802.11k An amendment to the 802.11 standard that defines a method of assisted roaming, as part of “Radio Resource Management.”
802.11r An amendment to the 802.11 standard that defines a method of fast BSS transition (FT). Clients capable of FT associate normally and then can reassociate very quickly by using a special FT 4-way handshake during the authentication and reassociation exchanges with subsequent APs.
802.11v An amendment to the 802.11 standard that defines methods of BSS transition, as part of “Wireless Network Management.”
802.1X_reqd The state on the WLC of a Wi-Fi client that successfully completed 802.11 authentication and 802.11 association and has now moved to the 802.1X/EAP authentication state.
Acceptable Use Policy (AUP) An agreement that a guest or BYOD user must accept before gaining access to a network. The AUP typically contains legal disclaimers and an agreement on how the client may use the network.
Access Category (AC) Introduced as part of EDCA, there are four Access Categories: Voice, Video, Best Effort, and Background. Each AC is given different access rules to prefer higher- over lower-priority traffic.
Adaptive Wireless Path Protocol (AWPP) AWPP is a mechanism used by MAPs to dynamically find the best parent link in a mesh network. AWPP uses the ease metric in its selection of the MAP.
ad hoc rogue One of your clients that establishes a peer-to-peer Wi-Fi connection to another Wi-Fi client, instead of going through the wireless infrastructure connection.
anchor controller The original controller a client was associated with before a Layer 3 inter-controller roam occurs. An anchor controller can also be used for tunneling clients on a guest WLAN or with a static anchor. Traffic is tunneled from the client’s current controller, the foreign controller, back to the anchor.
AP Fallback An AP can try to rejoin its primary controller at any time it becomes available, rather than staying with the secondary or tertiary controller after a controller failure.
AP on a stick (APoS) A survey mode where APs are tentatively positioned on a tripod, so as to determine the best position for intended APs in this area.
AP prioritization An AP can be assigned a priority value (low, medium, high, critical) to be used when joining a controller. Higher-priority APs are admitted to the controller ahead of ones with lower priorities.
AP-COS A controller-based operating system used on 802.11ac Wave 2 and later APs.
Application Visibility and Control (AVC) A method used on the wireless controller to inspect the payload of the traffic. Once AVC identifies the type of application in use, it has the ability to change the DSCP markings, rate limit, or drop the traffic.
AQI Air Quality Index, a measure of how each channel is affected by all detected interferers. The scale is from 1 to 100, with 100 representing no interference detected, and 1 representing an unusable channel.
Arbitrated Interframe Space Number (AIFSN) A mandatory wait timer that must be observed by stations before transmitting onto the medium. There are different AIFSNs for each Access Category.
association A fresh wireless connection between a client and an AP.
asymmetric transmit power levels The condition where an AP and a client device use different transmit power level values, resulting in one of them not receiving the other.
authentication server (AS) The authentication server looks up the identity of the authentication request (either from a local store or from a distributed identity store) and authenticates them for access to the network. The authentication server can also provide policy for how new clients should be handled. The AS is sometimes referred to as a Network Authentication Server (NAS).
authenticator A network device that communicates with the supplicant to receive the username and password from the client. The authenticator communicates with the authentication server over RADIUS to authenticate the user and apply policy as they are connected to the network. In a wireless LAN, the authenticator is either the access point or the controller. The authenticator is sometimes referred to as the Network Access Device (NAD).
Bring Your Own Device (BYOD) A common modality used in wireless networks where the users bring their own mobile devices and gain access to the network through an onboarding process. BYOD is typically deployed in conjunction with LWA or CWA on the wireless infrastructure.
CAPWAP Message Aggregation A method where multiple CAPWAP control messages are sent to an AP, and then the AP responds with a bulk acknowledgment. This is a method used to improve the performance of CAPWAP control over the WAN.
Carrier Sense Multiple Access / Collision Avoidance (CSMA/CA) A “listen before you talk” method of transmitting a frame onto the wireless medium. In CSMA/CA, each frame must be acknowledged by the receiving station.
