Wireless Cisco

CWLF
Cisco Wireless LAN

Fundamentals
Volume 1
Version 1.0
Student Guide
Text Part Number: xx-xxxx-xx
Copyright 2006, Cisco Systems, Inc. All rights reserved.

Cisco Systems has more than 200 offices in the following countries and regions. Addresses, phone numbers, and fax
numbers are listed on the Cisco Web site at www.cisco.com/go/offices.
Argentina Australia Austria Belgium Brazil Bulgaria Canada Chile China PRC Colombia Costa Rica Croatia Czech
Republic Denmark Dubai, UAE Finland France Germany Greece Hong Kong SAR Hungary
India Indonesia Ireland Israel Italy Japan Korea Luxembourg Malaysia Mexico The Netherlands
New Zealand Norway Peru Philippines Poland Portugal Puerto Rico Romania Russia Saudi Arabia
Scotland Singapore Slovakia Slovenia South Africa Spain Sweden Switzerland Taiwan Thailand Turkey Ukraine
United Kingdom United States Venezuela Vietnam Zimbabwe
Copyright 2006, Cisco Systems, Inc. All rights reserved. CCIP, the Cisco Powered Network mark, the
Cisco Systems Verified logo, Cisco Unity, Fast Step, Follow Me Browsing, FormShare, Internet Quotient, iQ
Breakthrough, iQ Expertise, iQ FastTrack, the iQ logo, iQ Net Readiness Scorecard, Networking Academy,
ScriptShare, SMARTnet, TransPath, and Voice LAN are trademarks of Cisco Systems, Inc.; Changing the Way We
Work, Live, Play, and Learn, Discover All Thats Possible, The Fastest Way to Increase Your Internet Quotient, and
iQuick Study are service marks of Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE,
CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco Press,
Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Empowering the Internet Generation,
Enterprise/Solver, EtherChannel, EtherSwitch, GigaStack, IOS, IP/TV, LightStream, MGX, MICA, the Networkers
logo, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, RateMUX, Registrar, SlideCast, StrataView Plus,
Stratm, SwitchProbe, TeleRouter, and VCO are registered trademarks of Cisco Systems, Inc. and/or its affiliates in
the U.S. and certain other countries.
All other trademarks mentioned in this document or Web site are the property of their respective owners. The use of
the word partner does not imply a partnership relationship between Cisco and any other company. (0201R)
Table of Contents
Volume 1
Course Introduction .......................................................................................................... 1

Overview ......................................................................................................................................1
Course Goal and Objectives ........................................................................................................3
Course Flow.................................................................................................................................4
Additional References..................................................................................................................5
Module 1: Cisco Aironet WLAN Overview

Lesson 1: Describing Wireless LAN Radio Technologies..................................... 1-3
Overview .............................................................................................................................1-3
Unlicensed Freuency Bands ...............................................................................................1-4
Spread Spectrum RF Technology.....................................................................................1-16
2.4-GHz Antennas ............................................................................................................1-22
IEEE 802.11a Characteristics ...........................................................................................1-25
Lesson Self-Check ............................................................................................................1-41
Summary...........................................................................................................................1-43
Lesson 2: Defining Antenna Concepts ................................................................. 1-45

Overview ...........................................................................................................................1-45
Definition of Terms ............................................................................................................1-46
Antenna Concepts ............................................................................................................1-52
Various Antenna Types.....................................................................................................1-55
EIRP Rules .......................................................................................................................1-59
Summary...........................................................................................................................1-68
Module 2: Cisco Aironet WLAN Products

Lesson 1: Describing Wireless LAN Access Points, Bridges Antennas and
Accessories............................................................................................................... 2-3
Overview .............................................................................................................................2-3
Platform Overview...............................................................................................................2-4
Cisco Aironet Indoor Rugged Access Points ......................................................................2-7
1500 Series Wireless Outdoor Mesh Access Points...........................................................2-9
1300 Series Access Point and Bridge...............................................................................2-10
Cisco Aironet Access Point Comparisons.........................................................................2-11
1400 Series Wireless Bridge.............................................................................................2-14
Powering Options for Access Points and Bridges.............................................................2-15
Power Injectors for Access Points ....................................................................................2-16
2.4-GHz Antennas ............................................................................................................2-20
5-GHz Antennas ...............................................................................................................2-24
Summary...........................................................................................................................2-32
Copyright 2006, Cisco Systems, Inc.
Cisco Wireless LAN Fundamentals (CWLF) v1.0
Lesson 2: Describing WLAN Client Adapters.................................................. 2-33

Overview .................................................................................................................... 2-33
Cisco Aironet 802.11a/b/g Client Adapter .................................................................. 2-34
Cisco Wireless IP Phone7920.................................................................................... 2-35
Cisco Compatible Extensions Program...................................................................... 2-36
Lesson Self-Check ..................................................................................................... 2-42
Summary.................................................................................................................... 2-44
Lesson 3: Describing WLAN Network Management, Control, and Services 2-45

Overview .................................................................................................................... 2-45
Ciscos Network Management ................................................................................... 2-47
Cisco WLAN Controllers ............................................................................................ 2-49
CiscoWorks Wireless LAN Solution Engine ............................................................... 2-53
CiscoWorks Wireless LAN Solution Engine Express ................................................. 2-55
Cisco Wireless Control System .................................................................................. 2-57
Cisco Wireless Location Appliance ............................................................................ 2-59
Integrated Services Routers....................................................................................... 2-60
Cisco 3200 Series Wireless and Mobile Routers ....................................................... 2-64
Cisco Secure ACS Solution Engine ........................................................................... 2-65
Summary.................................................................................................................... 2-70
Lesson 4: Introducing Access Point Enterprise-Class Features................... 2-71

Overview .................................................................................................................... 2-71
Software Support ....................................................................................................... 2-72
Security ...................................................................................................................... 2-79
Virtual LAN Support ................................................................................................... 2-80
Quality of Service ....................................................................................................... 2-81
Summary.................................................................................................................... 2-84
Module 3: Wireless Bridges

Lesson 1: Using Wireless Bridges and Alternatives.......................................3-3
Overview ...................................................................................................................... 3-3
Wireless Bridges and Bridge Alternatives .................................................................... 3-4
1300 Series Wireless Bridge...................................................................................... 3-10
1300 Series Outdoor Channels and Power Levels .................................................... 3-14
1400 Series Access Point Bridge............................................................................... 3-19
1400 Series Outdoor Channels and Power Levels .................................................... 3-24
BR1410 an BR1310 Deployment Scenarios .............................................................. 3-25
Summary.................................................................................................................... 3-28
Lesson 2: Choosing Roles in the Radio Network.......................................... 3-29

Overview .................................................................................................................... 3-29
Role in Radio Network ............................................................................................... 3-30
2
Comparing Access Points and Bridges.............................................................................3-37

Summary...........................................................................................................................3-54
Lesson 3: Determining Bridge Path Information ................................................. 3-55

Overview ...........................................................................................................................3-55
Installation Considerations ................................................................................................3-57
Distance and Path Loss Considerations ...........................................................................3-61
Bridge Distance Calculations ............................................................................................3-65
Outdoor Path Considerations............................................................................................3-67
Antenna Considerations....................................................................................................3-77
Common Deployment Questions ......................................................................................3-81
Summary...........................................................................................................................3-87
Module 4: Aironet Desktop Utility

Lesson 1: Describing Configuration Utilities ......................................................... 4-3
Overview .............................................................................................................................4-3
Software Download.............................................................................................................4-4
Supported Operating Systems ............................................................................................4-5
PC Card LEDs ....................................................................................................................4-6
Aironet Client Administrator Utility ......................................................................................4-7
Summary...........................................................................................................................4-13
Lesson 2: Installing and Configuring Aironet Desktop Utility ............................ 4-15

Overview ...........................................................................................................................4-15
Install the Aironet Desktop Utility ......................................................................................4-16
Current Status Page .........................................................................................................4-20
ADU Profile Manager ........................................................................................................4-22
ADU Tools.........................................................................................................................4-25
Summary...........................................................................................................................4-33
Module 5: Core Access Point and Bridge Basic Configuration

Lesson 1: Describing Cisco Unified Wireless Network Core Products ............... 5-3
Overview .............................................................................................................................5-3
Introducing WLAN Management .........................................................................................5-4
WLAN Core Products Overview..........................................................................................5-9
Components and Protocols...............................................................................................5-11
Management Benefits .......................................................................................................5-14
Security .............................................................................................................................5-15
Roaming Concepts ...........................................................................................................5-20
Summary...........................................................................................................................5-30
Lesson 2: Setting up Autonomous Access Point Hardware............................... 5-31

Overview .................................................................................................................. 5-31

Access Point Hardware ............................................................................................ 5-32
Initial Connect and Reset ......................................................................................... 5-45
Lesson Self-Check ................................................................................................... 5-50
Summary .................................................................................................................. 5-52
Lesson 3: Configuring the Access Point ....................................................... 5-53

Overview .................................................................................................................. 5-53
Access Point: Root Mode ......................................................................................... 5-55
Home Page .............................................................................................................. 5-57
Express Setup .......................................................................................................... 5-58
Express Security Setup ............................................................................................ 5-60
Network Interfaces ................................................................................................... 5-62
Cisco Services ......................................................................................................... 5-75
VLAN Configuration ................................................................................................. 5-76
QoS Configuration.................................................................................................... 5-84
Simple Network Management Protocol Setup.......................................................... 5-89
Filtering .................................................................................................................... 5-91
Access Point Cisco IOS CLI..................................................................................... 5-96
Lesson Self-Check ................................................................................................. 5-107
Summary ................................................................................................................ 5-110
CWLF
Course Introduction
Overview
In this course, you will examine the fundamentals of Ciscos wireless LAN technology. You
will explore the concepts of autonomous and lightweight access points and controllers. In
addition, you will explore network management solutions and security. After completing this
course you will be able to discuss configuration, management of both autonomous and
lightweight wireless networks.
Learner Prerequisite Skills and Knowledge

This subtopic lists the skills and knowledge that learners must possess to benefit fully from the
course. The subtopic also includes recommended Cisco learning offerings that learners should
first complete to benefit fully from this course.
Learner Skills and Knowledge

Basic Computer Literacy
Knowledge of fundamental networking components and
terminology
Knowledge of the Open Systems Interconnection (OSI)
reference model
Knowledge of basic LAN components and functions
2006 Cisco Systems, Inc. All rights reserved.
CWLF v1.03
Course Goal and Objectives

This topic describes the course goal and objectives.
Course Goal
To enable System Engineers and Field Engineers to
offer their customers the most innovative and
comprehensive suite of WLAN solutions in the
industry, spanning a wide range of customer sizes and
needs.
Cisco Wireless LAN Fundamentals
CWLF v1.04
Upon completing this course, you will be able to meet these objectives:
Describe detailed modulation and spreading techniques and how it is used with various
antennas
Describe detailed technical features, functions, and benefits of the WLAN product
offerings available from Cisco
Define concepts and describe considerations for deploying wireless bridges
Configure a Cisco client card with Cisco utilities
Configure the core access point and bridge
Configure an advanced featured WLAN using a Cisco wireless LAN controller
Implement a WLAN management solution available from Cisco
Perform an initial configuration of a WLAN
Secure a WLAN using security methods and products available from Cisco
Describe the requirement necessary for deployment and performing a site survey
Describe the steps, concepts, and tools available while performing a site survey
Course Flow
This topic presents the suggested flow of the course materials.
Course Flow
Day 1
A
M
Course
Introduction
Cisco Aironet
WLAN Products
Day 2
Day 3
Advance Feature
Set Product
Administration
Cisco Wireless
Mesh Network
Installation
Day 4
Site Survey
Preparation
Lunch
Wireless
Bridges
P
M
Aironet
Desktop Utility
Advance Feature
Set Product
Administration
(Cont.)
WLAN
Management
Solutions
Security
Site Survey
Preparation
(Cont.)
Manual Site
Survey Tools
and Utilities
CWLF v1.05
The schedule reflects the recommended structure for this course. This structure allows enough
time for the instructor to present the course information and for you to work through the lab
activities. The exact timing of the subject materials and labs depends on the pace of your
specific class.
Course Introduction
Additional References
This topic presents the Cisco icons and symbols that are used in this course, as well as
information on where to find additional technical references.
Cisco Icons and Symbols

Wireless Dual
Mode Access
Point
Access
Point
Network
Management
Appliance
Router
CiscoWorks
Workstation
File
Server
Line: Ethernet
BBFW
Media
Switch
Laptop
Wireless
Connectivity
Wireless Bridge
Cisco
5500
Family
Workgroup
Switch
Network
Cloud,
White
Scanner
100BaseT
Hub
Tablet
CWLF v1.06
Cisco Icons and Symbols (Cont.)
WLAN Controller
Access point
Wireless Dual
Mode Access
Point
Wireless
Router
Integrated Service
Router
Rooftop or poletop
access point
Wi-Fi Tag
CWLF v1.07
Cisco Glossary of Terms

For additional information on Cisco terminology, refer to the Cisco Internetworking Terms and
Acronyms glossary of terms at http://www.cisco.com/univercd/cc/td/doc/cisintwk/ita/index.htm.
Course Introduction
Module 1
Cisco Aironet WLAN Overview

Overview
This module describes wireless LAN basics.
Module Objectives
Upon completing this module, you will be able to describe detailed modulation and spreading
techniques and how it is used with various antennas. This ability includes being able to meet
these objectives:
Describe the basic concepts of modulation and spreading techniques used in WLAN
applications
Describe antenna basics
1-2
Lesson 1
Describing Wireless LAN

(WLAN) Radio Technologies
Overview
This lesson explores the basics of radio frequency (RF) technology, modulation techniques,
sources of interference, and association processes for wireless LAN (WLAN) client adapters.
Objectives
Upon completing this lesson, you will be able to describe the basic concepts of modulation and
spreading techniques used in WLAN applications. This ability includes being able to meet
these objectives:
Describe the 2.4- and 5-GHz bands
Discuss theories and processes of using spread spectrum technology to send data over a RF
signal
Describe the various 2.4-GHz antennas available from Cisco
Describe the modulation technique used by 802.11a
Unlicensed Frequency Bands

This topic describes the 2.4- and 5-GHz bands. Cisco Aironet products use these bands and
adhere to the 802.11a, 802.11b, and 802.11g standards.
Unlicensed Frequency Bands

Shortwave Radio
AM Broadcast
Audio
FM Broadcast
Infrared Wireless LAN
Television
Cellular (840 MHz)
NPCS (1.9 GHz)
Extremely Very
Very Ultra Super
Visible UltraLow Medium High
Infrared
Low
Low
High High High
Light violet
902-928 MHz
26 MHz
2.4 2.4835 GHz

83.5 MHz
802.11b
and 802.11g
X Ray
5 GHz
802.11a
Frequencies Vary
with Countries
CWLF v1.0m1-2
There are three unlicensed bands: 900 MHz, 2.4 GHz, and 5.7 GHz. The 900-MHz and 2.4GHz bands are referred to as the Industrial, Scientific, and Medical (ISM) bands, and the 5GHz band is commonly referred to as the Unlicensed National Information Infrastructure
(UNII) band.
Frequencies for these bands are as follows:
1-4
900-MHz band: 902. to 928. MHz
2.4-GHz band: 2.400 to 2.483 GHz (in Japan extends to 2.495 GHz)
5-GHz band: 5.150 to 5.350 MHz, 5.725 to 5.825 MHz, with some countries supporting
middle bands between 5.350 and 5.825 MHz. The number of countries that permit 802.11a
and the available spectrum varies widely, and the list change quickly.
Three Wireless Technologies
Frequency
Band
Availability
Maximum Data
Rate
Other Services
(Interference)
802.11b
802.11a
802.11g
2.4 GHz
5 GHz
2.4 GHz
Worldwide
Limited
(Growing)
Worldwide
11 Mbps
54 Mbps
54 Mbps
Cordless phones,
Microwave ovens,
Wireless video, and,
Bluetooth devices
HyperLAN
devices,
Maritime and
satellite
systems
Cordless phones,
Microwave ovens,
Wireless video, and,
Bluetooth devices
The Laws of Radio Dynamics:

Higher data rate
= Shorter transmission range
Higher power output
= Increased range, but lower battery life
Higher-frequency radios
= High data rates, shorter ranges
Note: Different modulation schemes may change some of these dynamics
CWLF v1.0m1-3
2.4 GHz (802.11b)

The 802.11b standard, the most widely deployed wireless standard, operates in the 2.4-GHz
unlicensed radio band and delivers a maximum data rate of 11 Mbps. The 802.11b standard has
been widely adopted by vendors and customers who find its 11-Mbps data rate more than
adequate for most applications. Interoperability between many of the products on the market is
ensured through the Wi-Fi Alliance certification program. Therefore, if your network
requirements include supporting a wide variety of devices from different vendors, 802.11b is
probably your best choice.
5 GHz (802.11a)
The IEEE also ratified the 802.11a standard in 1999, but the first 802.11a-compliant products
did not begin appearing on the market until December 2001. The 802.11a standard delivers a
maximum data rate of 54 Mbps and twelve nonoverlapping frequency channelsresulting in
increased network capacity, improved scalability, and the ability to create microcellular
deployments without interference from adjacent cells. Operating in the unlicensed portion of
the 5 GHz-radio band, 802.11a is also immune to interference from devices that operate in the
2.4-GHz band, such as microwave ovens, cordless phones, and Bluetooth devices (a shortrange, low-speed, point-to-point, personal area network [PAN] wireless standard).
The 802.11a standard is not, however, compatible with existing 802.11b-compliant wireless
devices. Organizations with 802.11b equipment that want the extra channels and network speed
supported by 802.11a technology must upgrade to a product that supports the technology.
Some product support dual-band operation, and it is important to note that 2.4- and 5-GHz
equipment can operate in the same physical environment without interference.
2.4 GHz (802.11g)

The 802.11g standard was ratified in June 2003. The 802.11g standard delivers the same 54Mbps maximum data rate as 802.11a, yet it offers an additional and compelling advantage
backward compatibility with 802.11b equipment. This means that 802.11b client cards will
work with 802.11g access points and that 802.11g client cards will work with 802.11b access
Cisco Aironet WLAN Products
1-5
points. Because 802.11g and 802.11b operate in the same 2.4-GHz unlicensed band, migrating
to 802.11g is an affordable choice for organizations with existing 802.11b wireless
infrastructures. Note that 802.11b products cannot be software upgraded to 802.11g. This
limitation is due to the fact that 802.11g radios use a different chipset in order to deliver the
higher data rate. However, much like Ethernet and Fast Ethernet, 802.11g products can be
commingled with 802.11b products in the same network. Both 802.11g and 802.11b operate in
the same unlicensed band. As a result, they share the same three channels that can limit
wireless capacity and scalability.
1-6
IEEE 802.11 Standard

Became a standard in July 1997
Two radio frequency (RF) technologies were first defined:
Frequency Hopping Spread Spectrum (FHSS)1 Mbps
and 2 Mbps
Direct Sequence Spread Spectrum (DSSS)2-Mbps and
11 Mbps
Defines the performance of radios
Provides specifications for vendor interoperability (over the
air)
Defines security used over the air and authentication types
CWLF v1.0m1-4
When an IEEE committee works on a standard, the members ask to have engineers from all
appropriate companies in the field participate in the development of the specification. The
802.11 committee is no different. Engineers from many different wireless data companies (and
some wired LAN companies) together developed a standard that they believe is a high-quality,
high-performance standard.
For this reason an 802.11 radio will be a better product than any of the older proprietary
products. The 802.11 standard defines such things as receiver sensitivity, MAC layer
performance, data rates, security, and so on.
Radio engineers put the 802.11 specification together from wireless companies such as Cisco
Systems (Aironet), Harris Corporation (Intersil), and Lucent Technologies (Agere), as well as
network engineers from companies such as Bay Networks, 3Com Corporation, and Microsoft
Corporation.
1-7
WI-Fi Certification
Wi-Fi Alliance certifies interoperability between products

Products include 802.11a, 802.11b, 802.11g, dual band products,
and security testing
Provides assurance to customers of migration and integration
options
Cisco is a founding member of Wi-Fi Alliance
Certified products can be found at http://www.wi-fi.com
CWLF v1.0m1-5
The Wi-Fi Alliance offers certification for interoperability among 802.11 products offered by
various vendors. This certification provides a comfort zone for the users purchasing the
products. It also helps market the WLAN technology, by promoting interoperability between
vendors. Certification includes all three 802.11 RF technologies, as well as Wi-Fi Protected
Access (WPA), a security model that follows the 802.11i security task group work.
1-8
IEEE 802.11 Standard Activities

802.11a* 5 GHz, ratified in 1999
802.11b* 11 Mbps 2.4 GHz, ratified in 1999
802.11d* World Mode
802.11e* Quality of service
802.11F* Inter-Access Point Protocol (IAPP)
802.11g* Higher data rate (>20 Mbps) 2.4 Mbps
802.11h* Dynamic Frequency Selection and
Transmit Power Control mechanisms
802.11i* Authentication and security
802.11j* Additional Japanese frequencies
802.11k Radio Resource Management
* Denotes Ratified standard, otherwise in draft
CWLF v1.0m1-6
The 802.11a, b, and g specifications all relate to WLAN physical layer standards.
Cisco Aironet access points in this release support the 802.11d standard for world mode. World
mode enables the access point to inform an 802.11d client device which radio setting the device
should use to conform to local regulations.
The IEEE 802.11e standard is being developed to enhance the current 802.11 MAC to expand
support for applications with quality of service (QoS) requirements and improve the
capabilities and efficiency of the protocol. This standard will assist with voice, video, and other
time-sensitive applications. In March 2005, the IEEE will submit this standard to the Executive
Committee for approval.
The IEEE 802.11F standard is a recommended practice guideline, defining a protocol for
intercommunication between access points, to assist in roaming, and handoff of traffic. Most
vendors have implemented their own proprietary Inter-Access Point Protocol (IAPP) for use
with their access points.
The IEEE 802.11h standard is supplementary to the MAC layer to comply with European
regulations for 5-GHz WLANs. Most European radio regulations for the 5-GHz band require
products to have transmission power control (TPC) and dynamic frequency selection (DFS).
TPC limits the transmitted power to the minimum needed to reach the farthest user. DFS selects
the radio channel at the access point to minimize interference with other systems, particularly
radar.
The IEEE 802.11i standard is intended to enhance the current 802.11 MAC to provide
improvements in security.
The IEEE 802.11j standard is intended to enhance the 802.11 standard and amendments, to add
channel selection for 4.9 GHz and 5 GHz in Japan to conform to Japanese rules on operational
mode, operational rate, radiated power, spurious emissions, and channel sense.
1-9
The IEEE 802.11k task group was developed to define and expose radio and network
information as well as facilitate the management and maintenance of a wireless and mobile
LAN. It is also expected to enable new applications based on this radio informationfor
example, location-enabled services.
1-10
802.11a
Ratified as standard in September 1999
Provides similar technology to HyperLAN 2.0
Data rates to 54 Mbps defined
Provides eight indoor WLAN channels today
More channels forthcoming
Regulations differ extensively across countries
CWLF v1.0m1-7
The Cisco Aironet 1000 Series consists of three access points each featuring dual 2.4- and 5GHz radios supporting IEEE 802.11a, 802.11b and 802.11g. In addition it is available with a
single 2.4 GHz radio that supports 802.11g and 802.11b, for installations where 5 GHz is not
allowed due to regulatory restrictions. All interoperate with Cisco Wireless LAN Controllers
and the Wireless Control System (WCS) management tool. Each is optimized for different
application scenarios:
1-11
802.11a Issues
Twelve channels (UNII-1, UNII-2 and UNII-3 combined)
Avoid the use of adjacent channels in adjacent cells due to
sidebands
Antenna limitations
UNII-1Indoor usage. The requirement for permanently attached
antennas in the U.S. was removed in June, 2004
UNII-2Indoor/outdoor and may use external antennas
UNII-3Can be used indoors
Not qualified in many countries

Transmit (Tx) power control and dynamic frequency selection
required (802.11h)
CWLF v1.0m1-8
The 5-GHz band is divided into several sections. The lower eight channels cover the two
sections known as UNII-1 and UNII-2. Each of these sections includes 100 MHz of spectrum,
in which there are four channels. The UNII-1 band has limitations in the United States (and
some other countries) that require it to be used indoors. UNII-2 is permitted for both indoor and
outdoor usage, and permits external antennas. UNII-3 can be used indoors or outdoors.
There are rule changes under way. With the adoption of 802.11h, the new rules will provide up
to an additional 11 channels in many countries, as well as providing the UNII-3 band for
WLAN usage. This change will increase the number of WLAN channels from eight to as many
as 24.
1-12
802.11b
11 Mbps 2.4 GHz direct sequence
Ratified as standard in September 1999
11 U.S. channels
13 European Telecommunications Standards Institute (ETSI)
channels
14 Japanese channels
Power levels:
36 dBm Effective Isotropic Radiated Power (EIRP)-Federal
Communications Commission (FCC)
20 dBm EIRP-ETSI
Virtually approved for worldwide use
CWLF v1.0m1-9
The 802.11b standard was ratified in 1999. Products were actually introduced into the market
before the standard was ratified; 802.11b became the de facto standard for wireless, and
adoption grew rapidly. There are 11 channels available in the United States. However, only
three of these channels are nonoverlapping. In the European Telecommunications Standards
Institute (ETSI) domains, there are 13 available channels, but again there are only three
nonoverlapping channels. In Japan, there is an additional channel located at the top end of the
band. It is possible to use this along with three other channels for a total of four nonoverlapping
channels.
1-13
802.11g
Standard for higher-rate
(20+ Mbps) extensions in the 2.4GHz band
Provides data rates up to 54 Mbps at
2.4 GHz
Same speeds as 802.11a
802.11g
Backward compatible with

11 Mbps (802.11b)
Same modulation as
802.11aOrthogonal Frequency Division2050 MB
Multiplexing (OFDM)
802.11g
11 MB
802.11b
CWLF v1.0m1-10
The 802.11g standard was ratified in June 2003. Products were actually being shipped before
the standard was ratified. The speeds of 802.11g promised to be similar to those of 802.11a,
and 802.11g uses the same frequencies as 802.11b. As a result, 802.11g has full backward
compatibility with 802.11b.
1-14
802.11g Transmit Power

The power must be backed off for OFDM to handle peaks
of modulation
Complementary Code Keying (CCK):
100 milliwatt (mW) (20-decibels compared to 1 mW [dBm])
50 mW (17 dBm)
30 mW (15 dBm)
20 mW (13 dBm)
10 mW (10 dBm)
5 mW (7 dBm)
1 mW (0 dBm)
CWLF v1.0m1-11
802.11g Transmit Power (Cont.)

Maximum power setting will vary according to individual
country regulations.
OFDM:
30 mW (15 dBm)
20 mW (13 dBm)
10 mW (10 dBm)
5 mW (7 dBm)
1 mW (0 dBm)
CWLF v1.0m1-12
Because of the sideband noise generated by Orthogonal Frequency Division Multiplexing

(OFDM) modulation, the power must he backed off for OFDM (802.11g) to handle the peaks
of the modulation and still meet regulations. The overall maximum power settings vary from
country to country.
1-15
Spread Spectrum RF Technology

This topic discusses theories and processes of using spread spectrum technology to send data
over a RF signal.
What is WLAN RF Technology?

Data sent over the air waves
Two-way radio communications (half-duplex)
Same radio frequency for sending and receiving
(transceiver)
No licensing required for Cisco Aironet wireless
products (in most countries)
CWLF v1.0m1-13
Transmitting a signal using 802.11 specifications is a two-way communication, using the same
frequency for both transmit and receive (often called half-duplex or simplex). The 802.11
specification was developed so that there would be no licensing required in most countries, and
the user could install and operate without any license or operating fees.
Spread spectrum is a type of emission designed to be somewhat immune to interference,
difficult to detect, and hard to intercept.
U.S. Actress Hedy Lamarr and music composer George Antheil patented the concept of spread
spectrum in 1942. The idea was to provide a method for guiding a torpedo without interference
from a jamming signal.
In 1986, the U.S. Federal Communications Commission (FCC) agreed to allow the use of
spread spectrum in the commercial market under the ISM bands.
Just as the radio in your car has amplitude modulation (AM) and frequency modulation (FM)
bands, other radios use different bands and types of modulation.
1-16
Transmitting a Signal
The goal of sending data over RF
is to:
Send as much data as far
and as fast as possible
Transmitting more data across

the airwaves on a signal
More frequency spectrum is used
or
Complex modulation techniques
are used
CWLF v1.0m1-14
When you are transmitting a signal in data format, three questions must be addressed:
How fast: What data rate can be achieved?
How far: How far apart can the units be that are transmitting or receiving and still get the
maximum data rate?
How many: How many users can be on the system without slowing the data rate to an
unacceptable level? The 2.4-GHz and 5-GHz products operate as a shared medium and
have the same scalability and utilization issues as a wired Ethernet segment.
These factors all relate to the ability to receive a good signal as far away as possible. Increasing
the amount of data requires the use of more frequency spectrum or a different method of
placing the data on the RF signal (modulation technique).
1-17
Frequency Bandwidth
CB Radio Signal
FM Radio Signal
More information means more

frequency
spectrum is used.
TV Signal
3K
175K
4500K
Bandwidth in kHz
CWLF v1.0m1-15
As more information is placed on a radio signal, more frequency spectrum (or bandwidth) is
used. A brief comparison is a follows:
A citizens band (CB) signal has very low-quality audio and requires about 3 kHz of
bandwidth.
An FM radio signal provides high-quality audio that consumes about 175 kHz of
bandwidth.
A TV signal contains both audio and video and uses almost 4500 kHz (4.5 MHz) of
bandwidth.
In general, more information equals more frequency spectrum used.
1-18
Modulation
Complex modulation
Better signal strength
Less coverage area
Complex modulation
schemes compress data
Better (quieter) phone line
needed for higher speed
More noise, less speed
Signal Strength
Strong
Low
Medium
Medium
Weak
High
Noise Level
CWLF v1.0m1-16
Years ago, a modem was able to communicate at 300 baud. Today, a 56-kbps modem gets
much higher speeds over the same wire as the 300-baud modem. This increase in speed is due
to the modem compressing the data into a smaller space and using the same bandwidth of the
phone line that the 300-baud modem used.
One problem that may arise is that if there is noise on the phone line, the modem speed will be
reduced. As the data is further compressed, it requires a stronger signal as compared to the
noise level. More noise means slower speed for the data to be received correctly.
The same is true in radio. As a receiver moves farther from a transmitter, the signal gets
weaker, and the difference between the signal and noise decreases. At some point, the signal
cannot be distinguished from the noise, and loss of communication occurs. The amount of
compression (or modulation type) at which the signal is transmitted determines the amount of
signal necessary to be clearly received through the noise.
As transmission or modulation schemes (compression) become more complex and data rate
goes up, immunity to noise decreases, and coverage goes down.
1-19
802.11b Radio Modulation

Three different types of
modulation
Depending upon the
data rate:
Binary Phase Shift
Keying (BPSK)
Quadrature Phase Shift Keying
(QPSK)
Complementary Code Keying
(CCK)
BPSK Modulation Example
CWLF v1.0m1-17
The 802.11b specification uses different modulation techniques, including the following:
1-20
Binary Phase Shift Keying (BPSK): BPSK uses one phase to represent a binary 1 and
another to represent a binary 0 for a total of two bits of binary data. This technique is used
to transmit data at 1 Mbps.
Quadrature Phase Shift Keying (QPSK): With QPSK, the carrier undergoes four
changes in phase and can thus represent four binary bits of data. This technique is used to
transmit data at 2 Mbps.
Complementary Code Keying (CCK): CCK uses a complex set of functions known as
complementary codes to send more data. One of the advantages of CCK over similar
modulation techniques is that it suffers less from multipath distortion. This technique is
used to transmit data at 5.5 and 11 Mbps.
802.11b Direct Sequence Modulation

Each data bit becomes a string of chips (chipping sequence)
transmitted in parallel across a wide frequency range.
Minimum chip rate per the FCC is 10 chips for 1 and 2 Mbps
(BPSK/QPSK) and 8 chips for 11 Mbps (CCK) data rates.
IEEE 802.11b uses 11 chips.
If the data bit was: 1001
Chipping code is : 1=00110011011
0=11001100100
Transmitted data would be:

00110011011
11001100100
11001100100
00110011011
1
CWLF v1.0m1-18
A feature of these codes is that the receiver could actually miss several bits and the software
would still be able to identify that the code was intended to be a 1 or a 0. If there were an
interfering signal, the unit would still be able to get the data through without loss of data or
reduction in throughput or performance.
Note
A bit received that was a 01111011011 would, when compared to a 1, be two bits different.
Compared to a 0, it would be 9 bits different. Therefore, that received bit should represent a
1. More than 5 data bits would have to be inverted to change the value, which means that
more than half the signal would have to be lost before the original message would be
impossible to reconstruct.
1-21
2.4-GHz Antennas
This topic describes the various 2.4-GHz antennas available from Cisco.
2.4-GHz Channel Sets (Cont.)
North American
11 channels each channel 22 MHz wide
Three nonoverlapping channels
ETSI
13 channels each channel 22 MHz wide
Still only three nonoverlapping channels
Three access points can occupy same area
CWLF v1.0m1-19
With 802.11b and 802.11g products, the energy is spread over a wide area of the band. With
802.11b or 802.11g products, the channels have a bandwidth of 22 MHz. This bandwidth will
allow three nonoverlapping, noninterfering channels to be used in the same area.
If there is severe signal interference in one area, it is possible to change to another channel and
totally avoid the interference. Normally, changing channels does not happen automatically in
DSSS and must be done with reconfiguration to the access point. Cisco firmware will allow an
access point to search for the least congested channel.
1-22
802.11b Access Point Coverage

1-Mbps DSSS
2-Mbps DSSS
5.5-Mbps DSSS
11-Mbps DSSS
CWLF v1.0m1-20
All Cisco 802.11 WLAN products have the ability to data rate shift while moving. This allows
the person operating at 11 Mbps to shift to 5.5 Mbps, 2 Mbps, and finally still communicate at
the outside ring at 1 Mbps. This rate shifting happens without losing connection and without
any interaction from the user. Rate shifting also happens on a transmission-by-transmission
basis. Therefore, the access point has the ability to support multiple clients at multiple speeds
depending upon the location of each client.
1-23
802.11b Scalability
Blue = 11 Mbps
Total Bandwidth = 33 Mbps!

Green = 11 Mbps
Red = 11 Mbps
CWLF v1.0m1-21
Scalability is the ability to locate more than one access point in the same area, increasing the
bandwidth of that area for all users local to that access point.
Because 802.11 2.4-GHz systems have three nonoverlapping channels, three discrete systems
can reside in the same area with no interference. If more than three systems are required in the
same area, they must time share the frequency. Therefore, the highest aggregate (total
combined) data rate for an 802.11b system is 33 Mbps for a given cell area.
Using the ability to scale throughput and add access points in the same cell area increases the
overall available bandwidth of any cell.
1-24
IEEE 802.11a Characteristics

This topic describes the modulation technique used by 802.11a.
Comparing the Technologies

802.11a Data Rates
Modulation with
Sub-channels
Data Rate per

Sub-channel
(Kbps)
Total Data Rate

(Mbps)
BPSK
125
BPSK
187.5
QPSK
250
12
QPSK
375
18
16-QAM
500
24
16-QAM
750
36
64-QAM
1000
48
64-QAM
1125
54
CWLF v1.0m1-22
OFDM is the modulation technique used by 802.11a and 802.11g. OFDM works by breaking
one high-speed data carrier into several lower-speed sub-carriers, which are then transmitted in
parallel. Each high-speed carrier is 20 MHz wide and is broken up into 52 subchannels, each
approximately 300 kHz wide. OFDM uses 48 of these subchannels for data, while the
remaining four are used for error correction. Coded Orthogonal Frequency Division
Multiplexing (COFDM) delivers higher data rates and a high degree of multipath reflection
recovery, thanks to its encoding scheme and error correction.
Each sub-channel in the OFDM implementation is about 300 kHz wide. At the low end of the
speed gradient, BPSK is used to encode 125 kbps of data per channel, resulting in a 6000-kbps,
or 6-Mbps, data rate. Using QPSK, you can double the amount of data encoded to 250 kbps per
channel, yielding a 12-Mbps data rate. And by using 16-state quadrature amplitude modulation
(16-QAM) encoding 4 bits per cycle, you can achieve a data rate of 24 Mbps. The 802.11a
standard specifies that all 802.11a-compliant products must support these basic data rates. The
standard also lets the vendor extend the modulation scheme beyond 24 Mbps. Data rates of 54
Mbps are achieved by using 64-state quadrature amplitude modulation (64-QAM), which yields
8 bits per cycle or 10 bits per cycle, for a total of up to 1.125 Mbps per 300-kHz channel. With
48 channels, this results in a 54-Mbps data rate. Remember, the more bits per cycle (hertz) that
are encoded, the more susceptible the signal is to interference, and ultimately the shorter the
range, unless power output is increased.
1-25
802.11a Uses OFDM Modulation

OFDM (52 of 64 subcarriers used)
20 MHz
Channel sampled at 20 MHz
64-sample (3.2 microsecond) symbols
16-sample (0.8 microsecond) cyclic prefix/guard interval
250 symbols per second
Of 64 subcarriers:
12 zero subcarriers (In black) on sides and center
Side is frequency guard band leaving 16.5 MHz occupied bandwidth
Center subcarrier is zero for DC offset/carrier leak rejection
48 data subcarriers (in green) per symbol
4 pilot subcarriers (in red) per symbol for synchronization/tracking
CWLF v1.0m1-23
The OFDM encoding scheme works by splitting the 20-MHz radio channel into 52 smaller
subcarriers, 48 of which are used to transmit data. The remaining four subcarriers are used as
pilot carriers for monitoring path shifts and intercarrier interference (ICI). These subcarriers are
then transmitted simultaneously at different frequencies to the receiver.
1-26
802.11a 5-GHz Frequency Bands

Std 802.11a-1999
High-Speed Physical Layer in the 5-GHz Band
Lower and Middle U-NII Bands: Eight Carriers in 200-MHz/20-MHZ Spacing

30 MHz
30 MHz
5150
5180
Lower Band Edge
5200
5220
5240
5260
5280
5300
5320
5350
Upper Band Edge
Upper U-NII Bands: Four Carriers in 100-MHz/20-MHZ Spacing

20 MHz
20 MHz
5725
5745
Lower Band Edge
5765
5785
5805
5825
Upper Band Edge
CWLF v1.0m1-24
The figure shows the center frequency of the channels. The frequency of the channel is 10 MHz
on either side of the dotted line and there is 5 MHz of separation between channels.
The 802.11a standard has twelve channels without overlap of frequency; 802.11b has 11
channels with only three channels that do not overlap in frequency. UNII-1 uses the first four
channels and UNII-2 uses the second four channels and UNII-3 uses the upper 4 channels. The
lower and middle UNII U.S. channels included the following:
UNII- 1: 5.15 GHz to 5.25 GHz
Indoor only, 40-mW maximum with 6-dBi integrated antenna
Four channels
UNII- 2: 5.25 GHz to 5.35 GHz
When the radio is capable of transmitting on UNII- 1 and UNII- 2, it must follow
UNII- 1 rules for transmit power and antenna gain
If the radio is UNII- 2 only, the radio can transmit at 200 mW and use removable
antennas
Four channels
UNII- 3: 5.725 GHz to 5.825 GHz
1 W maximum with 6-dBi antenna for point-to-multipoint and 23-dBi antenna for
point-to-point
Four channels
1-27
Cisco UNII-1 and UNII-2 802.11a

Channel Sets
Cisco Maximum Peak Power (mW)*
Taiwan (-T)
Frequency
(MHz)
5170
5180
5190
5200
5210
5220
5230
5240
5260
5280
5300
5320
Singapore (-S)
Channel ID
34
36
38
40
42
44
46
48
52
56
60
64
Japan (-J)
http://www.cisco.co
m/go/aironet/compli
ance
Americas (-A)
Channel Set
For more
information see:
x
x
x
x
x
x
x
x
x
x
x
x
x
40
x
x
x
x
x
40
20
40
CWLF v1.0m1-25
If a 6-dBi antenna is used then the radiated power is as follows:
1-28
UNII- 1: 50 mW in the United States and Japan, 200 mW in Europe, 4 channels (5.15 to
5.25), indoor access, fixed antenna
UNII- 2: 250 mW in United States, four channels (5.25 to 5.35), indoor and outdoor use,
flexible antenna
UNII- 3: 1 W in the United States, four channels (5.725 to 5.825), indoor and outdoor use,
flexible antenna
HiperLAN: 200 mW in Europe, eight channels (5.25 to 5.35), indoor use only
HiperLAN II: 1 W in Europe, 11 channels (5.470 to 5.725), indoor and outdoor use,
flexible antenna
802.11a Access Point Coverage

OFDM
54 Mbps
48 Mbps
36 Mbps
24 Mbps
18 Mbps
12 Mbps
09 Mbps
06 Mbps
CWLF v1.0m1-26
Like the 802.11b products, the 802.11a products also support multiple data rate cells. Unlike
the four data rates supported by 802.11b radios, the 802.11a radios support eight different data
rates.
Similar to the 802.11b radios, all 802.11a products also have the ability to data rate shift while
moving. The 802.11a products allow the person operating at 54 Mbps to shift to 48 Mbps, 36
Mbps, 24 Mbps, 18 Mbps, 12 Mbps, 9 Mbps, and finally still communicate at the outside ring
at 6 Mbps. This rate shifting happens without losing connection and without any interaction
from the user. Rate shifting also happens on a transmission-by-transmission basis; therefore the
access point has the ability to support multiple clients at multiple speeds, depending upon the
location of each client.
1-29
802.11a Scalability (Indoor UNII-1 and UNII-2)

Total Bandwidth = 648 Mbps
Twelve nonoverlapping
channels
54 Mbps
54 Mbps
54 Mbps
54 Mbps
54 Mbps
54 Mbps
54 Mbps
54 Mbps
CWLF v1.0m1-27
Because 802.11a has twelve nonoverlapping channels, twelve discrete systems can reside in the
same area with no interference. If more than twelve systems are required in the same area, they
must share the frequency. Therefore, the highest aggregate data rate (total using both the UNII1 UNII-2 and UNII-3 bands, indoor only) for an 802.11a system is 648 Mbps for a given cell
area.
Care must be taken, when colocating access points in the same cell, to have some physical
separation between devices. Having access points too close together can cause signal
degradation from cross-channel RF interference. The recommended separation is 3 feet.
1-30
802.11g Standard
Ratified in June 2003
Operates in the same 2.4-GHz band as 802.11b
Uses the same three nonoverlapping channels
Full backward compatibility with 802.11b
Conceptually similar to Ethernet and Fast Ethernet
Uses OFDM for 802.11g data rates, DSSS for 802.11b data
rates
Employs various modulation schemes for a variety of data
rates
54, 48, 36, 24, 18, 12, 9, and, 6 Mbps via OFDM
11, 5.5, 2, and, 1 Mbps via DSSS
CWLF v1.0m1-28
The 802.11g specifications operate in the same channels as 802.11b:
Three nonoverlapping channels
11 North America
12, 13, 14 not available
13 ETSI
14 Japan
Equipment complying with 802.11g operates in the same modulation as 802.11b for 11-, 5.5-,
2-, and 1-Mbps data rates.
Equipment complying with 802.11g operates in the same modulation as 802.11a for 54-, 48-,
36-, 24-, 18-, 12-, 9- and 6-Mbps data rates.
Equipment complying with 802.11g operates in the same bandwidth as 802.11b for 22-MHzwide channels.
1-31
802.11g Throughput
Data rate less protocol overhead and is shared by all
associated clients
More clients there are, the less the average per-user
throughput
802.11a, 802.11b, and 802.11g

(without legacy support) provide throughput
that is approximately half of the data rate
Legacy support for 802.11b exacts a heavy
throughput price when you are in mixed-mode
operation
CWLF v1.0m1-29
Because of differing modulation schemes, when devices are used in mixed modes of both
802.11b and 802.11g, throughput suffers drastically. The Request to Send/Clear to Send
(RTS/CTS) function provides interoperability but adds protocol overhead. Adoption of 802.11b
backoffs further decreases throughput during heavy network traffic.
CTS to Self provide increased mixed-mode performance.
1-32
802.11g Throughput Compared

Data Rate (Mbps)
Approximate
Throughput (Mbps)
Throughput as a
Percentage of 802.11b
Throughput
802.11b
11
100%
802.11g (802.11b
clients in cell)
54
133%
802.11g (no 802.11b

clients in cell)
54
22
367%
802.11a
54
25
417%
The throughput increase for 802.11g when in mixed-mode operation

is relatively modest when compared to 802.11b.
Mixed-mode throughput is a fraction of the throughput provided by
802.11g when not supporting legacy clients.
CWLF v1.0m1-30
While using an 802.11g in a g only environment, you can get throughput values of low to mid
20s, slightly less than an 802.11a system. When mixing 802.11b and 802.11g modes, the
throughput will fall off.
1-33
802.11g Capacity
Throughput multiplied by available channels
802.11b and 802.11g operate in the same band, use
the same three channels
Any 802.11g capacity increase is from throughput alone
IEEE 802.11h radar detection opens up new 5 GHz

band
CWLF v1.0m1-31
Because 802.11g is based on the same channeling scheme and spectral bandwidth as 802.11b,
802.11g provides only three nonoverlapping channels. This fact limits scalability.
1-34
802.11g Scalability
Blue = 54 Mbps
Total Bandwidth = 162 Mbps

Green = 54 Mbps
Red = 54 Mbps
CWLF v1.0m1-32
Scalability is the ability to locate more than one access point in the same area while increasing
the bandwidth of that area for all users local to that access point.
Because 802.11g typically provides three nonoverlapping channels, three discrete systems can
reside in the same area with no interference. If more than three systems are required in the same
area, they must share the frequency. Therefore, the highest aggregate (total combined) data rate
for an 802.11g system is 162 Mbps for a given cell area.
Care must be taken, when colocating access points in the same cell, to have some physical
separation between devices. Having access points too close together can cause signal
degradation from cross-channel RF interference. The recommended separation is 5 feet. This
distance is a little greater than for 802.11b, because of the nature of OFDM.
1-35
802.11g Range
Like 802.11b, 802.11g operates in the 2.4-GHz band,
sharing a fundamental range advantage over 802.11a
Propagates better through objects
Decreases as data rate increases

Higher-order modulation and transmit power reductions due
to error vector magnitude
OFDM more efficient than DSSS, resulting in higher

802.11g rates at a given distance than 802.11b
CWLF v1.0m1-33
The OFDM modulation provides improved multipath performance (discussed in the next topic)
as well as being more efficient than DSSS in handling data. Therefore, in 802.11g OFDM tends
to provide a higher range than 802.11b modulation techniques for similar data rates.
1-36
802.11a, 802.11b, and 802.11g Ranges

(Open Office Environment)
Data Rate (Mbps)
802.11a (40 mW with 6-dBi Gain

Diversity Patch Antenna) Range
802.11g (30 mW with 2.2dBi Gain Diversity Dipole

Antenna)
802.11b (100 mW with 2.2dBi Gain Diversity Dipole

Antenna)
54
45 ft (13 m)
90 ft (27 m)
48
50 ft (15 m)
95 ft (29 m)
36
65 ft (19 m)
100 ft (30 m)
24
85 ft (26 m)
140 ft (42 m)
18
110 ft (33 m)
180 ft (54 m)
12
130 ft (39 m)
210 ft (64 m)
11
160 ft (48 m) (CCK)
160 ft (48 m)
150 ft (45 m)
250 ft (76 m)
165 ft (50 m)
300 ft (91 m)
5.5
220 ft (67 m) (CCK)
220 ft (67 m)
270 ft (82m) (CCK)
270 ft (82m)
410 ft (124 m) (CCK)
410 ft (124 m)
Significant range differences for 802.11a relative to 802.11g

Superior range of OFDM data rates over DSSS in 802.11g
CWLF v1.0m1-34
When 802.11g is operating at the 802.11b rates (11, 5.5, 2, and 1 Mbps), it uses the same
modulation as 802.11b. When operating at 802.11g rates, it uses OFDM, and the range is
improved.
1-37
Multipath Distortion
Occurs when a radio
frequencies (RF) signal has
more than one path between a
receiver and a transmitter
RF take more than one path
Multiple signals cause
distortion of the signal
Can cause high signal
strength yet low signal quality
Ceiling
TX
RX
Obstruction
Floor
Received Signals
Time
Combined Results
Time
CWLF v1.0m1-35
Multipath interference occurs when a RF signal has more that one path between a receiver and
a transmitter. Just as light and sound bounce off objects, so does RF. This means that there can
be more that one path that RF takes when going from a transmit (Tx) to a receive (Rx) antenna.
These multiple signals combine in the Rx antenna and receiver to cause distortion of the signal.
Multipath interference can cause high signal strength yet low signal quality, so that the data
would be unreadable. One lead that you are getting multipath interference is that signal
strength and signal quality fluctuate drastically, even when you are moving the client only a
little (inches).
You can relate this to a common occurrence in your car. As you pull up to a stop sign, you may
notice static on the radio. But as you move forward a few inches or feet, the station starts to
come in more clearly. By rolling forward, you move the antenna slightly, away fro the point
where the multipath signals converge.
1-38
Multipath and Frequency

2500
2400
Wavelength
The distance an RF wave

travels, how it bounces,
and where the multipath
nulls occur are based on
the wavelength of the
frequency.
As frequency changes,
so does the wavelength.
Therefore as frequency
changes, so will the
location of the multipath
null.
CWLF v1.0m1-36
The pattern in which signals reflect is greatly affected by the physical wavelength of the signal.
Because the wavelength is inversely proportional to the frequency, each frequency has differing
multipath effects (fading). Typically, in a location where one frequency has a large multipath
interference issue, another, frequency, even a close frequency, will not. Because OFDM is
based on many different frequencies, all operating in parallel, the odds are good that some of
the information in at least some of the frequencies will be communicated successfully. This
provides much greater performance in multipath environments.
1-39
802.11a and 802.11g (Using OFDM) are the

Antidote for Multipath Interference
Ways to minimize intersymbol interference:
Reduce the symbol rate, but data rate usually goes down too
Equalizers, but equalization is processor-intensive
Solution:
Transmit over multiple carrier frequencies in parallel
(Orthogonal Frequency Division Multiplexing)
Frequency
CWLF v1.0m1-37
An OFDM signal is not affected by intersymbol interference because the data is sent on
multiple frequencies instead of a single frequency, making it very unlikely that two frequencies
will fade at the same time in the same environment. This is one reason for the improvement of
indoor ranges on 802.11g and 802.11a when compared to 802.11b.
1-40
Lesson Self-Check
Use the questions here to review what you learned in this lesson. The correct answers and
solutions are found in the Lesson Self-Check Answer Key.
Q1)
What does ISM stand for? (Source: Unlicensed Frequency Bands)

A)
B)
C)
D)
Q2)
What are the unlicensed frequency bands? (Choose one.)

