View Cart
0 Items | Total: US$0.00
Welcome,      Register

You are here

Home » Wireless » WL0039 - WLC Mesh AP (Part 3)

WL0039 - WLC Mesh AP (Part 3)

Rating: 
5
Average: 5 (1 vote)
Difficulty Level: 
0
Lab Document: 
<Please login to see the content>
Category: 
Wireless
Video Download: 
Title: WL0039 - Video Download $17.00
Purchase WL0039 - Video Download $17.00
The video introduces you to the concept of wireless mesh on Cisco Wireless LAN Controller. Using indoor mesh in our lab, you will learn the basics and behavior of wireless mesh AP. We will go through different topology and connection scenarios from a single hop mesh to multi-hop with VLAN propagation, Ethernet bridging, and bridging with FlexConnect. 
 
Part 3 of this video covers Flexconnect bridging and mesh settings
 
Topic:
  • Root Access Point (RAP)
  • Mesh Access Point (MAP)
  • Bridge Group Name (BGN)
  • AP Bridge Mode
  • AP MAC Authentication
  • Parent, Child, Neighbor Mash AP
  • Multihop Mesh
  • Wireless Bridge (Ethernet Bridging)
  • Wireless Bridge with VLAN Transparent
  • AP Flex+Bridge Mode
Tag: 
wireless
wlc
mesh
bridge
flexconnect
wireshark

About Author

Metha Chiewanichakorn, CCIE#23585 (Ent. Infra, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at labminutes.com, Metha enjoys learning and challenges himself with new technologies.
http://www.linkedin.com/in/methachiewanichakorn

5 comments

Submitted by haithamjneid on Tue, 10/04/2016 - 12:45

Hi Metha,

I have a campus networks which consists of 5 buldings, which have respectively 9 MAs, 6 MAs, 8 MAs, 5 MAs, 1 MA. all MAs are Cisco 3850 switches.

I also have 2 WLC5760 that will be installed only in one of the building.

the buildings are connected together over an IP MPLS cloud.

is it possible to deploy a solution in which I use cisco 3850 MA in the branches and WLC5760 as the MC for all the branches? meaning, I will not use cisco3850 as MC at the branch side.

I read somewhere that it is not recommended for the MAs and MCs to be connected over WAN. as per the below link.

https://blogs.cisco.com/enterprise/converged-access-branch-design-mc-ove...

please advise me on how to build my setup. what is the correct design in my case.

thanks,

Submitted by admin on Sun, 10/09/2016 - 22:17

The question you need to ask is if there is possibility for client to roam between these locations. If the answer is no, they should stay as a separate system with their on MC/MA. Cisco design doc also recommends MC/MA to stay on the same high speed LAN. We have not seen a Cisco design guide where MC/MA are separated by WAN.

Submitted by haithamjneid on Sun, 10/09/2016 - 23:47

Hi,

thank you for your reply.

If am using the 3850 as WLC, I have no ISE, and I don't want to use dot1x. Customer is asking me to authenticate corporate users (corporate SSID) via active directory, and Guest users (Guest SSID) to be authenticated via local database on the WLC3850.

is it possible to do this on 3850? can I integrate 3850 with Active Directory via LDAP?

does 3850 support WebAuth, if I want to redirect guest users to a webpage for login.?

kindly support.

much appreciated.

thanks,
Haitham Jneid

Submitted by admin on Mon, 10/10/2016 - 23:43

We are not aware of 3850 ability to connect directly to AD. The best bet for corp SSID is to point to a RADIUS server and this could be Microsoft RADIUS. For Guest, you might be able to get away with Local WebAuth.

If you don't mind, please take further discussion on LM Forum as this page is about Mesh AP. Thank you. 

Submitted by divakar429 on Tue, 10/09/2018 - 00:10

I am faceing below issues and not able to understand the exact issue. can you please help ?

Please remove the BVI 1 interface first!
*Oct 9 12:00:32.051: %MESH-3-TIMER_EXPIRED: Mesh Lwapp join timer expired
*Oct 9 12:00:32.051: %MESH-3-TIMER_EXPIRED: Mesh Lwapp join failed expired
*Oct 9 12:00:32.815: %MESH-6-ADJ_VIDB_LINK: Mesh neighbor 707d.b9ad.5991 VIDB V irtual-Dot11Radio0 dot1x control
*Oct 9 12:00:32.823: %LINK-6-UPDOWN: Interface Virtual-Dot11Radio0, changed sta te to up
*Oct 9 12:00:34.823: %LINK-6-UPDOWN: Interface BVI1, changed state to up
*Oct 9 12:00:35.823: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, chan ged state to up
Not in Bound state.

User Access Verification

Username:
*Oct 9 12:00:49.271: %MESH-6-CAPWAP_RESTART: Mesh Capwap re-started
*Oct 9 12:00:50.287: %MESH-6-CAPWAP_RESTART: Mesh Capwap re-started
*Oct 9 12:00:50.347: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP addre ss 192.168.1.44, mask 255.255.255.0, hostname NIPUNMAP2

*Oct 9 12:00:50.351: %MESH-6-CAPWAP_RESTART: Mesh Capwap re-startedadministrato r
Password:
*Oct 9 12:00:55.459: %CAPWAP-5-AP_EASYADMIN_INFO: AP Easy Admin information - E ASY_ADMIN is not set, turn off easy admin service!

*Oct 9 12:00:55.459: %CAPWAP-5-AP_EASYADMIN_INFO: AP Easy Admin information - E asy Admin is not enabled, turn it off!

*Oct 9 12:00:56.475: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio0 due to hostname change
*Oct 9 12:00:56.475: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio1 due to hostname change
*Oct 9 12:00:56.475: [m102x_set_lanport_config] Cannot enable AUX port while PO E, connect AC or Inj source
*Oct 9 12:00:56.487: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to do wn
*Oct 9 12:00:56.491: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to r eset
*Oct 9 12:00:57.491: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio 0, changed state to down
*Oct 9 12:00:57.511: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Oct 9 12:00:57.519: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to do wn
*Oct 9 12:00:57.527: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to r eset
*Oct 9 12:00:58.511: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio 0, changed state to up
*Oct 9 12:00:58.519: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio 1, changed state to down

NIPUNMAP2>
*Oct 9 12:00:58.555: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Oct 9 12:00:59.555: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio 1, changed state to up
Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)en
Password:
NIPUNMAP2#
NIPUNMAP2#
NIPUNMAP2#sh cdp nei
NIPUNMAP2#sh cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID Local Intrfce Holdtme Capability Platform Port ID
NIPUNMAP2#
NIPUNMAP2#
NIPUNMAP2#
NIPUNMAP2#ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
NIPUNMAP2#ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
NIPUNMAP2#
ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
NIPUNMAP2#ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
NIPUNMAP2#
NIPUNMAP2#