Professional Documents
Culture Documents
Page 1
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
Lab Topology
In order to derive the most out of this Lab, and exercise the functionality outlined in this document, its
important to have a network that is configured properly with IPv4 configuration on the switches and
controllers. All lab resources are configured as depicted in the diagram below. Most Lab deployments are
usually in lab or private network with a minimal set of Controllers, Access Points and Clients.
LabTopology*
Wireless*Client*
Lync*Client**
Username*:podXa*
Password:*Cisco123*
*
SSID:*PODX/EoGRE*
Security:*WPA2*/PSK*
*
Wireless*Client**
Cisco*AirProvision*
App*
*
**
*
Internet*
NAT*Router*
SSID:*PODX/PSK*(Universal/admin)*
Security:*WPA2*/PSK*
MSE:10.10.105.26*
AP2700/UX*
*
SW/3750*
10.10.X0.4*
Wired*Client*10.10.X0.x*
*
*
*
CUWN*8.1*Features*
/Spartan*2.0*
/Universal*AP*
/ATE*
/BLE*
/Lync*SDN*
/FlexAVC*
*
**
*
WLC/2504*
MGMT*=*10.10.X0.2*/24*VLAN*10*
CORE/SW/3750*
Vlan10:10.10.10.1*
Vlan20:10.10.20.1*
Vlan30:10.10.30.1*
VlanX0:10.10.x0.1*
*
PI:10.10.105.25*
UCS*10.10.105.50**
MS*Lync*Server*10.10.105.14**
POD*X*
*"Where"X"is"the"POD"number""
Page 2
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
3. After doing basic connectivity testing you will be required to disconnect the PC/ laptop from the
Switch port and directly connect it to the WLC Service Port as part of the lab Section 1.
Vlan
10
X0
10
X0
10
20
30
X0
10
X0
IP Address
10.10.10.1
10.10.X0.1
10.10.10.4
10.10.X0.4
10.10.10.2
10.10.20.2
10.10.30.2
10.10.X0.2
DHCP
DHCP
Gateway
10.10.10.1
10.10.X0.1
10.10.10.4
10.10.X0.4
10.10.10.1
10.10.10.1
10.10.X0.1
10.10.X0.1
10.10.10.1
10.10.X0.1
User Name
N/A
N/A
N/A
N/A
admin
admin
admin
admin
cisco
cisco
Password
N/A
N/A
Cisco
Cisco
Cisco123
Cisco123
Cisco123
Cisco123
Cisco
Cisco
Pod 1
10
Pod 2
20
Pod 3
30
Pod 4
40
Pod 5
50
Pod 6
60
Pod 7
70
Pod 8
80
Pod 9
90
Pod 10
100
Management Vlan used for => WLC, AP, Wireless Laptop Client, Apple Client
Machine (iPAD/iPhone)
Wired laptop connected to VLAN x0
POD 1
10
POD 2
20
POD 3
30
POD 4
40
POD 5
50
POD 6
60
POD 7
70
POD 8
80
Pod 9
90
Pod 10
100
Page 3
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
Now being connected to your local Pod you can verify lab setup and configuration as shown in topology
above. Remember individual POD switches are configured as pure L2 switches and not a core
switch. Using telnet access from command prompt on the wired Lab laptops, connect to individual POD
switches and controller and verify the network connectivity.
POD 1 L2 switch
POD 2 L2 switch
POD 3 L2 switch
POD X L2 switch
: 10.10.10.4
: 10.10.20.4
: 10.10.30.4
: 10.10.X0.4 [where X is the POD number]
When connected to the individual L2 switch initiate ping to its gateway and DHCP server and make sure
connectivity is fine. Below example from Pod 9
Page 4
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
Section1:
Day 0/1 setup 2.0 (Best Practice)
Day 0/1 setup Introduction
The goal of this feature in the Lab guide is to provide a set of instructions to help easily setup a WLC to
operate in a small or medium office environment, where access point(s) can join and together as a simple
solution, provide various services such as corporate employee or guest wireless access on the network.
