CleanAirLabGuide1 3

Cisco CleanAir
Designing and Implementing a Wireless Network Using Cisco Spectrum Intelligence Lab Guide
Version 1.3
Brought to you by Team MIDAS
1/4/2011
Cisco CleanAir Version 1.3
Table of Contents
Introduction ..............................................................................................................................3 Implementation Status and Statement of Work ....................................................................4 Topology ....................................................................................................................................5 IP Addresses, Accounts, and Passwords .................................................................................5 Wireless Security Information .................................................................................................6 Prerequisite Knowledge ...........................................................................................................6 Disclaimer ..................................................................................................................................7 Exercise 1: Initialize Wireless Network Components .............................................................8 Exercise 2: Analyze Wireless Environment with CleanAir Spectrum Expert Mode .......... 20 Exercise 3: Connect a Client Laptop to the Wireless Network ........................................... 30 Exercise 4: Detect Radio Frequency Interferers .................................................................. 38 Exercise 5: Use WCS to Analyze Air Quality Events and Client Characteristics ................. 45 Exercise 6: View Interference Location Information with WCS and MSE ......................... 51 Exercise 7: Optional Research .............................................................................................. 56 Summary ................................................................................................................................ 58 Appendix A: Answers to Exercise Questions ....................................................................... 59 Appendix B: Final WLC Configuration .................................................................................. 62 Appendix C: References ........................................................................................................ 64
1/4/2011
Introduction
You are the consultant who will be executing a statement of work (SoW) for the fictitious customer Example Medical Center. Example provides emergency, heart, cancer, stroke, and surgery services for a metropolitan area of about 250,000 people. The staff of about 1000 employees supports 400 overnight patients, numerous emergency and out-patient clients, and hundreds of visitors per day. A broad range of clients and equipment keeps the IT staff at Example very busy, but despite being overworked, the staff has been asked to design, implement, and maintain a large-scale 802.11 wireless network. The wireless network will connect laptops, phones, and medical equipment. The IT staff has asked you to provide engineering consulting services to help them implement a reliable wireless network that will not be negatively affected by non-802.11 wireless devices, including cordless phones, surveillance cameras, and medical equipment. Working with your pre-sales technical support team, you and the IT staff at Example decided on a Cisco unified wireless solution that takes advantage of Cisco CleanAir. CleanAir is a system of software and hardware components that measure WiFi channel quality and identify non-WiFi sources of interference. Example chose the following products to implement their CleanAir infrastructure: CleanAir-enabled Cisco 3500 Access Points (AP). These APs include an advanced radio chipset and other electronics for built-in spectrum analysis, while also providing high-throughput wireless connectivity for 802.11a/b/g/n clients. Cisco Wireless LAN Controller (WLC). The WLC is an appliance for managing a set of APs. The APs collect and process information about interference sources and forward it to the WLC. A WLC is required to use CleanAir. Wireless Control System (WCS). The WCS is optional software that acts as an advanced management platform for WLCs. A user accesses WCS via a web browser and uses it to configure the controller and APs, and to view Air Quality (AQ) records and other CleanAir reports. Mobility Services Engine (MSE). The MSE is optional software that tracks the real-time location of interference devices and consolidates interference reports from multiple WLCs. It also provides historical location reports.
The following figure shows the flow of data in a CleanAir architecture and the various protocols that Clean Air uses, such as Control and Provisioning of Wireless Access Points (CAPWAP), Network Mobility Services Protocol (NMSP), and Simple Object Access Protocol (SOAP).
1/4/2011
The figure shows the CleanAir Spectrum Analysis Engine (SAgE) chip in an AP. SAgE is a spectrum analyzer ASIC with a 256-point Fast Fourier Transform (FFT) engine that provides 78-KHz Resolution Bandwidth (RBW). The SAgE hardware runs in parallel with the WiFi chipset and processes near line-rate information. This enables the identification of numerous interference sources, with no penalty in throughput of user traffic. The figure also shows the Air Quality (AQ) store on the WLC and the AQ database on the WCS. AQ is a Cisco metric that represents the state of the radio spectrum and the bandwidth available for WiFi channels. AQ values range from 0 % (bad) to 100 % (good). In the figure you can also see the IDR store on the WLC and the IDR database on the MSE. Interference Device Reports (IDR) document the classification, characteristics, and location of interference devices including cameras, RF jammers, microwave ovens, motion detectors, cordless phones, Bluetooth headsets, and so on. APs collect and process IDRs and forward them to the WLC. The WLC performs a merge function for IDRs from APs that are associated with the WLC so that a single device is only reported once. If you have multiple WLCs, then the MSE provides the merge function.
Implementation Status and Statement of Work

Your junior engineer has already installed and cabled the CleanAir components for a pilot implementation of Examples wireless network. The junior engineer has partially configured a 3502 AP, WLC, WCS, and MSE. The SoW for your current engagement states that you should test the pilot wireless environment for interferers, complete the
1/4/2011
5 configuration of the wireless components, and provide detailed documentation. The documentation should be in the form of an architecture document that includes detailed topology diagrams, addressing information, configurations, and the results of your testing for interferers and optimal performance. Your pre-sales team has already created an initial topology diagram, which is shown in the following section. Example has provided IP addressing and security information, which are shown in the following sections.
Topology
The following diagram depicts the logical topology for Examples pilot wireless project.
IP Addresses, Accounts, and Passwords

The following table lists the internal IP addresses used by devices in this lab where x is your lab pod number, e.g. 1, 2, 3
Device Cisco WCS Cisco WLC Laptop Win XP Desktop IP Address 10.13.x.10 10.13.x.40 10.13.x.100 10.13.x.80
1/4/2011
6 The following table lists the accounts and passwords used in this lab.
Device Cisco WCS Cisco WLC Laptop Win XP Desktop Account (username/password) root/cisco123 admin/admin cisco/cisco administrator/cisco
NOTE: For the purposes of this lab, always select Continue to this website when you see these browser prompts:
Wireless Security Information

