the mesh network, ensure that you make these changes:
•
•
•
–
•
Note
Note
Configuring RADIUS Servers
To install and trust the CA certificates on the RADIUS server, follow these steps:
Step 1
•
•
Step 2
a.
b.
c.
Step 3
a.
b.
c.
d.
Note
•
(UNIX)
Adding a Username to a RADIUS Server
Add MAC addresses of mesh access point that are authorized and authenticated by external RADIUS servers to the user list of that server prior to enabling RADIUS authentication for a mesh access point.
For remote authorization and authentication, EAP-FAST uses the manufacturer's certificate (CERT) to authenticate the child mesh access point. Additionally, this manufacturer certificate-based identity serves as the username for the mesh access point in user validation.
For Cisco IOS-based mesh access points, in addition to adding the MAC address to the user list, you need to enter the platform_name_string-MAC_address string to the user list (for example, c1240-001122334455). The controller first sends the MAC address as the username; if this first attempt fails, then the controller sends the platform_name_string-MAC_address string as the username.
Example: RADIUS Server Username Entry
For each mesh access point, two entries must be added to the RADIUS server, the platform_name_string-MAC_address string, then a hyphen delimited MAC Address. For example:
•
User: c1520-aabbccddeeff
Password: cisco
•
User: aa-bb-cc-dd-ee-ff
Password: aa-bb-cc-dd-ee-ff
Note
Enabling External Authentication of Mesh Access Points Using the GUI
To enable external authentication for a mesh access point using the GUI, follow these steps:
Step 1
Figure 73 Mesh Page
Step 2
Step 3
Step 4
Step 5
Enable External Authentication of Mesh Access Points Using the CLI
To enable external authentication for mesh access points using the CLI, enter the following commands:
1.
2.
3.
4.
5.
View Security Statistics Using the CLI
To view security statistics for mesh access points using the CLI, enter the following command:
show mesh security-stats Cisco_AP
Use this command to display packet error statistics and a count of failures, timeouts, and association and authentication successes as well as reassociations and reauthentications for the specified access point and its child.
Configuring Global Mesh Parameters
This section provides instructions to configure the mesh access point to establish a connection with the controller including:
•
•
•
•
You can configure the necessary mesh parameters using either the GUI or the CLI. All parameters are applied globally.
Configuring Global Mesh Parameters Using the GUI
To configure global mesh parameters using the controller GUI, follow these steps:
Step 1
Step 2
.
Table 30 Global Mesh Parameters
Range (RootAP to MeshAP)
The optimum distance (in feet) that should exist between the root access point (RAP) and the mesh access point (MAP). This global parameter applies to all mesh access points when they join the controller and all existing mesh access points in the network.
Range: 150 to 132,000 feet
Default: 12,000 feet
Note
IDS (Rogue and Signature Detection)
When you enable this feature, IDS reports are generated for all traffic on the client access only and not on the backhaul.
When you disable this feature, no IDS reports are generated, which preserves bandwidth on the backhaul.
You have to use the following command to enable or disable it on the mesh APs:
config mesh ids-state {enable | disable}Note
Backhaul Client Access
Note
When Universal Client Access is enabled, it allows wireless client association over the backhaul radio. Generally, backhaul radio is a 5-GHz radio for most of the mesh access points except for 1522 where backhaul can be 2.4 GHz. This means that a backhaul radio can carry both backhaul traffic and client traffic.
When Universal Client Access is disabled, only backhaul traffic is sent over the backhaul radio and client association is only over the second radio(s).
Default: Disabled
Note
VLAN Transparent
This feature determines how a mesh access point handles VLAN tags for Ethernet bridged traffic.
Note
If VLAN Transparent is enabled, then VLAN tags are not handled and packets are bridged as untagged packets.
Note
If VLAN Transparent is disabled, then all packets are handled according to the VLAN configuration on the port (trunk, access, or normal mode).
Note
Note
Note
Note
Default: Enabled.
Security Mode
Defines the security mode for mesh access points: Pre-Shared Key (PSK) or Extensible Authentication Protocol (EAP).
Note
Note
Options: PSK or EAP
Default: EAP
External MAC Filter Authorization
MAC filtering uses the local MAC filter on the controller by default.
When external MAC filter authorization is enabled, if the MAC address is not found in the local MAC filter, then the MAC address in the external RADIUS server is used.
This protects your network against rogue mesh access points by preventing mesh access points that are not defined on the external server from joining.
Before employing external authentication within the mesh network, the following configuration is required:
•
•
•
–
–
•
Note
Default: Disabled.
Force External Authorization
When enabled along with EAP and External MAC Filter Authorization parameters, external authorization and authentication of mesh access points is done by default by an external RADIUS server (such as Cisco 4.1 and later). The RADIUS server overrides local authentication of the MAC address by the controller which is the default.
Default: Disabled.
Step 3
Step 4
Configuring Global Mesh Parameters Using the CLI
To configure global mesh parameters including authentication methods using the controller CLI, follow these steps.
Note
Step 1
config mesh range feet
To see the current range, enter the show mesh range command.
Step 2
config mesh ids-state {enable | disable}
Step 3
config ap bhrate {rate | auto} Cisco_AP
Step 4
config mesh client-access {enable | disable}
config ap wlan {enable | disable} 802.11a Cisco_AP
config ap wlan {add | delete} 802.11a wlan_id Cisco_AP
Step 5
config mesh ethernet-bridging VLAN-transparent {enable | disable}
Step 6
a.
config mesh security {eap | psk}
b.
config macfilter mac-delimiter colon
config mesh security rad-mac-filter enable
config mesh radius-server index enable
c.
config mesh security eap
config macfilter mac-delimiter colon
config mesh security rad-mac-filter enable
config mesh radius-server index enable
config mesh security force-ext-auth enable
d.
config macfilter mac-delimiter colon
config mesh security rad-mac-filter enable
config mesh radius-server index enable
config mesh security force-ext-auth enable
Step 7
save config
Viewing Global Mesh Parameter Settings Using the CLI
Use these commands to obtain information on global mesh settings:
•
When Universal Client Access is disabled, only backhaul traffic is sent over the backhaul radio and client association is only over the second radio(s).
controller >show mesh client-accessBackhaul with client access status: enabled•
controller >show mesh ids-stateOutdoor Mesh IDS(Rogue/Signature Detect): .... Disabled•
(Cisco Controller) > show mesh configMesh Range....................................... 12000Mesh Statistics update period.................... 3 minutesBackhaul with client access status............... disabledBackground Scanning State........................ enabledBackhaul Amsdu State............................. disabledMesh SecuritySecurity Mode................................. EAPExternal-Auth................................. disabledUse MAC Filter in External AAA server......... disabledForce External Authentication................. disabledMesh Alarm CriteriaMax Hop Count................................. 4Recommended Max Children for MAP.............. 10Recommended Max Children for RAP.............. 20Low Link SNR.................................. 12High Link SNR................................. 60Max Association Number........................ 10Association Interval.......................... 60 minutesParent Change Numbers......................... 3Parent Change Interval........................ 60 minutesMesh Multicast Mode.............................. In-OutMesh Full Sector DFS............................. enabledMesh Ethernet Bridging VLAN Transparent Mode..... enabledUniversal Client Access
When Universal Client Access is enabled, it allows wireless client association over the backhaul radio. Generally, backhaul radio is a 5-GHz radio for most of the mesh access points except for 1522 where backhaul can be 2.4 GHz. This means that a backhaul radio can carry both backhaul traffic and client traffic.
When Universal Client Access is disabled, only backhaul traffic is sent over the backhaul radio and client association is only over the second radio(s).
Note
After this feature is enabled, all mesh access points reboot.
This feature is applicable to mesh access points with two or more radios (1552, 1524SB, 1522, Indoor APs in mesh mode) excluding the 1524PS.
Configuring Universal Client Access using the GUI
Figure 74 shows how to enable Universal Client Access using the GUI. You will be prompted that the AP will reboot if you enable Universal Client Access.
Figure 74 Configuring Universal Client Access using the GUI
Configuring Universal Client Access using the CLI
Use the following command to enable Universal Client Access:
(Cisco Controller)> config mesh client-access enableThe following message is displayed:
All Mesh APs will be rebootedAre you sure you want to start? (y/N)Universal Client Access on Serial Backhaul Access Points
With universal client access, you can have client access on the backhaul 802.11a radios in addition to the backhaul functionality. This feature is applicable to mesh access points with two or more radios (1552, 1524SB, 1522, Indoor APs in mesh mode) excluding the 1524PS.
The dual 5-GHz Universal Client Access feature is intended for the serial backhaul access point platform, which has three radio slots. The radio in slot 0 operates in the 2.4-GHz band and is used for client access. The radios in slot 1 and slot 2 operate in the 5-GHz band and are primarily used for backhaul. However, with the Universal Client Access feature, clients were allowed to associate over the slot 1 radio. But slot 2 radio was used only for backhaul. With the 7.0 release, client access over the slot 2 radio is allowed with this Dual 5-GHz Universal Access feature.
By default, client access is disabled over both the backhaul radios. Follow the guidelines to enable or disable client access on the radio slots that constitute 5-GHz radios, irrespective of the radios being used as downlinks or uplinks:
•
•
•
•
•
The two 802.11a backhaul radios use the same MAC address. There may be instances where a WLAN maps to the same BSSID on more than one slot. Client access on the slot 2 radio is referred to as Extended Universal Access (EUA) in this document.
You can configure Extended Universal Access using one of the following methods:
•
•
•
Configuring Extended Universal Access Using the GUI
To configure the Extended Universal Access, follow these steps:
Step 1
The Controller GUI when Backhaul Client Access is disabled page appears as shown in Figure 75.
Figure 75
Advanced Controller Settings for Mesh Page
Step 2
Step 3
Figure 76 Advanced Controller Settings for Mesh Page
Step 4
After EUA is enabled, 802.11a radios are displayed as shown in Figure 77.
Figure 77
802.11a Radios after EUA is Enabled
Slot 2 in the 5-GHz radio in the RAPSB (serial backhaul) that is used to extend the backhaul in the DOWNLINK direction is displayed as DOWNLINK ACCESS, where slot 1 in the 5-GHz radio in the RAPSB that is used for client access is displayed as ACCESS. Slot 2 in the 5-GHz radio in the MAPSB that is used for the UPLINK is displayed as UPLINK ACCESS, and slot 1 in the MAPSB is used for the DOWNLINK ACCESS with an omnidirectional antenna that also provides the client access.
Create WLAN on the WLC with the appropriate SSID mapped to the correct interface (VLAN). After you create a WLAN, it is applied to all the radios by default. If you want to enable client access only on 802.11a radios, then choose only the appropriate radio policy from the list shown in Figure 78.
