Managing the Cisco Mobility Express Deployment

Managing Access Points

Starting Release 8.4, Cisco Mobility Express supports up to 100 Access Points. To view the list or modify parameters on an Access Points, follow the procedure below:

Procedure
    Step 1   Navigate to Wireless Settings > Access Points.
    Note   

    The first Access Point with the P icon is the Master AP and the rest of them are Subordinate Access Points.

    Step 2   To modify the parameters on an access point, click on the Edit button. The Access Point window will come up displaying the General parameters about the Access Point.

    • Operating Mode(Read only field)-For a master AP, this field displays AP & Controller. For other associated APs, this field displays AP only.

    • AP Mac(Read only field)–Displays the MAC address of the Access Point.

    • AP Model(Read only field)-Displays the model details of the Access Point.

    • IP Configuration–Choose Obtain from DHCP to allow the IP address of the AP be assigned by a DHCP server on the network, or choose Static IP address. If you choose Static IP address, then you can edit the IP Address, Subnet Mask, and Gateway fields.

    • AP Name–Edit the name of access point. This is a free text field.

    • Location–Edit the location for the access point. This is a free text field.

    Step 3   Under the Controller tab (Available only for Master AP), one can modify the following parameters:

    • System Name–Enter the System Name for Mobility Express

    • IP Address–IP address decides the login URL to the controller's web interface. The URL is in https://<ip address> format. If you change this IP address, the login URL also changes.

    • Subnet Mask–Enter the Subnet Mask.

    • Country Code–Enter the Country Code.

    Step 4   Under Radio 1 (2.4 GHz) and Radio 2 (5 GHz), one can edit the following parameters:

    • Admin Mode–Enabled/Disabled. This enables or disables the corresponding radio on the AP (2.4 GHz for 802.11 b/g/n or 5 Ghz for 802.11 a/n/ac).

    • Channel–Default is Automatic. Automatic enables Dynamic Channel Assignment. This means that channels are dynamically assigned to each AP, under the control of the Mobility Express controller. This prevents neighboring APs from broadcasting over the same channel and hence prevents interference and other communication problems. For the 2.4GHz radio, 11 channels are offered in the US, up to 14 in other parts of the world, but only 1-6-11 can be considered non-overlapping if they are used by neighboring APs. For the 5GHz radio, up to 23 non-overlapping channels are offered. Assigning a specific value statically assigns a channel to that AP.

      • 802.11 b/g/n–1 to 11.

      • 802.11 a/n/ac –40, 44, 48, 52, 56, 60, 64, 100, 104, 108, 112, 116, 132, 136, 140, 149, 153, 157, 161, 165.

    • Channel Width - 20 MHz for 2.4GHz and for 20, 40 and 80 for 5 GHz.

    • Transmit Power - 1 to 8. The default value is Automatic.

    This is a logarithmic scale of the transmit power, that is the transmission energy used by the AP, 1 being the highest,2 being half of it, 3 being 1/4th and so on. Selecting Automatic adjusts the radio transmitter output power based on the varying signal level at the receiver. This allows the transmitter to operate at less than maximum power for most of the time; when fading conditions occur, transmit power will be increased as needed until the maximum is reached.

    Step 5   Click Apply.

    Adding Access Points to Cisco Mobility Express Network

    When adding Access Points to Cisco Mobility Express network, the following have to be considered:

    Software Version on the Access Point–If the software version of the access point, which is being added, is different than what is on the Master AP, a software download of the code running on the Master Access Point has to happen on the Access Point being added. For the new Access Point to download the code that is running on the Master Access Point, one of the following has to be configured:

    • TFTP server details and the Access Point images path information has to be configured on the Software Update page.

    • If the Master AP has 8.3.102.0 or later code, one can configure the Cisco.com login credentials on the Software Update page and the code on the new Access Point will be automatically downloaded from cisco.com when an Access Point joins.


    Note

    For Software download to take place directly from Cisco.com, the Master AP should be the one with the SMARTNet Contract.

    Procedure
      Step 1   Download the Access Point image zip file from cisco.com on a TFTP server. The bundle version must be the same as the one running on the Master AP. Unzip the file to extract the individual Access Point images.
      Step 2   Navigate to Management > Software Update. Select TFTP for Transfer Mode and configure the TFTP Parameters.

