Beruflich Dokumente
Kultur Dokumente
Student Guide
Text Part Number: xx-xxxx-xx
Copyright 2006, Cisco Systems, Inc. All rights reserved. CCIP, the Cisco Powered Network mark, the
Cisco Systems Verified logo, Cisco Unity, Fast Step, Follow Me Browsing, FormShare, Internet Quotient, iQ
Breakthrough, iQ Expertise, iQ FastTrack, the iQ logo, iQ Net Readiness Scorecard, Networking Academy,
ScriptShare, SMARTnet, TransPath, and Voice LAN are trademarks of Cisco Systems, Inc.; Changing the Way We
Work, Live, Play, and Learn, Discover All Thats Possible, The Fastest Way to Increase Your Internet Quotient, and
iQuick Study are service marks of Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE,
CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco Press,
Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Empowering the Internet Generation,
Enterprise/Solver, EtherChannel, EtherSwitch, GigaStack, IOS, IP/TV, LightStream, MGX, MICA, the Networkers
logo, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, RateMUX, Registrar, SlideCast, StrataView Plus,
Stratm, SwitchProbe, TeleRouter, and VCO are registered trademarks of Cisco Systems, Inc. and/or its affiliates in
the U.S. and certain other countries.
All other trademarks mentioned in this document or Web site are the property of their respective owners. The use of
the word partner does not imply a partnership relationship between Cisco and any other company. (0201R)
Table of Contents
Volume 1
CWLF
Course Introduction
Overview
In this course, you will examine the fundamentals of Ciscos wireless LAN technology. You
will explore the concepts of autonomous and lightweight access points and controllers. In
addition, you will explore network management solutions and security. After completing this
course you will be able to discuss configuration, management of both autonomous and
lightweight wireless networks.
CWLF v1.03
Course Goal
To enable System Engineers and Field Engineers to
offer their customers the most innovative and
comprehensive suite of WLAN solutions in the
industry, spanning a wide range of customer sizes and
needs.
Cisco Wireless LAN Fundamentals
CWLF v1.04
Upon completing this course, you will be able to meet these objectives:
Describe detailed modulation and spreading techniques and how it is used with various
antennas
Describe detailed technical features, functions, and benefits of the WLAN product
offerings available from Cisco
Secure a WLAN using security methods and products available from Cisco
Describe the requirement necessary for deployment and performing a site survey
Describe the steps, concepts, and tools available while performing a site survey
Course Flow
This topic presents the suggested flow of the course materials.
Course Flow
Day 1
A
M
Course
Introduction
Cisco Aironet
WLAN Products
Day 2
Day 3
Advance Feature
Set Product
Administration
Cisco Wireless
Mesh Network
Installation
Day 4
Site Survey
Preparation
Lunch
Wireless
Bridges
P
M
Aironet
Desktop Utility
Advance Feature
Set Product
Administration
(Cont.)
WLAN
Management
Solutions
Security
Site Survey
Preparation
(Cont.)
Manual Site
Survey Tools
and Utilities
CWLF v1.05
The schedule reflects the recommended structure for this course. This structure allows enough
time for the instructor to present the course information and for you to work through the lab
activities. The exact timing of the subject materials and labs depends on the pace of your
specific class.
Course Introduction
Additional References
This topic presents the Cisco icons and symbols that are used in this course, as well as
information on where to find additional technical references.
Access
Point
Network
Management
Appliance
Router
CiscoWorks
Workstation
File
Server
Line: Ethernet
BBFW
Media
Switch
Laptop
Wireless
Connectivity
Wireless Bridge
Cisco
5500
Family
Workgroup
Switch
Network
Cloud,
White
Scanner
100BaseT
Hub
Tablet
2006 Cisco Systems, Inc. All rights reserved.
CWLF v1.06
WLAN Controller
Access point
Wireless Dual
Mode Access
Point
Wireless
Router
Integrated Service
Router
Rooftop or poletop
access point
Wi-Fi Tag
CWLF v1.07
Course Introduction
Module 1
Module Objectives
Upon completing this module, you will be able to describe detailed modulation and spreading
techniques and how it is used with various antennas. This ability includes being able to meet
these objectives:
Describe the basic concepts of modulation and spreading techniques used in WLAN
applications
1-2
Lesson 1
Objectives
Upon completing this lesson, you will be able to describe the basic concepts of modulation and
spreading techniques used in WLAN applications. This ability includes being able to meet
these objectives:
Discuss theories and processes of using spread spectrum technology to send data over a RF
signal
FM Broadcast
Infrared Wireless LAN
Television
Cellular (840 MHz)
NPCS (1.9 GHz)
Extremely Very
Very Ultra Super
Visible UltraLow Medium High
Infrared
Low
Low
High High High
Light violet
902-928 MHz
26 MHz
X Ray
5 GHz
802.11a
Frequencies Vary
with Countries
CWLF v1.0m1-2
There are three unlicensed bands: 900 MHz, 2.4 GHz, and 5.7 GHz. The 900-MHz and 2.4GHz bands are referred to as the Industrial, Scientific, and Medical (ISM) bands, and the 5GHz band is commonly referred to as the Unlicensed National Information Infrastructure
(UNII) band.
Frequencies for these bands are as follows:
1-4
2.4-GHz band: 2.400 to 2.483 GHz (in Japan extends to 2.495 GHz)
5-GHz band: 5.150 to 5.350 MHz, 5.725 to 5.825 MHz, with some countries supporting
middle bands between 5.350 and 5.825 MHz. The number of countries that permit 802.11a
and the available spectrum varies widely, and the list change quickly.
Frequency
Band
Availability
Maximum Data
Rate
Other Services
(Interference)
802.11b
802.11a
802.11g
2.4 GHz
5 GHz
2.4 GHz
Worldwide
Limited
(Growing)
Worldwide
11 Mbps
54 Mbps
54 Mbps
Cordless phones,
Microwave ovens,
Wireless video, and,
Bluetooth devices
HyperLAN
devices,
Maritime and
satellite
systems
Cordless phones,
Microwave ovens,
Wireless video, and,
Bluetooth devices
CWLF v1.0m1-3
5 GHz (802.11a)
The IEEE also ratified the 802.11a standard in 1999, but the first 802.11a-compliant products
did not begin appearing on the market until December 2001. The 802.11a standard delivers a
maximum data rate of 54 Mbps and twelve nonoverlapping frequency channelsresulting in
increased network capacity, improved scalability, and the ability to create microcellular
deployments without interference from adjacent cells. Operating in the unlicensed portion of
the 5 GHz-radio band, 802.11a is also immune to interference from devices that operate in the
2.4-GHz band, such as microwave ovens, cordless phones, and Bluetooth devices (a shortrange, low-speed, point-to-point, personal area network [PAN] wireless standard).
The 802.11a standard is not, however, compatible with existing 802.11b-compliant wireless
devices. Organizations with 802.11b equipment that want the extra channels and network speed
supported by 802.11a technology must upgrade to a product that supports the technology.
Some product support dual-band operation, and it is important to note that 2.4- and 5-GHz
equipment can operate in the same physical environment without interference.
1-5
points. Because 802.11g and 802.11b operate in the same 2.4-GHz unlicensed band, migrating
to 802.11g is an affordable choice for organizations with existing 802.11b wireless
infrastructures. Note that 802.11b products cannot be software upgraded to 802.11g. This
limitation is due to the fact that 802.11g radios use a different chipset in order to deliver the
higher data rate. However, much like Ethernet and Fast Ethernet, 802.11g products can be
commingled with 802.11b products in the same network. Both 802.11g and 802.11b operate in
the same unlicensed band. As a result, they share the same three channels that can limit
wireless capacity and scalability.
1-6
CWLF v1.0m1-4
When an IEEE committee works on a standard, the members ask to have engineers from all
appropriate companies in the field participate in the development of the specification. The
802.11 committee is no different. Engineers from many different wireless data companies (and
some wired LAN companies) together developed a standard that they believe is a high-quality,
high-performance standard.
For this reason an 802.11 radio will be a better product than any of the older proprietary
products. The 802.11 standard defines such things as receiver sensitivity, MAC layer
performance, data rates, security, and so on.
Radio engineers put the 802.11 specification together from wireless companies such as Cisco
Systems (Aironet), Harris Corporation (Intersil), and Lucent Technologies (Agere), as well as
network engineers from companies such as Bay Networks, 3Com Corporation, and Microsoft
Corporation.
1-7
WI-Fi Certification
CWLF v1.0m1-5
The Wi-Fi Alliance offers certification for interoperability among 802.11 products offered by
various vendors. This certification provides a comfort zone for the users purchasing the
products. It also helps market the WLAN technology, by promoting interoperability between
vendors. Certification includes all three 802.11 RF technologies, as well as Wi-Fi Protected
Access (WPA), a security model that follows the 802.11i security task group work.
1-8
CWLF v1.0m1-6
The 802.11a, b, and g specifications all relate to WLAN physical layer standards.
Cisco Aironet access points in this release support the 802.11d standard for world mode. World
mode enables the access point to inform an 802.11d client device which radio setting the device
should use to conform to local regulations.
The IEEE 802.11e standard is being developed to enhance the current 802.11 MAC to expand
support for applications with quality of service (QoS) requirements and improve the
capabilities and efficiency of the protocol. This standard will assist with voice, video, and other
time-sensitive applications. In March 2005, the IEEE will submit this standard to the Executive
Committee for approval.
The IEEE 802.11F standard is a recommended practice guideline, defining a protocol for
intercommunication between access points, to assist in roaming, and handoff of traffic. Most
vendors have implemented their own proprietary Inter-Access Point Protocol (IAPP) for use
with their access points.
The IEEE 802.11h standard is supplementary to the MAC layer to comply with European
regulations for 5-GHz WLANs. Most European radio regulations for the 5-GHz band require
products to have transmission power control (TPC) and dynamic frequency selection (DFS).
TPC limits the transmitted power to the minimum needed to reach the farthest user. DFS selects
the radio channel at the access point to minimize interference with other systems, particularly
radar.
The IEEE 802.11i standard is intended to enhance the current 802.11 MAC to provide
improvements in security.
The IEEE 802.11j standard is intended to enhance the 802.11 standard and amendments, to add
channel selection for 4.9 GHz and 5 GHz in Japan to conform to Japanese rules on operational
mode, operational rate, radiated power, spurious emissions, and channel sense.
Copyright 2006, Cisco Systems, Inc.
1-9
The IEEE 802.11k task group was developed to define and expose radio and network
information as well as facilitate the management and maintenance of a wireless and mobile
LAN. It is also expected to enable new applications based on this radio informationfor
example, location-enabled services.
1-10
802.11a
Ratified as standard in September 1999
Provides similar technology to HyperLAN 2.0
Data rates to 54 Mbps defined
Provides eight indoor WLAN channels today
More channels forthcoming
CWLF v1.0m1-7
The Cisco Aironet 1000 Series consists of three access points each featuring dual 2.4- and 5GHz radios supporting IEEE 802.11a, 802.11b and 802.11g. In addition it is available with a
single 2.4 GHz radio that supports 802.11g and 802.11b, for installations where 5 GHz is not
allowed due to regulatory restrictions. All interoperate with Cisco Wireless LAN Controllers
and the Wireless Control System (WCS) management tool. Each is optimized for different
application scenarios:
1-11
802.11a Issues
Twelve channels (UNII-1, UNII-2 and UNII-3 combined)
Avoid the use of adjacent channels in adjacent cells due to
sidebands
Antenna limitations
UNII-1Indoor usage. The requirement for permanently attached
antennas in the U.S. was removed in June, 2004
UNII-2Indoor/outdoor and may use external antennas
UNII-3Can be used indoors
CWLF v1.0m1-8
The 5-GHz band is divided into several sections. The lower eight channels cover the two
sections known as UNII-1 and UNII-2. Each of these sections includes 100 MHz of spectrum,
in which there are four channels. The UNII-1 band has limitations in the United States (and
some other countries) that require it to be used indoors. UNII-2 is permitted for both indoor and
outdoor usage, and permits external antennas. UNII-3 can be used indoors or outdoors.
There are rule changes under way. With the adoption of 802.11h, the new rules will provide up
to an additional 11 channels in many countries, as well as providing the UNII-3 band for
WLAN usage. This change will increase the number of WLAN channels from eight to as many
as 24.
1-12
802.11b
11 Mbps 2.4 GHz direct sequence
Ratified as standard in September 1999
11 U.S. channels
13 European Telecommunications Standards Institute (ETSI)
channels
14 Japanese channels
Power levels:
36 dBm Effective Isotropic Radiated Power (EIRP)-Federal
Communications Commission (FCC)
20 dBm EIRP-ETSI
Virtually approved for worldwide use
CWLF v1.0m1-9
The 802.11b standard was ratified in 1999. Products were actually introduced into the market
before the standard was ratified; 802.11b became the de facto standard for wireless, and
adoption grew rapidly. There are 11 channels available in the United States. However, only
three of these channels are nonoverlapping. In the European Telecommunications Standards
Institute (ETSI) domains, there are 13 available channels, but again there are only three
nonoverlapping channels. In Japan, there is an additional channel located at the top end of the
band. It is possible to use this along with three other channels for a total of four nonoverlapping
channels.
1-13
802.11g
Standard for higher-rate
(20+ Mbps) extensions in the 2.4GHz band
Provides data rates up to 54 Mbps at
2.4 GHz
Same speeds as 802.11a
802.11g
11 MB
802.11b
CWLF v1.0m1-10
The 802.11g standard was ratified in June 2003. Products were actually being shipped before
the standard was ratified. The speeds of 802.11g promised to be similar to those of 802.11a,
and 802.11g uses the same frequencies as 802.11b. As a result, 802.11g has full backward
compatibility with 802.11b.
1-14
CWLF v1.0m1-11
CWLF v1.0m1-12
1-15
CWLF v1.0m1-13
Transmitting a signal using 802.11 specifications is a two-way communication, using the same
frequency for both transmit and receive (often called half-duplex or simplex). The 802.11
specification was developed so that there would be no licensing required in most countries, and
the user could install and operate without any license or operating fees.
Spread spectrum is a type of emission designed to be somewhat immune to interference,
difficult to detect, and hard to intercept.
U.S. Actress Hedy Lamarr and music composer George Antheil patented the concept of spread
spectrum in 1942. The idea was to provide a method for guiding a torpedo without interference
from a jamming signal.
In 1986, the U.S. Federal Communications Commission (FCC) agreed to allow the use of
spread spectrum in the commercial market under the ISM bands.
Just as the radio in your car has amplitude modulation (AM) and frequency modulation (FM)
bands, other radios use different bands and types of modulation.
1-16
Transmitting a Signal
The goal of sending data over RF
is to:
Send as much data as far
and as fast as possible
CWLF v1.0m1-14
When you are transmitting a signal in data format, three questions must be addressed:
How far: How far apart can the units be that are transmitting or receiving and still get the
maximum data rate?
How many: How many users can be on the system without slowing the data rate to an
unacceptable level? The 2.4-GHz and 5-GHz products operate as a shared medium and
have the same scalability and utilization issues as a wired Ethernet segment.
These factors all relate to the ability to receive a good signal as far away as possible. Increasing
the amount of data requires the use of more frequency spectrum or a different method of
placing the data on the RF signal (modulation technique).
1-17
Frequency Bandwidth
CB Radio Signal
FM Radio Signal
TV Signal
3K
175K
4500K
Bandwidth in kHz
2005 Cisco Systems, Inc. All rights reserved.
CWLF v1.0m1-15
As more information is placed on a radio signal, more frequency spectrum (or bandwidth) is
used. A brief comparison is a follows:
A citizens band (CB) signal has very low-quality audio and requires about 3 kHz of
bandwidth.
An FM radio signal provides high-quality audio that consumes about 175 kHz of
bandwidth.
A TV signal contains both audio and video and uses almost 4500 kHz (4.5 MHz) of
bandwidth.
1-18
Modulation
Complex modulation
Better signal strength
Less coverage area
Complex modulation
schemes compress data
Better (quieter) phone line
needed for higher speed
More noise, less speed
Signal Strength
Strong
Low
Medium
Medium
Weak
High
Noise Level
CWLF v1.0m1-16
Years ago, a modem was able to communicate at 300 baud. Today, a 56-kbps modem gets
much higher speeds over the same wire as the 300-baud modem. This increase in speed is due
to the modem compressing the data into a smaller space and using the same bandwidth of the
phone line that the 300-baud modem used.
One problem that may arise is that if there is noise on the phone line, the modem speed will be
reduced. As the data is further compressed, it requires a stronger signal as compared to the
noise level. More noise means slower speed for the data to be received correctly.
The same is true in radio. As a receiver moves farther from a transmitter, the signal gets
weaker, and the difference between the signal and noise decreases. At some point, the signal
cannot be distinguished from the noise, and loss of communication occurs. The amount of
compression (or modulation type) at which the signal is transmitted determines the amount of
signal necessary to be clearly received through the noise.
As transmission or modulation schemes (compression) become more complex and data rate
goes up, immunity to noise decreases, and coverage goes down.
1-19
CWLF v1.0m1-17
The 802.11b specification uses different modulation techniques, including the following:
1-20
Binary Phase Shift Keying (BPSK): BPSK uses one phase to represent a binary 1 and
another to represent a binary 0 for a total of two bits of binary data. This technique is used
to transmit data at 1 Mbps.
Quadrature Phase Shift Keying (QPSK): With QPSK, the carrier undergoes four
changes in phase and can thus represent four binary bits of data. This technique is used to
transmit data at 2 Mbps.
Complementary Code Keying (CCK): CCK uses a complex set of functions known as
complementary codes to send more data. One of the advantages of CCK over similar
modulation techniques is that it suffers less from multipath distortion. This technique is
used to transmit data at 5.5 and 11 Mbps.
0=11001100100
11001100100
11001100100
00110011011
1
CWLF v1.0m1-18
A feature of these codes is that the receiver could actually miss several bits and the software
would still be able to identify that the code was intended to be a 1 or a 0. If there were an
interfering signal, the unit would still be able to get the data through without loss of data or
reduction in throughput or performance.
Note
A bit received that was a 01111011011 would, when compared to a 1, be two bits different.
Compared to a 0, it would be 9 bits different. Therefore, that received bit should represent a
1. More than 5 data bits would have to be inverted to change the value, which means that
more than half the signal would have to be lost before the original message would be
impossible to reconstruct.
1-21
2.4-GHz Antennas
This topic describes the various 2.4-GHz antennas available from Cisco.
North American
11 channels each channel 22 MHz wide
Three nonoverlapping channels
ETSI
13 channels each channel 22 MHz wide
Still only three nonoverlapping channels
Three access points can occupy same area
2005 Cisco Systems, Inc. All rights reserved.
CWLF v1.0m1-19
With 802.11b and 802.11g products, the energy is spread over a wide area of the band. With
802.11b or 802.11g products, the channels have a bandwidth of 22 MHz. This bandwidth will
allow three nonoverlapping, noninterfering channels to be used in the same area.
If there is severe signal interference in one area, it is possible to change to another channel and
totally avoid the interference. Normally, changing channels does not happen automatically in
DSSS and must be done with reconfiguration to the access point. Cisco firmware will allow an
access point to search for the least congested channel.
1-22
2-Mbps DSSS
5.5-Mbps DSSS
11-Mbps DSSS
CWLF v1.0m1-20
All Cisco 802.11 WLAN products have the ability to data rate shift while moving. This allows
the person operating at 11 Mbps to shift to 5.5 Mbps, 2 Mbps, and finally still communicate at
the outside ring at 1 Mbps. This rate shifting happens without losing connection and without
any interaction from the user. Rate shifting also happens on a transmission-by-transmission
basis. Therefore, the access point has the ability to support multiple clients at multiple speeds
depending upon the location of each client.
1-23
802.11b Scalability
Blue = 11 Mbps
Red = 11 Mbps
CWLF v1.0m1-21
Scalability is the ability to locate more than one access point in the same area, increasing the
bandwidth of that area for all users local to that access point.
Because 802.11 2.4-GHz systems have three nonoverlapping channels, three discrete systems
can reside in the same area with no interference. If more than three systems are required in the
same area, they must time share the frequency. Therefore, the highest aggregate (total
combined) data rate for an 802.11b system is 33 Mbps for a given cell area.
Using the ability to scale throughput and add access points in the same cell area increases the
overall available bandwidth of any cell.
1-24
Modulation with
Sub-channels
BPSK
125
BPSK
187.5
QPSK
250
12
QPSK
375
18
16-QAM
500
24
16-QAM
750
36
64-QAM
1000
48
64-QAM
1125
54
CWLF v1.0m1-22
OFDM is the modulation technique used by 802.11a and 802.11g. OFDM works by breaking
one high-speed data carrier into several lower-speed sub-carriers, which are then transmitted in
parallel. Each high-speed carrier is 20 MHz wide and is broken up into 52 subchannels, each
approximately 300 kHz wide. OFDM uses 48 of these subchannels for data, while the
remaining four are used for error correction. Coded Orthogonal Frequency Division
Multiplexing (COFDM) delivers higher data rates and a high degree of multipath reflection
recovery, thanks to its encoding scheme and error correction.
Each sub-channel in the OFDM implementation is about 300 kHz wide. At the low end of the
speed gradient, BPSK is used to encode 125 kbps of data per channel, resulting in a 6000-kbps,
or 6-Mbps, data rate. Using QPSK, you can double the amount of data encoded to 250 kbps per
channel, yielding a 12-Mbps data rate. And by using 16-state quadrature amplitude modulation
(16-QAM) encoding 4 bits per cycle, you can achieve a data rate of 24 Mbps. The 802.11a
standard specifies that all 802.11a-compliant products must support these basic data rates. The
standard also lets the vendor extend the modulation scheme beyond 24 Mbps. Data rates of 54
Mbps are achieved by using 64-state quadrature amplitude modulation (64-QAM), which yields
8 bits per cycle or 10 bits per cycle, for a total of up to 1.125 Mbps per 300-kHz channel. With
48 channels, this results in a 54-Mbps data rate. Remember, the more bits per cycle (hertz) that
are encoded, the more susceptible the signal is to interference, and ultimately the shorter the
range, unless power output is increased.
1-25
20 MHz
Channel sampled at 20 MHz
64-sample (3.2 microsecond) symbols
16-sample (0.8 microsecond) cyclic prefix/guard interval
250 symbols per second
Of 64 subcarriers:
12 zero subcarriers (In black) on sides and center
Side is frequency guard band leaving 16.5 MHz occupied bandwidth
Center subcarrier is zero for DC offset/carrier leak rejection
48 data subcarriers (in green) per symbol
4 pilot subcarriers (in red) per symbol for synchronization/tracking
CWLF v1.0m1-23
The OFDM encoding scheme works by splitting the 20-MHz radio channel into 52 smaller
subcarriers, 48 of which are used to transmit data. The remaining four subcarriers are used as
pilot carriers for monitoring path shifts and intercarrier interference (ICI). These subcarriers are
then transmitted simultaneously at different frequencies to the receiver.
1-26
5150
5180
Lower Band Edge
5200
5220
5240
5260
5280
5300
5320
5350
Upper Band Edge
5725
5745
Lower Band Edge
2005 Cisco Systems, Inc. All rights reserved.
5765
5785
5805
5825
Upper Band Edge
CWLF v1.0m1-24
The figure shows the center frequency of the channels. The frequency of the channel is 10 MHz
on either side of the dotted line and there is 5 MHz of separation between channels.
The 802.11a standard has twelve channels without overlap of frequency; 802.11b has 11
channels with only three channels that do not overlap in frequency. UNII-1 uses the first four
channels and UNII-2 uses the second four channels and UNII-3 uses the upper 4 channels. The
lower and middle UNII U.S. channels included the following:
Four channels
When the radio is capable of transmitting on UNII- 1 and UNII- 2, it must follow
UNII- 1 rules for transmit power and antenna gain
If the radio is UNII- 2 only, the radio can transmit at 200 mW and use removable
antennas
Four channels
1 W maximum with 6-dBi antenna for point-to-multipoint and 23-dBi antenna for
point-to-point
Four channels
1-27
Taiwan (-T)
Frequency
(MHz)
5170
5180
5190
5200
5210
5220
5230
5240
5260
5280
5300
5320
Singapore (-S)
Channel ID
34
36
38
40
42
44
46
48
52
56
60
64
Japan (-J)
http://www.cisco.co
m/go/aironet/compli
ance
Americas (-A)
Channel Set
For more
information see:
x
x
x
x
x
x
x
x
x
x
x
x
x
40
x
x
x
x
x
40
20
40
CWLF v1.0m1-25
1-28
UNII- 1: 50 mW in the United States and Japan, 200 mW in Europe, 4 channels (5.15 to
5.25), indoor access, fixed antenna
UNII- 2: 250 mW in United States, four channels (5.25 to 5.35), indoor and outdoor use,
flexible antenna
UNII- 3: 1 W in the United States, four channels (5.725 to 5.825), indoor and outdoor use,
flexible antenna
HiperLAN: 200 mW in Europe, eight channels (5.25 to 5.35), indoor use only
HiperLAN II: 1 W in Europe, 11 channels (5.470 to 5.725), indoor and outdoor use,
flexible antenna
CWLF v1.0m1-26
Like the 802.11b products, the 802.11a products also support multiple data rate cells. Unlike
the four data rates supported by 802.11b radios, the 802.11a radios support eight different data
rates.
Similar to the 802.11b radios, all 802.11a products also have the ability to data rate shift while
moving. The 802.11a products allow the person operating at 54 Mbps to shift to 48 Mbps, 36
Mbps, 24 Mbps, 18 Mbps, 12 Mbps, 9 Mbps, and finally still communicate at the outside ring
at 6 Mbps. This rate shifting happens without losing connection and without any interaction
from the user. Rate shifting also happens on a transmission-by-transmission basis; therefore the
access point has the ability to support multiple clients at multiple speeds, depending upon the
location of each client.
1-29
CWLF v1.0m1-27
Because 802.11a has twelve nonoverlapping channels, twelve discrete systems can reside in the
same area with no interference. If more than twelve systems are required in the same area, they
must share the frequency. Therefore, the highest aggregate data rate (total using both the UNII1 UNII-2 and UNII-3 bands, indoor only) for an 802.11a system is 648 Mbps for a given cell
area.
Using the ability to scale throughput and add access points in the same cell area increases the
overall available bandwidth of any cell.
Care must be taken, when colocating access points in the same cell, to have some physical
separation between devices. Having access points too close together can cause signal
degradation from cross-channel RF interference. The recommended separation is 3 feet.
1-30
802.11g Standard
Ratified in June 2003
Operates in the same 2.4-GHz band as 802.11b
Uses the same three nonoverlapping channels
Full backward compatibility with 802.11b
Conceptually similar to Ethernet and Fast Ethernet
Uses OFDM for 802.11g data rates, DSSS for 802.11b data
rates
Employs various modulation schemes for a variety of data
rates
54, 48, 36, 24, 18, 12, 9, and, 6 Mbps via OFDM
11, 5.5, 2, and, 1 Mbps via DSSS
CWLF v1.0m1-28
11 North America
13 ETSI
14 Japan
Equipment complying with 802.11g operates in the same modulation as 802.11b for 11-, 5.5-,
2-, and 1-Mbps data rates.
Equipment complying with 802.11g operates in the same modulation as 802.11a for 54-, 48-,
36-, 24-, 18-, 12-, 9- and 6-Mbps data rates.
Equipment complying with 802.11g operates in the same bandwidth as 802.11b for 22-MHzwide channels.
1-31
802.11g Throughput
Data rate less protocol overhead and is shared by all
associated clients
More clients there are, the less the average per-user
throughput
CWLF v1.0m1-29
Because of differing modulation schemes, when devices are used in mixed modes of both
802.11b and 802.11g, throughput suffers drastically. The Request to Send/Clear to Send
(RTS/CTS) function provides interoperability but adds protocol overhead. Adoption of 802.11b
backoffs further decreases throughput during heavy network traffic.
CTS to Self provide increased mixed-mode performance.
1-32
Approximate
Throughput (Mbps)
Throughput as a
Percentage of 802.11b
Throughput
802.11b
11
100%
802.11g (802.11b
clients in cell)
54
133%
54
22
367%
802.11a
54
25
417%
CWLF v1.0m1-30
While using an 802.11g in a g only environment, you can get throughput values of low to mid
20s, slightly less than an 802.11a system. When mixing 802.11b and 802.11g modes, the
throughput will fall off.
1-33
802.11g Capacity
Throughput multiplied by available channels
802.11b and 802.11g operate in the same band, use
the same three channels
Any 802.11g capacity increase is from throughput alone
CWLF v1.0m1-31
Because 802.11g is based on the same channeling scheme and spectral bandwidth as 802.11b,
802.11g provides only three nonoverlapping channels. This fact limits scalability.
1-34
802.11g Scalability
Blue = 54 Mbps
Red = 54 Mbps
CWLF v1.0m1-32
Scalability is the ability to locate more than one access point in the same area while increasing
the bandwidth of that area for all users local to that access point.
Because 802.11g typically provides three nonoverlapping channels, three discrete systems can
reside in the same area with no interference. If more than three systems are required in the same
area, they must share the frequency. Therefore, the highest aggregate (total combined) data rate
for an 802.11g system is 162 Mbps for a given cell area.
Using the ability to scale throughput and add access points in the same cell area increases the
overall available bandwidth of any cell.
Care must be taken, when colocating access points in the same cell, to have some physical
separation between devices. Having access points too close together can cause signal
degradation from cross-channel RF interference. The recommended separation is 5 feet. This
distance is a little greater than for 802.11b, because of the nature of OFDM.
1-35
802.11g Range
Like 802.11b, 802.11g operates in the 2.4-GHz band,
sharing a fundamental range advantage over 802.11a
Propagates better through objects
CWLF v1.0m1-33
The OFDM modulation provides improved multipath performance (discussed in the next topic)
as well as being more efficient than DSSS in handling data. Therefore, in 802.11g OFDM tends
to provide a higher range than 802.11b modulation techniques for similar data rates.
1-36
54
45 ft (13 m)
90 ft (27 m)
48
50 ft (15 m)
95 ft (29 m)
36
65 ft (19 m)
100 ft (30 m)
24
85 ft (26 m)
140 ft (42 m)
18
110 ft (33 m)
180 ft (54 m)
12
130 ft (39 m)
210 ft (64 m)
11
160 ft (48 m)
150 ft (45 m)
250 ft (76 m)
165 ft (50 m)
300 ft (91 m)
5.5
220 ft (67 m)
270 ft (82m)
410 ft (124 m)
CWLF v1.0m1-34
When 802.11g is operating at the 802.11b rates (11, 5.5, 2, and 1 Mbps), it uses the same
modulation as 802.11b. When operating at 802.11g rates, it uses OFDM, and the range is
improved.
1-37
Multipath Distortion
Occurs when a radio
frequencies (RF) signal has
more than one path between a
receiver and a transmitter
RF take more than one path
Multiple signals cause
distortion of the signal
Can cause high signal
strength yet low signal quality
Ceiling
TX
RX
Obstruction
Floor
Received Signals
Time
Combined Results
Time
CWLF v1.0m1-35
Multipath interference occurs when a RF signal has more that one path between a receiver and
a transmitter. Just as light and sound bounce off objects, so does RF. This means that there can
be more that one path that RF takes when going from a transmit (Tx) to a receive (Rx) antenna.
These multiple signals combine in the Rx antenna and receiver to cause distortion of the signal.
Multipath interference can cause high signal strength yet low signal quality, so that the data
would be unreadable. One lead that you are getting multipath interference is that signal
strength and signal quality fluctuate drastically, even when you are moving the client only a
little (inches).
You can relate this to a common occurrence in your car. As you pull up to a stop sign, you may
notice static on the radio. But as you move forward a few inches or feet, the station starts to
come in more clearly. By rolling forward, you move the antenna slightly, away fro the point
where the multipath signals converge.
1-38
2400
Wavelength
CWLF v1.0m1-36
The pattern in which signals reflect is greatly affected by the physical wavelength of the signal.
Because the wavelength is inversely proportional to the frequency, each frequency has differing
multipath effects (fading). Typically, in a location where one frequency has a large multipath
interference issue, another, frequency, even a close frequency, will not. Because OFDM is
based on many different frequencies, all operating in parallel, the odds are good that some of
the information in at least some of the frequencies will be communicated successfully. This
provides much greater performance in multipath environments.
1-39
Solution:
Transmit over multiple carrier frequencies in parallel
(Orthogonal Frequency Division Multiplexing)
Frequency
CWLF v1.0m1-37
An OFDM signal is not affected by intersymbol interference because the data is sent on
multiple frequencies instead of a single frequency, making it very unlikely that two frequencies
will fade at the same time in the same environment. This is one reason for the improvement of
indoor ranges on 802.11g and 802.11a when compared to 802.11b.
1-40
Lesson Self-Check
Use the questions here to review what you learned in this lesson. The correct answers and
solutions are found in the Lesson Self-Check Answer Key.
Q1)
Q2)
Q3)
Q6)
What modulation techniques are used in all three IEEE 802.11 physical layer
technologies (Source: Modulation Techniques)
A)
B)
C)
D)
Q5)
Q4)
Of the 64 sub carriers available in the OFDM modulation scheme, how many are used
for data? (Choose one.) (Source: OFDM Modulation)
A)
B)
C)
D)
12
24
36
48
1-41
1-42
Q1)
Q2)
Q3)
Q4)
Q5)
Q6)
Summary
This topic summarizes the key points that were discussed in this lesson.
Summary
In this lesson we described the 2.4 and 5 GHz bands and how
Cisco Aironet products use these bands as well as adhere to
the 802.11a, 802.11b, and 802.11g standards.
We discussed theories and processes of using spread
spectrum technology to send data over a RF signal.
We described the various modulation techniques used by
802.11b, 802.11a, and 802.11g.
We described the causes and frequency of multipath
distortion.
CWLF v1.0m1-39
In this lesson we described the 2.4 and 5 GHz bands and how Cisco Aironet products use these
bands as well as adhere to the 802.11a, 802.11b, and 802.11g standards.
We discussed theories and processes of using spread spectrum technology to send data over a
RF signal.
We described the various modulation techniques used be 802.11b, 802.11a, and 802.11g.
We described the causes and frequency of multipath distortion.
1-43
1-44
Lesson 2
Objectives
Upon completing this lesson, you will be able to describe antenna basics. This ability includes
being able to meet these objectives:
Define the maximum power and EIRP rules for 2.4 GHz and 5 GHz radios.
Definition of Terms
This topic defines antenna values.
Definition of Terms
Decibel (dB)Ratio of one value to another
dBx, where x =
m = compared to 1 milliwatt (0 dBm = 1 mW)
i = compared to isotropic antenna
d = compared to dipole antenna
w = compared to 1 watt (0 dBw = 1 watt)
CWLF v1.0m1-2
1-46
Decibel (dB): The difference or ratio between two signal levels. Named after Alexander
Graham Bell and used to describe the effect of system devices on signal strength.
dB dipole (dBd): The gain an antenna has over a dipole antenna at the same frequency. A
dipole antenna is the smallest, least-gain practical antenna that can be made.
dB isotropic (dBi): The gain a given antenna has over a theoretical isotropic (point source)
antenna. Unfortunately, an isotropic antenna cannot be made in the real world, but it is
useful or calculating theoretical fade and system operating margins.
CWLF v1.0m1-3
In 1994, the U.S. Federal Communications Commission (FCC) and Industry, Science and
Technology Canada (TSTC) added new rules covering spread spectrum products. These rules
require that an antenna sold with a product must be tested and approved with that product.
In order to keep average users from installing whichever antenna they want, the FCC also
implemented a rule stating that any removable antenna had to use a unique, nonstandard
connector that is not available in general distribution channels.
Cisco Aironet IEEE 802.11b antennas and all Cisco Aironet cables use a reverse-polarity
threaded naval connector (RP-TNC). This connector looks like a TNC, but the center contacts
have been reversed. This design prohibits a standard off-the-shelf antenna from being attached
to a Cisco Aironet radio frequency (RF) product.
The FCC does permit a professional installer to use different antennas or connectors. A
professional installer is defined as someone who has been trained in the applicable rules and
regulations, is receiving compensation for the work, has knowledge of radio emissions, and can
verify that a site that deviates from the standard product set requirements meets the limitations
of the FCC rules.
