Cisco Aironet 3702e Service Manual

USER GUIDE

Cisco Aironet Universal AP Priming and Cisco AirProvision

Last Updated: May 11, 2016

3

2

1 About this Guide

2 About Cisco Aironet Universal Access Points

3 About Priming a Universal AP and Cisco AirProvision

4 Overall Workflow for Priming a Universal AP

5 Process of Automatic Priming

6 Preparing for Manual Priming

7 Downloading and Installing Cisco AirProvision

8 Using Cisco AirProvision on Apple iPhones

9 Using Cisco AirProvision on Android Smartphones

10 Using Cisco AirProvision on Windows Smartphones

11 Checking whether the AP is Successfully Primed

12 Resetting or Unpriming the AP

13 AP Status LED States

14 Supported Cisco Aironet Series Universal Access Points

15 FAQs

16 Related References

1 About this Guide

This guide provides instructions on how to prime a Cisco Aironet Universal Access Point (hereafter
referred to universal AP or simply as AP).

This guide is to be read in conjunction with the following user guides:

• Cisco Wireless LAN Controller Configuration Guide
URL for release 8.0 configuration guide:

http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80.html

• Cisco IOS Configuration Guide for Autonomous Aironet Access Points
URL for Cisco IOS Release 15.3(3)JAB configuration guide:

http://www.cisco.com/c/en/us/td/docs/wireless/access_point/15-3-3/configuration/guide/cg15-3-3.
html

2 About Cisco Aironet Universal Access Points

Cisco Aironet Universal Access Points address the worldwide regulatory compliance requirements for
APs, by dynamically setting their regulatory domain and country configurations based on their
geographical location. A universal access point, hence, allows the user to reconfigure its regulatory
domain whenever required by the user.

Cisco Aironet Universal Access Points are unlike the current Cisco Aironet Access Point models which
have a fixed regulatory domain – such as -A, -E, etc – and are shipped with a permanent preconfigured
regulatory compliance configuration. The regulatory domain and country configurations for AP
models with a fixed regulatory domain cannot be modified.

For the list of Cisco Aironet access point series which offer universal access point models, see

Supported Cisco Aironet Series Universal Access Points, page 38.

3 About Priming a Universal AP and Cisco AirProvision

Priming is the process where the regulatory domain and country configuration for the universal access
point is set. The regulatory domain and country configuration for your access point define the valid
set of channels and allowed power levels for the country where your AP is installed.

A universal access point can get primed in two ways:

• Manual Priming, using the Cisco AirProvision mobile application

• Automatic Priming, through Cisco Neighbor Discovery Protocol (NDP) message propagation

To get started with priming your universal AP, see Overall Workflow for Priming a Universal AP,

page 8.

4

Caution When you reset a primed universal AP, via either software or hardware methods, the AP

becomes unprimed. For more information, see Resetting or Unpriming the AP, page 36.

Manual Priming

You can manually prime a universal access point using the Cisco AirProvision mobile application.

During priming, the smartphone running Cisco AirProvision and the universal AP need to be on the
same WLAN with the smartphone connected to that universal AP’s SSID.

Note For manual priming to work, ensure that the smartphone running Cisco AirProvision and the

universal AP need to be on the same WLAN. The smartphone should be in the same subnet as
the management interface of the AP, such that you should be able to ping the AP from the
smartphone.

Cisco AirProvision uses the geographical location of the smartphone on which it is running, to decide
on the regulatory domain for priming the AP. Cisco AirProvision uses both the GPS coordinates from
the smartphone’s GPS unit, and the Mobile Country Code advertised by cellular phone network
towers, to properly determine the location of the smartphone. AirProvision’s communication with the
universal AP happens on a secure channel.

Any universal AP that was previously primed to a different country and regulatory domain, will
require manual priming to correct its country configuration.

For new installations involving universal APs, you need to manually prime at least one universal AP
in the radio frequency (RF) neighborhood. After an AP has been successfully manually primed, then
other universal APs in the RF neighborhood can get primed via Automatic Priming. However, if
automatic priming fails, you need to manually prime the AP.

Note Automatic priming does not work for Autonomous mode APs. Each autonomous mode AP

needs to be manually primed.

To get started with priming your universal AP, see Overall Workflow for Priming a Universal AP,

page 8.

5

Smart Phone Requirements

Supported Smartphone Platforms

Cisco AirProvision is supported only on smartphone platforms and will not operate on tablet,
personal, and desktop computers. Cisco AirProvision is supported on the following smartphone
platforms:

• Apple iPhones running Apple iOS 7.0 or higher

• Android 4.0 or higher

• Windows Phone 8.0 or higher

Cisco AirProvision is available for download from iOS App Store, Google Play Store, and Windows
Phone Store.

Note Cisco AirProvision will not run on smartphone operating systems that have been Jail-Broken,

rooted, or have been otherwise tampered with.

Note Certain Android platforms do not support WPA2-AES (802.1x) security. For such cases Cisco

recommends using WPA2-AES (PSK) security.

Internet Access

The smartphone running Cisco AirProvision must have the ability to access the Internet, via Wi-Fi or
a cellular data connection. The smartphone’s Wi-Fi capability is required during manual priming.

GPS Capability

A smartphone having GPS capability is preferred. However, Cisco AirProvision can use both the
Mobile Country Code advertised by cellular phone network towers and, if available, the GPS
coordinates from the smartphone’s GPS unit, to determine the location of the smartphone. During the
manual priming process, the smartphone must be in range, and associated to, a cellular tower.