      (OR)

      Step 3   Navigate to Management > Software Update. Select Cisco.com as the Transfer Mode and configure parameters related to the Cisco.com user account.
      Step 4   Connect the AP to the network. When the AP boots up, it obtains an IP address from the DHCP server. If the AP version matches the one on Master AP, it joins. However, if the version on the AP being added is different than then one on the Master AP, it starts to download the image from either the configured TFTP server or cisco.com. After the image download is complete, the AP will reboot and join the Master AP.
      Note   

      During the image download there is no service interruption. After the image download is complete, the AP automatically re-boots and join the Master AP.

      Configuring Management Access

      The Management Access Interface on the Mobility Express controller is the default interface for in-band management of the controller and connectivity to enterprise services. It is also used for communications between the controller and access points.

      There are four types of Management Access supported on the Mobility Express controller.

      1. HTTP Access–To enable HTTP access mode, which allows you to access the controller GUI using http://<ip-address> through a web browser, choose Enabled from the HTTP Access drop-down list. Otherwise, choose Disabled. The default value is Disabled. HTTP access mode is not a secure connection.
      2. HTTPS Access–To enable HTTPS access mode, which allows you to access the controller GUI using http://ip-address through a web browser, choose Enabled from the HTTPS Access drop-down list. Otherwise, choose Disabled. The default value is Enabled. HTTPS access mode is a secure connection.
      3. Telnet Access–To enable Telnet access mode, which allows remote access to the controller's CLI using your laptop's command prompt, choose Enabled from the Telnet Access drop-down list. Otherwise, choose Disabled. The default value is Disabled. The Telnet access mode is not a secure connection.
      4. SSHv2 Access–To enable Secure Shell Version 2 (SSHv2) access mode, which is a more secure version of Telnet that uses data encryption and a secure channel for data transfer, choose Enabled from the SSHv2 Access drop-down list. Otherwise, choose Disabled. The default value is Enabled. The SSHv2 access mode is a secure connection.

      To enable or disable the different types of management access to the controller, follow the procedure below:

      Procedure
        Step 1   Navigate to Management > Access.

        Step 2   For the various Access Types, select either Enabled or Disabled.
        Note   

        There must be at least one access enabled else admin user will locked out of Mobility Express Controller and will have to use console to make changes to provide access again.

        Step 3   Click Apply to submit changes.

        Managing Admin Accounts

        Cisco Mobility Express Cisco Mobility Express supports creation of admin accounts to prevent unauthorized users from reconfiguring the controller and viewing configuration. It supports the following three access levels for Admin user accounts:

        1. Read/Write–Accounts with read and write privilege have full provisioning and monitoring capability
        2. Read only–Accounts with Read only privilege only have monitoring capability and can browse all screens
        3. Lobby Ambassador–A Lobby Ambassador can create and manage guest user accounts on the Cisco Mobility Express. The lobby ambassador has limited configuration privileges and can access only the web pages used to manage the guest accounts.

        Note

        The local user database is limited to a maximum of 2048 entries, which is also the default value. This database is shared by local management users (including lobby ambassadors), local network users (including guest users), MAC filter entries, exclusion list entries. Together they cannot exceed the maximum value.

        To create admin users, follow the procedure below:

        Procedure
          Step 1   Navigate to Management > Admin Accounts and click on the Add New User button.

          Step 2   Enter the following to configure the admin user account.

          • Account Name–Enter the admin user name. Username is case-sensitive and can contain up to 24 ASCII characters. Username cannot contain spaces and must be unique.

          • Access - Select Read/Write, Read Only or Lobby Ambassador access for the admin account.

          • New Password & Confirm Password - Enter a password for the admin user account, in-keeping with the following rules:

            • Passwords are case sensitive and cannot contain spaces

            • The password should contain a minimum of 8 characters from ALL of the following classes:

              • Lowercase letters

              • Uppercase letters

              • Digits

              • Special characters

              • No character in the password can be repeated more than three times consecutively

              • The password should not contain the word Cisco or a management username. The password should also not be any variant of these words, obtained by reversing the letters of these words, or by changing the capitalization of letters, or by substituting 1, |, or ! or substituting 0 for o or substituting $ for s.

          Step 3   Click tick icon.

