CUWN, Converged Access, Meraki

CUWN, Converged Access, Meraki

TECH-MOB: WLAN jako primární přístupová vrstva

Design moderních enterprise WLAN sítí

– CUWN, Converged Access, Meraki

TECH-WLAN P2 / L2

Jaroslav

Čížek – Cisco

Jaroslav Zmatlík

– Cisco

Agenda

TECH-WLAN P2 / L2

Úvod

 Přehled a porovnání jednotlivých Cisco WLAN řešení

SMB, Autonomí aIOS AP

CUWN

– AireOS kontrolery, Converged Access – IOS XE

– Wireless pro pobočky – FlexConnect, Converged Access

Vybraná témata v kontextu WLAN architektur

Wireless QoS

– nasazení IP telefonie a videa v BYOD prostředí

HA Design

High Density Wireless

– IoT / IoE, Wireless ve výrobě

Cisco Meraki

– cloud architektura, způsoby nasazení

TECH-WLAN P2 Cisco and/or its affiliates. All rights reserved. Cisco Public

3

Unified Access: Wireless Deployment Options

Cisco Cloud Managed

Prime

Cisco Unified Access: 1 Architecture, 4 Deployment Modes, Same APs

ISE

Dashboard

WAN Intranet

CLOUD MANAGED

AUTONOMOUS FLEX CONNECT CENTRALIZED CONVERGED

Common OS

Lean IT

Mid-Market / Distributed

Enterprise

Intended for static installations

SP and Hotspots

Data center hosted controller

Distributed enterprises

Premise-based controller

Traditional Overlay Model

Highly Scalable

Common IOS

Consistent

Wired/Wireless

Highest performance

TECH-WLAN P2 Cisco and/or its affiliates. All rights reserved. Cisco Public

Přehled a porovnání jednotlivých

Cisco

WLAN řešení

- SMB a Autonomní AP

Cisco SMB WLAN Solution

Faster Wi-Fi, Purpose-built for Small Businesses

Cisco SMB APs:

Single or dual band, up to 802.11 b/g/a/n/ac,

3x3:3 MIMO

Up to 64 users per radio, 16 SSID,

16 APs in one CLUSTER, Captive portal

Modes: AP, WDS Bridge and Workgroup Bridge

TECH-WLAN P2 Cisco and/or its affiliates. All rights reserved. Cisco Public

Cisco Autonomous APs - Capabilities

ClientLink

BandSelect

CleanAir SE-Connect

Guest Access Management

L2 Fast Roaming for 802.1x

Security filtering through MAC/IP ACLs

Support for 802.11r, 802.11w & IPv6

Local 802.1x server for EAP-FAST

WDS Clustering

Dynamic Channel Selection on Boot up

Centralized Management Through Cisco Prime or CNA

Up to 30 APs per cluster for Fast Secure Roaming

60 APs are possible if the master has the radios disabled.

Automatic failover from primary cluster master to back up.

Broad AP support platform support from AP700 (2ss) to AP3600 (3ss)

WDS Master

(Elected)

RADIUS

Server

The WDS Master is responsible for 802.1x key caching for the entire cluster.

TECH-WLAN P2 Cisco and/or its affiliates. All rights reserved. Cisco Public

Cisco Autonomous APs - Management

CNA Management (free) or Prime Infrastructure

CNA Management Capabilities:

• AP & Client Monitoring

• Bulk Configuration Editing

• Software Upgrade Management

• Wired & Wireless Network

Discovery

• Front Panel Port Summary, …

Prime Infrastructure Management

Capabilities:

• Access Point Heat maps

• Monitoring AP & Client Status

• Bulk Software Upgrade

• Configuration Templates

• Reporting

TECH-WLAN P2 Cisco and/or its affiliates. All rights reserved. Cisco Public

Autonomous APs - Review Standalone Architecture

Key elements:

• It is a bridge between wireless and wired network

• The wireless traffic can be encrypted

• It can apply policies to clients through RADIUS

Limitations:

• It can not scale

• It can not apply complex QoS policies

• It requires manual RF configuration

802.11 802.3

ISE /

RADIUS

Radius

Network Services

SNMP/

(T)FTP / ssh

Cisco Public TECH-WLAN P2 Cisco and/or its affiliates. All rights reserved.