1-47
CWLF v1.0m1-4
The slide discusses the FCC standards that Cisco Aironet products adhere to. The following is
an excerpt from FCC Title 47 Section 15.407:
(d) Any UNII device that operates in the 5.15-5.25 GHz band shall use a transmitting
antenna that is an integral part of the device. NOTE: this was amended in 2004 to permit
use of external antennas in the 5.15-5.25 GHz band.
(e) Within the 5.15-5.25 GHz band, UNII devices will be restricted to indoor operations to
reduce any potential for harmful interference to co-channel MSS operations.
1-48
(1) For the band 5.15-5.25 GHz, the peak transmit power over the frequency band of
operation shall not exceed the lesser of 50 mW or 4 dBm + 10logB, where B is the
26-dB emission bandwidth in MHz. In addition, the peak power spectral density
shall not exceed 4 dBm in any 1-MHz band. If transmitting antennas of directional
gain greater than 6 dBi are used, both the peak transmit power and the peak power
spectral density shall be reduced by the amount in dB that the directional gain of the
antenna exceeds 6 dBi.
(2) For the band 5.25-5.35 GHz, the peak transmit power over the frequency band of
operation shall not exceed the lesser of 250 mW or 11 dBm + 10logB, where B is
the 26-dB emission bandwidth in MHz. In addition, the peak power spectral density
shall not exceed 11 dBm in any 1-MHz band. If transmitting antennas of directional
gain greater than 6 dBi are used, both the peak transmit power and the peak power
spectral density shall be reduced by the amount in dB that the directional gain of the
antenna exceeds 6 dBi.
Note
CWLF v1.0m1-5
In order to use the 11 new channels, however, radios must comply with two features that are
part of the IEEE 802.11h specification-Transmitter Power Control (TPS) and Dynamic
Frequency Selection (DFS) DFS dynamically instructs a transmitter to switch to another
channel whenever a particular condition (such as the presence of a radar signal) is met.
Prior to transmitting, a device's DFS mechanism monitors its available operating spectrum,
listening for a radar signal. If a signal is detected, the channel associated with the radar
signal will be vacated or flagged as unavailable for use by the transmitter. The transmitting
device will continuously monitor the environment for the presence of radar, both prior to and
during operation.
Portions of the 5 GHz band are allocated to radar systems; this allows WLANs to avoid
interference with incumbent radar users in instances where they are co-located. Such features
can simplify enterprise installations, because the devices themselves can (theoretically)
automatically optimize their channel reuse patterns.
Transmission power control (TPC) technology has been used in the cellular telephone industry
for many years. Setting the transmit power of the access point and the client adapter can be
useful to allow for different coverage area sizes and, in the case of the client, to conserve
battery life. In devices that have the ability to set power levels, the settings are usually static
and independent of each other (access point and clients). For example, an access point can be
set to a low 5 mW transmit power to minimize cell size, which is useful in areas with high-user
density. The clients will, however, be transmitting at their previously assigned transmit power
settings, which is likely more transmit power than is required to maintain association with the
access point. This results in unnecessary RF energy transmitting from the clients, creating a
higher level than is necessary of RF energy outside the access point's intended coverage area.
With TPC, the client and access point exchange information, then the client device dynamically
adjusts its transmit power such that it uses only enough energy to maintain association to the
access point at a given data rate. The end result is that the client contributes less to adjacent cell
interference, allowing for more densely deployed high-performance WLANs.
As a secondary benefit, the lower power on the client provides longer battery life-less power is
used by the radio.
Copyright 2006, Cisco Systems, Inc.
1-49
The FCC has yet to define a test method for testing compliance to dynamic frequency selection
(DFS) requirements. As a consequence the 11 new channels are not yet available.
Today, the Cisco Aironet RM21A and RM22A 5 GHz radio modules for Cisco Aironet
1130AG Series, 1200 Series, and 1230AG Series Access Points support the 12 channels made
up of the UNII-1, UNII-2, and UNII-3 bands. These devices have the hardware capability to
support the new 11 channels; however, until the FCC releases a test program, the firmware will
not provide the availability to access the additional channels.
1-50
CWLF v1.0m1-6
The slide presents the FCC standards to which Cisco Aironet products adhere. The following is
an excerpt from FCC Title 47, Section 15.203:
1-51
Antenna Concepts
This topic defines antenna gain, directionality, and polarization.
Antenna Concepts
Directionality
Omnidirectional (360 coverage)
Directional (limited range of coverage)
Gain
Measured in dBi and dBd (0 dBd = 2.14 dBi)
More gain means more coverage, in certain directions
Polarization
Antennas used in the vertical polarization
CWLF v1.0m1-7
In order to understand wireless networks, as well as how to set them up and optimize them for
best performance, some knowledge of antennas is essential.
There are some key terms you need to understand, including the following:
1-52
Gain: The amount of increase in energy that an antenna appears to add to an RF signal.
There are different methods for measuring gain, depending on the reference point chosen.
To ensure a common understanding, Cisco Aironet wireless products are standardizing on
dBi (which is gain using a theoretical isotropic antenna as a reference point) to specify gain
measurements. Some antennas are rated in dBd, which uses a dipole-type antenna, instead
of an isotropic antenna, as the reference point. To convert any number from dBd to dBi,
simply add 2.14 to the dBd number.
Polarization: The physical orientation of the element on the antenna that actually emits the
RF energy. An omnidirectional antenna, for example, is usually a vertical polarized
antenna. All Cisco Aironet antennas are set for vertical polarization.
Antenna Gain
Gain is the amount of increase in energy that an
antenna appears to add to an RF signal.
Coverage areas or radiation patterns are measured in
degrees.
These angles are referred to as beamwidth.
Horizontal measurement
Vertical measurement
CWLF v1.0m1-8
In RF, you have to give up something to gain something else. In antenna gain, this comes in the
form of coverage angle, known as beamwidth. Beamwidth is defined as the area or angle in
which the majority of the signal is transmitted. As the gain of an antenna goes up, the
beamwidth angle goes down, allowing further distances to be achieved (at the expense of other
directions). This effect is like focusing a flashlight from a wide (flood) angle (wide beamwidth)
to a sharper, more focused angle (narrow beamwidth), allowing the light to go much farther but
at the cost of its ability to flood or light up in all directions.
1-53
Antenna Theory
A theoretical isotropic
antenna has a perfect
360 vertical
and horizontal
beamwidth.
Reference for all
antennas.
CWLF v1.0m1-9
All FCC rules and all antennas are measured against what is known as an isotropic antenna,
which is a theoretical antenna. This is the basis for all other antennas. The coverage of an
isotropic antenna can be thought of as a balloon. It extends in all directions equally.
1-54
Antenna TheoryDipole
Side view
(vertical pattern)
Vertical beamwidth
New pattern (with gain)
Top view
(horizontal pattern)
CWLF v1.0m1-10
1-55
CWLF v1.0m1-11
If you continue to push in on the ends of the balloon, it results in a pancake effect with very
narrow vertical beamwidth but very large horizontal coverage. This type of antenna design can
deliver very long communications distances, but has one drawbackpoor coverage below the
antenna.
With high-gain omnidirectional antennas, this problem can be partially solved by designing in
something called downtilt. An antenna that uses downtilt is designed to radiate at a slight angle
rather that at 90 degrees from the vertical element. This design does help for local coverage, but
it reduces effectiveness in the long range. Cellular antennas use downtilt. The Cisco Aironet
12-dBi omnidirectional antenna has a downtilt of 0 degrees.
1-56
Directional Antenna
Side View
(Vertical Pattern)
Top View
(Horizontal Pattern)
CWLF v1.0m1-12
A directional antenna design uses the same idea but simply redirects the energy in a single
direction.
Consider one of the adjustable beam focus flashlights. There are only two batteries and one
bulb, but the intensity and width of the light beam can be changed. You can accomplish this by
moving the back reflector and directing the light in tighter or wider angles. As the beam gets
wider, the intensity in the center decreases, and the beam travels a shorter distance.
The same is true of a directional antenna. The same power is reaching the antenna, but by
building the antenna in certain ways, the RF energy is directed in tighter and stronger waves, or
wider and less intense waves, just as with the flashlight.
1-57
Elevation Plane
Azimuth Plane
CWLF v1.0m1-13
For a vertically-polarized WLAN antenna, the E-plane (elevation plane) usually coincides with
the vertical or elevation plane. The H-plane (horizontal plane) usually coincides with the
horizontal or azimuth plane.
RF propagation patterns are useful to help WLAN designers see how the RF energy
propagates from the antenna. The H-plane shows how the RF energy propagates looking down
on the top of the antenna. This H-plane example shows the antenna has a 360-degree horizontal
coverage pattern.
The E-plane shows how the RF energy propagates looking at the side of the antenna. This Eplane example shows the antennas sphere of influence and the cone of reduced coverage. The
E-plane can be best though of as a doughnut cut in half to show the doughnuts shape, the Eplane shows the shape of the RF propagation produced by the antenna.
The above diagrams show the additional effect that the medal plate on the mounting surface of
the access point plays in the propagation of this Omni antenna. This access point was designed
primarily for ceiling mounting but would be equally effective if wall mounted.
See the IEEE Standard Definitions of Terms for Antennas of the IEEE Std. 145-1983.
1-58
EIRP Rules
This topic defines the maximum power and EIRP rules for 2.4 GHz and 5 GHz radios.
Point-to-point
Maximum of 36 dBm EIRP
Installations30 dBm maximum transmitter power with 6 dBi in gain
attributed to antenna and cable combination
CWLF v1.0m1-14
The slide illustrates the FCC standards to which Cisco Aironet products adhere. The following
is an excerpt from FCC Title 47, Section 15.247:
(b) The maximum peak output power of the intentional radiator shall not exceed the
following:
(1) For frequency hopping systems in the 24002483.5 MHz band employing at
least 75 hopping channels, all frequency hopping systems in the 57255850 MHz
band, and all direct sequence systems: 1 watt. For all other frequency hopping
systems in the 24002483.5 MHz band: 0.125 watts.
(3) if transmitting antennas of directional gain greater than 6 dBi are used, the
peak output power from the intentional radiator shall be reduced below the stated
values in paragraphs (b)(1) or (b)(2) of this section, as appropriate, by the amount
in dB that the directional gain of the antenna exceeds 6 dBi. Systems operating in
the 24002483.5 MHz band that are used exclusively for fixed, point-to-point
operations may employ transmitting antennas with directional gain greater than 6
dBi provided the maximum peak output power of the intentional radiator is reduced
by 1 dB for every 3 dB that the directional gain of the antenna exceeds 6 dBi.
1-59
FCC Maximum
Cisco Maximum
Transmitter
Power
Transmitter
dBm
Maximum
Gain
EIRP
1W
30 dBm
6 dBi
36 dBm
100 mW
20 dBm
16 dBi
36 dBm
Point-to-Point
Transmitter
Power
Transmitter
dBm
1W
30 dBm
6 dBi
36 dBm
100 mW
20 dBm
36 dBi
56 dBm*
FCC Maximum
Cisco Maximum
*This can theoretically be true but it has not
been certified for use with Cisco products.
Maximum
Gain
EIRP
CWLF v1.0m1-15
The EIRP of a transmitter is the power the transmitter appears to have if the transmitter were an
isotropic radiator (if the antenna radiated equally in all directions). By virtue of the gain of a
radio antenna (or dish), a beam is formed that preferentially transmits the energy in one
direction. The EIRP is estimated by adding the gain (of the antenna) and the transmitter power
(of the radio) shown in this equation:
EIRP = transmitter power + antenna gain - cable loss
When using radio equipment, there are limits on the output of the system. These limits are
given as EIRP, and must not be exceeded. Different countries have different standards. Check
with authorities in the country of installation to determine maximum EIRP.
The output of the radio is measured in dBm (decibels per milliwatt). The slide illustrates a table
listing the dBm ratings for the various output levels available with the Cisco Aironet wireless
equipment. The slide also shows the resulting EIRP when used with a 6-dBi patch antenna.
The maximum EIRP allowed by the FCC for a Part 15 2.4-GHz device in the United States is
36 dBm. The standards are different for specific point-to-point systems. However, this course is
focused on WLANs that would be considered point-to-multipoint solutions. As a result, the
maximum EIRP allowed must not exceed 36 dBm and the maximum gain on an antenna must
not exceed 16 dBi (for the United States) unless installed by a professional installer.
Note
1-60
The highest gain antenna approved by Cisco is the 21-dBi parabolic antenna.
CWLF v1.0m1-16
The slide illustrates the ETSI standards to which Cisco Aironet products adhere. The following
is an excerpt from the document ETSI EN 300 328-1 V1.2.2 (2000-07):
The effective radiated power is defined as the total power of the transmitter and
is calculated according to the procedure given in sub clause 7.2.1. The effective
radiated power shall be equal to or less than 10 dBw (100 mW) EIRP. This
limit shall apply for any combination of power level and intended antenna
assembly.
The peak power density is defined as the highest instantaneous level of power in
Watts per Hertz generated by the transmitter within the power envelope. For
equipment using FHSS modulation, the power density shall be limited to 10
dBw (100 mW) per 100 kHz EIRP. For equipment using other types of
modulation, the peak power shall be limited to 20 dBw (10 mW) per MHz
EIRP.
1-61
Transmitter
dBm
Maximum
Gain
EIRP
50 mW
17 dBm
3 dBi
20 dBm
50 mW
17 dBm
2.2 dBi
19.2 dBm
Reduced Tx Power
30 mW
15 dBm
5 dBi
20 dBm
Reduced Tx Power
20 mW
13 dBm
7 dBi
20 dBm
Reduced Tx Power
5 mW
7 dBm
13 dBi
20 dBm
Reduced Tx Power
1 mW
0 dBm
20 dBi
20 dBm
CWLF v1.0m1-17
The EIRP of a transmitter is the power the transmitter appears to have if the transmitter were an
isotropic radiator (if the antenna radiated equally in all directions). By virtue of the gain of a
radio antenna (or dish), a beam is formed that preferentially transmits the energy in one
direction.
When using radio equipment, there are limits on the output of the system. These limits are
given as EIRP, and must not be exceeded. Different countries will have different standards.
Check with authorities in the country of installation to determine maximum EIRP.
The output of the radio will be measured in dBm (decibels per milliwatt). The slide lists the
dBm ratings for the various output levels available with the Cisco Aironet wireless equipment
and the resulting EIRP when used with different antennas.
The maximum EIRP allowed for a 2.4-GHz device in France, Singapore, Israel, Mexico, and
ETSI is 20 dBm. The standards are different for specific point-to-point systems. However, this
class is focused on WLANs that would be considered point-to-multipoint solutions, so the
maximum EIRP allowed must not exceed 20 dBm and the maximum gain on an antenna must
not exceed 20 dBi.
1-62
5.725
BR1410
5.825
4 Channels
UNII-3
1 W (30 dBm)
40 mW
250 mW
(16 dBm) (24 dBm)
P2MP hub
Antenna Gain
Radiated Power
6 dBi
22 dBm
158 mW
6 dBi
30 dBm
1W
P2P and
Non-root P2MP
CWLF v1.0m1-18
The Effective Isotropic Radiated Power (EIRP) is the radio energy radiated from an antenna.
The EIRP is usually expressed in watts (W) or millidecibels (dBm). To enable fair sharing of
the unlicensed band, regulatory domains impose maximum EIRP levels.
Directional antennas, such as Yagi and parabolic dishes, can shape the signal from the
transmitter so that it appears stronger in a particular direction (much the same as the reflector
on a flashlight strengthens a light beam). This is known as antenna gain.
The EIRP is a measure of the power output of the antenna. It includes the antenna gain and
cable loss as well as the output of the transmitter.
The UNII-2 band is intended for wireless bridging for both indoor and short-range outdoor
applications. UNII-3 band, with far greater transmission power and antenna gain allowances, is
preferable for long- range outdoor wireless bridging. To facilitate outdoor wireless bridging,
the regulations allow connectors, cables, and auxiliary antennas for both of these bands. The
EIRP allowed in the UNII-3 band is 4 W (36 dBm), which is much more than the radiated
power of 1 W (30 dBm) allowed in the UNII-2 band.
Conducted and radiated power levels for the different bands include the following:
US
Japan
Europe
Frequency
50 mW
50 mW
200 mW
5.15 5.25
UNII-1 EIRP
22 dBm
22 dBm
23 dBm
250 mW
UNII-2 EIRP
29 dBm
5.25 5.35
200 mW
HiperLAN EIRP
22 dBm
1W
5.25 5.35
5.725 5.825
Cisco Aironet WLAN Products
1-63
UNII-3 EIRP P to MP
36 dBm
UNII-3 EIRP P to P
53 dBm
Cisco Aironet 1400 Series Bridge uses a maximum peak power of 250 mW or 24 dBm.
1-64
Antenna
EIRP
30 dBm
6 dBi
36 dBm
29 dBm
7 dBi
36 dBm
28 dBm
8 dBi
36 dBm
27 dBm
9 dBi
36 dBm
36 dBm
FCC Maximum
Cisco Maximum
Point-to-Point
FCC Maximum
Cisco Maximum
FCC Approved
Transmitter Power
Antenna
EIRP
30 dBm
23 dBi
53 dBm
29 dBm
24 dBi
53 dBm
28 dBm
25 dBi
53 dBm
27 dBm
26 dBi
53 dBm
21 dBm
28 dBi
49 dBm
CWLF v1.0m1-19
In the US the rules have a clause for point-to-point systems. For a multipoint transmitter the
EIRP is 36 dBm or for a point-to-point transmitter the EIRP is 53 dBm. This means that the
power must be backed off to prevent high peaks from being clipped
1-65
Lesson Self-Check
Use the questions here to review what you learned in this lesson. The correct answers and
solutions are found in the Lesson Self-Check Answer Key.
Q1)
Q2)
An antenna with more gain is always better. True or False? (Source: High Gain
Omnidirectional)
A)
B)
Q3)
True
False
What is the maximum EIRP for 2.4 GHz point to multipoint in the United States?
(Choose one.) (Source: )
A)
B)
C)
D)
1-66
True
False
30 dBm
36 dBm
20 dBm
17 dBm
Q2)
Q3)
1-67
Summary
This topic summarizes the key points that were discussed in this lesson.
Summary
In this lesson we learned antennas are used to propagate an RF
signal, different antennas have different radiation patterns.
We learned that EIRP is the Effective Isotropic Radiated Power. A
term for expression of the performance of an antenna in a given
direction relative to the performance of a theoretical (isotropic)
antenna and is expressed in watts. EIRP is the sum of the power
sent to the antenna plus antenna gain.
We discussed recent 2004 FCC rule changes and how they apply to
antennas and amplifiers.
We defined the purpose of an isotropic antenna and why it is used
as a reference for other antennas.
CWLF v1.0m1-21
In this lesson we learned antennas are used to propagate an RF signal, different antennas have
different radiation patterns.
We learned that EIRP is the Effective Isotropic Radiated Power. A term for expression of the
performance of an antenna relative to the performance of a theoretical (isotropic) antenna and is
expressed in watts. EIRP is the sum of the power sent to the antenna plus antenna gain.
We discussed recent 2004 FCC rule changes and how they apply to antennas and amplifiers.
We defined the purpose of an isotropic antenna and why it is used as a reference for other
antennas.
1-68
Module Summary
This topic summarizes the key points that were discussed in this module.
Module Summary
In this module, we discussed the Industrial Scientific Medical
Band (ISM). We also discussed the Unlicensed National
Information Infrastructure (UNII).
We defined Effective Isotropic Radiated Power (EIRP).
We described the various modulation techniques used by
IEEE 802.11a, b, and g.
We described the causes and frequency of multipath
distortion.
We defined the purpose of an isotropic antenna and why it is
used as a reference for other antennas.
CWLF v1.0m1-1
In this module, we discussed the Industrial Scientific Medical Band (ISM). We also discussed
the Unlicensed Information Infrastructure (UNII). We defined Effective Isotropic Radiated
Power (EIRP). We described the various modulation techniques used by IEEE 802.11a, b, and
g. We described the causes and frequency of multipath distortion. We defined the purpose of an
isotropic antenna and why it is used as a reference for other antennas.
1-69
1-70
Module 2
Module Objectives
Upon completing this module, you will be able to describe detailed technical features,
functions, and benefits of the WLAN product offerings available from Cisco. This ability
includes being able to meet these objectives:
Identify key features and uses of access points, bridges and antenna products used in a
WLAN
Able to match the appropriate feature with the proper management device
2-2
Lesson 1
Objectives
Upon completing this lesson, you will be able to identify key features and uses of access points,
bridges and antenna products used in a WLAN. This ability includes being able to meet these
objectives:
Describe features and functionality of the Cisco Aironet 1240AG, 1230AG, and 1200
Series Access Point
Describe the 1500 Series wireless bridge product features and functionality
Describe the 1300 Series access point and bridge product features and functionality
Describe the 1400 Series wireless bridge product features and functionality
Platform Overview
This topic list Cisco wireless LAN (WLAN) mobile access products categories.
Benefits
Zero-touch management
1130AG
1000 Series
1240AG
1230AG
1500
1400
1300
CWLF v1.0m2-2
Cisco offers different access points and bridges for different physical environments, not a One
Size Fits All product line. In addition to lightweight and autonomous access points, Cisco has
integrated access points into the Integrated Service Routers (ISR) with either built-in or access
point network modules depending on the ISR model.
All Cisco Aironet lightweight access points connect to Cisco Wireless LAN Controllers, so
customers can mix-and-match access points within their network, yet still takes advantage of all
the rich Cisco Unified Wireless Network capabilities in an integrated manner. Autonomous
access points are manageable via CiscoWorks Wireless LAN Solution Engine (WLSE) or
CiscoWorks WLSE Express.
Cisco has products for the carpeted enterprise, rugged environments and challenging
environments such as the outdoors. For example:
Cisco Aironet 1130AG Series Access point are for the carpeted enterprise that has little
environmental variability and operates within a controlled environment.
Cisco Aironet 1240AG Series Access Point is for challenging environments that need a
rugged enclosure such as manufacturing, loading docks, and warehouses.
Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access Point for cost-effective, scalable
deployment of secure outdoor wireless LANs for network connections within a campus area,
outdoor infrastructure for mobile users or public access for outdoor areas. The 1500 Series
supports auto-configuring and self-healing wireless mesh deployments.
Cisco Aironet 1300 Series Outdoor Access Point/Bridge or Cisco Aironet 1400 Series Wireless
Bridges offer high-speed, high-performance outdoor bridging for line-of-sight applications.
They both have a rugged enclosure optimized for harsh outdoor environments with extended
operating temperature range. Both are available in an autonomous version only.
2-4
Cisco Aironet 1300 Series Outdoor Access Point and Bridge can be deployed as an autonomous
access point, bridge, or workgroup bridge. It has a rugged enclosure and provides high-speed
and cost effective wireless connectivity between multiple fixed or mobile networks and clients.
2-5
CWLF v1.0m2-3
The Cisco Aironet 1130AG Series packages high-capacity, high-security and enterprise-class
features delivering WLAN access for a low total cost of ownership. Designed for wireless LAN
coverage in offices and similar RF environments, this unobtrusive access point features
integrated antennas and dual IEEE 802.11a/g radios for robust and predictable coverage,
delivering a combined capacity of 108 Mbps. The competitively priced Aironet 1130AG Series
access point is ready to install and easy to manage, reducing the cost of deployment and
ongoing maintenance. The device is available in either a lightweight version, or as an
autonomous version that may be field-upgraded to lightweight operation.
AIR-LAP1131AG-x-K9 (LWAPP)
Note
2-6
The Cisco Aironet 1130AG Series may be ordered with Cisco IOS software to operate as an
autonomous access point or with Lightweight Access Point Protocol (LWAPP). When the
1130AG is operating as a lightweight access point a WLAN controller is required.
New!
High Capacity
Dual band delivers up to
108 Mbps data rates
(single-band 54 Mbps)
Investment Protection
Lightweight and
Autonomous versions
available
Deployment Flexibility
Cisco Aironet 1240AG Series IEEE 802.11a/b/g Access Points deliver the versatility, highcapacity, security, and enterprise-class features demanded by WLAN customers. It is designed
specifically for challenging radio frequency (RF) environments such as factories, warehouses,
and large retail establishments that require the antenna versatility associated with connectorized
antennas, a rugged metal enclosure, and a broad operating temperature range. The Aironet
1240AG Series provides local as well as inline power, including support for IEEE 802.3af
Power over Ethernet (PoE).
Cisco Aironet 1230AG Series Access Point-The 1230AG Series is a pre-configured dual band
version of the 1200 Series providing support for 802.11a and 802.11g. This first generation
dual band device does not provide the same performance and support for 802.3af PoE as does
the 1240AG Series.
Cisco Aironet 1200 Series Access Point- Offers the same versatility, high capacity, security,
and enterprise-class features demanded by industrial wireless LAN customers in a single-band
802.11g solution. The modular device provides the flexibility to field upgrade to a dual-band
802.11a/g network by adding a CardBus-based 802.11a upgrade module that can be easily
installed into Cisco Aironet 1200 Series access points originally configured for 802.11g.
2-7
Part Number
Product Description
AIR-AP1231G-A-K9
AIR-LAP1231G-A-K9
Integrated diversity antennas. Requires Cisco IOS Software Release 12(3)2JA or later.
AIR-RM21A-A-K9
Dual RP-TNC connectors. Antennas sold separately. Requires Cisco IOS Software Release
12(3)2JA or later.
AIR-RM22A-A-K9
2-8
CWLF v1.0m2-5
The Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access Points enable cost-effective,
scalable deployment of secure outdoor WLANs.
With dual-band, simultaneous support for IEEE 802.11a and 802.11b/g standards, the Cisco
Aironet 1500 Series employs a patent-pending Adaptive Wireless Path Protocol to form a
dynamic wireless mesh network between remote access points, and delivers secure wireless
access to any Wi-Fi compliant client.
The Cisco Aironet 1500 Series operates with Cisco Wireless LAN Controllers and Cisco WCS
software, centralizing key functions of wireless LANs to provide scalable management,
security, and mobility that is seamless between indoor and outdoor deployments.
Designed to support zero-configuration deployments, the Cisco Aironet 1500 Series easily and
securely joins the mesh network, and is available to manage and monitor the network through
the controller and WCS graphical or command-line interfaces (CLIs). Compliant with Wi-Fi
Protected Access 2 (WPA2) and employing hardware-based Advanced Encryption Standard
(AES) encryption between wireless nodes, the Cisco Aironet 1500 Series provides end-to-end
security.
Cisco Aironet 1500 Series Outdoor Mesh Access Point part numbers include:
2-9
RP-TNC connectors
for remote antennas
Integrated
13 dBi antenna
Single-band 802.11b/g outdoor access point or bridge ideal for outdoor areas, network
connections within a campus area, or outdoor infrastructure for mobile networks
2005 Cisco Systems, Inc. All rights reserved.
CWLF v1.0m2-6
The Cisco Aironet 1300 Series Outdoor Access Point/Bridge is an 802.11g access point and
bridge that provides high-speed and cost effective wireless connectivity between multiple fixed
or mobile networks and clients. Building a metropolitan area wireless infrastructure with the
Cisco Aironet 1300 Series provides deployment personnel with a flexible, easy to use solution
that meets the security requirements of wide-area networking professionals.
The Cisco Aironet 1300 Series supports the 802.11g standard, providing 54-Mbps data rates
with a proven, secure technology while maintaining full backward compatibility with legacy
802.11b devices. Based on Cisco IOS software, the Cisco Aironet 1300 Series provides
advanced features such as fast secure roaming, quality of service (QoS), and virtual LANs
(VLANs).
The flexibility of the Cisco Aironet 1300 Series allows it to operate as a wireless bridge, access
point, or a workgroup bridge.
The Cisco Aironet 1300 Series Outdoor Access Point/Bridge part numbers include:
2-10
CWLF v1.0m2-7
As wireless LAN usage has evolved from basic transport for largely transactional applications,
so have the feature expectations of wireless LAN users and administrators. This evolution has
evolved, however, on a segment-by-segment, customer-by-customer basis. It is critical for
Cisco to provide differing feature sets to best fit differing customer requirements. Given that
customer requirements can evolve during the lifetime of a wireless LAN deployment, it is also
necessary to provide a means of smoothly upgrading this feature set for the installed base of
products with minimal disruption to network operations.
Cisco's advanced wireless LAN feature set offers the features required for most enterprise
deployments. Some deployments may not yet require these advanced capabilities. To address
these evolving requirements, customers can select either access points preconfigured for
lightweight operation and the advanced feature sets, or can upgrade autonomous access points
in the field to lightweight operation. With Cisco, customers can choose the feature set that is
right for them at the time that it is right for them. The figure provides a summary of the
operational capabilities of various Cisco Aironet access points.
2-11
802.11g
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
802.11a
Yes
No
Yes
Optional
Yes
Yes
No
Yes
CWLF v1.0m2-8
In just a few years, WLANs have evolved from proprietary systems with sub-Mbps capabilities
to standardized offerings operating at as much as a combined data rate of 108 Mbps. These high
data rates are available in both the 2.4 GHz band with 802.11g technology and the 5 GHz band
with 802.11a technology. 802.11g offers backward compatibility with 802.11b devices, but is
limited to three nonoverlapping channels in the 2.4 GHz band. 802.11a provides no backward
compatibility but supports as many as 23 channels (depending upon local regulations). To
provide both backward compatibility and high-capacity, WLAN client vendors are migrating to
dual-band 802.11a/g-capable client devices. In 2006, 802.11a/g devices are expected to become
the predominant type for embedded and aftermarket client adapters designed for laptops,
desktops, and even PDAs. Over time, these dual-band capabilities are expected to extend to
almost every WLAN client device, including application-specific devices like voice handsets,
barcode scanners, and radio frequency identification (RFID) scanners.
Deploying an infrastructure that takes full advantage of the expanding capabilities of the client
base makes sense if capacity is currently an issue or is expected to become an issue during the
useful life of the infrastructure devices. Given the rapid expansion of wireless-enabled devices,
increasing capacity requirements are likely to apply to most WLAN installations. For this
majority of applications, access points that support both 802.11a and 802.11g represent a better
long-term value, particularly given their low price premium relative to single-band devices. For
the few applications that are not expected to present capacity issues in the near term, customers
can choose single-radio access points. The table above summarizes which Cisco access points
support 802.11a and 802.11g.
Physical Security
Regardless of the mounting type selected for the indoor access point, the access point can be
secured with a Kensington MicroSaver Security Cable. If required, use any MicroSaver
Security Cable to attach either side of your access point to a solid beam, pipe, or support.
2-12
CWLF v1.0m2-9
The table provides a summary of the Cisco Aironet access points that are best suited for
different environments.
Cisco Aironet Access Points for Different Environments
Cisco Series
Challenging Indoor
RF Environments
Outdoors
1000 Series
model 1010*
Recommended*
Not recommended
Not recommended
1000 Series
model 1020*
Recommended1 (AP1020
Recommended*(Model 1030 for
or AP1030 [for remote
branch offices)
offices])
Not recommended
1100 Series
Recommended**
Not recommended
Not recommended
1130AG Series
Ideal
Not recommended
Not recommended
1200 Series
Recommended***
Recommended
Recommended****
1230AG Series
Recommended***
Recommended
Recommended****
1240AG Series
Recommended***
Ideal
Recommended****
1300 Series
Not recommended
Not recommended
Ideal**
1500 Series
Not recommended
Not recommended
Ideal*
2-13
With integrated
22.5 dBi antenna
CWLF v1.0m2-10
The Cisco Aironet 1400 Wireless Bridge creates a new benchmark for wireless bridging by
providing a high-performance and feature-rich solution for connecting multiple LANs in a
metropolitan area. Building a metropolitan area wireless infrastructure with the Cisco Aironet
1400 provides deployment personnel with a flexible, easy to use solution that meets the security
requirements of wide area networking professionals. Designed to be a cost-effective alternative
to leased lines, it is engineered specifically for harsh outdoor environments.
The Aironet 1400 Wireless Bridge is the premier high-speed, high-performance outdoor
bridging solution for line-of-sight applications, providing features such as:
Rugged enclosure optimized for harsh outdoor environments with extended operating
temperature range
Models with integrated antennas or models with connectors (must purchase an antenna,
which are sold separately) for flexibility in deployment
2-14
Power Options
IEEE 802.3af inline power
CWLF v1.0m2-11
2-15
CWLF v1.0m2-12
The single-port Cisco Aironet power injectors combine 48-VDC power with the data signal,
sending both to the Cisco Aironet access point or bridge. The power injector for Cisco Aironet
1100 and 1200 series access points (AIR-PWRINJ3) works with the power supply provided
with the access point.
The Cisco Aironet Power Injector Media Converter (AIR-PWRINJ-FIB) converts fiber media
to Category 5 media and combines the resulting data signal with power for delivery to the
access point or bridge. The power injector media converter accepts 48-VDC power from either
the barrel connector of the local power supply or an alternative 48-VDC power source. When
powered by an alternate 48-VDC power source connected using the provided power supply
pigtail, the Power Injector Media Converter is UL 2043 certified and suitable for installation in
environmental air spaces. The local power supply is provided with the Cisco Aironet 1100 and
1200 series access points.
2-16
CWLF v1.0m2-13
The AIR-PWRINJ-1000AF provides 802.13af inline PoE. It accepts 100-240 VAC and
outputs 48-VDC.
The AIR-PWRINJ1500 power injector converts AC power into DC power and sends it along
with the Ethernet signal to the access point in accordance with 802.13af standards. It is
designed to be used along with the Cisco Aironet 1500 Series Outdoor Ethernet Cable (AIRETH1500-150) to power the Cisco Aironet 1500 Series Mesh Access Point. Do not use any
power injector other than the one specified here to power the Cisco Aironet 1500 Series Mesh
Access Point.
2-17
48 volt DC/Ethernet
AC Power
CWLF v1.0m2-14
The rooftop outdoor access point receives inline power from the Cisco Aironet Power Injector
or from a 110- to 220-VAC power source.
The street light adapter uses a 3-prong NEMA twist-lock adapter that installs between the
outdoor lighting control and its fixture. The NEMA twist-lock adapter is designed to be used
with UL 773 listed outdoor lighting controls operating at and rated for 100 and 240 VAC 50/60
Hz.
When powered by 100- to 240-VAC 50/60 Hz, connect this equipment only to a twist-lock
outdoor lighting control. Do not connect it to a twist-lock outdoor lighting control powered by
higher voltages.
When powering the product with AC power other than the street lamp power option the
power plug should be installed:
Where it can be conveniently accessed to de-energize power from the unit. Power should
not be removed by disconnecting the AC power connector at the equipment itself, and
Where it is not subjected to water or the outdoor elements. This may be accomplished by
the use of UL Listed power receptacles, such as Ground-Fault Circuit Interrupter (GFCI)s,
provided with UL Listed waterproofing covers suitable for covering the receptacle and
plugs with the plugged in equipment in use.
When installing the Cisco-supplied street light adapter to the outdoor access point AC Power
Connector, ALWAYS connect the outdoor access point end of the cable FIRST. When
removing the Cisco-supplied street light adapter, ALWAYS disconnect the outdoor access
point end of the cable LAST.
2-18
CWLF v1.0m2-15
Cisco Aironet Power Injector LR2 for the 1300 Series Access
Point/Bridge
The power injector converts the standard 10BASE-T and 100BASE-T Ethernet category 5 (Cat
5) RJ-45 interface that is suitable for weather-protected areas to a dual F-Type connector
interface for dual coaxial cables that are more suitable for harsh outdoor environments. While
providing a 100BASE-T interface to the Cisco Aironet 1300 Series, the power injector also
provides power to the unit over the same cables with a power-discovery feature that protects
other appliances from damage should they accidentally be connected. As an added benefit to
the installer, the automatic medium-dependent interface crossover (Auto-MDIX) feature is built
in, allowing the dual cables to be swapped while maintaining the same capability. To support
longer cable runs from your network switch or router, the power injector is designed to
accommodate up to a 100 meter coaxial cable run plus 100 meters of indoor Cat 5 cable,
enabling total cable runs up to 200 meters. Lightning and surge protection is also included at
the F-Type connector interface to provide added protection to your network devices. The power
injector requires a 48-VDC source supplied by Cisco.
