loader-logo

Cisco Mobility Express – How To Deploy

Cisco has released Cisco Mobility Express aimed toward the SMB market. In a move that positions this solution in between Meraki and the enterprise controller-based models.

In going through the installation, it appears to be aimed at someone less technical or for the systems administrator that needs to quickly deploy a small wireless network.

In my lab, I have two Cisco 1832I access points which is required for Cisco Mobility Express. I will go through deploying Cisco Mobility Express in a network and demonstrate how easy it is to set up.

Keep in mind, wifi deployment involves proper planning. There is an assumption of some wifi and networking knowledge when configuring Cisco Mobility Express and as such, I highly recommend you read my previous posts on wireless planning and deployment.

What Encompasses Cisco Mobility Express?

There are only two types of controllers (Master APs), they are the Aironet 1850 and 1830. In my lab I have 1832I APs.

Supported APs in this model (subordinate APs) include the following Aironet models:

  • 700i
  • 700w
  • 1600
  • 1700
  • 1800
  • 2600
  • 2700
  • 3600
  • 3700

This network can pack quite the punch in terms of access point models. Especially, for external antenna needs I find this appealing. To include these access points in Cisco Mobility Express, you will have to download the correct image and install it on the access point.

What Are The Restrictions?

Currently, running version 8.1.123.15, you can only support up to 25 APs and 500 clients. Truly only supporting SMBs but the system is built with room to grow. When you need more capacity, these APs (meaning the 1800s) can be converted into lightweight APs to be joined to a controller.

Cisco Meraki or Cisco Mobility Express?

Probably the question on everyones mind right? It looks like Mobility Express competes with Meraki. In my opinion, they do. But they differ.

With Meraki, you get a controller in the cloud. Management is very simple. You pay for an AP and you pay for a license per AP for management. The dashboard is updated frequently with new features.

Mobility Express differs in that you are only paying for the AP. There is no license for the management portion. Some people like that. I even find that you have more control over the wireless network with Mobility Express, as we’ll see in this post and upcoming posts.

Installation

Configuring the Cisco 1800 access point is as easy as plugging it in and waiting for the SSID, CiscoAirProvision, to appear.

Once the SSID is up, authenticate and associate to it using the default password of password.

The SSID is provisioned on the 2.4 GHz spectrum and it automatically selects a channel.

Cisco Mobility Express is ready for configuration

Looking at the wireless networks

The default IP address of the AP is 192.168.1.1. Browse to the web interface of this IP address to initiate the configuration wizard.

Once that page is open, begin by creating an admin username and password.

Creating an admin account.

The next step is to set up the controller. Fill in the details. The installation is supposed to be simple but you will need to know your network details.

Controller setup details.

Next step is to configure wireless for your internal and guest networks.. Provide a network name and select your security. You have the option of using WPA2 Personal or WPA2 Enterprise. You can also be brave and use Open. Set the VLAN for each wireless network.

When configuring WPA2 Enterprise you have the option to configure your authentication servers.

Again, as simple as it is to set up, you still need to know networking. It doesn’t help much to place your Employee Network and Guest Network on the same VLAN. It also doesn’t help to place both networks on different VLANs that can still communicate with each other.

Configuring an SSID

Configuring the Guest SSID

The next step is to configure your RF Parameter Optimization. This step will ask the basic question of Client Density and in the back-end it will configure RF per the defaults built into the system.

You also have the option of selecting your traffic type of Data and Data + Voice.

RF Parameter Optimization.

Cisco defines what Low, Typical, and High is with a table:

Client Density Table

From the Cisco Mobility Express configuration guide.

In the next page you are asked to confirm your settings before applying. Once you confirm, the controller will apply the settings and reboot.

Confirming Configuration.

Saving the configuration.

Controller saves configuration. Takes a couple of minutes to come back up.

Controller Restarts.

And when the AP comes back from reboot:

Taking a look at wifi from Wifi Explorer

Log  Into Cisco Mobility Express Controller

We now have success. We can log into the web GUI by typing in the URL of the management IP address you configured during setup.

Logging into Cisco Mobility Express

You are placed right into the Network Summary tab. Right away you see the new GUI. The new GUI stays throughout all configuration options. What I like best about this GUI is being able to see the status of your network and various clients quickly. It’s a fresh look that I can get used to as long as I can fine tune my wireless network.

A view into the network summary.

