Cisco Mobility Express Deployment Guide–Release 8.3.102.0

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Book Contents
Find Matches in This Book
Available Languages
Download Options

Book Title

Cisco Mobility Express Deployment Guide–Release 8.3.102.0

Chapter Title

Deploying Cisco Mobility Express Solution

Results

Updated:
August 8, 2016

Chapter: Deploying Cisco Mobility Express Solution

Deploying Cisco Mobility Express Solution

Pre-requisites for Deploying Mobility Express Solution

  1. You must not have other Cisco Wireless LAN Controllers; neither appliance nor virtual in the same network during set up or during daily operation of a Cisco Mobility Express network. The Mobility Express controller cannot interoperate or co-exist with other Wireless LAN Controllers in the same network.

  2. Decide on the first Access Point to be configured as a Master Access Point. This Access Point should be capable of supporting the Wireless LAN Controller function.

  3. DHCP Server: A DHCP server must be configured so that Access Points and clients can obtain an IP Address and gateway assigned is reachable at all times.

Connecting Cisco Mobility Express Capable Access Point

To connect Cisco Mobility Express capable access point, perform the following steps:

Procedure
    Step 1   Connect Cisco Mobility Express capable access point to a switch port and power it up.
    Note   

    All Access Points in a Mobility Express deployment should be in the same Layer 2 domain

    Step 2   The switch port to which Access Point is connected can be a trunk port or an access port. If multiple VLANs are being utilized for client traffic, the switch port should be configured as a trunk interface. Also, note that management traffic is untagged and if a VLAN is being used for management, it should be configured as a native VLAN on the switch port.

    Example of the switch port configuration. In this example, vlan 40 is being used for Management. 

    interface GigabitEthernet1/0/37  
	description » Connected to Master AP «   
	switchport trunk native vlan 40   
	switchport trunk allowed vlan 10,20,30,40  
	switchport mode trunk
    Step 3   Observe the access point LED.
    1. When you power up the access point—The access point starts a power-up sequence that you can verify by observing the access point LED. If the power-up sequence is successful, the discovery and join process starts. During this process, the LED blinks sequentially green, red, and OFF.
    2. When the access point joins the Mobility Express controller—The LED chirps green if no clients are associated or turn green if one or more clients are associated.
    3. If the LED is not ON—The access point does not receive power.
    4. If the LED blinks sequentially for more than 10 minutes—This could be because the access point does not have the Mobility Express capable image.

    Determining the image on the Access Point

    The Cisco 1830, 1850, 2800 and 3800 series access points can either have CAPWAP image or the Cisco Mobility Express image which is capable of running the virtual Wireless LAN controller function on the Access Point.

    To determine the image and capability of an Access Point, follow the steps below:

    Procedure
      Step 1   Login to the Access Point CLI using a console and type AP#show version and check the full output of show version. The default login credentials are Username:cisco and Password:cisco.
      Step 2   If show version output does not display AP Image Type and AP Configuration parameters as highlighted below, it means that AP is running the CAPWAP image and a conversion to Cisco Mobility Express is required if you want to run the controller function on the Access Point. To convert from a CAPWAP Access Point to Mobility Express, go to Conversion section.
      Note   

      Access Point with CAPWAP image will not show the AP Image Type and AP Configuration parameters in the AP#show version output. 

      cisco AIR-AP1852E-UXK9 ARMv7 Processor rev 0 (v71) with 997184/525160K bytes of memory.
Processor board ID RFDP2BCR021
AP Running Image : 8.2.100.0
Primary Boot Image : 8.2.100.0
Backup Boot Image : 8.1.106.33
AP Image type : MOBILITY EXPRESS IMAGE
AP Configuration : MOBILITY EXPRESS CAPABLE
0 Gigabit Ethernet interfaces
0 802.11 Radios
Radio FW version . 1401b63d12113073a3C08aa67f0c039c0
NSS FW version : NSS.AK.1.0.c4-0Z026-E_cust C-1.24160
      Step 3   If the show version displays AP Image Type: MOBILITY EXPRESS IMAGE and AP Configuration: NOT MOBILITY EXPRESS CAPABLE, it means that even though the Access Point has the Cisco Mobility Express image, it is configured to run only as a CAPWAP Access Point. Such an Access Point will not run the controller function and will not participate in the Master Election process upon failure of the active Master AP. 
      cisco AI R-AP1852E-UXK9 ARMv7 Processor rev 0 (v7I) with 997184/726252K bytes of memory.
Processor board ID RFDP2BCR021
AP Running Image : 8.2.101.0
Primary Boot Image : 8.2.100.0
Backup Boot Image : 8.1.106.33
AP Image type : MOBILITY EXPRESS IMAGE
AP Configuration : NOT MOBILITY EXPRESS CAPABLE

      For this AP to run the controller function, execute the following command from the AP CLI. 

