In this episode, we go over the Cisco Neighbor Discovery Protocol. The basis of Cisco RRM.

This episode is sponsored by Metageek.

Sponsored by Metageek

Cisco WLC Neighbor Discovery Protocol (NDP)

Cisco NDP, short for Neighbor Discovery Protocol and Neighbor Discovery Packets, is a critical component of Cisco’s auto RF feature, Radio Resource Management (RRM). The purpose of NDP is to provide over the air (OTA) messages between access points (AP). It monitors and manages what each AP sees in the radio frequency (RF). It’s essentially how every AP sees other APs in an RF Group or Neighborhood. The end result is actual RF path loss between APs.

I see NDP as a way for APs to build a map of their locations in relation to each other based on RF propagation and path losses. Every 180 seconds (3 minutes), an AP will send an over the air (OTA) message to a multicast address, 01:0B:85:00:00:00, from each channel.

NDP messages are sent at the highest transmit power and at the lowest data rate supported for the channel being transmitted on. The transmit power and data rate selection is not configurable by the end user and is hard coded.

Cisco Neighbor Discovery Protocol forms the basis of many algorithms within Cisco RRM. Because of that, it goes without saying, if NDP doesn’t work neither does RRM.

Learn more RRM from the white paper.

NDP is used by the following

  • RF Grouping Algorithm
  • Transmit Power Control (TPC – basis calculation for TPCv2)
  • Flexible Radio Architecture (FRA – basis for coverage overlap factor)
  • Rogue detection (If AP isn’t sending NDPs or unintelligible NDP then it is a rogue)
  • CleanAir (Used for interference reports)
  • CMX (For AP RF distance and path loss measurements)

As you can see, NDP is very important for RRM.

What’s inside a Cisco NDP Packet?

Field Name
Description
Radio Identifier
Slot ID for the sending radio
Group ID
IP Address and Priority code of sends WLC
Hash
RF Group name converted to a hash for authentication
IP address
IP of sending AP’s RRM Group Leader
Encrypted ?
Are we using Encrypted NDP?
Version
Version of NDP
APs Channel
Operating channel of the sending radio
Encryption Key Length
Encryption Key Name
Message Channel
Channel the NDP was sent on
Message Power
The power (in dBm) the message was sent at
Antenna
Antenna pattern of the sending radio

When an AP hears and receives an NDP message, it will validate the message from the transmitting AP to determine if it is a member of the same RF group. If it’s a valid NDP, the receiving AP will forward the message to the controller along with information such as the received channel and RSSI.

If the message is not in the same RF group it will be invalid and the packet will be dropped.

The message is added to a neighbor database. Each radio on each AP can store up to 34 neighbors ordered by RSSI, high to low.

There are two measurements taken:

  • RX neighbors – “How I hear other APs”
  • TX Neighbors – “How other APs hear me”

Configure Cisco NDP frequency

The frequency in which Neighbor Discovery Packets are sent out can be configured from the WLAN controller. By default, it is 180 seconds (3 minutes). It is recommended to keep this at the default.

The Channel Scan Interval is 180 seconds by default. Each channel dwell has to be completed within 180 seconds.

The Neighbor Timeout Factor is by default set to 5. This multiplier is multiplied by the Neighbor Packet Frequency value to come up with the timeout value. So with a default of 180 seconds for the Neighbor Packet Frequency x 5 = 900 seconds. This is the value used to determine when to prune access points from the neighbor list that have timed out.

If an AP were to disappear from the network, it would remain on other AP’s neighbor list until the pruning begins which is every 15 minutes.

Configuring NDP intervals in Cisco WLC.

To see these NDP packets over-the-air, I had two access points joined to my Cisco 2504 lab controller. Using Omnipeek, I set my adapter to to capture on Channel 64. I created a filter on the MAC address using addr(ethernet:’01:0B:85:00:00:00’).

In the screenshot below, notice the destination multicast address of 01:0B:85:00:00:00. Under the Relative Time column the NDP is sent out every 3 minutes, which is the default.

List of Cisco NDP packets in Omnipeek.

To find neighbor information using the Web GUI, click on the Monitor heading and on the left side, expand Access Points > Radios > Select radio.

Monitoring Cisco access points.

Then move your cursor all the way to the right and hover over the blue dropdown box to select Detail.

Selecting detailed under the 5GHz radio.

Cisco WLC displaying Rx neighbors based on NDP.

Use Command Line

Using the CLI, we can view nearby APs from the controller by selecting which AP to get the view from. There are three options to select from.
(Cisco Controller) >show ap auto-rf ?

802.11-abgn Display information for DualBand 802.11a/b/g/n.
802.11a Display information for 802.11a.
802.11b Display information for 802.11b/g.
802.11-abgn is used for APs with FRA.
802.11a displays information from the 5 GHz radio.
802.11b displays information from the 2.4 GHz radio.