With this Day 0/1 setup software release, there are 2 ways to configure the 5508 Series Wireless LAN
Controller:
Traditional command line interface (CLI) via serial console.
Updated method using network connection directly to the WLC GUI setup wizard
This guide provides instruction only for using the WLC GUI setup wizard. Configuration via CLI is has
been maintained for some time and is available on Cisco.com or at the following location:
http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-6/configuration/guide/b_cg76.html
General steps to configure are summarized as follow:
1. Complete the configuration checklist
2. Unpack, connect and power on the WLC.
3. Connect a client machine to Port 2 of the WLC with an Ethernet cable.
4. Open a client web browser access the WLC startup GUI
5. Enter the settings from the completed configuration checklist
6. Disconnect the WLC from client machine and connect to the network switch.
7. Connect access point(s) to the network switch.
8. Access points will join the WLC, then configured wireless network will become available.
9. Connect wireless client(s) to the available network.
Components Used
Page 5
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
2. It may take several minutes for the WLC to fully power on to make the GUI available to the PC.
Do not auto configure controller.
3.
If you dont get a PI address (192.168.1.xyx) from WLC the manually assign a static IP address
192.168.1.X to your Laptop to access the WLC GUI (DHCP will be available in the official release)
Example of network settings on Windows PC (Start Run CMD ipconfig):
Page 6
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
4. Upon confirming that there is an IP address of 192.168.1.x assigned to your computer, open a
web browser (Prefered is Chrome and Safari) and open the following URL:
http://192.168.1.1
a.
b.
c.
d.
Page 7
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
5. On the next screen, indicated Step 1 - Set Up Your Controller, fill out the required information.
Again, it will be helpful to refer to your checklist and the table provided by the Lab Admin.
a. System name for the WLC PODX-WLC
b. The current time zone (w.r.t country )
c. NTP Server (optional)
d. Management IP address, subnet mask, and default gateway 10.10.X0.2 and 10.10.X0.1
e. Management VLAN id (see checklist), if left unchanged (or 0), then the network switch
port must be configured with a native VLAN X0
Note: The wizard will attempt to import the clock information (date and time) from the computer via
JavaScript. It is highly recommended that you confirm this before continuing. Access points rely on
correct clock settings to be able to join the WLC.
Note: Example below show a configuration for Pod 1.
Page 8
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
6. Next, or from the Step 2 - Create Your Wireless Networks, with the help from your checklist,
fill out the following:
a. Network name/SSID - PODX-PSK
b. Security (WPA/WPA2 Personal)
WPA/WPA2 Personal provide a pass phrase (PSK / password=Cisco123)
c. Provide the DHCP server (10.10.X0.1) if left empty, the DHCP processing is bridged
to the management interface.
Example of an Employee Network configured with WPA/WPA2 Personal using PSK (pre-shared key /
pass phrase) for Pod1.
Page 9
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
Then you can configure the Deployment Type parameters through which you can select Low Density,
Typical or High Density and also configure the RF parameters for particular type of traffic as well like
Data and Voice.
Page 10
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
For this Lab select deployment type as Typical and Traffic Type as Data leave the Virtual IP Address
and other values to default then click Next.
Following table depicts the default values when Typical deployment type is selected from RF
parameters.
Page 11
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
7. If all settings are correct, click Apply. A message with a prompt System will reboot...Do you
want to apply these configuration?
Page 12
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
8. Click OK to apply final settings, the WLC will reboot automatically. A confirmation page will
show that The controller has been fully configured and will now restart Sometimes this
message would not appear this is a known issue and will be fixed.
9. Optionally check the configuration done in the Day-0 config via the console connection
10. Disconnect your computer from the WLC port 2 and connect it to POD-Switch port 5
Please do not forget to change the laptop ip address back to dynamic/automatic dhcp option if it is
statically assigned. Otherwise would not be able to access the WLC mgmt. GUI through
10.10.X0.2
11. Connect the WLC port 1 to the switch assigned trunk port. i.e port 1 of your POD Switch if not
already connected.
