Overview of Cisco Aironet Sensor Deployment Guide

Years ago, wireless networks were limited to conference rooms and public areas for convenience, today wireless LANs are not only the standard part of enterprise networks for the entire facility, they are even more critical as many companies are also migrating from Ethernet to a complete wireless only infrastructure.

As these wireless networks grow especially in remote facilities where IT professionals may not always be on site, it becomes even more important to be able to quickly identify and resolve potential connectivity issues ideally before the users complain or notice connectivity degradation.

To address these issues we have created Cisco's Wireless Service Assurance and a new AP mode called "sensor" mode. Cisco's Wireless Service Assurance platform has three components, namely, Wireless Performance Analytics, Real-time Client Troubleshooting, and Proactive Health Assessment. Using a supported AP or dedicated sensor the device can actually function much like a WLAN client would associating and identifying client connectivity issues within the network in real time without requiring an IT or technician to be on site.

This document covers the Cisco 1815i, 1830, 1850, 2800 & 3800 Series Access Points as a sensor as well as the standalone Cisco Aironet 1800s Wireless Network Sensor.

The Cisco Aironet 1800s wireless network sensor is a part of Cisco's Wireless Service Assurance solution.

Access Points as Sensors

Cisco Access Point Models AP-1815, 1830, 1850, 2800 and 3800 Series can function as a dedicated sensor.

This is a new AP mode type on the controller listed as AP Mode Sensor.

When in sensor mode, the radio inside the Access Point functions much like a client would establishing a connection to the network (as a WLAN client) to allow the following tests/functions to be performed.

  • Network Client Connection On-Boarding Tests
    • 802.11 Association

    • 802.11 Authentication and Key Exchange

    • IP Addressing DHCP (IPv4)

  • General Network tests

    • DNS (IPv4)

    • RADIUS (IPv4)

    • First Hop Router/Default gateway (IPv4)

    • Intranet Host

    • External Host (IPv4)

  • Client Application tests

    • Email: POP3, IMAP, Outlook Web Access (IPv4)

    • File Transfer: FTP (IPv4) upload and download

    • Web: HTTP and HTTPS (IPv4)


When the AP-1815i, 1830 and AP-1850 models are in sensor mode, the ability for the APs to serve the clients is disabled. These models only permit operation in one mode at a time (be it sensor or AP).

AP-2800 and 3800 Series APs contains a special radio known as an XOR radio that can allow the APs to function in a hybrid mode as a sensor. This allows the other radio within the AP to service clients, when in this mode one radio is configured in local mode while the other is configured in sensor mode.

The advantage of sensor mode is to allow the AP to use its own radio (as a client) to test the quality and performance of the network at any time. When the AP is in sensor mode, some functionality on the AP to service clients is limited. This is because one or more of the AP radios are working as a client type device rather than servicing clients.

Sensor mode in the AP is a great solution when you have plenty of APs coverage and can use the AP in that mode. In areas where you need the AP to service clients primarily for performance and/or you have areas where do not wish the AP to act as a sensor, then a dedicated sensor would be recommended.


When the AP is connected as a sensor it connects like a client. If there are any RF issues, then the AP allows the client to access it to pass this traffic up to the DNC.

The Cisco-Aironet AP-1800s is a very small form factor dedicated sensor that can be powered in many different ways through a small sliding module that inserts into the sensor.

Without a PoE module, power can be a local 5 Volt USB supply. Additionally there are modules that allow for a direct AC power supply, as well as PoE operation.

Due to the small size of the sensor, (much smaller than an Access Point) if wall mounting is desired, this sensor uses a small bracket Cisco Part Number AIR-AP-BRACKET-NS

In addition to the 2.4 and 5 GHz radios built into the sensor, there is also a dedicated Bluetooth Low Energy radio as well to future proof the device for possible BLE applications.

Examining the antenna system on the AP-1800s sensor.

