Welcome to the Cisco Networking Professionals Ask the Expert conversation. This is an opportunity to get an update with Cisco expert Sergey Shitov on the Cisco internal enterprise WLAN deployment. Sergey Shitov is an IT engineer in Cisco's IT department, with his main focus on the design and architecture of the company's enterprise wireless LAN. His major IT projects include deployment of the original Cisco WLAN in 2000-2001 and serving as technical track lead for the Next-Generation Wireless network project in 2005-2007. Prior to joining Cisco.
Remember to use the rating system to let Sergey know if you have received an adequate response.
Sergey might not be able to answer each question due to the volume expected during this event. Our moderators will post many of the unanswered questions in other discussion forums shortly after the event. This event lasts through September 7, 2007. Visit this forum often to view responses to your questions and the questions of other community members.
Not strictly a deployment question but...!
What's the status of the autonomous APs and the WLSE? Are they still being developed or are they pretty much due for retirement? In other words should we be moving to using LWAPs and WLCs?
Although this question does not exactly fit into the discussion subject I know that WLAN products based on the Distributed Architecture are still being developed, although you are likely to see more new features coming in the controller based solution. Using our internally deployed WLAN as an example - we are migrating from the fully featured IOS based APs deployed about 6 years ago to the network with about twice as many LWAPP APs and wireless controllers.
Hi Sergey, I hope this question falls into the forum brief. We are installing a WiSM in 6509 with Sup720, 3750 access switches and 1242 LWAPPs. A tunnel is created from the LWAPP back to the WiSM (WLC). We are configuring the Platinum/Gold/Silver traffic prioritization for various SSID's. The wireless traffic will be tunneled from the 1242's through the 3750 and back to the WiSM. Is there any way we can configure the 3750 to respect the priorities on the tunnelled traffic when forward on the 1GB uplink into the 6509?
In this scenario I would have looked at setting up a port based DSCP trust for the switch ports which APs connect to and using Shaped Round Robin egress queuing on the trunk ports connecting to a C6K. A priority queue can be configured also.
Thanks Serey, I came to a similar conclusion. Would it be worth looking into each tunnelled packet to determine the priority that the AP has assigned? i.e. Platiunum/Gold/Silver/Bronze.
If you set span/monitor session for AP port (DSCP trusted) in the switch and run packet capture you will see that IP header of the LWAPP packet bound to the controller will have an appropriate DSCP value setting. It will come up based on the User Priority to DSCP mapping depending on what that WLAN/SSID has been configured with. If you have WMM clients and WMM is allowed on that WLAN this all becomes more flexible as the priority setting can be automatically downgraded if a client generates traffic with lower priority than what is set in the controller for that WLAN.
One of my AP got disconnected from my network suddenly.
I am not able to ping the IP address of AP from the core switch.
Then I login into AP from console and checked the config, it seems OK, but not sure.
I have attached the config, can you please tell what is the problem?
IMO configuration looks good enough for a ?ping? test to AP management IP. I suggest checking status of interfaces in AP and in the switch it connects to. If there is a bigger problem raising Cisco TAC case will help.
What would keep causing the Location Appliance to be unreachable ? I have a new installed 2710 that shows up in WCS, but the server keeps disappearing from the database of WCS before I can populate it with the clients and rogues.
If there is no problem with network connectivity I would suggest checking status of LBS software. Refer to CLI syntax for the commands outlined in Location Appliance Installation and Configuration Guide, Verifying the Location Appliance State. Also I would check if WCS has valid account credentials for the LBS.
We have observed this happening periodically.
One thing that helped is to remove the location appliance from the WCS and re-adding it.
We operate AP1121G (IOS 12.2(15)XR2).
There are problem symptom that we can access only some internet web sites (Google ok).
We guess, it may cause from MTU size. When we changed MTU size 1100 on PC, we could access all web sites. And we tried to configure MTU size on the AP, but we failed.
We used "ip MTU" commend on the inferface prompt.
ip mtu 1100
Could you advise for us how to configure MTU ? or some recomendation ?
I can read we are able to configure same SSID on muti APs at the same place. Why do we need same SSID for ? for roarming ?
And I could read an article about some problems about it. Can I have got some advise ? We are using same SSID for our two APs.
we configure same DHCP pool IP range (10.201.4.0 255.255.255.0) at the two APs.
What sould we configure at AP for roaming ? especially we are using DHCP server function on the AP ?
Try using ip mtu command on the Ethernet interface of AP to see if it gives you the result you would want to achieve.
Deploying the same SSID across multiple APs is typical when you need a Wireless network with larger coverage than a single AP can provide. This way you can keep the same SSID in the client?s configuration and clients can roam between APs without profile/SSID changes. If both APs map this SSID to the same VLAN on the switch then clients simply perform a Layer 2 roam. If this is a small site with autonomous AP solution and a L2 roaming what you are after I would recommend making sure management interfaces of the APs have L2 connectivity between them too.
