The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
An RF group is a logical collection of Cisco WLCs that coordinate to perform RRM in a globally optimized manner to perform network calculations on a per-radio basis. An RF group exists for each 802.11 network type. Clustering Cisco WLCs into a single RF group enable the RRM algorithms to scale beyond the capabilities of a single Cisco WLC.
RF grouping runs between MCs.
Lightweight access points periodically send out neighbor messages over the air. Access points using the the same RF group name validate messages from each other.
When access points on different Cisco WLCs hear validated neighbor messages at a signal strength of –80 dBm or stronger, the Cisco WLCs dynamically form an RF neighborhood in auto mode. In static mode, the leader is manually selected and the members are added to the RF Group. To know more about RF Group modes, “RF Group Leader” section.
Starting in the 7.0.116.0 release, the RF Group Leader can be configured in two ways as follows:
Auto Mode—In this mode, the members of an RF group elect an RF group leader to maintain a “master” power and channel scheme for the group. The RF grouping algorithm dynamically chooses the RF group leader and ensures that an RF group leader is always present. Group leader assignments can and do change (for instance, if the current RF group leader becomes inoperable or if RF group members experience major changes).
Static Mode—In this mode, the user selects a Cisco WLC as an RF group leader manually. In this mode, the leader and the members are manually configured and are therefore fixed. If the members are unable to join the RF group, the reason is indicated. The leader tries to establish a connection with a member every 1 minute if the member has not joined in the previous attempt.
The RF group leader analyzes real-time radio data collected by the system, calculates the power and channel assignments, and sends them to each of the Cisco WLCs in the RF group. The RRM algorithms ensure system-wide stability and restrain channel and power scheme changes to the appropriate local RF neighborhoods.
In Cisco WLC software releases prior to 6.0, the dynamic channel assignment (DCA) search algorithm attempts to find a good channel plan for the radios associated to Cisco WLCs in the RF group, but it does not adopt a new channel plan unless it is considerably better than the current plan. The channel metric of the worst radio in both plans determines which plan is adopted. Using the worst-performing radio as the single criterion for adopting a new channel plan can result in pinning or cascading problems.
Pinning occurs when the algorithm could find a better channel plan for some of the radios in an RF group but is prevented from pursuing such a channel plan change because the worst radio in the network does not have any better channel options. The worst radio in the RF group could potentially prevent other radios in the group from seeking better channel plans. The larger the network, the more likely pinning becomes.
Cascading occurs when one radio’s channel change results in successive channel changes to optimize the remaining radios in the RF neighborhood. Optimizing these radios could lead to their neighbors and their neighbors’ neighbors having a suboptimal channel plan and triggering their channel optimization. This effect could propagate across multiple floors or even multiple buildings, if all the access point radios belong to the same RF group. This change results in considerable client confusion and network instability.
The main cause of both pinning and cascading is the way in which the search for a new channel plan is performed and that any potential channel plan changes are controlled by the RF circumstances of a single radio. In Cisco WLC software release 6.0, the DCA algorithm has been redesigned to prevent both pinning and cascading. The following changes have been implemented:
Multiple local searches—The DCA search algorithm performs multiple local searches initiated by different radios within the same DCA run rather than performing a single global search driven by a single radio. This change addresses both pinning and cascading while maintaining the desired flexibility and adaptability of DCA and without jeopardizing stability.
Multiple channel plan change initiators (CPCIs)—Previously, the single worst radio was the sole initiator of a channel plan change. Now each radio within the RF group is evaluated and prioritized as a potential initiator. Intelligent randomization of the resulting list ensures that every radio is eventually evaluated, which eliminates the potential for pinning.
Limiting the propagation of channel plan changes (Localization)—For each CPCI radio, the DCA algorithm performs a local search for a better channel plan, but only the CPCI radio itself and its one-hop neighboring access points are actually allowed to change their current transmit channels. The impact of an access point triggering a channel plan change is felt only to within two RF hops from that access point, and the actual channel plan changes are confined to within a one-hop RF neighborhood. Because this limitation applies across all CPCI radios, cascading cannot occur.
Non-RSSI-based cumulative cost metric—A cumulative cost metric measures how well an entire region, neighborhood, or network performs with respect to a given channel plan. The individual cost metrics of all access points in that area are considered in order to provide an overall understanding of the channel plan’s quality. These metrics ensure that the improvement or deterioration of each single radio is factored into any channel plan change. The objective is to prevent channel plan changes in which a single radio improves but at the expense of multiple other radios experiencing a considerable performance decline.
The RRM algorithms run at a specified updated interval, which is 600 seconds by default. Between update intervals, the RF group leader sends keepalive messages to each of the RF group members and collects real-time RF data.
Note | Several monitoring intervals are also available. See the Configuring RRM section for details. |
A Cisco WLC is configured with an RF group name, which is sent to all access points joined to the Cisco WLC and used by the access points as the shared secret for generating the hashed MIC in the neighbor messages. To create an RF group, you configure all of the Cisco WLCs to be included in the group with the same RF group name.
If there is any possibility that an access point joined to a Cisco WLC may hear RF transmissions from an access point on a different Cisco WLC, you should configure the Cisco WLCs with the same RF group name. If RF transmissions between access points can be heard, then system-wide RRM is recommended to avoid 802.11 interference and contention as much as possible.