Figure 78
Radio Policy Selection
Configuring Extended Universal Access Using the CLI
•
The following message is displayed:
Enabling client access on both backhaul slotsSame BSSIDs will be used on both slotsAll Mesh Serial Backhaul APs will be rebootedAre you sure you want to start? (y/N)•
The status is displayed as follows:
Backhaul with client access status: enabledBackhaul with client access extended status(3 radio AP): enabled•
config mesh client-access disable
The following message is displayed:
All Mesh APs will be rebootedAre you sure you want to start? (y/N)•
It is possible to enable client access only on slot 1 and not on slot 2 by entering the following command:
config mesh client-access enable
The following message is displayed:
All Mesh APs will be rebootedAre you sure you want to start? (y/N)Configuring Extended Universal Access from the Wireless Control System (WCS)
Step 1
The WCS Mesh page when Backhaul Client Access is disabled appears as shown in Figure 79.
Figure 79
Mesh Settings Page
Step 2
Step 3
Step 4
Configuring Local Mesh Parameters
After configuring global mesh parameters, you must configure the following local mesh parameters for these specific features if in use in your network:
•
•
•
•
•
•
•
•
•
Configuring Wireless Backhaul Data Rate
Backhaul is used to create only the wireless connection between the access points. The backhaul interface by default is 802.11a or 802.11a/n depending upon the access point. The rate selection is important for effective use of the available RF spectrum. The rate can also affect the throughput of client devices, and throughput is an important metric used by industry publications to evaluate vendor devices.
Dynamic Rate Adaptation (DRA) introduces a process to estimate optimal transmission rate for packet transmissions. It is important to select rates correctly. If the rate is too high, packet transmissions fail resulting in communication failure. If the rate is too low, the available channel bandwidth is not used, resulting in inferior products, and the potential for catastrophic network congestion and collapse.
Data rates also affect the RF coverage and network performance. Lower data rates, for example 6 Mbps, can extend farther from the access point than can higher data rates, for example 300 Mbps. As a result, the data rate affects cell coverage and consequently the number of access points required. Different data rates are achieved by sending a more redundant signal on the wireless link, allowing data to be easily recovered from noise. The number of symbols sent out for a packet at the 1-Mbps data rate is higher than the number of symbols used for the same packet at 11 Mbps. Therefore, sending data at the lower bit rates takes more time than sending the equivalent data at a higher bit rate, resulting in reduced throughput.
In the controller release 5.2, the default data rate for the mesh 5-GHz backhaul is 24 Mbps. It remains the same with 6.0 and 7.0 controller releases.
With the 6.0 controller release, mesh backhaul can be configured for `Auto' data rate. Once configured, the access point picks the highest rate where the next higher rate cannot be used because of conditions not being suitable for that rate and not because of conditions that affect all rates. That is, once configured, each link is free to settle down to the best possible rate for its link quality.
We recommend that you configure the mesh backhaul to Auto.
For example, if mesh backhaul chose 48 Mbps, then this decision is taken after ensuring that we cannot use 54 Mbps as there is not enough SNR for 54 and not because some just turned the microwave oven on which affects all rates.
A lower bit rate might allow a greater distance between MAPs, but there are likely to be gaps in the WLAN client coverage, and the capacity of the backhaul network is reduced. An increased bit rate for the backhaul network either requires more MAPs or results in a reduced SNR between MAPs, limiting mesh reliability and interconnection.
Figure 80 shows the RAP using the "auto" backhaul data rate, and it is currently using 54 Mbps with its child MAP.
Figure 80 Bridge Rate Set to Auto
Note
Related Commands
Use these commands to obtain information about backhaul:
•
The syntax is as follows:
(controller) > config ap bhrate backhaul-rate ap-name
Note
Before you upgrade to the 6.0 release, if you have the backhaul data rate configured to any data rate, then the configuration is preserved.
The following example shows how to configure a backhaul rate of 36000 Kbps on a RAP:
(controller) > config ap bhrate 36000 HPRAP1
•
The syntax is as follows:
(controller) > show ap bhrate ap-name•
Example:
(controller) > show mesh neigh summary HPRAP1AP Name/Radio Channel Rate Link-Snr Flags State--------------- -------- -------- ------- ----- -----00:0B:85:5C:B9:20 0 auto 4 0x10e8fcb8 BEACON00:0B:85:5F:FF:60 0 auto 4 0x10e8fcb8 BEACON DEFAULT00:0B:85:62:1E:00 165 auto 4 0x10e8fcb8 BEACONOO:0B:85:70:8C:A0 0 auto 1 0x10e8fcb8 BEACONHPMAP1 165 54 40 0x36 CHILD BEACONHJMAP2 0 auto 4 0x10e8fcb8 BEACONBackhaul capacity and throughput depends upon the type of the AP, that is, if it is 802.11a/n or only 802.11a, number of backhaul radios it has, and so on.
In AP1524 SB, Slot 2 in the 5-GHz radio in the RAP is used to extend the backhaul in the downlink direction, whereas Slot 2 in the 5-GHz radio in the MAP is used for backhaul in the uplink. We recommend using a directional antenna with the Slot 2 radio. MAPs extend Slot 1 radio in the downlink direction with Omni or directional antenna also providing client access. Client access can be provided on the Slot 2 radio from the 7.0 release onwards.
AP1524SB provides you with better throughput, and throughput rarely degrades after the first hop. The performance of AP1524SB is better than AP1522 and AP1524PS because these APs have only a single radio for the backhaul uplink and downlink (see Figure 81, Figure 82, Figure 83, and Figure 84).
Figure 81 1524SB TCP Downstream Rate Auto
Figure 82 1522 TCP 54 Mbps Downstream
Note
Figure 83 1524SB TCP Downstream Rate Auto
Figure 84 1524 TCP Downstream (24 Mbps)
Note
Figure 85 AP1552 Backhaul Throughput
Configuring Ethernet Bridging
For security reasons, the Ethernet port on all MAPs is disabled by default. It can be enabled only by configuring Ethernet bridging on the root and its respective MAP.
Note
- Spanning Tree Protocol (STP)
- Address Resolution Protocol (ARP)
- Control And Provisioning of Wireless Access Points (CAPWAP)
- Bootstrap Protocol (BOOTP) packets
Due to the exceptions and to prevent loop issues, we recommend that you do not connect two MAPs to each other over their Ethernet ports, unless they are configured as trunk ports on different native VLANs, and each is connected to a similarly configured switch.
Ethernet bridging has to be enabled for two scenarios:
1.
Note
2.
Figure 86 Point-to-Multipoint Bridging
Enabling Ethernet Bridging Using the GUI
To enable Ethernet bridging on a RAP or MAP using the GUI, follow these steps:
Step 1
Step 2
Step 3
Figure 87 All APs > Details for (Mesh) Page
Step 4
Step 5
Step 6
Step 7
Configuring Bridge Group Names
Bridge group names (BGNs) control the association of mesh access points. BGNs can logically group radios to avoid two networks on the same channel from communicating with each other. The setting is also useful if you have more than one RAP in your network in the same sector (area). BGN is a string of 10 characters maximum.
A BGN of NULL VALUE is assigned by default by manufacturing. Although not visible to you, it allows a mesh access point to join the network prior to your assignment of your network-specific BGN.
If you have two RAPs in your network in the same sector (for more capacity), we recommend that you configure the two RAPs with the same BGN, but on different channels.
Configuring BGN Using the CLI
To configure a BGN, follow these steps:
Step 1
Note
Caution
Step 2
(Cisco controller) > show ap config general AP_Name
Information similar to the following is displayed.
Verifying BGN Using the GUI
To verify BGN using the GUI, follow these steps:
Step 1
Step 2
Figure 88 AP Name > Mesh
Configuring Public Safety Band Settings
A public safety band (4.9 GHz) is supported on the AP1522 and AP1524PS. (See Figure 89.)
Figure 89 AP 1524PS Diagram Showing Radio Placement
•
–
•
–
•
•
The 4.9-GHz subband radio on the AP1524PS supports public safety channels within the 5-MHz (channels 1 to 10), 10-MHz (channels 11 to 19), and 20-MHz (channels 20 to 26) bandwidths.
•
•
Note
•
Enabling the 4.9-GHz Band
When you attempt to enable the 4.9-GHz band, you get a warning that the band is a licensed band in most parts of the world. (See Figure 90.)
Figure 90 Public Safety Warning During Configuration
•
(Cisco controller) show mesh public-safetyGlobal Public Safety status: enabled•
Wireless > Access Points > 802.11a radio > Configure (from the Antenna drop-down list)
Configuring Interoperability with Cisco 3200
Cisco AP1522 and AP1524PS can interoperate with the Cisco 3200 on the public safety channel (4.9-GHz) as well as the 2.4-GHz access and 5.8-GHz backhaul.
The Cisco 3200 creates an in-vehicle network in which devices such as PCs, surveillance cameras, digital video recorders, printers, PDAs, and scanners can share wireless networks such as cellular or WLAN based services back to the main infrastructure. This feature allows data collected from in-vehicle deployments such as a police cars to be integrated into the overall wireless infrastructure.
This section provides configuration guidelines and step-by-step instructions for configuring interoperability between the Cisco 3200 and the AP1522 and the AP1524PS.
For specific interoperability details between series 1130, 1240, and 1520 (1522, 1524PS) mesh access points and Cisco 3200, see Table 32.
Table 32 Mesh Access Points and Cisco 3200 Interoperability
1552, 15221
1524PS
c3201, c3202
1524SB, 1130, 1240, Indoor 802.11n mesh access points
c3201, c3205
1 Universal access must be enabled on the AP1522 if connecting to a Cisco 3200 on the 802.11a radio or 4.9-GHz band.
2 Model c3201 is a Cisco 3200 with a 802.11b/g radio (2.4-GHz).
3 Model c3202 is a Cisco 3200 with a 4-9-GHz subband radio.
4 Model c3205 is a Cisco 3200 with a 802.11a radio (5.8-GHz subband).
Configuration Guidelines for Public Safety 4.9-GHz Band
For the AP1522 or AP1524PS and Cisco 3200 to interoperate on the public safety network, the following configuration guidelines must be met:
•
•
•
–
–
The default channel width for Cisco 3200s is 5 MHz. You must either change the channel width to 10 or 20 MHz to enable WGBs to associate with the AP1522 and AP1524PS or change the channel on the AP1522 or AP1524PS to a channel in the 5-MHz band (channels 1 to 10) or 10-MHz band (channels 11 to 19).