The dual band antennas (vertical polarity) are on the side of the sensor while the BLE antenna is mounted on the printed circuit board of the sensor.

Minimum Software requirements

  • WLC software version 8.5MR2

  • DNA Center Appliance 1.1.1

  • DNAC "Assurance–Sensor" Package version

DNAC Configuration Prerequisites

Before setting up the sensor in DNAC, the WLC should already be added for brownfield Assurance. This can be confirmed by running "show network assurance summary" on the WLC and checking that no errors are reported and that the "Last Success" time is recent.

To add the WLC for assurance follow these 4 steps:

  1. Create Site, Building, and Floor hierarchy
  2. Create a sensor profile and claim sensor
  3. Add device credentials and run a discovery for the WLC
  4. Provision the WLC to a site
  5. Assign discovered AP’s to a floor
  1. Create Site, Building, and Floor hierarchy.

    From the main DNA Center screen, select the link under the Design icon to “Add site locations on the network” .

    Then select "Add Site" and create a site, building, and floor as necessary for your environment.

  2. Add device Credentials and run discovery.

    Device Credentials for the WLC need to be added so that DNAC can configure and enable the Network Assurance Service and learn about devices and clients connected to the WLC. SNMP RW and CLI credentials need to be entered into the Design > Network Settings > Device Credentials tab as seen below.

    Once the device credentials are added, a discovery is ran to discover the WLC. From the main DNAC page, select the "Discovery" icon and then enter the necessary IP details for the WLC and select the credentials that were added earlier.

  3. Provision WLC to site.

    Next assign the WLC and AP to a site and floor. Select the "Provision WLCs and APs to defined sites" link under the "Provision" icon from the main DNAC page.

    From this page, select the tickbox next to the WLC and AP(s) and select “Assign Device to Site” to assign the devices to a building and floor. Ensure that the WLC is assigned to a building and all AP’s are assigned to a floor.

    Optinally position the AP on the floor by following the 4 steps below.

The DNAC is now setup for Assurance and AP's are placed on the floor plan.

Sensor Data Flow

When functioning as a sensor, the Sensor AP receives the test suite configuration from the WLC, after it's been created within the DNAC. The actual test results however, do not transverse the WLC as they go directly from the sensor to the DNAC.

DNA Center requires the Sensor package to be installed once the system is online and initial configuration is completed. The "Assurance-Sensor" package needs to be installed from the Application Management catalog. To do this, login to DNAC and select the 'cog' from the top right, select "System Status" and then select the "App Management" tab.

The "Application Management - Packages & Updates" page is displayed, this is where the "Assurance - Sensor" package is listed. Click the "Install" link to start the sensor package installation. This can take up to 40 minutes to complete.

Adding a sensor to DNAC

Ensure that your sensor has network reachability to DNAC. Sensor can be wired or wireless. If sensor is wireless then make sure to prep the network by following the steps in section, "Provisioning an 1800s sensor without Ethernet" below. If sensor is wired ensure it can reach DNAC via wired network.

Next on DNAC we must create a sensor profile. Go to Design -> Network Settings -> Wireless à scroll down to "Sensor Settings" in the window.

Next click the Add button and Provide the "Settings Name", and "Wireless network SSID", and configure it with the appropriate security settings. Save the profile. NOTE: The "Wirless network SSID" is the backhaul SSID which should match the backhaul setup configured on the WLC. See section, " Backhaul Configuration" for steps to setup backhaul on WLC.

Now you must claim the device. If sensor has network reachability to DNAC it will appear in the unclaimed device list. Go to the Provision > Unclaimed devices.

Select the sensor in the unclaimed device list and click on "Sensor Provision". Next you must add the sensor to a floor and choose a sensor profile.

Now the sensor will provision and appear in the Inventory after it is complete. If it is in managed state then it is ready to be setup with a testsuite.

Creating the test suites

Once the Sensor package is installed, navigate to DNA Assurance > Manage > Sensor Driven Tests then select "Add Test" to begin the test suite creation.


