Installing and Configuring Licenses
Note All features included in a WPlus license are now included in the base license in controller releases 6.0.195.0 and later. These WPlus license features are included in the base license:
- Office Extend AP
- Enterprise Mesh
- CAPWAP Data Encryption
This licensing change can affect features on your wireless LAN when you upgrade or downgrade software releases, so you should be aware of these guidelines:
- If you have a WPlus license and you upgrade from 6.0.18x to 6.0.195.0 or later: Your license file contains both Basic and WPlus license features. You won’t see any disruption in feature availability and operation.
- If you have a WPlus license and you downgrade from 6.0.195.0 to 6.0.188 or 6.0.182: The license file in 6.0.195.0 contains both Basic and WPlus license features, so you won’t see any disruption in feature availability and operation.
- If you have a base license and you downgrade from 6.0.195.0 to 6.0.188 or 6.0.182: When you downgrade, you lose all WPlus features.
Note Some references to WPlus licenses remain in the controller CLI and GUI in release 6.0.195.0. However, WPlus license features have been included in the Base license, so you can ignore those references.
Two types of licenses are required in order to use the 5500 series controllers in releases 6.0.188.0 and earlier:
-
An image-based license (base or wplus), which determines the feature set that the controller uses
-
An ap-count license (base-ap-count or wplus-ap-count), which determines the number of access points that the controller supports (12, 25, 50, 100, or 250)
Note These controller platforms do not require licenses: 2100 and 4400 series controllers, Cisco WiSMs, Controller Network Modules, and Catalyst 3750G Integrated Wireless LAN Controller Switches.
The base license supports the standard base software set, and the wplus license supports the premium wireless plus (wplus) software set. The wplus software set provides the standard base feature set as well as this functionality:
-
Datagram Transport Layer Security (DTLS) data encryption for added security across remote WAN and LAN links
Note Refer to the “Configuring Data Encryption” section for more information on data encryption.
-
Support for OfficeExtend access points, which are used for secure mobile teleworking
Note Refer to the “OfficeExtend Access Points” section for more information on OfficeExtend access points.
-
Support for the 1130AG and 1240AG series indoor mesh access points, which dynamically establish wireless connections in locations where it might be difficult to connect to the wired network
Note Cisco Aironet 1520 series outdoor mesh access points can be used with the 5500 series controller without a wplus license.
Note Refer to the Controlling Mesh Access Points chapter for more information about mesh access points.
Data-encrypted, OfficeExtend, and indoor mesh access points can join a 5500 series controller only if the wplus license is installed on the controller. If the wplus license is not installed, the access points cannot join the controller, and one of the following messages appears in the controller trap log:
-
“Data DTLS: AP Configured for Data DTLS but license not available”
-
“License Not Available for feature: IndoorMeshAP”
-
“License Not Available for feature: OfficeExtendAP”
To view the controller trap log, choose
Monitor
and click
View All
under “Most Recent Traps” on the controller GUI (see Figure 1).
Note You can also view traps by using SNMP-based management tools.
Figure 1 Trap Logs Page
The ap-count licenses and their corresponding image-based licenses are installed together. For example, the base-ap-count license is installed with the base license, and the wplus-ap-count license is installed with the wplus license. The controller keeps track of the licensed access point count and does not allow more than that number of access points to associate to it.
The 5500 series controller is shipped with both permanent and evaluation base and base-ap-count licenses, evaluation wplus and wplus-ap-count licenses, and if you ordered the wplus software set, permanent wplus and wplus-ap-count licenses. It is configured to use the permanent base or permanent wplus licenses, depending on the feature set ordered. If desired, you can activate the evaluation licenses, which are designed for temporary use and set to expire after 60 days.
Note Refer to the “Choosing the Licensed Feature Set” section for instructions on activating an image-based evaluation license and the “Activating an AP-Count Evaluation License” section for instructions on activating an ap-count evaluation license.
No licensing steps are required after you receive your 5500 series controller because the licenses you ordered are installed at the factory. In addition, licenses and product authorization keys (PAKs) are pre-registered to serial numbers. However, as your wireless network evolves, you might want to add support for additional access points or upgrade from the standard software set to the wplus software set. To do so, you need to obtain and install an upgrade license.
Obtaining an Upgrade License
A certificate with a product authorization key (PAK) is required before you can obtain an upgrade license for either the standard or wplus software.
You can upgrade your controller’s access point count only to one of the approved tiers (25, 50, 100, or 250), and you must upgrade from one tier to the next without skipping any tiers. For example, if you have a base-ap-count or wplus-ap-count license with a 12-access-point count and want to upgrade to 100 access point support, you need to buy a -25U, -50U, and -100U upgrade license. The license with the greatest access point count represents the total number of access points supported by your controller. In the previous example, the -100U upgrade license is the license with the greatest access point count, so the controller would support up to 100 access points.
Note If you skip any tiers when upgrading (for example, if you do not install the -25U and -50U licenses along with the -100U), the license registration fails.
For a single controller, you can order different upgrade licenses in one transaction (for example, -25U, -50U, -100U, and -250U), for which you receive one PAK with one license. Then you have only one license (instead of four) to install on your controller.
If you have multiple controllers and want to upgrade all of them, you can order multiple quantities of each upgrade license in one transaction (for example, you can order 10 each of the -25U, -50U, -100U, and -250 upgrade licenses), for which you receive one PAK with one license. You can continue to register the PAK for multiple controllers until it is exhausted.
Note You cannot install a wplus license that has an access point count greater than the controller’s base license. For example, you cannot apply a wplus-ap-count 100 license to a controller with an existing base-ap-count 12 license. If you attempt to register for such a license, an error message appears indicating that the license registration has failed. Before upgrading to a wplus-ap-count 100 license, you would first have to upgrade the controller to a base-ap-count 100 or 250 license.
Follow these steps to obtain and register a PAK certificate.
Step 1 Order the PAK certificate for an upgrade license through your Cisco channel partner or your Cisco sales representative, or order it online at this URL:
http://www.cisco.com/go/ordering
Step 2 If you are ordering online, begin by choosing the primary upgrade SKU
L-LIC-CT5508-UPG
. Then choose any number of the following options to upgrade one or more controllers under one PAK:
-
L-LIC-CT5508-25U
—5500 series controller 12 to 25 access point upgrade license.
-
L-LIC-CT5508-50U
—5500 series controller 25 to 50 access point upgrade license.
-
L-LIC-CT5508-100U
—5500 series controller 50 to 100 access point upgrade license.
-
L-LIC-CT5508-250U
—5500 series controller 100 to 250 access point upgrade license.
-
L-LIC-WPLUS-12
—wplus feature license for up to 12 Cisco access points.
-
L-LIC-WPLUS-25
—wplus feature license for up to 25 Cisco access points.
-
L-LIC-WPLUS-50
—wplus feature license for up to 50 Cisco access points.
-
L-LIC-WPLUS-100
—wplus feature license for up to 100 Cisco access points.
-
L-LIC-WPLUS-250
—wplus feature license for up to 250 Cisco access points.
-
L-LIC-WPLUS-25U
—wplus feature license upgrade for 12 to 25 Cisco access points.
-
L-LIC-WPLUS-50U
—wplus feature license upgrade for 25 to 50 Cisco access points.
-
L-LIC-WPLUS-100U
—wplus feature license upgrade for 50 to 100 Cisco access points.
-
L-LIC-WPLUS-250U
—wplus feature license upgrade for 100 to 250 Cisco access points.
When you use these SKUs, your certificate is delivered to you by email.
Note If you require a paper certificate for Customs, order it without the “L-” in the SKU (for example, LIC-WPLUS-250U) and choose to ship it using US mail.
Step 3 After you receive the certificate, use one of two methods to register the PAK:
-
Cisco License Manager (CLM)
—This method automates the process of obtaining licenses and deploying them on Cisco devices. For deployments with more than five controllers, Cisco recommends using CLM to register PAKs and install licenses. You can also use CLM to rehost or RMA a license.
Note You cannot use CLM to change the licensed feature set or activate an ap-count evaluation license. To perform these operations, you must follow the instructions in the “Choosing the Licensed Feature Set” section and the “Activating an AP-Count Evaluation License” section. Because you can use CLM to perform all other license operations, you can disregard the remaining licensing information in this chapter except these two sections and the “Configuring the License Agent” section if you want your controller to use HTTP to communicate with CLM.
Note You can download the CLM software and access user documentation at this URL:
http://www.cisco.com/go/clm
Step 4 To use the licensing portal to register the PAK, follow these steps:
a. Go to
http://www.cisco.com/go/license
b. On the main Product License Registration page, enter the PAK mailed with the certificate in the Product Authorization Key (PAK) field and click
Submit
.
c. On the Validate Features page, enter the number of licenses that you want to register in the Qty field and click
Update
.
d. To determine the controller’s product ID and serial number, choose
Controller
>
Inventory
on the controller GUI or enter the
show license udi
command on the controller CLI.
Information similar to the following appears on the controller CLI:
------- -------------------- ----------------------- --------------------------------- *0 AIR-CT5508-K9 FCW1308L030 AIR-CT5508-K9:FCW1308L030
e. On the Designate Licensee page, enter the product ID and serial number of the controller on which you plan to install the license, read and accept the conditions of the end-user license agreement (EULA), complete the rest of the fields on this page, and click
Submit
.
f. On the Finish and Submit page, verify that all information is correct and click
Submit
.
g. When a message appears indicating that the registration is complete, click
Download License
. The license is emailed within 1 hour to the address you specified.
h. When the email arrives, follow the instructions provided.
i. Copy the license file to your TFTP server.
j. Follow the instructions in the “Installing a License” section below to install the license on your controller.
Installing a License
You can use the controller GUI or CLI to install a license on a 5500 series controller.
Note Cisco recommends that the access point count be the same for the base-ap-count and wplus-ap-count licenses installed on your controller. If your controller has a base-ap-count license of 100 and you install a wplus-ap-count license of 12, the controller supports up to 100 access points when the base license is in use but only a maximum of 12 access points when the wplus license is in use.
Using the GUI to Install a License
Using the controller GUI, follow these steps to install a license on the controller.
Step 1 Choose
Management
>
Software Activation
>
Commands
to open the License Commands page (see Figure 2).
Figure 2 License Commands Page
Step 2 From the Action drop-down box, choose
Install License
. The Install License from a File section appears (see Figure 3).
Figure 3 License Commands (Install License) Page
Step 3 In the File Name to Install field, enter the path to the license (*.lic) on the TFTP server.
Step 4 Click
Install License
. A message appears to show whether the license was installed successfully. If the installation fails, the message provides the reason for the failure, such as the license is an existing license, the path was not found, the license does not belong to this device, you do not have correct permissions for the license, and so on.
Step 5 If the end-user license agreement (EULA) acceptance window appears, read the agreement and click
Accept
to accept the terms of the agreement.
Note Typically you are prompted to accept the EULA for evaluation, extension, and rehost licenses. The EULA is also required for permanent licenses, but it is accepted during license generation.
Step 6 To save a backup copy of all installed licenses, follow these steps:
a. From the Action drop-down box, choose
Save License
.
b. In the File Name to Save field, enter the path on the TFTP server where you want the licenses to be saved.
Note You cannot save evaluation licenses.
c. Click
Save Licenses
.
Step 7 Reboot the controller.
Step 8 Follow the instructions in the “Viewing Licenses” section to see the status of the license that you installed.
Step 9 If the desired license is not being used by the controller, follow the instructions in the “Choosing the Licensed Feature Set” section or the “Activating an AP-Count Evaluation License” section to change the license that is used by the controller.
Using the CLI to Install a License
Using the controller CLI, follow these steps to install a license on the controller.
Step 1 To install a license on the controller, enter this command:
license install
url
where
url
is tftp://
server_ip
/
path
/
filename
.
Note To remove a license from the controller, enter this command: license clear license_name. For example, you might want to delete an expired evaluation license or any unused license. You cannot delete unexpired evaluation licenses, the permanent base image license, or licenses that are in use by the controller.
Step 2 If you are prompted to accept the end-user license agreement (EULA), read and accept the terms of the agreement.
Note Typically you are prompted to accept the EULA for evaluation, extension, and rehost licenses. The EULA is also required for permanent licenses, but it is accepted during license generation.
Step 3 To add comments to a license or delete comments from a license, enter this command:
license comment
{
add
|
delete
}
license_name comment_string
Step 4 To save a backup copy of all installed licenses, enter this command:
license save
url
where
url
is tftp://
server_ip
/
path
/
filename
.
Step 5 To reboot the controller, enter this command:
reset system
Step 6 Follow the instructions in the “Viewing Licenses” section to see the status of the license you installed.
Step 7 If the desired license is not being used by the controller, follow the instructions in the “Choosing the Licensed Feature Set” section or the “Activating an AP-Count Evaluation License” section to change the license that is used by the controller.
Using the GUI to View Licenses
Using the controller GUI, follow these steps to view licenses on the controller.
Step 1 Choose
Management
>
Software Activation
>
Licenses
to open the Licenses page (see Figure 4).
Figure 4 Licenses Page
This page lists all of the licenses installed on the controller. For each license, it shows the license type (permanent, evaluation, or extension), expiration, count (the maximum number of access points allowed for this license), priority (low, medium, or high), and status (in use, not in use, inactive, or EULA not accepted).
