- Preface
- 1 - Overview of Access Point Features
- 2 - Using the Web-Browser Interface
- 3 - Using the Command-Line Interface
- 4 - Configuring the Access Point for the First Time
- 5 - Administrating the Access Point
- 6 - Configuring Radio Settings
- 7 - Configuring Multiple SSIDs
- 8 - Configuring Spanning Tree Protocol
- 9 - Configuring an Access Point as a Local Authenticator
- 10 - Configuring WLAN Authentication and Encryption
- 11 - Configuring Authentication Types
- 12 - Configuring Other Services
- 13 - Configuring RADIUS and TACACS+ Servers
- 14 - Configuring VLANs
- 15 - Configuring QoS
- 16 - Configuring Filters
- 17 - Configuring CDP
- 18 - Configuring SNMP
- 19 - Configuring Repeater and Standby Access Points and Workgroup Bridge Mode
- 20 - Managing Firmware and Configurations
- 21 - Configuring L2TPv3 Over UDP/IP
- 22 - Configuring Ethernet over GRE
- 23 - Configuring System Message Logging
- 24 - Troubleshooting
- 25 - Miscellaneous AP-Specific Configurations
- Appendix A - Protocol Filters
- Appendix B - Supported MIBs
- Appendix C - Error and Event Messages
- Enabling the Radio Interface
- Configuring the Role in Radio Network
- Limiting Clients per Radio
- Configuring Radio Data Rates
- Configuring MCS Rates
- Configuring Radio Transmit Power
- Configuring Radio Channel Settings
- Enabling and Disabling World Mode
- Disabling and Enabling Short Radio Preambles
- Configuring Transmit and Receive Antennas
- Enabling and Disabling Gratuitous Probe Response
- Disabling and Enabling Aironet Extensions
- Configuring the Ethernet Encapsulation Transformation Method
- Enabling and Disabling Reliable Multicast to Workgroup Bridges
- Enabling and Disabling Public Secure Packet Forwarding
- Configuring the Beacon Period and the DTIM
- Configure RTS Threshold and Retries
- Configuring the Maximum Data Packet Retries
- Configuring the Fragmentation Threshold
- Enabling Short Slot Time for 802.11g Radios
- Performing a Carrier Busy Test
- Configuring VoIP Packet Handling
- Configuring ClientLink
- Debugging Radio Functions
- 802.11r Configuration
- Setting Traffic Rate Limits for an SSID and Radio Interface
Configuring Radio Settings
This chapter describes how to configure radio settings for the wireless device.
Enabling the Radio Interface
The wireless device radios are disabled by default.
Note
Beginning with Cisco IOS Release 12.3(8)JA there is no SSID. You must create an SSID before you can enable the radio interface.
Beginning in privileged EXEC mode, follow these steps to enable the access point radio:
Configuring the Role in Radio Network
Table 6-1 shows the role in the radio network for each device.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Universal workgroup bridge1 |
|||||||||||||
You can configure the role of an access point or bridge in a radio network. You can also configure a fallback role for root access points. The wireless device automatically assumes the fallback role when its Ethernet port is disabled or disconnected from the wired LAN. There are two possible fallback roles:
- Repeater—When the Ethernet port is disabled, the wireless device becomes a repeater and associates to a nearby root access point. You do not have to specify a root access point to which the fallback repeater associates; the repeater automatically associates to the root access point that provides the best radio connectivity.
- Shutdown—the wireless device shuts down its radio and disassociates all client devices.
Note When configuring a universal workgroup bridge using AES-CCM TKIP, the non-root device should use only TKIP or AES-CCM TKIP as ciphers in order to associate to the root device. The non-root device will not associate with the root if it is configured only AES-CCM. This configuration results in a mismatch in the multicast cipher between the root and non-root devices.
Beginning in privileged EXEC mode, follow these steps to set the wireless device radio network role and fallback role:
Note When you enable the role in the radio network as a non root bridge or a workgroup bridge and enable the interface using the no shut command, the physical status and the software status of the interface will be up only if the device on the other end access point or bridge is up. Otherwise, only the physical status of the device will be up. The software status of the device comes up only when the device on the other end is configured and up.
Universal Workgroup Bridge Mode
When configuring the universal workgroup bridge role, you must include the client MAC address. The workgroup bridge will associate with this MAC address only if it is present in the bridge table and is not a static entry. If validation fails, the workgroup bridge associates with its BVI MAC address. In universal workgroup bridge mode, the workgroup bridge uses the Ethernet client MAC address to associate with Cisco or non-Cisco root devices. The universal workgroup bridge is transparent and is not managed.
Note The universal workgroup bridge role supports only one wired client.
You can enable a recovery mechanism and make the workgroup bridge manageable again by disabling the Ethernet client, causing the universal workgroup bridge to associate with an access point using its own BVI address.
The roaming keyword has been added to the interface command world-mode dot11d country-code country [indoor | outdoor | both] to support the “airline flying between different countries” scenario. The keyword causes the workgroup bridge to do passive scanning once it is deathenticated from a root access point. See the “Enabling and Disabling World Mode” section for more information on this command.
Point-to-point and Multi Point bridging support for 802.11n platforms
The point-to-point and point-to-multipoint bridging is supported on all 802.11n access points. The 5 GHz bands support 20- and 40-MHz and the 2.4-GHz bands support 20 MHz.
The following are supported on all 802.11n access points:
- MIMO, short-range bridging (on campus or inter-building bridge deployments), with dipole and MIMO antennas (line of sight and short range) under 1 Km.
- 20-MHz and 40-MHz 802.11n support.
- Workgroup bridge (WGB) short-range support.
- SISO (single-in, single-out), MCS 0-7 and legacy bridge rates (802.11 a/b/g and 802.11n) using one outdoor antenna.
Note The aforementioned support is only for short range links and is not a replacement for the AP 1400 or other Bridge products.
The following are not supported by AP models with internal antennas, in their bridging modes:
- The distance command. The distance command is supported only on access points that are approved for outdoor use.
- Outdoor MIMO bridging using external antennas.
Note In point-to-multipoint bridging, WGB is not recommended with the root bridge. WGB should be associated to the root AP in point-to-multipoint bridging setup.