Each pod uses a unique wireless Service Set Identifier (SSID) in the form of EWMpodx where x is your pod number, e.g. POD1 = EWMpod1. For wireless security, Example will use WiFi Protected Access (WPA) with a Pre-Shared Key (PSK). The PSK is 1234567890.
Prerequisite Knowledge
This lab assumes that you have a solid understanding of fundamental wired and wireless networking theory and practice.
1/4/2011
Disclaimer
The lab exercises presented here are intended to provide an introduction to Cisco CleanAir, WLC, WCS, and MSE. This lab is primarily intended to be a learning tool. In order to convey specific information, the lab may not follow best-practice recommendations at all times. Please ensure that you consult all current official Cisco documentation before proceeding with a design or installation. See the appendixes for a list of helpful Cisco documents. This lab was constructed using the following software versions:
Cisco WLC 4400 Cisco AP 3502-I Cisco IOS Cisco WCS Cisco MSE Console PC Laptop Version 7.0.98.0 Version 7.0.98.0 Version 12.4.23.0 Version 7.0.164.0 Version 7.0.105.0 Windows XP Professional Service Pack 2 Windows XP Professional Service Pack 3
1/4/2011
Exercise 1: Initialize Wireless Network Components

In this exercise you will verify that you can connect to the various components of the wireless network. You will reset your WLC and launch WCS. Once you get into WCS, you will use it to enable CleanAir on your AP and interferer tracking on your MSE. Your junior engineer provided a basic configuration for the devices in the pilot implementation of Examples wireless network, but its always a good idea to check your junior engineers work. Section 1.1: Access the Win XP console PC. All the exercises in this lab require working with the Win XP console PC. You will remotedesktop to this machine to access lab resources. From the GOLDLabs portal, click the Topology tab. Notice the topology map and the Pod VM Server box. Click the Win XP box that is inside the Pod VM Server box, and select RDP Client from the pulldown menu.
When the File Download dialog displays, click Open.
1/4/2011
You will see that you are connecting to the remote computer (the Win XP PC). Log in with the administrator username and cisco password.
Your Win XP desktop will look like the following screenshot.
1/4/2011
10
NOTE: Dont close the TFTP server. You will need it in the next section to load the initial WLC configuration and in other sections if you wish to reload the initial configuration. Section 1.2: Load initial WLC configuration. Double-click the Pod-WLC icon on the WinXP desktop. This will launch your web browser and give you access to your Wireless LAN Controller (WLC).
Log in to your WLC with the admin/admin credentials.
1/4/2011
11
Click the COMMANDS link at the top. On the left, click Download File.
Use the following information: File Type = Configuration IP address = 10.13.x.80 (where x is your pod #) File path = / File name = ewm-cleanair Click Download.
1/4/2011
12
Click OK if you see a warning about encryption and ignore other warning messages. Soon you will see messages about the TFTP download completing and the system being reset. The controller will reboot. This will take a few minutes. Youll know its finished when you can click the MONITOR link and see information about your controller.
Q1_1: What is the management IP address of your controller? Q1_2: What is the service port IP address of your controller? Q1_3: Why is it a good idea to use a service port? Q1_4: What version of software is your controller running? Q1_5: What is the uptime for your controller?
1/4/2011
13 Section 1.3: Enable CleanAir from WCS. Now that you have gotten a quick look at the WLC graphical user interface, lets take a look at the Wireless Control System (WCS) interface. Minimize the WLC browser window for now. Then from the Win XP desktop, double-click the Cisco WCS icon. This will open the WCS interface in a new tab in Internet Explorer.
Log in with the root username and cisco123 password.
Click the Configure menu at the top and select Controllers.
1/4/2011
14
Click your pods WLC address (10.13.x.40).
Expand the 802.11b/g/n link on the left and click CleanAir. Make sure the CleanAir Enable checkbox is checked.
1/4/2011
15
Scroll down and take note of the Alarm Configuration for Air Quality. Alarms should be enabled and the threshold set to its default value of 35.
Now scroll down some more and click Save. Notice that Event Driven Radio Resource Management (EDRRM) is disabled by default. We will enable it later.
1/4/2011
16
Section 1.4: Enable CleanAir Collection Status. WCS provides historical reports for monitoring and trending Air Quality (AQ) in your infrastructure. For CleanAir data to be collected and made available, the appropriate background tasks must be running. In WCS navigate to Administration > Background Tasks.
Click CleanAir Air Quality.
Make sure that Collection Status is enabled and the interval is 15 minutes. Click Save.
1/4/2011
17
Section 1.5: Enable MSE interferer tracking. In this section you will make sure that the Mobility Services Engine (MSE) is tracking interferers. Navigate to Services > Mobility Services.
Click the name of your MSE.
1/4/2011
18
On the left, click Context Aware Service to expand it and from there navigate to Administration > Tracking Parameters. Make sure Interferers is checked.
Scroll to the bottom and click Save.
1/4/2011
19
Section 1.6: Summary. In this lab you initialized your WLC and used WCS to ensure that CleanAir and MSE interferers-tracking are enabled and configured correctly.
1/4/2011
20
Exercise 2: Analyze Wireless Environment with CleanAir Spectrum Expert Mode