Note If you ever want to remove a license from the controller, hover your cursor over the blue drop-down arrow for the license and click Remove. For example, you might want to delete an expired evaluation license or any unused license. You cannot delete unexpired evaluation licenses, the permanent base image license, or licenses that are in use by the controller.
Step 2 To view more details for a particular license, click the link for the desired license. The License Detail page appears (see Figure 5).
Figure 5 License Detail Page
This page shows the following additional information for the license:
-
The license type (permanent, evaluation, or extension)
-
The license version
-
The status of the license (in use, not in use, inactive, or EULA not accepted)
-
The length of time before the license expires
Note Permanent licenses never expire.
-
Whether the license is a built-in license
-
The maximum number of access points allowed for this license
-
The number of access points currently using this license
Step 3 If you want to enter a comment for this license, type it in the Comment field and click
Apply.
Step 4 Click
Save Configuration
.
Using the CLI to View Licenses
Enter these CLI commands to view licenses on the controller.
-
To see the license level, license type, and number of access points licensed on the controller, enter this command:
show sysinfo
Information similar to the following appears:
Product Name..................................... Cisco Controller Product Version.................................. 6.0.118.0 Current Boot License Level....................... wplus Current Boot License Type........................ Permanent Next Boot License Level.......................... wplus Next Boot License Type........................... Permanent Power Supply 1................................... Not Available Power Supply 2................................... Not Available Maximum number of APs supported............... 250
-
To see a brief summary of all active licenses installed on the controller, enter this command:
show license summary
Information similar to the following appears:
License State: Active, In Use License Count: Non-Counted Index 2 Feature: wplus-ap-count License State: Active, In Use License State: Active, Not in Use License Count: Non-Counted Index 4 Feature: base-ap-count Period left: 8 weeks 3 days License State: Active, Not in Use, EULA accepted
-
To see all of the licenses installed on the controller, enter this command:
show license all
Information similar to the following appears:
License Store: Primary License Storage StoreIndex: 0 Feature: wplus-ap-count Version: 1.0 License State: Active, In Use StoreIndex: 1 Feature: base Version: 1.0 License State: Active, Not in Use License Count: Non-Counted StoreIndex: 2 Feature: wplus Version: 1.0 License State: Active, In Use License Count: Non-Counted License Store: Evaluation License Storage StoreIndex: 0 Feature: wplus Version: 1.0 Evaluation total period: 8 weeks 4 days Evaluation period left: 6 weeks 6 days License Count: Non-Counted StoreIndex: 1 Feature: wplus-ap-count Version: 1.0 Evaluation total period: 8 weeks 4 days Evaluation period left: 8 weeks 2 days StoreIndex: 2 Feature: base Version: 1.0 Evaluation total period: 8 weeks 4 days Evaluation period left: 8 weeks 4 days License Count: Non-Counted StoreIndex: 3 Feature: base-ap-count Version: 1.0 License State: Active, Not in Use, EULA accepted Evaluation total period: 8 weeks 4 days Evaluation period left: 8 weeks 3 days
-
To see the details for a particular license, enter this command:
show license detail
license_name
Information similar to the following appears:
Index: 1 Feature: base-ap-count Version: 1.0 License State: Active, Not in Use Store Name: Primary License Storage Index: 2 Feature: base-ap-count Version: 1.0 Evaluation total period: 8 weeks 4 days Evaluation period left: 8 weeks 4 days Store Name: Evaluation License Storage
-
To see all expiring, evaluation, permanent, or in-use licenses, enter this command:
show license {expiring | evaluation | permanent | in-use}
Information similar to the following appears for the show license in-use command:
StoreIndex: 2 Feature: wplus-ap-count Version: 1.0 License State: Active, In Use StoreIndex: 3 Feature: wplus Version: 1.0 License State: Active, In Use License Count: Non-Counted
-
To see the maximum number of access points allowed for this license on the controller, the number of access points currently joined to the controller, and the number of access points that can still join the controller, enter this command:
show license capacity
Information similar to the following appears:
Licensed Feature Max Count Current Count Remaining Count ----------------- --------------- ------------------- --------------------
-
To see statistics for all licenses on the controller, enter this command:
show license statistics
Information similar to the following appears:
Administrative statistics Install duplicate count: 0
-
To see a summary of license-enabled features, enter this command:
show license feature
Information similar to the following appears:
Feature name Enforcement Evaluation Clear Allowed Enabled wplus-ap-count yes yes yes yes base-ap-count yes yes yes no
Choosing the Licensed Feature Set
You can configure the controller to specify which feature set it uses (base or wplus). Only the base or wplus license can be active at a time. The currently active license determines the feature set and number of access points supported on the controller.
Using the GUI to Choose the Licensed Feature Set
Using the controller GUI, follow these steps to specify which feature set the controller uses.
Step 1 Choose
Management
>
Software Activation
>
License Level
to open the License Level page (see Figure 6).
Figure 6 License Level Page
This page shows the current license level (base or wplus) and the level to be used after the next controller reboot. It also shows the maximum number of access points allowed by the license on the controller, the number of access points currently joined to the controller, and the number of access points that can still join the controller.
Step 2 To learn more about the available license levels, click the
base
or
wplus
license level link to open the Licenses page (see Figure 7).
Figure 7 Licenses Page
This page shows the licenses applicable to this level and the list of features supported.
Step 3 Click
Back
to return to the License Level page.
Step 4 If you want to change the license level, follow these steps:
a. Choose the license level to be used on the next reboot:
base
,
wplus
, or
auto
. If you choose
auto
, the licensing software automatically chooses the license level to use on the next reboot. It chooses permanent licenses over evaluation licenses and wplus licenses over base licenses.
Note If you are considering upgrading from a base license to a wplus license, you can try an evaluation wplus license before upgrading to a permanent wplus license. To activate the evaluation license, you need to set the image level to wplus in order for the controller to use the wplus evaluation license instead of the base permanent license.
Note To prevent disruptions in operation, the controller does not switch licenses when an evaluation license expires. You must reboot the controller in order to return to a permanent license. Following a reboot, the controller defaults to the same feature set level as the expired evaluation license. If no permanent license at the same feature set level is installed, the controller uses a permanent license at another level or an unexpired evaluation license. If no valid licenses are installed, the controller can always operate in base level.
b. Click
Activate
.
c. Click
OK
when prompted to confirm your decision to change the license level on the next reboot.
d. If you are prompted to accept the end-user license agreement (EULA), read and accept the terms of the agreement and then click
Accept
.. The Next Boot Level field now shows the license level that you specified as the level to be used after the next controller reboot.
e. Reboot the controller so that the specified license level takes effect.
Using the CLI to Choose the Licensed Feature Set
Using the controller CLI, follow these steps to specify the feature set that the controller uses.
Step 1 To see the current license level (base or wplus) and the level to be used after the next controller reboot, enter this command:
show sysinfo
Information similar to the following appears:
Product Name..................................... Cisco Controller Product Version.................................. 6.0.118.0 Current Boot License Level....................... wplus Current Boot License Type........................ Permanent Next Boot License Level.......................... wplus Next Boot License Type........................... Permanent
Step 2 To specify the license level to be used on the next reboot, enter this command:
config license boot
{
base
|
wplus
|
auto
}
If you choose
auto
, the licensing software automatically chooses the license level to use on the next reboot. It chooses permanent licenses over evaluation licenses and wplus licenses over base licenses.
Note If you are considering upgrading from a base license to a wplus license, you can try an evaluation wplus license before upgrading to a permanent wplus license. To activate the evaluation license, you need to set the image level to wplus in order for the controller to use the wplus evaluation license instead of the base permanent license.
Note To prevent disruptions in operation, the controller does not switch licenses when an evaluation license expires. You must reboot the controller in order to return to a permanent license. Following a reboot, the controller defaults to the same feature set level as the expired evaluation license. If no permanent license at the same feature set level is installed, the controller uses a permanent license at another level or an unexpired evaluation license.
Step 3 If you are prompted to accept the end-user license agreement (EULA), read and accept the terms of the agreement. The EULA appears if no permanent licenses are installed at the specified boot level and the evaluation license has not yet been activated. In this case, the
config license boot
command changes the license level and activates the evaluation license following a reboot.
Step 4 To see the license level to be used after the next controller reboot, enter this command:
show sysinfo
Step 5 To reboot the controller in order to have your changes take effect, enter this command:
reset system
Activating an AP-Count Evaluation License
If you are considering upgrading to a license with a higher access point count, you can try an evaluation license before upgrading to a permanent version of the license. For example, if you are using a permanent license with a 50-access-point count and want to try an evaluation license with a 100-access-point count, you can try out the evaluation license for 60 days.
AP-count evaluation licenses are set to low priority by default so that the controller uses the ap-count permanent license. If you want to try an evaluation license with an increased access point count, you must change its priority to high. If you no longer want to have this higher capacity, you can lower the priority of the ap-count evaluation license, thereby forcing the controller to use the permanent license.
Note If the ap-count evaluation license is a wplus license and the ap-count permanent license is a base license, you must also change the feature set to wplus. See the “Choosing the Licensed Feature Set” section for instructions.
Note To prevent disruptions in operation, the controller does not switch licenses when an evaluation license expires. You must reboot the controller in order to return to a permanent license. Following a reboot, the controller defaults to the same feature set level as the expired evaluation license. If no permanent license at the same feature set level is installed, the controller uses a permanent license at another level or an unexpired evaluation license.
You can activate ap-count evaluation licenses using the controller GUI or CLI.
Using the GUI to Activate an AP-Count Evaluation License
Using the controller GUI, follow these steps to activate an ap-count evaluation license.
Step 1 To see the current status of all the licenses on your controller, choose
Management
>
Software Activation
>
Licenses
to open the Licenses page (see Figure 8).
Figure 8 Licenses Page
The Status column shows which licenses are currently in use, and the Priority column shows the current priority of each license.
Step 2 To activate an ap-count evaluation license, follow these steps:
a. Click the link for the ap-count evaluation license that you want to activate. The License Detail page appears (see Figure 9).
Figure 9 License Detail Page
b. Choose
High
from the Priority drop-down box and click
Set Priority
.
Note You can set the priority only for ap-count evaluation licenses. AP-count permanent licenses always have a medium priority, which cannot be configured.
c. Click
OK
when prompted to confirm your decision about changing the priority of the license.
d. When the EULA appears, read the terms of the agreement and then click
Accept
.
e. When prompted to reboot the controller, click
OK
.
f. Reboot the controller in order for the priority change to take effect.
g. Click
Licenses
to open the Licenses page and verify that the ap-count evaluation license now has a high priority and is in use. You can use the evaluation license until it expires.
Step 3 If you decide to stop using the ap-count evaluation license and want to revert to using an ap-count permanent license, follow these steps:
a. On the Licenses page, click the link for the ap-count evaluation license that is in use.
b. Choose
Low
from the Priority drop-down box and click
Set Priority
.
Note You can set the priority only for ap-count evaluation licenses. AP-count permanent licenses always have a medium priority, which cannot be configured.
c. Click
OK
when prompted to confirm your decision about changing the priority of the license.
d. When the EULA appears, read the terms of the agreement and then click
Accept
.
e. When prompted to reboot the controller, click
OK
.
f. Reboot the controller in order for the priority change to take effect.
g. Click
Licenses
to open the Licenses page and verify that the ap-count evaluation license now has a low priority and is not in use. Instead, the ap-count permanent license should be in use.
Using the CLI to Activate an AP-Count Evaluation License
Using the controller CLI, follow these steps to activate an ap-count evaluation license.
Step 1 To see the current status of all the licenses on your controller, enter this command:
show license all
Information similar to the following appears:
License Store: Primary License Storage StoreIndex: 0 Feature: base-ap-count Version: 1.0 License State: Active, In Use StoreIndex: 1 Feature: base Version: 1.0 License State: Active, In Use License Count: Non-Counted StoreIndex: 2 Feature: wplus-ap-count Version: 1.0 License State: Active, Not in Use StoreIndex: 3 Feature: wplus Version: 1.0 License State: Active, Not in Use License Count: Non-Counted License Store: Evaluation License Storage StoreIndex: 0 Feature: wplus Version: 1.0 Evaluation total period: 8 weeks 4 days Evaluation period left: 6 weeks 6 days License Count: Non-Counted StoreIndex: 1 Feature: wplus-ap-count Version: 1.0 Evaluation total period: 8 weeks 4 days Evaluation period left: 7 weeks 0 day StoreIndex: 2 Feature: base Version: 1.0 Evaluation total period: 8 weeks 4 days Evaluation period left: 8 weeks 4 days License Count: Non-Counted StoreIndex: 3 Feature: base-ap-count Version: 1.0 License Type: Evaluation
License State: Inactive Evaluation total period: 8 weeks 4 days Evaluation period left: 8 weeks 4 days
The License State field shows the licenses that are in use, and the License Priority field shows the current priority of each license.