          Managing TACACS+ and RADIUS Servers

          Starting Release 8.5, Cisco Mobility Express will support up to Six RADIUS and Three TACACS Servers. To configure RADIUS and TACACS+ Servers, enable Expert View on Cisco Mobility Express. Expert View is available on the top banner of the Cisco Mobility Express WebUI as shown below and enabled various configurable parameters which are not available in Standard view.



          Adding TACACS+ Servers

          Procedure
            Step 1   Navigate to Management > Admin Accounts.
            Step 2   To add TACACS+ servers, click on TACACS+ tab. Click on the Add TACACS+ Authentication Server button and enter the following:

            • Server Index–Select 1 through 3

            • State–Enable the state

            • Server IP Address–Enter the IPv4 address of the TACACS+ server

            • Shared Secret–Enter the shared secret

            • Port Number–Enter the port number being used for communicating with the TACACS+ server

            • Server Timeout–Enter the server timeout

            Step 3   Do the same of the RAIDUS Authorization Servers.

            Adding RADIUS Servers

            Procedure
              Step 1   Navigate to Management > Admin Accounts.
              Step 2   To add RADIUS servers, click on RADIUS tab. Click on the Add RADIUS Authentication Server button and enter the following:

              • Server Index–Select 1 thru 6

              • State–Enable the state

              • Server IP Address–Enter the IPv4 address of the RADIUS server

              • Shared Secret–Enter the shared secret

              • Port Number–Enter the port number being used for communicating with the RADIUS server

              • Server Timeout–Enter the server timeout

              Step 3   Do the same of the RAIDUS Authorization Servers.

              Managing Admin User Priority

              Prior to Release 8.5, admin accounts on Cisco Mobility Express were created locally on the controller. In Release 8.5 TACACS+ and RADIUS servers can also be used for authentication admin users.

              When multiple databases are configured, it is important to configure the admin account user priority. To configure the priority, follow the Procedure below.

              Procedure
                Step 1   Enable Expert View on Cisco Mobility Express. Expert View is available on the top banner of the Cisco Mobility Express WebUI as shown below and enables various configurable parameters which are not available in Standard view.



                Step 2   Navigate to Management > Admin Accounts and click on the Management User Priority Order.
                Note   

                By default, the local database is always queried first. If the username is not found, the controller switches to the RADIUS server if configured for RADIUS or to the TACACS+ server if configured for TACACS+. The default setting is local and then RADIUS.

                Step 3   To change the priority, between TACACS+ and RADIUS, click on either and move UP or DOWN. Please note Local Admin Accounts cannot be moved to Priority 3. It can only be either 1 or 2.

                Managing TIME on Cisco Mobility Express

                The system date and time on the Cisco Mobility Express controller is typically configured when running the initial Wireless Express setup wizard.

                Configuring NTP Server

                Up to three Network Time Protocol (NTP) servers can be configured to sync date and time if one was not configured during the Wireless Express setup. Time Zone can be configured to offset the clock.

                To configure Time Zone and NTP servers, follow the procedure below:

                Procedure
                  Step 1   Navigate to Management > Time.
                  Step 2   Choose the desired Time Zone .
                  Step 3   Enter the NTP Polling Interval. The polling interval ranges from 3600 to 604800 seconds.
                  Step 4   To add an NTP server, click Add NTP Server button and configure the following:

                  • NTP Index–It can be 1, 2 or 3.

                  • NTP Server - This can be the NTP Server IP address, NTP Server Name or pool. A maximum of three NTP Servers are supported.

                  • Click tick icon.

                  Note   

                  Synchronization of the date and time with the NTP Server occurs each time the controller reboots and at each user-defined polling interval.

                  Updating Cisco Mobility Express Software

                  Cisco Mobility Express controller software update can be performed using the controller's web interface. Software update ensures that both the controller software and all the Access Points associated are updated.

                  An AP joining the controller compares its software version with the Master AP version and incase of mismatch, the new AP requests for a software update. For software update, one must configure the Transfer Mode and corresponding details on the Software Update page.


                  Note

                  Master AP does not have AP images. It facilitates the transfer of new software from the configured Transfer Mode to the Access Points requesting for Software Update.

                  Software download on the Access Points is automatically sequenced to ensure that not more than 5 APs are downloading the software simultaneously and the queue refreshes till all the Access Points requiring upgrade have downloaded the new image.

