cnpilot mesh auto recovery

cnPilot Mesh Auto Recovery Simplifying Mesh Trouble Shooting

Abstract The fast and easy way to recover mismanaged mesh client APs and rapid zero touch over the air

mesh deployment support

Copyright 2016. Cambium Networks Inc. All rights reserved

2

Revision History

Date Version # Author(s) Comments


3

Contents Overview of the feature .................................................................................................................. 4

Functionality ................................................................................................................................... 5

Out-of-The-Box ........................................................................................................................... 5

Mesh Link Stability ...................................................................................................................... 5

Configuration .................................................................................................................................. 6

Sample mesh deployment topology may look like this .............................................................. 6

CLI configuration ......................................................................................................................... 7

MESH base AP configuration: ................................................................................................. 7

Show CLI on MESH base AP: ....................................................................................................... 8

MESH client AP configuration ................................................................................................. 8

GUI configuration ........................................................................................................................ 9

MESH base AP WLAN profile configuration ............................................................................ 9

MESH base AP recovery WLAN profile configuration ............................................................. 9

MESH base AP WLAN statistics ............................................................................................. 10

MESH client AP MESH WLAN profile configuration .............................................................. 10

MESH client AP Access WLAN statistics ................................................................................ 11

Trouble-shoot................................................................................................................................ 12

Best deployment practices ....................................................................................................... 12

Software Version and list of APs platforms supported ................................................................ 14


4

Overview of the feature

The mesh auto recovery feature will help admin user to recover and re-configure mesh client access points (AP) when mesh link with base AP breaks. The mesh link can break because of WPA/WPA2-PSK key or SSID configuration changes in mesh WLAN configuration.

The feature can also help in configuring out-of-the-box APs in mesh deployment scenarios i.e. access point provisioning over the air. With Recovery WLAN profile enabled on Mesh Base AP, Mesh Client will connect to the Mesh Recovery automatically on power up* and IT admin can configure the APs after this initial mesh connection got established. If the APs are managed by cnMaestro, it can provision the APs.

Note: * When APs powered up and only if GE 1 link is down, AP will try to form mesh link using Mesh Recovery profile


5

Functionality Mesh Recovery plays important role in two different scenarios. Following is the sequence of operation w.r.t Mesh Recovery

Out-of-The-Box

1. Mesh Base AP WLAN should configured with Recovery WLAN profile. 2. Power on Mesh Client [no network reachability] 3. Mesh Client will scan for Recovery WLAN across all channels supported for

that regulatory domain 4. Once discovered, Mesh Client will connect to Recovery WLAN and

establishes mesh link with Mesh Base. 5. Above mesh link will be up till a new configuration is pushed to device.

Mesh Link Stability

1. Mesh Base and Client are connected and mesh link is established. 2. User changes WPA2-PSK password for security reasons. 3. Updated configuration is pushed to Mesh Base and hence mesh link will

terminate due to password mis-match. 4. Mesh Client loses connectivity with Mesh Base AP, Mesh Client AP will wait

for 2 minutes. After 2 minutes it will connect to Mesh Base AP using mesh recovery profile. This standby mesh connectivity between base and client AP will be up for next 4 minutes. The IT administrator will be having 4 minutes of window time to reconfigure correct / changed WPA and WPA2-PSK keys on the client AP.

5. The Mesh Client AP will scan after every 4 minutes until it forms a mesh link using WLAN mesh profile configuration. If client AP is not able to form a mesh link to the base AP using WLAN mesh configuration for next 30 minutes, it will reload itself and process will be repeated continuously.


6

Configuration

Sample mesh deployment topology may look like this

MESH link will be established between base AP and client AP. WLAN clients associate to mesh client AP on access WLAN configuration and can get DHCP IP from the core network connected behind the base AP. Base AP GE port will be configured with trunk port configuration to carry traffic from WLAN clients associated to mesh client AP. If the mesh link breaks, client will lose connectivity to core network. MESH WLAN profile is mapped to VLAN 1 on base AP and access WLAN on mesh client AP mapped to VLAN 2

From the above topology mesh base AP needs to be configured with 1. Mesh base WLAN profile configuration 2. Recovery mesh WLAN profile configuration

and Mesh client AP needs to be configured with 1. Mesh client WLAN profile configuration 2. Access WLAN profile configuration


7

CLI configuration

MESH base AP configuration:

MESH base AP WLAN profile configuration ! wireless wlan 1 ssid mesh-wlan no shutdown vlan 1 security open mesh base band 5GHz dtim-interval 1 max-associated-client 5 no proxy-arp mac-authentication policy deny no guest-access !

MESH base AP recovery WLAN profile configuration

wireless wlan 2 no ssid no shutdown vlan 1 security open mesh recovery band 5GHz dtim-interval 1 max-associated-client 5 no proxy-arp mac-authentication policy deny no guest-access !

Trunk port configuration on GE port

! interface eth 1 switchport mode trunk switchport trunk native vlan 1 switchport trunk allowed vlan 1-2 !


8

Show CLI on MESH base AP:

MESH client AP configuration

MESH WLAN profile configuration

! wireless wlan 1 ssid mesh-wlan no shutdown vlan 1 security none mesh client band 5GHz dtim-interval 1 max-associated-client 5 no proxy-arp mac-authentication policy deny no guest-access !

Access WLAN profile configuration

! wireless wlan 2 ssid access-wlan no shutdown vlan 2 security none dtim-interval 1 max-associated-client 127 mac-authentication policy deny no guest-access !

Show CLI on MESH client AP

E400-CE2E72(config)# show wireless mesh MESH-BASE MESH-CLIENT IP-ADDRESS BAND SNR RSSI STATUS HOSTNAME 00-04-56-B1-91-80 00-04-56-CE-2E-73 NA 5GHz 49 -68 UP NA e400-CE2E72


9

GUI configuration

MESH base AP WLAN profile configuration

MESH base AP recovery WLAN profile configuration


10

MESH base AP WLAN statistics

MESH client AP MESH WLAN profile configuration


11

MESH client AP Access WLAN statistics


12

Trouble-shoot

If the mesh client loses the mesh connectivity because of change in mesh WLAN profile configuration parameters like SSID or security configurations change done either on client AP or base AP, recovery steps are

1. Identify mesh WLAN configuration change parameters 2. Access the mesh client AP using IP address (MESH statistics in base AP either

in GUI or CLI will display mesh client AP IP address)

3. Rectify the mesh WLAN configuration changes done on mesh client AP

Best deployment practices

It is recommended to configure MAC ACL on base AP MESH WLAN profile configuration to prevent un-authorized APs connecting to recovery profile. The MAC ACL shall be configured with RADIO MAC addresses of the mesh client APs not with Ethernet MAC address of the mesh client APs. User can see MAC addresses of the AP radios by looking at back of the device panel or from AP UI dash board section.


13


14

Software Version and list of APs platforms supported - The feature is supported by below cnPilot devices:

o cnPilot E400 o cnPilot E500 o cnPilot e501S o cnPilot e502S o cnPilot e410 o cnPilot e600 o cnPilot e430W

- This feature is supported from cnPilot 3.0 release onwards.

cnpilot mesh auto recovery

Documents