Cisco Aironet 3702e Service Manual

USER GUIDE

Cisco Aironet Universal AP Priming and Cisco AirProvision

Last Updated: May 11, 2016

2

1About this Guide

2About Cisco Aironet Universal Access Points

3About Priming a Universal AP and Cisco AirProvision

4Overall Workflow for Priming a Universal AP

5Process of Automatic Priming

6Preparing for Manual Priming

7Downloading and Installing Cisco AirProvision

8Using Cisco AirProvision on Apple iPhones

9Using Cisco AirProvision on Android Smartphones

10Using Cisco AirProvision on Windows Smartphones

11Checking whether the AP is Successfully Primed

12Resetting or Unpriming the AP

13AP Status LED States

14Supported Cisco Aironet Series Universal Access Points

15FAQs

16Related References

3

1 About this Guide

This guide provides instructions on how to prime a Cisco Aironet Universal Access Point (hereafter referred to universal AP or simply as AP).

This guide is to be read in conjunction with the following user guides:

•Cisco Wireless LAN Controller Configuration Guide URL for release 8.0 configuration guide:

http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80.html

•Cisco IOS Configuration Guide for Autonomous Aironet Access Points URL for Cisco IOS Release 15.3(3)JAB configuration guide:

http://www.cisco.com/c/en/us/td/docs/wireless/access_point/15-3-3/configuration/guide/cg15-3-3. html

2 About Cisco Aironet Universal Access Points

Cisco Aironet Universal Access Points address the worldwide regulatory compliance requirements for APs, by dynamically setting their regulatory domain and country configurations based on their geographical location. A universal access point, hence, allows the user to reconfigure its regulatory domain whenever required by the user.

Cisco Aironet Universal Access Points are unlike the current Cisco Aironet Access Point models which have a fixed regulatory domain – such as -A, -E, etc – and are shipped with a permanent preconfigured regulatory compliance configuration. The regulatory domain and country configurations for AP models with a fixed regulatory domain cannot be modified.

For the list of Cisco Aironet access point series which offer universal access point models, see Supported Cisco Aironet Series Universal Access Points, page 38.

3 About Priming a Universal AP and Cisco AirProvision

Priming is the process where the regulatory domain and country configuration for the universal access point is set. The regulatory domain and country configuration for your access point define the valid set of channels and allowed power levels for the country where your AP is installed.

A universal access point can get primed in two ways:

•Manual Priming, using the Cisco AirProvision mobile application

•Automatic Priming, through Cisco Neighbor Discovery Protocol (NDP) message propagation

To get started with priming your universal AP, see Overall Workflow for Priming a Universal AP, page 8.

4

Caution When you reset a primed universal AP, via either software or hardware methods, the AP becomes unprimed. For more information, see Resetting or Unpriming the AP, page 36.

Manual Priming

You can manually prime a universal access point using the Cisco AirProvision mobile application.

During priming, the smartphone running Cisco AirProvision and the universal AP need to be on the same WLAN with the smartphone connected to that universal AP’s SSID.

Note For manual priming to work, ensure that the smartphone running Cisco AirProvision and the universal AP need to be on the same WLAN. The smartphone should be in the same subnet as the management interface of the AP, such that you should be able to ping the AP from the smartphone.

Cisco AirProvision uses the geographical location of the smartphone on which it is running, to decide on the regulatory domain for priming the AP. Cisco AirProvision uses both the GPS coordinates from the smartphone’s GPS unit, and the Mobile Country Code advertised by cellular phone network towers, to properly determine the location of the smartphone. AirProvision’s communication with the universal AP happens on a secure channel.

Any universal AP that was previously primed to a different country and regulatory domain, will require manual priming to correct its country configuration.

For new installations involving universal APs, you need to manually prime at least one universal AP in the radio frequency (RF) neighborhood. After an AP has been successfully manually primed, then other universal APs in the RF neighborhood can get primed via Automatic Priming. However, if automatic priming fails, you need to manually prime the AP.