Step 2 To activate an ap-count evaluation license, follow these steps:
a. To raise the priority of the base-ap-count or wplus-ap-count evaluation license, enter this command:
license modify priority
license_name
high
Note You can set the priority only for ap-count evaluation licenses. AP-count permanent licenses always have a medium priority, which cannot be configured.
b. To reboot the controller in order for the priority change to take effect, enter this command:
reset system
c. To verify that the ap-count evaluation license now has a high priority and is in use, enter this command:
show license all
You can use the evaluation license until it expires.
Step 3 If you decide to stop using the ap-count evaluation license and want to revert to using an ap-count permanent license, follow these steps:
a. To lower the priority of the ap-count evaluation license, enter this command:
license modify priority
license_name
low
b. To reboot the controller in order for the priority change to take effect, enter this command:
reset system
c. To verify that the ap-count evaluation license now has a low priority and is not in use, enter this command:
show license all
Instead, the ap-count permanent license should be in use.
Rehosting a License
Revoking a license from one controller and installing it on another is called
rehosting
. You might want to rehost a license in order to change the purpose of a controller. For example, if you want to move your OfficeExtend or indoor mesh access points to a different controller, you could transfer the wplus license from one controller to another.
In order to rehost a license, you must generate credential information from the controller and use it to obtain a permission ticket to revoke the license from the Cisco licensing site. Next, you must obtain a rehost ticket and use it to obtain a license installation file for the controller on which you want to install the license.
Evaluation licenses and the permanent base image license cannot be rehosted.
Note A revoked license cannot be reinstalled on the same controller.
Using the GUI to Rehost a License
Using the controller GUI, follow these steps to rehost a license.
Step 1 Choose
Management
>
Software Activation
>
Commands
to open the License Commands page.
Step 2 From the Action drop-down box, choose
Rehost
. The Revoke a License from the Device and Generate Rehost Ticket section appears (see Figure 10).
Figure 10 License Commands (Rehost) Page
Step 3 In the File Name to Save Credentials field, enter the path on the TFTP server where you want the device credentials to be saved and click
Save Credentials.
Step 4 To obtain a permission ticket to revoke the license, follow these steps:
a. Click
Cisco Licensing (
http://www.cisco.com/go/license
).
The Product License Registration page appears (see Figure 11).
Figure 11 Product License Registration Page
b. Under Manage Licenses, click
Look Up a License
.
c. Enter the product ID and serial number for your controller.
Note To find the controller’s product ID and serial number, choose Controller > Inventory on the controller GUI.
d. Open the device credential information file that you saved in In the File Name to Save Credentials field, enter the path on the TFTP server where you want the device credentials to be saved and click Save Credentials. and copy and paste the contents of the file into the Device Credentials field.
e. Enter the security code in the blank box and click
Continue
.
f. Choose the licenses that you want to revoke from this controller and click
Start License Transfer
.
g. On the Rehost Quantities page, enter the number of licenses that you want to revoke in the To Rehost field and click
Continue
.
h. On the Designate Licensee page, enter the product ID and serial number of the controller for which you plan to revoke the license, read and accept the conditions of the end-user license agreement (EULA), complete the rest of the fields on this page, and click
Continue
.
i. On the Review and Submit page, verify that all information is correct and click
Submit
.
j. When a message appears indicating that the registration is complete, click
Download Permission Ticket
. The rehost permission ticket is emailed within 1 hour to the address you specified.
k. After the email arrives, copy the rehost permission ticket to your TFTP server.
Step 5 To use the rehost permission ticket to revoke the license from this controller and generate a rehost ticket, follow these steps on the controller GUI:
a. In the Enter Saved Permission Ticket File Name field, enter the TFTP path and filename (*.lic) for the rehost permission ticket that you generated in To obtain a permission ticket to revoke the license, follow these steps:.
b. In the Rehost Ticket File Name field, enter the TFTP path and filename (*.lic) for the ticket that will be used to rehost this license on another controller.
c. Click
Generate Rehost Ticket
.
d. When the end-user license agreement (EULA) acceptance window appears, read the agreement and click
Accept
to accept the terms of the agreement.
Step 6 To use the rehost ticket generated in To use the rehost permission ticket to revoke the license from this controller and generate a rehost ticket, follow these steps on the controller GUI: to obtain a license installation file, which can then be installed on another controller, follow these steps:
a. Click
Cisco Licensing.
b. On the Product License Registration page, click
Upload Rehost Ticket
under Manage Licenses.
c. On the Upload Ticket page, enter the rehost ticket that you generated in To use the rehost permission ticket to revoke the license from this controller and generate a rehost ticket, follow these steps on the controller GUI: in the Enter Rehost Ticket field and click
Continue
.
d. On the Validate Features page, verify that the license information for your controller is correct, enter the rehost quantity, and click
Continue
.
e. On the Designate Licensee page, enter the product ID and serial number of the controller on which you plan to use the license, read and accept the conditions of the end-user license agreement (EULA), complete the rest of the fields on this page, and click
Continue
.
f. On the Review and Submit page, verify that all information is correct and click
Submit
.
g. When a message appears indicating that the registration is complete, click
Download License
. The rehost license key is emailed within 1 hour to the address you specified.
h. After the email arrives, copy the rehost license key to your TFTP server.
i. Follow the instructions in the “Installing a License” section to install this license on another controller.
Using the CLI to Rehost a License
Using the controller CLI, follow these steps to rehost a license.
Step 1 To save device credential information to a file, enter this command:
license save credential
url
where
url
is tftp://
server_ip
/
path
/
filename
.
Step 2 To obtain a permission ticket to revoke the license, follow these steps:
a. Go to
http://www.cisco.com/go/license
. The Product License Registration page appears (see Figure 11).
b. Under Manage Licenses, click
Look Up a License
.
c. Enter the product ID and serial number for your controller.
Note To find the controller’s product ID and serial number, enter the show license udi command on the controller CLI.
d. Open the device credential information file that you saved in To save device credential information to a file, enter this command: and copy and paste the contents of the file into the Device Credentials field.
e. Enter the security code in the blank box and click
Continue
.
f. Choose the licenses that you want to revoke from this controller and click
Start License Transfer
.
g. On the Rehost Quantities page, enter the number of licenses that you want to revoke in the To Rehost field and click
Continue
.
h. On the Designate Licensee page, enter the product ID and serial number of the controller for which you plan to revoke the license, read and accept the conditions of the end-user license agreement (EULA), complete the rest of the fields on this page, and click
Continue
.
i. On the Review and Submit page, verify that all information is correct and click
Submit
.
j. When a message appears indicating that the registration is complete, click
Download Permission Ticket
. The rehost permission ticket is emailed within 1 hour to the address you specified.
k. After the email arrives, copy the rehost permission ticket to your TFTP server.
Step 3 To use the rehost permission ticket to revoke the license from this controller and generate a rehost ticket, follow these steps on the controller CLI:
a. To revoke the license from the controller, enter this command:
license revoke
permission_ticket_url
where
permission_ticket_url
is tftp://
server_ip
/
path
/
filename
.
b. To generate the rehost ticket, enter this command:
license revoke rehost
rehost_ticket_url
where
rehost_ticket_url
is tftp://
server_ip
/
path
/
filename
.
c. If prompted, read and accept the terms of the end-user license agreement (EULA).
Step 4 To use the rehost ticket generated in To use the rehost permission ticket to revoke the license from this controller and generate a rehost ticket, follow these steps on the controller CLI: to obtain a license installation file, which can then be installed on another controller, follow these steps:
a. Go to
http://www.cisco.com/go/license
.
b. On the Product License Registration page, click
Upload Rehost Ticket
under Manage Licenses.
c. On the Upload Ticket page, enter the rehost ticket that you generated in To use the rehost permission ticket to revoke the license from this controller and generate a rehost ticket, follow these steps on the controller CLI: in the Enter Rehost Ticket field and click
Continue
.
d. On the Validate Features page, verify that the license information for your controller is correct, enter the rehost quantity, and click
Continue
.
e. On the Designate Licensee page, enter the product ID and serial number of the controller on which you plan to use the license, read and accept the conditions of the end-user license agreement (EULA), complete the rest of the fields on this page, and click
Continue
.
f. On the Review and Submit page, verify that all information is correct and click
Submit
.
g. When a message appears indicating that the registration is complete, click
Download License
. The rehost license key is emailed within 1 hour to the address you specified.
h. After the email arrives, copy the rehost license key to your TFTP server.
i. Follow the instructions in the “Installing a License” section to install this license on another controller.
Transferring Licenses to a Replacement Controller after an RMA
If you return a 5500 series controller to Cisco as part of the Return Material Authorization (RMA) process, you must transfer that controller’s licenses within 60 days to a replacement controller that you receive from Cisco.
Replacement controllers come preinstalled with the following licenses: permanent base and evaluation base, base-ap-count, wplus, and wplus-ap-count. No other permanent licenses are installed. The SKU for replacement controllers is AIR-CT5508-CA-K9.
Because licenses are registered to the serial number of a controller, you can use the licensing portal on Cisco.com to request that the license from your returned controller be revoked and authorized for use on the replacement controller. After your request is approved, you can install the old license on the replacement controller. Before you begin, you need the product ID and serial number of both the returned controller and the replacement controller. This information is included in your purchase records.
Note The evaluation licenses on the replacement controller are designed for temporary use and expire after 60 days. To prevent disruptions in operation, the controller does not switch licenses when an evaluation license expires. You must reboot the controller in order to return to a permanent license. If the evaluation licenses expire before you transfer the permanent licenses from your defective controller to your replacement controller, the replacement controller remains up and running using the permanent base license, but access points are no longer able to join the controller.
Step 1 Go to
http://www.cisco.com/go/license
.
Step 2 On the main Product License Registration page, click
Register for an RMA License
under RMA License Transfer.
Step 3 In the Select a Product drop-down box, choose
Cisco 5500 Series Wireless Controllers
.
Step 4 Enter the security code in the blank box and click
Go to RMA Portal
.
Step 5 On the RMA License Transfer page, enter the product ID and serial number of the controller that you returned and your RMA service contract number. Then click
Continue
.
Step 6 On the Validate Features page, verify that the license information for your controller is correct, and click
Continue
.
Step 7 On the Designate Licensee page, enter the product ID and serial number of the replacement controller.
Step 8 Read and accept the conditions of the end-user license agreement (EULA), complete the rest of the fields on this page, and click
Submit
.
Step 9 On the Review and Submit page, verify that all information is correct and click
Submit
. A message appears indicating that your registration request has been submitted, and you receive an email containing your RMA request ID.
Step 10 To check the status of your RMA registration request, follow the instructions provided in the email.
Step 11 After you receive another email notifying you that your RMA registration request is approved (usually within 1 hour), follow the instructions in the “Installing a License” section to install the license on the replacement controller.
Configuring the License Agent
If your network contains various Cisco licensed devices, you might want to consider using the Cisco License Manager (CLM) to manage all of the licenses using a single application. CLM is a secure client/server application that manages Cisco software licenses network wide.
The license agent is an interface module that runs on the controller and mediates between CLM and the controller’s licensing infrastructure. CLM can communicate with the controller using various channels, such as HTTP, Telnet, and so on. If you want to use HTTP as the communication method, you must enable the license agent on the controller.
The license agent receives requests from CLM and translates them into license commands. It also sends notifications to CLM. It uses XML messages over HTTP or HTTPS to receive the requests and send the notifications. For example, CLM sends a
license install
command, and the agent notifies CLM after the license expires.
Note You can download the CLM software and access user documentation at this URL:
http://www.cisco.com/go/clm
Using the GUI to Configure the License Agent
Using the controller GUI, follow these steps to configure the license agent on the controller.
Step 1 Choose
Management
>
Software Activation
>
License Agent
to open the License Agent Configuration page (see Figure 12).
Figure 12 License Agent Configuration Page
Step 2 Check the
Enable Default Authentication
check box to enable the license agent, or leave it unchecked to disable this feature. The default value is unchecked.
Step 3 In the Maximum Number of Sessions field, enter the maximum number of sessions for the license agent. The valid range is 1 to 25 sessions (inclusive).
Step 4 To configure the license agent to listen for requests from the CLM, follow these steps:
a. Check the
Enable Listener
check box to enable the license agent to receive license requests from the CLM, or uncheck this check box to disable this feature. The default value is unchecked.
b. In the Listener Message Processing URL field, enter the URL where the license agent receives license requests (for example, http://172.19.35.37/licenseAgent/custom). The Protocol parameter indicates whether the URL requires HTTP or HTTPS.
Note You can specify the protocol to use on the HTTP Configuration page. Refer to the “Enabling Web and Secure Web Modes” section for more information.
c. Check the
Enable Authentication for Listener
check box to enable authentication for the license agent when it is receiving license requests, or uncheck this check box to disable this feature. The default value is unchecked.
d. In the Max HTTP Message Size field, enter the maximum size for license requests. The valid range is 0 to 9999 bytes, and the default value is 0.
Step 5 To configure the license agent to send license notifications to the CLM, follow these steps:
a. Check the
Enable Notification
check box to enable the license agent to send license notifications to the CLM, or uncheck this check box to disable this feature. The default value is unchecked.
b. In the URL to Send the Notifications field, enter the URL where the license agent sends the notifications (for example, http://www.cisco.com/license/notify).
c. In the User Name field, enter the username required in order to view the notification messages at this URL.
d. In the Password and Confirm Password fields, enter the password required in order to view the notification messages at this URL.