2-19
2.4-GHz Antennas
This topic describes the various 2.4-GHz antennas available from Cisco.
Directional
6 dBi patch
6.5 dBi diversity patch
9 dBi patch
10 dBi Yagi
13.5 dBi Yagi
14 dBi sector
21 dBi dish
CWLF v1.0m2-16
Every wireless LAN deployment is different. When designing an in-building solution, varying
facility sizes, construction materials, and interior divisions raise transmission and multipath
considerations. When implementing a building-to-building solution, distance, physical
obstructions between facilities, and number of transmission points must be taken into account.
Cisco Aironet 2.4 GHz access point antennas are compatible with all Cisco RP-TNC-equipped
access points. The antennas are available with different gain and range capabilities, beam
widths, and form factors. Coupling the appropriate antenna and access point allows for efficient
coverage in any facility, as well as better reliability at higher data rates as shown in the
following tables.
2-20
Cisco Aironet 2.4 GHz Access Point Antennas with RP-TNC Connectors
Feature
AIR-ANT5959
AIR-ANT2012
AIR-ANT3213
AIR-ANT2410Y-R
Description
Diversity omnidirectional
ceiling mount
Diversity patch
wall mount
Application
Indoor/outdoor,
unobtrusive
midrange antenna
Indoor, unobtrusive
midrange antenna
Indoor/outdoor
directional antenna
for use with access
points or bridges
Gain
10 dBi
Frequency
2.4 GHz
2.4 GHz
2.4 GHz
2.4 GHz
Approximate
Indoor Range
at 6 Mbps*
295 ft (90 m)
418 ft (127 m)
379 ft (121 m)
548 ft (167 m)
Approximate
Indoor Range
at 54 Mbps*
88 ft (27 m)
126 ft (38 m)
114 ft (35 m)
165 ft (50 m)
Beam Width
360H, 80V
80H, 55V
360H, 30V
47H, 55V
Cable Length
3 ft (0.91 m)**
3 ft (0.91 m)**
3 ft (0.91 m)
3 ft (0.91 m)
Dimensions
10 x 1 in.
(25.4 x 2.5 cm)
7.25 x 5 in.
(18.4 x 12.7 cm)
Weight
9.6 oz (272 g)
1 lb (454 g)
8 oz (227 g)
2-21
Cisco Aironet 2.4 GHz Access Point Antennas with RP-TNC Connectors (Cont.)
Feature
AIR-ANT1728
AIR-ANT4941
AIR-ANT3549
AIR-ANT1729
Description
Omnidirectional
ceiling mount
2.2-dBi dipole
antenna
Application
Indoor midrange
antenna, typically hung
from crossbars of drop
ceilings
Indoor
omnidirectional
coverage
Indoor/outdoor,
unobtrusive, midrange
antenna (may also be
used as a midrange
bridge antenna)
Gain
5.2 dBi
2.2 dBi
9 dBi
6 dBi
Frequency
2.4 GHz
2.4 GHz
2.4 GHz
2.4 GHz
Approximate
Indoor Range
at 6 Mbps*
379 ft (116 m)
300 ft (91 m)
507 ft (155 m)
403 ft (123 m)
Approximate
Indoor Range
at 54 Mbps*
114 ft (35 m)
90 ft (27 m)
153 ft (47 m)
121 ft (37 m)
Beam Width
360H, 38V
360H, 65V
60H, 60V
75H, 65V
Cable Length
3 ft (0.91 m)
3 ft (0.91 m)
3 ft (0.91 m)
Dimensions
Weight
4.6 oz (130 g)
1.1 oz (31 g)
5.3 oz (150 g)
4.9 oz (139 g)
* All range estimations are based on an external antenna associating with an integrated Intel
Centrino client adapter under ideal conditions. The distances referenced here are
approximations and should be used for estimation purposes only.
2-22
AIR-ANT2506
AIR-ANT24120
AIR-ANT2414S-R
AIR-ANT1949
AIR-ANT3338
Description
Omnidirectional
mast mount
High-gain
omnidirectional mast
mount
Vertically polarized
sector
Solid dish
Application
Outdoor short-range
point-to-multipoint
applications
Outdoor midrange
point-to-multipoint
applications
Outdoor midrange
directional
connections
Gain
5.2 dBi
12 dBi
14 dBi
13.5 dBi
21 dBi
Approximate
Range at
2 Mbps*
18.33 miles
(29.49 km)
26.49 miles
(42.62 km)
Approximate
Range at
11 Mbps*
11.19 miles
(18.01 km)
20.1 miles
(32.33 km)
Approximate
Range at
54 Mbps*
1.41 miles
(2.27 km)
4.46 miles
(7.17 km)
Beam Width
360H, 38V
360H, 7V
90H, 8.5V
30H, 25V
12.4H, 12.4V
Cable
Length
3 ft (0.91 m)
1 ft (0.30 m)
5 ft (1.5m)
3 ft (0.91 m)
2 ft (0.61 m)
Dimensions
Length: 13 in.
(33 cm)
Diameter: 1 in.
(2.5 cm)
Length: 42 in.
(107 cm)
Diameter: 1.5 in.
(3.8 cm)
Length: 36 in.
(91 cm)
Width: 6 in. (15 cm)
Length: 18 in.
(46 cm)
Diameter: 3 in.
(7.6 cm)
Diameter 24 in.
(61 cm)
Weight
6 oz (170 g)
6.5 lb (3 kg)
11 lb (5 kg
* All range estimations are based on use of a BR 1310 access point and the same type of
antenna at each end of the connection under ideal outdoor conditions. The distances referenced
here are approximations and should be used for estimation purposes only.
2-23
5-GHz Antennas
This topic describes the various 5-GHz antennas available from Cisco.
CWLF v1.0m2-17
Cisco Aironet 5 GHz access point antennas have RP-TNC connectors and are compatible with
Cisco Aironet 1000 Series, 1200 Series, 1230AG Series and 1240 Series access points.
Selection of the appropriate antenna should provide optimal coverage for the desired
application in the 5 GHz frequency band.
2-24
Note
Note
The 1200 and 1230AG series require the RM22A radio module.
Feature
AIR-ANT5135D-R
AIR-ANT5145V-R
AIR-ANT5160V-R
AIR-ANT5170P-R
AIR-ANT5195PR
Description
3.5-dBi dipole
antenna
4.5-dBi diversity
omnidirectional
ceiling mount
6 dBi omnidirectional
antenna
Diversity patch
wall mount
Patch wall or
articulating
mast mount
Application
Indoor
omnidirectional
coverage
Indoor midrange
antenna
Indoor/outdoor midrange
antenna
Indoor/outdoor
directional wall
mount antenna
Indoor/outdoor
patch antenna
provides different
mounting options
Gain
3.5 dBi
4.5 dBi
6 dBi
7.0 dBi
9.5 dBi
Frequency
5 GHz
5 GHz
5 GHz
5 GHz
5 GHz
Approximate
Indoor
Range at
6 Mbps*
675 ft (206 m)
732 ft (223 m)
822 ft (251 m)
880 ft (270 m)
1030 ft (313 m)
Approximate
Indoor
Range at
54 Mbps*
75 ft (21 m)
82 ft (25 m)
92 ft (28 m)
140 ft (43 m)
170 ft (52 m)
Beam Width
360H, 40E
360H, 50E
360H, 17E
70 H, 50 V
50 H, 43 V
Cable
Length
3 ft (0.91 m)
3 ft (0.91 m)
36" **
36" **
Dimensions
11.5 oz (326 g)
5.3 oz (150 g)
8 oz (0.2 kg)
Weight
1 oz (28.3 g)
Note
* All range estimations are based on an external antenna associating with an integrated Intel
Centrino client adapter under ideal conditions. The distances referenced here are
approximations and should be used for estimation purposes only.
Note
** The cable provided on noted antennas meets UL 2043 certification for plenum rating
requirements set by local fire codes and supports installation in environmental air spaces
such as areas above suspended ceilings
2-25
AIR-ANT5175V-N
5 GHz
AIR-ANT2455V-N
2.4 GHz
CWLF v1.0m2-18
Cisco offers antennas that can be used with both the 1400 Series Wireless Bridges and 1500
Series Lightweight Outdoor Mesh Access Points. The antennas, access points and bridges all
utilize a robust N-type connector. Various gains and antenna types are available as shown in the
table.
Cisco Aironet 2.4 GHz and 5 GHz access point and bridge antennas with N-type
connectors
2-26
Feature
AIR-ANT5175V-N
AIR-ANT2455V-N
Description
Omnidirectional
Omnidirectional
Application
Outdoor
Gain
7.5 dBi
5.5 dBi
Frequency
4.9-5.8 MHz
2.4 GHz
Beam width
16V
25 V
Cable Length
12"
None
Dimensions
Weight
6 oz (17 kg)
9 dBi Omnidirectional
360 HB
6 VB
28 dBi Dish
HB - 5.7
VB - 6
CWLF v1.0m2-19
AIRANT58G9VOA-N
AIRANT58G10SSA-N
AIRANT58G28SDA-N
Description
Omnidirectional
Sector antenna
Dish antenna
Mast mount
Mast mount
Mast mount
Gain
9.0 dBi
9.5 dBi
28.0 dBi
Frequency
5.8 MHz
5.8 MHz
5.8 MHz
Beam Width
360 H, 6 V
60 H, 60 V
5.7 H, 6 V
2-27
Lesson Self-Check
Use the questions here to review what you learned in this lesson. The correct answers and
solutions are found in the Lesson Self-Check Answer Key.
Q1)
Which of the following access points are designed as outdoor access points?
(Choose two.) (Source: Platform Overview)
A)
B)
C)
D)
E)
Q2)
What type of antenna connectors does the 1240AG support? (Choose one.)
(Source: Cisco 1240 AG Access Point)
A)
B)
C)
D)
Q3)
IOS
LINUX
VX Works
LWAPP
The Cisco 1100 series access point can support which of the following operating
systems? (Choose one.) (Source: Cisco Aironet 1100 access point)
A)
B)
C)
D)
2-28
VX Works
IOS
LWAPP
LINUX
The Cisco 1130 series access point supports which of the following operating systems?
(Choose two.) (Source: Cisco Aironet 1130 access point)
A)
B)
C)
D)
Q6)
802.11g only
802.11b and 802.11b/g
802.11a and 082.11b
802.11a and 802.11b/g
The 1200 series access point can be upgraded to dual-band with which of the following
operating systems? (Choose two.) (Source: Cisco Aironet 1200 Series Access Point)
A)
B)
C)
D)
Q5)
N-Style
RP-TNC
TNC
None Internal antenna only
The 1230 AG series access point comes with which combination of radios? (Choose
one.)(Source: Cisco Aironet 1230 AG Series Access Points)
A)
B)
C)
D)
Q4)
1000
1300
1130AG
1240AG
1500
LWAPP
VX Works
IOS
LINUX
Q7)
Which of the following Cisco 1000 series access points can be used as a Remote Edge
Access Point (REAP)? (Choose one.) (Source: Cisco Aironet 1000 access point)
A)
B)
C)
D)
Q8)
Which of the following access points requires a LR2 power injector? (Choose one.)
(Source: Power Requirement for the Cisco Aironet access points)
A)
B)
C)
D)
Q9)
AP1000
AP1200
AP1300
AP1400
The Cisco Aironet 1400 Series Bridge operates in which of the following frequency
bands? (Choose one.) (Source: Cisco Aironet 1400 Series Bridge)
A)
B)
C)
D)
Q13)
Which of the following access points is highly recommended for 802.11g single band
outdoor use? (Choose 1) (Access Point Comparison)
A)
B)
C)
D)
Q12)
AP1000
AP1200
AP1300
AP1500
Which of the following features is unique to the Cisco Aironet 1500 Series Lightweight
Outdoor Mesh Access Points? (Choose one.) (Source: Cisco Aironet 1500 Series
Access Point)
A)
B)
C)
D)
Q11)
AP1000
AP1200
AP1300
AP1500
Which of the following access points can utilize the Cisco PWRINJ3 power injector?
(Choose one.) (Source: Power Injectors)
A)
B)
C)
D)
Q10)
AP1010
AP1020
AP1030
AP1040
5 GHz UNII-1
5 GHz UNII-2
5 GHz UNII-3
5 GHz ISM
What is the gain of Cisco Aironet 1300 Series access points integrated antenna?
(Choose one.) (Source: Cisco Aironet 1300 Series Bridge)
A)
B)
C)
D)
10 dBi
13 dBi
21 dBi
28 dBi
2-29
Q14)
Which of the following 2.4 GHz antennas has a N-style connector? (Choose one.)
(Source: Cisco Aironet 2.4 GHz antennas)
A)
B)
C)
D)
Q15)
Which of the following 5 GHz antennas has a RP-TNC style connector? (Choose one.)
(Source: Cisco Aironet 5 GHz antennas)
A)
B)
C)
D)
2-30
AIR-ANT2455V-N
AIR-ANT5175V-N
AIR-ANT58G9VOA-N
AIR-ANT58G10SSA-N
AIR-ANT5135D-R
AIR-ANT5175V-N
AIR-ANT58G9VOA-N
AIR-ANT58G10SSA-N
B,E
Q2)
Q3)
Q4)
B,C
Q5)
A,D
Q6)
Q7)
Q8)
Q9)
Q10)
Q11)
Q12)
Q13)
Q14)
Q15)
2-31
Summary
This topic summarizes the key points that were discussed in this lesson.
Summary
In this lesson we learned the features and functions of each
access point and bridge.
We learned which access points are lightweight or
autonomous only and which ones can support either
function.
We learned the power requirements for the access points and
bridges and the optional power injectors which are available
for some models of access points.
We learned optional antennas available for the Cisco Aironet
access points and bridges.
CWLF v1.0m2-22
In this lesson we learned the features and functions of each access point and bridge. We learned
which access points are lightweight or autonomous only and which ones can support either
function. We learned the power requirements for the access points and bridges and the optional
power injectors which are available for some models of access points. We learned optional
antennas available for the Cisco Aironet access points and bridges.
2-32
Lesson 2
Objectives
Upon completing this lesson, you will be able to identify the best client adapter product. This
ability includes being able to meet these objectives:
Describe the Cisco Aironet a/b/g client adapter product features and functionality
CWLF v1.0m2-2
The Cisco Aironet 802.11a/b/g Wireless PCI and CardBus Adapters provide high-performance
54-Mbps connectivity in the 2.4- and 5-GHz bands. Whether configured to support single IEEE
802.11b coverage, single IEEE 802.11g coverage, single IEEE 802.11a coverage, dual-mode
802.11a/g coverage, or tri-mode 802.11a/b/g coverage, the Cisco Aironet 802.11a/b/g Wireless
Client Adapters combine the freedom of wireless connectivity with the performance, security,
and manageability that businesses require. The following describes the two WLAN client
adapters:
2-34
Strong, mutual authentication to help ensure that only legitimate clients associate with
legitimate and authorized network RADIUS servers via authorized access points
IEEE 802.11i Wi-Fi Protected Access 2 (WPA2) Advanced Encryption Standard (AES)
support
Cisco Aironet 802.11a/b/g CardBus Wireless LAN Client Adapter: This 802.11a/b/gcompliant CardBus client adapter is ideal for laptops and tablet PCs. AIR-CB21AG-A-K9
(Federal Communications Commission [FCC] configuration)
Cisco Aironet 802.11a/b/g PCI Wireless LAN Client Adapter: This 802.11a/b/g-compliant
low-profile PCI client adapter is ideal for slim desktop and point-of-sale devices. AIRPI21AG-A-K9 (Federal Communications Commission [FCC] configuration)
CWLF v1.0m2-3
The Cisco Wireless IP Phone 7920 solution enables enterprise users to globally answer
business-critical calls anywhere on a corporate campus.
The Cisco Wireless IP Phone 7920 is equally adaptable for all mobile professionals, from
managers on the move or in an office environment to associates working in the warehouse, on
the sales floor, or in the call center. Nurses, doctors, educators, and IT personnel can also
increase their availability as ever-broadening ranges of industries adopt WLANs.
The solution allows enterprises the flexibility to add coverage and capacity as needed to meet
user needs. Additionally, the Cisco wireless IP communications solution operates seamlessly
with existing Cisco wired IP communications solutions on a single intelligent network.
When combined with the other Cisco IP Phones, the result is a complete range of feature-rich,
flexible, easy to use, and cost-effective communication devices. The following table provides
product specifications for Cisco Wireless IP Phone 7920.
SKU
Description
CP-7920-FC-K9
CP-7920-FC-K9
2-35
CWLF v1.0m2-4
The Cisco Compatible Extensions Program for WLAN devices provides tested compatibility
with licensed Cisco infrastructure innovations. Compatibility is assured through extensive,
independent testing of third-party devices. The Cisco Compatible Extensions Program enables
the widespread availability of wireless client devices that take advantage of the Cisco Aironet
wireless network, accelerating the availability of innovative features while maintaining
interoperability.
Approved devices are listed at http://www.cisco.com/go/ciscocompatible/wireless and can also
be found by looking for products displaying the Cisco Compatible logo.
2-36
Silicon
Provider
Writes driver
and
integrates
supplicants
Adapter
reference
design
Thirdparty test
facility
executes
test plan
Cisco Compatible
Extensions
reference design
Cisco
Compatible
Extensions
specification
from Cisco
Laptop OEM
Puts reference
design in
device
Specialized
Device Maker
Obtains
adapter,
modifies driver,
and integrates
supplicants
2005 Cisco Systems, Inc. All rights reserved.
Device
Device
Thirdparty test
facility
executes
test plan
Thirdparty test
facility Passed
Device
executes
test plan
Passed
device
CWLF v1.0m2-5
The WLAN market has grown exponentially as more users demand mobility in and out of the
office. Numerous client devices have been introduced to meet the challenges of device
mobility; these devices must interoperate securely with leading WLAN infrastructures and must
consistently provide the features that organizations require.
With the Cisco Compatible Extensions program, WLAN client suppliers (the program's
participants) license, at no charge, Cisco WLAN technology innovations in a specification.
Participants implement all elements of the specification and undergo extensive testing at an
independent third-party test lab. The testing helps to ensure support for innovative features
pioneered by Cisco Systems, as well as interoperability with Cisco WLAN infrastructure
products.
The Cisco Compatible Extensions program helps to ensure that client devices from a variety of
suppliers can leverage Cisco-based WLANs. To make it easy to find these devices, Cisco has
licensed the Cisco Compatible logo for use by participants whose products pass all tests at the
independent third-party test lab. Locating approved wireless devices is as easy as looking for
the logo. In addition, a complete listing of products that have earned the Cisco Compatible
designation can be found on Cisco.com, at http://www.cisco.com/go/ciscocompatible/wireless
under the link for Cisco compatible devices
The Cisco Compatible logo has recently changed. For a limited time, the former logo will also
be seen on products and collateral. The features and benefits of the program remain the sameonly the logo has changed.
2-37
V2
V3
V4
NAC (wireless)
EAP-TLS
PEAP-MSCHAP
Security
WEP
PEAP-GTC*
IEEE 802.1X WPA
LEAP*
Cisco TKIP*
WPA2
EAP-FAST
VLANs and
QoS
Multiple
SSIDs/VLA
Ns on AP
Wi-Fi Multimedia
(WMM)
eDCF
U-APSD
TSPEC CAC
Voice metrics
Voice over IP
Mobility and
Management
AP-assisted
roaming
CCKM with LEAP
Proxy ARP
information
element
Single sign on:
LEAP, EAP-FAST
AP-assisted
roaming
CCKM with EAPFAST
AP-assisted
roaming
CCKM with other
EAP types
AP-directed
roaming
Location
Keep Alive
Link test
CWLF v1.0m2-6
2-38
Standards
v1
v2
v3
v4
ASD
IEEE 802.11x
Wi-Fi compliance
optional
WEP
IEEE 802.1X
optional
optional
X
ASD
Security
v1
v2
v3
v4
WEP
IEEE 802.1X
optional
LEAP
PEAP with EAP-GTC (PEAP-GTC)
EAP-FAST
PEAP with EAP-MSCHAPv2 (PEAP-MSCHAP)
With PEAP-GTC
With EAP-FAST (ASD requires either LEAP, EAP-Fast, or
EAP-TLS)
With PEAP-MSCHAP
With LEAP
Copyright 2006, Cisco Systems, Inc.
2-39
With PEAP-GTC
With EAP-FAST
X
v1
AP-assisted roaming
v2
v3
v4
ASD
optional
With PEAP-MSCHAP
v1
v2
v3
v4
ASD
2-40
v2
v3
v4
ASD
See note
1
optional
Keep Alive
optional
Link Test
optional
v1
UPSD
Voice Metrics
Location
optional
2-41
Lesson Self-Check
Use the questions here to review what you learned in this lesson. The correct answers and
solutions are found in the Lesson Self-Check Answer Key.
Q1)
The Cisco Aironet a/b/g card comes in which two formats? (Choose two.) (Source:
Cisco Aironet a/b/g client card)
A)
B)
C)
D)
Q2)
The Cisco Wireless IP Phone 7920 supports which of the following 802.11 standards?
(Choose one.) (Source: Ciscos 7920 Wireless IP Phone)
A)
B)
C)
D)
Q3)
802.11b
802.11g
802.11a
802.11n
2-42
Compact flash
PCMCIA
PCI
CardBus
1
2
3
4
C,D
Q2)
Q3)
2-43
Summary
This topic summarizes the key points that were discussed in this lesson.
Summary
In this lesson we discussed the Cisco Aironet a/b/g client
adapter product features and functionality, the features and
functions of Ciscos 7920 Wireless IP Phone.
We also discussed the Cisco compatible extensions program
for extending Cisco wireless enhancements to other
manufacturers of client adaptors.
CWLF v1.0m2-8
In this lesson we discussed the Cisco Aironet a/b/g client adapter product features and
functionality, the features and functions of Ciscos 7920 Wireless IP Phone. We also discussed
the Cisco compatible extensions program for extending Cisco wireless enhancements to other
manufacturers of client adaptors.
2-44
Lesson 3
Objectives
Upon completing this lesson, you will be able to match the appropriate feature with the proper
management device. This ability includes being able to meet these objectives:
Describe network management, control and services for the Cisco Unified Wireless
Network
Describes the CiscoWorks Wireless LAN Solution Engine features and functionality
Describes the CiscoWorks Wireless LAN Solution Engine Express features and
functionality
Describe the product features and functionality of the Cisco Wireless Location Appliance
Describe the product features and functionality of the Integrated Service Routers
Describe product features and functionality of the 3200 Series Mobile Router
Describe the purpose and features of the Cisco Secure ACS Solution Engine
CWLF v1.0m2-2
Ciscos Unified Wireless Network supports both autonomous and lightweight access point
solutions.
The autonomous solution uses the CiscoWorks Wireless LAN Solution Engine (WLSE) to
provide WLAN management. The WLSE works with the Wireless Domain Service (WDS)
access point to provide Radio Management (RM). The WDS access point works with the Cisco
Secure Access Control Server (ACS) to provide fast secure roaming using Cisco Centralized
Key Management (CCKM).
2-46
CWLF v1.0m2-3
The lightweight solution uses the Wireless Control Server to provide WLAN management.
The WCS controls the Wireless Service Module (WiSM) in the Cisco Catalyst 6000 platform
and Cisco WLAN controllers which in turn control the lightweight access points via
Lightweight Access Point Protocol (LWAPP). Clients using 802.1X authentication methods
are authorized by the CiscoSecure ACS. In addition, Cisco has developed Proactive Key
Caching (PKC), an extension to the 802.11i standard and precursor to the 802.11r standard that
facilitates secure roaming with AES encryption and RADIUS authentication.
2-47
CWLF v1.0m2-4
The Cisco 2000 Series delivers Cisco's award-winning wireless LAN services to small and
medium-sized enterprise environments. It supports up to six lightweight access points, making
it a cost-effective solution for smaller buildings. With integrated Dynamic Host Control
Protocol (DHCP) services and zero-touch access point configuration, the Cisco 2000 Series is
also ideal for environments with limited onsite IT support, such as branch offices within a
distributed enterprise.
The Cisco 4400 Series Wireless LAN Controller is designed for medium to large size facilities
and is available in two models-the 4402 with two Gigabit Ethernet ports comes in
configurations that support 12, 25, and 50 access points, and the 4404 with four Gigabit
Ethernet ports supports 100 access points. The 4402 provides one expansion slot and the 4404
provides two expansion slots that can be used to add enhanced functionality in the future. In
addition, each 4400 WLAN Controller supports an optional redundant power supply to ensure
maximum availability.
Wireless LAN controllers are also available for the Cisco Catalyst 6500 and Integrated Services
Routers.
2-48
CWLF v1.0m2-5
The Cisco Catalyst 6500 Series Wireless Services Module (WiSM), part number WS-SVCWiSM-1-K9, provides unparalleled security, mobility, redundancy, and ease of use for
business-critical wireless LANs (WLANs). As a Cisco Catalyst 6500 Series module, it delivers
centralized security policies, wireless intrusion prevention system (IPS) capabilities, awardwinning RF management, quality of service (QoS), and Layer 3 fast secure roaming for
WLANs.
The Cisco WiSM is a member of the Cisco Wireless LAN Controller family. It works in
conjunction with Cisco Aironet lightweight access points, the Cisco Wireless Control System
(WCS) and the Cisco Wireless Location Appliance to support mission-critical wireless data,
voice, and video applications. It provides real-time communication between lightweight access
points and other WLAN controllers to deliver a secure and unified wireless solution.
The Cisco WiSM supports interoperability with Catalyst 6500 Series integrated services
modules such as the Firewall Services Module (FWSM), Intrusion Detection Services Module
(IDSM), Network Analysis Module (NAM), and IPSec VPN Services Module (VPNSM).
2-49
WiSM Capacity
Access Points per cluster
300
Uplink capabilities
8 Gbps
Firewall integration
Multiple redundancy
1:1, N+1,
CWLF v1.0m2-6
The Cisco WiSM scales to deliver secure, enterprise wireless access to main, branch, and
remote campuses. It is designed for medium-sized and large enterprise facilities with clustering
capabilities of up to 3600 lightweight access points per roaming domain. It scales to 300
lightweight access points per module with support for 10,000 plus wireless client devices. For
even greater scalability, the Cisco WiSM can be deployed in conjunction with other Cisco
Wireless LAN Controllers.
The Cisco WiSM extends the rich, intelligent network services of the Cisco Catalyst 6500
Series to the wireless edge. It supports interoperability with Catalyst 6500 Series integrated
services modules such as the FWSM, IDSM, NAM, and IPSec VPNSM.
Cisco delivers the highest level of reliability for mission-critical wireless networks. In the event
of an access point failure, the Cisco WiSM automatically adjusts power on adjacent lightweight
access points to cover the area where the failed access point provided service.
The Cisco Catalyst 6500 Series features are extended to wireless users via the Cisco WiSM.
The Cisco Catalyst 6500 Series Supervisor Engine 720's Layer 3 Stateful Switchover (SSO),
coupled with Cisco WiSM automated failover features, maximizes network uptime for wireless
traffic.
The Cisco WiSM supports N+1 and 1:1 redundancy topologies, allowing enterprises to scale
their wireless networks and protect them from both hardware and software disruptions.
N+1 redundancy supports single module failure redundancy for cost-effective WLAN
deployments.
1:1 redundancy supports full redundancy of each active Cisco WiSM in the network. Only the
Cisco WLAN solution allows users to control wireless deployment costs without sacrificing
reliability.
2-50
6503
6504
6506
6509
6513
1-3
5-6
7-8
10-13
CWLF v1.0m2-7
The WiSM requires a Supervisor 720 module in the Catalyst 6500. It requires native IOS
software version 12.2(18)SXF1 or higher with IP services feature set or higher.
The WiSM can operate in any Catalyst 6500 Series chassis. It is built on a 20-Gbps line card
and has 10 internal Gigabit interfaces. There are no physical interfaces on the WiSM so
network connectivity is achieved either through the Supervisor or line card uplinks.
The slots that support the WiSM are listed in the figure by chassis type.
2-51
Simplifying management
Out-of-the-box access point
deployment
Bulk configuration and upgrades
Real-time client tracking
CWLF v1.0m2-8
CiscoWorks WLSE is a centralized network management solution for managing the entire
Cisco Aironet autonomous WLAN infrastructure. As the management component of the Cisco
Wireless Core product feature set, CiscoWorks WLSE provides comprehensive air and radio
frequency (RF) and device-management capabilities in ways that simplify deployment, reduce
operational complexity, and provide administrators visibility into the WLAN. By automating
several RF and device-management tasks, CiscoWorks WLSE reduces the costs and time
needed for WLAN deployment, management, and security.
By using Cisco Aironet access points as air and RF monitors, CiscoWorks WLSE provides
WLAN intrusion detection and protection. As part of the WLAN Intrusion Detection System
(IDS), CiscoWorks WLSE quickly detects, locates, and disables unauthorized (rogue) access
points, helping to ensure that security policies are applied consistently throughout the network.
CiscoWorks WLSE further enhances the security of the WLAN by monitoring for unplanned
(ad-hoc or peer-to-peer) networks, unauthorized WLAN client networks, client spoofing, and
other WLAN attacks that may introduce security openings in the network. These capabilities
can benefit any organization, including those that have not formally deployed WLANs but want
to guard against intruders.
2-52
Note
The WLSE 1130 series can manage 2,500 access points and wireless bridges and up to
5,000 radios if you are using only network management features.
Note
If you are also using radio management features, the WLSE can manage 1,800 access
points and 3,600 radios.
Note
When you are using only network management features, after you have placed 2,500
access points under management, warning messages are displayed each time you add
more devices to the Managed folder. After 2,550 devices are under management, no
additional devices can be placed in the Managed folder. Device discovery continues after
the absolute limit (2,550 access points) is reached, but no additional devices can be placed
under management.
2-53
WLSE Express
Enhancing security
Rogue access point detection, location,
and suppression
Scan-only access point mode for
Intrusion Detection System (IDS)
Simplifying management
Out-of-box access points deployment
Bulk configuration and upgrades
Real-time client tracking
EAP-FAST
PEAP
EAP-TLS
EAP-Cisco Wireless (LEAP)
CWLF v1.0m2-9
CiscoWorks WLSE Express is the integrated security and management solution for managing
Cisco Aironet autonomous access points located in one or multiple locations. CiscoWorks
WLSE Express can manage up to 50 Cisco Aironet access points or up to 100 Cisco Aironet
access points through an optional license upgrade.
As a management component of the Cisco Core Feature set for enterprise branch and small and
medium-size businesses CiscoWorks WLSE Express provides comprehensive air and RF and
device-management capabilities in ways that simplify deployment, reduce operational
complexity, and provide administrators visibility into the WLAN. By automating several RF
and device-management tasks, CiscoWorks WLSE Express reduces the costs and time needed
for WLAN deployment, management, and security.
By using Cisco Aironet access points as RF air monitors, CiscoWorks WLSE Express provides
WLAN intrusion detection and protection. As part of the WLAN IDS, CiscoWorks WLSE
Express quickly detects, locates, and disables unauthorized (rogue) access points, helping to
ensure that security policies are applied consistently throughout the network. CiscoWorks
WLSE Express further enhances the security of the WLAN by monitoring for ad-hoc networks,
unauthorized WLAN client networks, client spoofing, and other WLAN attacks that may
introduce security openings in the network. These capabilities can benefit any organization,
including those that have not formally operationalized WLANs but want to guard against
intruders.
CiscoWorks WLSE Express also provides an integrated and embedded user authentication and
authorization server, making it an ideal solution for remote branch-office deployments with
limited WAN bandwidth. It supports popular Extensible Authentication Protocol (EAP) types
including Cisco LEAP, Protected EAP (PEAP), EAP Flexible Authentication via Secure
2-54
2-55
Benefits
Lower OPEX and CAPEX
Better visibility and control of the air
space
Consolidate functionality into a single
management system
CWLF v1.0m2-10
The Cisco WCS is the industry's leading platform for wireless LAN planning, configuration,
and management. It provides a powerful foundation that allows IT managers to design, control,
and monitor enterprise wireless networks from a centralized location, simplifying operations
and reducing total cost of ownership. Cisco WCS is a component of Ciscos Unified Wireless
Network advanced feature set.
With Cisco WCS, network administrators have a single solution for RF prediction, policy
provisioning, network optimization, troubleshooting, user tracking, security monitoring, and
wireless LAN systems management. Robust graphical interfaces make wireless LAN
deployment and operations simple and cost-effective. Detailed trending and analysis reports
make Cisco WCS vital to ongoing network operations.
The Cisco WCS runs on a server platform with an embedded database. This provides the
scalability necessary to manage hundreds of Cisco Wireless LAN Controllers, which in turn
can manage thousands of Cisco Aironet lightweight access points. Cisco wireless LAN
controllers can be located on the same LAN as Cisco WCS, on separate routed subnets, or
across a wide-area connection. All Cisco wireless LAN controller models can be managed by
Cisco WCS including enterprise-class stand-alone wireless LAN controllers such as the 4400
and 2000 Series as well as the Cisco Catalyst 6500 Series Wireless Services Module and the
Cisco Wireless LAN Controller Module for Integrated Services Routers.
The Cisco WCS is available in two product versions:
2-56
Cisco WCS provides central management for Cisco lightweight access points and WLAN
controllers. This includes RF management, mobility management, a centralized policy
engine for security and QoS configuration, intrusion prevention (including rogue access
points), planning and design tools, alarm collection, reporting tools, and other awardwinning wireless LAN management features.
Cisco WCS with location adds high-accuracy location tracking and RF mapping to the
WCS system. This enables IT staff to accurately track mobile devices on (such as wireless
clients) and security threats (such as rogue access points) to within a few meters. This is an
on demand tracking for a single device which provides its current location.
Windows 2000 SP4 or greater, Windows 2003 SP1 or greater, or Redhat Enterprise Linux
ES v3.0
Over 500 access points: Dual Processors (At least 2.4 GHz each) with minimum 2 GB
RAM
20 GB hard drive
2-57
CWLF v1.0m2-11
By design, the Cisco Wireless Location Appliance is directly integrated into the WLAN
infrastructure to lower customers total cost of ownership and extend the value and security of
the existing WLAN infrastructure by making it location aware. The Cisco Wireless Location
Appliance uses Cisco Wireless LAN Controllers and Cisco lightweight access points to track
the physical location of many wireless devices simultaneously with recorded history to within a
few meters.
The Cisco Wireless Location Appliance uses the same Cisco lightweight access points that
deliver traffic as location readers for 802.11 wireless clients and Wi-Fi tags. These access
points collect received-signal-strength-indication (RSSI) information from all Wi-Fi devices,
including Wi-Fi enabled laptops, voice handsets, Wi-Fi tags, rogue (unauthorized) devices and
rogue access points. The collected RSSI information is then sent through the Lightweight
Access Point Protocol (LWAPP) to the Cisco Wireless LAN Controllers or certain wireless
integrated switches. The Cisco Wireless LAN Controllers then aggregate the RSSI information
and send it to the Cisco Wireless Location Appliance through Simple Network Management
Protocol (SNMP).
Once network maps and access points are added to the appliance, RF predictions and heatmaps
can be generated to graphically display the location of thousands of devices on the site's floor
plans. The Cisco WCS displays its location information visually, providing an immediate
location application for customers who want to enhance their RF capacity management, utilize
location based security and have asset visibility for WLAN devices. This location information
is also available to third-party applications through a Simple Object Access Protocol/Extensible
Markup Language (SOAP/XML) API on the appliance, creating an extensible foundation for a
host of rich location based applications.
2-58
CWLF v1.0m2-12
The modular Cisco 1800, 2800, and 3800 series as well as the fixed-configuration Cisco 800
and 1800 series integrated services routers offer the industrys most comprehensive suite of
wireless services to enable productivity enhancements for wireless enterprise branch offices,
small to medium-sized businesses, public WLAN and Wi-Fi hotspots, small remote offices, and
teleworker environments.
The following wireless solutions can be applied to selected models of the Cisco Integrated
Services Router portfolio:
WLAN Connectivity: Integrated 802.11 WLAN access points are supported as an option
with the entire portfolio of integrated services routers, including the Cisco 800 and 1800
series fixed-configuration wireless routers and the Cisco 1800, 2800, and 3800 series
modular routers, each available with a built-in access point or a high-speed WAN interface
card (HWIC) access-point module.
