The 5 Major Features of @Cisco_Mobility HDX and How To Turn Them On

HDX is acronym speak for Cisco’s High Density Experience, which is marketing speak for a series of patented features that specifically address the challenges that stem from the ever growing number of WiFi clients and their need for more reliable, higher bandwidth network access.

The truth is in order to be WiFi Compliant, especially in the early days, certain things needed to happen by default. These default settings may have worked a few years ago but today, even though you’re using high-end AP’s and trusted code levels, you may be getting unacceptably poor performance. This is why I wrote up 3 Steps to Tuning a Cisco WLAN Controller From Default Settings. In just a few minutes of configuration time and a radio reset, you may experience exponential performance gains.

Tuning a WLAN controller only solves part of the problem.  This is especially true as your deployment begins to take on more clients, demanding more bandwidth. What kind of symptoms will you experience?

  • Clients are still in charge of deciding when and where to roam.
  • If you elect to use them, 802.11ac introduces larger channel widths meaning we’re more vulnerable to interference.
  • With WiFi only one client can talk at a time… it’s half duplex.  As clients get further from an AP they begin to talk slower to stay connected, leaving less time for fast clients to talk fast.
  • AP’s are getting closer together to accommodate more clients, and there are limited RF channels we can use.  Even with the newer FCC rule changes adding more available channels, it’s mostly good news for 11ac environments.

To solve these problems we need Optimized Roaming, CleanAir for 80 MHz Channels, ClientLink 3.0, Air Time Fairness, and Turbo Performance! Let’s dive in to what buttons to press, which options to check, and how to get it all working for us.

1. Optimized Roaming

What’s the problem: Client stickiness. The 802.11 standard says clients can roam. As such, it’s the clients responsibility to decide when and where to roam… they just don’t do it very well. Normally the client will not even TRY to roam until it can no longer connect at the lowest mandatory data rate. This is why I recommend turning off the lower data rates, suited to your environment. We are preventing the client from being really bad, not promoting good behavior.

What it is: Optimized Roaming promotes good behavior. If the client’s data signal strength dips 6 dB the AP will send a disconnect message, prompting a roam. You can optionally set a minimum data rate. If the clients tries to dip below the minimum, it’ll get a disconnect message, prompting another roam. Use caution here. If the client cannot connect at the minimum data rate, it won’t be able to connect at all.

How to turn it on:

  • Wireless > Advanced > Optimized Roaming
  • Check the Enable box in the 802.11a and 802.11b sections
  • Note you’ll get a warning: Modifying the default settings for the Optimized Roaming data rate and CHDM RSSI configurations could result in unintended client connectivity problems. Please be careful when making changes from the default settings
  • Reference from the 8.1 Configuration Guide

2. CleanAir for 80 MHz Channels

What’s the problem: It’s great that 802.11ac provides for greater bandwidth. It does that by using more spectrum, the channel is wider. More channel space means vulnerability to more interference. Interference is that that invisible threat that decreases overall throughput which often presents during times of load and is very difficult to troubleshoot.

What is is: CleanAir for 80 MHz Channels uses the built-in spectrum analysis of the Cisco AP to discover, identify, classify, and, most importantly, mitigate interference. Right away.

How to turn it on: CleanAir is OFF by default. So step one is Turn It On. It will automatically detect, identify, and classify. What we need to turn on is turn on 80 MHz channels and the Mitigate part of CleanAir. To do that got to Wireless > 802.11a/n/ac > RRM > DCA. There change the channel width to Best and at the bottom you need to make sure Event Driven RRM (ED-RRM) is Enabled. Note: By selecting the “Best” channel width, you are allowing the system to automatically back down the channel width if interference does not allow high-performance at 80 MHz.

3. ClientLink 3.0

What’s the problem: As a client gets further from the AP the signal strength from that AP get weaker. As a result, because it’s not yet time to “roam” it ends up lowering its data rate. It talks slower in order to stay connected. WiFi is a shared medium, meaning only one station (client or AP) can talk at a time. If a client is talking slow, there’s less time for the fast talkers to talk fast.

What it is: It’s fun with physics and it doesn’t need any client-side intelligence to work. So 802.11n introduced something called MIMO. It’s basically some fancy antenna technology that allows the AP to communicate with a client using multiple antennas at once. As seen in this 1 minute video called ClientLink at the Beach, when the transmissions from two or more antennas meet, they create a sweet spot of coverage. If your client is in that sweet spot, they’ll experience higher signal strength, and likely connect at a higher data rate. What is DOES is detect when the client is not in that sweet spot and it starts to manipulate the transmission timing on the multiple antennas putting a sweet spot right on the client.

How to turn it on: It’s on by default and works with any WiFi client out there that supports 802.11 a/g/n/ac!

