Almost all of the text found on this blog were taken from Cisco.com. This blog post was created to assist me with my CCNP wireless to CCIE wireless journey.
Note: These controller platforms do
not require licenses: Cisco 2100 and Cisco 4400 Series Controllers, Cisco
WiSMs, Controller Network Modules, and Catalyst 3750G Integrated Wireless LAN
Controller Switches.
All features included in a Wireless LAN Controller WPLUS license
are now included in the base license; this change is introduced in release
6.0.196.0. These WPlus license features are included in the base license:
•OfficeExtend
AP
•Enterprise
Mesh
•CAPWAP
Data Encryption
The licensing change can affect features on your wireless LAN when
you upgrade or downgrade software releases, so you should be aware of these
guidelines:
•If
you have a WPlus license and you upgrade from 6.0.x.x to 7.0.98.0, your license
file contains both Basic and WPlus license features. You won’t see any
disruption in feature availability and operation.
•If
you have a WPlus license and you downgrade from 7.0.98.0 to 6.0.196.0 or 6.0.188
or 6.0.182, your license file contains only base license, and you will lose all
WPLUS features.
•If you have a base license and you downgrade from 6.0.196.0 to
6.0.188 or 6.0.182, when you downgrade, you lose all WPlus features
Base
license SKUs for the Cisco 5500 Series Controllers are as follows:
•AIR-CT5508-12-K9
•AIR-CT5508-25-K9
•AIR-CT5508-50-K9
•AIR-CT5508-100-K9
•AIR-CT5508-250-K9
•AIR-CT5508-500-K9
The capacity adder SKUs are as follows:
•LIC-CT5508-25A
•LIC-CT5508-50A
•LIC-CT5508-100A
•LIC-CT5508-250A
NoteIf you require a paper certificate for Customs, order it without
the “L-” in the SKU (for example, LIC-CT5508-250A) and choose to ship it using
U.S. mail.
NoteTypically, you are prompted to accept the EULA for evaluation,
extension, and rehost licenses. The EULA is also required for permanent
licenses, but it is accepted during license generation.
Ports
A port
is a physical entity that is used for connections on the controller platform.
Controllers have two types of ports: distribution system ports and a service
port.
Cisco 4402 Controllers have two Gigabit Ethernet distribution
system ports, each of which is capable of managing up to 48 access points.
However, we recommend no more than 25 access points per port due to bandwidth
constraints. The 4402-25 and 4402-50 models allow a total of 25 or 50 access
points to join the controller.
Cisco 4404 Controllers have four Gigabit Ethernet distribution
system ports, each of which is capable of managing up to 48 access points.
However, we recommend no more than 25 access points per port due to bandwidth
constraints. The 4404-25, 4404-50, and 4404-100 models allow a total of 25, 50,
or 100 access points to join the controller.
NoteThe following Cisco Small Form-Factor Pluggable (SFP) options are
supported in the Cisco 4400 Series Wireless LAN Controllers: GLC-T
(1000BASE-T), GLC-SX-MM (1000BASE-SX), GLC-LH-SM (1000BASE-LX/LH SFP).
NoteThe Gigabit Ethernet ports on the Cisco 4402 and 4404 Controllers
accept these SX/LC/T small form-factor plug-in (SFP) modules:- 1000BASE-SX SFP
modules, which provide a 1000-Mbps wired connection to a network through an
850nM (SX) fiber-optic link using an LC physical connector- 1000BASE-LX SFP
modules, which provide a 1000-Mbps wired connection to a network through a
1300nM (LX/LH) fiber-optic link using an LC physical connector- 1000BASE-T SFP
modules, which provide a 1000-Mbps wired connection to a network through a
copper link using an RJ-45 physical connector
Cisco
5508 Controllers have eight Gigabit Ethernet distribution system ports, through
which the Controller can manage multiple access points. The 5508-12, 5508-25,
5508-50, 5508-100, and 5508-250 models allow a total of 12, 25, 50, 100, or 250
access points to join the controller. Cisco 5508 controllers have no
restrictions on the number of access points per port. However, we recommend
using link aggregation (LAG) or configuring dynamic AP-manager interfaces on
each Gigabit Ethernet port to automatically balance the load. If more than 100
access points are connected to the Cisco 5500 Series Controller, make sure that
more than one Gigabit Ethernet interface is connected to the upstream switch.
NoteThe following Cisco Small Form-Factor Pluggable (SFP) options are
supported in the Cisco 5500 Series Wireless LAN Controllers: GLC-T
(1000BASE-T), GLC-SX-MM (1000BASE-SX), GLC-LH-SM (1000BASE-LX/LH SFP).