6

Automatic Priming

Note For new installations involving universal APs, you need to manually prime at least one

universal AP in the RF neighborhood. Only then can other universal APs in the RF
neighborhood can get primed via automatic priming. However, if automatic priming fails, you
need to manually prime the AP.

Note Automatic priming works only for Lightweight APs and not for Autonomous mode APs.

Automatic priming relies on Cisco’s proprietary Neighbor Discovery mechanism. A primed universal
AP in an RF neighborhood sends out its valid regulatory domain and country configuration in a
securely encrypted segment of its 802.11 beacon’s frame. A lightweight universal AP awaiting priming
can identify secure Cisco Universal APs in the RF neighborhood, and learns the domain configurations
from an adjacent primed AP’s 802.11 beacons frame. Invalid and malicious rogues are filtered out.

For new installations, the very first universal AP to be primed will need to be primed manually using
Cisco AirProvision. Once that first universal AP is primed, any other unprimed universal AP booting
up in the same network neighborhood receives the same priming information via Cisco NDP
(Neighbor Discovery Protocol) from the primed AP. The new unprimed AP takes up the priming
information and then reboots as a primed AP. For a look at this process, see Process of Automatic

Priming, page 9.

If automatic priming doesn’t work or is unavailable, then the lightweight AP will need to be manually
primed using Cisco AirProvision.

Note Cisco NDP information from APs with static regulatory domains (i.e. non-universal access

points) are not used for automatic priming of new universal APs.

7

4 Overall Workflow for Priming a Universal AP

Note If your AP was previously primed at another country, then for reinstalling at a new country

you need to first reset the AP as described in Resetting or Unpriming the AP, page 36, and
then continue with the following workflow.

Step 1 Boot up the universal AP.

For a universal AP awaiting priming, its status LED cycles through Red-Green-Off. For more
information on the LED states, see AP Status LED States, page 37.

The universal AP can be running either a Lightweight AP software image or an Autonomous
AP software image.

• Lightweight APs can get primed automatically, and if that doesn’t work you will need to
manually prime it. For details, see Automatic Priming, page 7, and then see Process of

Automatic Priming, page 9.

• Autonomous mode APs can be primed only manually.

To proceed with manual priming, go to Step 2.

Step 2 Prepare the AP for manual priming. See Preparing for Manual Priming, page 10.

Step 3 Download and install the Cisco AirProvision app on a smartphone. Depending on the

smartphone’s platform, you can download Cisco AirProvision from iOS App Store, Google
Play Store, or Windows Phone Store.

Step 4 Use Cisco AirProvision for manually priming the AP. Depending on your smartphone model,

see:

• Using Cisco AirProvision on Apple iPhones, page 19

• Using Cisco AirProvision on Android Smartphones, page 23

• Using Cisco AirProvision on Windows Smartphones, page 30

Step 5 The AP automatically reboots and comes online. It is now fully functional. To confirm that

the AP is successfully primed, see Checking whether the AP is Successfully Primed, page 35.

8

5 Process of Automatic Priming

Note To better understand the following process, first see Automatic Priming, page 7.

For a universal AP in the process of getting primed via Cisco NDP, its status LED blinks Blue, White,
or Amber depending on which AP series it is. For more information on the LED states, see AP Status

LED States, page 37.

The process of automatic priming is as follows:

1. Upon boot up, a lightweight universal AP joins the wireless LAN controller (WLC) just like any
non-universal lightweight AP.

2. The universal AP, while continuing to stay connected to the controller, will be scanning the

2.4 GHz and 5 GHz band for NDP messages from neighboring universal APs.
NDP messages are sent, by default, every 60 seconds. Therefore, a newly booted AP may need
more than a minute after successfully joining a controller, before detecting and using the NDP
messages from an already primed Universal AP in the neighborhood.

3. If automatic priming is available, then the universal AP receives country information, reboots and
rejoins the controller as a primed AP. To ensure that your AP is properly primed, see Checking

whether the AP is Successfully Primed, page 35.

If automatic priming is unavailable or does not work, the lightweight AP waits for you to manually
prime it. To proceed with manual priming, go to Step 2 in the Overall Workflow for Priming a

Universal AP.

9

6 Preparing for Manual Priming

For both lightweight and autonomous mode access points that are awaiting manual priming, both the

2.4 GHz and 5 GHz radios are on. SSIDs will broadcast only on the 2.4 GHz band, but at a lower
power level that is acceptable in all regulatory domains. SSIDs will not be broadcast on the 5 GHz
radio until the AP is primed. The 5 GHz radio will operate in scanner mode and cannot be altered to
any other station-role until the AP is primed.

If you need to ensure that your universal AP is unprimed, see Recognizing an Unprimed Universal AP,

page 10.

To prepare a WLC and the lightweight universal AP for manual priming, see Preparing a WLC and

Lightweight AP for Manual Priming, page 11.

To prepare an autonomous mode AP for manual priming, see Preparing an Autonomous AP for

Manual Priming, page 16.

Recognizing an Unprimed Universal AP

For an unprimed Lightweight AP:

• On running the show ap summary command on the WLC, you see that the Country shows ‘UX’.

• On running the show ap config general ap-name command on the WLC, you see that the Universal

AP Prime Status is ‘Unprimed’.

• In the WLC GUI, go to Wireless > Access Points > All APs, and click the AP name to see the details.
In the Advanced tab, the Country Code is ‘UX’ and Universal Prime Status is ‘Unprimed’.