(Source: Unlicensed Frequency Bands)
A)
B)
C)
D)
Q3)
OFDM and CCK

BPSK and CCK
CCK and QPSK
BPSK and QPSK
What is achieved by collocating access points? (Source: Scalability)

A)
B)
C)
D)
Q6)
Reflected radio waves

Radio waves reflected back at 180 degrees
Direct radio waves and reflected radio waves received simultaneously
Reflected radio waves in indoor environments
What modulation techniques are used in all three IEEE 802.11 physical layer
technologies (Source: Modulation Techniques)
A)
B)
C)
D)
Q5)
4.9, 2.4 and 5 GHZ

900 MHz, 2.4 and 5 GHz
2.4, 4.9 and 5 GHz
2.4 and 5 GHz
What causes multipath distortion? (Choose one.) (Source: Multipath Distortion)

A)
B)
C)
D)
Q4)
Industrial Scientific Medical Band

Individual Scientific Medical Band
Individual Scientific Made Available Band
Industrial Scientific Made Available Band
Increased available bandwidth

Redundancy
Higher data rates
Increased overhead
Of the 64 sub carriers available in the OFDM modulation scheme, how many are used
for data? (Choose one.) (Source: OFDM Modulation)
A)
B)
C)
D)
12
24
36
48
1-41
Lesson Self-Check Answer Key
1-42
Q1)
Q2)
Q3)
Q4)
Q5)
Q6)
Summary
This topic summarizes the key points that were discussed in this lesson.
Summary
In this lesson we described the 2.4 and 5 GHz bands and how
Cisco Aironet products use these bands as well as adhere to
the 802.11a, 802.11b, and 802.11g standards.
We discussed theories and processes of using spread
spectrum technology to send data over a RF signal.
We described the various modulation techniques used by
802.11b, 802.11a, and 802.11g.
We described the causes and frequency of multipath
distortion.
CWLF v1.0m1-39
In this lesson we described the 2.4 and 5 GHz bands and how Cisco Aironet products use these
bands as well as adhere to the 802.11a, 802.11b, and 802.11g standards.
We discussed theories and processes of using spread spectrum technology to send data over a
RF signal.
We described the various modulation techniques used be 802.11b, 802.11a, and 802.11g.
We described the causes and frequency of multipath distortion.
1-43
1-44
Lesson 2
Defining Antenna Concepts

Overview
This lesson covers some of the basics of antennas and how they work, to give you an
understanding of when to use which antenna.
Objectives
Upon completing this lesson, you will be able to describe antenna basics. This ability includes
being able to meet these objectives:
Define antenna values
Define antenna gain, directionality, and polarization
Define various antenna types
Define the maximum power and EIRP rules for 2.4 GHz and 5 GHz radios.
Definition of Terms
This topic defines antenna values.
Definition of Terms
Decibel (dB)Ratio of one value to another
dBx, where x =
m = compared to 1 milliwatt (0 dBm = 1 mW)
i = compared to isotropic antenna
d = compared to dipole antenna
w = compared to 1 watt (0 dBw = 1 watt)
CWLF v1.0m1-2
Some of the terms used in this module are defined as follows:
1-46
Decibel (dB): The difference or ratio between two signal levels. Named after Alexander
Graham Bell and used to describe the effect of system devices on signal strength.
dB milliwatt (dBm): A signal strength or power level. Zero dBm is defined as 1 mW of

power into a terminating load such as an antenna or power meter. Small signals are
negative numbers (such as83 dBm).
dB dipole (dBd): The gain an antenna has over a dipole antenna at the same frequency. A
dipole antenna is the smallest, least-gain practical antenna that can be made.
dB isotropic (dBi): The gain a given antenna has over a theoretical isotropic (point source)
antenna. Unfortunately, an isotropic antenna cannot be made in the real world, but it is
useful or calculating theoretical fade and system operating margins.
Effective Isotropic Radiated Power (EIRP): Effective Isotropic Radiated Power is

defined as the effective power found in the main lobe of a transmitter antenna. It is equal to
the sum of the antenna gain (in dBi) plus the power (in dBm) into that antenna.
Cisco Aironet Antennas

All Cisco Aironet 2.4-GHz cables, RF devices, and
antennas have reverse polarity TNC (RP-TNC)
connectors.
Cisco Aironet antennas meet all regulatory
requirements.
A wide variety of IEEE 802.11 antennas are available
for diverse applications.
CWLF v1.0m1-3
In 1994, the U.S. Federal Communications Commission (FCC) and Industry, Science and
Technology Canada (TSTC) added new rules covering spread spectrum products. These rules
require that an antenna sold with a product must be tested and approved with that product.
In order to keep average users from installing whichever antenna they want, the FCC also
implemented a rule stating that any removable antenna had to use a unique, nonstandard
connector that is not available in general distribution channels.
Cisco Aironet IEEE 802.11b antennas and all Cisco Aironet cables use a reverse-polarity
threaded naval connector (RP-TNC). This connector looks like a TNC, but the center contacts
have been reversed. This design prohibits a standard off-the-shelf antenna from being attached
to a Cisco Aironet radio frequency (RF) product.
The FCC does permit a professional installer to use different antennas or connectors. A
professional installer is defined as someone who has been trained in the applicable rules and
regulations, is receiving compensation for the work, has knowledge of radio emissions, and can
verify that a site that deviates from the standard product set requirements meets the limitations
of the FCC rules.
1-47
Cisco Aironet 5 GHz WLAN Antennas

The FCC originally required that all radios using the UNII-1 band
(5.15 GHz5.25 GHz) must have non-removable or integrated
antennas
The FCC removed the requirements for integrated antennas in
2004.
Newer radios that support external antennas are now available
FCC allows radios using the UNII-2 band

(5.25 GHz5.35 GHz) to have external or removable antennas
The latest Cisco Aironet 1200 Access Point 802.11a radio uses
all three UNII bands
CWLF v1.0m1-4
The slide discusses the FCC standards that Cisco Aironet products adhere to. The following is
an excerpt from FCC Title 47 Section 15.407:
(d) Any UNII device that operates in the 5.15-5.25 GHz band shall use a transmitting
antenna that is an integral part of the device. NOTE: this was amended in 2004 to permit
use of external antennas in the 5.15-5.25 GHz band.
(e) Within the 5.15-5.25 GHz band, UNII devices will be restricted to indoor operations to
reduce any potential for harmful interference to co-channel MSS operations.
The following is an excerpt from FCC Title 47 Section 15.407:
1-48
(a) Power limits:
(1) For the band 5.15-5.25 GHz, the peak transmit power over the frequency band of
operation shall not exceed the lesser of 50 mW or 4 dBm + 10logB, where B is the
26-dB emission bandwidth in MHz. In addition, the peak power spectral density
shall not exceed 4 dBm in any 1-MHz band. If transmitting antennas of directional
gain greater than 6 dBi are used, both the peak transmit power and the peak power
spectral density shall be reduced by the amount in dB that the directional gain of the
antenna exceeds 6 dBi.
(2) For the band 5.25-5.35 GHz, the peak transmit power over the frequency band of
operation shall not exceed the lesser of 250 mW or 11 dBm + 10logB, where B is
the 26-dB emission bandwidth in MHz. In addition, the peak power spectral density
shall not exceed 11 dBm in any 1-MHz band. If transmitting antennas of directional
gain greater than 6 dBi are used, both the peak transmit power and the peak power
spectral density shall be reduced by the amount in dB that the directional gain of the
antenna exceeds 6 dBi.
FCC Permits Additional 5 GHz Channels
February 2004, the FCC released a revision to the regulations

covering 5 GHz channel usage
Added 11 channels
23 available channels capacity
Current antennas cover these bands
Note
CWLF v1.0m1-5
In order to use the 11 new channels, however, radios must comply with two features that are
part of the IEEE 802.11h specification-Transmitter Power Control (TPS) and Dynamic
Frequency Selection (DFS) DFS dynamically instructs a transmitter to switch to another
channel whenever a particular condition (such as the presence of a radar signal) is met.
Prior to transmitting, a device's DFS mechanism monitors its available operating spectrum,
listening for a radar signal. If a signal is detected, the channel associated with the radar
signal will be vacated or flagged as unavailable for use by the transmitter. The transmitting
device will continuously monitor the environment for the presence of radar, both prior to and
during operation.
Portions of the 5 GHz band are allocated to radar systems; this allows WLANs to avoid
interference with incumbent radar users in instances where they are co-located. Such features
can simplify enterprise installations, because the devices themselves can (theoretically)
automatically optimize their channel reuse patterns.
Transmission power control (TPC) technology has been used in the cellular telephone industry
for many years. Setting the transmit power of the access point and the client adapter can be
useful to allow for different coverage area sizes and, in the case of the client, to conserve
battery life. In devices that have the ability to set power levels, the settings are usually static
and independent of each other (access point and clients). For example, an access point can be
set to a low 5 mW transmit power to minimize cell size, which is useful in areas with high-user
density. The clients will, however, be transmitting at their previously assigned transmit power
settings, which is likely more transmit power than is required to maintain association with the
access point. This results in unnecessary RF energy transmitting from the clients, creating a
higher level than is necessary of RF energy outside the access point's intended coverage area.
With TPC, the client and access point exchange information, then the client device dynamically
adjusts its transmit power such that it uses only enough energy to maintain association to the
access point at a given data rate. The end result is that the client contributes less to adjacent cell
interference, allowing for more densely deployed high-performance WLANs.
As a secondary benefit, the lower power on the client provides longer battery life-less power is
used by the radio.
1-49
The FCC has yet to define a test method for testing compliance to dynamic frequency selection
(DFS) requirements. As a consequence the 11 new channels are not yet available.
Today, the Cisco Aironet RM21A and RM22A 5 GHz radio modules for Cisco Aironet
1130AG Series, 1200 Series, and 1230AG Series Access Points support the 12 channels made
up of the UNII-1, UNII-2, and UNII-3 bands. These devices have the hardware capability to
support the new 11 channels; however, until the FCC releases a test program, the firmware will
not provide the availability to access the additional channels.
1-50
FCC Part 15 Antenna Requirements

Antennas
Must use a unique or proprietary connector
Cisco Aironet products typically use RP-TNC connectors
Some Cisco products designed for professional installation can use
nonproprietary connectors
FCC Part 15 standards

Approved antenna may exceed the regulations of other countries
Exceeding may lead to interference problems
Penalties could result in fines
FCC standards apply to Part 15 users in the United States
Different countries will have similar standards
CWLF v1.0m1-6
The slide presents the FCC standards to which Cisco Aironet products adhere. The following is
an excerpt from FCC Title 47, Section 15.203:
15.203 Antenna Requirement

An intentional radiator shall be designed to ensure that no antenna other than that furnished by
the responsible party shall be used with the device. The use of a permanently attached antenna
or of an antenna that uses a unique coupling to the intentional radiator shall be considered
sufficient to comply with the provisions of this section. The manufacturer may design the unit so
that the user can replace a broken antenna, but the use of a standard antenna jack or electrical
connector is prohibited. This requirement does not apply to carrier current devices or to
devices operated under the provisions of 15.211, 15.213, 15.217, 15.219, or 15.221.
Further, this requirement does not apply to intentional radiators that must be professionally
installed, such as perimeter protection systems, some field disturbance sensors, or to other
intentional radiators. Any other intentional radiators must be measured at the installation site
in accordance with 15.31(d). However, the installer shall be responsible for ensuring that the
proper antenna is employed so that the limits in this part are not exceeded.
1-51
Antenna Concepts
This topic defines antenna gain, directionality, and polarization.
Antenna Concepts
Directionality
Omnidirectional (360 coverage)
Directional (limited range of coverage)
Gain
Measured in dBi and dBd (0 dBd = 2.14 dBi)
More gain means more coverage, in certain directions
Polarization
Antennas used in the vertical polarization
CWLF v1.0m1-7
In order to understand wireless networks, as well as how to set them up and optimize them for
best performance, some knowledge of antennas is essential.
There are some key terms you need to understand, including the following:
1-52
Gain: The amount of increase in energy that an antenna appears to add to an RF signal.
There are different methods for measuring gain, depending on the reference point chosen.
To ensure a common understanding, Cisco Aironet wireless products are standardizing on
dBi (which is gain using a theoretical isotropic antenna as a reference point) to specify gain
measurements. Some antennas are rated in dBd, which uses a dipole-type antenna, instead
of an isotropic antenna, as the reference point. To convert any number from dBd to dBi,
simply add 2.14 to the dBd number.
Polarization: The physical orientation of the element on the antenna that actually emits the
RF energy. An omnidirectional antenna, for example, is usually a vertical polarized
antenna. All Cisco Aironet antennas are set for vertical polarization.
Antenna Gain
Gain is the amount of increase in energy that an
antenna appears to add to an RF signal.
Coverage areas or radiation patterns are measured in
degrees.
These angles are referred to as beamwidth.
Horizontal measurement
Vertical measurement
If the gain of an antenna goes up, the beamwidth

(angle of radiation) goes down.
CWLF v1.0m1-8
In RF, you have to give up something to gain something else. In antenna gain, this comes in the
form of coverage angle, known as beamwidth. Beamwidth is defined as the area or angle in
which the majority of the signal is transmitted. As the gain of an antenna goes up, the
beamwidth angle goes down, allowing further distances to be achieved (at the expense of other
directions). This effect is like focusing a flashlight from a wide (flood) angle (wide beamwidth)
to a sharper, more focused angle (narrow beamwidth), allowing the light to go much farther but
at the cost of its ability to flood or light up in all directions.
1-53
Antenna Theory
A theoretical isotropic
antenna has a perfect
360 vertical
and horizontal
beamwidth.
Reference for all
antennas.
CWLF v1.0m1-9
All FCC rules and all antennas are measured against what is known as an isotropic antenna,
which is a theoretical antenna. This is the basis for all other antennas. The coverage of an
isotropic antenna can be thought of as a balloon. It extends in all directions equally.
1-54
Various Antenna Types

This topic defines various antenna types.
Antenna TheoryDipole
Energy lobes pushed

in from the top and
bottom
Higher gain
Smaller vertical
beamwidth
Side view
(vertical pattern)
Vertical beamwidth
New pattern (with gain)
Larger horizontal lobe
Typical dipole pattern
Top view
(horizontal pattern)
CWLF v1.0m1-10
When an omnidirectional antenna is designed to have gain, it results in loss of coverage in

certain areas.
Imagine the radiation pattern of an isotropic antenna as a balloon, which extends from the
antenna equally in all directions. Now imagine pressing in on the top and bottom of the balloon.
This causes the balloon to expand outward, covering more area in the horizontal pattern, but
reducing the coverage area above and below the antenna. This yields a higher gain because the
antenna appears to extend to a larger coverage area.
The higher the gain on an antenna, the smaller the vertical beamwidth will be.
1-55
High Gain Omnidirectional
More coverage area in

a circular pattern
Energy level directly
above or below the
antenna will become
lower
CWLF v1.0m1-11
If you continue to push in on the ends of the balloon, it results in a pancake effect with very
narrow vertical beamwidth but very large horizontal coverage. This type of antenna design can
deliver very long communications distances, but has one drawbackpoor coverage below the
antenna.
With high-gain omnidirectional antennas, this problem can be partially solved by designing in
something called downtilt. An antenna that uses downtilt is designed to radiate at a slight angle
rather that at 90 degrees from the vertical element. This design does help for local coverage, but
it reduces effectiveness in the long range. Cellular antennas use downtilt. The Cisco Aironet
12-dBi omnidirectional antenna has a downtilt of 0 degrees.
1-56
Directional Antenna
Lobes are pushed in a

certain direction,
causing the energy to
be condensed in a
particular area.
Very little energy is in
the back side of a
directional antenna.
Side View
(Vertical Pattern)
Top View
(Horizontal Pattern)
CWLF v1.0m1-12
A directional antenna design uses the same idea but simply redirects the energy in a single
direction.
Consider one of the adjustable beam focus flashlights. There are only two batteries and one
bulb, but the intensity and width of the light beam can be changed. You can accomplish this by
moving the back reflector and directing the light in tighter or wider angles. As the beam gets
wider, the intensity in the center decreases, and the beam travels a shorter distance.
The same is true of a directional antenna. The same power is reaching the antenna, but by
building the antenna in certain ways, the RF energy is directed in tighter and stronger waves, or
wider and less intense waves, just as with the flashlight.
1-57
Typical Antenna Diagrams

Shown are the E and H planes of a 2.4 GHz antenna
intergraded into an access point.
The E plane shows the back plane effect of the access point.
Azimuth and Elevation Plane Patterns
2.4 GHz Antenna
0
-5
-10
-15
-20
-25
-30
-35
-40
-45
Elevation Plane
Azimuth Plane
CWLF v1.0m1-13
For a vertically-polarized WLAN antenna, the E-plane (elevation plane) usually coincides with
the vertical or elevation plane. The H-plane (horizontal plane) usually coincides with the
horizontal or azimuth plane.
RF propagation patterns are useful to help WLAN designers see how the RF energy
propagates from the antenna. The H-plane shows how the RF energy propagates looking down
on the top of the antenna. This H-plane example shows the antenna has a 360-degree horizontal
coverage pattern.
The E-plane shows how the RF energy propagates looking at the side of the antenna. This Eplane example shows the antennas sphere of influence and the cone of reduced coverage. The
E-plane can be best though of as a doughnut cut in half to show the doughnuts shape, the Eplane shows the shape of the RF propagation produced by the antenna.
The above diagrams show the additional effect that the medal plate on the mounting surface of
the access point plays in the propagation of this Omni antenna. This access point was designed
primarily for ceiling mounting but would be equally effective if wall mounted.
See the IEEE Standard Definitions of Terms for Antennas of the IEEE Std. 145-1983.
1-58
EIRP Rules
This topic defines the maximum power and EIRP rules for 2.4 GHz and 5 GHz radios.
2.4-GHz EIRP Rules for FCC-Governed

Areas
Point-to-multipoint
FCC allows increasing the gain of an antenna/cable system if the transmitter
power is reduced below 30 dBm in a 1:1 ratio.
Reduce transmit power below maximum of 30 dBm by 1 dBm and increase
antenna/cable system gain by 1dBi.
Point-to-point
Maximum of 36 dBm EIRP
Installations30 dBm maximum transmitter power with 6 dBi in gain
attributed to antenna and cable combination
FCC allows exceeding the 36 dBm EIRP in point-to-point

installations using the 3:1 rule
Reduce transmit power below maximum of 30 dBm by 1 dBm and increase
antenna/cable system gain by 3 dBi
CWLF v1.0m1-14
The slide illustrates the FCC standards to which Cisco Aironet products adhere. The following
is an excerpt from FCC Title 47, Section 15.247:
(b) The maximum peak output power of the intentional radiator shall not exceed the
following:
(1) For frequency hopping systems in the 24002483.5 MHz band employing at
least 75 hopping channels, all frequency hopping systems in the 57255850 MHz
band, and all direct sequence systems: 1 watt. For all other frequency hopping
systems in the 24002483.5 MHz band: 0.125 watts.
(3) if transmitting antennas of directional gain greater than 6 dBi are used, the
peak output power from the intentional radiator shall be reduced below the stated
values in paragraphs (b)(1) or (b)(2) of this section, as appropriate, by the amount
in dB that the directional gain of the antenna exceeds 6 dBi. Systems operating in
the 24002483.5 MHz band that are used exclusively for fixed, point-to-point
operations may employ transmitting antennas with directional gain greater than 6
dBi provided the maximum peak output power of the intentional radiator is reduced
by 1 dB for every 3 dB that the directional gain of the antenna exceeds 6 dBi.
1-59
2.4-GHz EIRP Rules for FCC-Governed

Areas (Cont.)
Point-to-Multipoint
FCC Maximum
Cisco Maximum
Transmitter
Power
Transmitter
dBm
Maximum
Gain
EIRP
1W
30 dBm
6 dBi
36 dBm
100 mW
20 dBm
16 dBi
36 dBm
The above values reflect the 1:1 rule
Point-to-Point
Transmitter
Power
Transmitter
dBm
1W
30 dBm
6 dBi
36 dBm
100 mW
20 dBm
36 dBi
56 dBm*
FCC Maximum
Cisco Maximum
*This can theoretically be true but it has not
been certified for use with Cisco products.
Maximum
Gain
EIRP
CWLF v1.0m1-15
The EIRP of a transmitter is the power the transmitter appears to have if the transmitter were an
isotropic radiator (if the antenna radiated equally in all directions). By virtue of the gain of a
radio antenna (or dish), a beam is formed that preferentially transmits the energy in one
direction. The EIRP is estimated by adding the gain (of the antenna) and the transmitter power
(of the radio) shown in this equation:
EIRP = transmitter power + antenna gain - cable loss
When using radio equipment, there are limits on the output of the system. These limits are
given as EIRP, and must not be exceeded. Different countries have different standards. Check
with authorities in the country of installation to determine maximum EIRP.
The output of the radio is measured in dBm (decibels per milliwatt). The slide illustrates a table
listing the dBm ratings for the various output levels available with the Cisco Aironet wireless
equipment. The slide also shows the resulting EIRP when used with a 6-dBi patch antenna.
The maximum EIRP allowed by the FCC for a Part 15 2.4-GHz device in the United States is
36 dBm. The standards are different for specific point-to-point systems. However, this course is
focused on WLANs that would be considered point-to-multipoint solutions. As a result, the
maximum EIRP allowed must not exceed 36 dBm and the maximum gain on an antenna must
not exceed 16 dBi (for the United States) unless installed by a professional installer.
Note
1-60
The highest gain antenna approved by Cisco is the 21-dBi parabolic antenna.
2.4 GHz EIRP Rules for

ETSI-Governed Countries
Currently ETSI stipulates a maximum of 20 dBm EIRP on
point-to-multipoint and point-to-point installations17 dBm
maximum transmitter power with 3 dBi in gain attributed to
antenna and cable combination.
Professional installers are allowed to increase the gain of an
antenna/cable system if the transmitter power is reduced
below 17 dBm in a 1:1 ratio.
Reduce transmit power below maximum of 17 dBm by 1 dBm
and increase antenna/cable system gain by 1 dBi.
CWLF v1.0m1-16
The slide illustrates the ETSI standards to which Cisco Aironet products adhere. The following
is an excerpt from the document ETSI EN 300 328-1 V1.2.2 (2000-07):
5.2 Transmitter parameter limits
5.2.1 Effective radiated power
The effective radiated power is defined as the total power of the transmitter and
is calculated according to the procedure given in sub clause 7.2.1. The effective
radiated power shall be equal to or less than 10 dBw (100 mW) EIRP. This
limit shall apply for any combination of power level and intended antenna
assembly.
5.2.2 Peak Power Density
The peak power density is defined as the highest instantaneous level of power in
Watts per Hertz generated by the transmitter within the power envelope. For
equipment using FHSS modulation, the power density shall be limited to 10
dBw (100 mW) per 100 kHz EIRP. For equipment using other types of
modulation, the peak power shall be limited to 20 dBw (10 mW) per MHz
EIRP.
1-61
2.4-GHz EIRP Rules for Non-FCC-Governed

Bodies
Governing bodies with 20-dBm ceiling on EIRP:
ETSI, France/Singapore, Israel, Mexico
Point-to-Multipoint and Point-to-Point

Transmitter
Power
Transmitter
dBm
Maximum
Gain
EIRP
Gov. Body Maximum
50 mW
17 dBm
3 dBi
20 dBm
Cisco Integrated Antennas
50 mW
17 dBm
2.2 dBi
19.2 dBm
Reduced Tx Power
30 mW
15 dBm
5 dBi
20 dBm
Reduced Tx Power
20 mW
13 dBm
7 dBi
20 dBm
Reduced Tx Power
5 mW
7 dBm
13 dBi
20 dBm
Reduced Tx Power
1 mW
0 dBm
20 dBi
20 dBm
CWLF v1.0m1-17
The EIRP of a transmitter is the power the transmitter appears to have if the transmitter were an
isotropic radiator (if the antenna radiated equally in all directions). By virtue of the gain of a
radio antenna (or dish), a beam is formed that preferentially transmits the energy in one
direction.
When using radio equipment, there are limits on the output of the system. These limits are
given as EIRP, and must not be exceeded. Different countries will have different standards.
Check with authorities in the country of installation to determine maximum EIRP.
The output of the radio will be measured in dBm (decibels per milliwatt). The slide lists the
dBm ratings for the various output levels available with the Cisco Aironet wireless equipment
and the resulting EIRP when used with different antennas.
The maximum EIRP allowed for a 2.4-GHz device in France, Singapore, Israel, Mexico, and
ETSI is 20 dBm. The standards are different for specific point-to-point systems. However, this
class is focused on WLANs that would be considered point-to-multipoint solutions, so the
maximum EIRP allowed must not exceed 20 dBm and the maximum gain on an antenna must
not exceed 20 dBi.
1-62
Conducted and Radiated Power Levels in

the UNII-1,-2, and -3 Bands
5 GHz
5.15 5.25 5.35
UNII
4 Channels 4 Channels
Bands
UNII-2
UNII-1
Conducted Power
5.725
BR1410
5.825
4 Channels
UNII-3
1 W (30 dBm)
40 mW
250 mW
(16 dBm) (24 dBm)
P2MP hub
Antenna Gain
Radiated Power
6 dBi
22 dBm
158 mW
6 dBi, 36 dBm EIRP
6 dBi
30 dBm
1W
P2P and
Non-root P2MP
23 dBi, 53 dBm EIRP
UNII-1: Indoor Use, fixed or remote antenna

UNII-2: Indoor/Outdoor Use, fixed or remote antenna
UNII-3: Outdoor Bridging Only
CWLF v1.0m1-18
The Effective Isotropic Radiated Power (EIRP) is the radio energy radiated from an antenna.
The EIRP is usually expressed in watts (W) or millidecibels (dBm). To enable fair sharing of
the unlicensed band, regulatory domains impose maximum EIRP levels.
Directional antennas, such as Yagi and parabolic dishes, can shape the signal from the
transmitter so that it appears stronger in a particular direction (much the same as the reflector
on a flashlight strengthens a light beam). This is known as antenna gain.
The EIRP is a measure of the power output of the antenna. It includes the antenna gain and
cable loss as well as the output of the transmitter.
The UNII-2 band is intended for wireless bridging for both indoor and short-range outdoor
applications. UNII-3 band, with far greater transmission power and antenna gain allowances, is
preferable for longrange outdoor wireless bridging. To facilitate outdoor wireless bridging,
the regulations allow connectors, cables, and auxiliary antennas for both of these bands. The
EIRP allowed in the UNII-3 band is 4 W (36 dBm), which is much more than the radiated
power of 1 W (30 dBm) allowed in the UNII-2 band.
Conducted and radiated power levels for the different bands include the following:
US
Japan
Europe
Frequency
UNII-1 Max PWR
50 mW
50 mW
200 mW
5.15 5.25
UNII-1 EIRP
22 dBm
22 dBm
23 dBm
UNII-2 Max PWR
250 mW
UNII-2 EIRP
29 dBm
5.25 5.35
HiperLAN Max PWR
200 mW
HiperLAN EIRP
22 dBm
UNII-3 Max PWR

1W
5.25 5.35
5.725 5.825
1-63
UNII-3 EIRP P to MP
36 dBm
UNII-3 EIRP P to P
53 dBm
Cisco Aironet 1400 Series Bridge uses a maximum peak power of 250 mW or 24 dBm.
1-64
5-GHz EIRP Rules for FCC-Governed Areas

Point-to-Multipoint
Transmitter Power
Antenna
EIRP
30 dBm
6 dBi
36 dBm
29 dBm
7 dBi
36 dBm
28 dBm
8 dBi
36 dBm
27 dBm
9 dBi
36 dBm
The above values 20

reflect
dBm the 1:1 rule 16 dBi
36 dBm
FCC Maximum
Cisco Maximum
Point-to-Point
FCC Maximum
Cisco Maximum
FCC Approved
Transmitter Power
Antenna
EIRP
30 dBm
23 dBi
53 dBm
29 dBm
24 dBi
53 dBm
28 dBm
25 dBi
53 dBm
27 dBm
26 dBi
53 dBm
21 dBm
28 dBi
49 dBm

*This can theoretically be true but it has not been certified for use with Cisco products.
CWLF v1.0m1-19
In the US the rules have a clause for point-to-point systems. For a multipoint transmitter the
EIRP is 36 dBm or for a point-to-point transmitter the EIRP is 53 dBm. This means that the
power must be backed off to prevent high peaks from being clipped
1-65
Lesson Self-Check
Q1)
A 2.14-dBi antenna rating is the same as a 3.28-dBd antenna rating. True or

False?(Source: Antenna Concepts)
A)
B)
Q2)
An antenna with more gain is always better. True or False? (Source: High Gain
Omnidirectional)
A)
B)
Q3)
True
False
What is the maximum EIRP for 2.4 GHz point to multipoint in the United States?
(Choose one.) (Source: )
A)
B)
C)
D)
1-66
True
False
30 dBm
36 dBm
20 dBm
17 dBm

Q1)
Q2)
Q3)
1-67
Summary
Summary
In this lesson we learned antennas are used to propagate an RF
signal, different antennas have different radiation patterns.
We learned that EIRP is the Effective Isotropic Radiated Power. A
term for expression of the performance of an antenna in a given
direction relative to the performance of a theoretical (isotropic)
antenna and is expressed in watts. EIRP is the sum of the power
sent to the antenna plus antenna gain.
We discussed recent 2004 FCC rule changes and how they apply to
antennas and amplifiers.
We defined the purpose of an isotropic antenna and why it is used
as a reference for other antennas.
CWLF v1.0m1-21
In this lesson we learned antennas are used to propagate an RF signal, different antennas have
different radiation patterns.
We learned that EIRP is the Effective Isotropic Radiated Power. A term for expression of the
performance of an antenna relative to the performance of a theoretical (isotropic) antenna and is
expressed in watts. EIRP is the sum of the power sent to the antenna plus antenna gain.
We discussed recent 2004 FCC rule changes and how they apply to antennas and amplifiers.
We defined the purpose of an isotropic antenna and why it is used as a reference for other
antennas.
1-68
Module Summary
This topic summarizes the key points that were discussed in this module.
Module Summary
In this module, we discussed the Industrial Scientific Medical
Band (ISM). We also discussed the Unlicensed National
Information Infrastructure (UNII).
We defined Effective Isotropic Radiated Power (EIRP).
We described the various modulation techniques used by
IEEE 802.11a, b, and g.
We described the causes and frequency of multipath
distortion.
We defined the purpose of an isotropic antenna and why it is
used as a reference for other antennas.
CWLF v1.0m1-1
In this module, we discussed the Industrial Scientific Medical Band (ISM). We also discussed
the Unlicensed Information Infrastructure (UNII). We defined Effective Isotropic Radiated
Power (EIRP). We described the various modulation techniques used by IEEE 802.11a, b, and
g. We described the causes and frequency of multipath distortion. We defined the purpose of an
isotropic antenna and why it is used as a reference for other antennas.
Cisco Aironet WLAN Overview
1-69
1-70
Cisco Wireless LAN Fundamentals (CWLF)
Module 2

Overview
This module describes the basics of the Cisco Aironet wireless LAN products and how they
compare to each other.
Module Objectives
Upon completing this module, you will be able to describe detailed technical features,
functions, and benefits of the WLAN product offerings available from Cisco. This ability
includes being able to meet these objectives:
Identify key features and uses of access points, bridges and antenna products used in a
WLAN
Identify the best client adapter product
Able to match the appropriate feature with the proper management device
Describe the importance of that feature for a WLAN features
2-2
Lesson 1
Describing Wireless LAN

Access Points, Bridges
Antennas and Accessories
Overview
This lesson describes the basics of the Cisco Aironet wireless LAN (WLAN) products and how
they compare to each other.
Objectives
Upon completing this lesson, you will be able to identify key features and uses of access points,
bridges and antenna products used in a WLAN. This ability includes being able to meet these
objectives:
List Cisco WLAN mobile access products categories
Describe features and functionality of the Cisco Aironet 1240AG, 1230AG, and 1200
Series Access Point
Describe the 1500 Series wireless bridge product features and functionality
Describe the 1300 Series access point and bridge product features and functionality
Describe the differences between the Cisco Aironet access points
Describe the 1400 Series wireless bridge product features and functionality
Describe the power requirements of Aironet access points and bridges
Explain the purpose of power injectors
Describe the various 2.4-GHz antennas available from Cisco
Describe the various 5-GHz antennas available from Cisco
Platform Overview
This topic list Cisco wireless LAN (WLAN) mobile access products categories.
Proven Platform for Mobile Access

Features
Indoor Access Points
Industrys best range and

throughput
Enterprise class security
Multiple configuration options
Simultaneous air monitoring and
traffic delivery
Wide area networking for outdoor
areas
Benefits
Zero-touch management
1130AG
1000 Series
Indoor Rugged Access Points
1240AG
1230AG
Outdoor Access Points/Bridges
No dedicated air monitors

Supports indoor and outdoor
deployment scenarios
1500
1400
1300
CWLF v1.0m2-2
Cisco offers different access points and bridges for different physical environments, not a One
Size Fits All product line. In addition to lightweight and autonomous access points, Cisco has
integrated access points into the Integrated Service Routers (ISR) with either built-in or access
point network modules depending on the ISR model.
All Cisco Aironet lightweight access points connect to Cisco Wireless LAN Controllers, so
customers can mix-and-match access points within their network, yet still takes advantage of all
the rich Cisco Unified Wireless Network capabilities in an integrated manner. Autonomous
access points are manageable via CiscoWorks Wireless LAN Solution Engine (WLSE) or
CiscoWorks WLSE Express.
Cisco has products for the carpeted enterprise, rugged environments and challenging
environments such as the outdoors. For example:
Cisco Aironet 1130AG Series Access point are for the carpeted enterprise that has little
environmental variability and operates within a controlled environment.
Cisco Aironet 1240AG Series Access Point is for challenging environments that need a
rugged enclosure such as manufacturing, loading docks, and warehouses.
Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access Point for cost-effective, scalable
deployment of secure outdoor wireless LANs for network connections within a campus area,
outdoor infrastructure for mobile users or public access for outdoor areas. The 1500 Series
supports auto-configuring and self-healing wireless mesh deployments.
Cisco Aironet 1300 Series Outdoor Access Point/Bridge or Cisco Aironet 1400 Series Wireless
Bridges offer high-speed, high-performance outdoor bridging for line-of-sight applications.
They both have a rugged enclosure optimized for harsh outdoor environments with extended
operating temperature range. Both are available in an autonomous version only.
2-4
Cisco Aironet 1300 Series Outdoor Access Point and Bridge can be deployed as an autonomous
access point, bridge, or workgroup bridge. It has a rugged enclosure and provides high-speed
and cost effective wireless connectivity between multiple fixed or mobile networks and clients.
2-5
Cisco Aironet 1130AG Series Access Point

Dual-band 802.11a/b/g access
point
Integrated antennas
Lightweight and autonomous
versions available
802.11i/WPA2 compliant
Designed for offices and
similar environments
Local and inline power
support (IEEE 802.3af and
Cisco inline power)
Low-profile enterprise-class access point with integrated antennas for
easy deployment in offices and similar RF environments
CWLF v1.0m2-3
The Cisco Aironet 1130AG Series packages high-capacity, high-security and enterprise-class
features delivering WLAN access for a low total cost of ownership. Designed for wireless LAN
coverage in offices and similar RF environments, this unobtrusive access point features
integrated antennas and dual IEEE 802.11a/g radios for robust and predictable coverage,
delivering a combined capacity of 108 Mbps. The competitively priced Aironet 1130AG Series
access point is ready to install and easy to manage, reducing the cost of deployment and
ongoing maintenance. The device is available in either a lightweight version, or as an
autonomous version that may be field-upgraded to lightweight operation.
AIR-AP1131AG-x-K9 (Cisco IOS software)
AIR-LAP1131AG-x-K9 (LWAPP)
Note
2-6
The Cisco Aironet 1130AG Series may be ordered with Cisco IOS software to operate as an
autonomous access point or with Lightweight Access Point Protocol (LWAPP). When the
1130AG is operating as a lightweight access point a WLAN controller is required.
Cisco Aironet Indoor Rugged Access Points

This topic describes features and functionality of the Cisco Aironet 1240AG, 1230AG, and
1200 Series Access Point.
Cisco Aironet Indoor Rugged Access Points

Designed for challenging RF environments such as factories and warehouses and above
suspended ceilings in offices and similar environments
Cisco Aironet 1240AG Series
New!
Improved Range, Deployment

Flexibility and Cost Savings:
2nd Generation dual-band
integrated radios
4 power options including
IEEE 802.3af
32 MB memory, 16 MB storage
High Capacity
Dual band delivers up to
108 Mbps data rates
(single-band 54 Mbps)
Investment Protection
Lightweight and
Autonomous versions
available
Deployment Flexibility
Cisco Aironet 1200 Series

1st Generation dual-band AP
No 802.3af support
16 MB memory, 8 MB storage
Single-band 802.11g AP
No 802.3af support
Upgradable to dual-band
802.11a/g
Rugged Metal Case, and

UL2043 rated for
plenum placement
Connectors for a variety
of both 2.4 and
5 GHz antennas
Robust WLAN Security
WPA and IEEE 802.11i/
WPA2 Compliant
CWLF v1.0m2-4
Cisco Aironet 1240AG Series IEEE 802.11a/b/g Access Points deliver the versatility, highcapacity, security, and enterprise-class features demanded by WLAN customers. It is designed
specifically for challenging radio frequency (RF) environments such as factories, warehouses,
and large retail establishments that require the antenna versatility associated with connectorized
antennas, a rugged metal enclosure, and a broad operating temperature range. The Aironet
1240AG Series provides local as well as inline power, including support for IEEE 802.3af
Power over Ethernet (PoE).
Cisco Aironet 1230AG Series Access Point-The 1230AG Series is a pre-configured dual band
version of the 1200 Series providing support for 802.11a and 802.11g. This first generation
dual band device does not provide the same performance and support for 802.3af PoE as does
the 1240AG Series.
Cisco Aironet 1200 Series Access Point- Offers the same versatility, high capacity, security,
and enterprise-class features demanded by industrial wireless LAN customers in a single-band
802.11g solution. The modular device provides the flexibility to field upgrade to a dual-band
802.11a/g network by adding a CardBus-based 802.11a upgrade module that can be easily
installed into Cisco Aironet 1200 Series access points originally configured for 802.11g.
2-7
Part Number
Product Description
AIR-AP1231G-A-K9
802.11g Modular IOS access point; RP-TNC; Avail

CardBus Slot; Federal Communications Commission
(FCC) configuration
AIR-LAP1231G-A-K9
802.11g Modular LWAPP access point; RP-TNC; Avail

CardBus Slot; FCC configuration
Integrated diversity antennas. Requires Cisco IOS Software Release 12(3)2JA or later.
AIR-RM21A-A-K9
Americas (FCC) configuration
Dual RP-TNC connectors. Antennas sold separately. Requires Cisco IOS Software Release
12(3)2JA or later.
AIR-RM22A-A-K9
2-8
Americas (FCC) configuration
1500 Series Wireless Outdoor Mesh Access

Points
This topic describes the 1500 Series wireless bridge product features and functionality.
Cisco Aironet 1500 Series Lightweight Outdoor

Mesh Access Points
LWAPP communicates controller
load to access points
Dynamic channel assignment and
Automatic channel reassignment
Automatic switch over to
alternate controller
Architecture ready for enhancing
capacity
16 MB SSIDs supported
802.11e QoS capable
Link testing and troubleshooting
via controller or WCS
Lightweight outdoor mesh access

point enables cost-effective,
scalable deployment of secure
outdoor wireless LANs.
Ethernet port for connecting

peripheral devices
CWLF v1.0m2-5
The Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access Points enable cost-effective,
scalable deployment of secure outdoor WLANs.
With dual-band, simultaneous support for IEEE 802.11a and 802.11b/g standards, the Cisco
Aironet 1500 Series employs a patent-pending Adaptive Wireless Path Protocol to form a
dynamic wireless mesh network between remote access points, and delivers secure wireless
access to any Wi-Fi compliant client.
The Cisco Aironet 1500 Series operates with Cisco Wireless LAN Controllers and Cisco WCS
software, centralizing key functions of wireless LANs to provide scalable management,
security, and mobility that is seamless between indoor and outdoor deployments.
Designed to support zero-configuration deployments, the Cisco Aironet 1500 Series easily and
securely joins the mesh network, and is available to manage and monitor the network through
the controller and WCS graphical or command-line interfaces (CLIs). Compliant with Wi-Fi
Protected Access 2 (WPA2) and employing hardware-based Advanced Encryption Standard
(AES) encryption between wireless nodes, the Cisco Aironet 1500 Series provides end-to-end
security.
Cisco Aironet 1500 Series Outdoor Mesh Access Point part numbers include:
AIR-LAP1510AG-A-K9 - Cisco Aironet 1510AG Lightweight Outdoor Mesh Access

Point, Federal Communications Commission (FCC) configuration.
AIR-LAP1510AG-N-K9 - Cisco Aironet 1510AG Lightweight Outdoor Mesh Access

Point, Non-FCC configuration, Non-FCC configurations are for countries where regulatory
agencies other than the FCC control the requirements for WLAN equipment.
2-9
1300 Series Access Point and Bridge

This topic describes the 1300 Series access point and bridge product features and functionality.
Cisco Aironet 1300 Series Outdoor Access

Point/Bridge
Multifunction:
Access point
Bridge
Workgroup bridge
Cisco IOS (Autonomous)
802.11g - 54 Mbps at 2.4 GHz

20 miles range at 11 Mbps
Outdoor enclosure
Integrated antenna
Vertical polarization
13 dBi gain
36 E-plane by 38 H-plane
Dual RP-TNC connectors for

external antennas
RP-TNC connectors
for remote antennas
Integrated
13 dBi antenna
Single-band 802.11b/g outdoor access point or bridge ideal for outdoor areas, network
connections within a campus area, or outdoor infrastructure for mobile networks
CWLF v1.0m2-6
The Cisco Aironet 1300 Series Outdoor Access Point/Bridge is an 802.11g access point and
bridge that provides high-speed and cost effective wireless connectivity between multiple fixed
or mobile networks and clients. Building a metropolitan area wireless infrastructure with the
Cisco Aironet 1300 Series provides deployment personnel with a flexible, easy to use solution
that meets the security requirements of wide-area networking professionals.
The Cisco Aironet 1300 Series supports the 802.11g standard, providing 54-Mbps data rates
with a proven, secure technology while maintaining full backward compatibility with legacy
802.11b devices. Based on Cisco IOS software, the Cisco Aironet 1300 Series provides
advanced features such as fast secure roaming, quality of service (QoS), and virtual LANs
(VLANs).
The flexibility of the Cisco Aironet 1300 Series allows it to operate as a wireless bridge, access
point, or a workgroup bridge.
The Cisco Aironet 1300 Series Outdoor Access Point/Bridge part numbers include:
2-10
AIR-BR1310G-x-k9: Air interface (integrated directional antenna)
AIR-BR1310G-x-k9-R: Two RP-TNC type connectors for external antennas
Cisco Aironet Access Point Comparisons

This topic describes the differences between the Cisco Aironet access points.
Access Point Comparison
CWLF v1.0m2-7
As wireless LAN usage has evolved from basic transport for largely transactional applications,
so have the feature expectations of wireless LAN users and administrators. This evolution has
evolved, however, on a segment-by-segment, customer-by-customer basis. It is critical for
Cisco to provide differing feature sets to best fit differing customer requirements. Given that
customer requirements can evolve during the lifetime of a wireless LAN deployment, it is also
necessary to provide a means of smoothly upgrading this feature set for the installed base of
products with minimal disruption to network operations.
Cisco's advanced wireless LAN feature set offers the features required for most enterprise
deployments. Some deployments may not yet require these advanced capabilities. To address
these evolving requirements, customers can select either access points preconfigured for
lightweight operation and the advanced feature sets, or can upgrade autonomous access points
in the field to lightweight operation. With Cisco, customers can choose the feature set that is
right for them at the time that it is right for them. The figure provides a summary of the
operational capabilities of various Cisco Aironet access points.
2-11
Access Point Comparison (Cont.)

Cisco Series
1000 Series
1100 Series
1130AG Series
1200 Series
1230AG Series
1240AG Series
1300 Series
1500 Series
802.11g
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
802.11a
Yes
No
Yes
Optional
Yes
Yes
No
Yes
CWLF v1.0m2-8
In just a few years, WLANs have evolved from proprietary systems with sub-Mbps capabilities
to standardized offerings operating at as much as a combined data rate of 108 Mbps. These high
data rates are available in both the 2.4 GHz band with 802.11g technology and the 5 GHz band
with 802.11a technology. 802.11g offers backward compatibility with 802.11b devices, but is
limited to three nonoverlapping channels in the 2.4 GHz band. 802.11a provides no backward
compatibility but supports as many as 23 channels (depending upon local regulations). To
provide both backward compatibility and high-capacity, WLAN client vendors are migrating to
dual-band 802.11a/g-capable client devices. In 2006, 802.11a/g devices are expected to become
the predominant type for embedded and aftermarket client adapters designed for laptops,
desktops, and even PDAs. Over time, these dual-band capabilities are expected to extend to
almost every WLAN client device, including application-specific devices like voice handsets,
barcode scanners, and radio frequency identification (RFID) scanners.
Deploying an infrastructure that takes full advantage of the expanding capabilities of the client
base makes sense if capacity is currently an issue or is expected to become an issue during the
useful life of the infrastructure devices. Given the rapid expansion of wireless-enabled devices,
increasing capacity requirements are likely to apply to most WLAN installations. For this
majority of applications, access points that support both 802.11a and 802.11g represent a better
long-term value, particularly given their low price premium relative to single-band devices. For
the few applications that are not expected to present capacity issues in the near term, customers
can choose single-radio access points. The table above summarizes which Cisco access points
support 802.11a and 802.11g.
Physical Security
Regardless of the mounting type selected for the indoor access point, the access point can be
secured with a Kensington MicroSaver Security Cable. If required, use any MicroSaver
Security Cable to attach either side of your access point to a solid beam, pipe, or support.
2-12
Access Point Comparison (Cont.)
CWLF v1.0m2-9
The table provides a summary of the Cisco Aironet access points that are best suited for
different environments.
Cisco Aironet Access Points for Different Environments
Cisco Series
Offices and Similar

Environments
Challenging Indoor
RF Environments
Outdoors
1000 Series
model 1010*
Recommended*
Not recommended
Not recommended
1000 Series
model 1020*
Recommended1 (AP1020
Recommended*(Model 1030 for
or AP1030 [for remote
branch offices)
offices])
Not recommended
1100 Series
Recommended**
Not recommended
Not recommended
1130AG Series
Ideal
Not recommended
Not recommended
1200 Series
Recommended***
Recommended
Recommended****
1230AG Series
Recommended***
Recommended
Recommended****
1240AG Series
Recommended***
Ideal
Recommended****
1300 Series
Not recommended
Not recommended
Ideal**
1500 Series
Not recommended
Not recommended
Ideal*
* For lightweight deployment only.

