Cisco Aironet 3702e Service Manual
USER GUIDE
Cisco Aironet Universal AP Priming and Cisco AirProvision
Last Updated: May 11, 2016
3
2
1 About this Guide
2 About Cisco Aironet Universal Access Points
3 About Priming a Universal AP and Cisco AirProvision
4 Overall Workflow for Priming a Universal AP
5 Process of Automatic Priming
6 Preparing for Manual Priming
7 Downloading and Installing Cisco AirProvision
8 Using Cisco AirProvision on Apple iPhones
9 Using Cisco AirProvision on Android Smartphones
10 Using Cisco AirProvision on Windows Smartphones
11 Checking whether the AP is Successfully Primed
12 Resetting or Unpriming the AP
13 AP Status LED States
14 Supported Cisco Aironet Series Universal Access Points
15 FAQs
16 Related References
1 About this Guide
This guide provides instructions on how to prime a Cisco Aironet Universal Access Point (hereafter
referred to universal AP or simply as AP).
This guide is to be read in conjunction with the following user guides:
• Cisco Wireless LAN Controller Configuration Guide
URL for release 8.0 configuration guide:
http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80.html
• Cisco IOS Configuration Guide for Autonomous Aironet Access Points
URL for Cisco IOS Release 15.3(3)JAB configuration guide:
http://www.cisco.com/c/en/us/td/docs/wireless/access_point/15-3-3/configuration/guide/cg15-3-3.
html
2 About Cisco Aironet Universal Access Points
Cisco Aironet Universal Access Points address the worldwide regulatory compliance requirements for
APs, by dynamically setting their regulatory domain and country configurations based on their
geographical location. A universal access point, hence, allows the user to reconfigure its regulatory
domain whenever required by the user.
Cisco Aironet Universal Access Points are unlike the current Cisco Aironet Access Point models which
have a fixed regulatory domain – such as -A, -E, etc – and are shipped with a permanent preconfigured
regulatory compliance configuration. The regulatory domain and country configurations for AP
models with a fixed regulatory domain cannot be modified.
For the list of Cisco Aironet access point series which offer universal access point models, see
Supported Cisco Aironet Series Universal Access Points, page 38.
3 About Priming a Universal AP and Cisco AirProvision
Priming is the process where the regulatory domain and country configuration for the universal access
point is set. The regulatory domain and country configuration for your access point define the valid
set of channels and allowed power levels for the country where your AP is installed.
A universal access point can get primed in two ways:
• Manual Priming, using the Cisco AirProvision mobile application
• Automatic Priming, through Cisco Neighbor Discovery Protocol (NDP) message propagation
To get started with priming your universal AP, see Overall Workflow for Priming a Universal AP,
page 8.
4
Caution When you reset a primed universal AP, via either software or hardware methods, the AP
becomes unprimed. For more information, see Resetting or Unpriming the AP, page 36.
Manual Priming
You can manually prime a universal access point using the Cisco AirProvision mobile application.
During priming, the smartphone running Cisco AirProvision and the universal AP need to be on the
same WLAN with the smartphone connected to that universal AP’s SSID.
Note For manual priming to work, ensure that the smartphone running Cisco AirProvision and the
universal AP need to be on the same WLAN. The smartphone should be in the same subnet as
the management interface of the AP, such that you should be able to ping the AP from the
smartphone.
Cisco AirProvision uses the geographical location of the smartphone on which it is running, to decide
on the regulatory domain for priming the AP. Cisco AirProvision uses both the GPS coordinates from
the smartphone’s GPS unit, and the Mobile Country Code advertised by cellular phone network
towers, to properly determine the location of the smartphone. AirProvision’s communication with the
universal AP happens on a secure channel.
Any universal AP that was previously primed to a different country and regulatory domain, will
require manual priming to correct its country configuration.
For new installations involving universal APs, you need to manually prime at least one universal AP
in the radio frequency (RF) neighborhood. After an AP has been successfully manually primed, then
other universal APs in the RF neighborhood can get primed via Automatic Priming. However, if
automatic priming fails, you need to manually prime the AP.
