- Preface
- Chapter 1 - Overview
- Chapter 2 - Using the Web-Browser and CLI Interfaces
- Chapter 3 - Configuring Ports and Interfaces
- Chapter 4 - Configuring Controller Settings
- Chapter 5 - Configuring Security Solutions
- Chapter 6 - Configuring WLANs
- Chapter 7 - Controlling Lightweight Access Points
- Chapter 8 - Controlling Mesh Access Points
- Chapter 9 - Managing Controller Software and Configurations
- Chapter 10 - Managing User Accounts
- Chapter 11 - Configuring Radio Resource Management
- Chapter 12 - Configuring Mobility Groups
- Chapter 13 - Configuring Hybrid REAP
- Appendix A - Safety Considerations and Translated Safety Warnings
- Appendix B - Declarations of Conformity and Regulatory Information
- Appendix C - End User License and Warranty
- Appendix D - Troubleshooting
- Appendix E - Logical Connectivity Diagrams
- Index
- Adding MAC Addresses of Mesh Access Points to the Controller Filter List
- Configuring External Authentication and Authorization Using a RADIUS Server
- Configuring the AP Mode
- Defining the Mesh Access Point Role
- Antennas and Channel Assignment on the AP1524SB
- Configuring Global Mesh Parameters
- Configuring Local Mesh Parameters
- Client Roaming
- Configuring Ethernet Bridging and Ethernet VLAN Tagging
Controlling Mesh Access Points
This chapter describes Cisco indoor and outdoor mesh access points and explains how to connect them to the controller and manage access point settings. It contains these sections:
- Cisco Aironet Mesh Access Points
- Architecture Overview
- Adding Mesh Access Points to the Mesh Network
- Configuring Advanced Features
- Viewing Mesh Statistics and Reports
- Converting Indoor Access Points to Mesh Access Points (1130AG, 1240AG)
- Changing MAP and RAP Roles for Indoor Mesh Access Points (1130AG, 1240AG)
- Converting Indoor Mesh Access Points to Non-Mesh Lightweight Access Points (1130AG, 1240AG)
- Configuring Mesh Access Points to Operate with Cisco 3200 Series Mobile Access Routers
Cisco Aironet Mesh Access Points
Controller software release 6.0 supports these Cisco Aironet mesh access points:
- Cisco Aironet 1520 series outdoor mesh access points consist of the 1522 dual-radio mesh access point and the 1524PS/1524SB multi-radio mesh access point.
Note Refer to the Cisco Aironet 1520 Series Outdoor Mesh Access Point Hardware Installation Guide for details on the physical installation and initial configuration of the mesh access points at the following link:
http://www.cisco.com/c/en/us/support/wireless/aironet-1520-series/tsd-products-support-series-home.html
Note AP1130 and AP1240 must be converted to operate as indoor mesh access points. Refer to the “Converting Indoor Access Points to Mesh Access Points (1130AG, 1240AG)” section.
Note All features discussed in this chapter apply to indoor (1130, 1240) and outdoor mesh access points (1522, 1524PS/1524SB) unless noted otherwise. Mesh access point or MAP is hereafter used to address both indoor and outdoor mesh access points.
Note Cisco Aironet 1505 and 1510 access points are not supported in this release.
Note Refer to the Release Notes for Cisco Wireless LAN Controllers and Mesh Access Points for Release 6.0 for mesh feature summary, operating notes and software upgrade steps for migrating from 4.1.19x.xx mesh releases to controller release 6.0 at:
http://www.cisco.com/c/en/us/support/wireless/4400-series-wireless-lan-controllers/products-release-notes-list.html
Licensing for Indoor Mesh Access Points on a 5500 Series Controller
In order to use indoor mesh access points with a 5500 series controller, a wplus license must be used on the controller. If an indoor mesh access point attempts to join a controller that is using only a base license (and not the wplus license), the following message appears in the controller trap log: “License Not Available for feature: IndoorMeshAP.” To view the controller trap log, choose Monitor and click View All under “Most Recent Traps” on the controller GUI.
Refer to the Configuring Controller Settings chapter for information on obtaining and installing licenses.
Note Outdoor mesh access points do not require a wplus license.
Note Other controller platforms (such as the 2100 and 4400 series controllers) also require a license for use with indoor mesh access points.
Note The wplus license is not applicable for controller release 6.0.196.0 and above.
Access Point Roles
Access points within a mesh network operate as either a root access point (RAP) or a mesh access point (MAP).
RAPs have wired connections to their controller, and MAPs have wireless connections to their controller.
MAPs communicate among themselves and back to the RAP using wireless connections over the 802.11a radio backhaul. MAPs use the Cisco Adaptive Wireless Path Protocol (AWPP) to determine the best path through the other mesh access points to the controller.
All the possible paths between the MAPs and RAPs form the wireless mesh network.
Network Access
Wireless mesh networks can simultaneously carry two different traffic types: wireless LAN client traffic and MAP Ethernet port traffic.
Wireless LAN client traffic terminates on the controller, and the Ethernet traffic terminates on the Ethernet ports of the mesh access points.
Access to the wireless LAN mesh for mesh access points is managed by:
- MAC authentication–Mesh access points are added to a reference-able database to ensure they are allowed access to a given controller and the mesh network. Refer to “Adding Mesh Access Points to the Mesh Network” section.
- External RADIUS authentication–Mesh access points can be externally authorized and using a RADIUS server such as Cisco ACS (4.1 and later) that supports the client authentication type of EAP-FAST with certificates. Refer to the “Configuring RADIUS Servers” section.
Network Segmentation
Membership to the wireless LAN mesh network for mesh access points is controlled by:
- Bridge group name–Mesh access points can be placed in like bridge groups to manage membership or provide network segmentation. Refer to “Using the GUI to Configure Antenna Gain” section.
Cisco Wireless Mesh Network
In a Cisco wireless outdoor mesh network, multiple mesh access points comprise a network that provides secure, scalable outdoor wireless LANs. Figure 8-1 shows an example mesh deployment.
Figure 8-1 Wireless Mesh Deployment
Wireless Backhaul
Mesh access points can provide a simple wireless backhaul solution, which provides 802.11b/g services to wireless LAN and wired clients. This configuration is basically a wireless mesh with one MAP. Figure 8-2 shows an example of this deployment type.
Figure 8-2 Wireless Backhaul Deployment
Point-to-Point Wireless Bridging
Mesh access points can support a point-to-point bridging application. In this deployment, mesh access points extend a Layer 2 network by using the backhaul radio to bridge two segments of a switched network (see Figure 8-3). This is fundamentally a wireless mesh network with one MAP and no wireless LAN clients.
Client access can be provided with Ethernet bridging enabled, although if bridging between buildings, MAP coverage from a high rooftop might not be suitable for client access.
If you intend to use an Ethernet bridged application, you must enable the bridging feature on the RAP and on all MAPs in that segment. Also verify that any attached switches to the Ethernet ports of your MAPs are not using VLAN Trunking Protocol (VTP). VTP can reconfigure the trunked VLANs across your mesh and possibly cause a loss in connection for your RAP to its primary WLC. If improperly configured, it can take down your mesh deployment.
Figure 8-3 Wireless Point-to-Point Bridge Deployment
Point-to-Multipoint Wireless Bridging
Mesh access points support point-to-multipoint bridging applications. Specifically, a RAP acting as a root bridge connects to multiple MAPs as non-root bridges with their associated wired LANs. By default, bridging is disabled for all MAPs. If Ethernet bridging is used, you must enable it on the controller for the respective MAP and for the RAP. Refer to the “Configuring Ethernet Bridging and Ethernet VLAN Tagging” section for configuration details.
Figure 8-4 shows a simple point-to-multipoint deployment with one RAP and two MAPs. This configuration is fundamentally a wireless mesh network with no wireless LAN clients. Client access can be provided with Ethernet bridging enabled; however, if bridging between buildings, MAP coverage from a high rooftop might not be suitable for client access.
Figure 8-4 Wireless Point-to-Multipoint Bridge Deployment
Architecture Overview
CAPWAP
CAPWAP is the provisioning and control protocol used by the controller to manage access points (mesh and non-mesh) in the network. This protocol replaces LWAPP in controller software release 5.2 or later.
Cisco Adaptive Wireless Path Protocol Wireless Mesh Routing
The Cisco Adaptive Wireless Path Protocol (AWPP) is designed specifically for wireless mesh networking. The path decisions of AWPP are based on link quality and the number of hops.
Ease of deployment, fast convergence, and minimal resource consumption are also key components of AWPP.
The goal of AWPP is to find the best path back to a RAP for each MAP that is part of the RAP’s bridge group. To do this, the MAP actively solicits for neighbor MAPs. During the solicitation, the MAP learns all of the available neighbors back to a RAP, determines which neighbor offers the best path, and then synchronizes with that neighbor.