CCKM Cisco Centralized Key Management is a proprietary fast secure roaming method. A client’s PMK is cached for future roams, shortening the time needed for reassociation. CCKM requires a CCX-capable client.
cell The RF coverage area of a wireless access point; also called the basic service area (BSA).
central switching In FlexConnect, this refers to SSIDs that are centrally switched on a controller.
central web authentication (CWA) A method of redirecting BYOD and guest users where the redirection URL and the pre-WebAuth ACL are centrally configured on ISE and communicated to the controller via RADIUS.
CHDM See coverage hole detection mitigation (CHDM).
Cisco MultiGigabit Also known as Cisco mGig, this is a technology based on NBASE-T providing up to 5Gbps on standard Cat 5e cabling and up to 10Gbps on Cat 6a cabling.
CleanAir The Cisco solution to detect and report interferers and manage WLAN channels based on detected interferers’ characteristics.
client (location context) Any 802.11 device, with the exclusion of rogue APs, their clients, and RFID tags.
client density The relative number of wireless clients located in proximity to each other, requiring special consideration.
CM See cost metric (CM).
CMX Connected Mobile Experience is the location-based services engine software that runs on Cisco MSE appliances.
COF See coverage overlap factor (COF).
connected mode This is a FlexConnect mode when the controller is reachable from the AP.
Contention The phenomenon that occurs when multiple stations must compete for access to a wireless medium. In Wi-Fi, only one station may transmit at a given time. If more than one station wishes to transmit, it creates contention for the medium.
Contention Window (CW) A period that a station must wait before transmitting a frame. The CW comes after the DIFS/AIFSN. The CW is a random number that is generated by the station between 0 and CWmin on the first attempt. The CW doubles in size after each retry, until a maximum of CWmax is achieved.
cost metric (CM) A metric computed and used by the DCA algorithm to determine the potential performance that is possible on each channel that APs are using, as well as channels that they potentially could use.
coverage hole An area that is left without good RF coverage. A coverage hole can be caused by a radio failure or a weak signal in an area.
coverage hole detection mitigation (CHDM) An RRM algorithm that can automatically detect areas of weak RF coverage and compensate by increasing AP transmit power levels.
coverage overlap factor (COF) A metric computed by the RRM FRA algorithm that indicates the percentage of an AP’s cell area that has overlapping coverage from other neighboring APs.
CPU ACL A type of ACL that can be implemented on the controller to restrict stations and traffic types from accessing functions of the controller that impact the controller, such as SSH, HTTP, ICMP, and others.
daisy chaining A method of increasing the size of a mesh by connecting two mesh segments back-to-back using a wired connection.
DBS See dynamic bandwidth selection (DBS).
DCA See dynamic channel assignment (DCA).
decibel (dB) A logarithmic scale measuring an increase or decrease in power.
decibel milliwatt (dBm) A measure of power relative to a reference value of 1 milliwatt.
DHCP_reqd The state on the WLC of a Wi-Fi client that successfully completed the L2 authentication phase and is in process of obtaining an IP address through DHCP. A client with a static IP address may stay in this state until the WLC detects the static IP address.
Diffserv Code Point (DSCP) An IP marking scheme that uses 6 bits in the IP packet header. DSCP allows for 64 possible levels of service.
Distributed Coordination Function (DCF) The rules of how a frame is transmitted onto the wireless medium. DCF leverages CSMA/CA and was the primary media access algorithm used by 802.11a/b/g.
DNA Spaces Cisco cloud-based location solution that can work in combination with WLCs, connecting directly to or through DNA Spaces Connector, or can work in combination with on-premises MSE appliances.
dynamic bandwidth selection (DBS) A criteria used by the DCA algorithm to maximize throughput by changing an AP’s channel width in a dynamic fashion.
dynamic channel assignment (DCA) An RRM algorithm that monitors APs in an RF group and adjusts their channel assignment based on poor RF conditions.
Dynamic Frequency Selection (DFS) A mechanism where the AP can scan and avoid RF channels used by radar stations.
dynamic rate shifting (DRS) The process of dynamically changing the data rate used in a wireless transmission based on the RF conditions affecting the signal.
EAP (Extensible Authentication Protocol) EAP is an authentication framework used extensively in wireless networks for the handling of access credentials between a client device and an authentication server. The EAP framework defines common authentication functions. There are numerous available EAP methods that can be used between a client and the authentication server.