NoteThe Gigabit Ethernet ports on the Cisco 5508 Controllers accept
these SX/LC/T small form-factor plug-in (SFP) modules:- 1000BASE-SX SFP
modules, which provide a 1000-Mbps wired connection to a network through an
850nM (SX) fiber-optic link using an LC physical connector- 1000BASE-LX SFP
modules, which provide a 1000-Mbps wired connection to a network through a
1300nM (LX/LH) fiber-optic link using an LC physical connector- 1000BASE-T SFP
modules, which provide a 1000-Mbps wired connection to a network through a
copper link using an RJ-45 physical connector
Each distribution system port is, by default, an 802.1Q VLAN trunk
port. The VLAN trunking characteristics of the port are not configurable.
Cisco 4400 and Cisco 5500 Series Controllers also have a
10/100/1000 copper Ethernet service port. The service port is controlled by the
service-port interface and is reserved for out-of-band management of the
controller and system recovery and maintenance in the event of a network
failure. It is also the only port that is active when the controller is in boot
mode. The service port is not capable of carrying 802.1Q tags, so it must be
connected to an access port on the neighbor switch. Use of the service port is
optional.
NoteThe Cisco WiSM’s controllers use the service port for internal
protocol communication between the controllers and the Supervisor 720.
NoteThe Cisco 2100 Series Controller and the controller in the Cisco
Integrated Services Router do not have a service port.
NoteThe service port is not autosensing. You must use the correct
straight-through or crossover Ethernet cable to communicate with the service
port.
CautionDo not configure wired clients in the same VLAN or subnet of the
service port on the network.
Interfaces
An
interface is a logical entity on the controller. An interface has multiple
parameters associated with it, including an IP address, default gateway (for
the IP subnet), primary physical port, secondary physical port, VLAN
identifier, and DHCP server.
***********************************************************************************
***********************************************************************************
To make APs advertise their channel and tx power level in beacons select DTPC support.
What is DTPC?
DATA RATES:
Mandatory - clients must support this data rate to be able to associate to the AP
Supported - Clients that support the data rate can communicate with the AP
Disabled - Clients specify the data rates for communication
***********************************************************************************
To make APs advertise their channel and tx power level in beacons select DTPC support.
What is DTPC?
When you enable Dynamic Transmit Power Control (DTPC), access points add
channel and transmit power information to beacons. (On access points
that run Cisco IOS software, this feature is called world mode.)
NOTE: DTPC and world mode are not the same things.
config {802.11a | 802.11bg} dtpc {enable | disable}
DATA RATES:
Mandatory - clients must support this data rate to be able to associate to the AP
Supported - Clients that support the data rate can communicate with the AP
Disabled - Clients specify the data rates for communication
Configure 802.11 bands
Note: The 802.11 band must be disabled in order to configure any settings.
config 802.11a disable network
(wlc1) >config 802.11a rate disabled 6
(wlc1) >config 802.11a rate mandatory 12
(wlc1) >config 802.11a rate supported 54
(wlc1) >show 802.11b
802.11b Network.................................. Enabled
11gSupport....................................... Enabled
11nSupport....................................... Enabled
802.11b/g Operational Rates
802.11b/g 1M Rate............................ Disabled
802.11b/g 2M Rate............................ Disabled
802.11b/g 5.5M Rate.......................... Disabled
802.11b/g 11M Rate........................... Disabled
802.11g 6M Rate.............................. Disabled
802.11g 9M Rate.............................. Disabled
802.11g 12M Rate............................. Mandatory
802.11g 18M Rate............................. Supported
802.11g 24M Rate............................. Supported
802.11g 36M Rate............................. Supported
802.11g 48M Rate............................. Supported
802.11g 54M Rate............................. Supported
How are 802.11n data rates achieved?
High data rates are acheived with the following:
MIMO
Transmit beamforming
Spatial multiplexing
Guard intervals
MCS Index
MIMO - is the use of multiple antennas at both the transmitter and receiver to improve communication performance. It is one of several forms of smart antenna technology
Transmit beamforming - allows an AP to "focus" it's signal at a client's location. Focusing the signal based on the client's location will increase throughput, SNR and RSSI
Spatial multiplexing - is a 802.11n MIMO technology that allows multiple streams independent streams
Guard interval - is the "space"/ quiet time between symbols in 802.11 transmission that minimizes interference . Symbols are characters that are being transmitted.Guard intervals can be long 800ns or short 400ns. Shorter guard intervals increase throughput but at the risk of higher retries.
MCS index - Are values that allow you to calculate data rates.
MCS index on a Cisco WLC
802.11h - is used to detect radar interference.
channel announcement can be checked off so that the AP can announce that it is about to change channels and it will also announce the new channel number.
if you want the AP to stop transmitting on the affected 802.11h channel check off the quiet mode box.
When the AP sends the LWAPP Join Request to the WLC, it embeds its X.509 certificate in the LWAPP message. The AP also generates a random session ID that is also included in the LWAPP Join Request. When the WLC receives the LWAPP Join Request, it validates the signature of the X.509 certificate using the AP's public key and checks that the certificate was issued by a trusted certificate authority.
