Setup Cisco AP342s, AP352s and BR352s used as Access Points and Repeaters for Home HotSpots/WISPs
and How to Setup the AP342, AP352 and BR352 for Optional Encryption and as Repeaters**
by Joe Mehaffey, W2JO  (revision 1/27/2004)

I have wanted to compare the operation of Dlink/LinkSys/SMC bridges and APs to some Cisco products for quite awhile. I recently got a BR342, two AP352s, two BR352s and  four AP342s to experiment with. I wish I had tried this gear out sooner!  This Cisco wireless gear is GREAT STUFF for Hotspots,  Wide Area LANs, and use where 802.11b repeaters are needed!  Note:  These units will only act as REPEATERS when the central (root) access point is an AP342/352/1100, BR352 or compatible Cisco unit.

I think that anyone thinking about a wide area mesh network (with spans in the range of one mile or less) should CONSIDER the use of the AP352E2C ($300-100mw) and/or AP342s ($100-30mw) (or later versions such as the AP1100)  models instead of the BR342s or BR352s at nodes. Reasons: a) BR342s only work with other BR342s and clients.  b) BR342s cost about $425 and have fewer features than the AP352s at around $300. And the AP342/AP352 have the same software feature set. c) AP342s and AP352s will interwork and repeat with other AP342s, AP352s, AP1100s, and AP1200s and Cisco says this will continue with the dual channels units coming out.     The potential advantage of BR352s and BR342s is that they can maintain considerably higher throughput on long range links (greater than a mile or so) than can the AP models.   I can confirm that the BR352s WILL interoperate with other BR352s plus AP352s ,AP342s, AP1100s and clients from a variety of vendors.   (Some non-Cisco clients work better than others, but all seem to be able to work at least in non-encrypted mode.)   BR352s seem to be essentially AP352s with enhanced software which allows the distance between the BR352 to be up to the range of 60+ miles from remote clients,  AP342/AP352s/BR352s with suitable antenna and/or amplifier gain as may be required.  The AP versions do have a "range" option but the thruput is down to about 250kbps at 7.5 miles with good signals.  Thus, a BR version at the root end of the link will dramatically raise the maximum thruput and range of the link from the root bridge.

The RFLinx  2400CX amps can be used with either model to develop 800mw output (or more with other model amps) if needed for Amateur Radio applications in the 2400mhz Ham Radio band.  One  fact called to my attention is that that BR342/352s while operating as REPEATERS can also provide a data feed out of the ethernet port.  The ethernet port on the AP342/352s is disabled when they are in repeater mode.  Maximum range of the AP units versus the BR units CAN be an issue.  It is reported that max range (from timing considerations) on Cisco's AP models is in excess of 10 miles.  (See below for experimental data gathered in this regard.)   It has been confirmed that the range of Cisco's AP products is significantly less than the BR products.  Maximum range estimates,  based on timing considerations only, for the BR products is said to be in excess of 60 miles.  We are checking further and gathering more data to try and discover  the precise maximum range limitation on the AP342/AP352//BR342/BR352.  PLEASE feel free to email me if you do have definitive information on maximum range for either product!)

Now for the DOWNSIDE:  The AP342/AP352s have been tested for data thruput when operating in REPEATER mode over long distances.  If the range is less than a mile or so and the signals are strong (SN>25db or so) then you can expect the throughput to drop by half for each repeater the data must traverse.  For 11bps this means you have a theoretical maximum data throughput rate something in the order of 5.5 mbps for one repeat and 2.75mbps if traversing two repeaters and 1.375mbps if traversing three repeaters.  This is "as expected" as the units are "store and forward" repeaters.    However,  when I set the units up for operation over a 7.45 mile range, (optimize for RANGE mode),  the throughput for two or three repeaters dropped to the range of 250K to 320K bits per second for a wireless file download.  See the table below for details.   The data rate to the AP when it is used to access the wired ethernet will be higher as then the central AP is not acting as a REPEATER but rather as an ACCESS POINT.
The mesh networking stuff the Cisco gear does is FANTASTIC! Particularly the new software which has improved self organizing features. (I am running ver 12.04  in six units.)

For Ham Radio experimenters,  the AP352 is a really nice companion to the RFLinx  800mw 17db gain amps located 75 to 100 feet away at the tower top.. AP352s start at 100mw (+20dbm) - (75ft LMR400 cable/conn loss=7db) - (pigtail loss=1db) + (amp gain=17db) gives +29dbm which is your 800mw output. Actually RFLinx engineering tells me the 800mw amp will go to +30dbm and that seems reasonable since the amp has a +12vdc PSU and peak voltage at 1 watt output would be only about 10 volts (7vrms). Also, the AP352 has power over the CAT5 ethernet cable so putting it up the tower with the amp is a little easier than with some other models.  (Note:  I personally prefer putting the AMP at the tower top and the AP gear in a box at ground level.  Amps have proved very reliable for me.  APs can be temperature sensitive both on the high and low ends of the scale.)  The adjustable power output on ALL these Cisco models is really nice too. And.. If you put the amp right with the access point up the tower, you need the 12db amp and 50mw out of your AP to get your 800mw..  In the USA FCC rules for part 15 operation,  transmitters are allowed a maximum ERP (Effective Radiated Power) of +36dbm or 4 watts.  If you have 800mw transmit power (+29dbm) then you have a net of +7dbi of net antenna gain you can add.  "Antenna Gain" includes the net of antenna gain and cable/connector loss between the amplifier output and the antenna itself.   Note:  Generally, it is NOT in accord with FCC rules for UNlicensed individuals to use amplifiers for 802.11 communications unless the amplifiers are furnished by an equipment manufacturer specifically to work with a given AP/Bridge or such.   See FCC rules on part 15 unlicensed operation for details.   A word to the wise is sufficient.

