CISCO Aironet 4800 Series Access Points User Guide

GETTING STARTED GUIDE
Cisco Aironet 4800 Series Access Points

Aironet 4800 Series Access Points

First Published: April 28, 2018
Last Updated: December 14, 2021
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The following information is for FCC compliance of Class A devices: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio-frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference, in which case users will be required to correct the interference at their own expense.
The following information is for FCC compliance of Class B devices: This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If the equipment causes interference to radio or television reception, which can be determined by turning the equipment off and on, users are encouraged to try to correct the interference by using one or more of the following measures:
■ Reorient or relocate the receiving antenna.
■ Increase the separation between the equipment and receiver.
■ Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.
■ Consult the dealer or an experienced radio/TV technician for help.
Modifications to this product not authorized by Cisco could void the FCC approval and negate your authority to operate the product.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved.
Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE- NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE  HIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
All printed copies and duplicate soft copies are considered un-Controlled copies and the original on-line version should be referred to for latest version.
Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco website at www.cisco.com/go/offices.

About this Guide

This guide provides instructions on how to install your Cisco Aironet 4800 series access points and provides links to resources which can help you configure the access point. This guide provides mounting instructions and limited troubleshooting procedures.
The 4800 series access point is referred to as access point or AP in this document.

About the Access Point

The Cisco Aironet 4800 Series wireless access points provide 802.11ac Wave 2 with Multi User MIMO (MU MIMO). This AP series offers integrated antenna options, with a dedicated 5 GHz radio and a flexible radio that can be configured as a 2.4 GHz radio (default) or as an additional 5 GHz radio. In addition to this flexible (client serving) radio, there is a second flexible radio specifically for hyperlocation, analytics, and monitoring. This AP supports a greater overall High Density Experience (HDX) which provides mission-critical wireless to meet your performance needs. The AP supports full interoperability with leading 802.11ac clients, and supports a mixed deployment with other APs and controllers.
A full listing of the access point’s features and specification are provided in the Cisco Aironet 4800 Series Access Point Data Sheet, at the following URL:
https://www.cisco.com/c/en/us/products/collateral/wireless/aironet-4800 -access-point/nb-09-air-4800-acces-ds-cte-en.html
Access Point Features
The 4800 series access point is a wireless controller-based product and supports:

• Integrated antennas including built-in Hyperlocation antenna array containing 16 antenna elements designed for angle-of-arrival (AoA) technology, capable of <3m location accuracy on Wi-Fi.
  The ‘x’ in the model numbers represents the regulatory domain. For information on supported regulatory domains, see the“AP Model Numbers and Regulatory Domains” section on page 6.

• Three radios, where two are standard and the third is a listen-only, 0x4 radio. The third radio in listen-only mode allows the AP to perform analytics, Hyperlocation, and Wireless Security Monitoring (WIPS and WIDS) while the two primary radios continue to serve clients.

• Flexible Radio Assignment, allowing for either manual configuration or for the APs to intelligently determine the operating role of the integrated radios based on the available RF environment. The AP can operate in the following modes:
  — 2.4 GHz and 5 GHz role, where one radio serves clients in 2.4 GHz mode, while the other serves clients in 5 GHz mode.
  — Dual 5 GHz radio with both radios operating in the 5 GHz band, actively serving client devices to maximize the benefits of 802.11ac Wave 2 and to increase client device capacity.
  — Wireless Security Monitoring and 5 GHz role, where one radio serves 5 GHz clients, while the other radio scans both 2.4 GHz and 5 GHz for wIPS attackers, CleanAir interferers, and rogue devices.

• Multigigabit Ethernet (mGig) support providing multiple Gigabit uplink speeds of 2.5 Gbps and 5 Gbps in addition to 100 Mbps and 1 Gbps speeds. All speeds are supported on Category 5e cabling, as well as 10GBASE-T cabling.

• Multiuser Multiple-Input Multiple-Output (MU-MIMO) technology with 3 spatial streams.

• MIMO equalization capabilities, which optimize uplink performance and reliability by reducing the impact of signal fade.

