You are invited as my special guest!


If you are reading this, it is entirely possible I have asked you to be my special guest on an upcoming #WirelessTuesday podcast.  Thank you for your consideration!  You have been identified as an industry expert and I would love to share some of your brain with the world.

My Ask of You

  • Attention spans are short these days! I ask you present for no more than 20 minutes.  Please do not include “marketing fluff” unless it directly ties in to your prepared remarks.
  • Please provide me your Twitter and LinkedIn links.  I will use these to socialize the event and generate excitement.
  • You will be presenting to a live audience of customers, partners, and Cisco employees.  Make sure anything you say is okay for public consumption.
  • Attendees and podcast subscribers have specifically indicated they are interested in WiFi.  They tend to be medium to very technical.  Other industry bloggers and influencers have participated in the live events.
  • The #WirelessTuesday podcast live event recording that happens on the first Tuesday of the month (unless otherwise noted).  Occasionally I record special editions mid-month.
  • The recording will last no more than an hour.  The first 4-5 minutes is a time for me to make announcements and introduce you, my special guest.
  • You may elect to take questions during your lecture time, or after.
  • When you are done I will verbally ask a few questions that came in from the live audience.
  • After the event I will consolidate and sanitize the audience questions and panel responses.  I may ask that you clarify some responses or comment on anything left unanswered.

About #WirelessTuesday

#WirelessTuesday is a monthly Podcast with a live event recording that takes place the first Tuesday of each month.

Historically, Cisco has been a big place and we simply cannot afford to have targeted, persistent marketing campaigns for every technology and product set.  For years, as a regional specialist resource, my team hosted in-person Wireless Design Clinics and the occasional Wireless Friday webinar event.  These evens were very well attended and customers responded with very high survey marks.  The trouble is it’s a lot of effort.  As a sales organization, we also needed to stay engaged with customers and the logistics of these events were often daunting.  Then a couple small, evolutionary changes made all the difference.

  • In 2017, I built a monthly schedule to meet once a month.  I used WebEx Event Center as my delivery vehicle.
  • To coordinate I built a #WirelessTuesday Interest List.  Here, people would opt-in to email notifications that I would send out a week before, the day before, and a follow-up a day or two after each event.  In 2017, there were about 1,200 opt-in signups, with the vast majority being customers.
  • I created, a landing page on my blog that allowed me to have a place to point to get registered for a live event recording, access past recordings and in-event questions and responses, and sign up for the mailing list.

Thank you for your consideration!


Jason Grant

I’ve been running Cisco ACS since v1.2. What now?

I may be showing my age a bit here but I love Cisco ACS and started using it back when it was still in diapers at version 1.2.  The interface wasn’t the prettiest but it did one job and it did it REALLY well.  My beloved ACS is about to go in to retirement and move to… wherever auth servers go when they retire, leaving room for something new.

I don’t know what you’ve heard about Cisco ISE but if you look at the marketing materials you might think it does just about everything, including washing the dishes.  (Spoiler alert: it doesn’t do dishes.)  One thing Cisco ISE does REALLY well is take over where ACS is leaving off, and it’s not every expensive to do it, either.

For those of you wanting to know what this would mean for your environment, I’d like to direct you to 5 YouTube videos that will educate and train you on the entire process, with only a 2.5 hour time investment.  Thank you to Krishnan Thiuvengadam for posting these great videos!

Part 1: Overview and Planning for the ACS to ISE Migration (1 hour)

Part 2: Preparing for the Migration (24 minutes)

Part 3:  Migration Process and Demonstration – Video 1 of 3 (17 minutes)

Part 3:  Migration Process and Demonstration – Video 2 of 3 (29 minutes)

Part 3:  Migration Process and Demonstration – Video 3 of 3 (14 minutes)


Please let me know what you thought of these videos!

#WirelessFriday – April 2017 – Questions & Responses

Thank you very much for your interest in the Cisco #WirelessFriday event!  This article is a quick recap of the April 2017 event with the associated questions and panel responses.  I would like to make a public thanks to Allan Ross for his presentation.

Cisco High Density Experience (HDX) Features Explained – Q&R

If you were not able to make the event live or if you just want to watch it again, you can catch the recording here.

Flexible Radio Assignment (FRA)

Q. If the RF profile is set to none on the AP group, does that disable that radio?
A. If RF Profile is set to none within the AP Group, APs within that group (for that band) will leverage whatever the global settings are of the WLC.

Q. So if I change the XOR to 5 gHz, I can assign different channels to each 5 gHz radio within the same AP?
A. Yes.  I would highly recommend you leverage Radio Resource Manager (RRM), which is a feature with the AirOS software running on a WLC, to automatically select the optimal channel for all the AP’s tied to your defined or default AP group.

In the setup where you are using the XOR radio to service 5 GHz clients, that radio has to be on a different channel to the one the fixed 5.0 radio is assigned.

