Cisco Prime: Radiation Patterns and Antennas Orientation

Sorry for being silent for a while. I have moved to Leeds and now work in my company’s HQ as a project and design engineer. A massive change for me and my family. Anyway, this time I want to cover one very important topic – radiation patterns and antennas orientation in Cisco Prime (also applies to old buddy WCS).

If you have ever worked with Cisco Prime (or WCS) with regards to wireless networks management, you know how frustrating can be the process of adjusting access points’ radiation characteristics on the floor plan. Actually, it’s not a big deal if all access points have internal antennas and have been installed as per Cisco’s recommendations. In such case, Cisco Prime applies default azimuth and elevation values to match best practice installation. For example, omni-directional APs, like 1142N, 3602i or 3702i, have internal antennas and provide best coverage if installed on the ceiling, facing down. Of course, they can still provide optimal coverage in some scenarios with wall mount installations, but in such cases a more proper planning is required. There is a high likelihood that access points from different floors will become adjacent in RF spectrum (i.e. will see each other) and it will be more complex for a controller to come up with optimal Tx power levels to meet coverage requirements. However, we all know that suboptimal installations happen in a real life. In such cases every access point has to be configured with custom azimuth and elevation values to help Cisco Prime to build correct heatmaps. This is especially important during the planning phase.

Note! In case of external antennas (i.e 3702e with patch or sectoral antenna), it is always required to adjust elevation and azimuth within Cisco Prime to let it know how antennas radiate on the floor plan – north, south, west, east, north-west, south-east. This process can be even more complicated if antennas are installed at 45 (or custom) degrees to the floor/wall/ceiling. Read more …

Catalyst 3850 QoS Troubleshooting Commands

You would expect to have a very simple and intuitive QoS troubleshooting toolkit on a native MQC platform. Well, the first thing that came into my mind after I’ve been told that Catalyst 3850 is a proper MQC platform was something like

Wow, finally I can use the very same range of ISR commands to troubleshoot QoS on a hardware switching platform!

Unfortunately, that ended up to be a hybrid implementation. Yes, we have to use MQC to configure QoS on Catalyst 3850, including queuing! No, you are unlikely to solely use MQC commands to troubleshoot QoS. Remember that show mls qos commands range on Catalyst 3750 platform? It’s still the same candy, in a different wrapping though. Read more …

Catalyst 3850 Flexible NetFlow restrictions

Cisco Catalyst 3850 has become a next generation switching platform in our company. We have deployed these switches in a number of our offices recently. Apart from being a converged wired/wireless access platform, it fully supports Flexible NetFlow. Therefore, it was a logical step to begin using this neat feature at least on our branche core switches to improve monitoring capabilities and lessen troubleshooting efforts. I have faced a number of issues while I’ve been trying to configure FNF on the first switch to perform some testing. So… Read more …

Cisco WLC 4400 Catastrophic Bug

I would like to make you all aware about catastrophic bug that affects (or may potentially affect) you. It applies to legacy eol/eos wireless controllers (Cisco WLC 4400 series), which are still massively deployed in many companies. A friend of mine has asked me to help troubleshooting very strange problem they’ve been experiencing for some time. Here’s a story and workaround. Read more …

Fun: Saudi Cabling Masters

Riyadh Crazy CablingI haven’t posted any fun stories here yet. However, I might slightly change this blog’s format. We have PoE-powered video surveillance problems in Riyadh (ports do not come up). I shared my opinion that cabling is likely our problem and got this response back in a minute. Picture is also attached 🙂

Please have it be known that the calibre of cabling contractor in the kingdom of Saudi Arabia is the envy of the world. I can’t believe for one minute they would have not done this correctly.

Please see attached example of Jeddah, clearly there is nothing wrong with what they have done here !!!

Cabling masters 80 lvl. I like the way DATA and TELEPHONY CABAL patch panels are labeled too.

Finding Cisco Tx Power Levels

Tx Power Level is an important variable that, in combination with antenna gain, influences coverage patterns. Cisco wireless controller dynamically adjusts transmit power levels according to current RF conditions, access point’s capabilities and local regulatory domain recommendations, that may vary per band and/or channel. We, as an engineers, should be capable to confirm current Tx Power level, list of all supported Tx Power levels and antenna gain (if applicable). No coverage or heatmap approximations can be made without this information. With this post I will provide a number of different useful CLI commands that may be used to quickly find Tx Power levels information per-AP and in bulk. Read more …