Small hotspots requiring a single access point and AZR services can be served by a
single integrated services router with an integrated access point (Cisco 800, 1800,
2800, and 3800 integrated services routers)
Hotspots requiring multiple access points and AZR services or Power over Ethernet
(PoE) can be supported with an integrated services router and Cisco Aironet access
points (Cisco 1800, 2800, and 3800 integrated services routers)
2-59
2-60
Land Mobile Radio (LMR) over IP: LMR-over-IP services, also known as push-to-talk,
are supported on selected integrated services routers (Cisco 2800 and 3800 routers)
significantly expand the scope of push-to-talk radio communications to include remoteaccess and dispatch operations from a variety of communications devices (IP telephones,
analog telephones, cellular telephones, and so on as well as interoperability among
disparate radio systems to enhance productivity and collaboration capabilities for radio
users at:
WLAN and wired IP telephony support with Cisco CallManager Express (CCME)
and Survivable Remote Site Telephony (SRST).
Customized guest access solutions for large enterprises are enabled with SSG and
the Cisco CNS Subscriber Edge Services Manager (SESM).
The Mobile IP Home Agent helps enable transparent mobility and application
session continuity for mobile users and mobile networks when they roam across IP
network boundaries and different access network types, such as WLAN and mobile
(cellular) 2.5- and third generation (3G) networks. The following table lists the
integrated service routers by model and the number of access points it supports.
Model #
800
Series
1800
Series
1841
2801
2811
2821
2851
3825
3845
Other Routers
Local
Authentication
50
50
50
50
100
100
200
500
1000
Number of
LEAP clients
supported
WDS
Number of
access points
supported
Cisco 2600XM 50
X
10
10
20
50
100
Cisco 374550
Cisco 372525
Cisco 269110
Cisco 2600XM5
2-61
CWLF v1.0m2-13
The Cisco Wireless LAN Controller Module allows small and medium-sized businesses and
enterprise branch offices to cost-effectively deploy and manage secure WLANs. The module
provides unparalleled security, mobility, and ease of use for business-critical WLANs,
delivering the most secure enterprise-class wireless system available. As a Cisco Integrated
Services Router module, it delivers centralized security policies, wireless intrusion prevention
system (IPS) capabilities, award-winning RF management, QoS, and Layer 3 fast secure
roaming for WLANs. The Cisco Wireless LAN Controller Module manages up to six Cisco
Aironet lightweight access points and is supported on Cisco 2800 and 3800 Series integrated
services routers (excluding Cisco 2801 routers)and Cisco 3700 Series routers.
The Cisco Wireless LAN Controller Module is a member of the Cisco Wireless LAN controller
product family. It works in conjunction with Cisco Aironet lightweight access points, the Cisco
WCS, and the Cisco Wireless Location Appliance to support mission-critical wireless data,
voice, and video applications.
The Cisco Wireless LAN Controller Module provides zero-touch access point deployment and
configuration, making it easy for IT managers to extend secure wireless networks to branch
offices. The Cisco Wireless LAN Controller Module eliminates the need to individually
configure, manage, and monitor each access point. In conjunction with Cisco LWAPP-enabled
access points and the Cisco WCS, the Cisco Wireless LAN Controller Module minimizes
deployment and operational costs, allowing businesses with limited IT staffs to easily deploy
and manage wireless networks across hundreds of remote sites.
The Cisco Wireless LAN Controller Module enables enterprises to create and enforce policies
that support business-critical applications. From voice and data services to location tracking,
the Cisco Wireless LAN Controller Module provides the manageability and performance that
IT managers require to extend their secure enterprise-class 802.11 wireless networks to branch
offices.
2-62
CWLF v1.0m2-14
The Cisco 3200 Series Wireless and Mobile routers are rugged Cisco IOS software routers with
integrated Federal Communications Commission (FCC) licensed 4.9 GHz and 802.11b/g
wireless functionality. With a flexible, compact form factor, they are ideally suited for
integration in vehicles or outdoor environments. The Cisco 3200 Series routers offer secure
data, voice, and video communications across a wide range of different wireless and wired
networks. Standards-based mobile IP delivers transparent roaming for mobile applications, and
Cisco IOS software provides security, manageability, and scalability along with interoperability
between networks while allowing for future network expansions and upgrades.
The Cisco 3200 Series offers public safety, homeland security, and transportation agencies in
cities, as well as defense customers, the following key solution benefits:
robust router in a modular compact design, ideally suited to create mobile networks in
and around vehicles and to build outdoor broadband wireless infrastructure across wide
geographic areas
Standards-based connectivity for a wide range of LAN and WAN wired or wireless links,
including integrated FCC licensed 4.9 GHz and 802.11b/g wireless capabilities, with
upgradeability to future wireless technologies
Always-on wireless access for vehicle networks with easy mobility through mobile IP
regardless of location or movement
Advanced IP services through standards-based Cisco IOS software, offering robust network
security, reliability, QoS, and remote management functions
2-63
CWLF v1.0m2-15
Cisco Secure ACS provides a centralized identity networking solution and simplified usermanagement experience across all Cisco devices and security-management applications. Cisco
Secure ACS ensures enforcement of assigned policies by allowing network administrators to
control the following:
2-64
The access and command controls enabled for each configuration administrator.
Multivendor mix of tools. Medium and large enterprises seldom deploy a single network
management product.
Faults generated by the CiscoWorks WLSE. The CiscoWorks WLSE does not exist in a
management vacuum. All faults generated by the CiscoWorks WLSE can be forwarded to a
centralized event management system like Tivoli NetView or Hewlett-Packard OpenView
as a northbound SNMP trap or syslog notification. This capability allows customers to
leverage the powerful fault- and performance-monitoring feature of the CiscoWorks WLSE
with powerful applications-intelligent event correlation tools.
CWLF v1.0m2-16
The Cisco Secure ACS software is available as a dedicated 1-RU security-hardened appliance.
The Cisco Secure ACS software includes support for the following authentication protocols
used by WLANs:
EAP-TLS
EAP-FAST
EAP-PEAP
GTC
MSCHAPv2
2-65
Lesson Self-Check
Use the questions here to review what you learned in this lesson. The correct answers and
solutions are found in the Lesson Self-Check Answer Key.
Q1)
Which of the following is used to provide control of the WLAN in a network using the
advanced feature set? (Choose 1) (Overview)
A)
B)
C)
D)
Q2)
How many lightweight access points can a WiSM module control? (Choose one.)
(Source: Wireless Services Module)
A)
B)
C)
D)
Q3)
50
100
300
500
How many autonomous access points can a WLSE control? (Choose one.) (Source:
Wireless LAN Solutions Module)
A)
B)
C)
D)
1000
150
2000
2500
Q4)
How many autonomous access points can a WLSE express control? (Source: Wireless
LAN Solutions Engine Express)
Q5)
The Cisco WCS can manage which of the following access points? (Choose two.)
(Source: Cisco Wireless Control System)
A)
B)
C)
D)
Q6)
Q7)
The Cisco Wireless LAN Controller Module can control how many lightweight access
points? (Choose one.) (Source: Cisco Integrated service Routers with Wireless
Support)
A)
B)
C)
D)
2-66
WCS
WLSE
WDS AP
Location Manager
6
12
24
48
Q8)
The Cisco 3200 Series Mobile router has wireless modules for which non 802.11
frequency? (Choose one) (Source: Cisco 3200 Series Mobile router)
A)
B)
C)
D)
Q9)
900 MHz
1.9 GHz
4.9 GHz
5.8 MHz
List the five EAP types supported by the CiscoSecure ACS. (List five.)
2-67
2-68
Q1)
Q2)
Q3)
Q4)
100
Q5)
Lightweight
Q6)
Q7)
A,C
Q8)
Q9)
Summary
This topic summarizes the key points that were discussed in this lesson.
Summary
In this lesson we discussed the features and
functions of the following Cisco Wireless Products:
Cisco Wireless Services Module (WiSM)
CiscoWorks Wireless LAN Solution Engine (WLSE)
CiscoWorks Wireless LAN Solution Engine Express
Cisco Wireless Control System (WCS)
Cisco Wireless Location Appliance
Cisco Integrated Services Routers
Cisco 3200 Series Mobile Router
CiscoSecure ACS Solution Engine
CWLF v1.0m2-18
2-69
2-70
Lesson 4
Objectives
Upon completing this lesson, you will be able to describe the importance of various WLAN
features. This ability includes being able to meet these objectives:
List the software support features of all Cisco Aironet access points
Describe the importance of quality of service features for voice, video, and e-mail
Software Support
This topic describes the software support features of all Cisco Aironet access points.
CWLF v1.0m2-2
Cisco IOS software: Cisco Aironet products leverage the same Cisco IOS software that powers
Cisco switches and routers, enabling customers to extend common services, management tools,
and interfaces across their wired and wireless networks.
Wireless Domain Service (WDS): WDS is a collection of Cisco IOS software features that
enhance WLAN client mobility and simplify WLAN deployment and management. WDS
includes aggregation of air and RF measurements. All access points in a subnet detect and
securely register, via IEEE 802.1X, with the WDS. The WDS aggregates client and access
points RF measurements for RF managed services such as rogue access point detection,
interference detection, and assisted site surveys. The currently supported WDS feature set
includes fast secure roaming for layer 2 and 802.1X local authentication.
Virtual LAN (VLAN) Support: Allows segmentation of up to 16 user groups, creating
increased system flexibility by allowing differentiation of LAN policies and services, such as
security and QoS, for different users.
Mobility: For the autonomous access points, fast 802.1X reauthentication is dependent on
Cisco Centralized Key Management (CCKM), a protocol for key management. When Cisco
Centralized Key Management is used by both the 802.1X authenticator (typically the access
point or a local network device with which the access point interacts) and the client, 802.1X
reauthentication does not involve the authentication server, and the number of messages is
reduced greatly. The result is 802.1X reauthentication in a few milliseconds.
Wireless LAN Context Control Protocol (WLCCP): Protocol used by the Cisco Works
Wireless LAN Solution Engine (WLSE) to authenticate with a device that provides WDS to the
wireless LAN network.
Quality of Service (QoS): QoS refers to the capability of allocating shared network resources
in such a way that selected network traffic, such as that for voice and multimedia applications,
and receives better service.
2-72
CWLF v1.0m2-3
Follow-me VPNs, which enable clients to maintain VPN tunnels when roaming
Proactive Key Caching (PKC), helping to ensure fast, scalable roaming in 802.11i
environments
Context transfer of security and QoS policies, allowing users identities to follow them as
they roam
Multiple VLANs can be assigned to individual access points each with its own quality of
service (QoS) policies.
2-73
WLAN Controller
Self-signed
X.509
Certificates
Access point
A unknown access point will not be able to spoof a Cisco access point since a X.509
certificate is used to set up the connection and encryption keys are dynamically set and
rotated
2005 Cisco Systems, Inc. All rights reserved.
CWLF v1.0m2-4
The LWAPP is used to encrypt and secure control traffic between the access point and
controller. UDP control messages are encrypted with an X.509 certificate using Advanced
Encryption Standard (AES) encryption algorithm using Counter Mode with Cipher Block
Chaining Message Authentication Code Protocol (CCMP). Data traffic is not encrypted in
LWAPP.
2-74
Switch/Routed
Network
P
AP
LW
Mobility management
Remote RF interface
Encryption downstream
Decryption upstream
CWLF v1.0m2-5
Split MAC design allows the splitting of 802.11 protocols between the Cisco Aironet
Lightweight access point which handles real-time portions of the protocol and the WLAN
controller which handles those items which are not time sensitive.
The access point handles the portions of the protocol that have real-time requirements, which
includes:
The frame exchange handshake between a client and access point when transferring a
frame over the air
The buffering and transmission of frames for clients in power save operation
Providing real-time signal quality information to the controller with every received frame
Monitoring each of the radio channels for noise, interference and other WLANs,
Encryption and decryption except in the case of virtual private network (VPN) or IPSec
clients
All remaining functionality is handled in the Cisco WLAN controller, whereby time-sensitivity
is not a concern, and controller-wide visibility is required.
Some of the MAC-layer functions provided in the WLAN controller include:
802.11 authentication
2-75
Dynamic RF Management
Channel assignment
Management
Control
Coverage hole
management
Data
Load balancing
Capacity management
LWAPP
CWLF v1.0m2-6
Real-time RF management is the key to the Cisco lightweight wireless solution, and a unique
product differentiator. The Cisco Wireless LAN Controller uses dynamic algorithms to create
an environment that is completely self-configuring, self-optimizing, and self-healing, making
Cisco WLANs ideal for the delivery of secure and reliable business applications. This is done
via the following specific Radio Resource Management (RRM) functions:
2-76
CWLF v1.0m2-7
Noise
802.11 interference
Utilization
Client load
The Cisco Wireless LAN Controller combines the RF characteristic information with intelligent
algorithms to make system-wide decisions. Conflicting demands are resolved using soft
decision metrics that guarantee the best choice for minimizing network interference. The end
result is the optimal channel configuration in a three-dimensional space, where access points on
the floor above and below play a major factor in an overall WLAN configuration.
Proper access point transmit power settings are essential for smooth WLAN operations. This is
also required for network redundancy and helping to ensure real-time failover in the event of
access point loss.
The Cisco Wireless LAN Controller is used to dynamically control access point transmit power
based on real-time WLAN conditions. In normal instances, power can be kept low to gain extra
capacity and reduce interference. The Cisco lightweight solution will attempt to balance access
points such that they see their neighbors at -65 dBm, based on best practices experience.
If a failed access point is detected, power can be automatically increased on surrounding access
points to fill the gap created by the loss in coverage. WLAN solutions that only allow for static
configuration of transmit power are severely limited in their ability to support dynamic network
requirements.
2-77
CWLF v1.0m2-8
WLAN capacity is only effective if clients can be load-balanced in such a way that they take
advantage of this capacity. Unfortunately, not all clients are able to make their own decisions
on this front, even if it would result in better performance. For example, all users in a
conference room can associate with a single access point due to its close proximity, ignoring
other access points that are farther away but much less utilized.
The Cisco Wireless LAN Controller provides a centralized view of client loads on all access
points. This can be used to influence where new clients attach to the network. In addition, if set
up to do so, the Cisco lightweight wireless solution can proactively herd existing clients to new
access points to improve WLAN performance. This results in a smooth distribution of capacity
across an entire wireless network.
2-78
Security
This topic describes the security features of all Cisco Aironet access points.
Security Suite
IEEE 802.11i
Supports the Wi-Fi Alliance security certifications
Wi-Fi Protected Access (WPA)
Wi-Fi Protected Access 2 (WPA2)
IEEE 802.1X
Data encryption:
CWLF v1.0m2-9
Based on the IEEE 802.1X standard for port-based network access, the Cisco Wireless
Security Suite takes advantage of the Extensible Authentication Protocol (EAP) framework
for user-based authentication. This solution also supports Wi-Fi Protected Access (WPA),
the new Wi-Fi Alliance specification for interoperable, standards-based wireless LAN
security.
The Cisco Wireless Security Suite interoperates with a range of client devices. It supports
most 802.1X authentication types, including Extensible Authentication Protocol-Flexible
Authentication via Secure Tunnel (EAP-FAST), Extensible Authentication Protocol-Cisco
Wireless (LEAP), Extensible Authentication Protocol-Transport Layer Security (EAP-TLS)
and types that operate over EAP-TLS, such as Protected Extensible Authentication Protocol
(PEAP), EAP-Tunneled TLS (EAP-TTLS) and EAP-Subscriber Identity Module (EAPSIM). A wide selection of RADIUS servers, such as the Cisco Secure Access Control
Server (ACS), can be used for enterprise-class centralized user management that includes:
Strong, mutual authentication to ensure that only legitimate clients associate with
legitimate and authorized network RADIUS servers via authorized access points
2-79
VLAN 100
Guest access
No central security
Broadcasting SSID: Guest
VLAN 103
802.1X security
SSID: QOS
VLAN 101
Specialized user
Static WEP
Not broadcasting
SSID: static
VLAN 102
Corporate user
802.1X security
SSID: secure
CWLF v1.0m2-10
Advanced Products
Each Cisco Wireless LAN Controller can support up to 512 VLAN instances.
The Cisco Wireless LAN Controller can control up to 16 wireless LANs for each lightweight
access points. Each wireless LAN has a separate wireless LAN ID (1 through 16), a separate
wireless LAN SSID (wireless LAN name), and can be assigned unique security policies.
The Cisco lightweight access points broadcast all active Cisco WLAN solution wireless LAN
service set identifier (SSID)s and enforce the policies defined for each wireless LAN.
Note
2-80
Cisco recommends that you assign one set of VLANs for wireless LANs and a different set
of VLANs for Management Interfaces to ensure that controllers properly route VLAN traffic.
Quality of Service
This topic describes the importance of quality of service features for voice, video, and e-mail.
2-81
Lesson Self-Check
Use the questions here to review what you learned in this lesson. The correct answers and
solutions are found in the Lesson Self-Check Answer Key.
Q1)
Which protocol is used for autonomous access points for radio monitoring and
management? (Choose one.) (Source: Software Support)
A)
B)
C)
D)
Q2)
Which protocol supports split MAC operation for Ciscos Wireless Advanced
Products? (Choose one.) (Source: Software Support)
A)
B)
C)
D)
Q3)
CCKM
LWAPP
WLCCP
SNMP
WPA2 requires the support of which of the following encryption algorithms? (Choose
one.) (Source: Security)
A)
B)
C)
D)
WEP
TKIP
CKIP/CMIC
AES
Q4)
The Cisco Wireless LAN controller can support up to ______ VLANs per lightweight
access point. (Source: VLANS)
Q5)
WMM is a subset of which of the following 802.11 standards? (Choose one.) (Source:
Quality of Service)
A)
B)
C)
D)
2-82
CCKM
LWAPP
WLCCP
SNMP
802.11c
802.11e
802.11h
802.11n
Q2)
Q3)
Q4)
16
Q5)
2-83
Summary
This topic summarizes the key points that were discussed in this lesson.
Summary
In this lesson, we discussed the software features in both the
core products and the advanced products.
In the core products, we discussed the IOS operating system,
VLANs, WDS, CCKM, and WLCCP.
In the advanced products we discussed LWAPP and Ciscos
Split MAC Architecture, Dynamic RF Management, REAP,
and Mobility.
We also discussed security, VLAN support and QoS features
that are supported across the entire wireless product line.
CWLF v1.0m2-13
In this lesson, we discussed the software features in both the core products and the advanced
products. In the core products, we discussed the IOS operating system, VLANs, WDS, CCKM,
and WLCCP. In the advanced products we discussed LWAPP and Ciscos Split MAC
Architecture, Dynamic RF Management, REAP, and Mobility. We also discussed security,
VLAN support and QoS features that are supported across the entire wireless product line.
2-84
Module Summary
This topic summarizes the key points that were discussed in this module.
Module Summary
In this module, the detailed technical features, functions and
benefits of the WLAN product offerings available from Cisco
were discussed.
The key features of Wireless LAN Access Points, Bridges,
Antennas and Accessories were described.
WLAN Clients and from Cisco and Cisco Compatible Clients
were described.
WLAN Network Management, Control, and Services features
and functions were discussed.
Access Point Enterprise-Class Features such as software
support, security, virtual LAN support, and quality of service
were described.
CWLF v1.0m2-1
In this module, the detailed technical features, functions and benefits of the WLAN product
offerings available from Cisco were discussed. Specifically, the key features of Wireless LAN
Access Points, Bridges, Antennas and Accessories were described. The WLAN Clients and
from Cisco and Cisco Compatible Clients were described. WLAN Network Management,
Control, and Services features and functions were discussed. And Access Point EnterpriseClass Features such as software support, security, virtual LAN support, and quality of service
were described.
1-85
1-86
Module 3
Wireless Bridges
Overview
This module explores the concept of using wireless devices to create a Layer 2 bridge.
Module Objectives
Upon completing this module, you will be able to define concepts and describe considerations
for deploying wireless bridges. This ability includes being able to meet these objectives:
Select the appropriate wireless bridge model and describe how it offers a better solution
than other alternatives
Determine the feasibility of these locations and make recommendations for changes where
needed
3-2
Lesson 1
Objectives
Upon completing this lesson, you will be able to select the appropriate wireless bridge model
and describe how it offers a better solution than other alternatives. This ability includes being
able to meet these objectives:
Describe the 1300 Series wireless bridge product performance and deployment
Define available channels and maximum power levels for each antenna
Describe the 1400 Aironet Series Access Point and Bridge product performance and
deployment
Define available channels and maximum power levels for each antenna
Describe deployment scenarios for the 1300 and 1400 series bridges
Bridging Defined
Networked
Networked through
through
wireless
wireless bridges
bridges
CWLF v1.0m3-2
In a dynamic business environment, the most successful organizations will be the ones that are
most adaptive to change. As offices open and close, merge and consolidate their operations, and
expand into new markets, organizations must modify their networks accordingly to keep up
with the latest business changes. Extending the network to outdoor locations, new buildings
over long distances, or even across a street can be especially challenging.
Business does not happen just indoors, as wireless LAN (WLAN) devices proliferate, the need
to provide them connectivity extends outdoors. Applications such as hot spots, outdoor
surveillance, outdoor inventory control, or outdoor baggage handling all stretch the need for
WLAN access. Also, it is not just providing access to client devices, remote networks need to
be connected as well. These networks could be in remote buildings, or mobile networks that are
located outside. These applications can be deployed cost-effectively with equipment designed
specifically for these environments.
Wireless bridges are typically used to connect two or more networks together. These networks
are typically located in buildings that lie within a few miles of each other. This is the most
common use for a wireless bridge, but there are other uses as well. The Cisco Aironet 1400
Series Wireless Bridge is used for bridging purposes only, and it does not communicate with
clients.
Link role flexibility released with Cisco IOS software release 12.3(7)J1 provides both access
point and bridge functions through configuration of each radio as an access point, repeater, root
bridge, non-root bridge, or workgroup bridge. This array of configuration flexibility enables
Cisco Aironet 1300, 1230, and 1240 Series Access Points to address several bridging
applications.
3-4
Cisco Aironet bridges operate at the MAC address layer (data link layer), which means they
have no routing capabilities. A router must be put in place if IP subnetting is needed within the
network.
The Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access Point is cable of both pointto-point and point-to-multipoint bridging, but is primarily intended for Mesh networking.
Wireless Bridges
3-5
Non-root
Root
Non-root
Point-to-Point
Point-to-Multipoint
Non-root
Non-root
2006 Cisco Systems, Inc. All rights reserved.
CWLF v1.0m3-3
Cisco Aironet bridges can be configured to operate in many different modes. By operating a
wireless bridge in access point (AP) mode, wireless networks can be built that will support a
number of end users in separate locations. This is the function of the role in radio network
parameter. The 1400 Series Bridges only support two roles in the radio network which includes
root radio or non-root radio.
Note
3-6
PAP
RAP
Rooftop Access
Point (RAP)
Poletop Access
Point (PAP)
Point-to-Multipoint
PAP
Controller
RAP
PAP
CWLF v1.0m3-4
Rooftop Access Points (RAPs): This access point is connected to the wired network, and
serves as root or gateway to the wired network.
Poletop Access Points (PAPs): The PAPs are the remote access points or non-root.
Note
The 1500 Series Meshing Access Point will be covered in the Mesh Networking module.
Wireless Bridges
3-7
Medium
Phone lines
Cable/digital
subscriber line
(DSL)
Drawbacks
Recurring costs
56K, E1, T1
Fiber
Microwave
Installation
costs
Installation
costs
Installation
costs
Licensing
required
Reliability, speed,
recurring cost
Recurring cost
Physical barriers
may preclude
High cost
CWLF v1.0m3-5
Cisco Aironet bridges offer many advantages over other more costly alternative connections.
Some alternatives include T1 lines, cabling, and microwave connections.
A T1 line typically costs from $200 to over $1,000 per month. For a site with four buildings,
the cost could be anywhere from $10,000 to $36,000 per year. If such sites were connected via
Cisco Aironet bridges, the payback for the hardware costs incurred could actually be realized in
less than a single year.
In some cases where T1 is not available, or the buildings are located on the same property, an
underground cable could be installed. Trenching today can cost over $100 per foot, depending
upon the task. To connect three buildings located 1000 feet from each other could cost more
than $200,000.
Another popular option for smaller businesses may be a cable or digital subscriber line (DSL)
modem. This solution sometimes offers faster download speeds, but slower upload speeds.
Reliability is often an issue. Users are often forced to share connections with other nearby
businesses, sometimes causing a sacrifice in speed.
With microwave, a U.S. Federal Communications Commission (FCC) license is required. The
cost of the equipment is typically over $10,000 per site, not including installation items. In
heavy fog, rain, or snow, performance is questionable. Multipoint connections are usually not
possible.
3-8
CWLF v1.0m3-6
Bridging has quickly become one of the most popular uses of wireless networks. This is partly
due to the ease of installation and setup. But it is also due to the variety of emerging markets
where WLAN bridging can be applied. Outdoor wireless products are useful in many situations
to include:
Wireless Bridges
3-9
CWLF v1.0m3-7
The Cisco Aironet 1300 Series provides high-speed and cost effective wireless connectivity
between multiple fixed or mobile networks and clients. Building a metropolitan area wireless
infrastructure with the Cisco Aironet 1300 Series provides deployment personnel with a
flexible, easy to use solution that meets the security requirements of wide area networking
professionals. Typical applications for the Cisco Aironet 1300 Series Outdoor Access
Point/Bridge include:
3-10
CWLF v1.0m3-8
The Cisco Aironet 1300 Series supports the IEEE 802.11b and IEEE 802.11g standards, and
provides data rates of 54-Mbps. Cisco makes the maintenance and installation of the Cisco
Aironet 1300 Series easy by integrating it with your wired network via the Cisco Core Feature
set WLAN solution. Based on Cisco IOS operating system, the Cisco Aironet 1300 Series
provides advanced features such as fast secure Layer 2 roaming, quality of service (QoS), and
virtual LANs (VLAN)s.
The key performances of the Cisco Aironet 1300 Series are as follows:
Maximum transmit power of 100 milliwatt (mW) for 802.11b and 30 mW for 802.11g
For vehicle installed deployments, over 100 km per hour speeds at 12- and 24-Mbps with
128 byte packets at 1 percent Packet Error Rate (PER)
Security with support for Wi-Fi Protected Access Two (WPA2) and Advanced Encryption
Standard (AES) encryption
Wireless Bridges
3-11
3-12
CWLF v1.0m3-9
Wide operating temperature range of 22 degrees Fahrenheit to 131 degrees Fahrenheit (-30
degrees Celsius to 55 degrees Celsius), Humidity 0 to 100 percent
Supports QoS for trunking in excess of 24 voice over IP (VoIP) circuits and data over
point-to-point links.
Engineered specifically for harsh outdoor environments, yet also capable of indoor
deployments, the Cisco Aironet 1300 Series is ideal for WLANs requiring external access
points. There is a digital thermometer inside the Cisco Aironet 1310 Series Bridge. When
the internal ambient gets to 85 degrees Celsius (185 degrees Fahrenheit), IOS shuts off the
radio in an attempt to lower internal ambient temp. Once the temp gets back to 82 degrees
Celsius, the radio is turned back on.
Point-to-multipoint range
1.1 miles @ 54 Mbps (12 dBi omni / 13 dBi captive)
9.5 miles @ 11 Mbps (12 dBi omni / 21 dBi external antenna)
*: In FCC configuration
2006 Cisco Systems, Inc. All rights reserved.
CWLF v1.0m3-10
Point-to-multipoint range
Note
The distances referenced here are approximations and should be used for estimation
purposes only.
Wireless Bridges
3-13
Americas (-A)
EMEA (-E)
Japan (-J)
Channel ID
(MHz)
CCK
OFDM
CCK
OFDM
CCK
2412
*OFDM
X
2417
X
X
2422
2427
2432
X
X
2437
2442
2447
2452
10
2457
11
2462
12
2467
13
2472
14
2484
20
10
10
10
100
30
CWLF v1.0m3-11
Different countries have different regulatory bodies and may have as many as 13 channel sets
available. In some countries, this may mean that the number of nonoverlapping channels is
reduced to one, and an aggregate data rate of 33 Mbps may not be possible.
Japan has not approved Orthogonal Frequency Division Multiplexing (OFDM) for channel 14.
Channel 14 requires a special filtering bit set on the physical radio interface which allows the
spectrum to meet Japans spread rule of 10:1
The following website gives an up-to-date listing of the countries that belong to each regulatory
domain (regulatory domain information may change):
http://www.cisco.com/warp/public/779/smbiz/wireless/approvals.html
3-14
AIR-ANT2506
5.2 dBi Omni
Regulatory
Domain
CCK
Americas (-A)
EMEA (-E)
Japan (-J)
AIR-ANT3549
9 dBi Patch
AIR-ANT2410Y-R 10
dBi Yagi
13 dBi Integral
Patch Antenna
Array
OFDM
CCK
OFDM
CCK
OFDM
CCK
OFDM
100
30
100
30
100
30
100
30
20
10
10
10
10
10
10
10
10
10
10
10
CWLF v1.0m3-12
Cisco Aironet 1300 Series Outdoor AP/BridgePower Levels vs. Antenna Gains (Cont.)
AIR-BR1310-x-K9-R
Maximum Conducted Power (mW)
AIR-ANT24120
12 dBi Omni
Regulatory
Domain
Americas (-A)
EMEA (-E)
Japan (-J)
AIR-ANT1949
13.5 dBi Yagi
AIR-ANT24G14VSA
14 dBi Sector
AIR-ANT3338
21 dBi Dish
CCK
OFDM
CCK
OFDM
CCK
OFDM
CCK
OFDM
100
30
100
30
50
20
20
10
1*
NA
10
10
10
10
10
10
10
10
CWLF v1.0m3-13
Wireless Bridges
3-15
Note
3-16
To meet regulatory restrictions, the external antenna bridge unit and the external antenna
must be professionally installed. The network administration or other IT professional
responsible for installing and configuring the unit is a suitable professional installer.
Following installation, access to the unit should be password protected by the network
administrator to maintain regulatory compliance.
100 mW=20 dBm, 50 mW=17 dBm, 30 mW=15 dBm, 20 mW=13 dBm, 10 mW=10 dBm
Antenna gain<= 13.5 dBi Complementary Code Keying (CCK) Power is 100 mW, and
OFDM power is 30 mW
For antenna gain > 14 dBi CCK power is 50 mW for 14 dBi and OFDM power is 20 mW
Japan has only one power settings. 10 mW for external and integrated antennas, and it does
not include channel 14
CCK
OFDM
Americas (-A)
(4 W EIRP maximum)
5.2 (Omni)
100
30
9 (Patch)
100
30
10 (Yagi)
100
30
11 (Omni)
12 (Omni)
100
30
13 (Integrated patch)
100
30
13.5 (Yagi)
100
30
14 (Sector)
50
20
21 (Dish)
20
10
5.2 (Omni)
20
10
9 (Patch)
10
10 (Yagi)
10
11 (Omni)
12 (Omni)
13 (Integrated patch)
13.5 (Yagi)
14 (Sector)
21 (Dish)
5.2 (Omni)
10
10
9 (Patch)
10
10
10 (Yagi)
10
10
11 (Omni)
10
10
12 (Omni)
10
10
13 (Integrated patch)
10
10
13.5 (Yagi)
10
10
EMEA (-E)
(100 mW EIRP maximum)
Japan (-J)
(10 mW/MHz EIRP maximum)
Wireless Bridges
3-17
3-18
14 (Sector)
10
10
21 (Dish)
10
10
Easy to install
Antenna alignment LEDs and RSSI
port on housing
Quick-hang mounting bracket
2006 Cisco Systems, Inc. All rights reserved.
CWLF v1.0m3-14
This bridge is designed for building-to-building wireless connectivity. Operating in the 5.8GHz UNII-3 band (5.725-5.825 MHz), derived from the IEEE 802.11a standard, the bridge
delivers 6- to 54-Mbps data rates without the need for a license. Therefore, anyone can deploy
FCC-certified bridges anywhere in the United States without applying for or paying for special
licenses (some restrictions can apply over special areas such as airports and military bases).
Networks can be quickly deployed and moved without any licensing or government reporting.
For example, an airport application can place cameras or other data links near critical operation
areas. By placing a single bridge on top of a tall structure (such as a control tower) and another
on a power or light truck pointing toward the control tower, a fully secure link is established.
You can then be mobile about the grounds on the truck without trenching cables or applying for
licenses.
Install Mode: This mode drives LEDs and a Received Signal Strength Indicator (RSSI) port
with a voltage output proportional to received signal strength for use in the installation and
alignment process. This feature frees installers to perform the installation and verify the link
quality without requiring Cisco IOS software or data networking knowledge.
The Cisco Aironet 1400 Series multifunction mount allows the captured antenna Cisco Aironet
1400 Series to provide either horizontal or vertical polarization. With its quick-hang feature, the
mount supports the weight of the bridge during the alignment process. To assist the installation,
hoisting rings are attached to the mount. The mount interfaces to poles or masts from 1.5 to 2.5
inches while allowing for elevation and azimuth alignment. For the connected version, the
mount provides a wall-mount mechanism. The captured antenna Cisco Aironet 1400 Series can
be mounted to a wall, roof, or other flat surface with the addition of the optional Cisco Aironet
1400 roof and wall mount kit.
Copyright 2006, Cisco Systems, Inc.
Wireless Bridges
3-19
CWLF v1.0m3-15
The Cisco Aironet 1400 Series Wireless Bridge utilizes Cisco IOS software to provide a
familiar user interface with common functionality, scalability, and security. Additionally,
advanced features such as QoS are included, enabling packet prioritization for voice, video, and
data. Trunking up to 24 VoIP circuits and data over point-to-point links is also possible.
Bandwidth can be increased (up to 100-Mbps of combined bandwidth) between bridged
networks through the aggregation of multiple bridges at each site through Fast Ether Channel
(FEC), or Port Aggregation Protocol (PAg-P), or through routing protocols.
3-20
CWLF v1.0m3-16
For a multipurpose network, VLANs can be configured by allowing different non-root bridges
operating on the same root bridge to trunk different VLANS.
RG-6 coaxial 75-ohm cable can be run up to 300 feet. This allows tall buildings and tower
configurations to be accomplished easily.
The concatenation of smaller packets into larger ones allows the Cisco Aironet 1400 and 1300
Series to more efficiently utilize the wireless medium and provide higher overall data
throughputs.
Fast secure roaming allows authenticated non-root bridges and access points configured as
workgroup bridges to roam securely from one root bridge to another without any perceptible
delay during reassociation. The 1300 Series Bridge can be mobile and take advantage of this
unique feature. The 1300 bridge was designed for vehicle, train and maritime transportation
specifications.
World mode enables the bridge to inform an IEEE 802.11d client device which radio setting the
device should use to conform to local regulations.
With a programmable clear channel assessment, the Cisco Aironet 1400 Series can be
configured to the particular background interference level found in your environment for
reduced contention overhead with other wireless systems.
Wireless Bridges
3-21
Outdoor NEMA-4
weatherproof enclosure
With integrated
22.5-dBi antenna
Remote antennas:
9-dBi omnidirectional (vertical
polarization)
9.5-dBi sector (horizontal and
vertical polarization)
CWLF v1.0m3-17
Operating in the unlicensed 5.8 GHz band, the Cisco Aironet 1400 Series Wireless Bridge sets
a new standard for performance, combining powerful 250 mW radios, industry-leading receive
sensitivity, installation tools to assist in bridge placement, delay spread capabilities, and a
choice of integrated or connectorized high-gain antennas, Cisco provides a complete solution
for a wide variety of fixed wireless applications.
Data rates of 54-Mbps can be enabled for point-to-point links up to 7.5 miles, and for point-tomultipoint links up to 2 miles. Aggregate throughput can be obtained in excess of 28-Mbps.
Also, by using higher gain antennas or lower data rates, ranges in excess of 20 miles point-topoint can be covered.
Rapid deployment and redeployment can be achieved with no reliance upon
telecommunications providers nor a lengthy license or trenching process. The Cisco Aironet
1400 Series Wireless Bridge allows placement in an outdoor environment without the use of an
expensive additional National Electrical Manufacturers Association (NEMA) enclosure.