Mesh Neighbors, Parents, and Children
Relationships among access points with the mesh network are labelled as parent, child, or neighbor (see Figure 8-5).
- A parent access point offers the best route back to the RAP based on its ease values. A parent can be either the RAP itself or another MAP.
– Ease is calculated using the SNR and link hop value of each neighbor. Given multiple choices, generally an access point with a higher ease value is selected.
- A child access point selects the parent access point as its best route back to the RAP.
- A neighbor access point is within the radio frequency (RF) range of another access point but is not selected as its parent or a child because its ease values are lower than that of the parent.
Figure 8-5 Parent, Child and Neighbor Access Points
Wireless Mesh Constraints
Here are a few system characteristics to consider when designing and building a wireless mesh network. Some of these apply to the backhaul network design and others to the CAPWAP controller design:
When the bridge data rate is set to auto , the mesh backhaul chooses the highest rate where the next higher rate cannot be used due to unsuitable conditions for that specific rate (and not because of conditions that affect all rates).
– Typically, 24 Mbps is chosen as the optimal backhaul rate because it corresponds with the maximum coverage of the WLAN portion of the client WLAN of the MAP; that is, the distance between MAPs using 24 Mbps backhaul should allow for seamless WLAN client coverage between the MAPs.
– A lower bit rate might allow a greater distance between mesh access points, but there are likely to be gaps in the WLAN client coverage, and the capacity of the backhaul network is reduced.
– An increased bit rate for the backhaul network either requires more mesh access points or results in a reduced SNR between mesh access points, limiting mesh reliability and interconnection.
– The wireless mesh backhaul bit rate is set on the access point.
Note To set backhaul bit rate for each access point, choose WIRELESS > Access Points > All APs, then click an AP name and click the Mesh tab.
– The required minimum LinkSNR for backhaul links per data rate is shown in Table 8-1 .
- The required minimum LinkSNR is driven by the data rate and the following formula: Minimum SNR + fade margin. Table 8-2 summarizes the calculation by data rate.
– Minimum SNR refers to an ideal state of non-interference, non-noise and a system packet error rate (PER) of no more than 10%
– Typical fade margin is approximately 9 to 10 dB
– We do not recommend using data rates greater than 24 Mbps in municipal mesh deployments as the SNR requirements do not make the distances practical
The number of hops is recommended to be limited to three–four primarily to maintain sufficient backhaul throughput, because each mesh AP uses the same radio for transmission and reception of backhaul traffic. This means that throughput is approximately halved over every hop. For example, the maximum throughput for 24 Mbps is approximately 14 Mbps for the first hop, 9 Mbps for the second hop, and 4 Mbps for the third hop.
There is no current software limitation of how many MAPs per RAP you can configure. However, it is suggested that you limit this to 20 MAPs per RAP.
The number of controllers per mobility group is limited to 72.
- Number of mesh access points supported per controller (see Table 8-3 ).
Adding Mesh Access Points to the Mesh Network
This section assumes that the controller is already active in the network and is operating in Layer 3 mode. Layer 3 mode is recommended for large deployments.
Before adding a mesh access point to a network, do the following:
1. Add the MAC address of the MAP to the controller’s MAC filter. See the “Adding MAC Addresses of Mesh Access Points to the Controller Filter List” section.
– To configure external authentication of MAC addresses using an external RADIUS server, see the “Configuring External Authentication and Authorization Using a RADIUS Server” section.
2. Configure the DCA channels for the mesh access points. See the “Using the GUI to Configure Dynamic Channel Assignment” section for details.
3. Configure the AP mode for the mesh access point. See the “Configuring the AP Mode” section.
Note This procedure is not required for 1520 series access points. The default mode for 1520 series access points is Bridge.
4. Define the role (RAP or MAP) for the mesh access point. See the “Defining the Mesh Access Point Role” section.
5. Configure the channel assignment on the RAP for serial backhaul (if desired). See the “Antennas and Channel Assignment on the AP1524SB” section.
6. Configure a primary, secondary, and tertiary controller for each MAP. See the “Verifying that Access Points Join the Controller” and “Configuring Backup Controllers” sections in Chapter 7.
7. Configure global mesh parameters. See the “Configuring Global Mesh Parameters” section.
8. Configure bridging parameters. See the “Configuring Ethernet Bridging and Ethernet VLAN Tagging” section.
a. Configure Bridge Group Names.
b. Assign IP addresses to MAPs unless using DHCP.
If using DHCP, configure Option 43 and Option 60. Refer to the Cisco Aironet 1520 Series Outdoor Mesh Access Point Hardware Installation Guide.
9. Configure mobility groups (if desired) and assign controllers. See the Chapter12, “Configuring Mobility Groups”
10. Configure advanced features such as using voice and video in the network. See the “Configuring Advanced Features” section.
Adding MAC Addresses of Mesh Access Points to the Controller Filter List
You must enter the MAC address for all mesh access points that you want to use in the mesh network into the appropriate controller. A controller only responds to discovery requests from outdoor radios that appear in its authorization list. MAC filtering is enabled by default on the controller, so only the MAC addressed need be configured.
You can add the access point using either the GUI or the CLI.
Note You can also download the list of access point MAC addresses and push them to the controller using the Cisco Wireless Control System (WCS). Refer to the Cisco Wireless Control System Configuration Guide, Release 6.0 for instructions.
Using the GUI to Add MAC Addresses of Mesh Access Points to the Controller Filter List
Using the controller GUI, follow these steps to add a MAC filter entry for the access point on the controller.
Step 1 Click Security > AAA > MAC Filtering to open the MAC Filtering page (see Figure 8-6).
Step 2 Click New to open the MAC Filters > New page (see Figure 8-7).
Figure 8-7 MAC Filters > New Page
Step 3 In the MAC Address field, enter the MAC address of the mesh access point.
Note For 1522 and 1524PS/1524SB outdoor mesh access points, enter the BVI MAC address of the mesh access point into the controller as a MAC filter. For 1130 and 1240 indoor mesh access points, enter the Ethernet MAC address. If the required MAC address does not appear on the exterior of the mesh access point, enter the following command from the access point console to determine the BVI and Ethernet MAC addresses: sh int | i Hardware.
Step 4 From the Profile Name drop-down box, choose Any WLAN .
Step 5 In the Description field, enter a description of the access point. The text that you enter identifies the mesh access point on the controller.
Note You might want to include an abbreviation of its name and the last few digits of the MAC address, such as ap1522:62:39:10. You can also note details on its location, such as roof top or pole top or its cross streets.
Step 6 From the Interface Name drop-down box, choose the controller interface to which the access point is to connect.
Step 7 Click Apply to commit your changes. The access point now appears in the list of MAC filters on the MAC Filtering page.
Step 8 Click Save Configuration to save your changes.
Step 9 Repeat this procedure to add the MAC addresses of additional access points to the list.
Using the CLI to Add MAC Addresses of Mesh Access Points to the Controller Filter List
Using the controller CLI, follow these steps to add a MAC filter entry for the access point on the controller.
Step 1 To add the MAC address of an access point to the controller filter list, enter this command:
config macfilter add ap_mac wlan_id interface [description]
A value of zero (0) for the wlan_id parameter specifies any WLAN, and a value of zero (0) for the interface parameter specifies none. You can enter up to 32 characters for the optional description parameter.
Step 2 To save your changes, enter this command:
Configuring External Authentication and Authorization Using a RADIUS Server
Controller software release 5.2 or later supports external authorization and authentication of mesh access points using a RADIUS server such as Cisco ACS (4.1 and later). The RADIUS server must support the client authentication type of EAP-FAST with certificates.
Before you employ external authentication within the mesh network, you must make these changes:
- Configure the RADIUS server to be used as an AAA server on the controller.
- Configure the controller on the RADIUS server.
- Add the mesh access point configured for external authorization and authentication to the user list of the RADIUS server. For additional details, refer to the “Adding a Username to a RADIUS Server” section.
- Configure EAP-FAST on the RADIUS server and install the certificates. EAP-FAST authentication is required if mesh access points are connected to the controller using an 802.11a interface; the external RADIUS servers need to trust Cisco Root CA 2048. For information on installing and trusting the CA certificates, see the “Configuring RADIUS Servers” section.
Note If mesh access points connect to a the controller using a Fast Ethernet or Gigabit Ethernet interface, only MAC authorization is required.
Note This feature also supports local EAP and PSK authentication on the controller.
Configuring RADIUS Servers
Follow these steps to install and trust the CA certificates on the RADIUS server:
Step 1 Using Internet Explorer, download the CA certificates for Cisco Root CA 2048:
- http://www.cisco.com/security/pki/certs/crca2048.cer
- http://www.cisco.com/security/pki/certs/cmca.cer
Step 2 Install the certificates:
a. From the CiscoSecure ACS main menu, click, click System Configuration > ACS Certificate Setup > ACS Certification Authority Setup .
b. In the CA certificate file box, type the CA certificate location (path and name). For example: c:\Certs\crca2048.cer.