                  Starting Release 8.3.100.0, Cisco Mobility Express supports the following Transfer Mode for Software Update:

                  Cisco.com–Cisco.com transfer mode is introduced in 8.3.100.0. In this software update method, the software image can be directly streamed from cisco.com to the individual Access Points. Internet access required for this transfer mode and EULA and SMARTNet contract requirements have to be met for this transfer mode.

                  HTTP–HTTP transfer mode is supported if the Mobility Express Network has the same model of Access Points. Use HTTP as the transfer mode for Software Update using the AP file from a local machine.


                  Note

                  If there is a mix of Access Points in the Mobility Express network, Software Update via cisco.com or TFTP Transfer Method should be used.

                  TFTP–TFTP transfer mode can be used to perform Software Update on a Mobility Express Network. Master AP facilitates transfer of image from the TFTP server to the individual Access Points. The AP images are stored and served from the TFTP server upon request.


                  Note

                  There is no service interruption during pre-image download. After pre-image download is complete on all APs, a Manual or scheduled reboot of Mobility Express network can be triggered.

                  Software Update using cisco.com Transfer Mode

                  Software Update via Cisco.com works for all Access Points supported in a Cisco Mobility Express Deployment. Below requirements must be met to initiate a Software Update from cisco.com.

                  • Internet access is required for software download from cisco.com to APs. However, no proxy is required.
                  • A valid cisco.com (CCO) account with username & password required.
                  • EULA acceptance on a per user basis. Only Master AP (not all APs in the network) must have SMARTNet contract else Software Update will not start.

                  Note

                  Software Update from cisco.com is supported via GUI only.

                  In order to perform Software Update using cisco.com Transfer Mode, follow the procedure below:

                  Procedure
                    Step 1   To perform Software Update via Cisco.com, navigate to Management > Software Update and configure the following:

                    • Select Cisco.com for Transfer Mode.

                    • Enter Cisco.com Username.

                    • Enter Cisco.com Password.

                    • Enable Automatically Check for Updates. Check is done once in 30 days.

                    • Click on the Check Now button to retrieve the Latest Software Release and the Recommended Software Release from Cisco.com.

                    Step 2   Click Apply.

                    Step 3   Click Update to initiate software update wizard.
                    Step 4   In the Software Update Wizard, select the Recommended Software Release or Latest Software Release. Click Next.
                    Step 5   Select Update Now to initiate software update immediately or Schedule the Update for Later.
                    Note   

                    If Schedule the Update for Later is selected, configure the Set Update Time field.

                    Step 6   Click on the Auto Restart checkbox if automatic restart of all access points in the network is desired after the software update is finished. Click Next.
                    Step 7   Click Confirm to start the software update.

                    To monitor the download progress on individual Access Points, expand the Predownload image status.

                    Software Update using HTTP Transfer Mode

                    If you have the same model of Access Points in the Mobility Express deployment, HTTP Transfer mode can be used to perform Software Update. For HTTP Transfer mode, one can simply upload the Access Point upgrade image from the local machine. To perform Software Update using HTTP Transfer Mode, follow the procedure below:

                    Procedure
                      Step 1   Download the AP Image bundle from cisco.com to the local machine. The table below points to Release 8.5.103.0 images.

                      Step 2  
                      Access Point Access Point image bundle. Contains individual AP images to be used for Software Update
                      Cisco Aironet® 1540 Series AIR-AP1540-K9-ME-8-5-103-0.zip
                      Cisco Aironet® 1560 Series AIR-AP1560-K9-ME-8-5-103-0.zip
                      Cisco Aironet® 1815I Series AIR-AP1815-K9-ME-8-5-103-0.zip
                      Cisco Aironet® 1815M Series AIR-AP1815-K9-ME-8-5-103-0.zip
                      Cisco Aironet® 1815W Series AIR-AP1815-K9-ME-8-5-103-0.zip
                      Cisco Aironet® 1830 Series AIR-AP1830-K9-ME-8-5-103-0.zip
                      Cisco Aironet® 1850 Series AIR-AP1850-K9-ME-8-5-103-0.zip
                      Cisco Aironet® 2800 Series AIR-AP2800-K9-ME-8-5-103-0.zip
                      Cisco Aironet® 3800 Series AIR-AP3800-K9-ME-8-5-103-0.zip

                      Note   

                      The above images are for AireOS Release 8.4.100.0. The image bundle would be different for different releases.