Step 6 To commit your changes, click
Apply
.
Step 7 To save your changes, click
Save Configuration
.
Using the CLI to Configure the License Agent
Using the controller CLI, follow these steps to configure the license agent on the controller.
Step 1 To enable the license agent, enter one of these commands:
-
config license agent default authenticate
—Enables the license agent default listener with authentication.
-
config license agent default authenticate none
—Enables the license agent default listener without authentication.
Note To disable the license agent default listener, enter config license agent default disable. The default value is disabled.
Step 2 To specify the maximum number of sessions for the license agent, enter this command:
config license agent max-sessions
sessions
The valid range for the
sessions
parameter is 1 to 25 (inclusive), and the default value is 9.
Step 3 To enable the license agent to receive license requests from the CLM and to specify the URL where the license agent receives the requests, enter this command:
config license agent listener http
{
plaintext
|
encrypt
}
url
authenticate
[
none
] [
max-message
size
] [
acl
acl
]
The valid range for the
size
parameter is 0 to 65535 bytes, and the default value is 0.
Note To prevent the license agent from receiving license requests from the CLM, enter config license agent listener http disable. The default value is disabled.
Step 4 To configure the license agent to send license notifications to the CLM and to specify the URL where the license agent sends the notifications, enter this command:
config license agent notify
url username password
Note To prevent the license agent from sending license notifications to the CLM, enter config license agent notify disable username password. The default value is disabled.
Step 5 To save your changes, enter this command:
save config
Step 6 To see statistics for the license agent’s counters or sessions, enter this command:
show license agent {counters | sessions}
Information similar to the following appears for the show license agent counters command:
Request Messages Received:10: Messages with Errors:1 Request Operations Received:9: Operations with Errors:0 Notification Messages Sent:12: Transmission Errors:0: Soap Errors:0
Information similar to the following appears for the show license agent sessions command:
License Agent Sessions: 1 open, maximum is 9
Note To clear the license agent’s counter or session statistics, enter clear license agent {counters | sessions}.
Configuring Quality of Service
Quality of service (QoS) refers to the capability of a network to provide better service to selected network traffic over various technologies. The primary goal of QoS is to provide priority including dedicated bandwidth, controlled jitter and latency (required by some real-time and interactive traffic), and improved loss characteristics.
The controller supports four QoS levels:
-
Platinum/Voice—Ensures a high quality of service for voice over wireless.
-
Gold/Video—Supports high-quality video applications.
-
Silver/Best Effort—Supports normal bandwidth for clients. This is the default setting.
-
Bronze/Background—Provides the lowest bandwidth for guest services.
Note VoIP clients should be set to Platinum.
You can configure the bandwidth of each QoS level using QoS profiles and then apply the profiles to WLANs. The profile settings are pushed to the clients associated to that WLAN. In addition, you can create QoS roles to specify different bandwidth levels for regular and guest users. Follow the instructions in this section to configure QoS profiles and QoS roles.
Configuring Quality of Service Profiles
You can use the controller GUI or CLI to configure the Platinum, Gold, Silver, and Bronze QoS profiles.
Using the GUI to Configure QoS Profiles
Follow these steps to configure QoS profiles using the controller GUI.
Step 1 Disable the 802.11a and 802.11b/g networks so that you can configure the QoS profiles.
To disable the radio networks, choose
Wireless > 802.11a/n
or
802.11b/g/n > Network
, uncheck the 802.11a (or 802.11b/g) Network Status check box, and click Apply.
Step 2 Choose
Wireless
>
QoS > Profiles
to open the QoS Profiles page.
Step 3 Click the name of the profile that you want to configure to open the Edit QoS Profile page (see Figure 25).
Figure 25 Edit QoS Profile Page
Step 4 To change the description of the profile, modify the contents of the Description field.
Step 5 To define the average data rate for TCP traffic per user, enter the rate in Kbps in the Average Data Rate field. You can enter a value between 0 and 60,000 Kbps (inclusive). A value of 0 imposes no bandwidth restriction on the profile.
Step 6 To define the peak data rate for TCP traffic per user, enter the rate in Kbps in the Burst Data Rate field. You can enter a value between 0 and 60,000 Kbps (inclusive). A value of 0 imposes no bandwidth restriction on the profile.
Note The Burst Data Rate should be greater than or equal to the Average Data Rate. Otherwise, the QoS policy may block traffic to and from the wireless client.
Step 7 To define the average real-time rate for UDP traffic on a per user basis, enter the rate in Kbps in the Average Real-Time Rate field. You can enter a value between 0 and 60,000 Kbps (inclusive). A value of 0 imposes no bandwidth restriction on the profile.
Step 8 To define the peak real-time rate for UDP traffic on a per user basis, enter the rate in Kbps in the Burst Real-Time Rate field. You can enter a value between 0 and 60,000 Kbps (inclusive). A value of 0 imposes no bandwidth restriction on the profile.
Note The Burst Real-Time Rate should be greater than or equal to the Average Real-Time Rate. Otherwise, the QoS policy may block traffic to and from the wireless client.
Step 9 In the Maximum RF Usage Per AP field, enter the maximum percentage of bandwidth given to a user class.
For example, if you set 50% for Bronze QoS, all the Bronze WLAN users combined will not get more than 50% of the available RF bandwidth. Actual throughput could be less than 50%, but it will never be more than 50%.
Step 10 In the Queue Depth field, enter the maximum number of packets that access points keep in their queues. Any additional packets are dropped.
Step 11 To define the maximum value (0–7) for the priority tag associated with packets that fall within the profile, choose
802.1p
from the Protocol Type drop-down box and enter the maximum priority value in the 802.1p Tag field.
The tagged packets include CAPWAP data packets (between access points and the controller) and packets sent toward the core network.
Note If a QoS profile has 802.1p tagging configured and if this QoS profile is assigned to a WLAN that uses an untagged interface on the controller, the client traffic will be blocked.
Step 12 Click
Apply
to commit your changes.
Step 13 Click
Save Configuration
to save your changes.
Step 14 Re-enable the 802.11a and 802.11b/g networks.
To enable the radio networks, choose
Wireless > 802.11a/n
or
802.11b/g/n > Network
, check the 802.11a (or 802.11b/g) Network Status check box, and click Apply.
Step 15 Follow the instructions in the “Assigning a QoS Profile to a WLAN” section to assign a QoS profile to a WLAN.
Using the CLI to Configure QoS Profiles
Follow these steps to configure the Platinum, Gold, Silver, and Bronze QoS profiles using the CLI.
Step 1 To disable the 802.11a and 802.11b/g networks so that you can configure the QoS profiles, enter these commands:
config 802.11a disable network
config 802.11b disable network
Step 2 To change the profile description, enter this command:
config qos description {bronze
|
silver
|
gold
|
platinum}
description
Step 3 To define the average data rate in Kbps for TCP traffic per user, enter this command:
config qos average-data-rate {bronze
|
silver
|
gold
|
platinum}
rate
Note For the rate parameter, you can enter a value between 0 and 60,000 Kbps (inclusive). A value of 0 imposes no bandwidth restriction on the QoS profile.
Step 4 To define the peak data rate in Kbps for TCP traffic per user, enter this command:
config qos burst-data-rate {bronze
|
silver
|
gold
|
platinum}
rate
Step 5 To define the average real-time rate in Kbps for UDP traffic per user, enter this command:
config qos average-realtime-rate {bronze
|
silver
|
gold
|
platinum}
rate
Step 6 To define the peak real-time rate in Kbps for UDP traffic per user, enter this command:
config qos burst-realtime-rate {bronze
|
silver
|
gold
|
platinum}
rate
Step 7 To specify the maximum percentage of RF usage per access point, enter this command:
config qos max-rf-usage
{bronze
|
silver
|
gold
|
platinum}
usage_percentage
Step 8 To specify the maximum number of packets that access points keep in their queues, enter this command:
config qos queue_length
{bronze
|
silver
|
gold
|
platinum}
queue_length
Note If a QoS profile has 802.1p tagging configured and if this QoS profile is assigned to a WLAN that uses an untagged interface on the controller, the client traffic will be blocked.
Step 9 To define the maximum value (0–7) for the priority tag associated with packets that fall within the profile, enter these commands:
config qos
protocol-type
{bronze
|
silver
|
gold
|
platinum} dot1p
config qos dot1p-tag
{bronze
|
silver
|
gold
|
platinum}
tag
The tagged packets include CAPWAP data packets (between access points and the controller) and packets sent toward the core network.
Step 10 To re-enable the 802.11a and 802.11b/g networks so that you can configure the QoS profiles, enter these commands:
config 802.11a enable network
config 802.11b enable network
Step 11 Follow the instructions in the “Assigning a QoS Profile to a WLAN” section to assign a QoS profile to a WLAN.
Configuring Quality of Service Roles
After you configure a QoS profile and apply it to a WLAN, it limits the bandwidth level of clients associated to that WLAN. Multiple WLANs can be mapped to the same QoS profile, which can result in bandwidth contention between regular users (such as employees) and guest users. In order to prevent guest users from using the same level of bandwidth as regular users, you can create QoS roles with different (and presumably lower) bandwidth contracts and assign them to guest users.
You can use the controller GUI or CLI to configure up to ten QoS roles for guest users.
Note If you choose to create an entry on the RADIUS server for a guest user and enable RADIUS authentication for the WLAN on which web authentication is performed rather than adding a guest user to the local user database from the controller, you need to assign the QoS role on the RADIUS server itself. To do so, a “guest-role” Airespace attribute needs to be added on the RADIUS server with a datatype of “string” and a return value of “11.” This attribute is sent to the controller when authentication occurs. If a role with the name returned from the RADIUS server is found configured on the controller, the bandwidth associated to that role is enforced for the guest user after authentication completes successfully.
Using the GUI to Configure QoS Roles
Follow these steps to configure QoS roles using the controller GUI.
Step 1 Choose
Wireless
>
QoS > Roles
to open the QoS Roles for Guest Users page (see Figure 26).
Figure 26 QoS Roles for Guest Users Page
This page shows any existing QoS roles for guest users.
Note If you want to delete a QoS role, hover your cursor over the blue drop-down arrow for that role and choose Remove.
Step 2 To create a new QoS role, click
New
. The QoS Role Name > New page appears.
Step 3 In the Role Name field, enter a name for the new QoS role. The name should uniquely identify the role of the QoS user (such as Contractor, Vendor, and so on).
Step 4 Click
Apply
to commit your changes.
Step 5 To edit the bandwidth of a QoS role, click the name of the QoS role. The Edit QoS Role Data Rates page appears (see Figure 27).
Figure 27 Edit QoS Role Data Rates Page
Note The values that you configure for the per-user bandwidth contracts affect only the amount of bandwidth going downstream (from the access point to the wireless client). They do not affect the bandwidth for upstream traffic (from the client to the access point).
Step 6 To define the average data rate for TCP traffic on a per user basis, enter the rate in Kbps in the Average Data Rate field. You can enter a value between 0 and 60,000 Kbps (inclusive). A value of 0 imposes no bandwidth restriction on the QoS role.
Step 7 To define the peak data rate for TCP traffic on a per user basis, enter the rate in Kbps in the Burst Data Rate field. You can enter a value between 0 and 60,000 Kbps (inclusive). A value of 0 imposes no bandwidth restriction on the QoS role.
Note The Burst Data Rate should be greater than or equal to the Average Data Rate. Otherwise, the QoS policy may block traffic to and from the wireless client.
Step 8 To define the average real-time rate for UDP traffic on a per user basis, enter the rate in Kbps in the Average Real-Time Rate field. You can enter a value between 0 and 60,000 Kbps (inclusive). A value of 0 imposes no bandwidth restriction on the QoS role.
Step 9 To define the peak real-time rate for UDP traffic on a per user basis, enter the rate in Kbps in the Burst Real-Time Rate field. You can enter a value between 0 and 60,000 Kbps (inclusive). A value of 0 imposes no bandwidth restriction on the QoS role.
Note The Burst Real-Time Rate should be greater than or equal to the Average Real-Time Rate. Otherwise, the QoS policy may block traffic to and from the wireless client.
Step 10 Click
Apply
to commit your changes.
Step 11 Click
Save Configuration
to save your changes.
Step 12 To apply a QoS role to a guest user, follow the steps in the “Using the GUI to Configure Local Network Users” section.
Using the CLI to Configure QoS Roles
Follow these steps to configure QoS roles using the controller CLI.
Step 1 To create a QoS role for a guest user, enter this command:
config netuser guest-role create
role_name
Note If you want to delete a QoS role, enter this command:
config netuser guest-role delete role_name
Step 2 To configure the bandwidth contracts for a QoS role, enter these commands:
-
config netuser guest-role qos data-rate average-data-rate
role_name rate—
Configures the average data rate for TCP traffic on a per user basis.
-
config netuser guest-role qos data-rate burst-data-rate
role_name rate—
Configures the peak data rate for TCP traffic on a per user basis.
Note The Burst Data Rate should be greater than or equal to the Average Data Rate. Otherwise, the QoS policy may block traffic to and from the wireless client.
-
config netuser guest-role qos data-rate average-realtime-rate
role_name rate—
Configures the average real-time rate for UDP traffic on a per user basis.