Further flexibility is achieved by enabling point-to-point or point-to-multipoint networks with a
single product line. The mounting bracket has been designed to allow installation on poles,
walls, and roofs, while also providing a mechanism for choosing the desired polarization.
The Cisco Aironet 1400 Series Wireless Bridge offers an outdoor wireless bridging solution in
two product SKUs. The captured antenna version features an integrated radio and high-gain
integrated antenna for user installations of point-to-point links and the non-root nodes of pointto-multipoint networks.
The connectorized version provides professional installers with an N-type connector that allows
the deployment of the root nodes of point-to-multipoint networks with omnidirectional or
sector antennas, or of high-gain dish antennas for longer links. The external antenna options
are:
3-22
9.5-dBi sector antenna with support for vertical or horizontal linear polarization
28.0-dBi dish antenna with support for vertical or horizontal linear polarization
Integrated antenna SKU is not field changeable to the SKU with an option of remote
antenna
Wireless Bridges
3-23
Antenna
Speed
Range
Point-to-Point
Integrated 22.5dBi
54 Mbps
7.5 Miles
Point-to-Point
28-dBi Dish
54 Mbps
12 Miles
Point-to-Point
28-dBi Dish
9 Mbps
23 Miles
Multipoint
9-dBi Omni
54 Mbps
2 Miles
Multipoint
9-dBi Omni
9 Mbps
8 Miles
CWLF v1.0m3-18
With Cisco Aironet bridge antennas, and the right mounting hardware, the customer can
customize wireless solutions that meet the requirements of the most challenging applications.
Possible solutions include the following:
3-24
Mode
Antenna
Speed
Range
Point-to-point
Integrated 22.5-dBi
54 Mbps
7.5 miles
Point-to-point
54 Mbps
12 miles
Point-to-point
28-dBi dish
9 Mbps
23 miles
Multipoint
9-dBi omnidirectional
54 Mbps
2 miles
Multipoint
9-dBi omnidirectional
9 Mbps
8 miles
CWLF v1.0m3-19
The Cisco Systems 1400 Series Wireless Bridge is designed to be installed outdoors, typically
on a tower or a tall building. Typical bridge installations are shown in this illustration.
The installation on the left shows the bridge SKU with integrated antenna. Two RG-6 coaxial
cables run from the bridge to the inside of the building through the grounding block. Because
power injectors and power supplies are not water proof these items must be mounted indoors or
in a water proof NEMA enclosure. The RG-6 75-Ohm cable can be run as long as 300 feet from
the power injector to outdoor unit mounted at the antenna location.
The middle and picture depict the installation of the bridge SKU with remote antennas. In the
middle picture, the bridge has been installed indoors, and the distance between the bridge and
the antenna has been extended using LMR-400 and LMR-600 cables.
Cisco Aironet 1300 and 1400 Series Bridges are NEMA 4 rated and may be mounted at the
antenna mast to reduce loss in the antenna cable used.
Wireless Bridges
3-25
Lesson Self-Check
Use the questions here to review what you learned in this lesson. The correct answers and
solutions are found in the Lesson Self-Check Answer Key.
Q1)
What is the maximum transmit power level for the 1300 Series Bridge? (Choose one.)
(Source: 1300 Series Wireless Bridge)
A)
B)
C)
D)
Q2)
How many antenna options are available for the 1300 Series Bridge? (Source: 1300
Series Outdoor Channels and Power Levels)
A)
B)
C)
D)
Q3)
30 mW
50 mW
100 mW
75 mW
10
9
8
7
What is the maximum transmit power supported by the 1400 Series Bridge? (Source:
1400 Series Outdoor Channels and Power)
____________________________________________________________________
Q4)
Q5)
How many antenna options are available for the 1400 Series Bridge? (Source: 1400
Series Outdoor Channels and Power Levels)
A)
B)
C)
D)
Q6)
Root bridges connect to other root bridges. (Source: Wireless Bridges and Bridge
Alternatives)
A)
B)
3-26
6
5
4
3
True
False
100 mW
Q2)
Q3)
250 mW
Q4)
17
Q5)
Q6)
False
Wireless Bridges
3-27
Summary
This topic summarizes the key points discussed in this lesson.
Summary
Cisco Aironet bridges offer many advantages over T1 lines,
cabling, and microwave connections.
We discussed the 1300 bridge features.
We addressed the 1300 outdoor channels and power levels.
We discussed the 1400 bridge features.
We addressed the 1400 outdoor channels and power levels.
We discussed BR1410 and 1310 deployment scenarios.
3-28
CWLF v1.0m3-21
Lesson 2
Objectives
Upon completing this lesson, you will be able to list the features and functions of the supported
roles. This ability includes being able to meet these objectives:
Compare the functions of a bridge and an access point when operating in a root mode
Access Point
Root Bridge
w/clients or
w/out clients
Workgroup
Bridge
Repeater
Non-Root
Bridge w/clients
or w/out clients
Scanning
Access Point
1300 Root
Bridge
w/clients or
w/out clients
1300
Workgroup
Bridge
1400 Root
Bridge
1300
Scanning
Access Point
CWLF v1.0m3-2
Root access point: Ethernet port enabled will pass traffic between wired LAN and wireless
clients.
Note
3-30
Root bridge with clients: Ethernet port enabled, and always associates clients.
Root bridge without clients: Ethernet port enabled, and associates non-root bridges or
workgroup bridges only.
Non-root bridge without clients: Ethernet port enabled and communicates to root bridge.
Non-root bridge with clients: Ethernet port enabled and associates clients if associated to
a root bridge.
CWLF v1.0m3-3
Access Point Root (Fallback to Radio Island): This default setting enables wireless clients to
continue to associate even when there is no connection to the wired LAN.
Access Point Root (Fallback to Radio Shutdown): When the wired connection is lost, the
radio shuts down. This fallback forces the clients to associate to another access point if one is
available.
Access Point Root (Fallback to Repeater): When the wired connection is lost, the radio
becomes a repeater. The repeater parent should be configured to allow data to be wirelessly
transferred to another access point.
Wireless Bridges
3-31
Root
Bridge
Non-root bridge
Workgroup bridge
Workgroup
Bridge
Repeater
Access Point
Non-Root
Bridge
Wireless
Clients
PCI Card
PC Card
CWLF v1.0m3-4
This setting is normally used for the main bridgein other words, the bridge that is connected
to the main network. This bridge provides connectivity to the main LAN for other wireless
clients or wired clients that are being connected wirelessly. In this mode, the bridge supports
the following client types by default:
Non-root bridges
Only one bridge in a WLAN can be set as the root bridge. This is the default setting for Cisco
Aironet bridges.
3-32
Parent-Child Relationship
(Root Bridge vs. Non-Root Bridge)
Root bridge (parent):
Accepts associations
and communicates
with non-root bridge
(child) devices
Will not communicate
with other root bridge
devices
Communicates with
multiple non-root
bridges
Root
Bridge
Non-Root
Bridges
Root
Bridge
Non-Root
Bridges
Non-Root
Bridges
Root
Bridge
CWLF v1.0m3-5
In order for two or more Cisco wireless bridges to communicate, you must configure one
bridge to root bridge mode and the rest of the bridges to non-root mode. The function of a nonroot bridge is to actively seek out a radio connection to the root bridge. This must occur before
data can be transferred or bridged across a link.
Wireless Bridges
3-33
Parent-Child Relationship
(Root Bridge vs. Non-Root Bridge) (Cont.)
Non-root (child):
Can associate and
communicate with root
devices or clients
Non-Root
Bridges
Root
Bridge
Non-Root
Bridges
Non-Root
Bridges
Non-Root
Bridge
2006 Cisco Systems, Inc. All rights reserved.
Non-Root
Bridge
Root
Bridge
CWLF v1.0m3-6
A single parent bridge can support numerous child bridges. The number of child bridges that
should be attached to a parent bridge is determined by usage and throughput needs.
There is only one exception. A non-rot bridge communicates with another non-root bride as
long as one of the non-root bridges has a root bridge in its uplink.
3-34
Root
bridge
Non-root
bridge
Non-root
bridge
CWLF v1.0m3-7
This setting is normally used for a bridge that is used to connect a remote wired LAN and will
only communicate with another root bridge. In this mode the bridge will refuse associations
from wireless clients. Cisco Aironet 1400 Series Bridges do not communicate with clients,
only other bridges operating in the 5-GHz UNII-3 band.
Wireless Bridges
3-35
Root
bridge
Workgroup bridges
Non-root
bridge
Workgroup
bridge
CWLF v1.0m3-8
This role in the radio network is a new feature with the release of Cisco IOS software release
12.3(7)JA1.
This allows you to lock down what devices are allowed to connect to the root bridge. This
setting would normally be the setting used when interconnecting LANs and using the bridge
link as backbone only. This radio role is only supported on Aironet 1200, 1240AG, and 1300
Series Access Point and bridge products.
3-36
Access Point in
Non-Root Mode
Bridge in Root
Mode
Bridge in Non-Root
Mode
2006 Cisco Systems, Inc. All rights reserved.
CWLF v1.0m3-9
Whether configured as a root or non-root device, a bridge can always communicate with other
bridges via the radio frequency (RF) and with the wired network via the Ethernet port. Even
when configured to operate in access point mode, the bridge can still pass network traffic via
both the RF and Ethernet ports. This is one of the main differences between a Cisco Aironet
bridge and an access point.
Cisco Aironet access points and bridges use the same radio. The Cisco Aironet bridge has the
same receiver sensitivity, power levels, and capabilities as the Cisco Aironet access point. This
means that while operating in access point mode, the Cisco Aironet bridge can be configured as
a fully IEEE 802.11-compliant access point that supports Cisco Aironet wireless clients.
Wireless Bridges
3-37
Associates to:
Root
AP
NR BR
Repeater
Wireless Wired
with
AP
Clients Clients
Clients
Root
BR
Root AP
Repeater
AP
Root BR
NR BR
without
Clients
NR BR
with
Clients
Work
Group
Bridge
9
9
NR
BRs
STP
WGBs
Disabled
Disabled
Settable
Settable
Settable
Disabled
CWLF v1.0m3-10
The following is a role comparison between the access point, and workgroup bridge.
Associates to:
Role
Root
Root
Repeater
NR BR
Wireless
Wired
NR
AP
BR
AP
with
Clients
Clients
Bridges
WGBs
STP
Clients
Root AP
Repeater
AP
Root BR
Disabled
Disabled
Settable
NR BR
without
Clients
NR BR
with
Clients
Work
Group
Bridge
3-38
Settable
Settable
Disabled
CWLF v1.0m3-11
Root access point: Attached to Ethernet infrastructure, form root of the tree.
Non-root repeater: Ethernet off, connects as close to root as possible and repeats to other
repeaters and to associated clients.
All the access points in any tree must be on the same channel.
0nly one repeater interface per access point is supported, even if the access point has two
radios.
Wireless Bridges
3-39
Root 1
Repeater 1A
5 GHz Backhaul
Et
he
rn
et
Repeater 2A
Root 2
Repeater 1B
Repeater 2B
Root 3
Repeater 1C
CWLF v1.0m3-12
Access point link role flexibility allows an access point to operate in a combination of radio
roles, such as access point root, access point repeater, bridge root (with or without clients),
bridge non-root (with or without clients), and workgroup bridge. This feature provides a more
flexible deployment scheme for the Cisco Aironet 1200 Series Access Point supporting various
applications requirement.
Note
Multiple repeaters can cause a reduction in throughput because of the high number of
repeaters and active clients in the network. Careful planning and radio fine-tuning is
essential to avoid throughput problems.
3-40
In dual-radio access points, only one radio can be a repeater; the other radio must be
configured as a root radio.
Repeater access points only support the native virtual LAN (VLAN).
The data rates configured on the repeater access point should match the data rates on the
parent access point.
You can employ a chain of repeater access points (repeaters communicating with another
repeater) but throughput is reduced.
Repeater access points do not support Wireless Domain Services (WDS). You cannot
configure a repeater access point as a WDS access point, and if a root access point becomes
a repeater in fallback mode, it cannot provide WDS.
When configuring repeaters, Aironet extensions should be enabled on both the parent (root)
access point and the repeater access points.
5 GHz
Uplink
2.4 GHz
Local Link
Ethernet to
Network
5 GHz
Uplink
WGB
5 GHz
Uplink
2.4 GHz
Local Link
NEMA BOX
Ethernet to
Network
2.4 GHz
Local Link
2.4 GHz
Local Link
CWLF v1.0m3-13
Full duplex repeaters can be created by having multiple radios collectively at one place in an
enclosure (such as National Electrical Manufacturers Association [NEMA] enclosure).
Assuming that the node will also be used for end user access, three radios in total are needed.
One radio (2.4 GHz) can be used for end user access. The other two radios (5 GHz) can be
used for the backhaul connectivity with one radio for the uplink and second radio for the next
hop, so one radio for each direction.
Half duplex repeaters are the ones which transmit and receive at one frequency. Transmit and
receive do not occur simultaneously.
Full duplex repeaters are the ones which transmit and receive at two different frequencies and
transmit and receive can occur simultaneously.
Wireless Bridges
3-41
CWLF v1.0m3-14
Highlights of the radio roles with the IOS software release 12.3(7)JA1 include:
If one radio is configured as workgroup bridge or repeater, the second radio is usable.
Only one radio per box can be configured into workgroup bridge or repeater.
Cisco Aironet 1240AG, 1230AG and 1200 Series access points are interoperable with the
Cisco Aironet 1300 Series when operating in bridge mode.
Bridge features not supported on Cisco Aironet 1200 and 1240AG Series access points:
Packet concatenation
Note
3-42
Distance settings are available on the Cisco Aironet 1200 and 1240AG Series access points
if configured in a root bridge radio role.
Backbone
Backbone
Root AP
(with clients)
Dual radio AP
Radio1
Radio2
Repeater AP
role
Root AP
role
Root AP
role
Root AP
role
Radio1
Radio2
Dual radio AP
CWLF v1.0m3-15
Wireless Bridges
3-43
Backbone
Root bridge
(with or without
clients)
5 GHz
36
2.4 GHz
44
6
Root AP
role
Non-root Bridge
role
(with or without
Clients)
Radio1
5 GHz
WGB
Role
Radio2
Dual radio AP
CWLF v1.0m3-16
3-44
WGB role
Root AP
role
Radio1
Radio2
Dual radio AP
CWLF v1.0m3-17
Wireless Bridges
3-45
CWLF v1.0m3-18
Role in Radio Network: Select the role in the radio network for each device. Depending on
which device you are using, the roles can vary.
Root Bridge: Only Cisco Aironet 1400 series non-root bridges can associate with Aironet 1400
series root bridges.
Non-Root Bridge: Only Cisco Aironet 1400 series root bridges can associate with Aironet
1400 series non-root bridges.
Install Automatic: This allows the bridge to try to find a non-root or root bridge to connect to.
Install Root Bridge and Install Non-Root Bridge: In installation mode, the bridge polls the
radio for the received signal strength indication (RSSI) value and updates the LEDs and the
RSSI voltage port.
3-46
CWLF v1.0m3-19
Role in Radio Network: Select the role in the radio network for each device. Depending on
which device you are using, the roles can vary. You can also configure a fallback role for root
access points. The wireless device automatically assumes the fallback role when its Ethernet
port is disabled or disconnected from the wired LAN. Choose one of the three access point
(root) settings if the access point is connected to the wired LAN.
Access Point (AP1100, 1130, 1200, 1240, 1310): This default setting enables wireless clients
to continue to associate even when there is no connection to the wired LAN.
Access Point (Fallback to Radio Shutdown): When the wired connection is lost, the radio
shuts down. This fallback forces the clients to associate to another access point if one is
available.
Access Point (Fallback to Repeater): When the wired connection is lost, the radio becomes a
repeater. The repeater parent should be configured to allow data to be wirelessly transferred to
another access point.
Repeater (AP1100, 1130, 1200, 1240, 1310): Choose this setting if the access point is not
connected to the wired LAN. Client data is transferred to the access point selected as the
repeater parent. The repeater parent may be configured as an access point or another repeater.
Root Bridge with Wireless Client (AP1200, 1240, 1310): Specifies that the root bridge mode
accepts associations from client devices. A root bridge can be an access point or a bridge.
Wireless clients, non-root bridges, repeaters, and workgroup bridges can associate with a root
bridge.
Non-Root Bridge with Wireless Clients (AP1200, 1240, 1310): Specifies that the non-root
bridge mode accepts associations from client devices. Wireless bridges can associate only with
non-root bridges.
Root Bridge without Wireless Clients (AP1200, 1240, 1310, BR1410): Only non-root
bridges can associate with root bridges.
Copyright 2006, Cisco Systems, Inc.
Wireless Bridges
3-47
Non-Root Bridge without Wireless Clients (AP1200, 1240, 1310, BR1410): Specifies that
the access point operates as a non-root bridge and must associate to a root bridge. No wireless
clients can associate with non-root bridges.
Workgroup Bridge (AP1100, 1130, 1200, 1240, 1310): In workgroup bridge mode, the unit
associates to another access point as a client and provide a network connection to the devices
connected to its Ethernet port. The workgroup bridge associates to an access point on your
network. When you configure one radio interface as a workgroup bridge, the other radio
interface is automatically disabled.
Scanner (AP1100, 1130, 1200, 1240, 1310): This option is supported only when used with a
WLSE device on your network. It specifies that the access point operates as a radio scanner
only and does not accept associations from client devices. As a scanner, the access point
collects radio data and sends it to the WDS access point on your network.
3-48
CWLF v1.0m3-20
Role in Radio Network: Select the role in the radio network for each device. Depending on
which device you are using, the roles can vary. You can also configure a fallback role for root
access points. The wireless device automatically assumes the fallback role when its Ethernet
port is disabled or disconnected from the wired LAN. Choose one of the three access point
(root) settings if the access point is connected to the wired LAN.
Access Point (AP1100, 1130, 1200, 1240, 1310): This default setting enables wireless clients
to continue to associate even when there is no connection to the wired LAN.
Access Point (Fallback to Radio Shutdown): When the wired connection is lost, the radio
shuts down. This fallback forces the clients to associate to another access point if one is
available.
Access Point (Fallback to Repeater): When the wired connection is lost, the radio becomes a
repeater. The repeater parent should be configured to allow data to be wirelessly transferred to
another access point.
Repeater (AP1100, 1130, 1200, 1240, 1310): Choose this setting if the access point is not
connected to the wired LAN. Client data is transferred to the access point selected as the
repeater parent. The repeater parent may be configured as an access point or another repeater.
Root Bridge with Wireless Client (AP1200, 1240, 1310): Specifies that the root bridge mode
accepts associations from client devices. A root bridge can be an access point or a bridge.
Wireless clients, non-root bridges, repeaters, and workgroup bridges can associate with a root
bridge.
Non-Root Bridge with Wireless Clients (AP1200, 1240, 1310): Specifies that the non-root
bridge mode accepts associations from client devices. Wireless bridges can associate only with
non-root bridges.
Root Bridge without Wireless Clients (AP1200, 1240, 1310, BR1410): Only non-root
bridges can associate with root bridges.
Copyright 2006, Cisco Systems, Inc.
Wireless Bridges
3-49
Non-Root Bridge without Wireless Clients (AP1200, 1240, 1310, BR1410): Specifies that
the access point operates as a non-root bridge and must associate to a root bridge. No wireless
clients can associate with non-root bridges.
Workgroup Bridge (AP1100, 1130, 1200, 1240, 1310): In workgroup bridge mode, the unit
associates to another access point as a client and provide a network connection to the devices
connected to its Ethernet port. The workgroup bridge associates to an access point on your
network. When you configure one radio interface as a workgroup bridge, the other radio
interface is automatically disabled.
Scanner (AP1100, 1130, 1200, 1240, 1310): This option is supported only when used with a
WLSE device on your network. It specifies that the access point operates as a radio scanner
only and does not accept associations from client devices. As a scanner, the access point
collects radio data and sends it to the WDS access point on your network.
3-50
Lesson Self-Check
Use the questions here to review what you learned in this lesson. The correct answers and
solutions are found in the Lesson Self-Check Answer Key.
Q1)
If the access point is set to Fallback Repeater which of the following is true? (Choose
one.) (Source: Role in Radio Network)
A)
B)
C)
D)
Q2)
What are the two differences between repeaters and non-root bridges is that? (Choose
two.) (Source: Comparing Access Points to Bridges )
A)
B)
C)
D)
Q3)
Multiple Repeats can cause a reduction of what? (Source: Link Role Flexibility)
Q4)
Q5)
Which two radio roles were added to 1200 and 1240AG series access points with IOS
software release 12.3(7)JA1. (Choose two.) (Source: Cisco IOS software release
12.3(7)JA1 Enhancements
A)
B)
C)
D)
Q6)
If one radio is configured as a repeater or a workgroup bridge the other radio is usable.
(Source: Radio Roles in Autonomous Dual Band Access Points)
A)
B)
Q7)
True
False
There are 5 different radio role choices for a 1400 Series Bridge. (Source: Radio Roles
for 1400 Series Bridges)
A)
B)
Q8)
True
False
There are 11 different radio role choices for the 1300 Series Bridge. (Source: Radio
Roles for the 1300 Series Bridge)
A)
B)
True
False
Wireless Bridges
3-51
Q9)
There are 10 different radio role choices for the 1200 Series Bridge. (Source: Radio
Roles for Dual Band 1200 and 1240AG Access Points)
A)
B)
3-52
True
False
Q2)
F, H
Q3)
Throughput
Q4)
Q5)
A, D
Q6)
A True
Q7)
False
Q8)
True
Q9)
True
Wireless Bridges
3-53
Summary
This topic summarizes the key points discussed in this lesson.
Summary
We discussed radio roles available for Cisco Aironet 1200,
1240 Series Access Points as well as radio roles available for
Aironet 1300 and 1400 Series Bridges.
We discussed the different radio roles and how the radio role
in the network effects the access point or bridge capabilities.
Access point link role flexibility allows an access point to
operate in a combination of radio roles.
Full duplex repeaters are the ones which transmit and
receive at two different frequencies, while half duplex
repeaters transmit and receive at one frequency.
Cisco IOS Software Release 12.3(7)JA provides several
features for Cisco Aironet access points and bridges which
include Access Point Link Role Flexibility, QoS, QBSS
support, and AAA cache.
2006 Cisco Systems, Inc. All rights reserved.
CWLF v1.0m3-23
We discussed radio roles available for Cisco Aironet 1200, 1240 Series Access Points as well
as radio roles available for Aironet 1300 and 1400 Series Bridges. We discussed the different
radio roles and how the radio role in the network effects the access point or bridge capabilities.
Access point link role flexibility allows an access point to operate in a combination of radio
roles, such as access point root, access point repeater, bridge root (with or without clients),
bridge non-root (with or without clients), and workgroup bridge. Full duplex repeaters are the
ones which transmit and receive at two different frequencies and transmit and receive can occur
simultaneously. Half duplex repeaters are the ones which transmit and receive at one frequency.
Transmit and receive do not occur simultaneously. Cisco IOS software release 12.3(7)JA
provides several features for Cisco Aironet 1400 Series outdoor wireless bridges, Cisco Aironet
1300 Series outdoor access points/bridges, and Cisco Aironet 1240AG, 1230AG, 1200,
1130AG, and 1100 series access points. Feature enhancements include support for Cisco
Aironet 1240AG Series access points; Access Point Link Role Flexibility; QoS, QBSS support;
and AAA cache.
3-54
Lesson 3
Objectives
Upon completing this lesson, you will be able to determine the feasibility of these locations and
make recommendations for changes where needed. This ability includes being able to meet
these objectives:
Describe various conditions to be considered when you are determining the path between
two antennas
Describe potential issues with antennas with or without downtilt and omnidirectional
antennas
Installation Considerations
This topic describes how data rate relates to range for wireless bridges.
1
Mbps
2
Mbps
5.5
Mbps
11
Mbps
14.3
12.5
11.4
9.5
21.7
18.9
17.2
14.3
10.0
8.2
6.5
4.1
13.7
11.9
10.9
9.0
14.3
12.5
11.4
9.5
6
Mbps
9
Mbps
12
Mbps
18
Mbps
24
Mbps
36
Mbps
48
Mbps
54
Mbps
9.5
9.0
6.4
5.1
3.6
2.3
1.4
1.3
15.7
15.0
13.1
11.9
10.4
8.1
5.1
4.5
4.1
3.7
2.6
2.1
1.5
0.9
0.6
0.5
9.0
8.1
5.1
4.5
3.2
2.0
1.3
1.1
10.4
9.9
8.1
6.4
4.5
2.9
1.8
1.6
CWLF v1.0m3-2
The Cisco Aironet 1310 G Bridge Series operates in the 2.4-GHz frequency range with
improved throughput using Orthogonal Frequency Division Multiplexing (OFDM) and
Complementary Code Keying (CCK) modulation. The bridge also offers the capability to use
integrated or non-captive antenna options.
Maximum operating range for IEEE 802.11g data rates are as follows:
3-56
Point-to-point using the 13-dBi integrated antenna at 54-Mbps can achieve ranges up to 1.3
miles (2 km)
Point-to-point using the 13-dBi integrated antenna at 11-Mbps can achieve ranges up to 9.5
miles (15 km)
Point-to-point using the 13-dBi integrated antenna at 1-Mbps can achieve ranges up to 14.3
miles (23 km)
Point-to-multipoint using a 21-dBi dish and a 12-dBi omni at 54-Mbps can achieve ranges
up to 1.6 miles (2.6 km)
Point-to-multipoint using a 21-dBi dish and a 12-dBi omni at 12-Mbps can achieve ranges
up to 8.1 miles (13 km)
Point-to-multipoint using a 21-dBi dish and a 12-dBi omni at 1-Mbps can achieve ranges
up to 14.3 miles (23 km)
6 Mbps
9 Mbps
12 Mbps
18 Mbps
24 Mbps
36 Mbps
48 Mbps
54 Mbps
15.5
15.3
14.1
13.2
11.8
10.0
8.3
7.8
23.4
23.1
21.4
20.0
17.8
15.1
12.6
11.8
8.3
8.2
7.6
7.1
5.7
3.8
2.4
2.0
8.5
8.4
7.8
7.2
6.1
4.1
2.6
2.2
9.8
9.6
8.9
8.3
7.4
5.7
3.6
3.0
10.2
10.1
9.3
8.7
7.8
6.4
4.1
3.4
CWLF v1.0m3-3
The 5.8-GHz radio in the Cisco Aironet 1400 Series offers superior radio performance,
resulting in industry-leading range. A greater range results in a higher supported data rate. It
also results in a more reliable link at a given data rate.
The maximum operating range for IEEE 802.11a data rates are as follows:
Point-to-point range of 7.5 miles (13 km) at 54-Mbps, 16 miles (26 km) at 9-Mbps, 12
miles (19 km) at 54-Mbps, and 23 miles (37 km) at 9-Mbps (antennas are 28-dBi dish)
Point-to-multipoint range (sector antenna at root) of 2 miles (3 km) at 54-Mbps, 8 miles (13
km) at 9-Mbps, 4 miles (7 km) at 54-Mbps, and 11 miles (18 km) at 9-Mbps (non-root
antenna is 28-dBi dish)
Wireless Bridges
3-57
PCI Card
25 miles at 2 Mbps
40 km at 2 Mbps
PCI Card
CWLF v1.0m3-4
Customers may want to save money and use the workgroup bridge and access point in place of
a bridge. If the distance is less than 1 mile and the remote end (the workgroup bridge) has fewer
than eight end devices, this can be done. However, if the distance is greater than 1 mile, it is
recommended that a bridge be used instead of the access point. Using an access point at more
than 1 mile will not provide reliable communications because of the timing constraints that the
802.11 standard puts on the return times for packet acknowledgements. Remember, IEEE
802.11 defines a LAN, which is typically a wireless range of up to 1000 feet.
The bridge product has a parameter that stretches this timing (which violates 802.11) and
allows the Cisco Aironet devices to operate at greater distances. (All bridges that support
distances over 1 mile violate 802.11.)
It also means that 802.11 radios from other vendors may not work with the Cisco Aironet
bridge at distances greater than 1 mile.
3-58
CWLF v1.0m3-5
Failure to set this setting to the correct distance of the radio link could lead to the inability to
pass IP traffic.
Wireless Bridges
3-59
22 miles/34.5 km?
2006 Cisco Systems, Inc. All rights reserved.
CWLF v1.0m3-6
Antenna gain
Transmitter power
Receiver performance
Cable losses
Environmental structures
Path loss determines how far a signal will travel and still provide reliable communications.
Calculations are made in decibels and can be derived from the theoretical model.
Margin determines how much path interference can be inserted before the signal will no longer
maintain reliable communications. A 10-dB fade margin is required for dependable
communications in all weather conditions.
3-60
Towers needed to
clear trees and
other buildings
Coaxial Length
150 ft (45.7 m)?
Wants 11-Mbps data rate
Distance = 13 miles (20.9 km)
CWLF v1.0m3-7
Suppose the customer is attempting to install the system as shown in the figure. Will the system
work and meet their needs? Using path loss calculations, antenna gains, and cable lengths, the
distances can be theoretically checked. Changes to the design can be made before attempting to
install based upon these calculations. Some level of comfort can be obtained for a system when
using these calculations.
The Antenna Calculation Utility is used to find out if this situation is feasible. In the next
module the Antenna Calculation Utility will be discussed, as well as how to use it to determine
maximum distances possible while using various cables and antennas at different speeds. Make
changes to the design before attempting installation, based upon these calculations. You can
reach some level of comfort about the system by using these calculations.
Taking what is shown in the figure and using the path loss calculations we come up with the
following:
The maximum distance achieved using LMR 600 low loss cable and two 20-dBm radios with
two 21-dBi parabolic dishes are 12.5 miles (20 km) at 11-Mbps. This also takes into
consideration that the antennas need to be 77 feet (23.5 meters) above all obstructions.
We could due a number of things to fix this such as use a lower loss cable. Or we could mount
the radio in a National Electrical Manufacturers Association (NEMA) enclosure closer to the
antenna to reduce loss. If we shorten the cable by 50 feet (15 meters) on one side we can now
span 16 miles (26 km) versus 12.5 (20 km) miles with the current configuration.
Wireless Bridges
3-61
CWLF v1.0m3-8
As radio waves travel through the cable they encounter resistance (loss) known as attenuation.
Much like pouring water through a garden hose (if you started off with a full glass of water)
you would not get the entire glass of water out of the end of the garden hose as some of the
water gets lost. Radio waves also encounter resistance traveling through the antenna cable, how
much resistance or loss (attenuation) depends on several factors.
How well the cable is shielded, how much surface area is available for the signal to travel on,
how well the braided material is shielded, is there a foil and braided material? Always check
the specifications of the cable used and do not forget to add the loss of the cable to your
calculations when determining distance. The antenna calculation utility will allow you to add
the loss of the cable.
LMR-400 series (by Times Microwave) is one half inch cable (the same physical size as RG-8).
RG-8 or Radio Grade 8 type cable is not recommended at frequencies of 2.4-GHz and smaller
cable diameters such as RG-58 (similar to LMR-200) should not be used for distances greater
then 36 inches (3 feet) as there is considerable loss in these types of cables. Cisco currently
offers LMR-400 series cable for antenna lengths up to 100 feet and LMR-600 for 150 feet
lengths.
3-62
CWLF v1.0m3-9
Rain, fog, and snow have little effect on path loss. The effect that they do have can be offset by
having a path margin of at least 10-dB, as provided by the Cisco Antenna Calculation Utility.
Line-of-sight is required between sites for long distances.
Because trees are mostly water, they can have a major effect on loss. Microwave ovens use the
2.4-GHz band because of how well water absorbs this particular frequency. As a result, the
radio frequency (RF) signal in the 2.4-GHz band will not get through trees because their high
water content means the trees will absorb the signal. The same concept applies to the 5-GHz
band.
Other considerations:
Long distance signals will not travel through most building structures.
Wireless Bridges
3-63
CWLF v1.0m3-10
Step 2
Select the proper regulatory domain based upon your approvals for installation
locations. (See the Power Regulatory Domain Worksheet of the utility.)
Step 3
Select the product being used for both sides of the link.
Step 4
Step 5
Step 6
Select the antenna used on each site. If you are using antennas other than Cisco
Aironet antennas, enter the gain factor in dBi.
Step 7
Select the cables being used on each side. If you are using cables other than Aironet
cables, select Other, then enter the loss per 100 feet and the length of the cable.
For the Aironet 1410 bridge only, you must select typical environmental conditions.
3-64
Note
Note
Line-of-sight is required.
CWLF v1.0m3-11
Using the Outdoor Bridge Range Calculation Utility enables you to get an idea how far the
bridge link can go, and how to select the various antennas and data rates. All bridge links are
point-to-point when you are using the Outdoor Bridge Range Calculation Utility. When you are
computing point-to-multipoint links, always compare the root bridge with each remote or nonroot site to determine distances.
Wireless Bridges
3-65
Path Considerations
Radio line-of-sight
Earth bulge
Fresnel zone
Antenna and cabling
Data rate
Frequency
CWLF v1.0m3-12
There are several items that should be considered when you are determining a path between
two antennas. There should be a clear visible path between the two antennas (you may need
binoculars to see from one to the other). There should be no obstructions between the antennas
themselves. Obstructions include trees, buildings, hills, and so on.
Remember to take into account the curvature of the earth and atmospheric refraction. Typically,
at distances below 7 miles (11.26 km), earth bulge can be ignored.
3-66
Line-of-Sight
Radio line-of-sight
Not the same as visual line-of-sight
Fresnel zone
Line-of-sight!
2006 Cisco Systems, Inc. All rights reserved.
CWLF v1.0m3-13
One of the most important concepts in installing Cisco Aironet bridges is line-of-sight. In many
instances line-of-sight is not seen to be a problem, particularly for wireless LAN (WLAN)
devices that communicate over short distances. Due to the nature of radio wave propagation,
devices with antenna often communicate successfully from room to room. The density of the
materials used in a building's construction determine the number of walls the RF signal can
pass through and still maintain adequate coverage.
When connecting two points together (such as an Ethernet bridge) the distance, obstructions
and antenna location must be considered. If the antennas can be mounted indoors and the
distance is short, several hundred feet, the standard dipole or magnetic mount 5.2-dBi or Yagi
antenna can be used.
For long distances, 1/2 mile or more, directional high-gain antennas must be used. These
antennas must be as high as possible, and above obstructions such as trees and buildings. If the
directional antennas are used, they must be aligned so their main radiated power lobes are
directed at each other. With a line-of-sight configuration distances of up to 25 miles at 2.4-GHz
can be reached using parabolic dish antennas, provided a clear line of site is maintained.
Cisco Aironet bridges are unlicensed devices and are not designed to penetrate objects such as
mountains, trees, or buildings. The signal will be either absorbed or reflected, and the end result
will be that the bridges will be unable to connect. If there are trees between the bridges, much
of the signal will be absorbed.
Wireless Bridges
3-67
Longer Distances
Line-of-sight disappears at 6 miles
(9.7 km) because of the curvature of the earth.
CWLF v1.0m3-14
For a typical 6-foot (183 cm) person, the horizon appears at about 6 miles (9.7 km). Its
disappearance is determined by the height of the observer. If you have two 10-foot (305-cm)
structures, the top of one will have a line-of-sight to the other at about 16 miles (26 km), but it
will have minimum clearance at the horizon point.
3-68
Antenna Alignment
Line-of-sight
CWLF v1.0m3-15
Binoculars or telescope: These aids are needed for the more distant links.
Global Positioning System (GPS): Use GPS for very distant installations. This helps the
installer to aim the antennas in the correct direction. A compass is also a helpful if the GPS
is set up to read magnetic bearings.