Configuring Dual-Radio Fallback
The dual-radio fallback features allows you to configure access points so that if the non-root bridge link connecting the access point to the network infrastructure goes down, the root access point link through which a client connects to the access point shut down. Shutting down the root access point link causes the client to roam to another access point. Without this feature, the client remains connected to the access point, but will not be able to send or receive data from the network.
Figure 6-1 Dual-Radio Fallback
Note This feature is supported by all dual-radio access points.
This feature does not affect the fallback feature for single-radio access points.
Radio Tracking
You can configure the access point to track or monitor the status of one of its radios. It the tracked radio goes down or is disabled, the access point shuts down the other radio. If the tracked radio comes up, the access point enables the other radio.
Fast Ethernet Tracking
You can configure the access point for fallback when its Ethernet port is disabled or disconnected from the wired LAN. You configure the access point for fast Ethernet tracking as described in the “Configuring the Role in Radio Network”.
Note Fast Ethernet tracking does not support the Repeater mode.
- To configure non-802.11n access points for Fast Ethernet tracking, in the radio interfaces configuration mode enter the following command:
- To configure 802.11n access points for Gigabit Ethernet tracking, in the radio interfaces configuration mode enter the following command:
MAC-Address Tracking
You can configure the radio whose role is root access point to go up or down by tracking a non-root bridge or workgroup bridge, using its MAC address, on another radio. If the client disassociates from the access point, the root access point radio goes down. If the client reassociates to the access point, the root access point radio comes back up.
MAC-address tracking is most useful when the client is a non-root bridge access point connected to an upstream wired network.
For example, to track a a non-root bridge or workgroup bridge, having a MAC address 12:12:12:12:12:12, enter the following command:
Limiting Clients per Radio
You can set the number of clients allowed for association with an interface, using the command max-client 1-255, under the dot11 radio interface configuration. This setting is disabled by default. The minimum number of clients allowed is 1 and the maximum is 255.
Step 1 Go to Network > Network Interfaces.
Step 2 On the side menu, click Dot11 Radio 2.4 GHz or Dot11 Radio 5 GHZ depending on which radio interface you want to limit the clients.
Step 3 On the radio interface’s settings page, you can either enable or disable the Max-Client option.
Step 4 If you enable the Max-Client option, then in the text box provided alongside the Max-Client option, specify the number of clients allowed for association with the interface.
Configuring Radio Data Rates
You use the data rate settings to choose the data rates the wireless device uses for data transmission. The rates are expressed in megabits per second. The wireless device attempts to transmit at the highest data rate set on the CLI or GUI interfaces. If there are obstacles or interference, the wireless device steps down to the next lower rate that allows data transmission. You can set each data rate to one of three states:
- Basic (the GUI labels Basic rates as Required)—Allows transmission at this rate for all packets, both unicast and multicast. At least one of the wireless device's data rates must be set to Basic.
- Enabled—The wireless device transmits only unicast packets at this rate; multicast packets are sent at one of the data rates set to Basic.
- Disabled—The wireless device does not transmit data at this rate.
Note At least one data rate must be set to basic.
You can use the Data Rate settings to set an access point to serve client devices operating at specific data rates. To set the 2.4-GHz, 802.11g radio to serve only 802.11g client devices, set any Orthogonal Frequency Division Multiplexing (OFDM) data rate (6, 9, 12, 18, 24, 36, 48, 54) to Basic.
You can configure the wireless device to set the data rates automatically to optimize either the range or the throughput. When you enter range for the data rate setting, the wireless device sets the 1 Mbps rate to basic and the other rates to enabled. The range setting allows the access point to extend the coverage area by compromising on the data rate. Therefore, if you have a client that is not able to connect to the access point while other clients can, one reason may be because the client is not within the coverage area of the access point. In such a case using the range option will help in extending the coverage area and the client may be able to connect to the access point. Typically the trade-off is between throughput and range. When the signal degrades (possibly due to distance from the access point,) the rates will renegotiate down in order to maintain the link (but at a lower data rate). Contrast that against a link configured for a higher throughput that will simply drop when the signal degrades enough to no longer sustain a configured high data rate, or roam to another access point with sufficient coverage, if one is available. The balance between the two (throughput vs. range) is one of those design decisions that has to be made based on resources available to the wireless project, type of traffic the users will be passing, service level desired, and as always, the quality of the RF environment.When you enter throughput for the data rate setting, the wireless device sets all data rates to basic (i.e. 12 rates for 2.4 Ghz and 8 rates for 5 GHz).
Note When a wireless network has a mixed environment of 802.11b clients and 802.11g clients, make sure that data rates 1, 2, 5.5, and 11 Mbps are set to required (basic) and that all other data rates are set to enable. The 802.11b adapters do not recognize the 802.11g rates and do not operate if data rates higher than 11Mbps are set to require on the connecting access point.
Access Points Send Multicast and Management Frames at Highest Basic Rate
Access points running recent Cisco IOS versions are transmitting multicast and management frames at the highest configured basic rate, and is a situation that could causes reliability problems.
Access points running LWAPP or autonomous IOS should transmit multicast and management frames at the lowest configured basic rate. This is necessary in order to provide for good coverage at the cell's edge, especially for unacknowledged multicast transmissions where multicast wireless transmissions may fail to be received.
Since multicast frames are not retransmitted at the MAC layer, stations at the edge of the cell may fail to receive them successfully. If reliable reception is a goal, then multicasts should be transmitted at a low data rate. If support for high data rate multicasts is required, then it may be useful to shrink the cell size and to disable all lower data rates.
Depending on your specific requirements, you can take the following action:
- If you need to transmit the multicast data with the greatest reliability and if there is no need for great multicast bandwidth, then configure a single basic rate, one that is low enough to reach the edges of the wireless cells.
- If you need to transmit the multicast data at a certain data rate in order to achieve a certain throughput, then configure that rate as the highest basic rate. You can also set a lower basic rate for coverage of non-multicast clients.
Beginning in privileged EXEC mode, follow these steps to configure the radio data rates:
Use the no form of the speed command to remove one or more data rates from the configuration. This example shows how to remove data rates basic-2.0 and basic-5.5 from the configuration:
Configuring MCS Rates
Modulation Coding Scheme (MCS) is a specification of PHY parameters consisting of modulation order (BPSK, QPSK, 16-QAM, 64-QAM) and FEC code rate (1/2, 2/3, 3/4, 5/6). MCS is used in 802.11n radios, which define 32 symmetrical settings (8 per spatial stream):
MCS is an important setting because it provides for potentially greater throughput. High throughput data rates are a function of MCS, bandwidth, and guard interval. 802.11 a, b, and g radios use 20-MHz channel widths.
