B L O G, T UN I N G

Cisco Full
Bars

3 Steps to Tuning a Cisco

WLAN Controller From
Default Settings

Posted by J A S O N GRA N T on M A Y 6 , 2 0 1 4

Cisco Wireless Consulting Systems Engineers if theyd ever

When I asked a few

trust a controllers default config for any time of AP deployment beyond 1 or 2

APs the typical answer (when they stopped laughing) was <expletive> NO.

Of course I anticipated that answer and was prepared with a follow up: Okay

would you change? Now the answers to that were harder to get. Most said
what

well theres too many

variables, or every deployment is different.

the same with ALL deployments?

I was ready for that response, too. Whats

Heres a brief transcript:

Them: Is there VoIP clients?

Me: Lets assume no, for now.

Them:
What about 802.11b?

Me: No support.

Them: What about legacy devices?

Me: Nope. No legacy devices.
Them: What deployment style?

Cisco Full
Bars

Me: Lets use the 80/20 rule. 80% of deployments will be pervasive
wireless network in common open environments where APs are deployed
approximately 60ft-80ft or coverage areas of 3000-5000 sq/ft per AP.
Lets not focus on the interesting things that come with warehouses or
outdoor environments.
Then I got answers. Heres a consolidation of their suggestions. Its 3 simple
steps.
BEFORE YOU ATTEMPT THIS:
Your radios will be brought down during this procedure!
Know before you go: If you arent sure what something will do, it may be
better to not do it until you do!
NOTE: Most of these screenshots were taken from AireOS controller code 7.2 or
7.4. All of these suggestions are applicable for 7.5 and 7.6.
Step 1: Tune Each SSID

 Click on the WLANs tab at the top of the page. This will show your SSIDs.

Cisco Full
Bars

You select an SSID by clicking on the blue WLAN ID number to the left of
the Profile Name.

Now click on Security.

Make sure that WPA2 with AES encryption is selected. (TKIP does not
support 11n data rates. Only AES!)
If you must support WPA (like, something doesnt work that needs to
when its disabled) make sure you use WPA + TKIP and WPA2 + AES. Do
NOT just select everything.
Now click on Advanced

Cisco Full
Bars

Turn on Load Balancing, off by default. Do not enable for WLANs with
latency sensitive clients such as VOIP clients.
Turn on BandSelect, it is off by default. Not necessary for WLANs with
latency sensitive clients such as VOIP clients.
Some notes on this tab:
AAA Override will allow ISE (or another RADIUS server that supports it)
to change VLAN or QoS queue based on authentication.
Client Exclusion is a nice security feature to protect against duplicate
IPs or brute force attacks. Sometimes you may need to turn this off
for troubleshooting. 60 seconds is good Timeout Value to set.
Step 2: Tune the RF settings
First, in 2.4 GHz (802.11b/g/n)
Click the WIRELESS top tab
Click the BOLD 802.11b/g/n Network Left Hand Tab

Cisco Full
Bars

Disable Network Status

Disable 1, 2, 5.5, 6, 9 and 11. This way no 11b data rates are supported.
Change 12 to mandatory.
Everything else change to supported.
A note about mandatory data rates: Lowest is where management frames are
sent out. Highest one is where multicast/broadcast frames are sent out. A client
must at least have the ability to do the mandatory data rates.
It is the client device responsibility to determine WHEN to roam and which
AP to roam TO. A client will NEVER even try to roam until it reaches the
LOWEST mandatory data rate!
Within 802.11b/g/n click onRRM > Dynamic Channel Assignment (DCA)

Cisco Full
Bars

Check Avoid Persistent Non-WiFi Interference

Check EDRRM
Within 802.11b/g/n click on CleanAir

Enable CleanAir (this MAY already be checked)

Re-Enable the 802.11b/g/n radio under the 802.11b/g/n > Network
left hand tab
Now for the RF settings in 5 GHz (802.11a/n/ac)

Cisco Full
Bars

Up top click on Wireless, next on the left click on the Bold

802.11a/n/ac, then select Network.
Uncheck 802.11a Network Status to disable it as we will be making
changes that required it to be turned off
Disable 6 Mbps
Disable 9 Mbps
Ensure 12 Mbps is Mandatory
Ensure 24 Mbps is Mandatory
Other data rates are Supported
Within 802.11a/n/ac click on RRM > Tx Power Control (TPC)
You have two options for RRM (Remote Radio Management).
o Interference Optimal Mode (TPCv2) will optimize the radio adjust
power levels to detect and overcome external interference the AP
discovers.
o Coverage Optimal Mode (TPCv1) will optimize the radio to adjust
power transmit level based on neighboring APs it discovers.
o You can only have one Mode selected. TPCv1 is the recommended
mode to select. TCPv2 is discouraged unless you have advance
understanding of networking.

 o If you are interesting in using TPCv2 here is a link on a helpful

Cisco Full
Bars
https://supportforums.cisco.com/docs/DOC-1373
document and WLC Configuration Analyzer tool.