Prime

9

9

Autonomous APs

– L2 and L3 roaming

Data Center

Campus Services

10.0.0.0/24

ISE

PI

Campus

10.1.0.0/24

• The client is associated to an AP: traffic flows as showed

• The client roams to an AP connected in the

1. same L2 domain

2. different L2 domain

• The STA re-authenticate to the AP

• Upon authentication, all client traffic is bridged across by the AP

• Ad 2. PROBLEM: The client ends up on a different IP subnet, connectivity breach

TECH-WLAN P2

L2

Campus Access

L3

X

Cisco and/or its affiliates. All rights reserved. Cisco Public

10

Přehled a porovnání jednotlivých

Cisco

WLAN řešení

- CUWN a Converged Access

Unified Access: Campus Deployment Models

Unified Access

One

Management

Cisco Prime

Infrastructure

Centralized Wireless

VSS

Cisco ISE

One Policy

Distributed Wireless

MA

MA

MA

MA

MA

MA

MA

MA

MA

MA

MA

MA

VSS

MA

MA

MA

MA

MA

MA

Traditional Access

TECH-WLAN P2

Instant Access

Cisco and/or its affiliates. All rights reserved.

Converged Access

Cisco Public

Understanding CUWN and Converged Access architectures

CUWN: Centralized WLAN architecture

Mobility

Group

IRCM

CA: Distributed CA architecture

Mobility

Group

WLC #1

MC&MA

Control plane CAPWAP

Data plane CAPWAP

LAN

CAPWAP

Tunnels

WLC #2

MC functions:

- RRM

- Spectrum Management

- Client Mobility

MA functions:

- AP Data plane

CAPWAP termination

- Maintaining client database

- Policy enforcement

MC

MC

Control plane CAPWAP

CA Subdomain 1

SPG

MA

LAN

MA

MC

CA Subdomain 2

MA

AP AP

MA

Data plane CAPWAP

AP

TECH-WLAN P2 Cisco and/or its affiliates. All rights reserved. Cisco Public

Campus Design: CUWN

Centralized Architecture

Mobility

Group

Intranet

EoIP Mobility Tunnel (

7.2 or 7.4)

CAPWAP Option in 7.3,

7.6

Data Center /

Service block

Internet

Encrypted

(see Notes)

SSID

– VLAN

Mapping

(at controller)

AP

WLC #1

AP

SSID2

SSID1

SSID3

TECH-WLAN P2

ISE

PI

Well-known, proven architecture

CAPWAP

Tunnels

AP

“Guest” Anchor WLC

WLC #2

AP

Inter-Controller (Guest Anchor)

EoIP / CAPWAP Tunnel

Inter-Controller

EoIP / CAPWAP Tunnel

AP-Controller CAPWAP Tunnel

802.11 Control Session + Data Plane

Notes

AP / WLC CAPWAP Tunnels are an IETF Standard

UDP ports used

5246: Encrypted Control Traffic

5247: Data Traffic (non-Encrypted or DTLS Encrypted (configurable)

Inter-WLC Mobility Tunnels

EoIP

– IP Protocol 97 … AireOS 7.3 introduced CAPWAP option

Used for inter-WLC L3 Roaming and Guest Anchor

Cisco and/or its affiliates. All rights reserved. Cisco Public

Centralized Architecture

– CAPWAP tunnel to WLC

Split

MAC

Wireless Frame

Wireless Phy

MAC Sublayer

CAPWAP

Data Plane

STA WTP

CAPWAP Control Plane

Typical considerations for Centralized deployments are:

Where to place the WLAN-Controller?

How many clients to expect?

How much bandwidth per client?

What Controller type to be used?

TECH-WLAN P2 Cisco and/or its affiliates. All rights reserved. Cisco Public

AC

802.3 Frame

Centralized Architecture - Where to place controllers?

Distributed

WLC’s

Distributed

WLC’s

Each location has its own WLC

Each building can have its own Mobility group

Wireless insertion at distribution layer

Several distributed

Wireless VLANs across the Campus

WLC

L3

L3

Core

L3

Data Center

Considerations: HA, traffic flow, roaming efficiency, Controller Costs

TECH-WLAN P2 Cisco and/or its affiliates. All rights reserved. Cisco Public

WLC

16

Centralized Architecture - Where to place controllers?