• Cross-AP Noise Reduction, a Cisco innovation that enables APs to intelligently collaborate in real time about RF conditions so that users connect with optimized signal quality and performance.

• Optimized AP Roaming for ensuring that client devices associate with the AP in their coverage range that offers the fastest data rate available.

• Cisco CleanAir technology enhanced with 160MHz channel support. CleanAir delivers proactive, high-speed spectrum intelligence across 20-, 40-, and 80-, and 160-MHz-wide channels to combat performance problems arising from wireless interference.

• Analytics capabilities providing event-driven real-time data captures with real-time visibility into Cisco DNA Center and potential third party analytics

• Advanced location features

• Built-in BLE radio capable of BLE TX/RX

• Built-in compass to assist CMX/Cisco Prime Infrastructure

• Cisco Prime Infrastructure support to address full location planning and serviceability tool as well as additional Hyperlocation mapping enhancements
  The AP supports the following operating modes:

• Local—This is the default mode for the Cisco AP. In this mode, the AP does not serve clients.

• Flexconnect—Flexconnect mode for the Cisco AP.

• Monitor—This is the monitor-only mode for the Cisco AP.

• SE-connect—Spectrum expert-only connect mode allows the AP to perform spectrum intelligence.

• Sensor—Sensor mode for the Cisco AP.
  The AP can only be configured to Sensor mode if it is an external antenna AP with no DART connected.
  However, for external antenna APs with DART connected or internal antenna APs, only the dual-band radio can be set to Sensor role. The dual-band radio can operate as a sensor on both the 2.4 GHz and 5 GHz bands. This allows the other radio to serve clients or perform other operations on 5 GHz.

• Sniffer—In the wireless sniffer mode, the AP starts sniffing the air on a given channel. It captures and forwards all the packets from the clients on that channel to a remote machine that runs Airopeek or Wireshark (packet analyzers for IEEE 802.11 wireless LANs). This includes information on the time stamp, signal strength, packet size, etc.
  In the sniffer mode, the server to which the data is sent should be on the same VLAN as the wireless controller management VLAN otherwise an error will be displayed.

• Security—Security mode for the Cisco AP.

• Hyperlocation—Hyperlocation mode for the Cisco AP.

AP Model Numbers and Regulatory Domains

Access Point for indoor environments, with internal
antennas| AIR-AP4800-x-K9|  Dual-band, controller-based 802.11a/g/n/ac
AIR-AP4800-x-K9C
AIR-AP4800-B-K9++

You need to verify whether the AP model you have is approved for use in your country. To verify approval and to identify the regulatory domain that corresponds to a particular country, visit http://www.cisco.com/go/aironet/compliance. Not all regulatory domains have been approved. As and when they are approved, this compliance list will be updated.
Antennas and Radios
The 4800 series access point contains a dedicated 5 GHz radio and a flexible radio that can be configured as a 2.4 GHz radio (default) or as an additional 5 GHz radio. The 4800 series access point configurations are:

• AIR-AP4800-x-K9—One 2.4 GHz/5 GHz flexible radio, one 5 GHz radio, and one special analytics radio.
• AIR-AP4800-x-K9C—One 2.4 GHz/5 GHz flexible radio, one 5 GHz radio, and one special analytics radio.
• AIR-AP4800-B-K9++—One 2.4 GHz/5 GHz flexible radio, one 5 GHz radio, and one special analytics radio.

Internal Antennas
The 4800 series access point has 25 integrated antennas that perform the following functions:

• Four dual band 2.4/5 GHz (macro-cell) antennas for wide are client coverage

• Four single band 5 GHz (micro-cell) antennas for High Density and dual 5 GHz client coverage

• One Bluetooth antenna used for beaconing
  The 16 element antenna array (below) handles the BLE on receive.

• One 16 element antenna array (dual and single band antennas) used for WLAN analytics, client location, Wireless Security Monitoring, and Hyperlocation
  These antennas are dynamically switched in and out depending upon the modes being used.