Here’s truncated output from AP1 showing three neighboring APs.
(Cisco Controller)> show ap auto-rf 802.11a AP1
Nearby APs
AP 00:3a:7d:44:44:44 slot 1.................. -23 dBm on 36 20MHz (192.168.1.5) AP4
AP 58:bc:27:33:33:33 slot 1.................. -18 dBm on 100 20MHz (192.168.1.5) AP3
AP 58:bc:27:22:22:22 slot 1.................. -40 dBm on 44 20MHz (192.168.1.5) AP2

View NDP via CLI on AP

Another great debugging command is to view the RM measurements occurring from the access point. NDP packets will be sent out on each channel as you can see in the output below. I’ve truncated the rest of the messages.
AP1#debug capwap rm measurements
CAPWAP RM Measurements display debugging is on
*Aug 23 18:17:46.016: CAPWAP_RM: Timer expiry
*Aug 23 18:17:46.016: CAPWAP_RM: Neighbor interval timer expired, slot 1, band 0
*Aug 23 18:17:46.016: CAPWAP_RM: Triggering neighbor request on ch index: 2
*Aug 23 18:17:46.016: CAPWAP_RM: Sending neighbor packet #2 on channel 44 with power 1 slot 1
*Aug 23 18:17:46.016: CAPWAP_RM: Scheduling next neighbor request on ch index: 3
*Aug 23 18:17:46.230: CAPWAP_RM: Notification for Request id: 4044, slot: 1, status 1
*Aug 23 18:17:46.230: CAPWAP_RM: Neighbor packet sent successfully on 44
*Aug 23 18:17:46.233: CAPWAP_RM: Notification for Request id: 4044, slot: 1, status 1
*Aug 23 18:17:46.233: CAPWAP_RM: Neighbor packet sent successfully on 44
*Aug 23 18:17:49.017: CAPWAP_RM: Timer expiry
*Aug 23 18:17:49.017: CAPWAP_RM: Neighbor interval timer expired, slot 1, band 0
*Aug 23 18:17:49.017: CAPWAP_RM: Triggering neighbor request on ch index: 3
*Aug 23 18:17:49.017: CAPWAP_RM: Sending neighbor packet #3 on channel 48 with power 1 slot 1
*Aug 23 18:17:49.017: CAPWAP_RM: Scheduling next neighbor request on ch index: 4
*Aug 23 18:17:49.159: CAPWAP_RM: Notification for Request id: 4048, slot: 1, status 1
*Aug 23 18:17:49.159: CAPWAP_RM: Neighbor packet sent successfully on 48
*Aug 23 18:17:49.162: CAPWAP_RM: Notification for Request id: 4048, slot: 1, status 1
*Aug 23 18:17:49.162: CAPWAP_RM: Neighbor packet sent successfully on 48
*Aug 23 18:17:52.018: CAPWAP_RM: Timer expiry
*Aug 23 18:17:52.018: CAPWAP_RM: Neighbor interval timer expired, slot 1, band 0
*Aug 23 18:17:52.018: CAPWAP_RM: Skipping neighor request chan 52; DFS channel
*Aug 23 18:17:52.018: CAPWAP_RM: Scheduling next neighbor request on ch index: 5
*Aug 23 18:17:53.327: CAPWAP_RM: Timer expiry

RM Neighbor debugging

Another debugging command at the AP level will display NDP packets being received from other APs, including those not in the same RF group.

AP1#debug capwap rm neighbor

CAPWAP RM Neighbor display debugging is on
*Aug 23 18:31:33.529: LWAPP NEIGHBOR: Pak size 104 from 58bc.27xx.xxxx, interface - 1

*Aug 23 18:31:33.529: LWAPP NEIGHBOR:  Updating existing neighbor 58bc.27xx.xxxx(1), rssi -35 on channel: 161 with encryption: 0

*Aug 23 18:31:33.529: LWAPP NEIGHBOR: Configured Antennas: 2, PA_POWER: 17, TPO_CONTRIBUTION: 3, Total NDP Power: 20

*Aug 23 18:31:33.529: LWAPP NEIGHBOR:  Neighbor update 58bc.27xx.xxxx(avg -36), new rssi -35, channel 161

*Aug 23 18:31:33.529: LWAPP NEIGHBOR: NDP-TLV: Received ndp-tlv payload

*Aug 23 18:31:33.529: LWAPP NEIGHBOR: NDP: copy TLV data to neighbor

*Aug 23 18:31:33.529: LWAPP NEIGHBOR: NDP Rx: From 58bc.27xx.xxxx RSSI [raw:norm:avg]=[-35:-35:-36] [Neigh Srv Chan: Neigh Off Chan : NDP Pwr]=[161:157:20  dB] Rcv Ch Max Pwr [20  dB]

*Aug 23 18:31:33.532: LWAPP NEIGHBOR: Pak size 76 from 58bc.27xx.xxxx, interface - 1

*Aug 23 18:31:33.532: LWAPP NEIGHBOR:  Updating existing neighbor 58bc.27xx.xxxx(1), rssi -36 on channel: 161 with encryption: 0

*Aug 23 18:31:33.532: LWAPP NEIGHBOR: Configured Antennas: 2, PA_POWER: 17, TPO_CONTRIBUTION: 3, Total NDP Power: 20

*Aug 23 18:31:33.532: LWAPP NEIGHBOR:  Neighbor update 58bc.27xx.xxxx(avg -36), new rssi -36, channel 161

*Aug 23 18:31:33.532: LWAPP NEIGHBOR: NDP Rx: From 58bc.27xx.xxxx RSSI [raw:norm:avg]=[-36:-36:-36] [Neigh Srv Chan: Neigh Off Chan : NDP Pwr]=[161:157:20  dB] Rcv Ch Max Pwr [20  dB]

Conclusion

We briefly went over the purpose of Cisco NDP, neighbor discovery protocol, and how crucial it is to the RRM algorithms. I showed you where in the WLC GUI you can make changes to the NDP intervals but it is not recommended to change them other than the Neighbor Timeout Factor interval. In addition to capturing the NDP messages over-the-air, we saw how to capture NDP and some other RRM functions using debug commands from the controller and the AP.
The content of this post was first published on packet6.com

Join Clear To Send

Come join the Clear To Send community.

Powered by ConvertKit
About the Author
Rowell, CWNE #210, is a network engineer in Higher-Ed. He enjoys working with wireless networking technologies and loves to share and engage with the community. You can connect with him on Twitter, LinkedIn, and Facebook.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.