Top 10 Cisco Wireless “Good to Know”

Blog

Dec 30, 2011 7:22 AM
Dec 30th, 2011

This is a list of Cisco Wireless related facts that have evoked a “really? well I wish I knew that before…” moment for me and many others.

Hopefully this will help others save some time and frustration. 

Please post suggestions for additions, as I’m sure there are other topics that fit these criteria.

Top 10 Cisco Wireless “Good to Know”

1) Controller interface vlan tagging, native vlan 1

Cisco Switches by default do not tag the native vlan.  Also by default, the native vlan is 1, therefore vlan 1 is untagged.

When establishing a trunk to a Cisco Wireless LAN Controller, it's important to be aware of how tagged vs untagged are identified.

(4400-A) >show interface summary

Interface Name   Port Vlan Id    IP Address      Type    Ap Mgr Guest

---------------  ---- ---------- --------------  -----   ------ -----

ap-manager       1    untagged   1.1.1.118       Static  Yes    No  

management       1    untagged   1.1.1.111       Static  No     No  

When going through a WLC's initial startup wizard, if untagged for the Management Interface’s vlan is desired, enter '0' (zero) when prompted for the management interface's vlan, as this is equivalent to 'untagged':

(Cisco Controller)

Welcome to the Cisco Wizard Configuration Tool

Use the '-' character to backup

Would you like to terminate autoinstall? [yes]:

<snip>

Management Interface VLAN Identifier (0 = untagged): 0

2) AP Image Names: w7 vs w8

ap image names:

w7 = standalone

w8 = lightweight

examples:

Lightweight/controller based/capwap/lwapp image:

Cisco IOS Software, C1130 Software (C1130-K9W8-M), Version 12.4(23c)JZ, RELEASE SOFTWARE (fc1) c1130-k9w8-mx.124-23c.JZ

Autonomous/IOS/Standalone image:

Cisco IOS Software, C1140 Software (C1140-K9W7-M), Version 12.4(21a)JY, RELEASE SOFTWARE (fc1)c1140-k9w7-mx.124-21a.JY

3) AP Part Numbers: LAP vs AP

Most Cisco Access Points are available with two part numbers.

LAPxxx = shipped new from manufacturing with lightweight image

APxxx = shipped new from manufacturing with autonomous image

Same physical hardware.

Example:

Same physical ap's, the first is shipped with a lightweight image, the second with an IOS image:

AIR-LAP1142N-A-K9

AIR-AP1142N-A-K9

Most AP's can be converted between both modes.

4) Wireless LAN Controller DHCP Handling

Wireless Lan Controllers perform 'dhcp proxy' by default.  The ‘Dhcp Server’ IP Address configured on controller interfaces acts the same way as an 'ip helper' statement on a Cisco router. 

With this configuration in place, an IP Helper statement on the wireless clients’ default gateway router is not necessary.

DHCP Proxy can be configured via the WLC’s GUI in 6.x and 7.x code (Controller -> Advanced -> DHCP).

Earlier code requires CLI access for configuration:

(WLC) >show dhcp proxy

DHCP Proxy Behaviour: enabled

(WLC) >config dhcp proxy disable

(WLC) >show dhcp proxy

DHCP Proxy Behaviour: disabled

Bootp-Broadcast:disabled

5) Lightweight AP modes: Local vs H-Reap (FlexConnect)

Local mode Access Point: tunnels all traffic to controller, controller responsible for tagging packets and putting them on the wired network, AP's switchport configured in access mode/non trunk.

H-Reap mode Access Point: ap's function similarly to standalone ap's, tag their own traffic, AP's switchport configured as trunk.  Vlan tagging requires configuration on each H-Reap mode AP (Via the controller’s Gui).

*H-Reap was renamed to 'FlexConnect' in 7.2 code.

6) Legacy Access Points End of Support

1500 Series, LAP-1505, LAP-1510: Last supported in 4.2.M controller code.

1000 Series, AP1010, AP1020, AP1030:  Last supported in 4.2 controller code.

1120/1230 Series, 1121, 1230, etc.  Last supported in 7.0 code.

Software Release Support for Access Points

http://www.cisco.com/en/US/docs/wireless/controller/5500/tech_notes/Wireless_Software_Compatibility_Matrix.html#wp78157

These Access Points will not join a controller running code later than supported.

7) AP console settings

•9600 baud

•8 data bits

•1 stop bit

•No parity

*********No hardware flow control******

These are the same settings for other Cisco devices.  It is essential that AP's console session have flow control disabled.  Most other Cisco devices will tolerate this setting if not disabled, but AP's will not.  The result is typically no display and/or keyboard response.

8) WLC Dynamic Interfaces, Does it Route?

Those familiar with Cisco routing and switching may get the impression that Wireless Lan Controllers have routing capability.  This may seem apparent due to the fact that multiple dynamic interfaces with ip addresses may be configured.  WLC's do not route.

The ip addresses assigned to the dynamic interfaces are not used for client traffic passing through the controller.

Dynamic interfaces' IP addresses primary functions are:

+ Referenced as Giaddr for DHCP Proxy (relay)

+ Multicast.  For wireless multicast receivers connected to local mode ap's, if the controller has IGMP snooping enabled, it will proxy/spoof IGMP reports to the wired network using the client's corresponding dynamic interface IP address.  If IGMP snooping on the controller is disabled, client IGMP reports are forwarded unmodified to the wired network.

+The IP address is checked when you do an intercontroller roam, so that  the WLC knows if you did a L2 or L3 roam, and whether to anchor your  traffic or to pass the MSCB entry to the new WLC.

9) Multicast

By default, multicast traffic is not forwarded by Wireless Lan Controllers for local mode ap's. 

A common source of confusion is that Autonomous Mode AP's will forward multicast just as they would unicast, so no configuration is required.  In the instance of Autonomous AP's being converted to Controller Based/Lightweight, multicast will no longer work until configured on the controller.

Since Controller based H-Reap mode ap's forward their own traffic, multicast will behave as if the AP were a standalone AP, and no controller configuration is required.

10) Anchored Wlans.  Where does authentication occur?

For Layer 3 authentication, e.g. Web Auth, authentication handling occurs on the Anchor Controller.

For Layer 2 authentication, e.g. 802.1x, authentication handling occurs on the Foreign controller.

Average Rating: 5 (3 ratings)

Comments

Stephen Rodriguez Fri, 01/27/2012 - 14:24

Jeff,

     you may want to add what else the dynamic-interface IP comes to play for.  The IP address is checked when you do an intercontroller roam, so that the WLC knows if you did a L2 or L3 roam, and whether to anchor your traffic or to pass the MSCB entry to the new WLC.

Actions

Login or Register to take actions

This Blog

Posted December 30, 2011 at 7:22 AM
Stats:
Comments:4 Avg. Rating:5
Views:10559   
Shares:0

Blogs Leaderboard