SlideShare una empresa de Scribd logo

Design, Deployment and Management of Unified WLAN

Cisco Canada
Cisco Canada
TecnologíaEmpresariales
1 de 53
Descargar para leer sin conexión
Design, Deployment and Management of Unified WLAN
Understanding WLAN Controllers 1st/2nd Generation vs. 3rd Generation Approach 1st/2nd Generation • 1st/2nd generation: APs act as Data VLAN 802.1Q translational bridge, putting client traffic on local VLANs Management VLAN • 3rd generation: Controller bridges client traffic centrally Voice VLAN 3rd Generation Data VLAN Management VLAN LWAPP/CAPWAP Tunnel Voice VLAN
Centralized Wireless LAN Architecture What Is CAPWAP? • CAPWAP: Control and Provisioning of Wireless Access Points • Used between APs and WLAN controller and based on LWAPP • CAPWAP carries control and data traffic between the two – Control plane is DTLS encrypted – Data plane is DTLS encrypted (optional) • LWAPP-enabled access points can discover and join a CAPWAP controller, and conversion to a CAPWAP controller is seamless Business Application Data Plane Access Point CAPWAP Controller Wi-Fi Client Control Plane
CAPWAP Modes • The CAPWAP protocol supports two modes of operation – Split MAC (centralized mode) – Local MAC (FlexConnect/H-REAP) • Split MAC Wireless Frame Wireless Phy CAPWAP MAC Sublayer Data Plane 802.3 Frame STA WTP AC
CAPWAP Modes • The CAPWAP protocol supports two modes of operation – Split MAC (centralized mode) – Local MAC (FlexConnect/H-REAP) • Locally bridged Wireless Frame Wireless Phy MAC Sublayer 802.3 Frame STA WTP AC
Cisco Unified Wireless Principles NCS • Components • Wireless LAN controllers • Aironet access points Wireless LAN Controllers • Management System (NCS) MSE • Mobility Service Engine (MSE) Campus Network • Principles • AP must have CAPWAP Aironet connectivity with WLC Access Point • Configuration downloaded to AP by WLC • All Wi-Fi traffic is forwarded to the WLC
Controller Redundancy Dynamic • Rely on CAPWAP to load-balance APs across controllers and populate APs with backup controllers • Results in dynamic ―salt-and-pepper‖ design • Pros – Easy to deploy and configure—less upfront work – APs dynamically load-balance (though never perfectly) • Cons – More intercontroller roaming – Bigger operational challenges due to unpredictability – No ―fallback‖ option in the event of controller failure • Cisco’s general recommendation is: Only for Layer 2 roaming • Use deterministic redundancy instead of dynamic redundancy
Controller Redundancy Deterministic WLAN-Controller-A WLAN-Controller-B WLAN-Controller-C • Administrator statically assigns APs a primary, secondary, and/or tertiary controller – Assigned from controller interface (per AP) or WCS (template-based) • Pros – Predictability—easier operational management Primary: WLAN-Controller-A Primary: WLAN-Controller-B Primary: WLAN-Controller-C – More flexible and powerful redundancy design Secondary: WLAN-Controller-B Secondary: WLAN-Controller-C Secondary: WLAN-Controller-A Tertiary: WLAN-Controller-C Tertiary: WLAN-Controller-A Tertiary: WLAN-Controller-B options – ―Fallback‖ option in the case of failover • Con – More upfront planning and configuration • This is Cisco’s recommended best practice
Controller Redundancy Architecture Resiliency Resiliency N:1 Redundancy WLAN-Controller-A WLAN-Controller-B WLAN-Controller-C WLAN-Controller-1 APs Configured With: Primary: WLAN-Controller-1 NOC or Data Center Secondary: WLAN-Controller-BKP WLAN-Controller-BKP WLAN-Controller-2 APs Configured With: Primary: WLAN-Controller-2 Secondary: WLAN-Controller-BKP WLAN-Controller-n APs Configured With: Primary: WLAN-Controller-n Secondary: WLAN-Controller-BKP Primary: WLAN-Controller-A Primary: WLAN-Controller-B Primary: WLAN-Controller-C Secondary: WLAN-Controller-B Secondary: WLAN-Controller-C Secondary: WLAN-Controller-A Tertiary: WLAN-Controller-C Tertiary: WLAN-Controller-A Tertiary: WLAN-Controller-B N:N Redundancy N:N:1 Redundancy WLAN-Controller-A APs Configured With: WLAN-Controller-A APs Configured With: Primary: WLAN-Controller-A Primary: WLAN-Controller-A Secondary: WLAN-Controller-B NOC or Data Center Secondary: WLAN-Controller-B WLAN-Controller-BKP Tertiary: WLAN-Controller-BKP WLAN-Controller-B APs Configured With: WLAN-Controller-B APs Configured With: Primary: WLAN-Controller-B Primary: WLAN-Controller-B Secondary: WLAN-Controller-A Secondary: WLAN-Controller-A Tertiary: WLAN-Controller-BKP
AP-Grouping in Campus VLAN 100 VLAN 100 VLAN 100 Access Si Si Si Si Si Si Distribution CAPWAP Si Si Core Si Si VLAN 100 / 21 Si Si Si Si Distribution Access Single WAN Data Center Internet SSID = Employee WLC-1 WLC-2
AP-Grouping in Campus AP-Group-1 AP-Group-2 AP-Group-3 VLAN 60 /23 VLAN 70 /23 VLAN 80 /23 Access Si Si Si Si Si Si Distribution CAPWAP Si Si Core Si Si Si Si VLAN 60 Si Si Distribution VLAN 70 VLAN 80 Access Single WAN Data Center Internet SSID = Employee WLC-1 WLC-2
Interface-Grouping in Campus Access Si Si Si Si Si Si Distribution CAPWAP Si Si Core VLAN 60 VLAN 61 Si Si Si Si VLAN 62 Si Si Distribution VLAN 63 VLAN 64 VLAN 65 Access Single WAN Data Center Internet SSID = Employee WLC-1 WLC-2
Scaling the Architecture with Mobility Groups • Mobility Group allows controllers to peer with each other to support seamless roaming across controller boundaries • APs learn the IPs of the other members of the mobility group after the LWAPP Join process Controller-B • Support for up to 24 controllers, MAC: AA:AA:AA:AA:AA:02 Mobility Group Name: MyMobilityGroup 24,000 APs per mobility group Controller-A MAC: AA:AA:AA:AA:AA:01 Mobility Group Neighbors: Controller-A, AA:AA:AA:AA:AA:01 Controller-C, AA:AA:AA:AA:AA:03 • Mobility messages exchanged Ethernet in IP Tunnel Mobility Group Name: MyMobilityGroup Mobility Group Neighbors: between controllers Controller-B, AA:AA:AA:AA:AA:02 Controller-C, AA:AA:AA:AA:AA:03 (Multicast) • Data tunneled between Controller-C MAC: AA:AA:AA:AA:AA:03 controllers in EtherIP Mobility Group Name: MyMobilityGroup (RFC 3378) Mobility Group Neighbors: Controller-A, AA:AA:AA:AA:AA:01 Controller-B, AA:AA:AA:AA:AA:02 Mobility Messages
Increased Mobility Scalability • Roaming is supported across three mobility groups (3 * 24 = 72 controllers) • With Inter Release Controller Mobility (IRCM) roaming is supported between 4.2.207 and 6.0.188 and 7.0 Mobility Sub-Domain 1 Ethernet in IP Tunnel Mobility Sub-Domain 3 Ethernet in IP Tunnel Mobility Sub-Domain 2 Ethernet in IP Tunnel Mobility Messages
Inter-Controller Roaming: Layer 2 VLAN X WLC-1 Client WLC-2 Client Database Client Data (MAC, Database IP, QoS, Security) WLC-1 Mobility Message Exchange WLC-2  Inter-Controller roam happens when a client Preroaming moves association Data Path between APs joined to different controller  Client must be re- authenticated and new security session established
Inter-Controller Roaming: Layer 2 VLAN X WLC-1 Client WLC-2 Client Database Client Data (MAC, Database IP, QoS, Security) WLC-1 Mobility Message Exchange WLC-2 Preroaming Data Path  Client database entry with new AP and appropriate security context Client Roams to a  No IP address refresh Different AP needed
Inter-Controller Roaming: Layer 3 VLAN X VLAN Z WLC-1 Client Client Data (MAC, IP, WLC-2 Client Client Data (MAC, Database QoS, Security) Database IP, QoS, Security) WLC-1 Mobility Message Exchange WLC-2 • Client must be re-authenticated and new security session established • Client database entry copied to new controller – entry exists in both WLC client DBs • Original controller tagged as the ―anchor‖, new controller tagged as the ―foreign‖ • WLCs must be in same mobility group or domain
Inter-Controller Roaming: Layer 3 VLAN X VLAN Z WLC-1 Client Client Data (MAC, IP, WLC-2 Client Client Data (MAC, Database QoS, Security) Database IP, QoS, Security) WLC-1 Mobility Message Exchange WLC-2 Anchor Foreign Controller Controller • No IP address refresh needed • Symmetric traffic path Client Roams to a established Different AP • Account for mobility message exchange in network design
Designing a Mobility Group/Domain Design Considerations • Less roaming is better – clients and apps are happier • L3 roaming & fast roaming clients consume client DB slots on multiple controllers – consider ―worst case‖ scenarios in designing roaming domain size • Leverage natural roaming domain boundaries • Mobility Message transport selection: multicast vs. unicast • Make sure the right ports and protocols are allowed
Branch Designs Using Remote Controllers Central Site Backup Central Controller • Branches can also have local remote controllers • Small form factors WLC are available to have « small campus »: WAN WLC-2504 or Integrated controller WLC-21xx WLCM for modules in ISR/ISR-G2 ISR/ISR-G2 • High Availability design with central backup controller is supported. WAN limitations may apply. Remote Site A Remote Site B
Branch Office Deployment @ Internet FlexConnect Guest-Access AP Group 1 Central Site • Hybrid Remote Edge Access Corporate-Voice Point architecture (H-REAP) • Single management and control point Corporate-Data • Data Traffic Switching WAN/MAN – Centralized traffic or Manufacturing Plan Store – Local traffic • Traffic Switching is configured AP Group 3 per AP and per WLAN (SSID) Scanners AP Group 2 Corporate-Data Guest-Access
FlexConnect – Advanced Services • High Availability – WAN Survivability – FlexConnect AP provides wireless access and services to clients when the connection to the primary WLC fails • Local Authentication – Allows for the authentication capability to exist directly at the AP in FlexConnect instead of the WLC • Fast roaming in remote branches • Dynamic VLAN assignment • Scalability – Number of FlexConnect groups: 500 (7500s) and 100 (5500s) – APs per Group: 50 (7500s) and 25 (5500s)
FlexConnect – WLC Authenticator Data Center Branch Office AAA RADIUS 1 Dot1X Auth Req AP New Client ISR 3925 ISR 3925 ISR 3925 2 Dot1x Auth Success WLC VPN • All the client authentication requests travels through Central Controller • If Controller is not reachable, then no clients can authenticate