Controller software supports up to 20 controllers and 6000 access points in an RF group.
The RF group members are added based on the following criteria:
Maximum number of APs Supported: The maximum limit for the number of access points in an RF group is 6000. The number of access points supported is determined by the number of APs licensed to operate on the controller.
Twenty controllers: Only 20 controllers (including the leader) can be part of an RF group if the sum of the access points of all controllers combined is less than or equal to the upper access point limit.
8500 | 7500 | 5500 | WiSM2 | |
---|---|---|---|---|
Maximum APs per RRM Group | 6000 | 6000 | 1000 | 2000 |
Maximum AP Groups | 6000 | 6000 | 500 | 500 |
This section describes how to configure RF groups through either the GUI or the CLI.
Note | The RF group name is generally set at deployment time through the Startup Wizard. However, you can change it as necessary. |
Note | When the multiple-country feature is being used, all Cisco WLCs intended to join the same RF group must be configured with the same set of countries, configured in the same order. |
Note | You can also configure RF groups using the Cisco Prime Infrastructure. |
This section describes how to view the status of the RF group through either the GUI or the CLI.
Note | You can also view the status of RF groups using the Cisco Prime Infrastructure. |
Step 1 | Choose to open the 802.11a/n/ac (or 802.11b/g/n) RRM > RF Grouping page. This page shows the details of the RF group, displaying the configurable parameter RF Group mode, the RF Group role of this Cisco WLC, the Update Interval and the Cisco WLC name and IP address of the Group Leader to this Cisco WLC.
| ||
Step 2 | (Optional) Repeat this procedure for the network type that you did not select (802.11a/n/ac or 802.11b/g/n). |
Step 1 | See which Cisco WLC is the RF group leader for the 802.11a RF network by entering this command: show advanced 802.11a group Information similar to the following appears: Radio RF Grouping 802.11a Group Mode............................. STATIC 802.11a Group Update Interval.................. 600 seconds 802.11a Group Leader........................... test (209.165.200.225) 802.11a Group Member......................... test (209.165.200.225) 802.11a Last Run............................... 397 seconds ago This output shows the details of the RF group, specifically the grouping mode for the Cisco WLC, how often the group information is updated (600 seconds by default), the IP address of the RF group leader, the IP address of this Cisco WLC, and the last time the group information was updated.
| ||||
Step 2 | See which Cisco WLC is the RF group leader for the 802.11b/g RF network by entering this command: show advanced 802.11b group |
Configuring Rogue Access Point Detection in RF Groups
After you have created an RF group of Cisco WLCs, you need to configure the access points connected to the Cisco WLCs to detect rogue access points. The access points will then select the beacon/probe-response frames in neighboring access point messages to see if they contain an authentication information element (IE) that matches that of the RF group. If the select is successful, the frames are authenticated. Otherwise, the authorized access point reports the neighboring access point as a rogue, records its BSSID in a rogue table, and sends the table to the Cisco WLC.
Configuring Rogue Access Point Detection in RF Groups
Step 1 | Make sure that each Cisco WLC in the RF group has been configured with the same RF group name.
| ||
Step 2 | Choose Wireless to open the All APs page. | ||
Step 3 | Click the name of an access point to open the All APs > Details page. | ||
Step 4 | Choose either local or monitor from the AP Mode drop-down list and click Apply to commit your changes. | ||
Step 5 | Click Save Configuration to save your changes. | ||
Step 6 | Repeat Step 2 through Step 5 for every access point connected to the Cisco WLC. | ||
Step 7 | Choose Security > Wireless Protection Policies > AP Authentication/MFP to open the AP Authentication Policy page. The name of the RF group to which this Cisco WLC belongs appears at the top of the page. | ||
Step 8 | Choose AP Authentication from the Protection Type drop-down list to enable rogue access point detection. | ||
Step 9 | Enter a number in the Alarm Trigger Threshold edit box to specify when a rogue access point alarm is generated. An alarm occurs when the threshold value (which specifies the number of access point frames with an invalid authentication IE) is met or exceeded within the detection period.
| ||
Step 10 | Click Apply to commit your changes. | ||
Step 11 | Click Save Configuration to save your changes. | ||
Step 12 | Repeat this procedure on every Cisco WLC in the RF group.
|
Step 1 | Make sure that each Cisco WLC in the RF group has been configured with the same RF group name.
| ||
Step 2 | Configure a particular access point for local (normal) mode or monitor (listen-only) mode by entering this command: config ap mode local Cisco_AP or config ap mode monitor Cisco_AP | ||
Step 3 | Save your changes by entering this command: save config | ||
Step 4 | Repeat Step 2 and Step 3 for every access point connected to the Cisco WLC. | ||
Step 5 | Enable rogue access point detection by entering this command: config wps ap-authentication | ||
Step 6 | Specify when a rogue access point alarm is generated by entering this command. An alarm occurs when the threshold value (which specifies the number of access point frames with an invalid authentication IE) is met or exceeded within the detection period. config wps ap-authentication threshold
| ||
Step 7 | Save your changes by entering this command: save config | ||
Step 8 | Repeat Step 5 through Step 7 on every Cisco WLC in the RF group.
|