EAP-FAST (Flexible Authentication via Secure Tunnels) Similar to PEAP, a tunneled EAP method. EAP-FAST uses Protected Access Credentials (PACs) on the client to help improve fast roaming in wireless environments.
EAP-MSCHAPv2 (Microsoft Challenge-Handshake Authentication Protocol version 2) A popular EAP inner-method. MSCHAPv2 allows for simple transmission of username and password from a supplicant to the RADIUS server.
EAP-TLS (Transport Layer Security) An EAP inner-method that utilizes X.509 certificates on both the client and authentication server.
ease A metric used by a MAP in the AWPP mechanism as it tries to join the optimal parent.
EDRRM Event-Driven RRM, a mechanism to trigger an RRM channel recomputation when a severe interferer has been reported on a channel for more than 30 minutes.
ED-RRM See event-driven RRM (ED-RRM).
end user license agreement (EULA) A license agreement on the controller that, once accepted, allows the controller to manage AireOS access points.
Enhanced Distributed Channel Access (EDCA) An improvement over DCF that was introduced as part of 802.11e and provides QoS handling through different media access rules for each class of service.
Enhanced Local mode An AP mode where the AP performs data service and WIPS detection (solely on its active channel).
European Telecommunication Standards Institute (ETSI) The regulatory body in charge of wireless communications for the European Union. Its rules are followed by several non-European countries.
Event-driven RRM (ED-RRM) Normal RRM algorithms that are triggered by an event such as detecting a source of interference or a rogue device, rather than running periodically.
fast BSS transition (FT) See 802.11r.
Fastlane An AutoQoS macro that is supported on both AireOS and IOS-XE controllers as a way to implement a wide array of QoS features in best-practice approach.
FastLocate A location accuracy augmentation technique where a connected client’s unicast frames complement broadcast management frames to compute the client’s most probable location.
Federal Communications Commission (FCC) The regulatory body in charge of wireless communications for the United States. Its rules are also followed by several other countries.
FlexConnect An access point mode used in remote branch office scenarios where the AP is managed by a central controller but has the ability to switch traffic locally without sending it back to the controller over a CAPWAP tunnel.
FlexConnect groups A logical grouping of Flex Connect APs that allows local authentication key caching allowing high-speed roaming as well as roaming while in standalone mode.
Flexible Radio Architecture (FRA) A Cisco innovation that allows one AP radio to be configured to switch bands and switch between a macro and micro antenna pattern, either as a static configuration or a dynamic operation.
flexible radio assignment (FRA) An RRM algorithm that can automatically detect an AP that is providing redundant 2.4GHz coverage and can reassign that AP to offer added coverage in the 5GHz band or monitor RF conditions.
foreign controller The current controller a client is associated with after a Layer 3 inter-controller roam occurs. Traffic is tunneled from the foreign controller back to an anchor controller so that the client retains connectivity to its original VLAN and subnet.
FRA See flexible radio assignment.
FT See fast BSS transition.
Health On DNAC, Health refers to a number of KPIs combined to surface a connectivity and performance evaluation level for an infrastructure or client device.
Hyperlocation An Angle of Arrival (AoA) technique that can help bring location accuracy down to a meter level.
identity store The identity store is the place where the client credentials are stored. The identity store is typically kept in an LDAP server.
IEEE 802.1X A standard for port-based network access control (NAC). 802.1X provides a method for authentication of devices connecting to a network. 802.1X defines encapsulation of EAP over Layer 2 protocols. This is commonly known as EAPoL (EAP over LAN).
IGMP See Internet Group Management Report (IGMP).
IGMP Snooping A feature that allows a network device, such as a switch or WLC, to eavesdrop on IGMP packets in transit and make multicast delivery decisions based on the group membership contents.
Intelligent Capture On C9800 and DNAC, Intelligent Capture (sometimes abbreviated as iCap) is a dynamic over-the-air capture tool that analyzes the exchanges between a client and the infrastructure to surface anomalies. The tool can also export the capture in .pcap format.
inter-controller roaming Client roaming that occurs between two APs that are joined to two different controllers.
Internet Group Management Protocol (IGMP) A protocol used to control membership in a multicast group.
intra-controller roaming Client roaming that occurs between two APs joined to the same controller.
jitter The variance of the end-to-end latency experienced as consecutive packets arrive at a receiver.