FlexConnect – AP Authenticator Data Center Branch Office AAA RADIUS 1 Dot1X Auth Req 2 Dot1x Auth Success AP New Client ISR 3925 ISR 3925 ISR 3925 WLC VPN • All the client authentication requests travels straight from AP to RADIUS Server. • If Controller is not reachable, clients can still continue to authenticate and access network services.
FlexConnect – AP Authenticator Data Center Branch Office 1 Dot1X Auth Req AAA RADIUS ISR 3925 ISR 3925 ISR 3925 Dot1x Auth 2 Success WLC AP New Client • All the client authentication requests travels straight from AP to Local Branch RADIUS Server. • If WAN link is down, clients can still continue to authenticate and access network services.
Local Authentication – AP as EAP Server Data Center Branch Office AAA RADIUS ISR 3925 ISR 3925 ISR 3925 1 Dot1X Auth Req WLC 2 Dot1x Auth AP Success • All the client authenticated directly by the AP. • If WAN link & Local Backup RADIUS Server is down clients can still continue to authenticate and access network services.
H-REAP Design Considerations • Some WAN limitations apply – RTT must be below 300 ms data (100 ms voice) – Minimum 500 bytes WAN MTU (with maximum four fragmented packets) • Some features are not available in standalone mode or in local switching mode – See full list in « H-REAP Feature Matrix » http://www.cisco.com/en/US/products/ps6366/products_tech_note091 86a0080b3690b.shtml
Home Office Design – OEAP • Cisco controller installed in the DMZ of the corporate WLC 5508 / WiSM-2 network NCS • OfficeExtend AP (OEAP) installed at teleworker’s home MPLS • Corporate access to employee over centrally ATM Headquarters configured SSID Frame • Family Internet access over a locally configured SSID Relay Internet VPN
Cisco Unified Wireless Network Flexible, Resilient, Scalable Architecture Unified Outdoor/Indoor Access Highly Distributed Design Access 3750G Unified WLC Network Enterprise Hybrid REAP Distributed WLC Design Distribution 440x, 5508 WLC, Network WiSM Unified WLC Network Core or Data Center Teleworker/S Centralized WLC Design OHO 440x, 5508 WLC, WiSM Unified WLC OfficeExtend AP Internet DMZ Guest Controller 440x, 5508 WLC Branch Office Unified WLC Options: Data Center 5508, 440x, 210x 3750G Unified WLC Internet WLCM Module Hybrid REAP Unified Management: Wireless Control System Standalone AP Services Platform: Mobility Services Engine
Cisco WLAN Controller Portfolio Campus and Full Service Branch Features / Performance 5500 WiSM2 2500 WLCM2 7500 Scale
Cisco Aironet 802.11n Access Points Best in Class Teleworker Business-Ready Mission Critical Mission Critical AP 3500 AP 1040 AP 1260 AP 3600 AP 1140 OfficeExtend With CleanAir AP 600 technology 802.11n WiFi
IPv6 Will Be a Phased Implementation But Dual Stack Clients Are Here Now…
Wireless IPv6 Client Support IPv6 IPv4 IPv6 IPv4 802.11 802.11 CAPWAP IPv6 IPv4 IPv4 VLAN Ethernet Ethernet CAPWAP Tunnel IPv6 802.11 • Supports IPv4, Dual Stack and Native IPv6 clients on single WLAN simultaneously. • Supports the following IPv6 address assignment for wireless clients: IPv6 Stateless Autoconfiguration [SLAAC] Stateless, Stateful DHCPv6 Static IPv6 configuration • Supports up to 8 IPv6 addresses per client. • Clients will be able to pass traffic once IPv4 and/or IPv6 address assignment is completed after successful authentication.
Many IPv6 Addresses Per Client Up to 8 IPv6 Addresses are Tracked per Client. • Support for many IPv6 addresses per client is necessary because: Clients can have multiple address types per interface Clients can be assigned addresses via multiple methods such as SLAAC and DHCPv6 Most clients automatically generate a temporary address in addition to assigned addresses.
Complete IPv6 Support • First Hop Security & Optimization – DHCPv6 Server Guard – Router Advertisement (RA) Guard – IPv6 Source Guard – Neighbor Solicitation (NS) Suppression – Router Advertisement (RA) Throttling • Layer 2 & 3 Roaming • IPv6 ACL support • QoS support • Guest access support • Multicast to Unicast conversion at the AP • FlexConnect #CiscoPlusCA
Beyond BYOD Secure, Customized Experience per User, per Device Device Onboarding and Guest Unified Uncompromised Simplified Access Policy User Experience IT experience BYOD Beyond BYOD
Cisco BYOD+ 1 2 Internet Securing Any Connect Control Access Govern access to resources based on scenario Email, Calendar Regulated data Managing (finance, Complexity personal info) And Scale 3 4 Manage Optimize Visibility into user Accelerate and protect Delivering High- experience across performance for wired and wireless applications Quality Experience
Cisco BYOD+ IT Challenges to Mobile Freedom
3600 Access Point Industry's only 4x4: 3 spatial stream access point • Deliver 30% more performance • Deliver mission critical reliability with CleanAir • Boost client performance with ClientLink 2.0 • Add-on modules with the Modular architecture
Triple-Stream Video Capacity 5 Mbps 210% Better Stream 2 Mbps Stream 1 Mbps Stream Competitor Cisco 3600 With a mix of all types of video clients using multicast and unicast TCP video (AirVideo), Cisco delivers 3x the performance.
Cisco Identity Services Engine – ISE Integrated Device Profiling & Consolidated Contextual Information Posture Assessment Guest Lifecycle Management USER ID LOCATION ACCESS DEVICE (& IP/MAC) Profiling of wired and wireless devices RIGHTS Integrated and built into ISE policy Real-Time Awareness Consistent Policy for Device Provide Guest Access in a seamless, Track Active Users and Devices Categories secure manner Simplified Role-Based Access System-wide Visibility Scales to meet organizations needs SGT Public Private Staff Permit Permit Guest Permit Deny Keep Existing Logical Design Troubleshoot and Monitoring Scalable Architecture Manage Security Group Access Consolidated Data Innovative Licensing
Cisco's Borderless - Unified Policy Management Centralized Policy Policy Engine Profiling USER LOCATION HTTP DNS NETFLOW TIME DEVICE ATTRIBUTE X DHCP RADIUS SNMP VLAN 10 VLAN 20 Corporate Resources Corporate Wireless LAN Single SSID Restricted Controller Employee Internet Only Unified Access Personal Management District Issued Device PERSONAL Device 1. 802.1x EAP User Authentication 1. 802.1x EAP User Authentication 2. Profiling to identify device 2. Profiling to identify device 3. Policy decision 3. Policy decision 4. Policy enforce to ―VLAN 10‖ on same SSID 4. Policy enforce to ―VLAN 10 or 20‖ on same SSID 5. Full access granted 5. Full or Restricted access granted 6. Full device visibility 6. Full device visibility
On-Boarding (1.1MR June 12) Supplicant profile provisioning on supported platforms (iOS, Android, Windows, OS X) Self / Sponsor registration portals for users and devices Certificate provisioning as registry authority (RA) adding username and device ID to cert (integrates with existing corp CA/PKI) Secure access (single SSID, certificate based differentiation of service) User initiated control their devices (designate “Lost” -> black-listing, re-instate device, etc)
MDM Integration (ISE 1.2 Fall 2012) On Prem MDM Device Registration - non registered clients redirected to MDM registration page Restricted Access - non compliant clients will be given restricted access based on MDM posture state Augment Endpoint Data - Update data from endpoint which cannot be gathered by profiling Ability initiate device action from ISE - eg: device stolen -> need to wipe data on client (Stretch).
Cisco's Unified Network Management Top BYOD Wireless Issues Contributors to Wireless Network Problems A recent survey shows that respondents Number of Customers view client devices as the top 400 contributor to BYOD Wireless network 350 performance problems 300 250 200 150 100 50 0 Client devices RF Interference Unexpected Faulty wireless Old or outdated Insufficient IT Other (Drivers, from Wi-Fi demand for network design wireless adminstrator connections, and/or non-Wi- increased implementation technology expertise authentication, Fi sources converage of or other issues) capacity
Cisco Prime Network Control System Converged Access Management for Wired and Wireless Networks High-Level View of Key Metrics with Contextual Drill-Down to Detailed Data • Flexible platform: Accommodates new and experienced IT administrators • Simple, intuitive user interface: Eliminates complexity • User-defined customization: Display the most relevant information
Integrated Access Infrastructure Visibility • Wired and wireless discovery and inventory Add/detect infrastructure devices such as switches, WLAN controllers, and access points • Comprehensive access infrastructure reporting View the access infrastructure as a whole • Stolen asset notification Track when devices presumed stolen come back online
Unified User and Endpoint Services • Correlated and focused wired/wireless client visibility Client health metrics Client posture and profile Client troubleshooting Client reporting Unknown device ID input • Clear view of the end user landscape Who is connecting Using which device Are they authorized
Cisco NCS Comprehensive Visibility Visibility – Recognition of IPv6 Global and Link Local Addresses Insight – Identification of Security – Identification IPv4, Dual-Stack or IPv6- of Clients Acting as IPv6 Only Client Types Routers
Troubleshoot Wired and Wireless Access Using Cisco Prime for Converged Client Devices USE CASE: User calls in to help center because they cannot get access to financial data on the network. IT determines if they are authorized to access this area. Cisco Prime Network Control System (NCS) 1. Search on user name 2. Identify wired and wireless devices associated with the user Step by Step Recommendations 3. Display associated and disassociated devices 4. Use automated client troubleshooting workflow to resolve the issue 5. Issue resolved Troubleshoot user and access issues based on identity Speed resolution with intuitive guided workflows
The Cisco Advantage A Better Mobility Experience for Users and IT
Q&A #CiscoPlusCA
We value your feedback. Please be sure to complete the Evaluation Form for this session. Access today’s presentations at cisco.com/ca/plus Follow @CiscoCanada and join the #CiscoPlusCA conversation