** For autonomous deployment only.
*** Particularly for deployments above suspended ceilings.
**** Can be deployed outdoors when deployed in a weatherproof NEMA-rated enclosure.
2-13
1400 Series Wireless Bridge

This topic describes the 1400 Series wireless bridge product features and functionality.
Cisco Aironet 1400 Series Wireless Bridge

High-speed/high-performance
Outdoor bridging solution for
line-of-sight applications
Cost-effective license free
alternative to leased lines
802.11a, 5.8 GHz UNII-3 band
Cisco IOS Software
(Autonomous)
Point-to-point and point-tomultipoint
Outdoor NEMA-4 weatherproof
enclosure
One N-type connector for external
antenna connection
Wireless link distance adjustment
With integrated
22.5 dBi antenna
With connector for

remote antennas
Range = 12 miles at 54 Mbps

Line-of-sight
23 miles at 9 Mbps
CWLF v1.0m2-10
The Cisco Aironet 1400 Wireless Bridge creates a new benchmark for wireless bridging by
providing a high-performance and feature-rich solution for connecting multiple LANs in a
metropolitan area. Building a metropolitan area wireless infrastructure with the Cisco Aironet
1400 provides deployment personnel with a flexible, easy to use solution that meets the security
requirements of wide area networking professionals. Designed to be a cost-effective alternative
to leased lines, it is engineered specifically for harsh outdoor environments.
The Aironet 1400 Wireless Bridge is the premier high-speed, high-performance outdoor
bridging solution for line-of-sight applications, providing features such as:
Support for both point-to-point or point-to-multipoint configurations
Industry-leading range and throughput, supporting data rates up to 54 Mbps
Enhanced security mechanisms based on IEEE 802.11 standards
Rugged enclosure optimized for harsh outdoor environments with extended operating
temperature range
Models with integrated antennas or models with connectors (must purchase an antenna,
which are sold separately) for flexibility in deployment
Designed specifically for ease-of-installation and operation
Operating Temperature (-30 to 55C or -22 to 131F)
The Cisco Aironet 1400 Wireless Bridge part numbers include:
2-14
AIR-BR1410A-x-K9 (Integrated Antenna)
AIR-BR1410A-A-K9-N (External Antenna with N-style connector. FCC only)
Powering Options for Access Points and Bridges

This topic describes the power requirements of Aironet access points and bridges.
Power Options
IEEE 802.3af inline power

Cisco pre-standard inline

power
Cisco Aironet 1240AG, 1230AG
and 1200 Series
Local Power Module

Cisco Aironet 1240AG, 1230AG
and 1200 Series
AC Streetlight Power Tap

Power Injector Required

CWLF v1.0m2-11
Power requirements of Aironet access points and bridges

Inline power support (Cisco pre-standard and 802.3af)
Cisco Aironet 1100 Series Access Point
Inline power support (Cisco pre-standard)
Cisco Aironet 1000 Series Lightweight Access

Point Model 1010
Inline power support (802.3af)
Inline power support (Cisco pre-standard and 802.3af)
Inline power support (Cisco pre-standard)
Cisco Aironet 1200 Series Access Point
Cisco Aironet 1000 Series Lightweight Access

Point Model 1020

Point/Bridge
Inline power support (Cisco pre-standard) Requires

Power injector LR2 style with 2 F connectors
Cisco Aironet 1400 Series Outdoor Bridge
Inline power support (Cisco pre-standard) Requires

Power injector LR style with 2 F connectors
Cisco Aironet 1500 Series Lightweight Outdoor

Mesh Access Point
Inline power support (802.3af) Requires Cisco

Aironet 1500 Series power injector and Cisco Aironet
1500 Series outdoor Ethernet cable.
AC power - Cisco Aironet 1500 Series streetlight
power tap
2-15
Power Injectors for Access Points

This topic explains the purpose of power injectors.
Cisco Aironet Pre-Standard Power Injectors

Power Injector
Cisco prestandard power over
Ethernet
AP1100/1130/1200/1230/1240
New design provides enhanced
cable and device organization
Power Injector Media

Converter
Fiber uplink
Ideal for factories, warehouses,
and other large facilities with few
wiring closets
Support for alternative DC power
source
Certified for UL 2043 for
installation in environmental air
spaces
CWLF v1.0m2-12
The single-port Cisco Aironet power injectors combine 48-VDC power with the data signal,
sending both to the Cisco Aironet access point or bridge. The power injector for Cisco Aironet
1100 and 1200 series access points (AIR-PWRINJ3) works with the power supply provided
with the access point.
The Cisco Aironet Power Injector Media Converter (AIR-PWRINJ-FIB) converts fiber media
to Category 5 media and combines the resulting data signal with power for delivery to the
access point or bridge. The power injector media converter accepts 48-VDC power from either
the barrel connector of the local power supply or an alternative 48-VDC power source. When
powered by an alternate 48-VDC power source connected using the provided power supply
pigtail, the Power Injector Media Converter is UL 2043 certified and suitable for installation in
environmental air spaces. The local power supply is provided with the Cisco Aironet 1100 and
1200 series access points.
2-16
Cisco Aironet 802.3af Power Injectors

AIR-PWRINJ-1000AF
Optional Single 802.3af Inline Power over Ethernet Injector
90-250 VAC

AIR-PWRINJ1500
100240 VAC
CWLF v1.0m2-13
The AIR-PWRINJ-1000AF provides 802.13af inline PoE. It accepts 100-240 VAC and
outputs 48-VDC.
The AIR-PWRINJ1500 power injector converts AC power into DC power and sends it along
with the Ethernet signal to the access point in accordance with 802.13af standards. It is
designed to be used along with the Cisco Aironet 1500 Series Outdoor Ethernet Cable (AIRETH1500-150) to power the Cisco Aironet 1500 Series Mesh Access Point. Do not use any
power injector other than the one specified here to power the Cisco Aironet 1500 Series Mesh
Access Point.
2-17
Cisco Aironet 1500 Series Power Options

Industrial grade power supply
Local AC power (95 260 VAC, 47 to 63 Hz)
Street Light Power Tap - AIR-PWR-ST-LT-TAP
DC power over CAT 5 (48-VDC)
48 volt DC/Ethernet
AC Power
CWLF v1.0m2-14
The rooftop outdoor access point receives inline power from the Cisco Aironet Power Injector
or from a 110- to 220-VAC power source.
The street light adapter uses a 3-prong NEMA twist-lock adapter that installs between the
outdoor lighting control and its fixture. The NEMA twist-lock adapter is designed to be used
with UL 773 listed outdoor lighting controls operating at and rated for 100 and 240 VAC 50/60
Hz.
When powered by 100- to 240-VAC 50/60 Hz, connect this equipment only to a twist-lock
outdoor lighting control. Do not connect it to a twist-lock outdoor lighting control powered by
higher voltages.
When powering the product with AC power other than the street lamp power option the
power plug should be installed:
Where it can be conveniently accessed to de-energize power from the unit. Power should
not be removed by disconnecting the AC power connector at the equipment itself, and
Where it is not subjected to water or the outdoor elements. This may be accomplished by
the use of UL Listed power receptacles, such as Ground-Fault Circuit Interrupter (GFCI)s,
provided with UL Listed waterproofing covers suitable for covering the receptacle and
plugs with the plugged in equipment in use.
When installing the Cisco-supplied street light adapter to the outdoor access point AC Power
Connector, ALWAYS connect the outdoor access point end of the cable FIRST. When
removing the Cisco-supplied street light adapter, ALWAYS disconnect the outdoor access
point end of the cable LAST.
2-18
Cisco Aironet 1300/1400 Series Power
Cisco Aironet Power Injector LR2
Cisco Aironet Power Injector LR
CWLF v1.0m2-15
Cisco Aironet Power Injector LR2 for the 1300 Series Access
Point/Bridge
The power injector converts the standard 10BASE-T and 100BASE-T Ethernet category 5 (Cat
5) RJ-45 interface that is suitable for weather-protected areas to a dual F-Type connector
interface for dual coaxial cables that are more suitable for harsh outdoor environments. While
providing a 100BASE-T interface to the Cisco Aironet 1300 Series, the power injector also
provides power to the unit over the same cables with a power-discovery feature that protects
other appliances from damage should they accidentally be connected. As an added benefit to
the installer, the automatic medium-dependent interface crossover (Auto-MDIX) feature is built
in, allowing the dual cables to be swapped while maintaining the same capability. To support
longer cable runs from your network switch or router, the power injector is designed to
accommodate up to a 100 meter coaxial cable run plus 100 meters of indoor Cat 5 cable,
enabling total cable runs up to 200 meters. Lightning and surge protection is also included at
the F-Type connector interface to provide added protection to your network devices. The power
injector requires a 48-VDC source supplied by Cisco.
Cisco Aironet Power Injector LR for the 1400 Series Bridge

The Power Injector LR converts the standard 10BASE-T and 100BASE-T Ethernet category 5
RJ-45 interface that is suitable for weather-protected areas to a dual F-Type connector interface
for dual coax cables that are more suitable for harsh outdoor environments. While providing a
100BASE-T interface to the Cisco Aironet 1400 Series, the Power Injector LR also provides
power to the unit over the same cables with a power discovery feature that protects other
appliances from damage should they accidentally be connected. As an added benefit to the
installer, Auto MDIX is built in, allowing the dual cables to be swapped and while maintaining
the same functionality. To support longer cable runs from your infrastructure network switch or
router, the Power Injector LR is designed to accommodate 100 m coaxial cable run plus 100 m
of indoor Cat 5 cable, to enable total cable runs up to 200 meters. Lightning and surge
protection is also included at the F-Type connector interface to provide added protection to
your network infrastructure devices.
2-19
2.4-GHz Antennas
This topic describes the various 2.4-GHz antennas available from Cisco.
2.4 GHz Antennas

Compatible with all Cisco RP-TNC-equipped access points
Omnidirectional
2.0 dBi diversity omni
2.2 dBi dipole omni
5.2 dBI diversity omni
5.2 dBi omni (ceiling or mast mount)
12 dBi omni
Directional
6 dBi patch
6.5 dBi diversity patch
9 dBi patch
10 dBi Yagi
13.5 dBi Yagi
14 dBi sector
21 dBi dish
CWLF v1.0m2-16
Every wireless LAN deployment is different. When designing an in-building solution, varying
facility sizes, construction materials, and interior divisions raise transmission and multipath
considerations. When implementing a building-to-building solution, distance, physical
obstructions between facilities, and number of transmission points must be taken into account.
Cisco Aironet 2.4 GHz access point antennas are compatible with all Cisco RP-TNC-equipped
access points. The antennas are available with different gain and range capabilities, beam
widths, and form factors. Coupling the appropriate antenna and access point allows for efficient
coverage in any facility, as well as better reliability at higher data rates as shown in the
following tables.
2-20
Cisco Aironet 2.4 GHz Access Point Antennas with RP-TNC Connectors
Feature
AIR-ANT5959
AIR-ANT2012
AIR-ANT3213
AIR-ANT2410Y-R
Description
Diversity omnidirectional
ceiling mount
Diversity patch
wall mount
Pillar mount diversity

omnidirectional
Yagi mast or wall

mount
Application
Indoor unobtrusive antenna,

best for ceiling mount;
excellent throughput and
coverage solution in high
multipath cells and dense
user population
Indoor/outdoor,
unobtrusive
midrange antenna
Indoor, unobtrusive
midrange antenna
Indoor/outdoor
directional antenna
for use with access
points or bridges
Gain
Two separate 2-dBi

omnidirectional elements;
minimum gain of 2.0,
maximum gain of 2.35
6.5 dBi with two

radiating elements
5.2 dBi with two

radiating elements
10 dBi
Frequency
2.4 GHz
2.4 GHz
2.4 GHz
2.4 GHz
Approximate
Indoor Range
at 6 Mbps*
295 ft (90 m)
418 ft (127 m)
379 ft (121 m)
548 ft (167 m)
Approximate
Indoor Range
at 54 Mbps*
88 ft (27 m)
126 ft (38 m)
114 ft (35 m)
165 ft (50 m)
Beam Width
360H, 80V
80H, 55V
360H, 30V
47H, 55V
Cable Length
3 ft (0.91 m)**
3 ft (0.91 m)**
3 ft (0.91 m)
3 ft (0.91 m)
Dimensions
5.3 x 2.8 x 0.9 in.

(13.5 x 7.1 x 2.3 cm)
4.8 x 6.7 x 0.8 in.

(12 x 17 x 2 cm)
10 x 1 in.
(25.4 x 2.5 cm)
7.25 x 5 in.
(18.4 x 12.7 cm)
Weight
0.3 lb (0.14 kg)
9.6 oz (272 g)
1 lb (454 g)
8 oz (227 g)
2-21
Cisco Aironet 2.4 GHz Access Point Antennas with RP-TNC Connectors (Cont.)
Feature
AIR-ANT1728
AIR-ANT4941
AIR-ANT3549
AIR-ANT1729
Description
Omnidirectional
ceiling mount
2.2-dBi dipole
antenna
Patch wall mount
Patch wall mount
Application
Indoor midrange
antenna, typically hung
from crossbars of drop
ceilings
Indoor
omnidirectional
coverage
Indoor, unobtrusive, longrange antenna (may also

be used as a midrange
bridge antenna)
Indoor/outdoor,
unobtrusive, midrange
antenna (may also be
used as a midrange
bridge antenna)
Gain
5.2 dBi
2.2 dBi
9 dBi
6 dBi
Frequency
2.4 GHz
2.4 GHz
2.4 GHz
2.4 GHz
Approximate
Indoor Range
at 6 Mbps*
379 ft (116 m)
300 ft (91 m)
507 ft (155 m)
403 ft (123 m)
Approximate
Indoor Range
at 54 Mbps*
114 ft (35 m)
90 ft (27 m)
153 ft (47 m)
121 ft (37 m)
Beam Width
360H, 38V
360H, 65V
60H, 60V
75H, 65V
Cable Length
3 ft (0.91 m)
3 ft (0.91 m)
3 ft (0.91 m)
Dimensions
Length: 9 in. (22.9 cm)

Diameter: 1 in. (2.5 cm)
5.5 in. (14 cm)
5 x 5 in. (12.7 x 12.7 cm)
4 x 5 in. (10 x 13 cm)
Weight
4.6 oz (130 g)
1.1 oz (31 g)
5.3 oz (150 g)
4.9 oz (139 g)
* All range estimations are based on an external antenna associating with an integrated Intel
Centrino client adapter under ideal conditions. The distances referenced here are
approximations and should be used for estimation purposes only.
2-22
Cisco Aironet 2.4 GHz Bridge Antennas with RP-TNC Connectors
AIR-ANT2506
AIR-ANT24120
AIR-ANT2414S-R
AIR-ANT1949
AIR-ANT3338
Description
Omnidirectional
mast mount
High-gain
omnidirectional mast
mount
Vertically polarized
sector
Yagi mast mount
Solid dish
Application
Outdoor short-range
point-to-multipoint
applications
Outdoor midrange
point-to-multipoint
applications
Outdoor long range

point-to-multipoint
applications
Outdoor midrange
directional
connections
Outdoor longrange directional

connections
Gain
5.2 dBi
12 dBi
14 dBi
13.5 dBi
21 dBi
Approximate
Range at
2 Mbps*
3.3 miles (5.31 km)
15.81 miles (25.43

km)
16.71 miles (26.89

km)
18.33 miles
(29.49 km)
26.49 miles
(42.62 km)
Approximate
Range at
11 Mbps*
1.66 miles (2.66 km)
7.92 miles (12.75

km)
8.89 miles (14.30

km)
11.19 miles
(18.01 km)
20.1 miles
(32.33 km)
Approximate
Range at
54 Mbps*
.21 miles (.34 km)
1.0 miles (1.6 km)
1.26 miles (2.02 km)
1.41 miles
(2.27 km)
4.46 miles
(7.17 km)
Beam Width
360H, 38V
360H, 7V
90H, 8.5V
30H, 25V
12.4H, 12.4V
Cable
Length
3 ft (0.91 m)
1 ft (0.30 m)
5 ft (1.5m)
3 ft (0.91 m)
2 ft (0.61 m)
Dimensions
Length: 13 in.
(33 cm)
Diameter: 1 in.
(2.5 cm)
Length: 42 in.
(107 cm)
Diameter: 1.5 in.
(3.8 cm)
Length: 36 in.
(91 cm)
Width: 6 in. (15 cm)
Length: 18 in.
(46 cm)
Diameter: 3 in.
(7.6 cm)
Diameter 24 in.
(61 cm)
Weight
6 oz (170 g)
1.5 lb (0.68 kg)
6.5 lb (3 kg)
1.5 lb (0.68 kg)
11 lb (5 kg
* All range estimations are based on use of a BR 1310 access point and the same type of
antenna at each end of the connection under ideal outdoor conditions. The distances referenced
here are approximations and should be used for estimation purposes only.
2-23
5-GHz Antennas
This topic describes the various 5-GHz antennas available from Cisco.
5 GHz Access Point Antennas

3.5 dBi dipole antenna
AIR-ANT5135D
4.5 dBi omnidirectional ceiling mount

AIR-ANT5145V-R
6 dBi omnidirectional antenna

AIR-ANT5160V-R
Diversity patch wall mount

AIR-ANT5170P-R
Patch wall or articulating mast mount

AIR-ANT5170P-R
CWLF v1.0m2-17
Cisco Aironet 5 GHz access point antennas have RP-TNC connectors and are compatible with
Cisco Aironet 1000 Series, 1200 Series, 1230AG Series and 1240 Series access points.
Selection of the appropriate antenna should provide optimal coverage for the desired
application in the 5 GHz frequency band.
2-24
Note
The 1000 series does not support diversity antenna styles.
Note
The 1200 and 1230AG series require the RM22A radio module.
Cisco Aironet 5 GHz access point antennas with RP-TNC connectors
Feature
AIR-ANT5135D-R
AIR-ANT5145V-R
AIR-ANT5160V-R
AIR-ANT5170P-R
AIR-ANT5195PR
Description
3.5-dBi dipole
antenna
4.5-dBi diversity
omnidirectional
ceiling mount
6 dBi omnidirectional
antenna
Diversity patch
wall mount
Patch wall or
articulating
mast mount
Application
Indoor
omnidirectional
coverage
Indoor midrange
antenna
Indoor/outdoor midrange
antenna
Indoor/outdoor
directional wall
mount antenna
Indoor/outdoor
patch antenna
provides different
mounting options
Gain
3.5 dBi
4.5 dBi
6 dBi
7.0 dBi
9.5 dBi
Frequency
5 GHz
5 GHz
5 GHz
5 GHz
5 GHz
Approximate
Indoor
Range at
6 Mbps*
675 ft (206 m)
732 ft (223 m)
822 ft (251 m)
880 ft (270 m)
1030 ft (313 m)
Approximate
Indoor
Range at
54 Mbps*
75 ft (21 m)
82 ft (25 m)
92 ft (28 m)
140 ft (43 m)
170 ft (52 m)
Beam Width
360H, 40E
360H, 50E
360H, 17E
70 H, 50 V
50 H, 43 V
Cable
Length
3 ft (0.91 m)
3 ft (0.91 m)
36" **
36" **
Dimensions
5.3 x 0.6 in.

(13.5 x 1.5 cm)
6.75 x 4.2 in.

(17.1 x 12.7 cm)
12 in. length; 1 in.

diameter
(30.5 x 2.5 cm)
5.7 in. (14.5 cm) x

4.3 in. (10.9 cm) x
0.7 in. (1.8 cm)
5.1 in. (12.9 cm)

x 5.1 in. (12.9
cm) x 1.0 in. (2.5
cm)
11.5 oz (326 g)
5.3 oz (150 g)
8 oz (0.2 kg)
10 oz. (0.2 kg)
Weight
1 oz (28.3 g)
Note
* All range estimations are based on an external antenna associating with an integrated Intel
Centrino client adapter under ideal conditions. The distances referenced here are
approximations and should be used for estimation purposes only.
Note
** The cable provided on noted antennas meets UL 2043 certification for plenum rating
requirements set by local fire codes and supports installation in environmental air spaces
such as areas above suspended ceilings
2-25
2.4 and 5 GHz Access Point and Bridge

Antennas N Style Connectors
Supports
2.4 or 5 GHz radios
1400 Series wireless bridges
1500 Series lightweight outdoor mesh access points
AIR-ANT5175V-N
5 GHz
AIR-ANT2455V-N
2.4 GHz
CWLF v1.0m2-18
Cisco offers antennas that can be used with both the 1400 Series Wireless Bridges and 1500
Series Lightweight Outdoor Mesh Access Points. The antennas, access points and bridges all
utilize a robust N-type connector. Various gains and antenna types are available as shown in the
table.
Cisco Aironet 2.4 GHz and 5 GHz access point and bridge antennas with N-type
connectors
2-26
Feature
AIR-ANT5175V-N
AIR-ANT2455V-N
Description
Omnidirectional
Omnidirectional
Application
Outdoor
Outdoor, direct mount on unit
Gain
7.5 dBi
5.5 dBi
Frequency
4.9-5.8 MHz
2.4 GHz
Beam width
16V
25 V
Cable Length
12"
None
Dimensions
12 in (30.48 cm) x 1 in. (2.54 cm)
12.5 in (31.75 cm) x 1 in. (2.54 cm)
Weight
6 oz (17 kg)
5 oz. (14 kg)
5 GHz External Antenna Options
9 dBi Omnidirectional
360 HB
6 VB
9.5 dBi Sector

HB - 60
VB - 60
28 dBi Dish
HB - 5.7
VB - 6
The supported external antennas connect to the bridge antenna

connector using the antennas 4.9 ft (1.5 m) long coax cable.
CWLF v1.0m2-19
Cisco Aironet 5.8 GHz bridge antennas with N-type connectors

Feature
AIRANT58G9VOA-N
AIRANT58G10SSA-N
AIRANT58G28SDA-N
Description
Omnidirectional
Sector antenna
Dish antenna
Mast mount
Mast mount
Mast mount
Gain
9.0 dBi
9.5 dBi
28.0 dBi
Frequency
5.8 MHz
5.8 MHz
5.8 MHz
Beam Width
360 H, 6 V
60 H, 60 V
5.7 H, 6 V
2-27
Lesson Self-Check
Q1)
Which of the following access points are designed as outdoor access points?
(Choose two.) (Source: Platform Overview)
A)
B)
C)
D)
E)
Q2)
What type of antenna connectors does the 1240AG support? (Choose one.)
(Source: Cisco 1240 AG Access Point)
A)
B)
C)
D)
Q3)
IOS
LINUX
VX Works
LWAPP
The Cisco 1100 series access point can support which of the following operating
systems? (Choose one.) (Source: Cisco Aironet 1100 access point)
A)
B)
C)
D)
2-28
VX Works
IOS
LWAPP
LINUX
The Cisco 1130 series access point supports which of the following operating systems?
(Choose two.) (Source: Cisco Aironet 1130 access point)
A)
B)
C)
D)
Q6)
802.11g only
802.11b and 802.11b/g
802.11a and 082.11b
802.11a and 802.11b/g
The 1200 series access point can be upgraded to dual-band with which of the following
operating systems? (Choose two.) (Source: Cisco Aironet 1200 Series Access Point)
A)
B)
C)
D)
Q5)
N-Style
RP-TNC
TNC
None Internal antenna only
The 1230 AG series access point comes with which combination of radios? (Choose
one.)(Source: Cisco Aironet 1230 AG Series Access Points)
A)
B)
C)
D)
Q4)
1000
1300
1130AG
1240AG
1500
LWAPP
VX Works
IOS
LINUX
Q7)
Which of the following Cisco 1000 series access points can be used as a Remote Edge
Access Point (REAP)? (Choose one.) (Source: Cisco Aironet 1000 access point)
A)
B)
C)
D)
Q8)
Which of the following access points requires a LR2 power injector? (Choose one.)
(Source: Power Requirement for the Cisco Aironet access points)
A)
B)
C)
D)
Q9)
AP1000
AP1200
AP1300
AP1400
The Cisco Aironet 1400 Series Bridge operates in which of the following frequency
bands? (Choose one.) (Source: Cisco Aironet 1400 Series Bridge)
A)
B)
C)
D)
Q13)
Link role flexibility

Dual-band operation
N-style external antenna connectors
Mesh networking
Which of the following access points is highly recommended for 802.11g single band
outdoor use? (Choose 1) (Access Point Comparison)
A)
B)
C)
D)
Q12)
AP1000
AP1200
AP1300
AP1500
Which of the following features is unique to the Cisco Aironet 1500 Series Lightweight
Outdoor Mesh Access Points? (Choose one.) (Source: Cisco Aironet 1500 Series
Access Point)
A)
B)
C)
D)
Q11)
AP1000
AP1200
AP1300
AP1500
Which of the following access points can utilize the Cisco PWRINJ3 power injector?
(Choose one.) (Source: Power Injectors)
A)
B)
C)
D)
Q10)
AP1010
AP1020
AP1030
AP1040
5 GHz UNII-1
5 GHz UNII-2
5 GHz UNII-3
5 GHz ISM
What is the gain of Cisco Aironet 1300 Series access points integrated antenna?
(Choose one.) (Source: Cisco Aironet 1300 Series Bridge)
A)
B)
C)
D)
10 dBi
13 dBi
21 dBi
28 dBi
2-29
Q14)
Which of the following 2.4 GHz antennas has a N-style connector? (Choose one.)
(Source: Cisco Aironet 2.4 GHz antennas)
A)
B)
C)
D)
Q15)
Which of the following 5 GHz antennas has a RP-TNC style connector? (Choose one.)
(Source: Cisco Aironet 5 GHz antennas)
A)
B)
C)
D)
2-30
AIR-ANT2455V-N
AIR-ANT5175V-N
AIR-ANT58G9VOA-N
AIR-ANT58G10SSA-N
AIR-ANT5135D-R
AIR-ANT5175V-N
AIR-ANT58G9VOA-N
AIR-ANT58G10SSA-N

Q1)
B,E
Q2)
Q3)
Q4)
B,C
Q5)
A,D
Q6)
Q7)
Q8)
Q9)
Q10)
Q11)
Q12)
Q13)
Q14)
Q15)
2-31
Summary
Summary
In this lesson we learned the features and functions of each
access point and bridge.
We learned which access points are lightweight or
autonomous only and which ones can support either
function.
We learned the power requirements for the access points and
bridges and the optional power injectors which are available
for some models of access points.
We learned optional antennas available for the Cisco Aironet
access points and bridges.
CWLF v1.0m2-22
In this lesson we learned the features and functions of each access point and bridge. We learned
which access points are lightweight or autonomous only and which ones can support either
function. We learned the power requirements for the access points and bridges and the optional
power injectors which are available for some models of access points. We learned optional
antennas available for the Cisco Aironet access points and bridges.
2-32
Lesson 2
Describing WLAN Client

Adapters
Overview
This lesson describes Cisco Aironet wireless LAN (WLAN) client adapters.
Objectives
Upon completing this lesson, you will be able to identify the best client adapter product. This
ability includes being able to meet these objectives:
Describe the Cisco Aironet a/b/g client adapter product features and functionality
Describe Cisco Wireless IP Phone 7920 product features and functionality
Describe the Cisco Compatible Extensions program
Cisco Aironet 802.11a/b/g Client Adapter

This topic describes the Cisco Aironet a/b/g client adapter product features and functionality.
802.11a/b/g Wireless LAN Client Adapters

802.11a/b/g dual-band client
adapters
54 Mbps in 2.4- and 5-GHz bands
802.11b support provides
investment protection
CardBus and PCI

form factors
Supports Windows XP/2000
CWLF v1.0m2-2
The Cisco Aironet 802.11a/b/g Wireless PCI and CardBus Adapters provide high-performance
54-Mbps connectivity in the 2.4- and 5-GHz bands. Whether configured to support single IEEE
802.11b coverage, single IEEE 802.11g coverage, single IEEE 802.11a coverage, dual-mode
802.11a/g coverage, or tri-mode 802.11a/b/g coverage, the Cisco Aironet 802.11a/b/g Wireless
Client Adapters combine the freedom of wireless connectivity with the performance, security,
and manageability that businesses require. The following describes the two WLAN client
adapters:
2-34
Strong, mutual authentication to help ensure that only legitimate clients associate with
legitimate and authorized network RADIUS servers via authorized access points
Dynamic per-user, per-session encryption keys that automatically change on a configurable

basis to protect the privacy of transmitted data
Stronger encryption keys provided by Temporal Key Integrity Protocol (TKIP)

enhancements such as message integrity check (MIC), per-packet keys via initialization
vector hashing, and broadcast key rotation
RADIUS accounting records for all authentication attempts
IEEE 802.11i Wi-Fi Protected Access 2 (WPA2) Advanced Encryption Standard (AES)
support
Cisco Aironet 802.11a/b/g CardBus Wireless LAN Client Adapter: This 802.11a/b/gcompliant CardBus client adapter is ideal for laptops and tablet PCs. AIR-CB21AG-A-K9
(Federal Communications Commission [FCC] configuration)
Cisco Aironet 802.11a/b/g PCI Wireless LAN Client Adapter: This 802.11a/b/g-compliant
low-profile PCI client adapter is ideal for slim desktop and point-of-sale devices. AIRPI21AG-A-K9 (Federal Communications Commission [FCC] configuration)
Cisco Wireless IP Phone7920

This topic describes Ciscos 7920 Wireless IP Phone product features and functionality.
Cisco Wireless IP Phone 7920

For workers who need to communicate while
moving about their workplace or campus
Same features as Cisco wired IP Phones
802.11b technology
Graphical, menu-driven user interface
Multiline appearance (up to six extensions)
Phone book with speed dials
LEAP security
Auto VLAN configuration and
CallManager registration
Cisco Wireless
IP Phone 7920
CWLF v1.0m2-3
The Cisco Wireless IP Phone 7920 solution enables enterprise users to globally answer
business-critical calls anywhere on a corporate campus.
The Cisco Wireless IP Phone 7920 is equally adaptable for all mobile professionals, from
managers on the move or in an office environment to associates working in the warehouse, on
the sales floor, or in the call center. Nurses, doctors, educators, and IT personnel can also
increase their availability as ever-broadening ranges of industries adopt WLANs.
The solution allows enterprises the flexibility to add coverage and capacity as needed to meet
user needs. Additionally, the Cisco wireless IP communications solution operates seamlessly
with existing Cisco wired IP communications solutions on a single intelligent network.
When combined with the other Cisco IP Phones, the result is a complete range of feature-rich,
flexible, easy to use, and cost-effective communication devices. The following table provides
product specifications for Cisco Wireless IP Phone 7920.
SKU
Description
CP-7920-FC-K9
Cisco Wireless IP Phone 7920/FCC Configurable with Cisco

CallManager or Cisco CallManager Express Station UL
CP-7920-FC-K9
Cisco Wireless IP Phone 7920/FCC Spare
2-35
Cisco Compatible Extensions Program

This topic describes the compatible extensions program.
Cisco Compatible Extensions Program

for WLAN Client Devices
No-cost licensing of technology for use in WLAN adapters and devices
Independent testing to ensure interoperability with Cisco infrastructure
Marketing of compliant products by Cisco and product suppliers under
Cisco Compatible brand
CWLF v1.0m2-4
The Cisco Compatible Extensions Program for WLAN devices provides tested compatibility
with licensed Cisco infrastructure innovations. Compatibility is assured through extensive,
independent testing of third-party devices. The Cisco Compatible Extensions Program enables
the widespread availability of wireless client devices that take advantage of the Cisco Aironet
wireless network, accelerating the availability of innovative features while maintaining
interoperability.
Approved devices are listed at http://www.cisco.com/go/ciscocompatible/wireless and can also
be found by looking for products displaying the Cisco Compatible logo.
2-36
Cisco Compatible Extensions Explained

Laptops
Silicon
Provider
Writes driver
and
integrates
supplicants
Adapter
reference
design
Thirdparty test
facility
executes
test plan
Cisco Compatible
Extensions
reference design
Cisco
Compatible
Extensions
specification
from Cisco
Laptop OEM
Puts reference
design in
device
Specialized
Device Maker
Obtains
adapter,
modifies driver,
and integrates
supplicants
Device
Device
Thirdparty test
facility
executes
test plan
Thirdparty test
facility Passed
Device
executes
test plan
Passed
device
CWLF v1.0m2-5
The WLAN market has grown exponentially as more users demand mobility in and out of the
office. Numerous client devices have been introduced to meet the challenges of device
mobility; these devices must interoperate securely with leading WLAN infrastructures and must
consistently provide the features that organizations require.
With the Cisco Compatible Extensions program, WLAN client suppliers (the program's
participants) license, at no charge, Cisco WLAN technology innovations in a specification.
Participants implement all elements of the specification and undergo extensive testing at an
independent third-party test lab. The testing helps to ensure support for innovative features
pioneered by Cisco Systems, as well as interoperability with Cisco WLAN infrastructure
products.
The Cisco Compatible Extensions program helps to ensure that client devices from a variety of
suppliers can leverage Cisco-based WLANs. To make it easy to find these devices, Cisco has
licensed the Cisco Compatible logo for use by participants whose products pass all tests at the
independent third-party test lab. Locating approved wireless devices is as easy as looking for
the logo. In addition, a complete listing of products that have earned the Cisco Compatible
designation can be found on Cisco.com, at http://www.cisco.com/go/ciscocompatible/wireless
under the link for Cisco compatible devices
The Cisco Compatible logo has recently changed. For a limited time, the former logo will also
be seen on products and collateral. The features and benefits of the program remain the sameonly the logo has changed.
2-37
Cisco Compatible Extensions V1, V2, V3

and V4 Features
V1
V2
V3
V4
NAC (wireless)
EAP-TLS
PEAP-MSCHAP
Security
WEP
PEAP-GTC*
IEEE 802.1X WPA
LEAP*
Cisco TKIP*
WPA2
EAP-FAST
VLANs and
QoS
Multiple
SSIDs/VLA
Ns on AP
Wi-Fi Multimedia
(WMM)
eDCF
U-APSD
TSPEC CAC
Voice metrics
Voice over IP
Mobility and
Management
AP-assisted
roaming
CCKM with LEAP
Proxy ARP
information
element
Single sign on:
LEAP, EAP-FAST
AP-assisted
roaming
CCKM with EAPFAST
AP-assisted
roaming
CCKM with other
EAP types
AP-directed
roaming
Location
Keep Alive
Link test
CWLF v1.0m2-6
Versions and Features

There are four versions of the Cisco Compatible specification: Version 1 (V1), Version 2 (V2),
Version 3 (V3), and Version 4 (V4). Each version builds upon its predecessors. With a few
exceptions, every feature that must be supported in one version also must be supported in each
subsequent version.
The table below lists the primary features of the Cisco Compatible program and, for each, the
version or versions that include the feature.
Several features that are required for laptops are not required for application-specific devices
(ASDs) that are used exclusively or primarily for data applications. Data ASDs include data
capture devices, PDAs, and printers. Voice ASDs include single mode, dual mode and
smartphones. Every feature that is optional for an ASD is represented in the ASD field as
optional. Note that Wi-Fi compliance, WPA, and WPA2 are required for a data ASD if the
Wi-Fi Alliance performs compliance testing for that type of device.
Please note that this summary is not an item by item listing of the specification, but is more an
overview of feature content.
2-38
Standards
v1
v2
v3
v4
ASD
IEEE 802.11x
Wi-Fi compliance
optional
WEP
IEEE 802.1X
Windows Hardware Quality Labs (WHQL) for Windows only
optional
IEEE 802.11i WPA2
optional
Wi-Fi Multimedia (WMM)
X
ASD
Wi-Fi Protected Access (WPA)
Security
v1
v2
v3
v4
WEP
IEEE 802.1X
optional
LEAP
PEAP with EAP-GTC (PEAP-GTC)
EAP-FAST
PEAP with EAP-MSCHAPv2 (PEAP-MSCHAP)
EAP-TLS ASD requires either LEAP, EAP-Fast, or EAP-TLS
Cisco TKIP (encryption)
Wi-Fi Protected Access (WPA): 802.1X + WPA TKIP
With LEAP (ASD requires either LEAP, EAP-Fast, or EAPTLS)
With PEAP-GTC
With EAP-FAST (ASD requires either LEAP, EAP-Fast, or
EAP-TLS)
With PEAP-MSCHAP
With LEAP
With EAP-TLS (ASD requires either LEAP, EAP-Fast, or

EAP-TLS)
IEEE 802.11i WPA2: 802.1X + AES
2-39
With PEAP-GTC
With EAP-FAST
With PEAP-MSCHAP and EAP-TLS
Network Admission Control (NAC)

Mobility
X
v1
AP-assisted roaming
v2
v3
v4
ASD
optional
Fast 802.1X reauthentication via Cisco Centralized Key

Management (CCKM)
With LEAP (ASD requires either LEAP, EAP-Fast, or EAPTLS)
With EAP-FAST (ASD requires either LEAP, EAP-Fast, or
EAP-TLS)
With PEAP-GTC
With PEAP-MSCHAP
With EAP-TLS (ASD requires either LEAP, EAP-Fast, or

EAP-TLS)
Quality of Service (QoS) and VLANs
v1
v2
v3
v4
ASD
Interoperability with APs that support multiple SSIDs and

VLANs
Wi-Fi Multimedia (WMM)

Call Admission Control
Performance and Management
2-40
v2
v3
v4
ASD
RF scanning and reporting
AP-specified maximum transmit power
Facility for migrating from LEAP to EAP-FAST*
See note
1
Single sign on on Windows for LEAP and EAP-FAST
optional
Recognition of proxy ARP information element
Keep Alive
optional
Link Test
optional
v1
UPSD
Voice Metrics
Location
optional
2-41
Lesson Self-Check
Q1)
The Cisco Aironet a/b/g card comes in which two formats? (Choose two.) (Source:
Cisco Aironet a/b/g client card)
A)
B)
C)
D)
Q2)
The Cisco Wireless IP Phone 7920 supports which of the following 802.11 standards?
(Choose one.) (Source: Ciscos 7920 Wireless IP Phone)
A)
B)
C)
D)
Q3)
802.11b
802.11g
802.11a
802.11n
Which version of the Cisco Compatible Extensions program introduced PEAP-GTC?

(Choose one.) (Source: Cisco Compatible extensions program)
A)
B)
C)
D)
2-42
Compact flash
PCMCIA
PCI
CardBus
1
2
3
4

Q1)
C,D
Q2)
Q3)
2-43
Summary
Summary
In this lesson we discussed the Cisco Aironet a/b/g client
adapter product features and functionality, the features and
functions of Ciscos 7920 Wireless IP Phone.
We also discussed the Cisco compatible extensions program
for extending Cisco wireless enhancements to other
manufacturers of client adaptors.
CWLF v1.0m2-8
In this lesson we discussed the Cisco Aironet a/b/g client adapter product features and
functionality, the features and functions of Ciscos 7920 Wireless IP Phone. We also discussed
the Cisco compatible extensions program for extending Cisco wireless enhancements to other
manufacturers of client adaptors.
2-44
Lesson 3
Describing WLAN Network

Management, Control, and
Services
Overview
This lesson describes network management, control, and services available for wireless LANs
(WLANs).
Objectives
Upon completing this lesson, you will be able to match the appropriate feature with the proper
management device. This ability includes being able to meet these objectives:
Describe network management, control and services for the Cisco Unified Wireless
Network
Describe the features and functionality of the Cisco WLAN Controllers
Describes the CiscoWorks Wireless LAN Solution Engine features and functionality
Describes the CiscoWorks Wireless LAN Solution Engine Express features and
functionality
Describes the Cisco Wireless Control System features and functionality
Describe the product features and functionality of the Cisco Wireless Location Appliance
Describe the product features and functionality of the Integrated Service Routers
Describe product features and functionality of the 3200 Series Mobile Router
Describe the purpose and features of the Cisco Secure ACS Solution Engine
Ciscos Network Management

This topic describes network management, control and services for the Cisco Unified Wireless
Network.
Overview of Management Solutions
Core Feature Set

Autonomous Access Points
CWLF v1.0m2-2
Ciscos Unified Wireless Network supports both autonomous and lightweight access point
solutions.
The autonomous solution uses the CiscoWorks Wireless LAN Solution Engine (WLSE) to
provide WLAN management. The WLSE works with the Wireless Domain Service (WDS)
access point to provide Radio Management (RM). The WDS access point works with the Cisco
Secure Access Control Server (ACS) to provide fast secure roaming using Cisco Centralized
Key Management (CCKM).
2-46
Overview of Management Solutions (Cont.)
Advanced Feature Set

Lightweight Access Points
CWLF v1.0m2-3
The lightweight solution uses the Wireless Control Server to provide WLAN management.
The WCS controls the Wireless Service Module (WiSM) in the Cisco Catalyst 6000 platform
and Cisco WLAN controllers which in turn control the lightweight access points via
Lightweight Access Point Protocol (LWAPP). Clients using 802.1X authentication methods
are authorized by the CiscoSecure ACS. In addition, Cisco has developed Proactive Key
Caching (PKC), an extension to the 802.11i standard and precursor to the 802.11r standard that
facilitates secure roaming with AES encryption and RADIUS authentication.
2-47
Cisco WLAN Controllers

This topic describes the features and functionality of the Cisco WLAN Controllers.
Cisco Aironet WLAN Controllers

Scalability
Integrated radio resource
management (RRM)
Zero-configuration
deployment
Multilayered security
Intrusion detection, location,
and containment
Mobility management
Reliability
Intuitive management
interfaces
CWLF v1.0m2-4
The Cisco 2000 Series delivers Cisco's award-winning wireless LAN services to small and
medium-sized enterprise environments. It supports up to six lightweight access points, making
it a cost-effective solution for smaller buildings. With integrated Dynamic Host Control
Protocol (DHCP) services and zero-touch access point configuration, the Cisco 2000 Series is
also ideal for environments with limited onsite IT support, such as branch offices within a
distributed enterprise.
The Cisco 4400 Series Wireless LAN Controller is designed for medium to large size facilities
and is available in two models-the 4402 with two Gigabit Ethernet ports comes in
configurations that support 12, 25, and 50 access points, and the 4404 with four Gigabit
Ethernet ports supports 100 access points. The 4402 provides one expansion slot and the 4404
provides two expansion slots that can be used to add enhanced functionality in the future. In
addition, each 4400 WLAN Controller supports an optional redundant power supply to ensure
maximum availability.
Wireless LAN controllers are also available for the Cisco Catalyst 6500 and Integrated Services
Routers.
2-48
Cisco Wireless Services Module (WiSM)

Wireless LAN Controller for Cisco Catalyst 6500
LWAPP enabled
Deployable in any Cisco Catalyst 6500 series switch
Interoperable with other Cisco Catalyst 6500 Service Modules
Manageable via the Cisco Wireless Control System (WCS)
Supports location services via the Cisco 2700 Wireless Location
Appliance
8 Gbps of wireless throughput
CWLF v1.0m2-5
The Cisco Catalyst 6500 Series Wireless Services Module (WiSM), part number WS-SVCWiSM-1-K9, provides unparalleled security, mobility, redundancy, and ease of use for
business-critical wireless LANs (WLANs). As a Cisco Catalyst 6500 Series module, it delivers
centralized security policies, wireless intrusion prevention system (IPS) capabilities, awardwinning RF management, quality of service (QoS), and Layer 3 fast secure roaming for
WLANs.
The Cisco WiSM is a member of the Cisco Wireless LAN Controller family. It works in
conjunction with Cisco Aironet lightweight access points, the Cisco Wireless Control System
(WCS) and the Cisco Wireless Location Appliance to support mission-critical wireless data,
voice, and video applications. It provides real-time communication between lightweight access
points and other WLAN controllers to deliver a secure and unified wireless solution.
The Cisco WiSM supports interoperability with Catalyst 6500 Series integrated services
modules such as the Firewall Services Module (FWSM), Intrusion Detection Services Module
(IDSM), Network Analysis Module (NAM), and IPSec VPN Services Module (VPNSM).
2-49
WiSM Capacity
Access Points per cluster
3600 (per roaming domain)

1500 (per chassis)
Access Points per Controller or

Module
300
Controllers per cluster
5 Modules per chassis

12 Modules per cluster
Uplink capabilities
Any Catalyst line card interface
Maximum throughput per

controller or module
8 Gbps
Maximum throughput per chassis
720 Gbps aggregate throughput and

400 Mbps data rate via Supervisor
720
Integrated VPN termination option
Cisco VPN Services Module
Firewall integration
Cisco Firewall Services Module
Multiple redundancy
1:1, N+1,
CWLF v1.0m2-6
The Cisco WiSM scales to deliver secure, enterprise wireless access to main, branch, and
remote campuses. It is designed for medium-sized and large enterprise facilities with clustering
capabilities of up to 3600 lightweight access points per roaming domain. It scales to 300
lightweight access points per module with support for 10,000 plus wireless client devices. For
even greater scalability, the Cisco WiSM can be deployed in conjunction with other Cisco
Wireless LAN Controllers.
The Cisco WiSM extends the rich, intelligent network services of the Cisco Catalyst 6500
Series to the wireless edge. It supports interoperability with Catalyst 6500 Series integrated
services modules such as the FWSM, IDSM, NAM, and IPSec VPNSM.
Cisco delivers the highest level of reliability for mission-critical wireless networks. In the event
of an access point failure, the Cisco WiSM automatically adjusts power on adjacent lightweight
access points to cover the area where the failed access point provided service.
The Cisco Catalyst 6500 Series features are extended to wireless users via the Cisco WiSM.
The Cisco Catalyst 6500 Series Supervisor Engine 720's Layer 3 Stateful Switchover (SSO),
coupled with Cisco WiSM automated failover features, maximizes network uptime for wireless
traffic.
The Cisco WiSM supports N+1 and 1:1 redundancy topologies, allowing enterprises to scale
their wireless networks and protect them from both hardware and software disruptions.
N+1 redundancy supports single module failure redundancy for cost-effective WLAN
deployments.
1:1 redundancy supports full redundancy of each active Cisco WiSM in the network. Only the
Cisco WLAN solution allows users to control wireless deployment costs without sacrificing
reliability.
2-50
Catalyst Requirements for WiSM

Requires Supervisor Engine 720
Requires Native IOS software 12.2(18)SXF1
Any Catalyst 6500 Series chassis
Network connectivity via supervisor or line card uplinks
Slot
6503
6504
6506
6509
6513
1-3
5-6
7-8
10-13
WiSM support in 6500 slots

CWLF v1.0m2-7
The WiSM requires a Supervisor 720 module in the Catalyst 6500. It requires native IOS
software version 12.2(18)SXF1 or higher with IP services feature set or higher.
The WiSM can operate in any Catalyst 6500 Series chassis. It is built on a 20-Gbps line card
and has 10 internal Gigabit interfaces. There are no physical interfaces on the WiSM so
network connectivity is achieved either through the Supervisor or line card uplinks.
The slots that support the WiSM are listed in the figure by chassis type.
2-51
CiscoWorks Wireless LAN Solution Engine

This topic describes the CiscoWorks Wireless LAN Solution Engine (WLSE) features and
functionality.