L2authcomplete state The state on the WLC of a Wi-Fi client having successfully completed Layer 2 authentication (PSK handshakes or 802.1X/EAP authentication).
latency The amount of time required to deliver a packet or frame from a transmitter to a receiver.
Layer 1 sweep A site survey process aiming at discovering non-802.11 transmitters on the bands intended for the WLAN deployment.
Layer 1 sweep A survey mode intended to detect (and locate) non-802.11 interferers.
Layer 2 roam An inter-controller roam where the WLANs of the two controllers are configured for the same IP subnet.
Layer 3 roam An inter-controller roam where the WLANs of the two controllers are configured for different IP subnets. To support the roaming client, a tunnel is built between the controllers so that client data can pass between the client’s current controller and its original controller.
Lightweight Directory Access Protocol (LDAP) An open, standards-based protocol used by the authentication server to access device and user identity stores. Microsoft Active Directory (AD) is an example of a popular LDAP server used by many companies.
local switching In FlexConnect, this refers to SSIDs that are locally switched on the AP itself and do not transit to the controller.
local web authentication (LWA) A method of redirecting BYOD or guest users to a portal directly from the wireless controller. The redirection and pre-WebAuth ACL are locally configured on the controller, not an external server.
location accuracy The measure of how close to the client’s actual location (ground truth) the location estimation is.
location precision The measure of how consecutive location evaluations are close to one another.
Location Specific Services (LSS) A WLC feature that works with mDNS to respond to resource queries with only the resources learned from AP neighbors nearest the requesting client.
LSS See Location Specific Services (LSS).
mDNS See multicast DNS (mDNS).
mesh access point (MAP) The MAP is an access point that forms a wireless link to either the RAP or another MAP.
MGID See multicast group ID (MGID).
mobility domain A logical grouping of all mobility groups within an enterprise.
Mobility Express An access point mode where the AP supports controller capabilities directly on the AP, without the need for an external controller. Mobility Express is often used in remote branch settings.
mobility group A logical grouping of one or more controllers between which efficient roaming is expected.
MSE Mobility Services Engine is an appliance, typically on premises, where the CMX services run.
multicast A type of packet delivery where one packet is sent to multiple recipients over a network.
Multicast Direct A WLC feature that can redirect incoming multicast video streams into unicast streams directed toward each individual recipient on a wireless network. By doing so, the WLC can maximize the quality and delivery of the multicast video stream.
multicast DNS (mDNS) The multicast domain name system uses IP multicast to discover online resources dynamically. mDNS is used by Apple Bonjour and Google Chromecast and can work over wired and wireless networks.
multicast group A destination IP address from a special range of addresses used only for multicast traffic.
multicast group ID (MGID) An arbitrary index into a table of multicast groups and their registered recipients, as defined and used by a WLC.
Multicast Listener Discovery (MLD) A feature that eavesdrops on traffic to learn of IPv6 multicast recipients, much the same way IGMP snooping does for IPv4 multicast.
N+1 redundancy High availability offered by N number of active controllers plus one idle standby controller.
N+N redundancy High availability offered by N number of active controllers. The AP load is distributed across the active controllers, removing the need for an additional backup controller.
N+N+1 redundancy High availability offered by N number of active controllers plus one idle standby controller.
NDP See neighbor discovery protocol (NDP).
neighbor discovery protocol (NDP) A Cisco proprietary protocol used by APs to advertise their presence, allowing other neighboring APs to discover them. Many of the RRM algorithms use the data collected from NDP advertisements to compute their results.
Network Admission Control (NAC) A technology used to challenge all access to the network to ensure the device or user is trusted and is allowed to connect. Typically, NAC employs IEEE 802.1X as a challenge-response system to first identify the user or device and then grants access with a certain privilege level.
noise floor The level of ambient noise present in the environment at a particular frequency.
OEAP An Office Extend Access Point. This is an AP mode used in remote office scenarios where the AP uses a VPN tunnel to connect over the Internet back to a central controller, in effect extending the corporate network to a remote office location.
OKC See Opportunistic Key Caching.
omnidirectional antenna An antenna that directs RF energy in all directions, resulting in a low antenna gain.