Safety Instructions

Translated versions of the following safety warnings are provided in the translated safety warnings document that is shipped with your access point. The translated warnings are also in the Translated Safety Warnings for Cisco Aironet Access Points, which is available on Cisco.com.
IMPORTANT SAFETY INSTRUCTIONS
This warning symbol means danger. You are in a situation that could cause bodily injury. Before you work on any equipment, be aware of the hazards involved with electrical circuitry and be familiar with standard practices for preventing accidents. Use the statement number provided at the end of each warning to locate its translation in the translated safety warnings that accompanied this device.
Statement 1071
SAVE THESE INSTRUCTIONS
Read the installation instructions before you connect the system to its power source. Statement 1004
  Installation of the equipment must comply with local and national electrical codes. Statement 1074
This product relies on the building’s installation for short-circuit (overcurrent) protection. Ensure that the protective device is rated not greater than:
20A. Statement 1005
Do not operate your wireless network device near unshielded blasting caps or in an explosive environment unless the device has been modified to be especially qualified for such use. Statement 245B
  In order to comply with FCC radio frequency (RF) exposure limits, antennas should be located at a minimum of 12 inches (30 cm) or more from the body of all persons.
Statement 332
The fasteners you use to mount an access point on a ceiling must be capable of maintaining a minimum pullout force of 20 lbs (9 kg) each and must use a minimum of four holes on the mounting bracket.
This product and all interconnected equipment must be installed indoors within the same building, including the associated LAN connections as defined by Environment A of the IEEE 802.af Standard.
The access point is suitable for use in environmental air space in accordance with section 300.22.C of the National Electrical Code and sections 2-128, 12-010(3), and 12-100 of the Canadian Electrical Code, Part 1, C22.1. You should not install the power supply or power injector in air handling spaces.
Use only with listed ITE equipment.

Unpacking

To unpack the access point, follow these steps:
Step 1 Unpack and remove the access point and the accessory kit from the shipping box.
Step 2 Return any packing material to the shipping container and save it for future use.
Step 3 Verify that you have received the items listed below. If any item is missing or damaged, contact your Cisco representative or reseller for instructions.
— The access point
— Mounting bracket (selected when you ordered the access point)
— Adjustable ceiling-rail clip (selected when you ordered the access point)

AP Views, Ports, and Connectors

The ports and connections on the bottom of the access point are shown in Figure 2.

Preparing the AP for Installation

Before you mount and deploy your access point, we recommend that you perform a site survey (or use the site planning tool) to determine the best location to install your access point.
You should have the following information about your wireless network available:

• Access point locations.

• Access point mounting options: below a suspended ceiling or on a flat horizontal surface.
  You can mount the access point above a suspended ceiling but you must purchase additional mounting hardware: See “Mounting and Grounding the Access Point” section on page 13 for additional information.

• Access point power options: PoE+ via powered switch, mid-span, or power injector (usually located in a wiring closet). If PoE+ is not available, this access point may be powered by a local DC power supply (Cisco AIR-PWR-C).
  When the access point is located above the ceiling tiles (in the building’s environmental airspace, also known as plenum) care must be taken to ensure the power supply, or power injector if used, is not co-located in the building’s plenum airspace. This may not be in compliance with local safety regulations.

Cisco recommends that you make a site map showing access point locations so that you can record the device MAC addresses from each location and return them to the person who is planning or managing your wireless network.

Installation Overview

Installing the access point involves these operations:
Step 1 Performing a Pre-Installation Configuration, page 10 (optional)
Step 2 Mounting and Grounding the Access Point, page 13
Step 3 Powering the Access Point, page 15
Step 4 Preparing the AP for Installation, page 9

Performing a Pre-Installation Configuration

The following procedures ensure that your access point installation and initial operation go as expected. This procedure is optional.
Note Performing a pre-installation configuration is an optional procedure. If your network controller is properly configured, you can install your access point in its final location and connect it to the network from there.
See the “Deploying the Access Point on the Wireless Network” section on page 17 for details.
The following pre-installation configuration procedure does not include configuring Link Aggregation or configuration via Cisco Mobility Express.
Note

• For information on configuring Link Aggregation, see the Cisco Wireless LAN Controller Configuration Guide, Release 8.6, at this URL:
  https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-6/config- guide/b_cg86/ports_and_interfa ces.html#ID1466