Enhancing security
Rogue access point detection,
location, and suppression
Scan-only access point mode for
Intrusion Detection System (IDS)
Simplifying management
Out-of-the-box access point
deployment
Bulk configuration and upgrades
Real-time client tracking
Increasing wireless LAN

availability
Self-healing wireless LANs
Automatic radio frequency (RF)
optimization
Supports up to 2500 access points
CWLF v1.0m2-8
CiscoWorks WLSE is a centralized network management solution for managing the entire
Cisco Aironet autonomous WLAN infrastructure. As the management component of the Cisco
Wireless Core product feature set, CiscoWorks WLSE provides comprehensive air and radio
frequency (RF) and device-management capabilities in ways that simplify deployment, reduce
operational complexity, and provide administrators visibility into the WLAN. By automating
several RF and device-management tasks, CiscoWorks WLSE reduces the costs and time
needed for WLAN deployment, management, and security.
By using Cisco Aironet access points as air and RF monitors, CiscoWorks WLSE provides
WLAN intrusion detection and protection. As part of the WLAN Intrusion Detection System
(IDS), CiscoWorks WLSE quickly detects, locates, and disables unauthorized (rogue) access
points, helping to ensure that security policies are applied consistently throughout the network.
CiscoWorks WLSE further enhances the security of the WLAN by monitoring for unplanned
(ad-hoc or peer-to-peer) networks, unauthorized WLAN client networks, client spoofing, and
other WLAN attacks that may introduce security openings in the network. These capabilities
can benefit any organization, including those that have not formally deployed WLANs but want
to guard against intruders.
2-52
Note
The WLSE 1130 series can manage 2,500 access points and wireless bridges and up to
5,000 radios if you are using only network management features.
Note
If you are also using radio management features, the WLSE can manage 1,800 access
points and 3,600 radios.
Note
When you are using only network management features, after you have placed 2,500
access points under management, warning messages are displayed each time you add
more devices to the Managed folder. After 2,550 devices are under management, no
additional devices can be placed in the Managed folder. Device discovery continues after
the absolute limit (2,550 access points) is reached, but no additional devices can be placed
under management.
2-53

Express
This topic describes the CiscoWorks Wireless LAN Solution Engine Express features and
functionality.
WLSE Express
Enhancing security
Rogue access point detection, location,
and suppression
Scan-only access point mode for
Intrusion Detection System (IDS)
Simplifying management
Out-of-box access points deployment
Bulk configuration and upgrades
Real-time client tracking
Increasing wireless LAN

availability
Self-healing wireless LANs
Automatic radio frequency (RF)
optimization
Integrated Local Authentication

Service
EAP-FAST
PEAP
EAP-TLS
EAP-Cisco Wireless (LEAP)
CWLF v1.0m2-9
CiscoWorks WLSE Express is the integrated security and management solution for managing
Cisco Aironet autonomous access points located in one or multiple locations. CiscoWorks
WLSE Express can manage up to 50 Cisco Aironet access points or up to 100 Cisco Aironet
access points through an optional license upgrade.
As a management component of the Cisco Core Feature set for enterprise branch and small and
medium-size businesses CiscoWorks WLSE Express provides comprehensive air and RF and
device-management capabilities in ways that simplify deployment, reduce operational
complexity, and provide administrators visibility into the WLAN. By automating several RF
and device-management tasks, CiscoWorks WLSE Express reduces the costs and time needed
for WLAN deployment, management, and security.
By using Cisco Aironet access points as RF air monitors, CiscoWorks WLSE Express provides
WLAN intrusion detection and protection. As part of the WLAN IDS, CiscoWorks WLSE
Express quickly detects, locates, and disables unauthorized (rogue) access points, helping to
ensure that security policies are applied consistently throughout the network. CiscoWorks
WLSE Express further enhances the security of the WLAN by monitoring for ad-hoc networks,
unauthorized WLAN client networks, client spoofing, and other WLAN attacks that may
introduce security openings in the network. These capabilities can benefit any organization,
including those that have not formally operationalized WLANs but want to guard against
intruders.
CiscoWorks WLSE Express also provides an integrated and embedded user authentication and
authorization server, making it an ideal solution for remote branch-office deployments with
limited WAN bandwidth. It supports popular Extensible Authentication Protocol (EAP) types
including Cisco LEAP, Protected EAP (PEAP), EAP Flexible Authentication via Secure
2-54
Tunneling (EAP-FAST), and EAP-Transport Layer Security (EAP-TLS). It supports up to 500

users on the standard CiscoWorks WLSE Express, or up to 1000 users on the license-upgraded
version of CiscoWorks WLSE Express, which supports 100 Cisco Aironet access points.
2-55
Cisco Wireless Control System

This topic describes the Cisco Wireless Control System (WCS) features and functionality.
Cisco Wireless Control System (WCS)

World-Class Network Management
Features
Planning, configuration, monitoring,
location, IDS, and troubleshooting
Hierarchical maps
Intuitive GUI and templates
Policy based networking (QoS, security,
RRM, etc.)
Benefits
Lower OPEX and CAPEX
Better visibility and control of the air
space
Consolidate functionality into a single
management system
CWLF v1.0m2-10
The Cisco WCS is the industry's leading platform for wireless LAN planning, configuration,
and management. It provides a powerful foundation that allows IT managers to design, control,
and monitor enterprise wireless networks from a centralized location, simplifying operations
and reducing total cost of ownership. Cisco WCS is a component of Ciscos Unified Wireless
Network advanced feature set.
With Cisco WCS, network administrators have a single solution for RF prediction, policy
provisioning, network optimization, troubleshooting, user tracking, security monitoring, and
wireless LAN systems management. Robust graphical interfaces make wireless LAN
deployment and operations simple and cost-effective. Detailed trending and analysis reports
make Cisco WCS vital to ongoing network operations.
The Cisco WCS runs on a server platform with an embedded database. This provides the
scalability necessary to manage hundreds of Cisco Wireless LAN Controllers, which in turn
can manage thousands of Cisco Aironet lightweight access points. Cisco wireless LAN
controllers can be located on the same LAN as Cisco WCS, on separate routed subnets, or
across a wide-area connection. All Cisco wireless LAN controller models can be managed by
Cisco WCS including enterprise-class stand-alone wireless LAN controllers such as the 4400
and 2000 Series as well as the Cisco Catalyst 6500 Series Wireless Services Module and the
Cisco Wireless LAN Controller Module for Integrated Services Routers.
The Cisco WCS is available in two product versions:
2-56
Cisco WCS provides central management for Cisco lightweight access points and WLAN
controllers. This includes RF management, mobility management, a centralized policy
engine for security and QoS configuration, intrusion prevention (including rogue access
points), planning and design tools, alarm collection, reporting tools, and other awardwinning wireless LAN management features.
Cisco WCS with location adds high-accuracy location tracking and RF mapping to the
WCS system. This enables IT staff to accurately track mobile devices on (such as wireless
clients) and security threats (such as rogue access points) to within a few meters. This is an
on demand tracking for a single device which provides its current location.
The Cisco WCS minimum requirements include:
Windows 2000 SP4 or greater, Windows 2003 SP1 or greater, or Redhat Enterprise Linux
ES v3.0
Up to 500 access points: 2.4 GHz Pentium with 1 GB RAM
Over 500 access points: Dual Processors (At least 2.4 GHz each) with minimum 2 GB
RAM
20 GB hard drive
The Cisco WCS managed devices include:
Cisco Aironet Lightweight access points
Cisco 2000 Series Wireless LAN Controller
Cisco Catalyst 6500 Series Wireless Services Module
Cisco Wireless LAN Controller Module for Integrated Services Routers
2-57
Cisco Wireless Location Appliance

This topic describes the product features and functionality of the Cisco Wireless Location
Appliance.
Location Tracking Services

First integrated location
solution
Real-time location services
Advanced RF fingerprinting
Simultaneous real-time
tracking 10,000+ devices
API third party applications
RF capacity management
Intuitive management GUI
Cisco 2700 Series Wireless Location Appliance

CWLF v1.0m2-11
By design, the Cisco Wireless Location Appliance is directly integrated into the WLAN
infrastructure to lower customers total cost of ownership and extend the value and security of
the existing WLAN infrastructure by making it location aware. The Cisco Wireless Location
Appliance uses Cisco Wireless LAN Controllers and Cisco lightweight access points to track
the physical location of many wireless devices simultaneously with recorded history to within a
few meters.
The Cisco Wireless Location Appliance uses the same Cisco lightweight access points that
deliver traffic as location readers for 802.11 wireless clients and Wi-Fi tags. These access
points collect received-signal-strength-indication (RSSI) information from all Wi-Fi devices,
including Wi-Fi enabled laptops, voice handsets, Wi-Fi tags, rogue (unauthorized) devices and
rogue access points. The collected RSSI information is then sent through the Lightweight
Access Point Protocol (LWAPP) to the Cisco Wireless LAN Controllers or certain wireless
integrated switches. The Cisco Wireless LAN Controllers then aggregate the RSSI information
and send it to the Cisco Wireless Location Appliance through Simple Network Management
Protocol (SNMP).
Once network maps and access points are added to the appliance, RF predictions and heatmaps
can be generated to graphically display the location of thousands of devices on the site's floor
plans. The Cisco WCS displays its location information visually, providing an immediate
location application for customers who want to enhance their RF capacity management, utilize
location based security and have asset visibility for WLAN devices. This location information
is also available to third-party applications through a Simple Object Access Protocol/Extensible
Markup Language (SOAP/XML) API on the appliance, creating an extensible foundation for a
host of rich location based applications.
2-58
Integrated Services Routers

This topic describes the product features and functionality of the Integrated Service Routers
(ISR).
Cisco Integrated Service Routers with

Wireless Support
Fast, secure mobility - Site-wide Layer 2 mobility

Wireless LAN Controller Module
Local authentication services - up to 1000 wireless
clients
Wireless Domain Service - up to 100 autonomous
access points
Integrated 802.11g access point
CWLF v1.0m2-12
The modular Cisco 1800, 2800, and 3800 series as well as the fixed-configuration Cisco 800
and 1800 series integrated services routers offer the industrys most comprehensive suite of
wireless services to enable productivity enhancements for wireless enterprise branch offices,
small to medium-sized businesses, public WLAN and Wi-Fi hotspots, small remote offices, and
teleworker environments.
The following wireless solutions can be applied to selected models of the Cisco Integrated
Services Router portfolio:
WLAN Connectivity: Integrated 802.11 WLAN access points are supported as an option
with the entire portfolio of integrated services routers, including the Cisco 800 and 1800
series fixed-configuration wireless routers and the Cisco 1800, 2800, and 3800 series
modular routers, each available with a built-in access point or a high-speed WAN interface
card (HWIC) access-point module.
Public WLAN Hotspot: Integrated WLAN access points, access-zone-router (AZR)

services, and Service Selection Gateway (SSG) services provide a comprehensive selection
of routers for Wi-Fi hotspot locations:
Small hotspots requiring a single access point and AZR services can be served by a
single integrated services router with an integrated access point (Cisco 800, 1800,
2800, and 3800 integrated services routers)
Hotspots requiring multiple access points and AZR services or Power over Ethernet
(PoE) can be supported with an integrated services router and Cisco Aironet access
points (Cisco 1800, 2800, and 3800 integrated services routers)
2-59
2-60
Large multiprovider or distributed hotspots (for example, airports) can be supported

with Cisco Aironet access points and an integrated services router with AZR
capabilities and a SSG (Cisco 2800 and 3800 integrated services routers).
Land Mobile Radio (LMR) over IP: LMR-over-IP services, also known as push-to-talk,
are supported on selected integrated services routers (Cisco 2800 and 3800 routers)
significantly expand the scope of push-to-talk radio communications to include remoteaccess and dispatch operations from a variety of communications devices (IP telephones,
analog telephones, cellular telephones, and so on as well as interoperability among
disparate radio systems to enhance productivity and collaboration capabilities for radio
users at:
Enterprises: Corporate security and emergency response services (security guards,

medical technicians), building management and repair services (mail, electrical,
heating, ventilating, and air conditioning [HVAC]), fleet services (trucking,
installation, repair technicians), etc.
Small to medium-sized businesses: Plumbers, electricians, delivery personnel,

construction, and so on.
Public Safety Venues: Police, fire, medical responders, and so on.
Wireless Infrastructure ServicesIntegrated services routers (Cisco 2800 and 3800

series) provide enhanced WLAN survivability and mobility services with Cisco Aironet
access points located at branch offices and remote sites. The SSG helps enable customized
guest access, and the Mobile IP Home Agent feature of Cisco IOS software helps enable
mobility across WLAN and mobile (cellular) networks.
Survivable IEEE 802.1X local authentication capability in the router allows

authentication of up to 1000 wireless clients to the secure wireless network at a
remote site without a separate authentication, authorization, and accounting (AAA)
server or as a backup for the AAA server at headquarters.
WLAN and wired IP telephony support with Cisco CallManager Express (CCME)
and Survivable Remote Site Telephony (SRST).
Customized guest access solutions for large enterprises are enabled with SSG and
the Cisco CNS Subscriber Edge Services Manager (SESM).
The Mobile IP Home Agent helps enable transparent mobility and application
session continuity for mobile users and mobile networks when they roam across IP
network boundaries and different access network types, such as WLAN and mobile
(cellular) 2.5- and third generation (3G) networks. The following table lists the
integrated service routers by model and the number of access points it supports.
Model #
800
Series
1800
Series
1841
2801
2811
2821
2851
3825
3845
Other Routers
Local
Authentication
50
50
50
50
100
100
200
500
1000
Cisco 3745 500

Cisco 3725 250
Cisco 2691 100
Number of
LEAP clients
supported
WDS
Number of
access points
supported
Cisco 2600XM 50
X
10
10
20
50
100
Cisco 374550
Cisco 372525
Cisco 269110
Cisco 2600XM5
2-61
Wireless LAN Controller Module

Cisco 2800 and 3800 Series ISRs
Cisco 3700 Series Routers
Supports up to 6 lightweight
access points
AP1000 Series
AP1130 Series
AP1200 Series
Management: Cisco WCS

Small and medium-sized
business
Enterprise branch office
CWLF v1.0m2-13
The Cisco Wireless LAN Controller Module allows small and medium-sized businesses and
enterprise branch offices to cost-effectively deploy and manage secure WLANs. The module
provides unparalleled security, mobility, and ease of use for business-critical WLANs,
delivering the most secure enterprise-class wireless system available. As a Cisco Integrated
Services Router module, it delivers centralized security policies, wireless intrusion prevention
system (IPS) capabilities, award-winning RF management, QoS, and Layer 3 fast secure
roaming for WLANs. The Cisco Wireless LAN Controller Module manages up to six Cisco
Aironet lightweight access points and is supported on Cisco 2800 and 3800 Series integrated
services routers (excluding Cisco 2801 routers)and Cisco 3700 Series routers.
The Cisco Wireless LAN Controller Module is a member of the Cisco Wireless LAN controller
product family. It works in conjunction with Cisco Aironet lightweight access points, the Cisco
WCS, and the Cisco Wireless Location Appliance to support mission-critical wireless data,
voice, and video applications.
The Cisco Wireless LAN Controller Module provides zero-touch access point deployment and
configuration, making it easy for IT managers to extend secure wireless networks to branch
offices. The Cisco Wireless LAN Controller Module eliminates the need to individually
configure, manage, and monitor each access point. In conjunction with Cisco LWAPP-enabled
access points and the Cisco WCS, the Cisco Wireless LAN Controller Module minimizes
deployment and operational costs, allowing businesses with limited IT staffs to easily deploy
and manage wireless networks across hundreds of remote sites.
The Cisco Wireless LAN Controller Module enables enterprises to create and enforce policies
that support business-critical applications. From voice and data services to location tracking,
the Cisco Wireless LAN Controller Module provides the manageability and performance that
IT managers require to extend their secure enterprise-class 802.11 wireless networks to branch
offices.
2-62
Cisco 3200 Series Wireless and Mobile Routers

This topic describes product features and functionality of the 3200 Series Mobile Router.
Cisco 3200 Series Wireless and Mobile

Routers
Seamless mobility
independent of location
movement or wireless
network
High-performance in a
compact rugged design
for use in vehicles
Advanced IP services
and interoperability with
Cisco IOS software
Optional enclosure
CWLF v1.0m2-14
The Cisco 3200 Series Wireless and Mobile routers are rugged Cisco IOS software routers with
integrated Federal Communications Commission (FCC) licensed 4.9 GHz and 802.11b/g
wireless functionality. With a flexible, compact form factor, they are ideally suited for
integration in vehicles or outdoor environments. The Cisco 3200 Series routers offer secure
data, voice, and video communications across a wide range of different wireless and wired
networks. Standards-based mobile IP delivers transparent roaming for mobile applications, and
Cisco IOS software provides security, manageability, and scalability along with interoperability
between networks while allowing for future network expansions and upgrades.
The Cisco 3200 Series offers public safety, homeland security, and transportation agencies in
cities, as well as defense customers, the following key solution benefits:
robust router in a modular compact design, ideally suited to create mobile networks in
and around vehicles and to build outdoor broadband wireless infrastructure across wide
geographic areas
Standards-based connectivity for a wide range of LAN and WAN wired or wireless links,
including integrated FCC licensed 4.9 GHz and 802.11b/g wireless capabilities, with
upgradeability to future wireless technologies
Always-on wireless access for vehicle networks with easy mobility through mobile IP
regardless of location or movement
Advanced IP services through standards-based Cisco IOS software, offering robust network
security, reliability, QoS, and remote management functions
Optional rugged enclosure from Cisco for in-vehicle deployments
2-63
Cisco Secure ACS Solution Engine

This topic describes the purpose and features of the Cisco Secure Access Control Server (ACS)
Solution Engine.
Cisco Secure ACS and ACS Solutions

Engine
Complete network security solution for
Wired and wireless LAN access
Broadband
Dialup
Storage
Telecommuter/branch access
Centralized user access control (RADIUS)

Centralized device security management control
(TACACS+)
CWLF v1.0m2-15
Cisco Secure ACS provides a centralized identity networking solution and simplified usermanagement experience across all Cisco devices and security-management applications. Cisco
Secure ACS ensures enforcement of assigned policies by allowing network administrators to
control the following:
2-64
Who can log into the network or access to the network.
The privileges each user has in the network.
The accounting information recorded in terms of security audits or account billing.
The access and command controls enabled for each configuration administrator.
Multivendor mix of tools. Medium and large enterprises seldom deploy a single network
management product.
Faults generated by the CiscoWorks WLSE. The CiscoWorks WLSE does not exist in a
management vacuum. All faults generated by the CiscoWorks WLSE can be forwarded to a
centralized event management system like Tivoli NetView or Hewlett-Packard OpenView
as a northbound SNMP trap or syslog notification. This capability allows customers to
leverage the powerful fault- and performance-monitoring feature of the CiscoWorks WLSE
with powerful applications-intelligent event correlation tools.
The competitive advantages of CiscoWorks applications like Campus Manager and

Resource Manager Essentials (RME), which many customers already enjoy. The
CiscoWorks WLSE can be launched from the traditional CiscoWorks desktop and can
share inventory lists (devices plus credentials) with RME.
CiscoSecure ACS and ACS Solutions

Engine (Cont.)
Type support including
EAP-TLS
EAP-FAST
EAP-PEAP
GTC
MSCHAPv2
Available as software or as a dedicated 1-RU

security-hardened appliance
CWLF v1.0m2-16
The Cisco Secure ACS software is available as a dedicated 1-RU security-hardened appliance.
The Cisco Secure ACS software includes support for the following authentication protocols
used by WLANs:
EAP-TLS
EAP-FAST
EAP-PEAP
GTC
MSCHAPv2
2-65
Lesson Self-Check
Q1)
Which of the following is used to provide control of the WLAN in a network using the
advanced feature set? (Choose 1) (Overview)
A)
B)
C)
D)
Q2)
How many lightweight access points can a WiSM module control? (Choose one.)
(Source: Wireless Services Module)
A)
B)
C)
D)
Q3)
50
100
300
500
How many autonomous access points can a WLSE control? (Choose one.) (Source:
Wireless LAN Solutions Module)
A)
B)
C)
D)
1000
150
2000
2500
Q4)
How many autonomous access points can a WLSE express control? (Source: Wireless
LAN Solutions Engine Express)
Q5)
The Cisco WCS can manage which of the following access points? (Choose two.)
(Source: Cisco Wireless Control System)
A)
B)
C)
D)
Q6)
Q7)

The Cisco Wireless Location Appliance provides location information displayed on

which of the following devices? (Choose one.) (Source: Wireless Location Appliance)
A)
B)
C)
D)
Wireless Control System

Wireless LAN Controller
Wireless LAN Solution Engine
Wireless Location Appliance
The Cisco Wireless LAN Controller Module can control how many lightweight access
points? (Choose one.) (Source: Cisco Integrated service Routers with Wireless
Support)
A)
B)
C)
D)
2-66
WCS
WLSE
WDS AP
Location Manager
6
12
24
48
Q8)
The Cisco 3200 Series Mobile router has wireless modules for which non 802.11
frequency? (Choose one) (Source: Cisco 3200 Series Mobile router)
A)
B)
C)
D)
Q9)
900 MHz
1.9 GHz
4.9 GHz
5.8 MHz
List the five EAP types supported by the CiscoSecure ACS. (List five.)
2-67
2-68
Q1)
Q2)
Q3)
Q4)
100
Q5)
Lightweight
Q6)
Q7)
A,C
Q8)
Q9)
EAP-Cisco Wireless (LEAP), EAP-TLS, EAP-FAST, EAP-PEAP (GTC), EAP-PEAP(MSCHAPv2)
Summary
Summary
In this lesson we discussed the features and
functions of the following Cisco Wireless Products:
Cisco Wireless Services Module (WiSM)
CiscoWorks Wireless LAN Solution Engine (WLSE)
CiscoWorks Wireless LAN Solution Engine Express
Cisco Wireless Control System (WCS)
Cisco Wireless Location Appliance
Cisco Integrated Services Routers
Cisco 3200 Series Mobile Router
CiscoSecure ACS Solution Engine
CWLF v1.0m2-18
2-69
2-70
Lesson 4
Introducing Access Point

Enterprise-Class Features
Overview
This lesson introduces access point features.
Objectives
Upon completing this lesson, you will be able to describe the importance of various WLAN
features. This ability includes being able to meet these objectives:
List the software support features of all Cisco Aironet access points
Describe the security features of all Cisco Aironet access points
Describe the VLAN features of Cisco Aironet access points
Describe the importance of quality of service features for voice, video, and e-mail
Software Support
This topic describes the software support features of all Cisco Aironet access points.
Software Support for Core WLAN Products

using Autonomous Access Points
IOS
Wireless Domain Service (WDS)
Virtual LAN (VLAN)
Mobility
Wireless LAN Context Control Protocol (WLCCP) for
radio monitoring and management
Quality of service (QoS)
CWLF v1.0m2-2
Cisco IOS software: Cisco Aironet products leverage the same Cisco IOS software that powers
Cisco switches and routers, enabling customers to extend common services, management tools,
and interfaces across their wired and wireless networks.
Wireless Domain Service (WDS): WDS is a collection of Cisco IOS software features that
enhance WLAN client mobility and simplify WLAN deployment and management. WDS
includes aggregation of air and RF measurements. All access points in a subnet detect and
securely register, via IEEE 802.1X, with the WDS. The WDS aggregates client and access
points RF measurements for RF managed services such as rogue access point detection,
interference detection, and assisted site surveys. The currently supported WDS feature set
includes fast secure roaming for layer 2 and 802.1X local authentication.
Virtual LAN (VLAN) Support: Allows segmentation of up to 16 user groups, creating
increased system flexibility by allowing differentiation of LAN policies and services, such as
security and QoS, for different users.
Mobility: For the autonomous access points, fast 802.1X reauthentication is dependent on
Cisco Centralized Key Management (CCKM), a protocol for key management. When Cisco
Centralized Key Management is used by both the 802.1X authenticator (typically the access
point or a local network device with which the access point interacts) and the client, 802.1X
reauthentication does not involve the authentication server, and the number of messages is
reduced greatly. The result is 802.1X reauthentication in a few milliseconds.
Wireless LAN Context Control Protocol (WLCCP): Protocol used by the Cisco Works
Wireless LAN Solution Engine (WLSE) to authenticate with a device that provides WDS to the
wireless LAN network.
Quality of Service (QoS): QoS refers to the capability of allocating shared network resources
in such a way that selected network traffic, such as that for voice and multimedia applications,
and receives better service.
2-72
Software Support for Advanced WLAN

Products
Lightweight Access Point Protocol (LWAPP)
Cisco Split MAC design
Dynamic RF management
Layer 3 connectivity with REAP
Mobility
QoS and VLANs
CWLF v1.0m2-3
Lightweight Access Point Protocol (LWAPP) standardizes the communications protocol

between access points and WLAN systems (controllers, switches, routers, and so on.). When
LWAPP was first introduced to the WLAN industry in 2002, it revolutionized the way wireless
LAN (WLAN) deployments were managed with the concept of a "split MAC" the ability to
separate the real-time aspects of the IEEE 802.11 protocol from most of its management
aspects. In particular, real-time frame exchange and certain real-time portions of MAC
management are accomplished within the access point, while authentication, security
management, and mobility are handled by WLAN controllers.
Dynamic, system-wide radio frequency (RF) management, including a host of features for
smooth wireless operations, such as dynamic channel assignment, transmit power control, and
load balancing.
Remote Edge Access Point (REAP) capabilities allow the lightweight access point to be
deployed remotely from the wireless LAN controller making it ideal for branch office and
small retail locations.
Mobility: End users need uninterrupted network access when roaming across access points
(within and between subnets). Ciscos WLAN solution delivers the following:
Secure Layer 2 and Layer 3 roaming
Follow-me VPNs, which enable clients to maintain VPN tunnels when roaming
Proactive Key Caching (PKC), helping to ensure fast, scalable roaming in 802.11i
environments
Context transfer of security and QoS policies, allowing users identities to follow them as
they roam
Wireless without boundaries both indoors and outdoors
Multiple VLANs can be assigned to individual access points each with its own quality of
service (QoS) policies.
2-73
Lightweight AP Protocol (LWAPP)

LWAPP encapsulated control traffic between access point and controller
Control traffic encrypted via AES-CCMP
LWAPP encapsulated data traffic between access point and controller

Data is non-encrypted and switched at WLAN controller
VLAN tagging and QoS applied at WLAN controller
WLAN Controller
Self-signed
X.509
Certificates
Access point
Rogue access point
A unknown access point will not be able to spoof a Cisco access point since a X.509
certificate is used to set up the connection and encryption keys are dynamically set and
rotated
CWLF v1.0m2-4
The LWAPP is used to encrypt and secure control traffic between the access point and
controller. UDP control messages are encrypted with an X.509 certificate using Advanced
Encryption Standard (AES) encryption algorithm using Counter Mode with Cipher Block
Chaining Message Authentication Code Protocol (CCMP). Data traffic is not encrypted in
LWAPP.
2-74
Cisco Split MAC Design

Cisco WLAN controller
Security policies
QoS policies
RF management
Decryption upstream
Cisco Lightweight Access

Point
Switch/Routed
Network
P
AP
LW
Mobility management
Remote RF interface
Encryption downstream
Decryption upstream
CWLF v1.0m2-5
Split MAC design allows the splitting of 802.11 protocols between the Cisco Aironet
Lightweight access point which handles real-time portions of the protocol and the WLAN
controller which handles those items which are not time sensitive.
The access point handles the portions of the protocol that have real-time requirements, which
includes:
The frame exchange handshake between a client and access point when transferring a
frame over the air
The transmission of beacon frames
The buffering and transmission of frames for clients in power save operation
The response to probe request frames from clients
Forwarding notification of received probe requests to the controller
Providing real-time signal quality information to the controller with every received frame
Monitoring each of the radio channels for noise, interference and other WLANs,
Monitoring for the presence of other access points
Encryption and decryption except in the case of virtual private network (VPN) or IPSec
clients
All remaining functionality is handled in the Cisco WLAN controller, whereby time-sensitivity
is not a concern, and controller-wide visibility is required.
Some of the MAC-layer functions provided in the WLAN controller include:
802.11 authentication
802.11 association and reassociation (mobility)
802.11 frame translation and bridging
2-75
Dynamic RF Management
Channel assignment
Management
Transmit power adjustment

Interference avoidance
Control
Coverage hole
management
Data
Load balancing
Capacity management
Cisco WLAN controllers
LWAPP
Cisco Access Points

RF Domain
CWLF v1.0m2-6
Real-time RF management is the key to the Cisco lightweight wireless solution, and a unique
product differentiator. The Cisco Wireless LAN Controller uses dynamic algorithms to create
an environment that is completely self-configuring, self-optimizing, and self-healing, making
Cisco WLANs ideal for the delivery of secure and reliable business applications. This is done
via the following specific Radio Resource Management (RRM) functions:
2-76
Radio resource monitoring
Dynamic channel assignment
Interference detection and avoidance
Dynamic transmit power control
Coverage hole detection and correction
Client and network load balancing
Dynamic Channel Assignment and

Transmit Power Optimization
RF channel 1
RF channel 6
RF channel 11
CWLF v1.0m2-7
The Cisco Wireless LAN Controller examines a variety of real-time RF characteristics to

efficiently handle channel assignments. These include:
Access point received energy
Noise
802.11 interference
LAN controller may choose to avoid this channel
Utilization
Client load
The Cisco Wireless LAN Controller combines the RF characteristic information with intelligent
algorithms to make system-wide decisions. Conflicting demands are resolved using soft
decision metrics that guarantee the best choice for minimizing network interference. The end
result is the optimal channel configuration in a three-dimensional space, where access points on
the floor above and below play a major factor in an overall WLAN configuration.
Proper access point transmit power settings are essential for smooth WLAN operations. This is
also required for network redundancy and helping to ensure real-time failover in the event of
access point loss.
The Cisco Wireless LAN Controller is used to dynamically control access point transmit power
based on real-time WLAN conditions. In normal instances, power can be kept low to gain extra
capacity and reduce interference. The Cisco lightweight solution will attempt to balance access
points such that they see their neighbors at -65 dBm, based on best practices experience.
If a failed access point is detected, power can be automatically increased on surrounding access
points to fill the gap created by the loss in coverage. WLAN solutions that only allow for static
configuration of transmit power are severely limited in their ability to support dynamic network
requirements.
2-77
Client Roaming and

Dynamic Load Balancing
CWLF v1.0m2-8
WLAN capacity is only effective if clients can be load-balanced in such a way that they take
advantage of this capacity. Unfortunately, not all clients are able to make their own decisions
on this front, even if it would result in better performance. For example, all users in a
conference room can associate with a single access point due to its close proximity, ignoring
other access points that are farther away but much less utilized.
The Cisco Wireless LAN Controller provides a centralized view of client loads on all access
points. This can be used to influence where new clients attach to the network. In addition, if set
up to do so, the Cisco lightweight wireless solution can proactively herd existing clients to new
access points to improve WLAN performance. This results in a smooth distribution of capacity
across an entire wireless network.
2-78
Security
This topic describes the security features of all Cisco Aironet access points.
Security Suite
IEEE 802.11i
Supports the Wi-Fi Alliance security certifications
Wi-Fi Protected Access (WPA)
Wi-Fi Protected Access 2 (WPA2)
IEEE 802.1X
Data encryption:
Advanced Encryption Standard (AES) (IEEE802.11i/WPA2)

Temporal Key Integrity Protocol (TKIP) (WPA)
Wired Equivalent Privacy (WEP) (802.11)
Static WEP (40/64 and 104/128 bit keys)
Mitigates active and passive network attacks

Integrates with the Cisco Self-Defending Network
CWLF v1.0m2-9
The Cisco Wireless Security Suite includes:
Based on the IEEE 802.1X standard for port-based network access, the Cisco Wireless
Security Suite takes advantage of the Extensible Authentication Protocol (EAP) framework
for user-based authentication. This solution also supports Wi-Fi Protected Access (WPA),
the new Wi-Fi Alliance specification for interoperable, standards-based wireless LAN
security.
The Cisco Wireless Security Suite interoperates with a range of client devices. It supports
most 802.1X authentication types, including Extensible Authentication Protocol-Flexible
Authentication via Secure Tunnel (EAP-FAST), Extensible Authentication Protocol-Cisco
Wireless (LEAP), Extensible Authentication Protocol-Transport Layer Security (EAP-TLS)
and types that operate over EAP-TLS, such as Protected Extensible Authentication Protocol
(PEAP), EAP-Tunneled TLS (EAP-TTLS) and EAP-Subscriber Identity Module (EAPSIM). A wide selection of RADIUS servers, such as the Cisco Secure Access Control
Server (ACS), can be used for enterprise-class centralized user management that includes:
Strong, mutual authentication to ensure that only legitimate clients associate with
legitimate and authorized network RADIUS servers via authorized access points
Dynamic per-user, per-session encryption keys that automatically change on a

configurable basis to protect the privacy of transmitted data
2-79
Virtual LAN Support

This topic describes the VLAN features of Cisco Aironet access points.
Wireless Virtual LAN (VLAN) Support

Multiple SSIDs
Multiple security types
Supports multiple
VLANs from switches
VLAN 100
Guest access
No central security
Broadcasting SSID: Guest
IEEE 802.1Q trunking

protocol
VLAN 103
802.1X security
SSID: QOS
VLAN 101
Specialized user
Static WEP
Not broadcasting
SSID: static
VLAN 102
Corporate user
802.1X security
SSID: secure
CWLF v1.0m2-10
Core Product Support

VLAN support allows segmentation of up to 16 user groups, creating increased system
flexibility by allowing differentiation of LAN policies and services, such as security and QoS,
for different users. The IOS access points utilize IEEE 802.1Q trunking protocol between the
access point and the switch or router.
Advanced Products
Each Cisco Wireless LAN Controller can support up to 512 VLAN instances.
The Cisco Wireless LAN Controller can control up to 16 wireless LANs for each lightweight
access points. Each wireless LAN has a separate wireless LAN ID (1 through 16), a separate
wireless LAN SSID (wireless LAN name), and can be assigned unique security policies.
The Cisco lightweight access points broadcast all active Cisco WLAN solution wireless LAN
service set identifier (SSID)s and enforce the policies defined for each wireless LAN.
Note
2-80
Cisco recommends that you assign one set of VLANs for wireless LANs and a different set
of VLANs for Management Interfaces to ensure that controllers properly route VLAN traffic.
Quality of Service
This topic describes the importance of quality of service features for voice, video, and e-mail.
Wi-Fi Multimedia (WMM) is a Wi-Fi Alliance definition of QoS. It is a subset of IEEE

802.11e, the draft IEEE standard for QoS.
QoS refers to the capability of allocating shared network resources in such a way that selected
network traffic, such as that for voice and multimedia applications, and receives better service.
With QoS, time-sensitive multimedia and voice application traffic receives a higher priority,
greater bandwidth, and less delay than best-effort data traffic. With QoS, network managers can
manage bandwidth more efficiently across LANs and WANs and even establish service-level
agreements with their network users that include:
QoS provides enhanced and predictable network service by:
Supporting dedicated bandwidth for critical users and applications
Controlling jitter and latency (required by real-time traffic)
Managing and minimizing network congestion
Shaping network traffic to smooth the traffic flow
Setting network traffic priorities
2-81
Lesson Self-Check
Q1)
Which protocol is used for autonomous access points for radio monitoring and
management? (Choose one.) (Source: Software Support)
A)
B)
C)
D)
Q2)
Which protocol supports split MAC operation for Ciscos Wireless Advanced
Products? (Choose one.) (Source: Software Support)
A)
B)
C)
D)
Q3)
CCKM
LWAPP
WLCCP
SNMP
WPA2 requires the support of which of the following encryption algorithms? (Choose
one.) (Source: Security)
A)
B)
C)
D)
WEP
TKIP
CKIP/CMIC
AES
Q4)
The Cisco Wireless LAN controller can support up to ______ VLANs per lightweight
access point. (Source: VLANS)
Q5)
WMM is a subset of which of the following 802.11 standards? (Choose one.) (Source:
Quality of Service)
A)
B)
C)
D)
2-82
CCKM
LWAPP
WLCCP
SNMP
802.11c
802.11e
802.11h
802.11n

Q1)
Q2)
Q3)
Q4)
16
Q5)
2-83
Summary
Summary
In this lesson, we discussed the software features in both the
core products and the advanced products.
In the core products, we discussed the IOS operating system,
VLANs, WDS, CCKM, and WLCCP.
In the advanced products we discussed LWAPP and Ciscos
Split MAC Architecture, Dynamic RF Management, REAP,
and Mobility.
We also discussed security, VLAN support and QoS features
that are supported across the entire wireless product line.
CWLF v1.0m2-13
In this lesson, we discussed the software features in both the core products and the advanced
products. In the core products, we discussed the IOS operating system, VLANs, WDS, CCKM,
and WLCCP. In the advanced products we discussed LWAPP and Ciscos Split MAC
Architecture, Dynamic RF Management, REAP, and Mobility. We also discussed security,
VLAN support and QoS features that are supported across the entire wireless product line.
2-84
Module Summary
Module Summary
In this module, the detailed technical features, functions and
benefits of the WLAN product offerings available from Cisco
were discussed.
The key features of Wireless LAN Access Points, Bridges,
Antennas and Accessories were described.
WLAN Clients and from Cisco and Cisco Compatible Clients
were described.
WLAN Network Management, Control, and Services features
and functions were discussed.
Access Point Enterprise-Class Features such as software
support, security, virtual LAN support, and quality of service
were described.
CWLF v1.0m2-1
In this module, the detailed technical features, functions and benefits of the WLAN product
offerings available from Cisco were discussed. Specifically, the key features of Wireless LAN
Access Points, Bridges, Antennas and Accessories were described. The WLAN Clients and
from Cisco and Cisco Compatible Clients were described. WLAN Network Management,
Control, and Services features and functions were discussed. And Access Point EnterpriseClass Features such as software support, security, virtual LAN support, and quality of service
were described.
1-85
1-86
Module 3
Wireless Bridges
Overview
This module explores the concept of using wireless devices to create a Layer 2 bridge.
Module Objectives
Upon completing this module, you will be able to define concepts and describe considerations
for deploying wireless bridges. This ability includes being able to meet these objectives:
Select the appropriate wireless bridge model and describe how it offers a better solution
than other alternatives
List the features and functions of the supported roles
Determine the feasibility of these locations and make recommendations for changes where
needed
3-2
Lesson 1
Using Wireless Bridges and

Alternatives
Overview
This lesson introduces the concept of using wireless bridges to connect one or more WLANs.
Objectives
Upon completing this lesson, you will be able to select the appropriate wireless bridge model
and describe how it offers a better solution than other alternatives. This ability includes being
able to meet these objectives:
Identify and describe various wireless bridges and alternatives
Describe the 1300 Series wireless bridge product performance and deployment
Define available channels and maximum power levels for each antenna
Describe the 1400 Aironet Series Access Point and Bridge product performance and
deployment
Define available channels and maximum power levels for each antenna
Describe deployment scenarios for the 1300 and 1400 series bridges
Wireless Bridges and Bridge Alternatives

This topic identifies and describes various wireless bridges and alternatives.
Bridging Defined
Networked
Networked through
through
wireless
wireless bridges
bridges
CWLF v1.0m3-2
In a dynamic business environment, the most successful organizations will be the ones that are
most adaptive to change. As offices open and close, merge and consolidate their operations, and
expand into new markets, organizations must modify their networks accordingly to keep up
with the latest business changes. Extending the network to outdoor locations, new buildings
over long distances, or even across a street can be especially challenging.
Business does not happen just indoors, as wireless LAN (WLAN) devices proliferate, the need
to provide them connectivity extends outdoors. Applications such as hot spots, outdoor
surveillance, outdoor inventory control, or outdoor baggage handling all stretch the need for
WLAN access. Also, it is not just providing access to client devices, remote networks need to
be connected as well. These networks could be in remote buildings, or mobile networks that are
located outside. These applications can be deployed cost-effectively with equipment designed
specifically for these environments.
Wireless bridges are typically used to connect two or more networks together. These networks
are typically located in buildings that lie within a few miles of each other. This is the most
common use for a wireless bridge, but there are other uses as well. The Cisco Aironet 1400
Series Wireless Bridge is used for bridging purposes only, and it does not communicate with
clients.
Link role flexibility released with Cisco IOS software release 12.3(7)J1 provides both access
point and bridge functions through configuration of each radio as an access point, repeater, root
bridge, non-root bridge, or workgroup bridge. This array of configuration flexibility enables
Cisco Aironet 1300, 1230, and 1240 Series Access Points to address several bridging
applications.
3-4
Cisco Aironet bridges operate at the MAC address layer (data link layer), which means they
have no routing capabilities. A router must be put in place if IP subnetting is needed within the
network.
The Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access Point is cable of both pointto-point and point-to-multipoint bridging, but is primarily intended for Mesh networking.
Wireless Bridges
3-5
Typical Bridge Scenarios

Root
Non-root
Root
Non-root
Point-to-Point
Point-to-Multipoint
Non-root
Non-root
CWLF v1.0m3-3
Cisco Aironet bridges can be configured to operate in many different modes. By operating a
wireless bridge in access point (AP) mode, wireless networks can be built that will support a
number of end users in separate locations. This is the function of the role in radio network
parameter. The 1400 Series Bridges only support two roles in the radio network which includes
root radio or non-root radio.
Note
3-6
In each scenario there is only one root bridge.
1500 Series Bridging Capabilities

Point-to-Point
Controller
PAP
RAP
Rooftop Access
Point (RAP)
Poletop Access
Point (PAP)
Point-to-Multipoint
PAP
Controller
RAP
PAP
CWLF v1.0m3-4
Rooftop Access Points (RAPs): This access point is connected to the wired network, and
serves as root or gateway to the wired network.
Poletop Access Points (PAPs): The PAPs are the remote access points or non-root.
Note
The 1500 Series Meshing Access Point will be covered in the Mesh Networking module.
Wireless Bridges
3-7
Wireless Bridge Alternatives
Medium
Phone lines
Cable/digital
subscriber line
(DSL)
Drawbacks
Recurring costs
56K, E1, T1
Fiber
Microwave
Installation
costs
Installation
costs
Installation
costs
Licensing
required
Reliability, speed,
recurring cost
Recurring cost
Physical barriers
may preclude
High cost
CWLF v1.0m3-5
Cisco Aironet bridges offer many advantages over other more costly alternative connections.
Some alternatives include T1 lines, cabling, and microwave connections.
A T1 line typically costs from $200 to over $1,000 per month. For a site with four buildings,
the cost could be anywhere from $10,000 to $36,000 per year. If such sites were connected via
Cisco Aironet bridges, the payback for the hardware costs incurred could actually be realized in
less than a single year.
In some cases where T1 is not available, or the buildings are located on the same property, an
underground cable could be installed. Trenching today can cost over $100 per foot, depending
upon the task. To connect three buildings located 1000 feet from each other could cost more
than $200,000.
Another popular option for smaller businesses may be a cable or digital subscriber line (DSL)
modem. This solution sometimes offers faster download speeds, but slower upload speeds.
Reliability is often an issue. Users are often forced to share connections with other nearby
businesses, sometimes causing a sacrifice in speed.
With microwave, a U.S. Federal Communications Commission (FCC) license is required. The
cost of the equipment is typically over $10,000 per site, not including installation items. In
heavy fog, rain, or snow, performance is questionable. Multipoint connections are usually not
possible.
3-8
Emerging Markets Bridging

Wireless building-to-building bridges
Connect separate LANs at high speed
No tariff, no recurring fee
E1, T1 alternative
High-speed Internet access (ISP)
Educational campuses
International markets
Developing countries
Alternative to wired data infrastructure
Rapid deployment with lower cost
CWLF v1.0m3-6
Bridging has quickly become one of the most popular uses of wireless networks. This is partly
due to the ease of installation and setup. But it is also due to the variety of emerging markets
where WLAN bridging can be applied. Outdoor wireless products are useful in many situations
to include:
Campus environments, such as hospitals, schools, universities, and corporations
Facilities with harsh environments (manufacturing, warehouse, and so on)
Temporary network installations
Internet Service Providers (ISP)
Backup of alternative connections
Developing countries, where alternative solutions may not be available
Airports, shipyards, and harbors
Wireless Bridges
3-9
1300 Series Wireless Bridge

This topic describes the 1300 Series Wireless Bridge product performance and deployment.

Point/Bridge
Typical applications are:
Network connections within a
campus area
Outdoor infrastructure for
mobile networks and users
Public access for outdoor
areas
Temporary networks for
portable or military
operations
CWLF v1.0m3-7
The Cisco Aironet 1300 Series provides high-speed and cost effective wireless connectivity
between multiple fixed or mobile networks and clients. Building a metropolitan area wireless
infrastructure with the Cisco Aironet 1300 Series provides deployment personnel with a
flexible, easy to use solution that meets the security requirements of wide area networking
professionals. Typical applications for the Cisco Aironet 1300 Series Outdoor Access
Point/Bridge include:
3-10
Network connections within a campus area
Outdoor infrastructure for mobile networks and users
Public access for outdoor areas
Temporary networks for portable or military operations

Point/Bridge - High Performance
Transmit power - 100 mW (IEEE 802.11b); 30 mW
(IEEE 802.11g)
Data rates: 1 thru 11 and 6 to 54 Mbps
Throughputs in excess of 28 Mbps
24 voice over IP (VoIP) circuits trunked over point-topoint links
100 km/hr at 12 and 24 Mbps with 128 byte packets @
1%PER
Designed to vehicle, train, and maritime
transportation specifications
CWLF v1.0m3-8
The Cisco Aironet 1300 Series supports the IEEE 802.11b and IEEE 802.11g standards, and
provides data rates of 54-Mbps. Cisco makes the maintenance and installation of the Cisco
Aironet 1300 Series easy by integrating it with your wired network via the Cisco Core Feature
set WLAN solution. Based on Cisco IOS operating system, the Cisco Aironet 1300 Series
provides advanced features such as fast secure Layer 2 roaming, quality of service (QoS), and
virtual LANs (VLAN)s.
The key performances of the Cisco Aironet 1300 Series are as follows:
Maximum transmit power of 100 milliwatt (mW) for 802.11b and 30 mW for 802.11g
Data rates of 54-Mbps in the 2.4 GHz band
Range of 20 miles (32 kilometers [km]) at 11-Mbps
Aggregate throughputs approaching 28-Mbps
For vehicle installed deployments, over 100 km per hour speeds at 12- and 24-Mbps with
128 byte packets at 1 percent Packet Error Rate (PER)
Security with support for Wi-Fi Protected Access Two (WPA2) and Advanced Encryption
Standard (AES) encryption
Wireless Bridges
3-11

Point/Bridge - High Performance (Cont.)
Operating temp range: - 30 to + 55 degrees Celsius,
humidity 0 to 100%
Wide DC power input range allowing a variety of
power supply options
Withstands harsh environmental conditions
Built in digital thermometer controls up to 85 degrees Celsius
ambient- radio off and on
3-12
CWLF v1.0m3-9
Wide operating temperature range of 22 degrees Fahrenheit to 131 degrees Fahrenheit (-30
degrees Celsius to 55 degrees Celsius), Humidity 0 to 100 percent
Support for antenna diversity
Supports QoS for trunking in excess of 24 voice over IP (VoIP) circuits and data over
point-to-point links.
Wide DC power-input range allowing a variety of power-supply options such as solar

power or vehicle power (+10- to +48-volts direct current [VDC])
Engineered specifically for harsh outdoor environments, yet also capable of indoor
deployments, the Cisco Aironet 1300 Series is ideal for WLANs requiring external access
points. There is a digital thermometer inside the Cisco Aironet 1310 Series Bridge. When
the internal ambient gets to 85 degrees Celsius (185 degrees Fahrenheit), IOS shuts off the
radio in an attempt to lower internal ambient temp. Once the temp gets back to 82 degrees
Celsius, the radio is turned back on.