Recomendados

4G Technology by VIKASH
4G Technology by VIKASH 4G Technology by VIKASH
4G Technology by VIKASH Vikash Sharma
 
Design and Deployment of Enterprise Wirlesss Networks
Design and Deployment of Enterprise Wirlesss NetworksDesign and Deployment of Enterprise Wirlesss Networks
Design and Deployment of Enterprise Wirlesss NetworksCisco Mobility
 
WPA3 - What is it good for?
WPA3 - What is it good for?WPA3 - What is it good for?
WPA3 - What is it good for?Tom Isaacson
 
Wi-Fi Direct
Wi-Fi DirectWi-Fi Direct
Wi-Fi DirectAshutosh Jha
 
Wimax
WimaxWimax
WimaxKanimozhi Maruthalingam
 
Оверлейные сети ЦОД Технологии VXLAN и EVPN
Оверлейные сети ЦОД Технологии VXLAN и EVPN Оверлейные сети ЦОД Технологии VXLAN и EVPN
Оверлейные сети ЦОД Технологии VXLAN и EVPN Cisco Russia
 
LPWAN technology overview
LPWAN technology overviewLPWAN technology overview
LPWAN technology overviewJisc
 
IT6601 MOBILE COMPUTING
IT6601 MOBILE COMPUTINGIT6601 MOBILE COMPUTING
IT6601 MOBILE COMPUTINGKathirvel Ayyaswamy
 

Recomendados

4G Technology by VIKASH
4G Technology by VIKASH 4G Technology by VIKASH
4G Technology by VIKASH Vikash Sharma
 
Design and Deployment of Enterprise Wirlesss Networks
Design and Deployment of Enterprise Wirlesss NetworksDesign and Deployment of Enterprise Wirlesss Networks
Design and Deployment of Enterprise Wirlesss NetworksCisco Mobility
 
WPA3 - What is it good for?
WPA3 - What is it good for?WPA3 - What is it good for?
WPA3 - What is it good for?Tom Isaacson
 
Wi-Fi Direct
Wi-Fi DirectWi-Fi Direct
Wi-Fi DirectAshutosh Jha
 
Wimax
WimaxWimax
WimaxKanimozhi Maruthalingam
 
Оверлейные сети ЦОД Технологии VXLAN и EVPN
Оверлейные сети ЦОД Технологии VXLAN и EVPN Оверлейные сети ЦОД Технологии VXLAN и EVPN
Оверлейные сети ЦОД Технологии VXLAN и EVPN Cisco Russia
 
LPWAN technology overview
LPWAN technology overviewLPWAN technology overview
LPWAN technology overviewJisc
 
IT6601 MOBILE COMPUTING
IT6601 MOBILE COMPUTINGIT6601 MOBILE COMPUTING
IT6601 MOBILE COMPUTINGKathirvel Ayyaswamy
 
Mobile Transport Evolution with Unified MPLS
Mobile Transport Evolution with Unified MPLSMobile Transport Evolution with Unified MPLS
Mobile Transport Evolution with Unified MPLSCisco Canada
 
802.11r Explained.
802.11r Explained. 802.11r Explained.
802.11r Explained. Ajay Gupta
 
Iperf Tutorial
Iperf Tutorial Iperf Tutorial
Iperf Tutorial Febrian ‎
 
Next Generation V2X Technology
Next Generation V2X TechnologyNext Generation V2X Technology
Next Generation V2X TechnologyMalik Saad
 
Wi fi call flows
Wi fi call flowsWi fi call flows
Wi fi call flowsframedrelay
 
MPLS ppt
MPLS pptMPLS ppt
MPLS pptJagtar Dhaliwal
 
Mobility Management
Mobility ManagementMobility Management
Mobility ManagementVivek Purushotham
 
Aruba instant iap setup rev3
Aruba instant iap setup rev3Aruba instant iap setup rev3
Aruba instant iap setup rev3Aruba, a Hewlett Packard Enterprise company
 
Wimax security
Wimax securityWimax security
Wimax securityBehroz Zarrinfar
 
Vlan
VlanVlan
Vlanilias ahmed
 
Cs8601 4
Cs8601 4Cs8601 4
Cs8601 4Kathirvel Ayyaswamy
 
Ixiaexplorer
IxiaexplorerIxiaexplorer
Ixiaexplorernlekh
 
Wpa vs Wpa2
Wpa vs Wpa2Wpa vs Wpa2
Wpa vs Wpa2Nzava Luwawa
 
Lte security overview
Lte security overviewLte security overview
Lte security overviewaliirfan04
 
LTE-U/LAA, MuLTEfire™ and Wi-Fi; making best use of unlicensed spectrum
LTE-U/LAA, MuLTEfire™ and Wi-Fi; making best use of unlicensed spectrumLTE-U/LAA, MuLTEfire™ and Wi-Fi; making best use of unlicensed spectrum
LTE-U/LAA, MuLTEfire™ and Wi-Fi; making best use of unlicensed spectrumQualcomm Research
 
Cloud security introduction
Cloud security introductionCloud security introduction
Cloud security introductionCalvin Lee
 
Multi-Protocol Label Switching
Multi-Protocol Label SwitchingMulti-Protocol Label Switching
Multi-Protocol Label Switchingseanraz
 
MPLS Concepts and Fundamentals
MPLS Concepts and FundamentalsMPLS Concepts and Fundamentals
MPLS Concepts and FundamentalsShawn Zandi
 