Before continuing the configuration work, Example has asked you to analyze the wireless environment to check for interferers. To meet this requirement, you will place your 3500 AP in SE-Connect mode and use it as a spectrum analyzer. In Spectrum Expert (SE) mode, the AP scans multiple channels and provides information on signal strength and noise. Later you will put the AP back to the default Local Mode, where it acts as an AP for clients, and where it only analyzes interference on its current channel, but for now, you will use SE-Connect mode. Spectrum Expert mode enables the viewing of raw spectrum data, such as Fast Fourier Transform (FFT) plots. The mode does not support gathering IDR and AQ metrics and does not serve clients, but it is very useful when designing and troubleshooting a wireless network. This mode lets an engineer analyze the spectrum for any CleanAir AP in any location, and saves the engineer a trip onsite with a hardware spectrum analyzer or a laptop running Ciscos dedicated Spectrum Expert application. Before enabling SE-Connect Mode, be sure to explain to Example the following modes: Local Mode AP (LMAP). A local-mode AP serves traffic on a specific channel. It also monitors for interferers on that channel. Tight integration with the WiFi radio allows the CleanAir hardware to listen between 802.11 packets with no penalty to throughput for attached clients. In LMAP mode, an AP does not detect an interferer unless it is active on the same channel as the AP. Although a LMAP scans other channels for Radio Resource Management and rogue detection purposes, the dwells arent long enough to identify and classify interferers. SE-Connect Mode. SE-Connect mode is also sometimes called Spectrum Only Monitor Mode (SOMM). An AP configured in this mode acts as a dedicated spectrum sensor. This enables the Cisco Spectrum Expert application running on a remote host to use the CleanAir AP as a spectrum analyzer. Monitor Mode AP (MMAP). A monitor-mode AP is dedicated to scanning and does not serve client traffic. It provides scanning on all channels using 40-MHz dwells. In an overlay model, MMAPs can be deployed with LMAPs to provide additional interference analysis, or with non-CleanAir APs, to provide channel monitoring for legacy networks. Monitor-mode is often used in Cisco Adaptive Wireless Intrusion Prevention System (wIPS) deployments when security is a primary driver. An MMAP could recognize an RF jammer, for example.
1/4/2011
21
Section 2.1: Use WCS to put your AP in SE-Connect mode. In WCS, navigate to Configure > Access Points.
Click the name of your AP (in the row that says 802.11b/g/n for Radio).
From the AP Mode pull-down menu, select SE-Connect. Click OK on the warning about the AP rebooting.
1/4/2011
22
Scroll down to the bottom part of the screen and click Save.
Click OK again if you see another warning about the AP rebooting. After several seconds, you should see a message that the AP reboot has initiated successfully. Click OK.
1/4/2011
23
After rebooting, the AP needs to re-associate with the WLC and initialize SE-Connect mode. This can take several minutes, so go grab a cup of coffee. You can also use this time to answer the following questions. Q2_1: What is a spectrum analyzer and what services does it provide? Q2_2: What does Resolution Bandwidth (RBW) mean in the context of RF measurements? Q2_3: What does dwell mean in the context of RF measurements? Q2_4: What does duty cycle mean in the context of RF measurements? Q2_5: Research radio ramming. What is it? Are RF jammers legal in your country? Section 2.2: Use your AP as a spectrum analyzer. Navigate to Monitor > Access Points. Click the round icon next to the MAC address of your AP to launch Spectrum Expert.
1/4/2011
24 NOTE: If you see a Retry button, click Cancel. Close the Spectrum Expert application and try accessing it again in a few minutes. (The Retry button doesnt seem to work.) Click OK to confirm that the AP is reachable. Click Open to download and launch the Spectrum Expert application using the *.ccf file.
Spectrum Expert should now be connected to the AP. After several seconds, you should see the spectrum analyzer screens. The graphs span 100 MHz, centered at 2.450 GHz, and use a Resolution Bandwidth (RBW) of 156.25 kHz. The graphs show information for Trace 1. A trace is simply a line that plots the RF data of interest. For some graphs, you can have more than one trace and select the type of data each trace displays (such as average or maximum RF power). We wont do that here, though. You should see the following default panels with their default settings: Real-Time FFT. Displays RF power as a function of frequency. FFT Duty Cycle. Displays the percentage of time that any transmitters or the ambient RF signal are using the bandwidth, as a function of frequency. Swept Spectrogram Max. Each colorized line displays the RF power as a function of frequency, measured over each second. Swept Spectrogram Duty Cycle. Each colorized line displays the RF duty cycle as a function of frequency, measured over each second.
1/4/2011
25
In the Swept Spectrogram plots, color coding indicates the intensity of either RF power or RF duty cycle for a frequency, with violet and blue being less intense, and orange and red being more intense. Heres a scale for power (in dBm) and duty cycle (a percentage).
Section 2.3: Cause some interference. To start with, you may not see evidence of much interference, but in order to test Examples ability to see interference if it should happen, you will cause some interference in this section. In this lab, you are given three non-802.11 wireless video cameras that can interfere with one of the 2.4-GHz channels that your AP is operating on. The wireless cameras are individually set to channel 1, 6, or 11. Using a remote-capable APC switch, you can turn on a camera to cause interference for your AP.
1/4/2011
26 Return to the GOLDLabs portal page and click the Topology tab. (This is the same page that you used to get into the Win XP desktop). Then click a camera icon to turn a camera on. For this part of the lab, it doesnt matter which camera you enable.
Now return to your Spectrum Expert window and view the evidence of the interferer. The interferer is especially evident in the Swept Spectrogram plots.
1/4/2011
27
Once you have seen evidence of an interferer, return to the Topology page and turn the camera back off.
1/4/2011
28
In Spectrum Expert, you should see evidence that the interference has stopped.
1/4/2011
29 You can quit the Spectrum Expert application at this time. Section 2.4: Summary. In this exercise you put your Cisco CleanAir AP in SE-Connect mode and used it as a spectrum analyzer. Your customer, Example, asked you to analyze the health of the spectrum in preparation for their wireless deployment. You caused some interference with a video camera and analyzed it and then stopped causing interference so that the spectrum looks clean again. Then you quit the Spectrum Expert application. You will now move on to using the AP for client traffic.
1/4/2011
30
Exercise 3: Connect a Client Laptop to the Wireless Network