4. Air Time Fairness (ATF)

What’s the problem: Guest users can potentially take up their unfair share of bandwidth downloading app updates or movies, degrading your business related WiFi traffic. Per-user bandwidth contracts only go so far. Because clients connect at different speeds, simple rate limiting is not efficient for WiFi.

What it is: Cisco Air Time Fairness allows us allocate an ability to consume bandwidth based on a defined group such as guests or smart phones. Regardless of a clients connected data rate, it can only talk a certain percentage of the time.

How to turn it on: Since you need to identify your groups and allocations, it’s not on by default. It’s a good idea to run ATF in monitor mode to understand actual bandwidth usage by SSID, by AP, or by a group of AP’s. Understanding that you can define and apply a policy.

  • Turn on ATF Monitor Mode

In the Wireless > ATF > Monitor Configuration menu select “Network.” Put a check next to 802.11a and 802.11b and click the enable button.

  • Configure ATF Policy

Here’s where a bit of planning helps. Remember that a policy is applied to an SSID, to an AP, or to an AP Group. First take a look at your actual Air Time allocation. Click on Wireless > ATF > ATF Statistics. Select an AP you want to see Air Time stats on. The top table shows you allocation over the last 3 minutes. The bottom table shows allocation as long as the radio has been up. Use this to determine the relative impact by enforcing “fairness.”

In the Wireless > ATF > Policy Configuration menu you will notice a policy ID 0 called “Default” with a weight of 10. This default cannot be changed, but don’t worry, you don’t need it to. Define all of the policy elements here. So if you want 75% employee allocation and 25% guest, you’d create 2 elements with appropriate weights. If you are building policies for multiple SSID’s or AP’s, just group them all together.

  • Apply the policy

Click on Wireless > ATF > Enforcement SSID Configuration. If you’ve followed the steps above, your radios will be in ATF Monitoring mode. Here is where you with them to “Optimized” mode or “Strict” mode enforcement. As it sounds, Strict mode enforces hard limits. Optimized allows for spiking above the policy if possible.

In the Policy Enforcement section you specify an SSID and a ATF Policy ID to enforce.

For a way more technical description check out the Cisco Air Time Fairness White Paper.

Cisco Air Time Fairness in the Configuration Guide

5. Turbo Performance

What’s the problem: As your network scales to many more devices with greater bandwidth needs, it won’t matter how fast we’re connected if we can’t process packets. With 802.11ac we’re processing nearly double the packets as with 802.11n! We could address this with a faster CPU but that’s an expensive upgrade.

What it is: Commodity hardware and chipsets need to have a central CPU to process packets. With Turbo Performance, Cisco dedicates CPU & RAM to each RADIO to perform packet processing at the edge. This is much more efficient than having a central processor do everything.

How to turn it on: You’re in luck! You have nothing to do to take advantage of this feature.

So this HDX… High Density Experience… is more than just marketing speak. It’s a set of patented technologies that show how hardware is just as important as software and something only Cisco can deliver.

  • Optimized Roaming
  • CleanAir for 80 MHz Channels
  • ClientLink 3.0
  • Air Time Fairness
  • Turbo Performance

For more information check out

What Happens When My Cisco WLAN Controller Goes Offline

You did all that work to get your controller configured, tuned, and finally is stable. Congrats. Problem is, I just tripped over the power cord. Now what happens?

The answer depends on what mode the AP is in, as you know. With a “Local” mode AP deployment, if the controller goes away, so does connectivity. So in that scenario you want to make sure there’s some sort of HA deployment. With our “HA” part numbers, you pay basically for the hardware and no licenses. With this model you’ve got 2 options. N+1 or 1+1. The 3rd option is FlexConnect.

With N+1 each AP has a primary, secondary, and tertiary controller. If the primary goes down, it will join to the secondary, then tertiary. When the joined controller goes down, you’re out of luck for about 2-3 minutes. You either need fully licensed controllers or, as long as the AP’s don’t use it as primary, the HA part number can act as secondary or tertiary.

With 1+1, also know as Client Stateful Switch Over (Client-SSO), you have 2 controllers that are physically together and connected with a TP cable. One is the HA part number. The 2 controllers will constantly share Client-level state information and if the primary goes down, the secondary takes over in less than 300 mS.

When AP’s are in FlexConnect mode, the AP is responsible for the data-plane and therefore if the controller goes away, even for an extended period, will still function. Of course there’s some feature loss when you use FlexConnect such as mDNS. FlexConnect is often used in branch deployments, which typically means mDNS wouldn’t be necessary anyway.