      AP#ap-type mobility-express tftp://

      Conversion


      Note

      On 1830 and 1850 Series Access points, conversion from CAPWAP to Mobility Express is supported from Release 8.1.122.0 and later but it is recommended to have CAPWAP version 8.2.100.0 on the Access Point prior to converting from CAPWAP to Mobility Express. If the CAPWAP image on the Access Point is prior to 8.2.121.0, Access Point MUST first join a WLC running 8.2.100.0 or higher to upgrade its CAPWAP image. After the CAPWAP image of the AP has been upgraded, conversion of AP from CAPWAP to Mobility Express can be performed.


      Note

      On 2800 and 3800 series Access Points, Mobility Express is supported starting Release 8.3.102.0 so they must have 8.3.102.0 CAPWAP image before they can be converted to Mobility Express. If the CAPWAP image on the Access Point is prior to 8.3.102.0, Access Point MUST first join a WLC running 8.3.102.0 or higher to upgrade its CAPWAP image. After the CAPWAP image of the AP has been upgraded, conversion of AP from CAPWAP to Mobility Express can be performed.

      The following conversions are supported:

      1. Converting a CAWAP AP to Mobility Express–This conversion is required when you have an access point running CAPWAP image, and you want to use them to deploy a Mobility Express network. For this, you would convert the CAPWAP AP to a Master AP (runs controller function in a Mobility Express network).

      2. Converting a Mobility Express capable AP to CAPWAP AP - There are two reasons for this conversion:

        1. If you want to migrate the access points from a Mobility Express network to another controller (not Mobility Express) network.

        2. If you do not want access points to participate in the Master AP election process in a Mobility Express network.

      Procedure
        Step 1   Download the conversion image for the Access Point from cisco.com to the TFTP server. It is a tar file. Do not untar the file

        The following table lists the Cisco Mobility Express software for Cisco Wireless Release 8.3.102.0.

        Access Points Supported As Master Software to be Used only for Conversion from Unified Wireless Network Lightweight AP Software To Cisco Mobility Express Software AP Software Image Bundle, to be Used for Software Update, or Supported Access Point Images, or Both
        1830 AIR-AP1830-K9-8-3-102-0.tar AIR-AP1830-K9-ME-8-3-102-0.zip
        1850 AIR-AP1850-K9-8-3-102-0.tar AIR-AP1850-K9-ME-8-3-102-0.zip
        2800 AIR-AP2800-K9-8-3-102-0.tar AIR-AP2800-K9-ME-8-3-102-0.zip
        3800 AIR-AP3800-K9-8-3-102-0.tar AIR-AP3800-K9-ME-8-3-102-0.zip
        Step 2   Login to the Access Point CLI using a console and type AP#show version and check the full output of showversion. The default login credentials are Username:cisco and Password:cisco

        Converting a CAWAP AP into a Mobility Express AP

        To convert an access point running CAPWAP image into a Mobility Express capable image, you have to download and install the Mobility Express image from a TFTP server. A single CLI command has been provided to download the Mobility Express image from a TFTP server and convert the AP Configuration to MOBILITY EXPRESS CAPABLE.

        Pre-requisites for converting CAPWAP AP to Mobility Express:

        1. A TFTP server with Mobility Express image. See Procedure below.

        2. A DHCP server to assign an IP address to the Cisco access point.

        3. The Cisco 1800 series access point must not join any existing controller in the network when you are trying to load Mobility Express image. If you have an existing controller on your network to which the AP can join, conversion is not successful.

        To convert an AP running CAPWAP image to Mobility Express, perform the following steps:

        Procedure
          Step 1   Enter enable to go to privileged execution mode.
          Step 2   Enter show version on the Access Point CLI. From the show version output, you can determine the AP Image type and AP Configuration and can then proceed with the conversion process.