Centralized WLC’s

Concept of Wireless

Service Block

Clearly Identified wireless insertion points

No Wireless VLANs everywhere

Better performance with

L2 Mobility

Recommended design for campus deployments

L3

L3

Core

L3

Considerations:

Traffic Flow, Bandwidth and

Controller Sizing

Data Center

Cisco and/or its affiliates. All rights reserved.

WLC

L2

WLC

Wireless Service Block

Cisco Public TECH-WLAN P2

17

Centralized Architecture - Where to place controllers?

Centralized WLC’s

Concept of Wireless

Service Block

Clearly Identified wireless insertion points

No Wireless VLANs everywhere

Better performance with

L2 Mobility

Recommended design for campus deployments

L3

L3

Core

L3

Considerations:

Traffic Flow, Bandwidth and

Controller Sizing

Data Center

Cisco and/or its affiliates. All rights reserved.

WLC

L2

WLC

Wireless Service Block

Cisco Public TECH-WLAN P2

18

Centralized Architecture - Controller Comparison

Which Controller to use?

2504 5508 WiSM-2 8510 5760

Max # of AP’s

Max Wireless I/O Gbps

Max Clients

# AP Groups

Over subscription rates

200 Mbps per AP

Over subscription rates

1000 Mbps per AP

Bandwidth per Client

(Mbps)

TECH-WLAN P2

75

1

1’000

500

8

7’000

50

15:1

75:1

500

13:1

63:1

10:1

50:1

1 1.1

AireOS

Cisco and/or its affiliates. All rights reserved.

1.3

1’000

20

15’000

1’000

6’000

10

64’000

6’000

120:1

(20:1, if 1000 APs)

600:1

(100:1, if 1000 APs)

0.2

1’000

60

12’000

1’000

4:1

17:1

5

IOS-XE

Cisco Public

19

Centralized Architecture - Strengths

Seamless L2/L3 roaming support

Assisted roaming 11k , Client load balancing

Easy to manage Wireless Subnet and VLAN’s

Easy to add IP address assigned to a SSID

– VLAN Select

Clearly identified wireless insertion point

Advanced access control

Dynamic ACL’s , QoS, AVC,

TrustSec, Radius CoA

Services Gateway support Bonjour mDNS caching and policy,

Client Optimizations to conserve Wi-

Fi spectrum - IPv6 Optimizations

High Density optimizations

IPMC optimization / Media Stream/

Stadium Features

Advanced client features/ passive client/ sleeping client timer

Simplified Troubleshooting

Well suited for large campus

TECH-WLAN P2 Cisco and/or its affiliates. All rights reserved. Cisco Public

20

Campus Design: Converged Access

Distributed Architecture

Data Center /

Service block

ISE

Switch

Peer

Groups

Mobility Group

MC MA

5760 or upgraded

WiSM2 / 5508

MA MA

Wired and wireless policies implemented

on CA switch

TECH-WLAN P2

MA

CAPWAP

Tunnels

Intranet

CAPWAP Mobility Tunnel

MA

LAN

Switch

Peer

Groups

MA

PI

MC MA

Implementation of End-to-End

Converged

Access

Deployment

MA MA

CAPWAP

Tunnels

5760 or upgraded

WiSM2 / 5508

MA

Inter-Controller (GA)

CAPWAP Tunnel

Inter-Controller

CAPWAP Tunnel

AP-MA CAPWAP Tunnel

802.11 Control Session

+ Data Plane

Catalyst CA switches

Notes

MC

– Mobility Controler

MA

– Mobility Agent

Cisco and/or its affiliates. All rights reserved. Cisco Public

Converged Access Deployments Recommendation

Supported vs Recommended Scalability

Centralized Overlay

Mobility Domain

Up to 14000 Devices / 1200 AP’s

WLC 5760 as External MC (max 2 MC)

MC

MC

MA

1

MA

2

MA

8

MA

1

MA

2

MA

8

3

(N) x independent Mobility Domains

Up to 4000 Devices / 100 AP’s per Mobility Domain

Mobility Domain

-

Up to 4000 Devices / 100 AP’s

Max 2 x 3850 MC

MC

MC

MA

1

MA

2

MA

8

MA

1

MA

2

MA

8

2

Mobility Domain -

Up to 2000 Devices / 50 AP’s

Max 1 x 3850 MC

1

Site - N

Site - 3

Site - 2

Site - 1

MC

MA

1

MA

2

MA

8

MC

MA

1

MA

2

MA

8

Mobility Domain 1, 2 or 3

4

MA

1

MC

MA

2

MA

8

Size of Mobility Domain

TECH-WLAN P2 Cisco and/or its affiliates. All rights reserved.