Point/Bridge - High Performance (Cont.)
Point-to-point range *
1.3 miles @ 54 Mbps (13 dBi captive antenna)
4.5 miles @ 54 Mbps (21 dBi external antenna)
9.5 miles @ 11 Mbps (13 dBi captive antenna)
Point-to-multipoint range
1.1 miles @ 54 Mbps (12 dBi omni / 13 dBi captive)
9.5 miles @ 11 Mbps (12 dBi omni / 21 dBi external antenna)
*: In FCC configuration
CWLF v1.0m3-10
The Cisco Aironet 1300 Series performance capabilities are as follows:

Point-to-point range
1.3 miles @ 54 Mbps (13-dBi captive antenna)
4.5 miles @ 54 Mbps (21-dBi external antenna)
9.5 miles @ 11 Mbps (13-dBi captive antenna)
Point-to-multipoint range
1.1 miles @ 54 Mbps (12-dBi omnidirectional and 13 dBi captive)
9.5 miles @ 11 Mbps (12-dBi omnidirectional and 21 dBi external antenna)
Note
The distances referenced here are approximations and should be used for estimation
purposes only.
Wireless Bridges
3-13
1300 Series Outdoor Channels and Power Levels

This topic defines available channels and maximum power levels for each antenna.
Cisco Aironet 1300 Series Outdoor

AP/Bridge- Channels Approved by Domain
Frequency
Americas (-A)
EMEA (-E)
Japan (-J)
Channel ID
(MHz)
CCK
OFDM
CCK
OFDM
CCK
2412
*OFDM
X
2417
X
X
2422
2427
2432
X
X
2437
2442
2447
2452
10
2457
11
2462
12
2467
13
2472
14
2484
20
10
10
10
Max Pwr (mW)
100
30
CWLF v1.0m3-11
Different countries have different regulatory bodies and may have as many as 13 channel sets
available. In some countries, this may mean that the number of nonoverlapping channels is
reduced to one, and an aggregate data rate of 33 Mbps may not be possible.
Japan has not approved Orthogonal Frequency Division Multiplexing (OFDM) for channel 14.
Channel 14 requires a special filtering bit set on the physical radio interface which allows the
spectrum to meet Japans spread rule of 10:1
The following website gives an up-to-date listing of the countries that belong to each regulatory
domain (regulatory domain information may change):
http://www.cisco.com/warp/public/779/smbiz/wireless/approvals.html
3-14
Cisco Aironet 1300 Series Outdoor

AP/Bridge- Power Levels vs. Antenna Gains
AIR-BR1310-x-K9-R
Maximum Conducted Power (mW)
AIR-ANT2506
5.2 dBi Omni
Regulatory
Domain
CCK
Americas (-A)
EMEA (-E)
Japan (-J)
AIR-ANT3549
9 dBi Patch
AIR-ANT2410Y-R 10
dBi Yagi
13 dBi Integral
Patch Antenna
Array
OFDM
CCK
OFDM
CCK
OFDM
CCK
OFDM
100
30
100
30
100
30
100
30
20
10
10
10
10
10
10
10
10
10
10
10
*A minimum of 2 dB of cable loss must be used for this configuration
Check your regulatory domain FCC / ETSI for proper settings

CWLF v1.0m3-12
Cisco Aironet 1300 Series Outdoor AP/BridgePower Levels vs. Antenna Gains (Cont.)
AIR-BR1310-x-K9-R
Maximum Conducted Power (mW)
AIR-ANT24120
12 dBi Omni
Regulatory
Domain
Americas (-A)
EMEA (-E)
Japan (-J)
AIR-ANT1949
13.5 dBi Yagi
AIR-ANT24G14VSA
14 dBi Sector
AIR-ANT3338
21 dBi Dish
CCK
OFDM
CCK
OFDM
CCK
OFDM
CCK
OFDM
100
30
100
30
50
20
20
10
1*
NA
10
10
10
10
10
10
10
10
*A minimum of 2 dB of cable loss must be used for this configuration
Check your regulatory domain FCC / ETSI for proper settings

CWLF v1.0m3-13
802.11g (2.4 GHz Band)

An improper combination of power level and antenna gain can result in equivalent isotropic
radiated power (EIRP) above the amount allowed per regulatory domain.
Wireless Bridges
3-15
Note
3-16
To meet regulatory restrictions, the external antenna bridge unit and the external antenna
must be professionally installed. The network administration or other IT professional
responsible for installing and configuring the unit is a suitable professional installer.
Following installation, access to the unit should be password protected by the network
administrator to maintain regulatory compliance.
100 mW=20 dBm, 50 mW=17 dBm, 30 mW=15 dBm, 20 mW=13 dBm, 10 mW=10 dBm
Antenna gain<= 13.5 dBi Complementary Code Keying (CCK) Power is 100 mW, and
OFDM power is 30 mW
For antenna gain > 14 dBi CCK power is 50 mW for 14 dBi and OFDM power is 20 mW
For antenna gain 21 dBi CCK power is 20 mW and OFDM power is 10 mW
Japan has only one power settings. 10 mW for external and integrated antennas, and it does
not include channel 14
Maximum Power Levels per Antenna Gain for 802.11g

Maximum Power Level (mW)
Regulatory Domain
Antenna Gain (dBi)
CCK
OFDM
Americas (-A)
(4 W EIRP maximum)
5.2 (Omni)
100
30
9 (Patch)
100
30
10 (Yagi)
100
30
11 (Omni)
12 (Omni)
100
30
13 (Integrated patch)
100
30
13.5 (Yagi)
100
30
14 (Sector)
50
20
21 (Dish)
20
10
5.2 (Omni)
20
10
9 (Patch)
10
10 (Yagi)
10
11 (Omni)
12 (Omni)
13.5 (Yagi)
14 (Sector)
21 (Dish)
5.2 (Omni)
10
10
9 (Patch)
10
10
10 (Yagi)
10
10
11 (Omni)
10
10
12 (Omni)
10
10
10
10
13.5 (Yagi)
10
10
EMEA (-E)
(100 mW EIRP maximum)
Japan (-J)
(10 mW/MHz EIRP maximum)
Wireless Bridges
3-17
3-18
14 (Sector)
10
10
21 (Dish)
10
10
1400 Series Access Point Bridge

This topic describes the 1400 Series Aironet Access Point and Bridge product performance
and deployment.
Cisco Aironet 1400 Series Outdoor Metro

Bridge
IEEE 802.11a, UNII-3 band
(5.7255.825-GHz)
Derived from 802.11a standard
Delivers 6- to 54-Mbps
Range over 12 miles
Without a need for a license
Easy to install
Antenna alignment LEDs and RSSI
port on housing
Quick-hang mounting bracket
CWLF v1.0m3-14
This bridge is designed for building-to-building wireless connectivity. Operating in the 5.8GHz UNII-3 band (5.725-5.825 MHz), derived from the IEEE 802.11a standard, the bridge
delivers 6- to 54-Mbps data rates without the need for a license. Therefore, anyone can deploy
FCC-certified bridges anywhere in the United States without applying for or paying for special
licenses (some restrictions can apply over special areas such as airports and military bases).
Networks can be quickly deployed and moved without any licensing or government reporting.
For example, an airport application can place cameras or other data links near critical operation
areas. By placing a single bridge on top of a tall structure (such as a control tower) and another
on a power or light truck pointing toward the control tower, a fully secure link is established.
You can then be mobile about the grounds on the truck without trenching cables or applying for
licenses.
Install Mode: This mode drives LEDs and a Received Signal Strength Indicator (RSSI) port
with a voltage output proportional to received signal strength for use in the installation and
alignment process. This feature frees installers to perform the installation and verify the link
quality without requiring Cisco IOS software or data networking knowledge.
The Cisco Aironet 1400 Series multifunction mount allows the captured antenna Cisco Aironet
1400 Series to provide either horizontal or vertical polarization. With its quick-hang feature, the
mount supports the weight of the bridge during the alignment process. To assist the installation,
hoisting rings are attached to the mount. The mount interfaces to poles or masts from 1.5 to 2.5
inches while allowing for elevation and azimuth alignment. For the connected version, the
mount provides a wall-mount mechanism. The captured antenna Cisco Aironet 1400 Series can
be mounted to a wall, roof, or other flat surface with the addition of the optional Cisco Aironet
1400 roof and wall mount kit.
Wireless Bridges
3-19
Cisco Bridging Products- Feature Rich

Solution
Cisco IOS systems software for familiar interface
with common functionality, scalability, and security
QoS - enables IEEE 802.1q packet prioritization for
voice, video and data
Point-to-point or point-to-multipoint up to 17 non-root
bridges
Link aggregation for increased bandwidth via Fast
Ether Channel (FEC), Port Aggregation Protocol
(PAg-P)
CWLF v1.0m3-15
The Cisco Aironet 1400 Series Wireless Bridge utilizes Cisco IOS software to provide a
familiar user interface with common functionality, scalability, and security. Additionally,
advanced features such as QoS are included, enabling packet prioritization for voice, video, and
data. Trunking up to 24 VoIP circuits and data over point-to-point links is also possible.
Bandwidth can be increased (up to 100-Mbps of combined bandwidth) between bridged
networks through the aggregation of multiple bridges at each site through Fast Ether Channel
(FEC), or Port Aggregation Protocol (PAg-P), or through routing protocols.
3-20
Cisco Bridging Products- Feature Rich

Solution (Cont.)
Trunking of up to 16 virtual LAN (VLAN)s between
multiple networks
75-ohm easily sealable outdoor dual coax cables that
carries power and data
Wireless packet concatenation to enable efficient use
of the wireless media
Supports fast secure non-root bridge Layer 2
roaming (CCKM)
IEEE 802.11d World Mode
Programmable clear channel assessment to allow
tuning to the interference environment to reduce
contention overhead
CWLF v1.0m3-16
For a multipurpose network, VLANs can be configured by allowing different non-root bridges
operating on the same root bridge to trunk different VLANS.
RG-6 coaxial 75-ohm cable can be run up to 300 feet. This allows tall buildings and tower
configurations to be accomplished easily.
The concatenation of smaller packets into larger ones allows the Cisco Aironet 1400 and 1300
Series to more efficiently utilize the wireless medium and provide higher overall data
throughputs.
Fast secure roaming allows authenticated non-root bridges and access points configured as
workgroup bridges to roam securely from one root bridge to another without any perceptible
delay during reassociation. The 1300 Series Bridge can be mobile and take advantage of this
unique feature. The 1300 bridge was designed for vehicle, train and maritime transportation
specifications.
World mode enables the bridge to inform an IEEE 802.11d client device which radio setting the
device should use to conform to local regulations.
With a programmable clear channel assessment, the Cisco Aironet 1400 Series can be
configured to the particular background interference level found in your environment for
reduced contention overhead with other wireless systems.
Wireless Bridges
3-21
Outdoor NEMA-4
weatherproof enclosure
With integrated
22.5-dBi antenna
Remote antennas:
9-dBi omnidirectional (vertical
polarization)
9.5-dBi sector (horizontal and
vertical polarization)
With connector for

remote antennas
28-dBi dish (horizontal and

vertical polarization)
CWLF v1.0m3-17
Operating in the unlicensed 5.8 GHz band, the Cisco Aironet 1400 Series Wireless Bridge sets
a new standard for performance, combining powerful 250 mW radios, industry-leading receive
sensitivity, installation tools to assist in bridge placement, delay spread capabilities, and a
choice of integrated or connectorized high-gain antennas, Cisco provides a complete solution
for a wide variety of fixed wireless applications.
Data rates of 54-Mbps can be enabled for point-to-point links up to 7.5 miles, and for point-tomultipoint links up to 2 miles. Aggregate throughput can be obtained in excess of 28-Mbps.
Also, by using higher gain antennas or lower data rates, ranges in excess of 20 miles point-topoint can be covered.
Rapid deployment and redeployment can be achieved with no reliance upon
telecommunications providers nor a lengthy license or trenching process. The Cisco Aironet
1400 Series Wireless Bridge allows placement in an outdoor environment without the use of an
expensive additional National Electrical Manufacturers Association (NEMA) enclosure.
Further flexibility is achieved by enabling point-to-point or point-to-multipoint networks with a
single product line. The mounting bracket has been designed to allow installation on poles,
walls, and roofs, while also providing a mechanism for choosing the desired polarization.
The Cisco Aironet 1400 Series Wireless Bridge offers an outdoor wireless bridging solution in
two product SKUs. The captured antenna version features an integrated radio and high-gain
integrated antenna for user installations of point-to-point links and the non-root nodes of pointto-multipoint networks.
The connectorized version provides professional installers with an N-type connector that allows
the deployment of the root nodes of point-to-multipoint networks with omnidirectional or
sector antennas, or of high-gain dish antennas for longer links. The external antenna options
are:
3-22
9.0-dBi vertically polarized omnidirectional antenna
9.5-dBi sector antenna with support for vertical or horizontal linear polarization
28.0-dBi dish antenna with support for vertical or horizontal linear polarization
Integrated antenna SKU is not field changeable to the SKU with an option of remote
antenna
Wireless Bridges
3-23
1400 Series Outdoor Channels and Power Levels

This topic defines available channels and maximum power levels for each antenna.

(Cont.)
Mode
Antenna
Speed
Range
Point-to-Point
Integrated 22.5dBi
54 Mbps
7.5 Miles
Point-to-Point
28-dBi Dish
54 Mbps
12 Miles
Point-to-Point
28-dBi Dish
9 Mbps
23 Miles
Multipoint
9-dBi Omni
54 Mbps
2 Miles
Multipoint
9-dBi Omni
9 Mbps
8 Miles
CWLF v1.0m3-18
With Cisco Aironet bridge antennas, and the right mounting hardware, the customer can
customize wireless solutions that meet the requirements of the most challenging applications.
Possible solutions include the following:
3-24
Mode
Antenna
Speed
Range
Point-to-point
Integrated 22.5-dBi
54 Mbps
7.5 miles
Point-to-point
28- dBi dish
54 Mbps
12 miles
Point-to-point
28-dBi dish
9 Mbps
23 miles
Multipoint
9-dBi omnidirectional
54 Mbps
2 miles
Multipoint
9-dBi omnidirectional
9 Mbps
8 miles
BR1410 an BR1310 Deployment Scenarios

This topic describes deployment scenarios for the 1300 and 1400 series bridges.
BR1410 and BR1310 Deployment Scenarios
CWLF v1.0m3-19
The Cisco Systems 1400 Series Wireless Bridge is designed to be installed outdoors, typically
on a tower or a tall building. Typical bridge installations are shown in this illustration.
The installation on the left shows the bridge SKU with integrated antenna. Two RG-6 coaxial
cables run from the bridge to the inside of the building through the grounding block. Because
power injectors and power supplies are not water proof these items must be mounted indoors or
in a water proof NEMA enclosure. The RG-6 75-Ohm cable can be run as long as 300 feet from
the power injector to outdoor unit mounted at the antenna location.
The middle and picture depict the installation of the bridge SKU with remote antennas. In the
middle picture, the bridge has been installed indoors, and the distance between the bridge and
the antenna has been extended using LMR-400 and LMR-600 cables.
Cisco Aironet 1300 and 1400 Series Bridges are NEMA 4 rated and may be mounted at the
antenna mast to reduce loss in the antenna cable used.
Wireless Bridges
3-25
Lesson Self-Check
Q1)
What is the maximum transmit power level for the 1300 Series Bridge? (Choose one.)
(Source: 1300 Series Wireless Bridge)
A)
B)
C)
D)
Q2)
How many antenna options are available for the 1300 Series Bridge? (Source: 1300
Series Outdoor Channels and Power Levels)
A)
B)
C)
D)
Q3)
30 mW
50 mW
100 mW
75 mW
10
9
8
7
What is the maximum transmit power supported by the 1400 Series Bridge? (Source:
1400 Series Outdoor Channels and Power)
____________________________________________________________________
Q4)
The 1400 Series Bridge supports up to _______ non-root bridges in point-to-multipoint

configuration. (Source: 1400 Series Access Point and Bridge)
Q5)
How many antenna options are available for the 1400 Series Bridge? (Source: 1400
Series Outdoor Channels and Power Levels)
A)
B)
C)
D)
Q6)
Root bridges connect to other root bridges. (Source: Wireless Bridges and Bridge
Alternatives)
A)
B)
3-26
6
5
4
3
True
False

Q1)
100 mW
Q2)
Q3)
250 mW
Q4)
17
Q5)
Q6)
False
Wireless Bridges
3-27
Summary
This topic summarizes the key points discussed in this lesson.
Summary
Cisco Aironet bridges offer many advantages over T1 lines,
cabling, and microwave connections.
We discussed the 1300 bridge features.
We addressed the 1300 outdoor channels and power levels.
We discussed the 1400 bridge features.
We addressed the 1400 outdoor channels and power levels.
We discussed BR1410 and 1310 deployment scenarios.
3-28
CWLF v1.0m3-21
Lesson 2
Choosing Roles in the Radio

Network
Overview
This lesson covers the different station roles that can be applied to access points and bridges.
Objectives
Upon completing this lesson, you will be able to list the features and functions of the supported
roles. This ability includes being able to meet these objectives:
Define roles in radio network
Compare the functions of a bridge and an access point when operating in a root mode
Role in Radio Network

This topic defines roles in radio network.
Radio Roles in an Access Point or Bridge
Access Point
Root Bridge
w/clients or
w/out clients
Workgroup
Bridge
Repeater
Non-Root
Bridge w/clients
or w/out clients
Scanning
Access Point
1300 Access 1300 Repeater

Point
1300 Root
Bridge
w/clients or
w/out clients
1300
Workgroup
Bridge
1400 Root
Bridge
1300 Non-Root 1400 NonBridge w/clients Root Bridge

or w/out clients
1300
Scanning
Access Point
CWLF v1.0m3-2
Radio roles available in the access point or bridge include:
Root access point: Ethernet port enabled will pass traffic between wired LAN and wireless
clients.
Repeater access point: Ethernet port disabled, repeats wireless traffic.
Note
3-30
Repeater access point is labeled as Non Root Access Point in CLI.
Root bridge with clients: Ethernet port enabled, and always associates clients.
Root bridge without clients: Ethernet port enabled, and associates non-root bridges or
workgroup bridges only.
Non-root bridge without clients: Ethernet port enabled and communicates to root bridge.
Non-root bridge with clients: Ethernet port enabled and associates clients if associated to
a root bridge.
Workgroup bridge: Acts as wireless client for wired Ethernet devices.
Radio Roles Available as of Today in an

Access Point or Bridge
Fallback to radio island: Ethernet port goes off and root
access point is converted to an independent radio island.
Fallback to radio shutdown: Ethernet port goes off radio is
shut down.
Fallback Repeater: Ethernet port goes off, and root access
point turns into repeater.
CWLF v1.0m3-3
Access Point Root (Fallback to Radio Island): This default setting enables wireless clients to
continue to associate even when there is no connection to the wired LAN.
Access Point Root (Fallback to Radio Shutdown): When the wired connection is lost, the
radio shuts down. This fallback forces the clients to associate to another access point if one is
available.
Access Point Root (Fallback to Repeater): When the wired connection is lost, the radio
becomes a repeater. The repeater parent should be configured to allow data to be wirelessly
transferred to another access point.
Wireless Bridges
3-31
Root and Non-Root Bridge

Communicates with:
Root
Bridge
Non-root bridge
Workgroup bridge
Workgroup
Bridge
Repeater access points

Wireless clients
Repeater
Access Point
Non-Root
Bridge
Wireless
Clients
PCI Card
PC Card
NOTE: Unlike Cisco Aironet 1310

Bridge, the Cisco Aironet 1410
Bridge does not support wireless
clients.
CWLF v1.0m3-4
This setting is normally used for the main bridgein other words, the bridge that is connected
to the main network. This bridge provides connectivity to the main LAN for other wireless
clients or wired clients that are being connected wirelessly. In this mode, the bridge supports
the following client types by default:
Non-root bridges
Wireless client cards (PC card, PCI card)
Workgroup bridges (WGBs)
Access points configured as repeaters
Only one bridge in a WLAN can be set as the root bridge. This is the default setting for Cisco
Aironet bridges.
3-32
Parent-Child Relationship
(Root Bridge vs. Non-Root Bridge)
Root bridge (parent):
Accepts associations
and communicates
with non-root bridge
(child) devices
Will not communicate
with other root bridge
devices
Communicates with
multiple non-root
bridges
Root
Bridge
Non-Root
Bridges
Root
Bridge
Non-Root
Bridges
Non-Root
Bridges
Root
Bridge
NOTE: Unlike the BR1300, the BR1410

only supports the root and non-root bridge roles in the radio network.
CWLF v1.0m3-5
In order for two or more Cisco wireless bridges to communicate, you must configure one
bridge to root bridge mode and the rest of the bridges to non-root mode. The function of a nonroot bridge is to actively seek out a radio connection to the root bridge. This must occur before
data can be transferred or bridged across a link.
Wireless Bridges
3-33
Parent-Child Relationship
(Root Bridge vs. Non-Root Bridge) (Cont.)
Non-root (child):
Can associate and
communicate with root
devices or clients
Non-Root
Bridges
Root
Bridge
Will communicate with

other non-root devices,
provided the another
non-root device is
communicating with a
root
Non-Root
Bridges
Non-Root
Bridges
Non-Root
Bridge
Non-Root
Bridge
Root
Bridge
CWLF v1.0m3-6
A single parent bridge can support numerous child bridges. The number of child bridges that
should be attached to a parent bridge is determined by usage and throughput needs.
There is only one exception. A non-rot bridge communicates with another non-root bride as
long as one of the non-root bridges has a root bridge in its uplink.
3-34
Non-Root Bridge without Clients

Communicates with:
Root
bridge
Root bridge ONLY
Non-root
bridge
Non-root
bridge
CWLF v1.0m3-7
This setting is normally used for a bridge that is used to connect a remote wired LAN and will
only communicate with another root bridge. In this mode the bridge will refuse associations
from wireless clients. Cisco Aironet 1400 Series Bridges do not communicate with clients,
only other bridges operating in the 5-GHz UNII-3 band.
Wireless Bridges
3-35
Root Bridge without Clients

Communicates with:
Non-root bridges
Root
bridge
Workgroup bridges
Non-root
bridge
Workgroup
bridge
CWLF v1.0m3-8
This role in the radio network is a new feature with the release of Cisco IOS software release
12.3(7)JA1.
This allows you to lock down what devices are allowed to connect to the root bridge. This
setting would normally be the setting used when interconnecting LANs and using the bridge
link as backbone only. This radio role is only supported on Aironet 1200, 1240AG, and 1300
Series Access Point and bridge products.
3-36
Comparing Access Points and Bridges

This topic compares the functions of a bridge and an access point when operating in a root
mode.
Root Mode: Access Point vs. Bridge

Access point in
non-root mode
Management traffic only via
Ethernet
Access Point in
Non-Root Mode
Bridge set to root or nonroot

Able to send traffic via
Ethernet or radio
Bridge in Root
Mode
Bridge in Non-Root
Mode
CWLF v1.0m3-9
Whether configured as a root or non-root device, a bridge can always communicate with other
bridges via the radio frequency (RF) and with the wired network via the Ethernet port. Even
when configured to operate in access point mode, the bridge can still pass network traffic via
both the RF and Ethernet ports. This is one of the main differences between a Cisco Aironet
bridge and an access point.
Cisco Aironet access points and bridges use the same radio. The Cisco Aironet bridge has the
same receiver sensitivity, power levels, and capabilities as the Cisco Aironet access point. This
means that while operating in access point mode, the Cisco Aironet bridge can be configured as
a fully IEEE 802.11-compliant access point that supports Cisco Aironet wireless clients.
Wireless Bridges
3-37
Role Comparison: AP vs. BR vs. WGB

Role
Accepts Associations from:
Associates to:
Root
AP
NR BR
Repeater
Wireless Wired
with
AP
Clients Clients
Clients
Root
BR
Root AP
Repeater
AP
Root BR
NR BR
without
Clients
NR BR
with
Clients
Work
Group
Bridge
9
9
NR
BRs
STP
WGBs
Disabled
Disabled
Settable
Settable
Settable
Disabled
Provided the NR bridge has connectivity to the root bridge
CWLF v1.0m3-10
The following is a role comparison between the access point, and workgroup bridge.
Associates to:
Role
Accepts Associations from:
Root
Root
Repeater
NR BR
Wireless
Wired
NR
AP
BR
AP
with
Clients
Clients
Bridges
WGBs
STP
Clients
Root AP
Repeater
AP
Root BR
Disabled
Disabled
Settable
NR BR
without
Clients
NR BR
with
Clients
Work
Group
Bridge
3-38
Settable
Settable
Disabled
Repeater Access Point Topology

Root access point: Attached to
Ethernet infrastructure, form root
of the tree.
Non-root repeater: Ethernet off,
connects as close to root as
possible and repeats to other
repeaters and to associated
clients.
Topology is a tree rooted to root
access points.
All the access points in any tree
must be on the same channel!
Presently only one repeater
interface per access point is
supported, even if the access point
has two radios.
CWLF v1.0m3-11
Things to understand about repeater access point topologies include:
Root access point: Attached to Ethernet infrastructure, form root of the tree.
Non-root repeater: Ethernet off, connects as close to root as possible and repeats to other
repeaters and to associated clients.
All the access points in any tree must be on the same channel.
0nly one repeater interface per access point is supported, even if the access point has two
radios.
Wireless Bridges
3-39
Access Point Link Role Flexibility

Root Access Points
Layer 0ne Repeaters
Root 1
Layer Two Repeaters
Repeater 1A
5 GHz Backhaul
Et
he
rn
et
Repeater 2A
Root 2
Repeater 1B
Repeater 2B
Root 3
Repeater 1C
CWLF v1.0m3-12
Access point link role flexibility allows an access point to operate in a combination of radio
roles, such as access point root, access point repeater, bridge root (with or without clients),
bridge non-root (with or without clients), and workgroup bridge. This feature provides a more
flexible deployment scheme for the Cisco Aironet 1200 Series Access Point supporting various
applications requirement.
Note
Multiple repeaters can cause a reduction in throughput because of the high number of
repeaters and active clients in the network. Careful planning and radio fine-tuning is
essential to avoid throughput problems.
The following is a list of repeater limitations:
3-40
Once you configure a radio as a repeater, the Ethernet port is disabled.
In dual-radio access points, only one radio can be a repeater; the other radio must be
configured as a root radio.
Repeater access points only support the native virtual LAN (VLAN).
The data rates configured on the repeater access point should match the data rates on the
parent access point.
You can employ a chain of repeater access points (repeaters communicating with another
repeater) but throughput is reduced.
Repeater access points do not support Wireless Domain Services (WDS). You cannot
configure a repeater access point as a WDS access point, and if a root access point becomes
a repeater in fallback mode, it cannot provide WDS.
When configuring repeaters, Aironet extensions should be enabled on both the parent (root)
access point and the repeater access points.
Full Duplex Repeaters

Full duplex repeaters
5 GHz
Uplink
2.4 GHz
Local Link
Ethernet to
Network
5 GHz
Uplink
WGB
5 GHz
Uplink
2.4 GHz
Local Link
NEMA BOX
Ethernet to
Network
2.4 GHz
Local Link
2.4 GHz
Local Link
Extending full duplex operation

CWLF v1.0m3-13
Full duplex repeaters can be created by having multiple radios collectively at one place in an
enclosure (such as National Electrical Manufacturers Association [NEMA] enclosure).
Assuming that the node will also be used for end user access, three radios in total are needed.
One radio (2.4 GHz) can be used for end user access. The other two radios (5 GHz) can be
used for the backhaul connectivity with one radio for the uplink and second radio for the next
hop, so one radio for each direction.
Half duplex repeaters are the ones which transmit and receive at one frequency. Transmit and
receive do not occur simultaneously.
Full duplex repeaters are the ones which transmit and receive at two different frequencies and
transmit and receive can occur simultaneously.
Wireless Bridges
3-41
Cisco IOS Software Release 12.3(7)JA1

Radio Role Highlights
Bridge mode radio supports point-to-point and pointto-multipoint configurations.
If one radio is configured as WGB or repeater, the
second radio is usable.
WGB mode radio does not support wireless client.
Only one radio per box can be configured into WGB
or repeater.
Cisco Aironet 1240AG, 1230AG and 1200 Series APs
are interoperable with the Cisco Aironet 1300 Series
when operating in bridge mode.
CWLF v1.0m3-14
Highlights of the radio roles with the IOS software release 12.3(7)JA1 include:
Bridge mode radio supports point-to-point and point-to-multipoint configurations.
If one radio is configured as workgroup bridge or repeater, the second radio is usable.
Workgroup bridge mode radio does not support wireless client.
Only one radio per box can be configured into workgroup bridge or repeater.
Cisco Aironet 1240AG, 1230AG and 1200 Series access points are interoperable with the
Cisco Aironet 1300 Series when operating in bridge mode.
Bridge features not supported on Cisco Aironet 1200 and 1240AG Series access points:
CCA (Clear Channel Assessment)
Auto install feature (for alignment)
Packet concatenation
Ether channel (stacking bridges)
Interoperability with Cisco Aironet BR1410 on IEEE 802.11a radio
Note
3-42
Distance settings are available on the Cisco Aironet 1200 and 1240AG Series access points
if configured in a root bridge radio role.
Cisco IOS Software Release 12.3(7)JA1

Radio Role Examples
Repeater and Root AP
Root AP and Root AP
Backbone
Backbone
Root AP
(with clients)
Dual radio AP
Radio1
Radio2
Repeater AP
role
Root AP
role
Root AP
role
Root AP
role
Radio1
Radio2
Dual radio AP
CWLF v1.0m3-15
Radio Role Examples

The figure on the left side is a dual radio access point acting as a root access point for both
radio 1 and radio 2.
The figure on the right side is a dual radio access point acting as a repeater and a root access
point. The repeater access point actually bridges the dual radios root access points traffic back
to the wired network.
Wireless Bridges
3-43
Full Duplex Design Example

Full duplex
Backbone
Root bridge
(with or without
clients)
5 GHz
36
2.4 GHz
44
6
Root AP
role
Non-root Bridge
role
(with or without
Clients)
Radio1
5 GHz
WGB
Role
Radio2
Dual radio AP
CWLF v1.0m3-16
Full Duplex Design Example

This figure is an example of a full duplex design. The backbone or network sits behind the root
bridge which connects the non-root bridge to the network. Radio two and the WGB radio
forward there traffic through radio 1 to the network.
3-44
Workgroup and Root Access Point Example

Backbone
WGB and root

access point
Root AP
(with clients)
WGB role
Root AP
role
Radio1
Radio2
Dual radio AP
Both radios are usable

CWLF v1.0m3-17
Workgroup Bridge and Root Access Point

Shown on the figure, the workgroup bridge acts as the wireless backbone to the network
supporting both radio two which is configured as a root access point and all traffic received via
the dual radio Ethernet port.
Wireless Bridges
3-45
1400 Series Bridge Radio Interface Page
CWLF v1.0m3-18
Role in Radio Network: Select the role in the radio network for each device. Depending on
which device you are using, the roles can vary.
Root Bridge: Only Cisco Aironet 1400 series non-root bridges can associate with Aironet 1400
series root bridges.
Non-Root Bridge: Only Cisco Aironet 1400 series root bridges can associate with Aironet
1400 series non-root bridges.
Install Automatic: This allows the bridge to try to find a non-root or root bridge to connect to.
Install Root Bridge and Install Non-Root Bridge: In installation mode, the bridge polls the
radio for the received signal strength indication (RSSI) value and updates the LEDs and the
RSSI voltage port.
3-46
1300 Series Bridge Radio Interface Page
CWLF v1.0m3-19
which device you are using, the roles can vary. You can also configure a fallback role for root
access points. The wireless device automatically assumes the fallback role when its Ethernet
port is disabled or disconnected from the wired LAN. Choose one of the three access point
(root) settings if the access point is connected to the wired LAN.
Access Point (AP1100, 1130, 1200, 1240, 1310): This default setting enables wireless clients
to continue to associate even when there is no connection to the wired LAN.
Access Point (Fallback to Radio Shutdown): When the wired connection is lost, the radio
shuts down. This fallback forces the clients to associate to another access point if one is
available.
Access Point (Fallback to Repeater): When the wired connection is lost, the radio becomes a
repeater. The repeater parent should be configured to allow data to be wirelessly transferred to
another access point.
Repeater (AP1100, 1130, 1200, 1240, 1310): Choose this setting if the access point is not
connected to the wired LAN. Client data is transferred to the access point selected as the
repeater parent. The repeater parent may be configured as an access point or another repeater.
Root Bridge with Wireless Client (AP1200, 1240, 1310): Specifies that the root bridge mode
accepts associations from client devices. A root bridge can be an access point or a bridge.
Wireless clients, non-root bridges, repeaters, and workgroup bridges can associate with a root
bridge.
Non-Root Bridge with Wireless Clients (AP1200, 1240, 1310): Specifies that the non-root
bridge mode accepts associations from client devices. Wireless bridges can associate only with
non-root bridges.
Root Bridge without Wireless Clients (AP1200, 1240, 1310, BR1410): Only non-root
bridges can associate with root bridges.
Wireless Bridges
3-47
Non-Root Bridge without Wireless Clients (AP1200, 1240, 1310, BR1410): Specifies that
the access point operates as a non-root bridge and must associate to a root bridge. No wireless
clients can associate with non-root bridges.
Workgroup Bridge (AP1100, 1130, 1200, 1240, 1310): In workgroup bridge mode, the unit
associates to another access point as a client and provide a network connection to the devices
connected to its Ethernet port. The workgroup bridge associates to an access point on your
network. When you configure one radio interface as a workgroup bridge, the other radio
interface is automatically disabled.
Scanner (AP1100, 1130, 1200, 1240, 1310): This option is supported only when used with a
WLSE device on your network. It specifies that the access point operates as a radio scanner
only and does not accept associations from client devices. As a scanner, the access point
collects radio data and sends it to the WDS access point on your network.
3-48
1200 and 1240 Radio Interface Page
CWLF v1.0m3-20
which device you are using, the roles can vary. You can also configure a fallback role for root
access points. The wireless device automatically assumes the fallback role when its Ethernet
port is disabled or disconnected from the wired LAN. Choose one of the three access point
(root) settings if the access point is connected to the wired LAN.
Access Point (AP1100, 1130, 1200, 1240, 1310): This default setting enables wireless clients
to continue to associate even when there is no connection to the wired LAN.
Access Point (Fallback to Radio Shutdown): When the wired connection is lost, the radio
shuts down. This fallback forces the clients to associate to another access point if one is
available.
Access Point (Fallback to Repeater): When the wired connection is lost, the radio becomes a
repeater. The repeater parent should be configured to allow data to be wirelessly transferred to
another access point.
Repeater (AP1100, 1130, 1200, 1240, 1310): Choose this setting if the access point is not
connected to the wired LAN. Client data is transferred to the access point selected as the
repeater parent. The repeater parent may be configured as an access point or another repeater.
Root Bridge with Wireless Client (AP1200, 1240, 1310): Specifies that the root bridge mode
accepts associations from client devices. A root bridge can be an access point or a bridge.
Wireless clients, non-root bridges, repeaters, and workgroup bridges can associate with a root
bridge.
Non-Root Bridge with Wireless Clients (AP1200, 1240, 1310): Specifies that the non-root
bridge mode accepts associations from client devices. Wireless bridges can associate only with
non-root bridges.
Root Bridge without Wireless Clients (AP1200, 1240, 1310, BR1410): Only non-root
bridges can associate with root bridges.
Wireless Bridges
3-49
Non-Root Bridge without Wireless Clients (AP1200, 1240, 1310, BR1410): Specifies that
the access point operates as a non-root bridge and must associate to a root bridge. No wireless
clients can associate with non-root bridges.
Workgroup Bridge (AP1100, 1130, 1200, 1240, 1310): In workgroup bridge mode, the unit
associates to another access point as a client and provide a network connection to the devices
connected to its Ethernet port. The workgroup bridge associates to an access point on your
network. When you configure one radio interface as a workgroup bridge, the other radio
interface is automatically disabled.
Scanner (AP1100, 1130, 1200, 1240, 1310): This option is supported only when used with a
WLSE device on your network. It specifies that the access point operates as a radio scanner
only and does not accept associations from client devices. As a scanner, the access point
collects radio data and sends it to the WDS access point on your network.
3-50
Lesson Self-Check
Q1)
If the access point is set to Fallback Repeater which of the following is true? (Choose
one.) (Source: Role in Radio Network)
A)
B)
C)
D)
Q2)
Ethernet port is disabled and radio is shut down

Ethernet is disabled and root access point is converted to and independent radio
island.
Ethernet port is disabled and root access point turns into a repeater
Ethernet port is disabled and access point turns into root bridge
What are the two differences between repeaters and non-root bridges is that? (Choose
two.) (Source: Comparing Access Points to Bridges )
A)
B)
C)
D)
Non-root bridges shut down there Ethernet port

Access points configured as repeaters shut down their Ethernet port
Access points configured as repeaters do not shut down their Ethernet port
Non-root bridges do not shut down there Ethernet port
Q3)
Multiple Repeats can cause a reduction of what? (Source: Link Role Flexibility)
Q4)
A ____________________________ is required for Full Duplex operation. (Source:

Half and Full Duplex Repeaters)
Q5)
Which two radio roles were added to 1200 and 1240AG series access points with IOS
software release 12.3(7)JA1. (Choose two.) (Source: Cisco IOS software release
12.3(7)JA1 Enhancements
A)
B)
C)
D)
Q6)
If one radio is configured as a repeater or a workgroup bridge the other radio is usable.
(Source: Radio Roles in Autonomous Dual Band Access Points)
A)
B)
Q7)
True
False
There are 5 different radio role choices for a 1400 Series Bridge. (Source: Radio Roles
for 1400 Series Bridges)
A)
B)
Q8)
Root bridge with clients

Workgroup bridge
Scanning access point
Non-root bridge without clients
True
False
There are 11 different radio role choices for the 1300 Series Bridge. (Source: Radio
Roles for the 1300 Series Bridge)
A)
B)
True
False
Wireless Bridges
3-51
Q9)
There are 10 different radio role choices for the 1200 Series Bridge. (Source: Radio
Roles for Dual Band 1200 and 1240AG Access Points)
A)
B)
3-52
True
False

Q1)
Q2)
F, H
Q3)
Throughput
Q4)
Dual Radio access point
Q5)
A, D
Q6)
A True
Q7)
False
Q8)
True
Q9)
True
Wireless Bridges
3-53
Summary
Summary
We discussed radio roles available for Cisco Aironet 1200,
1240 Series Access Points as well as radio roles available for
Aironet 1300 and 1400 Series Bridges.
We discussed the different radio roles and how the radio role
in the network effects the access point or bridge capabilities.
Access point link role flexibility allows an access point to
operate in a combination of radio roles.
Full duplex repeaters are the ones which transmit and
receive at two different frequencies, while half duplex
repeaters transmit and receive at one frequency.
Cisco IOS Software Release 12.3(7)JA provides several
features for Cisco Aironet access points and bridges which
include Access Point Link Role Flexibility, QoS, QBSS
support, and AAA cache.
CWLF v1.0m3-23
We discussed radio roles available for Cisco Aironet 1200, 1240 Series Access Points as well
as radio roles available for Aironet 1300 and 1400 Series Bridges. We discussed the different
radio roles and how the radio role in the network effects the access point or bridge capabilities.
Access point link role flexibility allows an access point to operate in a combination of radio
roles, such as access point root, access point repeater, bridge root (with or without clients),
bridge non-root (with or without clients), and workgroup bridge. Full duplex repeaters are the
ones which transmit and receive at two different frequencies and transmit and receive can occur
simultaneously. Half duplex repeaters are the ones which transmit and receive at one frequency.
Transmit and receive do not occur simultaneously. Cisco IOS software release 12.3(7)JA
provides several features for Cisco Aironet 1400 Series outdoor wireless bridges, Cisco Aironet
1300 Series outdoor access points/bridges, and Cisco Aironet 1240AG, 1230AG, 1200,
1130AG, and 1100 series access points. Feature enhancements include support for Cisco
Aironet 1240AG Series access points; Access Point Link Role Flexibility; QoS, QBSS support;
and AAA cache.
3-54
Lesson 3
Determining Bridge Path

Information
Overview
This lesson covers additional considerations for planning an outdoor radio bridge link.
Objectives
Upon completing this lesson, you will be able to determine the feasibility of these locations and
make recommendations for changes where needed. This ability includes being able to meet
these objectives:
Describe how data rate relates to range for wireless bridges
Describe deployment considerations such as distance limits and path loss
Describe the process for calculating bridge distance
Describe various conditions to be considered when you are determining the path between
two antennas
Describe potential issues with antennas with or without downtilt and omnidirectional
antennas
Identify common installation questions for a bridge link
Installation Considerations
This topic describes how data rate relates to range for wireless bridges.

Point/Bridge Range vs. Data Rate
Data rate
1
Mbps
2
Mbps
5.5
Mbps
11
Mbps
14.3
12.5
11.4
9.5
21.7
18.9
17.2
14.3
10.0
8.2
6.5
4.1
13.7
11.9
10.9
9.0
14.3
12.5
11.4
9.5
P2P LOS range (miles)

13 dBi captive antennas
21 dBi external antennas
P2MP LOS range (miles)
5.2 dBi external hub ant.
13 dBi captive client ant.
12 dBi external hub ant.
13 dBi captive client ant

12 dBi external hub ant.
21 dBi external client ant.
6
Mbps
9
Mbps
12
Mbps
18
Mbps
24
Mbps
36
Mbps
48
Mbps
54
Mbps
9.5
9.0
6.4
5.1
3.6
2.3
1.4
1.3
15.7
15.0
13.1
11.9
10.4
8.1
5.1
4.5
4.1
3.7
2.6
2.1
1.5
0.9
0.6
0.5
9.0
8.1
5.1
4.5
3.2
2.0
1.3
1.1
10.4
9.9
8.1
6.4
4.5
2.9
1.8
1.6
CWLF v1.0m3-2
The Cisco Aironet 1310 G Bridge Series operates in the 2.4-GHz frequency range with
improved throughput using Orthogonal Frequency Division Multiplexing (OFDM) and
Complementary Code Keying (CCK) modulation. The bridge also offers the capability to use
integrated or non-captive antenna options.
Maximum operating range for IEEE 802.11g data rates are as follows:
3-56
Point-to-point using the 13-dBi integrated antenna at 54-Mbps can achieve ranges up to 1.3
miles (2 km)
miles (15 km)
miles (23 km)
Point-to-multipoint using a 21-dBi dish and a 12-dBi omni at 54-Mbps can achieve ranges
up to 1.6 miles (2.6 km)
up to 8.1 miles (13 km)
up to 14.3 miles (23 km)
Cisco Aironet 1400 Series Wireless

BridgeRange vs. Data Rate
Data rate
6 Mbps
9 Mbps
12 Mbps
18 Mbps
24 Mbps
36 Mbps
48 Mbps
54 Mbps

22.5-dBi captive antennas
15.5
15.3
14.1
13.2
11.8
10.0
8.3
7.8

28-dBi remote antennas
23.4
23.1
21.4
20.0
17.8
15.1
12.6
11.8

9-dBi external hub antennas
22.5-dBi captive client antennas
8.3
8.2
7.6
7.1
5.7
3.8
2.4
2.0

9.5-dBi remote hub antennas
22.5-dBi captive client antennas
8.5
8.4
7.8
7.2
6.1
4.1
2.6
2.2

9-dBi remote hub antennas
28-dBi remote client antennas
9.8
9.6
8.9
8.3
7.4
5.7
3.6
3.0

9.5-dBi remote hub antennas
28-dBi remote client antennas
10.2
10.1
9.3
8.7
7.8
6.4
4.1
3.4
All distances have been calculated with reference to FCC regulations.
CWLF v1.0m3-3
The 5.8-GHz radio in the Cisco Aironet 1400 Series offers superior radio performance,
resulting in industry-leading range. A greater range results in a higher supported data rate. It
also results in a more reliable link at a given data rate.
The maximum operating range for IEEE 802.11a data rates are as follows:
Point-to-point range of 7.5 miles (13 km) at 54-Mbps, 16 miles (26 km) at 9-Mbps, 12
miles (19 km) at 54-Mbps, and 23 miles (37 km) at 9-Mbps (antennas are 28-dBi dish)
Point-to-multipoint range (sector antenna at root) of 2 miles (3 km) at 54-Mbps, 8 miles (13
km) at 9-Mbps, 4 miles (7 km) at 54-Mbps, and 11 miles (18 km) at 9-Mbps (non-root
antenna is 28-dBi dish)
Wireless Bridges
3-57
Distances Limited by IEEE 802.11

Specification
1 mile at any data rate

1.6 km at any data rate
PCI Card
Access point to any clientmaximum distance
25 miles at 2 Mbps
40 km at 2 Mbps
PCI Card
11.5 miles at 11 Mbps

18.5 km at 11 Mbps
Bridge to any clientmaximum distance
CWLF v1.0m3-4
Customers may want to save money and use the workgroup bridge and access point in place of
a bridge. If the distance is less than 1 mile and the remote end (the workgroup bridge) has fewer
than eight end devices, this can be done. However, if the distance is greater than 1 mile, it is
recommended that a bridge be used instead of the access point. Using an access point at more
than 1 mile will not provide reliable communications because of the timing constraints that the
802.11 standard puts on the return times for packet acknowledgements. Remember, IEEE
802.11 defines a LAN, which is typically a wireless range of up to 1000 feet.
The bridge product has a parameter that stretches this timing (which violates 802.11) and
allows the Cisco Aironet devices to operate at greater distances. (All bridges that support
distances over 1 mile violate 802.11.)
It also means that 802.11 radios from other vendors may not work with the Cisco Aironet
bridge at distances greater than 1 mile.
3-58
Distance Settings on Root Bridges

Device selected to be a root bridge
Distance (Km) setting will appear on the radio
Interface settings page
Must be set for the correct distance of the radio
link
CWLF v1.0m3-5
Configuring the Radio Distance Setting

Use the distance command to specify the distance from a root bridge to the non-root bridges
with which it communicates. The distance setting adjusts timeout values on the bridge to
account for the time required for radio signals to travel from bridge to bridge. If more than one
non-root bridge communicates with the root bridge, enter the distance from the root bridge to
the non-root bridge that is farthest away. Enter a value from 0 to 99 km. It is not necessary to
adjust this setting on non-root bridges.
In installation mode, the default distance setting is 99 km. In other modes, the default distance
setting is 0 km.
The setting is available on the radio interface settings page in the GUI or can be set at the
command-line interface (CLI).
Note
Failure to set this setting to the correct distance of the radio link could lead to the inability to
pass IP traffic.
Wireless Bridges
3-59
Distance and Path Loss Considerations

This topic describes deployment considerations such as distance limits and path loss.
Path Loss Considerations

How far will it go?
22 miles/34.5 km?
CWLF v1.0m3-6
Calculations can be done to provide accurate information on performance and distance.

The following are included in calculations for determining coverage performance:
Antenna gain
Transmitter power
Receiver performance
Cable losses
Environmental structures
Path loss determines how far a signal will travel and still provide reliable communications.
Calculations are made in decibels and can be derived from the theoretical model.
Margin determines how much path interference can be inserted before the signal will no longer
maintain reliable communications. A 10-dB fade margin is required for dependable
communications in all weather conditions.
3-60
Calculations of Coverage Performance

Coaxial Length
100 ft (30.5 m)?
Towers needed to
clear trees and
other buildings
Coaxial Length
150 ft (45.7 m)?
Wants 11-Mbps data rate
Distance = 13 miles (20.9 km)
CWLF v1.0m3-7
Suppose the customer is attempting to install the system as shown in the figure. Will the system
work and meet their needs? Using path loss calculations, antenna gains, and cable lengths, the
distances can be theoretically checked. Changes to the design can be made before attempting to
install based upon these calculations. Some level of comfort can be obtained for a system when
using these calculations.
The Antenna Calculation Utility is used to find out if this situation is feasible. In the next
module the Antenna Calculation Utility will be discussed, as well as how to use it to determine
maximum distances possible while using various cables and antennas at different speeds. Make
changes to the design before attempting installation, based upon these calculations. You can
reach some level of comfort about the system by using these calculations.
Taking what is shown in the figure and using the path loss calculations we come up with the
following:
The maximum distance achieved using LMR 600 low loss cable and two 20-dBm radios with
two 21-dBi parabolic dishes are 12.5 miles (20 km) at 11-Mbps. This also takes into
consideration that the antennas need to be 77 feet (23.5 meters) above all obstructions.
We could due a number of things to fix this such as use a lower loss cable. Or we could mount
the radio in a National Electrical Manufacturers Association (NEMA) enclosure closer to the
antenna to reduce loss. If we shorten the cable by 50 feet (15 meters) on one side we can now
span 16 miles (26 km) versus 12.5 (20 km) miles with the current configuration.
Wireless Bridges
3-61
Loss in Transmission (Antenna) Cable

The loss of the cable is referred to
as attenuation and is typically
measured in dB per 100 feet at a
given frequency.
As radio waves travel through the
antenna cable they encounter
loss. For example, at 2.4 GHz
LMR-400 series cable has a loss of
6.7 dB per 100 feet; however, LMR600 has a loss of only 4.4 dB
per 100 feet.
As you increase the
cable length, you increase
the loss.
Times Microwave LMR Series Antenna Cable
CWLF v1.0m3-8
As radio waves travel through the cable they encounter resistance (loss) known as attenuation.
Much like pouring water through a garden hose (if you started off with a full glass of water)
you would not get the entire glass of water out of the end of the garden hose as some of the
water gets lost. Radio waves also encounter resistance traveling through the antenna cable, how
much resistance or loss (attenuation) depends on several factors.
How well the cable is shielded, how much surface area is available for the signal to travel on,
how well the braided material is shielded, is there a foil and braided material? Always check
the specifications of the cable used and do not forget to add the loss of the cable to your
calculations when determining distance. The antenna calculation utility will allow you to add
the loss of the cable.
LMR-400 series (by Times Microwave) is one half inch cable (the same physical size as RG-8).
RG-8 or Radio Grade 8 type cable is not recommended at frequencies of 2.4-GHz and smaller
cable diameters such as RG-58 (similar to LMR-200) should not be used for distances greater
then 36 inches (3 feet) as there is considerable loss in these types of cables. Cisco currently
offers LMR-400 series cable for antenna lengths up to 100 feet and LMR-600 for 150 feet
lengths.
3-62
Calculations of Coverage Performance

(Cont.)
CWLF v1.0m3-9
Rain, fog, and snow have little effect on path loss. The effect that they do have can be offset by
having a path margin of at least 10-dB, as provided by the Cisco Antenna Calculation Utility.
Line-of-sight is required between sites for long distances.
Because trees are mostly water, they can have a major effect on loss. Microwave ovens use the
2.4-GHz band because of how well water absorbs this particular frequency. As a result, the
radio frequency (RF) signal in the 2.4-GHz band will not get through trees because their high
water content means the trees will absorb the signal. The same concept applies to the 5-GHz
band.
Other considerations:
Long distance signals will not travel through most building structures.
Line-of-sight is generally required between sites for long distances.
Wireless Bridges
3-63
Bridge Distance Calculations

This topic describes the process for calculating bridge distance.
Bridge Distance Calculation
CWLF v1.0m3-10
The following describes the Outdoor Bridge Range Calculation Utility.