Subscriber Traffic & Policy Management (BNG) on the ASR9000 & ASR1000
Subscriber Traffic & Policy Management (BNG) on the ASR9000 & ASR1000Subscriber Traffic & Policy Management (BNG) on the ASR9000 & ASR1000
Subscriber Traffic & Policy Management (BNG) on the ASR9000 & ASR1000Cisco Canada
 
Arp and rarp
Arp and rarpArp and rarp
Arp and rarpराहुल खेडेकर
 
Wireless Branch Office Network Architecture
Wireless Branch Office Network ArchitectureWireless Branch Office Network Architecture
Wireless Branch Office Network ArchitectureCisco Mobility
 
4400
44004400
4400Vishwas Shogun
 

Más contenido relacionado

La actualidad más candente

Mobile Transport Evolution with Unified MPLS
Mobile Transport Evolution with Unified MPLSMobile Transport Evolution with Unified MPLS
Mobile Transport Evolution with Unified MPLSCisco Canada
 
802.11r Explained.
802.11r Explained. 802.11r Explained.
802.11r Explained. Ajay Gupta
 
Next Generation V2X Technology
Next Generation V2X TechnologyNext Generation V2X Technology
Next Generation V2X TechnologyMalik Saad
 
Wi fi call flows
Wi fi call flowsWi fi call flows
Wi fi call flowsframedrelay
 
Ixiaexplorer
IxiaexplorerIxiaexplorer
Ixiaexplorernlekh
 
Lte security overview
Lte security overviewLte security overview
Lte security overviewaliirfan04
 
LTE-U/LAA, MuLTEfire™ and Wi-Fi; making best use of unlicensed spectrum
LTE-U/LAA, MuLTEfire™ and Wi-Fi; making best use of unlicensed spectrumLTE-U/LAA, MuLTEfire™ and Wi-Fi; making best use of unlicensed spectrum
LTE-U/LAA, MuLTEfire™ and Wi-Fi; making best use of unlicensed spectrumQualcomm Research
 
Cloud security introduction
Cloud security introductionCloud security introduction
Cloud security introductionCalvin Lee
 
Multi-Protocol Label Switching
Multi-Protocol Label SwitchingMulti-Protocol Label Switching
Multi-Protocol Label Switchingseanraz
 
MPLS Concepts and Fundamentals
MPLS Concepts and FundamentalsMPLS Concepts and Fundamentals
MPLS Concepts and FundamentalsShawn Zandi
 
Subscriber Traffic & Policy Management (BNG) on the ASR9000 & ASR1000
Subscriber Traffic & Policy Management (BNG) on the ASR9000 & ASR1000Subscriber Traffic & Policy Management (BNG) on the ASR9000 & ASR1000
Subscriber Traffic & Policy Management (BNG) on the ASR9000 & ASR1000Cisco Canada
 

La actualidad más candente (20)

Mobile Transport Evolution with Unified MPLS
Mobile Transport Evolution with Unified MPLSMobile Transport Evolution with Unified MPLS
Mobile Transport Evolution with Unified MPLS
 
802.11r Explained.
802.11r Explained. 802.11r Explained.
802.11r Explained.
 
Iperf Tutorial
Iperf Tutorial Iperf Tutorial
Iperf Tutorial
 
Next Generation V2X Technology
Next Generation V2X TechnologyNext Generation V2X Technology
Next Generation V2X Technology
 
Wi fi call flows
Wi fi call flowsWi fi call flows
Wi fi call flows
 
MPLS ppt
MPLS pptMPLS ppt
MPLS ppt
 
Mobility Management
Mobility ManagementMobility Management
Mobility Management
 
Aruba instant iap setup rev3
Aruba instant iap setup rev3Aruba instant iap setup rev3
Aruba instant iap setup rev3
 
Wimax security
Wimax securityWimax security
Wimax security
 
Vlan
VlanVlan
Vlan
 
Cs8601 4
Cs8601 4Cs8601 4
Cs8601 4
 
Ixiaexplorer
IxiaexplorerIxiaexplorer
Ixiaexplorer
 
Wpa vs Wpa2
Wpa vs Wpa2Wpa vs Wpa2
Wpa vs Wpa2
 
Lte security overview
Lte security overviewLte security overview
Lte security overview
 
LTE-U/LAA, MuLTEfire™ and Wi-Fi; making best use of unlicensed spectrum
LTE-U/LAA, MuLTEfire™ and Wi-Fi; making best use of unlicensed spectrumLTE-U/LAA, MuLTEfire™ and Wi-Fi; making best use of unlicensed spectrum
LTE-U/LAA, MuLTEfire™ and Wi-Fi; making best use of unlicensed spectrum
 
Cloud security introduction
Cloud security introductionCloud security introduction
Cloud security introduction
 
Multi-Protocol Label Switching
Multi-Protocol Label SwitchingMulti-Protocol Label Switching
Multi-Protocol Label Switching
 
MPLS Concepts and Fundamentals
MPLS Concepts and FundamentalsMPLS Concepts and Fundamentals
MPLS Concepts and Fundamentals
 
Subscriber Traffic & Policy Management (BNG) on the ASR9000 & ASR1000
Subscriber Traffic & Policy Management (BNG) on the ASR9000 & ASR1000Subscriber Traffic & Policy Management (BNG) on the ASR9000 & ASR1000
Subscriber Traffic & Policy Management (BNG) on the ASR9000 & ASR1000
 
Arp and rarp
Arp and rarpArp and rarp
Arp and rarp
 

Similar a Design, Deployment and Management of Unified WLAN

Wireless Branch Office Network Architecture
Wireless Branch Office Network ArchitectureWireless Branch Office Network Architecture
Wireless Branch Office Network ArchitectureCisco Mobility
 
Trill and Datacenter Alternatives
Trill and Datacenter AlternativesTrill and Datacenter Alternatives
Trill and Datacenter AlternativesAricent
 
Understanding network and service virtualization
Understanding network and service virtualizationUnderstanding network and service virtualization
Understanding network and service virtualizationSDN Hub
 
CloudStack Networking Deepdive CCCEU13
CloudStack Networking Deepdive CCCEU13CloudStack Networking Deepdive CCCEU13
CloudStack Networking Deepdive CCCEU13Chiradeep Vittal
 
Network and Service Virtualization tutorial at ONUG Spring 2015
Network and Service Virtualization tutorial at ONUG Spring 2015Network and Service Virtualization tutorial at ONUG Spring 2015
Network and Service Virtualization tutorial at ONUG Spring 2015SDN Hub
 
VMworld 2014: Advanced Topics & Future Directions in Network Virtualization w...
VMworld 2014: Advanced Topics & Future Directions in Network Virtualization w...VMworld 2014: Advanced Topics & Future Directions in Network Virtualization w...
VMworld 2014: Advanced Topics & Future Directions in Network Virtualization w...VMworld
 
MPLS/SDN Intersections Next Generation Access Networks at MPLS & Ethernet Wor...
MPLS/SDN Intersections Next Generation Access Networks at MPLS & Ethernet Wor...MPLS/SDN Intersections Next Generation Access Networks at MPLS & Ethernet Wor...
MPLS/SDN Intersections Next Generation Access Networks at MPLS & Ethernet Wor...ADVA
 
OpenCAPWAP paper review
OpenCAPWAP paper reviewOpenCAPWAP paper review
OpenCAPWAP paper reviewKyunghee Univ
 
PLNOG 13: Michał Dubiel: OpenContrail software architecture
PLNOG 13: Michał Dubiel: OpenContrail software architecturePLNOG 13: Michał Dubiel: OpenContrail software architecture
PLNOG 13: Michał Dubiel: OpenContrail software architecturePROIDEA
 
Transceviers
TransceviersTransceviers
Transceviersvinay mp
 
PFRv3 – новое поколение технологии Performance Routing для интеллектуального ...
PFRv3 – новое поколение технологии Performance Routing для интеллектуального ...PFRv3 – новое поколение технологии Performance Routing для интеллектуального ...
PFRv3 – новое поколение технологии Performance Routing для интеллектуального ...Cisco Russia
 
VMworld 2013: Designing Network Virtualization for Data-Centers: Greenfield D...
VMworld 2013: Designing Network Virtualization for Data-Centers: Greenfield D...VMworld 2013: Designing Network Virtualization for Data-Centers: Greenfield D...
VMworld 2013: Designing Network Virtualization for Data-Centers: Greenfield D...VMworld
 
PLNOG16: VXLAN Gateway, efektywny sposób połączenia świata wirtualnego z fizy...
PLNOG16: VXLAN Gateway, efektywny sposób połączenia świata wirtualnego z fizy...PLNOG16: VXLAN Gateway, efektywny sposób połączenia świata wirtualnego z fizy...
PLNOG16: VXLAN Gateway, efektywny sposób połączenia świata wirtualnego z fizy...PROIDEA
 