Size of Mobility Domain

Cisco Public

Converged Access

Scalability and Interoperability

– Centralized Mode

Centralized Mode Support

Centralized - APs

Centralized - Clients Supported

FlexConnect & Mesh Support

Centralized - Number of MCs in Mobility Domain

3650 / 3850 4K / Sup8-E

3.7.x SE

N/A

3.7.x SE

N/A

CT5760

3.7.x SE

(Supported /

Recommended *)

Yes

N/A

N/A

No

N/A

N/A

No

1000 / 600

12000 / 7000

No

CT5508

AireOS 7.6.x

& 8.0.x

Yes

500

7000

Yes

N/A N/A 72 / 2 72

WiSM2

AireOS 7.6.x

& 8.0.x

Yes

1000

15000

Yes

72

Centralized Design recommendation Summary

* Current recommended deployment design guidelines

.

TECH-WLAN P2 Cisco and/or its affiliates. All rights reserved. Cisco Public

For Your

Reference

Converged Access

Scalability and Interoperability

– Converged Access Mode

For Your

Reference

Mobility Controller Mode

APs Supported

Clients Supported

Mobility Agent Mode

Number of MC in Mobility

Domain

Number of MAs in Subdomain (per MC)

AP Scale (Per-Domain)

3650

3.7.x SE

(Supported /

Recommended *)

Yes

25

1000

Yes

8 / 2

16 / 8

200 / 50

3850

3.7.x SE

(Supported /

Recommended *)

3.7.x SE

(Supported /

Recommended *)

3.7.x SE

(Supported /

Recommended *)

Yes

50

2000

Yes

4K / Sup8-E

Yes

50

2000

Yes

CT5760

Yes**

1000 / 600

12000 / 7000

N/A

CT5508 WiSM2

AireOS 7.6.x

& 8.0.x

(Supported /

Recommended

*)

AireOS 7.6.x

& 8.0.x

(Supported /

Recommended *)

Yes Yes

500

7000

1000

15000

N/A N/A

8 / 2 8 / 2 72 / 2 72 / 2 72 / 2

16 / 8

250 / 100

Converged Access Design Recommendation Summary

* Current recommended deployment design guidelines

** CT5760 is the preferred external appliance to operate as MC

TECH-WLAN P2 Cisco and/or its affiliates. All rights reserved.

16 / 8

250 / 100

350 / 32

72000 / 1200

Cisco Public

350 / 32 350 / 32

36000 / 1000 72000 / 2000

Converged Access

Interoperability

– Hybrid Mode

Mixed MC (“CA” & Centralized) Mode

IRCM (Inter-Release Controller Mobility)

Guest Anchor Interoperability

- Guest Anchor Mode

- Foreign Anchor Mode

3650 / 3850

3.7.x SE

No

Yes

Yes

No

Yes

4K / Sup8-E

3.7.x SE

No

Yes

Yes

No

Yes

Hybrid Wireless Design Recommendation Summary

** CT5760 is the preferred external appliance to operate as MC

TECH-WLAN P2 Cisco and/or its affiliates. All rights reserved.

CT5760

3.7.x SE

Yes**

Yes

Yes

Yes

Yes

CT5508

AireOS 7.6.x

& 8.0.x

Yes

Yes

Yes

Yes

Yes

WiSM2

AireOS 7.6.x

& 8.0.x

Yes

Yes

Yes

Yes

Yes

Cisco Public

For Your

Reference

There are gaps that will remain even in Converged

Access 3.7 compared to CUWN

Device Support

1550 Series Outdoor AP (but 1572 is supported as an outdoor AP)

APs for the Stadium Antenna

AP Modules

Management

WEB GUI usability considerations

PI support for some features

TECH-WLAN P2

AP Modes

FlexConnect

Office Extend

Indoor & Outdoor Mesh

Key features

802.11u/MSAP/HS2.0

802.11v

Policy Tie-in to AVC & Bonjour

RF Profiles

Geo-separated Client SSO

Infrastructure IPv6

Cisco and/or its affiliates. All rights reserved. Cisco Public

Baseline Features Across AireOS and IOS

# Feature

1 AP Support

2

3

4

5

6

7

Regulatory Domain Support

RF Functionality RRM, CleanAir,

EDRRM, VideoStream, ClientLink

NBAR2

Policy Classification Engine

Guest Access (Lobby Ambassador)