•
•
Enabling AP1522 to Associate with Cisco 3200 Using the GUI
To enable AP1522 to associate with Cisco 3200, follow these steps:
Step 1
Step 2
Note
Step 3
Step 4
Figure 91 Wireless > Access Points > Radio > 802.11 a/n > Configure Page
Step 5
Step 6
Step 7
Enabling 1522 and 1524PS Association with Cisco 3200 Using the CLI
To enable an AP1522 or AP1524PS to associate with Cisco 3200, follow these steps:
Step 1
config mesh client-access enable
Step 2
config mesh public-safety enable all
Step 3
a.
config 802.11a disable Cisco_MAP
config 802.11a channel ap Cisco_MAP channel number
config 802.11a enable Cisco_MAP
b.
config 802.11-a49 disable Cisco_MAP
config 802.11-a49 channel ap Cisco_MAP channel number
config 802.11-a49 enable Cisco_MAP
Note
Note
Step 4
save config
Step 5
show mesh public-safety
show mesh client-access
show ap config 802.11a summary (1522 only)
show ap config 802.11-a49 summary (1524PS only)
Note
Configuring Power and Channel Settings
The backhaul channel (802.11a/n) can be configured on a RAP. MAPs tune to the RAP channel. The local access can be configured independently for MAP.
Configuring Power and Channel Settings Using the GUI
To configure power and channel using the controller GUI, follow these steps:
Step 1
Figure 92 Access Points > 802.11a/n Radios Page
Note
Step 2
Note
Figure 93 802.11a/n Cisco APs > Configure Page
Step 3
Note
Step 4
There are five selectable power levels for the 802.11a backhaul for AP1500s.
Note
Note
Step 5
Step 6
Figure 94 Channel Assignment
Configuring the Channels on the Serial Backhaul Using the CLI
To configure channels on the serial backhaul of the RAP using the controller CLI, follow these steps:
Step 1
config slot 2 channel ap Cisco_RAPSB channel
The available channels for the 5.8-GHz band are 149, 153, 157, 161, and 165.
Step 2
config slot 2 txPower ap Cisco_RAPSB power
Valid values are 1 through 5; the default value is 1.
Step 3
•
Information similar to the following appears:
RAPSB is a Root AP.•
Information similar to the following appears:
Current Backhaul Slot(s)......................... 1, 2,Basic Attributes for Slot 1Radio Type................................... RADIO_TYPE_80211aRadio Role................................... ACCESSAdministrative State ........................ ADMIN_ENABLEDOperation State ............................. UPCurrent Tx Power Level ...................... 1Current Channel ............................. 165Antenna Type................................. EXTERNAL_ANTENNAExternal Antenna Gain (in .5 dBm units)...... 0Basic Attributes for Slot 2Radio Type................................... RADIO_TYPE_80211aRadio Role................................... RADIO_DOWNLINKAdministrative State ........................ ADMIN_ENABLEDOperation State ............................. UPCurrent Tx Power Level ...................... 3Current Channel ............................. 153Antenna Type................................. EXTERNAL_ANTENNAExternal Antenna Gain (in .5 dBm units)...... 0•
Information similar to the following appears:
802.11b/g Current Channel ................. 11Slot Id ................................... 0Allowed Channel List....................... 1,2,3,4,5,6,7,8,9,10,11802.11a(5.8Ghz) Current Channel ........... 161Slot Id ................................... 1Allowed Channel List....................... 149,153,157,161,165802.11a(5.8Ghz) Current Channel ........... 153Slot Id ................................... 2Allowed Channel List....................... 149,153,157,161,165
Configuring Antenna Gain
You must configure the antenna gain for the mesh access point to match that of the antenna installed using the controller GUI or controller CLI.
Note
Configuring Antenna Gain Using the GUI
To configure antenna parameters using the controller GUI, follow these steps:
Step 1
Step 2
Note
Figure 95 802.11a/n Radios Page
Step 3
The gain is entered in 0.5 dBm units. For example, 2.5 dBm = 5. (See Figure 96.)
Note
Figure 96 802.11 a/n Cisco APs > Configure Page
Step 4
Configuring Antenna Gain Using the CLI
Enter this command to configure the antenna gain for the 802.11a backhaul radio using the controller CLI:
config 802.11a antenna extAntGain antenna_gain AP_name
where gain is entered in 0.5-dBm units (for example, 2.5 dBm =5).
Backhaul Channel Deselection on Serial Backhaul Access Point
This feature is applicable to mesh APs with two 5-GHz radios, such as 1524SB (serial backhaul).
The backhaul channel deselection feature helps you to restrict the set of channels available to be assigned for the serial backhaul MAPs and RAPs. Because 1524SB MAP channels are automatically assigned, this feature helps in regulating the set of channels that get assigned to mesh access points. For example, if you do not want channel 165 to get assigned to any of the 1524SB mesh access points, you need to remove channel 165 from the DCA list and enable this feature.
When you remove certain channels from the DCA list and enable the mesh backhaul dca-channel command, those channels will not be assigned to any serial backhaul access points in any scenario. Even if a radar is detected on all channels within the DCA list channels, the radio will be shut down rather than moved to channels outside it. A trap message is sent to the WCS, and the message is displayed showing that the radio has been shut down because of DFS. You will not be able to assign channels to the serial backhaul RAP outside of the DCA list with the config mesh backhaul dca-channels enable command enabled. However, this is not case for the APs with one 5-GHz radio such as 1552, 1522, and 1524PS APs. For these APs, you can assign any channel outside of the DCA list for a RAP, and the controller/AP can also select a channel outside of the DCA list if no radar-free channel is available from the list.
This feature is best suited in an interoperability scenario with indoor mesh access points or workgroup bridges that support a channel set that is different from outdoor access points. For example, channel 165 is supported by outdoor access points but not by indoor access points in the -A domain. By enabling the backhaul channel deselection feature, you can restrict the channel assignment to only those channels that are common to both indoor and outdoor access points.
Note
In some scenarios, there may be two linear tracks or roads for mobility side by side. Because channel selection of MAPs happens automatically, there can be a hop at a channel, which is not available on the autonomous side, or the channel has to be skipped when the same or adjacent channel is selected in a neighborhood access point that belongs to a different linear chain.
Configuring Backhaul Channel Deselection Using the GUI
To configure the backhaul channel deselection, follow these steps:
Step 1
The Dynamic Channel Assignment Algorithm page appears.
Step 2
The channels included in the DCA list will not be assigned to the access points associated to this controller during automatic channel assignment.
Step 3
The Mesh page appears.
Step 4
Step 5
Step 6
The Configure page appears.
Step 7
Step 8
Step 9
Configuring Backhaul Channel Deselection Using the CLI
To configure backhaul channel deselection using CLI, follow these steps:
Step 1
(Controller) > show advanced 802.11a channelAutomatic Channel AssignmentChannel Assignment Mode........................ AUTOChannel Update Interval........................ 600 secondsAnchor time (Hour of the day).................. 0Channel Update Contribution.................... SNI..CleanAir Event-driven RRM option............... EnabledCleanAir Event-driven RRM sensitivity.......... MediumChannel Assignment Leader...................... 09:2b:16:28:00:03Last Run....................................... 286 seconds agoDCA Sensitivity Level.......................... MEDIUM (15 dB)DCA 802.11n Channel Width...................... 20 MHzDCA Minimum Energy Limit....................... -95 dBmChannel Energy LevelsMinimum...................................... unknownAverage...................................... unknownMaximum...................................... unknownChannel Dwell TimesMinimum...................................... 0 days, 17 h 02 m 05 sAverage...................................... 0 days, 17 h 46 m 07 sMaximum...................................... 0 days, 18 h 28 m 58 s802.11a 5 GHz Auto-RF Channel List--More-- or (q)uitAllowed Channel List......................... 36,40,44,48,52,56,60,64,116,140Unused Channel List.......................... 100,104,108,112,120,124,128,132,136DCA Outdoor AP option.......................... DisabledStep 2
You can also delete a channel from the DCA list by entering the config advanced 802.11a channel delete channel number command, where channel number is the channel number that you want to delete from the DCA list.
Before you add or delete a channel to or from the DCA list, ensure that the 802.11a network is disabled.
•
config 802.11a disable network
•
config 802.11a enable network
You cannot directly delete a channel from the DCA list if it is assigned to any 1524 RAP. To delete a channel assigned to a RAP, you must first change the channel assigned to the RAP and then enter the config advanced 802.11a channel delete channel number command from the controller.
The following is a sample output of the add channel and delete channel commands:
(Controller) > config 802.11a disable networkDisabling the 802.11a network may strand mesh APs. Are you sure you want to continue? (y/n)y(Controller) > config advanced 802.11a channel add 132(Controller) > config advanced 802.11a channel delete 116802.11a 5 GHz Auto-RF:Allowed Channel List......................... 36,40,44,48,52,56,60,64,116,132,140DCA channels for cSerial Backhaul Mesh APs is enabled.DCA list should have at least 3 non public safety channels supported by Serial Backhaul Mesh APs.Otherwise, the Serial Backhaul Mesh APs can get stranded.Are you sure you want to continue? (y/N)yFailed to delete channel.Reason: Channel 116 is configured for one of the Serial Backhaul RAPs.Disable mesh backhaul dca-channels or configure a different channel for Serial Backhaul RAPs.(Controller) > config advanced 802.11a channel delete 132802.11a 5 GHz Auto-RF:Allowed Channel List..................... 36,40,44,48,52,56,60,64,116,132,140DCA channels for Serial Backhaul Mesh APs is enabled.DCA list should have at least 3 non public safety channels supported by Serial Backhaul Mesh APs.Otherwise, the Serial Backhaul Mesh APs can get stranded.Are you sure you want to continue? (y/N)y(Controller) > config 802.11a enable networkStep 3
You can enter the config mesh backhaul dca-channels disable command if you want to disable the backhaul channel deselection feature for mesh access points.
It is not required that you disable 802.11a network to enable or disable this feature.
