In this post we will see how to set up Cisco 702W Access Point with WLC running 8.0.100.0 code. Also we will look at QoS treatment of this AP for the devices connected to it (wired/wireless). It is a 2 Spatial Stream (2×2:2) 802.11n AP & feature comparison available via this link.
This AP is target for K1-12 classroom or college dorm rooms & smaller venues. It has 4×10/100/1000Mpbs Ethernet ports where you can plug wired devices & assign them to different vlans (feature introduced in 8.0 code). One of these ports will be POE out where you can power additional PoE devices (like phone, camera, etc). So here is the topology I am using in this post where Cisco 8961 phone is powered from this AP.
If you want to connect any PoE device from PoE out port (#4) of this AP, then you have to power 702W from PoE+(802.3at) capable switch port. Here is the power usage when 8961 is connected to the 702W.
3850-1#show power inline gigabitEthernet 1/0/10 detail Interface: Gi1/0/10 Inline Power Mode: auto Operational status: on Device Detected: yes Device Type: cisco AIR-CAP702W-Z IEEE Class: 4 Discovery mechanism used/configured: Ieee and Cisco Police: off Power Allocated Admin Value: 30.0 Power drawn from the source: 22.1 Power available to the device: 22.1 Actual consumption Measured at the port: 11.4 Maximum Power drawn by the device since powered on: 11.6 Absent Counter: 0 Over Current Counter: 0 Short Current Counter: 0 Invalid Signature Counter: 0 Power Denied Counter: 0 Power Negotiation Used: CDP LLDP Power Negotiation --Sent to PD-- --Rcvd from PD-- Power Type: - - Power Source: - - Power Priority: - - Requested Power(W): - - Allocated Power(W): - - Four-Pair PoE Supported: No Spare Pair Power Enabled: No Four-Pair PD Architecture: N/A
Like any other AP you can plug this to your network & let is discover a WLC to join (DNS, DHCP Option 43, static, etc). Only difference is you will configure the switchport as a trunk port instead of access port. This is due to you will pass through multiple vlan to this AP & assign different access vlans to wired Ethernet ports. So here is my 702W & 7965 Phone connected 3850 switch port configuration. Note that AP management to be on native vlan.
interface GigabitEthernet1/0/10 description 702W-G0 switchport trunk native vlan 1600 switchport trunk allowed vlan 13,960,998,1600 switchport mode trunk end ! interface GigabitEthernet1/0/11 switchport access vlan 13 switchport mode access switchport nonegotiate switchport voice vlan 960 spanning-tree portfast
Once AP registered you your WLC, you can check the AP settings using “show ap config general <AP_Name>” CLI command as shown below.
(5508-1) >show ap config general 702W Cisco AP Identifier.............................. 6 Cisco AP Name.................................... 702W Country code..................................... AU - Australia Regulatory Domain allowed by Country............. 802.11bg:-A 802.11a:-NZ AP Country code.................................. AU - Australia AP Regulatory Domain............................. 802.11bg:-A 802.11a:-Z Switch Port Number .............................. 1 MAC Address...................................... e4:c7:22:b7:d6:c8 IP Address Configuration......................... DHCP IP Address....................................... x.x.32.40 IP NetMask....................................... 255.255.254.0 Gateway IP Addr.................................. x.x.33.250 NAT External IP Address.......................... None CAPWAP Path MTU.................................. 1485 Telnet State..................................... Globally Disabled Ssh State........................................ Globally Disabled Cisco AP Location................................ default location Cisco AP Floor Label............................. 1398831131362 Cisco AP Group Name.............................. LTU-APG1 Primary Cisco Switch Name........................ 5508-1 Primary Cisco Switch IP Address.................. x.x.33.1 Secondary Cisco Switch Name...................... Secondary Cisco Switch IP Address................ Tertiary Cisco Switch Name....................... Tertiary Cisco Switch IP Address................. Not Configured Administrative State ............................ ADMIN_ENABLED Operation State ................................. REGISTERED Mirroring Mode .................................. Disabled AP Mode ......................................... Local Public Safety ................................... Disabled AP SubMode ...................................... Not Configured Remote AP Debug ................................. Disabled Logging trap severity level ..................... informational Logging syslog facility ......................... local7 S/W Version .................................... 8.0.100.0 Boot Version ................................... 15.3.2.4 Mini IOS Version ................................ 0.0.0.0 Stats Reporting Period .......................... 180 Stats Collection Mode ........................... normal LED State........................................ Enabled PoE Pre-Standard Switch.......................... Disabled PoE Power Injector MAC Addr...................... Disabled Power Type/Mode.................................. PoE/Full Power Number Of Slots.................................. 2 AP Model......................................... AIR-CAP702W-Z-K9 AP Image......................................... C702-K9W8-M IOS Version...................................... 15.3(3)JA$ Reset Button..................................... Enabled AP Serial Number................................. KWC1741002I AP Certificate Type.............................. Manufacture Installed AP User Mode..................................... AUTOMATIC AP User Name..................................... AP Dot1x User Mode............................... Not Configured AP Dot1x User Name............................... Not Configured Cisco AP system logging host..................... AP Up Time....................................... 0 days, 00 h 31 m 40 s AP LWAPP Up Time................................. 0 days, 00 h 30 m 21 s Join Date and Time............................... Fri Sep 26 14:42:28 2014 Join Taken Time.................................. 0 days, 00 h 01 m 18 s Memory Type...................................... DDR3 Memory Size...................................... 86016 KBytes CPU Type......................................... MIPS74k CPU at 560Mhz, revision number 0x0000 Flash Type....................................... Onboard Flash Flash Size....................................... 128256 KBytes GPS Present...................................... NO Ethernet Vlan Tag................................ Disabled Ethernet Port Duplex............................. Auto Ethernet Port Speed.............................. Auto AP Link Latency.................................. Disabled Rogue Detection.................................. Enabled
Once AP register to WLC, you can go to AP & change wired port details either from GUI or CLI. I have configure port#4 for vlan 960 where my 8961 phone connected (that is the only port provide POE) . Also enable port#1 & port#2 for vlan 960 & vlan 13 as well.
You can enable LED status & check POE status from the advance tab of the AP.
If you want to do these configuration via CLI, you can do that as well. LED indicator will help to identify whether AP is powered or not.
(5508-1) >config ap led-state ? disable Disables the LED-State for an AP enable Enables the LED-State for an AP flash Configure the LED-flash for an AP (5508-1) >config ap led-state enable 702W
Here is how you can change wired Ethernet port vlan assignment.
(5508-1) >config ap lan ? port-id Port Id range (1 - 4) enable Enables VLAN support on LAN ports. disable Disables VLAN support on LAN ports. (5508-1) >config ap lan port-id ? <port-id> Enter the LAN port (1-4) (5508-1) >config ap lan port-id 1 ? enable Enable LAN port. disable Disable LAN port. (5508-1) >config ap lan port-id 1 enable ? <Cisco AP> Enter the name of the Cisco AP. (5508-1) >config ap lan port-id 1 enable 702W (5508-1) >config ap lan enable ? access Enable/Disable Access VLAN support on LAN ports (5508-1) >config ap lan enable access ? vlan Enable/Disable Access VLAN support on LAN ports (5508-1) >config ap lan enable access vlan ? <vlan-id> Vlan Id range (2 - 4094) (5508-1) >config ap lan enable access vlan 960 ? <port-id> Port Id range (1 - 4) (5508-1) >config ap lan enable access vlan 960 1 ? <Cisco AP> Enter the name of the Cisco AP. (5508-1) >config ap lan enable access vlan 960 1 702W (5508-1) >config ap lan port-id 2 enable 702W (5508-1) >config ap lan enable access vlan 13 2 702W (5508-1) >config ap lan port-id 4 enable 702W (5508-1) >config ap lan enable access vlan 960 4 702W
Once you do this your wired devices will get an IP from the vlan you allocated. Everything works. 🙂 Let’s do some packet inspection to see how 702W handle different type of traffic.
