The 5 Major Features of @Cisco_Mobility HDX and How To Turn Them On

HDX is acronym speak for Cisco’s High Density Experience, which is marketing speak for a series of patented features that specifically address the challenges that stem from the ever growing number of WiFi clients and their need for more reliable, higher bandwidth network access.

The truth is in order to be WiFi Compliant, especially in the early days, certain things needed to happen by default. These default settings may have worked a few years ago but today, even though you’re using high-end AP’s and trusted code levels, you may be getting unacceptably poor performance. This is why I wrote up 3 Steps to Tuning a Cisco WLAN Controller From Default Settings. In just a few minutes of configuration time and a radio reset, you may experience exponential performance gains.

Tuning a WLAN controller only solves part of the problem.  This is especially true as your deployment begins to take on more clients, demanding more bandwidth. What kind of symptoms will you experience?

  • Clients are still in charge of deciding when and where to roam.
  • If you elect to use them, 802.11ac introduces larger channel widths meaning we’re more vulnerable to interference.
  • With WiFi only one client can talk at a time… it’s half duplex.  As clients get further from an AP they begin to talk slower to stay connected, leaving less time for fast clients to talk fast.
  • AP’s are getting closer together to accommodate more clients, and there are limited RF channels we can use.  Even with the newer FCC rule changes adding more available channels, it’s mostly good news for 11ac environments.

To solve these problems we need Optimized Roaming, CleanAir for 80 MHz Channels, ClientLink 3.0, Air Time Fairness, and Turbo Performance! Let’s dive in to what buttons to press, which options to check, and how to get it all working for us.

1. Optimized Roaming

What’s the problem: Client stickiness. The 802.11 standard says clients can roam. As such, it’s the clients responsibility to decide when and where to roam… they just don’t do it very well. Normally the client will not even TRY to roam until it can no longer connect at the lowest mandatory data rate. This is why I recommend turning off the lower data rates, suited to your environment. We are preventing the client from being really bad, not promoting good behavior.

What it is: Optimized Roaming promotes good behavior. If the client’s data signal strength dips 6 dB the AP will send a disconnect message, prompting a roam. You can optionally set a minimum data rate. If the clients tries to dip below the minimum, it’ll get a disconnect message, prompting another roam. Use caution here. If the client cannot connect at the minimum data rate, it won’t be able to connect at all.

How to turn it on:

  • Wireless > Advanced > Optimized Roaming
  • Check the Enable box in the 802.11a and 802.11b sections
  • Note you’ll get a warning: Modifying the default settings for the Optimized Roaming data rate and CHDM RSSI configurations could result in unintended client connectivity problems. Please be careful when making changes from the default settings
  • Reference from the 8.1 Configuration Guide

2. CleanAir for 80 MHz Channels

What’s the problem: It’s great that 802.11ac provides for greater bandwidth. It does that by using more spectrum, the channel is wider. More channel space means vulnerability to more interference. Interference is that that invisible threat that decreases overall throughput which often presents during times of load and is very difficult to troubleshoot.

What is is: CleanAir for 80 MHz Channels uses the built-in spectrum analysis of the Cisco AP to discover, identify, classify, and, most importantly, mitigate interference. Right away.

How to turn it on: CleanAir is OFF by default. So step one is Turn It On. It will automatically detect, identify, and classify. What we need to turn on is turn on 80 MHz channels and the Mitigate part of CleanAir. To do that got to Wireless > 802.11a/n/ac > RRM > DCA. There change the channel width to Best and at the bottom you need to make sure Event Driven RRM (ED-RRM) is Enabled. Note: By selecting the “Best” channel width, you are allowing the system to automatically back down the channel width if interference does not allow high-performance at 80 MHz.