For an unprimed autonomous mode AP:

• On running the show controllers d0 command, you see that the Carrier Set is ‘UX’. This
information can be seen via the AP GUI also.

10

Preparing a WLC and Lightweight AP for Manual Priming

For manual priming to work, your smartphone must connect to the SSID broadcasted by the universal
AP that needs to be primed. If your WLC already has access points with static regulatory domains
joined, you need to isolate the universal AP in a separate AP group. To ensure this, you must:

1. Create a new WLAN on WLC, called 'Universal' for example. This new WLAN will be using a
WLAN ID of 17 or greater. This WLAN should be able to reach the management IP of the
controller.

For Cisco 2500 Series Wireless Controllers, the WLAN ID cannot be greater than 16. Hence, the
process is different for these controllers. See Preparing a 2500 Series Controller for Manual

Priming, page 14.

2. Create a new custom AP group, called 'UniversalAP-Priming' for example, to which only the SSID
of the WLAN 'Universal' is added.

3. Add only the universal APs that are awaiting priming, to this new AP group. This ensures that all
universal APs that are awaiting priming, will be broadcasting the SSID of the WLAN 'Universal'.

The above steps are elaborated in the following procedure.

Note Only the mandatory configuration steps specific to preparing a WLC and lightweight AP for

manual priming, is provided in the following procedure. For generic details on the
configuration steps, see the WLANs chapter of the Cisco Wireless LAN Controller
Configuration Guide, at the following URL:

http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_c
g80_chapter_01000100.html

Step 1 Open the WLC graphical user interface (GUI)

Step 2 Choose WLANs to open the WLANs page.

Step 3 Create a new WLAN by choosing Create New from the drop-down list and clicking Go.

The WLANs > New page appears.

Step 4 From the Ty pe drop-down list, choose WLAN to create a WLAN.

Step 5 In the Profile Name text box, enter the profile name to be assigned to this WLAN. The profile

name must be unique. For example, name it as 'Universal'.

Step 6 In the WLAN SSID text box, enter the SSID to be assigned to this WLAN. This is the same

SSID which the smartphone will need to connect to later, when priming the universal AP.

Step 7 From the WLAN ID drop-down list, choose an ID number of 17 or greater for this WLAN.

11

Step 8 Click Apply to commit your changes.

The WLANs > Edit page appears.

Note You can also open the WLANs > Edit page from the WLANs page by clicking the ID

number of the WLAN that you want to edit.

Step 9 Go to Security tab > Layer 2 tab.

a. Choose Layer 2 Security as ‘WPA+WPA2’

b. Under WPA+WPA2 Parameters check the WPA2-Policy AES check box.

c. Under Authentication Key Management enable 802.1x or PSK, based on your requirements.

Step 10 Go to the Advanced tab. Enable Universal Admin Support by checking the

Universal AP Admin check box.

Step 11 On the General tab, select the Status check box to enable this WLAN.

Alternatively, to enable the WLAN at a later stage:

a. Choose WLANs to open the WLANs page.

b. Enable or disable a WLAN from the WLANs page by selecting the check box to the left of

that WLAN.

c. Choose Enable Selected from the drop-down list

d. Click Go.

e. Click Apply.

Step 12 Click Apply to commit your changes.

Step 13 Click Save Configuration to save your changes.

Note The following steps provide only the mandatory steps specific to creating an AP group for the

purpose of manual priming. For generic details on creating AP groups on a WLC, see the
Configuring AP Groups section in the Cisco Wireless LAN Controller Configuration Guide,
at this URL:

http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_c
g80_chapter_01011100.html

Step 14 Choose WLANs > Advanced > AP Groups to open the AP Groups page.

Step 15 Click Add Group to create a new access point group. The Add New AP Group section appears

at the top of the page.

Step 16 In the AP Group Name text box, enter a name for the group. For example, name it

‘UniversalAP-Priming’.

12

Step 17 In the NAS-ID text box, enter the network access server identifier for the AP group.

Step 18 Click Add.

The newly created access point group appears in the list of access point groups on the AP
Groups page.

Step 19 Click the name of the group to edit this new group.

The AP Groups > Edit (General) page appears.

Step 20 Choose the WLANs tab to open the AP Groups > Edit (WLANs) page.

Step 21 Click Add New to assign the previously created WLAN to this access point group.

The Add New section appears at the top of the page.

Step 22 From the WLAN SSID drop-down list, choose the SSID of the WLAN, which is the one created

in Step 6.

Step 23 Click Add to add this WLAN to the access point group. No other WLAN should be added to

this AP group.

Step 24 Choose the APs tab to assign the universal access point(s), that are to be manually primed, to

this access point group.

The AP Groups > Edit (APs) page lists the access points that are currently assigned to this
group as well as any access points that are available to be added to the group. If an access
point is not currently assigned to a group, its group name appears as “default-group”.

Step 25 Select the check box to the left of the access point name and click Add APs to add the universal

access point to this access point group. No other APs should be added to this access point
group.

Step 26 Click Save Configuration.

After the universal AP is associated to the AP group, it will reboot and rejoin the WLC. After this,
proceed with Step 3, in the Overall Workflow for Priming a Universal AP.

Note After the AP is successfully primed you need not maintain the custom WLAN or AP group

created during the previous procedure. You can move the primed AP into any other AP group
and assign that to a WLAN, with any ID, as per your requirements.

