Wireless AP Services Flashcards
Universal AP
- the regulatory domain and country configuration for your AP define the valid set of channels and allowed power levels for the country where your AP is installed
Manual Priming
- SSID must be set for WPA2-PSK
- need to manually prime at least one universal AP in the RF neighborhood
- a smart phone running the Cisco AirProvision app and in the same WLAN as the universal AP is connected to the AP’s SSID. AirProvision uses both the GPS coordinates of the phone and the mobile country code to determine the location of the smart phone and prime it accordingly
Automatic Priming
- once an AP has been manually primed, it can use the Cisco proprietary Neighbor Discovery Protocol (NDP) mechanism to automatically prime the other APs in the RF neighborhood
- APs awaiting priming identify secure Cisco Aironet Universal Access Points in the RF neighborhood and learn domain configurations from an adjacent, primed AP 802.11 beacon frame
- Any universal AP that was previously primed to a different country and regulatory domain will require manual priming to correct its country configuration
CAPWAP Discovery Methods
1) Subnet broadcast - AP sends CAPWAP discovery request, and WLC responds; can be enabled as a L3 discovery when WLCs are on different subnet – uses IP and UDP instead of MAC
2) Locally Stored IPv4 or IPv6 Address - IP of the primary, secondary, and tertiary controllers are stored in NVRAM. AP learns the IPs of other members in the mobility group and this info is cached even after a reboot
3) DHCP vendor option - uses option 43 with IPv4 and option 52 with IPv6 and can receive controller IPs in DHCP ACK msgs
4) DNS - if the DHCP server is configured to provide both option 006 (DNS server address) and option015 (domain name) information, the AP can obtain WLC addr from the DNS server
CAPWAP Discovery via DNS
1) The AP gets its IP from DHCP with Options 6 & 15 configured
2) The AP can obtain the IP address of the DNS server from the DHCP option
3) The AP will use this information to perform a hostname lookup using CISCO-CAPWAP-CONTROLLER.blahdomain which resolves to an available WLC mgmt IP
4) The AP will then be able to perform a directed send packet to associate to responsive WLCs
AP Join Order
1) Primary
2) Secondary
3) Tertiary
4) Master
5) Least Loaded
AP Join Phase without Master
- the process assumes there is only one interface that is capable of mgmt per WLC and more than 3 APs are registered
- load balancing doesn’t activate until there is a minimum of 3 APs that are associated to a WLC
- WLCs respond to discovery requests with its AP capacity and occupancy and APs use this to determine the least loaded WLC
- load is a relative value - a 50-AP controller having 10 APs is considered less loaded (20%) than a 6-AP controller having 3 APs (50%)
AP Failover
- in a WLC failure, the associated APs will migrate to other WLCs
- APs will fall back to their primary controller when it comes back online, assuming fallbank hasn’t been disabled
- APs maintain a list of backup WLCs and periodically send a primary discovery request to each. The interval is configurable btwn 30 - 3600s with a default of 120s
AP Heartbeat
- AP uses a hello packet as a heartbeat to the WLC with a default interval of 30s
- whenever one heartbeat ACK is missed, the AP resends the heartbeat up to 5 times at 1-sec intervals
- both the retransmit count and interval are configurable
AP Migration Methods
1) Per access point configuration of a primary, secondary, and tertiary
2) A WLC configuration of a global primary and secondary controller
Failover Priorities
Low - Assigns the AP to the level 1 priority, which is the lowest & default
Medium - Assigns the AP to the level 2
High - Assigns the AP to level 3
Critical - Assigns the AP to level 4
Wireless HA
1) Assign primary, secondary, tertiary per AP
2) N+1 WLC HA
3) AP SSO HA
N+1 WLC Best Practices
1) Place backup WLC in a geographically separate location (NOC or DC)
2) Configure HA parameters to detect failure faster (min 30s) – global WLC parameters
3) Use AP priority in case of oversubscription (not enough licenses) of redundant WLC
4) Use the HA SKU. A secondary controller running a minimum AP count license and configured as a HA SKU controler provides the mx AP capacity as supported by the hardware
AP SSO HA
- 1:1 active/standby stateful switchover design
- after HA is enabled, both primary & secondar are rebooted
- during an AP SSO, all AP sessions statefully switch over, and all clients are deauthenticated and reassociated with the new controller
- standby monitors active’s health over dedicated redundancy port
- both active & standby have same configs, including mgmt ip
- no pre-empt functionality
- active/standby WLC decided with HA SKU (HA SKU becomes standby and permanent license count becomes active) or based on manual configuration
- SSO will work for clients that have already authenticated and gone through DHCP phase
WLC Redundancy Port
- used for configuration, operational data synchronization, and role negotiation