We tried to configure MTU size 1100 on the Ethernet interface of AP. But it was not ok. Is there any method that we can check the MTU commend to run correctly ?
Is there any reports about MTU related bug or problems ?
Anyway, thanks a lot your advise.
I checked mtu interface level command on one of the autonomous APs and it was not supported as a user configurable option neither for radio nor for Fast Ethernet interfaces. Unfortunately, I can provide no recommendation here apart from a suggestion to raise a Cisco TAC case. In our practical experience we kept mtu on AP interfaces at default values on production network.
We have an autonomous IOS Access Point setup here with guest traffic utilising the WLSM. In the future we want to upgrade to the controller based solution with WiSM on the 6500 and maybe 4400 in smaller areas. In your experience would it be better to still utilise the WLSM for guest traffic? We mostly have 1231G access points and i read somewhere that some older ones cannot be upgraded is that true?
There is more than one way to design a centralized guest networking. With LWAPP APs and Unified solution you can either use one of the controllers as anchor to tunnel wireless guest traffic from other controllers to it. Alternatively you can use generic tunnels from a first hop router for clients (after it gets LWAPP decapsulated by a controller) and aggregate these tunnels from multiple sites into some point i.e. DMZ. The use of a WLSM is not clear to me in this scenario as GRE tunnels get terminated on a supervisor if you consider using a WLSM as an aggregation device. Unless you continue using a dedicated network of autonomous IOS APs for this purpose.
IMO the option with an anchor controller will be easier to deploy.
Cisco IT example: At present we use GRE tunnels for guest traffic which was a part of legacy guest networking solution we had at Cisco for several years. GRE tunnels get terminated at one the DMZ routers. Each request for a guest connection to the Internet gets authenticated over https by either a Cisco Building BroadBand Services Manager (BBSM) or a Cisco NAC Appliance. Guests get provided with an access code in advance as we use a web based portal/application to produce those. Also we support guest connections for both wireless and wired clients from some switch ports.
With regards to the conversion of APs to LWAPP this is what is supported for the model you are asking:
For all IOS-based 1200 series modular access point (1200/1220 Cisco IOS Software Upgrade, 1210 and 1230 AP) platforms, it depends on the radio:
? if 802.11G, MP21G and MP31G are supported
? if 802.11A, RM21A and RM22A are supported
The 1200 series access points can be upgraded with any combination of supported
I have an interesting situation, hopefully you can help. This is our basic setup. I work for a large company in Ohio. We have two main remote locations, one in Indiana and one in North Carolina. At each location (including Ohio), there are approximately 15-20 timeclocks at each location, and in each location there are 2 gateway servers. The gateway servers communicate directly with the main servers, which are located back in Ohio, over the WAN circuit. They traffic traverses a dedicated leased Point-To-Point circuit back to our Ohio facility. The timeclocks connect thru a 802.11B network to our access points. In the facility in Indiana, we have 7 access points, and the facility in North Carolina we have 6 access points. The time clocks are essentially "dumb terminals", in that once you hit a button, it waits for the gateway server to respond back with what to put on the screen. The gateway server also sends time every 60 seconds to the timeclocks. When you press a button on a timeclock, it checks to see if it has a valid session with the gateway, and if the session is active it goes on to the next step. If the session is not valid timeclock will reboot and start an all new network session. So if the session is invalid, the clocks reboot once a button is pressed. The timeclocks are not smart enough to reboot themselves if the session is lost.
There is a WLC 4400 series in our Ohio facility controlling the access points.
Here are the multiple scenarios that we have tested:
#1 - If the access points are running in lightweight mode, connecting to the gateway servers at their local location, and are pointing to a WLC that is sitting in Ohio, the clocks have issues keeping their sessions alive, and reboot at random times through out the day, once a button is pressed.
#2 ? If the access points are running in lightweight mode, connecting to the gateway servers at their local location, and are pointing to a WLC that is sitting on the local LAN, the clocks have issues keeping their sessions alive, and reboot at random times through out the day, once a button is pressed.
#3 ? If the access points are running in lightweight mode, connecting to the gateway at the Ohio location, and are pointing to a WLC that is sitting in Ohio, the clocks have issues keeping their sessions alive, and reboot at random times through out the day, once a button is pressed.
#4 ? The facility in Ohio (which does not have to traverse the WAN link) has no issues with any rebooting. The access points are pointing to the WLC and gateway over the local LAN in Ohio.
#4 ? If the time clock in Ohio points to a gateway server in either the North Carolina or Indiana location, with the access points as Lightweight pointing to a WLC on the local Ohio LAN, the clocks have issues keeping their sessions alive, and reboot at random times through out the day, once a button is pressed.
#5 ? If the access points are configured as Autonomous access points, pointing to a local gateway server, there are no issues at all.
So the end result is that any combination of Lightweight Access Points and the WAN link results in timeclock issues. Any combination of Autonomous Access Points and the WAN/LAN links, results in no issues.