13

Preparing a 2500 Series Controller for Manual Priming

Step 1 Open the WLC graphical user interface (GUI)

Step 2 Choose WLANs to open the WLANs page.

This page lists all of the WLANs currently configured on the controller. For each WLAN, you
can see its WLAN ID, profile name, type, SSID, status, and security policies.

Step 3 Click the WLAN ID of the WLAN to which the universal AP is to associate. The SSID of this

WLAN is the same SSID which the smartphone will need to connect to later, when priming
the universal AP.

Step 4 Go to Security tab > Layer 2 tab.

a. Choose Layer 2 Security as ‘WPA+WPA2’

b. Under WPA+WPA2 Parameters check the WPA2-Policy AES check box.

c. Under Authentication Key Management enable 802.1x or PSK, based on your requirements.

Step 5 Go to the Advanced tab. Enable Universal Admin Support by checking the

Universal AP Admin check box.

Step 6 On the General tab, select the Status check box to enable this WLAN.

Alternatively, to enable the WLAN at a later stage:

a. Choose WLANs to open the WLANs page.

b. Enable or disable a WLAN from the WLANs page by selecting the check box to the left of

that WLAN.

c. Choose Enable Selected from the drop-down list

d. Click Go.

e. Click Apply.

Step 7 Click Apply to commit your changes.

Step 8 Click Save Configuration to save your changes.

During manual priming, using Cisco AirProvision, ensure that all non-universal APs on this WLAN
are disabled. This ensures that the smartphone connects to only the universal AP awaiting priming.

Once your configuration settings are committed, proceed with Step 3, in the Overall Workflow for Priming

a Universal AP.

Note For information on WLANs and on changing WLAN settings, see the WLANs chapter of the

Cisco Wireless LAN Controller Configuration Guide, at the following URL:

http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_c
g80_chapter_01000100.html

14

16

15

Preparing an Autonomous AP for Manual Priming

Note Only the mandatory configuration steps specific to preparing an autonomous mode AP for

manual priming, is provided in the following procedure. For generic details on configuring an
autonomous AP, see the Configuring the Access Point for the First Time chapter of the Cisco
IOS Configuration Guide for Autonomous Aironet Access Points, at the following URL:

http://www.cisco.com/c/en/us/td/docs/wireless/access_point/15-3-3/configuration/guide/cg15­3-3/cg15-3-3-chap4-first.html

Step 1 Open your Internet browser.

Step 2 Enter the wireless device IP address, assigned by the DHCP server, in the browser address line

and press Enter.
An Enter Network Password screen appears.

Step 3 Press Tab to bypass the Username field and advance to the Password field.

Step 4 Enter the case-sensitive password ‘Cisco’ and press Enter.

The Summary Status page appears.

Step 5 Go to Easy Setup > Network Configuration.

Here, you can leave the following Network Configuration settings with their default values:

Configuration Setting Default Value

Host Name ap

Server Protocol DHCP

IP Address

As assigned by DHCP

IP Subnet Mask

Default Gateway

IPv6 Protocol DHCP and Autoconfig are

checked

SNMP Community defaultCommunity (read-only)

Step 6 Under Radio Configuration, for Radio 2.4 GHz, set the following configuration values:

Configuration Field To be set as

SSID Enter the SSID to be broadcasted by the radio.

The SSID that is specified for the 2.4 GHz radio is the same one to
which the smartphone running Cisco AirProvision should connect
to during priming.

Broadcast SSID in Beacon Check this check box

Universal AP Admin Mode Enable

Security WPA/WPA2

Role in Radio Network Access Point

VLAN No VLAN.

However, if you are using a VLAN, then it should be able to reach
the autonomous AP's management IP address.

Optimize Radio Network for Default

Aironet Extensions Enable

Channel Least-Congested

Power Maximum

Note The 5 GHz radio will be Scanner mode. It cannot be configured until the AP is primed.

Step 7 Click Apply to save your settings.

Step 8 Click Network Interfaces to browse to the Network Interfaces Summary page.

Step 9 Click the Dot11Radio 0 radio interface to browse to the Network Interfaces: Radio Status

page.

Step 10 Click the Settings tab to browse to the Settings page for the radio interface.

Step 11 Click Enable to enable the radio.

Step 12 Click Apply.

Step 13 Go to Security > SSID Manager.

This opens the Security: Global SSID Manager page.

Step 14 In the Current SSID List, click the SSID associated to 2.4 GHz radio (as configured in Step 6).

For that SSID, check the Universal AP Admin Mode check box.

Step 15 Click Apply to save your settings.

17

After this, proceed with Step 3, in the Overall Workflow for Priming a Universal AP.

7 Downloading and Installing Cisco AirProvision

Step 1 For Android smartphones, go to your phone’s settings and select:

• Allow installation from unknown sources

• Allow USB debugging

Step 2 Depending on the smartphone’s platform, you can download Cisco AirProvision from

iOS App Store, Google Play Store, or Windows Phone Store. Download and install the Cisco
AirProvision app on your smartphone.

Once Cisco AirProvision is installed, continue with Step 4 in the Overall Workflow for Priming a

Universal AP.

18

8 Using Cisco AirProvision on Apple iPhones

Step 1 Ensure that your phone is connected to the Internet via a Wi-Fi connection or a cellular data

connection. Also ensure that the cellular phone network connection, and GPS (if available)
are active.

Note If the cellular network connection signal is absent, then Cisco AirProvision will

display a message stating, 'Cannot determine your current location!'

Step 2 Start the Cisco AirProvision application.