In this exercise you will first put your AP back in the default Local Mode. Then you will prepare the AP for clients and connect a client laptop to the wireless network. In the previous exercise you showed your customer, Example, that the AP can detect interference when in SE-Connect mode. Its important to point out that the AP can also detect interference in other modes as well, and in fact when in Local Mode, it can change its channel when it detects interference. Local mode doesnt detect an interferer unless its active on the same channel as the AP, but its generally the default mode, nonetheless, because it supports clients, whereas SE-Connect and Monitor Mode do not. Section 3.1: Put your AP back in Local Mode. In WCS, navigate to Configure > Access Points.
Click the name of your AP.
1/4/2011
31
From the AP Mode pull-down menu, select local.
Click OK to the message about switching modes terminating active Spectrum Expert connections.
1/4/2011
32 Scroll down to the bottom part of the screen and click Save.
Click OK on the warning about the AP rebooting. Click OK again when you see the message that says the reboot command initiated successfully. Now be sure to wait a few minutes for the AP to actually reboot. You can make sure its completely rebooted and associated with the WLC by going to Monitor > Access Points. Note that you should not see the little disk icon next to the AP name implying that it is not yet associated with the WLC. (You will see the legend near the bottom that says what the disk icon means, but you should not see it next to the AP name.) Section 3.2: Set up security on the AP. Youve done the last few sections from WCS. Lets return to WLC to set up the security on your AP. You should still have a tab for WLC in Internet Explorer. (If you dont, you can launch WLC again by double-clicking the Pod-WLC icon on the desktop of the WinXP PC and logging in with the admin/admin credentials.)
1/4/2011
33 NOTE: Sometimes it can be confusing to know whether youre in the WCS or the WLC. The WLC capitalizes the commands at the top whereas the WCS does not. Thats one way to distinguish the two. Click the WLANs link at the top of the WLC window. Then click the WLAN ID for your WLAN (ID 1).
Click the Security tab.
Select the following options: Layer 2 Security = WPA+WPA2 WPA2 Policy = checked WPA2 Encryption = AES Auth Key Mgmt = PSK PSK Format = ASCII Type the pre-shared key (PSK) = 1234567890
1/4/2011
34
Click Apply. Click OK to continue. Section 3.3: Access your client laptop and make sure it is connected it to the wireless network. From your Win XP desktop, double-click the IP KVM Remote Laptop icon.
Log in to the Raritan Dominion system with the cisco/cisco credentials.
1/4/2011
35
Click the port name (for example, Dominion_KX2_101_port1) and click Connect.
Once the KVM session appears you will see the desktop of the laptop. (If you see a login screen, please use cisco/cisco for the credentials.) Double-click the icon in the system tray for the Intel PROSet wireless utility. (The icon is beside the clock and looks like a spinning top. It should be green, though if something went wrong in your setup, then it might be yellow.)
1/4/2011
36 You should see a message that says you are connected to EWMpod# where # is your pod number. Notice that your client has also gotten a DHCP-assigned IP address, 10.13.x.102, where x is your pod number. During the rest of the lab exercises, feel free to return to your client to ensure you havent caused connectivity problems for it.
NOTE: If you dont see that your laptop is connected to your pod SSID, the most likely reason is that you didnt set up the security for the AP correctly in the WLC. Return to the steps a few pages back and correct your work. If you cant get the connection to work with security, then try no security. Although you wouldnt disable security in the real world, for our purposes no security is fine. You can also move on to the next exercise as getting the client to connect is not the focus of the lab. Q3_1: Click the Details button for your Intel PROSet wireless card. What wireless band is your wireless card using? Q3_2: How many antennas is your wireless card using? Q3_3: What channel is your wireless card using? You can minimize your laptop connection now, but feel free to come back to the laptop whenever you wish to do some testing from a wireless clients point of view.
1/4/2011
37 Section 3.4: Summary. In this exercise you used WCS to put your AP back in Local Mode where it can support wireless clients. You also used WLC to set up the security for your wireless network and connected a wireless laptop.
1/4/2011
38
Exercise 4: Detect Radio Frequency Interferers