Tip For the latest information on the Data Rates based on MCS Index, Guard Interval (GI), and channel width, for you access point, refer to its Cisco Aironet (AP series name) Series Access Points Data Sheet on the Cisco.com site.
MCS rates are configured using the speed command. The following example shows a speed setting for an 802.11n 5-GHz radio:
Enabling 11ac MCS rates
MCS rates are configured using the speed command.
To enable 11ac rates, it is mandatory to have at least one basic rate and one 11n rate enabled.
The following example shows a speed setting for an 802.11ac 5-GHz radio:
Configuring Radio Transmit Power
Radio transmit power is based on the type of radio or radios installed in your access point and the regulatory domain in which it operates. To determine what transmit power is available for your access point and which regulatory domain it operates in, refer to the hardware installation guide for that device. hardware installation guides are available at cisco.com. Follow these steps to view and download them:
Step 1 Browse to http://www.cisco.com.
Step 2 Click Technical Support & Documentation. A small window appears containing a list of technical support links.
Step 3 Click Technical Support & Documentation. The Technical Support and Documentation page appears.
Step 4 In the Documentation & Tools section, choose Wireless. The Wireless Support Resources page appears.
Step 5 In the Wireless LAN Access section, choose the device you are working with. An introduction page for the device appears.
Step 6 In the Install and Upgrade section, choose Install and Upgrade Guides. The Install and Upgrade Guides page for the device appears.
Step 7 Choose the hardware installation guide for the device. The home page for the guide appears.
Step 8 In the left frame, click Channels and Antenna Settings.
Table 6-2 shows the relationship between mW and dBm.
Table 6-2 Translation between mW and dBm
|
|
||||||||||||||||||||||
|
|
Beginning in privileged EXEC mode, follow these steps to set the transmit power on access point radios:
Use the no form of the power command to return the power setting to maximum, the default setting.
Limiting the Power Level for Associated Client Devices
You can also limit the power level on client devices that associate to the wireless device. When a client device associates to the wireless device, the wireless device sends the maximum power level setting to the client.
Note Cisco AVVID documentation uses the term Dynamic Power Control (DTPC) to refer to limiting the power level on associated client devices.
Beginning in privileged EXEC mode, follow these steps to specify a maximum allowed power setting on all client devices that associate to the wireless device:
Use the no form of the client power command to disable the maximum power level for associated clients.
Note Aironet extensions must be enabled to limit the power level on associated client devices. Aironet extensions are enabled by default.
Configuring Radio Channel Settings
The default channel setting for the wireless device radios is least congested; at startup, the wireless device scans for and selects the least-congested channel. For the most consistent performance after a site survey, however, we recommend that you assign a static channel setting for each access point. The channel settings on the wireless device correspond to the frequencies available in your regulatory domain. See the access point hardware installation guide for the frequencies allowed in your domain.
Note In places where RF interference might be causing clients to occasionally get disconnected from the wireless network, setting the wireless interface to run on a different channel, such as channel 1 (2412), might avoid the interference.
Each 2.4-GHz channel covers 22 MHz. The channels 1, 6, and 11 do not overlap, so you can set up multiple access points in the same vicinity without causing interference. Both 802.11b and 802.11g 2.4-GHz radios use the same channels and frequencies.
The 5-GHz radio operates on 9 channels from 5180 to 55825 MHz on 802.11n APs, and on 8 channels from 5180 to 5805 on 1140 series APs. Each channel covers 20 MHz, and the bandwidth for the channels overlaps slightly. For best performance, use channels that are not adjacent (44 and 46, for example) for radios that are close to each other.
Note Too many access points in the same vicinity creates radio congestion that can reduce throughput. A careful site survey can determine the best placement of access points for maximum radio coverage and throughput.
Because they change frequently, channel settings are not included in this document. For up-to-date information on channel settings for your access point or bridge, see the Channels and Maximum Power Settings for Cisco Aironet Autonomous Access Points and Bridges. This document is available on cisco.com at the following URL:
http://cisco.com/en/US/products/ps6521/tsd_products_support_install_and_upgrade.html
Channel Widths for 802.11n
802.11n allows both 20-MHz and 40-Mhz channel widths consisting of 2 contiguous non-overlapping channels (for example, 5-GHz channels 36 and 40). 802.11n radios operate in the same band. However the channel widths can be independently configured.
One of the 20-MHz channels is called the control channel. Legacy clients and 20-MHz high throughput clients use the control channel. Beacons can only be sent on this channel. The second 20-MHz channel is called the extension channel. 40-MHz stations may use this channel and the control channel simultaneously.
A 40-MHz channel is specified as a channel and -1 as extension. So here, the control channel is channel 40-MHz and the extension channel is 36-Mhz below it.
Beginning in privileged EXEC mode, follow these steps to set the wireless device channel width:
|
|
|
|
|---|---|---|
Enter interface configuration mode for the radio interface. |
||
channel |
Set the default channel for the wireless device radio. To search for the least-congested channel on startup, enter least-congested. Use the width option to specify a bandwidth to use. This option is available on all 802.11n APs, but only for the d1 (5 GHz) radio. It has three settings: 20, 40-above, and 40-below. Choosing 20 sets the channel width to 20 MHz. Choosing 40-above sets the channel width to 40 Mhz with the extension channel above the control channel. Choosing 40-below sets the channel width to 40 MHz with the extension channel below the control channel. Note The channel command is disabled for 5-GHz radios that comply with European Union regulations on dynamic frequency selection (DFS). See the “Setting the 802.11n Guard Interval” section for more information. |
|
Dynamic Frequency Selection
Access points with 5-GHz radios configured at the factory for use in the United States, Europe, Singapore, Korea, Japan, Israel, and Taiwan now comply with regulations that require radio devices to use Dynamic Frequency Selection (DFS) to detect radar signals and avoid interfering with them. When an access points detects a radar on a certain channel, it avoids using that channel for 30 minutes. Radios configured for use in other regulatory domains do not use DFS.