The pre-installation configuration setup is illustrated in Figure 3.Step 1 Make sure that the Cisco Wireless LAN Controller DS port is connected to the network. Use the CLI, web-browser interface, or Cisco Prime Infrastructure procedures as described in the appropriate Cisco Wireless LAN Controller Configuration guide.
a. Make sure that access points have Layer 3 connectivity to the Cisco Wireless LAN Controller Management and AP-Manager Interface.
b. Configure the switch to which your access point is to attach. See the Cisco Wireless LAN Controller Configuration Guide for the release you are using, for additional information.
c. Set the Cisco Wireless LAN Controller as the master so that new access points always join with it.
d. Make sure DHCP is enabled on the network. The access point must receive its IP address through DHCP.
e. CAPWAP UDP ports must not be blocked in the network.
f. The access point must be able to find the IP address of the controller. This can be accomplished using DHCP, DNS, or IP subnet broadcast. This guide describes the DHCP method to convey the controller IP address. For other methods, refer to the product documentation. See also the “Configuring DHCP Option 43” section on page 21 for more information.
Step 2 Apply power to the access point. See Powering the Access Point, page 15.
a. As the access point attempts to connect to the controller, the LEDs cycle through a green, red, and amber sequence, which can take up to 5 minutes.
If the access point remains in this mode for more than five minutes, the access point is unable to find the Master Cisco Wireless LAN Controller. Check the connection between the access point and the Cisco Wireless LAN Controller and be sure that they are on the same subnet.
b. If the access point shuts down, check the power source.
c. After the access point finds the Cisco Wireless LAN Controller, it attempts to download the new operating system code if the access point code version differs from the Cisco Wireless LAN Controller code version.
While this is happening, the Status LED blinks amber.
d. If the operating system download is successful, the access point reboots.
Step 3 Configure the access point if required. Use the controller CLI, controller GUI, or Cisco Prime Infrastructure to customize the access-point- specific 802.11ac network settings.
Step 4 If the pre-installation configuration is successful, the Status LED is green indicating normal operation.
Disconnect the access point and mount it at the location at which you intend to deploy it on the wireless network.
Step 5 If your access point does not indicate normal operation, turn it off and repeat the pre-installation configuration.
When you are installing a Layer 3 access point on a different subnet than the Cisco Wireless LAN Controller, be sure that a DHCP server is reachable from the subnet on which you will be installing the access point, and that the subnet has a route back to the Cisco Wireless LAN Controller. Also be sure that the route back to the Cisco Wireless LAN Controller has destination UDP ports 5246 and 5247 open for CAPWAP communications. Ensure that the route back to the primary, secondary, and tertiary wireless LAN controller allows IP packet fragments. Finally, be sure that if address translation is used, that the access point and the Cisco Wireless LAN Controller have a static 1-to-1 NAT to an outside address. (Port Address Translation is not supported.)

Mounting and Grounding the Access Point

Cisco Aironet 4800 series access points can be mounted in several configurations – on a suspended ceiling, on a hard ceiling, on an electrical or network box, and above a suspended ceiling.
Go to the following URL for access point mounting instructions:
http://www.cisco.com/c/en/us/td/docs/wireless/access_point/mounting/guide/apmount.html
The standard mounting hardware supported by the AP is listed in Table 1.
Table 1 Brackets and Clips for Mounting the AP

| Part Number| Description
---|---|---
1 Brackets| AIR-AP-BRACKET-1| Low-profile bracket (This is the default option)
AIR-AP-BRACKET-2| Universal bracket
Clips| AIR-AP-T-RAIL-R| Ceiling Grid Clip (Recessed mounting) (This is the default option)
AIR-AP-T-RAIL-F| Ceiling Grid Clip (Flush mounting)
AIR-CHNL-ADAPTER| Optional adapter for channel-rail ceiling grid profile.

1. Mount the AP using no less than four screw holes on a bracket.

When mounting the AP in areas where there is a possibility of the AP being knocked off the mounting bracket, use the lock hasp on the back of the AP (see Figure 4) to lock it to the bracket. Also, see Figure 4 to know how the power cable is to be routed.

