06-11-2013 03:06 PM - edited 07-04-2021 12:13 AM
with Cisco Expert Nicolas Darchis
Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about how to trobuleshoot, configure and deploy any Cisco Wireless LAN controller with Cisco subject matter expert Nicolas Darchis.
Nicolas Darchis is a wireless and authentication, authorization, and accounting expert for the Technical Assistance Center at Cisco Europe. He has been troubleshooting wireless networks, wireless management tools, and security products, including Cisco Secure Access Control Server since 2007. He also focuses on filing technical and documentation bugs. Nicolas Darchis holds a bachelor's degree in computer networking from the Haute Ecole Rennequin Sualem and a master's degree in computer science from the University of Liege. He also holds CCIE Wireless certification number 25344.
Remember to use the rating system to let Nicolas know if you have received an adequate response.
Nicolas might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Wireless sub-community, Getting Started with Wireless discussion forum shortly after the event.
This event last through Friday June 28, 2013. Visit the community often to view responses to youe questions of other community members.
06-19-2013 01:04 AM
Hi Nicolas,
How are you? Hope everything is OK.
I just have a question about allowing the WLC to chagne the CWmin, CWmax, TXOP...etc. values.
This is currenlty achived by a template-based configuratoin where those values are getting currently chagned based on the EDCA profile that you use from the EDCA Parameters configuration. But we don't know what values are being chosen for the variables (CWmin, CWmin...etc). nor we are able to chose cutome values for those.
Is there any plen to get those values configurable in the future? maybe by allowing users to create their own custom EDCA profiles. And at least let the users see what values are chosen for those variables when they choose a pre-defined EDCA profile.
Thank you.
Amjad
Rating useful replies is more useful than saying "Thank you"
06-19-2013 05:06 AM
That's a though and interesting question. I need to dig this further as I don't have this information handy.
06-21-2013 12:42 AM
Hi Amjad,
I found the answer simply by configuring the setting and sniffing the beacons since it displays the actual settings.
There is no plans to have this configurable as far as I could find out because not many people have a business need for that feature I'm afraid.
WMM timers :
Spectralink :
Voice optimized :
Voice and video optimized :
Custom voice :
06-24-2013 02:59 AM
Thank you Nicolas,
Yes one can see the values by a wireless packet capture. But I just wondered if making those values at least availalbe (or better, configurable) for users (or the probability of adding the feature to allow users to add their own EDCA profiles).
Thank you anyway for your information.
Regards,
Amjad
useful replies is more useful than saying "Thank you"
06-24-2013 03:03 AM
You are right about documenting. I will mention it in this document that I co-own :
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a0080c01d2c.shtml
About configuring, I think it would open the door to a lot of people modifying it without having any idea what it is (and thus breaking everything) rather than people with an actual business need to modify it. This is just my opinion of course, and maybe the Wireless Business Unit has other reasons not to have it configurable but this seems likely to me.
If enough people request to their account team to have this configurable, it will happen in a next release, but I don't think many people asked for this.
06-19-2013 03:01 AM
Hi Nicholas,
I got two topics for you, where I hope you can help me further.
1.) When configuring advanced timeout values there are two timers, for which I could not find a detailed explanation on what exactly they do.
config advanced ap-rpimed-join-timeout - Configuration of the AP PRIMED Discovery Timeout
config advanced timers pkt-fwd-watchdog - This is used for preventing a deadlock in fastpath.
Also there is another command config advanced 802.11b/a logging with its subcommands (e.g. channel, foreign, noise etc.) set to off per default. I once tried to enable them but I could not see a difference in the message log of the WLC, which led me to believe that the logs must go somewhere else.
If it is possible can you please elaborate on those commands?
2.) The heartbeat timer for APs is using a predefined count and interval for sending those packets. This can be seen via show ap retransmit all where a (default) stands next to the values. The fast-heartbeat timer however uses a different count of packets, but the same interval as the normal heartbeat.
When I change the count timer the (default) flag disappears, a logical consequence. Now when I observe the timers the hearbeat-timer is working as expected, but the fast-heartbeat timer is now also using the same count as the normal timer.
When trying to revert this change and go back to the default values and taking a look at them the (default) flag does NOT reappear and when I look at the debug of the timers again the fast-heartbeat timer is not using its default values anymore, which should be lower than the normal heartbeat timer.
You can take a look at a debug I made some time ago here:
https://supportforums.cisco.com/message/3852585
Do you know if there is a way to restore the default values in such a way that the fast-heartbeat timer uses its true default timers again?
Regards,
Patrick
06-19-2013 05:30 AM
1)
AP PRimed time out is actually "documented" with CSCsw68997. It means the AP should not "freak out" (i.e. reboot) on config chances. IT avoids the AP rebooting constantly if you do vlan mapping changes for example.
Also when joining a WLC it will take this time before digesting the new vlan config. It is helpful to buffer and not have the AP change its hreap vlan setting all the time.
the other is related to fastpath, i.e. what replaces the NPU, i.e. the way the WLC forward traffic since the last generation of WLCs that are CPU-based. I'm not sure why this is even a documented command as it is "don't touch this unless you have a very good reason to !". It changes an internal forwarding timer and the consequences are too complex to be a usable item.
2) That's a very precise query. I will try to look into it but I'm not aware of anything with that regard
06-19-2013 06:33 AM
hi nicolas,
I am trying to connect Cisco Aironet 1142 (which has been converted into Lightweight AP already) on WLC in Cisco Catalyst 3850. But i am getting following error when i console into LWAPP.
Not in Bound state.
*Mar 1 05:26:18.948: %CAPWAP-3-DHCP_RENEW: Could not discover WLC using DHCP IP. Renewing DHCP IP.
*Mar 1 05:26:23.963: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 2 combination.
*Mar 1 05:26:24.078: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 192.168.1.106, mask 255.255.255.0, hostname APc464.13c2.dc7a
Translating "CISCO-CAPWAP-CONTROLLER"...domain server (1.1.1.1) [OK]
*Mar 1 05:26:29.949: %CAPWAP-5-DHCP_OPTION_43: Controller address 192.168.1.1 obtained through DHCP
*Mar 1 05:26:29.950: %CAPWAP-3-ERRORLOG: Did not get log server settings from DHCP.
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Cisco Catalyst 3850
ip dhcp pool test
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 1.1.1.1
option 60 ascii Cisco AP c1140
option 43 hex f104.c0a8.0101
!
interface vlan 1
ip address 192.168.1.1
!
wlan test 1 test
client association limit 5
client vlan 1
ip dhcp opt82
ip dhcp opt82 format add-ssid
ip dhcp required
ip dhcp server 192.168.1.1
ip multicast vlan 1
media-stream multicast-direct
no shutdown
ap dot11 24ghz rrm channel dca 1
ap dot11 24ghz rrm channel dca 6
ap dot11 24ghz rrm channel dca 11
ap dot11 5ghz rrm channel dca 36
ap dot11 5ghz rrm channel dca 40
ap dot11 5ghz rrm channel dca 44
ap dot11 5ghz rrm channel dca 48
ap dot11 5ghz rrm channel dca 52
ap dot11 5ghz rrm channel dca 56
ap dot11 5ghz rrm channel dca 60
ap dot11 5ghz rrm channel dca 64
ap dot11 5ghz rrm channel dca 149
ap dot11 5ghz rrm channel dca 153
ap dot11 5ghz rrm channel dca 157
ap dot11 5ghz rrm channel dca 161
ap group default-group
ap group test
wlan test
vlan 1
end
06-20-2013 02:25 AM
Hi,
I'm not sure if this is your whole switch/wlc config or not ?
