Ask the Expert: Cisco Wireless LAN Controllers (WLCs) - Page 3

ciscomoderator · ‎06-11-2013

with Cisco Expert Nicolas Darchis

Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about how to trobuleshoot, configure and deploy any Cisco Wireless LAN controller with Cisco subject matter expert Nicolas Darchis.

Nicolas Darchis is a wireless and authentication, authorization, and accounting expert for the Technical Assistance Center at Cisco Europe. He has been troubleshooting wireless networks, wireless management tools, and security products, including Cisco Secure Access Control Server since 2007. He also focuses on filing technical and documentation bugs. Nicolas Darchis holds a bachelor's degree in computer networking from the Haute Ecole Rennequin Sualem and a master's degree in computer science from the University of Liege. He also holds CCIE Wireless certification number 25344.

Remember to use the rating system to let Nicolas know if you have received an adequate response.

Nicolas might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Wireless sub-community, Getting Started with Wireless discussion forum shortly after the event.

This event last through Friday June 28, 2013. Visit the community often to view responses to youe questions of other community members.

Amjad Abdullah · ‎06-19-2013

Hi Nicolas,

How are you? Hope everything is OK.

I just have a question about allowing the WLC to chagne the CWmin, CWmax, TXOP...etc. values.

This is currenlty achived by a template-based configuratoin where those values are getting currently chagned based on the EDCA profile that you use from the EDCA Parameters configuration. But we don't know what values are being chosen for the variables (CWmin, CWmin...etc). nor we are able to chose cutome values for those.

Is there any plen to get those values configurable in the future? maybe by allowing users to create their own custom EDCA profiles. And at least let the users see what values are chosen for those variables when they choose a pre-defined EDCA profile.

Thank you.

Amjad

Rating useful replies is more useful than saying "Thank you"

Nicolas Darchis · ‎06-19-2013

That's a though and interesting question. I need to dig this further as I don't have this information handy.

Nicolas Darchis · ‎06-21-2013

Hi Amjad,

I found the answer simply by configuring the setting and sniffing the beacons since it displays the actual settings.

There is no plans to have this configurable as far as I could find out because not many people have a business need for that feature I'm afraid.

WMM timers :

Spectralink :

Voice optimized :

Voice and video optimized :

Custom voice :

Amjad Abdullah · ‎06-24-2013

Thank you Nicolas,

Yes one can see the values by a wireless packet capture. But I just wondered if making those values at least availalbe (or better, configurable) for users (or the probability of adding the feature to allow users to add their own EDCA profiles).

Thank you anyway for your information.

Regards,

Amjad

useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"

Nicolas Darchis · ‎06-24-2013

You are right about documenting. I will mention it in this document that I co-own :

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a0080c01d2c.shtml

About configuring, I think it would open the door to a lot of people modifying it without having any idea what it is (and thus breaking everything) rather than people with an actual business need to modify it. This is just my opinion of course, and maybe the Wireless Business Unit has other reasons not to have it configurable but this seems likely to me.

If enough people request to their account team to have this configurable, it will happen in a next release, but I don't think many people asked for this.

patrick.kofler · ‎06-19-2013

Hi Nicholas,

I got two topics for you, where I hope you can help me further.

1.) When configuring advanced timeout values there are two timers, for which I could not find a detailed explanation on what exactly they do.

config advanced ap-rpimed-join-timeout - Configuration of the AP PRIMED Discovery Timeout

config advanced timers pkt-fwd-watchdog - This is used for preventing a deadlock in fastpath.

Also there is another command config advanced 802.11b/a logging with its subcommands (e.g. channel, foreign, noise etc.) set to off per default. I once tried to enable them but I could not see a difference in the message log of the WLC, which led me to believe that the logs must go somewhere else.

If it is possible can you please elaborate on those commands?

2.) The heartbeat timer for APs is using a predefined count and interval for sending those packets. This can be seen via show ap retransmit all where a (default) stands next to the values. The fast-heartbeat timer however uses a different count of packets, but the same interval as the normal heartbeat.