          • Case 1: If the AP Image type is MOBILITY EXPRESS IMAGE and AP configuration is NOT MOBILITY EXPRESS CAPABLE, only conversion of AP Configuration is required. Go to Step 5.

          • Case 2: In the show version output, if the AP Image type and AP Configuration are not available, download of the Mobility Express image and conversion of AP Configuration is required. Go to Step 6.

          Step 3   Enter the command below to change the AP Configuration to MOBILITY EXPRESS CAPABLE. 
          AP#ap-type mobility-express tftp://<TFTP Server IP>/<path to tar file>

          Since the Access Point has an AP Image type: MOBILITY EXPRESS IMAGE; a new image does not be downloaded. After the command is issued, the Access Point reboots and comes up as AP Configuration MOBILITY EXPRESS CAPABLE .

          Step 4   If AP Image Type and AP Configuration is not available in show version, it means that the AP is running CAPWAP image. To do the conversion, execute the command below: 
          AP#ap-type mobility-express tftp://<TFTP Server IP>/<path to tar file>
          Example: 
          AP#ap-type mobility-express tftp://10.18.22.34/AIR-AP1850-K9-8.1.120.0.tar
          Starting the ME image download...
It may take few minutes to finish the download.
          Note   

          After the image download is complete, it writes to flash followed by a reboot. 

          Image downloaded, writing to flash...
do PREDOWNLOAD, part1 is active part
sh: CHECK_ME: unknown operand
Image start    0x40355008 size 0x01dae41a file size 0x01dae7ca
Key start      0x42103422 size 0x00000230
Sinature start 0x42103652 size 0x00000180
Verify returns 0
btldr rel is 16 vs 16, does not need update
part to upgrade is part2


activate part2, set BOOT to part2
AP primary version: 8.1.105.37
Archive done.
Oe as AP needs to boot up with ME image

The system is going down Now! 
sent SIGTERM to all processes 
sent SIGKILL to all processes 
Requesting system reboot79]
[07/24/2015 18:19:43.0887] Restarting system. 
[07/24/2015 18:19:43.1257] Going down for restart now
          Step 5   After AP reboots, Mobility Express starts in Day 0 and CiscoAirProvison SSID is broadcast.

          Converting a Mobility Express AP into a CAPWAP AP

          When the AP type is CAPWAP, AP cannot run the controller function and cannot participate in the Master AP election process.

          After changing the AP Type, if this AP is migrated to another WLC network (non-Mobility Express network), it joins the controller in that network. If the image on the WLC is different than the one on the AP, a new CAPWAP image is requested from the WLC.

          When the AP type is CAPWAP (as required for this conversion), the AP doesn’t start its own controller function and when the AP joins the external controller, a new image is requested from the controller and the AP gets the CAPWAP image.

          To convert the Mobility Express AP into the CAPWAP AP, perform the following steps:

          Procedure
            Step 1   Login to the Access Point CLI .
            Step 2   Type Enable to go to privileged execution mode.
            Step 3   Enter ap#ap-type capwap and confirm to switch to the CAPWAP type.

            To convert multiple 1800 series access points running Mobility Express image to CAPWAP simultaneously from the Mobility Express controller CLI, execute the following command: 

            (Cisco Controller) >config ap unifiedmode <switch_name> <switch_ip_address>
<switch_name> and <switch_ip_address> is the name and IP address respectively of the WLC to which the APs need to be migrate.

            The above command converts all Cisco 1800 APs connected to the Mobility Express with AP Configuration: MOBILITY EXPRESS CAPABLE to AP Configuration: NOT MOBILITY EXPRESS CAPABLE. When this command is issued the APs are reloaded, and they come back up in local mode.

            Configuring Mobility Express Controller using Over-the-Air Setup Wizard

            To configure the Mobility Express using Over-the-Air Setup wizard, perform the following steps:

            Procedure
              Step 1   When a LED chirps green, connect a WiFi enabled laptop, through Wi-Fi, to the CiscoAirProvision SSID. The default password is password.

              The laptop gets an IP address from subnet 192.168.1.0/24.

              Note   

              CiscoAirProvision SSID is broadcast at 2.4GHz.