The Network Summary tab

Modifying Your WLAN

There are a few settings you can modify for your WLAN. Those would be your Radio Policy, Firewall (which is rule-based. No layer 7 rules), and QoS settings.

Modifying WLAN settings.

WLAN firewall settings

Modifying Your Access Points

You get a lot more options in configuring your wireless network when you view the access point settings. Any changes to the access point or master controller will cause a short outage as it disables the wireless network and applies the new settings.

 

AP settings

Getting into AP settings

You have the option to easily modify the radio settings of the access point. Enable/disable 2.4 and 5 GHz frequencies, set your channel width, and set your transmit power settings.

It’s straight forward to configure. For channel width you can go up to 80 MHz. No option to go 160 MHz, not even in command-line.

Configure 2.4 GHz Radio.

Configure 802.11b/g/n Radios.

Configure 5 GHz radios.

Configuring 802.11 5 GHz Radios.

Summary Views

The access point summary tab provides a quick overview of your 2.4 and 5 GHz APs. Quickly see the usage, what channel is being used and how many clients are on that AP. To see more details, click the AP you want to view.

Access point summary tab.

Viewing a summary of your access points.

Viewing details of an access point appears to have an influence of Meraki look and feel. What do you think?

Access point detail view.

View access point details.

You can perform some simple RF troubleshooting from the view of an access point. These access points support a version of Clean Air. Currently, I have not dived into the extent of what and how much information it will provide.

Troubleshooting RF.

RF Troubleshooting tab in AP detail view.

You can view a summary of your clients too, of course.

Client summary.

Viewing a summary of associated clients.

Here’s a more detailed look at a client. An easy way of viewing its uptime, which AP it is connected to, signal strength and capabilities. Additionally, you will notice that you can view what applications are being used via Cisco Application Visibility and Control (AVC).

View of client details.

Client details including Cisco AVC.

Client details.

More client details, including some troubleshooting options.

Taking a look at a few troubleshooting tools and information, Cisco Mobility Express will provide a general overview of channel utilization, client load, and interference. With this information you can drill into specific access points and into specific clients. Visual indicators are used a lot here and you can view these graphs in 2.4 GHz or 5 GHz frequencies.

Your troubleshooting tools.

Viewing AP performance

In addition to the performance from the access points you can see performance of the clients such as signal strength, data rates, and signal quality.

Client performance on the wireless network.

And if you don’t know where to begin, you can have a best practice compared to your current configuration. This is similar to what you can find on the controller-based version.

Cisco Mobility Express Best Practices.

Adding New Access Points

If the image is the same version as the one running on the master AP then the AP joins the Master AP.

Plug in the new AP and ensure it acquires a DHCP address.

Surprisingly, AP just joined my master controller because it is on the same subnet? I’m not entirely sure yet but I’ll have to do a packet capture. I would expect some way to control which access point gets added to the system.

Master Controller

The first AP to come up in the Cisco Mobility Express Network is obviously the Master Controller. When multiple APs come up, the election is based on highest priority.

There are three methods for election:

  1. User Defined
  2. Least Client Load
  3. Lowest MAC Address

Failover

Testing the failover of the master controller was not as graceful as I’d like it to be. As a client on the wifi network, it took a while for the second AP to become the master and it took a moment for my laptop to associate with the second access point which was in the same room. I’ll be performing some wireless testing to get more details on this process.

Command Line

You do have the option to configure Mobility Express via CLI. It’s very similar to configuring a controller via CLI. You will find options you can configure using CLI which are not shown in the GUI but I’ll leave that for another day. All you need to know for now is that you can configure many, if not all, of the settings you see in the GUI using command-line and more.

My Take

Cisco Mobility Express is a great option for the SMB. It’s simple to set up and get going quickly with a wireless network. You don’t have to deal with recurring licensing cost as you do with Meraki for management.

A benefit with Mobility Express is that you can turn the 1800 series access points into lightweight APs when you grow and move towards the controller-based model.

The software between Mobility Express and Cisco’s controllers are very similar giving the network administrator the familiarity of the system and configuration.

Just because Cisco, and other vendors, have made it easier to setup and deploy wireless networks doesn’t mean we have to forget the fundamentals here. One must still know about proper coverage and capacity planning.

With that said, Cisco Mobility Express is an excellent option for small and medium sized businesses with room for growth.

Do you have any questions? Let me know in the comments below.


23 thoughts on “Cisco Mobility Express – How To Deploy”

  1. ed says:

    Rowell,

    Great info here.

    What would we be missing out on going with 1850 mobility express vs 2504 controller.