When I change the count timer the (default) flag disappears, a logical consequence. Now when I observe the timers the hearbeat-timer is working as expected, but the fast-heartbeat timer is now also using the same count as the normal timer.

When trying to revert this change and go back to the default values and taking a look at them the (default) flag does NOT reappear and when I look at the debug of the timers again the fast-heartbeat timer is not using its default values anymore, which should be lower than the normal heartbeat timer.

You can take a look at a debug I made some time ago here:

https://supportforums.cisco.com/message/3852585

Do you know if there is a way to restore the default values in such a way that the fast-heartbeat timer uses its true default timers again?

Regards,

Patrick

Nicolas Darchis · ‎06-19-2013

1)

AP PRimed time out is actually "documented" with CSCsw68997. It means the AP should not "freak out" (i.e. reboot) on config chances. IT avoids the AP rebooting constantly if you do vlan mapping changes for example.

Also when joining a WLC it will take this time before digesting the new vlan config. It is helpful to buffer and not have the AP change its hreap vlan setting all the time.

the other is related to fastpath, i.e. what replaces the NPU, i.e. the way the WLC forward traffic since the last generation of WLCs that are CPU-based. I'm not sure why this is even a documented command as it is "don't touch this unless you have a very good reason to !". It changes an internal forwarding timer and the consequences are too complex to be a usable item.

2) That's a very precise query. I will try to look into it but I'm not aware of anything with that regard

techguy · ‎06-19-2013

hi nicolas,

I am trying to connect Cisco Aironet 1142 (which has been converted into Lightweight AP already) on WLC in Cisco Catalyst 3850. But i am getting following error when i console into LWAPP.

Not in Bound state.

*Mar 1 05:26:18.948: %CAPWAP-3-DHCP_RENEW: Could not discover WLC using DHCP IP. Renewing DHCP IP.

*Mar 1 05:26:23.963: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 2 combination.

*Mar 1 05:26:24.078: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 192.168.1.106, mask 255.255.255.0, hostname APc464.13c2.dc7a

Translating "CISCO-CAPWAP-CONTROLLER"...domain server (1.1.1.1) [OK]

*Mar 1 05:26:29.949: %CAPWAP-5-DHCP_OPTION_43: Controller address 192.168.1.1 obtained through DHCP

*Mar 1 05:26:29.950: %CAPWAP-3-ERRORLOG: Did not get log server settings from DHCP.

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Cisco Catalyst 3850

ip dhcp pool test

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

dns-server 1.1.1.1

option 60 ascii Cisco AP c1140

option 43 hex f104.c0a8.0101

!

interface vlan 1

ip address 192.168.1.1

!

wlan test 1 test

client association limit 5

client vlan 1

ip dhcp opt82

ip dhcp opt82 format add-ssid

ip dhcp required

ip dhcp server 192.168.1.1

ip multicast vlan 1

media-stream multicast-direct

no shutdown

ap dot11 24ghz rrm channel dca 1

ap dot11 24ghz rrm channel dca 6

ap dot11 24ghz rrm channel dca 11

ap dot11 5ghz rrm channel dca 36

ap dot11 5ghz rrm channel dca 40

ap dot11 5ghz rrm channel dca 44

ap dot11 5ghz rrm channel dca 48

ap dot11 5ghz rrm channel dca 52

ap dot11 5ghz rrm channel dca 56

ap dot11 5ghz rrm channel dca 60

ap dot11 5ghz rrm channel dca 64

ap dot11 5ghz rrm channel dca 149

ap dot11 5ghz rrm channel dca 153

ap dot11 5ghz rrm channel dca 157

ap dot11 5ghz rrm channel dca 161

ap group default-group

ap group test

wlan test

vlan 1

end

Nicolas Darchis · ‎06-20-2013

Hi,

I'm not sure if this is your whole switch/wlc config or not ?