12. Connect only AP3700 access points to the your POD switch if not already connected. i.e. AP3700
to port 3
13. Wait until access points to join the WLC
Dashboard
Browse to http://10.10.X0.2 which you assigned to your PODx-WLC
Please spend some time to explore the new dashboard. The admin must log into the WLC to access web
UI and dashboard. This dashboard does not replace the existing legacy Monitor page on the WLC. To
return to the legacy web UI page, click on the Advanced link.
Page 13
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
To return back to the Dashboard screen click on the Home button as shown below.
You can verify whether the Day 0/1 setup 2.0 (best practice) features are enabled by checking that
predefined RF profiles getting created under WIRELESS->RF Profiles
Page 14
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
Also , under WIRELESS->Advanced-> System Profile/ Network Profile you should see the following
Below are examples of some of the BP features enabled with Day-0 wizard installation. The features
showing * are in process of being implemented in the new release
Feature
8.1
AVC Visibility
mDNS Snooping
Yes
Local Profiling
Yes
Band Select
Yes
DHCP Proxy
Yes
Yes
Virtual IP 192.0.2.1
Yes (configurable)
RRM-DCA Auto
Yes
RRM-TPC Auto
Yes
CleanAir Enabled
Yes
EDRRM Enabled
Yes
Yes
Aironet IE Disabled
Yes
No
Page 15
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
Load Balancing
Yes
Yes
FastSSID Enabled*
Yes
Infra MFP
Yes
Yes
Yes
Mobility Name
Yes
Yes
Yes
Yes
Note: Before proceeding to the next section configure an RF Group Name according to your pods (e.g.
pod1, pod2podx where x is the pod number)
From WLC main menu CONTROLLER->General then configure the name as podx (where x is the pod
number).
You have reached the end of the Lab guide for the Day 0/1 setup software release. Please proceed to the
next section of the Lab.
Page 16
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
Section 2:
Page 17
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
Note:
ATE policies are applied only in the downlink direction (AP transmitting frames to
client).
ATE policies are applied only on wireless data frames; management and control
frames will be ignored.
When ATE is configured per-client, each client is granted equal airtime.
ATE will be configured to either drop or defer frames that exceed their airtime
policies. If the frame is deferred, it will be buffered and transmit at some point in the
future when the offending client/UP/SSID has a sufficient airtime budget. Of course,
there is a limit as to how many frames can be buffered. If this limit is crossed, frames
will be dropped regardless.
ATE can be globally enabled/disabled
ATE can be enabled/disabled on an individual access point
Legacy, 802.11n, and 802.11ac (TBD) frames will be supported.
ATE results and statistics will be available on the wireless controller (TBD).
Page 18
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
3. In the next step configure two bucket IDs and Weight for the two corresponding SSIDs. One
bucket # 1 with weight 98% and the second #2 Weight 2%.
config ate bucket 1 98
config ate bucket 2 2
Page 19
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
4. Connect a wireless Client of your choosing to SSID in your POD ie PodX-ate98 and
observe the effect of the ATE on this WLAN. Run some video stream such YouTube.
5. Connect a wireless Client to SSID in your POD ie PodX-ate2 and observe the affects of the
ATE on that WLAN. You should see YouTube is much slower on this WLAN.
6. Change the buckets to something like 90% and 10% and observe the video changes.
7. There are no debugs and Statistics in code rite now
Page 20
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
Section 3:
BLE (Bluetooth Low Energy)
Bluetooth Low Energy or Bluetooth LE, marketed as Bluetooth Smart, is a wireless personal area network
technology designed and marketed by the Bluetooth Special Interest Group aimed at novel applications in
the healthcare, fitness, security, and home entertainment industries. Compared to Classic Bluetooth,
Bluetooth Smart is intended to provide considerably reduced power consumption and cost while
maintaining a similar communication range. Mobile operating systems including iOS, Android, Windows
Phone and BlackBerry, as well as OS X, Linux, and Windows 8, natively support Bluetooth Smart.
Bluetooth Smart is not backward-compatible with the previous, often called Classic, Bluetooth protocol.