Q. XOR is only available on 28xx and 38xx APs, correct?
A. Yes, That would be required. you end up with double the capacity in the 5 GHz band.

Dynamic Bandwidth Selection (DBS), FlexDFS (Dynamic Frequency Selection) & ED-RRM (Event Driven Radio Resource Management)

Q. Does CleanAir ED-RRM interact with RRM or do they remain separate local vs global processes, potentially causing a ripple effect and/or temporary co-channel interference?
A. They are separate processes, which is the reason why it is not recommended to mix CleanAir and non-CleanAir APs in the same RF neighborhood.

Q. What transmit power/data rate is used to determine coverage overlap? Same RRM neighbor beacons?
A. Correct, FRA leverages NDP output from RRM to evaluate COF. More details can be found here –

Adaptive Fast Transition (802.11r)

Q. Is “Roam Now” a command or a suggestion?
A. In the world of WiFi, the client rules. Some clients obey the “rules” you establish, while others do not.  Officially it’s a disassociation.

AirTime Fairness

Q. Can ATF and RF profiles be assigned to AP’s that aren’t in a AP Group?
A. RF Profiles must be applied to an AP Group. ATF can be applied to a WLAN, an AP individually, all APs connected globally, OR to an AP Group.

Q. How does ATF holdoff medium-contending clients, by not ACking frames?
A.  ATF can only enforce the downlink direction (the AP can control who it is sending to) – we can monitor usage in the uplink direction, but cannot specifically enforce it. Not ACKing frames would only result in excessive retransmissions.

Q. Please explain the differences in ATF and Override Per-User Bandwidth Contracts or SSID contracts
A. The Override Per-User contract in the QoS tab of the SSID enforces a bandwidth restriction, regardless of how fast they use it. ATF designates how much time they are allowed on the medium.

Q. Since ATF is applied at the AP or AP group would be assumed that this will work with Flex Groups
A. Yes, ATF is supported on either Local or FlexConnect mode APs.

Optimized Roaming

Q. What defines a proper site survey? Active? Passive?
A. An active SS requires the surveyor to inject RF signals. This is best done with an AP on a stand. You still need your survey tool, but as you walk the floor plan, you are also moving this AP on a stand to measure RF based on the placement of this AP.

There are common elements between a passive SS and an active SS. A passive SS surveys RF area that is already populated with Access Points. You will need a survey tool, like AirMagnet or Ekahau to measure RF signals at specific points.

Typically Active SS are needed for environments that do not have any RF in operation. You will need a scaled floor plan you desire to survey. With the survey tool in hand, you walk the area with frequent stops to take an RF measurement.






#WirelessFriday – March 2017 – #InsiderTips with Questions & Responses

Thank you very much for your interest in the Cisco #WirelessFriday event!  This article will list out each of the #InsiderTips that were presented and the Q&A/Q&R that went with each topic.  If you were not able to make the event live or if you just want to watch it again, you can catch the recording here.

I would like to thank the following Cisco Insiders for contributing tips and tricks:

WLAN Deployment Strategies

Tip #1:  It is important to carry out a site survey. Know the pitfalls when this isn’t undertaken.

Take an engineering approach to a site survey rather than guesstimating.  Don’t cut corners or you will be constantly placing band aids on the wireless network/design.  Either invest in site survey tools such as Air magnet, Ekahau, or others, or hire a Cisco reseller to perform this service.

Base the site survey off REAL requirements and design accordingly.  Use the REAL clients that will be present after the installation, as all clients act differently.  Try to baseline off the worst client capabilities typically yields best results.

Consider things like:

  • AP placement: Think of the AP like a lightbulb. Would it like up the room?
  • Channel and power: Even though there are 21 non-overlapping channels in 5 GHz, consider your needs today and leave room for client and application growth over the next several years. Some AP’s are on the ceiling for 5-7 (or more) years.

A survey is only as good as the information put into it. Sounds daft but is 100% reality. We see it so many times.

Tip #2:  It’s important to have a control-plane strategy for your network.

Wireless isn’t always easy, sometimes it’s complex.  In an ideal world, there would be an easy button for our networks. The reality is most of our networks are complex and managing each network element, each AP, individually is costly and can be prone to mistakes.  The more complex the environment, the more you need a  control plane, in this case a WLAN Controller. Once the wireless implementation becomes a function of your business, you need to design an environment that is enterprise ready.

Having a control plane gives you better control over security.  Security is simply an applied policy in a controller based environment.  Many organizations have regulatory requirements (HIPAA, PCI, etc.) that creates a challenge when you are managing network elements individually.  A controller environment gives you more flexibility with how you deploy and secure your wireless environment, giving you the option of placing your controller either behind your firewall, in your Data Center or in a hosted environment.

