October 26, 2015 3 Comments
In the wireless world, we’re constrained by regulatory requirements. These are, at their core, different rules by which we must abide by when we’re operating wireless equipment. Each country has their own set of requirements and restrictions – each manifesting itself in some iteration of channel availability or power limitation of some sort. Until now, this meant that each country had to have it’s own regulatory SKU to prevent a wireless professional or other ‘non-professional’ installer from exceeding or violating that countries requirements. Cisco has worked around this particular issue with a universal SKU Access Point. In the past you would order a specific AP for a specific country. The astute Cisco-configurator would identify the country code in an AP model number (A for North America, N for Mexico, I for Egypt, etc.). The gory details of country code mapping changed occasionally which meant that it was almost a full time job for international companies to wrangle which SKU went where.
Enter the ‘UX’ SKU of AP. These APs are designated by the country code ‘UX’ and are universal SKU APs, meaning one SKU can be installed in any country. The way we’re able to do this is by way of software defining which country the AP is operating in. Now, the FCC won’t just allow you to ‘claim’ a country code, so there are some specific restrictions to deploying a ‘world capable’ AP. Today, this means tying the AP to a specific user, then using a non-hacked device to determine GPS coordinates of where the AP is installed to ‘prime’ or ‘unlock’ the AP based on what country it’s physically located in.
This blog will review the two ways to ‘prime’ a UX domain AP and get you up and running in no time at all! The first thing you need is an un-compromised (not jailbroken) device with both online capabilities (an Internet connection) and GPS capabilities. Enter the smartphone. Most of todays smart phones meet this requirement:
Step 1) Head to your devices respective app store and grab the Cisco AirProvision application.
Step 2) Plug in your AP and let it join to your WLC (this assumes you have things like discovery already taken care of). There are no UX specific join requirements so if you have regular Cisco APs joining your WLC, this part should be easy. Note that at this point the AP will be flashing ‘bad colors’ at you despite it’s radios being up and operational.
Step 3) Enable ‘Universal AP Admin’ on one of your secure (PSK or .1x) SSIDs that has internet access (WLAN tab -> WLAN ID -> Advanced tab -> ‘Universal AP Admin’).
Step 4) Join the above SSID on your unprimed AP.
Step 5) Launch the app on your smartphone and log into CCO (page 1) then your WLC (page 2).
Step 6) Click Configure!
That’s it! It’s a relatively straightforward way for your AP to know what country it’s at.
The good news is that you only ever need to prime a single AP in this fashion. Once it’s primed and comes back online, it will automatically include in its Neighbor Discovery Packets (NDP) UX domain info. Any other unprimed AP in earshot of these discovery packets will hear them and automatically pickup the country code of the already primed AP! Once you have primed a second AP by way of the NDP the priming sticks with the AP and you can then prime others off it in a cascading fashion – you can even re-prime the AP that you previously primed with the app!
While this may seem like unnecessary work for those that are single country entities, those that have to operate in multiple country codes may find that simplified ordering is a lifesaver – assuming your installers have a smart phone and a free CCO account. This can also help if your company accidentally ordered several hundred of these and you don’t want to RMA them. Remember that the country code priming sticks with the AP across reboots, regardless of location (unless you re-launch the mobile app to reconcile your installation).
Things to remember:
- Your smartphone must allow location access (it has to know where you’re at after all).
- You must join the SSID on your unprimed AP. Joining on a different AP won’t help you any.
- You have to have 2.4GHz enabled on your WLC and SSID – an unprimed AP operates in 2.4GHz only so you have to be able to see your SSID.
- You must have the country code you’re provisioning enabled on the WLC (Thanks Andrew!).
- Your SSID must have internet access to allow CCO to be accessible.
- NDP priming only works on other NDP primed UX domain APs or app primed UX domain APs – not ‘regulatory domain APs’.
- Did you screw something up? You can reset the UX domain AP by performing a ‘Clear All Config’ on the AP page in the GUI (along with all of it’s other settings)!
- When your AP primes, it reboots. This is the same if you use the app or NDP. Don’t be surprised if you app-prime one AP and it cascades a bunch of NDP reboots.
*Oct 26 14:16:35.003: %CLEANAIR-6-STATE: Slot 0 enabled *Oct 26 14:16:41.783: %CLEANAIR-6-STATE: Slot 1 enabled *Oct 26 14:17:08.719: %CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source Writing out the event log to flash:/event.log ... *Oct 26 14:19:50.339: **************************** UNIVERSAL AP PRIMING *********************** *Oct 26 14:19:50.339: Action completed: regulatory domain values 0x0 0xB are written. Now trigger AP reload *Oct 26 14:19:50.507: %SYS-5-RELOAD: Reload requested by UAP DIE process. Reload Reason: UNIVERSAL AP PRIMING SUCCESSFUL . *Oct 26 14:19:50.527: %LWAPP-5-CHANGED: CAPWAP changed state to DOWN *Oct 26 14:19:50.727: %CLEANAIR-6-STATE: Slot 0 down *Oct 26 14:19:50.727: %CLEANAIR-6-STATE: Slot 1 down Write of event.log done
You can see above the log from an AP that was previously online. This AP was unprimed when it powered up, came online with radios up and then after several minutes received the NDP prime message and auto-rebooted. Easy, but potentially disruptive!