The following is a sample output:
(Controller) > config mesh backhaul dca-channels enable802.11a 5 GHz Auto-RF:Allowed Channel List......................... 36,40,44,48,52,56,60,64,116,140Enabling DCA channels for c1524 mesh APs will limit the channel set to the DCA channel list.DCA list should have at least 3 non public safety channels supported by Serial Backhaul Mesh APs.Otherwise, the Serial Backhaul Mesh APs can get stranded.Are you sure you want to continue? (y/N)y(Controller) > config mesh backhaul dca-channels disableStep 4
The following is a sample output:
(Controller) > show mesh configMesh Range....................................... 12000Mesh Statistics update period.................... 3 minutesBackhaul with client access status............... enabledBackground Scanning State........................ enabledBackhaul Amsdu State............................. disabledMesh SecuritySecurity Mode................................. PSKExternal-Auth................................. enabledRadius Server 1............................ 209.165.200.240Use MAC Filter in External AAA server......... disabledForce External Authentication................. disabledMesh Alarm CriteriaMax Hop Count................................. 4Recommended Max Children for MAP.............. 10Recommended Max Children for RAP.............. 20Low Link SNR.................................. 12High Link SNR................................. 60Max Association Number........................ 10Association Interval.......................... 60 minutesParent Change Numbers......................... 3--More-- or (q)uitParent Change Interval........................ 60 minutesMesh Multicast Mode.............................. In-OutMesh Full Sector DFS............................. enabledMesh Ethernet Bridging VLAN Transparent Mode..... enabledMesh DCA channels for Serial Backhaul APs................ disabledStep 5
•
•
•
Slot 2 of the 1524 RAP acts as a downlink radio. If backhaul channel deselection is enabled, you can assign only those channels that are available in the DCA list the access point.
The following is a sample output:
(Controller) > config slot 2 channel ap Controller-RAP2-1524 136Mesh backhaul dca-channels is enabled. Choose a channel from the DCA list.(Controller) > config slot 2 channel ap Controller-RAP2-1524 140
Backhaul Channel Deselection Guidelines
Follow these guidelines when configuring backhaul channel deselection:
•
•
Channel changed for Base Radio MAC: 00:1e:bd:19:7b:00 on 802.11aradio. Old channel: 132. New Channel: 116. Why: Radar. Energybefore/after change: 0/0. Noise before/after change: 0/0.Interference before/after change: 0/0.Radar signals have been detected on channel 132 by 802.11a radiowith MAC: 00:1e:bd:19:7b:00 and slot 2•
•
•
•
•
•
•
Configuring Dynamic Channel Assignment
Using the controller GUI, follow these steps to specify the channels that the dynamic channel assignment (DCA) algorithm considers when selecting the channels to be used for RRM scanning. This functionality is helpful when you know that the clients do not support certain channels because they are legacy devices or they have certain regulatory restrictions.
The steps outlined in this section are only relevant to mesh networks.
Step 1
a.
b.
c.
Step 2
Figure 97 802.11a > RRM > Dynamic Channel Assignment (DCA) Page
Step 3
•
•
Note
•
Step 4
Step 5
Step 6
Step 7
Step 8
Step 9
•
•
•
The default value is Medium. The DCA sensitivity thresholds vary by radio band, as noted in Table 33.
Table 33 DCA Sensitivity Thresholds
High
5 dB
5 dB
Medium
10 dB
15 dB
Low
20 dB
20 dB
Step 10
•
Note
This page also shows the following nonconfigurable channel parameter settings:
•
•
Step 11
Range:
802.11a—36, 40, 44, 48, 52, 56, 60, 64, 100, 104, 108, 112, 116, 132, 136, 140, 149, 153, 157, 161, 165, 190, 196
802.11b/g—1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11Default:
802.11a—36, 40, 44, 48, 52, 56, 60, 64, 100, 104, 108, 112, 116, 132, 136, 140, 149, 153, 157, 161
802.11b/g—1, 6, 11
Note
Step 12
Range:
802.11a—1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26Default:
802.11a—20, 26Step 13
Step 14
a.
b.
c.
Step 15
Note
Configuring Advanced Features
This section includes the following topics:
•
•
•
•
•
Using the 2.4-GHz Radio for Backhaul
Until the 7.0 release, mesh used the 5-GHz radio for backhaul, and the 2.4-GHz radio was used only for client access. The reasons for using only the 5-GHz radio for backhaul are as follows:
•
•
•
•
However, under certain conditions, such as dense foliage areas, you might have needed to use the 2.4-GHz band for a backhaul because it has better penetration.
With the 7.0.116.0 release, you can configure an entire mesh network to use a single backhaul that can be either 5 GHz or 2.4 GHz.
Caution
Caution
Changing the Backhaul from 5 GHz to 2.4 GHz
When you specify only the RAP name as an argument to the command, the whole mesh sector changes to 2.4 GHz or 5 GHz backhaul. The warning messages indicate the change in backhaul, whether it is from 2.4 GHz to 5 GHz or vice versa.
Note
To change the backhaul from 5 GHz to 2.4 GHz, follow these steps:
Step 1
(Cisco Controller) > config mesh backhaul slot 0 enable RAPThe following message appears;
Warning! Changing backhaul slot will bring down the mesh for renegotiation!!!After backhaul is changed, 5 GHz client access channels need to be changed manuallyAre you sure you want to continue? (y/N)Step 2
Note
Changing the Backhaul from 2.4 GHz to 5 GHz
To change the backhaul from 2.4 GHz to 5 GHz, follow these steps:
Step 1
(Cisco Controller) > config mesh backhaul slot 1 enable RAPThe following message appears:
Warning! Changing backhaul slot will bring down the mesh for renegotiation!!!Are you sure you want to continue? (y/N)Step 2
Note
Verifying the Current Backhaul in Use
To verify the current backhaul in use, enter the following command:
(Cisco Controller) > show mesh backhaul AP_name
Note
When 5 GHz is converted to client access from the backhaul or 2.4 GHz is being used as backhaul, DFS works similar to how it works for a local mode AP. DFS is detected on a 5-GHz client access, and the request is sent to the controller for a new channel. Mesh adjacency is not affected for the 2.4-GHz backhaul.
Note
Configuring Ethernet VLAN Tagging
Ethernet VLAN tagging allows specific application traffic to be segmented within a wireless mesh network and then forwarded (bridged) to a wired LAN (access mode) or bridged to another wireless mesh network (trunk mode).
A typical public safety access application that uses Ethernet VLAN tagging is the placement of video surveillance cameras at various outdoor locations within a city. Each of these video cameras has a wired connection to a MAP. The video of all these cameras is then streamed across the wireless backhaul to a central command station on a wired network (see Figure 98).
Figure 98 Ethernet VLAN Tagging
Ethernet Port Notes
Ethernet VLAN tagging allows Ethernet ports to be configured as normal, access, or trunk in both indoor and outdoor implementations:
Note
•
Use the normal mode in applications when only a single VLAN is in use or there is no need to segment traffic in the network across multiple VLANs.
•
Use the access mode for applications in which information is collected from devices connected to the MAP, such as cameras or PCs, and then forwarded to the RAP. The RAP then applies tags and forwards traffic to a switch on the wired network.
•
•
Ethernet VLAN tagging operates on Ethernet ports that are not used as backhauls.
Ethernet VLAN Tagging Guidelines
Follow these guidelines for Ethernet tagging:
•
•
•
Figure 99 Wireless > Mesh Page
•
–
–
•
•
•
•
Figure 100 Warning Message Displays for Backhaul Configuration Attempts
•
–
–
•
•
•
–
–
–
–
•
•
•
VLAN Registration
To support a VLAN on a mesh access point, all the uplink mesh access points must also support the same VLAN to allow segregation of traffic that belongs to different VLANs. The activity by which an mesh access point communicates its requirements for a VLAN and gets response from a parent is known as VLAN registration.
Note
VLAN registration is summarized below:
1.
2.
3.
4.
5.
Enabling Ethernet VLAN Tagging Using the GUI
You must enable Ethernet bridging before you can configure VLAN tagging. See the "Configuring Ethernet Bridging" procedure.
To enable VLAN tagging on a RAP or MAP using the GUI, follow these steps:
Step 1
Step 2
Step 3
Figure 101 All APs > Details for (Mesh) Page
Step 4
An Ethernet Bridging section appears at the bottom of the page listing each of the four Ethernet ports of the mesh access point.
•
a.
b.
c.
Note
Note
Figure 102 VLAN Access Mode
•
a.
b.
c.
A trunk VLAN ID field and a summary of configured VLANs appears at the bottom of the screen. The trunk VLAN ID field is for outgoing packets.
d.
If forwarding untagged packets, do not change the default trunk VLAN ID value of zero. (MAP-to-MAP bridging, campus environment)
If forwarding tagged packets, enter a VLAN ID (1 to 4095) that is not already assigned. (RAP to switch on wired network).
e.
Note
Figure 103 All APs > AP > VLAN Mappings Page
Step 5
Step 6
Configuring Ethernet VLAN Tagging Using the CLI
To configure a MAP access port, enter this command:
config ap ethernet 1 mode access enable AP1500-MAP 50
where AP1500-MAP is the variable AP_name and 50 is the variable access_vlan ID
To configure a RAP or MAP trunk port, enter this command:
config ap ethernet 0 mode trunk enable AP1500-MAP 60
where AP1500-MAP is the variable AP_name and 60 is the variable native_vlan ID
To add a VLAN to the VLAN allowed list of the native VLAN, enter this command:
config ap ethernet 0 mode trunk add AP1500-MAP3 65
where AP1500-MAP 3 is the variable AP_name and 65 is the variable VLAN ID
Viewing Ethernet VLAN Tagging Configuration Details Using the CLI
To view VLAN configuration details for Ethernet interfaces on a specific mesh access point (AP Name) or all mesh access points (summary), enter one of the following commands:
To see if VLAN transparent mode is enabled or disabled, enter the following command:
Workgroup Bridge Interoperability with Mesh Infrastructure
A workgroup bridge (WGB) is a small standalone unit that can provide a wireless infrastructure connection for Ethernet-enabled devices. Devices that do not have a wireless client adapter to connect to the wireless network can be connected to the WGB through the Ethernet port. The WGB is associated with the root AP through the wireless interface, which means that wired clients get access to the wireless network.
A WGB is used to connect wired networks over a single wireless segment by informing the mesh access point of all the clients that the WGB has on its wired segment via IAPP messages. The data packets for WGB clients contain an additional MAC address in the 802.11 header (4 MAC headers, versus the normal 3 MAC data headers). The additional MAC in the header is the address of the WGB itself. This additional MAC address is used to route the packet to and from the clients.
WGB association is supported on all radios of every mesh access point (see Figure 104).
Figure 104 WGB Example
In the current architecture, while an autonomous AP functions as a workgroup bridge, only one radio interface is used for controller connectivity, Ethernet interface for wired client connectivity, and other radio interface for wireless client connectivity. dot11radio 1 (5 GHz) can be used to connect to a controller (using the mesh infrastructure) and Ethernet interface for wired clients. dot11radio 0 (2.4 GHz) can be used for wireless client connectivity. Depending on the requirement, dot11radio 1 or dot11radio 0 can be used for client association or controller connectivity.
With the 7.0 release, a wireless client on the second radio of the WGB is not dissociated by the WGB upon losing its uplink to a wireless infrastructure or in a roaming scenario.