If the signal strength isnt good enough across the entire network you
can manually bump up the Power Threshold to -67 or more a little at a
time, until RRM is properly tuned.
Within 802.11a/n/ac click on RRM > Dynamic Channel Assignment
(DCA) and Event Driven RRM (EDRRM)

Check Avoid Persistence Non-WiFi Interference

Channel Width to 40 MHz
If you have the 802.11ac module you can select Channel Width to 80 Mhz.
This will also auto tune the 802.11n radios to 40 Mhz.
Enable Event Driven RRM
Within 802.11a/n/ac click on CleanAir

Cisco Full
Bars

Under the 802.11a/n/ac tab click on CleanAir

Top checkbox, Enable CleanAir
On Interferers to Detect add all
On Trap on these types under For Security Alarms add Jammer, WiFi
Inverted, WiFi Invalid Channel
Re-Enable the 802.11a/n/ac radio under the 802.11a/n/ac > Network
left hand tab
Step 3: Tune QoS
Click on the Wireless top tab, then QoS Left Hand Tab
For each QoS Profile, under Wired QoS Protocol Protocol Type select
802.1p. Tag number default is typically preferred.

Cisco Full
Bars

And thats it! Where this is not an exhaustive tuning guide, it serves as a starting
point for just about any deployment style. For an exhaustive list, web on over to
Wireless LAN Controller (WLC) Configuration Best Practices.
Heres a few other resources that may help.
Campus Wireless LAN Technology Design Guide April 2014 (PDF 20.9
MB)
Cisco CleanAir Technology Design Guide April 2014 (PDF 13.8 MB)
Cisco Prime Infrastructure Technology Design Guide April 2014 (PDF
3.4 MB)

Controller

data rate

guide

resources

Tuning

WLAN

17 Comments

Cisco Full
Bars
A D D Y O URS

G E T M A X I M U M says:

Reply

May 16, 2014 at 5:35 am

laconic and helpful. thank you!

B R I A N says:

Reply

May 28, 2014 at 7:19 pm

Great post and helpful resources as well

C H U C K says:

Reply

June 3, 2014 at 1:26 pm

Great post! Is there a reason why you have Avoid

foreign AP interference unchecked within your
DCA configuration?

J A S O N G R A N T says:
June 3, 2014 at 2:21 pm

Reply

Great question Chuck! Checked is the default

Cisco Full
recommend changing that unless an RF engineer
Bars
value for Avoid foreign AP interference. I wouldnt
or TAC suggests otherwise.

C H U C K says:

Reply

June 4, 2014 at 6:56 am

Ok, thanks for the confirmation. Just wanted to

make sure the default value (or school of
thought) didnt change in a later revision of
code than what Im running (7.4MR2).
Cheers!

A A B U RG ER8 5 says:

Reply

July 21, 2014 at 8:10 am

You actually want to modify the Platinum and Gold

802.1p values to platinum of 6 and gold of 5. These
markings as far as my studies and tests have
shown are in relation to the max WMM UP values
that should be tagged at platinum and gold. The
controller will auto mark the platinum at a COS
value of 5 and gold at a COS value of 4.

J A S O N G R A N T says:
July 21, 2014 at 9:46 am

Reply

Thanks Alex. This is interesting. I will look in to

Cisco Full
Bars

why theyre set the way they are by default.

A A B U RG ER8 5 says:

Reply

July 22, 2014 at 1:20 pm

Jason, I just took a look and it appears that they

have fixed the defaults. So by default they are now
tagged at gold 5 and platinum 6. I am not sure
what code revision they corrected this, must have
been post 7.3. Anyways nevermind your guide is
correct.

P A U L H says:

Reply

May 2, 2015 at 7:44 pm

What?? No love for the ios xe version??