Note Automatic priming does not work for Autonomous mode APs. Each autonomous mode AP
needs to be manually primed.
To get started with priming your universal AP, see Overall Workflow for Priming a Universal AP,
page 8.
5
Smart Phone Requirements
Supported Smartphone Platforms
Cisco AirProvision is supported only on smartphone platforms and will not operate on tablet,
personal, and desktop computers. Cisco AirProvision is supported on the following smartphone
platforms:
• Apple iPhones running Apple iOS 7.0 or higher
• Android 4.0 or higher
• Windows Phone 8.0 or higher
Cisco AirProvision is available for download from iOS App Store, Google Play Store, and Windows
Phone Store.
Note Cisco AirProvision will not run on smartphone operating systems that have been Jail-Broken,
rooted, or have been otherwise tampered with.
Note Certain Android platforms do not support WPA2-AES (802.1x) security. For such cases Cisco
recommends using WPA2-AES (PSK) security.
Internet Access
The smartphone running Cisco AirProvision must have the ability to access the Internet, via Wi-Fi or
a cellular data connection. The smartphone’s Wi-Fi capability is required during manual priming.
GPS Capability
A smartphone having GPS capability is preferred. However, Cisco AirProvision can use both the
Mobile Country Code advertised by cellular phone network towers and, if available, the GPS
coordinates from the smartphone’s GPS unit, to determine the location of the smartphone. During the
manual priming process, the smartphone must be in range, and associated to, a cellular tower.
6
Automatic Priming
Note For new installations involving universal APs, you need to manually prime at least one
universal AP in the RF neighborhood. Only then can other universal APs in the RF
neighborhood can get primed via automatic priming. However, if automatic priming fails, you
need to manually prime the AP.
Note Automatic priming works only for Lightweight APs and not for Autonomous mode APs.
Automatic priming relies on Cisco’s proprietary Neighbor Discovery mechanism. A primed universal
AP in an RF neighborhood sends out its valid regulatory domain and country configuration in a
securely encrypted segment of its 802.11 beacon’s frame. A lightweight universal AP awaiting priming
can identify secure Cisco Universal APs in the RF neighborhood, and learns the domain configurations
from an adjacent primed AP’s 802.11 beacons frame. Invalid and malicious rogues are filtered out.
For new installations, the very first universal AP to be primed will need to be primed manually using
Cisco AirProvision. Once that first universal AP is primed, any other unprimed universal AP booting
up in the same network neighborhood receives the same priming information via Cisco NDP
(Neighbor Discovery Protocol) from the primed AP. The new unprimed AP takes up the priming
information and then reboots as a primed AP. For a look at this process, see Process of Automatic
Priming, page 9.
If automatic priming doesn’t work or is unavailable, then the lightweight AP will need to be manually
primed using Cisco AirProvision.
Note Cisco NDP information from APs with static regulatory domains (i.e. non-universal access
points) are not used for automatic priming of new universal APs.
7
4 Overall Workflow for Priming a Universal AP
Note If your AP was previously primed at another country, then for reinstalling at a new country
you need to first reset the AP as described in Resetting or Unpriming the AP, page 36, and
then continue with the following workflow.
Step 1 Boot up the universal AP.
For a universal AP awaiting priming, its status LED cycles through Red-Green-Off. For more
information on the LED states, see AP Status LED States, page 37.
The universal AP can be running either a Lightweight AP software image or an Autonomous
AP software image.
• Lightweight APs can get primed automatically, and if that doesn’t work you will need to
manually prime it. For details, see Automatic Priming, page 7, and then see Process of
Automatic Priming, page 9.
• Autonomous mode APs can be primed only manually.
To proceed with manual priming, go to Step 2.
Step 2 Prepare the AP for manual priming. See Preparing for Manual Priming, page 10.
Step 3 Download and install the Cisco AirProvision app on a smartphone. Depending on the
smartphone’s platform, you can download Cisco AirProvision from iOS App Store, Google
Play Store, or Windows Phone Store.