With two radios, one radio can be used for client access and the other radio can be used for accessing the access points. Having two independent radios performing two independent functions provides you better control and lowers the latency. Also, wireless clients on the second radio for the WGB do not get disassociated by the WGB when an uplink is lost or in a roaming scenario. One radio has to be configured as a Root AP (radio role) and the second radio has to be configured as a WGB (radio role).
Note
The following features are not supported for use with a WGB:
•
•
•
•
Configuring Workgroup Bridges
A workgroup bridge (WGB) is used to connect wired networks over a single wireless segment by informing the mesh access point of all the clients that the WGB has on its wired segment via IAPP messages. In addition to the IAPP control messages, the data packets for WGB clients contain an extra MAC address in the 802.11 header (4 MAC headers, versus the normal 3 MAC data headers). The extra MAC in the header is the address of the workgroup bridge itself. This extra MAC address is used to route the packet to and from the clients.
WGB association is supported on both the 2.4-GHz (802.11b/g) and 5-GHz (802.11a) radios on the AP1522, and the 2.4-GHz (802.11b) and 4.9-GHz (public safety) radios on the AP1524PS;
Supported platforms are autonomous WGBs AP1130, AP1240, AP1310, and the Cisco 3200 Mobile Router (hereafter referred to as Cisco 3200) which are configured as WGBs can associate with a mesh access point. See the "Cisco Workgroup Bridges" section in Chapter 7 of the Cisco Wireless LAN Controller Configuration Guide, Release 7.0.116.0 for configuration steps at http://www.cisco.com/en/US/products/ps6366/products_installation_and_configuration_guides_list.html
Supported Workgroup Bridge Modes and Capacities
The supported WGB modes and capacities are as follows:
•
Note
•
•
•
•
•
–
–
Figure 105 WPA Security Settings for a WGB
Figure 106 WPA-2 Security Settings for a WGB
To view the status of a WGB client, follow these steps:
Step 1
Step 2
Step 3
Figure 107 Clients are Identified as a WGB
Step 4
•
•
Figure 108 Monitor > Clients > Detail Page (Wireless WGB Client)
Figure 109 Monitor > Clients > Detail Page (Wired WGB Client)
Guidelines for Configuration
Follow these guidelines when you configure:
•
•
•
•
•
•
•
•
•
•
•
•
•
We recommend that you configure radio 0 (2.4 GHz) as a Root (one of the mode of operations for Autonomous AP) and radio 1 (5 GHz) as a WGB.
Configuration Example
When you configure from the CLI, the following are mandatory:
•
•
Note
•
In the following example, one SSID (WGBTEST) is used in both radios, and the SSID is the infrastructure SSID mapped to NATIVE VLAN 51. All radio interfaces are mapped to bridge group -1.
WGB1#config tWGB1(config)#interface Dot11Radio1.51WGB1(config-subif)#encapsulation dot1q 51 nativeWGB1(config-subif)#bridge-group 1WGB1(config-subif)#exitWGB1(config)#interface Dot11Radio0.51WGB1(config-subif)#encapsulation dot1q 51 nativeWGB1(config-subif)#bridge-group 1WGB1(config-subif)#exitWGB1(config)#dot11 ssid WGBTESTWGB1(config-ssid)#VLAN 51WGB1(config-ssid)#authentication openWGB1(config-ssid)#infrastructiure-ssidWGB1(config-ssid)#exitWGB1(config)#interface Dot11Radio1WGB1(config-if)#ssid WGBTESTWGB1(config-if)#station-role workgroup-bridgeWGB1(config-if)#exitWGB1(config)#interface Dot11Radio0WGB1(config-if)#ssid WGBTESTWGB1(config-if)#station-role rootWGB1(config-if)#exitYou can also use the GUI of an autonomous AP for configuration (see Figure 110). From the GUI, subinterfaces are automatically created after the VLAN is defined.
Figure 110
SSID Configuration Page
WGB Association Check
Both the WGB association to the controller and the wireless client association to WGB can be verified by entering the show dot11 associations client command in autonomous AP.
WGB#show dot11 associations client802.11 Client Stations on Dot11Radio1:SSID [WGBTEST] :
From the controller, choose Monitor > Clients. The WGB and the wireless/wired client behind the WGB are updated and the wireless/wired client are shown as the WGB client, as shown in Figure 111, Figure 112, and Figure 113.
Figure 111 Updated WGB Clients
Figure 112 Updated WGB Clients
Figure 113 Updated WGB Clients
Link Test Result
Figure 114 shows the link test results.
Figure 114 Link Test Results
A link test can also be run from the controller CLI using the following command:
(Cisco Controller) > linktest client mac addressLink tests from the controller are only limited to the WGB, and they cannot be run beyond the WGB from the controller to a wired or wireless client connected to the WGB. You can run link tests for the wireless client connected to the WGB from the WGB itself using the following command:
ap#dot11 dot11Radio 0 linktest target client macStart linktest to 0040.96b8.d462, 100 512 byte packetsap#Rates (Src/Tgt) 24Mb 0/5 36Mb 25/0 48Mb 73/0 54Mb 2/91Linktest Done in 24.464 msecWGB Wired/Wireless Client
You can also use the following commands to know the summary of WGBs and clients associated associated with a Cisco lightweight access point:
(Cisco Controller) > show wgb summaryNumber of WGBs................................... 2
(Cisco Controller) > show client summaryNumber of Clients................................ 7
(Cisco Controller) > show wgb detail 00:1e:be:27:5f:e2Number of wired client(s): 5
Client Roaming
High-speed roaming of Cisco Compatible Extension (CX), version 4 (v4) clients is supported at speeds up to 70 miles per hour in outdoor mesh deployments of AP1522s and AP1524s. An example application might be maintaining communication with a terminal in an emergency vehicle as it moves within a mesh public network.
Three Cisco CX v4 Layer 2 client roaming enhancements are supported:
•
•
•
Note
For more information, see the Enterprise Mobility Design Guide at http://www.cisco.com/en/US/docs/solutions/Enterprise/Mobility/emob41dg/eMob4.1.pdf
WGB Roaming Guidelines
Follow these guidelines for WGB roaming:
•
When you enable this setting, the WGB scans for a new parent association when it encounters a poor Received Signal Strength Indicator (RSSI), excessive radio interference, or a high frame-loss percentage. Using these criteria, a WGB configured as a mobile station searches for a new parent association and roams to a new parent before it loses its current association. When the mobile station setting is disabled (the default setting), a WGB does not search for a new association until it loses its current association.
•
This command invokes scanning to all or specified channels. There is no limitation on the maximum number of channels that can be configured. The maximum number of channels that can be configured is restricted only by the number of channels that a radio can support. When executed, the WGB scans only this limited channel set. This limited channel feature also affects the known channel list that the WGB receives from the access point to which it is currently associated. Channels are added to the known channel list only if they are also part of the limited channel set.
Configuration Example
The following example shows how to configure a roaming configuration:
ap(config)#interface dot11radio 1ap(config-if)#ssid outsideap(config-if)#packet retries 16ap(config-if)#station role workgroup-bridgeap(config-if)#mobile stationap(config-if)#mobile station period 3 threshold 50ap(config-if)#mobile station scan 5745 5765Use the no mobile station scan command to restore scanning to all the channels.
Table 34 identifies mesh access points and their respective frequency bands that support WGB.
Troubleshooting Tips
If a wireless client is not associated with a WGB, use the following steps to troubleshoot the problem:
1.
2.
3.
4.
5.
6.
In a normal scenario, if the show bridge and show dot11 association command outputs are as expected, wireless client association should be successful.
Configuring Voice Parameters in Indoor Mesh Networks
You can configure call admission control (CAC) and QoS on the controller to manage voice and video quality on the mesh network.
The indoor mesh access points are 802.11e capable, and QoS is supported on the local 2.4-GHz access radio and the 5-GHz backhaul radio. CAC is supported on the backhaul and the CCXv4 clients (which provides CAC between the mesh access point and the client).
Note
CAC
CAC enables a mesh access point to maintain controlled quality of service (QoS) when the wireless LAN is experiencing congestion. The Wi-Fi Multimedia (WMM) protocol deployed in CCXv3 ensures sufficient QoS as long as the wireless LAN is not congested. However, to maintain QoS under differing network loads, CAC in CCXv4 or later is required.
Note
Two types of CAC are available for access points: bandwidth-based CAC and load-based CAC. All calls on a mesh network are bandwidth-based, so mesh access points use only bandwidth-based CAC.
Bandwidth-based, or static CAC enables the client to specify how much bandwidth or shared medium time is required to accept a new call. Each access point determines whether it is capable of accommodating a particular call by looking at the bandwidth available and compares it against the bandwidth required for the call. If there is not enough bandwidth available to maintain the maximum allowed number of calls with acceptable quality, the mesh access point rejects the call.
QoS and DSCP Marking
Cisco supports 802.11e on the local access and on the backhaul. Mesh access points prioritize user traffic based on classification, and therefore all user traffic is treated on a best-effort basis.
Resources available to users of the mesh vary, according to the location within the mesh, and a configuration that provides a bandwidth limitation in one point of the network can result in an oversubscription in other parts of the network.
Similarly, limiting clients on their percentage of RF is not suitable for mesh clients. The limiting resource is not the client WLAN, but the resources available on the mesh backhaul.
Similar to wired Ethernet networks, 802.11 WLANs employ Carrier Sense Multiple Access (CSMA), but instead of using collision detection (CD), WLANs use collision avoidance (CA), which means that instead of each station trying to transmit as soon as the medium is free, WLAN devices will use a collision avoidance mechanism to prevent multiple stations from transmitting at the same time.
The collision avoidance mechanism uses two values called CWmin and CWmax. CW stands for contention window. The CW determines what additional amount of time an endpoint should wait, after the interframe space (IFS), to attend to transmit a packet. Enhanced distributed coordination function (EDCF) is a model that allows end devices that have delay-sensitive multimedia traffic to modify their CWmin and CWmax values to allow for statically greater (and more frequent) access to the medium.
Cisco access points support EDCF-like QoS. This provides up to eight queues for QoS.
These queues can be allocated in several different ways, as follows:
•
•
•
•
AP1500s, with Cisco controllers, provide a minimal integrated services capability at the controller, in which client streams have maximum bandwidth limits, and a more robust differentiated services (diffServ) capability based on the IP DSCP values and QoS WLAN overrides.
When the queue capacity has been reached, additional frames are dropped (tail drop).
