This post covers the process of converting and configuring a Cisco 9100AX access point for surveying. This assumes the AP was shipped with a CAPWAP image loaded.
What you’ll need:
- Cisco 9100 Access Point
- Power source such as a PoE+ OR PoE Adapter
- USB to Serial Adapter and Console Cable
- Cisco account to download software
- About 30 minutes
- Unbox and power on AP
- Connect your laptop to the second port on your PoE injector
- Download the software
- IP config and start up tftp server
- Configure the AP with an IP address and issue upgrade command
- Configure EWC
- Join the AP to the controller
- Configure the AP for surveying
- Ready for survey!
Step 1 – Unbox and power on your AP
Connect your AP to your PoE injector via the mGig port to power on the access point. It is best practice to reset your AP before continuing. This is completed by holding down the reset button while powering on the AP and holding down for >20 seconds after your console session mentions that the reset button is pressed.
Step 2 – Connect your laptop to the second port on your PoE injector
Connect your computer to the “DATA IN” port to make a direct connection to the AP.
Step 3 – Download the software
Navigate to software.cisco.com, select Wireless > Access Points > (Your model) then select IOS XE Software
Select your software to download. I chose the Gibralter release 16.12.2s release (after trying to use the 16.12.3 release and running into a whole slew of issues with the AP not joining the controller).
Step 4 – IP config and start up tftp server
Configure your network adapter for an address in the same “network” as your AP.
In this example I use tftpd64.
Point you the directory to where you unzipped the software downloaded in step 3. Select the appropriate interface that is connected to your injector.
Step 5 – Configure your AP with an IP address and issue upgrade command
Log in to your AP using “Cisco” as the username and password.
Configure your AP with an IP address using the following command:
AP#capwap ap ip adress 192.168.1.2 255.255.255.0 192.168.1.1
Format – capwap ap ip address (IP) (Mask) (Gateway)
Use the table above to determine the name of the AP image to copy.
Issue the upgrade command with the image names for both the AP and the EWC.
AP#ap-type ewc-ap tftp://192.168.1.5/ap1g7 tftp://192.168.1.5/C9800-AP-iosxe-wlc.bin
Format – ap-type ewc-ap (AP image file path) (EWC image file path)
Note – If your AP is running an older code version, you will use “ap-type mobility-express” instead.
You should now see the download progress on both ends. The AP will download both files.
After downloading, the AP will reload and upgrade. You will then be presented with the option to enter the initial configuration dialog for the EWC, which leads us into step 6.
Step 6 – Configure EWC
Enter “yes” and “yes” to enter the initial configuration wizard.
You will then be asked to configure the Hostname, Enable secret, Enable password, VTY password, and whether to configure SNMP network management.
Next, you will be presented with an interface summary and be prompted to configure an interface used to connect to the “management network”. This is the only interface and will be where APs join and how you manage the device over the wire. After entering the name of the interface, I used the suggested settings.
Finally, you will be asked to
 Exit to IOS without saving
 Restart the setup without saving
 Save the configuration and exit.
You will then be kicked into command line with the following banner shown.
The mentioned “ewc_day0_device_provisioning_guide” file states that the following configurations need to be completed:
2. Admin username/password
3. Configure the AP Profile
4. Configure the WLAN
5. Configure the Wireless Profile Policy
6. Configure the Default Policy Tag
7. Turn on Global Encryption
8. Save the Configuration
The commands to complete the tasks are below for easy copy/pasting.
ap profile default-ap-profile
username admin password 0 Cisco123 secret 0 Cisco123
wlan Howiwifi-Survey 1 Howiwifi-Survey
wlan Howiwifi-Survey 1 Howiwifi-Survey
no security wpa akm dot1x
security wpa psk set-key ascii 0 Cisco123
security wpa akm psk
wireless profile policy Howiwifi-Survey
no central association
no central dhcp
no central switching
wireless tag policy default-policy-tag
wlan Howiwifi-Survey policy Howiwifi-Survey
password encryption aes
key config-key newpass Cisco123
After saving, the Day0 configuration will be “cleaned up” and the new configuration applied. You can then log into your configured controller using the specified password above.