If your iPhone is jailbroken, then the following message is displayed and AirProvision stops.

This iPhone is jail-broken. The application cannot run on a jail-broken phone

Step 3 Login using your Cisco CCO (Cisco Connections Online) login credentials.

Note To have Cisco CCO login credentials, you need to be one of the following types of

users:

1. Cisco customers qualified for this service with valid support agreements in place

2. Cisco Partners with qualified agreements in place

Note If you have forgotten the password, then tap the Forgot Password? link to go to

Cisco.com to reset/retrieve your password.

Step 4 AirProvision checks whether your phone is connected to a Wi-Fi network via a universal AP.

• If yes, you will be prompted to login to the universal AP using admin credentials

• If not, go to the Apple iOS settings menu to connect to the SSID, that has been enabled

for Universal AP Admin Support (as described in Preparing for Manual Priming, page 10).
If the Wi-Fi network (WLAN) is secured, you will be prompted for the pre-shared key or
the credentials for connecting to it. Once the phone is connected to the universal AP as a
wireless client, you will be prompted to login in to the AP.

19

Step 5 Log in to the universal AP, using admin credentials. The default factory shipped User name is

‘Cisco’ and Password is ‘Cisco’, and are case sensitive.

Upon successfully logging into the universal AP via Cisco AirProvision, the AP's status LED
blinks Green or Teal (depending on your AP series) for 15 seconds. For more information on
the LED states, see AP Status LED States, page 37.

Note You are recommended to change the default factory shipped admin credentials after

priming. Admin credentials for autonomous mode APs is Level 15 privilege user
credentials, as configured on the AP. Admin credentials for lightweight APs is the AP
user credentials as configured on the Wireless LAN Controller.

Depending on the configuration of the AP, the following scenarios are possible:

a. Correctly configured AP-

If the AP is already configured correctly based on the location of the smartphone, the
Configure and Audit buttons will be disabled, the following details are displayed along
with the message 'Universal AP is configured correctly':

Details Description Sample Screenshot

AP Name

MAC Address

PID Universal AP's product

identification number

AP Primed Shows ‘Yes’.

Shows that the AP has been
configured to a country and
regulatory domain.

2.4 GHz Reg Domain Regulatory Domain used for

configuring the 2.4 GHz radio

5 GHz Reg Domain Regulatory Domain used for

configuring the 5 GHz radio

Configured Country Country based on which the

regulatory domain is configured

20

b. Fresh out of the box AP-

If the AP has not been configured before, then the following details are displayed. Tap
Configure to configure (i.e. to prime) the AP.

Details Description Sample Screenshot

AP Name After tapping Configure:

MAC Address

PID Universal AP's product

identification number

AP Primed Shows ‘No’.

Shows that the AP has not
been configured to a
country and regulatory
domain.

2.4 GHz Reg Domain Shows ‘-UX’

5 GHz Reg Domain Shows ‘-UX’

Configured Country Shows ‘UX’

After the configuration command is sent to the AP, the AP will automatically reboot and
come online. For a universal AP in the process of getting primed via Cisco AirProvision,
its status LED blinks Blue or Amber depending on which AP series it is. For more
information on the LED states, see AP Status LED States, page 37.

Once the AP reboots and comes online, it is fully functional. To confirm that the AP is
successfully primed, see Checking whether the AP is Successfully Primed, page 35.

21

c. AP previously configured to another country-

If the AP was configured to another country, the AP Primed field shows ‘Yes’. The last
configured regulatory domain and country is displayed in the details.

If the configuration continues to be correct, the Configure button will be disabled. You
can tap Audit to double-check the configuration.

If the configuration is wrong (i.e. mismatched), tap Audit to reconfigure the AP. The
following is a sample screenshot taken after tapping Audit.

22

After the audit command is sent to the AP, the AP will automatically reboot and come
online. For a universal AP in the process of getting primed via Cisco AirProvision, its
status LED blinks Blue or Amber depending on which AP series it is. For more
information on the LED states, see AP Status LED States, page 37.

Once the AP reboots and comes online, it is fully functional. To confirm that the AP is
successfully primed, see Checking whether the AP is Successfully Primed, page 35.

9 Using Cisco AirProvision on Android Smartphones

Step 1 Ensure that your phone is connected to the Internet via a Wi-Fi connection or a cellular data

connection. Also ensure that the cellular phone network connection, and GPS (if available)
are active.

Note If the cellular network connection signal is absent, then Cisco AirProvision will

display a message stating, 'Cannot determine your current location!'

Step 2 Start the Cisco AirProvision application.

If the android phone is rooted, then the following message is displayed and AirProvision stops.

This Android is rooted. The application cannot run on a rooted phone

Step 3 Login using your Cisco CCO (Cisco Connections Online) login credentials.

On successful authentication, a list of available Wi-Fi networks is displayed, as shown in the
following screenshot.

Note To have Cisco CCO login credentials, you need to be one of the following types of

users:

1. Cisco customers qualified for this service with valid support agreements in place

2. Cisco Partners with qualified agreements in place

23

Note If you have forgotten the password, then tap the Forgot Password? link to go to

Cisco.com to reset/retrieve your password.

Step 4 Touch the Wi-Fi network (i.e. the SSID) of the universal AP which is to be configured, to

connect to it as a wireless client. This SSID is the one which has been enabled for Universal
AP Admin Support (as described in Preparing for Manual Priming, page 10).
If the Wi-Fi network (WLAN) is secured, you will be prompted for the pre-shared key or the
credentials for connecting to it.

