If I had to deploy the office again I would not likely use monitor APs, because we already have sniffer APs. Our normal designs do consider monitor access points and we use the same 5-6 as well.
Assuming a new or old deployment I would consider monitor aps. These allows you to quickly turn them into sniffers as need. Monitor aps allow you to get quicker environmental information rather then waiting for the production APs to do the short off channel scanning.
Great presentation with very useful information.
I am working in a financial sector and one of the main concern is number of connection made to wireless access points. All our AP's are either 3702 or 3802 model with 5508 controller.
All AP's are installed below celling with 6 meter radius, Now one of the request made by business is they want to perform the real time monitoring for all their sites.
1. Business need the information on AP wise user count real time.
2. SSID wise user count per WLC.
Currently we are able to get this information through NCS Prime (3.1version), But this is more reactive mode , since we have to generate it manually and it is historical only. Is there any way to monitoring this parameters real time. I am not sure is this the right place to post the question.
Thank you Im glad you enjoyed it. That is a rather interesting request in that it has to be real time. Keep in mind PRIME allows you a customize dash board and I remember seeing some options for displaying client counts on SSID etc. Have you looked at customizing the dash board ?
You could get fancy with linux flavors of network mounting like Cacti or NMS. I like NMS myself.
Excellent presentation George,
I have two questions because I liked the approach you followed troubleshooting the wireless cards and drivers for the majority of the hospital owned devices in order to create an standard so I would appreciate if you share with us a guideline/tips about the process that you made/followed on that part as I would like to replicate that standardization process on the wireless environment I manage where it is possible.
My second question is:
I found that error 5440 on ISE is directly related to roaming and the fact that a brief disconnection happens due to the EAP and WPA Key mgmt process no matter if you have session resume enabled. In order to minimize this behavior, it is recommended to use 802.11r so I was wondering if you have that in place (I would say yes as you have WoWLAN) and any suggestions that you could share with us. Due to our BYOD environment implementing 802.11r could only apply to the SSID for School owned devices.
Abraham, Thank you for the kind comments Im really glad you enjoyed it.
Device testing is a very a important consideration when deploying reliable WiFi. Once you have a mental check box that the RF and wireless configuration is optimal and your config is simple and there was no changes on the network you can quickly start looking at the clients.
Back to the testing ... Its not an easy task and it takes time to baseline client devices and drivers. Once you have your data base full of testing data you can then really feel comfortable and compare results.
1) Baseline receive sensitivity of the device. We do this by testing at different distances from the ap and different orientations of the device. We can see quickly for example the iPhone hears the network 7-9 dB lower then say the average device. This is telling and might mean we need to consider a denser deployment.
2) Roaming test - Look at 802.11 and 802.1X roaming - Collect logs on the device, OTAC (Over the air captures), and controller side.
- Make sure 11r, OKC is supported and working
- Baseline the time from the last data frame sent on the old ap to the first data frame sent on the new ap
- Check roaming triggers and baseline
3) QoS markings
- If your device and app is suppose to mark QoS make sure it is and that it is marking correctly.
4) Allow the device to sit for 24-48 hours and see how the device behaves - do a constant ping do we lose pings and if so why
5) Elevator ride / off campus on campus -- take the device on a long elevator ride does it quickly recover when coming back into coverage
6) Does the device / app support Multicast confirm with multicast hammer OTAC, debugs
7) What 5 GHz channels does it support. Test connectivity on all bands UNII1/2/2E/3
8) Does the device UAPSD/PS POLL or some custom power save. Identity this and observe it working and baseline.
9) Does the device probe aggressively -60 or lower you can see this with transmitting probes as the device is building a neighbor list. If a device is off channel probing its not servicing the client
10) Does the device support 11k if so confirm this ...
The list goes on. What is key, after you collect a lot of devices and or device and driver info you will see a pattern. If you test a device that is way out of spec compared to other data you collected you can start to question -- Humm will this device work in my environment. Then test and see.
I hope that helps.