When a DFS-enabled 5-GHz radio operates on one of the 15 channels listed in Table 6-3 , the access point automatically uses DFS to set the operating frequency. When DFS is enabled, the access point monitors its operating frequency for radar signals. If it detects radar signals on the channel, the access point takes these steps:
- Blocks new transmissions on the channel.
- Flushes the power-save client queues.
- Broadcasts an 802.11h channel-switch announcement.
- Disassociates remaining client devices.
- If participating in WDS, sends a DFS notification to the active WDS device that it is leaving the frequency.
- Randomly selects a different 5-GHz channel.
- If the channel selected is one of the channels in Table 6-3 , scans the new channel for radar signals for 60 seconds.
- If there are no radar signals on the new channel, enables beacons and accepts client associations.
- If participating in WDS, sends a DFS notification of its new operating frequency to the active WDS device.
Note You cannot manually select a channel for DFS-enabled 5-GHz radios in some regions, depending on the regulatory requirements. The access points randomly selects a channel in that case.
The full list of channels that require DFS is shown in Table 6-3 .
|
|
|
|
|
|
|
|---|---|---|---|---|---|
For autonomous operation, DFS requires random channel selection among the channels listed in Table 6-3 . The channels not listed in Table 6-3 do not require random selection and may be manually configured.
Channels requiring Dynamic Frequency Selection (DFS) may be manually selected from the 5 GHz radio configuration menu. To know the DFS channels, use the show controllers d1 command.
The GUI/CLI used to manually configure non-DFS channels can also be used to select DFS channels as well. The default channel selection is "DFS", which randomly selects a channel.
If radar is detected on a manually configured DFS channel, the channel will be changed automatically and will not return to the configured channel.
Prior to transmitting on any channels listed in Table 6-3 , the access point radio performs a Channel Availability Check (CAC). The CAC is a 60 second scan for the presence of radar signals on the channel. The following sample messages are displayed on the access point console showing the beginning and end of the CAC scan:
*Mar 6 07:37:30.423: %DOT11-6-DFS_SCAN_START: DFS: Scanning frequency 5500 MHz for 60 seconds
*Mar 6 07:37:30.385: %DOT11-6-DFS_SCAN_COMPLETE: DFS scan complete on frequency 5500 MHz
When operating on any of the DFS channels listed in Table 6-3 , having already performed the CAC, the access point constantly monitors the channel for radar. If radar is detected, the access point stops forwarding data packets within 200 ms and broadcasts five beacons that include an 802.11h channel switch announcement, indicating the channel number that the access point begins using. The following example message displays on the access point console when radar is detected:
*Mar 6 12:35:09.750: %DOT11-6-DFS_TRIGGERED: DFS: triggered on frequency 5500 MHz
When radar is detected on a channel, that channel may not be used for 30 minutes. The access point maintains a flag in non-volatile storage for each channel that it detects radar on in the last 30 minutes. After 30 minutes, the flag is cleared for the corresponding channel. If the access point is rebooted before a flag is cleared, the non-occupancy time is reset to 30 minutes when the channel initializes.
Note The maximum legal transmit power is greater for some 5-GHz channels than for others. When it randomly selects a 5-GHz channel on which power is restricted, the access point automatically reduces transmit power to comply with power limits for that channel.
Note We recommend that you use the world-mode dot11d country-code configuration interface command to configure a country code on DFS-enabled radios. The IEEE 802.11h protocol requires access points to include the country information element (IE) in beacons and probe responses. By default, however, the country code in the IE is blank. You use the world-mode command to populate the country code IE.
Radar Detection on a DFS Channel
If your AP is installed near a radar station, it may detect radar activity on multiple channels. By using the peakdetect command on interface dot11radio1, you can ensure that the AP will detect radar signals and avoid interfering with them using Dynamic Frequency Selection (DFS). By default this command is enabled.
However, in cases where you suspect that the APs are getting false DFS triggers due to in-band/off-channel weather radar signals that cannot be resolved using physical RF signal filters, you can set the AP to not detect radar signals. If you do not want the AP to detect radar signals, use the no peakdetect command on interface dot11radio1.
When an access point detects a radar on a DFS channel, the access point creates a file in its flash memory. The file is based on the 802.11a radio serial number and contains the channel numbers on which the radar is detected. This is an expected behavior and you should not remove this file.
CLI Commands
The following sections describe CLI commands that apply to DFS.
Confirming that DFS is Enabled
Use the show controllers dot11radio1 command to confirm that DFS is enabled. The command also includes indications that uniform spreading is required and channels that are in the non-occupancy period due to radar detection.
This example shows a line from the output for the show controller command for a channel on which DFS is enabled. The indications listed in the previous paragraph are shown in bold:
Configuring a Channel
Use the channel command to configure a channel. The command for the interface is modified to only allow you to select a specific channel number and to enable DFS.
The following example configures the 5 GHz radio to use DFS:
ap(config)# interface dot11radio1
ap(config-if)# channel dfs
ap(config-if)# end
Blocking Channels from DFS Selection
If your regulatory domain limits the channels that you can use in specific locations--for example, indoors or outdoors--you can block groups of channels to prevent the access point from selecting them when DFS is enabled. Use this configuration interface command to block groups of channels from DFS selection:
[no] dfs band [1] [2] [3] [4] block
The 1, 2, 3, and 4 options designate blocks of channels:
- 1—Specifies frequencies 5.150 to 5.250 GHz. This group of frequencies is also known as the UNII-1 band.
- 2—Specifies frequencies 5.250 to 5.350 GHz. This group of frequencies is also known as the UNII-2 band.
- 3—Specifies frequencies 5.470 to 5.725 GHz. This group of frequencies is also known as UNII-2 extended.
- 4—Specifies frequencies 5.725 to 5.825 GHz. This group of frequencies is also known as the UNII-3 band.
This example shows how to prevent the access point from selecting frequencies 5.150 to 5.350 GHz during DFS:
This example shows how to unblock frequencies 5.150 to 5.350 for DFS:
This example shows how to unblock all frequencies for DFS:
Setting the 802.11n Guard Interval
The 802.11n guard interval is the period in nanoseconds between packets. Two settings are available: short (400ns) and long (800ns).