Encapsulations
Several encapsulations are used by the mesh system. These encapsulations include CAPWAP control and data between the controller and RAP, over the mesh backhaul, and between the mesh access point and its client(s). The encapsulation of bridging traffic (noncontroller traffic from a LAN) over the backhaul is the same as the encapsulation of CAPWAP data.
There are two encapsulations between the controller and the RAP. The first is for CAPWAP control, and the second is for CAPWAP data. In the control instance, CAPWAP is used as a container for control information and directives. In the instance of CAPWAP data, the entire packet, including the Ethernet and IP headers, is sent in the CAPWAP container (see Figure 115).
Figure 115 Encapsulations
For the backhaul, there is only one type of encapsulation, encapsulating mesh traffic. However, two types of traffic are encapsulated: bridging traffic and CAPWAP control and data traffic. Both types of traffic are encapsulated in a proprietary mesh header.
In the case of bridging traffic, the entire packet Ethernet frame is encapsulated in the mesh header (see Figure 116).
All backhaul frames are treated identically, regardless of whether they are MAP to MAP, RAP to MAP, or MAP to RAP.
Figure 116 Encapsulating Mesh Traffic
Queuing on the Mesh Access Point
The mesh access point uses a high speed CPU to process ingress frames, Ethernet, and wireless on a first-come, first-serve basis. These frames are queued for transmission to the appropriate output device, either Ethernet or wireless. Egress frames can be destined for either the 802.11 client network, the 802.11 backhaul network, or Ethernet.
AP1500s support four FIFOs for wireless client transmissions. These FIFOs correspond to the 802.11e platinum, gold, silver, and bronze queues, and obey the 802.11e transmission rules for those queues. The FIFOs have a user configurable queue depth.
The backhaul (frames destined for another outdoor mesh access point) uses four FIFOs, although user traffic is limited to gold, silver, and bronze. The platinum queue is used exclusively for CAPWAP control traffic and voice, and has been reworked from the standard 802.11e parameters for CWmin, CWmax, and so on, to provide more robust transmission but higher latencies.
The 802.11e parameters for CWmin, CWmax, and so on, for the gold queue have been reworked to provide lower latency at the expense of slightly higher error rate and aggressiveness. The purpose of these changes is to provide a channel that is more conducive to video applications.
Frames that are destined for Ethernet are queued as FIFO, up to the maximum available transmit buffer pool (256 frames). There is support for a Layer 3 IP Differentiated Services Code Point (DSCP), so marking of the packets is there as well.
In the controller to RAP path for the data traffic, the outer DSCP value is set to the DSCP value of the incoming IP frame. If the interface is in tagged mode, the controller sets the 802.1Q VLAN ID and derives the 802.1p UP (outer) from 802.1p UP incoming and the WLAN default priority ceiling. Frames with VLAN ID 0 are not tagged (see Figure 117).
Figure 117 Controller to RAP Path
For CAPWAP control traffic the IP DSCP value is set to 46, and the 802.1p user priority is set to 7. Prior to transmission of a wireless frame over the backhaul, regardless of node pairing (RAP/MAP) or direction, the DSCP value in the outer header is used to determine a backhaul priority. The following sections describe the mapping between the four backhaul queues the mesh access point uses and the DSCP values shown in Backhaul Path QoS (see Table 35).
Table 35 Backhaul Path QoS
2, 4, 6, 8 to 23
Bronze
26, 32 to 63
Gold
46 to 56
Platinum
All others including 0
Silver
Note
For a MAP to the client path, there are two different procedures, depending on whether the client is a WMM client or a normal client. If the client is a WMM client, the DSCP value in the outer frame is examined, and the 802.11e priority queue is used (see Table 36).
Table 36 MAP to Client Path QoS
2, 4, 6, 8 to 23
Bronze
26, 32 to 45, 47
Gold
46, 48 to 63
Platinum
All others including 0
Silver
If the client is not a WMM client, the WLAN override (as configured at the controller) determines the 802.11e queue (bronze, gold, platinum, or silver), on which the packet is transmitted.
For a client of a mesh access point, there are modifications made to incoming client frames in preparation for transmission on the mesh backhaul or Ethernet. For WMM clients, a MAP illustrates the way in which the outer DSCP value is set from an incoming WMM client frame (see Figure 118).
Figure 118 MAP to RAP Path
The minimum value of the incoming 802.11e user priority and the WLAN override priority is translated using the information listed in Table 37 to determine the DSCP value of the IP frame. For example, if the incoming frame has as its value a priority indicating the gold priority, but the WLAN is configured for the silver priority, the minimum priority of silver is used to determine the DSCP value.
If there is no incoming WMM priority, the default WLAN priority is used to generate the DSCP value in the outer header. If the frame is an originated CAPWAP control frame, the DSCP value of 46 is placed in the outer header.
With the 5.2 code enhancements, DSCP information is preserved in an AWPP header.
All wired client traffic is restricted to a maximum 802.1p UP value of 5, except DHCP/DNS and ARP packets, which go through the platinum queue.
The non-WMM wireless client traffic gets the default QoS priority of its WLAN. The WMM wireless client traffic may have a maximum 802.11e value of 6, but it must be below the QoS profile configured for its WLAN. If admission control is configured, WMM clients must use TSPEC signaling and get admitted by CAC.
The CAPWAPP data traffic carries wireless client traffic and has the same priority and treatment as wireless client traffic.
Now that the DSCP value is determined, the rules described earlier for the backhaul path from the RAP to the MAP are used to further determine the backhaul queue on which the frame is transmitted. Frames transmitted from the RAP to the controller are not tagged. The outer DSCP values are left intact, as they were first constructed.
Bridging Backhaul Packets
Bridging services are treated a little differently from regular controller-based services. There is no outer DSCP value in bridging packets because they are not CAPWAP encapsulated. Therefore, the DSCP value in the IP header as it was received by the mesh access point is used to index into the table as described in the path from the mesh access point to the mesh access point (backhaul).
Bridging Packets from and to a LAN
Packets received from a station on a LAN are not modified in any way. There is no override value for the LAN priority. Therefore, the LAN must be properly secured in bridging mode. The only protection offered to the mesh backhaul is that non-CAPWAP control frames that map to the platinum queue are demoted to the gold queue.
Packets are transmitted to the LAN precisely as they are received on the Ethernet ingress at entry to the mesh.
The only way to integrate QoS between Ethernet ports on AP1500 and 802.11a is by tagging Ethernet packets with DSCP. AP1500s take the Ethernet packet with DSCP and places it in the appropriate 802.11e queue.
AP1500s do not tag DSCP itself:
•
•
Ethernet devices, such as video cameras, should have the capability to mark the bits with DSCP value to take advantage of QoS.
Note
Guidelines For Using Voice on the Mesh Network
Follow these guidelines when you use voice on the mesh network:
•
•
•
–
–
–
–
–
–
–
•
–
–
•
–
–
–
–
–
•
–
–
•
–
•
–
–
•
–
•
–
Voice Call Support in a Mesh Network
Table 38 shows the actual calls in a clean, ideal environment.
Table 38 Calls Possible with 1520 Series in 802.11a and 802.11b/g Radios1
RAP
12
12
MAP1
7
10
MAP2
4
8
1 Traffic was bidirectional 64K voice flows. VoCoder type: G.711, PER <= 1%. Network setup was daisy-chained with no calls traversing more than 2 hops. No external interference.
Table 39 shows the actual calls in a clean, ideal environment.
Table 39 Calls Possible with 1550 Series in 802.11a/n 802.11b/g/n Radios1
RAP
20
35
20
20
MAP1 (First Hop)
10
20
15
20
MAP2 (Second Hop)
8
15
10
15
1 Traffic was bidirectional 64K voice flows. VoCoder type: G.711, PER <= 1%. Network setup was daisy-chained with no calls traversing more than 2 hops. No external interference.
While making a call, observe the MOS score of the call on the 7921 phone (see Table 40). A MOS score between 3.5 and 4 is acceptable.
Table 40 MOS Ratings
> 4.3
Very satisfied
4.0
Satisfied
3.6
Some users dissatisfied
3.1
Many users dissatisfied
< 2.58
—
Viewing the Voice Details for Mesh Networks Using the CLI
Use the commands in this section to view details on voice and video calls on the mesh network:
Note
Figure 119 Mesh Network Example
•
show mesh cac summary
Information similar to the following appears:
AP Name Slot# Radio BW Used/Max Calls------------ ------- ----- ----------- -----SB_RAP1 0 11b/g 0/23437 01 11a 0/23437 2SB_MAP1 0 11b/g 0/23437 01 11a 0/23437 0SB_MAP2 0 11b/g 0/23437 01 11a 0/23437 0SB_MAP3 0 11b/g 0/23437 01 11a 0/23437 0•
show mesh cac bwused {voice | video} AP_name
Information similar to the following appears:
AP Name Slot# Radio BW Used/Max------------- ------- ----- -----------SB_RAP1 0 11b/g 1016/234371 11a 3048/23437|SB_MAP1 0 11b/g 0/234371 11a 3048/23437|| SB_MAP2 0 11b/g 2032/234371 11a 3048/23437||| SB_MAP3 0 11b/g 0/234371 11a 0/23437
Note
Note
•
show mesh cac access AP_name
Information similar to the following appears:AP Name Slot# Radio Calls------------- ------- ----- -----SB_RAP1 0 11b/g 01 11a 0| SB_MAP1 0 11b/g 01 11a 0|| SB_MAP2 0 11b/g 11 11a 0||| SB_MAP3 0 11b/g 01 11a 0
Note
•
show mesh cac callpath AP_name
Information similar to the following appears:AP Name Slot# Radio Calls------------- ------- ----- -----SB_RAP1 0 11b/g 01 11a 1| SB_MAP1 0 11b/g 01 11a 1|| SB_MAP2 0 11b/g 11 11a 1||| SB_MAP3 0 11b/g 01 11a 0
Note
•
show mesh cac rejected AP_name
Information similar to the following appears:
AP Name Slot# Radio Calls------------- ------- ----- -----SB_RAP1 0 11b/g 01 11a 0| SB_MAP1 0 11b/g 01 11a 0|| SB_MAP2 0 11b/g 11 11a 0||| SB_MAP3 0 11b/g 01 11a 0
Note
•
show mesh queue-stats AP_name
Information similar to the following appears:
Queue Type Overflows Peak length Average length---------- --------- ----------- --------------Silver 0 1 0.000Gold 0 4 0.004Platinum 0 4 0.001Bronze 0 0 0.000Management 0 0 0.000Overflows—The total number of packets dropped due to queue overflow.
Peak Length—The peak number of packets waiting in the queue during the defined statistics time interval.
Average Length—The average number of packets waiting in the queue during the defined statistics time interval.