Ligato - A platform for development of Cloud-Native VNF's - SDN/NFV London me...
Ligato - A platform for development of Cloud-Native VNF's - SDN/NFV London me...Ligato - A platform for development of Cloud-Native VNF's - SDN/NFV London me...
Ligato - A platform for development of Cloud-Native VNF's - SDN/NFV London me...Haidee McMahon
 
Network policies
Network policiesNetwork policies
Network policiesshanj
 
Network virtualization with open stack quantum
Network virtualization with open stack quantumNetwork virtualization with open stack quantum
Network virtualization with open stack quantumMiguel Lavalle
 
Mobile Experience Management and Network Services Health Check with Aruba Air...
Mobile Experience Management and Network Services Health Check with Aruba Air...Mobile Experience Management and Network Services Health Check with Aruba Air...
Mobile Experience Management and Network Services Health Check with Aruba Air...Aruba, a Hewlett Packard Enterprise company
 
Design and Deployment of Enterprise WLANs
Design and Deployment of Enterprise WLANsDesign and Deployment of Enterprise WLANs
Design and Deployment of Enterprise WLANsFab Fusaro
 

Similar a Design, Deployment and Management of Unified WLAN (20)

Wireless Branch Office Network Architecture
Wireless Branch Office Network ArchitectureWireless Branch Office Network Architecture
Wireless Branch Office Network Architecture
 
4400
44004400
4400
 
Trill and Datacenter Alternatives
Trill and Datacenter AlternativesTrill and Datacenter Alternatives
Trill and Datacenter Alternatives
 
Understanding network and service virtualization
Understanding network and service virtualizationUnderstanding network and service virtualization
Understanding network and service virtualization
 
CloudStack Networking Deepdive CCCEU13
CloudStack Networking Deepdive CCCEU13CloudStack Networking Deepdive CCCEU13
CloudStack Networking Deepdive CCCEU13
 
Network and Service Virtualization tutorial at ONUG Spring 2015
Network and Service Virtualization tutorial at ONUG Spring 2015Network and Service Virtualization tutorial at ONUG Spring 2015
Network and Service Virtualization tutorial at ONUG Spring 2015
 
VMworld 2014: Advanced Topics & Future Directions in Network Virtualization w...
VMworld 2014: Advanced Topics & Future Directions in Network Virtualization w...VMworld 2014: Advanced Topics & Future Directions in Network Virtualization w...
VMworld 2014: Advanced Topics & Future Directions in Network Virtualization w...
 
MPLS/SDN Intersections Next Generation Access Networks at MPLS & Ethernet Wor...
MPLS/SDN Intersections Next Generation Access Networks at MPLS & Ethernet Wor...MPLS/SDN Intersections Next Generation Access Networks at MPLS & Ethernet Wor...
MPLS/SDN Intersections Next Generation Access Networks at MPLS & Ethernet Wor...
 
OpenCAPWAP paper review
OpenCAPWAP paper reviewOpenCAPWAP paper review
OpenCAPWAP paper review
 
WLAN Architecture - Considerations
WLAN Architecture - ConsiderationsWLAN Architecture - Considerations
WLAN Architecture - Considerations
 
PLNOG 13: Michał Dubiel: OpenContrail software architecture
PLNOG 13: Michał Dubiel: OpenContrail software architecturePLNOG 13: Michał Dubiel: OpenContrail software architecture
PLNOG 13: Michał Dubiel: OpenContrail software architecture
 
Transceviers
TransceviersTransceviers
Transceviers
 
PFRv3 – новое поколение технологии Performance Routing для интеллектуального ...
PFRv3 – новое поколение технологии Performance Routing для интеллектуального ...PFRv3 – новое поколение технологии Performance Routing для интеллектуального ...
PFRv3 – новое поколение технологии Performance Routing для интеллектуального ...
 
VMworld 2013: Designing Network Virtualization for Data-Centers: Greenfield D...
VMworld 2013: Designing Network Virtualization for Data-Centers: Greenfield D...VMworld 2013: Designing Network Virtualization for Data-Centers: Greenfield D...
VMworld 2013: Designing Network Virtualization for Data-Centers: Greenfield D...
 
PLNOG16: VXLAN Gateway, efektywny sposób połączenia świata wirtualnego z fizy...
PLNOG16: VXLAN Gateway, efektywny sposób połączenia świata wirtualnego z fizy...PLNOG16: VXLAN Gateway, efektywny sposób połączenia świata wirtualnego z fizy...
PLNOG16: VXLAN Gateway, efektywny sposób połączenia świata wirtualnego z fizy...
 
Ligato - A platform for development of Cloud-Native VNF's - SDN/NFV London me...
Ligato - A platform for development of Cloud-Native VNF's - SDN/NFV London me...Ligato - A platform for development of Cloud-Native VNF's - SDN/NFV London me...
Ligato - A platform for development of Cloud-Native VNF's - SDN/NFV London me...
 
Network policies
Network policiesNetwork policies
Network policies
 
Network virtualization with open stack quantum
Network virtualization with open stack quantumNetwork virtualization with open stack quantum
Network virtualization with open stack quantum
 
Mobile Experience Management and Network Services Health Check with Aruba Air...
Mobile Experience Management and Network Services Health Check with Aruba Air...Mobile Experience Management and Network Services Health Check with Aruba Air...
Mobile Experience Management and Network Services Health Check with Aruba Air...
 
Design and Deployment of Enterprise WLANs
Design and Deployment of Enterprise WLANsDesign and Deployment of Enterprise WLANs
Design and Deployment of Enterprise WLANs
 

Más de Cisco Canada

Cisco connect montreal 2018 net devops
Cisco connect montreal 2018 net devopsCisco connect montreal 2018 net devops
Cisco connect montreal 2018 net devopsCisco Canada
 
Cisco connect montreal 2018 iot demo kinetic fr
Cisco connect montreal 2018 iot demo kinetic frCisco connect montreal 2018 iot demo kinetic fr
Cisco connect montreal 2018 iot demo kinetic frCisco Canada
 
Cisco connect montreal 2018 - Network Slicing: Horizontal Virtualization
Cisco connect montreal 2018 - Network Slicing: Horizontal VirtualizationCisco connect montreal 2018 - Network Slicing: Horizontal Virtualization
Cisco connect montreal 2018 - Network Slicing: Horizontal VirtualizationCisco Canada
 
Cisco connect montreal 2018 secure dc
Cisco connect montreal 2018 secure dcCisco connect montreal 2018 secure dc
Cisco connect montreal 2018 secure dcCisco Canada
 
Cisco connect montreal 2018 enterprise networks - say goodbye to vla ns
Cisco connect montreal 2018 enterprise networks - say goodbye to vla nsCisco connect montreal 2018 enterprise networks - say goodbye to vla ns
Cisco connect montreal 2018 enterprise networks - say goodbye to vla nsCisco Canada
 
Cisco connect montreal 2018 vision mondiale analyse locale
Cisco connect montreal 2018 vision mondiale analyse localeCisco connect montreal 2018 vision mondiale analyse locale
Cisco connect montreal 2018 vision mondiale analyse localeCisco Canada
 
Cisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec Cisco
Cisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec CiscoCisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec Cisco
Cisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec CiscoCisco Canada
 
Cisco connect montreal 2018 collaboration les services webex hybrides
Cisco connect montreal 2018 collaboration les services webex hybridesCisco connect montreal 2018 collaboration les services webex hybrides
Cisco connect montreal 2018 collaboration les services webex hybridesCisco Canada
 
Integration cisco et microsoft connect montreal 2018
Integration cisco et microsoft connect montreal 2018Integration cisco et microsoft connect montreal 2018
Integration cisco et microsoft connect montreal 2018Cisco Canada
 
Cisco connect montreal 2018 compute v final
Cisco connect montreal 2018 compute v finalCisco connect montreal 2018 compute v final
Cisco connect montreal 2018 compute v finalCisco Canada
 
Cisco connect montreal 2018 saalvare md-program-xr-v2
Cisco connect montreal 2018 saalvare md-program-xr-v2Cisco connect montreal 2018 saalvare md-program-xr-v2
Cisco connect montreal 2018 saalvare md-program-xr-v2Cisco Canada
 
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...Cisco Canada
 
Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...
Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...
Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...Cisco Canada
 
Cisco Connect Toronto 2018 an introduction to Cisco kinetic
Cisco Connect Toronto 2018 an introduction to Cisco kineticCisco Connect Toronto 2018 an introduction to Cisco kinetic
Cisco Connect Toronto 2018 an introduction to Cisco kineticCisco Canada
 
Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...
Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...
Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...Cisco Canada
 
Cisco Connect Toronto 2018 DevNet Overview
Cisco Connect Toronto 2018 DevNet OverviewCisco Connect Toronto 2018 DevNet Overview
Cisco Connect Toronto 2018 DevNet OverviewCisco Canada
 
Cisco Connect Toronto 2018 DNA assurance
Cisco Connect Toronto 2018 DNA assuranceCisco Connect Toronto 2018 DNA assurance
Cisco Connect Toronto 2018 DNA assuranceCisco Canada
 