Tip #3:  AP’s are not all created equal.

Cisco AP’s are not built like just any ol’ AP.  Watch this TechWise TV episode to learn more about what makes Cisco’s AP’s different, and the special things we can do with them.

TechWise TV Wave 2

Q1.  Is that DART/Micro antenna only capable of running off the XOR radio? Or will all radios share those antennas?
A1.  Correct, when installed, all signals from the XOR radio would utilize the DART connector. Also note that the DART option is exclusive to the -E (external antenna) model AP units.

Cisco Technology Innovations

Tip #4:  Cisco HDX includes some great features that are often not marketed widely.

HDX is acronym speak for Cisco’s High Density Experience, which is marketing speak for a series of patented features that specifically address the challenges that stem from the ever growing number of WiFi clients and their need for more reliable, higher bandwidth network access.

Learn more about The 5 Major Features of @Cisco_Mobility HDX and How To Turn Them On

Q2.  How does CleanAir steer clients away from interference? Steering customizable
A2.  Clean Air has two main functions: 1) provide visibility for reporting, and 2) influence on Radio Resource Management for assigned Tx power on APs and Channel changes to allow clients to overcome the interference.  The first accurately identifies source, location, and scope of interference. The second is to take automatic action to avoid interference with adjusting Tx power and or channel changes for the AP(s).

Q3.  Do I have to coordinate the migration of multigig capable switches with the upgrade to the 3800 series WAP’s? Or can start deploying the 3800’s and circle back to infrastructure?
A3.  The mGig port on the 3800 series will auto negotiate back to GigE until a mGig switch is attached.

Tip #5:  Mobility Express is a powerful in smaller deployments, manageable by Prime

Cisco’s Wave 2 AP’s (3800, 2800, 1850, and 1830) have a very special feature.  They can be a WLAN Controller for up to 25 AP’s, and they don’t all have to be the same!  Not only that you can set it all up in less than 10 minutes (and it’s true, I’ve done it myself).  Learn more about Mobility Express on this product page or watch this Cisco TechWise TV Episode.

Q4.  If you use M.E. instead of a WLC. Are there features that are not supported when using Mobility Express?
A4.  Yes, reference the following Mobility Express Solution FAQ document for more info. However, with each new release, more and more features continue to be added to the ME feature-set.

Q5.  ME had a restriction of 25 per cluster, did that change to 50 with specific ME models?
A5.  As of our current SW release of 8.3, up to 25 APs can be managed via an ME enabled AP. That number could expand in the future

Tip #6:  Turn on Application Visibility.  Now even at the edge with multicore CPU’s on the 2800/3800.

The Cisco Application Visibility and Control solution for wireless networks identifies more than 1000 business- or consumer-class applications using deep packet inspection (DPI). This extraordinary visibility into application traffic allows administrators to mark applications for further prioritization, or block them for security reasons or to conserve limited network bandwidth.  The great thing about AVC is it will not impact user performance!  You can turn on Application Visibility in the Best Practices Dashboard or in the QoS tab of each WLAN (SSID) configuration page.  To learn what else you can do with Application Visibility, check out this video here.

Q6.  Does app visibility still require the setting DHCP req to be enabled? We have had trouble in the past with some clients not getting IPs from DHCP with this enabled. Has that changed?
A6.  If I understand your question correctly the DHCP req pop up was a result of choosing the device profiling. I am not aware of any AVC implications on DHCP being required. We do however snoop the DHCP request to help profile the device.

Q7.  Is there an upcoming AVC protocol pack that will support WiFi calling?
A7.  WiFi calling was added as of NBAR2 Protocol Pack 14.0.0 (Dec ’15). Latest version is now 19.1.0 (Nov ’16).

Features and Services

Tip #7:  Know that ISE is now simpler than ever, give consideration for managing guests.

Cisco ISE (Identity Services Engine) has powerful, flexible guest management tools.  Learn more from the #WirelessFriday January 2016 Recording.

Tip #8:  Cisco Trust Anchor Module: Tamper Proof Storage, Embedded Crypto, & Applications.

Cisco hardware innovations embed security and protections at the chip level.  Learn more by watching this video or by checking out

Tip #9:  Wireless LAN Controller Dashboard & Best Practices Recommendation (v8.1+)

Starting in code version 8.1 Cisco embedded a great controller dashboard with best practices recommendations.  Learn more by watching this video or get more in depth at this video.

Q8.  I have version 8.2 and I find that dashboard very creative and informative as well. We upgraded this to overcome some bugs with 3800. Is it most stable version we have for controller or 8.1 is most stable?
A8.  8.1 is at its final maintenance release and we just recently released 8.2MR5 which would be recommended over 8.1. More details here –

Education and Learning

Tip #10:  Cisco Live Sessions are posted online after the event.