The Bluetooth 4.0 specification permits devices to implement either or both of the LE and Classic
systems. Bluetooth Smart uses the same 2.4 GHz radio frequencies as Classic Bluetooth, which allows
dual-mode devices to share a single radio antenna. BLE does, however, use a simpler modulation system
and uses a different set of channels. Instead of the Classic Bluetooth 79 1-MHz channels, Bluetooth Smart
has 40 2-MHz channels. Within a channel, data is transmitted using Gaussian frequency shift modulation,
similar to Classic Bluetooth's Basic Rate scheme. The bit rate is 1Mbit/s, and the maximum transmit
power is 10 mW.
You also probably heard of BLE beacons or iBeacons (Apples version of BLE) come up in your
conversations with customers or partners. BLE uses Bluetooth 4.0 for advertising and granular location.
As noted above, BLE is supported in most newer smartphones and can enhance indoor Wi-Fi location
deployments with additional levels of granularity and faster refresh rates.
If you are thinking about beacons, the best solution is a hybrid environment where Wi-Fi is enhanced
with BLE. This solution helps mitigate the operational costs and complexity of handling rogue or stolen
beacons, while offering a richer location landscape for your deployment.
Cisco is doing three things to help in this area:
1 Improve Location Accuracy: Cisco is improving Wi-Fi based location in order to reduce the
difference between Wi-Fi and BLE. Better Wi-Fi location accuracy will allow you to reduce the number
of BLE beacons required for granular location applications. Cisco is working towards goals of 1-3m
accuracy; 5-6 second refresh rate, and 2 second latency. *Please note: not all use cases require the fast
refresh rates offered by BLE.
2 Manage BLE: Cisco wireless infrastructure can see, read, and position BLE beacons with existing
Cisco CleanAir APs there is no need for new hardware. This will help you keep track of beacons,
ensure they have not moved, identify rogue and/or duplicate beacons. We are working on Wi-Fi-based
visibility (and potentially moving into active management) to help streamline BLE management.
3 Integrate BLE with Access Points: Weve identified that there is potential here to help you deploy
fewer beacons and reduce worries around battery replacement/theft/movement while built-in centralized
management.
Page 21
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
2- Now from the WLC CLI and issue the following command to enable ibeacon detection
(PODx-WLC)> config 802.11b cleanair device enable iBeacon
To verify if any BLE/iBeacon is reported by the AP to the WLC issue the command
(PODx-WLC)> test cleanair show idr all //This will show all the interferers//
Note : In the lab there are few iBeacons present and you should see them
Page 22
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
3- You can also use the following show command to see if the ibeacons are detected by the specific AP.
(PODx-WLC)> show 802.11b cleanair device ap <AP Name>
As the iBeacons are being detected as rogue devices we need to classify them and this is done through the
PI/MSE in this lab setup.
Note: In this lab we are using PI and MSE to show the visibility and
configuration of iBeacons. But going forward the BLE/iBeacon
visibility and configuration will only be available on MSE (MSE
10.x) This PI is demo code just use it as a reference for this lab only.
4- Now login to the PI (10.10.105.26 root/Public123) and see your respective POD-WLCs are already
add to the PI.
Note : If the WLC is not on the PI then add it from PI main menu bar go to Operate->Device Work
Center and add your respective POD WLCs
Page 23
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
5- Configure the device parameters according to your pod and click Add button
WLC IP Address = 10.10.X0.2 ; Community= private ; Telnet= admin/Cisco123
Page 24
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
7- Now add your respective POD-APs to the map by going to PI main menu then click Operate->Maps
8- There is a single map (conference room) for all the pods. Click on the maps and then Site Maps
System Campus>SJC5>Conference room
9- Only when you do not see your POD AP on the map then Add the access point by selecting Add
Access Points from Select a command drop down menu on the right side of the page then click Go
button.
Page 25
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
10- This will to take you to Add Access Points page. There will be multiple access points
showing up on the list please select the one with your POD number and Click OK button
Note: Once the AP is added then switch PI mode to Classic view as iBeacons configuration is
currently only available in PI classic view.