Beginning in privileged EXEC mode, follow these steps to set the 802.11n guard interval.
|
|
|
|
|---|---|---|
Enter interface configuration mode for the radio interface. |
||
Enabling and Disabling World Mode
You can configure the wireless device to support 802.11d world mode, Cisco legacy world mode, or world mode roaming. When you enable world mode, the AP adds channel carrier set information to its beacon. Client devices with world mode enabled receive the carrier set information and adjust their settings automatically. For example, a client device used primarily in Japan could rely on world mode to adjust its channel and power settings automatically when it travels to Italy and joins a network there.
World mode is disabled by default.
Beginning in privileged EXEC mode, follow these steps to enable world mode:
Disabling and Enabling Short Radio Preambles
The radio preamble is a section of data at the head of a frame that helps the APs and clients to synchronize their communication. You can set the radio preamble to long or short:
- Short—A short preamble improves throughput performance. Cisco Aironet Wireless LAN Client Adapters support short preambles. Any 802.11b or 802.11g certified device supports short preambles. However, some client devices still require long preambles, even when they are 802.11b/g certified.
- Long—Long preambles are used by legacy 802.11 only devices, and some 802.11b/g devices that expect long preambles for optimal operations. If these client devices do not associate to the wireless devices, you should use short preambles.
You cannot configure short or long radio preambles on the 5-GHz radio.
Beginning in privileged EXEC mode, follow these steps to disable short radio preambles:
|
|
|
|
|---|---|---|
Enter interface configuration mode for the 2.4-GHz radio interface. |
||
Short preambles are enabled by default. Use the preamble-short command to enable short preambles if they are disabled.
Configuring Transmit and Receive Antennas
You can select the antenna the wireless device uses to receive and transmit data. There are three options for both the receive and the transmit antenna:
- Gain—Sets the resultant antenna gain in dB.
- Diversity—This default setting tells the wireless device to use the antenna that receives the best signal. If the wireless device has two fixed (non-removable) antennas, you should use this setting for both receive and transmit. If the device has three removable antennas, you can use this setting to have all of them operate in diversity mode
- Right—If the wireless device has removable antennas and you install a high-gain antenna on the wireless device's right connector, you should use this setting for both receive and transmit. When you look at the wireless device's back panel, the right antenna is on the right.
- Middle—If the wireless device has removable antennas and you install a high-gain antenna on the wireless device middle connector, you should use this setting for receiving only. The antennas available for transmitting in a three-antenna configuration are the right and left antennas.
- Left—If the wireless device has removable antennas and you install a high-gain antenna on the wireless device's left connector, you should use this setting for both receive and transmit. When you look at the wireless device's back panel, the left antenna is on the left.
This does not apply for dual antenna APs such as the 1600, 2600, and 3600 series. Please check the respective hardware guides for further information.
Beginning in privileged EXEC mode, follow these steps to select the antennas the wireless device uses to receive and transmit data:
Enabling and Disabling Gratuitous Probe Response
Gratuitous Probe Response (GPR) aids in conserving battery power in dual mode phones that support cellular and WLAN modes of operation. GPR is available on 5-Ghz radios and is disabled by default. You can configure two GPR settings:
- Period—This setting determines the time between GPR transmissions in Kusec (or milliseconds) intervals from 10 to 255 (similar to the beacon period)
- Speed—The speed is the data rate used to transmit the GPR
Selecting a longer period reduces the amount of RF bandwidth consumed by the GPR with the possibility of shorter battery life. Selecting higher transmission speeds also reduces the amount of bandwidth consumed but at the expense of a smaller cell size.
Beginning in privileged EXEC mode, follow these steps to enable GPR and set its parameters:
The optional parameters can be configured independently or combined when you do not want to use the defaults, as shown in the following examples:
Disabling and Enabling Aironet Extensions
By default, the wireless device uses Cisco Aironet 802.11 extensions to detect the capabilities of Cisco Aironet client devices and to support features that require specific interaction between the wireless device and associated client devices. Aironet extensions must be enabled to support these features:
- Load balancing—The wireless device uses Aironet extensions to direct client devices to an access point that provides the best connection to the network based on factors such as number of users, bit error rates, and signal strength.
- Message Integrity Check (MIC)—MIC is an additional WEP security feature that prevents attacks on encrypted packets called bit-flip attacks. The MIC, implemented on both the wireless device and all associated client devices, adds a few bytes to each packet to make the packets tamper-proof.
- Cisco Key Integrity Protocol (CKIP)—Cisco's WEP key permutation technique based on an early algorithm presented by the IEEE 802.11i security task group. The standards-based algorithm, TKIP, does not require Aironet extensions to be enabled.
- Repeater mode—Aironet extensions must be enabled on repeater access points and on the root access points to which they associate.
- World mode (legacy only)—Client devices with legacy world mode enabled receive carrier set information from the wireless device and adjust their settings automatically. Aironet extensions are not required for 802.11d world mode operation.
- Limiting the power level on associated client devices—When a client device associates to the wireless device, the wireless device sends the maximum allowed power level setting to the client.
Disabling Aironet extensions disables the features listed above, but it sometimes improves the ability of non-Cisco client devices to associate to the wireless device.
Aironet extensions are enabled by default. Beginning in privileged EXEC mode, follow these steps to disable Aironet extensions:
|
|
|
|
|---|---|---|
Enter interface configuration mode for the radio interface. The 2.4-GHz radio is radio 0, and the 5-GHz radio is radio 1. |
||
Use the dot11 extension aironet command to enable Aironet extensions if they are disabled.
Configuring the Ethernet Encapsulation Transformation Method
Frames contain a field that specifies the upper Layer protocol that should be used (such as IP, IPX, ARP, etc). This field is necessary at the receiver level to direct the frame properly in the receiver network stack.
There are two main techniques for protocol indication:
- EtherType—A 16 bit value that indicates the protocol carried in the frame. EtherType is used in Ethernet 2.0/DIX networks.
- LLC/SNAP—A 6 byte header that allows for an 802.2 link layer protocol indication. LLC/SNAP is used in 802.3 and 802.11 networks.
When the access point receives from the wired network frames that use EtherType information, it needs a mechanism to convert this EtherType information to SNAP/LLC information. There are two transformation methods:
- 802.1H—This method provides good performance for Cisco Aironet wireless products.