Step 1

Define the test name, location, and the frequency that the tests should run on the "Add Test" page.

It is recommended to run the test every 30 minutes or every 1 hour.

When selecting the "Location", the SSID's that are broadcast on that floor are listed below the Test Name, Location, and Interval-Hours fields. Select only 1 SSID and only 1 band. Create additional tests for each SSID and for each band. Authentication modes of WPA2_EAP (EAP-FAST and PEAP-MSCHAPv2), PSK, and Open are currently supported. Select next after choosing the SSID and entering the authentication details

Step 2

Select the test for the sensor to perform.

There are Network Tests, RADIUS Tests, and Application Tests including Email, Web, and FTP.

The below screenshot depicts a full list of tests that can be performed.

It is recommended to start with a minimal test suite including DHCPv4, DNS, and Host Reachability Tests. Modify the test suite once these tests are successful to test RADIUS or additional applications. Click Next to get to the last step in adding the test suite.

Step 3

Select the sensor.

This is the AP that will be converted into sensor mode to test the AP's in the surrounding area. The sensor will test all AP's that it can hear with a RSSI cutoff value of -75.

Once the sensor is selected, click Save and the AP will be converted into Sensor mode. A message will appear at the top of the screen once the AP has changed modes. This only happened the first time a test is added and the AP mode is changed.

The newly added test is now displayed on the Sensor-Driven Tests page. An overview of the test is shown with the option to select "View" to see additional test result details

Step 4

Select "View" to list out all AP's that the sensor performed tests against and the results of those tests.

The sensor name, SSID, and AP Name is listed as well as the test type and results.

Differences between AP Sensor and AP-1800s

The Cisco-Aironet AP-1800s is a dedicated sensor radio in a very small form factor. It is a dedicated sensor only and does not join controller as it uses PnP to find DNAC (sensor package).


Plug and Play happens through the WLC onboarding if it is an Access Point.

Plug and Play happens through the WLC onboarding if it is an Access Point.

Provisioning an 1800s sensor without Ethernet.

When using the 1800s sensor (without the Ethernet module) the sensor would be provisioned over the WLAN by enabling the provisional SSID as shown in the screenshot below.

Once provisioning is enabled (and SSID is set to TFTP) it will create a hidden WLAN called "CiscoSensorProvisioning" and the sensor will join using an EAP-TLS client cert.

This will allow the sensor to find the DNAC IP and is done via DHCP Option 43 or through DNS.

Backhaul Configuration


The wireless backhaul is not supported until DNAC 1.2.0.

The backhaul is an SSID you must choose from your existing wlans which will be used by a wireless sensor to connect and communicate with the DNAC. This is how test configurations will be pushed down to your device, or test results pushed back to the DNAC, if you DNAC isn't reachable through the wired network.

To configure the backhaul on the WLC from the UI go to "Management" -> Cloud Services -> Network Assurance -> Sensor. Backhaul configuration will be at the top of the window. Ensure that the SSID name matches an existing wlan and the security also matches.

Enabling DNAC Discovery


You must configure Option 43 with the following ASCII String -example 5A1N;B2;K4;l<DNAC IP Address>;J80

<IP address of DNAC Server >;J80

For DNS there are two steps:


Step 1

Create a host file on the DNS server that has the host name "PNPSERVER", and the IP address of the PNP server.

Step 2

Add option 15 to the DHCP scope and provide the name of your domain name, as well as add option 6 with your DNS server.

Step 3

You can add Option 42 as NTP server IP address for Sensor. This DHCP Option 42, NTP server will not be required in the futurerelease of AP1800S software and this option is required only in the first Sensor release, 8.5.257.

Example of Scope Options:

If you need to upgrade the image on an 1852, 2800, or 3800 sensor, this will be done by upgrading the image on the WLC.

