Saturday, May 21, 2011

Beacon Period commands on Autonomous APs

Time for another post!

I'm hard at work looking at some more autonomous AP commands.  This time it's beacon periods!  So, on an AAP, how would you configure the beacon period to 100 milliseconds?

One would be tempted to look under the radio interface:

"ap#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
ap(config)#int d0
ap(config-if)#beac ?
  dtim-period  dtim period
  period       beacon period

ap(config-if)#beac per ?
  <20-4000>  Kusec (or msec)"

What's that, you've never heard of Kusec before?!  Where have you been?

I looked it up, and apparently Kusec is a kilomicrosecond...  And what, exactly, is that?  1.024 ms.  So now, to set your AP beacon period to 100 milliseconds you are forced to do a bit of math:

100 ms / 1.024 = 97.66 Kusec.

What about the DTIM period?  That's a bit easier - just the number of beacons to wait before multicast traffic is transmitted.

Labels: , , , , , , ,

AP Authentication vs. MFP

If you have ever been confused by these two settings, you're not alone.  MFP and AP Authentication are both configured from the same page via the WLC GUI.  This makes one ponder the difference between the two options.

According to Cisco, AP Authentication is used for encrypting the AP to AP RRM traffic whereas MFP is used to protect the 802.11 management frames (hence the name...).  Also, it should be noted that these two options are mutually exclusive.

AP Authentication -

Labels: , , , ,

Tuesday, May 10, 2011

Autonomous AP voice QoS

There are a number of settings one must configure via CLI to get voice QoS working on an AAP.  This is my attempt at putting all of them in a single post...  I can already see the edits coming:

dot11 ssid
 admit traffic
//Enables call admission control on the SSID.
dot11 arp-cache optional
//Best practices.  Reduces WLAN overhead by allowing AP to respond to ARP for known clients
dot11 priority-map avvid
//Forces the AP to translate from 802.11e to 802.1p
dot11 phone [dot11e]
//Configures the QBSS IE for 7920 or 802.11e (i.e. 7921, etc)
interface Dot11Radio0
 speed basic-12.0 18.0 24.0
//Best practice datarates for 802.11a/g/n; for 802.11b use basic-11.0
 dot11 qos class voice local
    admit-traffic narrowband max-channel 70 roam-channel 6
//sets AP CAC to allow 64% of bandwidth to voice + 6% roaming = 70%
 dot11 qos class voice cell
//Allows the AP to factor in client QBSS readings for CAC

class-map voice
 match ip dscp ef
class-map video
 match ip dscp cs4
class-map voicecontrol
 match ip dscp cs3
//Create class maps to identify traffic
policy-map QoS
 class voice
  set cos 6
 class video
  set cos 5
 class voicecontrol
  set cos 4
//Create a policy map to tag traffic
int d0.20
 service-policy input QoS
 servicy-policy output QoS
//Tag the traffic as it traverses your wireless interface
int f0.20
 service-policy input QoS
 service-policy output QoS
//Tag the traffic as it traverses your wired interface

It is important to ensure that your traffic is tagged on both the wired and wireless interfaces because the traffic could be coming off another SSID on the AP (int d0.10 for example).
I guess that's about it.  Not nearly as daunting when you get them all down in one place ;)

Labels: , , , , , , , , , , , , , , ,

Sunday, May 8, 2011

WLC Mobility

Best Practices for Mobility:

1.  Use the same, non-routable virtual IP.  To verify the virtual address, use the show interface summary command.  Also, ping the virtual address to make sure it's not routable.

2.  All controllers must be configured for the same LWAPP transport mode.  Use the show switchconfig command to verify LWAPP transport mode, and the config switchconfig mode to change any of the parameters.

3.  IP connectivity between all WLCs is required (checked by creating the tunnel)

4.  WLCs must have the same mobility group (except for guest tunneling)

5.  WLCs must be running the same version of code.

6.  MACs and IPs are required to build the tunnel.

7.  Do not create overly large mobility groups.


Labels: ,

Saturday, May 7, 2011

Ensuring that traffic to/from APs arrives on the same controller port

My good friend Leigh is really doing a bang up job on his blog...  Putting me to shame!  It's given me motivation to make the following post though.

Here's something that I just read in the WLC Configuration Best Practices:

"With the Cisco IOS Software Release 12.2(33)SXH6, there is an option for PFC3C mode chassis to exclude VLAN in the Load-distribution . Use the port-channel load-balance src-dst-ip exclude vlan command in order to implement this feature. This feature ensures that traffic that belongs to a LAP that enters on the same port."

The bold is original, I added the italics for emphasis.  On my configs I've always used port-channel load-balance src-dst-ip, but never exclude vlan...  Seems like a good thing to try my next go-round.

Labels: , , , ,