Note: The AP342s and AP352s can operate with  RF coming out either antenna port in diversity mode unless you select just RIGHT or just LEFT. Unfortunately,  this is not as flexible as it seems at first glance.  While you can get RF out of either the left and right port of these units,  the limitation is pretty severe.  The access point receives and transmits using one antenna at a time depending on the signal strength readings, so you cannot increase range by installing high-gain antennas on both connectors and pointing one north and one south. When the access point uses the north-pointing antenna, it would ignore client devices to the south.

Interoperability and compatibility tests were run with the Cisco gear and with various brands of  client cards.  The Cisco units were compatible with 100% of the 802.11b/g cards I tested with.  These included Dlink, SMC, LinkSys, Senao, and Orinoco/Proxim. Some problems I noticed follow. (Tests were not all that scientific but I report it as I saw it.)
1) I was using a Dlink 900AP+ as a central AP on my 100ft tower with an 500mw amplifier. Local links were fine, but three links to stations half a mile away through trees had a high error rate in the area of 20%. It had been that way ever since I put them in and figured this was a result of the dense trees causing multipath distortion.  First I put in a AP-342 in place of the Dlink on the tower. One link going a half mile thru trees to a Senao Card became completely error free. Things improved on the links with the 900AP+ units, but these links still had errors. Then I noticed that the Dlink 900AP+ units on even some shorter test links had a few errors showing over time. I replaced the 900AP+ with the worst error rate with a LinkSys WET11 and immediately, the error rate went to about zero and has stayed there. I then replaced the other two 900AP+ units with WET11s and those links became error free as well.

2) I have one AP352 acting as a repeater installed about 3/4 mile from my tower with an 8db omni antenna  and amplifier. It worked fine from the first moment. I added the 12db amp to get the power up to about 600mw (including cable losses) so as to be able to extend coverage to another repeater and it is all doing a good job.

3) Thruput of three Cisco units in series (AP > repeater1 > repeater2) is still faster than the download speed of a single 1.5mbps ADSL line.   (When the distance between units is less than a mile and the units are all set to "optimize for throughput".)

4) Features I like in the Cisco AP342/352 include: a) Each unit keeps records of who is connected and logs traffic, errors, etc. b) AP342/AP352 has transmit power available on both antenna R-TNC antenna ports.  See Note. c) AP342 converts easily to external amp use by inserting a MMCX plug into the internal PCMCIA card and bringing out the cable to an outside connector.  Some AP340 series units have  R-TNC connectors on the rear instead of captive antennas,  but I have not seen any of these for sale on eBay.  d) You can update firmware by radio (and automatically to all units at once if you want). e) EVERYTHING seems to be adjustable/configurable. (This can be a hazard!) For instance, if you check: "Make unit maximum compatible with standard 802.11 devices", the repeat mode and lots of neat features quit working!) f) It is possible to configure the units so that you can SIMULTANEOUSLY serve some clients with encrypted links and others with UNencrypted links. g) These units work with all of the 802.11b/g wireless clients I have tested them with including various SMC, LinkSys, Dlink, Senao, and Orinoco cards and bridge clients. h) The rated temperature range of SOME models is 0 C to 50 C.  (While the specification is not quite good enough for outdoor and attic use,  I find that some units will operate  considerably beyond this specification.  One unit has performed flawlessly down to 22F and up to 130F.   Another quit passing data at about 30F and did not recover when the temperature came back up.  On this unit, when failed,  you could communicate with it via the ethernet connection,  but I had to  unplug/replug the ethernet cable to bring it back to operation.)    i) You can program all features remotely (and securely) by radio. This includes cases where you have multiple signal repeaters.   j) If you have two or more "source" feeds from the internet, the units will self organize.  Load balancing is apparently manual but any section of the "mesh" where the primary feed fails can "home" on another mesh section where AP service is still working.  k) The "associated" table shows "who is connected to whom" including clients,  repeaters and access points.   (I have noticed that client NICs rather than client bridges are what show up in the associated table where you have (say) a WET11 client bridge connected to a NIC card in a client computer. )  l) You can set up the Cisco units to prevent Peer-to-Peer connections on the local wireless LAN if you want. Couple this to "per client" bandwidth throttling (and Kazaa, etc throttling or blocking in a Mikrotik Hotspot) and you can control your gamers and music sharers and keep them from overloading your network. As you can tell, I really am impressed with the features of the Cisco gear and the AP342 is really cost effective at $100 or so on eBay.
---------------------------------------------------------------------------------------------------------------------------------------
How to Setup the APs for Optional Encryption and as Repeaters