- RFC 1042—Use this setting to ensure good interoperability with non-Cisco Aironet wireless equipment. RFC 1042 is used by other manufacturers of wireless equipment and is the default setting. This is the default setting.
Beginning in privileged EXEC mode, follow these steps to configure the encapsulation transformation method:
Enabling and Disabling Reliable Multicast to Workgroup Bridges
The Reliable multicast messages from the access point to workgroup bridges setting limits reliable delivery of multicast messages to up to 20 Cisco Aironet Workgroup Bridges that are associated to the AP. The default setting, disabled, reduces the reliability of multicast delivery but allows more workgroup bridges to associate to the wireless device.
Access points and bridges normally treat workgroup bridges not as client devices but as infrastructure devices, like access points or bridges. Treating a workgroup bridge as an infrastructure device means that the wireless device reliably delivers multicast packets and some broadcast packets, including Address Resolution Protocol (ARP) packets, to the workgroup bridge.
The AP sends multicast frames to a multicast address, and then again sends the multicast frames to the workgroup bridge, encapsulated in a unicast frame, that is acknowledged by the workgroup bridge. This verification mechanism creates wireless overhead, and reduces the throughput on the access point.
The performance cost of reliable multicast delivery—duplication of each multicast packet sent to each workgroup bridge—limits the number of infrastructure devices, including workgroup bridges, that can associate to the wireless device. To increase beyond 20 the number of workgroup bridges that can maintain a radio link to the wireless device, the wireless device must reduce the delivery reliability of multicast packets to workgroup bridges. With reduced reliability, the wireless device cannot confirm whether multicast packets reach the intended workgroup bridge, so workgroup bridges at the edge of the wireless device's coverage area might lose IP connectivity. When you treat workgroup bridges as client devices, you increase performance but reduce reliability.
Note This feature is best suited for use with stationary workgroup bridges. Mobile workgroup bridges might encounter spots in the wireless device's coverage area where they do not receive multicast packets and lose communication with the wireless device even though they are still associated to it.
A Cisco Aironet Workgroup Bridge provides a wireless LAN connection for up to eight Ethernet-enabled devices.
Beginning in privileged EXEC mode, follow these steps to configure the encapsulation transformation method:
Note To configure reliable multicast forwarding, this configuration should be done on the AP, and not on the workgroup bridge.
|
|
|
|
|---|---|---|
Enter interface configuration mode for the 2.4-GHz radio interface. |
||
Use the no form of the command to disable reliable multicast messages to workgroup bridges.
The workgroup bridge will start receiving the multicast frame and then the unicast copy of the same frame, which results in duplication of frames at the receiver level and is therefore inefficient.
To configure the workgroup bridge to consider only the multicast frame or the unicast copy at the workgroup bridge radio level, use the following commands:
For example, the following command uses infrastructure at the workgroup bridge level:
Enabling and Disabling Public Secure Packet Forwarding
Public Secure Packet Forwarding (PSPF) prevents client devices associated to an access point from inadvertently sharing files or communicating with other client devices associated to the access point. It provides Internet access to client devices without providing other capabilities of a LAN. This feature is useful for public wireless networks like those installed in airports or on college campuses.
Note To prevent communication between clients associated to different access points, you must set up protected ports on the switch to which the wireless devices are connected. See the “Configuring Protected Ports” section for instructions on setting up protected ports.
To enable and disable PSPF using CLI commands on the wireless device, you use bridge groups. You can find a detailed explanation of bridge groups and instructions for implementing them in this document:
- Cisco IOS Bridging and IBM Networking Configuration Guide, Release 12.2. Click this link to browse to the Configuring Transparent Bridging chapter: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fibm_c/bcfpart1/bcftb.htm
You can also enable and disable PSPF using the web-browser interface. The PSPF setting is on the Radio Settings pages.
PSPF is disabled by default. Beginning in privileged EXEC mode, follow these steps to enable PSPF:
|
|
|
|
|---|---|---|
Enter interface configuration mode for the radio interface. The 2.4-GHz radio is radio 0, and the 5-GHz radio is radio 1. |
||
Use the no form of the command to disable PSPF.
Configuring Protected Ports
To prevent communication between client devices associated with different access points on your wireless LAN, you can set up protected ports on the switch to which the wireless devices are connected. Alternatively, you should isolate ports on the same switch that leads to APs between which you do not want communication to occur.
Beginning in privileged EXEC mode, follow these steps to define a port on your switch as a protected port:
|
|
|
|
|---|---|---|
Enter interface configuration mode, and enter the type and number of the switchport interface to configure, such as gigabitethernet0/1. |
||
To disable protected port, use the no switchport protected interface configuration command. This command is only valid at an individual switch level. It does not isolate APs connected to different switches. You can use this command on ports to all APs on a given switch among which you do not want communication to occur. Alternatively, you can use private VLAN configuration for the AP.
Note When using wireless domain services (WDS), make sure not to block communication between the APs and their WDS.
For detailed information on configuring private VLANs and on protected ports and port blocking, see the Catalyst 3750 Software Configuration Guide, at the following URL:
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750/software/release/12-2_55_se/configuration/guide/scg3750.html
Configuring the Beacon Period and the DTIM
The beacon period is the amount of time between access point beacons in Kilomicroseconds. One Kµsec equals 1,024 microseconds. The Data Beacon Rate, always a multiple of the beacon period, determines how often the beacon contains a delivery traffic indication message (DTIM). The DTIM tells power-save client devices that a packet is waiting for them.
For example, if the beacon period is set at 100, its default setting, and the DTIM is set at 2, its default setting, then the AP sends a beacon containing a DTIM every 2 beacons, or every 200 Kµsec, or every 200 ms. One Kµsec equals 1,024 microseconds.
The default beacon period is 100, and the default DTIM is 2. Beginning in privileged EXEC mode, follow these steps to configure the beacon period and the DTIM:
Configure RTS Threshold and Retries
The RTS threshold determines the packet size at which the wireless device issues a request to send (RTS) before sending the packet. A low RTS Threshold setting can be useful in areas where many client devices are associating with the wireless device, or in areas where the clients are far apart and can detect only the wireless device and not each other. You can enter a setting ranging from 0 to 23472347 bytes.
