Cisco Aironet 1200 Series

This document provides information on the most frequently asked questions (FAQ) about Cisco Lightweight Access Points (LAPs).

A. The Cisco LAP is part of the Cisco Unified Wireless Network architecture. A LAP is an AP that is designed to be connected to a wireless LAN (WLAN) controller (WLC). The LAP provides dual band support for IEEE 802.11a, 802.11b, and 802.11g and simultaneous air monitoring for dynamic, real-time radio frequency (RF) management. In addition, Cisco Aironet 1000 Series LAPs handle time-sensitive functions, such as Layer 2 encryption, that enable Cisco WLANs to securely support voice, video, and data applications.

A. APs are “lightweight”, which means that they cannot act independently of a wireless LAN controller (WLC). The WLC manages the AP configurations and firmware. The APs are “zero touch” deployed, and no individual configuration of APs is necessary. The APs are also lightweight in the sense that they handle only real-time MAC functionality. The APs leave all the nonreal-time MAC functionality to be processed by the WLC. This architecture is referred to as the “split MAC” architecture.

A. The easiest way to distinguish between a regular AP and a LAP is to look at the part number of the AP.

• LAP (Lightweight AP Protocol [LWAPP])—Part numbers always begin with AIR-LAPXXXX.

• Autonomous AP (Cisco IOS® Software)—Part numbers always begin with AIR-APXXXX.

The Cisco Aironet 1000 Series LAPs are an exception to this criteria. The part numbers of the 1000 series LAPs are:

• AIR-AP1010-A-K9 for a 1010 LAP

• AIR-AP1020-A-K9 for a 1020 LAP

• AIR-AP1030-A-K9 for a 1030 LAP

Note: The part numbers can vary, which depends on the country and regulatory domain. The part numbers that this list provides are just examples.

Make sure that you order the appropriate AP for your wireless LAN (WLAN).

A. These Cisco Aironet AP platforms are able to run LWAPP:

• Aironet 1500 Series

• Aironet 1240 AG Series

• Aironet 1230 AG Series

• Aironet 1200 Series

• Aironet 1130 AG Series

• Aironet 1000 Series

Note: You can order these Aironet APs with Cisco IOS Software to operate as autonomous APs or to operate with LWAPP. The part number determines if an AP is a Cisco IOS Software-based AP or an LWAPP-based AP. Here are examples:

• AIR-AP1242AG-A-K9 is a Cisco IOS Software-based AP.

• AIR-LAP1242AG-P-K9 is an LWAPP-based AP.

Note: The 1000 Series APs and the 1500 Series APs are exceptions to this criterion. All the 1000 Series APs and the 1500 Series APs support only LWAPP.

A. Cisco IOS Software-based APs (autonomous APs) that are configured as workgroup bridges associate only with Cisco IOS Software-based APs. They cannot associate with LWAPP-based APs. Cisco IOS Software-based APs that are converted to lightweight mode also do not support workgroup bridge associations. This is because LWAPP devices cannot communicate with non-LWAPP devices at all.

A. No, roaming between LAPs and autonomous APs is NOT supported. The reason is that, when connected to LWAPP APs, traffic is passed through an LWAPP tunnel. Since there is no mobility tunnel between the Wireless LAN Controller and autonomous APs, the roam does not work.

A. No, 870 wireless routers with the AP HWIC do not understand LWAPP. Therefore, they cannot communicate with WLCs.

A. The 1000 Series LAP enclosure contains:

• One IEEE 802.11a or one 802.11b/g radio antenna

• Four high-gain internal antennas (two 802.11a and two 802.11b/g)

You can enable or disable these antennas independently in order to produce a 180-degree sectorized or 360-degree omnidirectional coverage area. Some of the 1000 Series LAPs can also use external antennas. The 1000 Series LAPs come in three models:

• 1010 LAP

• 1020 LAP

• 1030 LAP

These are the available antenna options:

• 1010 LAP:

  • Four high-gain internal antennas

  • No external antenna adapters

• 1020 LAP:

  • Four high-gain internal antennas

  • One 5-GHz external antenna adapter

  • Two 2.4-GHz external antenna adapters

• 1030 LAP (remote-edge LAP):

  • Four high-gain internal antennas

  • One 5-GHz external antenna adapter

  • Two 2.4-GHz external antenna adapters

Note: The 1000 Series LAPs must use the factory-supplied internal or external antennas in order to avoid a violation of FCC requirements and to avoid a void of the user authority to operate the equipment.

A. The Aironet 1000 Series LAP can receive power from an external 110 through 220 VAC-to-48 VDC power supply or from Power over Ethernet equipment. The external power supply (AIR-PWR-1000) plugs in to a secure 110 through 220 VAC electrical outlet. The converter produces the required 48 VDC output for the 1000 Series LAP. The converter output feeds into the side of the 1000 Series LAP through a 48 VDC jack.

Note: You can order the AIR-PWR-1000 external power supply with country-specific electrical outlet power cords. Contact Cisco when you order in order to receive the correct power cord.

A. In Wireless LAN Controller release 5.0 and later, the controller supports the use of Telnet or Secure Shell (SSH) protocols to troubleshoot lightweight access points. You can use these protocols in order to make debugging easier, especially when the access point is unable to connect to the controller. You can configure Telnet and SSH support only through the controller CLI.

In order to enable Telnet or SSH connectivity on an access point, use the config ap {telnet | ssh} command. The Cisco lightweight access point associates with this Cisco Wireless LAN controller for all network operation and in the event of a hardware reset.

config ap {telnet | ssh} {enable | disable} Cisco_AP

Examples

> config ap telnet enable cisco_ap1
> config ap telnet disable cisco_ap1
> config ap ssh enable cisco_ap2
> config ap ssh disable cisco_ap2

A. AP 1242s are converted Lightweight Access Point Protocol (LWAPP) APs. Once you convert and try to use them, they try to search for the controller in order to join it. If the APs do not find the controller, then this type of message appears on the console. But in this case the controller has a firmware version of 3.2.78.0 which is not compatible to work with upgraded APs. You need to have firmware version 3.2.116.21 in order to work with upgraded APs. Once the controller firmware is upgraded, these APs join the controller and start to function.

A. If you look at an access point in detail mode, you can see that it has a base Radio MAC address and a FastEthernet MAC address. In addition, that is the base Radio MAC address that changes with the WLAN. The client actually sees the BSSID in the form of a MAC address.

A. With the latest 2.01 version of the tool, you can upgrade a maximum of six APs at a time.

A. LWAPP APs must join a controller, and they do not support a repeater mode since they all have to have some connectivity to the controller first. Cisco autonomous APs can be configured as repeaters, but due to the reduction in effective bandwidth available to end clients, repeaters are not the most highly recommended configuration. While any Cisco Aironet AP or LAP model can be used in either LWAPP or autonomous mode, in order to make that change, a software reimage is required. This is particularly complex when it goes from autonomous to LWAPP, so directly, no, an AIR-LAP1232AG-A-K9 does not natively support the repeater mode. It could be loaded with autonomous software and be made to support repeater mode, but that would involve a software change and a separate configuration.

A. No, LAPs cannot function independent of WLCs. LAPs function in conjunction with a WLC only. The reason is that the WLC provides all the configuration parameters and firmware that the LAP needs in the registration process.

A. No, only LAPs work when they are connected to a WLC. Autonomous APs do not understand the Lightweight AP Protocol (LWAPP) that the WLC uses. In order to connect an autonomous AP to a WLC, you must first convert the autonomous AP to lightweight mode.

A. It is based on the MAC address of the LAP.

A. Yes, the bridging mode is supported on the 1252 series AP.

A. No, the LWAPP infrastructure does not support PPPoE. The reason is that the PPPoE Ethertype is dropped at the controller.

A. You can reset the AP to the factory defaults through the wireless LAN (WLAN) controller (WLC). For the reset, the LAP should be registered to the WLC.

Complete these steps:

1. From the WLC GUI, click Wireless. The Wireless tab provides access to the Cisco WLAN Solution wireless network configuration.
2. Choose Access Points > Cisco APs, and then click Detail in order to navigate to the window for the specific AP.
3. Click Clear Config at the bottom of this window. This clears the configuration on the LAP and resets it to the factory defaults.

A. In order to reset the LAPs to the factory defaults with use of the command-line interface (CLI), issue the clear ap-config ap-name command from the WLC CLI.

A. LWAPP Layer 2 mode is only supported on these Cisco devices:

• Cisco 4100 Series Wireless LAN Controller (WLC)

• Cisco 4400 Series WLC

• Cisco Aironet 1000 Series LAP

A. Cisco Aironet 1000 Series APs use a string format for DHCP option 43, whereas the other Aironet APs use the type, length, value (TLV) format for DHCP option 43. You must program DHCP servers to return the option on the basis of the AP DHCP VCI string (DHCP option 60). This table provides the VCI string values for the different LAPs:

A. You can disable the reset button on APs that you have converted to lightweight mode. The reset button is labeled "MODE" on the outside of the AP. Use this command in order to disable or enable the reset button on one or all converted APs that are associated to a controller:

config ap reset-button {enable | disable} {ap-name | all} 

The reset button on converted APs is enabled by default.

A. The WLC supports only one regulatory domain. Therefore, a WLC that uses regulatory domain -A can only be used with APs that use regulatory domain -A (and so on). In this case, the WLC is set to -SG for Singapore, so it only supports APs in the Singapore regulatory domain.

When you purchase APs and WLCs, ensure that they share the same regulatory domain. Only then can the APs register with the WLC.

Multiple country code support— With WLC version 4.1.171.0 and later, mulitple country code support is introduced with WLCs. With release 4.1.171.0 and later, you can configure up to 20 country codes per controller. Support for multiple country codes enables you to manage access points in various countries from a single controller. This feature is not supported for use with Cisco Aironet mesh access points.

A. DHCP option 43 can be enabled on the DHCP server of the Cisco IOS router using this command:

Option 43 hex <string>

The hexadecimal string in this command is assembled by concatenating the TLV values for the option 43 sub-option.

Type + Length + Value

• Type is always the sub-option code 0xf1.

• Length is the number of controller management IP addresses times 4 in hex.

• Value is the IP address of the controller listed sequentially in hex.

For example, assume that there are two controllers with management interface IP addresses 10.126.126.2 and 10.127.127.2:

• The type is 0xf1.

• The length is 2 * 4 = 8 = 0x08.

• The IP addresses translate to 0a7e7e02 (10.126.126.2) and 0a7f7f02 (10.127.127.2).

• Assembling the string then yields f1080a7e7e020a7f7f02. The IOS command then added to the DHCP scope is:

  option 43 hex f1080a7e7e020a7f7f02

A. No, controllers handle APs on a first come, first serve basis. You possibly can play with the primary, secondary, and tertiary fields to increase the odds on AP connections to your preference.

A. With the WLAN override option, you can choose which SSIDs an AP offers. Controllers support only up to 16 SSIDs each, so you can only choose from among the supported 16. This is done on a per-AP basis.

A. Once your AP has successfully joined a controller, the LWAPP commands are disabled. In order to enable LWAPP commands again, you must set the username/password of the AP from the controller CLI with the config ap username <name> password <pwd> <cisco-ap>/all command. Once that is done, you can do a clear lwapp private-config in the AP CLI to allow you to manually re-issue the AP LWAPP configuration commands.

A. For Cisco Unified Wireless Network solution, you could configure three authentication servers per SSID if done explicitly on the SSID. If left to default to the global list, the limit is 17. Also, this value is consistent with different LAP models.

A. Whether APs are on the same channel or not, it does not particularly impact client roaming. What does matter is sufficient cell overlap such that clients can make smooth transitions from the coverage area of one AP to the next. The intent of a move from a three-channel design to a four-channel design is to increase design flexibility (because of the ‘extra’ channel). This approach is shortsighted because, while you add a bit of deployment flexibility (since you have another channel), you actually increase the amount of co-channel interference. What you might gain in design flexibility with the four-channel approach, you lose in the added co-channel interference. Bottom line: do not use a four-channel design.

A. Today, roaming is always a function of the client, and the choice to roam or not is implemented differently in various clients. Directed Roaming is a part of CCX, but it is an optional feature and is not used today.

A. In this case, you have to make some configuration changes. Turn on AP authorization on the Mesh controller to solve the problem. With that turned on, only Mesh APs are allowed (through the MAC filter list), and non-Mesh APs are not allowed. On the controller GUI, check these: Security->AP Policies->Policy Configuration->Authorize APs against AAA.

On the controller CLI, use these:

(Cisco Controller) >config auth-list ap-policy authorize-ap enable 
(Cisco Controller) >show auth-list

Authorize APs against AAA ....................... enabled
Allow APs with Self-signed Certificate (SSC) .... disabled

You still must check their mobility domains for the four indoor AP controllers and the one Mesh controller. If the intention is that these two networks are to be completely disjoint (with no failover possible for the APs of one network to a controller in the other network), the two mobility domains must be mutually exclusive. (This does not include the controllers from the other domain/group.)

A. This is the modification procedure with CLI:

1. Set the username/password of the AP from the controller CLI with this command:(WLC_CLI)>config ap username <user-id> password <passwd> {all | <AP name>}.
2. Use a clear lwapp private-config in the AP CLI.
3. Reissue the AP lwapp config commands.

   Note:  If the access points run the LWAPP-enabled IOS Recovery Image Cisco IOS Software Release 12.3(11)JX1 or later, use these CLI commands out of the box. Access points with the SKU prefix of LAP, for example, AIR-LAP-1131AG-A-K9, shipped on or after June 13, 2006, run Cisco IOS Software Release 12.3(11)JX1 or later. These commands are available to any access point that ships from the manufacturer that runs this code level, has the code upgraded manually to this level, or is upgraded automatically by connection to a controller that runs Version 4.0 or later

A. No, the power consumption on the AP1240 breaks down like this:

• 5 GHz only radio 11.56 watts

• 2.4 GHz only radio 12.96 watts

• Both radios on 15.0 watts

The power consumption on the AP1130 breaks down like this:

• 5 GHz only radio 9.750 watts

• 2.4 GHz only radio 9.910 watts

• Both radios on 12.20 watts

In either case, you can see that, for the AP to operate with a single radio, it requires more than 7 watts of power.

A. These are the different methods by which the 1130 AP can detect and receive power:

• Cisco inline power (detected with a capacitance method), referred to as a "pre-standard method" because it was designed prior to the introduction of IEEE 802.3af.

• 802.3af standard (detected with a resistive method). This can be either a 802.3af capable switch or an 802.3af mid-span device, which basically inserts power into the line much as does a power injector.

• Power injector mode. The power is sent through a Cisco powered injector, which is a smart method with a handshake, or through a manual "hack," such as a simple application of power on the unused pairs when the correct polarity is known.

• Cisco powered devices that use "Cisco Power Negotiation mode." This is a Cisco device that can support 802.3af yet can supply power through the Cisco inline power method. The switch is able to detect devices by both resistive or capacitive methods. In order for the "Cisco Power Negotiation mode" to work, the switch has to support the same.

• Local power (wall wart that connects power directly to the unit).

Nowadays, almost all Cisco switches support the "power negotiation" mode. The default value of Cisco AP uses the "power negotiation mode," but some switches still do not support power negotiation. In such cases, if you plug an 1130 AP into a Cisco switch, and the default of the Cisco AP is the "power negotiation mode," the AP spends approximately 90 seconds as it tries to negotiate power. If the earlier switch "fools" the AP so that it thinks it cannot provide the power "typically through CDP," the AP comes up in "safe mode" basically with the radios disabled, so it draws the least amount of current and allows you to manage the AP.

If you have an earlier Cisco switch without the power negotiation code, or you use another method of power, be it a mid-span device or power injector, you need to configure the AP for injector use rather than leave it at the default power negotiation.

This is the command to specify an injector in use:

Note: This command has been wrapped to a second line due to spatial concerns.

config ap power injector enable <ap-name> <switch port MAC 
address in xx:xx:xx:xx:xx:xx format>

where <ap> is the access point name on the controller, and <switch port MAC address> is the MAC address of the switch port to which the access point is connected.

A. These are some of the main factors to be considered for the WAN link:

• Ensure that the bandwidth of the WAN link is at least 128kbps.

• Ensure that the latency or round-trip delay between the two sites across the WAN link is not more than 100ms because more than a 100ms delay can create authentication problems to the client, especially when central authentication is implemented.

A. You need to use the IP address of the management interface of the anchor controller.

A. The LAP tries to associate with the WLC up to 20 times with LWAPP discovery messages. In case it is not able connect, it tries to obtain a new IP address through DHCP. If the LAP is able to get one IP address from the DHCP server, this IP address is the active one, and the statically assigned IP address is used for fallback. The idea behind this is that in case the LAPs are moved to a different VLAN (for example, to a another building), they are able to retrieve an IP address and join a WLC. This behavior is explained in bug CSCse66714. You must upgrade the WLC to software Version 4.0.206.0.

A. A bridge group name (BGN) can be used to logically group the APs in the mesh. Although by default, the APs come with a null value BGN to allow association, we recommend that you set a BGN. You can make this configuration change through the CLI or GUI with this command:

config ap bridgegroupname set Bridge Group Name Cisco AP 

Note:  BGNs can be a maximum of ten characters.

When you configure BGN on a live network, ensure that you configure from the farthest MAP and work your way back to the RAP. This is very important because you can strand a child MAP that cannot associate with a parent, which can have an updated BGN. Use different BGNs to logically group different parts of your network. This is useful in situations where you have RAPs within the same RF area and you want to keep segments of your mesh separated.

If you want to add a new AP to a live network, you must pre-configure the BGN on the new AP. If you bring up the mesh network from the scratch with new, out-of-the-box APs, the BGN is preset in the APs to a NULL value. APs join in a new network with this default value of the BGN. You can verify the BGN of an AP with this command:

show ap config general Cisco AP

A. If the AP is wrongly provisioned with a bridgegroupname other than the one for which it is intended, dependent upon the network design, this AP can or cannot be able to reach out and find its correct sector or tree. If it cannot reach a compatible sector, it can become stranded. In order to recover such a stranded AP, the concept of default bridgegroupname has been introduced. The basic idea is that an AP, which is unable to connect to any other AP with its configured bridgegroupname, attempts to connect with the bridgegroupname of default.

This is the algorithm used to detect this strand condition and recovery:

1. Passively scan and find all neighbor nodes, regardless of their bridgegroupname.

2. The AP attempts to connect to the neighbors that are heard with their own bridgegroupname with Adaptive Wireless Path Protocol (AWPP).

3. If Step 2 fails, attempt to connect with the default bridgegroupname with AWPP.

4. For each failed attempt of Step 3, exclusion-list the neighbor and attempt to connect the next best neighbor.

5. If the AP fails to connect with all neighbors in Step 4, reboot the AP.

6. If connected with default bridgegroupname for 30 minutes, re-scan all channels and attempt to connect with the correct bridgegroupname.

Note: When an AP is able to connect with the default bridgegroupname, the parent node reports the AP as a default child/node/neighbor entry on the WLAN controller so that a network administrator is aware of the stranded AP. Such an AP cannot accept any client or other mesh nodes as its children, nor can it pass any data traffic through.

A. No, monitor mode AP does not have the 100 msec restriction because there is no client association, the reason for restriction. The 100ms latency limitation was born out of varied, and often stringent, client authorization requirements, which is why both local mode and H-REAP APs have identical latency limitations. Obviously, monitor mode APs do not have the same client limitations.

A. The LAP 1020 model does not support bridging. The LAP 1030 supports bridging (one hop) to another LAP 1030 but not to a BR1310, BR1400, or LAP 1500 at this time.

A. The feature or the mode that performs the similar function of PSPF in Lightweight architecture is called peer-to-peer blocking mode. Peer-to-peer blocking mode is actually available with the controllers that manage the LAP.

If this mode is disabled on the controller, which is by default, it allows the wireless clients to communicate with each other through the controller. If the mode is enabled, it blocks the communication between clients through the controller.

It only works among the APs that have joined to the same controller. When enabled, this mode does not block wireless clients terminated on one controller from the ability to get to wireless clients terminated on a different controller, even in the same mobility group.

A. This can be due to incorrectly configured Power Over Ethernet (POE) parameters.

1. In order to access these parameters, click Wireless and then the Detail link of the desired access point. The new parameters appear on the All APs > Details page under POE settings.
2. On the APs > Details page of the access point, for the POE settings, click Power Injector State and choose Installed.
3. Check the check box to enable the Power Injector State for the access point. This parameter is required if the attached switch does not support IPM and a power injector is used. This parameter is not required if the attached switch supports IPM.

A. No. This cannot be done on LAP APs. Mesh APs can perform basic point-to-point bridging in a Cisco Unified Wireless Network. The only other bridging possible is through IOS APs in WGB (Workgroup Bridge) mode. These IOS APs act as clients (with wired devices behind them) to a LAP AP. But wireless clients cannot connect to these IOS APs.

A. The LAP APs cannot handle SNMP messages on their own. In order to handle SNMP messages, you should configure an SNMP community on the WLC to which the LAP is registered. All the AP information is managed by the WLC.