Wireless MESH network

This post contains short notes about Cisco wireless MESH network.

Quick notes

  1. MESH is useful if you have to build wireless network, but for some reason you cannot deploy Ethernet cable to your APs. In this case APs connect with each other and create MESH topology.
  2. Access points create internal backhaul network (using the 802.11a) and allows the clients to connect with 802.1g network.
  3. backhaul network uses Cisco Adaptive Wireless Path Protocol (AWPP) to route data between APs
  4. RAP AP – root AP (edge AP connected to wired network)
  5. MAP AP – mesh AP (it makes connections to other MAP or RAP APs)
  6. MAP AP can be also configured for Ethernet bridging – it allows wireless clients but also bridge traffic from connected wired network
  7. All APs establish an LWAPP/CAPWAP connection to the controller through AES-encrypted backhaul tunnels between the APs.
  8. Client traffic is tunneled to the controller and hidden from the AWPP process
  9. Radio management features in the LWAPP/CAPWAP WLAN solution are available to the wireless mesh network and do not have to be built into AWPP.
  10. Mesh Machine state – when MAP boots up it goes through several states. It scans all the channels and make connection with best parent AP. Parent AP is one of the AP which already joined to the Mesh (at the begin only the RAP belongs to MESH)
  11. the end state of Mesh Machine state is Maintain state (the RAP goes to this state immediately after boot; MAP goes through several states first)
  12. All APs in MESH must belong to the same Bridge Group Name (BGN) – the AP’s BGN is configured on WLC

Configuration

Initial state

Let’s assume that we have two APs in the default Local mode which already joined to WLC. Configure them with static IP address and setup statically Primary Controller. You should use static configuration to make WLC discovery as simple as possible – remember that your AP has not ethernet cable connected and it must to find WLC using wireless backhaul network. Name one of the APs as rap-001 and the second one as map-001.

IP conf

WLC configuration

Security settings

Write down APs MAC addresses. You may be wonder which MAC address to use. The answer is dependent on the AP series, for example 1130 and 1240 series indoor mesh APs use  Ethernet MAC address.

check MAC address

Then go to WLC security settings and add the AP MAC address to the local MAC database.

secure MAC

If you forget to setup this security settings you will get the following errors on WLC:

mesh 7

Setup AP mode

Go to AP details and setup Bridge mode.

Bridge mode

Setup AP role

Go to AP details and setup AP role. For one AP setup RootAP role and for the second one setup MeshAP role. For both APS setup the same Bridge Group Name.

Mode and role

Basic verification

Go to the AP list to see if all your APs connected to WLC.
mesh 10

Select the arrow next to AP and select Neighbor information to see the neighbor relationship between APs.

child neighbor

parent neighbor

You can also use the following debug commands on WLC

    debug mesh security events enable
    debug mesh security message enable
    debug dot1x events enable
    debug dot1x packet enable

If you have console access to the AP you can also enable debug commands directly on the AP

    debug mesh adjacency
    debug mesh event
    debug mesh link

Ethernet Bridging

You can configure the mesh APs (MAP or RAP) to bridge network traffic from its Ethernet card.

Ethernet Bridging

You can go inside FastEthernet0 settings and configure it to work as a trunk or access port.

Configure Ethernet port

If you select trunk option the you activate more options (native port setting, etc.).

Note: The bridged wired client traffic is bridged directly into the backhaul toward the RAP. The RAP then bridges the traffic directly onto the wired network. The wired bridged traffic is not sent back to the controller.

Sources

1. https://www.youtube.com/watch?v=lXi4OBkU-0U
2. http://www.ciscopress.com/articles/article.asp?p=1409813

Leave a Reply

Your email address will not be published. Required fields are marked *