-
config netuser guest-role qos data-rate burst-realtime-rate
role_name rate—
Configures the peak real-time rate for UDP traffic on a per user basis.
Note The Burst Real-Time Rate should be greater than or equal to the Average Real-Time Rate. Otherwise, the QoS policy may block traffic to and from the wireless client.
Note For the role_name parameter in each of these commands, enter a name for the new QoS role. The name should uniquely identify the role of the QoS user (such as Contractor, Vendor, and so on). For the rate parameter, you can enter a value between 0 and 60,000 Kbps (inclusive). A value of 0 imposes no bandwidth restriction on the QoS role.
Step 3 To apply a QoS role to a guest user, enter this command:
config netuser guest-role apply
username role_name
For example, the role of
Contractor
could be applied to guest user
jsmith
.
Note If you do not assign a QoS role to a guest user, the Role field in the User Details shows the role as “default.” The bandwidth contracts for this user are defined in the QoS profile for the WLAN.
Note If you want to unassign a QoS role from a guest user, enter this command: config netuser guest-role apply username default. This user now uses the bandwidth contracts defined in the QoS profile for the WLAN.
Step 4 To save your changes, enter this command:
save config
Step 5 To see a list of the current QoS roles and their bandwidth parameters, enter this command:
show netuser guest-roles
Information similar to the following appears:
Role Name........................................ Contractor Average Data Rate........................... 10 Burst Data Rate............................. 10 Average Realtime Rate....................... 100 Burst Realtime Rate......................... 100 Role Name........................................ Vendor Average Data Rate........................... unconfigured Burst Data Rate............................. unconfigured Average Realtime Rate....................... unconfigured Burst Realtime Rate...................... unconfigured
Configuring Voice and Video Parameters
Three parameters on the controller affect voice and/or video quality:
-
Call admission control
-
Expedited bandwidth requests
-
Unscheduled automatic power save delivery
Each of these parameters is supported in Cisco Compatible Extensions (CCX) v4 and v5. See the “Configuring Cisco Client Extensions” section for more information on CCX.
Note CCX is not supported on the AP1030.
Traffic stream metrics (TSM) can be used to monitor and report issues with voice quality.
Call Admission Control
Call admission control (CAC) enables an access point to maintain controlled quality of service (QoS) when the wireless LAN is experiencing congestion. The Wi-Fi Multimedia (WMM) protocol deployed in CCXv3 ensures sufficient QoS as long as the wireless LAN is not congested. However, in order to maintain QoS under differing network loads, CAC in CCXv4 is required. Two types of CAC are available: bandwidth-based CAC and load-based CAC.
Bandwidth-Based CAC
Bandwidth-based, or static, CAC enables the client to specify how much bandwidth or shared medium time is required to accept a new call and in turn enables the access point to determine whether it is capable of accommodating this particular call. The access point rejects the call if necessary in order to maintain the maximum allowed number of calls with acceptable quality.
The QoS setting for a WLAN determines the level of bandwidth-based CAC support. To use bandwidth-based CAC with voice applications, the WLAN must be configured for Platinum QoS. To use bandwidth-based CAC with video applications, the WLAN must be configured for Gold QoS. Also, make sure that WMM is enabled for the WLAN. See the “Configuring 802.3 Bridging” section for QoS and WMM configuration instructions.
Note You must enable admission control (ACM) for CCXv4 clients that have WMM enabled. Otherwise, bandwidth-based CAC does not operate properly.
Load-Based CAC
Load-based CAC incorporates a measurement scheme that takes into account the bandwidth consumed by all traffic types (including that from clients), co-channel access point loads, and co-located channel interference, for voice applications. Load-based CAC also covers the additional bandwidth consumption resulting from PHY and channel impairment.
In load-based CAC, the access point continuously measures and updates the utilization of the RF channel (that is, the percentage of bandwidth that has been exhausted), channel interference, and the additional calls that the access point can admit. The access point admits a new call only if the channel has enough unused bandwidth to support that call. By doing so, load-based CAC prevents over-subscription of the channel and maintains QoS under all conditions of WLAN loading and interference.
Note Load-based CAC is supported only on lightweight access points. If you disable load-based CAC, the access points start using bandwidth-based CAC.
Expedited Bandwidth Requests
The expedited bandwidth request feature enables CCXv5 clients to indicate the urgency of a WMM traffic specifications (TSPEC) request (for example, an e911 call) to the WLAN. When the controller receives this request, it attempts to facilitate the urgency of the call in any way possible without potentially altering the quality of other TSPEC calls that are in progress.
You can apply expedited bandwidth requests to both bandwidth-based and load-based CAC. Expedited bandwidth requests are disabled by default. When this feature is disabled, the controller ignores all expedited requests and processes TSPEC requests as normal TSPEC requests.
See
Table 2
for examples of TSPEC request handling for normal TSPEC requests and expedited bandwidth requests.
Table 2 TSPEC Request Handling Examples
|
Reserved bandwidth for voice calls
|
|
|
TSPEC with Expedited
Bandwidth Request
|
Bandwidth-based CAC
|
75% (default setting)
|
Less than 75%
|
Admitted
|
Admitted
|
Between 75% and 90% (reserved bandwidth for voice calls exhausted)
|
Rejected
|
Admitted
|
More than 90%
|
Rejected
|
Rejected
|
Load-based CAC
|
Less than 75%
|
Admitted
|
Admitted
|
Between 75% and 85% (reserved bandwidth for voice calls exhausted)
|
Rejected
|
Admitted
|
More than 85%
|
Rejected
|
Rejected
|
Note Controller software release 6.0 supports admission control for TSPEC g711-40ms codec type.
Note When video ACM is enabled, the controller rejects a video TSPEC if the Nom-MSDU size in the TSPEC is greater than 149 or the mean data rate is greater than 1 Kb/s.
U-APSD
Unscheduled automatic power save delivery (U-APSD) is a QoS facility defined in IEEE 802.11e that extends the battery life of mobile clients. In addition to extending battery life, this feature reduces the latency of traffic flow delivered over the wireless media. Because U-APSD does not require the client to poll each individual packet buffered at the access point, it allows delivery of multiple downlink packets by sending a single uplink trigger packet. U-APSD is enabled automatically when WMM is enabled.
Traffic Stream Metrics
In a voice-over-wireless LAN (VoWLAN) deployment, traffic stream metrics (TSM) can be used to monitor voice-related metrics on the client-access point air interface. It reports both packet latency and packet loss. An administrator can isolate poor voice quality issues by studying these reports.
The metrics consist of a collection of uplink (client side) and downlink (access point side) statistics between an access point and a client device that supports CCX v4 or later. If the client is not CCX v4 or CCXv5 compliant, only downlink statistics are captured. The client and access point measure these metrics. The access point also collects the measurements every 5 seconds, prepares 90-second reports, and then sends the reports to the controller. The controller organizes the uplink measurements on a client basis and the downlink measurements on an access point basis and maintains an hour’s worth of historical data. To store this data, the controller requires 32 MB of additional memory for uplink metrics and 4.8 MB for downlink metrics.
TSM can be configured through either the GUI or the CLI on a per radio-band basis (for example, all 802.11a radios). The controller saves the configuration in flash memory so that it persists across reboots. After an access point receives the configuration from the controller, it enables TSM on the specified radio band.
Note Access points support TSM in both local and hybrid-REAP modes.
Using the GUI to Configure Voice Parameters
Follow these steps to configure voice parameters using the GUI.
Step 1 Make sure that the WLAN is configured for WMM and the Platinum QoS level.
Step 2 Disable all WLANs with WMM enabled and click
Apply
.
Step 3 To disable the radio network, choose Wireless and then Network under 802.11a/n or 802.11b/g/n, uncheck the 802.11a (or 802.11b/g) Network Status check box, and click Apply.
Step 4 Choose Voice under 802.11a/n or 802.11b/g/n. The 802.11a (or 802.11b) > Voice Parameters page appears (see Figure 28).
Figure 28 802.11a > Voice Parameters Page
Step 5 To enable bandwidth-based CAC for this radio band, check the Admission Control (ACM) check box. The default value is disabled.
Step 6 To enable load-based CAC for this radio band, check both the Admission Control (ACM) check box and the Load-based AC check box. The default value for both check boxes is disabled.
Step 7 In the Max RF Bandwidth field, enter the percentage of the maximum bandwidth allocated to clients for voice applications on this radio band. Once the client reaches the value specified, the access point rejects new calls on this radio band.
Range: 40 to 85%
Default: 75%
Step 8 In the Reserved Roaming Bandwidth field, enter the percentage of maximum allocated bandwidth reserved for roaming voice clients. The controller reserves this much bandwidth from the maximum allocated bandwidth for roaming voice clients.
Range: 0 to 25%
Default: 6%
Step 9 To enable expedited bandwidth requests, check the Expedited Bandwidth check box. The default value is disabled.
Step 10 To enable TSM, check the Metrics Collection check box. The default value is disabled.
Step 11 Click Apply to commit your changes.
Step 12 Re-enable all WMM WLANs and click Apply.
Step 13 To re-enable the radio network, choose Network under 802.11a/n or 802.11b/g/n, check the 802.11a (or 802.11b/g) Network Status check box, and click Apply.
Step 14 Click Save Configuration to save your changes.
Step 15 Repeat this procedure if you want to configure voice parameters for another radio band (802.11a or 802.11b/g).
Using the GUI to Configure Video Parameters
Follow these steps to configure video parameters using the GUI.
Step 1 Make sure that the WLAN is configured for WMM and the Gold QoS level.
Step 2 Disable all WLANs with WMM enabled and click
Apply
.
Step 3 To disable the radio network, choose Wireless and then Network under 802.11a/n or 802.11b/g/n, uncheck the 802.11a (or 802.11b/g) Network Status check box, and click Apply.
Step 4 Choose Video under 802.11a/n or 802.11b/g/n. The 802.11a (or 802.11b) > Video Parameters page appears (see Figure 28).
Figure 29 802.11a > Video Parameters Page
Step 5 To enable video CAC for this radio band, check the Admission Control (ACM) check box. The default value is disabled.
Step 6 In the Max RF Bandwidth field, enter the percentage of the maximum bandwidth allocated to clients for video applications on this radio band. Once the client reaches the value specified, the access point rejects new requests on this radio band.
Range: 0 to 100% (However, the maximum RF bandwidth cannot exceed 100% for voice + video.)
Default: 0%
Note If this parameter is set to zero (0), the controller assumes that the operator does not want to do any bandwidth allocation and, therefore, allows all bandwidth requests.
Step 7 In the Reserved Roaming Bandwidth field, enter the percentage of maximum allocated bandwidth reserved for roaming video clients. The controller reserves this much bandwidth from the maximum allocated bandwidth for roaming video clients.
Range: 0 to 25%
Default: 0%
Step 8 Click Apply to commit your changes.
Step 9 Re-enable all WMM WLANs and click Apply.
Step 10 To re-enable the radio network, choose Network under 802.11a/n or 802.11b/g/n, check the 802.11a (or 802.11b/g) Network Status check box, and click Apply.
Step 11 Click Save Configuration to save your changes.
Step 12 Repeat this procedure if you want to configure video parameters for another radio band (802.11a or 802.11b/g).
Using the GUI to View Voice and Video Settings
Follow these steps to view voice and video settings using the GUI.
Step 1 Choose Monitor > Clients to open the Clients page (see Figure 30).
Figure 30 Clients Page
Step 2 Click the MAC address of the desired client to open the Clients > Detail page (see Figure 31).
Figure 31 Clients > Detail Page
This page shows the U-APSD status (if enabled) for this client under Quality of Service Properties.
Step 3 Click Back to return to the Clients page.
Step 4 Follow these steps to see the TSM statistics for a particular client and the access point to which this client is associated.
a. Hover your cursor over the blue drop-down arrow for the desired client and choose 802.11aTSM or 802.11b/gTSM. The Clients > AP page appears (see Figure 32).
Figure 32 Clients > AP Page
b. Click the Detail link for the desired access point to open the Clients > AP > Traffic Stream Metrics page (see Figure 33).
Figure 33 Clients > AP > Traffic Stream Metrics Page
This page shows the TSM statistics for this client and the access point to which it is associated. The statistics are shown in 90-second intervals. The timestamp field shows the specific interval when the statistics were collected.
Step 5 Follow these steps to see the TSM statistics for a particular access point and a particular client associated to this access point.
a. Choose Wireless >
Access Points
>
Radios
> 802.11a/n or 802.11b/g/n. The 802.11a/n Radios or 802.11b/g/n Radios page appears (see Figure 34).
Figure 34 802.11a/n Radios Page
b. Hover your cursor over the blue drop-down arrow for the desired access point and choose 802.11aTSM or 802.11b/gTSM. The AP > Clients page appears (see Figure 35).
Figure 35 AP > Clients Page
c. Click the Detail link for the desired client to open the AP > Clients > Traffic Stream Metrics page (see Figure 36).
Figure 36 AP > Clients > Traffic Stream Metrics Page
This page shows the TSM statistics for this access point and a client associated to it. The statistics are shown in 90-second intervals. The timestamp field shows the specific interval when the statistics were collected.
Using the CLI to Configure Voice Parameters
Follow these steps to configure voice parameters using the CLI.