3. ClientLink 3.0

What’s the problem: As a client gets further from the AP the signal strength from that AP get weaker. As a result, because it’s not yet time to “roam” it ends up lowering its data rate. It talks slower in order to stay connected. WiFi is a shared medium, meaning only one station (client or AP) can talk at a time. If a client is talking slow, there’s less time for the fast talkers to talk fast.

What it is: It’s fun with physics and it doesn’t need any client-side intelligence to work. So 802.11n introduced something called MIMO. It’s basically some fancy antenna technology that allows the AP to communicate with a client using multiple antennas at once. As seen in this 1 minute video called ClientLink at the Beach, when the transmissions from two or more antennas meet, they create a sweet spot of coverage. If your client is in that sweet spot, they’ll experience higher signal strength, and likely connect at a higher data rate. What is DOES is detect when the client is not in that sweet spot and it starts to manipulate the transmission timing on the multiple antennas putting a sweet spot right on the client.

How to turn it on: It’s on by default and works with any WiFi client out there that supports 802.11 a/g/n/ac!

4. Air Time Fairness (ATF)

What’s the problem: Guest users can potentially take up their unfair share of bandwidth downloading app updates or movies, degrading your business related WiFi traffic. Per-user bandwidth contracts only go so far. Because clients connect at different speeds, simple rate limiting is not efficient for WiFi.

What it is: Cisco Air Time Fairness allows us allocate an ability to consume bandwidth based on a defined group such as guests or smart phones. Regardless of a clients connected data rate, it can only talk a certain percentage of the time.

How to turn it on: Since you need to identify your groups and allocations, it’s not on by default. It’s a good idea to run ATF in monitor mode to understand actual bandwidth usage by SSID, by AP, or by a group of AP’s. Understanding that you can define and apply a policy.

  • Turn on ATF Monitor Mode

In the Wireless > ATF > Monitor Configuration menu select “Network.” Put a check next to 802.11a and 802.11b and click the enable button.

  • Configure ATF Policy

Here’s where a bit of planning helps. Remember that a policy is applied to an SSID, to an AP, or to an AP Group. First take a look at your actual Air Time allocation. Click on Wireless > ATF > ATF Statistics. Select an AP you want to see Air Time stats on. The top table shows you allocation over the last 3 minutes. The bottom table shows allocation as long as the radio has been up. Use this to determine the relative impact by enforcing “fairness.”

In the Wireless > ATF > Policy Configuration menu you will notice a policy ID 0 called “Default” with a weight of 10. This default cannot be changed, but don’t worry, you don’t need it to. Define all of the policy elements here. So if you want 75% employee allocation and 25% guest, you’d create 2 elements with appropriate weights. If you are building policies for multiple SSID’s or AP’s, just group them all together.

  • Apply the policy

Click on Wireless > ATF > Enforcement SSID Configuration. If you’ve followed the steps above, your radios will be in ATF Monitoring mode. Here is where you with them to “Optimized” mode or “Strict” mode enforcement. As it sounds, Strict mode enforces hard limits. Optimized allows for spiking above the policy if possible.

In the Policy Enforcement section you specify an SSID and a ATF Policy ID to enforce.

For a way more technical description check out the Cisco Air Time Fairness White Paper.

Cisco Air Time Fairness in the Configuration Guide

5. Turbo Performance

What’s the problem: As your network scales to many more devices with greater bandwidth needs, it won’t matter how fast we’re connected if we can’t process packets. With 802.11ac we’re processing nearly double the packets as with 802.11n! We could address this with a faster CPU but that’s an expensive upgrade.

What it is: Commodity hardware and chipsets need to have a central CPU to process packets. With Turbo Performance, Cisco dedicates CPU & RAM to each RADIO to perform packet processing at the edge. This is much more efficient than having a central processor do everything.

How to turn it on: You’re in luck! You have nothing to do to take advantage of this feature.

So this HDX… High Density Experience… is more than just marketing speak. It’s a set of patented technologies that show how hardware is just as important as software and something only Cisco can deliver.