Cisco Connect Toronto 2018 network-slicing
Cisco Connect Toronto 2018 network-slicingCisco Connect Toronto 2018 network-slicing
Cisco Connect Toronto 2018 network-slicingCisco Canada
 
Cisco Connect Toronto 2018 the intelligent network with cisco meraki
Cisco Connect Toronto 2018 the intelligent network with cisco merakiCisco Connect Toronto 2018 the intelligent network with cisco meraki
Cisco Connect Toronto 2018 the intelligent network with cisco merakiCisco Canada
 
Cisco Connect Toronto 2018 sixty to zero
Cisco Connect Toronto 2018 sixty to zeroCisco Connect Toronto 2018 sixty to zero
Cisco Connect Toronto 2018 sixty to zeroCisco Canada
 

Más de Cisco Canada (20)

Cisco connect montreal 2018 net devops
Cisco connect montreal 2018 net devopsCisco connect montreal 2018 net devops
Cisco connect montreal 2018 net devops
 
Cisco connect montreal 2018 iot demo kinetic fr
Cisco connect montreal 2018 iot demo kinetic frCisco connect montreal 2018 iot demo kinetic fr
Cisco connect montreal 2018 iot demo kinetic fr
 
Cisco connect montreal 2018 - Network Slicing: Horizontal Virtualization
Cisco connect montreal 2018 - Network Slicing: Horizontal VirtualizationCisco connect montreal 2018 - Network Slicing: Horizontal Virtualization
Cisco connect montreal 2018 - Network Slicing: Horizontal Virtualization
 
Cisco connect montreal 2018 secure dc
Cisco connect montreal 2018 secure dcCisco connect montreal 2018 secure dc
Cisco connect montreal 2018 secure dc
 
Cisco connect montreal 2018 enterprise networks - say goodbye to vla ns
Cisco connect montreal 2018 enterprise networks - say goodbye to vla nsCisco connect montreal 2018 enterprise networks - say goodbye to vla ns
Cisco connect montreal 2018 enterprise networks - say goodbye to vla ns
 
Cisco connect montreal 2018 vision mondiale analyse locale
Cisco connect montreal 2018 vision mondiale analyse localeCisco connect montreal 2018 vision mondiale analyse locale
Cisco connect montreal 2018 vision mondiale analyse locale
 
Cisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec Cisco
Cisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec CiscoCisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec Cisco
Cisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec Cisco
 
Cisco connect montreal 2018 collaboration les services webex hybrides
Cisco connect montreal 2018 collaboration les services webex hybridesCisco connect montreal 2018 collaboration les services webex hybrides
Cisco connect montreal 2018 collaboration les services webex hybrides
 
Integration cisco et microsoft connect montreal 2018
Integration cisco et microsoft connect montreal 2018Integration cisco et microsoft connect montreal 2018
Integration cisco et microsoft connect montreal 2018
 
Cisco connect montreal 2018 compute v final
Cisco connect montreal 2018 compute v finalCisco connect montreal 2018 compute v final
Cisco connect montreal 2018 compute v final
 
Cisco connect montreal 2018 saalvare md-program-xr-v2
Cisco connect montreal 2018 saalvare md-program-xr-v2Cisco connect montreal 2018 saalvare md-program-xr-v2
Cisco connect montreal 2018 saalvare md-program-xr-v2
 
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
 
Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...
Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...
Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...
 
Cisco Connect Toronto 2018 an introduction to Cisco kinetic
Cisco Connect Toronto 2018 an introduction to Cisco kineticCisco Connect Toronto 2018 an introduction to Cisco kinetic
Cisco Connect Toronto 2018 an introduction to Cisco kinetic
 
Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...
Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...
Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...
 
Cisco Connect Toronto 2018 DevNet Overview
Cisco Connect Toronto 2018 DevNet OverviewCisco Connect Toronto 2018 DevNet Overview
Cisco Connect Toronto 2018 DevNet Overview
 
Cisco Connect Toronto 2018 DNA assurance
Cisco Connect Toronto 2018 DNA assuranceCisco Connect Toronto 2018 DNA assurance
Cisco Connect Toronto 2018 DNA assurance
 
Cisco Connect Toronto 2018 network-slicing
Cisco Connect Toronto 2018 network-slicingCisco Connect Toronto 2018 network-slicing
Cisco Connect Toronto 2018 network-slicing
 
Cisco Connect Toronto 2018 the intelligent network with cisco meraki
Cisco Connect Toronto 2018 the intelligent network with cisco merakiCisco Connect Toronto 2018 the intelligent network with cisco meraki
Cisco Connect Toronto 2018 the intelligent network with cisco meraki
 
Cisco Connect Toronto 2018 sixty to zero
Cisco Connect Toronto 2018 sixty to zeroCisco Connect Toronto 2018 sixty to zero
Cisco Connect Toronto 2018 sixty to zero
 

Último

Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate AgentsRyan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate AgentsRyan Mahoney
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 

Último (20)

Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate AgentsRyan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 