Did you know you can register for a free account at and have access to past Cisco Live presentations?  It’s a great way for self-paced, in-depth learning!

Tip #11:  Find product deep-dives, setup and configuration, and learning on YouTube product channels.

Be sure to check out YouTube for a bunch of Cisco posted training content.  For example, check the Mobility related videos here.

Tip #12:  How to decipher AireOS version numbers; Which are recommended?

Q9.  Can I jump from 8.0.133 to 8.2.141 directly or will it be multi-step? I can’t migrate until I decommission the 1100 series WAP’s.
A9.  Check the release notes on the code you want to migrate to and it will tell you if a direct upgrade is ok. Most cases yes. Please see You can also reference the compatibility matrix at

Licensing and Promotions

Tip #13:  Right to use licensing changes the game.

Cisco is moving away from node-locked licensing models to a right-to-use model.  Learn more here.

Tip #14:  Migration to Cisco ONE entitles the full suite of software products and features.

Learn more about the features and products Cisco ONE entitles at

Q10.  Can you have C1 lic. AP’s and traditional lic. AP’s on a controller or is it an all or nothing thing?
A10.  No mixing of C1 licenses on an existing platform. Also, note that the SmartNet on your controller will decrease in cost since it does not need to include support for AP licenses.

Q11.  How Do I migrate from traditional licensing to Cisco ONE?
A11.  Your Cisco reseller partner can provide an estimate. For more information check out or

Q12.  I’m under some pressure to justify Prime versus other tools like SolarWinds which we also have, so any Prime value add is helpful.
A12.  There is a great live demonstration done by the business unit that owns Prime Infrastructure that is done the 1st Thursday of each month. You can find details at

Tip #15:  The DNA Offers promotion includes a year free of StealthWatch.

As part of a current promotion, when you buy Cisco ONE licenses with your AP’s or Catalyst switches you get StealthWatch for free for an entire year.  Everything you need.  Talk to your Cisco or Partner account manager

Please join us next #WirelessFriday.  Sign up at!

Upgrading Cisco Prime Infrastructure

If you have begun the process of controller refresh and are moving from the generation that included the CT5508 to the latest that included the CT5520, you may need to upgrade code. If you’re running Cisco Prime Infrastructure 2.x, you’ll need to upgrade. If your licenses are covered with a current maintenance agreement, the upgrade is at no cost. Here’s the process…

At the time I’m writing this, I recommend upgrading Prime Infrastructure to v3.1.  A number of feature and performance enhancements have been made including a new database engine and inclusion HTML5 applets.  You will come to love it quickly.

You can always start fresh.  If you don’t have a bunch of maps loaded and don’t have a need to migrate a ton of data, you can always install a new instance of Prime Infrastructure and point it to your network devices.  This way you can have the old and new instances running in parallel to ensure you’ve included everything you need.

If you prefer to maintain the maps and data there is a process that will make that all happen.  The process requires intermediary steps from version 1.4 or 2.1. In order to go from version 2.1 follow this process:

  1. Upgrade from 2.1 to 2.2.x using the PI2.2 Quick Start Guide (if you’re on 2.2 already, skip this step).  According to the Quick Start Guide, you can perform this task if you’re running the following:
    • Prime Infrastructure 2.1.2 (with the UBF patch)
    • Prime Infrastructure 2.1.1 (with the UBF patch)
    • Prime Infrastructure
    • Prime Infrastructure 1.4.2
    • Prime Infrastructure 1.4.1
    • Prime Infrastructure
    • If you are using a version earlier than or, you will need to upgrade your server to version (or version
  2. Upgrade 2.2 to 3.0.x using the PI 3.0 Quick Start Guide.  According to this guide you can perform this upgrade from the following versions:
    • Prime Infrastructure 2.2.3
    • Prime Infrastructure 2.2.2
    • Data Center Technology Package 1.0.0 for Prime Infrastructure 2.2.1
    • Wireless Technology Package 1.0.0 for Prime Infrastructure 2.2.1
    • Cisco Prime Infrastructure 2.2.1
    • Cisco Prime Infrastructure 2.2
  3. Upgrade to 3.1 (Details) using the PI 3.1 Quick Start Guide.  According to this guide, you can upgrade from the following versions:
    • Prime Infrastructure 3.0.3
    • Technology Package 1.0.3 for Prime Infrastructure 3.0.2
    • Prime Infrastructure 3.0.2
    • Prime Infrastructure 3.0.1
    • Prime Infrastructure

If you are running a version not listed above I suggest starting with the Quick Start guide of the version you ultimately want to be at.  There you will find a section called “Upgrading From Previous Releases of Prime Infrastructure.”  If your version isn’t listed there, then go to the next highest in that list and use that version’s Quick Start guide.  Here are all of the Prime Infrastructure Quick Start Guides (also sometimes referred to as Installation Guides).

Expect the process to take several hours.