Note If the Wi-Fi network you have connected to is not via a universal AP, then

AirProvision tells you – ‘Not a Universal AP. Please connect to a universal AP to use

the application’.

Once the phone is connected to the universal AP as a wireless client, you will be prompted to
login in to the AP.

Step 5 Log in to the universal AP, using admin credentials. The default factory shipped User name is

‘Cisco’ and Password is ‘Cisco’, and are case sensitive.

Upon successfully logging into the universal AP via Cisco AirProvision, the AP's status LED
blinks Green or Teal (depending on your AP series) for 15 seconds. For more information on
the LED states, see AP Status LED States, page 37.

24

Note You are recommended to change the default factory shipped admin credentials after

priming. Admin credentials for autonomous mode APs is Level 15 privilege user
credentials, as configured on the AP. Admin credentials for lightweight APs is the AP
user credentials as configured on the Wireless LAN Controller.

Depending on the configuration of the AP, the following scenarios are possible:

a. Correctly configured AP-

If the AP is already configured correctly based on the location of the smartphone, the
Configure and Audit buttons will be disabled, the following details are displayed along
with the message 'Universal AP is configured correctly':

Details Description Sample Screenshot

AP Name

MAC Address

PID Universal AP's product

identification number

AP Provisioned Shows ‘Yes’.

Shows that the AP has been
configured to a country and
regulatory domain.

2.4 GHz Reg Domain Regulatory Domain used

for configuring the 2.4 GHz
radio

5 GHz Reg Domain Regulatory Domain used

for configuring the 5 GHz
radio

Configured Country Country based on which the

regulatory domain is
configured

25

b. Fresh out of the box AP-

If the AP has not been configured before, then the following details are displayed. Touch
Configure to configure (i.e. to provision) the AP.

Details Description Sample Screenshots

AP Name Before touching Configure:

MAC Address

PID Universal AP's product

identification number

AP Provisioned Shows ‘No’.

Shows that the AP has not
been configured to a
country and regulatory
domain.

2.4 GHz Reg Domain Shows ‘-UX’

5 GHz Reg Domain Shows ‘-UX’

Configured Country Shows ‘UX’

26

After touching Configure:

After the configuration command is sent to the AP, the AP will automatically reboot and
come online. For a universal AP in the process of getting primed via Cisco AirProvision,
its status LED blinks Blue or Amber depending on which AP series it is. For more
information on the LED states, see AP Status LED States, page 37.

Once the AP reboots and comes online, it is fully functional. To confirm that the AP is
successfully primed, see Checking whether the AP is Successfully Primed, page 35.

27

c. AP previously configured to another country-

If the AP was configured to another country, the AP Provisioned field shows ‘Yes’. The
last configured regulatory domain and country is displayed in the details.

If the configuration continues to be correct, the Configure button will be disabled. You
can tap Audit to double-check the configuration.

If the configuration is wrong (i.e. mismatched), tap Audit to reconfigure the AP. The
sequence of actions is shown in the following screenshots.

Before tapping Audit:

28

After tapping Audit:

After the audit command is sent to the AP, the AP will automatically reboot and come
online. For a universal AP in the process of getting primed via Cisco AirProvision, its
status LED blinks Blue or Amber depending on which AP series it is. For more
information on the LED states, see AP Status LED States, page 37.

Once the AP reboots and comes online, it is fully functional. To confirm that the AP is
successfully primed, see Checking whether the AP is Successfully Primed, page 35.

29

10 Using Cisco AirProvision on Windows Smartphones

Step 1 Ensure that your phone is connected to the Internet via a Wi-Fi connection or a cellular data

connection. Also ensure that the cellular phone network connection, and GPS (if available)
are active.

Note If the cellular network connection signal is absent, then Cisco AirProvision will

display a message stating, 'Cannot determine your current location!'

Step 2 Start the Cisco AirProvision application.

Step 3 Login using your Cisco CCO (Cisco Connections Online) login credentials.

Note To have Cisco CCO login credentials, you need to be one of the following types of

users:

1. Cisco customers qualified for this service with valid support agreements in place

2. Cisco Partners with qualified agreements in place

Note If you have forgotten the password, then tap the Forgot Password? link to go to

Cisco.com to reset/retrieve your password.

Step 4 AirProvision checks whether your phone is connected to a Wi-Fi network via a universal AP.

• If yes, you will be prompted to login to the universal AP using admin credentials

• If not, go to Windows phone settings menu to connect to the SSID of the Universal AP,

which has been enabled for Universal AP Admin Support (as described in Preparing for

Manual Priming, page 10). For this, long-press the back button on the phone. This puts

the AirProvision app in the background. Then, in System Settings, navigate to the Wi-Fi
selection and join the universal AP's Wi-Fi network. If the Wi-Fi network (WLAN) is
secured, you will be prompted for the pre-shared key or the credentials for connecting to
it. Once you are connected, press the back button to return to the AirProvision app.
Once the phone is connected to a Wi-Fi network via the universal AP as a wireless client,
you will be prompted to login in to the AP.

Step 5 Log in to the universal AP using admin credentials. The default factory shipped User name is

‘Cisco’ and Password is ‘Cisco’, and are case sensitive.

30

Upon successfully logging into the universal AP via Cisco AirProvision, the AP's status LED
blinks Green or Teal (depending on your AP series) for 15 seconds. For more information on
the LED states, see AP Status LED States, page 37.

