Cisco has released Cisco Mobility Express aimed toward the SMB market. In a move that positions this solution in between Meraki and the enterprise controller-based models.
In going through the installation, it appears to be aimed at someone less technical or for the systems administrator that needs to quickly deploy a small wireless network.
In my lab, I have two Cisco 1832I access points which is required for Cisco Mobility Express. I will go through deploying Cisco Mobility Express in a network and demonstrate how easy it is to set up.
Keep in mind, wifi deployment involves proper planning. There is an assumption of some wifi and networking knowledge when configuring Cisco Mobility Express and as such, I highly recommend you read my previous posts on wireless planning and deployment.
What Encompasses Cisco Mobility Express?
There are only two types of controllers (Master APs), they are the Aironet 1850 and 1830. In my lab I have 1832I APs.
Supported APs in this model (subordinate APs) include the following Aironet models:
This network can pack quite the punch in terms of access point models. Especially, for external antenna needs I find this appealing. To include these access points in Cisco Mobility Express, you will have to download the correct image and install it on the access point.
What Are The Restrictions?
Currently, running version 22.214.171.124, you can only support up to 25 APs and 500 clients. Truly only supporting SMBs but the system is built with room to grow. When you need more capacity, these APs (meaning the 1800s) can be converted into lightweight APs to be joined to a controller.
Cisco Meraki or Cisco Mobility Express?
Probably the question on everyones mind right? It looks like Mobility Express competes with Meraki. In my opinion, they do. But they differ.
With Meraki, you get a controller in the cloud. Management is very simple. You pay for an AP and you pay for a license per AP for management. The dashboard is updated frequently with new features.
Mobility Express differs in that you are only paying for the AP. There is no license for the management portion. Some people like that. I even find that you have more control over the wireless network with Mobility Express, as we’ll see in this post and upcoming posts.
Configuring the Cisco 1800 access point is as easy as plugging it in and waiting for the SSID, CiscoAirProvision, to appear.
Once the SSID is up, authenticate and associate to it using the default password of password.
The SSID is provisioned on the 2.4 GHz spectrum and it automatically selects a channel.
The default IP address of the AP is 192.168.1.1. Browse to the web interface of this IP address to initiate the configuration wizard.
Once that page is open, begin by creating an admin username and password.
The next step is to set up the controller. Fill in the details. The installation is supposed to be simple but you will need to know your network details.
Next step is to configure wireless for your internal and guest networks.. Provide a network name and select your security. You have the option of using WPA2 Personal or WPA2 Enterprise. You can also be brave and use Open. Set the VLAN for each wireless network.
When configuring WPA2 Enterprise you have the option to configure your authentication servers.
Again, as simple as it is to set up, you still need to know networking. It doesn’t help much to place your Employee Network and Guest Network on the same VLAN. It also doesn’t help to place both networks on different VLANs that can still communicate with each other.
The next step is to configure your RF Parameter Optimization. This step will ask the basic question of Client Density and in the back-end it will configure RF per the defaults built into the system.
You also have the option of selecting your traffic type of Data and Data + Voice.
Cisco defines what Low, Typical, and High is with a table:
In the next page you are asked to confirm your settings before applying. Once you confirm, the controller will apply the settings and reboot.
And when the AP comes back from reboot:
Log Into Cisco Mobility Express Controller
We now have success. We can log into the web GUI by typing in the URL of the management IP address you configured during setup.
You are placed right into the Network Summary tab. Right away you see the new GUI. The new GUI stays throughout all configuration options. What I like best about this GUI is being able to see the status of your network and various clients quickly. It's a fresh look that I can get used to as long as I can fine tune my wireless network.
Modifying Your WLAN
There are a few settings you can modify for your WLAN. Those would be your Radio Policy, Firewall (which is rule-based. No layer 7 rules), and QoS settings.
Modifying Your Access Points
You get a lot more options in configuring your wireless network when you view the access point settings. Any changes to the access point or master controller will cause a short outage as it disables the wireless network and applies the new settings.
You have the option to easily modify the radio settings of the access point. Enable/disable 2.4 and 5 GHz frequencies, set your channel width, and set your transmit power settings.
It's straight forward to configure. For channel width you can go up to 80 MHz. No option to go 160 MHz, not even in command-line.
The access point summary tab provides a quick overview of your 2.4 and 5 GHz APs. Quickly see the usage, what channel is being used and how many clients are on that AP. To see more details, click the AP you want to view.
Viewing details of an access point appears to have an influence of Meraki look and feel. What do you think?
You can perform some simple RF troubleshooting from the view of an access point. These access points support a version of Clean Air. Currently, I have not dived into the extent of what and how much information it will provide.
You can view a summary of your clients too, of course.
Here's a more detailed look at a client. An easy way of viewing its uptime, which AP it is connected to, signal strength and capabilities. Additionally, you will notice that you can view what applications are being used via Cisco Application Visibility and Control (AVC).
Taking a look at a few troubleshooting tools and information, Cisco Mobility Express will provide a general overview of channel utilization, client load, and interference. With this information you can drill into specific access points and into specific clients. Visual indicators are used a lot here and you can view these graphs in 2.4 GHz or 5 GHz frequencies.
In addition to the performance from the access points you can see performance of the clients such as signal strength, data rates, and signal quality.
And if you don't know where to begin, you can have a best practice compared to your current configuration. This is similar to what you can find on the controller-based version.
Adding New Access Points
If the image is the same version as the one running on the master AP then the AP joins the Master AP.
Plug in the new AP and ensure it acquires a DHCP address.
Surprisingly, AP just joined my master controller because it is on the same subnet? I'm not entirely sure yet but I'll have to do a packet capture. I would expect some way to control which access point gets added to the system.