Design, Deployment and Management of Unified WLAN

  • 2. Understanding WLAN Controllers 1st/2nd Generation vs. 3rd Generation Approach 1st/2nd Generation • 1st/2nd generation: APs act as Data VLAN 802.1Q translational bridge, putting client traffic on local VLANs Management VLAN • 3rd generation: Controller bridges client traffic centrally Voice VLAN 3rd Generation Data VLAN Management VLAN LWAPP/CAPWAP Tunnel Voice VLAN
  • 3. Centralized Wireless LAN Architecture What Is CAPWAP? • CAPWAP: Control and Provisioning of Wireless Access Points • Used between APs and WLAN controller and based on LWAPP • CAPWAP carries control and data traffic between the two – Control plane is DTLS encrypted – Data plane is DTLS encrypted (optional) • LWAPP-enabled access points can discover and join a CAPWAP controller, and conversion to a CAPWAP controller is seamless Business Application Data Plane Access Point CAPWAP Controller Wi-Fi Client Control Plane
  • 4. CAPWAP Modes • The CAPWAP protocol supports two modes of operation – Split MAC (centralized mode) – Local MAC (FlexConnect/H-REAP) • Split MAC Wireless Frame Wireless Phy CAPWAP MAC Sublayer Data Plane 802.3 Frame STA WTP AC
  • 5. CAPWAP Modes • The CAPWAP protocol supports two modes of operation – Split MAC (centralized mode) – Local MAC (FlexConnect/H-REAP) • Locally bridged Wireless Frame Wireless Phy MAC Sublayer 802.3 Frame STA WTP AC
  • 6. Cisco Unified Wireless Principles NCS • Components • Wireless LAN controllers • Aironet access points Wireless LAN Controllers • Management System (NCS) MSE • Mobility Service Engine (MSE) Campus Network • Principles • AP must have CAPWAP Aironet connectivity with WLC Access Point • Configuration downloaded to AP by WLC • All Wi-Fi traffic is forwarded to the WLC
  • 7. Controller Redundancy Dynamic • Rely on CAPWAP to load-balance APs across controllers and populate APs with backup controllers • Results in dynamic ―salt-and-pepper‖ design • Pros – Easy to deploy and configure—less upfront work – APs dynamically load-balance (though never perfectly) • Cons – More intercontroller roaming – Bigger operational challenges due to unpredictability – No ―fallback‖ option in the event of controller failure • Cisco’s general recommendation is: Only for Layer 2 roaming • Use deterministic redundancy instead of dynamic redundancy
  • 8. Controller Redundancy Deterministic WLAN-Controller-A WLAN-Controller-B WLAN-Controller-C • Administrator statically assigns APs a primary, secondary, and/or tertiary controller – Assigned from controller interface (per AP) or WCS (template-based) • Pros – Predictability—easier operational management Primary: WLAN-Controller-A Primary: WLAN-Controller-B Primary: WLAN-Controller-C – More flexible and powerful redundancy design Secondary: WLAN-Controller-B Secondary: WLAN-Controller-C Secondary: WLAN-Controller-A Tertiary: WLAN-Controller-C Tertiary: WLAN-Controller-A Tertiary: WLAN-Controller-B options – ―Fallback‖ option in the case of failover • Con – More upfront planning and configuration • This is Cisco’s recommended best practice
  • 9. Controller Redundancy Architecture Resiliency Resiliency N:1 Redundancy WLAN-Controller-A WLAN-Controller-B WLAN-Controller-C WLAN-Controller-1 APs Configured With: Primary: WLAN-Controller-1 NOC or Data Center Secondary: WLAN-Controller-BKP WLAN-Controller-BKP WLAN-Controller-2 APs Configured With: Primary: WLAN-Controller-2 Secondary: WLAN-Controller-BKP WLAN-Controller-n APs Configured With: Primary: WLAN-Controller-n Secondary: WLAN-Controller-BKP Primary: WLAN-Controller-A Primary: WLAN-Controller-B Primary: WLAN-Controller-C Secondary: WLAN-Controller-B Secondary: WLAN-Controller-C Secondary: WLAN-Controller-A Tertiary: WLAN-Controller-C Tertiary: WLAN-Controller-A Tertiary: WLAN-Controller-B N:N Redundancy N:N:1 Redundancy WLAN-Controller-A APs Configured With: WLAN-Controller-A APs Configured With: Primary: WLAN-Controller-A Primary: WLAN-Controller-A Secondary: WLAN-Controller-B NOC or Data Center Secondary: WLAN-Controller-B WLAN-Controller-BKP Tertiary: WLAN-Controller-BKP WLAN-Controller-B APs Configured With: WLAN-Controller-B APs Configured With: Primary: WLAN-Controller-B Primary: WLAN-Controller-B Secondary: WLAN-Controller-A Secondary: WLAN-Controller-A Tertiary: WLAN-Controller-BKP
  • 10. AP-Grouping in Campus VLAN 100 VLAN 100 VLAN 100 Access Si Si Si Si Si Si Distribution CAPWAP Si Si Core Si Si VLAN 100 / 21 Si Si Si Si Distribution Access Single WAN Data Center Internet SSID = Employee WLC-1 WLC-2
  • 11. AP-Grouping in Campus AP-Group-1 AP-Group-2 AP-Group-3 VLAN 60 /23 VLAN 70 /23 VLAN 80 /23 Access Si Si Si Si Si Si Distribution CAPWAP Si Si Core Si Si Si Si VLAN 60 Si Si Distribution VLAN 70 VLAN 80 Access Single WAN Data Center Internet SSID = Employee WLC-1 WLC-2
  • 12. Interface-Grouping in Campus Access Si Si Si Si Si Si Distribution CAPWAP Si Si Core VLAN 60 VLAN 61 Si Si Si Si VLAN 62 Si Si Distribution VLAN 63 VLAN 64 VLAN 65 Access Single WAN Data Center Internet SSID = Employee WLC-1 WLC-2
  • 13. Scaling the Architecture with Mobility Groups • Mobility Group allows controllers to peer with each other to support seamless roaming across controller boundaries • APs learn the IPs of the other members of the mobility group after the LWAPP Join process Controller-B • Support for up to 24 controllers, MAC: AA:AA:AA:AA:AA:02 Mobility Group Name: MyMobilityGroup 24,000 APs per mobility group Controller-A MAC: AA:AA:AA:AA:AA:01 Mobility Group Neighbors: Controller-A, AA:AA:AA:AA:AA:01 Controller-C, AA:AA:AA:AA:AA:03 • Mobility messages exchanged Ethernet in IP Tunnel Mobility Group Name: MyMobilityGroup Mobility Group Neighbors: between controllers Controller-B, AA:AA:AA:AA:AA:02 Controller-C, AA:AA:AA:AA:AA:03 (Multicast) • Data tunneled between Controller-C MAC: AA:AA:AA:AA:AA:03 controllers in EtherIP Mobility Group Name: MyMobilityGroup (RFC 3378) Mobility Group Neighbors: Controller-A, AA:AA:AA:AA:AA:01 Controller-B, AA:AA:AA:AA:AA:02 Mobility Messages
  • 14. Increased Mobility Scalability • Roaming is supported across three mobility groups (3 * 24 = 72 controllers) • With Inter Release Controller Mobility (IRCM) roaming is supported between 4.2.207 and 6.0.188 and 7.0 Mobility Sub-Domain 1 Ethernet in IP Tunnel Mobility Sub-Domain 3 Ethernet in IP Tunnel Mobility Sub-Domain 2 Ethernet in IP Tunnel Mobility Messages
  • 15. Inter-Controller Roaming: Layer 2 VLAN X WLC-1 Client WLC-2 Client Database Client Data (MAC, Database IP, QoS, Security) WLC-1 Mobility Message Exchange WLC-2  Inter-Controller roam happens when a client Preroaming moves association Data Path between APs joined to different controller  Client must be re- authenticated and new security session established
  • 16. Inter-Controller Roaming: Layer 2 VLAN X WLC-1 Client WLC-2 Client Database Client Data (MAC, Database IP, QoS, Security) WLC-1 Mobility Message Exchange WLC-2 Preroaming Data Path  Client database entry with new AP and appropriate security context Client Roams to a  No IP address refresh Different AP needed
  • 17. Inter-Controller Roaming: Layer 3 VLAN X VLAN Z WLC-1 Client Client Data (MAC, IP, WLC-2 Client Client Data (MAC, Database QoS, Security) Database IP, QoS, Security) WLC-1 Mobility Message Exchange WLC-2 • Client must be re-authenticated and new security session established • Client database entry copied to new controller – entry exists in both WLC client DBs • Original controller tagged as the ―anchor‖, new controller tagged as the ―foreign‖ • WLCs must be in same mobility group or domain
  • 18. Inter-Controller Roaming: Layer 3 VLAN X VLAN Z WLC-1 Client Client Data (MAC, IP, WLC-2 Client Client Data (MAC, Database QoS, Security) Database IP, QoS, Security) WLC-1 Mobility Message Exchange WLC-2 Anchor Foreign Controller Controller • No IP address refresh needed • Symmetric traffic path Client Roams to a established Different AP • Account for mobility message exchange in network design
  • 19. Designing a Mobility Group/Domain Design Considerations • Less roaming is better – clients and apps are happier • L3 roaming & fast roaming clients consume client DB slots on multiple controllers – consider ―worst case‖ scenarios in designing roaming domain size • Leverage natural roaming domain boundaries • Mobility Message transport selection: multicast vs. unicast • Make sure the right ports and protocols are allowed
  • 20. Branch Designs Using Remote Controllers Central Site Backup Central Controller • Branches can also have local remote controllers • Small form factors WLC are available to have « small campus »: WAN WLC-2504 or Integrated controller WLC-21xx WLCM for modules in ISR/ISR-G2 ISR/ISR-G2 • High Availability design with central backup controller is supported. WAN limitations may apply. Remote Site A Remote Site B
  • 21. Branch Office Deployment @ Internet FlexConnect Guest-Access AP Group 1 Central Site • Hybrid Remote Edge Access Corporate-Voice Point architecture (H-REAP) • Single management and control point Corporate-Data • Data Traffic Switching WAN/MAN – Centralized traffic or Manufacturing Plan Store – Local traffic • Traffic Switching is configured AP Group 3 per AP and per WLAN (SSID) Scanners AP Group 2 Corporate-Data Guest-Access
  • 22. FlexConnect – Advanced Services • High Availability – WAN Survivability – FlexConnect AP provides wireless access and services to clients when the connection to the primary WLC fails • Local Authentication – Allows for the authentication capability to exist directly at the AP in FlexConnect instead of the WLC • Fast roaming in remote branches • Dynamic VLAN assignment • Scalability – Number of FlexConnect groups: 500 (7500s) and 100 (5500s) – APs per Group: 50 (7500s) and 25 (5500s)
  • 23. FlexConnect – WLC Authenticator Data Center Branch Office AAA RADIUS 1 Dot1X Auth Req AP New Client ISR 3925 ISR 3925 ISR 3925 2 Dot1x Auth Success WLC VPN • All the client authentication requests travels through Central Controller • If Controller is not reachable, then no clients can authenticate