Note Admin credentials for autonomous mode APs is Level 15 privilege user credentials.

Admin credentials for lightweight APs are as configured on the Wireless LAN
Controller.

Depending on the configuration of the AP, the following scenarios are possible:

31

a. Correctly configured AP-

If the AP is already configured correctly based on the location of the smartphone, the
Configure and Audit buttons will be disabled, the following details are displayed along
with the message 'Universal AP is configured correctly':

Details Description Sample Screenshot

AP Name

MAC Address

PID Universal AP's product

identification number

AP Primed Shows ‘Yes’.

Shows that the AP has been
configured to a country and
regulatory domain.

2.4 GHz Reg Domain Regulatory Domain used for

configuring the 2.4 GHz radio

5 GHz Reg Domain Regulatory Domain used for

configuring the 5 GHz radio

Configured Country Country based on which the

regulatory domain is configured

32

b. Fresh out of the box AP-

If the AP has not been configured before, then the following details are displayed. Tap
Configure to configure (i.e. to prime) the AP.

Details Description Sample Screenshot

AP Name After tapping Configure:

MAC Address

PID Universal AP's product

identification number

AP Primed Shows ‘No’.

Shows that the AP has not
been configured to a
country and regulatory
domain.

2.4 GHz Reg Domain Shows ‘-UX’

5 GHz Reg Domain Shows ‘-UX’

Configured Country Shows ‘UX’

After the configuration command is sent to the AP, the AP will automatically reboot and
come online. For a universal AP in the process of getting primed via Cisco AirProvision,
its status LED blinks Blue or Amber depending on which AP series it is. For more
information on the LED states, see AP Status LED States, page 37.

Once the AP reboots and comes online, it is fully functional. To confirm that the AP is
successfully primed, see Checking whether the AP is Successfully Primed, page 35.

33

c. AP previously configured to another country-

If the AP was configured to another country, the AP Primed field shows ‘Yes’. The last
configured regulatory domain and country is displayed in the details. If the configuration
continues to be correct, the Configure button will be disabled. You can tap Audit to
double-check the configuration

If the configuration is wrong (i.e. mismatched), tap Audit to reconfigure the AP. The
following is a sample screenshot taken after tapping Audit.

34

After the audit command is sent to the AP, the AP will automatically reboot and come
online. For a universal AP in the process of getting primed via Cisco AirProvision, its
status LED blinks Blue or Amber depending on which AP series it is. For more
information on the LED states, see AP Status LED States, page 37.

Once the AP reboots and comes online, it is fully functional. To confirm that the AP is
successfully primed, see Checking whether the AP is Successfully Primed, page 35.

11 Checking whether the AP is Successfully Primed

If a universal AP is primed to the wrong regulatory domain, its status LED chirps Red. For more
information on the LED states, see AP Status LED States, page 37.

If the AP is primed correctly based on the location of the smartphone, then:

• In Cisco AirProvision, the Configure and Audit buttons will be disabled, and the following details

are displayed along with the message 'Universal AP is configured correctly':

–

AP Primed shows ‘Yes’

–

2.4 GHz Reg Domain and 5 GHz Reg Domain show the regulatory domain used for
configuring the 2.4 GHz radio. For example ‘- A’, indicating the US.

–

Configured Country shows the country based on which the regulatory domain is configured,
for example ‘US’.

• For a Lightweight AP:

–

On running the show ap summary command on the WLC, you see that the Country shows the
country based on which the regulatory domain is configured, for example ‘US’. The Priming
Status shows ‘Web App’ if the priming was via Cisco AirProvision or shows ‘NDP’ if the
priming was via Cisco NDP mechanism.

–

In the WLC GUI go to Wireless > Access Points > All APs, and click the AP name to see the
details.
In the Advanced tab, the Country Code shows the country based on which the regulatory
domain is configured, for example ‘US’. The Universal Prime Status shows ‘Web App’ if the
priming was via Cisco AirProvision or shows ‘NDP’ if the priming was via Cisco NDP
mechanism.

• For an autonomous mode AP, on running the show controllers d0 command, you see that the
Carrier Set shows the country and the regulatory domain configured, for example

‘Americas (US) (-A)’. This information can be seen via the AP GUI also.

35

12 Resetting or Unpriming the AP

Resetting an AP to its default factory-shipped configuration, resets the regulatory domain of the AP
back to ‘-UX’. This means, when you reset a primed universal AP, via either software or hardware
methods, the AP becomes unprimed.

You can unprime and reset a primed universal AP in the following ways:

• Via WLC software –

–

In the WLC GUI choose Wireless > Access Points > All APs, click the AP name, and then click
Clear All Config.

–

On the controller CLI enter the clear ap config <Cisco-AP-name> command.

• Via AP hardware – Press and hold the Mode/Reset button (for about 2 to 3 seconds) until the
status LED changes to Amber. Then release the button.

• Via Autonomous AP's software –

–

In the AP's GUI, go to the Summary Status page. Click Software and the System Software
screen appears. Click Reset to Defaults.

–

In the AP CLI, starting in privileged EXEC mode:

a. Enter erase nvram

b. Enter write default-config.

c. Enter Y when the following CLI message is displayed:

Erasing the nvram filesystem will remove all configuration files! Continue? [confirm].

d. Enter reload when the following CLI message is displayed. This command reloads the

operating system:
Erase of nvram: complete.

e. Enter Y when the following CLI message is displayed:

Proceed with reload? [confirm].