Enabling Mesh Multicast Containment for Video
You can use the controller CLI to configure three mesh multicast modes to manage video camera broadcasts on all mesh access points. When enabled, these modes reduce unnecessary multicast transmissions within the mesh network and conserve backhaul bandwidth.
Mesh multicast modes determine how bridging-enabled access points MAP and RAP send multicasts among Ethernet LANs within a mesh network. Mesh multicast modes manage non-CAPWAP multicast traffic only. CAPWAP multicast traffic is governed by a different mechanism.
The three mesh multicast modes are as follows:
•
•
Note
•
–
–
–
Note
Enabling Multicast on the Mesh Network Using the CLI
To enable multicast mode on the mesh network to receive multicasts from beyond the mesh networks, enter these commands:
config network multicast global enable
config mesh multicast {regular | in | in-out}
To enable multicast mode only the mesh network (multicasts do not need to extend to 802.11b clients beyond the mesh network), enter these commands:
config network multicast global disable
config mesh multicast {regular | in | in-out}
Note
IGMP Snooping
IGMP snooping delivers improved RF usage through selective multicast forwarding and optimizes packet forwarding in voice and video applications.
A mesh access point transmits multicast packets only if a client is associated with the mesh access point that is subscribed to the multicast group. So, when IGMP snooping is enabled, only that multicast traffic relevant to given hosts is forwarded.
To enable IGMP snooping on the controller, enter the following command:
configure network multicast igmp snooping enable
A client sends an IGMP join that travels through the mesh access point to the controller. The controller intercepts the join and creates a table entry for the client in the multicast group. The controller then proxies the IGMP join through the upstream switch or router.
You can query the status of the IGMP groups on a router by entering the following command:
router# show ip gmp groupsIGMP Connected Group MembershipGroup Address Interface Uptime Expires Last Reporter233.0.0.1 Vlan119 3w1d 00:01:52 10.1.1.130For Layer 3 roaming, an IGMP query is sent to the client's WLAN. The controller modifies the client's response before forwarding and changes the source IP address to the controller's dynamic interface IP address.
The network hears the controller's request for the multicast group and forwards the multicast to the new controller.
For more information about video, see the following:
•
•
Locally Significant Certificates for Mesh APs
Until the 7.0 release, mesh APs supported only the Manufactured Installed Certificate (MIC) to authenticate and get authenticated by controllers to join the controller. You might have had to have your own public key infrastructure (PKI) to control CAs, to define policies, to define validity periods, to define restrictions and usages on the certificates that are generated, and get these certificates installed on the APs and controllers. After these customer-generated or locally significant certificates (LSCs) are present on the APs and controllers, the devices start using these LSCs, to join, authenticate, and derive a session key. Cisco supported normal APs from the 5.2 release and later releases and extended the support for mesh APs as well from the 7.0 release.
With the 7.0.116.0 release, the following functionality has been added:
•
Mesh APs try to join a controller with an LSC until its lonely timer expires and the AP reboots. The lonely timer is set for 40 minutes. After the reboot, the AP tries to join a controller with an MIC. If the AP is again not able to join a controller with an MIC in 40 minutes, the AP reboots and then tries to join a controller with an LSC.
Note
•
Guidelines for Configuration
Follow these guidelines when using LSCs for mesh APs:
•
•
•
•
•
Differences Between LSCs for Mesh APs and Normal APs
CAPWAP APs use LSC for DTLS setup during a JOIN irrespective of the AP mode. Mesh APs also use the certificate for mesh security, which involves a dot1x authentication with the controller through the parent AP. After the mesh APs are provisioned with an LSC, they need to use the LSC for this purpose because MIC will not be read in.
Mesh APs use a statically configured dot1x profile to authenticate.
This profile is hardcoded to use "cisco" as the certificate issuer. This profile needs to be made configurable so that vendor certificates can be used for mesh authentication (enter the config local-auth eap-profile cert-issuer vendor "prfMaP1500LlEAuth93" command).
You must enter the config mesh lsc enable/disable command to enable or disable an LSC for mesh APs. This command will cause all the mesh APs to reboot.
Note
Certificate Verification Process in LSC AP
LSC-provisioned APs have both LSC and MIC certificates, but the LSC certificate will be the default one. The verification process consists of the following two steps:
1.
2.
Getting Certificates for LSC Feature
In order to configure LSC, you will first need to gather and install the appropriate certificates onto the controller. The following steps show how to accomplish this using Microsoft 2003 Server as CA server.
To get the certificates for LSC, follow these steps:
Step 1
Step 2
•
•
•
Step 3
# openssl x509 -in <input.cer> -inform DER -out <output.cer> -outform PEM
Step 4
•
•
•
•
Step 5
•
•
•
•
•
Note
•
•
•
Step 6
To convert the certificate, use the following command in a Linux machine:
# openssl pkcs12 -in <input.pfx> -out <output.cer>
Step 7
Step 8
Step 9
> show local-auth certificates
Configuring an LSC Using the CLI
To configure LSC, follow these steps:
Step 1
Step 2
config local-auth eap-profile cert-issuer vendor "prfMaP1500LlEAuth93"
Step 3
config mesh lsc enable/disable
Step 4
Step 5
Figure 120
Local Significant Certificate
Figure 121
AP Policy Configuration
LSC-Related Commands
The following commands are related to LSCs:
•
–
–
•
Following is the example of the url path when using Microsoft 2003 server:
http:<ip address of CA>/sertsrv/mscep/mscep.dll
This command configures the URL to the CA server for getting the certificates. The URL contains either the domain name or the IP address, port number (typically=80), and the CGI-PATH. The following format is an example:
http://ipaddr:port/cgi-path
Only one CA server is allowed to be configured. The CA server has to be configured to provision an LSC.
•
This command deletes the CA server configured on the WLC.
•
This command adds or deletes the LSC CA certificate into/from the WLC's CA certificate database as follows:
–
–
•
This command configures the parameters for the device certificate that will be created and installed on the controller and the AP.
All of these strings have 64 bytes, except for the Country that has a maximum of 3 bytes. The Common Name will be autogenerated using its Ethernet MAC address. This should be given prior to the creation of the controller device certificate request.
The above parameters are sent as an LWAPP payload to the AP, so that the AP can use these parameters to generate the certReq. The CN is autogenerated on the AP using the current MIC/SSC "Cxxxx-MacAddr" format, where xxxx is the product number.
•
The keysize and validity configurations have defaults. Therefore, it is not mandatory to configure them.
1.
2.
•
This command enables or disables the provisioning of the LSCs on the APs if the APs just joined using the SSC/MIC. If enabled, all APs that join and do not have the LSC will get provisioned.
If disabled, no more automatic provisioning will be done. This command does not affect the APs, which already have LSCs in them.
•
This command is recommended when the CA server is a Cisco IOS CA server. The WLC can use the RA to encrypt the certificate requests and make communication more secure. RA certificates are not currently supported by other external CA servers, such as MSFT.
–
–
•
After getting the LSC, an AP tries to join the WLC. Before the AP tries to join the WLC, this command must be executed on the WLC console. Execution of this command is mandatory. By default, the config auth-list ap-policy lsc command is in the disabled state, and in the disabled state, the APs are not allowed to join the WLC using the LSC.
•
After getting the MIC, an AP tries to join the WLC. Before the AP tries to join the WLC, this command must be executed on the WLC console. Execution of this command is mandatory. By default, the config auth-list ap-policy mic command is in the enabled state. If an AP cannot join because of the enabled state, this log message in the WLC side is displayed: LSC/MIC AP is not allowed to join by config.
WLC CLI show Commands
The following are the WLC show commands:
•
This command displays the LSC certificates installed on the WLC. It would be the CA certificate, device certificate, and optionally, an RA certificate if the RA certificate has also been installed. It also indicates if an LSC is enabled or not.
•
This command displays the status of the provisioning of the AP, whether it is enabled or disabled, and whether a provision list is present or not.
•
This command displays the list of MAC addresses present in the AP provisioning lists.
Controller GUI Security Settings
Although the settings are not directly related to the feature, it may help you in achieving the desired behavior with respect to APs provisioned with an LSC.
Figure 122 shows three possible cases for mesh AP MAC authorization and EAP.
Figure 122
Possible Cases for Mesh AP MAC Authorization and EAP
•
Add the MAC address of RAP/MAP to the controller MAC filter list.
Example:
(Cisco Controller) > config macfilter mac-delimiter colon(Cisco Controller) > config macfilter add 00:0b:85:60:92:30 0 management•
Enter the following command on the WLC:
(Cisco Controller) > config mesh security rad-mac-filter enableor
Check only the external MAC filter authorization on the GUI page and follow these guidelines:
–
–
–
–
User name: 11:22:33:44:55:66 Password : 11:22:33:44:55:66
Deployment Guidelines
Follow these guidelines during deployment:
•
•
•
•
The config mesh lsc enable|disable command is required to enable or disable an LSC for mesh APs. This command causes all the mesh APs to reboot.
Checking the Health of the Network
This section describes how to check the health of your network.