Maximum RTS retries is the maximum number of times the wireless device issues an RTS before stopping the attempt to send the packet over the radio. Enter a value from 1 to 128.
The default RTS threshold is 2347 for all access points and bridges, and the default maximum RTS retries setting is 3264. Beginning in privileged EXEC mode, follow these steps to configure the RTS threshold and maximum RTS retries:
|
|
|
|
|---|---|---|
Enter interface configuration mode for the radio interface. |
||
Set the RTS threshold. Enter an RTS threshold from 0 to 23472347. |
||
Use the no form of the command to reset the RTS settings to defaults.
Configuring the Maximum Data Packet Retries
The maximum data retries setting determines the number of attempts the wireless device makes to send a packet before giving up and dropping the packet.
The default setting is 32. Beginning in privileged EXEC mode, follow these steps to configure the maximum data retries:
Use the no form of the command to reset the setting to defaults.
Configuring the Fragmentation Threshold
The fragmentation threshold determines the size at which packets are fragmented (sent as several pieces instead of as one block). Use a low setting in areas where communication is poor or where there is a great deal of radio interference.
The default setting is 23382346 bytes. Beginning in privileged EXEC mode, follow these steps to configure the fragmentation threshold:
Use the no form of the command to reset the setting to defaults.
Enabling Short Slot Time for 802.11g Radios
You can increase throughput on the 802.11g, 2.4-GHz radio by enabling short slot time. Reducing the slot time from the standard 20 microseconds to the 9-microsecond short slot time decreases the overall backoff, which increases throughput. Backoff, which is a multiple of the slot time, is the random length of time that a station waits before sending a packet on the LAN.
Many 802.11g radios support short slot time, but some do not. When you enable short slot time, the wireless device uses the short slot time only when all clients associated to the 802.11g, 2.4-GHz radio support short slot time.
Short slot time is supported only on the 802.11g, 2.4-GHz radio. Short-slot time is not supported by 802.11b clients. If you enable short slot time, 802.11b clients will not be able to join or communicate with the AP radio. Short slot time is disabled by default.
In radio interface mode, enter this command to enable short slot time:
Performing a Carrier Busy Test
You can perform a carrier busy test to check the radio activity on wireless channels. During the carrier busy test, the wireless device drops all associations with wireless networking devices for 4 seconds while it conducts the carrier test and then displays the test results.
In privileged EXEC mode, enter this command to perform a carrier busy test:
For interface-number, enter dot11radio 0 to run the test on the 2.4-GHz radio, or enter dot11radio 1 to run the test on the 5-GHz radio.
Note The interface must be enabled for the carrier busy test to be performed.
Use the show dot11 carrier busy command to re-display the carrier busy test results.
Configuring VoIP Packet Handling
You can improve the quality of VoIP packet handling per radio on access points by enhancing 802.11 MAC behavior for lower latency for Wireless class of service 5 (Video) and wireless class of service 6 (Voice).
Follow these steps to configure VoIP packet handling on an access point:
Step 1 Using a browser, log in to the access point.
Step 2 Click Services in the task menu at the top of the web-browser interface.
Step 3 In the left menu, click Stream.
Step 4 Click the tab for the radio to configure.
Step 5 For both CoS 5 (Video) and CoS 6 (Voice) user priorities, choose Low Latency from the Packet Handling drop-down list and enter a value for maximum retries for packet discard in the corresponding field. Packets in other queues are dequeued, giving delay-sensitive data preferential treatment over other traffic.
The default value for maximum retries is 3 for the Low Latency setting (Figure 6-2). This value indicates how many times the access point will try to resend a lost packet before discarding it.
Note You may also configure the CoS 4 (Controlled Load) user priority and its maximum retries value.
Figure 6-2 Packet Handling Configuration
You can also configure VoIP packet handling using the CLI. For a list of Cisco IOS commands for configuring VoIP packet handling using the CLI, consult the Cisco IOS Command Reference for Cisco Aironet Access Points and Bridges.
Once you have defined the retry level, you can also configure the speed at which those frames should be sent. This is done at the bottom of the page, in the Low Latency Packet Rates section. You can set each rate to:
- Nominal—The AP will try to use this rate to send the Low Latency Packets (using the faster rate first, and of course depending on the client signal level).
- Non-nominal—The AP will try not to use that rate, but will revert to it if no nominal rate is possible.
- Disabled—The AP will not try to use that rate.
From the CLI, use radio interface config commands as follows (The CLI commands offer more options than the GUI page):
packet max-retries number 1 number 2 fail-threshold number 3 number 4 priority value drop-packet
- Number 1—Defines the number of times the AP should try to resend a packet that was not received properly (not acknowledged), for a given priority level. Once number 1 is reached, the AP drops the packet and tries to send the next one (to the same recipient).
- Number 3—Determines how many consecutive packets (sent to one recipient) can fail before the AP decides that its fail-rate exceeds an acceptable threshold.
- Number 2—Once the fail-threshold is exceeded, the AP may still resend failed packets, but with a different number of attempts than before the threshold is exceeded. This is number 2. For example, you can decide initially to resend each packet 3 times (number 1). Then, if your AP fails to send a certain number of consecutive packets (for example 100, as number 3), you can decide that conditions are degraded, and that your AP should only try to resend each following packet once (which is number 2).
- Number 4—Determines how many more consecutive packets the AP should try to resend with number 2 retries before de-associating the target client.
ap(config-if)# packet max-retries 3 0 fail-threshold 100 500 priority 6 drop-packet
In this example, the AP tries to resend each packet of priority level 6 three times (number one = 3). If more than 100 consecutive packets (number three = 100) fail to the same destination, the AP sends each consecutive packet to that destination only once (number two = 0). If 500 more packets (number four = 500) fail to that same destination, the AP disconnects that client.
When using the GUI, number one is defined manually (default is 3). Number 2 defaults to 0, number 3 defaults to 100 and number 4 defaults to 500. These numbers can then be changed from the CLI.