36

13 AP Status LED States

Status of the AP

AP waiting to be
primed

AP priming via Cisco
NDP in progress

AP upon successful
connection to Cisco
AirProvision

AP priming via Cisco
AirProvision in
progress

AP primed to wrong
regulatory domain

State of the LED depending on the AP Series

AP702E, AP702I,
AP702W, AP1532E,
AP1532I

AP2602E, AP2602I,
AP2702E, AP2702I,
AP3602E, AP3602I,

AP1602E, AP1602I

AP3602P, AP3702E,
AP3702I, AP3702P

Cycles through RED,
GREEN and OFF

Blinking BLUE Blinking WHITE Blinking AMBER

Blinking GREEN
(for 15 seconds)

Blinking BLUE Blinking BLUE Blinking AMBER

Chirping RED Chirping RED Chirping RED

Cycles through RED,
GREEN and OFF

Blinking TEAL

(for 15 seconds)

Cycles through RED,
GREEN and OFF

Blinking GREEN

(for 15 seconds)

37

14 Supported Cisco Aironet Series Universal Access

Points

Cisco Aironet series universal access points have the following model number format:

AIR-(AP series number)(I or E)-UXK9

The ‘-UX’ in the model number denotes that the AP is a universal access point.

Cisco Aironet access point series which offer universal access point models are listed in the following
table :

Cisco Aironet Access Point Series
which offer Universal Access Point
models

AP702 AIR-AP702I-UXK9

AP702W AIR-AP702W-UXK9

AP1850 AIR-AP1852E-UXK9

AP1602 AIR-AP1602E-UXK9

AP2602 AIR-AP2602E-UXK9

AP2702 AIR-AP2702E-UXK9

AP3602 AIR-AP3602E-UXK9

AP3702 AIR-AP3702E-UXK9

AP1532 AIR-AP1532E-UXK9

Model Number(s) of the Universal Access Point model

AIR-AP1852I-UXK9

AIR-AP1602I-UXK9

AIR-AP2602I-UXK9

AIR-AP2702I-UXK9

AIR-AP3602I-UXK9

AIR-AP3702I-UXK9

AIR-AP1532I-UXK9

38

15 FAQs

Which Cisco Aironet Series access points have Universal Access Point models?

See Supported Cisco Aironet Series Universal Access Points, page 38.

Which countries support the use of Universal APs?

Cisco Universal Access Points are supported in all countries where Cisco Wireless LAN Controllers are
supported. Currently, the only exception is Israel.

However, to use a AP in a particular country it must be approved for use in that country by that
country’s regulatory authorities. Confirm that the universal AP model you intended to procure is
authorized for the planned country of deployment before ordering. See the following URL for the list
of universal access point models along with the countries that have approved their deployment:

http://www.cisco.com/c/en/us/products/collateral/wireless/access-points/product_data_sheet0900aecd
80537b6a.html#UniversalAP

I have Cisco 5760 Wireless LAN Controllers and Converged Access wireless on my IOS-XE switches. Do they support Universal APs?

Universal access points are supported starting from IOS XE 03.07.00E release.

Will Universal APs work with pre-8.0.110.0 Wireless LAN Controller Software and pre-15.3(3)JA1 Autonomous AP software?

No. Support for universal access points is available starting from 8.0.110.0 Wireless LAN Controller
Software and 15.3(3)JA1 Autonomous AP software.

Why can't I just set or change the regulatory domain of an AP via the CLI or GUI?

International radio and telecommunication regulations and compliance restrictions do not allow for
such a procedure.

Once the regulatory domain of a Universal AP is set with Cisco AirProvision, can it be changed if the AP is reinstalled in a different country?

Yes! If your AP was previously primed at another country, then for reinstalling at a new country you
need to first reset the AP as described in Resetting or Unpriming the AP, page 36, and then continue
with the Overall Workflow for Priming a Universal AP, page 8.

39

Is there a personal computer, tablet computer, laptop, or web-based version of the Cisco AirProvision mobile application?

No. Cisco AirProvision can be downloaded to and used only on smartphones. See Smart Phone

Requirements, page 6.

Why can't a Universal AP set its location using Cisco NDP neighbor messages of my fixed-domain APs?

Only Cisco NDP messages from manually primed universal access points contain the geographical
location information that is in compliance with international radio and telecommunication regulations
and restrictions. Hence, only these neighbor messages are used for automatic priming.

40

16 Related References

• Universal AP Regulatory Domain Deployment Guide:

http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-0/AP_Regulatory_Domain_
DG/b_universal_AP_regulatory_domain_DG.html

• Cisco Wireless LAN Controller Configuration Guide, Release 8.0:

http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80.html

• Cisco IOS Configuration Guide for Autonomous Aironet Access Points Cisco IOS Release

15.3(3)JAB:

http://www.cisco.com/c/en/us/td/docs/wireless/access_point/15-3-3/configuration/guide/cg15-3-3.
html

• Wireless LAN Compliance Status for Universal Access Points

http://www.cisco.com/c/en/us/products/collateral/wireless/access-points/product_data_sheet0900
aecd80537b6a.html#UniversalAP

41

Americas Headquarters

Cisco Systems, Inc.
San Jose, CA

Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of
Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners.
The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

© 2014 Cisco Systems, Inc. All rights reserved.

Asia Pacific Headquarters

Cisco Systems (USA) Pte. Ltd.
Singapore

Cisco Website at www.cisco.com/go/offices.

Europe Headquarters

Cisco Systems International BV Amsterdam,
The Netherlands