After the wizard, the 3850 config should look like this :
hostname w-5760-3
enable secret 4 tnhtc92DXBhelxjYk8LWJrPV36S2i4ntXrpb4RFmfqY^Q
enable password cisco
line vty 0 15
password cisco
ntp server 192.168.1.200 maxpoll 4 minpoll 4
ip http authentication local
ip http secure-server
wsma agent exec profile httplistener
wsma agent exec profile httpslistener
wsma agent config profile httplistener
wsma agent config profile httpslistener
wsma agent filesys profile httplistener
wsma agent filesys profile httpslistener
wsma agent notify profile httplistener
wsma agent notify profile httpslistener
wsma profile listener httplistener
transport http
wsma profile listener httpslistener
transport https
no snmp-server
!
no ip routing
!
interface Vlan1
no shutdown
ip address 192.168.1.20 255.255.255.0
!
interface GigabitEthernet0/0
shutdown
no ip address
!
interface TenGigabitEthernet1/0/1
!
interface TenGigabitEthernet1/0/2
!
interface TenGigabitEthernet1/0/3
!
interface TenGigabitEthernet1/0/4
!
interface TenGigabitEthernet1/0/5
!
interface TenGigabitEthernet1/0/6
exit
wireless management interface Vlan1
!
end
Then to support APs joining, you would need to add :
Important Note:
Ensure that your switch is having the right boot command under global configuration. Depending how you installed the software on the switch. If it has been extracted on the flash, then the following boot command is required:
w-5760-3(config)#boot system flash:packages.conf
1. Configure the TenGig interface that is connecting to the backbone network and on which your will have CAPWAP traffic coming in/out. In this document the interface used is TenGigabitEthernet1/0/1. We are allowing on it Vlan1 for management and Vlan100 for client WLAN data.
interface TenGigabitEthernet1/0/1
switchport trunk allowed vlan 1,100
switchport mode trunk
ip dhcp relay information trusted
ip dhcp snooping trust
2. Configure default route out:
ip route 0.0.0.0 0.0.0.0 192.168.1.1
3. Prepare the WLC for WEB GUI Access:
The GUI can be access via https://
The username password is the privilege 15 username/password defined on the first configuration line below.
username admin privilege 15 password 0 admin
ip http server
ip http authentication local
ip http secure-server
wsma agent exec
profile webui_service
profile httplistener
profile httpslistener
wsma agent config
profile webui_service
profile httplistener
profile httpslistener
wsma agent filesys
profile webui_service
profile httplistener
profile httpslistener
wsma agent notify
profile webui_service
profile httplistener
profile httpslistener
!
wsma profile listener webui_service
!
wsma profile listener httplistener
transport http
!
wsma profile listener httpslistener
transport https
4. Ensure wireless management interface is correctly configured
wireless management interface Vlan1
w-5760-3#sh run int vlan 1
Building configuration...
Current configuration : 62 bytes
!
interface Vlan1
ip address 192.168.1.20 255.255.255.0
end
w-5760-3#sh ip int br
Interface IP-Address OK? Method Status Protocol
Vlan1 192.168.1.20 YES NVRAM up up
Vlan100 10.1.1.20 YES TFTP up up
GigabitEthernet0/0 unassigned YES unset down down
Te1/0/1 unassigned YES unset up up
Te1/0/2 unassigned YES unset down down
Te1/0/3 unassigned YES unset down down
Te1/0/4 unassigned YES unset down down
Te1/0/5 unassigned YES unset down down
Te1/0/6 unassigned YES unset down down
Capwap2 unassigned YES unset up up
w-5760-3#
5. Ensure you have enabled license with the right ap count
Note: The 5760 does not have activated license levels, the image is already ipservices
Note: 5760 acting as MC can support up to 1000 APs
w-5760-3#license right-to-use activate apcount
6. Ensure you have configured the correct country code on your WLC in compliance with the regulatory domain of the country the AP(s) will be servicing in and in compliance with the regulatory domain of the AP(s)
w-5760-1#show wireless country configured
Configured Country.............................: US - United States
Configured Country Codes
US - United States : 802.11a Indoor,Outdoor/ 802.11b / 802.11g
w-5760-1(config)#ap dot11 24ghz shutdown
w-5760-1(config)#ap dot11 5ghz shutdown
w-5760-1(config)#ap country BE
Changing country code could reset channel and RRM grouping configuration. If running in RRM One-Time mode, reassign channels after this command. Check customized APs for valid channel values after this command.