Wireless Bridges
3-69
Fresnel Zone
Fresnel Zone
d1
d2
CWLF v1.0m3-16
The amount of clearance required for obstacles is expressed in terms of Fresnel zones. Fresnel
zones consist of series of concentric ellipsoid surfaces that surround the straight-line path
between the transmitter and receiver. The first Fresnel zone is defined as the surface containing
every point for which the distance from the transmitter to any reflection point on the surface
and then on the receiver is one half-wavelength longer than the direct signal path. As radio
signals travel through free space to their intended target, they may encounter an obstruction in
the Fresnel area, degrading the signal. Best performance and range is attained when there is no
obstruction of this Fresnel area. Fresnel zone, free space loss, antenna gain, cable loss, data
rate, link distance, transmitter power, receiver sensitivity, and other variables play a role in
determining how far your bridge link goes. As shown in the figure, the Fresnel zone radius is
greatest at mid-path, thus the required obstacle clearance is greatest at this point. The minimum
acceptable clearance is .6 of the first Fresnel zone. Because of the shape of the first Fresnel
zone, what appears to be a clear line-of-sight path may not be. As shown in the figure, d1 is the
distance from transmitter to refection point in miles, and d2 is the distance from reflection point
to receiver in miles.
3-70
Mid Path
CWLF v1.0m3-17
The figure illustrates the Fresnel zone between two antennas. As long as 60 percent of the first
Fresnel (F1) zone is clear of obstructions, the link behaves essentially the same as a clear freespace path.
Wireless Bridges
3-71
30
37
44
10
50
12
54
15
69
CWLF v1.0m3-18
There are a variety of things that you can do to keep the Fresnel zone clear, including the
following:
3-72
Build a new structure, such as a radio tower, tall enough to mount the antenna
28
34
39
Remove trees
10
44
12
48
15
54
CWLF v1.0m3-19
There are a variety of things that you can do to keep the Fresnel zone clear, including the
following:
Build a new structure, such as a radio tower, tall enough to mount the antenna
Wireless Bridges
3-73
H = H1 + H2
Height = D /8 + 43.3D/4F
H1 = 43.3 D/4F
CWLF v1.0m3-20
This figure illustrates 2.4-GHz bridging. The same concept applies to 5-GHz bridging
solutions. To determine the antenna mounting height, take the mid-path Fresnel zone width (at
60 percent) for 2.4-GHz and add it to the curvature of the earth. Sixty percent unobstructed
Fresnel zone clearance is the commonly accepted coverage for RF link design. To get these
measurements, refer to the Fresnel calculation table.
The Cisco Aironet Outdoor Bridge Range Calculation Utility which can be found at
http://www.cisco.com/warp/public/102/wlan/faq-hardware-us-calc.html. Click the link for the
Outdoor Bridge Calculation Utility. The Outdoor Bridge Calculation Utility can be used for the
following calculations:
Antenna height
3-74
Site Survey
Before installing multiple bridges, perform a site
survey to determine optimum location of bridges.
Range is affected by:
Data rate: Sensitivity and range are inversely proportional to
data rate.
Fresnel zone clearance: Provide the Fresnel zone clearance
for the radio signal.
Antenna type and placement: The higher the gain of the
antenna, the greater the range. Height of antenna should be
sufficient to clear Fresnel zone and earth bulge.
CWLF v1.0m3-21
It is recommended that you perform a radio site survey before to installing the equipment. A
site survey reveals problems such as interference, Fresnel zone, or logistics problems. A proper
site survey involves temporarily setting up a bridge link and taking measurements to determine
if your antenna calculations are accurate. Determine the correct location and antenna before
drilling holes, routing cables, and mounting equipment.
Range is affected by the following factors:
Data rate: Sensitivity and range are inversely proportional to date rate.
Fresnel zone clearance: You must provide the Fresnel zone clearance for the radio signal.
Antenna type and placement: The higher the gain of the antenna, the greater the range.
The height of the antenna should be sufficient to clear the Fresnel zone and earth bulge.
Wireless Bridges
3-75
Antenna Considerations
This topic describes potential issues with antennas with or without downtilt and
omnidirectional antennas.
Antenna Issues
CWLF v1.0m3-22
An antenna may have a gain of 2l-dBi, a front-to-back ratio of 20-dB, or a front-to-side ratio of
15-dB. This means that the gain in the backward direction is 1-dBi and the gain off the side is
6-dBi.
This measurement needs to be taken into account when locating systems on the same channel.
There must be sufficient separation of the antennas to ensure that the two will not interfere with
each other.
3-76
Directional
antenna
No downtilt
CWLF v1.0m3-23
A common mistake is to use a high-gain omnidirectional antenna to try to cover a large area
from a high point. Unfortunately, a high-gain omnidirectional antenna may not have any
downtilt.
As shown in the figure, this configuration can result in all of the RF energy being propagated
above the desired target, in this case the directional antenna.
This situation is often complicated further if you use a directional antenna to establish a link
with the high-gain omnidirectional antenna. The directional antenna is capable of sending RF
traffic to the high-gain omnidirectional antenna, but responses cannot be returned to the
directional antenna. The result is what appears to be one-way communication.
Wireless Bridges
3-77
CWLF v1.0m3-24
Typically, the center antenna is the antenna attached to the root ON device. When deciding
which antenna to use as the center antenna, remember that antennas provide coverage in certain
directions but also receive interference in those directions. This is a much larger issue with an
outdoor bridge link because there are many sources of interference than cannot be removed.
More control over interference is afforded in an in-building WLAN installation, where the
customer can remove or limit the amount of interference.
Because the bridges are Federal Communications Commission (FCC) Part 15 products, they
must receive all traffic. They cannot block any traffic. Traffic that is not meant for the bridge is
discarded but can slow down the bridge.
Often omnidirectional antennas are chosen for a center site in a point-to-multipoint installation.
If 360 degrees coverage is not needed, a more directional antenna (such as a patch antenna)
may be a better choice. First, determine the maximum beamwidth the antenna needs to produce
a coverage cell that contains all the other devices. An antenna should then be chosen that would
match this beamwidth as closely as possible. This practice minimizes the amount of
interference received and maximizes bridge performance.
Remember that even directional antennas have some back and side lobes that will be
susceptible to interference as well.
3-78
200 ft./61 m
8.50 downtilt
14.50
700 ft./213 m
8 miles/13 km
CWLF v1.0m3-25
Antennas have both a horizontal and vertical beamwidths. Some antennas have what is called
downtilt, meaning that the beamwidths are manipulated to provide more coverage below the
antenna than above the antenna. This feature can be particularly important in an outdoor
installation.
Even though the antenna shown in the diagram provides some downtilt, there will still
potentially be a dead spot with no coverage below the tower. The higher the antenna is
mounted, the larger this dead spot becomes.
Wireless Bridges
3-79
Common Questions
Bridge link using a splitter?
Bridge link using a repeater?
Bridge link using back-to-back bridges?
CWLF v1.0m3-26
The figure lists some of the most common questions about obtaining more coverage distance.
The answers require a short explanation of the advantages or drawbacks of each.
3-80
How far can I go using a bridge with two antennas and a splitter?
CWLF v1.0m3-27
The use of splitters usually adds a loss of about 4-dB (for a good-quality splitter) to the system.
This loss is seen at both antennas (each antenna suffers a 4-dB loss). At 2.4-GHz, this loss
reduces the gain of a dish from 21- to 17-dBi, providing some distance advantage, but not twice
the amount. When you reduce the gain on one antenna to 17-dBi, the distance drops from 20.5
miles, or 33 km (at 11 Mbps), to approximately 13 miles, or 21 km.
A second drawback is that the throughput is reduced by approximately 50 percent because the
repeater must receive, buffer, and transmit the data on the same channel.
Wireless Bridges
3-81
CWLF v1.0m3-28
A repeater can be added to extend the range of a bridge, but not double it. A repeater needs to
receive and transmit in more than one direction. Therefore, a yagi or dish antenna typically
cannot be used. In such a situation, you would employ an omnidirectional or semi-directional
(panel or patch) antenna. These tend to be less effective than a link using two directional
antennas.
Using the high-gain omnidirectional antenna (as shown in the figure) results in a link of just
over 7 miles (11 km).
Throughput is reduced by approximately 50 percent because the repeater must receive, buffer,
and transmit the data.
3-82
Channel 1
Channel 11
CWLF v1.0m3-29
A better way to increase distance is through the use of a linked repeater site. This site consists
of two bridges and two antennas, operating on two different channels and with two system set
identifiers (SSIDs). This configuration allows both sides to the link to operate simultaneously at
full gain and full throughput.
The drawback to this example is that it requires one extra bridge and antenna, and it results in a
loss in throughput of about 15 percent because of Ethernet latency.
Wireless Bridges
3-83
Lesson Self-Check
Use the questions here to review what you learned in this lesson. The correct answers and
solutions are found in the Lesson Self-Check Answer Key.
Q1)
How much loss is their in dB from end to end on a 100 foot run of LMR-400 cable?
(Choose one.) (Source: Installation Considerations)
A)
B)
C)
D)
Q2)
What must be considered when determining the distance of a radio path? (Choose
two.) (Source: Distance and Path Loss Considerations)
A)
B)
C)
D)
Weather
Antenna Gain
Transmit Power
Wind Speed
Q3)
Using the Cisco Outdoor Bridge Range Calculation Utility, what is the fade margin in
dB for 2.4-GHz? (Source: Bridge Distance Calculations)
____________________________________________________________________
Q4)
Q5)
Q6)
Using a splitter on a bridge to extend the distance is the best option. (Source:
Common Deployment Questions)
A)
B)
3-84
4.4 dB
6.7 dB
5.2 dB
7.6 dB
True
False
Q2)
B, C
Q3)
10 dB
Q4)
Mid Point
Q5)
A, C
Q6)
False
Wireless Bridges
3-85
Summary
This topic summarizes the key points discussed in this lesson.
Summary
We learned that a greater operating range results in a higher supported data
rate and results in a more reliable link at a given data rate.
Antenna gain, transmitter power, receiver performance, cable losses, and
environmental structures should be considered when determining the best
coverage performance.
Using the Outdoor Bridge Range Calculation Utility enables you to get an
idea how far the bridge link can go, and how to select the various antennas
and data rates.
There are several items that should be considered when you are determining
a path between two antennas, and line-of-sight is generally required.
Fresnel zones consist of series of concentric ellipsoid surfaces that
surround the straight-line path between the transmitter and receiver.
We discussed several issues that must be considered when installing
wireless bridges.
We discussed the use of high-gain omnidirectional and directional antennas,
downtilt and dead spots.
We discussed some common deployment questions for a bridge link.
2006 Cisco Systems, Inc. All rights reserved.
CWLF v1.0m3-31
We learned that a greater operating range results in a higher supported data rate and results in a
more reliable link at a given data rate. Antenna gain, transmitter power, receiver performance,
cable losses, and environmental structures should be considered when determining the best
coverage performance. Using the Outdoor Bridge Range Calculation Utility enables you to get
an idea how far the bridge link can go, and how to select the various antennas and data rates.
There are several items that should be considered when you are determining a path between
two antennas, and line-of-sight is generally required. Fresnel zones consist of series of
concentric ellipsoid surfaces that surround the straight-line path between the transmitter and
receiver. We discussed several issues that must be considered when installing wireless bridges.
We discussed the use of high-gain omnidirectional and directional antennas, downtilt and dead
spots. We discussed some common deployment questions for a bridge link.
3-86
Module Summary
This topic summarizes the key points that were discussed in this module.
Module Summary
Cisco Aironet 1300 Series provides wireless connectivity
between multiple fixed or mobile networks and clients where
as the 1400 series wireless bridge is designed for building-tobuilding wireless connectivity.
There are different radio roles and how the radio role in the
network effects the access point or bridge capabilities.
We describe the 2.4- and 5.8-GHz radio performances,
interference, installation guidelines, outdoor path and
antenna considerations, and common deployment questions.
CWLF v1.0m3-1
Cisco Aironet 1300 Series provides wireless connectivity between multiple fixed or mobile
networks and clients where as the 1400 series wireless bridge is designed for building-tobuilding wireless connectivity. There are different radio roles and how the radio role in the
network effects the access point or bridge capabilities. We describe the 2.4- and 5.8-GHz radio
performances, interference, installation guidelines, outdoor path and antenna considerations,
and common deployment questions.
Wireless Bridges
3-87
3-88
Module 4
Module Objectives
Upon completing this module, you will be able to configure a Cisco client card with Cisco
utilities. This ability includes being able to meet these objectives:
Identify operating systems and configuration utilities for the Cisco 802.11a/b/g client cards
Use Aironet Desktop Utility, to configure the profile, and test RF links
4-2
Lesson 1
Describing Configuration
Utilities
Overview
This lesson will review supported operating systems, software and driver downloads. This
lesson will also cover the LED functions of the client cards and available administrative tools
and utilities.
Objectives
Upon completing this lesson, you will be able to identify operating systems and configuration
utilities for the Cisco 802.11a/b/g client cards. This ability includes being able to meet these
objectives:
Describe the operating systems and the various configuration utilities that support the Cisco
802.11a/b/g client cards
Identify the status LEDs for the 802.11a/b/g CardBus and PCI cards
Describe the use of ACAU to create profiles and install Aironet Desktop Utility (ADU)
across the network
Software Download
This topic describes how to access the web site to download configuration utilities.
CWLF v1.0m4-2
All of the available drivers, utilities, and firmware can be downloaded from the web at
Cisco.com. From the main page (http://www.cisco.com), select Direct Access, Downloads
dropdown box. Select the Wireless Software link on the page that is displayed. The latest
updates to all Cisco Aironet firmware and software are available via this link. This link requires
Login and/or a service contract.
4-4
CWLF v1.0m4-3
The driver disk includes drivers for all Windows 2000 and Windows XP versions.
The Cisco Aironet 802.11a/b/g Wireless LAN Client Adapters (CB21AG and PI21AG) support
IEEE 802.11a, IEEE 802.11b, and IEEE 802.11g (2.4 GHz and 5 GHz).
The wizard install tool is WinClient-802.11a-b-g-Ins-Wizard-v26.exe. Check for later versions
of this software.
4-5
PC Card LEDs
This topic identifies the status LEDs for the 802.11a/b/g CardBus and PCI cards.
LED scheme
Looking for network: Alternate blinking
Joined to network: Simultaneous blinking
Supports 802.11a/b/g
2006 Cisco Systems, Inc. All rights reserved.
CWLF v1.0m4-4
The following describes the appearance of LED 0 and LED 1 for the CardBus and PCI cards:
4-6
Awake from power save mode: On, off (can be used to indicate power is appliedthe
hardware automatically enters this state after exiting from power save mode before any
other activity)
Looking for network association: Alternate blink between LED 1 and LED 0
Associated or joined with network, activity: Fast simultaneous blink (blink rate increases
with activity)
Supports 802.11a/b/g
2006 Cisco Systems, Inc. All rights reserved.
CWLF v1.0m4-5
The Cisco ACAU enables an administrator to install the Aironet Desktop Utility (ADU) across
a network, eliminating the need to install and configure the ADU on each wireless client. The
auto installer runs in a silent batch mode and installs and configures the ADU (thereby
configuring the Cisco Aironet client adapter) on a computer running the Windows operating
system.
The auto installer allows the administrator to selectively install and configure the following
parameters:
The drive and directory where the ADU will be stored on the computer
The drive and directory where client card firmware and drivers will be stored on the
computer
Each profile allows the administrator to selectively configure the following parameters on the
ADU:
Radio settings
4-7
The auto installer can also be used with its own encryption utility to encrypt the files before
they are sent across the network to ensure that network security is not compromised while you
are performing auto installs.
4-8
Easy binary
configurations
for security and
utility
Supports 802.11a/b/g
2006 Cisco Systems, Inc. All rights reserved.
CWLF v1.0m4-6
The ACAU utility allows administrators control over provisioning profiles for wireless
802.11a/b/g and the ability to push those configurations across the network without physically
touching the Cisco 802.11a/b/g client.
4-9
Installation Wizard
Requires a forced reboot at the completion of the
install (prompts in beginning as warning)
Protection to ensure that machine is left in stable state
CWLF v1.0m4-7
4-10
Lesson Self-Check
Use the questions here to review what you learned in this lesson. The correct answers and
solutions are found in the Lesson Self-Check Answer Key.
Q1)
What operating systems are supported for CB21AG utilities (GUI)? (Choose two.)
(Source: Supported Operating Systems)
A)
B)
C)
D)
Q2)
Windows 98
Linux
Windows 2000
Windows XP
Where can you get Cisco Wireless software and drivers? (Source: Software
Downloads)
A)
B)
C)
D)
Cisco.com Industries
Cisco.com Products and Support
Cisco .com Direct Access Wireless Software
Cisco TAC
Q3)
Slow simultaneous blinking LEDSs indicate that the client card is associated to the
network. True or False (Source: PC Card LEDs)
Q4)
The Aironet Configuration Administration Utility is used with what client cards?
(Source: Aironet Configuration Administration Utility)
4-11
4-12
Q1)
C and D
Q2)
Q3)
True
Q4)
Summary
This topic summarizes the key points discussed in this lesson.
Summary
We described how to access Ciscos web site to download
configuration utilities.
We described the operating systems and the various
configuration utilities that support the Cisco 802.11a/b/g
client cards.
We discussed the different modes of operation identified by
the status LEDs for the 802.11a/b/g CardBus and PCI cards.
The Cisco ACAU enables an administrator to install the ADU
across a network, eliminating the need to install and
configure the ADU on each wireless client.
CWLF v1.0m4-9
We described how to access Ciscos web site to download configuration utilities. We described
the operating systems and the various configuration utilities that support the Cisco 802.11a/b/g
client cards. We discussed the different modes of operation identified by the status LEDs for
the 802.11a/b/g CardBus and PCI cards. The Cisco ACAU enables an administrator to install
the ADU across a network, eliminating the need to install and configure the ADU on each
wireless client.
4-13
4-14
Lesson 2
Objectives
Upon completing this lesson, you will be able to use Aironet Desktop Utility to, configure the
profile, and test RF links. This ability includes being able to meet these objectives:
View the screens for the status, statistics, link test, site survey and link status tools and
troubleshooting utility
Simple Windows
based
installation
program
Supports 802.11a/b/g
2006 Cisco Systems, Inc. All rights reserved.
CWLF v1.0m4-2
Supports 802.11a/b/g
2006 Cisco Systems, Inc. All rights reserved.
CWLF v1.0m4-3
You have 3 options, they are, install client utilities and driver, install driver only and make disk
installation diskettes.
4-16
CWLF v1.0m4-4
A new Cisco Aironet Site Survey Utility is available with ADU release 2.0.X.
To install the new Cisco Aironet Site Survey Utility ensure the check box is enabled.
4-17
CWLF v1.0m4-5
On Windows XP, you can configure your Cisco Aironet Wireless LAN Client Adapter through
the Cisco ADU or a third-party tool, such as the Microsoft Wireless Configuration Manager.
Because third-party tools may not provide all of the functionality available in ADU, Cisco
recommends that you use ADU. (Please note that a patch from Microsoft might be required to
use the Microsoft tool with Wi-Fi Protected Access [WPA] security.)
On the next screen, select whether you want to use ADU or a third-party tool to configure you
client adapter.
Note
4-18
If you select a third-party tool, some of the ADU features will not be available. To activate
those features you must re-install ADU.
CWLF v1.0m4-6
By enabling the third-party tool, you allow the client card to be controlled by another service
like Windows XP Wireless Zero Config.
4-19
Shows client
IP address
Supports 802.11a/b/g
2006 Cisco Systems, Inc. All rights reserved.
CWLF v1.0m4-7
ADU works only with the PC-CardBus card (AIR-CB21AG) and PCI card (AIR-PI21AG).
4-20
Advanced Information
Supports 802.11a/b/g
2006 Cisco Systems, Inc. All rights reserved.
CWLF v1.0m4-8
The ADU main page does not list information about associated access points; however,
selecting the Advanced button displays the Advanced Status tab, which does provide that
information.
Current signal strength and noise level can be shown in either dBm or mW. You can change
this setting from the Options menu.
4-21
Supports 802.11a/b/g
2006 Cisco Systems, Inc. All rights reserved.
CWLF v1.0m4-9
4-22
Set auto profile selection and weight the profiles according to your preferences.
You can scan, allowing the card to give a list of all open service set identifiers (SSID), and
allow users to directly connect to one.
Supports 802.11a/b/g
CWLF v1.0m4-10
ADU Profile Manager allows you to add new profiles or modify existing profiles.
Supports 802.11a/b/g
2006 Cisco Systems, Inc. All rights reserved.
CWLF v1.0m4-11
The security profile allows for all types of security. WPA and Wi-Fi Protected Access 2
(WPA2) are supported as of version 2.0.X.
4-23
Selectively choose
wireless modes
to decrease
association time
Supports 802.11a/b/g
2006 Cisco Systems, Inc. All rights reserved.
CWLF v1.0m4-12
Disallowing different wireless modes that are known to not be available for a profile increases
connection speed.
The maximum transmit power for IEEE 802.11a is 40 mW; for IEEE 802.11b/g, it is 100 mW.
4-24
ADU Tools
This topic views the screens for the status, statistics, link test, site survey and link status tools
and troubleshooting utility.
Advanced Statistics
Used
predominately
during
troubleshooting
Supports 802.11a/b/g
2006 Cisco Systems, Inc. All rights reserved.
CWLF v1.0m4-13
The advanced statistics screen is predominately used for troubleshooting. Transmit and receive
statistics as well as encryption errors are shown.
4-25
Code version
Supports 802.11a/b/g
2006 Cisco Systems, Inc. All rights reserved.
CWLF v1.0m4-14
The Adapter Information screen is the best place to check the driver version. All changes are
made with the driver.
4-26
CWLF v1.0m4-15
Adapter Information: Identifies the selected network adapter and the current association
status. The association status options are Associated, Not Associated, and Device Not
Present.
Access Point: Identifies the name, IP address, and MAC address of the access point.
Signal Strength: Determines how strong the signal is for all received packets. The higher
the value and the more green the bar graph is, the stronger the signal. The trend graph
provides a visual interpretation of the current signal strength. Differences in signal strength
are indicated by the following colors: green (strongest), yellow (middle of the range), and
red (weakest).
Signal Quality: Determines how clear the signal is for all received packets. The higher the
value and the more green the bar graph is, the clearer the signal. The trend graph provides a
visual interpretation of the current signal quality. Differences in signal quality are indicated
by the following colors: green (highest quality), yellow (average), and red (lowest quality).
Note
This setting appears only if the Display in percent check box is selected.
Noise Level: The level of background radio frequency energy. The lower the value and the
more green the bar graph is, the less background noise present. The trend graph provides a
visual interpretation of the current level of background noise. Differences in background
noise are indicated by the following colors: green (low noise), yellow (middle of the range),
and red (high noise).
Note
This setting appears only if the Display in percent check box remains unchecked.
4-27
Signal to Noise Ratio: The percentage of beacon packets received versus those expected to
be received. The higher the value and the more green the bar graph is, the clearer the signal.
For example, the access point sends out 10 beacons per second, so you would expect the
client adapter to receive 50 beacon packets in 5 seconds. If it receives only 40 packets, the
percentage of beacons received would be 80 percent.
Note
This setting appears only if the Display in percent check box is checked and the client
adapter does not provide a signal quality value.
Overall Link Quality: The client adapter's ability to communicate with the access point.
Note
This setting appears only if the Display in percent check box is checked.
Link Speed: The site survey utility monitors transmitted network traffic, and the link speed
reflects the current transmit rate of data packets. The Link Speed trend graph provides a
visual interpretation of the current rate at which your client adapter is transmitting packets.
Possible Values: 1, 2, 5.5, or 11 Mbps (IEEE 802.11b); 1, 2, 5.5, 6, 9, 11, 12, 18, 24, 36,
48, or 54 Mbps (802.11g); 6, 9, 12, 18, 24, 36, 48, or 54 Mbps (IEEE 802.11a)
Display in percent: The default is to display the fields above in dB or dBm. If you would
rather view the values as a percentage, check the Display in percent check box. The
decibels display unit is recommended for a more precise view. The fields that display on
this screen vary depending on which method of display you choose.
The trend graph provides a graphical representation of activity in the past 10 to 60 seconds. Use
the up and down arrows to select the desired number of seconds.
The Cisco Aironet Site Survey Utility will work with all Cisco Aironet Wireless Adapters.
4-28
CWLF v1.0m4-16
Data Enc.: Indicates whether the data exchanged with this access point is encrypted. The
possible values are Secure (encrypted) and Open (unencrypted).
Type: Indicates whether the band of the access point radio is 802.11a, 802.11b, or IEEE
802.11g.
Ch. (Freq.): The channel number being used and the frequency of that channel (given in
megahertz).
Max Rate: The maximum data rate currently available on this access point.
CCX: Identifies which version of Cisco Compatible Extensions (CCX) is supported by the
access point. This parameter may be blank if the access point is not broadcasting its CCX
version number.
Other Info.: Some of the columns below may appear depending on what is transmitted by
the access point.
Ad-Hoc: Identifies the device as another client adapter operating in ad hoc mode.
Power: Indicates the presence of the cell power limit information element (IE).
Broadcasting the cell power limit IE allows access points to limit the transmitting power
used by clients.
4-29
QoS: Indicates quality of service (QoS) is enabled. If QoS appears in the Other Info.
column, you can open the AP Detailed Information window to get the QoS configuration.
RM-Normal: Indicates the presence of the radio management (RM) RID IE. A value of 1
means normal. Other values may be displayed as RM-Status (123) for a status value of 123.
RM-Source: Indicates the presence of the radio management extensions and includes the
MAC address of the RM source.
Ssidl: Indicates the presence and number of SSIDL IE and the number of hidden SSIDs
configured on that access point. An SSIDL broadcasts information about lists of hidden
SSIDs on an access point.
Pause List Update: Select Pause List Update to halt the current AP scan list. If you select
the button again, it will resume updating.
View AP Details: Launches the AP Detailed Information window for the currently selected
row of the table.
Log Snapshot: Transfers the current contents of the table into the AP scan list log. The
scan log is a text file named SST_APScanLog.txt. It is located in the same directory as the
main executable (SST.EXE).
Note
4-30
If updating is in a paused state, the old data currently displayed in the log will be added
rather than the latest data available.
Lesson Self-Check
Use the questions here to review what you learned in this lesson. The correct answers and
solutions are found in the Lesson Self-Check Answer Key.
Q1)
Q2)
True
False
Which of the following is displayed on the current status page? (Current Status page)
A)
B)
C)
D)
Client IP address
AP IP address
SSID
QOS
Q3)
How many profiles can be created in ADU? (Source: ADU Profile Manager)
Q4)
The Cisco Aironet Site Survey Utility works with the Cisco Aironet 802.11a/b/g
Wireless Adapter only. (Source: Site Survey Utility)
A)
B)
True
False
4-31
4-32
Q1)
Q2)
Q3)
16
Q4)
False
Summary
This topic summarizes the key points discussed in this lesson.
Summary
We discussed the procedures to install the ADU.
The ADU main page shows the client IP address and
selecting the Advanced button displays Advanced
Status about the client.
We describes the procedures to configure and manage
profiles with the ADU.
The advanced statistics screen is predominately used
for troubleshooting and provides transmit and receive
statistics as well as encryption errors.
CWLF v1.0m4-18
We discussed the procedures to install the ADU. The ADU main page shows the client IP
address and selecting the Advanced button displays Advanced Status about the client. We
described the procedures to configure and manage profiles with the ADU. The advanced
statistics screen is predominately used for troubleshooting and provides transmit and receive
statistics as well as encryption errors.
4-33
4-34
Module Summary
This topic summarizes the key points that were discussed in this module.
Module Summary
In this module we covered where drivers and utilities could
be downloaded from the Cisco web site. What operating
systems were supported and what the different LED status
lights indicated on the wireless cards.
Described the use of Aironet Client Administrator Utility to
install ADU across the network eliminating the need to install
ADU on each wireless client manually.
How Aironet Desktop Utility is installed and how the ADU GUI
is used to configure an Cisco Wireless 802.11a/b/g card.
CWLF v1.0m4-1
In this module we covered where drivers and utilities could be downloaded from the Cisco web
site. What operating systems were supported and what the different LED status lights indicated
on the wireless cards. Described the use of Aironet Client Administrator Utility to install ADU
across the network eliminating the need to install ADU on each wireless client manually. How
Aironet Desktop Utility is installed and how the ADU GUI is used to configure a Cisco
Wireless 802.11a/b/g card.
4-35
4-36
Module 5
Module Objectives
Upon completing this module, you will be able to configure the core access point and bridge.
This ability includes being able to meet these objectives:
Describe components needed to implement a Cisco WLAN core product feature set
solution
Perform the initial setup of the Cisco core product autonomous access point hardware
5-2
Lesson 1
Describe the key concepts of the WLAN core products using autonomous access points
Describe the protocols and components used to implement WLAN core products focusing
on how Cisco WDS can be implemented
Describe WLAN core products features that assist IT professionals with deployment of
Cisco Aironet infrastructure devices, control issues, and address critical WLAN security
Describe security options available when using Cisco WLAN core products including
autonomous access points
CWLF v1.0m5-2
5-4
Network managers need to protect their networks and deliver secure WLAN access for their
organizations. They need a wireless infrastructure that embraces the unique attributes of radio
frequency (RF) technology and effectively supports today's business applications. They need to
keep their wired network secure while laying a foundation for the smooth integration of new
applications that embrace wireless technology. Network managers need a WLAN solution that
takes full advantage of existing tools, knowledge, and network resources to cost-effectively
address critical WLAN security, deployment, and control issues.
5-5
Fault
Configuration
Accounting
Performance
Security
CWLF v1.0m5-3
The goal of the configuration management element is to monitor network and system
configuration information and execute and track configuration changes centrally.
The goal of the accounting management element is to measure network utilization parameters
so that individual or group users on the network can be regulated appropriately. (Proactive
managing of network resources ensures that resources are apportioned based on resource
capacity, which provides fairness to all users.)
The accounting management process is as follows:
5-6
Analyze results
The goal of the performance management element of the ISO model is to measure and make
available various aspects of network performance so that internetwork performance can be
maintained at an acceptable level.
Critical information for the performance management element includes the following:
Network throughput
Line utilization
The goal of the security management element is to control access to network resources
according to local guidelines to protect the network and protect sensitive information from
being compromised.
A subsystem might monitor users and refuse access to unauthorized users. Subsystems can
perform the following tasks to manage security:
Monitor access points to sensitive network resources and log inappropriate access.
Large numbers of access points present significant management challenges. Among them are the
following:
Fault monitoring: A large amount of data must be gathered from many sources and.
processed into usable form. Although they are similar to wired networks in some respects,
WLANs are sufficiently different to warrant a domain-specific application.
Configuration: Changing just one parameter on multiple access points or rotating Wired
Equivalent Privacy (WEP) keys can be challenging.
Accounting: Again, there are a large number of data sources and it is necessary to gather
meaningful data. You need to determine whether the end user experience is satisfactory.
Performance: You need to ensure adequate throughput and utilization from many access
points and to determine which are performing adequately and which are not.
5-7
Service
Management
Network and
System
Elements
Network/
Systems
Management
Element
Management
Business
Business
Management
Management
CWLF v1.0m5-4
Element management,
Services management
Business management
The management solution and components addressed in this topic are part of the base layer
network and system elements (autonomous access points, clients, and other network
infrastructure), and the next layer up in the model, element management (Cisco Wireless LAN
Solution Engine (WLSE), with some mention of devices in the other levels.
5-8
(WDS)
WDS is a software
component that can reside
on either an access point,
switch or router
CWLF v1.0m5-5
Current WLAN solutions focus on providing basic radio connectivity. However, current
solutions lack radio and spatial awareness to effectively manage interference and bandwidth.
These solutions also lack network service integration to elegantly handle mobility, security,
quality of service (QoS), and management services. To create workable designs, current
solutions require that the IT team possess significant understanding of radio technology.
The Cisco WLAN core products address centralized management capabilities to enhance the
following:
Security
Reliability of connections
In addition, the WLAN core products add to Cisco end-to-end networking strengths by
seamlessly combining the WLAN with Cisco switches and network management. The Cisco
WLAN core products also comprehensively satisfy scalability, management, and overall costof-ownership requirements.
The CiscoWorks WLSE is the Wireless Network Manager (WNM) component of the Cisco
WLAN core products. WMN manages the devices on your wireless LAN.
5-9
Wireless Domain Services (WDS) consists of additional Cisco IOS code added to the Cisco
Aironet autonomous access points and Integrated Service Routers (ISR). If an access point is
used for WDS, one access point must have WDS enabled per subnet.
WDS coupled with CiscoWorks WLSE, Cisco Secure Access Control Server (ACS) version 3.2
or higher for RADIUS, and infrastructure switches and routers provides the secure fast roaming
capabilities now required by enterprise networks.
5-10
Layers
Management and Security Layer
Intelligent Radio and Network
Management, AAA Services
Network Management
Device
ACS
WLCCP
WDS Layer WLAN Client Context
tracking, Fast Secure Roaming, Radio
Management Data Aggregation
or
ISR
Access
Point
WLCCP
Infrastructure Access Point Layer
WLAN Client Access, Radio Downlink
Encryption, RF Management Data
Collection and RF Monitoring
Access Point
WLCCP
Client Layer WLAN Clients, RM
Data Collection, RF Monitoring
PC
2006 Cisco Systems, Inc. All rights reserved.
Tablet
CWLF v1.0m5-6
The WLAN core products framework addresses two key WLAN management and operational
issues: fast secure WLAN client layer 2 roaming and radio management. Fast secure roaming
allows WLAN clients to move association from one access point to another with little or no
service disruption. The WLAN core products radio management characterizes the radio
transmission environment and responds to the conditions of the environment.
The WLAN core products framework can be visualized as a layered model with the following
four layers:
WDS layer
The management and security layer processes radio management (RM) data from the lower
layers, as well as controls and manages the radio coverage environment. This data also secures
the radio coverage environment by detecting rogue access points and wireless clients.
Authentication, authorization, and accounting (AAA) services are also placed in the
management and security layer.
The required management layer component is the CiscoWorks WLSE and an IEEE 802.1X
authentication server such as a Cisco Secure ACS. Other products with functionality equivalent
to the Cisco Secure ACS may be used with the WLAN core products.
5-11
Aggregation of radio management data from the infrastructure devices and client layer
WDS is implemented in supporting versions of Cisco IOS for the Cisco Aironet 1100, 1130AG,
1200, 1230AG and 1240AG Series access points and Cisco 2600, 2800, 3700, and 3800 Series
Integrated Service Routers. The solution design dictates whether to use the WDS access points
or routers.
The access point devices layer facilitates WLAN client access to the wired-network, radio
downlink encryption, and radio management data collection, including on-going radio
monitoring.
The client layer includes all wireless clients. Advanced WLAN core products framework
features take advantage of client-side capabilities to allow for radio measurement collection
from the WLAN clients and fast secure roaming.
The WLAN core products framework introduces Wireless LAN Context Control Protocol
(WLCCP) to facilitate control messaging between the framework components. The figure
illustrates the conceptual model of the WLAN core products framework, including the WLCCP
messaging protocol. As shown in the figure, each layer is implemented in specific Cisco
products.
WLCCP is a Cisco-defined control protocol that allows control communication between the
WLAN core product components. WLCCP messages authenticate and register WLAN core
products components that are part of the WLAN core products control topology. The WLCCP
messages are used in WLAN client authentication, association, reauthentication, and
reassociation during client roaming between the infrastructure access points and the WDS
access point. WLCCP RM transfers radio measurement data between the WLAN core products
components.
5-12
Software requirements:
Cisco IOS software release 12.2.(15)XR for Cisco Aironet 1100 Series and 1200 Series access
points
Cisco IOS software release 12.3(2)JA for Aironet 1130 Series and 1230 Series access points
Cisco IOS software release 12.3(7)JA1 for Aironet 1240 Series access points
Release 2.7(1) for CiscoWorks Wireless LAN Solution Engine (WLSE)
Support for all EAP types requires Secure ACS release 3.2.3 or higher
CWLF v1.0m5-7
CiscoWorks WLSE
Optional: Cisco Aironet wireless LAN client adapters, Cisco Compatible Extensions client
devices, and third-party non-Cisco client adapters
Note
The Cisco Compatible Extensions program provides third-party verification of Cisco Aironet
wireless infrastructure products and wireless client devices from third-party companies.
Additional information about the Cisco Compatible Extensions program can be found at
http://www.cisco.com/en/US/partners/pr46/pr147/partners_pgm_brochure.html.