Powering the Access Point

The AP can be powered out-of-the-box with the following options:

| AP Functionality| PoE Budget @ PSE (Watts)| 802.3af or PWRINJ5| 802.3at PoE+
PWRINJ6| 802.3bt uPoE
AIR-PWR50
---|---|---|---|---|---
PoE (802.3at)| It is recommended to:
• Disable USB and AUX port
• Limit mGig to 1GbE| 30W| Not supported| Supported| Supported
PoE (803.bt/uPoE)| All features enabled.| 32W| Not supported| Not supported| Supported

The USB port is designed only for use with Cisco-approved devices. Usage of non-Cisco approved third-party USB modules with this Access Point is not supported. The behavior of such USB devices and the impact to the Access Point is not guaranteed.

Configuring and Deploying the Access Point

This section describes how to connect the access point to a wireless LAN controller. Because the configuration process takes place on the controller, see the Cisco Wireless LAN Controller Configuration Guide for additional information.
The information in this section does not include configuring Link Aggregation. For information on configuring Link Aggregation, see the Cisco Wireless LAN Controller Configuration Guide at the following URL:
https://www.cisco.com/c/en/us/support/wireless/wireless-lan-controller- software/products-installation-and-configuration-guides-list.html
The Controller Discovery Process
CAPWAP support is provided in controller software release 5.2 or later. However, your controller must be running the release that supports 4800 series access points, as specified in the access point data sheet.
The access point uses standard Control and Provisioning of Wireless Access Points Protocol (CAPWAP) to communicate between the controller and other wireless access points on the network. CAPWAP is a standard, inter-operable protocol which enables an access controller to manage a collection of wireless termination points. The discovery process using CAPWAP is identical to the Lightweight Access Point Protocol (LWAPP) used with previous Cisco Aironet access points.
LWAPP-enabled access points are compatible with CAPWAP, and conversion to a CAPWAP controller is seamless.
Deployments can combine CAPWAP and LWAPP software on the controllers.
You cannot edit or query any access point using the controller CLI if the name of the access point contains a space.
The functionality provided by the controller does not change except for customers who have Layer 2 deployments, which CAPWAP does not support.
In a CAPWAP environment, a wireless access point discovers a controller by using CAPWAP discovery mechanisms and then sends it a CAPWAP join request. The controller sends the access point a CAPWAP join response allowing the access point to join the controller. When the access point joins the controller, the controller manages its configuration, firmware, control transactions, and data transactions.
Make sure that the controller is set to the current time. If the controller is set to a time that has already occurred, the access point might not join the controller because its certificate may not be valid for that time.
For additional information about the discovery process and CAPWAP, see the Cisco Wireless LAN Controller Software Configuration Guide. This document is available on Cisco.com.
Access points must be discovered by a controller before they can become an active part of the network. The access point supports these controller discovery processes:

• Layer 3 CAPWAP discovery—Can occur on different subnets than the access point and uses IP addresses and UDP packets rather than MAC addresses used by Layer 2 discovery.

• Locally stored controller IP address discovery—If the access point was previously joined to a controller, the IP addresses of the primary, secondary, and tertiary controllers are stored in the access point non-volatile memory. This process of storing controller IP addresses on an access point for later deployment is called priming the access point.
  For more information about priming, see the “Performing a Pre-Installation Configuration” section on page 10.

• DHCP server discovery—This feature uses DHCP option 43 to provide controller IP addresses to the access points.
  Cisco switches support a DHCP server option that is typically used for this capability. For more information about DHCP option 43, see the “Configuring DHCP Option 43” section on page 21.

• DNS discovery—The access point can discover controllers through your domain name server (DNS). For the access point to do so, you must configure your DNS to return controller IP addresses in response to CISCO-CAPWAP-CONTROLLER.localdomain, where localdomain is the access point domain name. Configuring the CISCO-CAPWAP-CONTROLLER provides backwards compatibility in an existing customer deployment. When an access point receives an IP address and DNS information from a DHCP server, it contacts the DNS to resolve CISCO-CAPWAP-CONTROLLER.localdomain. When the DNS sends a list of controller IP addresses, the access point sends discovery requests to the controllers.

