Home | Skip to Content | Skip to Search | Skip to Navigation | Skip to Footer |
Worldwide [change] |Register |About Cisco
Guest

Hierarchical Navigation

Cisco 4400 Series Wireless LAN Controllers

Understanding Over-the-Air Provisioning (OTAP)

Downloads

Document ID: 100516


Contents

Introduction
Prerequisites
      Requirements
      Components Used
      Conventions
Radio Resource Management (RRM) Neighbor Packets
OTAP Process
      RRM Neighbor Packet for 802.11a
NetPro Discussion Forums - Featured Conversations
Related Information

Introduction

Lightweight Access Point Protocol (LWAPP) Access Points (APs) (LAPs) can discover the management IP address of the controller through Over-the-Air Provisioning (OTAP). This document explains some of the details of this process.

Note: The recovery images (cXXXX-rcvk9w8-mx), shipped with new out–of-the-box LAPs, do not contain any radio firmware and do not bring up any radio interfaces during the boot process. OTAP will not work with out-of-the-box LAPs. The exceptions are out-of-the-box 1510s, and 1520 APs which have a full image installed in flash.

Prerequisites

Requirements

Cisco recommends that you have basic knowledge of LWAPP.

Components Used

This document is not restricted to specific software and hardware versions.

Conventions

Refer to Cisco Technical Tips Conventions for more information on document conventions.

Radio Resource Management (RRM) Neighbor Packets

OTAP utilizes RRM neighbor packets. This section provides a brief background on RRM neighbor packets. LAPs already joined to a controller transmit RRM neighbor packets to the RRM multicast address 01:0b:85:00:00:00. Each LAP must transmit a Neighbor Discovery packet once every 60 seconds on each of the configured Auto-RF channels for 802.11b/g and 802.11a. The RRM neighbor packets are transmitted without any encryption similar to other RF management packets, such as probe requests and probe responses. The RRM neighbor packets contain neighbor control messages. Each neighbor control message consists of (see RRM Neighbor Packet for 802.11a later in this document):

  • Radio ID

  • Group ID

  • Management IP Address (of the Controller)

  • Channel Count

  • Antenna Pattern (Omni, Left, Diversity, Right)

  • Measurement Interval

  • Key

  • Channels

  • Power

The LAPs encapsulate and forward to the controller any RRM neighbor packets they receive. This allows the controller to form RF groups for adjusting the power and channels among LAPs that can see each other. LAPs that are booting can use these RRM neighbor packets to discover the controller that neighbor LAPs are already joined to.

OTAP Process

During the LAP boot process, the LAP uses different mechanisms to discover controllers it can join. The LAP keeps each of the controllers it learns about via the different methods in different lists to reflect how the LAP learned about them. For example, it can learn multiple controllers’ management IP addresses through the DNS entry for CISCO-LWAPP-CONTROLLER.localdomain, DHCP option 43, through broadcasts on the local subnet, and via OTAP.

The OTAP process begins when the LAP momentarily brings up the radio interfaces before the Discovery phase and scans the different RF channels listening for RRM neighbor packets. The LAP might or might not receive an RRM neighbor packet on the first boot. This depends on:

  1. How many LAPs are in the area (the greater the number of LAPs in the area, the greater the chance of the LAP receiving an RRM neighbor packet)

  2. How many channels are being used by Auto-RF (the more channels, the less likely the LAP is to receive an RRM neighbor packet)

  3. How long the LAP scans the RF channels during the OTAP process (typical scan times before the AP moves into the discovery phase are 18 to 35 seconds for all channels)

When the LAP moves into the Discovery phase, it sends discovery requests via its primary interface to each of the controllers in the lists based on how it learned about them. For the controllers that are learned via OTAP, it sends the controller a Discovery Request packet with the OTAP bit set. This indicates to the controller that the AP learned its management IP address via OTAP. Other discovery methods, such as DNS or DHCP option 43, are not differentiated in the Discovery Request packet because they are learned via wired connections.