If you need to upgrade the 1800s, this can be done via DNAC. To upgrade the 1800S from DNAC first download the image from Cisco's website and add the image to the repository on DNAC. On the main page of DNAC scroll all the way down and click on Image Repository.

Step 4

If you already have used DHCP Option 43 field for other purpose (e.g. WLC IP Address for AP provisioning) you can further add conditional Option 43 field by adding VCI string as conditional assignment. Cisco Active Sensor AP1800s’s VCI string is “Cisco AP C1800”

Step 5

Click Import Image/SMU

You can add the image by importing the sn1g5-k9w8 image you downloaded from CCO or by providing a url. Click the Import button.

Now image should be in repository. Click on down arrow next to "Cisco 1800S Unified Access Point (Sensor). You should see your imported image listed. You must click on the star next to the imported image in the "Golden Image" column. This will let the repository know which image you want to download to the sensor. Only one star can be selected at a time.

Click on Upgrade Device and you will be taken to the inventory page. Select the 1800S you want to upgrade and at the top of the page choose “Actions” > Update OS Image.

A new window will appear with the sensor selected and the Target Image listed.

Step 6

Choose Now or Laterto upgrade.

Troubleshooting Commands

CLI Commands for troubleshooting. These are to be ran from the sensor AP console (telnet/ssh).

 # show dot11 sensor heartbeat status

A heartbeat between DNAC and the sensor occurs every 60 seconds. Run this command to see the status and last success time of the heartbeat. If fail confirm connectivity to DNAC.

# show dot11 sensor test result

# This shows the results of the test that the sensor has ran. These results flow directly to the DNAC and do not go thru the WLC.

# show dot11 sensor test config

This shows the configuration that the Sensor has received from the DNAC through the WLC.

# show dot11 sensor synthetic work list

This shows details for each tests that the sensor will execute.

# show dot11 sensor stats

Look for "Total Test Cases Ran", "Successful Test Cases" and "Failed Test Cases". This gives in indication of how many tests the sensor has performed and the overall status of those tests. Note this also includes radio stats and does show you if DNAC connectivity is enabled.

# show dot11 sensor scan list

This shows the AP's that the sensor can hear and at what signal level. Only AP's with RSSI of -75 or higher are tested against.

# debug wsa debug

Use 'term mon' to view the full debug output from the wsa debug

Detailed Troubleshooting Commands Output

STUB01-SENS3-1815I#	show dot11 sensor heartbeat status

Heartbeat Status: Success

Heartback Version: 1

Heartbeat Last Success Time: 2018-01-17 00:53:08.016900

STUB01-SENS3-1815I#	show dot11 sensor test results
Test No: 1, Name: DNS, Time: 2018-01-09 18:48:17.464181
Test Results: {
   "macAddress": "00:a3:8e:16:05:a0",
   "testCompleted": "no",
   "type": "DEDICATED",
   "connectivityStats": {
      "wireless": {
         "status": "SUCCESS",
         "channelWidth": 20,
         "txDataRate": 24000,
         "responseTimesInMillis": {
            "probeRequest": 1,
            "authenticationRequest": 1,
            "handshake": 38,
            "associationRequest": 47
         "snr": 60,
         "rssi": -35,
         "channel": 64
      "DHCP": {
         "status": "SUCCESS",
         "totaltime": 4566,
         "slack": 0,
         "offer": 4202,
         "ack": 118,
         "IP": "",
         "request": 30,
         "discover": 0,
         "DefaultGWIP": "",
         "dhcpv6": 0,
         "DNSIP": "",
         "FailureReason": "DHCP_SUCCESS"
      "DefaultGW": {
         "reachabilityStatus": "yes",
         "reachabilityTimeMillis": "1.616"
      "DNS-Server": {
         "reachabilityStatus": "yes",
         "reachabilityTimeMillis": "1.982"
 <Remainder removed>