First:  A few "gotchas" to keep you from being confused.
1)  Your AP <must> be in AP mode for you to communicate with it over the ethernet cable.  This is the default,  but once you put the unit into "Repeater Access Point" mode you have to communicate with it via the radio channel.  So:  Do not put the unit into REPEATER AP mode until you have made sure you can communicate with it by radio as an AP. 
2) If you plug the unit into your computer's LAN port,  and the unit is then configured as a Root Access point and programmed to revert to "Repeater Access Point" mode when it loses contact with its router over the wirelan,  it WILL disable communications with your computer over the wirelan cable as soon as you enable the "Revert to Repeater Access Point when communications is lost" mode. 
3) Pushing the AP342s reset button for 10 seconds loads the default parameters.  The AP352 has a hole for a reset button,  but the reset button is missing.  There is no way to reset an AP352 to factory defaults without using <:RESETALL> from the hyperterminal command line interface if you lose connectivity for some reason.  I did this a LOT early in my experimentation.
4) Use Hyperterminal and 9600,8,none,1, hardware with a 9 pin serial cable to connect to the APs to discover their IP address initially.  Just turn the unit on with Hyperterminal connected and you will see the IP address (and lots of other stuff) during boot up.  After you have the unit's IP address,  connect a lan crossover cable between the computer and the AP.  Then set your computer's IP address to some other IP address in the same range but different from the AP.  Then load a browser and you should be able to http://<AP unit IP address> and you should be able to connect to the AP setup initial screen.
5) As soon as you get the system up and running and can get to the setup screen,  I recommend you go download the latest production firmware for your units from the Cisco website (above), unzip it into  suitable folders, then go to Cisco Services in the Setup Screen and update the firmware.  Use the BROWSER UPDATE method as it is most straightforward.   Depending on which software comes in your unit,  some of the features below may not appear if you do not have the latest software.
6) If you set up your Root AP and Repeater APs as described below and  with encryption "optional", things work almost exactly as you would expect.  Individual stations can login and get access if they are unencrypted or if they are encrypted and are using the correct encryption codes.  Special Note:  Sometimes when you set an individual station to be encrypted,  that station becomes "invisible" to all other stations on the wireless LAN.  This seems to be related to brand/type of Client Card used.  This "stealthy"  encrypted station a) can no longer be pinged,  b) can no longer be discovered by an IP address scanner, and c) can no longer be accessed by remote control programs such as VNC.   And.. This is independent of if the remote management station is encrypted or not.   This is quite an annoyance.   Please see the table with more test data at the end of this article. If anyone knows a setup arrangement for the AP340/350s that will overcome this limitation, please let me know. 
7) While you are getting setup,  pick an RF channel for your APs and Repeater APs and do not let them roam the available channels.  Later you may want to allow your ROOT AP/BRIDGE to roam to another channel if interference occurs on the channel.  If you do allow your ROOT AP to "roam",  pick channels not used by others in your area.  It is necessary to setup roaming on ALL AP340/AP350/BR350 units.  Units locked to a single (default) channel will stay there if the ROOT unit roams to another channel.  Which channel onto which roaming can occur should be the same on all units.   Note:  Most Clients will also follow,  but many clients will not be able to change channel without manual selection in the client setup.  Know what features your clients have before you allow your network to "roam" amongst channels.  (See more below).
8) No.. It is not possible to use the AP342/352s as repeaters AND get a wired LAN signal for local use out of the repeater AP at the same time.  In fact,  these units cannot be used as a standard wired ethernet client bridge ( receiver) at all excepting for the client feature which is really not what these devices were designed for.  BR342/BR352 units DO have a wired LAN output available when they are being operated as Repeater APs.
9) The BRIDGES have a RANGE parameter.  It appears this has to be set reasonably carefully to match to range to the BRIDGE most distant from the ROOT BRIDGE.  At one point, I set the root bridge to 40km range and only had thruput to another BR352 located nearby (500ft away)  of about 3.5kbps.  Changing the range setting on the root bridge to zero made the thruput come back up where it should be.  The nearby APs which were associated with the root bridge seemed unaffected and appeared to maintain their normal thruput speed independent of the range paramter.  (But we know making the range parameter a large number DOES cut down on the total  thruput of the Bridge.  My future testing should define some values for this reduction.)  It appears that running nearby APs and Distant BRs from the same root BR could drop the overall thruput capability of the root BR significantly.  Can someone with experience comment on this please?
Now to the Setup itself
 How to set up the Cisco AP 342/352s was somewhat mysterious at first.  There is a pretty inclusive AP342/352 FAQ WEBPAGE and relatively good manual that is downloadable from the Cisco website.  Note the Help link near the upper left of the page (below).  This brings up a help file link from the Cisco website (assuming your AP has internet access).  All this documentation got me started pretty well.  The screen photos below were made with an AP342, but the AP352 setup is almost identical except for the RF power settings.  I was able to get the unit working as an access point by only going to the EXPRESS SETUP page and inputing my IP address, SSID and other information as follows.