11- Hover your cursor to root on top right side of the PI GUI then select Switch To Classic Theme
12- Go to Monitor and then click on BLE Beacons, this will give you list of iBeacons discovered and will
show up as rogues.
Page 26
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
13- Similarly, from PI main menu navigate to Configure tab and click BLE Beacons
14- List of the iBeacons will show up click on the one of the iBeacon device Mac Address. As we dont
have individual beacons for the pods just use the next step for the reference.
Note: In most cases you will have the Beacons which have a MAC or UUID but the ones in the lab are
Estimote ibeacons which dont have this information visible on the device physically (The mac address is
hand written on the back side of the some of ibeacon devices in the lab)
15- Not a requirement but you can name the device as you like e.g BLE-1 where Then click Save
Page 27
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
16- Once the device name is changed add that device to known list, from -Select a command- drop
down menu on the right side of the page select Add BLE Beacons to Known-List and click Goshown
below.
17- Now go the map and check if BLE Beacons are populated on the map. Please make sure under the
Floor Settings that all the BLE filters are enabled. You should be able to see the iBeacons on the map
some showing up as rogues (Yellow) and ones configured as known (Green) and if there is any missing
iBeacon it will show up as Red
Page 28
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
Page 29
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
Section
4:
Lync
SDN
Page 30
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
Page 31
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
Page 32
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
Give intuitive ACL name ( in our example we named it lync) and click Apply
Now click on the ACL name and configure ACL rules by clicking Add New Rule button
Page 33
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
Now apply this ACL as CPU ACL. In the official release user would not need to configure this ACL but
will be enabled by default once configuring Lync.
NOTE: If you misconfigured the ACL and lock your self out use the following
command to disable the ACL
(WLC)>config acl cpu none
Page 34
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
Once Signed In, in the search bar enter pod1b@corpdemo.net address to find the contact. To initiate a
voice call click the greyed out phone icon button appearing at the bottom of the contact screen.
Page 35
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
podxb@corpdemo.net is your lab proctors account ask one of the proctors to receive a call. Once the
connection is made you will see the guy in the hat (forgot to bring it to Amsterdam)
To monitor the call navigate to MONITOR->Lync SDN->Active Calls and you should be able to see the
lync-call status
Page 36
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
While the call is on, start the camera and check that the call is upgraded to Video call:
Note: In this demo code Clicking the index number would not reveal any call details as these changes are
not integrated for this demo build, thats just an empty template we are showing for Demo. But these
values will be there in the official release.
Once the call is ended there is an option to see the call stats like MOS value and jitter under MONITORLync->History Calls.
Page 37
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
The call history details are not available on the GUI in this demo code but will be available in the official
release. For now you can view historical call details from WLC cli through following show command
Show lync-sdn history-calls detail <call id>
Page 38
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
AVC on FlexConnect AP
Cisco Confidential 2014 All Rights Reserved
Page 39
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
2- When the AP converts to Flexconnect you will be able to see the Flexconnect tab.
From FlexConnect tab enable VLAN Support and set Native VLAN ID to your individual POD
management VLAN e.g. POD1 =VLAN 10, POD2 =VLAN 20, PODX = VLAN X0 (where x is the pod
number). Then hit Apply
Page 40
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
4- Under WLAN VLAN Mapping configure the VLAN ID to VLAN X1 which will be the locally
switched VLAN (e.g POD1=VLAN11, POD2=VLAN21PODX=VLANX1)
5- Now create a FlexConnect group by going to WLC main menu WIRELESS->FlexConnect Groups
click New
Page 41
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
6- Assign a name to FlexConnect Group PodX-flex and click Apply or you can use any intuitive name
to assign it to your individual pod.
7- Under the General tab Enable Application Visibility then add FlexConnect AP to the group by
checking the box Select Aps from current controller. The AP will appear under AP Name drop
down list then click the Add AP button and hit Apply
Note: Under Application Visibility we have three different options Wlan Specific/Enable/Disable
for the purpose of the lab we are just using Enable option. FlexConnect Group specific AVC
configuration takes precedence over WLAN AVC configuration
8-The AP should appear as being added to the group.