Step 3 Configure the external RADIUS servers to trust the CA certificate.
a. From the CiscoSecure ACS main menu, choose System Configuration > ACS Certificate Setup > Edit Certificate Trust List . The Edit Certificate Trust List appears.
b. Check the check box next to the Cisco Root CA 2048 (Cisco Systems) certificate name.
d. To restart ACS, choose System Configuration > Service Control , and then click Restart .
Note For additional configuration details on Cisco ACS servers, refer to the following links:
http://www.cisco.com/c/en/us/support/security/secure-access-control-server-windows/products-installation-and-configuration-guides-list.html (Windows)
http://www.cisco.com/c/en/us/support/security/secure-access-control-server-unix/tsd-products-support-configure.html (UNIX)
Adding a Username to a RADIUS Server
Add MAC addresses of mesh access point that are authorized and authenticated by external RADIUS servers to the user list of that server prior to enabling RADIUS authentication for a mesh access point.
For remote authorization and authentication, EAP-FAST uses the manufacturer’s certificate (CERT) to authenticate the child mesh access point. Additionally, this manufacturer certificate-based identity serves as the username for the mesh access point in user validation.
For IOS-based mesh access points (1130, 1240, 1522, 1524), in addition to adding the MAC address to the user list, you need to enter the platform_name_string–Ethernet_MAC_address string to the user list (for example, c1240-001122334455). The controller first sends the MAC address as the username; if this first attempt fails, then the controller sends the platform_name_string–Ethernet_MAC_address string as the username.
Note If you enter only the platform_name_string–Ethernet_MAC_address string to the user list, you will see a first-try failure log on the AAA server; however, the IOS-based mesh access point will still be authenticated on the second attempt using the platform_name_string–Ethernet_MAC_address string as the username.
Using the GUI to Enable External Authentication of Mesh Access Points
Using the controller GUI, follow these steps to enable external authentication for a mesh access point.
Step 1 Click Wireless > Mesh to open the Mesh page (see Figure 8-8).
Step 2 Choose EAP from the Security Mode drop-down box.
Step 3 Check the Enabled check boxes for the External MAC Filter Authorization and Force External Authentication options.
Step 4 Click Apply to commit your changes.
Step 5 Click Save Configuration to save your changes.
Using the CLI to Enable External Authentication of Mesh Access Points
To enable external authentication for mesh access points using the CLI, enter the following commands:
config macfilter mac-delimiter colon
config mesh security rad-mac-filter enable
Using the CLI to View Security Statistics
To view security statistics for mesh access points using the CLI, enter the following command:
show mesh security-stats Cisco_AP
Command shows packet error statistics and a count of failures, timeouts, and association and authentication successes as well as reassociations and reauthentications for the specified access point and its child.
Configuring the AP Mode
Note This procedure is not required for 1520 series access points. The default mode for 1520 series access points is Bridge.
By default, access points are configured as Local. To configure the mesh access points, you first must change the access point mode to Bridge using the GUI or CLI.
Using the GUI to Configure the AP Mode
To configure the AP mode using the GUI, follow these steps:
Step 1 Click Wireless to open the All APs page.
Step 2 Click the name of an access point. The All APs > Details (General) page appears (Figure 8-9).
Figure 8-9 All APs > Details for (General) Page
Step 3 Choose Bridge from the AP Mode drop-down box.
Step 4 Click Apply to commit your changes and to cause the access point to reboot.
Using the CLI to Configure the AP Mode
To configure the AP mode using the CLI, enter the following command:
Defining the Mesh Access Point Role
By default, the 152x mesh access points are shipped with a radio role set to MAP. You must reconfigure a mesh access point to act as a RAP.
Note In order to use the AP1130 and AP1240 indoor mesh access points with a 5500 series controller, a wplus license must be used on the controller.
Using the GUI to Configure the AP Role
To configure the role of a mesh access point using the GUI, follow these steps:
Step 1 Click Wireless to open the All APs page.
Step 2 Click the name of an access point. The All APs > Details (General) page appears.
Step 3 Click the Mesh tab (Figure 8-10).
Figure 8-10 All APs > Details for (Mesh) Page
Step 4 Choose RootAP or MeshAP from the AP Role drop-down box.
Step 5 Click Apply to commit your changes and to cause the access point to reboot.
Using the CLI to Configure the AP Role
To configure the role of a mesh access point using the CLI, enter the following command:
Antennas and Channel Assignment on the AP1524SB
The AP1524SB (serial backhaul) access point is introduced in controller software release 6.0. The AP1524SB has two backhaul radios: one uplink and one downlink. The AP1524SB is suitable for linear deployments.
The AP1524SB mesh access point operates as a RAP or a MAP. The antenna ports are labeled on the AP1524SB and are connected internally to the radios in each slot. The AP1524SB has six ports with three radio slots (0, 1, 2) as described in Table 8-4 :
Note Depending on product model, the AP1524SB could have either 5.0-GHz radios or 5.8-GHz sub-band radios installed in slot 1 and slot 2. Regardless of the radios installed, the AP1524SB running controller software release 6.0 is restricted to the UNII-3 channels (149, 153, 157, 161, and 165) in slot 1 and slot 2.
The two 5.8-GHz radios are used for the serial backhaul, which provides uplink and downlink access. Each 5.8-GHz radio backhaul is configured with a different backhaul channel, so there is no need to use the same shared wireless medium between the north-bound and south-bound traffic in a mesh tree-based network.
On the RAP, the radio in slot 2 is used to extend the backhaul in the downlink direction; the radio in slot 1 is used for client access.
On the MAP, the radio in slot 2 is used for the backhaul in the uplink direction; the radio in slot 1 is used for the backhaul in the downlink direction as well as client access.
You only need to configure the RAP downlink (slot 2) channel. The MAPs automatically select their channels from the channel subset. The available channels for the 5.8 GHz band are 149, 153, 157, 161, and 165.
Figure 8-11 shows a channel selection example when the RAP downlink channel is 153.
Figure 8-11 Channel Selections Examples
Using the GUI to Configure the Channels on the Serial Backhaul
Follow these steps to configure channels on the serial backhaul on the RAP using the controller GUI:
Step 1 Click Wireless > Access Points > Radios > 802.11a/n to open the 802.11a/n Radios page ( see Figure 8-12 ) .
Figure 8-12 802.11a/n Radios Page
Step 2 Hover your cursor over the blue drop-down arrow for the RAP antenna in slot 2 (the backhaul downlink) and choose Configure . The 802.11a/n Cisco APs > Configure page appears (see Figure 8-13).
Figure 8-13 802.11a/n Cisco APs > Configure Page
Step 3 For the RF Backhaul Channel Assignment, choose the Custom assignment method, and select a channel from the drop-down list. The available channels for the 5.8-GHz band are 149, 153, 157, 161, and 165.
Step 4 For the Tx Power Level Assignment, choose the Custom assignment method, and select a power level. Valid values are 1 through 5; the default value is 1.
Note Radio Resource Management (RRM) is disabled by default; RRM cannot be enabled for the backhaul.
Step 5 Click Apply to commit your changes.
Step 6 From the 802.11a/n Radios page, verify that uplink and downlink channels have been assigned (see Figure 8-14).
Figure 8-14 Channel Assignment
Using the CLI to Configure the Channels on the Serial Backhaul
Follow these steps to configure channels on the serial backhaul on the RAP using the controller CLI:
Step 1 To configure the backhaul channel on the radio in slot 2 of the RAP, enter this command:
config slot 2 channel ap Cisco_RAPSB channel
The available channels for the 5.8-GHz band are 149, 153, 157, 161, and 165.
Step 2 To configure the transmit power level on the radio in slot 2 of the RAP, enter this command:
config slot 2 txPower ap Cisco_RAPSB power
Valid values are 1 through 5; the default value is 1.
Step 3 To display the configurations on the mesh access points, enter these commands:
Information similar to the following appears:
Information similar to the following appears:
Information similar to the following appears:
Configuring Global Mesh Parameters
This section provides instructions for configuring the access point to establish a connection with the controller including:
- Setting the maximum range between RAP and MAP (not applicable to 1130 and 1240 indoor mesh access points)
- Enabling a backhaul to carry client traffic
- Defining whether VLAN tags are forwarded or not
- Defining the authentication mode (EAP or PSK) and method (local or external) for mesh access points including security settings (local and external authentication).
You can configure the necessary mesh parameters using the controller GUI or CLI. All parameters are applied globally.
Using the GUI to Configure Global Mesh Parameters
Using the controller GUI, follow these steps to configure global mesh parameters.
Step 1 Click Wireless > Mesh to open the Mesh page (see Figure 8-15).