Step 4 Use Cisco AirProvision for manually priming the AP. Depending on your smartphone model,
see:
• Using Cisco AirProvision on Apple iPhones, page 19
• Using Cisco AirProvision on Android Smartphones, page 23
• Using Cisco AirProvision on Windows Smartphones, page 30
Step 5 The AP automatically reboots and comes online. It is now fully functional. To confirm that
the AP is successfully primed, see Checking whether the AP is Successfully Primed, page 35.
8
5 Process of Automatic Priming
Note To better understand the following process, first see Automatic Priming, page 7.
For a universal AP in the process of getting primed via Cisco NDP, its status LED blinks Blue, White,
or Amber depending on which AP series it is. For more information on the LED states, see AP Status
LED States, page 37.
The process of automatic priming is as follows:
1. Upon boot up, a lightweight universal AP joins the wireless LAN controller (WLC) just like any
non-universal lightweight AP.
2. The universal AP, while continuing to stay connected to the controller, will be scanning the
2.4 GHz and 5 GHz band for NDP messages from neighboring universal APs.
NDP messages are sent, by default, every 60 seconds. Therefore, a newly booted AP may need
more than a minute after successfully joining a controller, before detecting and using the NDP
messages from an already primed Universal AP in the neighborhood.
3. If automatic priming is available, then the universal AP receives country information, reboots and
rejoins the controller as a primed AP. To ensure that your AP is properly primed, see Checking
whether the AP is Successfully Primed, page 35.
If automatic priming is unavailable or does not work, the lightweight AP waits for you to manually
prime it. To proceed with manual priming, go to Step 2 in the Overall Workflow for Priming a
Universal AP.
9
6 Preparing for Manual Priming
For both lightweight and autonomous mode access points that are awaiting manual priming, both the
2.4 GHz and 5 GHz radios are on. SSIDs will broadcast only on the 2.4 GHz band, but at a lower
power level that is acceptable in all regulatory domains. SSIDs will not be broadcast on the 5 GHz
radio until the AP is primed. The 5 GHz radio will operate in scanner mode and cannot be altered to
any other station-role until the AP is primed.
If you need to ensure that your universal AP is unprimed, see Recognizing an Unprimed Universal AP,
page 10.
To prepare a WLC and the lightweight universal AP for manual priming, see Preparing a WLC and
Lightweight AP for Manual Priming, page 11.
To prepare an autonomous mode AP for manual priming, see Preparing an Autonomous AP for
Manual Priming, page 16.
Recognizing an Unprimed Universal AP
For an unprimed Lightweight AP:
• On running the show ap summary command on the WLC, you see that the Country shows ‘UX’.
• On running the show ap config general ap-name command on the WLC, you see that the Universal
AP Prime Status is ‘Unprimed’.
• In the WLC GUI, go to Wireless > Access Points > All APs, and click the AP name to see the details.
In the Advanced tab, the Country Code is ‘UX’ and Universal Prime Status is ‘Unprimed’.
For an unprimed autonomous mode AP:
• On running the show controllers d0 command, you see that the Carrier Set is ‘UX’. This
information can be seen via the AP GUI also.
10
Preparing a WLC and Lightweight AP for Manual Priming
For manual priming to work, your smartphone must connect to the SSID broadcasted by the universal
AP that needs to be primed. If your WLC already has access points with static regulatory domains
joined, you need to isolate the universal AP in a separate AP group. To ensure this, you must:
1. Create a new WLAN on WLC, called 'Universal' for example. This new WLAN will be using a
WLAN ID of 17 or greater. This WLAN should be able to reach the management IP of the
controller.
For Cisco 2500 Series Wireless Controllers, the WLAN ID cannot be greater than 16. Hence, the
process is different for these controllers. See Preparing a 2500 Series Controller for Manual
Priming, page 14.
2. Create a new custom AP group, called 'UniversalAP-Priming' for example, to which only the SSID
of the WLAN 'Universal' is added.
3. Add only the universal APs that are awaiting priming, to this new AP group. This ensures that all
universal APs that are awaiting priming, will be broadcasting the SSID of the WLAN 'Universal'.
The above steps are elaborated in the following procedure.