In addition to the hardware requirements, the minimal software requirements for this solution
are the following:
Cisco IOS software release 12.2.(15)XR for Cisco Aironet 1100 Series and 1200 Series
access points, Cisco IOS software release 12.3(2)JA for Aironet 1130 Series and 1230
Series access points, Cisco IOS software release 12.3(7)JA for Aironet 1240 Series access
pints.
The software requirements for Cisco Secure ACS depend on the type of Extensible
Authentication Protocol (EAP) desired. For full support of all the EAP types including EAP
Flexible Authentication via Secure Tunneling (FAST), use release 3.2.3 or higher.
5-13
Management Benefits
This topic describes WLAN core products features that assist IT professionals with deployment
of Cisco Aironet infrastructure devices, control issues, and address critical WLAN security.
Management Benefits
WLAN IDS
Interference Detection
WLAN Self-Healing
Simplified Deployment
and Operations
Automated
Re-Site Surveys
CWLF v1.0m5-8
Wireless LANs provide network users with a new level of freedom, flexibility, and competitive
advantage. However, WLANs also present IT professionals with new challenges. The WLAN
core products meet these challenges by integrating the wireless and wired LAN to deliver the
same level of security, scalability, and manageability as with wired LANs.
The WLAN core products reduce overall operational expenses by simplifying network
deployment, operations and management. With WLAN core products, several, hundreds, or
thousands of central or remotely located Cisco Aironet series autonomous access points can be
managed from a single management console. WLAN core products flexibility allows network
managers to design networks to meet specific needs, whether implementing a highly integrated
network design or an overlay network.
WLAN core products features include:
5-14
Interference detection
WLAN self-healing
Security
This topic describes security options available when using Cisco WLAN core products
including autonomous access points.
>99.9% of Rogue
Access Points
Frustrated Insider
<.1% of Rogue
Access Points
Malicious Hacker
CWLF v1.0m5-9
Network security is a primary issue when deploying WLANs. IT managers must protect their
network from unauthorized or rogue access points. Rogue access points are defined as either
malicious or non-malicious attacks.
The most common attack is nonmalicious. An example of a nonmalicious attack would be
when a wireless connection is required in a specific office before service can be provided
through the proper channels. An employee may go to the neighborhood computer store and buy
a cheap grade access point to attach to the desktop Ethernet connection. The type of access
point purchased is, by default, set to broadcast the service set identifier (SSID), which gives
anyone with an IEEE 802.11 compliant wireless card access to the network. This unintentional
act by the novice reduces network security by exposing critical data to outsiders.
Malicious attacks make information that should be private, available to unauthorized users. For
example, if a malicious attacker gains access to your facility. Unauthorized access is often not
difficult, even in the most secure facilities. The attacker simply follows a legitimate employee
into the building, asks them to hold the door or explains that they forgot their access badge.
Once inside the attacker chooses an inconspicuous place to install an access point and connects
to the network. Although this type of attack is uncommon, it is a situation that could be very
damaging.
The ability to detect rogue access points is critical to maintaining a secure WLAN. With the
WLAN core products, the process of detecting rogue access points is automated. IT managers
can easily and automatically detect, locate, and disable rogue access points and the switch ports
to which they are connected because both access points and client devices actively participate
in continuous scanning and monitoring of the RF environment.
Copyright 2006, Cisco Systems, Inc.
5-15
Si
Si
Si
Network Core
RM Aggregation
CiscoWorks
WLSE
Switch-Based WDS
Distribution
Access
RM
RM
Rogue Access
Point
CWLF v1.0m5-10
A WLAN IDS provides WLAN threat defense for the WLAN core products autonomous access
points. Organizations must protect their RF environment and data networks from unauthorized
access. Rogue access points installed by employees or intruders create security breaches that
put the entire network at risk. The WLAN core products WLAN IDS quickly detects, locates,
and automatically shuts down rogue access points.
CiscoWorks WLSE detects unauthorized WLANs, and locates and identifies which wireless
clients are participating in the network. CiscoWorks WLSE also detects clients spoofing
authorized MAC addresses and generates notifications. CiscoWorks WLSE monitors per
channel excess wireless-management frames such as excess association, disassociation, probe
requests, responses, and authentication and deauthentication frames that may signal WLAN
attacks such as denial-of-service and man-in-the-middle attacks. EAP over LAN (EAPOL)
flood-message monitoring provides a way to detect excess authentication requests by an
intruder.
With Integrated WLAN IDS, a Cisco Aironet access point is deployed with its radio (IEEE
802.11a, b, or g) placed in access point multifunction mode to service client devices and
provide WLAN intrusion monitoring. In this configuration, an access point functions as both an
active 802.11 infrastructure device and as an 802.11 scanning device. The WLAN core
products gather RM data or intrusion detection information, from access points and optional
Cisco and Cisco-compatible client devices and forwards all of the information gathered to the
Cisco access point, switch, or router running Cisco IOS software with WDS. The WDS device
forwards the aggregated radio data to the CiscoWorks WLSE device on the network.
RM is a feature that relies on the coordinated effort of the CiscoWorks WLSE server, the WDS,
the infrastructure access points, and Cisco or Cisco Compatible Extensions (CCX) compatible
clients. The benefits of this all-encompassing view of the RF environment assists the
CiscoWorks WLSE in characterizing RF environment changes, including the detection of rogue
access points and identification of RF coverage or throughput problems.
5-16
The Cisco Compatible Extensions Program provides third-party verification of Cisco Aironet
wireless infrastructure products and wireless client devices from third-party companies.
The WDS RM aggregation feature aggregates and eliminates redundant RM information. This
process reduces the bandwidth required for RM information transmitted across the network and
WAN link to remote sites and campus locations. Aggregated RM information is sent from the
WDS to the CiscoWorks WLSE.
5-17
Si
Si
Network Core
Si
RM Aggregation
CiscoWorks WLSE
Distribution
Switch-Based WDS
Access
RM
Rogue
Access
Point
CWLF v1.0m5-11
The Cisco Aironet autonomous access point participating in RM may be deployed as dedicated
WLAN IDS with its radio (802.11a, b, or g) placed in scanning-only mode, as opposed to
operating as part-time integrated scanners. In this configuration, an access point functions as an
802.11 scanning-only device that provides continuous, 24-hour monitoring of the RF
environment to detect rogue access points and ad-hoc networks. If detected, these anomalies are
immediately reported through the WDS to the CiscoWorks WLSE and a fault is generated.
Because the scanning-only access point dedicates itself in the RF mode, the access point detects
rogue devices and unassociated clients more reliably and faster than regular access points or
clients.
Because WLAN clients can potentially move through a large physical area, adding clientassisted rogue access point scanning and monitoring into the framework, greatly increases the
RF coverage area. Client air management provides 10 to 20 times more RF measurement data
than access point RF measurements alone. Because WLAN clients can freely move about all
areas of a building, the addition of client scanning and monitoring extends RF monitoring into
areas most likely to contain rogue access points while allowing for more accurate detection.
The amount of client RF scanning and monitoring available is directly proportional to the
number of Cisco Aironet and Cisco-compatible client devices deployed in the network. A full
deployment of Cisco Aironet or Cisco-compatible client devices provides the most complete
client air and RF scanning and monitoring coverage. However, deploying just a few Cisco
Aironet or Cisco-compatible client devices provides enhanced client air and RF scanning to
help protect your network from rogue access points.
5-18
CiscoWorks WLSE
Fault Summary
CiscoWorks WLSE
Location Manager
CWLF v1.0m5-12
All WLAN IDS data captured from the autonomous access points and optional Cisco Aironet
and Cisco-compatible client devices is compiled by the WDS device and sent to the
CiscoWorks WLSE. The CiscoWorks WLSE processes these received samples, and highlights
those that indicate the presence of rogue access points in the CiscoWorks WLSE Location
Manager and CiscoWorks WLSE Fault Summary.
5-19
Roaming Concepts
This topic explains the features of fast secure roaming.
Subnet
A
Subnet B
Layer 2 Roaming
Layer 3 Roaming
2006 Cisco Systems, Inc. All rights reserved.
CWLF v1.0m5-13
Layer 2 roaming occurs when a WLAN device physically moves so that its radio associates to a
different access point. The original and the updated access points offer coverage for the same
IP subnet, so that the WLAN client is still valid after the roam.
Layer 3 roaming occurs when a client moves from an access point that is configured in IP
subnet A to an access point that is configured in IP subnet B and all the client sessions are
maintained. Ciscos WLAN Advanced products including lightweight access points and
controllers support Layer 2 or 3 roaming. Cisco autonomous access points and core products
support Layer 2 roaming. Ciscos WLAN Advanced products will be discussed in a later
module.
5-20
Roaming Delays
Event
Time
Taken
Percentage of
Total Time
20 ms
4.7%
396 ms
92.7%
11 ms
2.6%
Total latency
427 ms
100%
CWLF v1.0m5-14
A Cisco Aironet client takes between 400 ms and 600 ms to roam at Layer 2.
The 802.1X authentication adds even more latency (if it is enabled). Lightweight Extensible
Authentication Protocol (LEAP) adds anywhere from 200 ms to 1.2 seconds.
Roaming delay is not a big problem for most applications. But real-time applications such as
voice need delays of less than 150 ms end to end to maintain good voice quality.
What happens on a roam?
5-21
Wireless IP Phone
reauthenticates every
time it roams to a new
access point.
Additional latency is
introduced when this
reauthentication requires
a RADIUS server.
EAP Authentication
Re
au
th
en
tic
at
e
RADIUS Server
CWLF v1.0m5-15
The Cisco 7920 Wireless IP Phone supports WEP and 802.1X with LEAP.
The Spectra Link IP phone supports WEP and 802.1X with LEAP.
Using the more secure method (802.1X) can delay roaming, especially if the RADIUS server is
across a WAN link or on a very busy server.
LEAP authentication adds from 200 ms to 1.2 seconds to every Layer 2 roam.
One solution to avoid excessive delay is to use static WEP and virtual LANs (VLAN) with
Layer 3 filters instead of 802.1X with EAP or MAC security.
5-22
CWLF v1.0m5-16
Another solution is to implement fast secure roaming. In addition to reducing the number of RF
channels that must be scanned and reducing the overall scanning time, this feature allows
authentication to occur much more quickly by using an access point as a local authenticator.
An access point providing WDS for a Layer 2 network caches client security credentials when
the client is authenticated to a centralized RADIUS server. Subsequently, when a client roams,
keys are provided to the new access point by the WDS access point.
5-23
Traditional Roaming
1.Typical wireless 802.1X
authentication requires 3 end to
end transactions with an overall
transaction time of >500 ms.
WAN
Cisco ACS
AAA server
AP2
1. 802.1X Initial
Authentication
Transaction
AP1
2. 802.1X
Reauthentication
After Roaming
CWLF v1.0m5-17
As the figure illustrates, roaming without the fast secure roaming feature requires a full
reauthentication to a centralized RADIUS server on each and every roam. The result is a delay
that can cause problems for any applications running during the roam.
5-24
Access
Point-Based
WDS
AP2
AP1
CWLF v1.0m5-18
With fast secure roaming, an intermediate access point running WDS operates in the control
path for all authentications to the centralized RADIUS server.
As clients authenticate, the security credentials are cached on the WDS.
On a client roam, the credentials are securely passed to the target access point, and the client
session continues without disruption.
5-25
WLCCP
Messages
WLSE
ACS
WDS
WDS
WLAN
Control
Domain
WLAN
Control
Domain
WLCCP
Messages
WLCCP
Messages
Data Packets
CWLF v1.0m5-19
In the access point-based WDS solution, infrastructure access points discover the WDS via
special WLCCP multicast messages. An access point running WDS is required on each Layer 2
subnet. The solution supports up to 30 infrastructure access points when the WDS-host access
point is also serving wireless clients and up to 60 infrastructure access points when the WDShost access point is not serving wireless clients. The access point-based WDS solution
facilitates seamless mobile node roaming across a Layer 2 WLAN control context.
5-26
Lesson Self-Check
Use the questions here to review what you learned in this lesson. The correct answers and
solutions are found in the Lesson Self-Check Answer Key.
Q1)
The CiscoWorks Wireless LAN Solutions Engine operates at which level of the
Telecommunications Management Network Architecture? (Choose one.) (Source:
Introducing WLAN Management)
A)
B)
C)
D)
E)
Q2)
Which of the following components are required for Layer 2 Roaming in a Cisco
WLAN Core feature set? (Choose one.) (Source: Cisco Unified Wireless Network)
A)
B)
C)
D)
Q3)
Q4)
WDS
WLSE
LWAPP
WCS
In the Cisco WLAN core products framework, the CiscoWorks WLSE belongs to
which of the following layers? (Choose one.) (Source: Components and Protocols)
A)
B)
C)
D)
5-27
Q5)
Place the correct management feature letter to the left of the correct benefit. (Source:
Management Benefits)
A)
B)
C)
D)
Q6)
Cisco client
WDS access point
CiscoWorks Wireless LAN Solution Engine
Cisco-compatible client
When fast secure roaming is implemented with Cisco WLAN core products, which of
the following devices caches the encryption keys? (Choose one.) (Source: Roaming
Concepts)
A)
B)
C)
D)
5-28
Which of the following devices gathers and aggregates Radio Management data and
forwards it to the management platform? (Choose one.) (Source: Security)
A)
B)
C)
D)
Q7)
WLAN IDS
Fast Secure Roaming
Assisted Site Survey
WLAN Self-Healing
Q2)
B,D
Q3)
Q4)
Q5)
B - Supports roaming for latency-sensitive applications such as wireless VOIP, video streaming, or
wireless clients.
C - Maximizes WLAN availability and optimizes WLAN performance via a reliable and stable
mechanism.
A - Eliminates security threats posed by malicious intruders and by employee installed unauthorized or
rogue access points.
D - Site surveys can be performed by in-house IT personnel to reduce the costs, skills, and time required to
make optimal radio settings for best network performance.
Q6)
Q7)
5-29
Summary
This topic summarizes the key points discussed in this lesson.
Summary
The CiscoWorks WLSE is a component of the WLAN core
products that provides many features for managing
autonomous access points in a WLAN.
The WLAN core products provide the framework to integrate
and extend wired and wireless networks using autonomous
access points.
The WLAN core products can be visualized as a layered
model that includes management, WDS, autonomous access
points, and wireless client layers.
CWLF v1.0m5-21
Cisco Unified Wireless Network includes two WLAN solutions: the Cisco WLAN core
products and the Cisco WLAN advanced products. The CiscoWorks WLSE is a component of
the WLAN Core products solution framework that provides many features for managing the
WLAN. The WLAN core products solution provides the framework to integrate and extend
wired and wireless networks. The WLAN core products solution can be visualized as a layered
model that includes management, WDS, autonomous infrastructure access points, and wireless
client layers.
5-30
Lesson 2
Objectives
Upon completing this lesson, you will be able to perform the initial setup of the Cisco core
product autonomous access point hardware. This ability includes being able to meet these
objectives:
Discuss the steps to perform the initial connect and reset for an access point
Status LED
Ethernet LED
Radio LED
Meaning
Blue
Normal operating
condition; at least
one wireless device
associated.
Light green
Normal operating
condition; no
wireless device
associated.
Blinking green
Transmitting or
receiving Ethernet
packets.
Blinking green
Transmitting or
receiving radio
packets.
Green or blinking
green
Blinking green or
off
Software upgrade
in progress.
Amber
Various
Various
IOS errors
Blinking red
Various
Various
CWLF v1.0m5-2
If your access point is not working properly, check the Status LED on the top panel or the
Ethernet and Radio LEDs in the cable bay area. You can use the LED colors to assess the unit
status.
Note
5-32
To see the Ethernet and Radio LEDs you must open the access point cover.
Top of Unit
Status LED
Ethernet LED
Radio LED
Meaning
Blue
Light green
Blinking green
Blinking green
Blinking dark
blue
Green or blinking
green
Blinking green
or off
Amber
Various
Various
IOS errors
Blinking red
Various
Various
CWLF v1.0m5-3
The front cover easily slides forward revealing the Ethernet, console, and power connections.
There are three methods of securing the access point:
Security cable keyhole: You can use the security cable slot to secure the access point
using a standard security cable, such as those used on laptop computers.
Security hasp adapter: When you mount the access point on a wall or ceiling using the
mounting plate and the security hasp adapter, you can lock the access point to the plate
with a padlock. Compatible padlocks are Master Lock models 120T and 121T or
equivalent.
Note
The security hasp adapter covers the cable bay area (including the power port, Ethernet
port, console port, and the mode button) to prevent the installation or removal of the cables
or the activation of the mode button.
Security screw: The access point contains a security screw hole that can be used to secure
the access point to the mounting plate.
5-33
3
5
CWLF v1.0m5-4
There are three ports on the Cisco Aironet 1130 Series Access Point:
Ethernet port (with or without power): The auto-sensing Ethernet port accepts an RJ-45
connector, linking the access point to your 10Base-T or 100Base-T Ethernet LAN. The
access point can receive power through the Ethernet cable from a power injector, switch, or
power patch panel. The Ethernet MAC address is printed on the label on the back of the
access point.
DC power: The access point draws up to 12.2 watts maximum of DC power and can
receive power from an external power module or through inline power using the Ethernet
cable. Using inline power, you do not need to run a separate power cord to the access point.
Console Port. To communicate with the access point via the console port, use a terminal
emulation program (such as HyperTerminal) with the following settings:
9600 baud
8 data bits
No parity
1 stop bit
The reset/mode button is used to reset the access point to factory defaults or reload an image.
5-34
Status
Ethernet
Radio
Association status
Operating status
Status
Meaning
Light Green
Blue
Green
Blinking
Green
CWLF v1.0m5-5
The access point has three LEDs to indicate Ethernet activity, radio activity, and status
indications:
The Status LED provides general operating status and error indications.
The Ethernet LED signals Ethernet traffic on the wired Ethernet LAN and provides
Ethernet error indications.
The Radio LED signals that wireless packets are being transmitted or received over the
radio interface and provides radio error indications.
The LEDs display a variety of information about the state of the access point as indicated in the
following table.
LED Signals
Message
type
Ethernet
indicator
Status
indicator
Radio
indicator
Meaning
Light Green
Blue
Green
Blinking
Green
Transmitting/receiving Ethernet
packets
Green
Association
status
Operating
status
5-35
Boot Loader
Warnings
Ethernet
indicator
Status
indicator
Radio
indicator
Meaning
Green
Green
Green
Off
Off
Green
Pink
Green
Off
Dark Blue
Green
Green
Green
Off
Off
Yellow
Red
Off
Yellow
Ethernet failure
Amber
Off
Yellow
Off
Red
Pink
Blinking
Green
Red
Red
Red
Red
Off
Red
Off
Amber
Amber
Off
Red
Off
Amber
Amber
Red
Amber
Amber
Amber
Boot failure
Blinking
Amber
Blinking Amber -
Red
Red
Amber
Amber
5-36
CWLF v1.0m5-6
There are three ports on the Cisco Aironet 1240 Series Access Point:
DC power: The access point draws up to 12.95 watts maximum of DC power and can
receive power from an external power module or through inline power using the Ethernet
cable. Using inline power, you do not need to run a separate power cord to the access point.
Ethernet port: (with or without power): The auto-sensing Ethernet port accepts an RJ-45
connector, linking the access point to your 10Base-T or 100Base-T Ethernet LAN. The
access point can receive power through the Ethernet cable from a power injector, switch, or
power patch panel. The Ethernet MAC address is printed on the label on the back of the
access point.
Console port: The serial console port provides access to the access points command-line
interface (CLI) using a terminal emulator program. The port is located on the end of the
unit. Use an RJ-45 to DB-9 serial cable to connect your computers COM port to the access
points serial console port. To communicate with the access point via the console port, use
a terminal emulation program (such as HyperTerminal) with the following settings:
9600 baud
8 data bits
No parity
1 stop bit
The reset/mode button is used to reset the access point to factory defaults or reload an
image.
5-37
Ethernet Activity
Status
Radio Activity
CWLF v1.0m5-7
The three LEDs on the top of the access point report Ethernet activity, association status, and
radio activity.
The Ethernet LED signals Ethernet traffic on the wired LAN, or Ethernet infrastructure.
This LED is normally green when an Ethernet cable is connected and blinks green when a
packet is received or transmitted over the Ethernet infrastructure. The LED is off when the
Ethernet cable is not connected.
The status LED signals operational status. Green indicates that the access point is
associated with at least one wireless client. Blinking green indicates that the access point is
operating normally but is not associated with any wireless devices.
The radio LED signals wireless traffic over the radio interface. The light is normally off,
but it blinks green whenever a packet is received or transmitted over the access point radio.
The status light also flashes amber any time the system notes that an error has occurred. This
light prompts you to look into the history logs to see a review of errors that have been reported.
The radio and Ethernet LEDs indicate activity (transmit [Tx] or receive [Rx]) over this media.
Typically the Ethernet LED blinks much faster than the RF LED because there is more traffic
on the Ethernet side than on the radio frequency (RF) side. If the RF LED is blinking much
more than the Ethernet LED, this is an indication that there is a lot of radio traffic without
corresponding Ethernet traffic. This condition could result from an RF test routine or from poor
communication causing RF retries.
Any red LED during normal operation indicates a problem, typically a firmware or hardware
failure.
The LEDs display a variety of information about the state of the access point as indicated in the
following table.
5-38
LEDs
Message
type
Ethernet
indicator
Status
indicator
Radio
indicator
Meaning
Green
Green
Amber
Red
Blinking
green
Blinking
green
Amber
Green
Green
Green
Green
Starting IOS.
Green
Blinking
green
Green
Blinking
green
Green
Blinking
green
Red
Red
Red
Red
Red
Red
Amber
Green
Amber
Red
Green
Red
Amber
Amber
Amber
Boot failure.
Green
Blinking
amber
Blinking
amber
Blinking
amber
General warning.
Configuration Reset
Amber
Failure
Red
Red
Red
Firmware Upgrade
Red
Association status
Operating status
Operation Errors
5-39
Console Port
Reset/Mode Button
Link
Traffic
2006 Cisco Systems, Inc. All rights reserved.
CWLF v1.0m5-8
There are three ports on the Cisco Aironet 1200 Series Access Point:
DC power: The access point draws up to 13 watts maximum of DC power and can receive
power from an external power module or through inline power using the Ethernet cable.
Using inline power, you do not need to run a separate power cord to the access point.
Note
Ethernet port (with or without power): The auto-sensing Ethernet port accepts an RJ-45
connector, linking the access point to your 10Base-T or 100Base-T Ethernet LAN. The
access point can receive power through the Ethernet cable from a power injector, switch, or
power patch panel. The Ethernet MAC address is printed on the label on the back of the
access point.
Console Port: To communicate with the access point via the console port, use a terminal
emulation program (such as HyperTerminal) with the following settings:
9600 baud
8 data bits
No parity
1 stop bit
The reset/mode button is used to reset the access point to factory defaults or reload an image.
5-40
Ethernet Activity
Status
Radio Activity
Status lights
Ethernet
Status
Radio activity
CWLF v1.0m5-9
There are three LEDs on the front cover of the Cisco Aironet 1100 Series Access Point. These
lights indicate:
The Ethernet indicator signals traffic on the wired LAN, or Ethernet infrastructure. This
indicator is normally green when an Ethernet cable is connected, and blinks green when a
packet is received or transmitted over the Ethernet infrastructure. The indicator is off when
the Ethernet cable is not connected.
The status indicator signals operational status. Steady green indicates that the access point
is associated with at least one wireless client. Blinking green indicates that the access point
is operating normally but is not associated with any wireless devices.
The radio indicator blinks green to indicate radio traffic activity. The light is normally off,
but it blinks green whenever a packet is received or transmitted over the access point's
radio.
The LEDs display a variety of information about the state of the access point as indicated in the
following table.
5-41
Ethernet
indicator
Status
indicator
Radio
indicator
Meaning
Green
Green
Amber
Red
Blinking
green
Blinking
green
Amber
Green
Green
Green
Green
Starting IOS.
Green
Blinking
green
Green
Blinking
green
Green
Blinking
green
Red
Red
Red
Red
Red
Red
Amber
Green
Amber
Red
Green
Red
Amber
Amber
Amber
Boot failure.
Green
Blinking
amber
Blinking
amber
Blinking
amber
General warning.
Configuration Reset
Amber
Failure
Red
Red
Red
Firmware Upgrade
Red
Association status
Operating status
Operation Errors
5-42
Reset/Mode Button
No
No console
console port
port on
on this
this access
access point
point
CWLF v1.0m5-10
There are two ports on the Cisco Aironet 1100 Series Access Point:
DC power: The access point draws up to 4.9 watts of DC power and can receive power
from an external power module or through inline power using the Ethernet cable. Using
inline power, you do not need to run a separate power cord to the access point.
Note
Ethernet port (with or without power): The auto-sensing Ethernet port accepts an RJ-45
connector, linking the access point to your 10Base-T or 100Base-T Ethernet LAN. The
access point can receive power through the Ethernet cable from a power injector, switch, or
power patch panel. The Ethernet MAC address is printed on the label on the back of the
access point.
There is no console port on this access point. Use Telnet to configure the access point via the
Cisco IOS commands.
The reset/mode button is used to reset the access point to factory defaults or reload an image.
5-43
802.3af
PoE
802.11a 802.11g
1100
Series
NO
NO
YES
NO
NO
YES
1130AG
Series
NO
YES
YES
YES
YES
YES
1200
Series
YES
YES
YES
NO
YES
YES
1240AG
Series
YES
YES
YES
YES
YES
YES
CWLF v1.0m5-11
As a quick reference for installation, the figure gives a comparison of the different autonomous
access points hardware features.
The 1200 Series access point supports RP-TNC connectors with the RM22 802.11a radio
module.
The 1200 Series access point supports 802.11a with either the RM21 or RM22 802.11a radio
module.
5-44
CWLF v1.0m5-12
Follow these steps to delete the current configuration and return all access point settings to the
factory defaults using the MODE button.
Step 1
Disconnect power (the power jack for external power or the Ethernet cable for inline power) from the access point.
Step 2
Press and hold the MODE button while you reconnect power to the access point.
Step 3
Hold the MODE button until the Status LED turns amber (approximately 1 to 2
seconds), and release the button.
Step 4
After the access point reboots, you must reconfigure the access point by using the
web-browser interface or the CLI.
Note
The access point is configured with the factory default values including the IP address (set
to receive an IP address using Dynamic Host Configuration Protocol [DHCP]). The default
username and password are Cisco, which is case-sensitive.
5-45
CWLF v1.0m5-13
If the wireless device has a firmware failure, you must reload the image file using the web
browser interface or on Cisco 1100, 1130, and 1200 series access points, by pressing and
holding the MODE button for around 30 seconds.
Follow these steps to reload the access point image file:
5-46
Step 1
The PC you intend to use as a TFTP server must be configured with a static IP
address in the range of 10.0.0.2 to 10.0.0.30.
Step 2
Make sure that the PC contains the access point image file (such as c1100-k9w7tar.123-7.JA.tar for an 1100 series access point, c1130-k9w7-tar.123-7.JA.tar,
c1200-k9w7-tar.123-7.JA.tar for a 1200 series access point, or c1240-k9w7-tar.1237.JA.tar for a 1240 series access point) in the TFTP server folder and that the TFTP
server is activated.
Step 3
Rename the access point image file in the TFTP server folder to c1100-k9w7tar.default for an 1100 series access point, c1130-k9w7-tar.default for an 1130 AG
series access point, c1200-k9w7-tar.default for a 1200 series access point or c1240k9w7-tar.default for a 1240 series access point.
Step 4
Connect the PC to the access point using a Category 5 (CAT5) Ethernet cable.
Step 5
Disconnect power (the power jack for external power or the Ethernet cable for inline power) from the access point.
Step 6
Press and hold the MODE button while you reconnect power to the access point.
Step 7
Hold the MODE button until the status LED turns red (approximately 20 to 30
seconds), and release the MODE button.
Step 8
Wait until the access point reboots as indicated by all LEDs turning green followed
by the Status LED blinking green.
Step 9
After the access point reboots, you must reconfigure the access point by using the
web-browser interface or the CLI.
Telnet
Requires an IP address
Web browser
Requires an IP address
Preferred connection
Console
Port
Telnet
Web
Browser
To set an IP address:
Use Dynamic Host Configuration Protocol
(DHCP)
Use Cisco IP Setup Utility (IPSU)
Set using console port
CWLF v1.0m5-14
As designed, you can manage Cisco Aironet access points using a web browser. Telnet and
console port menus are more difficult to use for management.
To set an IP address you can either use DHCP or the Cisco Aironet IP Setup Utility (IPSU).
5-47
CWLF v1.0m5-15
When you connect a Cisco Aironet 1100 Series Access Point with a default configuration to
your LAN, the Aironet 1100 Series Access Point makes several attempts to get an IP address
from the DHCP server. If it does not receive an address, it assigns itself the IP address 10.0.0.1
for five minutes. During this five-minute window, you can browse to the default IP address and
configure a static address. If after five minutes the access point is not reconfigured, it discards
the 10.0.0.1 address and reverts to requesting an address from the DHCP server. If it does not
receive an address, it sends requests indefinitely. If you miss the five-minute window for
browsing to the access point at 10.0.0.1, you can power-cycle the access point to repeat the
process.
5-48
Username: blank
Password: Cisco
CWLF v1.0m5-16
When you connect a Cisco Aironet 1130 AG Series Access Point, Cisco Aironet 1200 Series
Access Point, or Cisco Aironet 1240 AG Series Access Point with a default configuration to
your LAN, the access point requests an IP address from your DHCP server and, if it does not
receive an address, continues to send requests indefinitely.
5-49
Lesson Self-Check
Use the questions here to review what you learned in this lesson. The correct answers and
solutions are found in the Lesson Self-Check Answer Key.
Q1)
Which of the following status LED states indicates that the Aironet 1240 series access
point is working properly and has at least one wireless client associated? (Choose one.)
(Source: Access Point Hardware)
A)
B)
C)
D)
Q2)
To default a Cisco Aironet autonomous (IOS) access point to factory defaults, hold in
the mode/reset button for 2 to 3 seconds while applying power or until the status LED
turns which color? (Choose one.) (Source: Initial Connect and Reset)
A)
B)
C)
D)
5-50
blinking green
blinking blue
solid green
solid blue
Green
Red
Amber
Blue
Q2)
5-51
Summary
This topic summarizes the key points discussed in this lesson.
Summary
In this lesson, Cisco Aironet autonomous access
point hardware, including the LEDs and ports were
discussed.
This lesson also included steps to reset the access
points to factory defaults or to reload an IOS image
using the mode button, and the different ways to
connect to a factory default access point for initial
configuration.
CWLF v1.0m5-18
In this lesson, Cisco core product access point hardware, including the LEDs and ports were
discussed. This lesson also included steps to reset the access points to factory defaults or to
reload an IOS image using the mode button, and the different ways to connect to a factory
default access point for initial configuration.
5-52
Lesson 3
Objectives
Upon completing this lesson, you will be able to set up and configure an autonomous access
point. This ability includes being able to meet these objectives:
Use Express Setup to set up role in the radio network and identify on the access point
Explain traffic classes and configure and apply quality of service policies
CWLF v1.0m5-2
In the Cisco Aironet wireless system, the radio frequency (RF) network has a hierarchy that
starts at the root unit.
For an access point, the root unit is attached to the cabled LAN. This is called the root device.
Clients and repeaters associate with the root. A client may move out of the range of the root
unit and into the range of another root unit. This change will cause the old root unit to drop the
client from the association table and the new access point to add the client to its table. The root
is the top of the structure for data flow.
5-54
Cabled LAN
Access Points
Root
Root
Cabled LAN
Non-root (Repeater)
CWLF v1.0m5-3
All Cisco Aironet autonomous access points can be configured as either a root unit (access
point mode), or as a non-root unit (repeater mode). Root units cannot communicate with other
root units via the RF. They can communicate only over the backbone. Non-root units can
communicate with a root unit (known as the parent unit) via the RF, but cannot send or receive
data via the Ethernet port. Non-root units may also communicate with another non-root unit via
the RF. Non-root units lock on to another non-root or root unit and do not stray from this
connection unless the connection is lost.
Both root and non-root units can accept associations and communicate with wireless clients via
the RF.
5-55
Home Page
This topic views the home page.
CWLF v1.0m5-4
Return to the Home page on the Cisco autonomous access point at any time by selecting the
Home menu tab on the left menu bar. The Home page provides a quick summary of the access
point and bridge status, to include:
Network Identity: This area summarizes the configuration of the access point Bridge
Virtual Interface (BVI) and Ethernet MAC address.
Network Interfaces: This area shows basic information on the access point network
interfaces. The title line gives a link to the Network Interfaces page, which provides more
information on data traffic through the ports. The access point radios are Radio0-802.11b
(2.4 GHz) and Radiol-802.11a (5 GHz).
5-56
Event Log: After the access point has started running, the Event Log area displays the
recent events that have been logged.
Time: Shows the time of the event, expressed in system uptime or wall-clock time.
Severity: Indicates the level of each event or alarm that is processed by the access
point.
Express Setup
This topic describes the use of Express Setup to set up role in the radio network and identify on
the access point.
CWLF v1.0m5-5
Host Name: The host name, while not an essential setting, helps identify the wireless
device on your network. The host name appears in the titles of the management system
pages.
Configuration Server Protocol: Select on the button that matches the networks method
of IP address assignment.
IP Address: Use this setting to assign or change the wireless devices IP address. If
Dynamic Host Configuration Protocol (DHCP) is enabled for your network, leave this field
blank.
IP Subnet Mask: Enter the IP subnet mask provided by your network administrator so the
IP address can be recognized on the LAN. If DHCP is enabled, leave this field blank.
Default Gateway: Enter the default gateway IP address provided by your network
administrator. If DHCP is enabled, leave this field blank.
5-57
Number of radios may vary depending on access point type and configuration
2006 Cisco Systems, Inc. All rights reserved.
CWLF v1.0m5-6
The Express Set-Up page allows configuration of the basic parameters of the access point.
These parameters may be set for either of the radio interfaces of the access point or as follows:
5-58
Role in Radio Network: While the access point can be configured in one of several roles,
this module covers the access point roles. Select on the button that describes the role of the
wireless device on your network.
Select Access Point (Root) if the wireless device is connected to the wired LAN.
Optimize Radio Network for: Access point data rates may be set to send broadcast
packets at higher data rates (select the Range button) or lower data rates (select the
Throughput button). You can also configure specific data rates permitted by selecting the
Custom button.
Aironet Extensions: Select either the Enable or Disable radio button to enable or disable
Aironet extensions. Aironet extensions permit Cisco client-specific features such as
roaming, load balancing, and security features such as Cisco Key Integrity Protocol (TKIP)
and Message Integrity Check (MIC).
CWLF v1.0m5-7
The service set identifier (SSID)s that you create using the Express security page appears in the
SSID table at the bottom of the page. You can create up to 16 SSIDs on the wireless device. On
dual-radio wireless devices, the SSIDs that you create are enabled on both radio interfaces.
Note
In Cisco IOS Release 12.3(4)JA and higher, there is no default SSID. You must configure an
SSID before client devices can associate to the access point.
If you use VLANs on your wireless LAN (WLAN) and assign SSIDs to (VLAN)s, you can
create multiple SSIDs using any of the four security settings on the Express Security page.
However, if you do not use VLANs on your wireless LAN, the security options that you can
assign to SSIDs are limited because on the Express Security page encryption settings and
authentication types are linked. Without VLANs, encryption settings (Wired Equivalent
Privacy [WEP] and ciphers) apply to an interface, such as the 2.4-GHz radio, and you cannot
use more than one encryption setting on an interface. For example, when you create an SSID
with static WEP with VLANs disabled, you cannot create additional SSIDs with Wi-Fi
Protected Access (WPA) authentication because they use different encryption settings. If you
find that the security setting for an SSID conflicts with another SSID, you can delete one or
more SSIDs to eliminate the conflict.
Because the Express Security page is designed for simple configuration of basic security, the
options available are a subset of the access point security capabilities. Keep these limitations in
mind when using the Express Security page:
You cannot edit SSIDs. However, you can delete SSIDs and re-create them.
You cannot assign SSIDs to specific radio interfaces. The SSIDs that you create are
enabled on all radio interfaces. To assign SSIDs to specific radio interfaces, use the
Security SSID Manager page.