One of the main reasons Example chose Cisco CleanAir is its capability to detect and avoid RF interferers. Example has asked you to enable Event Driven Radio Resource Management (EDRRM). This feature is part of Ciscos Dynamic Channel Assignment (DCA) technology. With DCA, a controller assigns and reassigns channels to avoid noise and interference, and to maximize capacity. Example Medical Center is concerned about interference because the medical center has numerous pieces of equipment that transmit wirelessly. In addition, patients and visitors can bring in wireless devices. There is also a nearby caf that provides wireless access. Someone reading e-mail in the caf could affect mission-critical operations on Examples wireless network. Cisco wireless controllers address this type of problem by dynamically allocating AP channel assignments. Channels are assigned and reassigned in real-time to avoid interference and rogue APs. DCA examines a variety of real-time RF characteristics in order to make channel assignments. These include: AP received energy. A WLC examines the received signal strength reported by APs and their neighboring APs. Noise. Any signal that cannot be decoded as an 802.11 signal is considered noise. This can be from a non-802.11 source (such as a microwave oven or Bluetooth device) or from an 802.11 source whose signal has been corrupted due to a collision or other problem. 802.11 interference. This includes any 802.11 traffic that is not part of your wireless LAN, such as traffic from rogue APs and neighboring wireless networks. Utilization. When utilization monitoring is enabled, a controller can consider that some APs are more important than others and need more capacity (for example, an engineering area versus a lobby). Load. When load monitoring is enabled, a controller takes into account clients currently in the wireless LAN when changing the channel. This metric keeps track of every APs transmitted and received packet counts to determine how busy the APs are. This helps new clients avoid an overloaded access point.
Event Driven Radio Resource Management (EDRRM) allows an AP in distress to bypass normal RRM intervals and immediately change channels. This change is driven by Air Quality (AQ) level with an adjustable trigger threshold. The key benefit of EDRRM is fast action time. If an interferer is operating on an active channel and is causing severe AQ degradation that could result in clients being unable to use the channel, EDRRM changes the APs channel within 30 seconds of the problem being identified.
1/4/2011
39 The sensitivity setting for EDRRM sets the AQ threshold at which the feature triggers. The levels are: Low: 35 Medium: 50 (default) High: 60
NOTE: Once EDRRM triggers a channel change, the AP is prevented from returning to that channel for three hours. CAUTION: Due to this lab being offered remotely, with multiple pods and many interferers, the results of this exercise are variable. Section 4.1: Enable EDRRM. Return to your Wireless Control System (WCS). You should still have it open in a tab in Internet Explorer. If you dont, you can double-click the Cisco WCS icon on the Win XP desktop and log in with the root/cisco123 credentials. From WCS, navigate to Configure > Controllers.
Click the IP address of your controller.
1/4/2011
40
Click the arrow next to 802.11b/g/n in the left panel to expand the options. Navigate to RRM > DCA. Enable Avoid Persistent Non-WiFi Interference. Now scroll down and also enable Event Driven RRM. Click Save.
Section 4.2: Check your current AP channel. In WCS, navigate to Monitor > Access Points.
Click the 802.11b/g/n Radio link to determine the current channel.
1/4/2011
41
In the Radio Details - On Demand Statistics screen you should see your channel.
Section 4.3: Introduce interference and watch DCA change the channel. Return to the GOLDLabs portal page and click the Topology tab. Locate the Camera # icon where # matches the channel that your AP is using (you determined the channel in the previous section). Turn that camera on.
1/4/2011
42
Now go back to the WCS Radio Details - On Demand Statistics screen. After about 30 seconds, click the Refresh button near the top-right corner of the WCS screen.
You should see that the AP has changed its channel. Notice from the following screenshot, on the pod where this lab guide was developed, the radio automatically changed from Channel 1 to Channel 6. Thats EDRRM in action!
1/4/2011
43
When you see the channel change, you know that the interference has met the threshold used by the controller to tell it to change to a better channel. Once you have seen the channel change, return to the Topology page and turn off your camera.
1/4/2011
44
Q4_1: Did the laptop also change channels and how would you know? Q4_2: You determined the new channel number. How wide is the channel? Q4_3: What does persistent non-WiFi interference mean? Q4_4: You viewed the results of the interference with WCS. Did WLC also see evidence of the interference and how would you know? Section 4.4: Summary. In this exercise you enabled EDRRM and then caused some interference on your APs channel. You watched as DCA changed the APs channel to avoid the interference.
1/4/2011
45
Exercise 5: Use WCS to Analyze Air Quality Events and Client Characteristics
In the previous exercise you saw that RRM can mitigate interference by changing channels. Its also important to learn more about the interferers, so you can locate them, and, if practical, remove them. Example has asked you to demonstrate a few more WCS features that will help them do that. Section 5.1: Analyze RRM statistics. In WCS, navigate to Monitor > RRM.
There should be evidence of a Major Air Quality Event in the Channel Change Reason [a/b/g/n] (Last 24 Hours) display.
1/4/2011
46
Scroll to the middle of the page and click the link for Last 24 Hrs.
You should see a historical view of channel changes. Click Event Details for the most recent change.
In the Channel Change Event Details page, look at the Message and Interferer Name. You should see information about a video camera and the affected channels reflecting what occurred when you introduced interference on the operating channel with the wireless video camera.
1/4/2011
47
Section 5.2: Examine Air Quality. In WCS, click the Home icon. It looks like a little house.
Click the CleanAir tab. Notice the 802.11b/g/n average air quality. Your results may vary, but for the pod where this lab guide was developed, its clear that the quality went down today (because of the interference we caused).
1/4/2011
48
For a more detailed look, click the View in Grid icon.
You should see a list of average Air Quality (AQ) values.
1/4/2011
49
Section 5.3: Analyze a clients characteristics. Interference often affects a client before it affects the AP because clients have lowerpower antennas. When troubleshooting client performance problems, its essential to know if interference is a factor. CleanAir has been integrated into the Client Troubleshooting tool on WCS for that reason. In WCS, navigate to Monitor > Clients.
Click the troubleshooting icon next to the MAC address of a client.
1/4/2011
50
Click the CleanAir tab to view information about interference sources that could be affecting clients. In a lab environment, you might not see any interferers, but hopefully you can see how useful this information could be in the real world.
Q5_1: In the Monitor Client window, click the Summary tab. How would you use this information to troubleshoot a client having problems? Q5_2: Click the Log Analysis tab. How would you use this information to troubleshoot a client having problems? Q5_3: Click the Event History tab. How would you use this information to troubleshoot a client having problems? You can close the Monitor Client window now. Section 5.4: Summary. In this exercise, you examined AQ reports and learned how to troubleshoot a client having problems.
1/4/2011
51
Exercise 6: View Interference Location Information with WCS and MSE

With WCS, you can locate interferers on a map and learn more about their characteristics. A WLC can merge interference data that is being reported by APs that it manages, but when interference is detected on APs that are not on the same controller, MSE handles merging the information. MSE adds other enhancements to CleanAir as well, including the capability to see the zone of impact of interferers and to track interference history. CAUTION: Due to this lab being offered remotely, with multiple pods and many interferers, the results of this exercise are variable. Section 6.1: Analyze the worst interferer and show zone of impact. In WCS, click the Home icon.
Click the CleanAir tab. Locate the Worst 802.11b/g/n Interferers panel. NOTE: If you dont see a worst interferer, use the skills you developed in the previous exercises to determine the channel that your AP is currently using and to start the camera for that channel to cause interference. Then be patient because it can take some time for WCS to notice the worst interferer. For your worst interferer, click System Campus in the Floor column.
1/4/2011
52
A screen displays with a heat map emanating from the interferer. Pass your mouse over the interference icon to see specific information about the interferer. Notice the detecting APs. This is the list of APs that see the interferer. The Cluster Center is the AP that is closest to the device. The duty cycle is a number between 1 and 100 percent that indicates the persistence of an interferer, in other words the fraction of each time period that it is active. Severity is also a number between 1 and 100. The last line shows the Zone of Impact. This is the circular area that the interference device is suspected of disrupting. The circle darkens with higher severity.
1/4/2011
53
On the left, click the arrow next to Interferers to show the Interferer Filter window. Check Show Zone of Impact. Click OK. This will show the interferers zone of impact and how serious the interference was, where more opacity means more serious.
Click the arrow next to Access Points to bring up the AP Filter box. Enable Show Detected Interferers. Click OK. A blue box should display that says something like -35 dBm. Click the blue box to see the source of interference.
Now click the interferer icon on the heat map to view detailed information about the interferer. (Close the Active Interferers box if its blocking the icon.)
1/4/2011
54
NOTE: If you needed to recreate interference to see your worst interferer, be sure to return to the Topology page and turn off the camera. Section 6.2: View interference location history. This information may not be available in a lab environment, but in an operational environment, you can use the command menu in the right corner to selection Location History. Click Go to see interference location history information.
Q6_1: What role does an AP play in a CleanAir system? Q6_2: What role does the WLC play in a CleanAir system?
1/4/2011
55
Q6_3: What role does the WCS play in a CleanAir system? Q6_4: What role does the MSE play in a CleanAir system? Section 6.3: Summary. In this lab you used WCS and MSE to analyze information about an interferer, including its location on a map.
1/4/2011
56
Exercise 7: Optional Research

