cisco

CTS 097: Studying For CCNP Wireless Certification

François talks about this experience in studying for the CCNP Wireless certification and how you can get started.

This episode is sponsored by Metageek

Sponsored by Metageek

CCNP Wireless

Studying for CCNP Wireless

In order to get the CCNP Wireless certification, you need to pass the following 4 exams:

  • 300-360 WIDESIGN – Designing Cisco Wireless Enterprises Networks
  • 300-365 WIDEPLOY – Deploying Cisco Wireless Enterprises Networks
  • 300-375 WISECURE – Securing Cisco Wireless Enterprises Networks 
  • 300-370 WITSHOOT – Troubleshoot Cisco Wireless Enterprises Networks

François recommends studying them in the order above.

They are ranging between 55 and 60 questions each and you have 110 mins to complete them and each exam is $300 USD each.

How to study

Self study

  • Read the exam objectives
    • WIDESIGN Exam Topics – The Cisco Learning Network
    • WIDEPLOY Exam Topics – The Cisco Learning Network
    • WITSHOOT Exam Topics – The Cisco Learning Network
    • WISECURE Exam Topics – The Cisco Learning Network
  • Create a study book of all of the subjects you want to study
  • Research Cisco documentations to find more information about these specific subjects
  • Look at the Study Materials Tab on the exam page
  • If you have equipment, you can setup a lab and practise the configurations
    • Setup your own labs you will need at least 1 AP and 1 WLC
    • Configure dynamic interfaces
    • Configure Interfaces groups
    • Configure AP Groups and RF Profiles
    • Configure different SSID configurations
    • Troubleshoot an AP no joining
    • Ask a friend to break your config and try to troubleshoot it
    • Setup a freeradius server so you can test 802.1X even if you don’t have ISE
  • If you don’t have access to a WLC, you can download a virtual WLC with a 60 days eval license at Wireless – Cisco Virtual Wireless Controller – Cisco
    • It will be a .ova file ready to be used as a virtual machine
  • If you don’t have a Cisco AP, you can purchase an older one on eBay for cheap (ex: 3502)

Other ways to study

CTS 075: Controller vs Controller-less?

Today’s wireless networks can be built using controller-based hardware or controller-less (cloud managed). Which solution is best for your needs depends on what the requirements are.

Wi-Fi Question

Thanks Matt for submitting a question to the podcast:

Hi Guys,

I’m fairly experienced with networking but just starting to focus on wifi for my current employer.

I’ve been listening for a few months now and have heard mentioned a couple of time in regard to the placement of APs in an office environment that they should be in hallways not rooms, also, that in dense environments some 2.4 radios should be turned off.

We have an upgrade happening at the moment and I am considering the AP placement, particularly around larger meeting rooms (~20 seats). Most of our offices are open plan with a large meeting/board room at one end so AP’s are generally in the open but would it also be best to include one in the large meeting room itself?

More generally, what is the technical reason for hallways not rooms and why disable some 2.4 radios and how to calculate which APs to disable?

Really enjoying a different focus and the podcasts have been a great source of knowledge, also considering sitting the CWNA exam soon.

Looking forward to future podcasts, keep up the great work and content.

Listen to the episode for our responses to Matt’s question.

Controller vs Controller-less

What’s the best model to go with today. Should a controller be purchased for the network and utilize centralized traffic forwarding? Or should a controller-less model be a better fit. There’s no hardware controller involved to purchase and updates are done regularly.

François and I tackle some of these points at a high level.

Here are some of the topics we discuss:

Controller-based

  • Centralized
  • Tunneled traffic
  • Hardware costs (CapEx)

Controller-less

  • Locally switched traffic
  • Features added regularly
  • No controller hardware
  • Licensing (OpEx)
  • Examples
    • Meraki
    • Mojo
    • Aerohive
    • Open Mesh
    • Ubiquiti

Other

  • Cisco Mobility Express
  • Aruba Instant
  • Virtual controller
  • Can be tunneled or locally switched

Which is better for you?

The universal answer is, it depends. There are many questions to ask which involves your technical team and management. Do you prefer to have granularity over your WLAN and have ultimate control? Does your team have the expertise to manage a controller? Maybe you need that extra troubleshooting you get when accessing the command line interface.

Many times cost is a big factor. Purchasing a physical controller can take a big chunk of your budget. If you need redundancy you have to buy more than one controller. Cloud-based management of access points gives you less control or flexibility due to the vendor owning the cloud. But on the upside, you get updates much faster, newer features, and easier management of your wireless network.

So it always depends on your needs and requirements.

What do you think is the best model and why?