Figure 1  (above) shows the EXPRESS SETUP screen for an ACCESS POINT.

There are a couple of things to note about the above: 
1) The System name is arbitrary and should be something meaningful to the system operator.
2) The configuration server protocol options are NONE,  BOOTP, and DHCP.  You use NONE if you want to use a fixed IP address.  You use DHCP if you want the LAN router to pick an IP address for you.  BOOTP I do not know much about.  It makes it a lot easier to administer the AP if you have a fixed IP address that you can easily refer to.
3) The SSID can be whatever you want for your particular installation. 
4) "Role in Radio Network" is a little tricky if you intend to use some units as repeater access points.  Root Access Point means the unit is going to have a wirelan connection and will operate (more or less) as a conventional AP.  Repeater Access Point means the unit is going to NOT have a wirelan connection and will operate as a repeater for other Cisco APs configured as Root Access Points.  Site Survey Client means you can configure the AP for site survey use as a client but it is pretty clumsy at that task.  The tricky part is that EVEN IF you want to use a particular AP as a Repeater Access Point,  you really want to configure it here as a Root Access Point.  The reason is:  a) it allows you to program the same AP functionality into all your APs and b) coming soon (below) is an option that you can set that will direct the Root Access Point to BECOME a Repeater Access Point whenever the wirelan is not present.  By this arrangement,  any Root AP is interchangeable with any repeater AP without any adjustments.  Also note:  You MUST (in ver 12.04) be connected to a wire ethernet link or you will not be allowed to change the ROLE from Repeater Access Point back to Root Access Point.
5) For the "Optimize Radio Network For" question,  I recommend as follows:  Maximum desired Range less than 1 mile, use THROUGHPUT.  Range MORE than one mile, use RANGE.  See information on range tests done (near end of paper) for more details.
6)Leave the "Ensure Compatibility With" options unchecked.  If you check these,  many of the neat AP342/352 features (such as repeating and Optional Encryption) will disappear.  (I found this out the hard way.)
7) If you are using SNMP management features, insert your Administration Community ID here.

BRIDGES (as opposed to ACCESS POINTS) are a little bit different in that BR342 and BR352 have a few more options.  See the figure (coming soon here.)


Another Setup Screen you need to consider is the Ethernet Hardware Setup Screen below:

Assuming you have multiple APs and/or some Repeater APs,  set the "Loss of Backbone Connectivity Action" to <Switch to Repeater Mode>
This will cause the AP to operate as a standard Access Point unless/until the AP loses the wirelan connection and then it will switch to Repeater AP mode automatically and associate with a nearby AP and continue serving local clients.  IF your main AP(s) cannot operate as a repeater for a nearby client, you likely will want to select "shut off the radio" option  in case the wirelan link fails.  Otherwise,  the strong radio signal from the failed AP may continue to link to local clients instead of dropping the RF link and allowing local clients to roam to another AP.

Notes:
1) For the best results where you have multiple ROOT ACCESS POINTS,  DO NOT leave the Loss of Backbone Connectivity Option set to "No Action" on your Root Access Points.  If you do so, in case of Root AP failure,   repeaters associated with this Root AP will not roam to mesh with the remaining "still alive" APs and repeater APs on your network.   You may select from CHANGE TO REPEATER MODE,  SHUT OFF RADIO, or RESTRICT TO SSID.    NO ACTION will work fine if you have but one Root Access Point or Bridge.
2) BRIDGES have the same Loss of Backbone Connectivity Options  as APs.  However, with Bridges, I suggest you DO NOT set the Loss of Backbone Connectivity Option  to CHANGE TO REPEATER MODE.  If you do set to this option, then your bridge  MAY find another Root Bridge or Root Access Point to associate with if it loses connectivity on the Wired LAN connection.  If it DOES associate with another node and become a repeater node,  the ethernet port becomes an OUTPUT from the bridge instead of an input TO the bridge and you cannot regain control when you recover your ethernet connectivity to the bridge without cycling power on the bridge unit.   This can lead to some VERY confusing symptoms when data from some remote network starts appearing on your local hub or switch through the Bridge's ethernet port.  

Below is the "Radio Hardware" setup screen.  There are a few adjustments you MAY want to make.  but you may be happy with the default settings as well.


You will have already set the SSID when you arrive at this page if you do the Express Setup.  You DO want the Broadcast SSID to associate and likely you do not want to allow "just any old SSID" to associate which will occur if you set "world mode" to YES.  Note the "more..." link to the right of the SSID window above.  If you want,  you can set up multiple SSIDs for each unit.  This can be used where you want your OWN SSID transmitted (primary) but want the unit to respond to one or more alternative SSIDs as well.  Note that the SSIDs are case sensitive.  In my own area,  I set up my primary SSID as <atlantafreenet.org-W2JO> for station ID and added <atlantafreenet.org> and <ATLANTAFREENET.ORG> as a second and third SSID for compatibility with the AtlantaFreeNet.Org conventions.  This way I can tell my own hotspot system from the other AtlantaFreeNet.Org systems but my hotspot system will still respond to the "standard" AFN SSIDs.