Step 2 Modify the mesh parameters as appropriate. Table 8-5 describes each parameter.
Note This parameter applies to outdoor mesh access point. The optimum distance (in feet) that should exist between the root access point (RAP) and the mesh access point (MAP). This global parameter applies to all access points when they join the controller and all existing access points in the network. Note After this feature is enabled, all outdoor mesh access points reboot. |
|
Note This parameter applies to outdoor mesh access points. When you enable this feature, IDS reports are generated for all traffic on the backhaul. These reports can be useful for university or enterprise outdoor campus areas, or for public safety users who want to find out who is operating in 4.9 GHz. When you disable this feature, no IDS reports are generated, which preserves bandwidth on the backhaul. Note IDS reporting is enabled for all indoor mesh access points and cannot be disabled. |
|
Note This parameter applies to mesh access points with two or more radios (1524SB, 1522, 1240 and 1130) excluding the 1524PS. When this feature is enabled, mesh access points allow wireless client association over the 802.11a radio. Therefore, a mesh access point can carry both backhaul traffic and 802.11a client traffic over the same 802.11a radio. When this feature is disabled, the mesh access point carries backhaul traffic over the 802.11a radio and allows client association only over the 802.11b/g radio. Note After this feature is enabled, all mesh access points reboot. |
|
This feature determines how a mesh access point handles VLAN tags for Ethernet bridged traffic. Note See the “Configuring Ethernet Bridging and Ethernet VLAN Tagging” section for overview and additional configuration details. When this feature is enabled, VLAN tags are not handled and packets are bridged as if they are untagged. When this feature is disabled, all packets are tagged as non-VLAN transparent or VLAN-opaque and all tagged packets are dropped. Unselect the check box to enable the VLAN Tagging feature. Note VLAN Transparent is enabled as a default to ensure a smooth software upgrade from 4.1.192.xxM releases to release 5.2 or later releases. Release 4.1.192.xxM does not support VLAN tagging. Note See the “Configuring Ethernet Bridging and Ethernet VLAN Tagging” section for more details. |
|
Defines the security mode for mesh access points: Pre-Shared Key (PSK) or Extensible Authentication Protocol (EAP). Note EAP must be selected if external MAC filter authorization using a RADIUS server is configured. Note Local EAP or PSK authentication is performed within the controller if the External MAC Filter Authorization parameter is disabled (check box unchecked). |
|
MAC filtering uses the local MAC filter on the controller by default. When external MAC filter authorization is enabled, if the MAC address is not found in the local MAC filter, then the MAC address in the external RADIUS server is used. This protects your network against rogue mesh access points by preventing access points that are not defined on the external server from joining. Before you employ external authentication within the mesh network, the following configuration is required:
– For remote authorization and authentication, EAP-FAST uses the manufacturer’s certificate (CERT) to authenticate the child mesh access point. Additionally, this manufacturer certificate-based identity serves as the username for the mesh access point in user validation. – For IOS-based mesh access points (1130, 1240, 1522, 1524), in addition to adding the MAC address to the user list, you need to enter the platform_name_string-Ethernet_MAC_address string (for example, c1240-001122334455). The controller first sends the MAC address as the username; if this first attempt fails, the controller sends the platform_name_string-Ethernet_MAC_address string as the username. Note If you only enter the platform_name_string-Ethernet_MAC_address string to the user list, you will see a first-try failure log on the AAA server; however, the IOS-based mesh access point will still be authenticated on the second attempt using the platform_name_string–Ethernet_MAC_address string as the username.
Note When this capability is not enabled, the controller authorizes and authenticates mesh access points using the MAC address filter. |
|
When enabled along with EAP and External MAC Filter Authorization parameters, an external RADIUS server (such as Cisco 4.1 and later) handles external authorization and authentication for mesh access points by default. The RADIUS server overrides local authentication of the MAC address by the controller which is the default. |
Step 3 Click Apply to commit your changes.
Step 4 Click Save Configuration to save your changes.
Using the CLI to Configure Global Mesh Parameters
Using the controller CLI, follow these steps to configure global mesh parameters.
Note Refer to the “Using the GUI to Configure Global Mesh Parameters” section for descriptions, valid ranges, and default values of the parameters used in the CLI commands.
Step 1 To specify the maximum range (in feet) of all access points in the network, enter this command:
To see the current range, enter show mesh range.
Step 2 To enable or disable IDS reports for all traffic on the backhaul, enter this command:
config mesh ids-state { enable | disable }
Step 3 To specify the rate (in Mb/s) at which data is shared between access points on the backhaul interface, enter this command:
config ap bhrate {rate | auto } Cisco_AP
Step 4 To enable or disable client association on the primary backhaul (802.11a) of an access point, enter these commands:
config mesh client-access {enable | disable }
config ap wlan { enable | disable } 802.11a Cisco_AP
config ap wlan {add | delete} 802.11a wlan_id Cisco_AP
Step 5 To enable or disable VLAN transparent, enter this command:
config mesh ethernet-bridging vlan-transparent {enable | disable}
Step 6 To define a security mode for the mesh access point, enter one of the following commands:
a. To provide local authentication of the mesh access point by the controller, enter this command: config mesh security {eap | psk}
b. To store MAC address filter in an external RADIUS server for authentication instead of the controller (local), enter these commands:
config macfilter mac-delimiter colon
config mesh security rad-mac-filter enable
config mesh radius-server index enable
c. To provide external authentication on a RADIUS server and define a local MAC filter on the controller, enter these commands:
config macfilter mac-delimiter colon
config mesh security rad-mac-filter enable
config mesh radius-server index enable
config mesh security force-ext-auth enable
d. To provide external authentication on a RADIUS server using a MAC username (such as c1520-123456) on the RADIUS server, enter these commands:
config macfilter mac-delimiter colon
config mesh security rad-mac-filter enable
config mesh radius-server index enable
config mesh security force-ext-auth enable
Step 7 To save your changes, enter this command:
Using the CLI to View Global Mesh Parameter Settings
Use these commands to obtain information on global mesh settings:
- show mesh client-access—Shows the status of the client-access backhaul as either enabled or disabled. When this option is enabled, mesh access points are able to associate with 802.11a wireless clients over the 802.11a backhaul. This client association is in addition to the existing communication on the 802.11a backhaul between the root and mesh access points.
- show mesh ids-state—Shows the status of the IDS reports on the backhaul as either enabled or disabled.
- show mesh env {summary | Cisco_AP }—Shows the temperature, heater status, and Ethernet status for either all access points (summary) or a specific access point ( Cisco_AP ). The access point name, role (RootAP or MeshAP), and model are also shown.
– The temperature is shown in both Fahrenheit and Celsius.
– The heater status is ON or OFF.
– The Ethernet status is UP or DOWN.
Note Battery status appears as N/A (not applicable) in the show mesh env Cisco_AP status display because it is not provided for access points.
Configuring Local Mesh Parameters
After configuring global mesh parameters, you must configure the following local mesh parameters:
- Antenna Gain—Refer to the “Configuring Antenna Gain” section.
- Workgroup Bridge Groups—Refer to the “Workgroup Bridge Groups on Mesh Access Points” section.
Configuring Antenna Gain
Using the controller GUI or controller CLI, configure the antenna gain for the access point to match that of the installed antenna.
Note Refer to the “External Antennas” section of the Cisco Aironet 1520 Series Outdoor Mesh Access Points Getting Started Guide for a summary of supported antennas and their antenna gains at http://www.cisco.com/en/US/docs/wireless/access_point/1520/quick/guide/ap1520qsg.html
Using the GUI to Configure Antenna Gain
Using the controller GUI, follow these steps to configure the antenna gain.
Step 1 Click Wireless > Access Points > Radios > 802.11a/n to open the 802.11a/n Radios page ( see Figure 8-16 ) .
Figure 8-16 802.11a/n Radios Page
Step 2 Hover your cursor over the blue drop-down arrow for the mesh access point antenna that you want to configure and choose Configure . The 802.11a/n Cisco APs > Configure page appears (see Figure 8-17).
Figure 8-17 802.11a/n Cisco APs > Configure Page
Step 3 Under the Antenna Parameters section, enter the antenna gain in 0.5-dBm units in the Antenna Gain field. For example, 2.5 dBm = 5.
Note You can configure gain settings only on external antennas. The value that you enter must match the value specified by the vendor for that antenna.
Step 4 Click Apply to commit your changes.
Step 5 Click Save Configuration to save your changes.
Using the CLI to Configure Antenna Gain
Using the controller CLI, follow these steps to configure the antenna gain.
Step 1 To configure the antenna gain for the 802.11a backhaul radio, enter this command:
config 802.11a antenna extAntGain antenna_gain Cisco_AP
where antenna_gain is in 0.5-dBm units (for example, 2.5 dBm = 5).