Step 1
Select the proper sheet for 2.4-GHz or 5-GHz systems.
Step 2
Select the proper regulatory domain based upon your approvals for installation
locations. (See the Power Regulatory Domain Worksheet of the utility.)
Step 3
Select the product being used for both sides of the link.
Step 4
Select the power level for both sides of the link.
Step 5
Select the data rate being used.
Step 6
Select the antenna used on each site. If you are using antennas other than Cisco
Aironet antennas, enter the gain factor in dBi.
Step 7
Select the cables being used on each side. If you are using cables other than Aironet
cables, select Other, then enter the loss per 100 feet and the length of the cable.
For the Aironet 1410 bridge only, you must select typical environmental conditions.
3-64
Note
Remember that these are theoretical calculations.
Note
Line-of-sight is required.
Range Calculation Tool
CWLF v1.0m3-11
Using the Outdoor Bridge Range Calculation Utility enables you to get an idea how far the
bridge link can go, and how to select the various antennas and data rates. All bridge links are
point-to-point when you are using the Outdoor Bridge Range Calculation Utility. When you are
computing point-to-multipoint links, always compare the root bridge with each remote or nonroot site to determine distances.
Wireless Bridges
3-65
Outdoor Path Considerations

This topic describes various conditions to be considered when determining the path between
two antennas.
Path Considerations
Radio line-of-sight
Earth bulge
Fresnel zone
Antenna and cabling
Data rate
Frequency
CWLF v1.0m3-12
There are several items that should be considered when you are determining a path between
two antennas. There should be a clear visible path between the two antennas (you may need
binoculars to see from one to the other). There should be no obstructions between the antennas
themselves. Obstructions include trees, buildings, hills, and so on.
Remember to take into account the curvature of the earth and atmospheric refraction. Typically,
at distances below 7 miles (11.26 km), earth bulge can be ignored.
3-66
Line-of-Sight
Radio line-of-sight
Not the same as visual line-of-sight
Fresnel zone
The following obstructions might obscure a visual link:

Topographic features, such as mountains
Curvature of the earth
Buildings and other man made objects
Trees
Line-of-sight!
CWLF v1.0m3-13
One of the most important concepts in installing Cisco Aironet bridges is line-of-sight. In many
instances line-of-sight is not seen to be a problem, particularly for wireless LAN (WLAN)
devices that communicate over short distances. Due to the nature of radio wave propagation,
devices with antenna often communicate successfully from room to room. The density of the
materials used in a building's construction determine the number of walls the RF signal can
pass through and still maintain adequate coverage.
When connecting two points together (such as an Ethernet bridge) the distance, obstructions
and antenna location must be considered. If the antennas can be mounted indoors and the
distance is short, several hundred feet, the standard dipole or magnetic mount 5.2-dBi or Yagi
antenna can be used.
For long distances, 1/2 mile or more, directional high-gain antennas must be used. These
antennas must be as high as possible, and above obstructions such as trees and buildings. If the
directional antennas are used, they must be aligned so their main radiated power lobes are
directed at each other. With a line-of-sight configuration distances of up to 25 miles at 2.4-GHz
can be reached using parabolic dish antennas, provided a clear line of site is maintained.
Cisco Aironet bridges are unlicensed devices and are not designed to penetrate objects such as
mountains, trees, or buildings. The signal will be either absorbed or reflected, and the end result
will be that the bridges will be unable to connect. If there are trees between the bridges, much
of the signal will be absorbed.
Wireless Bridges
3-67
Longer Distances
Line-of-sight disappears at 6 miles
(9.7 km) because of the curvature of the earth.
CWLF v1.0m3-14
For a typical 6-foot (183 cm) person, the horizon appears at about 6 miles (9.7 km). Its
disappearance is determined by the height of the observer. If you have two 10-foot (305-cm)
structures, the top of one will have a line-of-sight to the other at about 16 miles (26 km), but it
will have minimum clearance at the horizon point.
3-68
Antenna Alignment
Line-of-sight
CWLF v1.0m3-15
Verify the radio line-of-sight, which was previously discussed.

Some suggestions to help determine the alignment are as follows:
Binoculars or telescope: These aids are needed for the more distant links.
Global Positioning System (GPS): Use GPS for very distant installations. This helps the
installer to aim the antennas in the correct direction. A compass is also a helpful if the GPS
is set up to read magnetic bearings.
Wireless Bridges
3-69
Fresnel Zone
Fresnel Zone
d1
d2
CWLF v1.0m3-16
The amount of clearance required for obstacles is expressed in terms of Fresnel zones. Fresnel
zones consist of series of concentric ellipsoid surfaces that surround the straight-line path
between the transmitter and receiver. The first Fresnel zone is defined as the surface containing
every point for which the distance from the transmitter to any reflection point on the surface
and then on the receiver is one half-wavelength longer than the direct signal path. As radio
signals travel through free space to their intended target, they may encounter an obstruction in
the Fresnel area, degrading the signal. Best performance and range is attained when there is no
obstruction of this Fresnel area. Fresnel zone, free space loss, antenna gain, cable loss, data
rate, link distance, transmitter power, receiver sensitivity, and other variables play a role in
determining how far your bridge link goes. As shown in the figure, the Fresnel zone radius is
greatest at mid-path, thus the required obstacle clearance is greatest at this point. The minimum
acceptable clearance is .6 of the first Fresnel zone. Because of the shape of the first Fresnel
zone, what appears to be a clear line-of-sight path may not be. As shown in the figure, d1 is the
distance from transmitter to refection point in miles, and d2 is the distance from reflection point
to receiver in miles.
3-70
Fresnel Zone (Cont.)
1st Fresnel Zone
Mid Path
Normal path design specifications require 60% of the first

Fresnel zone clearance
0.60 F1= 43.3 x SQR (distance/4x Frequency in GHz)
CWLF v1.0m3-17
The figure illustrates the Fresnel zone between two antennas. As long as 60 percent of the first
Fresnel (F1) zone is clear of obstructions, the link behaves essentially the same as a clear freespace path.
Wireless Bridges
3-71
Improving Fresnel Effect 2.4 GHz Band

To improve the Fresnel effect:
Total Path Length

(Miles)
Clearance radius around signal path

(feet)
Raise the antenna
30
Build new structure
37
44
10
50
12
54
15
69
Add to existing structure

Different mounting point
Remove trees
CWLF v1.0m3-18
There are a variety of things that you can do to keep the Fresnel zone clear, including the
following:
3-72
Raise the antenna mounting point on the existing structure
Build a new structure, such as a radio tower, tall enough to mount the antenna
Increase the height of an existing tower
Locate a different mounting point for the antenna
Cut down problem trees
Find an alternate antenna location to get around the obstruction
Improving Fresnel Effect 5 GHz Band

To improve the Fresnel effect:
Raise the antenna
5 GHz Fresnel Table

Total Path Length (Miles)
60 % of First Fresnel zone radius

(feet)
28
34
Different mounting point
39
Remove trees
10
44
12
48
15
54
Build new structure

Add to existing structure
CWLF v1.0m3-19
There are a variety of things that you can do to keep the Fresnel zone clear, including the
following:
Raise the antenna mounting point on the existing structure
Build a new structure, such as a radio tower, tall enough to mount the antenna
Increase the height of an existing tower
Locate a different mounting point for the antenna
Cut down problem trees
Find an alternate antenna location to get around the obstruction
Wireless Bridges
3-73
Fresnel Zone and Earth Bulge
H = H1 + H2
Height = D /8 + 43.3D/4F
H1 = 43.3 D/4F
43.3D/4F 60% first Fresnel Zone
H2=D /6 Earth bulge at midpath
D = Distance between antennas
H1 = Added antenna height for 60% Fresnel zone clearance in feet

H2= Added antenna height for earth bulge clearance in feet
Where D is the path length in miles
and
F is the frequency in GHz
CWLF v1.0m3-20
This figure illustrates 2.4-GHz bridging. The same concept applies to 5-GHz bridging
solutions. To determine the antenna mounting height, take the mid-path Fresnel zone width (at
60 percent) for 2.4-GHz and add it to the curvature of the earth. Sixty percent unobstructed
Fresnel zone clearance is the commonly accepted coverage for RF link design. To get these
measurements, refer to the Fresnel calculation table.
The Cisco Aironet Outdoor Bridge Range Calculation Utility which can be found at
http://www.cisco.com/warp/public/102/wlan/faq-hardware-us-calc.html. Click the link for the
Outdoor Bridge Calculation Utility. The Outdoor Bridge Calculation Utility can be used for the
following calculations:
Antenna height
Fresnel zone consideration
A line-of-sight link over 25 miles (40 km) is hard to implement.
3-74
Site Survey
Before installing multiple bridges, perform a site
survey to determine optimum location of bridges.
Range is affected by:
Data rate: Sensitivity and range are inversely proportional to
data rate.
Fresnel zone clearance: Provide the Fresnel zone clearance
for the radio signal.
Antenna type and placement: The higher the gain of the
antenna, the greater the range. Height of antenna should be
sufficient to clear Fresnel zone and earth bulge.
CWLF v1.0m3-21
It is recommended that you perform a radio site survey before to installing the equipment. A
site survey reveals problems such as interference, Fresnel zone, or logistics problems. A proper
site survey involves temporarily setting up a bridge link and taking measurements to determine
if your antenna calculations are accurate. Determine the correct location and antenna before
drilling holes, routing cables, and mounting equipment.
Range is affected by the following factors:
Data rate: Sensitivity and range are inversely proportional to date rate.
Fresnel zone clearance: You must provide the Fresnel zone clearance for the radio signal.
Antenna type and placement: The higher the gain of the antenna, the greater the range.
The height of the antenna should be sufficient to clear the Fresnel zone and earth bulge.
Wireless Bridges
3-75
Antenna Considerations
This topic describes potential issues with antennas with or without downtilt and
omnidirectional antennas.
Antenna Issues
Antennas have gain

in particular directions.
Direction, other than
the main intended
radiation pattern, is
typically related to
the main lobe gain.
CWLF v1.0m3-22
An antenna may have a gain of 2l-dBi, a front-to-back ratio of 20-dB, or a front-to-side ratio of
15-dB. This means that the gain in the backward direction is 1-dBi and the gain off the side is
6-dBi.
This measurement needs to be taken into account when locating systems on the same channel.
There must be sufficient separation of the antennas to ensure that the two will not interfere with
each other.
3-76
Antenna Issues (Cont.)

High-gain omnidirectional
Directional
antenna
No downtilt
CWLF v1.0m3-23
A common mistake is to use a high-gain omnidirectional antenna to try to cover a large area
from a high point. Unfortunately, a high-gain omnidirectional antenna may not have any
downtilt.
As shown in the figure, this configuration can result in all of the RF energy being propagated
above the desired target, in this case the directional antenna.
This situation is often complicated further if you use a directional antenna to establish a link
with the high-gain omnidirectional antenna. The directional antenna is capable of sending RF
traffic to the high-gain omnidirectional antenna, but responses cannot be returned to the
directional antenna. The result is what appears to be one-way communication.
Wireless Bridges
3-77

Omnidirectional antennas provide 3600 coverage
Accept interference from all directions
CWLF v1.0m3-24
Typically, the center antenna is the antenna attached to the root ON device. When deciding
which antenna to use as the center antenna, remember that antennas provide coverage in certain
directions but also receive interference in those directions. This is a much larger issue with an
outdoor bridge link because there are many sources of interference than cannot be removed.
More control over interference is afforded in an in-building WLAN installation, where the
customer can remove or limit the amount of interference.
Because the bridges are Federal Communications Commission (FCC) Part 15 products, they
must receive all traffic. They cannot block any traffic. Traffic that is not meant for the bridge is
discarded but can slow down the bridge.
Often omnidirectional antennas are chosen for a center site in a point-to-multipoint installation.
If 360 degrees coverage is not needed, a more directional antenna (such as a patch antenna)
may be a better choice. First, determine the maximum beamwidth the antenna needs to produce
a coverage cell that contains all the other devices. An antenna should then be chosen that would
match this beamwidth as closely as possible. This practice minimizes the amount of
interference received and maximizes bridge performance.
Remember that even directional antennas have some back and side lobes that will be
susceptible to interference as well.
3-78
200 ft./61 m
8.50 downtilt
14.50
700 ft./213 m
8 miles/13 km
CWLF v1.0m3-25
Antennas have both a horizontal and vertical beamwidths. Some antennas have what is called
downtilt, meaning that the beamwidths are manipulated to provide more coverage below the
antenna than above the antenna. This feature can be particularly important in an outdoor
installation.
Even though the antenna shown in the diagram provides some downtilt, there will still
potentially be a dead spot with no coverage below the tower. The higher the antenna is
mounted, the larger this dead spot becomes.
Wireless Bridges
3-79
Common Deployment Questions

This topic identifies common installation questions for a bridge link.
Common Questions
Bridge link using a splitter?
Bridge link using a repeater?
Bridge link using back-to-back bridges?
CWLF v1.0m3-26
The figure lists some of the most common questions about obtaining more coverage distance.
The answers require a short explanation of the advantages or drawbacks of each.
3-80
Using Two Directional Antennas and

a Splitter
If I can go 25 miles (40 km) like this...
How far can I go using a bridge with two antennas and a splitter?
CWLF v1.0m3-27
The use of splitters usually adds a loss of about 4-dB (for a good-quality splitter) to the system.
This loss is seen at both antennas (each antenna suffers a 4-dB loss). At 2.4-GHz, this loss
reduces the gain of a dish from 21- to 17-dBi, providing some distance advantage, but not twice
the amount. When you reduce the gain on one antenna to 17-dBi, the distance drops from 20.5
miles, or 33 km (at 11 Mbps), to approximately 13 miles, or 21 km.
A second drawback is that the throughput is reduced by approximately 50 percent because the
repeater must receive, buffer, and transmit the data on the same channel.
Wireless Bridges
3-81
Extending the Range Using a Repeater

If I can go 25 miles (40 km) like this...
How far can I go using a repeater with an omnidirectional antenna?
CWLF v1.0m3-28
A repeater can be added to extend the range of a bridge, but not double it. A repeater needs to
receive and transmit in more than one direction. Therefore, a yagi or dish antenna typically
cannot be used. In such a situation, you would employ an omnidirectional or semi-directional
(panel or patch) antenna. These tend to be less effective than a link using two directional
antennas.
Using the high-gain omnidirectional antenna (as shown in the figure) results in a link of just
over 7 miles (11 km).
Throughput is reduced by approximately 50 percent because the repeater must receive, buffer,
and transmit the data.
3-82
Alternative Method of Increasing Distance
Channel 1
Channel 11
CWLF v1.0m3-29
A better way to increase distance is through the use of a linked repeater site. This site consists
of two bridges and two antennas, operating on two different channels and with two system set
identifiers (SSIDs). This configuration allows both sides to the link to operate simultaneously at
full gain and full throughput.
The drawback to this example is that it requires one extra bridge and antenna, and it results in a
loss in throughput of about 15 percent because of Ethernet latency.
Wireless Bridges
3-83
Lesson Self-Check
Q1)
How much loss is their in dB from end to end on a 100 foot run of LMR-400 cable?
(Choose one.) (Source: Installation Considerations)
A)
B)
C)
D)
Q2)
What must be considered when determining the distance of a radio path? (Choose
two.) (Source: Distance and Path Loss Considerations)
A)
B)
C)
D)
Weather
Antenna Gain
Transmit Power
Wind Speed
Q3)
Using the Cisco Outdoor Bridge Range Calculation Utility, what is the fade margin in
dB for 2.4-GHz? (Source: Bridge Distance Calculations)
____________________________________________________________________
Q4)
The Fresnel zone is widest at ____________. (Source: Outdoor Path Considerations)
Q5)
High-gain omnidirectional antennas do what? (Choose two.) (Source: Antenna

Considerations)
A)
B)
C)
D)
Q6)
Invite more interference into the system

Cost less and are more effective
Have a very narrow beam horizontally
Must be mounted on towers a 100 feet or higher
Using a splitter on a bridge to extend the distance is the best option. (Source:
Common Deployment Questions)
A)
B)
3-84
4.4 dB
6.7 dB
5.2 dB
7.6 dB
True
False

Q1)
Q2)
B, C
Q3)
10 dB
Q4)
Mid Point
Q5)
A, C
Q6)
False
Wireless Bridges
3-85
Summary
Summary
We learned that a greater operating range results in a higher supported data
rate and results in a more reliable link at a given data rate.
Antenna gain, transmitter power, receiver performance, cable losses, and
environmental structures should be considered when determining the best
coverage performance.
Using the Outdoor Bridge Range Calculation Utility enables you to get an
idea how far the bridge link can go, and how to select the various antennas
and data rates.
There are several items that should be considered when you are determining
a path between two antennas, and line-of-sight is generally required.
Fresnel zones consist of series of concentric ellipsoid surfaces that
surround the straight-line path between the transmitter and receiver.
We discussed several issues that must be considered when installing
wireless bridges.
We discussed the use of high-gain omnidirectional and directional antennas,
downtilt and dead spots.
We discussed some common deployment questions for a bridge link.
CWLF v1.0m3-31
We learned that a greater operating range results in a higher supported data rate and results in a
more reliable link at a given data rate. Antenna gain, transmitter power, receiver performance,
cable losses, and environmental structures should be considered when determining the best
coverage performance. Using the Outdoor Bridge Range Calculation Utility enables you to get
an idea how far the bridge link can go, and how to select the various antennas and data rates.
There are several items that should be considered when you are determining a path between
two antennas, and line-of-sight is generally required. Fresnel zones consist of series of
concentric ellipsoid surfaces that surround the straight-line path between the transmitter and
receiver. We discussed several issues that must be considered when installing wireless bridges.
We discussed the use of high-gain omnidirectional and directional antennas, downtilt and dead
spots. We discussed some common deployment questions for a bridge link.
3-86
Module Summary
Module Summary
Cisco Aironet 1300 Series provides wireless connectivity
between multiple fixed or mobile networks and clients where
as the 1400 series wireless bridge is designed for building-tobuilding wireless connectivity.
There are different radio roles and how the radio role in the
network effects the access point or bridge capabilities.
We describe the 2.4- and 5.8-GHz radio performances,
interference, installation guidelines, outdoor path and
antenna considerations, and common deployment questions.
CWLF v1.0m3-1
Cisco Aironet 1300 Series provides wireless connectivity between multiple fixed or mobile
networks and clients where as the 1400 series wireless bridge is designed for building-tobuilding wireless connectivity. There are different radio roles and how the radio role in the
network effects the access point or bridge capabilities. We describe the 2.4- and 5.8-GHz radio
performances, interference, installation guidelines, outdoor path and antenna considerations,
and common deployment questions.
Wireless Bridges
3-87
3-88
Module 4
Aironet Desktop Utility

Overview
This module explores the Aironet Desktop Utility available for the Cisco Aironet products.
Module Objectives
Upon completing this module, you will be able to configure a Cisco client card with Cisco
utilities. This ability includes being able to meet these objectives:
Identify operating systems and configuration utilities for the Cisco 802.11a/b/g client cards
Use Aironet Desktop Utility, to configure the profile, and test RF links
4-2
Lesson 1
Describing Configuration
Utilities
Overview
This lesson will review supported operating systems, software and driver downloads. This
lesson will also cover the LED functions of the client cards and available administrative tools
and utilities.
Objectives
Upon completing this lesson, you will be able to identify operating systems and configuration
utilities for the Cisco 802.11a/b/g client cards. This ability includes being able to meet these
objectives:
Describe how to access the web site to download configuration utilities
Describe the operating systems and the various configuration utilities that support the Cisco
802.11a/b/g client cards
Identify the status LEDs for the 802.11a/b/g CardBus and PCI cards
Describe the use of ACAU to create profiles and install Aironet Desktop Utility (ADU)
across the network
Software Download
This topic describes how to access the web site to download configuration utilities.
Cisco.com Software Download Location

All drivers,
firmware, and
utilities can be
downloaded
from Cisco.com
All features are
based on code:
IEEE 802.11a/b/g:
2.6 and later
CWLF v1.0m4-2
All of the available drivers, utilities, and firmware can be downloaded from the web at
Cisco.com. From the main page (http://www.cisco.com), select Direct Access, Downloads
dropdown box. Select the Wireless Software link on the page that is displayed. The latest
updates to all Cisco Aironet firmware and software are available via this link. This link requires
Login and/or a service contract.
4-4
Supported Operating Systems

This topic describes the operating systems and the various configuration utilities that support
the Cisco 802.11a/b/g client cards.
Supported Operating Systems (Cont.)

Windows 2000
Windows XP
Binds to all protocol stacks within Windows
For AIR-CB21AG and AIR-PI21AG only
CWLF v1.0m4-3
The driver disk includes drivers for all Windows 2000 and Windows XP versions.
The Cisco Aironet 802.11a/b/g Wireless LAN Client Adapters (CB21AG and PI21AG) support
IEEE 802.11a, IEEE 802.11b, and IEEE 802.11g (2.4 GHz and 5 GHz).
The wizard install tool is WinClient-802.11a-b-g-Ins-Wizard-v26.exe. Check for later versions
of this software.
4-5
PC Card LEDs
This topic identifies the status LEDs for the 802.11a/b/g CardBus and PCI cards.
Cisco Aironet IEEE 802.11a/b/g Wireless

LAN Client Adapters (CardBus and PCI)
LED scheme
Looking for network: Alternate blinking
Joined to network: Simultaneous blinking
Supports 802.11a/b/g
CWLF v1.0m4-4
The following describes the appearance of LED 0 and LED 1 for the CardBus and PCI cards:
4-6
Power save mode: Slow blink, off
Awake from power save mode: On, off (can be used to indicate power is appliedthe
hardware automatically enters this state after exiting from power save mode before any
other activity)
Looking for network association: Alternate blink between LED 1 and LED 0
Associated or joined with network, no activity: Slow simultaneous blink
Associated or joined with network, activity: Fast simultaneous blink (blink rate increases
with activity)
Off or PCI/CardBus slot disabled: Off, off
Aironet Client Administrator Utility

This topic describes the use of ACAU to create profiles and install Aironet Desktop Utility
(ADU) across the network.
Aironet Configuration Administration Utility
CWLF v1.0m4-5
The Cisco ACAU enables an administrator to install the Aironet Desktop Utility (ADU) across
a network, eliminating the need to install and configure the ADU on each wireless client. The
auto installer runs in a silent batch mode and installs and configures the ADU (thereby
configuring the Cisco Aironet client adapter) on a computer running the Windows operating
system.
The auto installer allows the administrator to selectively install and configure the following
parameters:
The drive and directory where the ADU will be stored on the computer
The folder where the ADU will be installed on the computer
The drive and directory where client card firmware and drivers will be stored on the
computer
Profiles that will be loaded on the computer
Each profile allows the administrator to selectively configure the following parameters on the
ADU:
Radio settings
Wireless network settings
Network security settings: SSID, WEP keys, and network security
4-7
The auto installer can also be used with its own encryption utility to encrypt the files before
they are sent across the network to ensure that network security is not compromised while you
are performing auto installs.
4-8
Aironet Configuration Administration Utility

(Cont.)
Easy binary
configurations
for security and
utility
CWLF v1.0m4-6
The ACAU utility allows administrators control over provisioning profiles for wireless
802.11a/b/g and the ability to push those configurations across the network without physically
touching the Cisco 802.11a/b/g client.
4-9
Installation Wizard
Requires a forced reboot at the completion of the
install (prompts in beginning as warning)
Protection to ensure that machine is left in stable state
Shows multiple status screens

Drivers, ADU, firmware, LEAP, and so on
Card must be inserted in beginning of setup and

must be identified by computer as new hardware
(if not identified as new hardware, reboot laptop)
CWLF v1.0m4-7
Installation requires a reboot at completion. This forced reboot can be suppressed by

administrators who are installing other applications simultaneously; however, a reboot is
strongly recommended at the end of the installations, and additional testing is also
recommended.
If a card is not inserted during initial installation, drivers will be loaded as well as utilities.
Once a card has been inserted, the rest of the installation takes place automatically.
4-10
Lesson Self-Check
Q1)
What operating systems are supported for CB21AG utilities (GUI)? (Choose two.)
(Source: Supported Operating Systems)
A)
B)
C)
D)
Q2)
Windows 98
Linux
Windows 2000
Windows XP
Where can you get Cisco Wireless software and drivers? (Source: Software
Downloads)
A)
B)
C)
D)
Cisco.com Industries
Cisco.com Products and Support
Cisco .com Direct Access Wireless Software
Cisco TAC
Q3)
Slow simultaneous blinking LEDSs indicate that the client card is associated to the
network. True or False (Source: PC Card LEDs)
Q4)
The Aironet Configuration Administration Utility is used with what client cards?
(Source: Aironet Configuration Administration Utility)
4-11
4-12
Q1)
C and D
Q2)
Q3)
True
Q4)
CB21AG and AIR-PI21AG
Summary
Summary
We described how to access Ciscos web site to download
configuration utilities.
We described the operating systems and the various
configuration utilities that support the Cisco 802.11a/b/g
client cards.
We discussed the different modes of operation identified by
the status LEDs for the 802.11a/b/g CardBus and PCI cards.
The Cisco ACAU enables an administrator to install the ADU
across a network, eliminating the need to install and
configure the ADU on each wireless client.
CWLF v1.0m4-9
We described how to access Ciscos web site to download configuration utilities. We described
the operating systems and the various configuration utilities that support the Cisco 802.11a/b/g
client cards. We discussed the different modes of operation identified by the status LEDs for
the 802.11a/b/g CardBus and PCI cards. The Cisco ACAU enables an administrator to install
the ADU across a network, eliminating the need to install and configure the ADU on each
wireless client.
4-13
4-14
Lesson 2
Installing and Configuring

Overview
This lesson gives instruction on how to install and configure Aironet Desktop Utility and the
Site Survey Utility. Aironet Desktop Utility is the graphical user interface for the Cisco Aironet
802.11a/b/g wireless adapter.
Objectives
Upon completing this lesson, you will be able to use Aironet Desktop Utility to, configure the
profile, and test RF links. This ability includes being able to meet these objectives:
Describe the procedures to install the ADU
View the ADU current status page
Describe the procedures to configure and manage profiles
View the screens for the status, statistics, link test, site survey and link status tools and
troubleshooting utility
Install the Aironet Desktop Utility

This topic describes the procedures to install the Aironet Desktop Utility (ADU).
Aironet Desktop Utility Install
Simple Windows
based
installation
program
CWLF v1.0m4-2
Aironet Desktop Utility Install (Cont.)
Multiple options for

installation
CWLF v1.0m4-3
You have 3 options, they are, install client utilities and driver, install driver only and make disk
installation diskettes.
4-16
Site Survey Utility for IEEE 802.11a/b/g

Adapters
CWLF v1.0m4-4
A new Cisco Aironet Site Survey Utility is available with ADU release 2.0.X.
To install the new Cisco Aironet Site Survey Utility ensure the check box is enabled.
4-17
Use ADU for all Features to be Supported
CWLF v1.0m4-5
On Windows XP, you can configure your Cisco Aironet Wireless LAN Client Adapter through
the Cisco ADU or a third-party tool, such as the Microsoft Wireless Configuration Manager.
Because third-party tools may not provide all of the functionality available in ADU, Cisco
recommends that you use ADU. (Please note that a patch from Microsoft might be required to
use the Microsoft tool with Wi-Fi Protected Access [WPA] security.)
On the next screen, select whether you want to use ADU or a third-party tool to configure you
client adapter.
Note
4-18
If you select a third-party tool, some of the ADU features will not be available. To activate
those features you must re-install ADU.
Choose Configuration Tool
CWLF v1.0m4-6
By enabling the third-party tool, you allow the client card to be controlled by another service
like Windows XP Wireless Zero Config.
4-19
Current Status Page

This topic views the ADU current status page.
Aironet Desktop Utility Main Screen
Shows client
IP address
CWLF v1.0m4-7
ADU works only with the PC-CardBus card (AIR-CB21AG) and PCI card (AIR-PI21AG).
4-20
Advanced Information
CWLF v1.0m4-8
The ADU main page does not list information about associated access points; however,
selecting the Advanced button displays the Advanced Status tab, which does provide that
information.
Current signal strength and noise level can be shown in either dBm or mW. You can change
this setting from the Options menu.
4-21
ADU Profile Manager

This topic describes the procedures to configure and manage profiles.
Aironet Desktop Utility: Main Profile Screen

Multiple profiles
Auto profile selection
Can scan for open
and public SSIDs
CWLF v1.0m4-9
The Profile Management tab offers the following features:
4-22
Create up to 16 profiles, and each profile can be imported or exported.
Set auto profile selection and weight the profiles according to your preferences.
You can scan, allowing the card to give a list of all open service set identifiers (SSID), and
allow users to directly connect to one.
Aironet Desktop Utility: Create New Profile

Ability to modify
each profile
16 Profiles can be
created
CWLF v1.0m4-10
ADU Profile Manager allows you to add new profiles or modify existing profiles.
Aironet Desktop Utility: Security Profile

Wi-Fi Protected
Access (WPA) and
WPA2 support
Advanced Encryptions
Standard (AES) and
Extensible
Authentication
Protocol-Flexible
Authentication via
Secure Tunneling
(EAP-FAST) supported
CWLF v1.0m4-11
The security profile allows for all types of security. WPA and Wi-Fi Protected Access 2
(WPA2) are supported as of version 2.0.X.
4-23
Aironet Desktop Utility: Advanced Settings
Selectively choose
wireless modes
to decrease
association time
CWLF v1.0m4-12
Disallowing different wireless modes that are known to not be available for a profile increases
connection speed.
The maximum transmit power for IEEE 802.11a is 40 mW; for IEEE 802.11b/g, it is 100 mW.
4-24
ADU Tools
This topic views the screens for the status, statistics, link test, site survey and link status tools
and troubleshooting utility.
Advanced Statistics
Used
predominately
during
troubleshooting
CWLF v1.0m4-13
The advanced statistics screen is predominately used for troubleshooting. Transmit and receive
statistics as well as encryption errors are shown.
4-25
Adapter Information/Version Information
Code version
CWLF v1.0m4-14
The Adapter Information screen is the best place to check the driver version. All changes are
made with the driver.
4-26
Cisco Aironet Site Survey Utility
CWLF v1.0m4-15
The Associated AP Status tab includes the following information:
Adapter Information: Identifies the selected network adapter and the current association
status. The association status options are Associated, Not Associated, and Device Not
Present.
Access Point: Identifies the name, IP address, and MAC address of the access point.
Channel: Identifies the channel number and frequency.
Signal Strength: Determines how strong the signal is for all received packets. The higher
the value and the more green the bar graph is, the stronger the signal. The trend graph
provides a visual interpretation of the current signal strength. Differences in signal strength
are indicated by the following colors: green (strongest), yellow (middle of the range), and
red (weakest).
Signal Quality: Determines how clear the signal is for all received packets. The higher the
value and the more green the bar graph is, the clearer the signal. The trend graph provides a
visual interpretation of the current signal quality. Differences in signal quality are indicated
by the following colors: green (highest quality), yellow (average), and red (lowest quality).
Note
This setting appears only if the Display in percent check box is selected.
Noise Level: The level of background radio frequency energy. The lower the value and the
more green the bar graph is, the less background noise present. The trend graph provides a
visual interpretation of the current level of background noise. Differences in background
noise are indicated by the following colors: green (low noise), yellow (middle of the range),
and red (high noise).
Note
This setting appears only if the Display in percent check box remains unchecked.
4-27
Signal to Noise Ratio: The percentage of beacon packets received versus those expected to
be received. The higher the value and the more green the bar graph is, the clearer the signal.
For example, the access point sends out 10 beacons per second, so you would expect the
client adapter to receive 50 beacon packets in 5 seconds. If it receives only 40 packets, the
percentage of beacons received would be 80 percent.
Note
This setting appears only if the Display in percent check box is checked and the client
adapter does not provide a signal quality value.
Overall Link Quality: The client adapter's ability to communicate with the access point.
Possible Values: Poor, Fair, Good, or Excellent
Note
This setting appears only if the Display in percent check box is checked.
Link Speed: The site survey utility monitors transmitted network traffic, and the link speed
reflects the current transmit rate of data packets. The Link Speed trend graph provides a
visual interpretation of the current rate at which your client adapter is transmitting packets.
Possible Values: 1, 2, 5.5, or 11 Mbps (IEEE 802.11b); 1, 2, 5.5, 6, 9, 11, 12, 18, 24, 36,
48, or 54 Mbps (802.11g); 6, 9, 12, 18, 24, 36, 48, or 54 Mbps (IEEE 802.11a)
Display in percent: The default is to display the fields above in dB or dBm. If you would
rather view the values as a percentage, check the Display in percent check box. The
decibels display unit is recommended for a more precise view. The fields that display on
this screen vary depending on which method of display you choose.
The trend graph provides a graphical representation of activity in the past 10 to 60 seconds. Use
the up and down arrows to select the desired number of seconds.
The Cisco Aironet Site Survey Utility will work with all Cisco Aironet Wireless Adapters.
4-28
Cisco Aironet Site Survey Utility (Cont.)
CWLF v1.0m4-16
The AP Scan List tab includes the following information:
Network Name: The SSID of the access point.
MAC Address: The MAC address of the access point.
RSSI: The RSSI is the received signal strength in dBm.
Data Enc.: Indicates whether the data exchanged with this access point is encrypted. The
possible values are Secure (encrypted) and Open (unencrypted).
Type: Indicates whether the band of the access point radio is 802.11a, 802.11b, or IEEE
802.11g.
Ch. (Freq.): The channel number being used and the frequency of that channel (given in
megahertz).
Possible Values: Dependent on client adapter radio and regulatory domain.
Max Rate: The maximum data rate currently available on this access point.
AP Name: The name of the access point (AP).
Load; The access point load.
CCX: Identifies which version of Cisco Compatible Extensions (CCX) is supported by the
access point. This parameter may be blank if the access point is not broadcasting its CCX
version number.
Other Info.: Some of the columns below may appear depending on what is transmitted by
the access point.
Ad-Hoc: Identifies the device as another client adapter operating in ad hoc mode.
Power: Indicates the presence of the cell power limit information element (IE).
Broadcasting the cell power limit IE allows access points to limit the transmitting power
used by clients.
4-29
QoS: Indicates quality of service (QoS) is enabled. If QoS appears in the Other Info.
column, you can open the AP Detailed Information window to get the QoS configuration.
RM-Normal: Indicates the presence of the radio management (RM) RID IE. A value of 1
means normal. Other values may be displayed as RM-Status (123) for a status value of 123.
RM-Source: Indicates the presence of the radio management extensions and includes the
MAC address of the RM source.
Ssidl: Indicates the presence and number of SSIDL IE and the number of hidden SSIDs
configured on that access point. An SSIDL broadcasts information about lists of hidden
SSIDs on an access point.
Pause List Update: Select Pause List Update to halt the current AP scan list. If you select
the button again, it will resume updating.
View AP Details: Launches the AP Detailed Information window for the currently selected
row of the table.
Log Snapshot: Transfers the current contents of the table into the AP scan list log. The
scan log is a text file named SST_APScanLog.txt. It is located in the same directory as the
main executable (SST.EXE).
Note
4-30
If updating is in a paused state, the old data currently displayed in the log will be added
rather than the latest data available.
Count: Indicates the number of rows currently displayed in the table.
Lesson Self-Check
Q1)
Is a forced reboot is required when installing ADU? (Installing ADU:)

A)
B)
Q2)
True
False
Which of the following is displayed on the current status page? (Current Status page)
A)
B)
C)
D)
Client IP address
AP IP address
SSID
QOS
Q3)
How many profiles can be created in ADU? (Source: ADU Profile Manager)
Q4)
The Cisco Aironet Site Survey Utility works with the Cisco Aironet 802.11a/b/g
Wireless Adapter only. (Source: Site Survey Utility)
A)
B)
True
False
4-31
4-32
Q1)
Q2)
Q3)
16
Q4)
False
Summary
Summary
We discussed the procedures to install the ADU.
The ADU main page shows the client IP address and
selecting the Advanced button displays Advanced
Status about the client.
We describes the procedures to configure and manage
profiles with the ADU.
The advanced statistics screen is predominately used
for troubleshooting and provides transmit and receive
statistics as well as encryption errors.
CWLF v1.0m4-18
We discussed the procedures to install the ADU. The ADU main page shows the client IP
address and selecting the Advanced button displays Advanced Status about the client. We
described the procedures to configure and manage profiles with the ADU. The advanced
statistics screen is predominately used for troubleshooting and provides transmit and receive
statistics as well as encryption errors.
4-33
4-34
Module Summary
Module Summary
In this module we covered where drivers and utilities could
be downloaded from the Cisco web site. What operating
systems were supported and what the different LED status
lights indicated on the wireless cards.
Described the use of Aironet Client Administrator Utility to
install ADU across the network eliminating the need to install
ADU on each wireless client manually.
How Aironet Desktop Utility is installed and how the ADU GUI
is used to configure an Cisco Wireless 802.11a/b/g card.
CWLF v1.0m4-1
In this module we covered where drivers and utilities could be downloaded from the Cisco web
site. What operating systems were supported and what the different LED status lights indicated
on the wireless cards. Described the use of Aironet Client Administrator Utility to install ADU
across the network eliminating the need to install ADU on each wireless client manually. How
Aironet Desktop Utility is installed and how the ADU GUI is used to configure a Cisco
Wireless 802.11a/b/g card.
Aironet Client Utility and Aironet Desktop Utility
4-35
4-36
Module 5
Core Access Point and Bridge

Basic Configuration
Overview
This module explores the concept of using wireless devices to create a Layer 2 bridge.
Module Objectives
Upon completing this module, you will be able to configure the core access point and bridge.
This ability includes being able to meet these objectives:
Describe components needed to implement a Cisco WLAN core product feature set
solution
Perform the initial setup of the Cisco core product autonomous access point hardware
Set up and configure an autonomous access point system
Manage the autonomous access point system
Perform the initial setup and configuration process
5-2
Lesson 1
Describing Cisco Unified

Wireless Network Core
Products
Overview
This lesson describes components needed to implement Ciscos Unified wireless network core
products.
Upon completing this lesson, you will be able to describe components needed to implement
Cisco WLAN core products using autonomous access points. This ability includes being able to
meet these objectives:
Define wireless LAN (WLAN) management concepts
Describe the key concepts of the WLAN core products using autonomous access points
Describe the protocols and components used to implement WLAN core products focusing
on how Cisco WDS can be implemented
Describe WLAN core products features that assist IT professionals with deployment of
Cisco Aironet infrastructure devices, control issues, and address critical WLAN security
Describe security options available when using Cisco WLAN core products including
autonomous access points
Explain the features of fast secure roaming
Introducing WLAN Management

This topic defines wireless LAN (WLAN) management concepts.
Wireless LAN Challenges

The lack of effective management has inhibited the
growth of large-scale wireless networks because of:
The challenge of configuring hundreds or thousands of
access points
Security risks opened up by misconfigurations
Lack of sufficient tools for troubleshooting, performance
analysis, and capacity planning
CWLF v1.0m5-2
A worldwide revolution is occurring in business. Wi-Fi enabled notebook computers are

proliferating and driving the adoption of enterprise WLANs. Unlike past technology
advancements that were driven by technology professionals, the explosion of enterprise
WLANs is being driven by mobile users, traveling executives, wireless applications, and
advanced services such as voice over IP (VoIP) over Wi-Fi. The acceleration of enterprise
adoption of WLAN technology is radically transforming business operations, the network edge,
data centers, and centralized IT control.
Today's business climate requires anywhere, anytime connectivity. Mobility changes the way
organizations do business. Real-time interaction, instant messaging, text paging, voice services,
network access while traveling, and real-time network access in the office are transforming the
business environment. In an increasingly competitive business environment, companies need
fast responses and want immediate results.
WLANs are now business-critical. End users are embracing the freedom and flexibility of
wireless connectivity, and business executives are recognizing the competitive advantage of
business-critical mobile applications. Organizations are deploying WLANs to increase
employee productivity, enhance collaboration, and improve responsiveness to customers.
The increasing need for anytime connectivity is creating new challenges for today's networking
professionals, who must respond to the growing demand for WLANs in an era of tight budgets
and reduced resources. These networking professionals are discovering that in the absence of a
corporate sanctioned wireless network, employees are deploying their own unauthorized access
points that put the entire network at risk.
5-4
Network managers need to protect their networks and deliver secure WLAN access for their
organizations. They need a wireless infrastructure that embraces the unique attributes of radio
frequency (RF) technology and effectively supports today's business applications. They need to
keep their wired network secure while laying a foundation for the smooth integration of new
applications that embrace wireless technology. Network managers need a WLAN solution that
takes full advantage of existing tools, knowledge, and network resources to cost-effectively
address critical WLAN security, deployment, and control issues.
Core Access Point and Bridge Basic Configuration
5-5
International Standards Organization

FCAPS Model
Detect, log, notify, and fix network

anomalies
Fault
Monitor, network and system configuration

information, execute and track configuration
changes (centrally), manage software/firmware
Configuration
Measure network utilization to regulate and

manage network resources, ensure fairness,
develop policies, billing
Accounting
Measure, track network performance to

maintain acceptable service level
Control access to network resources,
protect network and data from compromise
Performance
Security
CWLF v1.0m5-3
The Fault, Configuration, Accounting, Performance, and Security (FCAPS) model is an

International Standards Organization (ISO) model for network management designed to
logically separate management tasks.
The goal of the fault management element of the model is to detect, log, notify users of, and (to
the extent possible) automatically fix network problems. This element is probably the most
widely implemented of the ISO network management elements.
The fault management process consists of the following:
Determine symptoms, isolate problems
Fix and test
Detection and resolution
Detection: Determine symptoms, isolate problems
Resolution: Fix and test
The goal of the configuration management element is to monitor network and system
configuration information and execute and track configuration changes centrally.
The goal of the accounting management element is to measure network utilization parameters
so that individual or group users on the network can be regulated appropriately. (Proactive
managing of network resources ensures that resources are apportioned based on resource
capacity, which provides fairness to all users.)
The accounting management process is as follows:
5-6
Gather interesting data to measure utilization.
Analyze results
Develop policies (can translate into billing).
The goal of the performance management element of the ISO model is to measure and make
available various aspects of network performance so that internetwork performance can be
maintained at an acceptable level.
Critical information for the performance management element includes the following:
Network throughput
User response times
Line utilization
The process involved in performance management is as follows:
Gather interesting performance data.
Analyze to establish normal baseline levels.
Create performance thresholds.
The goal of the security management element is to control access to network resources
according to local guidelines to protect the network and protect sensitive information from
being compromised.
A subsystem might monitor users and refuse access to unauthorized users. Subsystems can
perform the following tasks to manage security:
Identify sensitive network resources.
Determine mappings between sensitive network resources and user sets.
Monitor access points to sensitive network resources and log inappropriate access.
Large numbers of access points present significant management challenges. Among them are the
following:
Fault monitoring: A large amount of data must be gathered from many sources and.
processed into usable form. Although they are similar to wired networks in some respects,
WLANs are sufficiently different to warrant a domain-specific application.
Configuration: Changing just one parameter on multiple access points or rotating Wired
Equivalent Privacy (WEP) keys can be challenging.
Accounting: Again, there are a large number of data sources and it is necessary to gather
meaningful data. You need to determine whether the end user experience is satisfactory.
Performance: You need to ensure adequate throughput and utilization from many access
points and to determine which are performing adequately and which are not.
Security: AAA services are provided by asynchronous communication server and

committed access rate (CAR). Security is a major concern in the WLAN space. Access
points can be vulnerable points of entry into your network if they are misconfigured.
5-7
Service
Management
Examples of network manager functions:

Complete network view
Monitoring link/port utilization
Performance optimization
Fault detection/correlation
Examples of element manager functions:

Detection of equipment errors
Measuring power consumption
Measuring resource utilization
Logging of statistical data
Firmware management
Network and
System
Elements
Examples of service manager functions:

QoS management
and so on)
Accounting
Additional/removal of users
Addressing management
Network/
Systems
Management
Management for entire enterprise

with broad scope:
Communications management
Strategic and tactical management
Organizational goal setting
Element
Management
Business
Business
Management
Management
Telecommunications Management Network

Architecture
CWLF v1.0m5-4
There are different levels of management within the Telecommunications Management

Network (TMN) architecture:
Network and system elements
Element management,
Network system management,
Services management
Business management
The management solution and components addressed in this topic are part of the base layer
network and system elements (autonomous access points, clients, and other network
infrastructure), and the next layer up in the model, element management (Cisco Wireless LAN
Solution Engine (WLSE), with some mention of devices in the other levels.
5-8
WLAN Core Products Overview

This topic describes the key concepts of the WLAN core products using autonomous access
points.
Cisco Unified Wireless Network Core

Product Solution
WDS
Wireless Network Manager (WNM)
CiscoWorks WLSE
Infrastructure Access Points

(Registered with WDS)
(WDS)
WDS is a software
component that can reside
on either an access point,
switch or router
Infrastructure Access Points

(Registered with WDS)
Cisco or Cisco Compatible Clients (Version 2.0)

CWLF v1.0m5-5
Current WLAN solutions focus on providing basic radio connectivity. However, current
solutions lack radio and spatial awareness to effectively manage interference and bandwidth.
These solutions also lack network service integration to elegantly handle mobility, security,
quality of service (QoS), and management services. To create workable designs, current
solutions require that the IT team possess significant understanding of radio technology.
The Cisco WLAN core products address centralized management capabilities to enhance the
following:
Security
Reliability of connections
Bandwidth availability to users
Standards support and interoperability
Management of large-scale networks without extensive IT investment in ongoing support
In addition, the WLAN core products add to Cisco end-to-end networking strengths by
seamlessly combining the WLAN with Cisco switches and network management. The Cisco
WLAN core products also comprehensively satisfy scalability, management, and overall costof-ownership requirements.
The CiscoWorks WLSE is the Wireless Network Manager (WNM) component of the Cisco
WLAN core products. WMN manages the devices on your wireless LAN.
5-9
Wireless Domain Services (WDS) consists of additional Cisco IOS code added to the Cisco
Aironet autonomous access points and Integrated Service Routers (ISR). If an access point is
used for WDS, one access point must have WDS enabled per subnet.
WDS coupled with CiscoWorks WLSE, Cisco Secure Access Control Server (ACS) version 3.2
or higher for RADIUS, and infrastructure switches and routers provides the secure fast roaming
capabilities now required by enterprise networks.
5-10
Components and Protocols

This topic describes the protocols and components used to implement WLAN core products
focusing on how Cisco WDS can be implemented.
Components and Protocols for Radio

Management
Products
Layers
Management and Security Layer
Intelligent Radio and Network
Management, AAA Services
Network Management
Device
ACS
CiscoWorks Wireless LAN Solution

Engine (WLSE), CiscoWorks WLSE
Express, and Cisco Secure Access
Control Server (or equivalent)
WLCCP
WDS Layer WLAN Client Context
tracking, Fast Secure Roaming, Radio
Management Data Aggregation
Integrated Service Router,

Cisco Aironet 1100, 1130, 1200 & 1240
Series Access Points
or
ISR
Access
Point
WLCCP
Infrastructure Access Point Layer
WLAN Client Access, Radio Downlink
Encryption, RF Management Data
Collection and RF Monitoring
Cisco Aironet 1100, 1130, 1200 or 1240

Series Access Points
Access Point
WLCCP
Client Layer WLAN Clients, RM
Data Collection, RF Monitoring
Cisco Aironet CB21ABG and