  • Optimized Roaming
  • CleanAir for 80 MHz Channels
  • ClientLink 3.0
  • Air Time Fairness
  • Turbo Performance

For more information check out

13 Things Your WLAN Should be Doing (or NOT) – How Do You Measure Up?

Regardless of what WLAN vendor you have, there are 13 things you should be doing with your WLAN.

  1. Disable 1,2,5.5,11 data rates – just make sure you’re REALLY done with 802.11b (hey, 1992 called, they want their barcode scanner back)
  2. No more than 4 SSIDs active per radio – Any more and you’re creating interference for yourself.
  3. Turn on the multicast functions for all cases – Make sure it’s configured! If you don’t your multicasts will go out as broadcasts and everyone suffers.
  4. Mobility group (same name) should be 15 controllers or less – It should cover only the RF roaming space. No need for messages from one campus to flow to another.
  5. Have a low radius timeout depending on usage scenario (not a general change) – Tends to speed up authentications.
  6. Internal DHCP servers (on controllers/AP’s) shouldn’t be used – They just don’t scale well. (Great for a lab, however.)
  7. Don’t use local EAP – Does not scale well on larger networks.
  8. Recommend to change EAP retries to 4, timeout to 400ms – This speeds up the failure if someone types the wrong password.
  9. Minimum RSSI to –80 for rogue AP’s – Who cares if I can hear someone across the street. It’s not a “rogue”.
  10. Disable all rogue auto contain settings – unless absolutely needed for security reasons
  11. Enable Application Visibility – Even if you’re not building a policy for QoS or restrictions, at least it’s there for troubleshooting.
  12. Enable Fast SSID – Especially for Apple Clients
  13. Enable CleanAir if you have AP’s that are capable – Take advantage of this feature.

How did you stack up?

3 Steps to Tuning a Cisco WLAN Controller From Default Settings

When I asked a few Cisco Wireless Consulting Systems Engineers if they’d ever trust a controller’s default config for any time of AP deployment beyond 1 or 2 AP’s the typical answer (when they stopped laughing) was <expletive> NO.

Of course I anticipated that answer and was prepared with a follow up: Okay what would you change? Now the answers to that were harder to get. Most said “well there’s too many variables,” or “every deployment is different.”

I was ready for that response, too. What’s the same with ALL deployments? Here’s a brief transcript:

Them: Is there VoIP clients?
Me: Let’s assume no, for now.

Them: What about 802.11b?
Me: No support.

Them: What about legacy devices?
Me: Nope. No legacy devices.

Them: What deployment style?
Me: Let’s use the 80/20 rule. 80% of deployments will be pervasive wireless network in common open environments where AP’s are deployed approximately 60ft-80ft or coverage areas of 3000-5000 sq/ft per AP. Let’s not focus on the interesting things that come with warehouses or outdoor environments.

Then I got answers. Here’s a consolidation of their suggestions. It’s 3 simple steps.


  • Your radios will be brought down during this procedure!
  • Know before you go:  If you aren’t sure what something will do, it may be better to not do it until you do!

NOTE: Most of these screenshots were taken from AireOS controller code 7.2 or 7.4. All of these suggestions are applicable for 7.5 and 7.6.

Step 1: Tune Each SSID

  • Click on the WLANs tab at the top of the page. This will show your SSID’s.
  • You select an SSID by clicking on the blue WLAN ID number to the left of the Profile Name.

  • Now click on Security.
  • Make sure that WPA2 with AES encryption is selected. (TKIP does not support 11n data rates. Only AES!)
  • If you must support WPA (like, something doesn’t work that needs to when it’s disabled) make sure you use WPA + TKIP and WPA2 + AES. Do NOT just select everything.
  • Now click on Advanced

  • Turn on BandSelect, it is off by default. Not necessary for WLANs with latency sensitive clients such as VOIP clients.
  • Some notes on this tab:
    • AAA Override will allow ISE (or another RADIUS server that supports it) to change VLAN or QoS queue based on authentication.
    • Client Exclusion is a nice security feature to protect against duplicate IP’s or brute force attacks. Sometimes you may need to turn this off for troubleshooting. 60 seconds is good Timeout Value to set.