Step 1 To see all of the WLANs configured on the controller, enter this command:
show wlan summary
Step 2 To make sure that the WLAN you are planning to modify is configured for WMM and the QoS level is set to Platinum, enter this command:
show wlan
wlan_id
Step 3 To disable all WLANs with WMM enabled prior to changing the voice parameters, enter this command:
config wlan disable wlan_id
Step 4 To disable the radio network, enter this command:
config {802.11a | 802.11b} disable network
Step 5 To save your settings, enter this command:
save config
Step 6 To enable or disable bandwidth-based voice CAC for the 802.11a or 802.11b/g network, enter this command:
config {802.11a | 802.11b} cac voice acm {enable | disable}
Step 7 To set the percentage of maximum bandwidth allocated to clients for voice applications on the 802.11a or 802.11b/g network, enter this command:
config {802.11a | 802.11b} cac voice max-bandwidth bandwidth
The bandwidth range is 40 to 85%, and the default value is 75%. Once the client reaches the value specified, the access point rejects new calls on this network.
Step 8 To set the percentage of maximum allocated bandwidth reserved for roaming voice clients, enter this command:
config {802.11a | 802.11b} cac voice roam-bandwidth bandwidth
The bandwidth range is 0 to 25%, and the default value is 6%. The controller reserves this much bandwidth from the maximum allocated bandwidth for roaming voice clients.
Step 9 To process or ignore the TSPEC inactivity timeout received from an access point, enter this command:
config {802.11a | 802.11b} cac voice
tspec-inactivity-timeout
{enable | ignore}
Step 10 To enable or disable load-based CAC for the 802.11a or 802.11b/g network, enter this command:
config {802.11a | 802.11b} cac voice
load-based
{enable | disable}
Step 11 To configure the number of aggregated voice WMM traffic specification (TSPEC) streams at a specified data rate for the 802.11a or 802.11b/g network, enter this command:
config
{
802.11a
|
802.11b
}
cac voice
stream-size number max-streams mean_datarate
The
number
range is 1 to 5 voice streams, and the default value is 2. The mean_datarate range is 84 to 91.2 Kbps, and the default value is 84 Kbps.
Step 12 To enable or disable expedited bandwidth requests for the 802.11a or 802.11b/g network, enter this command:
config {802.11a | 802.11b} exp-bwreq {enable | disable}
Step 13 To enable or disable TSM for the 802.11a or 802.11b/g network, enter this command:
config {802.11a | 802.11b} tsm {enable | disable}
Step 14 To re-enable all WLANs with WMM enabled, enter this command:
config wlan enable wlan_id
Step 15 To re-enable the radio network, enter this command:
config {802.11a | 802.11b} enable network
Step 16 To save your settings, enter this command:
save config
Using the CLI to Configure Video Parameters
Follow these steps to configure video parameters using the CLI.
Step 1 To see all of the WLANs configured on the controller, enter this command:
show wlan summary
Step 2 To make sure that the WLAN you are planning to modify is configured for WMM and the QoS level is set to Gold, enter this command:
show wlan
wlan_id
Step 3 To disable all WLANs with WMM enabled prior to changing the video parameters, enter this command:
config wlan disable wlan_id
Step 4 To disable the radio network, enter this command:
config {802.11a | 802.11b} disable network
Step 5 To save your settings, enter this command:
save config
Step 6 To enable or disable video CAC for the 802.11a or 802.11b/g network, enter this command:
config {802.11a | 802.11b} cac video acm {enable | disable}
Step 7 To set the percentage of maximum bandwidth allocated to clients for video applications on the 802.11a or 802.11b/g network, enter this command:
config {802.11a | 802.11b} cac video max-bandwidth bandwidth
The bandwidth range is 0 to 100%, and the default value is 0%. However, the maximum RF bandwidth cannot exceed 100% for voice + video. Once the client reaches the value specified, the access point rejects new calls on this network.
Note If this parameter is set to zero (0), the controller assumes that the operator does not want to do any bandwidth allocation and, therefore, allows all bandwidth requests.
Step 8 To set the percentage of maximum allocated bandwidth reserved for roaming video clients, enter this command:
config {802.11a | 802.11b} cac video roam-bandwidth bandwidth
The bandwidth range is 0 to 25%, and the default value is 0%. The controller reserves this much bandwidth from the maximum allocated bandwidth for roaming video clients.
Step 9 To process or ignore the TSPEC inactivity timeout received from an access point, enter this command:
config {802.11a | 802.11b} cac video
tspec-inactivity-timeout
{enable | ignore}
Step 10 To re-enable all WLANs with WMM enabled, enter this command:
config wlan enable wlan_id
Step 11 To re-enable the radio network, enter this command:
config {802.11a | 802.11b} enable network
Step 12 To save your settings, enter this command:
save config
Using the CLI to View Voice and Video Settings
Use these commands to view voice and video settings using the CLI.
1. To see the CAC configuration for the 802.11a or 802.11b/g network, enter this command:
show {802.11a | show 802.11b}
2. To see the CAC statistics for a particular access point, enter this command:
show ap stats {802.11a | 802.11b} ap_name
Information similar to the following appears:
Call Admission Control (CAC) Stats Voice Bandwidth in use(% of config bw)......... 0 Total channel MT free........................ 0 Total voice MT free.......................... 0 Na Direct.................................... 0 Na Roam...................................... 0 Video Bandwidth in use(% of config bw)......... 0 Total num of voice calls in progress........... 0 Num of roaming voice calls in progress......... 0 Total Num of voice calls since AP joined....... 0 Total Num of roaming calls since AP joined..... 0
Total Num of exp bw requests received.......... 5
Total Num of exp bw requests admitted.......... 2
Num of voice calls rejected since AP joined...... 0 Num of roam calls rejected since AP joined..... 0 Num of calls rejected due to insufficient bw....0 Num of calls rejected due to invalid params.... 0 Num of calls rejected due to PHY rate.......... 0 Num of calls rejected due to QoS policy..... 0
In the example above, “MT” is medium time, “Na” is the number of additional calls, and “exp bw” is expedited bandwidth.
3. To see the U-APSD status for a particular client, enter this command:
show client detail client_mac
4. To see the TSM statistics for a particular client and the access point to which this client is associated, enter this command:
show client tsm {802.11a | 802.11b} client_mac {ap_mac | all}
The optional all command shows all access points to which this client has associated. Information similar to the following appears:
AP Interface Mac: 00:0b:85:01:02:03 Client Interface Mac: 00:01:02:03:04:05 Measurement Duration: 90 seconds Timestamp 1st Jan 2006, 06:35:80 Average Delay (5sec intervals)............................35 Delay less than 10 ms.....................................20 Delay bet 10 - 20 ms......................................20 Delay bet 20 - 40 ms......................................20 Delay greater than 40 ms..................................20 Total packet Count.........................................80 Total packet lost count (5sec).............................10 Maximum Lost Packet count(5sec)............................5 Average Lost Packet count(5secs)...........................2 Average Delay (5sec intervals)............................35 Delay less than 10 ms.....................................20 Delay bet 10 - 20 ms......................................20 Delay bet 20 - 40 ms......................................20 Delay greater than 40 ms..................................20 Total packet Count.........................................80 Total packet lost count (5sec).............................10 Maximum Lost Packet count(5sec)............................5 Average Lost Packet count(5secs)...........................2
Note The statistics are shown in 90-second intervals. The timestamp field shows the specific interval when the statistics were collected.
Note To clear the TSM statistics for a particular access point or all the access points to which this client is associated, enter this command: clear client tsm {802.11a | 802.11b} client_mac {ap_mac | all}.
5. To see the TSM statistics for a particular access point and a particular client associated to this access point, enter this command:
show ap stats {802.11a | 802.11b} ap_name tsm {client_mac | all}
The optional all command shows all clients associated to this access point. Information similar to the following appears:
AP Interface Mac: 00:0b:85:01:02:03 Client Interface Mac: 00:01:02:03:04:05 Measurement Duration: 90 seconds Timestamp 1st Jan 2006, 06:35:80 Average Delay (5sec intervals)............................35 Delay less than 10 ms.....................................20 Delay bet 10 - 20 ms......................................20 Delay bet 20 - 40 ms......................................20 Delay greater than 40 ms..................................20 Total packet Count.........................................80 Total packet lost count (5sec).............................10 Maximum Lost Packet count(5sec)............................5 Average Lost Packet count(5secs)...........................2 Average Delay (5sec intervals)............................35 Delay less than 10 ms.....................................20 Delay bet 10 - 20 ms......................................20 Delay bet 20 - 40 ms......................................20 Delay greater than 40 ms..................................20 Total packet Count.........................................80 Total packet lost count (5sec).............................10 Maximum Lost Packet count(5sec)............................5 Average Lost Packet count(5secs)...........................2
Note The statistics are shown in 90-second intervals. The timestamp field shows the specific interval when the statistics were collected.
6. To enable or disable debugging for call admission control (CAC) messages, events, or packets, enter this command:
debug cac
{
all
|
event
|
packet
}{
enable
|
disable
}
where
all
configures debugging for all CAC messages,
event
configures debugging for all CAC events, and
packet
configures debugging for all CAC packets.
Configuring Cisco Discovery Protocol
Cisco Discovery Protocol (CDP) is a device discovery protocol that runs on all Cisco-manufactured equipment. A device enabled with CDP sends out periodic interface updates to a multicast address in order to make itself known to neighboring devices.
The default value for the frequency of periodic transmissions is 60 seconds, and the default advertised time-to-live value is 180 seconds. The second and latest version of the protocol, CDPv2, introduces new time-length-values (TLVs) and provides a reporting mechanism that allows for more rapid error tracking, thereby reducing down time.
CDPv1 and CDPv2 are supported on the following devices:
-
5500, 4400, and 2100 series controllers
Note CDP is not supported on the controllers that are integrated into Cisco switches and routers, including those in the Catalyst 3750G Integrated Wireless LAN Controller Switch, the Cisco WiSM, and the Cisco 28/37/38xx Series Integrated Services Router. However, you can use the show ap cdp neighbors detail {Cisco_AP | all} command on these controllers in order to see the list of CDP neighbors for the access points that are connected to the controller.
-
CAPWAP- enabled access points
-
An access point connected directly to a 5500, 4400, or 2100 series controller
This support enables network management applications to discover Cisco devices.
These TLVs are supported by both the controller and the access point:
-
Device-ID TLV: 0x0001—The host name of the controller, the access point, or the CDP neighbor.
-
Address TLV: 0x0002—The IP address of the controller, the access point, or the CDP neighbor.
-
Port-ID TLV: 0x0003—The name of the interface on which CDP packets are sent out.
-
Capabilities TLV: 0x0004—The capabilities of the device. The controller sends out this TLV with a value of Host: 0x10, and the access point sends out this TLV with a value of Transparent Bridge: 0x02.
-
Version TLV: 0x0005—The software version of the controller, the access point, or the CDP neighbor.
-
Platform TLV: 0x0006—The hardware platform of the controller, the access point, or the CDP neighbor.
These TLVs are supported only by the access point:
-
Full/Half Duplex TLV: 0x000b—The full- or half-duplex mode of the Ethernet link on which CDP packets are sent out. This TLV is not supported on access points that are connected directly to a 5500, 4400, or 2100 series controller.
-
Power Consumption TLV: 0x0010—The maximum amount of power consumed by the access point. This TLV is not supported on access points that are connected directly to a 5500, 4400, or 2100 series controller.
You can configure CDP and view CDP information using the GUI in controller software release 4.1 or later or the CLI in controller software release 4.0 or later. Figure 38 shows a sample network that you can use as a reference when performing the procedures in this section.
Note Changing the CDP configuration on the controller does not change the CDP configuration on the access points connected to the controller. You must enable and disable CDP separately for each access point.
Figure 38 Sample Network Illustrating CDP
Using the GUI to Configure Cisco Discovery Protocol
Follow these steps to configure CDP using the controller GUI.
Step 1 Choose Controller > CDP > Global Configuration to open the CDP > Global Configuration page (see Figure 39).
Figure 39 CDP > Global Configuration Page
Step 2 Check the CDP Protocol Status check box to enable CDP on the controller or uncheck it to disable this feature. The default value is checked.
Step 3 From the CDP Advertisement Version drop-down box, choose v1 or v2 to specify the highest CDP version supported on the controller. The default value is v1.
Step 4 In the Refresh-time Interval field, enter the interval at which CDP messages are to be generated. The range is 5 to 254 seconds, and the default value is 60 seconds.
Step 5 In the Holdtime field, enter the amount of time to be advertised as the time-to-live value in generated CDP packets. The range is 10 to 255 seconds, and the default value is 180 seconds.
Step 6 Click Apply to commit your changes.
Step 7 Click Save Configuration to save your changes.
Step 8 Perform one of the following:
-
To enable or disable CDP on a specific access point, follow these steps:
Choose Wireless > Access Points > All APs to open the All APs page.
-
Click the link for the desired access point.
-
Choose the
Advanced
tab to open the All APs > Details for (Advanced) page (see Figure 40).
Figure 40 All APs > Details for (Advanced) Page
-
Check the Cisco Discovery Protocol check box to enable CDP on this access point or uncheck it to disable this feature. The default value is enabled.