Opportunistic Key Caching (OKC) A fast, secure roaming method that caches the PMK for the lifetime of the client and shares it across all APs on the same controller. OKC is not defined in the 802.11 standard.
packet loss The percentage of packets sent that does not arrive at the receiver.
patch antenna An antenna that directs RF energy toward a specific direction, usually perpendicular to the antenna’s flat area, resulting in a higher antenna gain.
Path Trace On DNAC, Path Trace is a function by which you can test the communication between two points on a particular set of ports. Path Trace is not only useful for troubleshooting application performances but also to evaluate the effect of the configuration ofnetworking devices on endpoints’ communication.
PBM A lifecycle process that includes three phases: Plan, Build, and Manage.
perimeter In CMX, a perimeter is the area where location will be performed.
PIM See Protocol Independent Multicast (PIM).
PMKID Caching A fast, secure roaming method introduced in 802.11i that caches the pairwise master key (PMK) identifier to improve roaming efficiency.
POA See point of attachment.
PoE (Power over Ethernet) Based on the IEEE 802.3af standard; provides up to 15.4W of power to a device.
PoE+ PoE+ is based on the IEEE 802.3at standard and provides up to 30W of power to a device.
point of attachment (POA) The controller that anchors a client’s IP address for Layer 3 roaming.
point of presence (POP) The controller where a client is currently associated.
policy set A mechanism in ISE used to create policy rules for authentication and authorization of users to the network.
POP See point of presence.
power injector A network device that is externally connected to a power source and injects electrical power into the cable to power an end device.
power sourcing equipment (PSE) The PSE is the networking hardware (such as a switch) that delivers PoE to an end device.
powered device (PD) The PD is the end device that is powered by either the PSE or a power injector over twisted pair copper cable.
PPDIOO A Cisco lifecycle process that includes six phases: Prepare, Plan, Design, Implement, Operate, and Optimize.
preauthentication A fast, secure roaming method introduced in 802.11i that preauthenticates a client by sharing its PMK across neighboring APs after it associates with one. Cisco WLCs and APs do not support preauthentication.
preauthentication access control list For guest portals, a preauthentication ACL is created on the WLC for a target WLAN to ensure that all traffic prior to guest authentication is directed to the portal.
predictive survey A survey mode where the number of APs is estimated offsite, from a scaled floor plan.
proactive key caching (PKC) See opportunistic key caching (OKC).
Probing state The state on the WLC of a Wi-Fi device from which probe requests have been received. That device may or may not decide to continue to the association phase.
Protected EAP (PEAP) PEAP is a tunneled EAP method that protects inner EAP methods, such as MSCHAPv5 or EAP-GTC. PEAP requires a server certificate on the authentication server.
Protocol Independent Multicast (PIM) A multicast routing protocol used between routers.
pseudo-MAC A virtual MAC address allocated to an interferer by a detecting SAgE chipset, so as to be able to allocate a unique identifier to each detected interferer.
radio resource management (RRM) The set of Cisco proprietary algorithms used to automatically control and tune a wireless network and its AP radios.
real-time location services (RTLS) The process of automatically determining the location of wireless devices.
reassociation A roaming action, where a wireless client moves its association from one AP to another.
received signal strength indicator The measured signal strength of a received signal, normally expressed in dBm.
receiver start of packet threshold detection (RxSOP) A Cisco proprietary feature that can apply a threshold to APs such that received signals with an RSSI lower than the threshold will be ignored.
Remote Authentication Dial-In User Service (RADIUS) A UDP-based networking protocol that provides centralized authentication, authorization, and accounting (AAA) management for users connecting to a network service.
RF group A logical grouping of wireless LAN controllers that operates as a single RF domain. RRM algorithms run on a per-RF group basis.
RF group leader A controller that is elected to handle all of the RRM algorithms for the entire RF group on a single frequency band.
RF neighborhood A logical set of APs that are in close RF proximity to each other.
RF profile A policy of RRM-related RF parameters that can be applied to a logical grouping of APs in an RF group.