Step 2 To save your changes, enter this command:
Workgroup Bridge Groups on Mesh Access Points
A workgroup bridge (WGB) connects a wired network over a single wireless segment by learning the MAC addresses of its wired clients on the Ethernet interface and reporting them to the mesh access point using Internet Access Point Protocol (IAPP) messaging. The mesh access point treats the WGB as a wireless client.
When configured as a WGB, the 1130, 1240, and 1310 autonomous access points as well as the series 3200 mobile access router (MAR) can associate with mesh access points. The mesh access points can be configured as RAPs or MAPs. WGB association is supported on both the 2.4-GHz (802.11b) and 5-GHz (802.11a) radio on the 1522, and the 2.4-GHz (802.11b) and 4.9-GHz (public safety radio) on the 1524PS.
Note Refer to the “Cisco Workgroup Bridges” section for configuration details.
Supported Workgroup Modes and Capacities
- The 1130, 1240, 1310 autonomous access point must be running Cisco IOS release 12.4(3g)JA or later (on 32-MB access points) or Cisco IOS release 12.3(8)JEB or later (on 16-MB access points). Cisco IOS releases prior to 12.4(3g)JA and 12.3(8)JEB are not supported.
Note If your mesh access point has two radios, you can only configure workgroup bridge mode on one of the radios. Cisco recommends that you disable the second radio. Workgroup bridge mode is not supported on access points with three radios such as 1524.
- Client mode WGB (BSS) is supported; however, infrastructure WGB is not supported.
- Mesh access points can support up to 200 clients including wireless clients, WGBs, and wired clients behind the associated WGBs.
- WGBs operating with Cisco IOS release 12.4(3g)JA cannot associate with mesh access points if the WLAN is configured with WPA1 (TKIP) +WPA2 (AES), and the corresponding WGB interface is configured with only one of these encryptions (either WPA1 or WPA2).
Client Roaming
High-speed roaming of Cisco Compatible Extension (CX), version 4 (v4) clients is supported at speeds up to 70 mph in outdoor mesh deployments of 1522 and 1524 mesh access points. An application example might be maintaining communication with a terminal in an emergency vehicle as it moves within a mesh public network.
Three Cisco CX v4 Layer 2 client roaming enhancements are supported:
- Access point assisted roaming—This feature helps clients save scanning time. When a Cisco CX v4 client associates to an access point, it sends an information packet to the new access point listing the characteristics of its previous access point. Roaming time decreases when the client recognizes and uses an access point list built by compiling all previous access points to which each client was associated and sent (unicast) to the client immediately after association. The access point list contains the channels, BSSIDs of neighbor access points that support the client’s current SSID(s), and time elapsed since disassociation.
- Enhanced neighbor list—This feature focuses on improving a Cisco CX v4 client’s roam experience and network edge performance, especially when servicing voice applications. The access point provides its associated client information about its neighbors using a neighbor-list update unicast message.
- Roam reason report—This feature enables Cisco CX v4 clients to report the reason why they roamed to a new access point. It also allows network administrators to build and monitor a roam history.
Note Client roaming is enabled by default.
Configuring Ethernet Bridging and Ethernet VLAN Tagging
Ethernet bridging is used in two mesh network scenarios:
- Point-to-point and point-to-multipoint bridging between MAPs (untagged packets). A typical trunking application might be bridging traffic between buildings within a campus (Figure 8-18).
Note You do not need to configure VLAN tagging to use Ethernet bridging for point-to-point and point-to-multipoint bridging deployments.
Figure 8-18 Point-to-Multipoint Bridging
- Ethernet VLAN tagging allows specific application traffic to be segmented within a wireless mesh network and then forwarded (bridged) to a wired LAN (access mode) or bridged to another wireless mesh network (trunk mode).
A typical public safety access application using Ethernet VLAN tagging is placement of video surveillance cameras at various outdoor locations within a city. Each of these video cameras has a wired connection to a MAP. The video of all these cameras is then streamed across the wireless backhaul to a central command station on a wired network (see Figure 8-19).
Figure 8-19 Ethernet VLAN Tagging
Ethernet VLAN Tagging Guidelines
- For security reasons the Ethernet port on a mesh access point (RAP and MAP) is disabled by default. It is enabled by configuring Ethernet Bridging on the mesh access point port.
- Ethernet bridging must be enabled on all the access points in the mesh network to allow Ethernet VLAN tagging to operate.
- VLAN mode must be set as non-VLAN transparent (global mesh parameter). Refer to “Configuring Global Mesh Parameters” section.
– VLAN transparent is enabled by default. To set as non-VLAN transparent you must uncheck the VLAN transparent option in the global mesh parameters window.
- VLAN configuration on a mesh access point is only applied if all the uplink mesh access points are able to support that VLAN.
– If uplink access points are not able to support the VLAN, then the configuration is stored rather than applied.
– On 152x mesh access points, three of the four ports can be used as secondary Ethernet interfaces : port 0-PoE in, port 1-PoE out, and port 3- fiber. Port 2 - cable cannot be configured as a secondary Ethernet interface.
– In Ethernet VLAN tagging, port 0-PoE in on the RAP is used to connect to the trunk port of the switch of the wired network. Port 1-PoE out on the MAP is used to connect to external devices such as video cameras.
- Backhaul interfaces (802.11a radios) act as primary Ethernet interfaces . Backhauls function as trunks in the network and carry all VLAN traffic between the wireless and wired network. No configuration of primary Ethernet interfaces is required.
- The switch port in the wired network that is attached to the RAP ( port 0–PoE in ) must be configured to accept tagged packets on its trunk port. The RAP forwards all tagged packets received from the mesh network to the wired network.
- No configuration is required to support VLAN tagging on any 802.11a backhaul Ethernet interface within the mesh network.
– This includes the RAP uplink Ethernet port. The required configuration happens automatically using a registration mechanism.
– Any configuration changes to an 802.11a Ethernet link acting as a backhaul are ignored and a warning results. When the Ethernet link no longer functions as a backhaul the modified configuration is applied.
- VLAN configuration is not allowed on port-02-cable modem port of an 152x access point. VLANs can be configured on ports 0 (PoE-in), 1 (PoE-out) and 3 (fiber).
- If bridging between two MAPs, enter the distance (mesh range) between the two access points that are bridging. (Not applicable to applications in which you are forwarding traffic connected to the MAP to the RAP, access mode)
- Up to 16 VLANs are supported on each sector. Therefore, the cumulative number of VLANs supported by a RAP’s children (MAPs) cannot exceed 16.
- Ethernet ports on access points function as either access or trunk ports within an Ethernet tagging deployment.
- Access Mode– In this mode only untagged packets are accepted. All packets are tagged with a user- configured VLAN called access-VLAN. For this mode to take effect, the global VLAN mode should be non-VLAN transparent.
– This option is used for applications in which information is collected from devices connected to the MAP such as cameras or PCs and then forwarded to the RAP. The RAP then applies tags and forwards traffic to a switch on the wired network.
- Trunk mode—This mode requires the user to configure a native VLAN and an allowed VLAN list (no defaults). In this mode, both tagged and untagged packets are accepted. Untagged packets are always accepted and are tagged with the user specified native VLAN. Tagged packets are accepted if they are tagged with a VLAN in the allowed VLAN list. For this mode to take effect, the global VLAN mode should be non-VLAN transparent.
– This option is used for bridging applications such as forwarding traffic between two MAPs resident on separate buildings within a campus.
– The trunk port on the switch and the RAP trunk port must match.
- A configured VLAN on a MAP Ethernet port cannot function as a Management VLAN.
- The RAP must always connect to the native VLAN (ID 1) on a switch.
– The RAP’s primary Ethernet interface is by default the native VLAN of 1.
Note You cannot bridge VLAN ID 1 when using VLAN-Opaque Ethernet bridging because VLAN 1 is the internal native VLAN within a mesh network. This setting cannot be changed.
Using the GUI to Enable Ethernet Bridging and VLAN Tagging
Using the controller GUI, follow these steps to enable Ethernet bridging on a RAP or MAP.
Step 1 Click Wireless > Access Points > All APs to open the All APs page.
Step 2 Click the name of the access point for which you want to enable Ethernet bridging.
Step 3 Click the Mesh tab to open the All APs > Details for (Mesh) page (see Figure 8-20).
Figure 8-20 All APs > Details for (Mesh) Page
Step 4 Choose one of the following options from the AP Role drop-down box.
- MeshAP—Choose this option if the 1520 series access point has a wireless connection to the controller. This is the default setting.
- RootAP—Choose this option if the 1520 series access point has a wired connection to the controller.
Note You must set at least one mesh access point to RootAP in the mesh network.
Step 5 To assign this access point to a bridge group, enter a name for the group in the Bridge Group Name field.
Step 6 Check the Ethernet Bridging check box to enable Ethernet bridging or uncheck it to disable this feature.