Note Automatic priming does not work for Autonomous mode APs. Each autonomous mode AP needs to be manually primed.

To get started with priming your universal AP, see Overall Workflow for Priming a Universal AP, page 8.

5

Smart Phone Requirements

Supported Smartphone Platforms

Cisco AirProvision is supported only on smartphone platforms and will not operate on tablet, personal, and desktop computers. Cisco AirProvision is supported on the following smartphone platforms:

•Apple iPhones running Apple iOS 7.0 or higher

•Android 4.0 or higher

•Windows Phone 8.0 or higher

Cisco AirProvision is available for download from iOS App Store, Google Play Store, and Windows Phone Store.

Note Cisco AirProvision will not run on smartphone operating systems that have been Jail-Broken, rooted, or have been otherwise tampered with.

Note Certain Android platforms do not support WPA2-AES (802.1x) security. For such cases Cisco recommends using WPA2-AES (PSK) security.

Internet Access

The smartphone running Cisco AirProvision must have the ability to access the Internet, via Wi-Fi or a cellular data connection. The smartphone’s Wi-Fi capability is required during manual priming.

GPS Capability

A smartphone having GPS capability is preferred. However, Cisco AirProvision can use both the Mobile Country Code advertised by cellular phone network towers and, if available, the GPS coordinates from the smartphone’s GPS unit, to determine the location of the smartphone. During the manual priming process, the smartphone must be in range, and associated to, a cellular tower.

6

Automatic Priming

Note For new installations involving universal APs, you need to manually prime at least one universal AP in the RF neighborhood. Only then can other universal APs in the RF neighborhood can get primed via automatic priming. However, if automatic priming fails, you need to manually prime the AP.

Note Automatic priming works only for Lightweight APs and not for Autonomous mode APs.

Automatic priming relies on Cisco’s proprietary Neighbor Discovery mechanism. A primed universal AP in an RF neighborhood sends out its valid regulatory domain and country configuration in a securely encrypted segment of its 802.11 beacon’s frame. A lightweight universal AP awaiting priming can identify secure Cisco Universal APs in the RF neighborhood, and learns the domain configurations from an adjacent primed AP’s 802.11 beacons frame. Invalid and malicious rogues are filtered out.

For new installations, the very first universal AP to be primed will need to be primed manually using Cisco AirProvision. Once that first universal AP is primed, any other unprimed universal AP booting up in the same network neighborhood receives the same priming information via Cisco NDP (Neighbor Discovery Protocol) from the primed AP. The new unprimed AP takes up the priming information and then reboots as a primed AP. For a look at this process, see Process of Automatic Priming, page 9.

If automatic priming doesn’t work or is unavailable, then the lightweight AP will need to be manually primed using Cisco AirProvision.

Note Cisco NDP information from APs with static regulatory domains (i.e. non-universal access points) are not used for automatic priming of new universal APs.

7

4 Overall Workflow for Priming a Universal AP

Note If your AP was previously primed at another country, then for reinstalling at a new country you need to first reset the AP as described in Resetting or Unpriming the AP, page 36, and then continue with the following workflow.

Step 1 Boot up the universal AP.

For a universal AP awaiting priming, its status LED cycles through Red-Green-Off. For more information on the LED states, see AP Status LED States, page 37.

The universal AP can be running either a Lightweight AP software image or an Autonomous AP software image.

•Lightweight APs can get primed automatically, and if that doesn’t work you will need to manually prime it. For details, see Automatic Priming, page 7, and then see Process of Automatic Priming, page 9.

•Autonomous mode APs can be primed only manually.

To proceed with manual priming, go to Step 2.

Step 2 Prepare the AP for manual priming. See Preparing for Manual Priming, page 10.

Step 3 Download and install the Cisco AirProvision app on a smartphone. Depending on the smartphone’s platform, you can download Cisco AirProvision from iOS App Store, Google Play Store, or Windows Phone Store.

Step 4 Use Cisco AirProvision for manually priming the AP. Depending on your smartphone model, see:

•Using Cisco AirProvision on Apple iPhones, page 19

•Using Cisco AirProvision on Android Smartphones, page 23

•Using Cisco AirProvision on Windows Smartphones, page 30

Step 5 The AP automatically reboots and comes online. It is now fully functional. To confirm that the AP is successfully primed, see Checking whether the AP is Successfully Primed, page 35.

8

5 Process of Automatic Priming

Note To better understand the following process, first see Automatic Priming, page 7.

For a universal AP in the process of getting primed via Cisco NDP, its status LED blinks Blue, White, or Amber depending on which AP series it is. For more information on the LED states, see AP Status LED States, page 37.

The process of automatic priming is as follows:

1.Upon boot up, a lightweight universal AP joins the wireless LAN controller (WLC) just like any non-universal lightweight AP.

2.The universal AP, while continuing to stay connected to the controller, will be scanning the

2.4 GHz and 5 GHz band for NDP messages from neighboring universal APs.

NDP messages are sent, by default, every 60 seconds. Therefore, a newly booted AP may need more than a minute after successfully joining a controller, before detecting and using the NDP messages from an already primed Universal AP in the neighborhood.

3.If automatic priming is available, then the universal AP receives country information, reboots and rejoins the controller as a primed AP. To ensure that your AP is properly primed, see Checking whether the AP is Successfully Primed, page 35.

If automatic priming is unavailable or does not work, the lightweight AP waits for you to manually prime it. To proceed with manual priming, go to Step 2 in the Overall Workflow for Priming a Universal AP.

9

6 Preparing for Manual Priming

For both lightweight and autonomous mode access points that are awaiting manual priming, both the 2.4 GHz and 5 GHz radios are on. SSIDs will broadcast only on the 2.4 GHz band, but at a lower power level that is acceptable in all regulatory domains. SSIDs will not be broadcast on the 5 GHz radio until the AP is primed. The 5 GHz radio will operate in scanner mode and cannot be altered to any other station-role until the AP is primed.

If you need to ensure that your universal AP is unprimed, see Recognizing an Unprimed Universal AP, page 10.

To prepare a WLC and the lightweight universal AP for manual priming, see Preparing a WLC and Lightweight AP for Manual Priming, page 11.

To prepare an autonomous mode AP for manual priming, see Preparing an Autonomous AP for Manual Priming, page 16.

Recognizing an Unprimed Universal AP

For an unprimed Lightweight AP:

•On running the show ap summary command on the WLC, you see that the Country shows ‘UX’.

•On running the show ap config general ap-name command on the WLC, you see that the Universal AP Prime Status is ‘Unprimed’.

•In the WLC GUI, go to Wireless > Access Points > All APs, and click the AP name to see the details. In the Advanced tab, the Country Code is ‘UX’ and Universal Prime Status is ‘Unprimed’.

For an unprimed autonomous mode AP:

•On running the show controllers d0 command, you see that the Carrier Set is ‘UX’. This information can be seen via the AP GUI also.

10

Preparing a WLC and Lightweight AP for Manual Priming

For manual priming to work, your smartphone must connect to the SSID broadcasted by the universal AP that needs to be primed. If your WLC already has access points with static regulatory domains joined, you need to isolate the universal AP in a separate AP group. To ensure this, you must:

1.Create a new WLAN on WLC, called 'Universal' for example. This new WLAN will be using a WLAN ID of 17 or greater. This WLAN should be able to reach the management IP of the controller.

For Cisco 2500 Series Wireless Controllers, the WLAN ID cannot be greater than 16. Hence, the process is different for these controllers. See Preparing a 2500 Series Controller for Manual Priming, page 14.

2.Create a new custom AP group, called 'UniversalAP-Priming' for example, to which only the SSID of the WLAN 'Universal' is added.

3.Add only the universal APs that are awaiting priming, to this new AP group. This ensures that all universal APs that are awaiting priming, will be broadcasting the SSID of the WLAN 'Universal'.

The above steps are elaborated in the following procedure.