Low latency Packet rates can also be defined at the interface level, using the following command which defines the nominal rates and the allowed rates to use:
traffic-stream priority value sta-rates {[nominal rates] | [rates]}
For the voice queue (UP 6 specifically), you can also use the interface command packet speed to determine the rates allowed to use to send packets in the voice queue:
packet speed 5.5 11.0 6.0 9.0 12.0 24.0 priority 6
Notice that the packet speed command focuses on defining the allowed rates, while the command traffic-stream priority also defines the preferred rates among the allowed rates. If you use both commands for the voice queue, the rates defined as nominal in the traffic stream priority command are tried first, then non nominal rates and packet speed rates are attempted.
Configuring ClientLink
Cisco ClientLink (referred to as Beam Forming) is an intelligent beamforming technology that directs the RF signal to 802.11a/g devices to improve performance by 65%, improve coverage by up to 27% percent, and reduce coverage holes.
Cisco ClientLink helps extend the useful life of existing 802.11a/g devices in mixed-client networks and 802.11n clients supporting only one traffic stream. It is beneficial for organizations that move to 802.11n and want to ensure that all clients on the network, regardless of type, are guaranteed the bandwidth and throughput they need.
Note CLientLink Ver 1 supports 802.11 a/g devices and ClientLink Ver 2 supports 802.11 a/g devices and 802.11n devices with one spatial stream.
Note ClientLink is not supported on the 1040, 702 series access points.
Using the CLI to Configure ClientLink
To enable ClientLink, enter this CLI command in interface configuration mode on 802.11n radio interfaces:
Note Currently the ClientLink configuration option is not available through GUI.
To determine the threshold from which you start doing ClientLink, use the following command:
ap(config-if)# beamform rssi 30to128-rssi-threshold-in-dBm
ClientLink is disabled by default. Additional details can be found on cisco.com at the following URL: http://www.cisco.com/en/US/prod/collateral/wireless/ps5678/ps10092/white_paper_c11-516389.html
Debugging Radio Functions
Use the debug dot11 privileged EXEC command to begin debugging of radio functions. Use the no form of this command to stop the debug operation. The command syntax is:
The syntax is described in Table 6-4 .
Table 6-4 Syntax for debug dot11 Command
This example shows how to begin debugging of all radio-related events:
This example shows how to begin debugging of radio packets:
This example shows how to begin debugging of the radio system log:
This example shows how to stop debugging of all radio related events:
Note Debugging not enabled is the default of the command.
802.11r Configuration
802.11r enables fast roaming across access point in the same subnet using Wireless Domain Service. When you enable 802.11r, a Mobility Domain Information Element (MDIE) is advertised in the AP beacons. The same MDIE is announced by all APs associated to the same WDS. The last 2 bytes of the WDS BVI IP address (IPv4 or Ipv6) is used as MDIE. 802.11r compatible clients use this MDIE to identify APs belonging to the same domain and between which fast roaming is possible.
For a client to move from its current AP to a target AP utilizing the FT protocols, the message exchanges are performed using one of two methods:
- Over-the-Air—The client communicates directly with the target AP using IEEE 802.11 authentication with the FT authentication algorithm. To set this, use the command:
ap(config-if)#dot11 dot11r pre-authentication over-air - Over-the-DS—The client communicates with the target AP via the current AP. The communication between the client and the target AP is carried in FT action frames between the client and the current AP, and is then sent through the WDS to the target AP. To set this, use the command:
ap(config-if)#dot11 dot11r pre-authentication over-ds
On an AP radio, you can enable 802.11r support, and decide if roaming dialog should occur over the air (default) or over the DS, and also configure the maximum time allowed for a client to complete the roaming transaction. The maximum time allowed for a client to complete the roaming transaction is called Re-association Timer. This timer allows you to add security to your network by preventing attackers from opening many 802.11r transactions without completing any of them, which can overload the AP. You can set this timer using the following command:
ap(config-if)#dot11 dot11r reassociation-time value 20to1200-timeout-value-in-milli-seconds
Note Test 802.11r before implementing it into your network. Some non-802.11r clients do not support 802.11r MDIE and do not operate well in 802.11r environments.
Setting Traffic Rate Limits for an SSID and Radio Interface
To limit the bandwidth usage by wireless client devices, you can limit the traffic rate to and from wireless client devices. This rate limiting feature can be:
- Configured for each SSID and can be applied on one or both radio interfaces
- Applied only to TCP/UDP on IPv4. Not supported for IPv6 traffic.
- Applied to both input (ingress) and output (egress) traffic on a radio interface
The rate limiting feature is available for VLANs. If you have more than one SSID configured on the same interface, then you cannot configure rate limits without having VLANs.
For information on configuring multiple SSIDs, see Chapter 7, “Configuring Multiple SSIDs”.
For information on VLANs, see Chapter 14, “Configuring VLANs”.
As part of Quality of Service (QoS) feature, a rate limiting feature which limits the input or output transmission rate of a class of traffic based on user-defined criteria is present. See Chapter 15, “Configuring QoS”, for more information on that.
Configuring Rate Limits
To configure the rate limits, use the command rate-limit {tcp | udp} {input | output} data-rate rate burst-size size, where;
- Date-rate is the average rate of data transmission, specified in Kilobits/sec.
- Burst-size is the total data that can be transmitted before the traffic is throttled. It is specified in Kilobits.
These parameters are converted and limited to the nearest multiple of 8, whereby data-rate is converted to KiloBytes/sec and burst-size is converted to Bytes, and then are considered for rate limiting.
To understand how these parameters work, follow this example. Consider the average data rate as 10 Bytes/sec and the burst-size as 20 Bytes. Then the rate limit applied here is such that in a duration of 2 seconds (calculated as Burst-size/Average Rate) the total data transmission is not allowed to exceed 20 Bytes. This also allows for more data to be transmitted per second as long the average data-rate does not exceed 10 Bytes/sec.
To configure via the GUI, go to Security > SSID Manager. Under the Rate Limit Parameters section, you can limit input or output traffic for TCP or UDP, as required. You can also specify the rate and burst-size in each case.
Viewing the Rate Limit Statistics
To view the statistics of rate limits, for each ssid configured on a given interface, use the command show interface dot11radio {0 | 1} qos-info
To clear the statistics counters, use the command clear counters dot11Radio {0 | 1}
To view the rate limit statistics via the GUI, go to Network > Network Interface > Radio0-802.11N 2.4GHz or Radio1-802.11N 5GHz. To clear the statistics, click Clear.
Feedback