First look at a call between 8961 & 7965. As you can see below 702W does not map DSCP values to dot1Q header & both SIP & RTP traffic will have “802.1Q Priority value 0” in dot1q header.
Here is SIP packet coming from 8961 (x.x.10.140) phone connected to 702W.
Here is a RTP packet coming from the 8961 (x.x.10.140) phone & you can see it is “Best Effort” in 802.1q header even though DSCP EF in IP headers.
On the other hand you can see RTP traffic from 7965 (x.x.10.203) goes to 702W with correct 802.1q marking of 5. Will this priority value preserve when it goes to phone ? I doubt, based on the above (haven’t capture that traffic to verify)
In summary, all Ethernet port connected devices traffic will be set to “Best Effort or 802.1q priority 0” by 702W.
Now let’s see how wireless traffic treated by 702W. I have configured my SSID with platinum profile. Since 702W is 802.11n 2×2 AP iPhone6 connected in 802.11n data rates (MCS 7 or 150 Mbps in this case).
Here is the SIP traffic coming from Jabber client running on iPhone6 .As you can see phone is not marking that in wireless frame UP values & come as “0- Best effort” . Based on this UP value AP will set the CAPWAP header outer DSCP value.
Here is the RTP traffic coming from the iPhone6 Jabber client. This traffic will get UP value of 5 – Video in wireless header.
In typical CUWN setup, AP will map this UP value onto outer capwap header. If you capture the G1/0/10 traffic you can see how those values are coming. In SIP traffic since UP=0, outer DSCP will be 0x00.
Here is the RTP traffic & you can see outer CAPWAP set to AF41 as UP values coming from iPhone6 with value of 5-Video. Still 802.1Q priority is 0 😯
Here is CAPWAP traffic coming from the AP. As expected all comes with CS6 in CAPWAP header, but still 802.1q priority is 0 😯
Since all different type of traffic come with same 802.1q priority value of 0, those traffic treated similary by 3850 switch (by default trusting COS/802.1q priority on trunk ports)
If you look at wireless downstream traffic you will see something like this. Here is the RTP traffic goes to 702W (sniffing at g1/0/10). Traffic goes to 702W with proper QoS marking (802.1q priority 5 & internal DSCP EF)
You would think the above frame should go to wireless media with UP value of 6 (or at least 5) as voice or video. But it goes as UP-0 Best Effort. 😯
So bottom line is you cannot prioritized voice/video traffic (either wired or wireless) in this 702W . Cisco may improve this in future code releases. But keep in mind this is the chapest model of AP on their offering & not sure it will fulfill what you rquire in an enterprise environment 🙂
References
1. Cisco 702W Access Point Deployment Guide
mrn-cciew 
One question, we are using LWAP and in this case, APs reboot, and get their config from the WLC. If we are looking at configuring a port on 702W as a trunk for a cisco phone on a separate vlan (and POE) do you think we’d be able to pass these config changes, and have the port config be persistent across reboots, or would we need to reconfig each AP we add each time?
Yes 702w port config will persist after a reload.
Really great to hear, thanks for the quick reply. BTW excellent writeup!
Thanks David…
Hello Dear
I WLC (5508) 7.6.120.0 / ap 702W / Cisco IP Phone 7800 Series
am connecting follows:
– Cable lan —> AP port 1
– IP phone —-> port 4 AP
Configuration on the switch:
– Access is configured as AP register with WLC
– Configured as trunk: AP is not registered on the WLC.
Grateful for your help.
Hi Armando,
Which vlan is native vlan on the trunk configured for AP. It should be AP management vlan.
Try to test this with 8.0 code as that support vlan tagging & you can put your phone & AP on to two different vlan. 7.6 code does not suppport that
HTH
Rasika
Thank you for your help.