The transmit power is adjustable (max 30mw AP342/100mw AP352).  This adjustment can be used to adjust power downward if you have an external amplifier and would be overdriving it with the max power setting.  Be careful about the calculations of drive power required when using amplifiers.  If you put too much drive into an amplifier,  not only will the overdrive create distortion on your signal and  actually REDUCE your range capability,  it can cause severe interference with other users of 802.11 equipment and get you a visit from the FCC!

The Default Radio Channel setting is 6 and with Search for a less-congested radio channel =yes.  I suggest you pick a fixed channel setting for all your APs, turn off search for less-congested channel and stick to it.  I tried allowing the system to "roam" and some of the repeaters would "get lost" and stay on the "default" channel where the Access Points were not available.  I saw no significant thruput degradation from having two Root APs on the same channel.

The RECEIVE and TRANSMIT antenna settings can be set individually for LEFT, RIGHT or DIVERSITY.  If you are using the unit as a normal AP with its built in antennas,  you will likely want to use DIVERSITY for both.  If you are connecting the unit to an external antenna or amplifier,  you will want to select LEFT or RIGHT  depending on which port on the unit you choose to connect to your antenna.  Remember that the access point receives and transmits using one antenna at a time, so you cannot increase range by installing high-gain antennas on both connectors and pointing one north and one south. When the access point used the north-pointing antenna, it would ignore client devices to the south.

Wireless Encryption Setup

There is a really neat feature in the encryption capabilities of the AP342/AP352 units.  Access Points can be configured to serve both ENCRYPTED and NON-ENCRYPTED clients simultaneously.  This is done with the "Encryption Optional" setting on the WEP setup page below.

Notes:
1) You must put in the WEP key size and then the WEP key before the "Use of Data Encryption by Stations" options will appear.
2) The data encryption options are: a) No Encryption,  b) Optional, and c) Full Encryption.  Optional means that a station logging on with no encryption will be allowed and if a station logs on with the correct key he too will be allowed to associate and the second station's send/receive data will be encrypted using the selected WEP key.
3) Keys must be input as HEX DIGITS.  Key 1 is the transmit key and MUST be entered.  The others are optional.
4) The encryption functions above apply when the AP342/352s are operating in any mode.  When the units are in Repeater Access Mode, some special considerations apply.    If the Repeater AP is set for NO ENCRYPTION,  then all the traffic it passes will be limited to UnEncrypted traffic.  If it is set to Full Encrypted the repeater will only be able to pass encrypted traffic so the associated Root AP must be set to either Optional or Full Encryption for this repeater to operate.  This tidbit confused me for awhile as I had been told that if the Root AP and Repeater AP were set to encrypted,  then all "inter-AP traffic (even unencrypted) was encrypted between the AP and repeater.  This appears not to be true.

I am still figuring out the details about how all this mesh networking gear works.  Helpful Hints,  Corrections,  Suggestions and pure Criticism all accepted in the spirit of "getting it right"!

Thanks
Joe Mehaffey

See Also our article on how to setup a MikroTik HotSpot Router.
See Also the AtlantaFreeNet.Org Website.
And Also our "home base" GPS Information Website

TightVNC Remote Control Compatibility tests with various Client and Server radio cards/units
VNC Client is in all cases connecting through one or more AP342s in these tests to a remote VNC Server.
VNC Client  can connect to these Client Units/Cards in systems running VNC Server as shown below. (yes or no)
VNC Client---------------------VNC Server-------------------------VNC Server----------------------------VNC Server
Senao (encrypted)
 Senao(not enc) =yes
 Linksys Wet11 (not enc)=no
 WET11(enc)=yes                    
Senao (NotEnc)
 Senao(Not enc)=yes
 Linksys Wet11(not enc)=yes
 WET11(enc)=no
LucentGold(NotEnc)
 Senao(Not enc)=yes
 LinksysWet11 (enc)=no
 WET11(NotEnc)=yes
WET11 (NotEnc)
 Senao(Not enc)=yes
 LinksysWet11(NotEnc)=yes
 Wet11(enc)=no
WET11(enc)
 Senao(Not enc)=yes
 LinksysWet11(NotEnc)=yes
 Wet11(enc)=yes

If the RECEIVING  (VNC Server) Senao card is set to encrypted in the tests above,  the receiving Senao card "disappears" from view on the WIRELESS LAN.  It cannot be pinged,  found by an IP scanner nor by the VNC Client machine from any wireless station.  In this situation,  the Senao card DOES have normal connectivity to the internet, to mail servers, and etc.  This "stealthy" behavior was a surprise.