Note Only the mandatory configuration steps specific to preparing a WLC and lightweight AP for
manual priming, is provided in the following procedure. For generic details on the
configuration steps, see the WLANs chapter of the Cisco Wireless LAN Controller
Configuration Guide, at the following URL:
http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_c
g80_chapter_01000100.html
Step 1 Open the WLC graphical user interface (GUI)
Step 2 Choose WLANs to open the WLANs page.
Step 3 Create a new WLAN by choosing Create New from the drop-down list and clicking Go.
The WLANs > New page appears.
Step 4 From the Ty pe drop-down list, choose WLAN to create a WLAN.
Step 5 In the Profile Name text box, enter the profile name to be assigned to this WLAN. The profile
name must be unique. For example, name it as 'Universal'.
Step 6 In the WLAN SSID text box, enter the SSID to be assigned to this WLAN. This is the same
SSID which the smartphone will need to connect to later, when priming the universal AP.
Step 7 From the WLAN ID drop-down list, choose an ID number of 17 or greater for this WLAN.
11
Step 8 Click Apply to commit your changes.
The WLANs > Edit page appears.
Note You can also open the WLANs > Edit page from the WLANs page by clicking the ID
number of the WLAN that you want to edit.
Step 9 Go to Security tab > Layer 2 tab.
a. Choose Layer 2 Security as ‘WPA+WPA2’
b. Under WPA+WPA2 Parameters check the WPA2-Policy AES check box.
c. Under Authentication Key Management enable 802.1x or PSK, based on your requirements.
Step 10 Go to the Advanced tab. Enable Universal Admin Support by checking the
Universal AP Admin check box.
Step 11 On the General tab, select the Status check box to enable this WLAN.
Alternatively, to enable the WLAN at a later stage:
a. Choose WLANs to open the WLANs page.
b. Enable or disable a WLAN from the WLANs page by selecting the check box to the left of
that WLAN.
c. Choose Enable Selected from the drop-down list
d. Click Go.
e. Click Apply.
Step 12 Click Apply to commit your changes.
Step 13 Click Save Configuration to save your changes.
Note The following steps provide only the mandatory steps specific to creating an AP group for the
purpose of manual priming. For generic details on creating AP groups on a WLC, see the
Configuring AP Groups section in the Cisco Wireless LAN Controller Configuration Guide,
at this URL:
http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_c
g80_chapter_01011100.html
Step 14 Choose WLANs > Advanced > AP Groups to open the AP Groups page.
Step 15 Click Add Group to create a new access point group. The Add New AP Group section appears
at the top of the page.
Step 16 In the AP Group Name text box, enter a name for the group. For example, name it
‘UniversalAP-Priming’.
12
Step 17 In the NAS-ID text box, enter the network access server identifier for the AP group.
Step 18 Click Add.
The newly created access point group appears in the list of access point groups on the AP
Groups page.
Step 19 Click the name of the group to edit this new group.
The AP Groups > Edit (General) page appears.
Step 20 Choose the WLANs tab to open the AP Groups > Edit (WLANs) page.
Step 21 Click Add New to assign the previously created WLAN to this access point group.
The Add New section appears at the top of the page.
Step 22 From the WLAN SSID drop-down list, choose the SSID of the WLAN, which is the one created
in Step 6.
Step 23 Click Add to add this WLAN to the access point group. No other WLAN should be added to
this AP group.
Step 24 Choose the APs tab to assign the universal access point(s), that are to be manually primed, to
this access point group.
The AP Groups > Edit (APs) page lists the access points that are currently assigned to this
group as well as any access points that are available to be added to the group. If an access
point is not currently assigned to a group, its group name appears as “default-group”.
Step 25 Select the check box to the left of the access point name and click Add APs to add the universal
access point to this access point group. No other APs should be added to this access point
group.
Step 26 Click Save Configuration.
After the universal AP is associated to the AP group, it will reboot and rejoin the WLC. After this,
proceed with Step 3, in the Overall Workflow for Priming a Universal AP.
Note After the AP is successfully primed you need not maintain the custom WLAN or AP group
created during the previous procedure. You can move the primed AP into any other AP group
and assign that to a WLAN, with any ID, as per your requirements.
13
Loading...