Cisco Compatible Extensions
Clients
PC
Tablet
CWLF v1.0m5-6
The WLAN core products framework addresses two key WLAN management and operational
issues: fast secure WLAN client layer 2 roaming and radio management. Fast secure roaming
allows WLAN clients to move association from one access point to another with little or no
service disruption. The WLAN core products radio management characterizes the radio
transmission environment and responds to the conditions of the environment.
The WLAN core products framework can be visualized as a layered model with the following
four layers:
Management and security layer
WDS layer
Infrastructure access point layer
Wireless client layer
The management and security layer processes radio management (RM) data from the lower
layers, as well as controls and manages the radio coverage environment. This data also secures
the radio coverage environment by detecting rogue access points and wireless clients.
Authentication, authorization, and accounting (AAA) services are also placed in the
management and security layer.
The required management layer component is the CiscoWorks WLSE and an IEEE 802.1X
authentication server such as a Cisco Secure ACS. Other products with functionality equivalent
to the Cisco Secure ACS may be used with the WLAN core products.
5-11
The WDS layer provides the following critical services:
WLAN client context awareness
Fast secure layer 2 roaming
Aggregation of radio management data from the infrastructure devices and client layer
WDS is implemented in supporting versions of Cisco IOS for the Cisco Aironet 1100, 1130AG,
1200, 1230AG and 1240AG Series access points and Cisco 2600, 2800, 3700, and 3800 Series
Integrated Service Routers. The solution design dictates whether to use the WDS access points
or routers.
The access point devices layer facilitates WLAN client access to the wired-network, radio
downlink encryption, and radio management data collection, including on-going radio
monitoring.
The client layer includes all wireless clients. Advanced WLAN core products framework
features take advantage of client-side capabilities to allow for radio measurement collection
from the WLAN clients and fast secure roaming.
The WLAN core products framework introduces Wireless LAN Context Control Protocol
(WLCCP) to facilitate control messaging between the framework components. The figure
illustrates the conceptual model of the WLAN core products framework, including the WLCCP
messaging protocol. As shown in the figure, each layer is implemented in specific Cisco
products.
WLCCP is a Cisco-defined control protocol that allows control communication between the
WLAN core product components. WLCCP messages authenticate and register WLAN core
products components that are part of the WLAN core products control topology. The WLCCP
messages are used in WLAN client authentication, association, reauthentication, and
reassociation during client roaming between the infrastructure access points and the WDS
access point. WLCCP RM transfers radio measurement data between the WLAN core products
components.
5-12
WLAN Core Products Components

Hardware components:
Cisco Aironet Series autonomous access points
Cisco Integrated Service Routers
CiscoWorks WLSE
Cisco Secure ACS
Optional: Cisco Aironet Wireless LAN client adapters, Cisco Compatible Extensions client
devices, and third-party
Software requirements:
Cisco IOS software release 12.2.(15)XR for Cisco Aironet 1100 Series and 1200 Series access
points
Cisco IOS software release 12.3(2)JA for Aironet 1130 Series and 1230 Series access points
Cisco IOS software release 12.3(7)JA1 for Aironet 1240 Series access points
Release 2.7(1) for CiscoWorks Wireless LAN Solution Engine (WLSE)
Support for all EAP types requires Secure ACS release 3.2.3 or higher
CWLF v1.0m5-7
A WLAN core product consists of the following components:
Cisco Aironet Series access points or bridges
Cisco Integrated Service Routers
CiscoWorks WLSE
Cisco Secure ACS
Optional: Cisco Aironet wireless LAN client adapters, Cisco Compatible Extensions client
devices, and third-party non-Cisco client adapters
Note
The Cisco Compatible Extensions program provides third-party verification of Cisco Aironet
wireless infrastructure products and wireless client devices from third-party companies.
Additional information about the Cisco Compatible Extensions program can be found at
http://www.cisco.com/en/US/partners/pr46/pr147/partners_pgm_brochure.html.
In addition to the hardware requirements, the minimal software requirements for this solution
are the following:
Cisco IOS software release 12.2.(15)XR for Cisco Aironet 1100 Series and 1200 Series
access points, Cisco IOS software release 12.3(2)JA for Aironet 1130 Series and 1230
Series access points, Cisco IOS software release 12.3(7)JA for Aironet 1240 Series access
pints.
Release 2.7(1) for CiscoWorks WLSE
The software requirements for Cisco Secure ACS depend on the type of Extensible
Authentication Protocol (EAP) desired. For full support of all the EAP types including EAP
Flexible Authentication via Secure Tunneling (FAST), use release 3.2.3 or higher.
5-13
Management Benefits
This topic describes WLAN core products features that assist IT professionals with deployment
of Cisco Aironet infrastructure devices, control issues, and address critical WLAN security.
Management Benefits
WLAN IDS
Eliminates security threats posed by malicious intruders and

by employee installed unauthorized or rogue access points
Fast Secure Roaming at

Layer 2
Supports roaming for latency-sensitive applications

such as wireless VOIP, video streaming, or wireless
clients.
Interference Detection
Administrators are quickly notified about conditions

that may affect network performance.
WLAN Self-Healing
Maximizes WLAN availability and optimizes WLAN

performance via a reliable and stable mechanism
Simplified Deployment
and Operations
Repetitive time-consuming tasks are easily managed and

automated to enhance productivity for network administrators.
Assisted Site Surveys
Site surveys can be performed by in-house IT personnel to

reduce the costs, skills, and time required to make optimal
radio settings for best network performance.
Automated
Re-Site Surveys
Automatic repetition of site surveys of selected areas on

demand or as scheduled to maintain peak WLAN performance
and reliable WLAN coverage
CWLF v1.0m5-8
Wireless LANs provide network users with a new level of freedom, flexibility, and competitive
advantage. However, WLANs also present IT professionals with new challenges. The WLAN
core products meet these challenges by integrating the wireless and wired LAN to deliver the
same level of security, scalability, and manageability as with wired LANs.
The WLAN core products reduce overall operational expenses by simplifying network
deployment, operations and management. With WLAN core products, several, hundreds, or
thousands of central or remotely located Cisco Aironet series autonomous access points can be
managed from a single management console. WLAN core products flexibility allows network
managers to design networks to meet specific needs, whether implementing a highly integrated
network design or an overlay network.
WLAN core products features include:
5-14
WLAN Intrusion Detection System (IDS)
Fast secure roaming
Interference detection
WLAN self-healing
Simplified deployment and operations
Assisted site surveys
Automated re-site surveys
Security
This topic describes security options available when using Cisco WLAN core products
including autonomous access points.
WLAN Core Security Benefits

Cisco core products WLAN solution threat defense:
Rogue access point detection and suppression

Protection from network attacks
Unassociated client device detection
Ad hoc network detection
RF environment scans by access points and clients
>99.9% of Rogue
Access Points
Frustrated Insider
<.1% of Rogue
Access Points
Malicious Hacker
Using access points

and clients
dramatically
increases the
chances of finding
rogue access points
CWLF v1.0m5-9
Network security is a primary issue when deploying WLANs. IT managers must protect their
network from unauthorized or rogue access points. Rogue access points are defined as either
malicious or non-malicious attacks.
The most common attack is nonmalicious. An example of a nonmalicious attack would be
when a wireless connection is required in a specific office before service can be provided
through the proper channels. An employee may go to the neighborhood computer store and buy
a cheap grade access point to attach to the desktop Ethernet connection. The type of access
point purchased is, by default, set to broadcast the service set identifier (SSID), which gives
anyone with an IEEE 802.11 compliant wireless card access to the network. This unintentional
act by the novice reduces network security by exposing critical data to outsiders.
Malicious attacks make information that should be private, available to unauthorized users. For
example, if a malicious attacker gains access to your facility. Unauthorized access is often not
difficult, even in the most secure facilities. The attacker simply follows a legitimate employee
into the building, asks them to hold the door or explains that they forgot their access badge.
Once inside the attacker chooses an inconspicuous place to install an access point and connects
to the network. Although this type of attack is uncommon, it is a situation that could be very
damaging.
The ability to detect rogue access points is critical to maintaining a secure WLAN. With the
WLAN core products, the process of detecting rogue access points is automated. IT managers
can easily and automatically detect, locate, and disable rogue access points and the switch ports
to which they are connected because both access points and client devices actively participate
in continuous scanning and monitoring of the RF environment.
5-15
Core Products Solution: Rogue Access

Point Detection
Radio Management (Air and RF
Monitoring)
Network Management System
Si
Si
Si
Network Core
RM Aggregation
CiscoWorks
WLSE
Switch-Based WDS
Distribution
Access
RM
RM
Rogue Access
Point
CWLF v1.0m5-10
A WLAN IDS provides WLAN threat defense for the WLAN core products autonomous access
points. Organizations must protect their RF environment and data networks from unauthorized
access. Rogue access points installed by employees or intruders create security breaches that
put the entire network at risk. The WLAN core products WLAN IDS quickly detects, locates,
and automatically shuts down rogue access points.
CiscoWorks WLSE detects unauthorized WLANs, and locates and identifies which wireless
clients are participating in the network. CiscoWorks WLSE also detects clients spoofing
authorized MAC addresses and generates notifications. CiscoWorks WLSE monitors per
channel excess wireless-management frames such as excess association, disassociation, probe
requests, responses, and authentication and deauthentication frames that may signal WLAN
attacks such as denial-of-service and man-in-the-middle attacks. EAP over LAN (EAPOL)
flood-message monitoring provides a way to detect excess authentication requests by an
intruder.
With Integrated WLAN IDS, a Cisco Aironet access point is deployed with its radio (IEEE
802.11a, b, or g) placed in access point multifunction mode to service client devices and
provide WLAN intrusion monitoring. In this configuration, an access point functions as both an
active 802.11 infrastructure device and as an 802.11 scanning device. The WLAN core
products gather RM data or intrusion detection information, from access points and optional
Cisco and Cisco-compatible client devices and forwards all of the information gathered to the
Cisco access point, switch, or router running Cisco IOS software with WDS. The WDS device
forwards the aggregated radio data to the CiscoWorks WLSE device on the network.
RM is a feature that relies on the coordinated effort of the CiscoWorks WLSE server, the WDS,
the infrastructure access points, and Cisco or Cisco Compatible Extensions (CCX) compatible
clients. The benefits of this all-encompassing view of the RF environment assists the
CiscoWorks WLSE in characterizing RF environment changes, including the detection of rogue
access points and identification of RF coverage or throughput problems.
5-16
The Cisco Compatible Extensions Program provides third-party verification of Cisco Aironet
wireless infrastructure products and wireless client devices from third-party companies.
The WDS RM aggregation feature aggregates and eliminates redundant RM information. This
process reduces the bandwidth required for RM information transmitted across the network and
WAN link to remote sites and campus locations. Aggregated RM information is sent from the
WDS to the CiscoWorks WLSE.
5-17
Core Products Solution : Rogue Access

Point Detection (Cont.)
Dedicated WLAN IDS
Network Management System
Si
Si
Network Core
Si
RM Aggregation
CiscoWorks WLSE
Distribution
Switch-Based WDS
Access
RM
Cisco Aironet Series

Access Point
(Scanning Only Mode)
Rogue
Access
Point
CWLF v1.0m5-11
The Cisco Aironet autonomous access point participating in RM may be deployed as dedicated
WLAN IDS with its radio (802.11a, b, or g) placed in scanning-only mode, as opposed to
operating as part-time integrated scanners. In this configuration, an access point functions as an
802.11 scanning-only device that provides continuous, 24-hour monitoring of the RF
environment to detect rogue access points and ad-hoc networks. If detected, these anomalies are
immediately reported through the WDS to the CiscoWorks WLSE and a fault is generated.
Because the scanning-only access point dedicates itself in the RF mode, the access point detects
rogue devices and unassociated clients more reliably and faster than regular access points or
clients.
Because WLAN clients can potentially move through a large physical area, adding clientassisted rogue access point scanning and monitoring into the framework, greatly increases the
RF coverage area. Client air management provides 10 to 20 times more RF measurement data
than access point RF measurements alone. Because WLAN clients can freely move about all
areas of a building, the addition of client scanning and monitoring extends RF monitoring into
areas most likely to contain rogue access points while allowing for more accurate detection.
The amount of client RF scanning and monitoring available is directly proportional to the
number of Cisco Aironet and Cisco-compatible client devices deployed in the network. A full
deployment of Cisco Aironet or Cisco-compatible client devices provides the most complete
client air and RF scanning and monitoring coverage. However, deploying just a few Cisco
Aironet or Cisco-compatible client devices provides enhanced client air and RF scanning to
help protect your network from rogue access points.
5-18
Core Products Solution IDS Display

Screens
CiscoWorks WLSE
Fault Summary
CiscoWorks WLSE
Location Manager
CWLF v1.0m5-12
All WLAN IDS data captured from the autonomous access points and optional Cisco Aironet
and Cisco-compatible client devices is compiled by the WDS device and sent to the
CiscoWorks WLSE. The CiscoWorks WLSE processes these received samples, and highlights
those that indicate the presence of rogue access points in the CiscoWorks WLSE Location
Manager and CiscoWorks WLSE Fault Summary.
5-19
Roaming Concepts
This topic explains the features of fast secure roaming.
Layer 2 and Layer 3 Roaming

Layer 3
Subnet
A
Subnet B
Layer 2 Roaming
Layer 3 Roaming
CWLF v1.0m5-13
Layer 2 roaming occurs when a WLAN device physically moves so that its radio associates to a
different access point. The original and the updated access points offer coverage for the same
IP subnet, so that the WLAN client is still valid after the roam.
Layer 3 roaming occurs when a client moves from an access point that is configured in IP
subnet A to an access point that is configured in IP subnet B and all the client sessions are
maintained. Ciscos WLAN Advanced products including lightweight access points and
controllers support Layer 2 or 3 roaming. Cisco autonomous access points and core products
support Layer 2 roaming. Ciscos WLAN Advanced products will be discussed in a later
module.
5-20
Roaming Delays
Event
Time
Taken
Percentage of
Total Time
Client realizing that it needs to roam, probably due to

maximum retransmissions.
20 ms
4.7%
Client scanning all legal 802.11 channels and selecting

an alternative access point (time between first probe and
start of authentication)
396 ms
92.7%
Client reauthenticating and reassociating with the new

access point
11 ms
2.6%
Total latency
427 ms
100%
CWLF v1.0m5-14
A Cisco Aironet client takes between 400 ms and 600 ms to roam at Layer 2.
The 802.1X authentication adds even more latency (if it is enabled). Lightweight Extensible
Authentication Protocol (LEAP) adds anywhere from 200 ms to 1.2 seconds.
Roaming delay is not a big problem for most applications. But real-time applications such as
voice need delays of less than 150 ms end to end to maintain good voice quality.
What happens on a roam?
The radio hardware needs to move to and settle on a new channel.
The client listens to avoid a collision.
The client transmits a probe frame.
The client receives a probe response or beacon frame.
5-21
Voice and Roaming

Static WEP
Wireless IP Phone
reauthenticates every
time it roams to a new
access point.
Additional latency is
introduced when this
reauthentication requires
a RADIUS server.
WEP Key ABCD
WEP Key ABCD
WEP Key ABCD
EAP Authentication
Re
au
th
en
tic
at
e
RADIUS Server
CWLF v1.0m5-15
As with any wireless application, authentication and encryption security is highly

recommended.
Voice devices may support static WEP and the 802.1X standard.
The Cisco 7920 Wireless IP Phone supports WEP and 802.1X with LEAP.
The Spectra Link IP phone supports WEP and 802.1X with LEAP.
Using the more secure method (802.1X) can delay roaming, especially if the RADIUS server is
across a WAN link or on a very busy server.
LEAP authentication adds from 200 ms to 1.2 seconds to every Layer 2 roam.
One solution to avoid excessive delay is to use static WEP and virtual LANs (VLAN) with
Layer 3 filters instead of 802.1X with EAP or MAC security.
5-22
What Is Fast Secure Roaming?

An access point feature that reduces Layer 2 roaming
times to under 150 ms:
Adjacent channel scans in under 100 ms
Adjacent access point learning
Reduces the interprobe request spacing
Client can move much more quickly to new access point
Client Rekeys in about 5 ms
Rekeys with new access point instead of reauthenticating to
RADIUS server
Process takes about 5 ms
CWLF v1.0m5-16
Another solution is to implement fast secure roaming. In addition to reducing the number of RF
channels that must be scanned and reducing the overall scanning time, this feature allows
authentication to occur much more quickly by using an access point as a local authenticator.
An access point providing WDS for a Layer 2 network caches client security credentials when
the client is authenticated to a centralized RADIUS server. Subsequently, when a client roams,
keys are provided to the new access point by the WDS access point.
5-23
Traditional Roaming
1.Typical wireless 802.1X
authentication requires 3 end to
end transactions with an overall
transaction time of >500 ms.
WAN
Cisco ACS
AAA server
AP2
1. 802.1X Initial
Authentication
Transaction
2. 802.1X authentication requires a

roaming client to reauthenticate,
adding an additional 500+ ms to
the roam.
AP1
2. 802.1X
Reauthentication
After Roaming
CWLF v1.0m5-17
As the figure illustrates, roaming without the fast secure roaming feature requires a full
reauthentication to a centralized RADIUS server on each and every roam. The result is a delay
that can cause problems for any applications running during the roam.
5-24
Fast Secure Roaming

1. Access point must now 802.1X authenticate
with the WDS Access Point (AP1) to
establish a secure session.
2. Initial client 802.1X authentication goes to
central AAA server (~500ms).
WAN
Cisco ACS
AAA Server
Access
Point-Based
WDS
3. During a client roam, the client signals to

the WDS it has roamed, and WDS will send
the client key to the new Access Point
(AP2).
4. The overall roam time is reduced to
<150 ms, and, in most cases <100 ms.
AP2
AP1
CWLF v1.0m5-18
With fast secure roaming, an intermediate access point running WDS operates in the control
path for all authentications to the centralized RADIUS server.
As clients authenticate, the security credentials are cached on the WDS.
On a client roam, the credentials are securely passed to the target access point, and the client
session continues without disruption.
5-25
Access Point-Based WDS Solution-Layer 2

RADIUS Control
Messages
WLCCP
Messages
WLSE
ACS
WDS
WDS
WLAN
Control
Domain
WLAN
Control
Domain
WLCCP
Messages
WLCCP
Messages
Data Packets
CWLF v1.0m5-19
In the access point-based WDS solution, infrastructure access points discover the WDS via
special WLCCP multicast messages. An access point running WDS is required on each Layer 2
subnet. The solution supports up to 30 infrastructure access points when the WDS-host access
point is also serving wireless clients and up to 60 infrastructure access points when the WDShost access point is not serving wireless clients. The access point-based WDS solution
facilitates seamless mobile node roaming across a Layer 2 WLAN control context.
5-26
Lesson Self-Check
Q1)
The CiscoWorks Wireless LAN Solutions Engine operates at which level of the
Telecommunications Management Network Architecture? (Choose one.) (Source:
Introducing WLAN Management)
A)
B)
C)
D)
E)
Q2)
Which of the following components are required for Layer 2 Roaming in a Cisco
WLAN Core feature set? (Choose one.) (Source: Cisco Unified Wireless Network)
A)
B)
C)
D)
Q3)
Autonomous access points and a controller

Lightweight access points and a WDS
Autonomous access points and a WDS
Autonomous access points and a client adapter
Ciscos WLAN core products in a network comprised of autonomous access points

require which of the following on a per subnet basis to provide fast secure roaming?
(Choose one.) (Source: WLAN Core Products Overview)
A)
B)
C)
D)
Q4)
Network and system elements

Element management
Network system management
Services management
Business management
WDS
WLSE
LWAPP
WCS
In the Cisco WLAN core products framework, the CiscoWorks WLSE belongs to
which of the following layers? (Choose one.) (Source: Components and Protocols)
A)
B)
C)
D)
Management and Security

WDS
Infrastructure Access Point
Client
5-27
Q5)
Place the correct management feature letter to the left of the correct benefit. (Source:
Management Benefits)
A)
B)
C)
D)
Q6)
Maximizes WLAN availability and optimizes WLAN performance via a

reliable and stable mechanism.
Eliminates security threats posed by malicious intruders and by employee
installed unauthorized or rogue access points.
Site surveys can be performed by in-house IT personnel to reduce the
costs, skills, and time required to make optimal radio settings for best
network performance.
Cisco client
WDS access point
Cisco-compatible client
When fast secure roaming is implemented with Cisco WLAN core products, which of
the following devices caches the encryption keys? (Choose one.) (Source: Roaming
Concepts)
A)
B)
C)
D)
5-28
Supports roaming for latency-sensitive applications such as wireless

VOIP, video streaming, or wireless clients.
Which of the following devices gathers and aggregates Radio Management data and
forwards it to the management platform? (Choose one.) (Source: Security)
A)
B)
C)
D)
Q7)
WLAN IDS
Fast Secure Roaming
Assisted Site Survey
WLAN Self-Healing

WLAN Controller
WDS Access Point
Cisco Client

Q1)
Q2)
B,D
Q3)
Q4)
Q5)
B - Supports roaming for latency-sensitive applications such as wireless VOIP, video streaming, or
wireless clients.
C - Maximizes WLAN availability and optimizes WLAN performance via a reliable and stable
mechanism.
A - Eliminates security threats posed by malicious intruders and by employee installed unauthorized or
rogue access points.
D - Site surveys can be performed by in-house IT personnel to reduce the costs, skills, and time required to
make optimal radio settings for best network performance.
Q6)
Q7)
5-29
Summary
Summary
The CiscoWorks WLSE is a component of the WLAN core
products that provides many features for managing
autonomous access points in a WLAN.
The WLAN core products provide the framework to integrate
and extend wired and wireless networks using autonomous
access points.
The WLAN core products can be visualized as a layered
model that includes management, WDS, autonomous access
points, and wireless client layers.
CWLF v1.0m5-21
Cisco Unified Wireless Network includes two WLAN solutions: the Cisco WLAN core
products and the Cisco WLAN advanced products. The CiscoWorks WLSE is a component of
the WLAN Core products solution framework that provides many features for managing the
WLAN. The WLAN core products solution provides the framework to integrate and extend
wired and wireless networks. The WLAN core products solution can be visualized as a layered
model that includes management, WDS, autonomous infrastructure access points, and wireless
client layers.
5-30
Lesson 2
Setting up Autonomous Access

Point Hardware
Overview
This lesson describes the hardware of an autonomous access point, including LEDs and ports as
well as the steps to perform the initial connect and reset for an access point.
Objectives
Upon completing this lesson, you will be able to perform the initial setup of the Cisco core
product autonomous access point hardware. This ability includes being able to meet these
objectives:
Describe the hardware of an access point, including LEDs and ports
Discuss the steps to perform the initial connect and reset for an access point
Access Point Hardware

This topic describes the hardware of an access point, including LEDs and ports.
Aironet 1130AG LED Ring Color Status

Indicator
Top of Unit
Cable Bay Area
Status LED
Ethernet LED
Radio LED
Meaning
Blue
Normal operating
condition; at least
one wireless device
associated.
Light green
Normal operating
condition; no
wireless device
associated.
Blinking green
Transmitting or
receiving Ethernet
packets.
Blinking green
Transmitting or
receiving radio
packets.
Blinking dark blue
Green or blinking
green
Blinking green or
off
Software upgrade
in progress.
Amber
Various
Various
IOS errors
Blinking red
Various
Various
Boot loader errors
CWLF v1.0m5-2
If your access point is not working properly, check the Status LED on the top panel or the
Ethernet and Radio LEDs in the cable bay area. You can use the LED colors to assess the unit
status.
Note
5-32
To see the Ethernet and Radio LEDs you must open the access point cover.
Top of Unit
Cable Bay Area
Status LED
Ethernet LED
Radio LED
Meaning
Blue
Normal operating condition; at least one wireless

device associated.
Light green
Normal operating condition; no wireless device

associated.
Blinking green
Transmitting or receiving Ethernet packets.
Blinking green
Transmitting or receiving radio packets.
Blinking dark
blue
Green or blinking
green
Blinking green
or off
Software upgrade in progress.
Amber
Various
Various
IOS errors
Blinking red
Various
Various
Boot loader errors
Aironet 1130AG Series Physical Features
All wires hide easily
Unit can be padlocked

for physical security
CWLF v1.0m5-3
The front cover easily slides forward revealing the Ethernet, console, and power connections.
There are three methods of securing the access point:
Security cable keyhole: You can use the security cable slot to secure the access point
using a standard security cable, such as those used on laptop computers.
Security hasp adapter: When you mount the access point on a wall or ceiling using the
mounting plate and the security hasp adapter, you can lock the access point to the plate
with a padlock. Compatible padlocks are Master Lock models 120T and 121T or
equivalent.
Note
The security hasp adapter covers the cable bay area (including the power port, Ethernet
port, console port, and the mode button) to prevent the installation or removal of the cables
or the activation of the mode button.
Security screw: The access point contains a security screw hole that can be used to secure
the access point to the mounting plate.
5-33
Aironet 1130AG Series Access Point Ports
3
5
Connections are + 48-VDC (center positive)

Ethernet and console port.
CWLF v1.0m5-4
There are three ports on the Cisco Aironet 1130 Series Access Point:
Ethernet port (with or without power): The auto-sensing Ethernet port accepts an RJ-45
connector, linking the access point to your 10Base-T or 100Base-T Ethernet LAN. The
access point can receive power through the Ethernet cable from a power injector, switch, or
power patch panel. The Ethernet MAC address is printed on the label on the back of the
access point.
DC power: The access point draws up to 12.2 watts maximum of DC power and can
receive power from an external power module or through inline power using the Ethernet
cable. Using inline power, you do not need to run a separate power cord to the access point.
Supports Ciscos Pre-standard Power over Ethernet.
Supports IEEE 802.3af inline power standard.
Console Port. To communicate with the access point via the console port, use a terminal
emulation program (such as HyperTerminal) with the following settings:
9600 baud
8 data bits
No parity
1 stop bit
Flow control XON/XOFF
The reset/mode button is used to reset the access point to factory defaults or reload an image.
5-34
Aironet 1240 Series LEDs
Status
Ethernet
Radio
Association status
Operating status
Status
Meaning
Light Green
Normal operating condition, but no

wireless client device are associated
with the unit.
Blue
Normal operating condition, at least one

wireless client device is associated with
the unit.
Green
Ethernet link is operational.
Blinking
Green
Transmitting or receiving Ethernet

packets
Blinking
Green
Transmitting or receiving radio packets.

Dark Blue
Software upgrade in progress
CWLF v1.0m5-5
The access point has three LEDs to indicate Ethernet activity, radio activity, and status
indications:
The Status LED provides general operating status and error indications.
The Ethernet LED signals Ethernet traffic on the wired Ethernet LAN and provides
Ethernet error indications.
The Radio LED signals that wireless packets are being transmitted or received over the
radio interface and provides radio error indications.
The LEDs display a variety of information about the state of the access point as indicated in the
following table.
LED Signals
Message
type
Ethernet
indicator
Status
indicator
Radio
indicator
Meaning
Light Green
Normal operating condition, but no

client devices are associated with
the unit.
Blue
Normal operating condition, at least

one wireless client device is
associated with the unit.
Green
Blinking
Green
Transmitting/receiving Ethernet
packets
Green
Transmitting/receiving radio packets
Blinking Dark Blue Software upgrade in progress.
Association
status
Operating
status
5-35
LED Signals continued.

Message
type
Boot loader status
Boot Loader
Warnings
Boot Loader Errors
Ethernet
indicator
Status
indicator
Radio
indicator
Meaning
Green
Green
Green
DRAM memory test. Ok.
Off
Blinking Green Blue-green
Initialize Flash file system.
Off
Green
Pink
Flash memory test. Ok.
Green
Off
Dark Blue
Ethernet test ok.
Green
Green
Green
Starting Cisco IOS.
Off
Off
Yellow
Ethernet link not operational
Red
Off
Yellow
Ethernet failure
Amber
Off
Yellow
Configuration recovery in progress

(Mode button pressed for 2 to 3
seconds)
Off
Red
Pink
Image recovery (Mode button

pressed for 20 to 30 seconds)
Blinking
Green
Red
Blinking Pink and Off
Image recovery in progress and

Mode button is released.
Red
Red
Red
DRAM memory test failure.
Off
Red
Blinking Red and Blue Flash file system failure
Off
Amber
Blinking Red and

Blue-green
Environment variable (ENVAR)

failure.
Amber
Off
Blinking Red and

Yellow
Bad MAC address.
Red
Off
Blinking Red and Off
Ethernet failure during image

recovery.
Amber
Amber
Boot environment error.
Red
Amber
No Cisco IOS image file
Amber
Amber
Boot failure
Blinking
Amber
Transmit or receive Ethernet errors.
Blinking Amber -
Maximum retries or buffer full

occurred on the radio.
Red
Red
Amber
Software failure; try disconnecting

and reconnecting unit power.
Amber
General warning, insufficient inline

power
Cisco IOS errors
5-36
Aironet 1240 Series Access Point Ports
Console port RJ-45

Ethernet RJ-45
Cisco pre-standard Power over Ethernet
IEEE 802.3af Power over Ethernet
48-VDC power port

Mode button
CWLF v1.0m5-6
DC power: The access point draws up to 12.95 watts maximum of DC power and can
receive power from an external power module or through inline power using the Ethernet
cable. Using inline power, you do not need to run a separate power cord to the access point.
Ethernet port: (with or without power): The auto-sensing Ethernet port accepts an RJ-45
access point.
Console port: The serial console port provides access to the access points command-line
interface (CLI) using a terminal emulator program. The port is located on the end of the
unit. Use an RJ-45 to DB-9 serial cable to connect your computers COM port to the access
points serial console port. To communicate with the access point via the console port, use
a terminal emulation program (such as HyperTerminal) with the following settings:
9600 baud
8 data bits
No parity
1 stop bit
The reset/mode button is used to reset the access point to factory defaults or reload an
image.
5-37
Aironet 1200 Series Front Cover LEDs

Status lights
Ethernet
Status
Radio activity
Ethernet Activity
Status
Radio Activity
CWLF v1.0m5-7
The three LEDs on the top of the access point report Ethernet activity, association status, and
radio activity.
The Ethernet LED signals Ethernet traffic on the wired LAN, or Ethernet infrastructure.
This LED is normally green when an Ethernet cable is connected and blinks green when a
packet is received or transmitted over the Ethernet infrastructure. The LED is off when the
Ethernet cable is not connected.
The status LED signals operational status. Green indicates that the access point is
associated with at least one wireless client. Blinking green indicates that the access point is
operating normally but is not associated with any wireless devices.
The radio LED signals wireless traffic over the radio interface. The light is normally off,
but it blinks green whenever a packet is received or transmitted over the access point radio.
The status light also flashes amber any time the system notes that an error has occurred. This
light prompts you to look into the history logs to see a review of errors that have been reported.
The radio and Ethernet LEDs indicate activity (transmit [Tx] or receive [Rx]) over this media.
Typically the Ethernet LED blinks much faster than the RF LED because there is more traffic
on the Ethernet side than on the radio frequency (RF) side. If the RF LED is blinking much
more than the Ethernet LED, this is an indication that there is a lot of radio traffic without
corresponding Ethernet traffic. This condition could result from an RF test routine or from poor
communication causing RF retries.
Any red LED during normal operation indicates a problem, typically a firmware or hardware
failure.
following table.
5-38
LEDs
Message
type
Ethernet
indicator
Status
indicator
Radio
indicator
Meaning
Green
Green
DRAM memory test.
Amber
Red
Board initialization test
Blinking
green
Blinking
green
Flash memory test.
Amber
Green
Ethernet initialization test.
Green
Green
Green
Starting IOS.
Green
At least one wireless client device is

Blinking
green
No client devices are associated; check

the unit's service set identifier (SSID)
and WEP settings.
Green
Blinking
green
Transmitting/receiving radio packets.
Green
Blinking
green
Transmitting/receiving Ethernet packets.
Red
Red
Red
Red
File system failure.
Red
Red
Ethernet failure during image recovery.
Amber
Green
Amber
Red
Green
Red
No IOS image file.
Amber
Amber
Amber
Boot failure.
Green
Blinking
amber
Maximum retries or buffer full occurred

on the radio.
Blinking
amber
Transmit/receive Ethernet errors.
Blinking
amber
General warning.
Configuration Reset
Amber
Resetting the configuration options to

factory defaults.
Failure
Red
Red
Red
Firmware failure; try disconnecting and

reconnecting unit power.
Firmware Upgrade
Red
Loading new firmware image.
Boot loader status
Association status
Operating status
Boot Loader Errors
Operation Errors
5-39

Ethernet Port with or without power
DC Power
Console Port
Reset/Mode Button
Link
Traffic
CWLF v1.0m5-8
DC power: The access point draws up to 13 watts maximum of DC power and can receive
power from an external power module or through inline power using the Ethernet cable.
Using inline power, you do not need to run a separate power cord to the access point.
Note
Supports Ciscos Pre-standard power over Ethernet.
access point.
Console Port: To communicate with the access point via the console port, use a terminal
emulation program (such as HyperTerminal) with the following settings:
9600 baud
8 data bits
No parity
1 stop bit
5-40
Aironet 1100 Series Front Cover LEDs
Ethernet Activity
Status
Radio Activity
Status lights
Ethernet
Status
Radio activity
CWLF v1.0m5-9
There are three LEDs on the front cover of the Cisco Aironet 1100 Series Access Point. These
lights indicate:
The Ethernet indicator signals traffic on the wired LAN, or Ethernet infrastructure. This
indicator is normally green when an Ethernet cable is connected, and blinks green when a
packet is received or transmitted over the Ethernet infrastructure. The indicator is off when
the Ethernet cable is not connected.
The status indicator signals operational status. Steady green indicates that the access point
is associated with at least one wireless client. Blinking green indicates that the access point
is operating normally but is not associated with any wireless devices.
The radio indicator blinks green to indicate radio traffic activity. The light is normally off,
but it blinks green whenever a packet is received or transmitted over the access point's
radio.
following table.
5-41
Top Panel Indicator Signals

Message
type
Ethernet
indicator
Status
indicator
Radio
indicator
Meaning
Green
Green
DRAM memory test.
Amber
Red
Board initialization test
Blinking
green
Blinking
green
Flash memory test.
Amber
Green
Ethernet initialization test.
Green
Green
Green
Starting IOS.
Green
At least one wireless client device is

Blinking
green
No client devices are associated; check

the unit's service set identifier (SSID)
and WEP settings.
Green
Blinking
green
Transmitting/receiving radio packets.
Green
Blinking
green
Transmitting/receiving Ethernet packets.
Red
Red
Red
Red
File system failure.
Red
Red
Ethernet failure during image recovery.
Amber
Green
Amber
Red
Green
Red
No IOS image file.
Amber
Amber
Amber
Boot failure.
Green
Blinking
amber
Maximum retries or buffer full occurred

on the radio.
Blinking
amber
Transmit/receive Ethernet errors.
Blinking
amber
General warning.
Configuration Reset
Amber
Resetting the configuration options to

factory defaults.
Failure
Red
Red
Red
Firmware failure; try disconnecting and

reconnecting unit power.
Firmware Upgrade
Red
Loading new firmware image.
Boot loader status
Association status
Operating status
Boot Loader Errors
Operation Errors
5-42

Ethernet Port with or without power
DC Power
Reset/Mode Button
No
No console
console port
port on
on this
this access
access point
point
CWLF v1.0m5-10
There are two ports on the Cisco Aironet 1100 Series Access Point:
DC power: The access point draws up to 4.9 watts of DC power and can receive power
from an external power module or through inline power using the Ethernet cable. Using
inline power, you do not need to run a separate power cord to the access point.
Note
Supports Ciscos Pre-standard power over Ethernet.
access point.
There is no console port on this access point. Use Telnet to configure the access point via the
Cisco IOS commands.
5-43
Comparison of Autonomous Access Point

Hardware
External Antenna Console Cisco
/ RPTNC
Port
PoE
connectors
802.3af
PoE
802.11a 802.11g
1100
Series
NO
NO
YES
NO
NO
YES
1130AG
Series
NO
YES
YES
YES
YES
YES
1200
Series
YES
YES
YES
NO
YES
YES
1240AG
Series
YES
YES
YES
YES
YES
YES
CWLF v1.0m5-11
As a quick reference for installation, the figure gives a comparison of the different autonomous
access points hardware features.
The 1200 Series access point supports RP-TNC connectors with the RM22 802.11a radio
module.
The 1200 Series access point supports 802.11a with either the RM21 or RM22 802.11a radio
module.
5-44
Initial Connect and Reset

This topic discusses the steps to perform the initial connect and reset for an access point.
Using the Mode Button to Set Access Point

to Factory Default
Disconnect power
Press and hold the MODE button while you reconnect
power to the access point
Hold the MODE button until the Status LED turns
amber
2 to 3 seconds
CWLF v1.0m5-12
Follow these steps to delete the current configuration and return all access point settings to the
factory defaults using the MODE button.
Step 1
Disconnect power (the power jack for external power or the Ethernet cable for inline power) from the access point.
Step 2
Press and hold the MODE button while you reconnect power to the access point.
Step 3
Hold the MODE button until the Status LED turns amber (approximately 1 to 2
seconds), and release the button.
Step 4
After the access point reboots, you must reconfigure the access point by using the
web-browser interface or the CLI.
Note
The access point is configured with the factory default values including the IP address (set
to receive an IP address using Dynamic Host Configuration Protocol [DHCP]). The default
username and password are Cisco, which is case-sensitive.
5-45
Using the Mode Button to Reload the

Access Point Image
Put firmware image on local TFTP server
Rename to cXXXX-k9w7-tar.default
(XXXX=device type)
Example c1240-k9w7-tar.default for AP1240
Press and hold the MODE button while you reconnect

power to the access point.
Hold the MODE button until the Status LED turns Red
20 to 30 seconds
CWLF v1.0m5-13
If the wireless device has a firmware failure, you must reload the image file using the web
browser interface or on Cisco 1100, 1130, and 1200 series access points, by pressing and
holding the MODE button for around 30 seconds.
Follow these steps to reload the access point image file:
5-46
Step 1
The PC you intend to use as a TFTP server must be configured with a static IP
address in the range of 10.0.0.2 to 10.0.0.30.
Step 2
Make sure that the PC contains the access point image file (such as c1100-k9w7tar.123-7.JA.tar for an 1100 series access point, c1130-k9w7-tar.123-7.JA.tar,
c1200-k9w7-tar.123-7.JA.tar for a 1200 series access point, or c1240-k9w7-tar.1237.JA.tar for a 1240 series access point) in the TFTP server folder and that the TFTP
server is activated.
Step 3
Rename the access point image file in the TFTP server folder to c1100-k9w7tar.default for an 1100 series access point, c1130-k9w7-tar.default for an 1130 AG
series access point, c1200-k9w7-tar.default for a 1200 series access point or c1240k9w7-tar.default for a 1240 series access point.
Step 4
Connect the PC to the access point using a Category 5 (CAT5) Ethernet cable.
Step 5
Disconnect power (the power jack for external power or the Ethernet cable for inline power) from the access point.
Step 6
Press and hold the MODE button while you reconnect power to the access point.
Step 7
Hold the MODE button until the status LED turns red (approximately 20 to 30
seconds), and release the MODE button.
Step 8
Wait until the access point reboots as indicated by all LEDs turning green followed
by the Status LED blinking green.
Step 9
After the access point reboots, you must reconfigure the access point by using the
web-browser interface or the CLI.
Connecting to the Access Point

Console port
Requires rollover cable
Telnet
Requires an IP address
Web browser
Requires an IP address
Preferred connection
Console
Port
Telnet
Web
Browser
To set an IP address:
Use Dynamic Host Configuration Protocol
(DHCP)
Use Cisco IP Setup Utility (IPSU)
Set using console port
CWLF v1.0m5-14
As designed, you can manage Cisco Aironet access points using a web browser. Telnet and
console port menus are more difficult to use for management.
To set an IP address you can either use DHCP or the Cisco Aironet IP Setup Utility (IPSU).
5-47
Initial Connection to Access Point 1100

Power up and attach either to network or directly to
PC
Access point defaults to 10.0.0.1 for 5 minutes
Access point provides DHCP service for 5 minutes
Use Web browser or Telnet
Username: blank
Password: Cisco
CWLF v1.0m5-15
When you connect a Cisco Aironet 1100 Series Access Point with a default configuration to
your LAN, the Aironet 1100 Series Access Point makes several attempts to get an IP address
from the DHCP server. If it does not receive an address, it assigns itself the IP address 10.0.0.1
for five minutes. During this five-minute window, you can browse to the default IP address and
configure a static address. If after five minutes the access point is not reconfigured, it discards
the 10.0.0.1 address and reverts to requesting an address from the DHCP server. If it does not
receive an address, it sends requests indefinitely. If you miss the five-minute window for
browsing to the access point at 10.0.0.1, you can power-cycle the access point to repeat the
process.
5-48
Initial Connection to all Cisco Aironet

Access Point with Cisco IOS Software
Power up and attach either to network
Access point ships without IP addresses
Obtains IP address from DHCP or console
Access point will never default to an IP address, it stays in a
DHCP request mode
Username: blank
Password: Cisco
CWLF v1.0m5-16
When you connect a Cisco Aironet 1130 AG Series Access Point, Cisco Aironet 1200 Series
Access Point, or Cisco Aironet 1240 AG Series Access Point with a default configuration to
your LAN, the access point requests an IP address from your DHCP server and, if it does not
receive an address, continues to send requests indefinitely.
5-49
Lesson Self-Check
Q1)
Which of the following status LED states indicates that the Aironet 1240 series access
point is working properly and has at least one wireless client associated? (Choose one.)
(Source: Access Point Hardware)
A)
B)
C)
D)
Q2)
To default a Cisco Aironet autonomous (IOS) access point to factory defaults, hold in
the mode/reset button for 2 to 3 seconds while applying power or until the status LED
turns which color? (Choose one.) (Source: Initial Connect and Reset)
A)
B)
C)
D)
5-50
blinking green
blinking blue
solid green
solid blue
Green
Red
Amber
Blue

Q1)
Q2)
5-51
Summary
Summary
In this lesson, Cisco Aironet autonomous access
point hardware, including the LEDs and ports were
discussed.
This lesson also included steps to reset the access
points to factory defaults or to reload an IOS image
using the mode button, and the different ways to
connect to a factory default access point for initial
configuration.
CWLF v1.0m5-18
In this lesson, Cisco core product access point hardware, including the LEDs and ports were
discussed. This lesson also included steps to reset the access points to factory defaults or to
reload an IOS image using the mode button, and the different ways to connect to a factory
default access point for initial configuration.
5-52
Lesson 3
Configuring the Access Point

Overview
This lesson discusses configuring the autonomous access point.
Objectives
Upon completing this lesson, you will be able to set up and configure an autonomous access
point. This ability includes being able to meet these objectives:
Explain the hierarchy of the RF network
View the home page
Use Express Setup to set up role in the radio network and identify on the access point
Describe procedures to configure SSID for the network
Enable and configure network interfaces on the access point
Locate various advance services
Set up and configure a VLAN on an access point
Explain traffic classes and configure and apply quality of service policies
Describe the process of setting up SNMP for an access point
Describe Layer 4, MAC address, Ethertype, IP protocol and port filtering
Describe the use of CLI for access point configuration
Access Point: Root Mode

This topic explains the hierarchy of the RF network.
Access Point: Root Mode

Every network system has some type of hierarchy. In
Ciscos radio frequency (RF) system, the root
parameter plays this role by:
Controlling association to and from other devices
Controlling roaming and handoffs
CWLF v1.0m5-2
In the Cisco Aironet wireless system, the radio frequency (RF) network has a hierarchy that
starts at the root unit.
For an access point, the root unit is attached to the cabled LAN. This is called the root device.
Clients and repeaters associate with the root. A client may move out of the range of the root
unit and into the range of another root unit. This change will cause the old root unit to drop the
client from the association table and the new access point to add the client to its table. The root
is the top of the structure for data flow.
5-54
Access Point and Repeater Mode

Access Point (root AP)
Accepts association and communicates
only with clients and repeaters
Repeater (non-root AP)

Associates and communicates to a
root=ON or another root=OFF that is
associated to a root=ON
Accepts association and communicates
only with clients and repeaters, as long
as it is registered to a root=ON
Cabled LAN
Any number of root access points per

RF system
Access Points
Root
Root
Cabled LAN
Will not communicate with other root

devices
Non-root (Repeater)
CWLF v1.0m5-3
All Cisco Aironet autonomous access points can be configured as either a root unit (access
point mode), or as a non-root unit (repeater mode). Root units cannot communicate with other
root units via the RF. They can communicate only over the backbone. Non-root units can
communicate with a root unit (known as the parent unit) via the RF, but cannot send or receive
data via the Ethernet port. Non-root units may also communicate with another non-root unit via
the RF. Non-root units lock on to another non-root or root unit and do not stray from this
connection unless the connection is lost.
Both root and non-root units can accept associations and communicate with wireless clients via
the RF.
5-55
Home Page
This topic views the home page.
Main Menu: Home
CWLF v1.0m5-4
Return to the Home page on the Cisco autonomous access point at any time by selecting the
Home menu tab on the left menu bar. The Home page provides a quick summary of the access
point and bridge status, to include:
Network Identity: This area summarizes the configuration of the access point Bridge
Virtual Interface (BVI) and Ethernet MAC address.
Network Interfaces: This area shows basic information on the access point network
interfaces. The title line gives a link to the Network Interfaces page, which provides more
information on data traffic through the ports. The access point radios are Radio0-802.11b
(2.4 GHz) and Radiol-802.11a (5 GHz).
5-56
Interface: Displays current interface status.
MAC Address: Displays the MAC address of each interface.
Transmission Rate: Gives the current interface operational data rate.
Event Log: After the access point has started running, the Event Log area displays the
recent events that have been logged.
Time: Shows the time of the event, expressed in system uptime or wall-clock time.
Severity: Indicates the level of each event or alarm that is processed by the access
point.
Description: Gives a brief description of the error or alarm event.
Express Setup
This topic describes the use of Express Setup to set up role in the radio network and identify on
the access point.
Express Set-Up Menu
CWLF v1.0m5-5
The Express Set-Up configurable settings include:
Host Name: The host name, while not an essential setting, helps identify the wireless
device on your network. The host name appears in the titles of the management system
pages.
Configuration Server Protocol: Select on the button that matches the networks method
of IP address assignment.
IP Address: Use this setting to assign or change the wireless devices IP address. If
Dynamic Host Configuration Protocol (DHCP) is enabled for your network, leave this field
blank.
IP Subnet Mask: Enter the IP subnet mask provided by your network administrator so the
IP address can be recognized on the LAN. If DHCP is enabled, leave this field blank.
Default Gateway: Enter the default gateway IP address provided by your network
administrator. If DHCP is enabled, leave this field blank.
SNMP Admin Community: The Simple Network Management Protocol (SNMP)

community name required by the trap destination before it records traps sent by the device.
Selecting on SNMP will automatically launch the access points SNMP configuration page.
5-57
Express Set-Up (Cont.)
Number of radios may vary depending on access point type and configuration
CWLF v1.0m5-6
The Express Set-Up page allows configuration of the basic parameters of the access point.
These parameters may be set for either of the radio interfaces of the access point or as follows:
5-58
Role in Radio Network: While the access point can be configured in one of several roles,
this module covers the access point roles. Select on the button that describes the role of the
wireless device on your network.
Select Access Point (Root) if the wireless device is connected to the wired LAN.
Select Repeater (Non-Root) if it is not connected to the wired LAN.
Optimize Radio Network for: Access point data rates may be set to send broadcast
packets at higher data rates (select the Range button) or lower data rates (select the
Throughput button). You can also configure specific data rates permitted by selecting the
Custom button.
Aironet Extensions: Select either the Enable or Disable radio button to enable or disable
Aironet extensions. Aironet extensions permit Cisco client-specific features such as
roaming, load balancing, and security features such as Cisco Key Integrity Protocol (TKIP)
and Message Integrity Check (MIC).
Express Security Setup

This topic describes procedures to configure SSID for the network.
Express Security Set-Up
Help with simple deployments, more advanced settings available

under security tab
CWLF v1.0m5-7
The service set identifier (SSID)s that you create using the Express security page appears in the
SSID table at the bottom of the page. You can create up to 16 SSIDs on the wireless device. On
dual-radio wireless devices, the SSIDs that you create are enabled on both radio interfaces.
Note
In Cisco IOS Release 12.3(4)JA and higher, there is no default SSID. You must configure an
SSID before client devices can associate to the access point.
If you use VLANs on your wireless LAN (WLAN) and assign SSIDs to (VLAN)s, you can
create multiple SSIDs using any of the four security settings on the Express Security page.
However, if you do not use VLANs on your wireless LAN, the security options that you can
assign to SSIDs are limited because on the Express Security page encryption settings and
authentication types are linked. Without VLANs, encryption settings (Wired Equivalent
Privacy [WEP] and ciphers) apply to an interface, such as the 2.4-GHz radio, and you cannot
use more than one encryption setting on an interface. For example, when you create an SSID
with static WEP with VLANs disabled, you cannot create additional SSIDs with Wi-Fi
Protected Access (WPA) authentication because they use different encryption settings. If you
find that the security setting for an SSID conflicts with another SSID, you can delete one or
more SSIDs to eliminate the conflict.
Because the Express Security page is designed for simple configuration of basic security, the
options available are a subset of the access point security capabilities. Keep these limitations in
mind when using the Express Security page:
You cannot edit SSIDs. However, you can delete SSIDs and re-create them.
You cannot assign SSIDs to specific radio interfaces. The SSIDs that you create are
enabled on all radio interfaces. To assign SSIDs to specific radio interfaces, use the
Security SSID Manager page.
5-59
5-60
You cannot configure multiple authentication servers. To configure multiple authentication

servers, use the Security Server Manager page.
You cannot configure multiple WEP keys. To configure multiple WEP keys, use the
Security Encryption Manager page.
You cannot assign an SSID to a VLAN that is already configured on the access point. To
assign an SSID to an existing VLAN, use the Security SSID Manager page.
You cannot configure combinations of authentication types on the same SSID (such as
MAC address authentication and EAP authentication). To configure combinations of
authentication types, use the Security SSID Manager page.
Network Interfaces
This topic explains how to enable and configure network interfaces on the access point.
Network Interfaces
Not
Not available
available in
in Aironet
Aironet 1100
1100 Series
Series Access
Access Point
Point
CWLF v1.0m5-8
Select the Cisco IOS access point interfaces by selecting the Network Interfaces tab on the left
menu bar. This page contains information about the status of FastEthernet and Radio-802.11b,
Radio-802.11a, or Radio-802.11g interfaces, depending on which radio is installed on the
access point. Statistics and configuration options are available for each of the displayed
interfaces. Each interface can be reached by either selecting the left menu bar or the link in the
Network Interface summary page. The settings include the following:
System Settings which include IP Address, IP Subnet Mask, Default Gateway and MAC
Address.
Interface Status includes Software and Hardware status for the following interfaces:
FastEthernet: The integrated 10-Mbps or 100-Mbps Ethernet port of the access

point
Radio0-802.11G: The internal 2.4-GHz PCI radio module of the access point
Radiol-802.11A: The external 5-GHz CardBus radio module of the access point
Receive includes Input Rate Timespan, Input rate (bit/sec), Input Rate (packets/sec), Time
Since Last Imput, Total Packets Input, Total, Bytes Input, Broadcast Packets, Total Input
Errors, Overrun Errors, Ignored Packets, and Throttles.
Transmit includes Output Rate Timespan, Output rate (bit/sec), Output Rate (packets/sec),
Time Since Last Imput, Total Packets Output, Total, Bytes Output, Broadcast Packets,
Total Output Errors, Overrun Errors, Ignored Packets, Last Output Hang, Lost Parent
Counts (Repeater mode only), and Association Statistics (Repeater mode only).
5-61
FastEthernet Network Interface
Rarely change settings on this page
CWLF v1.0m5-9
The FastEthernet Network Interface page permits simple configuration of the access points
Ethernet port. The settings available include:
5-62
Enable Ethernet: Enable or disable the Ethernet port
Current Status (Software/Hardware): Shows current status of the software

(enabled/disabled) and the hardware (up/down)
Requested Duplex: Auto (configured for negotiation with terminating hub or switch), Half
(half duplex), or Full (full duplex)
Requested Speed: Auto (configured for negotiation with terminating hub or switch), 10
Mbps, or 100 Mbps
Radio0-802.11G Network Interface
Radio 0 is the interface from the CLI

CWLF v1.0m5-10
The Network Interface menu for Radio0-802.11G permits the configuration of specific
parameters for the 2.4-GHz radio interface.
Select the role in the radio network for each device. Depending on which device you are using,
the roles can vary. You can also configure a fallback role for root access points. The wireless
device automatically assumes the fallback role when its Ethernet port is disabled or
disconnected from the wired LAN. Select one of the three access point (root) settings if the
access point is connected to the wired LAN. The various roles follow:
Access Point (AP1100, 1130, 1200, 1240, 1310)

This default setting enables wireless clients to continue to associate even when there is no
connection to the wired LAN.
Access Point (Fallback to Radio Shutdown)

When the wired connection is lost, the radio shuts down. This fallback forces the clients to
associate to another access point if one is available.
Access Point (Fallback to Repeater)

When the wired connection is lost, the radio becomes a repeater. The repeater parent should
be configured to allow data to be wirelessly transferred to another access point.
Repeater (AP1100, 1130, 1200, 1240, 1310)

Select this setting if the access point is not connected to the wired LAN. Client data is
transferred to the access point selected as the repeater parent. The repeater parent may be
configured as an access point or another repeater.
Root Bridge with Wireless Client (AP1200, 1240, 1310)

Specifies that the root bridge mode accepts associations from client devices. A root bridge
can be an access point or a bridge. Wireless clients, non-root bridges, repeaters, and
workgroup bridges can associate with a root bridge.
Non-Root Bridge with Wireless Clients (AP1200, 1240, 1310)

Specifies that the non-root bridge mode accepts associations from client devices. Wireless
bridges can associate only with non-root bridges.
5-63
Root Bridge without Wireless Clients (AP1200, 1240, 1310, BR1410)

Only non-root bridges can associate with root bridges.
Non-Root Bridge without Wireless Clients (AP1200, 1240, 1310, BR1410)

Specifies that the access point operates as a non-root bridge and must associate to a root
bridge. No wireless clients can associate with non-root bridges.
Workgroup Bridge (AP1100, 1130, 1200, 1240, 1310)

In workgroup bridge mode, the unit associates to another access point as a client and
provide a network connection to the devices connected to its Ethernet port. The workgroup
bridge associates to an access point on your network. Only one interface can be configured
as a workgroup bridge.
Scanner (AP1100, 1130, 1200, 1240, 1310)

This option is supported only when used with a WLSE device on your network. It specifies
that the access point operates as a radio scanner only and does not accept associations from
client devices. As a scanner, the access point collects radio data and sends it to the WDS
access point on your network.
For each of the rates, select Require, Enable, or Disable.
Require - Enables transmission at this rate for all packets, both unicast and multicast. At
least one data rate must be set to Require. A client must support a required rate before it
can associate.
Enable - Enables transmission at this rate for unicast packets only.
Disable - Does not allow transmission at this rate.
Note
The client must support the basic rate you select or it cannot associate with the access point
Select the Best Range button to optimize access point range or the Best Throughput button to
optimize throughput.
When you configure the IEEE 802.11g access point radio for best throughput, the access point
sets all 802.11g data rates to basic (required). This setting blocks association from IEEE
802.11b client devices.
5-64
Radio0-802.11G Network Interface (Cont.)

