How to Fix a Cisco Wi-Fi Network Without Surveying, Adding APs or Moving APs
The vast majority of Cisco Wi-Fi networks can be fixed without having to spend precious time and money on surveying, adding new access points (APs) or moving existing APs. Here's how.
Cisco has some very fine enterprise Wi-Fi products. Unfortunately, those very fine products often get deployed in a manner that leads to connectivity and performance issues.
The following steps take about ten minutes to perform, and will stabilize connectivity and performance for the vast majority of enterprise-class Cisco Wi-Fi networks. Anything in bold is something to click or select or check or uncheck or type.
1. Access the Cisco wireless LAN controller (WLC) interface via a web browser.
2. Navigate to WLANs (menu) -> -> Security (tab) -> Uncheck WPA Policy -> Apply
NOTE: Wi-Fi Protected Access (WPA) is a Wi-Fi security method that uses temporal key integrity protocol (TKIP) encryption by default. Using TKIP encryption disables 802.11n and 802.11ac data rates, effectively rendering your Wi-Fi network an old timey 802.11a/b/g network (with data rates no higher than 54 Mbps).
Wi-Fi Protected Access 2 (WPA2) has been required in all Wi-Fi devices since the beginning of 2006. Therefore, the vast majority of Cisco Wi-Fi networks have no need to support WPA.
If you are absolutely certain that your Cisco Wi-Fi network must support WPA devices that do not support WPA2, then you can use the advanced encryption standard (AES) instead of TKIP.
NOTE: For Cisco AP models in the 3600, 3700 and 3800 series, power level 3 results in an AP transmit power of 17 dBm (50 mW).
Wi-Fi mobility is optimized when AP transmit power is set to a uniform level, because frame retries ("collisions") naturally happen when Wi-Fi devices roam between APs of differing power levels.
17 dBm is the recommended AP transmit power level because modern Wi-Fi devices transmit at or around 17 dBm. If, in the future, Wi-Fi devices tend to transmit at power levels significantly higher or lower than 17 dBm, then the Cisco WLC should be re-configured accordingly. Lower power level numbers (1 and 2) create higher AP transmit power levels; higher power level numbers (4, 5, 6, 7, 8) create lower AP transmit power levels.
6. Navigate to DCA (left menu, under 802.11a/n/ac -> RRM) -> select Channel Width 20 MHz -> uncheck the Enabled checkbox for Extended UNII-2 channels -> select ONLY channels 36, 40, 44, 48, 149, 153, 157, 161 -> Apply
NOTE: Extended UNII-2 channels require support for 802.11h dynamic frequency selection (DFS) in the U.S.A. DFS can increase Wi-Fi network instability by causing unpredictable channel changes
NOTE: Same rationale as for configuring the power level of 5 GHz (802.11a/n/ac) AP radios.
2.4 GHz (802.11b/g/n) AP radios use a frequency that naturally propagates further than 5 GHz (802.11a/n/ac) radios. This is especially true through objects, like walls, doors, windows, people, etc.
Due to the limited number of non-interfering 2.4 GHz channels (currently channels 1, 6, and 11 in the U.S.A.; possibly channels 1, 5, 9, and 13 in the near future), most enterprise Cisco Wi-Fi network deployments will require the disabling of many 2.4 GHz (802.11b/g/n) AP radios in order to achieve optimized Wi-Fi stability.
Disabling 2.4 GHz (802.11b/g/n) AP radios is less urgent for Cisco Wi-Fi networks that primarily support Apple Wi-Fi client devices, because Apple Wi-Fi client devices are programmed to gravitate towards 5 GHz (802.11a/n/ac) AP radios.
10. Wait at least 24 hours.
11. During a time where the Cisco Wi-Fi network is active, navigate to Wireless (menu) -> 802.11a/n/ac (left menu) -> DCA -> Select Freeze under Channel Assignment -> Apply
12. Navigate to 802.11b/g/n (left menu) -> DCA -> Select Freeze under Channel Assignment -> Apply
NOTE: Cisco Wi-Fi networks use the proprietary RRM protocol to automatically change AP radio transmit power levels and channel assignments. The "Freeze" option prevents RRM from automatically changing AP radio channel assignments.
The changing of AP radio transmit power levels and channel assignments increase instability for modern enterprise Wi-Fi networks, especially when Wi-Fi client devices support 802.11k. All Apple Wi-Fi client devices support 802.11k, as well as many non-Apple Wi-Fi client devices.
By using the RRM "Freeze" option, there may be cases where Wi-Fi administrators or engineers have to manually change the channel of a Cisco AP radio in order to avoid interference from neighboring wireless devices that are operating on the same frequencies.