-
Click Apply to commit your changes.
-
To enable or disable CDP on all access points currently associated to the controller, follow these steps:
Choose
Wireless
>
Access Points
>
Global Configuration
to open the Global Configuration page.
-
Check the
CDP State
check box to enable CDP on all access points associated to the controller or uncheck it to disable CDP on all access points. The default value is checked.
-
Click
Apply
to commit your changes.
Step 9 Click Save Configuration to save your changes.
Using the GUI to View Cisco Discovery Protocol Information
Follow these steps to view CDP information using the controller GUI.
Step 1 To see a list of all CDP neighbors on all interfaces, choose Monitor > CDP > Interface Neighbors. The CDP > Interface Neighbors page appears (see Figure 41).
Figure 41 CDP > Interface Neighbors Page
This page shows the following information:
-
The controller port on which the CDP packets were received
-
The name of each CDP neighbor
-
The IP address of each CDP neighbor
-
The port used by each CDP neighbor for transmitting CDP packets
-
The time left (in seconds) before each CDP neighbor entry expires
-
The functional capability of each CDP neighbor, defined as follows: R - Router, T - Trans Bridge, B - Source Route Bridge, S - Switch, H - Host, I - IGMP, r - Repeater, or M - Remotely Managed Device
-
The hardware platform of each CDP neighbor device
Step 2 To see more detailed information about each interface’s CDP neighbor, click the name of the desired interface neighbor. The CDP > Interface Neighbors > Detail page appears (see Figure 42).
Figure 42 CDP > Interface Neighbors > Detail Page
This page shows the following information:
-
The controller port on which the CDP packets were received
-
The name of the CDP neighbor
-
The IP address of the CDP neighbor
-
The port used by the CDP neighbor for transmitting CDP packets
-
The CDP version being advertised (v1 or v2)
-
The time left (in seconds) before the CDP neighbor entry expires
-
The functional capability of the CDP neighbor, defined as follows: Router, Trans Bridge,
Source Route Bridge, Switch, Host, IGMP, Repeater, or Remotely Managed Device
-
The hardware platform of the CDP neighbor device
-
The software running on the CDP neighbor
Step 3 To see a list of CDP neighbors for all access points connected to the controller, choose AP Neighbors. The CDP AP Neighbors page appears (see Figure 43).
Figure 43 CDP AP Neighbors Page
Step 4 To see a list of CDP neighbors for a specific access point, click the
CDP Neighbors
link for the desired access point. The CDP > AP Neighbors page appears (see Figure 45).
Figure 44 CDP > AP Neighbors Page
This page shows the following information:
-
The name of each access point
-
The IP address of each access point
-
The name of each CDP neighbor
-
The IP address of each CDP neighbor
-
The port used by each CDP neighbor
-
The CDP version being advertised (v1 or v2)
Step 5 To see detailed information about an access point’s CDP neighbors, click the name of the desired access point. The CDP > AP Neighbors > Detail page appears (see Figure 45).
Figure 45 CDP > AP Neighbors > Detail Page
This page shows the following information:
-
The name of the access point
-
The MAC address of the access point’s radio
-
The IP address of the access point
-
The interface on which the CDP packets were received
-
The name of the CDP neighbor
-
The IP address of the CDP neighbor
-
The port used by the CDP neighbor
-
The CDP version being advertised (v1 or v2)
-
The time left (in seconds) before the CDP neighbor entry expires
-
The functional capability of the CDP neighbor, defined as follows: R - Router, T - Trans Bridge,
B - Source Route Bridge, S - Switch, H - Host, I - IGMP, r - Repeater, or M - Remotely Managed Device
-
The hardware platform of the CDP neighbor device
-
The software running on the CDP neighbor
Step 6 To see CDP traffic information, choose Traffic Metrics. The CDP > Traffic Metrics page appears (see Figure 46).
Figure 46 CDP > Traffic Metrics Page
This page shows the following information:
-
The number of CDP packets received by the controller
-
The number of CDP packets sent from the controller
-
The number of packets that experienced a checksum error
-
The number of packets dropped due to insufficient memory
-
The number of invalid packets
Using the CLI to Configure Cisco Discovery Protocol
Use these commands to configure CDP using the controller CLI.
1. To enable or disable CDP on the controller, enter this command:
config cdp {enable | disable}
CDP is enabled by default.
2. To specify the interval at which CDP messages are to be generated, enter this command:
config cdp timer seconds
The range is 5 to 254 seconds, and the default value is 60 seconds.
3. To specify the amount of time to be advertised as the time-to-live value in generated CDP packets, enter this command:
config cdp holdtime seconds
The range is 10 to 255 seconds, and the default value is 180 seconds.
4. To specify the highest CDP version supported on the controller, enter this command:
config cdp advertise {v1 | v2}
The default value is v1.
5. To enable or disable CDP on all access points that are joined to the controller, enter this command:
config ap cdp {enable | disable} all
The config ap cdp disable all command disables CDP on all access points that are joined to the controller and all access points that join in the future. CDP remains disabled on both current and future access points even after the controller or access point reboots. To enable CDP, enter config ap cdp enable all.
Note After you enable CDP on all access points joined to the controller, you may disable and then re-enable CDP on individual access points using the command in #6 below. After you disable CDP on all access points joined to the controller, you may not enable and then disable CDP on individual access points.
6. To enable or disable CDP on a specific access point, enter this command:
config ap cdp {enable | disable} Cisco_AP
7. To save your settings, enter this command:
save config
Using the CLI to View Cisco Discovery Protocol Information
Use these commands to obtain information about CDP neighbors on the controller.
1. To see the status of CDP and to view CDP protocol information, enter this command:
show cdp
2. To see a list of all CDP neighbors on all interfaces, enter this command:
show cdp neighbors [detail]
The optional detail command provides detailed information for the controller’s CDP neighbors.
Note This command shows only the CDP neighbors of the controller. It does not show the CDP neighbors of the controller’s associated access points. Additional commands are provided below to show the list of CDP neighbors per access point.
3. To see all CDP entries in the database, enter this command:
show cdp entry all
4. To see CDP traffic information on a given port (for example, packets sent and received, CRC errors, and so on), enter this command:
show cdp traffic
5. To see the CDP status for a specific access point, enter this command:
show ap cdp ap-name Cisco_AP
6. To see the CDP status for all access points that are connected to the controller, enter this command:
show ap cdp all
7. To see a list of all CDP neighbors for a specific access point, enter these commands:
show ap cdp neighbors ap-name Cisco_AP
show ap cdp neighbors detail Cisco_AP
Note The access point sends CDP neighbor information to the controller only when the information changes.
8. To see a list of all CDP neighbors for all access points connected to the controller, enter these commands:
show ap cdp neighbors all
show ap cdp neighbors detail all
Information similar to the following appears when you enter show ap cdp neighbors all:
AP Name AP IP Neighbor Name Neighbor IP Neighbor Port -------- -------- ------------- ----------- ------------- AP0013.601c.0a0 10.76.108.123 6500-1 10.76.108.207 GigabitEthernet1/26 AP0013.601c.0b0 10.76.108.111 6500-1 10.76.108.207 GigabitEthernet1/27 AP0013.601c.0c0 10.76.108.125 6500-1 10.76.108.207 GigabitEthernet1/28
Information similar to the following appears when you enter show ap cdp neighbors detail all:
AP IP Address: 10.76.108.125 ---------------------------------- Entry address(es): 10.76.108.207 Platform: cisco WS-C6506-E, Capabilities: Router Switch IGMP Interface: Port - 1, Port ID (outgoing port): GigabitEthernet1/26 Cisco Internetwork Operating System Software IOS (tm) s72033_rp Software (s72033_rp-PSV-M), Version 12.2(18)SXD5, RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2005 by cisco Systems, Inc. Compiled Fri 13-Ma
Note The access point sends CDP neighbor information to the controller only when the information changes.
Use these commands to obtain CDP debug information for the controller.
1. To obtain debug information related to CDP packets, enter this command:
debug cdp packets
2. To obtain debug information related to CDP events, enter this command:
debug cdp events
Configuring and Viewing Location Settings
This section provides instructions for configuring and viewing location settings from the controller CLI.
Note Access points in monitor mode should not be used for location purposes.
Installing the Location Appliance Certificate
A self-signed certificate (SSC) is required on the location appliance. This certificate, which is comprised of the location appliance MAC address and a 20-byte key hash, must be present on the controller. Otherwise, the controller cannot authenticate the location appliance, and they can never establish a connection. WCS usually pushes the certificate to the controller automatically, but you can install the certificate on the controller using the controller CLI if necessary (for example, if the controller is not connected to WCS or if an error or certificate mismatch occurs on WCS).
Note If an error occurs on WCS and prevents the location appliance certificate from being pushed to the controller, make sure that the time zone has been synchronized on the controller and the location appliance before following this procedure. Follow the instructions in the “Viewing Location Settings” section to do so.
Follow these steps to install the location appliance certificate on the controller.
Step 1 To obtain the key hash value of the location appliance certificate, enter this command:
debug pm pki enable
Information similar to the following appears:
Thu Oct 11 08:52:26 2007: sshpmGetIssuerHandles: Calculate SHA1 hash on Public Key Data Thu Oct 11 08:52:26 2007: sshpmGetIssuerHandles: Key Data 30820122 300d0609 2a864886 f70d0101 Thu Oct 11 08:52:26 2007: sshpmGetIssuerHandles: Key Data 01050003 82010f00 3082010a 02820101 Thu Oct 11 08:52:26 2007: sshpmGetIssuerHandles: Key Data 009a98b5 d2b7c77b 036cdb87 5bd20e5a Thu Oct 11 08:52:26 2007: sshpmGetIssuerHandles: Key Data 894c66f4 df1cbcfb fe2fcf01 09b723aa Thu Oct 11 08:52:26 2007: sshpmGetIssuerHandles: Key Data 5c0917f1 ec1d5061 2d386351 573f2c5e Thu Oct 11 08:52:30 2007: sshpmGetIssuerHandles: Key Data b9020301 0001 Thu Oct 11 08:52:30 2007: sshpmGetIssuerHandles: SSC Key Hash is 4869b32638c00ffca88abe9b1a8e0525b9344b8b
Step 2 To install the location appliance certificate on the controller, enter this command:
config auth-list add lbs-ssc
lbs_mac lbs_key
where
-
lbs_mac
is the MAC address of the location appliance, and
-
lbs_key
is the 20-byte key hash value of the certificate.
Step 3 To save your changes, enter this command:
s
ave config
Step 4 To verify that the location appliance certificate is installed on the controller, enter this command:
show auth-list
Information similar to the following appears:
Authorize APs against AAA ....................... disabled Allow APs with Self-Signed Certificate (SSC) .... disabled Mac Addr Cert Type Key Hash ----------------------- ---------- -------------------------------------------- 00:16:36:91:9a:27 LBS-SSC 593f34e7cb151997a28cc7da2a6cac040b329636
Synchronizing the Controller and Location Appliance
For controller software release 4.2 or later, if a location appliance (release 3.1 or later) is installed on your network, the time zone must be set on the controller to ensure proper synchronization between the two systems. Also, the times must be in sync on the two devices. Cisco highly recommends that the time be set even for networks that do not have location appliances. Refer to the “Configuring 802.11 Bands” section for instructions on setting the time and date on the controller.
Note The time zone can be different for the controller and the location appliance, but the time zone delta must be configured accordingly, based on GMT.
Configuring Location Settings
The controller determines the location of client devices by gathering received signal strength indication (RSSI) measurements from access points all around the client of interest. The controller can obtain location reports from up to 16 access points for clients, RFID tags, and rogue access points.
To improve location accuracy by configuring the path loss measurement (S60) request for normal clients or calibrating clients, enter this command:
config location plm
?
where
?
is one of the following:
-
client
{enable | disable}
burst_interval
—Enables or disables the path loss measurement request for normal, non-calibrating clients. The valid range for the
burst_interval
parameter is 1 to 3600 seconds, and the default value is 60 seconds.
-
calibrating {enable | disable} {uniband | multiband}—Enables or disables the path loss measurement request for calibrating clients on the associated 802.11a or 802.11b/g radio or on the associated 802.11a/b/g radio.
If a client does not send probes often or sends them only on a few channels, its location cannot be updated or cannot be updated accurately. The
config location plm
command forces clients to send more packets on all channels. When a CCXv4 (or higher) client associates, the controller sends it a path loss measurement request, which instructs the client to transmit on the bands and channels that the access points are on (typically channels 1, 6, and 11 for 2.4-GHz-only access points) at a configurable interval (such as 60 seconds) indefinitely.
These four additional location CLI commands are available; however, they are set to optimal default values, so Cisco does not recommend that you use or modify them.
1. To configure the RSSI timeout value for various devices, enter this command:
config location expiry
?
where
?
is one of the following:
-
client
timeout
—Configures the RSSI timeout value for clients. The valid range for the
timeout
parameter is 5 to 3600 seconds, and the default value is 5 seconds.
-
calibrating-client
timeout
—Configures the RSSI timeout value for calibrating clients. The valid range for the
timeout
parameter is 0 to 3600 seconds, and the default value is 5 seconds.