This controller can reject discovery requests for these reasons:

  1. The OTAP bit is set in the Discovery Request packet and OTAP is disabled on the controller.

  2. The Discovery Request packet is too large.

  3. The Discovery Request packet is not received on the management interface.

Note: OTAP enabled on the controller indicates to the controller whether or not to respond to discovery requests with the OTAP bit set. It does not prevent the LAPs already joined to the controller from transmitting the controller’s management IP address in the clear in RRM neighbor packets.

RRM Neighbor Packet for 802.11a

Here is a sample RRM neighbor packet for 802.11a: 

No.  Time               Source                Destination           
8313 23:39:20.169855117 00:14:1b:5a:40:10     01:0b:85:00:00:00     

Protocol Info
LLC      U, func=UI; SNAP, OUI 0x000B85 (Unknown), PID 0xCCCD

Frame 8313 (80 bytes on wire, 80 bytes captured)
    [Protocols in frame: wlan:llc:data]
IEEE 802.11
    Data Rate: 6.0 Mb/s
    Channel: 60
    Signal Strength: 0%
    Type/Subtype: Data (32)
    Frame Control: 0x0308 (Normal)
        Version: 0
        Type: Data frame (2)
        Subtype: 0
        Flags: 0x3
            DS status: Frame part of WDS from one AP to another AP 
                       (To DS: 1 From DS: 1) (0x03)
            .... .0.. = More Fragments: This is the last fragment
            .... 0... = Retry: Frame is not being retransmitted
            ...0 .... = PWR MGT: STA will stay up
            ..0. .... = More Data: No data buffered
            .0.. .... = Protected flag: Data is not protected
            0... .... = Order flag: Not strictly ordered
    Duration: 0
    Receiver address: 01:0b:85:00:00:00 (01:0b:85:00:00:00)
    Transmitter address: 00:14:1b:5a:40:1f (00:14:1b:5a:40:1f)
    Destination address: 01:0b:85:00:00:00 (01:0b:85:00:00:00)
    Fragment number: 0
    Sequence number: 487
    Source address: 00:14:1b:5a:40:10 (00:14:1b:5a:40:10)
    Frame check sequence: 0x84bab9b3 [correct]
Logical-Link Control
    DSAP: SNAP (0xaa)
    SSAP: SNAP (0xaa)
    Control field: U, func=UI (0x03)
        000. 00.. = Command: Unnumbered Information (0x00)
        .... ..11 = Frame type: Unnumbered frame (0x03)
    Organization Code: Airespace (0x000b85)
    Protocol ID: 0xcccd
Data (38 bytes)

0000  08 03 00 00 01 0b 85 00 00 00 00 14 1b 5a 40 1f   .............Z@.
0010  01 0b 85 00 00 00 70 1e 00 14 1b 5a 40 10 aa aa   ......p....Z@...
0020  03 00 0b 85 cc cd 01 1b 00 1a 6c 91 80 80 00 04   ..........l.....
0030  0a 01 00 
0f 3c 01 01 3c 04 ff ff 00 4e 40 fd ec   ....<..<....N@..
0040  a7 4a f4 c4 d3 7b 19 be 10 92 50 91 84 ba b9 b3   .J...{....P.....

The RRM neighbor multicast address and the controller’s management IP address are highlighted.

NetPro Discussion Forums - Featured Conversations

Networking Professionals Connection is a forum for networking professionals to share questions, suggestions, and information about networking solutions, products, and technologies. The featured links are some of the most recent conversations available in this technology.
NetPro Discussion Forums - Featured Conversations for Wireless
Wireless - Mobility: WLAN Radio Standards
Wireless - Mobility: Security and Network Management
Wireless - Mobility: Wireless IP Voice and Video
Wireless - Mobility: Getting Started with Wireless
Wireless - Mobility: General

Related Information

Updated: Jan 28, 2008Document ID: 100516