Anybody Care to explain the table above?  I cannot explain why SOME devices (SENAO) as receivers for the VNC servers will operate with the sender encoded or not, whereas other combinations do not.  In any case,  it seems that the key is that  CONSISTENT results are achieved when both ends of the VNC connection have encryption ON or OFF. EXCEPT for the Senao card which loses connectivity with all but the WIRED LAN when it is set to encrypted and run through the Cisco AP342/352.   My guess is that this is the result of the specialized Cisco protocols used for relaying and other purposes not being 100% compatible with standard 802.11b gear.
What you SEE in the MAC/IP address Displays of Cisco AP342/352/BR352s
is not always exactly what you expect.
The association display tables of the Cisco APs does not always display ALL of the connected IPs and MAC addresses alive on the network.  The main discrepancy appears to be when an external wireless client bridge (such as the LinkSys WET11 or the Dlink 900AP+)  is used to provide an ethernet-to-radio bridge for a client computer.  In such an arrangement,  there are possibly THREE sets of MAC addresses and IP addresses to consider.  These are:  a) The MAC address and IP address of the LAN card (NIC) in the client computer,  b) the IP address and  IP address of the ETHERNET side of the client bride device and c) the IP and MAC addresses of the WIRELESS side of the client bridge device.  With this array of addresses to choose from,  here is a table showing what is actually displayed by various devices/software on the Hotspot Network.  Note: In this example, all client bridges (WET11s) and Cisco APs have fixed IP addresses and all client NICs use DHCP.  DHCP scanning by the Mikrotik Hotspot's DHCP server does NOT cover the range used by the fixed IP address devices and this may be the cause of the fixed IP addresses not showing up in the Cisco AP tables.  Though why they SOMETIMES show up in the Cisco association table is still mysterious.
           
IP displayed
 MAC displayed
 IP/MAC when Mikrotik Auto MAC Login enabled
Device


Client WinIPCfg
 NIC
 NIC
Bridge Utility SW
 WET11
 WET11
Cisco Association
 NIC (sometimes WET11 also)
 NIC(sometimes WET11 also)
Mikrotik HotSpot Active
 NIC (but not if WET11 in circuit)
 NIC(but not if WET11 in circuit.)
 IP/MAC of autologin via MAC NIC clients now shown in MT version 2.7.19
Mikrotik Router DHCP server leased
 NIC
 NIC
 NIC
Mikrotik



Notes:   1) This table data is still being developed.  More details to follow.
              2) The older WET11 hardware with  firmware version 1.54 appears to be fully compatible with Cisco APs tested here.  However, the newer WET11 hardware with firmware version 2.07 will not link to Cisco AP342/AP352 units with multiple SSIDs enabled.  Ver 2.07 firmware was supposed to fix this but it did not.  Other than this, the WET11 continues to be a quality, inexpensive, and easy to use wireless client/bridge unit.

  Experiments to Determine the Maximum Range Capability of the AP342/AP352
            (Firmware in use is Cisco version 12.04)  Maximum Range confirmed greater than 7.45 miles
Experimental Data gathered thus far as to the maximum range of the AP342/AP352 is given below.  These experiments were run with a two watt amplifier on each end of the circuit with a combined antenna gain of 17db for the duration of the tests.  This was done so as to insure to the extent possible that RF signal level is not the determining factor if data rate slowdowns occur on the link.    There are two configurations to consider.  These are AP optimization set for THRUPUT (TP) and AP optimization set for RANGE (RG).   Note:  The author is an Amateur Radio Operator and is  licensed by the FCC  under FCC part 97 to operate at higher power than that allowed for part 15 equipment for experimentation on the section of the Part 15 frequency range which overlaps with and is shared with the Amateur Radio Service.   Unless you hold an Amateur Radio License you would be operating illegally and outside the Part 15 and FCC  rules to use power levels not provided by your FCC Part 15 approved equipment.

Now to the Measurements
 1)  Out to at least 1.5 miles,  the APs will work in TP mode but the speed is down to 2mbps at 1.5 miles with good signals.  Changing the setting to RG mode gets the speed back up to 11mbps at 1.5 miles.  I am sure that there is actually a compromise of the overall data transfer speed,  but it is nice to see the bit rate return to 11mbps when the RG option is selected.  I am not sure where the optimum crossover occurs,  but if you are over about 0.75 mile between a base station and repeater or between repeaters,  you should try the TP and RG options and see which one works best for you based on sustained data thruput.
2) Out at 3.7 miles from the base station (with considerable trees in the way on the mountaintop),  signals were at 42% on the AP342's signal strength display.  On RG option,  the bit rate was 11mbps and the system operated very well indeed.  I changed the settings to the TP option and the speed went to 1mbps and I was (just) barely able to pass enough data to the base station's AP342 to change the option back to RANGE.  So.. I think that something in the range of a mile or a bit less is the place where you should change the AP's option from TP to RG.
3) Out at 7.45 miles from the base station (in the car on local Sawnee Mountain, this time with drizzle and "moderate" tree blockage in the direction of the base station) signals were at 43% to 53% (varying) with the AP342 operating in repeater AP mode  in the back seat of my car.  The signaling rate shown in the car and in the AP342 in the base station stayed at 11 Mbps.   This was very encouraging.  I tried downloading files and everything went along at the max ADSL rate of about 150Kbytes per sec.  Performance looks good now out to at least 7.45 miles with the AP342/AP352 equipment.  I also tested a Senao client card back to the base station direct (without use of the AP342 repeater in the car) and it performed perfectly as expected as well.  These tests were run in the "optimize for RANGE" option both in the base AP and in the repeater AP.  No special selection was made in the Senao PCMCIA card setup.  Transmit power on both ends was set to 2 watts for this test.  Combined antenna gain was about 17db.
4) More distance tests are coming.. Keep tuned.
Data Throughput Tests: Direct and Repeater Modes