Show Mesh Commands
The show mesh commands are grouped under the following sections:
•
•
•
•
To view a summary of possible show mesh commands, enter this command:
(Cisco Controller) > show mesh ?env Show mesh environment.backhaul Show mesh AP backhaul info.neigh Show AP neigh list.path Show AP path.astools show mesh astools liststats Show AP stats.secbh-stats Show Mesh AP secondary backhaul stats.per-stats Show AP Neighbor Packet Error Rate stats.queue-stats Show AP local queue stats.security-stats Show AP security stats.ap Show mesh ap summaryconfig Show mesh configurations.secondary-backhaul Show mesh secondary-backhaulids-state Show mesh ids-stateclient-access Show mesh backhaul with client access.public-safety Show mesh public safety.background-scanning Show mesh background-scanning state.cac Show mesh cac.Viewing General Mesh Network Details
To view general mesh network details, enter these commands:
•
–
–
–
Note
controller > show mesh env summaryAP Name Temperature(C/F) Heater Ethernet Battery------------------ ---------------- ------ -------- -------SB_RAP1 39/102 OFF UpDnNANA N/ASB_MAP1 37/98 OFF DnDnNANA N/ASB_MAP2 42/107 OFF DnDnNANA N/ASB_MAP3 36/96 OFF DnDnNANA N/Acontroller > show mesh env SB_RAP1AP Name.......................................... SB_RAP1AP Model......................................... AIR-LAP1522AG-A-K9AP Role.......................................... RootAPTemperature...................................... 39 C, 102 FHeater........................................... OFFBackhaul......................................... GigabitEthernet0GigabitEthernet0 Status.......................... UPDuplex....................................... FULLSpeed........................................ 100Rx Unicast Packets........................... 988175Rx Non-Unicast Packets....................... 8563Tx Unicast Packets........................... 106420Tx Non-Unicast Packets....................... 17122GigabitEthernet1 Status.......................... DOWNPOE Out........................................ OFFBattery.......................................... N/A•
(Cisco Controller) > show mesh ap summaryAP Name AP Model BVI MAC CERT MAC Hop Bridge Group Name------- --------------- ----------------- ---------------- ---- -----------------R1 LAP1520 00:0b:85:63:8a:10 00:0b:85:63:8a:10 0 y1R2 LAP1520 00:0b:85:7b:c1:e0 00:0b:85:7b:c1:e0 1 y1H2 AIR-LAP1522AG-A-K9 00:1a:a2:ff:f9:00 00:1b:d4:a6:f4:60 1Number of Mesh APs............................... 3Number of RAP................................... 2Number of MAP................................... 1•
(Cisco Controller) > show mesh path mesh-45-rap1AP Name/Radio Mac Channel Snr-Up Snr-Down Link-Snr Flags State----------------- ------- ------ -------- -------- ------ -------mesh-45-rap1 165 15 18 16 0x86b UPDATED NEIGH PARENT BEACONmesh-45-rap1 is a Root AP.•
(Cisco Controller) > show mesh neighbor summary ap1500:62:39:70AP Name/Radio Mac Channel Snr-Up Snr-Down Link-Snr Flags Statemesh-45-rap1 165 15 18 16 0x86b UPDATED NEIGH PARENT BEACON00:0B:85:80:ED:D0 149 5 6 5 0x1a60 NEED UPDATE BEACON DEFAULT00:17:94:FE:C3:5F 149 7 0 0 0x860 BEACON
Note
•
(Cisco Controller) > show mesh ap treeR1(0,y1)|-R2(1,y1)|-R6(2,y1)|-H2(1,default)Number of Mesh APs............................... 4Number of RAP................................... 1Number of MAP................................... 3Viewing Mesh Access Point Details
To view a mesh access point's configuration, enter these commands:
•
(Cisco Controller) > show ap config general apsCisco AP Identifier.............................. 1Cisco AP Name.................................... AP5Country code..................................... US - United StatesRegulatory Domain allowed by Country............. 802.11bg:-AB 802.11a:-ABAP Country code.................................. US - United StatesAP Regulatory Domain............................. 802.11bg:-A 802.11a:-NSwitch Port Number .............................. 1MAC Address...................................... 00:13:80:60:48:3eIP Address Configuration......................... DHCPIP Address....................................... 1.100.163.133...Primary Cisco Switch Name........................ 1-4404Primary Cisco Switch IP Address.................. 2.2.2.2Secondary Cisco Switch Name...................... 1-4404Secondary Cisco Switch IP Address................ 2.2.2.2Tertiary Cisco Switch Name....................... 2-4404Tertiary Cisco Switch IP Address................. 1.1.1.4•
(Cisco Controller) > show mesh astools statsTotal No of Aps stranded : 0> (Cisco Controller) > show mesh astools stats sb_map1Total No of Aps stranded : 0•
(Cisco Controller) > show advanced backup-controllerAP primary Backup Controller .................... controller1 10.10.10.10AP secondary Backup Controller ............... 0.0.0.0•
(Cisco Controller) > show advanced timerAuthentication Response Timeout (seconds)........ 10Rogue Entry Timeout (seconds).................... 1300AP Heart Beat Timeout (seconds).................. 30AP Discovery Timeout (seconds)................... 10AP Primary Discovery Timeout (seconds)........... 120•
(Cisco Controller) > show ap slotsNumber of APs.................................... 3AP Name Slots AP Model Slot0 Slot1 Slot2 Slot3-------------------------------- ------ ------- ------ ------R1 2 LAP1520 802.11A 802.11BGH1 3 AIR-LAP1521AG-A-K9 802.11BG 802.11A 802.11AH2 4 AIR-LAP1521AG-A-K9 802.11BG 802.11A 802.11A 802.11BGViewing Global Mesh Parameter Settings
Use this command to obtain information on global mesh settings:
•
(Cisco Controller) > show mesh configMesh Range....................................... 12000Backhaul with client access status............... disabledBackground Scanning State........................ enabledMesh SecuritySecurity Mode................................. EAPExternal-Auth................................. disabledUse MAC Filter in External AAA server......... disabledForce External Authentication................. disabledMesh Alarm CriteriaMax Hop Count................................. 4Recommended Max Children for MAP.............. 10Recommended Max Children for RAP.............. 20Low Link SNR.................................. 12High Link SNR................................. 60Max Association Number........................ 10Association Interval.......................... 60 minutesParent Change Numbers......................... 3Parent Change Interval........................ 60 minutesMesh Multicast Mode.............................. In-OutMesh Full Sector DFS............................. enabledMesh Ethernet Bridging VLAN Transparent Mode..... enabledViewing Bridge Group Settings
Use these commands to view bridge group settings:
•
•
Viewing VLAN Tagging Settings
Use these commands to view VLAN tagging settings:
•
•
•
•
Viewing DFS Details
Use this command to view DFS details:
•
(Cisco Controller) > show mesh dfs historyap1520#show mesh dfs historyChannel 100 detects radar and is unusable (Time Elapsed: 18 day(s), 22 hour(s), 10 minute(s), 24 second(s)).Channel is set to 136 (Time Elapsed: 18 day(s), 22 hour(s), 10 minute(s), 24 second(s)).Channel 136 detects radar and is unusable (Time Elapsed: 18 day(s), 22 hour(s), 9 minute(s), 14 second(s)).Channel is set to 161 (Time Elapsed: 18 day(s), 22 hour(s), 9 minute(s), 14 second(s)).Channel 100 becomes usable (Time Elapsed: 18 day(s), 21 hour(s), 40 minute(s), 24 second(s)).Channel 136 becomes usable (Time Elapsed: 18 day(s), 21 hour(s), 39 minute(s), 14 second(s)).Channel 64 detects radar and is unusable (Time Elapsed: 0 day(s), 1 hour(s), 20 minute(s), 52 second(s)).Channel 104 detects radar and is unusable (Time Elapsed: 0 day(s), 0 hour(s), 47 minute(s), 6 second(s)).Channel is set to 120 (Time Elapsed: 0 day(s), 0 hour(s), 47 minute(s), 6 second(s)).•
(Cisco Controller) > show mesh dfs channel 104ap1520#show mesh dfs channel 104Channel 104 is availableTime elapsed since radar last detected: 0 day(s), 0 hour(s), 48 minute(s), 11 second(s).Viewing Public Safety Setting
Use this command to view public safety setting:
•
(Cisco controller) show mesh public-safetyGlobal Public Safety status: enabledViewing Security Settings and Statistics
Use this command to view security settings and statistics:
•
(Cisco controller) > show mesh security-stats ap417AP MAC : 00:0B:85:5F:FA:F0Packet/Error Statistics:-----------------------------Tx Packets 14, Rx Packets 19, Rx Error Packets 0Parent-Side Statistics:--------------------------Unknown Association Requests 0Invalid Association Requests 0Unknown Re-Authentication Requests 0Invalid Re-Authentication Requests 0Unknown Re-Association Requests 0Invalid Re-Association Requests 0Unknown Re-Association Requests 0Invalid Re-Association Requests 0Child-Side Statistics:--------------------------Association Failures 0Association Timeouts 0Association Successes 0Authentication Failures 0Authentication Timeouts 0Authentication Successes 0Re-Association Failures 0Re-Association Timeouts 0Re-Association Successes 0Re-Authentication Failures 0Re-Authentication Timeouts 0Re-Authentication Successes 0Viewing Mesh Statistics for a Mesh Access Point
This section describes how to use the controller GUI or CLI to view mesh statistics for specific mesh access points.
Note
Viewing Mesh Statistics for a Mesh Access Point Using the GUI
To view mesh statistics for a specific mesh access point using the controller GUI, follow these steps:
Step 1
Figure 123 All APs Page
Step 2
Figure 124 All APs > Access Point Name > Statistics Page
This page shows the role of the mesh access point in the mesh network, the name of the bridge group to which the mesh access point belongs, the backhaul interface on which the access point operates, and the number of the physical switch port. It also displays a variety of mesh statistics for this mesh access point. Table 41 describes each of the statistics.
Viewing Mesh Statistics for an Mesh Access Point Using the CLI
Use these commands to view mesh statistics for a specific mesh access point using the controller CLI:
•
show mesh security-stats AP_name
Information similar to the following appears:
AP MAC : 00:0B:85:5F:FA:F0Packet/Error Statistics:-----------------------------x Packets 14, Rx Packets 19, Rx Error Packets 0Parent-Side Statistics:--------------------------Unknown Association Requests 0Invalid Association Requests 0Unknown Re-Authentication Requests 0Invalid Re-Authentication Requests 0Unknown Re-Association Requests 0Invalid Re-Association Requests 0Unknown Re-Association Requests 0Invalid Re-Association Requests 0Child-Side Statistics:--------------------------Association Failures 0Association Timeouts 0Association Successes 0Authentication Failures 0Authentication Timeouts 0Authentication Successes 0Re-Association Failures 0Re-Association Timeouts 0Re-Association Successes 0Re-Authentication Failures 0Re-Authentication Timeouts 0Re-Authentication Successes 0•
show mesh queue-stats AP_name
Information similar to the following appears:
Queue Type Overflows Peak length Average length---------- --------- ----------- --------------Silver 0 1 0.000Gold 0 4 0.004Platinum 0 4 0.001Bronze 0 0 0.000Management 0 0 0.000Overflows—The total number of packets dropped due to queue overflow.
Peak Length—The peak number of packets waiting in the queue during the defined statistics time interval.
Average Length—The average number of packets waiting in the queue during the defined statistics time interval.
Viewing Neighbor Statistics for a Mesh Access Point
This section describes how to use the controller GUI or CLI to view neighbor statistics for a selected mesh access point. It also describes how to run a link test between the selected mesh access point and its parent.
Viewing Neighbor Statistics for a Mesh Access Point Using the GUI
To view neighbor statistics for a specific mesh access point using the controller GUI, follow these steps:
Step 1
Figure 125 All APs Page
Step 2
Figure 126 All APs > Access Point Name > Neighbor Info Page
This page lists the parent, children, and neighbors of the mesh access point. It provides each mesh access point's name and radio MAC address.
Step 3
a.
Figure 127 Link Test Page
b.
Figure 128 Mesh > LinkTest Results Page
c.
Step 4
a.
Figure 129 All APs > Access Point Name > Link Details > Neighbor Name page
b.
Step 5
a.