                      Step 3   Unzip the AP Image bundle to extract individual AP Images. Mapping of Access Points to their corresponding images is shown below:
                      Access Point Access Point Image
                      Cisco Aironet® 1540 Series ap1g5
                      Cisco Aironet® 1560 Series ap3g3
                      Cisco Aironet® 1815I Series ap1g5
                      Cisco Aironet® 1815M Series ap1g5
                      Cisco Aironet® 1815W Series ap1g5
                      Cisco Aironet® 1830 Series ap1g4
                      Cisco Aironet® 1850 Series ap1g4
                      Cisco Aironet® 2800 Series ap3g3
                      Cisco Aironet® 3800 Series ap3g3

                      Step 4   To perform Software Update via HTTP Transfer Mode, navigate to Management > Software Update and configure the following:

                      • Select HTTP for Transfer Mode

                      • Browse to the local AP image, corresponding to the Access Point in your network

                      • Click on the Auto Restart checkbox if automatic restart of all access points in the network is desired after the software update is finished

                      Step 5   Click Apply.
                      Step 6   Click on Updateto initiate software update.

                      Software Update using TFTP Transfer Mode

                      Software Update via TFTP Transfer Mode works for all Access Points supported in a Cisco Mobility Express Deployment. You would need a TFTP server which can communicate with the Master Access Point to use this upgrade method. This update method is supported from controller WebUI as well as CLI.

                      Upgrading from WebUI

                      To perform Software Update using TFTP Transfer mode from WebUI, follow the procedure below:

                      Procedure
                        Step 1   Download the AP Image bundle from cisco.com to the TFTP server.
                        Step 2   Unzip the AP Image bundle to extract individual AP Images.
                        Step 3   To perform Software Update via TFTP Transfer Mode, navigate to Management > Software Update and configure the following:

                        • Select TFTP for Transfer Mode.

                        • Enter the IP Address of the TFTP server in the IP Address (IPv4) field.

                        • Enter the File Path to the unzipped AP images on the TFTP Server.

                        Note   

                        The most common mistake made is entering this path correctly. It is important that this path be entered correctly before going to the next step. Do not point to individual AP image. You need to only point to the directory which contains the AP images.

                        Step 4   Click Apply.
                        Step 5   Click Update Now to initiate software update.
                        Note   

                        To Schedule Update at a later time, user must select a date and time in Set Update Time field and then click on the Schedule Later button. It is recommended that the Set Reboot Time should be at least 2 hours from the time pre-image download was initiated. This will ensure that pre-image download on all Access Points in the Mobility Express Network has completed.

                        Upgrading from CLI

                        Procedure
                          Step 1   Login to AP running Mobility Express controller via SSH or Telnet(if it is enabled).
                          Step 2   Specify the datatype. 
                          (Cisco Controller) >transfer download datatype ap-image

                          Step 3   Specify the transfer mode. 
                          (Cisco Controller) >transfer download ap-images mode tftp

                          Step 4   Specify the IP address of the TFTP server. 
                          (Cisco Controller) >transfer download ap-images serverIp <IP addr>

                          Step 5   Specify the path of the AP images on the TFTP server. 
                          (Cisco Controller) >transfer download ap-images imagePath <path to AP images>

                          Note   

                          The most common mistake made is entering this path correctly. It is important that this path be entered correctly before going to the next step. Do not point to individual AP image. You need to only point to the directory which contains the AP images.

                          Step 6   Start pre-downloading of the image on the APs. 
                          (Cisco Controller) >transfer download start
Mode........................................... TFTP
Data Type...................................... ap-image
TFTP Server IP................................. 10.1.1.77
TFTP Packet Timeout............................ 10
TFTP Max Retries............................... 10
TFTP Path...................................... ap_bundle_8.1.112.30/
This may take some time.
Are you sure you want to start? (y/N) y
TFTP Code transfer starting.
Triggered APs to pre-download the image.
Reboot the controller once AP Image pre-download is complete

                          Step 7   Check the pre-download status by executing the CLI below. 
                          (Cisco Controller) >show ap image all