STUB01-SENS3-1815I#	show dot11 sensor test config
Test Config Received Time: 2018-01-09 05:57:18.971401
    advancedConfig: {
        rssiThreshold: -75
            name: DNS
            bands: BOTH
            connection: WIRELESS
            frequency: {
                value: 30
                unit: MINUTES
                    username: null
                    validTo: 0
                    numAps: 0
                    id: 0
                    authTypeRcvd: null
                    authType: OTHER
                    ssid: ubcvisitor
                    authProtocol: null
                    eapMethod: null
                    certxferprotocol: HTTP
                    status: ENABLED
                    psk: null
                    bands: 5GHz
                    certfilename: null
                    profileName: eduroam
                    password: ****
                    certstatus: ACTIVE
                    certpassphrase: null
                    numSensors: 0
                    certdownloadurl: null
                    wlanId: 0
                    validFrom: 0

STUB01-SENS3-1815I#	show dot11 sensor synthetic work list
Test 1 Suite 5a331790d07f6f00201c8b0b_afdb243d-67bf-488b-a4d7-d8b59ae93868 DNS AP 00:c8:8b:46:7b:ee radio 1 Wlan eduroam band 802.11a 
ssid eduroam frequency 30 freq_unit MINUTES on_demand 0 repeatCountOnFailure 0
Test 2 Suite 5a331790d07f6f00201c8b0b_afdb243d-67bf-488b-a4d7-d8b59ae93868 DNS AP 1c:6a:7a:fc:0c:8e radio 1 Wlan eduroam band 802.11a 
ssid eduroam frequency 30 freq_unit MINUTES on_demand 0 repeatCountOnFailure 0
Test 3 Suite 5a331790d07f6f00201c8b0b_afdb243d-67bf-488b-a4d7-d8b59ae93868 DNS AP 10:05:ca:72:06:de radio 1 Wlan eduroam band 802.11a 
ssid eduroam frequency 30 freq_unit MINUTES on_demand 0 repeatCountOnFailure 0
Test 4 Suite 5a331790d07f6f00201c8b0b_afdb243d-67bf-488b-a4d7-d8b59ae93868 DNS AP 10:05:ca:c4:0b:7e radio 1 Wlan eduroam band 802.11a 
ssid eduroam frequency 30 freq_unit MINUTES on_demand 0 repeatCountOnFailure 0
Test 5 Suite 5a331790d07f6f00201c8b0b_afdb243d-67bf-488b-a4d7-d8b59ae93868 DNS AP 1c:6a:7a:f2:0d:4e radio 1 Wlan eduroam band 802.11a 
ssid eduroam frequency 30 freq_unit MINUTES on_demand 0 repeatCountOnFailure 0
Test 6 Suite 5a331790d07f6f00201c8b0b_afdb243d-67bf-488b-a4d7-d8b59ae93868 DNS AP 1c:6a:7a:fc:00:be radio 1 Wlan eduroam band 802.11a 
ssid eduroam frequency 30 freq_unit MINUTES on_demand 0 repeatCountOnFailure 0

STUB01-SENS3-1815I#	show dot11 sensor stats
## Network Assurance Sensor Statistics ##
WSA Status: Enabled
NA Connectivity: Not Connected
NA Connectivity I/F: Radio 0  http
NA Server URL:
Auth Type: 10
HTTP Proxy IP:
Backhaul SSID:
Id-token: <BASE64 Encoded String removed>
Port: 80
Total Test Cases Run: 0
Successful Test Cases: 0
Failed Test Cases: 0
Network Assurance 5G Radio Statistics
Host Rx K Bytes: 58643
Host Tx K Bytes: 8097
Unicasts Rx: 267431
Unicasts Tx: 59926
Broadcasts Rx: 53327
Broadcasts Tx: 5550
Beacons Rx: 456662
Beacons Tx: 0
Multicasts Rx: 0
Multicasts Tx: 0
CRC errors: 4178
Network Assurance 2G Radio Statistics
Host Rx K Bytes: 0

Sensor Troubleshooting on the WLC

Useful URLs