Step 7 – Join the AP to the controller
You will now notice that the “AP” has not yet joined the controller due to not receiving an IP address via DHCP. This is verified by issuing “show ap summary” on the controller and by viewing the LED status indicator on the AP.
We are relying on the AP connecting to the internal EWC automatically when surveying. This can be accomplished by accessing the console of the AP and configuring an IP address (the former configured IP address configured in step 5 is removed during the upgrade).
The command “wireless ewc-ap ap shell username (username)” is the EWC equivalent of the “apciscoshell” command from mobility express. Because the AP has no configuration on it, we use the username “Cisco” (the default) in the command the first time we connect.
The AP will now be joined to the controller. You can type “exit” to return to the EWC and issue “Show AP Summary” to view the AP. The LED status indicator should now be green. If it is not connected, follow the standard CAPWAP discovery troubleshooting steps.
You should be able to see the configured SSID broadcasting using a spot check tool such as Wi-Fi Analyzer for android.
Step 8 – Configure the AP for surveying
The configuration you use to survey will vary so I will provide all of the information needed to configure and verify settings.
A few things to note:
- Changes can be made to the radios of an AP while they are enabled.
- * denotes automatic assignment through RRM.
- APs with a “Software Defined Radio” are configured using “dual-band”
- Power levels in 5GHz have different dBm values.
Show a list of APs connected to the controller:
show ap summary
Show the current power level:
show ap dot11 (24ghz\dual-band\5ghz) summary
Disable data rates lower than 12mb/s:
ap dot11 24ghz rate RATE_1M disable
ap dot11 24ghz rate RATE_2M disable
ap dot11 24ghz rate RATE_5_5M disable
ap dot11 24ghz rate RATE_6M disable
ap dot11 24ghz rate RATE_9M disable
ap dot11 24ghz rate RATE_11M disable
ap dot11 24ghz rate RATE_12M mandatory
ap dot11 5ghz rate RATE_6M disable
ap dot11 5ghz rate RATE_9M disable
ap dot11 5ghz rate RATE_12M mandatory
Verify data rates are disabled:
show ap dot11 5ghz network
show ap dot11 24ghz network
Show power levels for the currently configured channel:
show ap name (AP Name) config dot11 (24ghz/dual-band/5ghz)
Set the power level, channel, and channel width for each radio:
ap name (AP Name) dot11 (24ghz/dual-band/5ghz) channel (channel)
ap name (AP Name) dot11 (24ghz/dual-band/5ghz) txpower (power level)
ap name (AP Name) dot11 (24ghz/dual-band/5ghz) channel width (20/40/80)
Here I set the 2.4GHz channel to 1 and change the power to 14dBm.
Here I set the 5GHz channel to 161, change the width to 20 wide, and adjust the power to 14dBm.
ap name APF4BD.9E9A.0D68 dot11 dual-band channel 1 ap name APF4BD.9E9A.0D68 dot11 dual-band txpower 4 show ap dot11 24ghz summary ap name APF4BD.9E9A.0D68 dot11 5ghz channel 161 ap name APF4BD.9E9A.0D68 dot11 5ghz channel width 20 ap name APF4BD.9E9A.0D68 dot11 5ghz txpower 4 show ap dot11 5ghz summary
Shutting down each radio
If you need to shutdown the radio for a certain AP, you can use the following commands:
ap name (AP Name) dot11 (24ghz/dual-band/5ghz) shutdown
ap name (AP Name) no dot11 (24ghz/dual-band/5ghz) shutdown
Be sure to save your configuration!
“Write memory” saves the EWC config as well as the AP config.
Step 9 – Ready for survey!
Check out my survey gear here!
Thank you very much for reading this post. I hope this gets you started quickly and helps you get familiar with the IOS-XE commands required to configure and validate your configuration! If you have any questions about this process (since it is subject to change in future code revisions), feel free to connect with me on Twitter or email me directly!