Page 42
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
9-
Associate a client to this WLAN (PODx-PSK), once connected verify that the client gets an IP address
from a local switched VLAN X1 (i.e. VLAN 11=10.10.11.0/24 for POD1, VLAN 21=10.10.21.0/24 for
POD2VLANX1 for PODX *where X is the Pod number) you can check this by going to clients detail
from WLC Monitor->Clients then click on the clients MAC address. Below example is of a client
associated to WLAN POD6-PSK
10- Once the client is in run state and able to pass traffic browse to different websites (YouTube, Google,
Facebook, etc.) or run different applications so the client pass the data traffic.
To see the application visibility stats go to the WLC main menu Monitor->Applications->FlexConnect>FlexConnect Group click on the group name
Page 43
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
You will be able to see Application statistics under the Aggregate tab. The stats can be viewed for Max of
30 records and by default it is set to 10.
The above application stats are per FlexConnect group, you can also monitor application visibility per
client as well. On the same page click on the Clients under Applications->FlexConnect->FlexConnect
Groups->Clients then click on the client mac add
Page 44
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
Summary
FlexConnect Group specific AVC configuration takes precedence over WLAN AVC config
WLAN AVC configuration will be pushed to Flex APs where WLAN is broadcast
Page 45
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
Section 6:
Universal Domain AP
The aim of introducing Universal SKU AP is to address the worldwide regulatory compliance
requirement based on geo-location of the Cisco Wireless Access Points. Solution will collapse all
current regulatory domains into a single SKU Access Points. This will be applicable only to
newer -UX PIDs introduced and will not affect existing APs that are preconfigured with a
specific regulatory configuration.
Universal Access Point would be configured to correct Regulatory Domain in two phases
Manual Identification (Through Cisco AirProvision App)
Automatic Identification (Through NDP propagation)
Manual Identification
Smart Phone based solution( Cisco AirProvision app) communicates with Universal
Access Point on a secure channel.
For new installations user needs to prime at least one AP in the RF neighborhood by
Manual Identification method
APs primed at a different country/reg. domain will rely on Manual identification to
automatically correct country configuration
Upon failure of Automatic identification, Universal AP will fallback to Manual
identification
Automatic Identification
The process relies on Cisco Infrastructure to identify and apply Reg. Domain and
Country configurations
Cisco proprietary Neighbor Discovery mechanism identifies secure Cisco Universal APs
in the RF neighborhood
Universal AP learns domain configurations from the adjacent neighbors 802.11 beacons
frame and filters invalid and malicious rogues
Adjacent Universal APs will have NDP propagation flag set that will be used to
propagate valid country and reg. domain to the rest of the APs
Page 46
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
For the this lab exercise configure the AP2700 name according to your pods as PODx-AP2700UX if not already configured (where X is the POD number) by going to AP General tab. Also,
prime it to your WLC, under High Availability tab assign your primary controller as your PODWLC name (PODx-WLC) and ip address 10.10.X0.2 then click Apply.
Note: You will see the APs LED blinking red and green even though the AP has obtained the ip
address and joined the controller. This is because there is no regulatory domain set on the AP
and it has not been primed with the correct domain.
To check if the AP is not already primed for a specific country domain, Click on the AP Name
and under Advanced tab the Regulatory Domains shows UX for both radios.
Notice that the Country Code is also showing UX and Universal Prime Status set to
Unprimed
Page 47
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
NOTE: You can configure multiple country domains on the WLC as well to test the AP join. As
its a Universal SKU AP (-UXK9) it should join the WLC regardless of the country domain set
on the WLC. But for the lab we are using country domain as US
(In the lab if you see that the AP is already primed (then just clear the AP configuration
and once the AP joins back to WLC it should have country code as UX and status as
Unprimed)
Page 48
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
Currently, the AirProvision App is in a pilot program and not available to everyone. This limit
will be taken off soon. For this lab exercise please ask the proctor for a phone once you reach
this portion of the lab and return back the phone once you are done configuring the UX -AP.
Air Provision App installation steps:
1- To get the app, type in cs.co/estore from your mobile device browser and it will open the
following page you can install the app from there.