    Also, is there a special LW image that needs to be loaded on autonomous APs for them to work in slave mode with 1850 Controller?

    1. Hi Ed,

      You’re still fairly limited with the amount of features compared to a 2504 controller. There is a specific image that has to be placed on these APs in order for them to join the 1850 controller AP.

      If you need extensive control and monitoring then I would suggest going with a 2504 controller.

      The 1850 is really meant for small businesses.

  2. ed says:

    Would there be a way to dedicate a 1850 as controller only and not serve clients ?

    1. I believe so. You could simply disable the 2.4 and 5 GHz radios.

  3. abraham says:

    Hi Rowell,

    Have you tried EAP-TLS using Win NPS or Cisco ISE?, If it so, how do you configure it?. Is there any option to configure the Authentication + Accounting Server?

    thanks

    1. I have done it with Windows NPS previously. I was actually thinking about doing a topic on that.

      I’ll have to look into it specifically with Cisco Mobility Express to compare the differences to a full featured controller-based installation.

      1. Jermaine Bhoorasingh says:

        How hard was it to configure with NPS? Do have any resource you are willing to share?

        1. Depends on your familiarity with Windows but it’s not terribly difficult. Here’s a document from the Cisco forums: https://supportforums.cisco.com/document/103601/configuring-microsoft-nps-network-policy-server-internet-authentication-serviceias

  4. WK Ong says:

    Are you able to configure timeout for guest network using this mobility express? I mean timeout for guest to be authenticated using different username and password after certain of time, let say 1 hour.
    Can we deploy this mobility express with 1 AP only? To deploy like an autonomous AP?
    Thanks!

    1. Let me find out this weekend if I can configure a timeout on the guest SSID. You’re able to deploy it with one AP. That’s how I set it up for this demo.

      1. WK Ong says:

        Ok, thanks Rowell!

      2. Fraser Reid says:

        so did you manage to find this out ?

        1. Sorry for not getting back sooner. You should be able to configure a session timeout using the CLI:

          (Cisco Controller) >config wlan session-timeout 1 ?

          The duration of session in seconds (0 = infinity is true only for open system).

          First, identify the WLAN ID with: show wlan summary

          Then use that ID to configure the session-timeout. If my test WLAN had an ID of 1 and I wanted a session timeout of 500 seconds I would use:

          config wlan session-timeout 1 500

  5. Driver28 says:

    Hi!

    I have just gotten 2 1832is and I can’t get one to discover the other. ap1 is st up as a controller and ap2 is joined to the same subnet. I can see discovery taking place in the console of AP2 but is doesn’t join. it gets interrupted and I get BAD TLC ENTRY and A packet caused a disconnect and discovery starts over. What could be the problem?

    1. I haven’t seen that error message before. Is the other AP running ME code? You may want to create a thread on the Cisco Community forums.

      1. Driver28 says:

        Hi!

        Thanks for answering. I talked to a product specialist and he thought it has to do with the ap having ME image and not a thin capwap image on and gave me the capwap image to flash it with. But it feels weird since I am supposed to. E able to have controller failover and how is that supposed to work if I can’t have two ME apps working together?

      2. Driver28 says:

        Hi!

        Turned out to e the switch! It was an old L2 1GB switch. replaced it with a new L3 switch and BOOM! they were talking just fine.

        1. That doesn’t make any sense. How much power was the L2 switch providing? Is the L3 switch port configured the same as the L2 switch port?

          1. Driver28 says:

            I use power injectors since none of the switches are PoE. I figured the new one needn’t PoE since I already had injectors. On the Cisco setup instruction page it actually states “L3 discovery process” which I just noted in passing since this is a single subnet. Maybe there is more to that sentence than I thought…. it just worked instantly. As I logged in to the controller the second AP was just there and it had beeen disconnected since my last visit.

  6. Ludge says:

    Hey !
    Thanks for ur help to configure Mobility Express.
    But I get some error when I try to configure my Cisco AIR-AP1852I-A-K9.
    After the wizard and the first reboot, I don’t see my SSID and on my CLI have “Config not synced to APs since no AP is present”
    My version of EM 8.3.102.0.
    Have you ever seen that ?
    Thanks

  7. Ricardo says:

    Please check capwap ip address is the same network of IP you set to controller, and set time.