CTS 049: The Language on Cisco APs – NDP

If Cisco APs could talk to each other they would use NDP, Neighbor Discovery Protocol. NDP is important to Cisco RRM. It feeds a lot of the algorithms within RRM.

The purpose of Cisco NDP is to allow APs to build a “map” of their locations in relation to each other. Every 180 seconds an AP will send a neighbor discovery packet over the air to a multicast address of 01:0B:85:00:00:00 from each channel.

NDP packets are sent at the highest transmit power and at the lowest data rate supported by the transmitting channel.

In terms of configuration, we are provided with three options:

  • Channel Scan Interval – default is 180 seconds
  • Neighbor Packet Frequency – default is 180 seconds
  • Neighbor Timeout Factor – default is a value of 5

You can find these options in the WLC GUI:

Wireless > 802.11a/n/ac or 802.11b/g/n > RRM > General

Debug commands used to verify NDP

(Cisco Controller)> show ap auto-rf 802.11a AP1
Nearby APs
AP 00:3a:7d:44:44:44 slot 1.................. -23 dBm on 36 20MHz (192.168.1.5) AP4
AP 58:bc:27:33:33:33 slot 1.................. -18 dBm on 100 20MHz (192.168.1.5) AP3
AP 58:bc:27:22:22:22 slot 1.................. -40 dBm on 44 20MHz (192.168.1.5) AP2

AP1#debug capwap rm measurements
CAPWAP RM Measurements display debugging is on
*Aug 23 18:17:46.016: CAPWAP_RM: Timer expiry
*Aug 23 18:17:46.016: CAPWAP_RM: Neighbor interval timer expired, slot 1, band 0
*Aug 23 18:17:46.016: CAPWAP_RM: Triggering neighbor request on ch index: 2
*Aug 23 18:17:46.016: CAPWAP_RM: Sending neighbor packet #2 on channel 44 with power 1 slot 1
*Aug 23 18:17:46.016: CAPWAP_RM: Scheduling next neighbor request on ch index: 3
*Aug 23 18:17:46.230: CAPWAP_RM: Notification for Request id: 4044, slot: 1, status 1
*Aug 23 18:17:46.230: CAPWAP_RM: Neighbor packet sent successfully on 44
*Aug 23 18:17:46.233: CAPWAP_RM: Notification for Request id: 4044, slot: 1, status 1
*Aug 23 18:17:46.233: CAPWAP_RM: Neighbor packet sent successfully on 44
*Aug 23 18:17:49.017: CAPWAP_RM: Timer expiry
*Aug 23 18:17:49.017: CAPWAP_RM: Neighbor interval timer expired, slot 1, band 0
*Aug 23 18:17:49.017: CAPWAP_RM: Triggering neighbor request on ch index: 3
*Aug 23 18:17:49.017: CAPWAP_RM: Sending neighbor packet #3 on channel 48 with power 1 slot 1
*Aug 23 18:17:49.017: CAPWAP_RM: Scheduling next neighbor request on ch index: 4
*Aug 23 18:17:49.159: CAPWAP_RM: Notification for Request id: 4048, slot: 1, status 1
*Aug 23 18:17:49.159: CAPWAP_RM: Neighbor packet sent successfully on 48
*Aug 23 18:17:49.162: CAPWAP_RM: Notification for Request id: 4048, slot: 1, status 1
*Aug 23 18:17:49.162: CAPWAP_RM: Neighbor packet sent successfully on 48

AP1#debug capwap rm neighbor

CAPWAP RM Neighbor display debugging is on

*Aug 23 18:31:33.529: LWAPP NEIGHBOR: Pak size 104 from 58bc.27xx.xxxx, interface - 1
*Aug 23 18:31:33.529: LWAPP NEIGHBOR:  Updating existing neighbor 58bc.27xx.xxxx(1), rssi -35 on channel: 161 with encryption: 0
*Aug 23 18:31:33.529: LWAPP NEIGHBOR: Configured Antennas: 2, PA_POWER: 17, TPO_CONTRIBUTION: 3, Total NDP Power: 20
*Aug 23 18:31:33.529: LWAPP NEIGHBOR:  Neighbor update 58bc.27xx.xxxx(avg -36), new rssi -35, channel 161
*Aug 23 18:31:33.529: LWAPP NEIGHBOR: NDP-TLV: Received ndp-tlv payload
*Aug 23 18:31:33.529: LWAPP NEIGHBOR: NDP: copy TLV data to neighbor
*Aug 23 18:31:33.529: LWAPP NEIGHBOR: NDP Rx: From 58bc.27xx.xxxx RSSI [raw:norm:avg]=[-35:-35:-36] [Neigh Srv Chan: Neigh Off Chan : NDP Pwr]=[161:157:20  dB] Rcv Ch Max Pwr [20  dB]
*Aug 23 18:31:33.532: LWAPP NEIGHBOR: Pak size 76 from 58bc.27xx.xxxx, interface - 1
*Aug 23 18:31:33.532: LWAPP NEIGHBOR:  Updating existing neighbor 58bc.27xx.xxxx(1), rssi -36 on channel: 161 with encryption: 0
*Aug 23 18:31:33.532: LWAPP NEIGHBOR: Configured Antennas: 2, PA_POWER: 17, TPO_CONTRIBUTION: 3, Total NDP Power: 20
*Aug 23 18:31:33.532: LWAPP NEIGHBOR:  Neighbor update 58bc.27xx.xxxx(avg -36), new rssi -36, channel 161
*Aug 23 18:31:33.532: LWAPP NEIGHBOR: NDP Rx: From 58bc.27xx.xxxx RSSI [raw:norm:avg]=[-36:-36:-36] [Neigh Srv Chan: Neigh Off Chan : NDP Pwr]=[161:157:20  dB] Rcv Ch Max Pwr [20  dB]