If you are using EAP then either your device will support NO advance roaming features or it will have some flavor of OKC, PMK cache (fast roam back) or 11r. If a device doesn't support advance roaming protocols you are 100% correct. The device will have to do a FULL 802.1X, which is very much like pulling a cable from the wall and plugging it back in. That all said the controller by default supports OKC. In a BYOD environment where there is little control you are really challenged. Apple and some flavors of android support 11r. But I find some vendors who say they do but once we test we find out they dont support or have issues supporting 11r.
You my friend are in one of the most challenging environments. You know all to well and better then most about BYOD. When I think of wireless devices and education I think of the Guns and Roses song - Welcome to the jungle baby ..
My suggestion is this ... You will never be able to control or manage these devices. While we want the best experience for our users. Find out the larger quantity of devices and NICs and test these drivers. When a student calls in and has an issue and they match say a 7265 INTEl NIC you can tell them we suggest driver XYZ.
I hope this helps bud .. Thanks again for spending the hour with me and the cisco team on the webex.
Thank you so much for participating at the community, it has been quite a great session.
I would like to share with you some of the questions that were not answered during the event:
• Q: What tool did they installed on the iPads?
• Q: How do you address QoS on wireless?
• Q: Do you have any critical Wi-Fi policies that you would like to share?
• Q: In 1572 installation, I don’t get ac speeds when the ap is 10-15m away, can you help me?
• Q: Is there any way to prevent users to connect to 2.4 Ghz an force them to use 5Ghz. via WLC or any Supplicant?
• Q: What version of WLC code are you currently running?
• Q: In the end, was there cost savings over a wired office? (Including time spent troubleshooting, lost productivity, etc.)
• Q: In healthcare you have a lot of proprietary equipment, where vendors don't want to co-exist with other vendors (healthcare equipment); how many prod SSIDs do you have, and how did you manage the healthcare vendors?
• Q: I found error 5440 on ISE is directly related to the disconnection experienced when roaming which is caused by EAP + WPA Key Mgmt process, did he solve this using 802.11r? But 802.11r is not widely supported
• Q: What do you think about 802.11r combined with session resume for PEAP/EAP-TLS on ISE?
• Q: Do you expect IoT devices to also share 5 GHz space or would these be better suited to use a low power 2.4 GHz transmission so voice and priority data gets the nicer 5 GHz band.
• Q: From an organizational buy-in, how cost effective is the all-wireless office? Since the organization has absorb increased engineering/R&D to overcome issues, does this outweigh running drops and switches; especially when each design may be unique?
• Q: Were you budgeted form the start?
• Q: Have you to took advantage of Network Programmability to automate some tasks? If so, which ones?
• Q: Did you make any modifications for allowing user backups to occur over Wi-Fi?
• Q: Is that applicable to this model AIR-CAP3502I-A-K9?
These are some of the questions that were not answered during the alive session:
Hi George ,
"Roaming test - Look at 802.11 and 802.1X roaming - Collect logs on the device, OTAC (Over the air captures), and controller side."
You said collect logs on the device ,If a windows device we could run some native tools and collect logs
What if it is android iphone device ?
What are the few log which will help us to qucikly identify the device did not roam
On Android it depends how much the vendor exposes. Example if you use a Zebra MC40 they have their own flavor of Andriod. The expose a lot of the logs to the admin. Not being an Android guy I dont have that specific experience with the consumer grade device.
Hello, we have some 3702, 1852, 3802 in office, WLC is 2504, we are happy with 1852, it's performance is so good, iperf could have 700+mbps, but both 3702 and 3802 only have 300-400mbps, it seems Marvell chip based AP never get well with Macbook(Broadcom wifi chip) through 3702 to 3802 with any WLC version(8.0 8.1 8.2 8.3), any suggestion for this issue? Can Cisco fix this issue?
Hi Steve, It makes me wonder what your config look like. We have 3700 and I can say we are getting 700+ on this model.
Hi, George. Did you test it under Macbook Broadcom wifi? I test several 3702 and 3802, all is 300-400mbps, 3802 even worse, but with 1832 and 1852, could reach 600-700mbps very easy. All the test under totally same environment. My config: https://gist.githubusercontent.com/nutinshell/defffccdc20248f036b3680391c7a6cc/raw/350df641fba76cc1002ef9dff31931b3c5966973/gistfile1.txt