  8. Muhammad Zubair says:

    Hello

    i have one query, let say i want my old APs which are 1700 to join the controller, currently they are working as standalone, so for that i have to change the IOS than it will join mobility express controller.
    now if i want one ssid to broadcast only on particular set of Aps let say SSID-Management than is it possible with this ?

  9. bella says:

    Cisco 200-125 is easy to pass by our testified 200-125 vce test questions answers. We provide you latest 200-125 vce and 200-125 dumps.

Leave a Reply to Rowell Dionicio Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.


[gravityforms id=16 title=false description=false]
<div class='gf_browser_unknown gform_wrapper gravity-theme' id='gform_wrapper_16' ><form method='post' enctype='multipart/form-data' id='gform_16' action='/deploying-cisco-mobility-express/?replytocom=1196' > <div class='gform_body gform-body'><div id='gform_fields_16' class='gform_fields top_label form_sublabel_below description_below'><fieldset id="field_16_1" class="gfield gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible" ><legend class='gfield_label gfield_label_before_complex' >Name<span class="gfield_required"><span class="gfield_required gfield_required_text">(Required)</span></span></legend><div class='ginput_complex ginput_container no_prefix has_first_name no_middle_name no_last_name no_suffix gf_name_has_1 ginput_container_name' id='input_16_1'> <span id='input_16_1_3_container' class='name_first' > <input type='text' name='input_1.3' id='input_16_1_3' value='' aria-label='First name' aria-required='true' placeholder='First Name' /> <label for='input_16_1_3' >First</label> </span> </div></fieldset><div id="field_16_2" class="gfield gfield--width-full gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible" ><label class='gfield_label' for='input_16_2' >Email<span class="gfield_required"><span class="gfield_required gfield_required_text">(Required)</span></span></label><div class='ginput_container ginput_container_email'> <input name='input_2' id='input_16_2' type='text' value='' class='large' placeholder='Business email address' aria-required="true" aria-invalid="false" /> </div></div><fieldset id="field_16_3" class="gfield gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible" ><legend class='gfield_label gfield_label_before_complex' >Consent<span class="gfield_required"><span class="gfield_required gfield_required_text">(Required)</span></span></legend><div class='ginput_container ginput_container_checkbox'><div class='gfield_checkbox' id='input_16_3'><div class='gchoice gchoice_16_3_1'> <input class='gfield-choice-input' name='input_3.1' type='checkbox' value='I consent to the processing and sharing with partners of the personal data that I provide Packet 6 for this activity in accordance with and as described in the &lt;a href=&quot;https://packet6.com/privacy-policy&quot; target=&quot;_new&quot;&gt;Privacy Policy&lt;/a&gt;' id='choice_16_3_1' /> <label for='choice_16_3_1' id='label_16_3_1'>I consent to the processing and sharing with partners of the personal data that I provide Packet 6 for this activity in accordance with and as described in the <a href="https://packet6.com/privacy-policy" target="_new">Privacy Policy</a></label> </div></div></div></fieldset><div id="field_16_4" class="gfield gform_validation_container field_sublabel_below field_description_below gfield_visibility_visible" ><label class='gfield_label' for='input_16_4' >Email</label><div class='ginput_container'><input name='input_4' id='input_16_4' type='text' value='' /></div><div class='gfield_description' id='gfield_description_16_4'>This field is for validation purposes and should be left unchanged.</div></div></div></div> <div class='gform_footer top_label'> <input type='submit' id='gform_submit_button_16' class='gform_button button' value='Get the report' onclick='if(window["gf_submitting_16"]){return false;} window["gf_submitting_16"]=true; ' onkeypress='if( event.keyCode == 13 ){ if(window["gf_submitting_16"]){return false;} window["gf_submitting_16"]=true; jQuery("#gform_16").trigger("submit",[true]); }' /> <input type='hidden' class='gform_hidden' name='is_submit_16' value='1' /> <input type='hidden' class='gform_hidden' name='gform_submit' value='16' /> <input type='hidden' class='gform_hidden' name='gform_unique_id' value='' /> <input type='hidden' class='gform_hidden' name='state_16' value='WyJbXSIsImY4MGVlNTA5MGVjMWYzYzU5NzUyOGFhOWE3ZGFiMzRlIl0=' /> <input type='hidden' class='gform_hidden' name='gform_target_page_number_16' id='gform_target_page_number_16' value='0' /> <input type='hidden' class='gform_hidden' name='gform_source_page_number_16' id='gform_source_page_number_16' value='1' /> <input type='hidden' name='gform_field_values' value='' /> </div> </form> </div>