              Step 2   Open a browser and go to http://192.168.1.1 which redirects to the initial configuration wizard.

              The initial configuration wizard's admin account page appears.

              Figure 1. Initial Configuration Wizard's Admin Account Page

              The banner on the opening page shows the name of the AP model on which the Mobility Express wireless LAN controller is being configured. For example, 'Cisco Aironet 1850 Series Mobility Express'.

              Note   

              Take the checklist that you have filled before and proceed with the following steps.

              Step 3   Create an admin account on the controller by specifying the following parameters and then click Start.

              • Enter the admin username. Maximum up to 24 ASCII characters.

              • Enter the password. Maximum up to 24 ASCII characters.

              When specifying a password, ensure that:

              • The password must contain characters from at least three of the following classes – lowercase letters, uppercase letters, digits, special characters.

              • No character in the password can be repeated more than three times consecutively.

              • The new password must not be the same as the associated username and the username reversed.

              • The password must not be cisco, ocsic, or any variants obtained by changing the capitalization of letters of the word Cisco. In addition, you cannot substitute 1, I, or ! for i, 0 for o, or $ for s.

              Step 4   Set up your controller by specifying the values.

              On the Set Up Your Controller screen, using the checklist, specify the following:

              Field Name

              Description

              System Name

              Enter the system name for Mobility Express. Example: me-wlc

              Country

              Choose the country from the drop down list.

              Date & Time

              Choose the current date and time.
              Note   

              The wizard attempts to import the clock information (date and time) from the computer using JavaScript. It is highly recommended that you confirm the clock settings before continuing. The access points depend on clock settings to join the WLC.

              Time Zone

              Choose the current time zone.

              NTP Server

              Enter the NTP server details (Optional). If left blank, the following three NTP pools will be automatically configured:

              Management IP Address

              Enter the Management IP address.

              Subnet Mask

              Enter the subnet mask address.

              Default Gateway

              Enter the default gateway.

              Enable DHCP Server (Management Network) Internal DHCP server can be used to create scopes for Management & Access Points, Employee, and Guest Networks. Enabling of internal DHCP is optional but if you plan to use the internal DHCP server in your Mobility Express deployment, it is recommended to enable it and create a scope for Management in Day 0. In this configuration, we will enable internal DHCP server and create a scope for Management Network in Day 0. A DHCP scope for Employee and Guest Network will be configured in Day 1.
              Network/Mask Enter the Network and Mask for the Management Scope
              First IP Enter the first IP address of the Management Scope
              First IP Enter the last IP address of the Management Scope
              Domain Name Enter the Domain Name for the scope (Optional)
              Name Servers Enter the Name Server IP addresses or select Use Open DNS to configured Open DNS Name Server IP addresses
              Figure 2. Set Up Your Controller Tab

              Step 5   Click Next.
              Step 6   Create the Employee wireless network by specifying the following fields:

              Field Name

              Description

              Network Name

              Enter the network name.

              Security

              Choose the security type from the drop-down list. (Choose either WPA2 Personal which uses Pre-Shared Key (PSK) authentication or select WPA2 Enterprise (also called 802.1x) which requires a RADIUS server for authentication).

              Pass Phrase

              If you have chosen WPA2 Personal security, specify the Pre-Shared Key (PSK).

              Confirm Pass Phrase

              Re-enter and confirm the pass phrase.

              Authentication Server IP Address

              Enter the IP address of the Authentication Server

              Shared Secret

              If you have chosen WPA2 Enterprise, specify the shared secret for the RADIUS server.

              VLAN

              Choose Management VLAN or create a new VLAN.

              VLAN ID

              If you have created a new VLAN specify the VLAN ID. (VLAN ID from 1 to 4096).

              Enable DHCP Server (Employee Network) If internal DHCP server has to be used for Employee Network, Enable DHCP Server for Employee Network and specify the scope parameters.
              Step 7   Enable the Guest Network slider and specify the following parameters:

              Field Name

              Description

              Network Name

              Specify the SSID for your Guest network.

              Security

              Choose Web Consent or WPA2 Personal from the drop-down list.

              Pass Phrase

              If WPA2 Personal security is chosen, specify the Pre-Shared Key (PSK).

              VLAN

              Choose Employee VLAN or create a New VLAN (with VLAN ID 1 to 4096).