  • 24. FlexConnect – AP Authenticator Data Center Branch Office AAA RADIUS 1 Dot1X Auth Req 2 Dot1x Auth Success AP New Client ISR 3925 ISR 3925 ISR 3925 WLC VPN • All the client authentication requests travels straight from AP to RADIUS Server. • If Controller is not reachable, clients can still continue to authenticate and access network services.
  • 25. FlexConnect – AP Authenticator Data Center Branch Office 1 Dot1X Auth Req AAA RADIUS ISR 3925 ISR 3925 ISR 3925 Dot1x Auth 2 Success WLC AP New Client • All the client authentication requests travels straight from AP to Local Branch RADIUS Server. • If WAN link is down, clients can still continue to authenticate and access network services.
  • 26. Local Authentication – AP as EAP Server Data Center Branch Office AAA RADIUS ISR 3925 ISR 3925 ISR 3925 1 Dot1X Auth Req WLC 2 Dot1x Auth AP Success • All the client authenticated directly by the AP. • If WAN link & Local Backup RADIUS Server is down clients can still continue to authenticate and access network services.
  • 27. H-REAP Design Considerations • Some WAN limitations apply – RTT must be below 300 ms data (100 ms voice) – Minimum 500 bytes WAN MTU (with maximum four fragmented packets) • Some features are not available in standalone mode or in local switching mode – See full list in « H-REAP Feature Matrix » http://www.cisco.com/en/US/products/ps6366/products_tech_note091 86a0080b3690b.shtml
  • 28. Home Office Design – OEAP • Cisco controller installed in the DMZ of the corporate WLC 5508 / WiSM-2 network NCS • OfficeExtend AP (OEAP) installed at teleworker’s home MPLS • Corporate access to employee over centrally ATM Headquarters configured SSID Frame • Family Internet access over a locally configured SSID Relay Internet VPN
  • 29. Cisco Unified Wireless Network Flexible, Resilient, Scalable Architecture Unified Outdoor/Indoor Access Highly Distributed Design Access 3750G Unified WLC Network Enterprise Hybrid REAP Distributed WLC Design Distribution 440x, 5508 WLC, Network WiSM Unified WLC Network Core or Data Center Teleworker/S Centralized WLC Design OHO 440x, 5508 WLC, WiSM Unified WLC OfficeExtend AP Internet DMZ Guest Controller 440x, 5508 WLC Branch Office Unified WLC Options: Data Center 5508, 440x, 210x 3750G Unified WLC Internet WLCM Module Hybrid REAP Unified Management: Wireless Control System Standalone AP Services Platform: Mobility Services Engine
  • 30. Cisco WLAN Controller Portfolio Campus and Full Service Branch Features / Performance 5500 WiSM2 2500 WLCM2 7500 Scale
  • 31. Cisco Aironet 802.11n Access Points Best in Class Teleworker Business-Ready Mission Critical Mission Critical AP 3500 AP 1040 AP 1260 AP 3600 AP 1140 OfficeExtend With CleanAir AP 600 technology 802.11n WiFi
  • 32. IPv6 Will Be a Phased Implementation But Dual Stack Clients Are Here Now…
  • 33. Wireless IPv6 Client Support IPv6 IPv4 IPv6 IPv4 802.11 802.11 CAPWAP IPv6 IPv4 IPv4 VLAN Ethernet Ethernet CAPWAP Tunnel IPv6 802.11 • Supports IPv4, Dual Stack and Native IPv6 clients on single WLAN simultaneously. • Supports the following IPv6 address assignment for wireless clients: IPv6 Stateless Autoconfiguration [SLAAC] Stateless, Stateful DHCPv6 Static IPv6 configuration • Supports up to 8 IPv6 addresses per client. • Clients will be able to pass traffic once IPv4 and/or IPv6 address assignment is completed after successful authentication.
  • 34. Many IPv6 Addresses Per Client Up to 8 IPv6 Addresses are Tracked per Client. • Support for many IPv6 addresses per client is necessary because: Clients can have multiple address types per interface Clients can be assigned addresses via multiple methods such as SLAAC and DHCPv6 Most clients automatically generate a temporary address in addition to assigned addresses.
  • 35. Complete IPv6 Support • First Hop Security & Optimization – DHCPv6 Server Guard – Router Advertisement (RA) Guard – IPv6 Source Guard – Neighbor Solicitation (NS) Suppression – Router Advertisement (RA) Throttling • Layer 2 & 3 Roaming • IPv6 ACL support • QoS support • Guest access support • Multicast to Unicast conversion at the AP • FlexConnect #CiscoPlusCA
  • 36. Beyond BYOD Secure, Customized Experience per User, per Device Device Onboarding and Guest Unified Uncompromised Simplified Access Policy User Experience IT experience BYOD Beyond BYOD
  • 37. Cisco BYOD+ 1 2 Internet Securing Any Connect Control Access Govern access to resources based on scenario Email, Calendar Regulated data Managing (finance, Complexity personal info) And Scale 3 4 Manage Optimize Visibility into user Accelerate and protect Delivering High- experience across performance for wired and wireless applications Quality Experience
  • 38. Cisco BYOD+ IT Challenges to Mobile Freedom
  • 39. 3600 Access Point Industry's only 4x4: 3 spatial stream access point • Deliver 30% more performance • Deliver mission critical reliability with CleanAir • Boost client performance with ClientLink 2.0 • Add-on modules with the Modular architecture
  • 40. Triple-Stream Video Capacity 5 Mbps 210% Better Stream 2 Mbps Stream 1 Mbps Stream Competitor Cisco 3600 With a mix of all types of video clients using multicast and unicast TCP video (AirVideo), Cisco delivers 3x the performance.
  • 41. Cisco Identity Services Engine – ISE Integrated Device Profiling & Consolidated Contextual Information Posture Assessment Guest Lifecycle Management USER ID LOCATION ACCESS DEVICE (& IP/MAC) Profiling of wired and wireless devices RIGHTS Integrated and built into ISE policy Real-Time Awareness Consistent Policy for Device Provide Guest Access in a seamless, Track Active Users and Devices Categories secure manner Simplified Role-Based Access System-wide Visibility Scales to meet organizations needs SGT Public Private Staff Permit Permit Guest Permit Deny Keep Existing Logical Design Troubleshoot and Monitoring Scalable Architecture Manage Security Group Access Consolidated Data Innovative Licensing
  • 42. Cisco's Borderless - Unified Policy Management Centralized Policy Policy Engine Profiling USER LOCATION HTTP DNS NETFLOW TIME DEVICE ATTRIBUTE X DHCP RADIUS SNMP VLAN 10 VLAN 20 Corporate Resources Corporate Wireless LAN Single SSID Restricted Controller Employee Internet Only Unified Access Personal Management District Issued Device PERSONAL Device 1. 802.1x EAP User Authentication 1. 802.1x EAP User Authentication 2. Profiling to identify device 2. Profiling to identify device 3. Policy decision 3. Policy decision 4. Policy enforce to ―VLAN 10‖ on same SSID 4. Policy enforce to ―VLAN 10 or 20‖ on same SSID 5. Full access granted 5. Full or Restricted access granted 6. Full device visibility 6. Full device visibility
  • 43. On-Boarding (1.1MR June 12) Supplicant profile provisioning on supported platforms (iOS, Android, Windows, OS X) Self / Sponsor registration portals for users and devices Certificate provisioning as registry authority (RA) adding username and device ID to cert (integrates with existing corp CA/PKI) Secure access (single SSID, certificate based differentiation of service) User initiated control their devices (designate “Lost” -> black-listing, re-instate device, etc)
  • 44. MDM Integration (ISE 1.2 Fall 2012) On Prem MDM Device Registration - non registered clients redirected to MDM registration page Restricted Access - non compliant clients will be given restricted access based on MDM posture state Augment Endpoint Data - Update data from endpoint which cannot be gathered by profiling Ability initiate device action from ISE - eg: device stolen -> need to wipe data on client (Stretch).
  • 45. Cisco's Unified Network Management Top BYOD Wireless Issues Contributors to Wireless Network Problems A recent survey shows that respondents Number of Customers view client devices as the top 400 contributor to BYOD Wireless network 350 performance problems 300 250 200 150 100 50 0 Client devices RF Interference Unexpected Faulty wireless Old or outdated Insufficient IT Other (Drivers, from Wi-Fi demand for network design wireless adminstrator connections, and/or non-Wi- increased implementation technology expertise authentication, Fi sources converage of or other issues) capacity
  • 46. Cisco Prime Network Control System Converged Access Management for Wired and Wireless Networks High-Level View of Key Metrics with Contextual Drill-Down to Detailed Data • Flexible platform: Accommodates new and experienced IT administrators • Simple, intuitive user interface: Eliminates complexity • User-defined customization: Display the most relevant information
  • 47. Integrated Access Infrastructure Visibility • Wired and wireless discovery and inventory Add/detect infrastructure devices such as switches, WLAN controllers, and access points • Comprehensive access infrastructure reporting View the access infrastructure as a whole • Stolen asset notification Track when devices presumed stolen come back online
  • 48. Unified User and Endpoint Services • Correlated and focused wired/wireless client visibility Client health metrics Client posture and profile Client troubleshooting Client reporting Unknown device ID input • Clear view of the end user landscape Who is connecting Using which device Are they authorized
  • 49. Cisco NCS Comprehensive Visibility Visibility – Recognition of IPv6 Global and Link Local Addresses Insight – Identification of Security – Identification IPv4, Dual-Stack or IPv6- of Clients Acting as IPv6 Only Client Types Routers
  • 50. Troubleshoot Wired and Wireless Access Using Cisco Prime for Converged Client Devices USE CASE: User calls in to help center because they cannot get access to financial data on the network. IT determines if they are authorized to access this area. Cisco Prime Network Control System (NCS) 1. Search on user name 2. Identify wired and wireless devices associated with the user Step by Step Recommendations 3. Display associated and disassociated devices 4. Use automated client troubleshooting workflow to resolve the issue 5. Issue resolved Troubleshoot user and access issues based on identity Speed resolution with intuitive guided workflows
  • 51. The Cisco Advantage A Better Mobility Experience for Users and IT
  • 52. Q&A #CiscoPlusCA
  • 53. We value your feedback. Please be sure to complete the Evaluation Form for this session. Access today’s presentations at cisco.com/ca/plus Follow @CiscoCanada and join the #CiscoPlusCA conversation