When I asked a few Cisco Wireless Consulting Systems Engineers if they’d ever trust a controller’s default config for any time of AP deployment beyond 1 or 2 AP’s the typical answer (when they stopped laughing) was <expletive> NO.
Of course I anticipated that answer and was prepared with a follow up: Okay what would you change? Now the answers to that were harder to get. Most said “well there’s too many variables,” or “every deployment is different.”
I was ready for that response, too. What’s the same with ALL deployments? Here’s a brief transcript:
Them: Is there VoIP clients?
Me: Let’s assume no, for now.
Them: What about 802.11b?
Me: No support.
Them: What about legacy devices?
Me: Nope. No legacy devices.
Them: What deployment style?
Me: Let’s use the 80/20 rule. 80% of deployments will be pervasive wireless network in common open environments where AP’s are deployed approximately 60ft-80ft or coverage areas of 3000-5000 sq/ft per AP. Let’s not focus on the interesting things that come with warehouses or outdoor environments.
Then I got answers. Here’s a consolidation of their suggestions. It’s 3 simple steps.
BEFORE YOU ATTEMPT THIS:
- Your radios will be brought down during this procedure!
- Know before you go: If you aren’t sure what something will do, it may be better to not do it until you do!
NOTE: Most of these screenshots were taken from AireOS controller code 7.2 or 7.4. All of these suggestions are applicable for 7.5 and 7.6.
Step 1: Tune Each SSID
- Click on the WLANs tab at the top of the page. This will show your SSID’s.
- You select an SSID by clicking on the blue WLAN ID number to the left of the Profile Name.
- Now click on Security.
- Make sure that WPA2 with AES encryption is selected. (TKIP does not support 11n data rates. Only AES!)
- If you must support WPA (like, something doesn’t work that needs to when it’s disabled) make sure you use WPA + TKIP and WPA2 + AES. Do NOT just select everything.
- Now click on Advanced
- Turn on BandSelect, it is off by default. Not necessary for WLANs with latency sensitive clients such as VOIP clients.
- Some notes on this tab:
- AAA Override will allow ISE (or another RADIUS server that supports it) to change VLAN or QoS queue based on authentication.
- Client Exclusion is a nice security feature to protect against duplicate IP’s or brute force attacks. Sometimes you may need to turn this off for troubleshooting. 60 seconds is good Timeout Value to set.
Step 2: Tune the RF settings
- First, in 2.4 GHz (802.11b/g/n)
- Click the WIRELESS top tab
- Click the BOLD 802.11b/g/n Network Left Hand Tab
- Disable Network Status
- Disable 1, 2, 5.5, 6, 9 and 11. This way no 11b data rates are supported.
- Change 12 to mandatory.
- Everything else change to supported.
A note about mandatory data rates: Lowest is where management frames are sent out. Highest one is where multicast/broadcast frames are sent out. A client must at least have the ability to do the mandatory data rates.
It is the client device responsibility to determine WHEN to roam and which AP to roam TO. A client will NEVER even try to roam until it reaches the LOWEST mandatory data rate!
- Within 802.11b/g/n click onRRM > Dynamic Channel Assignment (DCA)
- Check Avoid Persistent Non-WiFi Interference
- Check EDRRM
- Within 802.11b/g/n click on CleanAir
- Enable CleanAir (this MAY already be checked)
- Re-Enable the 802.11b/g/n radio under the 802.11b/g/n > Network left hand tab
- Now for the RF settings in 5 GHz (802.11a/n/ac)
- Up top click on Wireless, next on the left click on the Bold 802.11a/n/ac, then select Network.
- Uncheck 802.11a Network Status to disable it as we will be making changes that required it to be turned off
- Disable 6 Mbps
- Disable 9 Mbps
- Ensure 12 Mbps is Mandatory
- Ensure 24 Mbps is Mandatory
- Other data rates are Supported
- Within 802.11a/n/ac click on RRM > Tx Power Control (TPC)
- You have two options for RRM (Remote Radio Management).
- o Interference Optimal Mode (TPCv2) will optimize the radio adjust power levels to detect and overcome external interference the AP discovers.
- o Coverage Optimal Mode (TPCv1) will optimize the radio to adjust power transmit level based on neighboring AP’s it discovers.
- o You can only have one Mode selected. TPCv1 is the recommended mode to select. TCPv2 is discouraged unless you have advance understanding of networking.
- o If you are interesting in using TPCv2 here is a link on a helpful document and WLC Configuration Analyzer tool. https://supportforums.cisco.com/docs/DOC-1373
- If the signal strength isn’t good enough across the entire network you can manually bump up the Power Threshold to -67 or more a little at a time, until RRM is properly tuned.
- Within 802.11a/n/ac click on RRM > Dynamic Channel Assignment (DCA) and Event Driven RRM (EDRRM)
- Check Avoid Persistence Non-WiFi Interference
- Channel Width to 40 MHz
- If you have the 802.11ac module you can select Channel Width to 80 Mhz. This will also auto tune the 802.11n radios to 40 Mhz.
- Enable Event Driven RRM
- Within 802.11a/n/ac click on CleanAir
- Under the 802.11a/n/ac tab click on CleanAir
- Top checkbox, Enable CleanAir
- On Interferers to Detect add all
- On Trap on these types under For Security Alarms add Jammer, WiFi Inverted, WiFi Invalid Channel
- Re-Enable the 802.11a/n/ac radio under the 802.11a/n/ac > Network left hand tab
Step 3: Tune QoS
- Click on the Wireless top tab, then QoS Left Hand Tab
- For each QoS Profile, under Wired QoS Protocol Protocol Type select 802.1p. Tag number default is typically preferred.
And that’s it! Where this is not an exhaustive tuning guide, it serves as a starting point for just about any deployment style. For an exhaustive list, web on over to
Here’s a few other resources that may help.
- Campus Wireless LAN Technology Design Guide – April 2014 (PDF – 20.9 MB)
- Cisco CleanAir Technology Design Guide – April 2014 (PDF – 13.8 MB)
- Cisco Prime Infrastructure Technology Design Guide – April 2014 (PDF – 3.4 MB)