Of interest to experimenters is the manner in which data throughput is affected by range and the various operating modes of Wireless Data Repeaters such as those of the Cisco AP352/AP342 line.  (Note:  The performance of OTHER brands and models of wireless equipment will differ and no generalized conclusions should be drawn from this limited data.)

The Setups Used:
    <at Sawnee Mountain>---------<at Silver City/Ham Tower>--------<inside House>------------------<inside house>
  A) Computer #1+amp----7.45 miles----Cisco AP342+amp----300ft----Cisco AP342 (no amp)----20ft----Computer #2
  B) Computer #1--5ft--Cisco AP342+amp--7.45miles--Cisco AP342+amp--300ft---Cisco AP342--20ft--Computer #2

Note that the A setup includes Computer #1  Senao PCMCIA card coupled to a 2 watt amplifier communicating directly to the Cisco AP342 equipped with an amplifier and operating as an Access Point.  Then the Access Point is communicating to a REPEATER Access Point located 300 feet away and then  the Repeater AP is communicating to Computer #2 located 20ft from the Repeater AP.   The Access Point unit is located 7.45 miles from Computer #1.  

Note: 
Test Setup A is operation through TWO repeaters (Ham Tower unit operates as repeater and so does the one inside the house) and Test Setup B is operation through THREE repeaters (Sawnee Mtn,  Ham Tower and Inside House).  In the B setup,  an additional REPEATER Access Point is inserted in the link between Computer #1 and the distant Access Point.  The rest of the physical link is not changed.

To be able to communicate (at all) with the central Ham Tower site,  it was necessary to select "optimize for RANGE" in the express setup screen of the AP342 located at the tower.  However,  the other two AP342s would operate fine with the "optimize for" selection set to either THROUGHPUT or RANGE.  We made tests with multiple combinations of settings to see what differences were apparent.  In addition to the setup with the two repeaters,  we tested setup B (above) which included a direct connection on the 7.5 mile link to the Ham Tower Access Point.  The data is as follows:

Data transferred consisted of a 2.188 megabyte file.  The same file was transmitted multiple times at each setting as we noticed a lot of random (and frequent) speed changes on the 7.45 mile link.  Likely this was a result of our location on the mountain where we did not have a clear and direct line of sight path but rather we were looking across the brow of a knoll between the car and the distant Ham Tower site.  I suspect the path had a good bit of multipath.  We plan to install a fixed repeater site on this mountain site in the future and we will run the same tests again to see if thing improve when we have a better quality radio link.

The Data:  Note: TP=Throughput optimized AP setting,  RG=RANGE optimized AP setting

Note:  Setup (A) operates through TWO repeater APs and Setup (B) operates through THREE repeater APs.
Setup A)   Senao/AP        Tower AP setting  Repeater Setting  Time(s) to Transmit File   Average Thruput
    Test 1)  Senao                    AP=RG            AP=TP                  89,  56,  90,  58,  86sec      288654bits per second
Setup B)
    Test 1)   AP=RG              AP=RG              AP=TP                  80,  118,  94, 67, 72            253820 bits per second
    Test 2)   AP=RG              AP=RG              AP=TP                  65, 74, 82, 78                      292709 bits per second
    Test 3)   AP=TP               AP=RG              AP=TP                  55, 68, 53, 100, 63              322714 bits per second
 
The above data is NOT  as high as I had expected.  The following are my conclusions at present:
1) The Cisco AP342/AP352 do in fact OPERATE at ranges out to at least 7.45 miles but the data throughput rate is not all that good in the "optimize for range" position.   (It may improve when I am able to get a better test position with less multipath.)
2) The throughput does not change greatly if just one AP or multiple APs are placed in RANGE mode and put into operation as repeaters.
3) There HAS to be a better way to get high speed data transport using Wireless over a wide area using repeaters.
4) The throughput just using the Ham Tower unit as an AP and accessing the internet with the AP in RANGE mode was close to full DSL speed.  While I do not at present know what the "to be expected" maximum throughput rate for the AP342 used "just as a wide area Access Point" it appears to be much greater than the speed to be obtained when the AP342/AP352s are used as REPEATERS in the link.