Step 7 Select the appropriate backhaul rate for the 802.11a backhaul interface from the Bridge Data Rate drop-down menu. Cisco recommends setting the backhaul rate to auto .
When the bridge data rate is set to auto , the mesh backhaul picks the highest rate where the next higher rate cannot be used due to unsuitable conditions for that specific rate (and not because of conditions that affect all rates).
Step 8 Click Apply to commit your changes. An Ethernet Bridging section appears at the bottom of the page listing each of the Ethernet ports of the mesh access point.
Step 9 You can perform one of the following procedures to configure the Ethernet Ports. The options are as follows:
Configure the Ethernet Port as the Access Port
To configure the ethernet port as the access port, follow these steps:
Click gigabitEthernet1 (port 1-PoE out).
- Select access from the mode drop-down menu.
- Enter a VLAN ID. The VLAN ID can be any value between 2 and 4095.
Note You cannot bridge VLAN ID 1 when using VLAN-Opaque Ethernet bridging because VLAN 1 is the internal native VLAN within a mesh network. This setting cannot be changed.
Note A maximum of 16 VLANs are supported across all of a RAP’s subordinate MAPs.
Configure the Ethernet Port as the Trunk Port
To configure the ethernet port as the trunk port, follow these steps:
Click gigabitEthernet1 (port 0-PoE in), gigabitEthernet1 (port 1-PoE out), or gigabitEthernet1 (port 3- fiber).
- Select trunk from the mode drop-down menu.
- Enter a native VLAN ID for incoming traffic. The native VLAN ID can be any value between 2 and 4095. Do not assign any value assigned to a user-VLAN (access).
- Enter a trunk VLAN ID for outgoing packets:
- If forwarding untagged packets, do not change the default trunk VLAN ID value of zero. (MAP-to-MAP bridging, campus environment)
- If forwarding tagged packets, enter a VLAN ID (2 to 4095) that is not already assigned. (RAP to switch on wired network).
- Click Add to add the trunk VLAN ID to the allowed VLAN list. The newly added VLAN displays under the Configured VLANs section on the window.
Note To remove a VLAN from the list, select the Remove option from the arrow drop-down to the right of the desired VLAN.
Figure 8-21 All APs > AP > VLAN Mappings Page
Step 10 Click Apply to commit your changes.
Step 11 Click Save Configuration to save your changes.
Table 8-6 describes display-only parameters on the mesh page.
Using the CLI to Configure Ethernet Bridging Parameters
Using the controller CLI, follow these steps to configure Ethernet bridging on a RAP or MAP.
Step 1 To specify that your AP152x has bridge functionality, enter this command:
config ap mode bridge Cisco_AP
Step 2 To specify the role of this access point in the mesh network, enter this command:
config ap role {rootAP | meshAP} Cisco_AP
Use the meshAP parameter if the access point has a wireless connection to the controller or use the rootAP parameter if the access point has a wired connection to the controller.
Note The default access point role is meshAP.
Step 3 To assign the access point to a bridge group, enter this command:
config ap bridgegroupname set groupname Cisco_AP
Step 4 To enable Ethernet bridging on the access point, enter this command:
config mesh ethernet-bridging vlan transparent disable
Step 5 To specify the rate (in Mb/s) at which data is shared between access points on the backhaul interface, enter this command:
config ap bhrate {rate | auto } Cisco_AP
When the bridge data rate is set to auto , the mesh backhaul picks the highest rate where the next higher rate cannot be used due to unsuitable conditions for that rate (and not because of conditions that affect all rates).
Step 6 To save your settings, enter this command:
Using the CLI to Configure Ethernet VLAN Tagging
VLAN ID 1 is not reserved as the default VLAN.
A maximum of 16 VLANs are supported across all of a RAP’s subordinate MAPs.
A VLAN ID can be any value between 1 and 4095. Do not assign any value assigned to another VLAN.
config ap ethernet 1 mode access enable AP1520-MAP 50
where AP1520-MAP is the variable Cisco_AP and 50 is the variable access_vlan ID
config ap ethernet 0 mode trunk enable AP1520-MAP 60
where AP1520-MAP is the variable Cisco_AP and 60 is the variable native_vlan ID
– To add a VLAN to the VLAN allowed list of the native VLAN, enter this command:
config ap ethernet 0 mode trunk add AP1522-MAP3 65
where AP1522-MAP 3 is the variable Cisco_AP and 65 is the variable vlan ID
Configuring Advanced Features
Configuring Voice Parameters in Mesh Networks
You can configure call admission control (CAC) and QoS on the controller to manage voice quality on the mesh network.
Note Voice is supported only on indoor mesh networks (1130 and 1240 access points).
CAC
CAC enables an access point to maintain controlled quality of service (QoS) when the wireless LAN is experiencing congestion. The Wi-Fi Multimedia (WMM) protocol deployed in CCXv3 ensures sufficient QoS as long as the wireless LAN is not congested. However, in order to maintain QoS under different network loads, CAC in CCXv4 or later is required.
Note CAC is supported in Cisco Compatible Extensions (CCX) v4 or later. See the “Configuring Cisco Client Extensions” section on page 6-19 for more information on CCX.
All calls on a mesh access point use bandwidth-based CAC. Load-based CAC is not supported.
Bandwidth-based, or static CAC enables the client to specify how much bandwidth or shared medium time is required to accept a new call. Each access point determines whether it can accommodate a particular call by looking at the bandwidth available and compares it against the bandwidth required for the call. If not enough bandwidth is available to maintain the maximum allowed number of calls with acceptable quality, the access point rejects the call.
QoS and DSCP Marking
QoS 802.11e is supported on the access and backhaul radios of mesh access points. MAPs can prioritize client traffic based on the QoS setting defined on the controller. CAC is implemented on the backhaul.
Mesh access points recognize DSCP markings from devices. DSCP is performed on the originating Cisco 7920 voice handset (client) and the terminating voice handset or terminal. No DSCP marking is performed on the controller, MAP or CAC.
Note QoS only is relevant when there is congestion on the network.
You can configure bandwidth-based CAC and QoS for mesh networks using the controller GUI or CLI. The instructions for configuring these features is the same for both mesh and non-mesh networks with the exception of QoS settings.
- Follow the instructions in the “Configuring Voice and Video Parameters” section to configure voice and video parameters.
– Refer to the “Guidelines for Using Voice on the Mesh Network” section for mesh-specific configuration guidelines for voice including QoS.
The instructions for viewing voice and video details using the CLI are different for mesh and non-mesh access points.
- Follow the instructions in the “Using the CLI to View Voice Details for Mesh Networks” section to view details for mesh access points.
Guidelines for Using Voice on the Mesh Network
- Voice is only supported on indoor mesh access points, 1130 and 1240.
- When voice is operating on a mesh network, calls must not traverse more than two hops.
– Each sector must be configured to require no more than two hops for voice.
– Enable dynamic target power control (DTPC)
– Disable all data rates less than 11 Mbps
– Load-based CAC must be disabled
– Enable admission control (ACM) for CCXv4 or v5 clients that have WMM enabled. Otherwise, bandwidth-based CAC does not operate properly.
– Set the maximum RF bandwidth to 50%
– Set the reserved roaming bandwidth to 6%
– Enable traffic stream metrics
– Set the EDCA profile for the interface as voice optimized
– Create a voice profile and select 802.1q as the wired QoS protocol type
– Select a QoS of platinum for voice and gold for video on the backhaul
– Select allowed as the WMM policy
– Select CCKM for authorization ( auth ) key management ( mgmt ) if you want to support fast roaming. Refer to the “Client Roaming” section
Voice Call Support in a Mesh Network
Table 8-7 lists a projected minimum and maximum of voice calls supported by radio type and mesh access point role (RAP or MAP) for planning purposes.
Using the CLI to View Voice Details for Mesh Networks
Use the commands in this section to view details on voice calls on the mesh network.
Refer to Figure 8-22 when using the CLI commands and viewing their output.
Figure 8-22 Mesh Network Example
- To view the total number of voice calls and the bandwidth used for voice calls on each root access point, enter this command:
Information similar to the following appears:
- To view the mesh tree topology for the network and the bandwidth utilization (used/maximum available) of voice calls and video links for each access point and radio, enter this command:
show mesh cac bwused { voice | video} Cisco_AP
Information similar to the following appears:
Note The bars (|) to the left of the AP Name field indicate the number of hops that the mesh access point is away from its root access point (RAP).
Note When the radio type is the same, the backhaul bandwidth used (bw used/max) at each hop is identical. For example, mesh access points map1, map2, map3, and rap1 are all on the same radio backhaul (802.11a) and are using the same bandwidth (3048). All of the calls are in the same interference domain. A call placed anywhere in that domain affects the others.