Example has asked you to demonstrate a few other features of WCS and Clean Air. Section 7.1: Examine the WCS Security dashboard. In WCS, click the Home icon. Then click the Security tab.
Q7_1: What are the top security issues for your pods wireless network? Q7_2: What attacks, if any, have been detected? Q7_3: What are four classifications for rogue APs that can cause security alerts? Malicious, unclassified, friendly, and ad hoc? Section 7.2: View alarms. Click the down arrow in the Alarm Summary panel at the top of WCS. If there is an alarm, click the associated link to see additional detail.
1/4/2011
57
Section 7.3: Access the Report Launch Pad. Navigate to Reports > Report Launch Pad.
Click New to see new reports. There may not be enough data to generate any useful reports, but feel free to explore if there is time.
Section 7.4: Summary. In this section, you looked at additional WCS features for analyzing security, viewing alarms, and running reports.
1/4/2011
58
Summary
In this lab you helped Example Medical Center prepare for a large-scale 802.11 wireless network deployment. To ensure that the network reacts to interference in an optimal manner, you enabled CleanAir features. You started by initializing your Wireless LAN Controller (WLC), and then from your Wireless Control System, you enabled CleanAir on the WLC and interferer-tracking on the Mobility Services Engine (MSE). Before further configuring your devices you put your AP in SE-Connect mode to take advantage of its spectrum analyzer capabilities. Then you put it back in the default Local Mode, configured wireless security, and connected a wireless client laptop. The main focus of this lab was to use Dynamic Channel Allocation (DCA) and EventDriven Radio Resource Management (EDRRM) to allow the WLC to very quickly detect interference and change channels to avoid it. Using WCS, you analyzed air quality events, RRM statistics, and client characteristics. You also used MSE features to research information about the worst interferer and to show its Zone of Impact on a campus map. In the final optional exercise, you examined the CleanAir Security dashboard, threshold alarms, and the Report Launch Pad.
Congratulations! You have completed the lab.
1/4/2011
59
Appendix A: Answers to Exercise Questions

Q1_1: What is the management IP address of your controller? The address should be 10.13.x.40 where x is your pod number. Q1_2: What is the service port IP address of your controller? This lab doesnt use a service port, so the address is 0.0.0.0. Q1_3: Why is it a good idea to use a service port? Cisco recommends that you manage controllers through a dedicated service port for improved security. The service port is not routable. It must be in the same subnet as the hosts that will be accessing it. Q1_4: What version of software is your controller running? The version should be 7.0.x. Q1_5: What is the uptime for your controller? The uptime should be just a few minutes, at most, since you just rebooted the controller. Q2_1: What is a spectrum analyzer and what services does it provide? A spectrum analyzer is a device that examines and displays the spectral composition of a waveform as it changes in real time. A typical spectrum analyzer displays power levels for a given frequency range, which can be very helpful when conducting a wireless site survey or when troubleshooting interference. Digital spectrum analyzers use a mathematical process, called Fast Fourier Transform (FFT), that efficiently transforms a waveform into its spectrum components. Q2_2: What does Resolution Bandwidth (RBW) mean in the context of RF measurements? RBW means the smallest frequency that can be measured. It is the bin size for RF power measurements. It dictates the precision of a frequency measurement. Q2_3: What does dwell mean in the context of RF measurements? A dwell is a short pause to listen to a particular frequency or frequency range. APs can do dwells in support of rogue detection and metrics-gathering for RRM. Spectrum analyzers do a series of dwells to cover a frequency band. The term dwell time is also often used to refer to how much relative time is spent on a range of frequencies. Q2_4: What does duty cycle mean in the context of RF measurements? Duty cycle is the fraction of time that a transmitter or noise is active. For example, if a transmitter is active for half the time during which a measurement is being conducted, the duty cycle is 50%. The term is often used to represent the level of disruption that a transmitter or noise causes.
1/4/2011
60 Q2_5: Research radio ramming. What is it? Are RF jammers legal in your country? Radio jamming is the act of transmitting RF signals or noise that disrupt communications, usually with a malicious intent. Most types of RF jammers are illegal in most countries, including the US, although law enforcement can legally use them (e.g. to disrupt a cell-phone-activated bomb.) Q3_1: Click the Details button for your Intel PROSet wireless card. What wireless band is your wireless card using? Answers may vary, but probably the wireless card is using 802.11g. Q3_2: How many antennas is your wireless card using? Answers will vary, but probably the wireless card is using three antennas. Q3_3: What channel is your wireless card using? Answers will vary. Q4_1: Did the laptop also change channels and how would you know? The laptop should change channels too. You could go back to the laptop and click the Details button for the Intel PROSet wireless card to verify this. Q4_2: You determined the new channel number. How wide is the channel? You can see this in the Radio Details - On Demand Statistics window in WCS. Its probably 20 MHz. Q4_3: What does persistent non-WiFi interference mean? Persistent non-WiFi interference refers to devices that are stationary, such as a wireless bridge or a microwave oven, that cause interference periodically (or continuously). For example, if employees use the lunchroom microwave oven every afternoon, the oven could be considered a persistent interferer. RRM recognizes these devices and avoids using the channel that they operate on (if you enable the DCA feature to avoid persistent nonWiFi interference, which we did in this lab). Q4_4: You viewed the results of the interference with WCS. Did WLC also see evidence of the interference and how would you know? You could return to WLC from your web browser. Note that there are at least two places where you will likely see evidence of the interference: 1) The MONITOR > Summary screen, under Most Recent Traps, and 2) The MONITOR > Cisco CleanAir > 802.11b/g/n > Air Quality Report. Q5_1: In the Monitor Client window, click the Summary tab. How would you use this information to troubleshoot a client having problems? Answers will vary, but you should be able to see how useful this information can be when researching whether a clients problems are due to errors associating with an AP, authenticating, or getting an IP address.
1/4/2011
61 Q5_2: Click the Log Analysis tab. How would you use this information to troubleshoot a client having problems? With the log analysis feature, you can capture messages as a clients computer initializes its wireless connection, authenticates, and gets an IP address. This can be extremely helpful when clients call to say they are having wireless connectivity problems. Q5_3: Click the Event History tab. How would you use this information to troubleshoot a client having problems? This tab shows the most recent client and AP events. This information can be useful for troubleshooting client problems and issues with your wireless infrastructure. Q6_1: What role does an AP play in a CleanAir system? APs collect information about devices that are operating in the 2.4- and 5-GHz bands, identify and evaluate the information as a potential interference source, and forward it to the WLC. Q6_2: What role does the WLC play in a CleanAir system? WLCs let you configure CleanAir capabilities on your APs. They also collect and process Air Quality (AQ) reports from APs, collect and process interference device reports (IDRs), and forward spectrum data to the WCS and MSE. The WLC performs a merge function for IDRs from APs that are associated with the WLC so that a single device is only reported once. Q6_3: What role does the WCS play in a CleanAir system? The WCS provides an advanced management platform so that you have full visibility and control of your APs, WLCs, and CleanAir. It includes a CleanAir dashboard to let you analyze interference information. It also provides access to AQ data and a wireless heat map. Q6_4: What role does the MSE play in a CleanAir system? The MSE provides real-time location tracking information for interferers. In addition, it supplies historical reports and merging of interference reports if the wireless network has more than one WLC. Q7_1: What are the top security issues for your pods wireless network? Answers will vary. Q7_2: What attacks, if any, have been detected? Answers will vary but hopefully there werent any attacks. Q7_3: What are four classifications for rogue APs that can cause security alerts? Malicious, unclassified, friendly, and ad hoc.
1/4/2011
62
Appendix B: Final WLC Configuration

config sysname P1-WLC config media-stream add multicast-direct video1 239.100.1.1 239.100.1.5 detail 1500 1200 periodic video 4 fallback config media-stream multicast-direct enable config interface address management 10.13.1.40 255.255.255.0 10.13.1.1 config interface port management 1 config interface dhcp management primary 10.13.1.1 config interface dhcp service-port enable config interface address virtual 1.1.1.1 config interface address ap-manager 10.13.1.41 255.255.255.0 10.13.1.1 config interface port ap-manager 1 config interface dhcp ap-manager primary 10.13.1.1 config 802.11b cleanair enable config 802.11b cac voice sip codec g711 sample-interval 20 config 802.11b cac voice sip bandwidth 64 sample-interval 20 config 802.11b 11gsupport enable config auth-list add lbs-ssc encrypt 00:50:56:a4:66:d6 1 c99f5b7d1a2cb1b42d01a6257a626899 4dce2444d19ffb39e43a0e47cbdb5e9644ce741f 48 ddede7a289f8b44bc536919753838bc07bce28292dd91cf33fc7609f981bc6dd8a564eea77f21a95f9af3ed5e844adba00000000000000 0000000000000000000000 config mobility group domain mobile_pod1 config snmp trapreceiver mode enable 10.13.1.10 config snmp trapreceiver create 10.13.1.10 10.13.1.10 config 802.11a cac voice max-bandwidth 10 config 802.11a cac voice acm enable config 802.11a cac voice load-based enable config 802.11a cac voice sip codec g711 sample-interval 20 config 802.11a cac voice sip bandwidth 64 sample-interval 20 config 802.11a cac video acm enable config 802.11a cac video max-bandwidth 70 config 802.11a disable network config database size 2048 config network rf-network-name mobile_pod1 config network ap-mcast-mode multicast 239.100.1.0 config network multicast mode multicast 239.100.1.0 config network multicast global enable config network multicast igmp snooping enable config country US config mgmtuser add encrypt admin 1 716e994463bf64cb73d9f845d1ea916d 9bf8c1aff76465e2522ce5c4999e7cf7a3ce6045 16 14ea352864bff28f8d2f7ae50083e1ed0000000000000000000000000000000000000000000000000000000000000000000000000000 000000000000000000000000 read-write config wlan media-stream multicast-direct 1 enable config wlan session-timeout 1 1800 config wlan dhcp_server 1 0.0.0.0 required config wlan exclusionlist 1 60 config wlan wmm allow 1 config wlan mfp client enable 1 config wlan broadcast-ssid enable 1 config wlan interface 1 management config wlan create 1 EWMpod1 EWMpod1 config wlan apgroup add default-group config wlan qos 1 gold config wlan security wpa akm 802.1x disable 1 config wlan security wpa akm psk set-key hex encrypt 1 373e04ed28d97994eeb1bd57b87f98ef 10ef08bb05ca54707ec069965da821caa3845b33 48 bd7202a2618f06100f7ab3da5b2486a89d28b5bdba7df3186980625c66f202b7ed27c95bdbf76ee1930fffeead541e1a0000000000000 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000000000000000000000000 1 config wlan security wpa akm psk enable 1 config wlan security wpa enable 1 config wlan enable 1 config certificate generate webadmin config advanced 802.11b channel add 1 config advanced 802.11b channel add 6
1/4/2011
63
config advanced 802.11b channel add 11 config advanced 802.11b channel load disable config advanced 802.11b channel noise enable config advanced 802.11b channel foreign enable config advanced probe limit 2 500 config advanced 802.11a channel add 36 config advanced 802.11a channel add 40 config advanced 802.11a channel add 44 config advanced 802.11a channel add 48 config advanced 802.11a channel add 52 config advanced 802.11a channel add 56 config advanced 802.11a channel add 60 config advanced 802.11a channel add 64 config advanced 802.11a channel add 149 config advanced 802.11a channel add 153 config advanced 802.11a channel add 157 config advanced 802.11a channel add 161 config advanced probe-limit 2 500 transfer download path / transfer download filename final-config.txt transfer download serverip 10.13.1.80 transfer upload path / transfer upload filename final-config.txt transfer upload datatype config transfer upload serverip 10.13.1.80
1/4/2011
64
Appendix C: References
Current documentation for Cisco access points, CleanAir, WLC, WCS, and MSE can be found on CCO and other websites. The following links are a good place to begin: Getting Started Guide: Cisco 3500 Series Access Points http://www.cisco.com/en/US/docs/wireless/access_point/3500/quick/guide/ap 3500getstart.html Cisco 5500 Series Wireless Controller Installation Guide http://www.cisco.com/en/US/docs/wireless/controller/5500/install/guide/ctrl55 00.html Cisco Wireless LAN Controller Configuration Guide, Release 7.0 http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/ c70.html Cisco Wireless Control System Configuration Guide, Release 7.0 http://www.cisco.com/en/US/docs/wireless/wcs/7.0/configuration/guide/WCS7 0cg.html Cisco 3350 Mobility Services Engine Getting Started Guide http://www.cisco.com/en/US/docs/wireless/mse/3350/quick/guide/mse_qsg.ht ml Cisco Context-Aware Service Configuration Guide, Release 7.0 http://www.cisco.com/en/US/docs/wireless/mse/3350/7.0/CAS/configuration/g uide/CAS_70.html Cisco CleanAir - Cisco Unified Wireless Design Guide http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a00 80b4bdc1.shtml Cisco Spectrum Expert Users Guide http://www.cisco.com/en/US/docs/wireless/spectrum/expert/users/guide/spect rumexpert.pdf Cisco WLAN YouTube channel: http://www.youtube.com/user/CiscoWLAN Cisco Partner Mobility Collaboration https://www.myciscocommunity.com/community/partner/borderlessnetworks/ mobility Miercom Lab Test Report Cisco CleanAir Competitive Testing http://www.cisco.com/en/US/solutions/collateral/ns340/ns394/ns348/ns1070/ Miercom_Report_DR100409D_Cisco_CleanAir_Competitive_for_22Apr10.pdf
1/4/2011

CleanAirLabGuide1 3

Загружено:

Сведения о документе

Исходное описание:

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

CleanAirLabGuide1 3

Загружено:

Авторское право:

Доступные форматы

Cisco CleanAir

Brought to you by Team MIDAS

Cisco CleanAir Version 1.3

Cisco CleanAir Version 1.3

Cisco CleanAir Version 1.3

Implementation Status and Statement of Work

Cisco CleanAir Version 1.3

IP Addresses, Accounts, and Passwords

Cisco CleanAir Version 1.3

Wireless Security Information

Cisco CleanAir Version 1.3

Cisco CleanAir Version 1.3

Exercise 1: Initialize Wireless Network Components

When the File Download dialog displays, click Open.

Cisco CleanAir Version 1.3

Your Win XP desktop will look like the following screenshot.

Cisco CleanAir Version 1.3

Log in to your WLC with the admin/admin credentials.

Cisco CleanAir Version 1.3

Cisco CleanAir Version 1.3

Cisco CleanAir Version 1.3

Log in with the root username and cisco123 password.

Click the Configure menu at the top and select Controllers.

Cisco CleanAir Version 1.3

Click your pods WLC address (10.13.x.40).

Cisco CleanAir Version 1.3

Cisco CleanAir Version 1.3

Click CleanAir Air Quality.

Cisco CleanAir Version 1.3

Click the name of your MSE.

Cisco CleanAir Version 1.3

Scroll to the bottom and click Save.

Cisco CleanAir Version 1.3

Cisco CleanAir Version 1.3

Exercise 2: Analyze Wireless Environment with CleanAir Spectrum Expert Mode

Cisco CleanAir Version 1.3

Cisco CleanAir Version 1.3

Cisco CleanAir Version 1.3

Cisco CleanAir Version 1.3

Cisco CleanAir Version 1.3

Cisco CleanAir Version 1.3

Cisco CleanAir Version 1.3

Cisco CleanAir Version 1.3

Cisco CleanAir Version 1.3

Cisco CleanAir Version 1.3

Exercise 3: Connect a Client Laptop to the Wireless Network

Click the name of your AP.

Cisco CleanAir Version 1.3

From the AP Mode pull-down menu, select local.

Cisco CleanAir Version 1.3

Cisco CleanAir Version 1.3

Click the Security tab.

Cisco CleanAir Version 1.3

Log in to the Raritan Dominion system with the cisco/cisco credentials.

Cisco CleanAir Version 1.3

Cisco CleanAir Version 1.3

Cisco CleanAir Version 1.3

Cisco CleanAir Version 1.3

Exercise 4: Detect Radio Frequency Interferers

Cisco CleanAir Version 1.3

Click the IP address of your controller.

Cisco CleanAir Version 1.3