Step 2: Tune the RF settings

  • First, in 2.4 GHz (802.11b/g/n)
  • Click the WIRELESS top tab
  • Click the BOLD 802.11b/g/n Network Left Hand Tab

  • Disable Network Status
  • Disable 1, 2, 5.5, 6, 9 and 11. This way no 11b data rates are supported.
  • Change 12 to mandatory.
  • Everything else change to supported.

A note about mandatory data rates: Lowest is where management frames are sent out. Highest one is where multicast/broadcast frames are sent out. A client must at least have the ability to do the mandatory data rates.

It is the client device responsibility to determine WHEN to roam and which AP to roam TO. A client will NEVER even try to roam until it reaches the LOWEST mandatory data rate!

  • Within 802.11b/g/n click onRRM > Dynamic Channel Assignment (DCA)

  • Check Avoid Persistent Non-WiFi Interference
  • Check EDRRM
  • Within 802.11b/g/n click on CleanAir

  • Enable CleanAir (this MAY already be checked)
  • Re-Enable the 802.11b/g/n radio under the 802.11b/g/n > Network left hand tab
  • Now for the RF settings in 5 GHz (802.11a/n/ac)

  • Up top click on Wireless, next on the left click on the Bold 802.11a/n/ac, then select Network.
    • Uncheck 802.11a Network Status to disable it as we will be making changes that required it to be turned off
    • Disable 6 Mbps
    • Disable 9 Mbps
    • Ensure 12 Mbps is Mandatory
    • Ensure 24 Mbps is Mandatory
    • Other data rates are Supported
  • Within 802.11a/n/ac click on RRM > Tx Power Control (TPC)
    • You have two options for RRM (Remote Radio Management).
    • o Interference Optimal Mode (TPCv2) will optimize the radio adjust power levels to detect and overcome external interference the AP discovers.
    • o Coverage Optimal Mode (TPCv1) will optimize the radio to adjust power transmit level based on neighboring AP’s it discovers.
    • o You can only have one Mode selected. TPCv1 is the recommended mode to select. TCPv2 is discouraged unless you have advance understanding of networking.
    • o If you are interesting in using TPCv2 here is a link on a helpful document and WLC Configuration Analyzer tool.
    • If the signal strength isn’t good enough across the entire network you can manually bump up the Power Threshold to -67 or more a little at a time, until RRM is properly tuned.
  • Within 802.11a/n/ac click on RRM > Dynamic Channel Assignment (DCA) and Event Driven RRM (EDRRM)

  • Check Avoid Persistence Non-WiFi Interference
  • Channel Width to 40 MHz
  • If you have the 802.11ac module you can select Channel Width to 80 Mhz. This will also auto tune the 802.11n radios to 40 Mhz.
  • Enable Event Driven RRM
  • Within 802.11a/n/ac click on CleanAir

  • Under the 802.11a/n/ac tab click on CleanAir
  • Top checkbox, Enable CleanAir
  • On Interferers to Detect add all
  • On Trap on these types under For Security Alarms add Jammer, WiFi Inverted, WiFi Invalid Channel
  • Re-Enable the 802.11a/n/ac radio under the 802.11a/n/ac > Network left hand tab

Step 3: Tune QoS

  • Click on the Wireless top tab, then QoS Left Hand Tab
  • For each QoS Profile, under Wired QoS Protocol Protocol Type select 802.1p. Tag number default is typically preferred.

And that’s it! Where this is not an exhaustive tuning guide, it serves as a starting point for just about any deployment style. For an exhaustive list, web on over to

Wireless LAN Controller (WLC) Configuration Best Practices.

Here’s a few other resources that may help.