J A S O N G R A N T says:

Reply

May 4, 2015 at 9:32 am

Hey Paul great question. I love the IOS XE

controller software. As you know its designed
to support the Converged Access deployment
model. Although the examples I give are on the
AireOS controllers, the tuning suggestions are
the same:

1) Tune the SSIDs (security, features, best

Cisco Full
2) Tune the Radios (disable low data rates,
Bars
practices),

enable CleanAir and tune RRM)

3) Tune QoS (and enable AVC)

B R U N O DI N I S says:

Reply

June 5, 2015 at 3:59 am

Hey. Thanks for the post. Im managging a big

campus with 6k users every day. They are always
complaining about the performance of network,
even with Cisco 1700 and 2700 APs deployed at
1Gbps.
Although they use a lot Dropbox, Spotify, Youtube
and other streaming apps all the time. Theres any
way to limit the throughput for these kind of
services?!
Cheers

J A S O N G R A N T says:

Reply

June 19, 2015 at 12:44 pm

Hi there Bruno,
Something often overlooked is even though
the radios are capable of 1 Gbps connect
speeds, the actual client throughput is
determined by SNR (mix of signal strength vs

interference), client capabilities, adjacent

Cisco Full
factors, including design and configuration.
Bars
clients, apps in use, and a number of other

Understanding that, yes, there is a way to limit

throughput of certain applications. Using the
AVC (Application Visibility and Control) features
on the WLC you are able to identify certain
applications in order to limit throughput,
however that may cause more harm than
good. The data is still there to send; decreasing
their available bandwidth will just make them
transmit for a longer period of time.
Perhaps a better strategy is use AVC to identify
critical applications and increase their priority.

Pingback: The 5 Major Features of @Cisco_Mobility

HDX and How To Turn Them On | Cisco Full Bars

Pingback: Wireless network design | ivannexus

Pingback: 3 Steps to Tuning a Cisco WLAN

Controller From Default Settings | Irfan Salam

DI E G O RI V ERA says:
October 21, 2016 at 9:52 am

Reply

Hi Jason. Thank you so much for your help. I have a

Cisco Full
me out. In the controller web interface within
Bars
question and I will really appreciate if you can help
Wireless->802.11b/g/n(802.11a/n/ac)->Network

there is a field called RSSI Threshold (-60 to -90

dBm) . Whats the difference between this and the
field Power Threshold (-80 to -50 dBm) within
Wireless->802.11b/g/n(802.11a/n/ac)
->Network->TPC ? Is the first one refering about the
minimum value that the spectrum can have and
the second one about the minimum power value
an AP can detect another neighbor device? Im a
little confused.
Thank you in advance.

J A S O N G R A N T says:

Reply

October 21, 2016 at 2:20 pm

The two items you reference are very different.

In the Network page the RSSI Threshold
refers to the option above called RSSI Low
Check. Basically if a client attempts to associate
to an AP but its RSSI is lower than the RSSI Low
Check Threshold, the AP will respond back with
bad conditions and not allow it. I dont
commonly use this feature but it definitely has
value for some installations.
In Transmit Power Control (TPC) the Power
Threshold is the dBm that neighboring APs
want to hear and AP at. When an AP joins a
controller it starts at power level 1. The power

level is slowly lowered until its closest

Cisco Full
Bars

neighbors can hear it at whatever the

threshold is set to.

Search

W HATS N EW

5 Amazing New
@Cisco_Mobility Features
Because of Exclusive
Apple/Cisco Partnership
New FCC Rules for WiFi and
AP Part Numbers
Book Recomendations
How to order Cisco Prime
Infrastructure 3.0
TOP POSTS & PAGES
Happy Holidays from
CiscoFullBars.com
3 Steps to Tuning a Cisco
WLAN Controller From
Default Settings

7 Features You Didn't Know

Your Cisco WLAN Controller
Had
13 Things Your WLAN
Should be Doing (or NOT) How Do You Measure Up?
FOL
L OW
About
JasonM E ON
TW ITTER

How to order Cisco Prime

Infrastructure 3.0

Tweets by @Shutostrike

Jason Grant @

#CiscoONE
Launches
advances
security solutions
at
#PartnerSummit
2016
bit.ly/2fskO45
bit.ly/2exqXan

Embed

View on Twitter

AB OU T J AS ON

about.me/shutostrike

Cisco Full
Bars

Blog at WordPress.com.

Cisco Full
Bars