Total number of APs............... 3
Number of APs
       Initiated.........................1
       Predownloading....................2
       Completed predownloading..........0
       Not Supported.....................0
       Failed/BackedOff to Predownload...0

                   Primary    Backup  Predownload Predownload Next Retry  Retry Failure
AP Name	             Image     Image 	   Status      Version    Time      Count Reason
––––––––––––––   ––––––––––  –––––––--  ––––––––    –––––––––   –––––––   ––––  –––––
AP6412.256e.0e78 8.1.112.21	 8.1.112.21 Predownloading   ––	        NA	   NA	 
APAOEC.F96C.D640 8.1.112.21	 8.1.112.21 Predownloading   ––	        NA   	NA	
3600-gemini	  8.1.112.21	 8.1.112.21 Predownloading   ––	           NA

                          Step 8   Wait for the pre-image download to complete on the Access Points. 
                          (Cisco Controller) >show ap image all
Total number of APs............... 3
Number of APs
       Initiated.........................1
       Predownloading....................2
       Completed predownloading..........0
       Not Supported.....................0
       Failed/BackedOff to Predownload...0

                    Primary    Backup  Predownload Predownload Next Retry Retry Failure
AP Name	             Image     Image 	   Status      Version    Time      Count Reason
 ––––––––––––––   ––––––––––  –––––––--  ––––––––    –––––––––   –––––––   ––––  –––––
AP6412.256e.0e78 8.1.112.21	 8.1.112.21 Complete     ––	         NA	          NA	 
APAOEC.F96C.D640 8.1.112.21	 8.1.112.21 Complete     ––	         NA           NA	
3600-gemini	  8.1.112.21	 8.1.112.21 Complete	  ––	              NA

                          Step 9   After the pre-download is complete, issue a reset system as shown below. 
                          (Cisco Controller) >reset system
The system has unsaved changes.
Would you like to save them now? (y/N) y
Configuration Saved!
System will now restart!

                          Managing Advanced RF Parameters

                          Cisco Mobility supports a number RF Parameters which can be configured the administrator to optimize their network deployment. To manage advanced RF Parameters, follow the procedure below:

                          Procedure
                            Step 1   Enable Expert View on Cisco Mobility Express. Expert View is available on the top banner of the Cisco Mobility Express WebUI as shown below and enabled various configurable parameters which are not available in Standard view.

                            Step 2   Under Advanced RF Parameters, the following parameters are available:

                            • 2.4 GHz Band - This is a global setting and can be enabled or disabled.

                            • 5.0 GHz Band - This is a global setting and can be enabled or disabled.

                            • Automatic Flexible Radio Assignment - If there are 2800 and 3800 series access points in the Cisco Mobility Express deployment which supports Flexible Radio Assignment, one can choose to enable or disable it.

                            • Optimized Roaming–This is a global setting and can be enabled or disabled.

                            • Event Driven RRM–This is a global setting and can be enabled or disabled.

                            • CleanAir Detection–CleanAir is supported on 2800 and 3800 series access points and one can choose to enable or disable it.

                            • 5.0 GHz Channel Width–Global setting is configured to best but one can select 20, 40, 80 or 160 MHz for channel width.

                            • 2.4 GHz Data Rates–Move the slider to disable/enable data rates in the 2.4 GHz band

                            • 5.0 GHz Data Rates–Move the slider to disable/enable data rates in the 5.0 GHz band

                            • Select DCA Channels–One can select (click on individual channels) the channels to be included in DCA for both 2.4 GHz and 5.0 GHz band

                            Note   

                            Green with an underline below the channel indicates that it is selected.

                            Step 3   Click Apply.

                            CALEA Support

                            Support for The Communications Assistance for Law Enforcement Act (CALEA) is available in Cisco Mobility Express starting Release 8.5. To configure CALEA Server, follow the procedure below:

                            Procedure
                              Step 1   Enable Expert View on Cisco Mobility Express. Expert View is available on the top banner of the Cisco Mobility Express WebUI as shown below.



                              Step 2   Navigate to Advanced > Controller Tools. Click on the CALEA Tab and configure the following:

                              • Enable the CALEA status

                              • Enter the CALEA server IP address and Port

                              • Enter the Sync interval in minutes

                              • Enter the Venue information

                              Step 3   Click Apply.