The preceding steps will improve the stability of Wi-Fi connectivity and performance for the vast majority of enterprise Cisco Wi-Fi networks. After completing these steps, Wi-Fi administrators & engineers should continue to monitor Wi-Fi connectivity & performance, and have the tools and expertise to respond to specific Wi-Fi issues as they arise.
***
Blaaaaach. Hold on a sec.
*drinks 20 ounces of water*
OK, I'm back. MAN, was that dry. My mouth felt like the Sahara just reading it.
If you're wondering why this normally fun-loving blog decided to arid it out, it's because a recent Uber driver/SEO expert taught me a few things about marketing myself and I want to try them. He said to forget about my website and focus on my blog, because blogging is a way to convey expertise. He said to title my blog posts clearly, so that Google search entries are more likely to match the title of my blog posts. He said to lede my blog posts with direct information about what is in the post, because Google offers a short preview with top search results. He said to make sure that every post contains video or pictures or both. He also recommended "Q&A" style posts, which I may try in the future.
I often recommend that people (especially people I work with) trust the experts, so I am putting my trust in this Uber driver/SEO expert. (SEO stands for "search engine optimization", for those who are unfamiliar with Internet marketing jargon.) I may or may not report back on whether this bone dry post got more "hits", as the kids say, than my typical post.
***
Speaking of my website, I am for hire! I actually have been for hire since long before I started blogging (which, in and of itself has been a relatively long time), but my Uber driver/SEO expert told me that I was a dang fool for assuming that blog readers would know that. So, now you know.
What can people hire me for? Glad you asked.
I teach Wi-Fi classes (vendor-neutral or vendor-specific).
I write technical documentation, white papers, web site content, blog posts [obviously], training materials and hands-on product guides [more on that in the near future, hopefully].
I also do traditional consulting, which was the inspiration for this blog post! (I recently did some work for a school district where the "design" was fine, but the config needed fixing.) I have done consulting work in office spaces (single building and multi-building campus), multi-tenant buildings, hospitals, K-12 schools and universities. I have yet to get a warehouse or manufacturing Wi-Fi job, but I have taught people who work in those types of locations, and I'm itching to work on one myself.
Contact me via email (ben at sniffwifi dot com), phone (+1-310-621-5367 text or call) or even Twitter (@Ben_SniffWiFi) if you have a Wi-Fi need.
***
Cisco has some very fine enterprise Wi-Fi products. Unfortunately, those very fine products often get deployed in a manner that leads to connectivity and performance issues.
The following steps take about ten minutes to perform, and will stabilize connectivity and performance for the vast majority of enterprise-class Cisco Wi-Fi networks. Anything in bold is something to click or select or check or uncheck or type.
1. Access the Cisco wireless LAN controller (WLC) interface via a web browser.
2. Navigate to WLANs (menu) ->
NOTE: Wi-Fi Protected Access (WPA) is a Wi-Fi security method that uses temporal key integrity protocol (TKIP) encryption by default. Using TKIP encryption disables 802.11n and 802.11ac data rates, effectively rendering your Wi-Fi network an old timey 802.11a/b/g network (with data rates no higher than 54 Mbps).
Wi-Fi Protected Access 2 (WPA2) has been required in all Wi-Fi devices since the beginning of 2006. Therefore, the vast majority of Cisco Wi-Fi networks have no need to support WPA.
If you are absolutely certain that your Cisco Wi-Fi network must support WPA devices that do not support WPA2, then you can use the advanced encryption standard (AES) instead of TKIP.
3. Navigate to Wireless (menu) -> 802.11a/n/ac (left menu) -> Network. Under "Data Rates", configure the following:
6 Mbps: Mandatory
9 Mbps: Supported
12 Mbps: Mandatory
18 Mbps: Supported
24 Mbps: Mandatory
36 Mbps: Supported
48 Mbps: Mandatory
54 Mbps: Supported
Click Apply
NOTE: None of the 802.11a/n/ac data rates should be disabled. Disabling high data rates limits Wi-Fi speeds and disabling low data rates causes inconsistent performance due to ghost frames.
4. Uncheck the Enabled checkbox for 802.11a Network Status -> Apply
NOTE: This is a temporary step. The 5 GHz radios of Cisco APs must be disabled in order to change some radio resource management (RRM) settings.
5. Navigate to TPC (left menu, under 80211a/b/ac -> RRM) -> Fixed -> Power Level 3 -> Apply
NOTE: For Cisco AP models in the 3600, 3700 and 3800 series, power level 3 results in an AP transmit power of 17 dBm (50 mW).
Wi-Fi mobility is optimized when AP transmit power is set to a uniform level, because frame retries ("collisions") naturally happen when Wi-Fi devices roam between APs of differing power levels.
17 dBm is the recommended AP transmit power level because modern Wi-Fi devices transmit at or around 17 dBm. If, in the future, Wi-Fi devices tend to transmit at power levels significantly higher or lower than 17 dBm, then the Cisco WLC should be re-configured accordingly. Lower power level numbers (1 and 2) create higher AP transmit power levels; higher power level numbers (4, 5, 6, 7, 8) create lower AP transmit power levels.
6. Navigate to DCA (left menu, under 802.11a/n/ac -> RRM) -> select Channel Width 20 MHz -> uncheck the Enabled checkbox for Extended UNII-2 channels -> select ONLY channels 36, 40, 44, 48, 149, 153, 157, 161 -> Apply
NOTE: Extended UNII-2 channels require support for 802.11h dynamic frequency selection (DFS) in the U.S.A. DFS can increase Wi-Fi network instability by causing unpredictable channel changes
7. Navigate back to Network (left menu, under 802.11a/n/ac) -> check the Enabled checkbox for 802.11a Network Status -> Apply
NOTE: This step re-enables the 5 GHz AP radios that had to be disabled for certain adjustments to RRM settings.
8. Navigate to Wireless (menu) -> 802.11b/g/n (left menu) -> Network. Under "Data Rates", configure the following:
1 Mbps: Disabled
2 Mbps: Disabled
5.5 Mbps: Disabled
6 Mbps: Mandatory
9 Mbps: Supported
11 Mbps: Disabled
12 Mbps: Mandatory
18 Mbps: Supported
24 Mbps: Mandatory
36 Mbps: Supported
48 Mbps: Mandatory
54 Mbps: Supported
Click Apply
NOTE: For the 802.11b/g/n radios of Cisco APs, only direct sequencing spread spectrum (DSSS) data rates should be disabled.
Disabling DSSS data rates will make the Wi-Fi network "invisible" to 802.11b Wi-Fi client devices. 802.11b client devices have not been sold by the vast majority of retail outlets since 2006. If you are certain that your Wi-Fi network has active, essential 802.11b devices, then 2 Mbps should be set to Mandatory and 5.5 Mbps & 11 Mbps should be set to Supported.
9. Navigate to TPC (left menu, under 802.11b/g/n -> RRM) -> Fixed -> Power Level 3 -> Apply
NOTE: Same rationale as for configuring the power level of 5 GHz (802.11a/n/ac) AP radios.
2.4 GHz (802.11b/g/n) AP radios use a frequency that naturally propagates further than 5 GHz (802.11a/n/ac) radios. This is especially true through objects, like walls, doors, windows, people, etc.
Due to the limited number of non-interfering 2.4 GHz channels (currently channels 1, 6, and 11 in the U.S.A.; possibly channels 1, 5, 9, and 13 in the near future), most enterprise Cisco Wi-Fi network deployments will require the disabling of many 2.4 GHz (802.11b/g/n) AP radios in order to achieve optimized Wi-Fi stability.
Disabling 2.4 GHz (802.11b/g/n) AP radios is less urgent for Cisco Wi-Fi networks that primarily support Apple Wi-Fi client devices, because Apple Wi-Fi client devices are programmed to gravitate towards 5 GHz (802.11a/n/ac) AP radios.
10. Wait at least 24 hours.
11. During a time where the Cisco Wi-Fi network is active, navigate to Wireless (menu) -> 802.11a/n/ac (left menu) -> DCA -> Select Freeze under Channel Assignment -> Apply
12. Navigate to 802.11b/g/n (left menu) -> DCA -> Select Freeze under Channel Assignment -> Apply
NOTE: Cisco Wi-Fi networks use the proprietary RRM protocol to automatically change AP radio transmit power levels and channel assignments. The "Freeze" option prevents RRM from automatically changing AP radio channel assignments.
The changing of AP radio transmit power levels and channel assignments increase instability for modern enterprise Wi-Fi networks, especially when Wi-Fi client devices support 802.11k. All Apple Wi-Fi client devices support 802.11k, as well as many non-Apple Wi-Fi client devices.
By using the RRM "Freeze" option, there may be cases where Wi-Fi administrators or engineers have to manually change the channel of a Cisco AP radio in order to avoid interference from neighboring wireless devices that are operating on the same frequencies.
The preceding steps will improve the stability of Wi-Fi connectivity and performance for the vast majority of enterprise Cisco Wi-Fi networks. After completing these steps, Wi-Fi administrators & engineers should continue to monitor Wi-Fi connectivity & performance, and have the tools and expertise to respond to specific Wi-Fi issues as they arise.
***
Blaaaaach. Hold on a sec.
*drinks 20 ounces of water*
OK, I'm back. MAN, was that dry. My mouth felt like the Sahara just reading it.
If you're wondering why this normally fun-loving blog decided to arid it out, it's because a recent Uber driver/SEO expert taught me a few things about marketing myself and I want to try them. He said to forget about my website and focus on my blog, because blogging is a way to convey expertise. He said to title my blog posts clearly, so that Google search entries are more likely to match the title of my blog posts. He said to lede my blog posts with direct information about what is in the post, because Google offers a short preview with top search results. He said to make sure that every post contains video or pictures or both. He also recommended "Q&A" style posts, which I may try in the future.
I often recommend that people (especially people I work with) trust the experts, so I am putting my trust in this Uber driver/SEO expert. (SEO stands for "search engine optimization", for those who are unfamiliar with Internet marketing jargon.) I may or may not report back on whether this bone dry post got more "hits", as the kids say, than my typical post.
***
Speaking of my website, I am for hire! I actually have been for hire since long before I started blogging (which, in and of itself has been a relatively long time), but my Uber driver/SEO expert told me that I was a dang fool for assuming that blog readers would know that. So, now you know.
What can people hire me for? Glad you asked.
I teach Wi-Fi classes (vendor-neutral or vendor-specific).
I write technical documentation, white papers, web site content, blog posts [obviously], training materials and hands-on product guides [more on that in the near future, hopefully].
I also do traditional consulting, which was the inspiration for this blog post! (I recently did some work for a school district where the "design" was fine, but the config needed fixing.) I have done consulting work in office spaces (single building and multi-building campus), multi-tenant buildings, hospitals, K-12 schools and universities. I have yet to get a warehouse or manufacturing Wi-Fi job, but I have taught people who work in those types of locations, and I'm itching to work on one myself.
Contact me via email (ben at sniffwifi dot com), phone (+1-310-621-5367 text or call) or even Twitter (@Ben_SniffWiFi) if you have a Wi-Fi need.
***
If you like my blog, you can support it by shopping through my Amazon link. Thank you.
Twitter: @Ben_SniffWiFi
Twitter: @Ben_SniffWiFi
ben at sniffwifi dot com
Ben, I appreciate the guide and the step by step format. The part I don't understand is:
ReplyDelete"Wi-Fi mobility is optimized when AP transmit power is set to a uniform level, because frame retries ("collisions") naturally happen when Wi-Fi devices roam between APs of differing power levels."
Can you explain a little why these collisions happen?
Immediately after roaming, devices typically choose a transmit data rate based on RSSI from the AP. If Tx power varies between two adjacent APs, then the device will likely choose a sub-optimal rate after roaming. If the "new" AP has a higher Tx power, then the device will likely choose too high a transmit rate, causing retries.
DeleteHi Ben!
ReplyDeleteWhat is your opinion of the Channel Width option "Best"? Would you say fixed 20 MHz is the way to go for a stable network?
Definitely 20 MHz in most cases. If you have low density areas and mobility is unnecessary in those areas, then maybe 40 MHz. 80 MHz should be for special use cases, only.
DeleteI like your style Ben.
ReplyDeleteI work in a higher ed space and we have dorms in which we are always fighting the wifi battles.
We purchased some of the latest 1810's to place in the rooms thinking this would be our ticket. After going through Cisco's best practice guide we are still getting complaints. I find your suggestions going completely against the grain and seems interesting. Everywhere I read to disable the low rates on 2.4 and 5. I seen some suggest using UNII2 channels to gain more channels.
However, I must ask do you think these settings would work well in a dorm environment?
Students treat the campus as their homes and bring in wireless everything from printers to consoles to chromcasts all which broadcast wireless signals.
I would love to try these settings out in a single dorm however, these are global settings and would effect our entire campus which I am not sure I am that brave.
Just wanted to get your opinions on this format.
Hi Ben,
ReplyDeleteGreat posts.
Only one thing. I have checked your statement about Tx power for Cisco AP (show ap config 802.11a name_of_ap) and I have found following:
Tx Power
Num Of Supported Power Levels ............. 6
Tx Power Level 1 .......................... 17 dBm
Tx Power Level 2 .......................... 14 dBm
Tx Power Level 3 .......................... 11 dBm
Tx Power Level 4 .......................... 8 dBm
Tx Power Level 5 .......................... 5 dBm
Tx Power Level 6 .......................... 2 dBm
So, by me, level 3 means 11dBm, not 17.
Regards,
Pavel