PoE-based access points Tx power level limitations

I recently noticed that Cisco AP 1142 Tx power level is not a constant value. It is dependent on a data rate in use.
Less words, here’s an example of “show controllers dot11Radio” taken from Cisco AIR-LAP1142N-E-K9:

interface Dot11Radio0
Radio AIR-AP1140G, Base Address b4a4.e3ca.f130, BBlock version 0.00, Software version 3.00.81
Serial number: <cut>
Number of supported simultaneous BSSID on Dot11Radio0: 16
Carrier Set: EMEA (EU) (-E)
Uniform Spreading Required: No
Configured Frequency: 2462 MHz Channel 11
Allowed Frequencies: 2412(1) 2417(2) 2422(3) 2427(4) 2432(5) 2437(6) 2442(7) 2447(8) 2452(9) 2457(10) 2462(11) 2467(12) 2472(13)
Listen Frequencies: 2412(1) 2417(2) 2422(3) 2427(4) 2432(5) 2437(6) 2442(7) 2447(8) 2452(9) 2457(10) 2462(11) 2467(12) 2472(13) 2484(14)
Beacon Flags: 0, Interface Flags 20105, Interface Events 0, Mode 9; Beacons are enabled; Probes are enabled
Configured Power: 17 dBm (level 1)
Active power levels by rate
1.0 to 11.0 , 16 dBm, changed due to regulatory maximum
6.0 to 48.0 , 13 dBm, changed due to regulatory maximum
54.0 to 54.0 , 11 dBm, changed due to regulatory maximum
6.0-bf to 54.0-b, 10 dBm, changed due to regulatory maximum
m0. to m5. , 13 dBm, changed due to regulatory maximum
m6. to m6. , 11 dBm, changed due to regulatory maximum
m7. to m7. , 10 dBm, changed due to regulatory maximum
m8. to m13. , 13 dBm, changed due to regulatory maximum
m14. to m14. , 11 dBm, changed due to regulatory maximum
m15. to m15. , 10 dBm, changed due to regulatory maximum
m0.-4 to m5.-4 , 13 dBm, changed due to regulatory maximum
m6.-4 to m6.-4 , 11 dBm, changed due to regulatory maximum
m7.-4 to m7.-4 , 10 dBm, changed due to regulatory maximum
m8.-4 to m13.-4, 13 dBm, changed due to regulatory maximum
m14.-4 to m14.-4, 11 dBm, changed due to regulatory maximum
m15.-4 to m15.-4, 10 dBm, changed due to regulatory maximum
6.0-d to 48.0-d, 13 dBm, changed due to regulatory maximum
54.0-d to 54.0-d, 11 dBm, changed due to regulatory maximum
OffChnl Power: 16, Rate 1.0
Allowed Power Levels: -1 2 5 8 11 14 17
Allowed Client Power Levels: 2 5 8 11 14 17

Why is it like this? Why higher data rates have lower Tx power levels? These were my questions too. Read more …

CDP entry wildcard match

Message of the Day: Every day is a lesson!

I just found that show cdp entry command supports wildcard search. I am a frequent user of this command, and it usually happens when I first execute show cdp neighbors to find a neighbor of interest, followed by a show cdp entry <name> to find its management IP address. I usually copy/paste the full name of the neighbor, until just now. A short example will tell you the rest…

SWITCH#sh cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
 S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
 D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID Local Intrfce Holdtme Capability Platform Port ID
SWITCH1 Gig 1/0/27 157 S I WS-C3750- Gig 2/0/1
SWITCH1 Gig 2/0/27 172 S I WS-C3750- Gig 1/0/1
SWITCH#show cdp entry SWI*
Device ID: SWITCH1
Entry address(es):
 IP address:
Platform: cisco WS-C3750-48P, Capabilities: Switch IGMP
Interface: GigabitEthernet1/0/27, Port ID (outgoing port): GigabitEthernet2/0/1
Holdtime : 155 sec

Version :
Cisco IOS Software, C3750 Software (C3750-IPSERVICES-M), Version 12.2(50)SE2, RELEASE SOFTWARE...
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Fri 15-May-09 19:41 by nachen

advertisement version: 2
Protocol Hello: OUI=0x00000C, Protocol ID=0x0112; payload len=27, value=00000000FFFFFFFF01...
VTP Management Domain: 'null'
Native VLAN: 10
Duplex: full
Management address(es):
 IP address:

Well, if you know that… ignore me, if not – welcome to the club of those who like to find about tiny and nice IOS features 🙂

Trust DSCP is a must have on Cisco Catalyst 4500

This is a small post about one specific Cisco Catalyst 4500 Classification characteristic. The one I was lucky to find and read in advance before I deployed QoS configuration changes. Here it is.

If you run Cisco Catalyst 4500 on a Supervisor card older than V-10GE, software older than Cisco IOS Release 12.2(31)SG and you classify traffic with service-policy that refers to DSCP value (via ACL, or class-map match statements), you MUST HAVE qos trust dscp configured on a port! 

Simple as that. If you don’t do that, your service-policy won’t see DSCP values, and won’t be able to classify traffic in a right manner. Here’s a screenshot from the Cisco Catalyst 4500 QoS configuration guide that proves my words.



Recovering bricked Cisco WLC 4400

Getting back to my bricked WLC. Well, ex-bricked WLC. If you missed that post – check it out here.

I have spent few months trying to find a fix to this. I tried different ways, including unofficial talks with Cisco TAC engineers. Although they tried to be polite, no one wanted to go deep into my problem. No one cares about End of life device without hardware support. Well, no one except myself. Simply because I didn’t want to spend few more hundreds to buy one extra working controller for my lab. And, I managed to reanimate it. Cure is soooo simple… You’ll be surprised. Read more …