No worries.. 🙂
Hi Rasika,
Have you deployed these in college dorms or anything similar? I read that this model will not really support more than 8-10 associations in a real world scenario, and I’m discussing using this model in dorm suites in which there could likely be several dozen devices. I think I’d prefer the 1600 series or possibly 2702 for higher density areas, plus I have no need for the 4 RJ-45 ports in this case. What do you think?
Hi Phil,
No, just used as a trial in our test environment. So haven’t got any client loads during my testing.
If you do not require RJ45 ports, then 1700/2700 is the way to go
HTH
Rasika
hi navarasi,
Did you use Power Injector for 702W? I have POE+(802.3at) supplied from my switch to the 702W but i still got medium power from 702W and i cant use the POE Out 4 if i rely on the Power from 802.3at cable from switch.
My layout design is similar to yours. im just asking if you use power injector in your 702W.
Configuration:
Switch: HP 1910 POE+ 24port
Controller: Cisco 2504 WLC
Access Point: AIR-CAP702W-A-K9
AP Version: 7.6.100.120
I haven’t used a power injector, simply connected it to a 3850 switch.
HTH
Rasika
Hi,
I would like to know if there is already a possibility to use these 702W APs as the successors of the 602OEAP. It seems rather odd that Cisco has the 602OEAP EoS and no AP with comparable features for the purpose of remote workers/ Home offices. Have you had any chance to check this or get your hands on a work-around?
Hi Patrick,
At this stage 702W cannot work as OEAP, not sure whether Cisco integrate that feature to 702W model.
I know certain regulatory domain, 602 make EoS without any replacement product.
Unless you required wired ethernet ports at Home office, you can use a standard AP convert to Office Extend as alternative.(only wireless client can connect in that scenario)
HTH
Rasika
If you need one wired ethernet and no poe, the 2700i is an option as it has two ethernet ports.
I use 702w connected to the cisco ipphone, but will reboot constantly, will have encountered such a situation?
What is the WLC software version ?
Hi Sir,
Would like to ask if there are anti loop commands in the 702w? any BPDU guard filter?
For example,
Port 1 – 4 of the AP switchport is configured with the same VLAN, then some non technical person patch a UTP cable on port 1 connecting to port 2. Does Cisco have antiloop mechanism on the AP?
Appreciate your reply sir. 🙂
I do not think. Probably test with 8.1 code and see any behavior difference.
Hopefully Cisco will improve 702W functionality in future releases.
HTH
Rasika
Hi Sir,
May I know how can we hard reset or restore to factory default settings the 702w AP. It cannot join the controller when we configured VLAN TAGGING under its Wireless>APname>Advanced Tab
Great article Rasika 🙂
Have you been able to do any further testing with the later revision ‘Software Version 8.0.120.0’ or above?
– I am particularly interested in if the mapping of the DSCP values to dot1Q headers are still not correct.
– And also if you know of anyway to apply Port Security to the 4 x LAN ports on the 702W’s
No Jamie, I haven’t done further testing. I am hoping to do testing on QoS in 8.0.x code and will do some post in future.
I am not sure 702W ports can do port security. May be in future software releases of AireOS support it.
HTH
Rasika
Does anyone know if is a known SNMP OID or MIB for setting the VLAN on the ethernet ports on the 702W using SNMP to the controller? The alternative for me is to sniff traffic between the controller and Cisco Prime and see if I can capture how Cisco Prime does it.
Hi Rasika
i just confused when saw your AP on local mode. how will it decapsulate the packet locally. i think it should deliver data packet to WLC (inside CAPWAP tunnel).
if i’m right, in this case there is no need to set switch port to trunk. unless we change mode to flex
just to add small hint into your big value blog. this model had been designed for hospitality market to compete who is the best in this section “Ruckus”
All wireless traffic will be CAPWAP back to WLC. All wired port vlans are locally terminated.
Regarding product comparison, I will leave your comment, so readers can decide 🙂
HTH
Rasika