Right-to-Use (RTU) An honor-based licensing system that requires the user to accept an EULA on the controller.
rogue AP An access point that is not managed by your WLCs. A rogue can be an access point from your organization, managed by another system (friendly, internal rogue), a valid neighboring AP (friendly, external rogue), or an attacker AP posing a threat to your network (malicious rogue).
rogue client One of your clients that disconnected from your network to attach to a rogue AP.
root access point (RAP) This is the root of any mesh tree and is a mandatory requirement for any mesh. The RAP connects to the wired network.
RRM See radio resource management (RRM).
RSSI trilateration A location technique where the signals (RSSI) from mobile device broadcast management frames (for example, probe requests) received at several APs are compared to compute the device’s most probable location.
Run The state on the WLC of a client that successfully completed all onboarding phases and can exchange data through the Wi-Fi infrastructure.
RxSOP See receiver start of packet threshold detection (RxSOP).
SAgE Spectrum Analysis Engine, a specialized chip on most Cisco APs that can read, demodulate, and interpret non-802.11 signals to report interferers.
sensitivity level The received signal strength threshold that divides intelligible, useful signals from unintelligible ones.
severity For an interferer, this is the measure of the effect of the interference on your network performance. The scale is from 1 to 100, with 100 representing an unusable channel.
SI Spectrum Intelligence, a software-based non-802.11 interferer-detection mechanism implemented on lower-end Cisco APs that do not include a SAgE chipset. SI typically detects a subset of the interferers that SAgE detects.
signal-to-noise ratio (SNR) The difference between a received signal’s strength and the noise floor.
SKC Caching See PMKID Caching.
Smart Image upgrade A feature where a FlexConnect master AP is used as a proxy to upgrade the image of other APs in the FlexConnect group.
Smart Licensing A newer method of managing Cisco software licenses that allows central pooling of licenses in a Smart Account. This approach negates the need to license each controller for the APs it is managing.
split tunneling The ability for a centrally switched WLAN client to access resources directly on the local LAN.
SSO High availability offered by two controllers configured as a failover pair. One controller is active and supports the AP and client load, while the other controller is a hot standby. Stateful information about APs and clients in the RUN state is synchronized between the active and hot standby units for efficient failover.
standalone mode A fallback mode for the FlexConnect AP when the controller is no longer reachable. The AP still functions but with fewer services.
supplicant The supplicant is a piece of software running on the client device that provides the username and password to the authenticator over EAP.
Telecom Engineering Center (Telec) The regulatory body in charge of wireless communications for Japan.
Terminal Access Controller Access-Control System + (TACACS+) A TCP-based client/server protocol that provides centralized AAA security controls for users attempting to gain management access to a controller.
TPC See transmit power control (TPC).
Transmission Opportunity (TXOP) A time period given for a station to continually transmit frames once it has won the EDCA contention algorithm.
Transmission Specification (TSpec) A method of Call Admission Control that is used in 802.11e to reserve bandwidth on an AP, allowing a client to transmit high-priority traffic.
transmit power control (TPC) An RRM algorithm that automatically adjusts the transmit power level of APs to minimize cell overlap and interference.
UPOE Universal PoE is a Cisco proprietary standard that delivers up to 60W of power to a device.
UPOE+ Universal POE+ is a Cisco proprietary standard that delivers up to 90W of power to a device.
User Priority (UP) A 3-bit field in the 802.11 frame header that identifies the QoS class of the frame. The UP field allows for eight levels of service, although there are only four available Access Categories.
validation survey Also sometimes called passive survey, this is a survey mode where an application associates a floor plan to detected APs.
Webauth_reqd The state on the WLC of a client of a WebAuth WLAN that successfully associated and authenticated, obtained an IP, and moved to the WebAuth authentication phase. As this phase is manual while the previous phases of the association are usually automatic, some clients may stay in this state for a long time (until the user notices the authentication requirement on the device screen).
Wi-Fi Protected Access (WPA) WPA, WPA2, and WPA3 are security compatibility standards used by the Wi-Fi Alliance, which leverage EAP. The WPA standards were developed in response to vulnerabilities discovered in WEP.
Wireless Multimedia (WMM) The QoS compatibility standard used by the Wi-Fi Alliance (WFA). WMM leverages the recommendations in the 802.11e specification.
Workgroup Bridge (WGB) A device that provides switching services that are backhauled over the wireless link.
zone In CMX and DNA Spaces, a zone is an area defined by the operator to which a label was applied.