Deploying a Cisco Mobility Express network

My wireless network has been based on a WLC2504 controller with two 2602 AP’s. The network has been running quite well, with of course the caveats that came with the different WLC releases. With the maturity of Mobility Express (ME), the need for a dedicated controller for such as small sized wireless network has basically become obsolete as one of the AP’s becomes the master controller in the network. I was able to acquire 2 1852 AP’s with ME, time to upgrade my wireless network to 802.11ac with ME..

Design considerations

Joep Remkes, a Cisco Systems Engineer, was kind enough to share the Cisco Mobility Express Quick Start Guide and explained to me what Mobility Express actually is. And the latter is actually key for the understanding. Because, in effect, a mini Wireless Lan Controller (mini WLC) is running as a virtual machine inside the AP code. And as it is a separate machine, it has a separate IP address and you manage it separately. And that is something you really need to keep in mind when deploying mobility express. Another thing that you need to be aware off is that FlexConnect is used for breakout, so yes, there is a CAPWAP tunnel, but not for client traffic.

The figure below displays functionally how mobility express is essentially organised.

So in a mobility expres deployment, there is a master election (e.g. which AP in your network becomes your controller and manages the configuratoin). The diagram below describes the flow that an AP goes through when booting up.

Image courtesy of Cisco Systems

Setting up a fresh ME deployment

Setting up a ME based deployment is really easy. Of course the Cisco guide is more extensively written, but for my deployment, I executed the following steps

Create VLAN and DHCP scope

As I run an external DHCP server (my IOS switch) and within a ME setup, you cannot use both external and internal DHCP server, I created a new AP-VLAN (221) and configured the DHCP scope on my core swiitch. There are no special DHCP options required for the discovery of the master AP on your network. 

na-vur-c3560-1#config term
na-vur-c3560-1(config-vlan)#vlan 221
na-vur-c3560-1(config)#name ap-net
na-vur-c3560-1(config)#ip dhcp excluded-address 10.255.249.1 10.255.249.10
na-vur-c3560-1(config)#ip dhcp excluded-address 10.255.249.250 10.255.249.255
na-vur-c3560-1(config)#ip dhcp pool wireless-ap
na-vur-c3560-1(dhcp-config)#network 10.255.249.0 255.255.255.0
na-vur-c3560-1(dhcp-config)#default-router 10.255.249.1
na-vur-c3560-1(dhcp-config)#dns-server 208.67.222.222
na-vur-c3560-1(dhcp-config)#end
na-vur-c3560-1#

Configure interface for your master AP

Once the VLAN and DHCP is configured, configure the switch with an SVI (layer 3 interface) and configure an interface where the AP will be connected on

na-vur-c3560-1(config)#interface vlan221
na-vur-c3560-1(config-if)#name ap-net
na-vur-c3560-1(config-if)#ip add 10.255.249.1 255.255.255.0
na-vur-c3560-1(config-if)#no shut
na-vur-c3560-1(config-if)#interface GigabitEthernet0/3
na-vur-c3560-1(config-if)#description ge0-0-1852-master
na-vur-c3560-1(config-if)#switchport trunk encapsulation dot1q
na-vur-c3560-1(config-if)#switchport mode trunk
na-vur-c3560-1(config-if)#switchport trunk native vlan 221
na-vur-c3560-1(config-if)#end

If you use vlan’s, you have to use the native vlan for that network, so that the master AP gets an IP address in the proper network. I’ve added the configuation spanning-tree portfast trunk as STP blocking can have some delay for client onboarding.

Bootup the master AP

Now plugin the master AP and wait until the AP is booting. The AP master selection proces will be executed. Wait until you see the SSID “CiscoAirProvision” The SSID “CiscoAirProvision” is used by Cisco for over the air configuration. Use password “password” to connect to the network. You will get an internal ip-adress.

Connect to SSID “CiscoAirProvission” and configure

Once you’re connected, start a browser and go to the site https://mobilityexpress.cisco/screens/day0-config.html or easier, http://192.168.1.1/

Run through the steps of the wizard (see screenshots below) and apply the values that are appropriate to your environment

Apply settings and test with the Master AP


Now apply the settings, wait until the AP is rebooted and connect to your network.

Once connected, use your browser to check that you can connect to the IP address of the master AP controller. As you’ll see, the GUI is similar to the new WLC 8.2+ frontpage and is very recognisable.

Now configure other AP’s and switch interfaces

Once the Master AP works, configure other PoE enabled ports on your switch for the other AP’s, plug them in and wait. After some time, the AP’s will join the master AP and your wireless network is setup! For this, I’ve used the same interface config as the master AP, except for the description.

Upgrading of a ME deployment is slightly different than your controller based deployment, that will be another blog post (soon)

3 thoughts on “Deploying a Cisco Mobility Express network”

  1. Hello Pieter-Jan,

    My name is David and I also live in the Netherlands :). Great to see your post about Cisco ME.

    I am setting up a home lab just to experience Cisco ME, I have these 2 APs:
    One AIR-AP1815i-E-K9 (AP Running Image:8.8.1.153), runing as the WLC, it is working. It was configured by the CLI Initial Configuration Wizard. I can log into its web GUI, its SSID “employee” is working. With controller IP address 192.168.128.100
    One AIR-CAP2602I-E-K9 [Cisco IOS Software, C2600 Software (AP3G2-K9W8-M), Experimental Version 15.3(20150924:055549)], with AP IP address 192.168.128.13
    The problem is that the 2602I failed to join the 1815i WLC

    This is the logging from the 1815i WLC side:
    *spamApTask0: Nov 20 16:32:52.535: %CAPWAP-3-JOIN_UNSUPP_AP: capwap_ac_sm.c:5165 The system has received a join request from an unsupported AP 5c:a4:8a:1e:c2:60 AP78da.6e8e.1259 (model AIR-CAP2602I-E-K), dropping the packet
    *spamApTask0: Nov 20 16:32:52.204: %CAPWAP-3-DTLS_CLOSED_ERR: capwap_ac_sm.c:7238 5c:a4:8a:1e:c2:60: DTLS connection closed forAP 192:168:128:13 (57639), Controller: 192:168:128:100 (5246) Join Request Process Failed

    This is the logging from the 2602I side:
    Translating “CISCO-CAPWAP-CONTROLLER”…domain server (192.168.128.1)
    *Nov 16 16:33:39.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.128.100 peer_port: 5246
    *Nov 16 16:33:40.323: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 192.168.128.100 peer_port: 5246
    *Nov 16 16:33:40.323: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.128.100
    *Nov 16 16:33:40.327: %DTLS-5-ALERT: Received WARNING : Close notify alert from 192.168.128.100
    *Nov 16 16:33:40.327: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.128.100:5246

    I see you are also using 2602 APs with ME controller. My question is what did you do to enable the 2602 APs to join the ME controller? Are certain specific IOS releases are required on the 2602 APs (it seems the IOS release I have on my 2602 doesn’t support joining a ME controller)?

    Thank you for your attention on this matter. Your reply would be greatly appreciated!

    Kind regards,
    David

    1. Hello David,

      You are running ME 8.8 code on the controller. This code does not support the 2602 AP’s. Starting with 8.7 and higher only 802.11AC Wave1 AP’s (x700 serie) are supported. I’m running ME off two 1852 AP’s. If you want to run the ME code with 2602’s as well, you need to have 8.5 code on your ME controller. You can check this out yourself at the wireless compatibility matrix at https://www.cisco.com/c/en/us/td/docs/wireless/compatibility/matrix/compatibility-matrix.html#pgfId-393660

  2. Hi Pieter-Jan,
    Thank you for your quick reply and the Cisco wireless compatibility matrix link.
    They are very helpful!
    Kind regards,
    David

Leave a Reply

Your email address will not be published. Required fields are marked *

Solve : *
30 + 16 =


This site uses Akismet to reduce spam. Learn how your comment data is processed.