- To view the mesh tree topology for the network and display the number of voice calls that are in progress by access point radio, enter this command:
Note Each call received by an access point radio causes the appropriate calls summary column to increment by one. For example, if a call is received on the 802.11b/g radio on map2, then a value of one is added to the existing value in that radio’s calls column. In this case, the new call is the only active call on the 802.11b/g radio of map2. If one call is active when a new call is received, the resulting value is two.
- To view the mesh tree topology for the network and display the voice calls that are in progress, enter this command:
show mesh cac callpath Cisco_AP
Note The calls column for each mesh access point radio in a call path increments by one. For example, for a call that initiates at map2 (show mesh cac call path SB_MAP2) and terminates at rap1 by way of map1, one call is added to the map2 802.11b/g and 802.11a radio calls column, one call to the map1 802.11a backhaul radio calls column, and one call to the rap1 802.11a backhaul radio calls column.
- To view the mesh tree topology of the network, the voice calls that are rejected at the access point radio because of insufficient bandwidth, and the corresponding access point radio where the rejection occurred, enter this command:
show mesh cac rejected Cisco_AP
Information similar to the following appears:
Note If a call is rejected at the map2 802.11b/g radio, its calls column increments by one.
- To view the number of bronze, silver, gold, platinum, and management queues active on the specified access point. The peak and average length of each queue are shown as well as the overflow count.
show mesh queue-stats { Cisco_AP | all }
Information similar to the following appears:
Overflows—The total number of packets dropped because of queue overflow.
Peak Length—The peak number of packets waiting in the queue during the defined statistics time interval.
Average Length—The average number of packets waiting in the queue during the defined statistics time interval.
Enabling Mesh Multicast Containment for Video
You can use the controller CLI to configure three mesh multicast modes to manage video camera broadcasts on all mesh access points. When enabled, these modes reduce unnecessary multicast transmissions within the mesh network and conserve backhaul bandwidth.
Mesh multicast modes determine how bridging-enabled access points [mesh access points (MAPs) and root access points (RAPs)] send multicasts among Ethernet LANs within a mesh network. Mesh multicast modes manage non-CAPWAP multicast traffic only. CAPWAP multicast traffic is governed by a different mechanism.
The three mesh multicast modes are:
- Regular mode —Data is multicast across the entire mesh network and all its segments by bridging-enabled RAPs and MAPs.
- In mode —Multicast packets received from the Ethernet by a MAP are forwarded to the RAP’s Ethernet network. No additional forwarding occurs, which ensures that non-CAPWAP multicasts received by the RAP are not sent back to the MAP Ethernet networks within the mesh network (their point of origin), and MAP-to-MAP multicasts do not occur because they are filtered out. In mode is the default mode.
- In-out mode —The RAP and MAP both multicast but in a different manner:
– If multicast packets are received at a MAP over Ethernet, they are sent to the RAP; however, they are not sent to other MAP Ethernets, and the MAP-to-MAP packets are filtered out of the multicast.
– If multicast packets are received at a RAP over Ethernet, they are sent to all the MAPs and their respective Ethernet networks. When the in-out mode is in operation, it is important to properly partition your network to ensure that a multicast sent by one RAP is not received by another RAP on the same Ethernet segment and then sent back into the network.
Note If 802.11b clients need to receive CAPWAP multicasts, then multicast must be enabled globally on the controller as well as on the mesh network (using the config network multicast global enable CLI command). If multicast does not need to extend to 802.11b clients beyond the mesh network, the global multicast parameter should be disabled (using the config network multicast global disable CLI command).
Using the CLI to Enable Multicast on the Mesh Network
- To enable multicast mode on the mesh network to receive multicasts from beyond the mesh networks, enter these commands:
config network multicast global enable
config mesh multicast {regular | in | in-out}
- To enable multicast mode only the mesh network (multicasts do not need to extend to 802.11b clients beyond the mesh network), enter these commands:
config network multicast global disable
config mesh multicast {regular | in | in-out}
Note Multicast for mesh networks cannot be enabled using the controller GUI.
Backhaul Client Access (Universal Access) for Indoor and Outdoor Mesh Access Points
You can configure the backhaul for mesh access points (1524SB, 1522, 1240 and 1130) to accept client traffic. When this feature is enabled, mesh access points allow wireless client association over the 802.11a radio. This universal access allows an access point to carry both backhaul traffic and 802.11a client traffic over the same 802.11a radio. When this feature is disabled, backhaul traffic is only transmitted over the 802.11a radio and client association is only allowed over the 802.11b/g radio.
After this feature is enabled, all mesh access points reboot.
Note This parameter applies to mesh access points with two or more radios (1524SB, 1522, 1240 and 1130) excluding the 1524PS.
To enable this feature on the controller, check the Backhaul Client Access check box on the Wireless > Mesh window. Refer to the “Configuring Global Mesh Parameters” section.
Viewing Mesh Statistics and Reports
Viewing Mesh Statistics for an Access Point
This section explains how to use the controller GUI or CLI to view mesh statistics for specific access points.
Note You can modify the Statistics Timer interval setting on the All APs > Details page of the controller GUI.
Using the GUI to View Mesh Statistics for an Access Point
Follow these steps to view mesh statistics for a specific access point using the controller GUI.
Step 1 Click Wireless > Access Points > All APs to open the All APs page (see Figure 8-23).
Step 2 To view statistics for a specific access point, hover your cursor over the blue drop-down arrow for the desired access point and choose Statistics . The All APs > Access Point Name > Statistics page for the access point appears (see Figure 8-24).
Figure 8-24 All APs > Access Point Name > Statistics Page
This page shows the role of the access point in the mesh network, the name of the bridge group to which the access point belongs, the backhaul interface on which the access point operates, and the number of the physical switch port. It also displays a variety of mesh statistics for this access point. Table 8-8 describes each of the statistics.
Using the CLI to View Mesh Statistics for an Access Point
Use these commands to view mesh statistics for a specific access point using the controller CLI.
- To view packet error statistics; a count of failures, timeouts, association and authentication successes; and reassociations and reauthentications for a specific access point, enter this command:
show mesh security-stats { Cisco_AP | all }
Information similar to the following appears:
show mesh queue-stats Cisco_AP
Information similar to the following appears:
Overflows—The total number of packets dropped because of queue overflow.
Peak Length—The peak number of packets waiting in the queue during the defined statistics time interval.
Average Length—The average number of packets waiting in the queue during the defined statistics time interval.
Viewing Neighbor Statistics for an Access Point
This section explains how to use the controller GUI or CLI to view neighbor statistics for a selected access point. It also describes how to run a link test between the selected access point and its parent.
Using the GUI to View Neighbor Statistics for an Access Point
Using the controller GUI, follow these steps to view neighbor statistics for an access point.
Step 1 Click Wireless > Access Points > All APs to open the All APs page (see Figure 8-25).
Step 2 To view neighbor statistics for a specific access point, hover your cursor over the blue drop-down arrow for the desired access point and choose Neighbor Information . The All APs > Access Point Name > Neighbor Info page for the access point appears (see Figure 8-26).
Figure 8-26 All APs > Access Point Name > Neighbor Info Page
This page lists the parent, children, and neighbors of the access point. It provides each access point’s name and radio MAC address.
Step 3 To perform a link test between the access point and its parent or children, follow these steps:
a. Hover your cursor over the blue drop-down arrow of the parent or child and choose LinkTest . A pop-up window appears (see Figure 8-27).
b. Click Submit to start the link test. The link test results appear on the Mesh > LinkTest Results page (see Figure 8-28).
Figure 8-28 Mesh > LinkTest Results Page
c. Click Back to return to the All APs > Access Point Name > Neighbor Info page.
Step 4 To view the details for any of the access points on this page, follow these steps:
a. Hover your cursor over the blue drop-down arrow for the desired access point and choose Details . The All APs > Access Point Name > Link Details > Neighbor Name page appears (see Figure 8-29).
Figure 8-29 All APs > Access Point Name > Link Details > Neighbor Name Page
b. Click Back to return to the All APs > Access Point Name > Neighbor Info page.
Step 5 To view statistics for any of the access points on this page, follow these steps:
a. Hover your cursor over the blue drop-down arrow for the desired access point and choose Stats . The All APs > Access Point Name > Mesh Neighbor Stats page appears (see Figure 8-30).
Figure 8-30 All APs > Access Point Name > Mesh Neighbor Stats Page
b. Click Back to return to the All APs > Access Point Name > Neighbor Info page.
Using the CLI to View Neighbor Statistics for an Access Point
Use these commands to view neighbor statistics for a specific access point.
show mesh neigh {detail | summary} { Cisco_AP | all }
Information similar to the following appears when you request a summary display:
- To view the channel and signal-to-noise ratio (SNR) details for a link between an access point and its neighbor, enter this command:
Information similar to the following appears:
- To view the percentage of packet errors for packets transmitted by the neighbor mesh access point, enter this command:
show mesh per-stats { Cisco_AP | all }
Information similar to the following appears:
Note Packet error rate percentage = 1 – (number of successfully transmitted packets/number of total packets transmitted).