Middle Portion of Screen
Pick Radio Channel
CWLF v1.0m5-11
The following fields are found on Network Interface page:

Transmit Power: This setting determines the power level of the radio transmission. The
default power setting is the highest transmit power allowed in your regulatory domain.
Note
Government regulations define the highest allowable power level for radio devices. This
setting must conform to established standards for the country in which you use the device.
To reduce interference, limit the range of your access point, or to conserve power, select a
lower power setting. For an 802.11g radio, transmit power is divided into Complementary Code
Keying (CCK) transmit power and Orthogonal Frequency Division Multiplexing (OFDM)
transmit power. CCK is the modulation used in 802.11g for the lower frequency rates, and
OFDM is the modulation used in 802.11g for higher data rates (above 20 Mbps).
Note
The 100 mW (20 dBm) value is not available for OFDM data rates.
Power Translation Table between (dBm/mW)

0
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
10
12
15
20
25
30
40
50
60
80
100
125
150
200
250
Note
The power settings have appeared in mW or in dBm depending on the version of firmware.
This table translates between mW and dBm.
Limit Client Power (mw): Determines the maximum power level allowed on client
devices that associate to the access point. When a client device associates to the access
point, the access point sends the maximum power level setting to the client.
5-65
Note
5-66
The 100 mW (20 dBm) value is not available for OFDM data rates.
Default Radio Channel: This option permits the configuration of a specific frequency for
the access point to use or permits the access point to select the least-congested channel
based upon 802.11 activity.
Least Congested Channel Search: This option permits the configuration of specific
frequencies for the access point to search when determining frequency to use.
World Mode Multi-Domain Operation: Selecting the Enable radio button allows the
access point to transmit information in the 802.11 beacons, which inform the client devices
which frequencies and power are allowable for the access point configured regulatory
domain.
Radio Preamble: Select the Long or Short button, depending on network device
capabilities.
Receive Antenna: The options are Right, Left, and Diversity antennas, depending on your
requirements and any special installation needs.
Transmit Antenna: The options are Right, Left, and Diversity antennas, depending on
your requirements and any special installation needs.
Radio0-802.11G Network Interface (Cont.)
CWLF v1.0m5-12
External Antenna Configuration: This feature is currently not operational, but it may be
supported in future releases.
Antenna Gain (dB): The gain of an antenna is a measure of the antenna's ability to direct
or focus radio energy over a region of space. High-gain antennas have a more focused
radiation pattern in a specific direction. This setting is disabled on the bridge.
Aironet Extensions: Select Enable to use Cisco Aironet 802.11 extensions. This setting
must be set to Enable so that you can use load balancing, MIC, and TKIP.
Ethernet Encapsulation Transform: Select 802.1h or RFC1042 to set Ethernet

encapsulation type. Data packets that are not 802.2 packets must be formatted to 802.2 with
802.1h or RFC 1042. Cisco Aironet equipment defaults to RFC 1042 because it provides
optimum interoperability.
802.1H: This setting provides optimum performance for Cisco Aironet wireless products.
RFC1042: Use this setting to ensure interoperability with non-Cisco Aironet wireless
equipment. RFC 1042 does not provide the interoperability advantages of IEEE 802.1h but
is used by other manufacturers of wireless equipment.
Reliable Multicast to WGB: Normally, an access point treats a workgroup bridge as an

infrastructure device and not as a client. The access point uses the reliable multicast
protocol to ensure delivery of all multicast packets. The extra traffic caused by reliable
delivery limits the number of workgroup bridges that can be associated. Select Disable to
allow the workgroup bridge to be treated as a non-infrastructure device and thus allow the
maximum number of workgroup bridges to be associated.
5-67
Note
5-68
Public Secure Packet Forwarding: Public Secure Packet Forwarding (PSPF) prevents
client devices associated to an access point from inadvertently sharing files or
communicating with other client devices associated to the access point. It provides Internet
access to client devices without providing other capabilities of a LAN. No exchange of
unicast, broadcast, or multicast traffic occurs between protected ports. Select Enable so that
the protected port can be used for secure mode configuration. PSPF must be set per VLAN.
To prevent communication between clients associated to different access points on your
wireless LAN, you must set up protected ports on the switch to which your access points are
connected.
Short Slot-Time: Determine if you want to enable support for the Extended-Rate-PHY
short slot time. Enabling this setting reduces the slot time from the standard 20
microseconds to 9 microseconds to increase throughput.
Beacon Period: The amount of time between beacons in kilo micro seconds. One Kusec
equals 1,024 microseconds.
Data Beacon Rate (DTIM): This setting, always a multiple of the beacon period,
determines how often the beacon contains a delivery traffic indication message (DTIM). A
traffic indication map is present in every beacon. The DTIM notifies power-save client
devices that a packet is waiting for them. If power save clients is active, the access point
buffers any multicast traffics and delivers them immediately after the DTIM beacon. Power
save nodes always wakes for the DTIM beacons. The longer the time, the more buffering
the access point does, and the longer the multicasts are delayed. If the beacon period is set
at 100 (its default setting), and the data beacon rate is set at 2 (its default setting), then the
device sends a beacon containing a DTIM every 200 Kusec. One Kusec equals 1,024
microseconds.
Max. Data Retries: The maximum number of attempts the device makes to send a packet
before giving up, dropping the packet, and disassociating the client.
RTS Max. Retries: The maximum number of times the device issues an RTS before
stopping the attempt to send the packet through the radio. Enter a value from 1 to 128.
Fragmentation Threshold: This setting determines the size at which packets are
fragmented (sent as several pieces instead of as one block). Use a low setting in areas
where communication is poor or where there is a great deal of radio interference.
RTS Threshold: This setting determines the packet size at which the device issues a
request to send (RTS) before sending the packet. A low RTS Threshold setting can be
useful in areas where many client devices are associating with the access point or in areas
where the clients are far apart and can detect only the access point and not each other.
Repeater Parent AP Timeout: If this timeout is enabled, the access point in repeater
mode looks only for the parent access point specified in the following Repeater Parent AP
MAC definition for this given amount of time. If the timeout expires, the list is ignored,
and the unit associates to an access point that matches its requirements, regardless of its
MAC address. If the timeout is disabled, the repeater associates only to parents in the list
and continues the search.
Repeater Parent AP MAC 1-4: Normally, a repeater access point (without a wired LAN
connection) associates much like a normal client, choosing the best access point it can find.
Enter MAC addresses in this list if you want to control the parent access point to which a
repeater may associate. If MAC addresses are entered in this list, a repeater associates only
to a parent whose MAC address matches an entry in the list. If the first MAC address is not
available, the access point continues through the list and waits the amount of time specified
in Repeater Parent AP Timeout field before trying the next.
Radio1-802.11A Network Interface
Not
Not available
available in
in every
every version
version of
of 1200
1200 Series
Series not
not available
available in
in 1100
1100 Series
Series
CWLF v1.0m5-13
The Network Interface menu for the Radio0-802.11A permits the configuration of specific
parameters for the 5-GHz radio interface. The following are among the options:
Enable Radio: Selecting the Enable or Disable radio buttons enables or disables the radio
interface.
Current Status (Software/Hardware): This area indicates software and hardware status.
Software status is either enabled or disabled. Hardware status is either up or down.
Role in Radio Network: You can set the access point to be an access point (root mode) or
repeater (non root mode). You can also modify the fallback mechanism for loss of Ethernet
here. The interface can also be set as a Bridge or a Scanner.
Data Rates: The data rates supported for this interface can be controlled via this menu.
Selecting the Require radio button configures the data rate at which broadcast 802.11
packets are sent. Selecting the Enable radio button configures the unicast 802.11 packet
rates supported. Selecting the Disable radio button turns off the packets transmitted at this
data rate.
5-69
Radio1-802.11A Network Interface (Cont.)
If not using
diversity modify
these settings
CWLF v1.0m5-14
Also on the Network Interface screen are the following settings:
Transmit Power: This setting determines the power level of the radio transmission. The
default power setting is the highest transmit power allowed in your regulatory domain.
Note
Government regulations define the highest allowable power level for radio devices. This
setting must conform to established standards for the country in which you use the device.
To reduce interference, limit the range of your access point, or to conserve power, select a
lower power setting. For an 802.11g radio, Transmit Power is divided into CCK Transmit
Power and OFDM Transmit power. CCK is the modulation used in 802.11g for the lower
frequency rates, and OFDM is the modulation used in 802.11g for higher data rates (above 20
Mbps).
Note
5-70
The 100 mW (20 dBm) value is not available for rates greater than 12 Mbps.
Power Translation Table (mW/dBm): The power settings may be in mW or in dBm

depending on the particular radio that is being configured. This table translates between
mW and dBm.
Limit Client Power (mw): Determine the maximum power level allowed on client devices
that associate to the access point. When a client device associates to the access point, the
access point sends the maximum power level setting to the client.
Default Radio Channel: This option permits the configuration of a specific frequency for
the access point to use or permits the access point to select the least-congested channel,
based upon 802.11 activities.
Least Congested Channel Search: This option permits the configuration of specific
frequencies for the access point to search when determining the frequency to use.
Receive Antenna: The options are Right, Left, and Diversity, depending on your
Transmit Antenna: The options are Right, Left, and Diversity, depending on your
External Antenna Configuration: This feature is not currently supported but may be in a
future firmware release.
5-71
Radio1-802.11A Network Interface (Cont.)
Aironet Extensions: Selecting the Enable radio button allows roaming and enables Ciscospecific security options.
Ethernet Encapsulation Transform: Specify either RFC1042 or 802.1H radio button.

802.1H permits optimal performance with Cisco equipment. Selecting the RFC1042 button
permits optimal interoperability.
Reliable Multicast to WGB: Normally, an access point treats a workgroup bridge as an

infrastructure device and not as a client. The access point uses the reliable multicast
protocol to ensure delivery of all multicast packets. The extra traffic caused by reliable
delivery limits the number of workgroup bridges that can be associated. Select Disable to
allow the workgroup bridge to be treated as a non-infrastructure device and thus allow the
maximum number of workgroup bridges to be associated.
Note
5-72
CWLF v1.0m5-15
Public Secure Packet Forwarding: Public Secure Packet Forwarding (PSPF) prevents
client devices associated to an access point from inadvertently sharing files or
communicating with other client devices associated to the access point. It provides Internet
access to client devices without providing other capabilities of a LAN. No exchange of
unicast, broadcast, or multicast traffic occurs between protected ports. Select Enable so that
the protected port can be used for secure mode configuration. PSPF must be set per VLAN.
To prevent communication between clients associated to different access points on your
wireless LAN, you must set up protected ports on the switch to which your access points are
connected.
Beacon Period: The amount of time between beacons in kilomicroseconds. One Kusec
equals 1,024 microseconds.
Data Beacon Rate (DTIM): This setting, always a multiple of the beacon period,
determines how often the beacon contains a delivery traffic indication message (DTIM). A
traffic indication map is present in every beacon. The DTIM notifies power-save client
devices that a packet is waiting for them. If power save clients is active, the access point
buffers any multicast traffics and delivers them immediately after the DTIM beacon. Power
save nodes always wakes for the DTIM beacons. The longer the time, the more buffering
the access point does, and the longer the multicasts are delayed. If the beacon period is set
at 100 (its default setting), and the data beacon rate is set at 2 (its default setting), then the
device sends a beacon containing a DTIM every 200 Kusec. One Kusec equals 1,024
microseconds.
Max. Data Retries: The maximum number of attempts the device makes to send a packet
before giving up, dropping the packet, and disassociating the client.
RTS Max. Retries: The maximum number of times the device issues an RTS before
stopping the attempt to send the packet through the radio. Enter a value from 1 to 128.
Fragmentation Threshold: This setting determines the size at which packets are
fragmented (sent as several pieces instead of as one block). Use a low setting in areas
where communication is poor or where there is a great deal of radio interference.
RTS Threshold: This setting determines the packet size at which the device issues a RTS
before sending the packet. A low RTS Threshold setting can be useful in areas where many
client devices are associating with the access point or in areas where the clients are far apart
and can detect only the access point and not each other.
Repeater Parent AP Timeout: If this timeout is enabled, the access point in repeater
mode looks only for the parent access point specified in the following Repeater Parent AP
MAC definition for this given amount of time. If the timeout expires, the list is ignored,
and the unit associates to an access point that matches its requirements, regardless of its
MAC address. If the timeout is disabled, the repeater associates only to parents in the list
and continues the search.
Repeater Parent AP MAC 1-4: Normally, a repeater access point (without a wired LAN
connection) associates much like a normal client, choosing the best access point it can find.
Enter MAC addresses in this list if you want to control the parent access point to which a
repeater may associate. If MAC addresses are entered in this list, a repeater associates only
to a parent whose MAC address matches an entry in the list. If the first MAC address is not
available, the access point continues through the list and waits the amount of time specified
in Repeater Parent AP Timeout field before trying the next.
5-73
Cisco Services
This topic describes how to locate various advance services.
Advanced Configuration: GUI Services
QoS and VLAN are the key settings for most deployments
CWLF v1.0m5-16
This is the configuration screen from a Cisco Aironet 1200 series autonomous access point.
The current services available are:
5-74
Telnet/SSH: Enable, disable and configure Telnet and Secure Shell (SSH) connections to
the access point.
Hot Standby: Enable, disable and configure the access point as a Hot Standby access
point.
CDP: Enable, disable and configure Cisco Discovery Protocol (CDP).
DNS: Configure Domain Name Service (DNS).
Filters: Configure and assign filters.
HTTP: Enable, disable and configure the Hyper Text Transfer Protocol interface on the
access point.
QoS: Configure and assign quality of service (QoS) parameters.
SNMP: Enable and configure Simple Network Management Protocol (SNMP).
SNTP: Enable and configure Simple Network Time Protocol (SNTP).
VLAN: Enable and configure virtual LAN.
ARP Caching: Enable and configure Address Resolution Protocol (ARP) caching.
VLAN Configuration
This topic describes how to set up and configure a VLAN on an access point.
VLAN and SSID Configuration
CWLF v1.0m5-17
Choosing Services > VLAN from the menu tab allows you to configure VLANs on an access
point, which may then be assigned encryption policies and may have SSIDs assigned.
The VLAN ID field allows the VLANs to be defined and assigned as either of the following:
Native VLAN: This check box denotes the native VLAN for the access point. Only one
VLAN ID may be defined as the native VLAN.
Enable Publicly Secure Packet Forwarding: This check box permits you to apply
Publicly Secure Packet Forwarding (PSPF) on each VLAN, as requirements dictate. PSPF
prevents client devices from linking to other wireless LAN (WLAN)-associated clients.
Radio0-802.11g: Assigns VLAN to IEEE 802.11g interface
Radiol-802.11a: Assigns VLAN to IEEE 802.11a interface
When a VLAN is configured on the access point through the GUI, the Ethernet port is
converted to an 802.1q trunk port.
5-75
VLAN Setup (Cont.)
At least one VLAN needs to be Native VLAN

CWLF v1.0m5-18
After VLANs are defined from the Assigned VLAN page and assigned to radio interfaces, the
throughput statistics for a specified VLAN from the VLAN Information menu can be viewed at
the bottom of the VLAN setup screen. Transmit and receive statistics for each interface and for
each configured VLAN can be obtained.
5-76
VLAN Summary Status
Great screen to troubleshoot security based on VLAN

CWLF v1.0m5-19
After configuration of the VLAN, assignment of encryption, and VLAN parameters to an

SSID, the details on the configured parameters are available in a tabular summary page from
the Security menu tab.
Specific configured parameters, including the VLAN and authentication methods configured
for each SSID on each radio interface, as well as encryption settings for each VLAN, can be
viewed from this page.
5-77
SSID Manager
Companies can choose to not assign a SSID to all VLANs (such as

native management VLAN)
CWLF v1.0m5-20
The SSID Manager page permits you to configure the SSID after you have set up VLAN and
encryption parameters on the access point.
The Authentication Methods Accepted check boxes, Open Authentication, Shared
Authentication, and Network EAP, permit you to specify the types of authentication available
on the SSID. Either MAC or Extensible Authentication Protocol (EAP) authentication may be
added to Open or Shared authentication. MAC authentication may be added to Network EAP
authentication to permit adding a MAC authentication step to the Lightweight Extensible
Authentication Protocol (LEAP) authentication process.
Note
5-78
When VLANs are created, SSIDs not assigned to a VLAN become disabled.
SSID Manager (Cont.)
CWLF v1.0m5-21
On the bottom of the SSID Manager screen, additional authentication can be configured for the
selected SSID.
Authenticated key management, either for Cisco Centralized Key Management (CCKM) or for
WPA, may be configured as optional or mandatory, depending on the desired system operation
and client capabilities. If you are using WPA, enter the WPA pre-shared key (which
authenticates the encryption parameters between client and access point in a non-802.1X
environment) from this interface.
5-79
Use for IP redirect

CWLF v1.0m5-22
The General Settings options include the following:
5-80
Advertise Extended Capabilities of this SSID: Allows you to include the SSID name and
capabilities in the Wireless Provisioning Service (WPS) information element.
Advertise Wireless Provisioning Services (WPS) Support: Allows you to enable the
WPS capability flag in the WPS information element.
Advertise this SSID as a Secondary Broadcast SSID: Allows you to include the SSID
name and capabilities in the WPS information element.
Enable IP Redirection on this SSID The IP redirect feature provides a stand alone Cisco
Aironet access point the capability to redirect wireless IP data traffic to an alternate
destination IP address on the wired LAN. The IP redirect feature is designed to provide a
means of diverting traffic from its specified destination on the wired LAN to a destination
chosen by the network administrator. Some examples of how this feature might be used
are:
Establish next-hop routing; for example, pushing all guest traffic within an
organization to the Internet router
Establish guest access in an otherwise secured environment; for example, redirecting

traffic to a splash page that details subscription/billing instructions
Association Limit (optional): Determines the maximum number of client associations the
access point permits to the specified SSID.
EAP Client (optional): Username and password to authenticate the access point to a
LEAP server, for operation of the access point or bridge in repeater or non-root mode if
entered from this interface.
Use for Broadcast SSID

CWLF v1.0m5-23
Multiple basic service set identifier (BSSID) Beacon Settings:
Set SSID as Guest Mode: Check the box if you want to include the SSID in beacons. To
increase the battery life for power-save clients that uses this SSID.
Set Data Beacon Rate (DTIM): Check the box and enter a beacon rate for the SSID. The
beacon rate determines how often the access point sends a beacon containing a Delivery
Traffic Indicator Message (DTIM). When client devices in power saving mode receive a
beacon that contains a DTIM, they normally wake up to check for pending packets. Longer
intervals between DTIMs let clients sleep longer and preserve power. Conversely, shorter
DTIM periods reduce the delay in receiving packets but use more battery power because
clients wake up more often.
Guest Mode/Infrastructure SSID Settings:
Set Beacon Mode: Select to choose single or multiple access point beacon messages. From
the drop-down menu, indicate the guest mode that enables clients without any SSID to
associate to this access point.
Set Infrastructure SSID: When the access point is in repeater mode, this SSID is used to
associate with a parent access point. Check the check box by the drop-down menu if you
want to force infrastructure devices to associate only to this SSID.
5-81
SSID Summary
Check the type of security for each SSID and VLAN.
CWLF v1.0m5-24
The SSID summary and administrator user information is available from the Security menu
under Security Summary.
You can configure the administrative users and their capabilities (read-only or read-write) from
the Admin Access menu.
Note
VLANs and SSIDs are associated with each radio interface, and their configured
authentication.
SSIDs may also be configured from the Security Summary page. The configuration menu for
each radio interface is accessible from either the Radio0-802.11B-SSIDs or Radiol-802.11ASSIDs link.
5-82
QoS Configuration
This topic explains traffic classes, configures and applies quality of service policies.
Quality of Service
Voice over wireless uses a class of service of 6

CWLF v1.0m5-25
You can create QoS policies from the Services > QoS Policies menu. QoS policies permit the
prioritization of packets based on the device type, IP tags, VLAN, or predefined filter (access
control list, or ACL).
The policy name is used as a descriptor to uniquely identify each QoS policy defined in the
access point. After associating a class of service (CoS) with a QoS Policy, the associated CoS
appears in the Classification selection box.
Under the Match Classifications menu, the specific mechanism used to prioritize packets (IP
Precedence, IP DSCP, IP Protocol 119, Filter, and Apply Class of Service) applies the CoS for
each defined classification.
5-83
Quality of Service (Cont.)
When not using VLANs, apply policy to radio interfaces

CWLF v1.0m5-26
After configuration of QoS policies, the configured policies may be applied to the desired
interface, either for inbound (Incoming) or outbound (Outgoing) traffic. Additionally, policies
may be defined for each configured VLAN on the access point in order to permit unique packet
prioritization for different VLAN and user classes.
In this case, the QoS policies have been applied to the radio interface on an incoming and
outgoing basis and on the Ethernet interface on incoming packets. For IEEE 802.11b data rates,
it is unlikely that packet prioritization will be required on output to the Ethernet, because
Ethernet speed (even 10 Mbps) is faster than all 802.11b rates.
5-84
Each VLAN should utilize a different quality of service (QoS) policy based
on traffic type
CWLF v1.0m5-27
After configuration of QoS policies, the configured policies may be applied to the desired
interface, either for inbound (Incoming) or outbound (Outgoing) traffic. Additionally, policies
may be uniquely defined for each configured VLAN on the access point in order to permit
unique packet prioritization for different VLAN and user classes.
5-85
Required for voice deployments

CWLF v1.0m5-28
The Advanced menu tab permits you to configure specific QoS parameters for unique
applications, as follows:
IP Phone: Selecting the Enable or Disable radio button permits the QoS element for
wireless phones to be enabled or disabled. This parameter configures the access point to
broadcast quality beacon information in the beacons for association by 802.11 telephony
devices, such as the Cisco Wireless IP Phone 7920.
IGMP Snooping: Selecting the Enable or Disable radio button permits the access point to
proxy an Interior Gateway Management Protocol (IGMP) query to the IGMP snoopingenabled network on behalf of an IGMP client to preserve the integrity of the multicast
stream to IGMP members.
Note
5-86
Snooping Helper is enabled by default.
AVVID Priority Mapping: Map Ethernet Packets CoS 5 CoS 6. If your network is
based on Cisco AVVID specification, select Yes. This mapping prioritizes voice packets
that include priority 5 (video).
WiFi MultiMedia (WMM): Wi-Fi MultiMedia (WMM) is a component of the IEEE

802.11e wireless LAN standard for QoS. It specifically supports priority tagging and
queuing. When you enable QoS, the access point uses WMM mode by default. Unselect the
check box to disable WMM for a particular radio interface.
Quality of Service: Traffic Classes
Do NOT change these valuesoptimized by default

CWLF v1.0m5-29
Under the Radio 802.11 Access Categories menu tab, you can review and edit the access
category definitions (as related to 802.11 contention window) for each CoS defined in the
access point.
The figure shows the default contention window settings defined for each CoS, which is
assigned via the QoS policy menu.
It is not recommended that these 802.11 contention window settings be altered, unless there is a
specific need to alter the 802.11 access behavior for unique application or WLAN load
requirements. These network settings are a prestandard version of the 802.11 contention
window settings that are to be standardized in the 802.11e standard.
5-87
Simple Network Management Protocol Setup

This topic describes the process of setting up the Simple Network Management Protocol for an
access point.
SNMP
Used by CiscoWorks WLSE among other applications

CWLF v1.0m5-30
You can enable SNMP by choosing Services > SNMP from the menu.
Configure or query the system information (system name, system location, and system contact)
for the access point from this interface. The access point sends this system information to the
SNMP management station for SNMP queries. SNMP is disabled by default.
5-88
SNMP (Cont.)
Lower Portion of Screen

CWLF v1.0m5-31
On the lower section of the SNMP services page, you can configure the specific parameters
used by the access point for SNMP messaging.
The SNMP community strings that are used to communicate with SNMP management entities
are configured from this screen.
The SNMP trap destination, which is the network management station used to collect SNMP
traps, or defined system performance, or exception thresholds, is configured here. An SNMP
trap community string is also used to ensure that the trap destination has the correct string to
accept SNMP traps from the access point.
In addition, the specific events that trigger an SNMP trap are specified from this interface.
5-89
Filtering
This topic describes Layer 4, MAC address, Ethertype, IP protocol and port filtering.
Filters
MAC address filters
Ethertype filters
IP filters
IP address
IP protocol
UDP/TCP port
CWLF v1.0m5-32
Cisco Aironet access points have a flexible set of filters. The access points support MAC
address filtering, IP address filtering, IP protocol filtering, and TCP/UDP port filtering. The
filters can be created through the web interface or by creating ACLs via the command line.
Once filters are created, they are applied to a specific interface.
5-90
MAC Address Filters
Not the most secure method since MAC addresses can be spoofed
CWLF v1.0m5-33
The MAC ADDRESS FILTERS tab permits you to allow or disallow the forwarding of packets
containing specific MAC addresses.
The steps to enter a new MAC address filter are as follows:
Create/Edit Filter Index: Select <NEW> from the drop-down menu or select the
appropriate index to edit.
Filter Index: Enter a designation for the filter.
Add MAC Address: Enter the MAC Address and Ethernet mask, and select an action
(Forward or Block) from the drop-down menu for the entered MAC address.
Default Action: Select either Forward All or Block All from the drop-down menu.
Filters Classes: This pane displays the filters after configuration.
Note
Multiple MAC address filters may be aggregated to make up a MAC address filter class.
Note
MAC addresses are MAC destination addresses.
5-91
Ethertype Filters
CWLF v1.0m5-34
The ETHERTYPE FILTERS tab permits you to allow or disallow the forwarding of packets
with a specific Ethertype header.
The steps to enter a new Ethertype address filter are as follows:
Create/Edit Filter Index: Select <NEW> or select the appropriate index to edit from the
drop-down menu.
Filter Index: Enter a designation for the filter.
Add EtherType: Enter Ethertype hexadecimal packet identifier and mask, and select an
action (Forward or Block) from the drop-down menu for the entered MAC address.
Default Action: Select either Forward All or Block All from the drop-down menu.
Filters Classes: This pane displays the filters after configuration.
Note
5-92
Multiple Ethertype address filters may be aggregated under a single filter class.
IP Protocol and Port Filters
CWLF v1.0m5-35
The IP FILTERS tab permits you to set IP protocol and port filters.
IP protocol and port filters may be defined for the following categories:
IP Address: Enter the destination address and source address and select whether the filter
will block or forward traffic to specified IP addresses.
IP Protocol: Specify the IP protocol and select whether the filter will block or forward
traffic to and from the specified IP port.
UDP/TCP Port: Specify the UDP/TCP port number and select whether the filter will block
or forward traffic to and from specified UDP/TCP port.
Note
IP address, P protocol, or TCP/UDP port numbers may be either independent or grouped to

configure filter classes. Through this mechanism, you can use specific IP address ranges or
specific protocols or a combination of address and protocol to restrict or grant access to the
access point.
5-93
Applying Filter
CWLF v1.0m5-36
After you have created the filter on the applicable filters pages, apply the filter to the
appropriate incoming and outgoing interfaces.
Note
This action has the same effect as applying ACLs to a bridge group and the interfaces
associated with that bridge group.
The following shows an example of a Cisco IOS configuration:
5-94
Global
access-list 200 deny 0x80F3 0x0000
access-list 200 permit 0x0000 0xFFFF
Per interface
bridge-group 1 input-type-list 200
bridge-group 1 output-type-list 200
Access Point Cisco IOS CLI

This topic describes the use of CLI for access point configuration.
Cisco IOS Overview

Same Cisco IOS and
commands as Cisco switches
and routers
Some new commands for
802.11
Access via console, Telnet or
Secure Shell (SSH) as
applicable
Note:
Note: IfIf you
you change
change configurations
configurations via
via console
console
you
you must
must save
save configuration
configuration
CWLF v1.0m5-37
The Cisco Aironet autonomous access points can also be managed using the Cisco IOS
software command-line interface (CLI). There are new 802.11 commands added to Cisco IOS
commands for applying SSIDs, entering WEP keys, changing IP address, changing channels,
and many more. As with other Cisco IOS products, this interface may be accessed via Telnet,
SSH or local console interface.
5-95
Cisco IOS Overview (Cont.)

New Interfaces
BVI
DOT11Radio <0/1>
Extends wired features to the wireless
ap#show ip interface brief

Interface
Method
Status
BVI1
10.1.1.8
IP-Address
YES
OK?
DHCP
up
up
Dot11Radio0
unassigned
YES
unset
administratively down
down
Dot11Radio1
unassigned
YES
unset
administratively down
down
FastEthernet0
ap#
unassigned
YES
other
up
up
Protocol
CWLF v1.0m5-38
The 802.11 commands fit into the Cisco IOS design like just another interface. The design
takes features used in a wired environment and extends them to a wireless interface.
BVI1 (Bridge Virtual Interface) is the first interface, and is the administrative interface.
Dot11Radio0 is the second interface and is the 802.11b/g radio.
Dot11Radio1 is the third interface and is the 802.11a radio. Access points without an 802.11a
radio will not have a Dot11Radio1 interface.
FastEthernet0 is the forth interface.
5-96
User Access Verification
User EXEC
Privileged
EXEC
Username: Cisco
Password:
ap>
ap>enable
Password:
ap#
ap#configure terminal
Enter configuration commands, one per line.
ap(config)#
ap(config)#interface dot11Radio 0
ap(config-if)#
End with CNTL/Z.
CWLF v1.0m5-39
The following are CLI command modes:
User EXEC mode: After you access the device, you are automatically in user EXEC
command mode. The EXEC commands available at the user level are a subset of those
available at the privileged level. In general, use the EXEC commands to temporarily
change the terminal settings, perform basic tests, and list system information. The
supported commands can vary depending on the version of Cisco IOS software in use.
Privileged EXEC mode: Because many of the privileged commands are used to configure
operating parameters, privileged access should be password-protected to prevent
unauthorized use. The privileged EXEC command set includes those commands contained
in the EXEC mode, as well as the configure privileged EXEC command through which
you access the remaining command modes.
If your system administrator has set a password, you are prompted to enter it before being
granted access to privileged EXEC mode. The password does not appear on the screen and is
case-sensitive.
5-97
User Access Verification
Global
configuration
Username: Cisco
Password:
ap>
ap>enable
Password:
ap#
ap#configure terminal
Enter configuration commands, one per line.
ap(config)#
ap(config)#interface dot11Radio 0
ap(config-if)#
End with CNTL/Z.
Interface
configuration
5-98
CWLF v1.0m5-40
Global configuration mode: Global configuration commands apply to features that affect
the device as a whole. Use the configure privileged EXEC command to enter global
configuration mode. The default is to enter commands from the management console.
When you enter the configure command, a message prompts you for the source of the
configuration commands.
Interface configuration mode: Interface configuration commands modify the operation of

the interface. Interface configuration commands always follow a global configuration
command, which defines the interface type. Use the interface interface-id command to
access interface configuration mode.
Cisco IOS Command Reference

Privileged EXEC
37 802.11 commands
Global configuration
15 802.11 commands
Configuration interface
35 802.11 commands
CWLF v1.0m5-41
The Cisco IOS command reference is for the networking professional using the Cisco IOS CLI
to manage Cisco Aironet access points and bridges that run Cisco IOS software. Before using
this guide, you should have experience working with Cisco IOS commands and access point
and bridge software features; you also need to be familiar with the concepts and terminology of
Ethernet and local area networking.
This guide provides information about new and revised Cisco IOS commands. For information
about the standard Cisco IOS commands, refer to the IOS documentation set available from the
Cisco.com home page by selecting Service and Support > Technical Documents. On the
Cisco Product Documentation home page, select Release 12.3 from the Cisco IOS software
drop-down list.
You can access the most current Cisco documentation at this URL:
http://www.cisco.com/techsupport
You can access the Cisco website at this URL:
http://www.cisco.com
You can access international Cisco websites at this URL:
http://www.cisco.com/public/countries_languages.shtml
5-99
Cisco IOS Power Local Example

AP(config-if)# power local cck 50
CWLF v1.0m5-42
Use the power local configuration interface command to configure the access point or bridge
radio power level. Use the no form of the command to reset the parameter to defaults. On the
2.4-GHz, 802.11g radio, you can set OFDM power levels and CCK power levels. CCK
modulation is supported by 802.11b and 802.11g devices. OFDM modulation is supported by
802.11g and 802.11a devices. The figure shows how to set the power level of an 802.11g radio
to 50 mW.
2.4-GHz Access Point Radio (802.11b)
[no] power local {1 | 5 | 20 | 30 | 50 | 100 | maximum}3
2.4-GHz Access Point Radio (802.11g)
[no] power local cck {1 | 5 | 10 | 20 | 30 | 50 | 100 | maximum}1
[no] power local cck {-1 | 2 | 5 | 8 | 11 | 14 | 15 | 17 | 20 | maximum}4
[no] power local ofdm {1 | 5 | 10 | 20 | 30 | maximum}1
[no] power local ofdm {-1 | 2 | 5 | 8 | 11 | 14 | 17 | maximum}2
5-GHz Access Point Radio (801.11a)
[no] power local {5 | 10 | 20 | 40 | maximum}1
[no] power local { -1 | 2 | 5 | 8 | 11 | 14 | 15 | maximum}2
[no] power local { -1 | 2 | 5 | 8 | 11 | 14 | 15 | 17 | maximum}2
1400 Series Bridge 5.8-GHz Radio
[no] power local {12 | 15 | 18 | 21 | 22 | 23 | 24 | maximum}2
5-100
Note
The maximum transmit power depends on your regulatory domain and the antenna gain for
your access point or bridge. For additional information refer to the "Channels and Antenna
Settings" section of the hardware installation guide for your access point or bridge.
Note
The supported transmit power levels differ on the various access points and bridges.
Note
This command requires the radio to be turned on and enabled to determine valid power
settings allowed on your access point radio.
The default local power level is maximum.

1
Power settings in mW.
Power settings in dBm.
Power settings in mW.
Power settings in dBm
5-101
Cisco IOS SSID Example

AP(config)# dot11 ssid class
AP(config-if)# ssid class
CWLF v1.0m5-43
The figure shows how to create an SSID of Ivory-AP25.

Use the ssid interface configuration command to assign a globally configured SSID to a radio
interface. Use the no form of the command to remove an SSID from a radio interface.
[no] ssid ssid-string
In Cisco IOS Release 12.3(4)JA, you can configure SSIDs globally or for a specific radio
interface, but all SSIDs are stored globally. After you use the dot11 ssid global interface
command to create an SSID, you use the ssid command to assign the SSID to a specific
interface.
Syntax Description
ssidstring
Specifies the SSID name for the radio, expressed as a case-sensitive alphanumeric
string from 1 to 32 characters.
Defaults: On access points, the factory default SSID is tsunami. On bridges, the default SSID
is autoinstall.
Command Modes: Configuration interface.
Command History
5-102
Release
Modification
12.2(4)JA
This command was introduced
Cisco IOS Channel Example

AP(config-if)# channel 2457
CWLF v1.0m5-44
Use the channel interface configuration command to set the radio channel frequency. The
access point in the figure changes to frequency 2457. (channel 10)
Use the channel configuration interface command to set the radio channel frequency. Use the
no form of this command to reset the channel frequency to defaults.
[no] channel {number | frequency | least-congested}
Channels and Center Frequencies for 2.4-GHz Radios (both 802.11b and
802.11g)
Channel Identifier
Frequency
(MHz)
Channel Identifier
Frequency
(MHz)
2412
2447
2417
2452
2422
10
2457
2427
11
2462
2432
12
2467
2437
13
2472
2442
14
2484
5-103
Channels and Center Frequencies for Access Point 5-GHz Radios

Channel
Identifier
Frequency
(MHz)
Channel
Identifier
Frequency
(MHz)
Channel
Identifier
Frequency
(MHz)
34
5170
100
5500
149
5745
36
5180
104
5520
153
5765
38
5190
108
5540
157
5785
40
5200
112
5560
161
5805
42
5210
116
5580
165
5825
44
5220
120
5600
46
5230
124
5620
48
5240
128
5640
52
5260
132
5660
56
5280
136
5680
60
5300
140
5700
64
5320
Channels and Center Frequencies for the 1400 Series Bridge 5-GHz Radio
Channel Identifier
Frequency
(MHz)
149
5745
153
5765
157
5785
161
5805
Defaults: The default channel setting is least-congested.

Command Modes: Configuration interface.
5-104
Cisco IOS Channel Example (Cont.)
CWLF v1.0m5-45
The channel interface configuration command allows the option of entering the channel three
different ways:
By the assigned channel number:
By the frequency:
AP(config-if)# channel 10
AP (config-if)# channel 2457
Scan for the least-congested radio channel:
AP (config-if) # channel least-congested
5-105
Lesson Self-Check
Q1)
A root access point can only communicate with a/an ________ on the wired
infrastructure? (Choose one.) (Source: Role in the Radio Network)
A)
B)
C)
D)
Q2)
Which of the following is the default page for the GUI interface of an autonomous
access point? (Choose one.) (Source: Home Page)
A)
B)
C)
D)
Q3)
Required
Enabled
Disabled
Broadcast
Which of the following is not configured under the Advanced Services area? (Choose
one.) (Source: Advanced Services)
A)
B)
C)
D)
5-106
8
12
16
24
Which of the following data rate settings is used for broadcast traffic? (Choose one.)
(Source: Network Interfaces)
A)
B)
C)
D)
Q6)
Access Point
Repeater
Non-root Bridge without clients
Workgroup Bridge
How many SSIDs can be created on the Express Security Setup page? (Choose one.)
(Source: Express Security Setup)
A)
B)
C)
D)
Q5)
Home
Express Setup
Express Security
Event Log
Which of the following settings should be chosen if the access point is not connected to
the Ethernet? (Choose one.) (Source: Express Setup)
A)
B)
C)
D)
Q4)
Repeater
Client
Access point
Workgroup bridge
VLANs
QoS
Filters
SSID
Q7)
When configuring a VLAN, the Ethernet port is set to which of the following? (Choose
one.) (Source: VLAN Configuration)
A)
B)
C)
D)
Q8)
Which of the following is true of SSIDs not assigned to a VLAN? (Choose one.)
(Source: VLAN Configuration)
A)
B)
C)
D)
Q9)
True
False
MAC address filters can be created for which of the following? (Choose one.) (Source:
Filtering)
A)
B)
C)
Q12)
Radio Interface and SSID

Radio Interface and Ethernet Interface
Ethernet Interface and SSID
SSID and Bridge Virtual Interface
SNMP is enabled by default on the access point. (Source: SNMP)

A)
B)
Q11)
They are assigned as broadcast SSIDs

They are assigned to the native VLAN
They are disabled
They are assigned to the last VLAN created
Choose the correct answer to fill in the blanks in the following question. QoS policies
are assigned to the _________ and _______when no VLANs are enabled. (Choose
one.) (Source: Quality of Service)
A)
B)
C)
D)
Q10)
802.1q
SSL
Normal
802.11q
Source MAC address

Source and Destination MAC address
Destination MAC address
When configuring the SSID via the command line, the SSID is created by which of the
following commands? (Choose one.) (Source: Access Point Cisco IOS Command Line)
A)
B)
C)
D)
AP#(config) ssid
AP#(config-if) ssid
AP#(config) dot11 ssid
AP#(config-if) dot11 ssid
5-107
5-108
Q1)
Q2)
Q3)
Q4)
Q5)
Q6)
Q7)
Q8)
Q9)
Q10)
Q11)
Q12)
Summary
Summary
In this lesson we learned where and how to configure
features in access points and bridges using the GUI.
We also learned where and how to configure features
in access points and bridges using the command line
interface.
CWLF v1.0m5-48
5-109
5-110

Wireless Cisco

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Wireless Cisco

Hochgeladen von

Copyright:

Verfügbare Formate

CWLF

Cisco Wireless LAN

Copyright 2006, Cisco Systems, Inc. All rights reserved.

Course Introduction .......................................................................................................... 1

Module 1: Cisco Aironet WLAN Overview

Lesson 2: Defining Antenna Concepts ................................................................. 1-45

Module 2: Cisco Aironet WLAN Products

Copyright 2006, Cisco Systems, Inc.

Cisco Wireless LAN Fundamentals (CWLF) v1.0

Lesson 2: Describing WLAN Client Adapters.................................................. 2-33

Lesson 3: Describing WLAN Network Management, Control, and Services 2-45

Lesson 4: Introducing Access Point Enterprise-Class Features................... 2-71

Module 3: Wireless Bridges

Lesson 2: Choosing Roles in the Radio Network.......................................... 3-29

Cisco Wireless LAN Fundamentals (CWLF) v1.0

Copyright 2006, Cisco Systems, Inc.

Comparing Access Points and Bridges.............................................................................3-37

Lesson 3: Determining Bridge Path Information ................................................. 3-55

Module 4: Aironet Desktop Utility

Lesson 2: Installing and Configuring Aironet Desktop Utility ............................ 4-15

Module 5: Core Access Point and Bridge Basic Configuration

Lesson 2: Setting up Autonomous Access Point Hardware............................... 5-31

Cisco Wireless LAN Fundamentals (CWLF) v1.0

Overview .................................................................................................................. 5-31

Lesson 3: Configuring the Access Point ....................................................... 5-53

Cisco Wireless LAN Fundamentals (CWLF) v1.0

Copyright 2006, Cisco Systems, Inc.

Learner Prerequisite Skills and Knowledge

Learner Skills and Knowledge

2006 Cisco Systems, Inc. All rights reserved.

Course Goal and Objectives

2006 Cisco Systems, Inc. All rights reserved.

Define concepts and describe considerations for deploying wireless bridges

Configure a Cisco client card with Cisco utilities

Configure the core access point and bridge

Configure an advanced featured WLAN using a Cisco wireless LAN controller

Implement a WLAN management solution available from Cisco

Perform an initial configuration of a WLAN

Cisco Wireless LAN Fundamentals (CWLF) v1.0

Copyright 2006, Cisco Systems, Inc.

2006 Cisco Systems, Inc. All rights reserved.

Copyright 2006, Cisco Systems, Inc.

Cisco Icons and Symbols

Cisco Icons and Symbols (Cont.)

2006 Cisco Systems, Inc. All rights reserved.

Cisco Wireless LAN Fundamentals (CWLF) v1.0

Copyright 2006, Cisco Systems, Inc.

Cisco Glossary of Terms

Copyright 2006, Cisco Systems, Inc.

Cisco Wireless LAN Fundamentals (CWLF) v1.0

Copyright 2006, Cisco Systems, Inc.

Cisco Aironet WLAN Overview

Describe antenna basics

Cisco Wireless LAN Fundamentals (CWLF) v1.0

Copyright 2006, Cisco Systems, Inc.

Describing Wireless LAN

Describe the 2.4- and 5-GHz bands

Describe the various 2.4-GHz antennas available from Cisco

Describe the modulation technique used by 802.11a

Unlicensed Frequency Bands

Unlicensed Frequency Bands

2.4 2.4835 GHz

2005 Cisco Systems, Inc. All rights reserved.

900-MHz band: 902. to 928. MHz