Are you sure you want to continue? (y/n)[y]: y
w-5760-1(config)#no ap dot11 24ghz shut
w-5760-1(config)#no ap dot11 5ghz shut
w-5760-1(config)#end
w-5760-1#wr
Building configuration...
Compressed configuration from 3564 bytes to 2064 bytes[OK]
w-5760-1#show wireless country configured
Configured Country.............................: BE - Belgium
Configured Country Codes
BE - Belgium : 802.11a Indoor,Outdoor/ 802.11b / 802.11g
7. Ensure that your AP(s) on whatever VLAN they are will be able to learn the IP address of the WLC 192.168.1.20 in this example vian DHCP option 43, DNS, or any other dicovery mechanism in CAPWAP.
8. Ensure that your AP(s) have joined:
w-5760-3#show ap summary
Number of APs: 1
Global AP User Name: Not configured
Global AP Dot1x User Name: Not configured
AP Name AP Model Ethernet MAC Radio MAC State
----------------------------------------------------------------------------------------
APa493.4cf3.232a 1042N a493.4cf3.232a 10bd.186d.9a40 Registered
9. Useful debugs for troubleshooting AP join issues:
3850a#debug capwap ap events
capwap/ap/events debugging is on
3850a#debug capwap ap error
capwap/ap/error debugging is on
06-21-2013 02:41 AM
Hi Nicholas,
Thanks for the clarification. So this timer is actually used for Flexconnect APs only? I will try to test it, as it is off per default (timer set to 0)
Do you also have by chance more information about config advanced 802.11b/a logging?
Regarding point 2 hopefully you find something.
Regards,
Patrick
06-22-2013 01:11 AM
It seems to enable RF event logging for that band. For example Channel updates, coverage profile, noise profile, txpower updates ...
06-20-2013 09:57 PM
Hi Nicolas
Would you be able to explain how "off-channel Scanning" works. I would like to clarify the following points specifically
1. Does it works only for the upstream packets coming from wireless clients with WMM UP values ?
2. Could downstram traffic (from AP to Client) trigger off-channel scanning ? In otherwords if AP has packets to send to clients with configured UP values does off-channel scan triggers?
3. If I want to configure this feature for Best Effort traffic should I select both UP values 0 & 3 or only 0 ?
I saw your response to this post & went though the config guide explanation, still it confuse me.
https://supportforums.cisco.com/thread/2077086
Rasika
06-21-2013 12:46 AM
1. Yes
2. No (it is the same question as number 1 in reverse right ?)
The idea is that if the AP has to send QoS frames to the client, it can send it when it is not off-channel (since it's the AP controlling when it goes off channel) so there is no impact and no need to defer in that direction. Only when clients are transmitting QoS frames, we need to make sure the AP is on the channel listening to it.
But typically if there is QoS, the client is replying to downstream at some point. Pure one way QoS is awkward.
3. Only 0 should be sufficient. I have never seen a laptop sending best effort traffic tagged with 3.
If you configure the feature for best effort, it's basically the same thing as disabling off channel scanning completely. It's good for your operations (more AP on channel time) but you will be blind 100% to rogues and APs won't be capable of evaluating if other channels are maybe better suited from RRM perspective
06-21-2013 02:15 AM
Hi Nicolas,
Thanks for clarification.. it make more sense the way you describe it.
I took Best Effort (Silver profile traffic) as an example & documents says it can be either UP=0 or UP=3.
Regards
Rasika
06-21-2013 02:18 AM
That is absolutely correct. But laptops by default send best effort traffic and leave the UP field empty (=0). So yes 3 also means best effort, but no drivers on earth bother to write "3" when leaving 0 does the same effect.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide