LAP Configuration

Cisco lightweight APs are designed to be "zero-touch" devices, which can be installed and used with little or no manual intervention. The WLC can manage every aspect of LAP operation, including code image synchronization, so almost no information needs to be primed or preconfigured in the LAP itself.

This section covers the tasks you should consider prior to an LAP installation.

Supplying Power to an LAP

A lightweight AP can require up to 15 W of power at 48 VDC. The exact amount of power depends upon the model and the types of radio that will be used. For example, a Cisco Aironet 1130AG requires a maximum of 12.2 W if both 802.11a and 802.11b/g radios are enabled at maximum transmit power.

Power can be supplied to an LAP through one of the following means:

■ AC adapter—The power supply can be plugged directly into the LAP if an AC power source is located near the LAP unit.

■ Power over Ethernet (PoE)—Power can be supplied over the switch port and Ethernet cable using either the Cisco inline power or the IEEE 802.3af method. Power can be supplied over Ethernet cable pairs 1,2 and 3,6 or over pairs 4,5 and 7,8.

■ Power injector—A small box is inserted somewhere between the switch port and the LAP's Ethernet connection. The AC adapter plugs directly into the power injector, supplying LAP power over Ethernet cable pairs 4,5 and 7,8. This method is useful when PoE is not available on the switch where the LAP connects.

If power is supplied over the Ethernet cable, the length of the powered portion of the cable can increase the LAP power requirements. For example, if a full-length 100-meter cable is used, the maximum power needed by an LAP can increase by about 2.5 W, going from 12.2 W to 14.7 W.

TIP When PoE is used to power an LAP from a switch interface, it is no different than using it to power a Cisco IP Phone. Refer to Chapter 14, "IP Telephony," for PoE switch configuration information.

Switch Port Configuration for LAP

Before you connect an LAP to a switch port, you should make sure that the port is properly configured. The LAP requires an access mode port—not a trunking port. You can place the LAP on any VLAN that is convenient in a switch block. For example, the LAP can sit on the user access VLAN along with other end users in the area.

Usually the best practice is to set aside a VLAN strictly for LAP management traffic. This VLAN contains one IP subnet reserved only for LAPs.

You can also enable Spanning-Tree PortFast on the access mode ports where LAPs connect. The LAP VLAN terminates on the LAPs and doesn't get extended any further. Therefore, no danger exists of that VLAN forming a loop somewhere in the wireless cloud.

You can use the following Catalyst IOS commands to configure LAP switch ports:

! Define the LAP access VLAN Switch(config)# vlan lap-vlan-num Switch(config-vlan)# name lap-vlan-name Switch(config-vlan)# exit ! Configure the LAP switch port Switch(config)# interface type mod/num Switch(config-if)# switchport

Switch(config-if)# switchport access vlan lap-vlan-num Switch(config-if)# switchport host Switch(config-if)# power inline auto Switch(config-if)# no shutdown Switch(config-if)# exit

Initial LAP Configuration

Once a WLC has been configured and is operational, a new LAP can be introduced on the network without any configuration—right out of the box! This is known as a "zero-touch" installation.

The LAP only needs two pieces of information to be able to boot up and start communicating with the WLC:

■ Addresses of one or more WLCs

You can power up an LAP, connect to its console port, and preconfigure this information. However, that introduces some administrative tasks that you don't usually need. Instead, you can use a DHCP server that is located somewhere on the network to provide IP addresses to your LAPs.

An LAP needs an IP address so that it can exchange messages with a WLC and bring up an LWAPP tunnel. Think of this address as a management address—most likely located on a management subnet or VLAN within a switchblock. Any addresses or subnets needed for the end users or wireless clients will be brought down to the LAP through the LWAPP tunnel.

If the WLCs and LAPs have their management interfaces connected to the same Layer 2 VLAN and IP subnet, an LAP can find the WLCs by sending a subnet broadcast. Any WLCs present on the subnet will reply, allowing the LAP to build a list of addresses.

If the WLCs are located on different IP subnets than the LAPs, the WLC addresses can be obtained in the contents of DHCP option 43 when the LAP receives a DHCP reply. The format of option 43 varies according to the LAP model. Cisco 1000 and 1500 series LAPs use a comma-separated list of WLC management interface addresses.

All other LAP models use a string of hex digits that represent a TLV (Type, Length, Value) field. The field is made up of the following values:

■ Length—Number of WLC addresses times 4 (4 bytes are in each WLC IP address)

■ Value—WLC management interface IP addresses

As an example, suppose that an IOS-based switch is used as the DHCP server to supply LAP IP addresses. The following configuration commands can be used:

Switch(config)# ip dhcp pool pool-name Switch (dhcp-config)# network ip-address subnet-mask Switch (dhcp-config)# default-router ip-address Switch (dhcp-config0# dns-server ip-address Switch (dhcp-config)# option 43 {ascii I hex} string Switch (dhcp-config)# exit

Suppose that the LAP management subnet is, the default router is, and the DNS server is Three WLCs are present, and the LAP should try them in this order:,, and

The IOS DHCP pool configuration would begin with the following commands:

Switch (config)# ip dhcp pool lap-pool

Switch (dhcp-config)# network

Switch (dhcp-config)# default-router

Switch (dhcp-config)# dns-server

For Cisco 1000 and 1500 series LAPs, DHCP option 43 would look like the following:

Switch (dhcp-config)# option 43 ascii "192.168.1,10,,"

whereas all other Cisco LAP models would have DHCP option 43 configured as follows:

Switch (dhcp-config)# option 43 hex 0xf10cc0a8010ac0a8010bc0a8010c

Here, the hex string is encoded as follows, from left to right:

■ 0c is the number of bytes in the list of WLC addresses; there are three IP addresses, for a total of 12 bytes (0c in hex).

■ c0a8010a is represented in hex.

TIP LWAPP uses UDP ports 12222 and 12223. You should make sure that these ports are permitted to pass between an LAP and any WLCs.

Using the WLC web interface, you can verify the state of the LAPs. From the Monitor Summary screen, look under the Access Point Summary section and click on the Detail link that is next to All APs. Figure 19-19 shows an example of the LAP status screen. If the Operational Status field is shown as REG, the LAP is booted, has brought up an LWAPP tunnel with the WLC, and is fully functional.

Figure 19-19 Displaying LAP Status Information

Figure 19-19 Displaying LAP Status Information

TIP Several Cisco access point models can run in either autonomous or lightweight mode. The mode is determined by the IOS code release that is running on the AP. If you need to know which mode your AP is currently running, connect to its console port and use the show version command.

If the Cisco IOS Software release name ends with a "JX" suffix, the lightweight mode is being used. Otherwise, it is running in autonomous mode. In the following two examples, the first AP is running in autonomous mode, whereas the second AP is running in lightweight mode: ap#show version

Cisco IOS Software, C1130 Software (C1130-K9W7-M), Version 12.3(7)JA1, RELEASE

SOFTWARE (fc1) Technical Support: Copyright (c) 1986-2005 by Cisco Systems, Inc. Compiled Thu 06-Oct-05 09:36 by evmiller ap#show version

Cisco IOS Software, C1130 Software (C1130-K9W8-M), Version 12.3(7)JX3, RELEASE

SOFTWARE (fc1) Technical Support: Copyright (c) 1986-2006 by Cisco Systems, Inc. Compiled Tue 28-Feb-06 21:14 by kellythw

Foundation Summary

The Foundation Summary is a collection of information that provides a convenient review of many key concepts in this chapter. If you are already comfortable with the topics in this chapter, this summary can help you recall a few details. If you just read this chapter, this review should help solidify some key facts. If you are doing your final preparation before the exam, this information will hopefully be a convenient way to review the day before the exam.

Table 19-3 AP Functions Divided as a Split-MAC Architecture




Transmit and receive 802.11 frames



Frame buffering and MAC management



802.11 encryption



RF management



Manage associations and roaming



Authenticate clients



Manage security policies



Handle quality of service



Table 19-4 LWAPP Tunnel Contents

LWAPP Tunnel Contents


Control messages

Messages between LAP and WLC; encrypted and authenticated

Client data

Packets between wireless clients and other hosts; not encrypted or protected

Table 19-B WLC Interfaces and Their Functions

Interface Type


IP Address


In-band management, Web sessions, AAA servers

Static, from a management subnet

AP Management

LWAPP tunnel endpoint address

Static, from a management subnet


Logical interface for DHCP relay

Bogus but unique address, can exist elsewhere in the network; is commonly used

Service Port

Out-of-band management during network outage

Static, on a special out-of-band subnet

Distribution System Port

Connects WLC to switched network; usually a trunk link carrying wireless client VLANs



Extended through LWAPP tunnels to LAPs for wireless clients

Static, on the VLANs that will be extended to clients through LWAPP tunnels


The questions and scenarios in this book are more difficult than what you should experience on the actual exam. The questions do not attempt to cover more breadth or depth than the exam; however, they are designed to make sure that you know the answers. Rather than allowing you to derive the answers from clues hidden inside the questions themselves, the questions challenge your understanding and recall of the subject. Hopefully, these questions will help limit the number of exam questions on which you narrow your choices to two options and then guess.

You can find the answers to these questions in Appendix A.

1. LWAPP is integral to operating a lightweight access point. What is so special about LWAPP?

2. How does a wireless client roam between two LAPs managed by the same WLC?

3. Can a client roam across two LAPs that are managed by two different WLCs? Explain why or why not.

4. Describe some of the functions that are divided between LAP and WLC in a "split-MAC" architecture.

5. List some of the advanced functions that can be performed by a WLC.

+1 -1

Post a comment