After the wizard, the 3850 config should look like this :

hostname w-5760-3

enable secret 4 tnhtc92DXBhelxjYk8LWJrPV36S2i4ntXrpb4RFmfqY^Q

enable password cisco

line vty 0 15

password cisco

ntp server 192.168.1.200 maxpoll 4 minpoll 4

ip http authentication local

ip http secure-server

wsma agent exec profile httplistener

wsma agent exec profile httpslistener

wsma agent config profile httplistener

wsma agent config profile httpslistener

wsma agent filesys profile httplistener

wsma agent filesys profile httpslistener

wsma agent notify profile httplistener

wsma agent notify profile httpslistener

wsma profile listener httplistener

transport http

wsma profile listener httpslistener

transport https

no snmp-server

!

no ip routing

!

interface Vlan1

no shutdown

ip address 192.168.1.20 255.255.255.0

!

interface GigabitEthernet0/0

shutdown

no ip address

!

interface TenGigabitEthernet1/0/1

!

interface TenGigabitEthernet1/0/2

!

interface TenGigabitEthernet1/0/3

!

interface TenGigabitEthernet1/0/4

!

interface TenGigabitEthernet1/0/5

!

interface TenGigabitEthernet1/0/6

exit

wireless management interface Vlan1

!

end

Then to support APs joining, you would need to add :

Important Note:

Ensure that your switch is having the right boot command under global configuration. Depending how you installed the software on the switch. If it has been extracted on the flash, then the following boot command is required:

w-5760-3(config)#boot system flash:packages.conf

1. Configure the TenGig interface that is connecting to the backbone network and on which your will have CAPWAP traffic coming in/out. In this document the interface used is TenGigabitEthernet1/0/1. We are allowing on it Vlan1 for management and Vlan100 for client WLAN data.

interface TenGigabitEthernet1/0/1
switchport trunk allowed vlan 1,100
switchport mode trunk
ip dhcp relay information trusted
ip dhcp snooping trust

2. Configure default route out:

ip route 0.0.0.0 0.0.0.0 192.168.1.1

3. Prepare the WLC for WEB GUI Access:

The GUI can be access via https:///wireless.

The username password is the privilege 15 username/password defined on the first configuration line below.

username admin privilege 15 password 0 admin
ip http server
ip http authentication local
ip http secure-server

wsma agent exec
profile webui_service
profile httplistener
profile httpslistener
wsma agent config
profile webui_service
profile httplistener
profile httpslistener
wsma agent filesys
profile webui_service
profile httplistener
profile httpslistener
wsma agent notify
profile webui_service
profile httplistener
profile httpslistener
!
wsma profile listener webui_service
!
wsma profile listener httplistener
transport http
!
wsma profile listener httpslistener
transport https

4. Ensure wireless management interface is correctly configured

wireless management interface Vlan1

w-5760-3#sh run int vlan 1
Building configuration...

Current configuration : 62 bytes
!
interface Vlan1
ip address 192.168.1.20 255.255.255.0
end

w-5760-3#sh ip int br
Interface              IP-Address      OK? Method Status                Protocol
Vlan1                  192.168.1.20    YES NVRAM up                    up
Vlan100                10.1.1.20       YES TFTP   up                    up
GigabitEthernet0/0     unassigned      YES unset down                  down
Te1/0/1                unassigned      YES unset up                    up
Te1/0/2                unassigned      YES unset down                  down
Te1/0/3                unassigned      YES unset down                  down
Te1/0/4                unassigned      YES unset down                  down
Te1/0/5                unassigned      YES unset down                  down
Te1/0/6                unassigned      YES unset down                  down
Capwap2                unassigned      YES unset up                    up
w-5760-3#

5. Ensure you have enabled license with the right ap count

Note: The 5760 does not have activated license levels, the image is already ipservices