Converting Indoor Access Points to Mesh Access Points (1130AG, 1240AG)
Before you can install an 1130AG or 1240AG indoor access point into an indoor mesh deployment, you must do the following.
1. Convert the autonomous access point (k9w7 image) to a lightweight access point.
A detailed explanation of this process is located at:
http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_technical_reference09186a00804fc3dc.html
2. Convert the lightweight access point to either a mesh access point (MAP) or root access point (RAP).
Indoor mesh access points (1130 and 1240) can function as either a RAP or a MAP. By default, all are configured as MAPs.
At least one access point within a mesh network must be configured to function as a RAP.
To convert from a lightweight access point to a mesh access point, enter the following CLI commands:
To convert from a lightweight access point to a RAP, enter the following CLI commands:
config ap mode bridge Cisco_AP
config ap role rootAP Cisco_AP
The mesh access point reloads and is configured to operate as a RAP.
Changing MAP and RAP Roles for Indoor Mesh Access Points (1130AG, 1240AG)
Cisco 1130 and 1240 series indoor mesh access points can function as either RAPs or MAPs.
Using the GUI to Change MAP and RAP Roles for Indoor Mesh Access Points
Using the controller GUI, follow these steps to change an indoor mesh access point from one role to another.
Step 1 Click Wireless > Access Points > All APs to open the All APs page.
Step 2 Click the name of the 1130 or 1240 series access point that you want to change.
Step 4 From the AP Role drop-down box, choose MeshAP or RootAP to specify this access point as a MAP or RAP, respectively.
Step 5 Click Apply to commit your changes. The access point reboots.
Step 6 Click Save Configuration to save your changes.
Note Cisco recommends a Fast Ethernet connection between the MAP and controller when changing from a MAP to RAP.
Note After a RAP-to-MAP conversion, the MAP’s connection to the controller is a wireless backhaul rather than a Fast Ethernet connection. It is the responsibility of the user to ensure that the Fast Ethernet connection of the RAP being converted is disconnected before the MAP starts up so that the MAP can join over the air.
Note The recommended power source for MAPs is either a power supply or power injector. PoE is not a recommended power source for MAPs.
Using the CLI to Change MAP and RAP Roles for Indoor Mesh Access Points
Using the controller CLI, follow these steps to change an indoor mesh access point from one role to another.
Step 1 To change the role of an indoor access point from MAP to RAP or from RAP to MAP, enter this command:
config ap role {rootAP | meshAP} Cisco_AP
The access point reboots after you change the role.
Step 2 To save your changes, enter this command:
Converting Indoor Mesh Access Points to Non-Mesh Lightweight Access Points (1130AG, 1240AG)
The access point reboots after entry of the conversion commands (noted below).
Note A Fast Ethernet connection to the controller for the conversion from a mesh (bridge) to non-mesh (local) access point is recommended. If the backhaul is a radio, after the conversion you must enable Ethernet and then reload the access image. After the reload and reboot the backhaul is Fast Ethernet.
Note When a root access point is converted back to a lightweight access point, all of its subordinate mesh access points lose connectivity to the controller. Consequently, a mesh access point is unable to service its clients until the mesh access point is able to connect to a different root access point in the vicinity. Likewise, clients might connect to a different mesh access point in the vicinity to maintain connectivity to the network.
- To convert an indoor mesh access point (MAP or RAP) to a non-mesh lightweight access point using the CLI, enter the following command.
- To convert an indoor mesh access point (MAP or RAP) to a non-mesh lightweight access point using the GUI, follow these steps:
a. Click Wireless and click on the AP Name link for the 1130 or 1240 indoor access point you want to convert.
b. At the General Properties panel, select Local from the AP Mode drop-down menu.
c. Click Apply and Save Configuration .
- To convert an indoor mesh access point (MAP or RAP) to a non-mesh lightweight access point using Cisco WCS, follow these steps:
a. Click Configure > Access Points and click on the AP Name link for the 1130 or 1240 indoor access point you want to convert.
b. At the General Properties panel, select Local as the AP Mode (left side).
Configuring Mesh Access Points to Operate with Cisco 3200 Series Mobile Access Routers
Outdoor access points (1522, 1524PS) can interoperate with the Cisco 3200 Series Mobile Access Router (MAR) on the public safety channel (4.9 GHz) as well as the 2.4-GHz access and 5.8-GHz backhaul.
The Cisco 3200 creates an in-vehicle network in which devices such as PCs, surveillance cameras, digital video recorders, printers, PDAs, and scanners can share wireless networks such as cellular or WLAN- based services back to the main infrastructure. This allows data collected from in-vehicle deployments such as a police cars to be integrated into the overall wireless infrastructure. For specific interoperability details between series 1130, 1240, and 1520 mesh access points and series 3200 mobile access routers, refer to Table 8-9 .
15226 |
|
1130, 1240 configured as indoor mesh access points with universal access |
Configuration Guidelines
For the 1522 or 1524PS mesh access point and Cisco MAR 3200 to interoperate on the public safety network, the following configuration guidelines must be met:
- Client access must be enabled on the backhaul (Mesh global parameter).
- Public Safety must be enabled globally on all mesh access points (MAPs) in the mesh network.
- Channel number assignments on the 1522 or 1524PS must match those on the Cisco 3200 radio interfaces.
– Channels 20 (4950 GHz) through 26 (4980 GHz) and sub-band channels 1 through 19 (5 and 10 MHz) are used for MAR interoperability. This configuration change is made on the controller. No changes are made to the access point configuration.
– Channel assignments are made only to the RAP. Updates to the MAP are propagated by the RAP.
The default channel width for MAR 3200s is 5 MHz. You must do one of the following:
- Change the channel width to 10 or 20 MHz to enable WGBs to associate with series 1520 mesh access points
- Change the channel on the 1522 or 1524PS to a channel in the 5-MHz (channels 1 to 10) or 10-MHz band (channels 11 through 19).
– When using the CLI, you must disable the 802.11a radio prior to configuring its channels. You re-enable the radio after the channels are configured.
– When using the GUI, enabling and disabling of the 802.11a radio for channel configuration is not required.
– Cisco MAR 3200s can scan channels within but not across the 5-, 10-, or 20-MHz bands.
Using the GUI to Enable Mesh Access Points to Operate with Cisco 3200 Series Mobile Access Routers
Using the controller GUI, follow these steps to enable the 1522 and 1524PS mesh access points to associate to the Cisco 3200 series MAR.
Step 1 To enable the backhaul for client access, click Wireless > Mesh to open the Mesh page.
Step 2 Check the Backhaul Client Access check box to allow wireless client association over the 802.11a radio.
Step 3 Click Apply to commit your changes.
Step 4 When prompted to allow a reboot of all the mesh access points on the network, click OK.
Step 5 Click Wireless > Access Points > Radios > 802.11a/n to open the 802.11a/n Radios page.
Step 6 Hover your cursor over the blue drop-down arrow for the appropriate RAP and choose Configure. The 802.11a/n (4.9 GHz) > Configure page appears (see Figure 8-31).
Figure 8-31 802.11 a/n (4.9GHz) > Configure Page
Step 7 Under the RF Channel Assignment section, choose the Custom option for Assignment Method and select a channel between 1 and 26.
Step 8 Click Apply to commit your changes.
Step 9 Click Save Configuration to save your changes.
Using the CLI to Enable Mesh Access Points to Operate with Cisco 3200 Series Mobile Access Routers
Using the controller CLI, follow these steps to enable the 1522 and 1524PS mesh access points to associate to the Cisco 3200 series MAR.
Step 1 To enable client access mode on the 1522 and 1524PS mesh access points, enter this command:
config mesh client-access enable
Step 2 To enable public safety on a global basis, enter this command:
config mesh public-safety enable all
Step 3 To enable the public safety channels, enter these commands:
config 802.11a disable Cisco_MAP
config 802.11a channel ap Cisco_MAP channel_number
config 802.11a enable Cisco_MAP
config 802.11–a49 disable Cisco_MAP
config 802.11–a49 channel ap Cisco_MAP channel_number
config 802.11–a49 enable Cisco_MAP
Note Enter config 802.11–a58 enable Cisco_MAP to enable a 5.8-GHz radio.
Note For both the 1522 and 1524PS mesh access points, valid values for the channel number is 1 through 26.
Step 4 To save your changes, enter this command:
Step 5 To verify your configuration, enter these commands:
show ap config 802.11a summary (for 1522 access points only)
show ap config 802.11–a49 summary (for 1524PS access points only)
Note Enter show config 802.11-a58 summary to view configuration details for a 5.8-GHz radio.