Here’s a link to the Configuration Guide describing N+1 and 1+1 High Availability:

Here’s the description of FlexConnect:

7 Features You Didn’t Know Your Cisco WLAN Controller Had

Marketing (normally) (well…sometimes) does a good job pointing out NEW features, neglecting some of the cool things that sets Cisco apart from the rest. Here’s 7 that may already on your network you may not know about.

AAA Override

The AAA Override option of a WLAN enables you to configure the WLAN for identity networking. It enables you to apply VLAN tagging, Quality of Service (QoS), and Access Control Lists (ACLs) to individual clients based on the returned RADIUS attributes from the AAA server. This feature has been around since the beginning. Details here.

Radio Resource Management (RRM)

The Radio Resource Management (RRM) software embedded in the controller acts as a built-in radio frequency (RF) engineer to provide consistent, real-time RF management of your wireless network. RRM enables controllers to continually monitor their associated lightweight APs:

  • Traffic Load – the total bandwidth used for transmitting and receiving traffic. It enables wireless LAN managers to track and plan network growth before client demand.
  • Interference – the amount of traffic coming from other 802.11 sources.
  • Noise – the amount of non-802.11 traffic that is interfering with the currently assigned channel.
  • Coverage – the receiver signal strength indicator (RSSI) and signal-to-noise ratio (SNR)for all connected clients.
  • Other – the number of nearby APs.

RRM Powered by CleanAir Technology


CleanAir technology delivers a systemwide solution that improves air quality with silicon-level intelligence to create a self-healing, self-optimizing wireless network that mitigates the impact of wireless interference and offers performance protection for 802.11n networks.
Details here.

Bonjour Services Directory

Following best practices, a WLAN is never on the same subnet as our wired client subnet. This fundamentally breaks Bonjour. Bonjour is Apple’s service discovery protocol which locates devices such as printers, other computers, and the services that those devices offer on a local network using multicast Domain Name System (mDNS) service records.
Bonjour Phase 2 for 7.5 release is an enhancement to Bonjour features introduced in 7.4 release. Bonjour feature includes the following: Location Specific Services (LSS) for wireless service, mDNS-AP (enhance VLAN visibility at WLC for non-layer 2 VLANs), Priority MAC support, Origin based service discovery, Per-service SP count limit is removed, Bonjour browser, Bonjour SSO, Bonjour debugging

Application Visibility (and Control)
This feature was added in 7.4 and enhanced in 7.5. Details here.

Client Stateful Switch Over


The new High Availability (HA) feature (that is, AP-SSO) set within the controller version 7.3 and 7.4 allows the AP to establish a CAPWAP tunnel with the Active WLC and share a mirror copy of the AP database with a Standby WLC. The APs do not go into the Discovery state when the Active WLC fails and the Standby WLC takes over the network as the Active WLC. There is only one CAPWAP tunnel maintained at a time between the APs and the WLC that is in an Active state.
Release 7.5 supports Client Stateful Switch Over (Client SSO) in Wireless LAN controllers. Client SSO will be supported for clients which have already completed the authentication and DHCP phase and have started passing traffic. With Client SSO, a client’s information is synced to the Standby WLC when the client associates to the WLC or the client’s parameters change. Fully authenticated clients, i.e. the ones in Run state, are synced to the Standby and thus, client re-association is avoided on switchover making the failover seamless for the APs as well as for the clients, resulting in zero client service downtime and no SSID outage.
With this new feature Cisco has introduced a new part number for several controller models. This part number is much lower cost and will only act as an AP or Client SSO HA controller.
Details here.

Client Load Balancing

When a wireless client attempts to associate to a lightweight access point, association response packets are sent to the client with an 802.11 response packet including status code 17. The code 17 indicates that the AP is busy. The AP responds with an association response bearing ‘success’ if the AP threshold is not met, and with code 17 (AP busy) if the AP utilization threshold is reached or exceeded and another less busy AP heard the client request.
For example, if the number of clients on AP1 is more than the number of clients on AP2 plus the load-balancing window, then AP1 is considered to be busier than AP2. When a client attempts to associate to AP1, it receives an 802.11 response packet with status code 17, indicating that the access point is busy, and the client attempts to associate to a different access point.
Variables totally configurable. This feature was added in 5.0 code and enhanced several times since. Look here for detail.

Enable Lower Data Rates Only (and other RF tweaks) for Certain AP’s

SIP Snooping and Preferring Calls to a Certain NumberThe Preferred Call feature enables you to specify the highest priority to SIP calls made to some specific numbers. The high priority is achieved by allocating bandwidth to such preferred SIP Calls even when there is no available voice bandwidth in the configured voice pool. This feature is supported only for those clients that use SIP-based CAC for bandwidth allocation in WCS or WLC. Works in 7.0 or newer code. Look here for detail.