Note: 5760 acting as MC can support up to 1000 APs

w-5760-3#license right-to-use activate apcount slot 1 acceptEULA

6. Ensure you have configured the correct country code on your WLC in compliance with the regulatory domain of the country the AP(s) will be servicing in and in compliance with the regulatory domain of the AP(s)

w-5760-1#show wireless country configured

Configured Country.............................: US - United States
Configured Country Codes
US - United States : 802.11a Indoor,Outdoor/ 802.11b / 802.11g

w-5760-1(config)#ap dot11 24ghz shutdown

w-5760-1(config)#ap dot11 5ghz shutdown

w-5760-1(config)#ap country BE
Changing country code could reset channel and RRM grouping configuration. If running in RRM One-Time mode, reassign channels after this command. Check customized APs for valid channel values after this command.
Are you sure you want to continue? (y/n)[y]: y
w-5760-1(config)#no ap dot11 24ghz shut
w-5760-1(config)#no ap dot11 5ghz shut
w-5760-1(config)#end
w-5760-1#wr
Building configuration...
Compressed configuration from 3564 bytes to 2064 bytes[OK]

w-5760-1#show wireless country configured

Configured Country.............................: BE - Belgium
Configured Country Codes
BE - Belgium : 802.11a Indoor,Outdoor/ 802.11b / 802.11g

7. Ensure that your AP(s) on whatever VLAN they are will be able to learn the IP address of the WLC 192.168.1.20 in this example vian DHCP option 43, DNS, or any other dicovery mechanism in CAPWAP.

8. Ensure that your AP(s) have joined:

w-5760-3#show ap summary
Number of APs: 1

Global AP User Name: Not configured

Global AP Dot1x User Name: Not configured

AP Name AP Model Ethernet MAC Radio MAC State

----------------------------------------------------------------------------------------

APa493.4cf3.232a 1042N a493.4cf3.232a 10bd.186d.9a40 Registered

9. Useful debugs for troubleshooting AP join issues:

3850a#debug capwap ap events

capwap/ap/events debugging is on

3850a#debug capwap ap error

capwap/ap/error debugging is on

patrick.kofler · ‎06-21-2013

Hi Nicholas,

Thanks for the clarification. So this timer is actually used for Flexconnect APs only? I will try to test it, as it is off per default (timer set to 0)

Do you also have by chance more information about config advanced 802.11b/a logging?

Regarding point 2 hopefully you find something.

Regards,

Patrick

Nicolas Darchis · ‎06-22-2013

It seems to enable RF event logging for that band. For example Channel updates, coverage profile, noise profile, txpower updates ...

Rasika Nayanajith · ‎06-20-2013

Hi Nicolas

Would you be able to explain how "off-channel Scanning" works. I would like to clarify the following points specifically

1. Does it works only for the upstream packets coming from wireless clients with WMM UP values ?

2. Could downstram traffic (from AP to Client) trigger off-channel scanning ? In otherwords if AP has packets to send to clients with configured UP values does off-channel scan triggers?

3. If I want to configure this feature for Best Effort traffic should I select both UP values 0 & 3 or only 0 ?

I saw your response to this post & went though the config guide explanation, still it confuse me.

https://supportforums.cisco.com/thread/2077086

Rasika

Nicolas Darchis · ‎06-21-2013

1. Yes

2. No (it is the same question as number 1 in reverse right ?)

The idea is that if the AP has to send QoS frames to the client, it can send it when it is not off-channel (since it's the AP controlling when it goes off channel) so there is no impact and no need to defer in that direction. Only when clients are transmitting QoS frames, we need to make sure the AP is on the channel listening to it.

But typically if there is QoS, the client is replying to downstream at some point. Pure one way QoS is awkward.

3. Only 0 should be sufficient. I have never seen a laptop sending best effort traffic tagged with 3.

If you configure the feature for best effort, it's basically the same thing as disabling off channel scanning completely. It's good for your operations (more AP on channel time) but you will be blind 100% to rogues and APs won't be capable of evaluating if other channels are maybe better suited from RRM perspective

Rasika Nayanajith · ‎06-21-2013

Hi Nicolas,

Thanks for clarification.. it make more sense the way you describe it.

I took Best Effort (Silver profile traffic) as an example & documents says it can be either UP=0 or UP=3.

Regards

Rasika

Nicolas Darchis · ‎06-21-2013

That is absolutely correct. But laptops by default send best effort traffic and leave the UP field empty (=0). So yes 3 also means best effort, but no drivers on earth bother to write "3" when leaving 0 does the same effect.