It also looks at the starting date and time for the AP certificate's validity interval and compares that date and time to its own date and time (hence the controller’s clock needs to be set to close to the current date and time). If the X.509 certificate is validated, the WLC generates a random AES encryption key. The WLC plumbs the AES key into its crypto engine so that it can encrypt and decrypt future LWAPP Control Messages exchanged with the AP. Note that data packets are sent in the clear in the LWAPP tunnel between the LAP and the controller.
The debug pm pki enable command shows the certification validation process that occurs during the join phase on the controller. The debug pm pki enable command will also display the AP hash key during the join process if the AP has a self-signed certificate (SSC) created by the LWAPP conversion program. If the AP has a Manufactured Installed Certificate (MIC), you will not see a hash key.
Note: All APs manufactured after June 2006 have a MIC.
Clientlink
http://www.cisco.com/en/US/prod/collateral/wireless/ps5678/ps10092/white_paper_c11-516389.html
www.youtube.com/watch?v=f2ovVxGeyFo
Note: The 802.11 band must be disabled in order to configure any settings.
config 802.11a disable network
(wlc1) >config 802.11a rate disabled 6
(wlc1) >config 802.11a rate mandatory 12
(wlc1) >config 802.11a rate supported 54
(wlc1) >show 802.11b
802.11b Network.................................. Enabled
11gSupport....................................... Enabled
11nSupport....................................... Enabled
802.11b/g Operational Rates
802.11b/g 1M Rate............................ Disabled
802.11b/g 2M Rate............................ Disabled
802.11b/g 5.5M Rate.......................... Disabled
802.11b/g 11M Rate........................... Disabled
802.11g 6M Rate.............................. Disabled
802.11g 9M Rate.............................. Disabled
802.11g 12M Rate............................. Mandatory
802.11g 18M Rate............................. Supported
802.11g 24M Rate............................. Supported
802.11g 36M Rate............................. Supported
802.11g 48M Rate............................. Supported
802.11g 54M Rate............................. Supported
How are 802.11n data rates achieved?
High data rates are acheived with the following:
MIMO
Transmit beamforming
Spatial multiplexing
Guard intervals
MCS Index
MIMO - is the use of multiple antennas at both the transmitter and receiver to improve communication performance. It is one of several forms of smart antenna technology
Transmit beamforming - allows an AP to "focus" it's signal at a client's location. Focusing the signal based on the client's location will increase throughput, SNR and RSSI
Spatial multiplexing - is a 802.11n MIMO technology that allows multiple streams independent streams
Guard interval - is the "space"/ quiet time between symbols in 802.11 transmission that minimizes interference . Symbols are characters that are being transmitted.Guard intervals can be long 800ns or short 400ns. Shorter guard intervals increase throughput but at the risk of higher retries.
MCS index - Are values that allow you to calculate data rates.
MCS index on a Cisco WLC
802.11h - is used to detect radar interference.
channel announcement can be checked off so that the AP can announce that it is about to change channels and it will also announce the new channel number.
if you want the AP to stop transmitting on the affected 802.11h channel check off the quiet mode box.
Debug from the LAP
If the controller debugs do not indicate a join request, you can debug the process from the LAP as long as the LAP has a console port. You can see the LAP boot up process with these commands, but you must first get into enable mode (default password is Cisco):-
debug dhcp detail—Shows DHCP option 43
information.
-
debug ip udp—Shows the join/discovery
packets to the controller as well as DHCP and DNS queries (all of these are UDP
packets. Port 12223 is the controller’s source port).
-
debug lwapp client event—Shows LWAPP
events for the AP.
-
undebug all—Disables debugs on the
AP.
debug pm pki enable
As a part of the join process, the WLC authenticates each LAP by verifying that its certificate is valid.When the AP sends the LWAPP Join Request to the WLC, it embeds its X.509 certificate in the LWAPP message. The AP also generates a random session ID that is also included in the LWAPP Join Request. When the WLC receives the LWAPP Join Request, it validates the signature of the X.509 certificate using the AP's public key and checks that the certificate was issued by a trusted certificate authority.
It also looks at the starting date and time for the AP certificate's validity interval and compares that date and time to its own date and time (hence the controller’s clock needs to be set to close to the current date and time). If the X.509 certificate is validated, the WLC generates a random AES encryption key. The WLC plumbs the AES key into its crypto engine so that it can encrypt and decrypt future LWAPP Control Messages exchanged with the AP. Note that data packets are sent in the clear in the LWAPP tunnel between the LAP and the controller.
The debug pm pki enable command shows the certification validation process that occurs during the join phase on the controller. The debug pm pki enable command will also display the AP hash key during the join process if the AP has a self-signed certificate (SSC) created by the LWAPP conversion program. If the AP has a Manufactured Installed Certificate (MIC), you will not see a hash key.
Note: All APs manufactured after June 2006 have a MIC.
Clientlink
http://www.cisco.com/en/US/prod/collateral/wireless/ps5678/ps10092/white_paper_c11-516389.html
www.youtube.com/watch?v=f2ovVxGeyFo