The first AP to come up in the Cisco Mobility Express Network is obviously the Master Controller. When multiple APs come up, the election is based on highest priority.
There are three methods for election:
- User Defined
- Least Client Load
- Lowest MAC Address
Testing the failover of the master controller was not as graceful as I'd like it to be. As a client on the wifi network, it took a while for the second AP to become the master and it took a moment for my laptop to associate with the second access point which was in the same room. I'll be performing some wireless testing to get more details on this process.
You do have the option to configure Mobility Express via CLI. It's very similar to configuring a controller via CLI. You will find options you can configure using CLI which are not shown in the GUI but I'll leave that for another day. All you need to know for now is that you can configure many, if not all, of the settings you see in the GUI using command-line and more.
Cisco Mobility Express is a great option for the SMB. It's simple to set up and get going quickly with a wireless network. You don't have to deal with recurring licensing cost as you do with Meraki for management.
A benefit with Mobility Express is that you can turn the 1800 series access points into lightweight APs when you grow and move towards the controller-based model.
The software between Mobility Express and Cisco's controllers are very similar giving the network administrator the familiarity of the system and configuration.
Just because Cisco, and other vendors, have made it easier to setup and deploy wireless networks doesn't mean we have to forget the fundamentals here. One must still know about proper coverage and capacity planning.
With that said, Cisco Mobility Express is an excellent option for small and medium sized businesses with room for growth.
Do you have any questions? Let me know in the comments below.
23 thoughts on “Cisco Mobility Express – How To Deploy”
Great info here.
What would we be missing out on going with 1850 mobility express vs 2504 controller.
Also, is there a special LW image that needs to be loaded on autonomous APs for them to work in slave mode with 1850 Controller?
You’re still fairly limited with the amount of features compared to a 2504 controller. There is a specific image that has to be placed on these APs in order for them to join the 1850 controller AP.
If you need extensive control and monitoring then I would suggest going with a 2504 controller.
The 1850 is really meant for small businesses.
Would there be a way to dedicate a 1850 as controller only and not serve clients ?
I believe so. You could simply disable the 2.4 and 5 GHz radios.
Have you tried EAP-TLS using Win NPS or Cisco ISE?, If it so, how do you configure it?. Is there any option to configure the Authentication + Accounting Server?
I have done it with Windows NPS previously. I was actually thinking about doing a topic on that.
I’ll have to look into it specifically with Cisco Mobility Express to compare the differences to a full featured controller-based installation.
How hard was it to configure with NPS? Do have any resource you are willing to share?
Depends on your familiarity with Windows but it’s not terribly difficult. Here’s a document from the Cisco forums: https://supportforums.cisco.com/document/103601/configuring-microsoft-nps-network-policy-server-internet-authentication-serviceias
Are you able to configure timeout for guest network using this mobility express? I mean timeout for guest to be authenticated using different username and password after certain of time, let say 1 hour.
Can we deploy this mobility express with 1 AP only? To deploy like an autonomous AP?
Let me find out this weekend if I can configure a timeout on the guest SSID. You’re able to deploy it with one AP. That’s how I set it up for this demo.
Ok, thanks Rowell!
so did you manage to find this out ?
Sorry for not getting back sooner. You should be able to configure a session timeout using the CLI:
(Cisco Controller) >config wlan session-timeout 1 ?
The duration of session in seconds (0 = infinity is true only for open system).
First, identify the WLAN ID with: show wlan summary
Then use that ID to configure the session-timeout. If my test WLAN had an ID of 1 and I wanted a session timeout of 500 seconds I would use:
config wlan session-timeout 1 500
I have just gotten 2 1832is and I can’t get one to discover the other. ap1 is st up as a controller and ap2 is joined to the same subnet. I can see discovery taking place in the console of AP2 but is doesn’t join. it gets interrupted and I get BAD TLC ENTRY and A packet caused a disconnect and discovery starts over. What could be the problem?
I haven’t seen that error message before. Is the other AP running ME code? You may want to create a thread on the Cisco Community forums.
Thanks for answering. I talked to a product specialist and he thought it has to do with the ap having ME image and not a thin capwap image on and gave me the capwap image to flash it with. But it feels weird since I am supposed to. E able to have controller failover and how is that supposed to work if I can’t have two ME apps working together?
Turned out to e the switch! It was an old L2 1GB switch. replaced it with a new L3 switch and BOOM! they were talking just fine.
That doesn’t make any sense. How much power was the L2 switch providing? Is the L3 switch port configured the same as the L2 switch port?
I use power injectors since none of the switches are PoE. I figured the new one needn’t PoE since I already had injectors. On the Cisco setup instruction page it actually states “L3 discovery process” which I just noted in passing since this is a single subnet. Maybe there is more to that sentence than I thought…. it just worked instantly. As I logged in to the controller the second AP was just there and it had beeen disconnected since my last visit.
Thanks for ur help to configure Mobility Express.
But I get some error when I try to configure my Cisco AIR-AP1852I-A-K9.
After the wizard and the first reboot, I don’t see my SSID and on my CLI have “Config not synced to APs since no AP is present”
My version of EM 126.96.36.199.
Have you ever seen that ?
Please check capwap ip address is the same network of IP you set to controller, and set time.
i have one query, let say i want my old APs which are 1700 to join the controller, currently they are working as standalone, so for that i have to change the IOS than it will join mobility express controller.
now if i want one ssid to broadcast only on particular set of Aps let say SSID-Management than is it possible with this ?
Cisco 200-125 is easy to pass by our testified 200-125 vce test questions answers. We provide you latest 200-125 vce and 200-125 dumps.