Possible to have enterprise-grade Wi-Fi in your home? Absolutely! Is it easy..? That's to be determined.
Introduction
TLDR: I really don't know what I'm doing, but here's some information that I've found that others might find helpful. Also, this is written with the Cisco AIR-CAP2602i AP's in mind.
Let me preface this by saying that I am way out of my element on this one. The following information has been compiled from various Reddit posts and comments, bits and pieces of Cisco's documentation, blogs, and forms, and I just barely know what I'm doing. On the flip side, I'm writing this from the standpoint of someone who started out knowing nothing about Cisco's wireless side of things, so hopefully I answer some of the less obvious questions... With that out of the way, let's dig in.
Recently, I acquired 3 Cisco AIR-CAP2602i APs from my college's IT Dept sale. I really didn't know what I was going to do with them, but they had no limit on how many could be purchased and since they cost next to nothing, I figured why not. Because of this, this article is going to be written specific to that model of AP, however there will still be a lot of information applicable to other models.
CAP vs SAP
TLDR: CAP - Requires a controller, SAP - Standalone. Can convert between the two modes.
My first bit of confusion was the difference between a "CAP" and a "SAP." To put it simply, a SAP is standalone and works in autonomous mode. SAP's have their own web GUI for management and can be compared to any other off the shelf AP from Staples (Using compared very loosely, as these are built like tanks with a feature set to match.. More on that later). CAPs on the other hand require a dedicated controller on the network for management and have no individual web interface.
Don't fear if your AP is a CAP and you wanted a SAP. It is possible to switch between the two modes with different firmware versions. Firmwares such as ap3g2-k9w8 (notice the 8) are CAP firmwares, substitute the 8 for a 7 and now you have a SAP firmware. Just flash the firmware onto the AP and you're good to go. As it turns out, my APs, although they had the model name with "CAP" were actually running SAP firmware. A firmware swap through the web interface got them switched over to controller mode no problem.
Take note that to download most Cisco firmware versions, you will need a Cisco service contract.
PoE
TLDR: They are compatible with 802.3af PoE.
Maybe this was just lack of knowledge on my part, but whenever I have worked with PoE devices in the past, it was very clear what was and was not a PoE compatible device. In the case of these APs, I found very little information on Cisco's spec sheets and could not find a definitive source elsewhere as to whether they were or were not PoE compatible (and there is nothing printed on the labeling). I decided just to try an 802.3af PoE injector and see what happens. As it turns out, these APs are compatible with 802.3af PoE no problem.
The Controller - Overview
TLDR: If you already have a hypervisor or physical machine available, download a 60-day trial of Cisco's vWLC. Check compatibility matrix to make sure your APs are compatible.
Assuming you're not running in standalone mode, you're going to need a controller. You can either purchase a physical controller on Ebay, or run a software-based controller. Before you do either, make sure to check out Cisco's compatibility matrix to ensure you are getting a controller compatible with your APs.
I opted to go with the vWLC or Virtual Wireless LAN Controller to save some money compared to purchasing a physical device. There are VMware images and standard KVM images available on Cisco's download portal (Once again, take note that to download most Cisco firmware versions, you will need a Cisco service contract.). Some of the vWLC downloads do have 60-day trials which should be more than enough time to get up and running, which is the route I ended up taking.
If you choose to run a software controller, it's important to note the system requirements. For "small" setups 1 CPU, 2GB RAM, and 8GB disk space should be enough. The system will also need 2 NICs (one for the out of band management service interface and the other for the primary management interface).
The Controller - Setup (vWLC)
TLDR: The setup itself is pretty straight forward, refer to the initial setup section of Cisco's configuration manual (linked below) for any problems.
Configuration is performed initially through the interface directly on the WLC if it has not yet been configured. I'd recommend taking a look at Cisco's manual for WLC setup and configuration, but here are some of the basics:
| Value | Setting | Notes |
|---|---|---|
| Terminate Autoinstall | Yes | Must be terminated to configure system manually. If allowed to run, autoinstall will use image found on a TFTP server. |
| System Name | The hostname of your choice | |
| Administrative Username and Password | Self-explanatory | |
| Service Port Configuration (Static/DHCP) | DHCP | This must be on a different subnet than the management interface. I was having some issues with setting a static address, but DHCP worked without issue. |
| Management Interface Configuration | Static IP Address, Subnet mask, and Gateway | |
| Management Interface VLAN ID | Your management VLAN (0 for untagged) | |
| DHCP Server Address | Self-explanatory | |
| Virtual Interface IP Address | Self-explanatory | Must be on a different subnet than the rest of your networks and must be non-routable |
| Mobility/RF Group Name | Anything you want | This only really comes in to play with more than one controller so there isn't really a need to make it anything fancy. |
| SSID | Self-explanatory |
There are a few more options during the setup, but they are mostly self-explanatory and are very setup specific. After this initial setup is finished, you're ready to go log into the web gui at the management IP address.
The Controller - Configuration
I will probably make a separate post about this when I have a better handle on things, so stay tuned, but I did want to clear up a few basics points in this post.
FlexConnect Mode:
When using the virtualized WLC, your only option for access point communication is Cisco FlexConnect. In it's simplest form, FlexConnect is just used for dumping the traffic from the AP straight onto the switch it's connected to, not routing traffic back to the WLC before it enters the network. Long story short, this requires some extra setup, but shouldn't cause any problems for homelab use.
RF/Mobility Groups:
As mentioned in the chart above, mobility groups are not really utilized unless there is more than one controller on the network, so these settings can be ignored.
The End
That's it for now. I will likely update the information on this post, but I wanted to keep it to the basics. I am planning a separate post with specifics on VLAN configuration and some additional security parameters, but that is for another time.