5-59
5-60
You cannot configure multiple WEP keys. To configure multiple WEP keys, use the
Security Encryption Manager page.
You cannot assign an SSID to a VLAN that is already configured on the access point. To
assign an SSID to an existing VLAN, use the Security SSID Manager page.
You cannot configure combinations of authentication types on the same SSID (such as
MAC address authentication and EAP authentication). To configure combinations of
authentication types, use the Security SSID Manager page.
Network Interfaces
This topic explains how to enable and configure network interfaces on the access point.
Network Interfaces
Not
Not available
available in
in Aironet
Aironet 1100
1100 Series
Series Access
Access Point
Point
2006 Cisco Systems, Inc. All rights reserved.
CWLF v1.0m5-8
Select the Cisco IOS access point interfaces by selecting the Network Interfaces tab on the left
menu bar. This page contains information about the status of FastEthernet and Radio-802.11b,
Radio-802.11a, or Radio-802.11g interfaces, depending on which radio is installed on the
access point. Statistics and configuration options are available for each of the displayed
interfaces. Each interface can be reached by either selecting the left menu bar or the link in the
Network Interface summary page. The settings include the following:
System Settings which include IP Address, IP Subnet Mask, Default Gateway and MAC
Address.
Interface Status includes Software and Hardware status for the following interfaces:
Radio0-802.11G: The internal 2.4-GHz PCI radio module of the access point
Radiol-802.11A: The external 5-GHz CardBus radio module of the access point
Receive includes Input Rate Timespan, Input rate (bit/sec), Input Rate (packets/sec), Time
Since Last Imput, Total Packets Input, Total, Bytes Input, Broadcast Packets, Total Input
Errors, Overrun Errors, Ignored Packets, and Throttles.
Transmit includes Output Rate Timespan, Output rate (bit/sec), Output Rate (packets/sec),
Time Since Last Imput, Total Packets Output, Total, Bytes Output, Broadcast Packets,
Total Output Errors, Overrun Errors, Ignored Packets, Last Output Hang, Lost Parent
Counts (Repeater mode only), and Association Statistics (Repeater mode only).
5-61
CWLF v1.0m5-9
The FastEthernet Network Interface page permits simple configuration of the access points
Ethernet port. The settings available include:
5-62
Requested Duplex: Auto (configured for negotiation with terminating hub or switch), Half
(half duplex), or Full (full duplex)
Requested Speed: Auto (configured for negotiation with terminating hub or switch), 10
Mbps, or 100 Mbps
CWLF v1.0m5-10
The Network Interface menu for Radio0-802.11G permits the configuration of specific
parameters for the 2.4-GHz radio interface.
Select the role in the radio network for each device. Depending on which device you are using,
the roles can vary. You can also configure a fallback role for root access points. The wireless
device automatically assumes the fallback role when its Ethernet port is disabled or
disconnected from the wired LAN. Select one of the three access point (root) settings if the
access point is connected to the wired LAN. The various roles follow:
5-63
Require - Enables transmission at this rate for all packets, both unicast and multicast. At
least one data rate must be set to Require. A client must support a required rate before it
can associate.
Note
The client must support the basic rate you select or it cannot associate with the access point
Select the Best Range button to optimize access point range or the Best Throughput button to
optimize throughput.
When you configure the IEEE 802.11g access point radio for best throughput, the access point
sets all 802.11g data rates to basic (required). This setting blocks association from IEEE
802.11b client devices.
5-64
CWLF v1.0m5-11
Note
Government regulations define the highest allowable power level for radio devices. This
setting must conform to established standards for the country in which you use the device.
To reduce interference, limit the range of your access point, or to conserve power, select a
lower power setting. For an 802.11g radio, transmit power is divided into Complementary Code
Keying (CCK) transmit power and Orthogonal Frequency Division Multiplexing (OFDM)
transmit power. CCK is the modulation used in 802.11g for the lower frequency rates, and
OFDM is the modulation used in 802.11g for higher data rates (above 20 Mbps).
Note
The 100 mW (20 dBm) value is not available for OFDM data rates.
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
10
12
15
20
25
30
40
50
60
80
100
125
150
200
250
Note
The power settings have appeared in mW or in dBm depending on the version of firmware.
Limit Client Power (mw): Determines the maximum power level allowed on client
devices that associate to the access point. When a client device associates to the access
point, the access point sends the maximum power level setting to the client.
5-65
Note
5-66
The 100 mW (20 dBm) value is not available for OFDM data rates.
Default Radio Channel: This option permits the configuration of a specific frequency for
the access point to use or permits the access point to select the least-congested channel
based upon 802.11 activity.
Least Congested Channel Search: This option permits the configuration of specific
frequencies for the access point to search when determining frequency to use.
World Mode Multi-Domain Operation: Selecting the Enable radio button allows the
access point to transmit information in the 802.11 beacons, which inform the client devices
which frequencies and power are allowable for the access point configured regulatory
domain.
Radio Preamble: Select the Long or Short button, depending on network device
capabilities.
Receive Antenna: The options are Right, Left, and Diversity antennas, depending on your
requirements and any special installation needs.
Transmit Antenna: The options are Right, Left, and Diversity antennas, depending on
your requirements and any special installation needs.
CWLF v1.0m5-12
External Antenna Configuration: This feature is currently not operational, but it may be
supported in future releases.
Antenna Gain (dB): The gain of an antenna is a measure of the antenna's ability to direct
or focus radio energy over a region of space. High-gain antennas have a more focused
radiation pattern in a specific direction. This setting is disabled on the bridge.
Aironet Extensions: Select Enable to use Cisco Aironet 802.11 extensions. This setting
must be set to Enable so that you can use load balancing, MIC, and TKIP.
802.1H: This setting provides optimum performance for Cisco Aironet wireless products.
RFC1042: Use this setting to ensure interoperability with non-Cisco Aironet wireless
equipment. RFC 1042 does not provide the interoperability advantages of IEEE 802.1h but
is used by other manufacturers of wireless equipment.
5-67
Note
5-68
Public Secure Packet Forwarding: Public Secure Packet Forwarding (PSPF) prevents
client devices associated to an access point from inadvertently sharing files or
communicating with other client devices associated to the access point. It provides Internet
access to client devices without providing other capabilities of a LAN. No exchange of
unicast, broadcast, or multicast traffic occurs between protected ports. Select Enable so that
the protected port can be used for secure mode configuration. PSPF must be set per VLAN.
To prevent communication between clients associated to different access points on your
wireless LAN, you must set up protected ports on the switch to which your access points are
connected.
Short Slot-Time: Determine if you want to enable support for the Extended-Rate-PHY
short slot time. Enabling this setting reduces the slot time from the standard 20
microseconds to 9 microseconds to increase throughput.
Beacon Period: The amount of time between beacons in kilo micro seconds. One Kusec
equals 1,024 microseconds.
Data Beacon Rate (DTIM): This setting, always a multiple of the beacon period,
determines how often the beacon contains a delivery traffic indication message (DTIM). A
traffic indication map is present in every beacon. The DTIM notifies power-save client
devices that a packet is waiting for them. If power save clients is active, the access point
buffers any multicast traffics and delivers them immediately after the DTIM beacon. Power
save nodes always wakes for the DTIM beacons. The longer the time, the more buffering
the access point does, and the longer the multicasts are delayed. If the beacon period is set
at 100 (its default setting), and the data beacon rate is set at 2 (its default setting), then the
device sends a beacon containing a DTIM every 200 Kusec. One Kusec equals 1,024
microseconds.
Max. Data Retries: The maximum number of attempts the device makes to send a packet
before giving up, dropping the packet, and disassociating the client.
RTS Max. Retries: The maximum number of times the device issues an RTS before
stopping the attempt to send the packet through the radio. Enter a value from 1 to 128.
Fragmentation Threshold: This setting determines the size at which packets are
fragmented (sent as several pieces instead of as one block). Use a low setting in areas
where communication is poor or where there is a great deal of radio interference.
RTS Threshold: This setting determines the packet size at which the device issues a
request to send (RTS) before sending the packet. A low RTS Threshold setting can be
useful in areas where many client devices are associating with the access point or in areas
where the clients are far apart and can detect only the access point and not each other.
Repeater Parent AP Timeout: If this timeout is enabled, the access point in repeater
mode looks only for the parent access point specified in the following Repeater Parent AP
MAC definition for this given amount of time. If the timeout expires, the list is ignored,
and the unit associates to an access point that matches its requirements, regardless of its
MAC address. If the timeout is disabled, the repeater associates only to parents in the list
and continues the search.
Repeater Parent AP MAC 1-4: Normally, a repeater access point (without a wired LAN
connection) associates much like a normal client, choosing the best access point it can find.
Enter MAC addresses in this list if you want to control the parent access point to which a
repeater may associate. If MAC addresses are entered in this list, a repeater associates only
to a parent whose MAC address matches an entry in the list. If the first MAC address is not
available, the access point continues through the list and waits the amount of time specified
in Repeater Parent AP Timeout field before trying the next.
Not
Not available
available in
in every
every version
version of
of 1200
1200 Series
Series not
not available
available in
in 1100
1100 Series
Series
2006 Cisco Systems, Inc. All rights reserved.
CWLF v1.0m5-13
The Network Interface menu for the Radio0-802.11A permits the configuration of specific
parameters for the 5-GHz radio interface. The following are among the options:
Enable Radio: Selecting the Enable or Disable radio buttons enables or disables the radio
interface.
Current Status (Software/Hardware): This area indicates software and hardware status.
Software status is either enabled or disabled. Hardware status is either up or down.
Role in Radio Network: You can set the access point to be an access point (root mode) or
repeater (non root mode). You can also modify the fallback mechanism for loss of Ethernet
here. The interface can also be set as a Bridge or a Scanner.
Data Rates: The data rates supported for this interface can be controlled via this menu.
Selecting the Require radio button configures the data rate at which broadcast 802.11
packets are sent. Selecting the Enable radio button configures the unicast 802.11 packet
rates supported. Selecting the Disable radio button turns off the packets transmitted at this
data rate.
5-69
If not using
diversity modify
these settings
CWLF v1.0m5-14
Transmit Power: This setting determines the power level of the radio transmission. The
default power setting is the highest transmit power allowed in your regulatory domain.
Note
Government regulations define the highest allowable power level for radio devices. This
setting must conform to established standards for the country in which you use the device.
To reduce interference, limit the range of your access point, or to conserve power, select a
lower power setting. For an 802.11g radio, Transmit Power is divided into CCK Transmit
Power and OFDM Transmit power. CCK is the modulation used in 802.11g for the lower
frequency rates, and OFDM is the modulation used in 802.11g for higher data rates (above 20
Mbps).
Note
5-70
The 100 mW (20 dBm) value is not available for rates greater than 12 Mbps.
Limit Client Power (mw): Determine the maximum power level allowed on client devices
that associate to the access point. When a client device associates to the access point, the
access point sends the maximum power level setting to the client.
Default Radio Channel: This option permits the configuration of a specific frequency for
the access point to use or permits the access point to select the least-congested channel,
based upon 802.11 activities.
Least Congested Channel Search: This option permits the configuration of specific
frequencies for the access point to search when determining the frequency to use.
Receive Antenna: The options are Right, Left, and Diversity, depending on your
requirements and any special installation needs.
Transmit Antenna: The options are Right, Left, and Diversity, depending on your
requirements and any special installation needs.
External Antenna Configuration: This feature is not currently supported but may be in a
future firmware release.
5-71
Aironet Extensions: Selecting the Enable radio button allows roaming and enables Ciscospecific security options.
Note
5-72
CWLF v1.0m5-15
Public Secure Packet Forwarding: Public Secure Packet Forwarding (PSPF) prevents
client devices associated to an access point from inadvertently sharing files or
communicating with other client devices associated to the access point. It provides Internet
access to client devices without providing other capabilities of a LAN. No exchange of
unicast, broadcast, or multicast traffic occurs between protected ports. Select Enable so that
the protected port can be used for secure mode configuration. PSPF must be set per VLAN.
To prevent communication between clients associated to different access points on your
wireless LAN, you must set up protected ports on the switch to which your access points are
connected.
Beacon Period: The amount of time between beacons in kilomicroseconds. One Kusec
equals 1,024 microseconds.
Data Beacon Rate (DTIM): This setting, always a multiple of the beacon period,
determines how often the beacon contains a delivery traffic indication message (DTIM). A
traffic indication map is present in every beacon. The DTIM notifies power-save client
devices that a packet is waiting for them. If power save clients is active, the access point
buffers any multicast traffics and delivers them immediately after the DTIM beacon. Power
save nodes always wakes for the DTIM beacons. The longer the time, the more buffering
the access point does, and the longer the multicasts are delayed. If the beacon period is set
at 100 (its default setting), and the data beacon rate is set at 2 (its default setting), then the
device sends a beacon containing a DTIM every 200 Kusec. One Kusec equals 1,024
microseconds.
Max. Data Retries: The maximum number of attempts the device makes to send a packet
before giving up, dropping the packet, and disassociating the client.
RTS Max. Retries: The maximum number of times the device issues an RTS before
stopping the attempt to send the packet through the radio. Enter a value from 1 to 128.
Fragmentation Threshold: This setting determines the size at which packets are
fragmented (sent as several pieces instead of as one block). Use a low setting in areas
where communication is poor or where there is a great deal of radio interference.
RTS Threshold: This setting determines the packet size at which the device issues a RTS
before sending the packet. A low RTS Threshold setting can be useful in areas where many
client devices are associating with the access point or in areas where the clients are far apart
and can detect only the access point and not each other.
Repeater Parent AP Timeout: If this timeout is enabled, the access point in repeater
mode looks only for the parent access point specified in the following Repeater Parent AP
MAC definition for this given amount of time. If the timeout expires, the list is ignored,
and the unit associates to an access point that matches its requirements, regardless of its
MAC address. If the timeout is disabled, the repeater associates only to parents in the list
and continues the search.
Repeater Parent AP MAC 1-4: Normally, a repeater access point (without a wired LAN
connection) associates much like a normal client, choosing the best access point it can find.
Enter MAC addresses in this list if you want to control the parent access point to which a
repeater may associate. If MAC addresses are entered in this list, a repeater associates only
to a parent whose MAC address matches an entry in the list. If the first MAC address is not
available, the access point continues through the list and waits the amount of time specified
in Repeater Parent AP Timeout field before trying the next.
5-73
Cisco Services
This topic describes how to locate various advance services.
QoS and VLAN are the key settings for most deployments
2006 Cisco Systems, Inc. All rights reserved.
CWLF v1.0m5-16
This is the configuration screen from a Cisco Aironet 1200 series autonomous access point.
The current services available are:
5-74
Telnet/SSH: Enable, disable and configure Telnet and Secure Shell (SSH) connections to
the access point.
Hot Standby: Enable, disable and configure the access point as a Hot Standby access
point.
HTTP: Enable, disable and configure the Hyper Text Transfer Protocol interface on the
access point.
ARP Caching: Enable and configure Address Resolution Protocol (ARP) caching.
VLAN Configuration
This topic describes how to set up and configure a VLAN on an access point.
CWLF v1.0m5-17
Choosing Services > VLAN from the menu tab allows you to configure VLANs on an access
point, which may then be assigned encryption policies and may have SSIDs assigned.
The VLAN ID field allows the VLANs to be defined and assigned as either of the following:
Native VLAN: This check box denotes the native VLAN for the access point. Only one
VLAN ID may be defined as the native VLAN.
Enable Publicly Secure Packet Forwarding: This check box permits you to apply
Publicly Secure Packet Forwarding (PSPF) on each VLAN, as requirements dictate. PSPF
prevents client devices from linking to other wireless LAN (WLAN)-associated clients.
When a VLAN is configured on the access point through the GUI, the Ethernet port is
converted to an 802.1q trunk port.
5-75
CWLF v1.0m5-18
After VLANs are defined from the Assigned VLAN page and assigned to radio interfaces, the
throughput statistics for a specified VLAN from the VLAN Information menu can be viewed at
the bottom of the VLAN setup screen. Transmit and receive statistics for each interface and for
each configured VLAN can be obtained.
5-76
CWLF v1.0m5-19
5-77
SSID Manager
CWLF v1.0m5-20
The SSID Manager page permits you to configure the SSID after you have set up VLAN and
encryption parameters on the access point.
The Authentication Methods Accepted check boxes, Open Authentication, Shared
Authentication, and Network EAP, permit you to specify the types of authentication available
on the SSID. Either MAC or Extensible Authentication Protocol (EAP) authentication may be
added to Open or Shared authentication. MAC authentication may be added to Network EAP
authentication to permit adding a MAC authentication step to the Lightweight Extensible
Authentication Protocol (LEAP) authentication process.
Note
5-78
When VLANs are created, SSIDs not assigned to a VLAN become disabled.
CWLF v1.0m5-21
On the bottom of the SSID Manager screen, additional authentication can be configured for the
selected SSID.
Authenticated key management, either for Cisco Centralized Key Management (CCKM) or for
WPA, may be configured as optional or mandatory, depending on the desired system operation
and client capabilities. If you are using WPA, enter the WPA pre-shared key (which
authenticates the encryption parameters between client and access point in a non-802.1X
environment) from this interface.
5-79
CWLF v1.0m5-22
5-80
Advertise Extended Capabilities of this SSID: Allows you to include the SSID name and
capabilities in the Wireless Provisioning Service (WPS) information element.
Advertise Wireless Provisioning Services (WPS) Support: Allows you to enable the
WPS capability flag in the WPS information element.
Advertise this SSID as a Secondary Broadcast SSID: Allows you to include the SSID
name and capabilities in the WPS information element.
Enable IP Redirection on this SSID The IP redirect feature provides a stand alone Cisco
Aironet access point the capability to redirect wireless IP data traffic to an alternate
destination IP address on the wired LAN. The IP redirect feature is designed to provide a
means of diverting traffic from its specified destination on the wired LAN to a destination
chosen by the network administrator. Some examples of how this feature might be used
are:
Establish next-hop routing; for example, pushing all guest traffic within an
organization to the Internet router
Association Limit (optional): Determines the maximum number of client associations the
access point permits to the specified SSID.
EAP Client (optional): Username and password to authenticate the access point to a
LEAP server, for operation of the access point or bridge in repeater or non-root mode if
entered from this interface.
CWLF v1.0m5-23
Set SSID as Guest Mode: Check the box if you want to include the SSID in beacons. To
increase the battery life for power-save clients that uses this SSID.
Set Data Beacon Rate (DTIM): Check the box and enter a beacon rate for the SSID. The
beacon rate determines how often the access point sends a beacon containing a Delivery
Traffic Indicator Message (DTIM). When client devices in power saving mode receive a
beacon that contains a DTIM, they normally wake up to check for pending packets. Longer
intervals between DTIMs let clients sleep longer and preserve power. Conversely, shorter
DTIM periods reduce the delay in receiving packets but use more battery power because
clients wake up more often.
Set Beacon Mode: Select to choose single or multiple access point beacon messages. From
the drop-down menu, indicate the guest mode that enables clients without any SSID to
associate to this access point.
Set Infrastructure SSID: When the access point is in repeater mode, this SSID is used to
associate with a parent access point. Check the check box by the drop-down menu if you
want to force infrastructure devices to associate only to this SSID.
5-81
SSID Summary
Check the type of security for each SSID and VLAN.
CWLF v1.0m5-24
The SSID summary and administrator user information is available from the Security menu
under Security Summary.
You can configure the administrative users and their capabilities (read-only or read-write) from
the Admin Access menu.
Note
VLANs and SSIDs are associated with each radio interface, and their configured
authentication.
SSIDs may also be configured from the Security Summary page. The configuration menu for
each radio interface is accessible from either the Radio0-802.11B-SSIDs or Radiol-802.11ASSIDs link.
5-82
QoS Configuration
This topic explains traffic classes, configures and applies quality of service policies.
Quality of Service
CWLF v1.0m5-25
You can create QoS policies from the Services > QoS Policies menu. QoS policies permit the
prioritization of packets based on the device type, IP tags, VLAN, or predefined filter (access
control list, or ACL).
The policy name is used as a descriptor to uniquely identify each QoS policy defined in the
access point. After associating a class of service (CoS) with a QoS Policy, the associated CoS
appears in the Classification selection box.
Under the Match Classifications menu, the specific mechanism used to prioritize packets (IP
Precedence, IP DSCP, IP Protocol 119, Filter, and Apply Class of Service) applies the CoS for
each defined classification.
5-83
CWLF v1.0m5-26
After configuration of QoS policies, the configured policies may be applied to the desired
interface, either for inbound (Incoming) or outbound (Outgoing) traffic. Additionally, policies
may be defined for each configured VLAN on the access point in order to permit unique packet
prioritization for different VLAN and user classes.
In this case, the QoS policies have been applied to the radio interface on an incoming and
outgoing basis and on the Ethernet interface on incoming packets. For IEEE 802.11b data rates,
it is unlikely that packet prioritization will be required on output to the Ethernet, because
Ethernet speed (even 10 Mbps) is faster than all 802.11b rates.
5-84
Each VLAN should utilize a different quality of service (QoS) policy based
on traffic type
2006 Cisco Systems, Inc. All rights reserved.
CWLF v1.0m5-27
After configuration of QoS policies, the configured policies may be applied to the desired
interface, either for inbound (Incoming) or outbound (Outgoing) traffic. Additionally, policies
may be uniquely defined for each configured VLAN on the access point in order to permit
unique packet prioritization for different VLAN and user classes.
5-85
CWLF v1.0m5-28
The Advanced menu tab permits you to configure specific QoS parameters for unique
applications, as follows:
IP Phone: Selecting the Enable or Disable radio button permits the QoS element for
wireless phones to be enabled or disabled. This parameter configures the access point to
broadcast quality beacon information in the beacons for association by 802.11 telephony
devices, such as the Cisco Wireless IP Phone 7920.
IGMP Snooping: Selecting the Enable or Disable radio button permits the access point to
proxy an Interior Gateway Management Protocol (IGMP) query to the IGMP snoopingenabled network on behalf of an IGMP client to preserve the integrity of the multicast
stream to IGMP members.
Note
5-86
AVVID Priority Mapping: Map Ethernet Packets CoS 5 CoS 6. If your network is
based on Cisco AVVID specification, select Yes. This mapping prioritizes voice packets
that include priority 5 (video).
CWLF v1.0m5-29
Under the Radio 802.11 Access Categories menu tab, you can review and edit the access
category definitions (as related to 802.11 contention window) for each CoS defined in the
access point.
The figure shows the default contention window settings defined for each CoS, which is
assigned via the QoS policy menu.
It is not recommended that these 802.11 contention window settings be altered, unless there is a
specific need to alter the 802.11 access behavior for unique application or WLAN load
requirements. These network settings are a prestandard version of the 802.11 contention
window settings that are to be standardized in the 802.11e standard.
5-87
SNMP
CWLF v1.0m5-30
You can enable SNMP by choosing Services > SNMP from the menu.
Configure or query the system information (system name, system location, and system contact)
for the access point from this interface. The access point sends this system information to the
SNMP management station for SNMP queries. SNMP is disabled by default.
5-88
SNMP (Cont.)
CWLF v1.0m5-31
On the lower section of the SNMP services page, you can configure the specific parameters
used by the access point for SNMP messaging.
The SNMP community strings that are used to communicate with SNMP management entities
are configured from this screen.
The SNMP trap destination, which is the network management station used to collect SNMP
traps, or defined system performance, or exception thresholds, is configured here. An SNMP
trap community string is also used to ensure that the trap destination has the correct string to
accept SNMP traps from the access point.
In addition, the specific events that trigger an SNMP trap are specified from this interface.
5-89
Filtering
This topic describes Layer 4, MAC address, Ethertype, IP protocol and port filtering.
Filters
MAC address filters
Ethertype filters
IP filters
IP address
IP protocol
UDP/TCP port
CWLF v1.0m5-32
Cisco Aironet access points have a flexible set of filters. The access points support MAC
address filtering, IP address filtering, IP protocol filtering, and TCP/UDP port filtering. The
filters can be created through the web interface or by creating ACLs via the command line.
Once filters are created, they are applied to a specific interface.
5-90
Not the most secure method since MAC addresses can be spoofed
2006 Cisco Systems, Inc. All rights reserved.
CWLF v1.0m5-33
The MAC ADDRESS FILTERS tab permits you to allow or disallow the forwarding of packets
containing specific MAC addresses.
The steps to enter a new MAC address filter are as follows:
Create/Edit Filter Index: Select <NEW> from the drop-down menu or select the
appropriate index to edit.
Add MAC Address: Enter the MAC Address and Ethernet mask, and select an action
(Forward or Block) from the drop-down menu for the entered MAC address.
Default Action: Select either Forward All or Block All from the drop-down menu.
Note
Multiple MAC address filters may be aggregated to make up a MAC address filter class.
Note
5-91
Ethertype Filters
CWLF v1.0m5-34
The ETHERTYPE FILTERS tab permits you to allow or disallow the forwarding of packets
with a specific Ethertype header.
The steps to enter a new Ethertype address filter are as follows:
Create/Edit Filter Index: Select <NEW> or select the appropriate index to edit from the
drop-down menu.
Add EtherType: Enter Ethertype hexadecimal packet identifier and mask, and select an
action (Forward or Block) from the drop-down menu for the entered MAC address.
Default Action: Select either Forward All or Block All from the drop-down menu.
Note
5-92
Multiple Ethertype address filters may be aggregated under a single filter class.
CWLF v1.0m5-35
The IP FILTERS tab permits you to set IP protocol and port filters.
IP protocol and port filters may be defined for the following categories:
IP Address: Enter the destination address and source address and select whether the filter
will block or forward traffic to specified IP addresses.
IP Protocol: Specify the IP protocol and select whether the filter will block or forward
traffic to and from the specified IP port.
UDP/TCP Port: Specify the UDP/TCP port number and select whether the filter will block
or forward traffic to and from specified UDP/TCP port.
Note
5-93
Applying Filter
CWLF v1.0m5-36
After you have created the filter on the applicable filters pages, apply the filter to the
appropriate incoming and outgoing interfaces.
Note
This action has the same effect as applying ACLs to a bridge group and the interfaces
associated with that bridge group.
5-94
Global
Per interface
Note:
Note: IfIf you
you change
change configurations
configurations via
via console
console
you
you must
must save
save configuration
configuration
CWLF v1.0m5-37
The Cisco Aironet autonomous access points can also be managed using the Cisco IOS
software command-line interface (CLI). There are new 802.11 commands added to Cisco IOS
commands for applying SSIDs, entering WEP keys, changing IP address, changing channels,
and many more. As with other Cisco IOS products, this interface may be accessed via Telnet,
SSH or local console interface.
5-95
Method
Status
BVI1
10.1.1.8
IP-Address
YES
OK?
DHCP
up
up
Dot11Radio0
unassigned
YES
unset
administratively down
down
Dot11Radio1
unassigned
YES
unset
administratively down
down
FastEthernet0
ap#
unassigned
YES
other
up
up
Protocol
CWLF v1.0m5-38
The 802.11 commands fit into the Cisco IOS design like just another interface. The design
takes features used in a wired environment and extends them to a wireless interface.
BVI1 (Bridge Virtual Interface) is the first interface, and is the administrative interface.
Dot11Radio0 is the second interface and is the 802.11b/g radio.
Dot11Radio1 is the third interface and is the 802.11a radio. Access points without an 802.11a
radio will not have a Dot11Radio1 interface.
FastEthernet0 is the forth interface.
5-96
User EXEC
Privileged
EXEC
Username: Cisco
Password:
ap>
ap>enable
Password:
ap#
ap#configure terminal
Enter configuration commands, one per line.
ap(config)#
ap(config)#interface dot11Radio 0
ap(config-if)#
CWLF v1.0m5-39
User EXEC mode: After you access the device, you are automatically in user EXEC
command mode. The EXEC commands available at the user level are a subset of those
available at the privileged level. In general, use the EXEC commands to temporarily
change the terminal settings, perform basic tests, and list system information. The
supported commands can vary depending on the version of Cisco IOS software in use.
Privileged EXEC mode: Because many of the privileged commands are used to configure
operating parameters, privileged access should be password-protected to prevent
unauthorized use. The privileged EXEC command set includes those commands contained
in the EXEC mode, as well as the configure privileged EXEC command through which
you access the remaining command modes.
If your system administrator has set a password, you are prompted to enter it before being
granted access to privileged EXEC mode. The password does not appear on the screen and is
case-sensitive.
5-97
Global
configuration
Username: Cisco
Password:
ap>
ap>enable
Password:
ap#
ap#configure terminal
Enter configuration commands, one per line.
ap(config)#
ap(config)#interface dot11Radio 0
ap(config-if)#
Interface
configuration
5-98
CWLF v1.0m5-40
Global configuration mode: Global configuration commands apply to features that affect
the device as a whole. Use the configure privileged EXEC command to enter global
configuration mode. The default is to enter commands from the management console.
When you enter the configure command, a message prompts you for the source of the
configuration commands.
Global configuration
15 802.11 commands
Configuration interface
35 802.11 commands
CWLF v1.0m5-41
The Cisco IOS command reference is for the networking professional using the Cisco IOS CLI
to manage Cisco Aironet access points and bridges that run Cisco IOS software. Before using
this guide, you should have experience working with Cisco IOS commands and access point
and bridge software features; you also need to be familiar with the concepts and terminology of
Ethernet and local area networking.
This guide provides information about new and revised Cisco IOS commands. For information
about the standard Cisco IOS commands, refer to the IOS documentation set available from the
Cisco.com home page by selecting Service and Support > Technical Documents. On the
Cisco Product Documentation home page, select Release 12.3 from the Cisco IOS software
drop-down list.
You can access the most current Cisco documentation at this URL:
http://www.cisco.com/techsupport
You can access the Cisco website at this URL:
http://www.cisco.com
You can access international Cisco websites at this URL:
http://www.cisco.com/public/countries_languages.shtml
5-99
CWLF v1.0m5-42
Use the power local configuration interface command to configure the access point or bridge
radio power level. Use the no form of the command to reset the parameter to defaults. On the
2.4-GHz, 802.11g radio, you can set OFDM power levels and CCK power levels. CCK
modulation is supported by 802.11b and 802.11g devices. OFDM modulation is supported by
802.11g and 802.11a devices. The figure shows how to set the power level of an 802.11g radio
to 50 mW.
2.4-GHz Access Point Radio (802.11b)
[no] power local {1 | 5 | 20 | 30 | 50 | 100 | maximum}3
2.4-GHz Access Point Radio (802.11g)
[no] power local cck {1 | 5 | 10 | 20 | 30 | 50 | 100 | maximum}1
[no] power local cck {-1 | 2 | 5 | 8 | 11 | 14 | 15 | 17 | 20 | maximum}4
[no] power local ofdm {1 | 5 | 10 | 20 | 30 | maximum}1
[no] power local ofdm {-1 | 2 | 5 | 8 | 11 | 14 | 17 | maximum}2
5-GHz Access Point Radio (801.11a)
[no] power local {5 | 10 | 20 | 40 | maximum}1
[no] power local { -1 | 2 | 5 | 8 | 11 | 14 | 15 | maximum}2
[no] power local { -1 | 2 | 5 | 8 | 11 | 14 | 15 | 17 | maximum}2
1400 Series Bridge 5.8-GHz Radio
[no] power local {12 | 15 | 18 | 21 | 22 | 23 | 24 | maximum}2
5-100
Note
The maximum transmit power depends on your regulatory domain and the antenna gain for
your access point or bridge. For additional information refer to the "Channels and Antenna
Settings" section of the hardware installation guide for your access point or bridge.
Note
The supported transmit power levels differ on the various access points and bridges.
Note
This command requires the radio to be turned on and enabled to determine valid power
settings allowed on your access point radio.
5-101
CWLF v1.0m5-43
Specifies the SSID name for the radio, expressed as a case-sensitive alphanumeric
string from 1 to 32 characters.
Defaults: On access points, the factory default SSID is tsunami. On bridges, the default SSID
is autoinstall.
Command Modes: Configuration interface.
Command History
5-102
Release
Modification
12.2(4)JA
CWLF v1.0m5-44
Use the channel interface configuration command to set the radio channel frequency. The
access point in the figure changes to frequency 2457. (channel 10)
Use the channel configuration interface command to set the radio channel frequency. Use the
no form of this command to reset the channel frequency to defaults.
[no] channel {number | frequency | least-congested}
Channels and Center Frequencies for 2.4-GHz Radios (both 802.11b and
802.11g)
Channel Identifier
Frequency
(MHz)
Channel Identifier
Frequency
(MHz)
2412
2447
2417
2452
2422
10
2457
2427
11
2462
2432
12
2467
2437
13
2472
2442
14
2484
5-103
Frequency
(MHz)
Channel
Identifier
Frequency
(MHz)
Channel
Identifier
Frequency
(MHz)
34
5170
100
5500
149
5745
36
5180
104
5520
153
5765
38
5190
108
5540
157
5785
40
5200
112
5560
161
5805
42
5210
116
5580
165
5825
44
5220
120
5600
46
5230
124
5620
48
5240
128
5640
52
5260
132
5660
56
5280
136
5680
60
5300
140
5700
64
5320
Channels and Center Frequencies for the 1400 Series Bridge 5-GHz Radio
Channel Identifier
Frequency
(MHz)
149
5745
153
5765
157
5785
161
5805
5-104
CWLF v1.0m5-45
The channel interface configuration command allows the option of entering the channel three
different ways:
By the frequency:
AP(config-if)# channel 10
AP (config-if)# channel 2457
5-105
Lesson Self-Check
Use the questions here to review what you learned in this lesson. The correct answers and
solutions are found in the Lesson Self-Check Answer Key.
Q1)
A root access point can only communicate with a/an ________ on the wired
infrastructure? (Choose one.) (Source: Role in the Radio Network)
A)
B)
C)
D)
Q2)
Which of the following is the default page for the GUI interface of an autonomous
access point? (Choose one.) (Source: Home Page)
A)
B)
C)
D)
Q3)
Required
Enabled
Disabled
Broadcast
Which of the following is not configured under the Advanced Services area? (Choose
one.) (Source: Advanced Services)
A)
B)
C)
D)
5-106
8
12
16
24
Which of the following data rate settings is used for broadcast traffic? (Choose one.)
(Source: Network Interfaces)
A)
B)
C)
D)
Q6)
Access Point
Repeater
Non-root Bridge without clients
Workgroup Bridge
How many SSIDs can be created on the Express Security Setup page? (Choose one.)
(Source: Express Security Setup)
A)
B)
C)
D)
Q5)
Home
Express Setup
Express Security
Event Log
Which of the following settings should be chosen if the access point is not connected to
the Ethernet? (Choose one.) (Source: Express Setup)
A)
B)
C)
D)
Q4)
Repeater
Client
Access point
Workgroup bridge
VLANs
QoS
Filters
SSID
Q7)
When configuring a VLAN, the Ethernet port is set to which of the following? (Choose
one.) (Source: VLAN Configuration)
A)
B)
C)
D)
Q8)
Which of the following is true of SSIDs not assigned to a VLAN? (Choose one.)
(Source: VLAN Configuration)
A)
B)
C)
D)
Q9)
True
False
MAC address filters can be created for which of the following? (Choose one.) (Source:
Filtering)
A)
B)
C)
Q12)
Q11)
Choose the correct answer to fill in the blanks in the following question. QoS policies
are assigned to the _________ and _______when no VLANs are enabled. (Choose
one.) (Source: Quality of Service)
A)
B)
C)
D)
Q10)
802.1q
SSL
Normal
802.11q
When configuring the SSID via the command line, the SSID is created by which of the
following commands? (Choose one.) (Source: Access Point Cisco IOS Command Line)
A)
B)
C)
D)
AP#(config) ssid
AP#(config-if) ssid
AP#(config) dot11 ssid
AP#(config-if) dot11 ssid
5-107
5-108
Q1)
Q2)
Q3)
Q4)
Q5)
Q6)
Q7)
Q8)
Q9)
Q10)
Q11)
Q12)
Summary
This topic summarizes the key points discussed in this lesson.
Summary
In this lesson we learned where and how to configure
features in access points and bridges using the GUI.
We also learned where and how to configure features
in access points and bridges using the command line
interface.
CWLF v1.0m5-48
5-109
5-110