Note Only the mandatory configuration steps specific to preparing a WLC and lightweight AP for manual priming, is provided in the following procedure. For generic details on the configuration steps, see the WLANs chapter of the Cisco Wireless LAN Controller Configuration Guide, at the following URL: http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_c g80_chapter_01000100.html

Step 1 Open the WLC graphical user interface (GUI)

Step 2 Choose WLANs to open the WLANs page.

Step 3 Create a new WLAN by choosing Create New from the drop-down list and clicking Go. The WLANs > New page appears.

Step 4 From the Type drop-down list, choose WLAN to create a WLAN.

Step 5 In the Profile Name text box, enter the profile name to be assigned to this WLAN. The profile name must be unique. For example, name it as 'Universal'.

Step 6 In the WLAN SSID text box, enter the SSID to be assigned to this WLAN. This is the same SSID which the smartphone will need to connect to later, when priming the universal AP.

Step 7 From the WLAN ID drop-down list, choose an ID number of 17 or greater for this WLAN.

11

Step 8 Click Apply to commit your changes.

The WLANs > Edit page appears.

Note You can also open the WLANs > Edit page from the WLANs page by clicking the ID number of the WLAN that you want to edit.

Step 9 Go to Security tab > Layer 2 tab.

a.Choose Layer 2 Security as ‘WPA+WPA2’

b.Under WPA+WPA2 Parameters check the WPA2-Policy AES check box.

c.Under Authentication Key Management enable 802.1x or PSK, based on your requirements.

Step 10 Go to the Advanced tab. Enable Universal Admin Support by checking the

Universal AP Admin check box.

Step 11 On the General tab, select the Status check box to enable this WLAN. Alternatively, to enable the WLAN at a later stage:

a.Choose WLANs to open the WLANs page.

b.Enable or disable a WLAN from the WLANs page by selecting the check box to the left of that WLAN.

c.Choose Enable Selected from the drop-down list

d.Click Go.

e.Click Apply.

Step 12 Click Apply to commit your changes.

Step 13 Click Save Configuration to save your changes.

Note The following steps provide only the mandatory steps specific to creating an AP group for the purpose of manual priming. For generic details on creating AP groups on a WLC, see the

Configuring AP Groups section in the Cisco Wireless LAN Controller Configuration Guide, at this URL: http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_c g80_chapter_01011100.html

Step 14 Choose WLANs > Advanced > AP Groups to open the AP Groups page.

Step 15 Click Add Group to create a new access point group. The Add New AP Group section appears at the top of the page.

Step 16 In the AP Group Name text box, enter a name for the group. For example, name it ‘UniversalAP-Priming’.

12

Step 17 In the NAS-ID text box, enter the network access server identifier for the AP group.

Step 18 Click Add.

The newly created access point group appears in the list of access point groups on the AP Groups page.

Step 19 Click the name of the group to edit this new group.

The AP Groups > Edit (General) page appears.

Step 20 Choose the WLANs tab to open the AP Groups > Edit (WLANs) page.

Step 21 Click Add New to assign the previously created WLAN to this access point group. The Add New section appears at the top of the page.

Step 22 From the WLAN SSID drop-down list, choose the SSID of the WLAN, which is the one created in Step 6.

Step 23 Click Add to add this WLAN to the access point group. No other WLAN should be added to this AP group.

Step 24 Choose the APs tab to assign the universal access point(s), that are to be manually primed, to this access point group.

The AP Groups > Edit (APs) page lists the access points that are currently assigned to this group as well as any access points that are available to be added to the group. If an access point is not currently assigned to a group, its group name appears as “default-group”.

Step 25 Select the check box to the left of the access point name and click Add APs to add the universal access point to this access point group. No other APs should be added to this access point group.

Step 26 Click Save Configuration.

After the universal AP is associated to the AP group, it will reboot and rejoin the WLC. After this, proceed with Step 3, in the Overall Workflow for Priming a Universal AP.

Note After the AP is successfully primed you need not maintain the custom WLAN or AP group created during the previous procedure. You can move the primed AP into any other AP group and assign that to a WLAN, with any ID, as per your requirements.

13