Note: If you already have AirProvision app installed on your phone, please update
that to the latest version 1.3 as there are some bugs in the older version.
Page 49
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
2- Open the app and it will take you cisco CCO login page
Page 50
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
4- You can Log in with CCO credentials and access the estore app. Now go to All Apps
5- Select the AirProvision and install this App.
Page 51
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
Page 52
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
3- When the location service is enabled, it will take you to the universal AP login where username
and password shows up as default. User cannot change these credentials just press Log In.
If you have an Android phone please refer to point 6 of this section
It will show AP configuration page where you can see Configure and Audit tabs. This provides
the status of the universal AP as shown below. Currently, the AP is not provisioned so it states
the following under configure and Audit tab
AP Provision = No
2.4 GHz= -UX
5 GHz= -UX
Configured Country= UX
Page 53
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
5- The AP will reboot and join back with the regulatory domain it has received through the GPS
/Location services. You can check that by going to the WIRELESS->AP Name->Advanced tab
and now the Regulatory Domain is changed from UX to A which is the correct regulatory
domain. Also, the country code should say US and as the AP is primed through the app the
Universal Prime status shows Web App.
Page 54
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
Also, you can insure this by connecting the client (iphone or Android phone) to the universal admin
enabled SSID (POD6-PSK in my setup) and then login to the Airproviosion app you will see that the
Universal AP is configured correctly as follow
AP Provision = Yes
2.4 GHz= -A
5 GHz= -A
Configured Country= US
Note: Once the AP is primed with the correct domain the NDP will be used to propagate valid
country and reg. domain to the rest of the Universal domain APs on the network. As we do not
have more Universal APs available in the lab we are not showcasing that feature but following
would have been seen if you have other UX APs in your network.
Page 55
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
Page 56
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
Page 57
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
(Y / N)
(Y / N)
(Y / N)
(Y / N)*
(Y / N)*
(Y / N)
Page 58
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
(Y / N)*
(Y / N)
Page 59
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
Reference Only:
NOT part of the lab as WLC2504 doesnt support EoGRE tunnel
EoGRE
Ethernet over GRE (EoGRE) is a new aggregation solution for aggregating WiFi traffic from
hotspots. This solution enables customer premises equipment (CPE) devices to bridge the
Ethernet traffic coming from an end host, and encapsulate the traffic in Ethernet packets over an
IP GRE tunnel. When the IP GRE tunnels are terminated on a service provider broadband
network gateway, the end hosts traffic is terminated and subscriber sessions are initiated for the
end host. In our lab setup we are using ASR1K as a tunnel gateway.
CAPWAP
Cntrl
CAPWAP
Data
EoGRE
WLC
Tunnel
Gateway
(TGW)
ASR1K
1. To demonstrate EoGRE feature we will create another SSID, from WLC main menu go to WLANs
and Click the Go button. Create a WLAN with naming convention as POD<Number>-EoGRE.
Map this WLAN to management interface with Security set to None
Page 60
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
Currently, the EoGRE configuration is only available through CLI. Login to your POD WLC
console or telnet to the WLC from the wired Laptop then execute the following commands.
Step 1: Assign a Tunnel Gateway Address:
(WLC)>config tunnel eogre tgw <add/delete/modify> <gateway name> ipv4-address <ip>
Cisco Confidential 2014 All Rights Reserved
Page 61
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
To verify and check if the tunnel is properly configured on the WLC run the following Show
commands
(WLC)> show tunnel eogre gateway summary
Page 62
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
In this lab exercise the ASR1K is pre-configured for EoGRE tunnel and a DHCP pool. For your
reference the tunnel configuration on ASR1K which is as follows
Now connect a wireless client to the SSID PODX-EoGRE you should get an ip address from
10.55.55.0 subnet, which is configured on the ASR1K.
Page 63
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
You can also verify that the client is associated through EoGRE tunnel by running show client
detail command on your POD WLC
Page 64
B
N
Mobility
-
CUWN
8.1
Features
Lab
ver1
Page 65