Is there a significant difference in the traffic patterns of a Lightweight AP?s versus Autonomous AP?s?
I know that this is confusing, if you need more details please message me and I can provide more, and any show commands that are needed.
Here is the list of devices that we are using
Timeclocks ? Intermeck Trakker Antares 2400 series
Access Points ? Cisco 1242AG ? IOS 12.4(3g)JA
WLC ? AIR-WLC4402-50-K9 ? S/W Version 22.214.171.124
If I followed your description correctly I believe you excluded WAN connection in case 2 and still have clock application failing, please confirm.
Have these terminals and the application been tested in a simplified environment (read - LAB) with LWAPP infrastructure to workout WLC>>WLAN and terminal settings prior to deployment?
Is this application based on unicast only?
Also, may I have more data on WAN circuit latency to understand your situation better.
You did not mention if your APs are in H-REAP mode so I assume you are using Local mode.
Thanks for the quick reply.
To answer your questions,
in example number 2, the gateway server traffic still traverses the WAN circuit. The Main Servers sit in our Ohio facilities, and are unable to be moved.
We did some testing of this infrastucture in a mini lab, but not with the WAN link involved.
The WAN circuit has other traffic traversing it, with no notable latency issues. I will attach a screen capture of the MRTG for this circuit.
Yes these access points are running H-REAP mode.
With regards to H-REAP deployments LWAPP control will go to the remote WLC via WAN while data can be locally switched.
Please can you confirm that roundtrip latency between a remote site and central location is less than 100 ms?
Has LWAPP control traffic been prioritized over WAN?
The above points shall insure that APs do now flap between connected and standalone modes.
Do you use local switching for data on WLAN which wireless clocks connect to?
The above recommendations do not help with case 2 as you already mentioned that controller and APs were local to each other. I would have looked at replicating WLC/AP setup which you described in 4 at one of the remote sites. If clock application is sensitive to WAN latency and packet loss then prioritizing traffic between gw server and main server will help.
Here are the response times
From LWAP - Location in North Carolina to Ohio
Tracing route to 172.20.62.15 over a maximum of 30 hops
1 8 ms 4 ms 1 ms 172.20.233.1
2 102 ms 63 ms 65 ms 172.20.254.21
3 63 ms 63 ms 66 ms 172.20.240.10
4 64 ms 63 ms 106 ms 172.20.62.15
From Autonomous AP - Location in North Carolina to Ohio
Tracing route to corp57b.crown.com [172.20.62.15]
over a maximum of 30 hops:
1 1 ms 1 ms 1 ms 172.20.128.1
2 66 ms 126 ms 65 ms 172.20.254.21
3 63 ms 140 ms 69 ms 172.20.240.10
4 63 ms 63 ms 63 ms *.*.com [172.20.62.15]
LWAPP has not been prioritized over the WAN Link.
We user local switching for the data.
Also I have attached a diagram of our situation. The diagram labeled IN is our Remote Facility in Indiana, and the diagram labeled OH is our main office in Ohio.
Thanks for your help.
LWAPP traffic prioritization over the WAN is the suggestion which comes to my mind as you already have the same type of mobile devices working with LWAPP infrastructure over the LAN and the application seems to be capable running over a link with similar latency (unless WAN connection from two remote sites has different levels of utilization, then setting a priority for the application data traffic shall be considered too). Having said that in the example of Cisco IT network we use locally based controllers and APs in ?Local? rather than ?H-REAP? mode so I will not be able to add much more on H-REAP over the WAN stability from our own practical experience.
I would also check if there is any difference on the wireless side which could impact wireless link and connection quality so these sessions are not stable enough at that site. I wonder if you have any other devices there which can give any indication if there is any problem with connectivity and also if you looked at the statistics for the clock devices, in particular checking historical graphs on AP associations, RSSI and SNR trends. You can get these reports from WCS. Also if you use Auto RF you can check how often APs themselves change channels, ideally they should not be doing that often if a network is stable.
I have just got 37 aironet 1240's for our new wireless network. we have a mix of laptops and PDA's. The PDA's are HP Ipaq RX1950's and HX2750's these all work fine with the WPA encryption set. My problem is that all our HP HX4150's will not support WPA only WEP and so will not connect to the network.
I need these as they our for our electronic registers in the school.
Can I have both types of encryption on the AP's and if so how do I configure the AP's to do this.
I am new to the world of wireless so any help would be greatfully recieved.
I think you are asking about autonomous APs here. If both ciphers can not be supported on the same SSID I would recommend creating two different SSIDs and mapping them onto either the same or different VLANs depending on your requirements and policies.
I would like to get an information. I am using Aironet Client Utility Version 2.40.03 on windows ce device. Is it possible to configure a profile programmaticaly.
Thanks in advance,
PS: Sorry if I didn't put the message in the right post..
We have ACU deployed on many IT supported production PCs at CISCO but not on Win CE platform. I have no answer if profiles can be scripted in the 2.40.x version.