Deploying the Access Point on the Wireless Network
After you have mounted the access point, follow these steps to deploy it on the wireless network:
Step 1 Connect and power up the access point.
Step 2 Observe the access point LED (for LED descriptions, see “Checking the Access Point LEDs” section on page 18).
a. When you power up the access point, it begins a power-up sequence that you can verify by observing the access point LED. If the power-up sequence is successful, the discovery and join process begins. During this process, the LED blinks sequentially green, red, and off. When the access point has joined a controller, the LED is chirping green if no clients are associated or green if one or more clients are associated.
b. If the LED is not on, the access point is most likely not receiving power.
c. If the LED blinks sequentially for more than 5 minutes, the access point is unable to find its primary, secondary, and tertiary Cisco Wireless LAN Controller. Check the connection between the access point and the Cisco Wireless LAN Controller, and be sure the access point and the Cisco Wireless LAN Controller are either on the same subnet or that the access point has a route back to its primary, secondary, and tertiary Cisco Wireless LAN Controller. Also, if the access point is not on the same subnet as the Cisco Wireless LAN Controller, be sure that there is a properly configured DHCP server on the same subnet as the access point.
See the “Configuring DHCP Option 43” section on page 21 for additional information.
Step 3 Reconfigure the Cisco Wireless LAN Controller so that it is not the Master.
A Master Cisco Wireless LAN Controller should be used only for configuring access points and not in a working network.

Checking the Access Point LEDs

Regarding LED status colors, it is expected that there will be small variations in color intensity and hue from unit to unit. This is within the normal range of the LED manufacturer’s specifications and is not a defect.
The access point status LED indicates various conditions and are described in Table 2.
Table 2 LED Status Indications

associated
Blue| Normal operating condition, at least one wireless client association
Boot loader status| Green| Executing boot loader
Boot loader error| Blinking Green| Boot loader signing verification failure
Operating status| Blinking Blue| Software upgrade in progress
Alternating between Green and Red| Discovery/join process in progress
Cycling through Red-Off-Green-Off-Blue-Off| Access point location command invoked from controller web interface.
Access point operating system errors| Cycling through Blue-Red-Green-Off| General warning; insufficient inline power

Miscellaneous Usage and Configuration Guidelines

Using the Mode Button
Using the Mode button (see Figure 2) you can:

• Reset the AP to the default factory-shipped configuration

• Clear the AP internal storage including all configuration files
  To use the mode button, press, and keep pressed, the mode button on the access point during the AP boot cycle. Wait until the AP status LED changes to Amber. During this, the AP console shows a seconds counter, counting the number of seconds the mode button is pressed. Then:

• To reset the AP to it’s default factory-shipped configuration, keep the mode button pressed for less than 20 seconds.
  The AP configuration files are cleared.
  This resets all configuration settings to factory defaults, including passwords, WEP keys, the IP address, and the SSID.

• To clear the AP internal storage, including all configuration files, keep the mode button pressed for more than 20 seconds, but less than 60 seconds.

If the mode button is pressed for more than 30 seconds but less than 60 seconds, the FIPS mode flag is also cleared during the full factory reset of the AP. The FIPS flag when set disables console access.
The AP status LED changes from Amber to Red, and all the files in the AP storage directory are cleared.
If you keep the mode button pressed for more than 60 seconds, the mode button is assumed faulty and no changes are made.
Troubleshooting the Access Point to Cisco Controller Join Process
  Ensure that your controller is running the latest Cisco Wireless Controller Software Release as specified in the access point data sheet.
Access points can fail to join a controller for many reasons: a RADIUS authorization is pending; self-signed certificates are not enabled on the controller; the regulatory domains of the access point and the controller don’t match, and so on.
Controller software enables you to configure the access points to send all CAPWAP-related errors to a syslog server.
You do not need to enable any debug commands on the controller because all of the CAPWAP error messages can be viewed from the syslog server itself.
The state of the access point is not maintained on the controller until it receives a CAPWAP join request from the access point. Therefore, it can be difficult to determine why the CAPWAP discovery request from a certain access point was rejected. In order to troubleshoot such joining problems without enabling CAPWAP debug commands on the controller, the controller collects information for all access points that send a discovery message to it and maintains information for any access points that have successfully joined it.
The controller collects all join-related information for each access point that sends a CAPWAP discovery request to the controller. Collection begins with the first discovery message received from the access point and ends with the last configuration payload sent from the controller to the access point.
You can view join-related information for up to three times the maximum number of access points supported by the platform for the 2500 series controllers and the Controller Network Module within the Cisco 28/37/38xx Series Integrated Services Routers.
The maximum number of access points varies for the Cisco WiSM2, depending on which controller software release is being used.
When the controller is maintaining join-related information for the maximum number of access points, it does not collect information for any more access points.
An access point sends all syslog messages to IP address 255.255.255.255 by default when any of the following conditions are met:

• An access point running software release 8.2.110.0 or later has been newly deployed.
• An existing access point running software release 8.2.110.0 or later has been reset after clearing the configuration.

If any of these conditions are met and the access point has not yet joined a controller, you can also configure a DHCP server to return a syslog server IP address to the access point using option 7 on the server. The access point then starts sending all syslog messages to this IP address.
When the access point joins a controller for the first time, the controller sends the global syslog server IP address (the default is 255.255.255.255) to the access point. After that, the access point sends all syslog messages to this IP address until it is overridden by one of the following scenarios:

• The access point is still connected to the same controller, and the global syslog server IP address configuration on the controller has been changed using the config ap syslog host global syslog_server_IP_address command. In this case, the controller sends the new global syslog server IP address to the access point.
• The access point is still connected to the same controller, and a specific syslog server IP address has been configured for the access point on the controller using the config ap syslog host specific Cisco_AP syslog_server_IP_address command. In this case, the controller sends the new specific syslog server IP address to the access point.
• The access point is disconnected from the controller and joins another controller. In this case, the new controller sends its global syslog server IP address to the access point.
• Whenever a new syslog server IP address overrides the existing syslog server IP address, the old address is erased from persistent storage, and the new address is stored in its place. The access point also starts sending all syslog messages to the new IP address provided the access point can reach the syslog server IP address.

You can configure the syslog server for access points and view the access point join information only from the controller CLI.
Important Information for Controller-based Deployments
Keep these guidelines in mind when you use 4800 series access points:

• The access point can only communicate with Cisco Wireless LAN Controllers.

• The access point does not support Wireless Domain Services (WDS) and cannot communicate with WDS devices.
  However, the controller provides functionality equivalent to WDS when the access point joins it.

• CAPWAP does not support Layer 2. The access point must get an IP address and discover the controller using Layer 3, DHCP, DNS, or IP subnet broadcast.

• The access point console port is enabled for monitoring and debug purposes. All configuration commands are disabled when the access point is connected to a controller.

Configuring DHCP Option 43
You can use DHCP Option 43 to provide a list of controller IP addresses to the access points, enabling them to find and join a controller.
The following is a DHCP Option 43 configuration example on a Windows 2003 Enterprise DHCP server for use with Cisco Aironet lightweight access points. For other DHCP server implementations, consult product documentation for configuring DHCP Option 43. In Option 43, you should use the IP address of the controller management interface.
DHCP Option 43 is limited to one access point type per DHCP pool. You must configure a separate DHCP pool for each access point type.
The 4800 series access point uses the type-length-value (TLV) format for DHCP Option 43. DHCP servers must be programmed to return the option based on the access point DHCP Vendor Class Identifier (VCI) string (DHCP Option 43).
The VCI string for the 4800 series access point is:
Cisco AP c4800
The format of the TLV block is listed below:

• Type: 0xf1 (decimal 241)
• Length: Number of controller IP addresses * 4
• Value: List of WLC management interfaces

To configure DHCP Option 43 in the embedded Cisco IOS DHCP server, follow these steps:
Step 1 Enter configuration mode at the Cisco IOS CLI.
Step 2 Create the DHCP pool, including the necessary parameters such as default router and name server. A DHCP scope example is as follows:
ip dhcp pool
network
default-router
dns-server
Where: