WLC RRM - Monitoring and Packets

Answered Question
Apr 17th, 2008
User Badges:

Hi all,


How can you tell from a 440x controller what members are configured in your RF groups (or sub-groups)?


Also, the good RRM doco


http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a008072c759.shtml


Mentions that packets are sent to the controller from the APs. Do this packets get encapsulated in LWAPP ?


I think I heard somewhere that they are udp port 12214 for 802.11b/g and udp 12215 for 802.11a packets that get sent to the WLC?


Can anyone confirm these two points please?


Kind regards

Ken

Correct Answer by Matthew Fowler about 9 years 3 months ago

Hi Ken and Bruce,


These are 802.11 frames and I found them with a destination address of 01:0B:85:00:00:00. See the attached file.


Notice the first and third frames are from the same source and are 60 seconds apart (the default interval).


Ken is correct, lowest rate, highest power and this is done on every channel.


The data contains:


Radio Identifier

Group ID (RF group name)

WLC IP Address

AP's Channel

Neighbor Message Channel


This is all verified using a hash based on the RF Group Name. So, if the message is undecipherable, the RF Group Name must be different.


Hope this helps.


-Matt


Edit: you may wonder why we don't hear the source of the second packet 60 seconds later. Well, it was at 12% signal, so I'm guessing we just didn't hear it at the next interval.


Edit2: FYI Ken, it has been raining here non-stop for 2 weeks. You're not missing much at the moment!



Ken,


Matt should be able to confirm this for us, but I believe these are a special form of "AP Beacon," which, other than obeying the rules of the 802.11 road (CSMA/CA) can only be decoded by the APs themselves and not the clients.


That being said, there is a downside to this. These "beacons," though infrequent, are sent at the highest tranmsit power and lowest data rate, regardless of the controllers configuration (i.e. 100mW and 1.0Mbps for the 802.11b radio).


Matt, are there any protocol decodes for these beacons?

Correct Answer by Matthew Fowler about 9 years 3 months ago

Hi Ken,


From Appedix B of the deploment guide for all protocols and ports (http://www.cisco.com/en/US/customer/docs/wireless/technology/controller/deployment/guide/dep.html#wp1068265).


---------------------------------------


All messages are carried in UDP datagrams. For all 802.11b/g RRM messages, the UDP datagrams use UDP ports 12124 (client) and 12134 (manager). For all 802.11a RRM messages, the UDP datagrams use UDP ports 12125 (client) and 12135 (manager). UDP ports 12124, 12134, and 12135 must be allowed between all WLCs belonging to an RF Group.


---------------------------------------


FYI this is for communication between members of an RF group (WLCs). The traffic from AP to WLC is LWAPP control on 12223.


RF Group members are displayed under Wireless>802.11b/g/n or 802.11a/n>RRM>RF Grouping.


-Matt

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
Correct Answer
Matthew Fowler Tue, 04/22/2008 - 17:39
User Badges:
  • Cisco Employee,

Hi Ken,


From Appedix B of the deploment guide for all protocols and ports (http://www.cisco.com/en/US/customer/docs/wireless/technology/controller/deployment/guide/dep.html#wp1068265).


---------------------------------------


All messages are carried in UDP datagrams. For all 802.11b/g RRM messages, the UDP datagrams use UDP ports 12124 (client) and 12134 (manager). For all 802.11a RRM messages, the UDP datagrams use UDP ports 12125 (client) and 12135 (manager). UDP ports 12124, 12134, and 12135 must be allowed between all WLCs belonging to an RF Group.


---------------------------------------


FYI this is for communication between members of an RF group (WLCs). The traffic from AP to WLC is LWAPP control on 12223.


RF Group members are displayed under Wireless>802.11b/g/n or 802.11a/n>RRM>RF Grouping.


-Matt

kfarrington Tue, 04/22/2008 - 23:42
User Badges:

Matt :) Good day from wet old London Town. Hope the weathers fine over there in that gorgeous country of yours. One day, I will get there :)


So,


This is exactly what I was after, many thx for that.


Brill. Many thx mate.


Ken

kfarrington Tue, 04/22/2008 - 23:58
User Badges:

Sorry mate, Forgot to ask.


From the RRM doco


1. Controllers (whose APs need to have RF configuration computed as a single group) are provisioned with the same RF Group Name. An RF Group Name is an ASCII string each AP will use to determine if the other APs they hear are a part of the same system.


2. APs periodically send out Neighbor Messages, sharing information about themselves, their controllers, and their RF Group Name. These neighbor messages can then be authenticated by other APs sharing the same RF Group Name.


3. APs that can hear these Neighbor Messages and authenticate them based on the shared RF Group Name, pass this information (consisting primarily of controller IP address and information on the AP transmitting the neighbor message) up to the controllers to which they are connected.


4. The controllers, now understanding which other controllers are to be a part of the RF Group, then form a logical group to share this RF information and subsequently elect a group leader.


5. Equipped with information detailing the RF environment for every AP in the RF Group, a series of RRM algorithms aimed at optimizing AP configurations related to the following are run at the RF Group Leader (with the exception of Coverage Hole Detection and Correction algorithm which is run at the controller local to the APs):

DCA

TPC





In points 2 and 3, how are these neighbor messages sent over the RF domain? Are they IP packets ?? I have a wifi packet capture sniffer, and would like to see these messages so I can identify them?


Many thx indeed for all the help,

Ken

Correct Answer

Ken,


Matt should be able to confirm this for us, but I believe these are a special form of "AP Beacon," which, other than obeying the rules of the 802.11 road (CSMA/CA) can only be decoded by the APs themselves and not the clients.


That being said, there is a downside to this. These "beacons," though infrequent, are sent at the highest tranmsit power and lowest data rate, regardless of the controllers configuration (i.e. 100mW and 1.0Mbps for the 802.11b radio).


Matt, are there any protocol decodes for these beacons?

Correct Answer
Matthew Fowler Thu, 04/24/2008 - 22:13
User Badges:
  • Cisco Employee,

Hi Ken and Bruce,


These are 802.11 frames and I found them with a destination address of 01:0B:85:00:00:00. See the attached file.


Notice the first and third frames are from the same source and are 60 seconds apart (the default interval).


Ken is correct, lowest rate, highest power and this is done on every channel.


The data contains:


Radio Identifier

Group ID (RF group name)

WLC IP Address

AP's Channel

Neighbor Message Channel


This is all verified using a hash based on the RF Group Name. So, if the message is undecipherable, the RF Group Name must be different.


Hope this helps.


-Matt


Edit: you may wonder why we don't hear the source of the second packet 60 seconds later. Well, it was at 12% signal, so I'm guessing we just didn't hear it at the next interval.


Edit2: FYI Ken, it has been raining here non-stop for 2 weeks. You're not missing much at the moment!



Attachment: 
kfarrington Thu, 05/15/2008 - 01:29
User Badges:

Guys,


Many thx for the help. this is great stuff :)


Kind regards,

Ken

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode