Thursday, March 6, 2014

Build a $30 Wireless Lab

One of the recent project has quite a lot wireless LAN stuff.  So I feel the urge to build a home lab.

To build a wireless LAN lab, you need at least two things - a WLC (Wireless LAN Controller) and some compatible APs (Access Points).

WLC was easy since you may download the virtual WLC (vWLC) software from cisco.com and throw it on VMware.

It's not that easy when it comes to AP.  There are so many different models from Cisco.  I want the one that I can test most (if not all) the features with, while not costing me a fortune.  After some research (both on cisco.com and eBay.com), I decided 1242AG is the one.  This is a not-so-old AP that has 802.11a/b/g frequency and support many enterprise WLAN features (such as FlexConnect).  Most importantly, it's pretty affordable.  I got two for $30 (free shipping) from eBay.  I ordered two in case I need to test the "roaming" feature.

It looks like this:



Two things to be aware of:
1) Make sure to order one with antennas.  Otherwise it'll cost you some extra bucks.
2) They are mostly POE.  So you'll need a POE switch or power adapter.  You may get a cheap POE switch for less than $20.  But those switch won't support VLAN trunking, just FYI.

Luckily I still have my 3750G POE switch sitting around (from my CCIE voice lab).  Now I have to design the network.

In case you don't know, in real-life enterprise WLAN, they usually use DHCP option 43 to deliver the WLC IP address to APs.  I'd like to do the same in my lab.

But my Linksys router doesn't have the capability to configure DHCP options.  Thus I need to set up a another DHCP server.  How may I set up a secondary DHCP server while not interfering with the primary one?  The answer is to put them into different VLAN/subnets.

Here's my network design:


My Linksys home router connects to 3750 switch VLAN 1.  The two APs connect to 3750 switch VLAN 3.

3750 configuration:
ip dhcp excluded-address 192.168.3.1 192.168.3.10
!
ip dhcp pool Wireless-Lab
   network 192.168.3.0 255.255.255.0
   default-router 192.168.3.1
   option 43 hex f104.c0a8.0216
!
interface Vlan1
 ip address 192.168.2.1 255.255.255.0
!
interface Vlan3
 ip address 192.168.3.1 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 192.168.2.100
!
interface GigabitEthernet1/0/1
 description Linksys Router
!
interface GigabitEthernet1/0/2
 description AP-1
 switchport access vlan 3
!
interface GigabitEthernet1/0/3
 description AP-2
 switchport access vlan 3
Linksys configuraiton:

Now you should be able to ping from home PC (VLAN1) to VLAN 3 and vice versa.

On the vWLC virtual machine, I set the NIC to bridge network so I can configure a static IP in my home network segment (I used 192.168.2.22).

Now you should be able to open a web page to the vWLC management portal.  Also, you should be able to ping from the vWLC (192.168.2.22) to VLAN3 (192.168.3.1) and vice versa.

In theory, when I plug the APs to the switch, they should:
1) Power up
2) Get their IP address and the vWLC's IP address (via option 43 from DHCP)
3) Join the WLC

Well, not surprisingly, they didn't work as desired.  (if they did, there will be not much value for CCIEs)

As a WLAN newbie, I went for documents, turned on debug, capture error messages, post questions on Cisco support forum.  After spent quite some time on troubleshooting, I was advised to upgrade the IOS (does that sound familiar?)

There are many different software, tools and procedures regarding AP upgrade:
  • Autonomous vs. Lightwight vs. Recovery
  • TFTP vs. Upgrade Tool
  • etc.
After many trial and err, here are my conclusions:
1) Upgrade to the latest IOS version before you troubleshoot
2) All you need is a TFTP server.  Don't use "upgrade tool"

High-level recovery(upgrade) process:
1) When the AP boots into recovery mode, it'll set its own IP address to 10.0.0.1 and search for TFTP server in the range of 10.0.0.2 - 10.0.0.30.
2) If it found one, it'll try to download the "default" image.  File name of the "default" image depends on the AP model.  For 1242AG, the default image file name is "c1240-k9w7-tar.default".
3) If the above file is found on TFTP, AP will download and install it.  Then reboot with that image.

Now you have a high-level view, let's talk about the details and catchas.

1) How to put a AP into recovery mode
Power off the AP.  Hold the "mode" button.  Plug in the power (POE or Power Adapter).  Now the status LED will be orange.  Keep holding the button for about 30 seconds.  You'll see the status LED turned purple.  That means the AP is in recovery mode.  You may release the button.

2) What TFTP server to use
You need a TFTP server that can customize the timeout threshold.  Cisco recommends 30 seconds timeout.  I set it to 60 just in case.

3) What IP address to configure for the TFTP server
You may use any IP in the range of 10.0.0.2 - 10.0.0.30.  I normally use 10.0.0.2.  If you got a "IP Conflict" message, just pick another one.

4) What IOS image I should download
There are three different IOS images you can download:
Autonomous Image (e.g. c1240-k9w7-tar.124-25d.JA2.tar)
Lightweight Image (e.g. c1240-k9w8-tar.124-25e.JAO3.tar)
Recovery Image (e.g. c1240-rcvk9w8-tar.124-25e.JAO3.tar)

You'll ultimate goal is to upgrade to the latest lightweight image (that's the image who can work with a WLC).  But you might need to flash the AP with other images first in some situations (e.g. when your AP has a very very old firmware).

When AP joins a WLC, it'll compare its IOS version and the ones on the WLC.  If there's any discrepancy, it'll download and use the one from WLC.  This is similar to IP phones download firmware from CallManager during registration.

Because of that, it's recommended to put the recovery image on AP in recovery mode.  The recovery image is a small footprint image that boot up the AP, provide network function so the AP can download the latest IOS from WLC.

5) How do I make the AP take the image I specified?

Remember that AP will only take a "default" image with specific file name in recovery mode.  If you want AP to take the image, you'll need to rename it to the specific file name.  See this link for naming conventions: http://www.cisco.com/c/en/us/td/docs/wireless/access_point/conversion/lwapp/upgrade/guide/lwapnote.html#wp160918

Be aware that Windows normally hide the file extensions.  You need to configure Windows Explorer to show file extension so you can name the file correct.

For example, you want to rename c1240-rcvk9w8-tar.124-25e.JAO3.tar to c1240-k9w7-tar.default.  By default, Windows explorer will display "c1240-rcvk9w8-tar.124-25e.JAO3" as the file name.  If you rename it to "c1240-k9w7-tar.default" in Windows Explorer, the file name actually becomes "c1240-k9w7-tar.default.tar", which is NOT correct.

If AP successfully joined a WLC, you'll see something like this:

For troubleshooting, take a look at http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/99948-lap-notjoin-wlc-tshoot.html

Enjoy your $30 wireless lab.  :)