-
tags
timeout
—Configures the RSSI timeout value for RFID tags. The valid range for the
timeout
parameter is 5 to 300 seconds, and the default value is 5 seconds.
-
rogue-aps
timeout
—Configures the RSSI timeout value for rogue access points. The valid range for the
timeout
parameter is 5 to 3600 seconds, and the default value is 5 seconds.
Ensuring that recent, strong RSSIs are retained by the CPU is critical to location accuracy. The
config location expiry
command enables you to specify the length of time after which old RSSI averages expire.
Note Cisco recommends that you do not use or modify the config location expiry command.
2. To configure the RSSI half life for various devices, enter this command:
config location rssi-half-life
?
where
?
is one of the following:
-
client
half_life
—Configures the RSSI half life for clients. The valid range for the
half_life
parameter is 0, 1, 2, 5, 10, 20, 30, 60, 90, 120, 180, or 300 seconds, and the default value is 0 seconds.
-
calibrating-client
half_life
—Configures the RSSI half life for calibrating clients. The valid range for the
half_life
parameter is 0, 1, 2, 5, 10, 20, 30, 60, 90, 120, 180, or 300 seconds, and the default value is 0 seconds.
-
tags
half_life
—Configures the RSSI half life for RFID tags. The valid range for the
half_life
parameter is 0, 1, 2, 5, 10, 20, 30, 60, 90, 120, 180, or 300 seconds, and the default value is 0 seconds.
-
rogue-aps
half_life
—Configures the RSSI half life for rogue access points. The valid range for the
half_life
parameter is 0, 1, 2, 5, 10, 20, 30, 60, 90, 120, 180, or 300 seconds, and the default value is 0 seconds.
Some client devices transmit at reduced power immediately after changing channels, and RF is variable, so RSSI values might vary considerably from packet to packet. The
config location rssi-half-life
command increases accuracy by averaging non-uniformly arriving data using a configurable forget period (or half life).
Note Cisco recommends that you do not use or modify the config location rssi-half-life command.
3. To configure the NMSP notification threshold for RSSI measurements, enter this command:
config location notify-threshold
?
where
?
is one of the following:
-
client
threshold
—Configures the NMSP notification threshold (in dB) for clients and rogue clients. The valid range for the
threshold
parameter is 0 to 10 dB, and the default value is 0 dB.
-
tags
threshold
—Configures the NMSP notification threshold (in dB) for RFID tags. The valid range for the
threshold
parameter is 0 to 10 dB, and the default value is 0 dB.
-
rogue-aps
threshold
—Configures the NMSP notification threshold (in dB) for rogue access points. The valid range for the
threshold
parameter is 0 to 10 dB, and the default value is 0 dB.
Note Cisco recommends that you do not use or modify the config location notify-threshold command.
4. To configure the algorithm used to average RSSI and signal-to-noise ratio (SNR) values, enter this command:
config location algorithm
?
where
?
is one of the following:
-
simple
—Specifies a faster algorithm that requires low CPU overhead but provides less accuracy.
-
rssi-average—Specifies a more accurate algorithm but requires more CPU overhead.
Note Cisco recommends that you do not use or modify the config location algorithm command.
Viewing Location Settings
Use these CLI commands to view location information.
1. To view the current location configuration values, enter this command:
show location summary
Information similar to the following appears:
RSSI expiry timeout: 5 sec RSSI expiry timeout: 5 sec RSSI expiry timeout: 5 sec RSSI expiry timeout: 5 sec
2. To see the RSSI table for a particular client, enter this command:
show location detail
client_mac_addr
Information similar to the following appears:
...
[11] AP 00:00:00:00:00:00 : Slot 0 inUse 0, expired 0, Timestamp (antenna-A 0) (antenna-B 0), band 0 rssi (antenna-A 0) (antenna-B 0), snr 0, acceptable 0 [12] AP 00:00:00:00:00:00 : Slot 0 inUse 0, expired 0, Timestamp (antenna-A 0) (antenna-B 0), band 0 rssi (antenna-A 0) (antenna-B 0), snr 0, acceptable 0 [13] AP 00:00:00:00:00:00 : Slot 0 inUse 0, expired 0, Timestamp (antenna-A 0) (antenna-B 0), band 0 rssi (antenna-A -1) (antenna-B 0), snr 0, acceptable 0 [14] AP 00:00:00:00:00:00 : Slot 0 inUse 0, expired 0, Timestamp (antenna-A 0) (antenna-B 0), band 0 rssi (antenna-A 0) (antenna-B 0), snr 0, acceptable 0 [15] AP 00:00:00:00:00:00 : Slot 0 inUse 0, expired 0, Timestamp (antenna-A 0) (antenna-B 0), band 0 rssi (antenna-A 0) (antenna-B 0), snr 0, acceptable 0
3. To see the location-based RFID statistics, enter this command:
show location statistics rfid
Information similar to the following appears:
Database Full : 0 Failed Delete: 0 Null Bufhandle: 0 Bad Packet: 0 Bad LWAPP Data: 0 Bad LWAPP Encap: 0 Off Channel: 0 Bad CCX Version: 0 Above Max RSSI: 0 Below Max RSSI: 0 Invalid RSSI: 0 Add RSSI Failed: 0 Oldest Expired RSSI: 0 Smallest Overwrite: 0
4. To clear the location-based RFID statistics, enter this command:
clear location statistics rfid
5. To clear a specific RFID tag or all of the RFID tags in the entire database, enter this command:
clear location rfid
{
mac_address
|
all
}
6. To see whether location presence (S69) is supported on a client, enter this command:
show client detail
client_mac
When location presence is supported by a client and enabled on a location appliance, the location appliance can provide the client with its location upon request. Location presence is enabled automatically on CCXv5 clients.
Information similar to the following appears:
Client MAC Address............................... 00:40:96:b2:a3:44 Client Username ................................. N/A AP MAC Address................................... 00:18:74:c7:c0:90 Client State..................................... Associated Wireless LAN Id.................................. 1 BSSID............................................ 00:18:74:c7:c0:9f Channel.......................................... 56 IP Address....................................... 192.168.10.28 Association Id................................... 1 Authentication Algorithm......................... Open System Reason Code...................................... 0 Status Code...................................... 0 Session Timeout.................................. 0 Client CCX version............................... 5 Client E2E version............................... No E2E support Diagnostics Capability........................... Supported S69 Capability................................... Supported Mirroring........................................ Disabled QoS Level........................................ Silver
Note See the Cisco Wireless Control System Configuration Guide or the Cisco Location Appliance Configuration Guide for instructions on enabling location presence on a location appliance.
Modifying the NMSP Notification Interval for Clients, RFID Tags, and Rogues
The Network Mobility Services Protocol (NMSP) manages communication between the location appliance and the controller for incoming and outgoing traffic. If your application requires more frequent location updates, you can modify the NMSP notification interval (to a value between 1 and 180 seconds) for clients, active RFID tags, and rogue access points and clients.
Note The TCP port (16113) that the controller and location appliance communicate over must be open (not blocked) on any firewall that exists between the controller and the location appliance for NMSP to function.
Using the controller CLI, follow these steps to modify the NMSP notification interval value on the controller.
Step 1 To set the NMSP notification interval value for clients, RFID tags, and rogue clients and access points, enter these commands, where
interval
is a value between 1 and 180 seconds:
-
config nmsp notification interval rssi clients
interval
-
config nmsp notification interval rssi rfid
interval
-
config nmsp notification interval rssi rogues
interval
Step 2 To see the NMSP notification intervals, enter this command:
show nmsp notification interval
Information similar to the following appears:
NMSP Notification Interval Summary Client.......................................... 2 sec RFID............................................ 0 sec Rogue AP........................................ 2 sec Rogue Client.................................... 2 sec
Viewing NMSP Settings
Use these CLI commands to view NMSP information.
1. To see the status of active NMSP connections, enter this command:
show nmsp status
Information similar to the following appears:
MSE IP Address Tx Echo Resp Rx Echo Req Tx Data Rx Data
-------------- ------------ ----------- ------- -------
171.71.132.107 39046 39046 103742 1
2. To see the NMSP capabilities, enter this command:
show nmsp capability
Information similar to the following appears:
RSSI Mobile Station, Tags, Rogue, Info Mobile Station, Rogue, Statistics Mobile Station, Tags,
3. To see the NMSP counters, enter this command:
show nmsp statistics {summary | connection}
where
–
summary
shows the common NMSP counters, and
–
connection
shows the connection-specific NMSP counters.
Information similar to the following appears for the
show nmsp statistics summary
command:
Client Measure Send Fail......................... 0 Send RSSI with no entry.......................... 0 APP msg too big.................................. 0 Failed Select on Accept Socket................... 0 Failed SSL write................................. 0 Partial SSL write................................ 0 SSL write returned zero.......................... 0 SSL write attempts to want read.................. 0 SSL write attempts to want write................. 0 SSL write got default error...................... 0 SSL write max data length sent................... 0 SSL write max attempts to write in loop.......... 0 SSL read returned zero........................... 0 SSL read attempts to want read................... 0 SSL read attempts to want write.................. 0 SSL read got default error....................... 0 Failed SSL read - Con Rx buf freed............... 0 Failed SSL read - Con/SSL freed.................. 0 Max records read before exiting SSL read......... 0 Normal Prio Tx Q full............................ 0 Highest Prio Tx Q count.......................... 0 Normal Prio Tx Q count........................... 0 Messages sent by APPs to Highest Prio TxQ........ 0 Max Measure Notify Msg........................... 0 Max Info Notify Msg.............................. 0 Max Highest Prio Tx Q Size....................... 0 Max Normal Prio Tx Q Size........................ 0 Max Rx Size...................................... 1 Max Info Notify Q Size........................... 0 Max Client Info Notify Delay..................... 0 Max Rogue AP Info Notify Delay................... 0 Max Rogue Client Info Notify Delay............... 0 Max Client Measure Notify Delay.................. 0 Max Tag Measure Notify Delay..................... 0 Max Rogue AP Measure Notify Delay................ 0 Max Rogue Client Measure Notify Delay............ 0 Max Client Stats Notify Delay.................... 0 Max Client Stats Notify Delay.................... 0 RFID Measurement Periodic........................ 0 RFID Measurement Immediate....................... 0 SSL Handshake failed............................. 0 NMSP Rx detected con failure..................... 0 NMSP Tx detected con failure..................... 0 NMSP Tx buf size exceeded........................ 0 Reconnect Before Conn Timeout................. 0
Information similar to the following appears for each active connection when you enter the
show nmsp statistics connection
command:
Tx message count Rx message count ---------------- ---------------- WLC Capability: 1 MSE Capability: 0 Service Subscr Rsp: 1 Service Subscr Req: 1 Measure Rsp: 0 Measure Req: 0 Stats Rsp: 0 Stats Req: 0 Loc Subscr Req: 0 Loc Subscr Rsp: 0 Loc Unsubscr Req: 0 Loc Unsubscr Rsp: 0 AP Monitor Rsp: 0 AP Monitor Req: 0 IDS Get Rsp: 0 IDS Get Req: 0
IDS Notif: 0 IDS Set Rsp: 0 IDS Set Req: 0
4. To see the mobility services that are active on the controller, enter this command:
show nmsp subscription {summary |
detail
| detail
ip_addr
}
where
–
summary
shows all of the mobility services to which the controller is subscribed,
–
detail shows details for all of the mobility services to which the controller is subscribed,
and
–
detail
ip_addr
shows details only for the mobility services subscribed to by a specific IP address.
Information similar to the following appears for the show nmsp subscription summary command:
Mobility Services Subscribed: 1.4.93.31 RSSI, Info, Statistics
Information similar to the following appears for the show nmsp subscription detail
ip_addr
command:
Mobility Services Subscribed by 1.4.93.31 RSSI Mobile Station, Tags, Statistics Mobile Station, Tags,
5. To clear all NMSP statistics, enter this command:
clear nmsp statistics
Debugging NMSP Issues
Use these CLI commands if you experience any problems with NMSP.
-
To configure NMSP debug options, enter this command:
debug nmsp
?
where
?
is one of the following:
–
all
{
enable
|
disable
}—Enables or disables debugging for all NMSP messages.
–
connection
{
enable
|
disable
}—Enables or disables debugging for NMSP connection events.
–
detail
{
enable
|
disable
}—Enables or disables debugging for NMSP detailed events.
–
error
{
enable
|
disable
}—Enables or disables debugging for NMSP error messages.
–
event
{
enable
|
disable
}—Enables or disables debugging for NMSP events.
–
message
{
tx
|
rx
} {
enable
|
disable
}—Enables or disables debugging for NMSP transmit or receive messages.
–
packet
{
enable
|
disable
}—Enables or disables debugging for NMSP packet events.
-
To enable or disable debugging for IAPP NMSP events, enter this command:
debug iapp nmsp
{
enable
|
disable
}
-
To enable or disable debugging for RFID NMSP messages, enter this command:
debug rfid nmsp
{
enable
|
disable
}
-
To enable or disable debugging for access point monitor NMSP events, enter this command:
debug service ap-monitor nmsp
{
enable
|
disable
}
-
To enable or disable debugging for wIPS NMSP events, enter this command:
debug wips nmsp
{
enable
|
disable
}