              VLAN ID

              Specify the VLAN ID of the new VLAN (with VLAN ID 1 to 4096).

              Enable DHCP Server (Guest Network) If internal DHCP server has to be used for Guest Network, Enable DHCP Server for Guest Network and specify the scope parameters.
              Figure 3. Create Your Wireless Networks - Guest

              Step 8   Click Next.
              Step 9   In the Advanced Settings tab, enable RF Parameter Optimization slider and optimize by indicating the expected client density and traffic type in your network.
              Figure 4. Advanced Settings Tab

              The following table depicts the default values when low, typical, or high deployment type is selected from RF parameters


              Step 10   Select Traffic Type and click Next to continue.

              A confirmation screen displays the summary of the configuration.

              Step 11   Click Apply, if all the settings are correct
              Note   

              A message appears indicating that the System will reboot. Click OK on this window.

              Step 12   Click OK to reboot.
              Note   

              After the Access Point reboots, it will start the Mobility Express controller function.

              Configuring Mobility Express Controller using Startup Wizard from CLI

              • Console Connection

              • Startup Wizard from CLI

              Console Connection

              Before you can configure the AP to Mobility Express Controller, connect to the port marked ‘CONSOLE’ using SecureCRT, Putty or similar applications. The default parameters for the console ports are 9600 baud, eight data bits, one stop bit, and no parity. The console ports do not support hardware flow control. Choose the serial baud rate of 9600.

              Startup Wizard from CLI

              After connecting to the 'CONSOLE' port on the AP, power up the AP. After a few minutes, the following Welcome message will be shown. To configure the Mobility Express controller, follow the steps as shown in the example below. 
              System Name [Cisco_2c:3a:40] (31 characters max): me-wlc
Enter Country Code list (enter 'help' for a list of countries) [US]:

Configure a NTP server now? [YES][no]: no
Configure the system time now? [YES][no]: no

Note! Default NTP servers will be used

Management Interface IP Address: 40.40.40.10
Management Interface Netmask: 255.255.255.0
Management Interface Default Router: 40.40.40.1
Cleaning up Provisioning SSID
Create Management DHCP Scope? [yes][NO]: yes
DHCP Network : 40.40.40.0
DHCP Netmask : 255.255.255.0
Router IP: 40.40.40.1
Start DHCP IP address: 40.40.40.11
Stop DHCP IP address: 40.40.40.254
DomainName :
DNS Server : [OPENDNS][user DNS]
Create Employee Network? [YES][no]: YES
Employee Network Name (SSID)?: WestAutoBody-Employee
Employee VLAN Identifier? [MGMT][1-4095]: MGMT
Employee Network Security? [PSK][enterprise]: PSK
Employee PSK Passphrase (8-38 characters)?: Cisco123
Re-enter Employee PSK Passphrase: Cisco123
Create Guest Network? [yes][NO]: YES
Guest Network Name (SSID)?: WestAutoBody-Guest
Guest VLAN Identifier? [EMPLOYEE][1-4095]: EMPLOYEE
Guest Network Security? [WEB-CONSENT][psk]: WEB-CONSENT
Create Guest DHCP Scope? [yes][NO]: NO
Enable RF Parameter Optimization? [YES][no]: YES
Client Density [TYPICAL][Low][High]: TYPICAL
Traffic with Voice [NO][Yes]: Yes

Configuration correct? If yes, system will save it and reset. [yes][NO]: yes
Cleaning up Provisioning SSID

              Note

              After the AP has finished rebooting, login to the Mobility Express controller WebUI using the Management IP address.

              Logging into Mobility Express Controller

              To log in to the Mobility Express, perform the following steps:

              Procedure
                Step 1   Enter the IP address of the Mobility Express management interface in the web browser. The Cisco Wireless LAN Controller window appears.


                Step 2   Click Login.


                Step 3   Enter the administrator user name and password.
                Note   

                The Mobility Express controller uses a self-signed certificate for HTTPs. Therefore, all browsers display a warning message and asks whether you wish to proceed with an exception or not when the certificate is presented to the browser. Accept the risk and proceed to access the Mobility Express Wireless LAN Controller login page.

                The Network Summary page appears.

                Was this Document Helpful?

                FeedbackFeedback

                Contact Cisco