I will update this data from time to time as more tests are run.  One test will be to setup a computer direct to the Ham Tower AP on the ethernet side and measure the throughput rate of this "Access Point Mode" to the remote mountain site.  I expect this throughput to be considerably higher.  I also will try and locate a better test site with less multipath..  But.. The wind and temperature on the mountain keeps me mostly in the car!
-----------------------------
Here is a quotation from an engineer at Cisco about the AP342/AP352 (specifically)  used for longer range work.
"The 'optimize for range' or 'optimize for throughput' setting changes the data rates settings for both basic and data rates as well as 'slot times'. What 'range' actually does is to allow a drop down in data rate (if necessary all the way to 1Mbps) for both data packets as well as overhead packets. For the ACK timing this will change the hold off 'slot times' to compensate for the longer time it takes for lower data rate packets to get through.  This will permit the beacons and other packets, required for maintaining association, to get through easier on the long distance paths.

You got throughput out to 7.45 miles?  That's great.  But how many clients were being used at any one time, and what type of traffic load did you have on the AP at the time?  We have tested to over 5 miles,  but when we started loading up the AP with traffic, we noticed packet retries (on the RF link) starting to rise rapidly.

So we have still classified the units as 1 mile capability, based on 11Mb and 25 users,  pushing 5Mb of traffic (aggregate) through the AP. Keep in mind Cisco is targeting the enterprise and carpeted office, as well as verticals such as Healthcare, Education and retail for the majority of our products and focus.  For public access we target hospitality (like hotels) and hotspots (Starbucks, McDonalds, Airports) so we have not put any large efforts into longer range public access applications.  Hence the lack of features required for the longer ranges."
Some Operational Observations of a Cisco based network with a BR352 as the central node and five AP342/352s operating as Repeater APs

1) LinkSys WET11 model 1 units appeared fully compatible with the Cisco gear in all modes.  WET11 version 2 units are compatible with the Cisco AP/BR 352/342 units BUT ONLY if you just use a single SSID.  If you use multiple SSIDs in the Cisco gear,  WET11 model 2s (with firmware 2.07 and lower) will not associate with the secondary SSIDs.  (I am told that version 2.07 supposedly does associate with the primary SSID.)
2) The option to "search for a less congested radio channel" is a nice feature in the Wireless Setup.  I originally fixed my network on channel 5.  Six months after installation,  I had interference to my system on channel 5 that virtually made thruput from the Central Bridge go near zero at times.  After identifying the problem,  I set the Central Bridge to allow roaming to channels 3, 4, and 5 if necessary to find a better channel.  The system immediately moved to channel 3.   Within 10 seconds or so,  all of the Repeater APs had automatically reassociated and quickly thereafter all of the WET11s had reassociated and were working.  Some client cards (Cisco,  and Orinoco) automatically reassociated while others required exiting the browser and other programs and/or rebooting the computer.  The system has stayed on channel 3  and worked fine ever since. 
3) To read the signal strength from a particular "downstream" remote client radio to AP/BR or from a "downstream" Repeater AP to an "upstream AP/Bridge or from one Repeater AP to the next proceed as follows.  (Note: Upstream refers to devices closer to the Root AP or Bridge device which is connected to the wirelan [usually internet] interface.)   Go to the ASSOCIATION TABLE of the  AP or Repeater AP that is the PARENT for the particular radio in question.  Click on the MAC address for the desired client or other station which claims this AP/Repeater AP as "parent" (SELF in the table).  Observe "Latest Signal Strength" in percent in the entry in the right column.  This reads the signal strength AT the "self" or "parent" of the distant repeater's signal.
4)  To read the signal strength of an "upstream" Root AP/Bridge or Repeater at a "downstream" repeater,  proceed as follows.  Go the the SETUP table of the downstream repeater.   Look for the NETWORK  PORTS line near the bottom of the table.  Look to the right for the diagnostics link and click on this link.  Click on the RADIO DIAGNOSTICS LINK.  Then click on the START button of the Antenna Alignment Test.  Wait about a minute and a table of moment-to-moment signal strengths will be displayed.
5)  I have not been able to get the CARRIER TEST to work on AP342s with firmware version 12.04.  When I try and run a carrier test,  the unit is "locked up" for several hours or more and never comes back to life or delivers the channel usage chart.  I will try this on a AP352 and BR352 when I get to it.
6) APs have the ability to show traffic to/from the AP in either Bytes or Packets or both in the association table. (Click on "additional display filters" and set options.)  Bridges can only show traffic in Packets.  I don't know if this is a bug in ver 12.04 firmware or a limitation of the Bridge perhaps running out of memory or CPU capacity.
Table of Cisco AP352/AP342/BR352 signal strength readings in Percent converted to dbm
    0%
 5
 10
 15
 20
 25
 30
 35
 40
 45
 50
 55
 60
 65
 70
 75
 80
 85
 90
 95
 100
-92dbm
 -91
 -90
 -89
 -88
 -85
 -82
 -79
 -76
 -73
 -70
 -68
 -65
 -63
 -60
 -57
 -54
 -51
 -48
 -45
 -42

Does anyone know how the significance of the "signal quality" percentage?  If so, please email JOE

            



**Text materials in this paper copyrighted 2003, 2004 by Joe Mehaffey,  all rights reserved.  Cisco trademarks belong to Cisco Systems.,