Lightweight APs

The available Cisco lightweight APs and their features are detailed in Table 9-6. Table 9-6 Cisco Lightweight AP Features

Feature

1000 Series

1100 Series (Currently 1121)

(Currently

1231)

1230 Series

1240 Series

1300 Series

1500 Series

Lightweight, or both autonomous and lightweight

Lightweight

Both

Both

Both

Both

Both

Both (lightweight in AP mode)

Lightweight

External antenna supported

Yes

No

No

Yes

Yes

Yes

Yes

Yes

Outdoor install supported

No

No

No

No

No

No

Yes

H-REAP

supported1

REAP

No

H-REAP

No

No

H-REAP

No

No

Dual radio

Yes

No (b/g only)

Yes

Yes

Yes

Yes

No (b/g only)

Yes

Power (watts)

13

6

15

15

14

15

N/A

N/A

Table 9-6 Cisco Lightweight AP Features (Continued)

1000

Feature

Series

Memory

16

(MBytes)

WLANs/

16

radio

supported

1100 Series (Currently 1121)

1100 Series (Currently 1121)

1130AG Series

1200 Series

(Currently

1231)

1230 Series

1240 Series

1300 Series

1500 Series

1 Remote edge AP (REAP) and hybrid REAP (H-REAP) are described in the "Design Considerations for Branch Office Wireless Networks" section later in this chapter.

AP models with the most memory support the most feature flexibility.

NOTE The AP features supported might change as products are updated, products are replaced, and other products become available. Refer to http://www.cisco.com/ for the latest product information.

NOTE If an AP is being used in a PoE configuration, the power drawn from the power sourcing equipment is higher than the maximum power required at the AP; the amount depends on the length of the interconnecting cable. Refer to the product data sheets at http://www.cisco.com/ for specific power requirements.

Lightweight AP Discovery and Join Process

As mentioned earlier, lightweight APs are deployed in a "zero-touch" fashion and are not configured directly. After a lightweight AP is physically installed and connected to an access port on infrastructure switch, the AP goes through a WLC discovery and join process using an exchange of LWAPP messages.

LWAPP WLC Discovery Process

The following are the LWAPP WLC discovery process steps:

Step 1 The AP issues a DHCPDISCOVER request to obtain an IP address, unless it has a static IP address configured.

Step 2 If the AP supports Layer 2 LWAPP transport mode, the AP broadcasts an LWAPP Discovery message in a Layer 2 LWAPP frame. Any WLC connected to the network configured to operate in Layer 2 LWAPP transport mode responds with a Layer 2 LWAPP Discovery Response.

Step 3 If Step 2 fails or if the AP does not support Layer 2 LWAPP transport mode, the AP attempts a Layer 3 LWAPP WLC discovery, as described in the next section.

Step 4 If Step 3 fails, the AP resets and returns to Step 1.

Layer 3 LWAPP transport mode is the most commonly used mode because it is more flexible and scalable than Layer 2 LWAPP transport mode. All Cisco WLC platforms and lightweight APs support Layer 3 LWAPP transport mode.

Layer 3 LWAPP Discovery Algorithm

The Layer 3 LWAPP WLC discovery algorithm is used by a lightweight AP to build a list of possible WLCs with which it can connect; this is called a controller list. After building the controller list, the AP selects a WLC and attempts to join with that WLC. A lightweight AP has the following mechanisms available to discover WLCs:

■ The AP broadcasts a Layer 3 LWAPP Discovery message on the local IP subnet.

■ If over-the-air provisioning is enabled on a WLC, APs joined to the WLC advertise their known WLCs in neighbor messages that are sent over the RF. New APs attempting to discover WLCs receive these messages and unicast LWAPP Discovery Requests to these WLCs.

■ The AP maintains previously learned WLC IP addresses locally in nonvolatile RAM. The AP sends a unicast LWAPP Discovery Request to each of these WLC IP addresses.

■ DHCP servers can be programmed to return WLC IP addresses in the vendor-specific "Option 43" in DHCPOFFER messages to Cisco lightweight APs. The AP sends a unicast LWAPP Discovery message to each WLC listed in the DHCP option 43 information.

■ The AP attempts to resolve the DNS name "CISCO-LWAPP-CONTROLLER.localdomain." If the AP can resolve this name to one or more IP addresses, the AP sends a unicast LWAPP Discovery message to the resolved IP addresses.

Each of the WLCs receiving the LWAPP Discovery message replies with a unicast LWAPP Discovery Response message to the AP. The AP compiles a list of candidate controllers.

LWAPP WLC Selection

The LWAPP discovery and selection process is important, because it provides a mechanism for network administers to manage which AP is joined to which WLC. WLCs embed important information in the LWAPP Discovery Response: the controller sysName, the controller type, the controller AP capacity and its current AP load, the Master Controller status, and AP-manager IP addresses.

The AP selects a WLC to which it sends an LWAPP Join Request from the candidate WLC list based on the embedded information in the LWAPP Discovery Response, as follows:

Step 1 If the AP has previously been configured with a primary, secondary, or tertiary controller, the AP examines the controller sysName field (from the LWAPP Discovery Responses), attempting to find the WLC configured as primary. If the AP finds a matching sysName, it sequentially tries to join the primary, secondary, and tertiary controllers.

Step 2 If no primary, secondary, or tertiary controllers have been configured for an AP, if these controllers cannot be found in the candidate list, or if the LWAPP joins to those controllers have failed, the AP then looks at the Master Controller status field in the LWAPP Discovery Responses from the candidate WLCs. If a WLC is configured as a Master Controller, the AP sends an LWAPP Join Request to that WLC.

Step 3 If the AP is unsuccessful at joining a WLC based on the criteria in Steps 1 and 2, it attempts to join the WLC that has the most capacity for AP associations.

When a WLC receives an LWAPP Join Request, the WLC validates the AP and then sends an LWAPP Join Response to the AP. The AP validates the WLC to complete the discovery and join process. The validation on both the AP and WLC is a mutual authentication mechanism, after which an encryption key derivation process is initiated. The encryption key is used to secure future LWAPP control messages. LWAPP-encapsulated data messages containing client data are not encrypted.

Lightweight AP and WLC Control Messages

After a lightweight AP has joined a WLC, the two devices send control messages to each other.

The AP downloads firmware from the WLC if its running code version does not match the WLC; the AP always matches its code revision to the WLC.

The WLC then provisions the AP with the appropriate SSID, security, QoS, and other parameters that have been configured on the WLC. At this point, the AP is ready to serve WLAN clients.

The WLC periodically queries the APs joined to it for statistics, in LWAPP control messages. These statistics are used for dynamic radio resource management (RRM), alarming, reporting, and other tasks.

The AP periodically (every 30 seconds) sends an LWAPP heartbeat control message to the WLC. The WLC responds to the heartbeat with an LWAPP acknowledgment. If a heartbeat acknowledgment from the controller is missed, the AP resends the heartbeat up to five times at 1-

second intervals. If no acknowledgment is received after five retries, the AP declares the controller unreachable, releases and renews its IP address, and looks for a new controller.

NOTE The heartbeat mechanism is used to support controller redundancy designs, as discussed in the "Controller Redundancy Design" section later in this chapter.

Access Point Modes

Lightweight APs can be configured to operate in the following modes, depending on their intended usage:

■ Local mode: The default mode of operation. When an AP is placed into local mode, it spends 60 ms on channels on which it does not operate, every 180 seconds. During this time, the AP performs noise floor (level) and interference measurements and scans for IDS events and rogue APs.

■ Remote edge AP (REAP) mode: REAP mode enables an AP to reside across a WAN link and still be able to communicate with the WLC and provide the functionality of a regular lightweight AP. Currently, REAP mode is supported only on the Cisco Aironet 1030 Lightweight APs. Hybrid REAP (H-REAP) is supported on the Cisco Aironet 1130 and 1240 AG Series Lightweight APs. REAP and H-REAP are described further in the later "Design Considerations for Branch Office Wireless Networks" section.

■ Monitor mode: In monitor mode, the radio on the lightweight AP is set to receive only, so the AP does not serve clients. The AP acts as a dedicated sensor for location-based services, rogue AP detection, and IDS. When an AP is in monitor mode, it continuously cycles through all configured channels, listening to each channel for approximately 60 ms. In this mode, an AP can also send packets to a rogue AP to deauthenticate end users.

■ Rogue detector mode: APs that operate in rogue detector mode monitor for the presence of rogue APs on a trusted wired network. They do not use their RF (the radio is turned off). An AP in rogue detector mode receives periodic rogue AP reports from the WLC (including a list of rogue client MAC addresses) and sniffs all Address Resolution Protocol (ARP) packets. The rogue detector AP can be connected to a trunk port to monitor all VLANs in the network because a rogue AP could be connected to any VLAN. If a match occurs between a MAC address in an ARP packet and a MAC address in the rogue AP report, the rogue AP to which those clients are connected is known to be on the wired network, so the rogue detector AP generates a rogue AP alert to the WLC. The AP does not restrict the rogue AP; it only alerts the WLC.

■ Sniffer mode: A lightweight AP that operates in sniffer mode functions as a protocol sniffer at a remote site; the AP is put into promiscuous mode. It captures and forwards all the packets (including time stamps, information on signal strength, packet size, and so forth) on a particular channel to a remote PC running AiroPeek, a third-party network analyzer software that supports decoding of wireless data packets. The AiroPeek software analyzes the packets it receives and provides the same information as it does when capturing packets using a wireless card. Sniffer mode should be enabled only when AiroPeek is running.

NOTE AiroPeek information is available at http://www.wildpackets.com/products/.

■ Bridge mode: The bridge mode feature on the Cisco Aironet 1030 Series (for indoor usage) and 1500 Series APs (for outdoor mesh usage) provides cost-effective, high-bandwidth, wireless bridging connectivity. Applications supported are point-to-point bridging, point-to-multipoint bridging, point-to-point wireless access with integrated wireless backhaul, and point-to-multipoint wireless access with integrated wireless backhaul.

Additional information on selecting an AP based on the intended use is covered in the "Designing Wireless Networks with Lightweight Access Points and Wireless LAN Controllers" section later in this chapter.

Was this article helpful?

0 0
Project Management Made Easy

Project Management Made Easy

What you need to know about… Project Management Made Easy! Project management consists of more than just a large building project and can encompass small projects as well. No matter what the size of your project, you need to have some sort of project management. How you manage your project has everything to do with its outcome.

Get My Free Ebook


Post a comment