Links and Resources

Cisco NDP via Packet6

Why Validation Surveys Aren’t Enough via Transmit Failure (Jake Snyder)

Wi-Fi Stickers via Access Agility

How The NFL and Its Stadiums Became Leaders in Wi-Fi Monetizing Apps and Customer Experience via ZDNet

CTS 048: Cisco Mobility Express

Cisco Mobility Express

Cisco Mobility Express is a small to medium sized Wi-Fi solution which can be deployed in just under 20 minutes. In this episode, I talk about my what Cisco Mobility Express entails and how I configured a couple of Cisco 1800 series access points.

Other access points that can be controllers with Cisco Mobility Express include the 2800 and 3800 series access points. This is a special image and not the lightweight images we typically use with the larger controller based models. What’s so special with Cisco Mobility Express is there is a built-in controller. This AP can serve wireless clients and function as a controller to manage up to 25 access points and 500 clients.

Installation

Deploying a Cisco Mobility Express controller can be completed in under 20 minutes. After completing the boot up process, a new SSID, CiscoAirProvision, will be enabled. It can be joined using your desktop/laptop computer or with an app, CiscoWireless.

For testing purposes I used the app on my iPhone which was surprisingly simple.

It’s only 5 steps:

  1. Configure an admin account
  2. Setup the controller – System name, management IP address, etc.
  3. Configure wireless networks
  4. Set up RF Parameter Optimization
  5. Confirm and Reboot

Reminder: Configure your switch port properly! If you’re tagging multiple VLANs for your wireless networks, be sure to configure trunk ports to the access point.

A controller can function as one single controller but for redundancy, each Cisco Mobility Express AP (1800,2800,3800 series) can be redundant to each other. But if you want to statically configure a primary and secondary controller, you can do so using the CLI.

The election of a controller happens in one of three ways:

  • User defined
  • Least client load
  • Lowest MAC address

All of your advanced troubleshooting will be done using the CLI as well.

Within the web interface, to manage the controller, you have the ability to modify the configuration such as radio policies for your SSID, VLAN tags for an SSID and advanced settings such as channels, channel widths, and transmit power.

Monitoring will yield statistics on access points and individual wireless clients.

You can view access point statistics such as:

  • Channel utilization
  • Interference
  • Configured data rates
  • Throughput
  • Noise
  • Current transmit power

Client statistics collected include:

  • MAC address
  • Uptime
  • Current SSID connected to
  • Signal strength
  • Basic client capabilities

In addition to the statistics above, you can view the top applications used by each client and on the network.

Useful Commands

To get to ap level from controller:

apciscoshell

To get back to controller cli from ap cisco shell:

AP>logout

Troubleshooting AP join issues from controller:

debug capwap events enable

More detail:

debug capwap detail enable

View errors:

debug capwap errors enable

What you can configure via the AP:

Set static IP address:

capwap ap ip <ip-address> <subnet mask> <default-gateway>

Configure static controller IP:

capwap ap primary-base <controller-name> <ip-address>

Setup a primary and secondary AP for controller:

config ap priority 4 <ap>

config ap priority 3 <ap>

Links and Resources

15 Wi-Fi Blogs To Read via Network Computing

Are there any other blogs missing from this list? One I can think of is http://www.mikealbano.com/

Interference sources on the Wi-Fi Network via Netscout

Cisco to dismiss up to 5500 employees or 7% of their workforce via Arstechnica

How To Deploy Cisco Mobility Express via Packet6

Troubleshoot AP Joining Issues via Packet6

Cisco Mobility Express Deployment Guide via Cisco