Web-UI / PI

8

9

802.11r/11k/11w

WFA Certs, Federal Certs

10 Sleeping Clients

11 Outdoor AP support

AirOS 8.0 MR

All

Yes

Yes

Yes PP v11

Yes

Yes (SW/Software based)

Yes

Yes

Yes

Yes

Yes

IOS-XE 3.7

All 802.11n(except AP1250, 1550), All 11ac

Yes

Yes

Yes PP 8(Except dynamic protocol pack updates)

Yes

Yes (HW based, MQC, Bandwidth Fair sharing)

Yes

Yes

Yes

Yes

Yes

TECH-WLAN P2

Baseline features supported across AireOS and IOS

Cisco and/or its affiliates. All rights reserved. Cisco Public

Considerations for Selection Between AireOS and IOS

# Feature AirOS 8.0

10 Centralized Mode Performance

11 NetFlow

12 ACL

13 TrustSec

14 QoS

Medium(8/10 Gbps 5508/8510)

Yes (static partial Netflow templates only)

Yes (Dynamic)

Yes (SXP)

Yes (SW/Software based)

15 RF Profiles & Rx SOP

Yes

16 Wireless Modes(Flex, Mesh, OEAP) Yes

17 802.11u/v Yes

18 Security & Cellular Modules

19 IPv6

20 Bonjour

21 Bluetooth/BLE

22 High Availability

Yes

Yes (Native IPv6, Centralized mode only)

Yes( Per AP Location, Granular policies)

Yes

Yes (N+1, AP And Geo-Client SSO)

IOS-XE 3.7

High (60Gbps WLC5760)

Yes (FNF for Wireless and Wired)

Yes (Dynamic, Downloadable)

Yes (SGT/SGACL)

Yes (HW based, MQC, Bandwidth Fair sharing)

Future

Future

Future

Future

Yes (IPv6 Host, Static/Dynamic Routing, QoS, PBR)

Yes (RRM based location, IPv6 services)

Future

Yes (N+1, AP SSO and Multiple LAG)

Few areas where you need to consider carefully

TECH-WLAN P2 Cisco and/or its affiliates. All rights reserved. Cisco Public

Wireless Controller choices for your Campus

AireOS IOS-XE

5500 Controller

500 AP, 7K Clients

8 Gbps

WiSM2

1K AP, 15K Clients

20 Gbps

8510 Controller

6K AP, 64K Clients

10 Gbps

5760 Controller

1K AP, 12K Clients

60 Gbps

Cat3850/3650

50/25 AP, 2K/1k Clients

40/20 Gbps

Cat4500 Sup8

50AP, 2K Clients

20 Gbps

DEPLOY WHERE

The latest and greatest feature set is needed

You need Flexconnect, OEAP, Stadium, Mesh

High client density are a consideration

DEPLOY WHERE:

Consistent wired-wireless feature-set

Very High Thruput, Advanced QOS,

Downloadable ACL, Flexible Netflow

TECH-WLAN P2 Cisco and/or its affiliates. All rights reserved. Cisco Public

Přehled a porovnání jednotlivých

Cisco

WLAN řešení

-

WLAN pro pobočky

What is a Branch?

Full services or limited services?

Security and visibility requirement?

How many employees? What size?

Type of WAN bandwidth / resiliency?

Cookie cutter config in all branches?

SP provided/managed router or fully owned?

ISR

Enterprise

Campus/HQ

WAN

Guest Access? How and where? Branch Site

AAA?

Prime?

How do we add wireless?

TECH-WLAN P2 Cisco and/or its affiliates. All rights reserved. Cisco Public

Branch Office with Local WLAN Controller

Medium Branches with 10

– 25 APs

Overview

Branches can also have local controllers

Small or Mid-size Branch WLCs

CT-2504

Converged Access Cat-3850

Integrated controller modules in ISR/ISR-G2

WLC-25xx

Advantages

• Cookie cutter configuration for every branch site

• Layer-3 roaming within the branch

• IPv6 L3 Mobility

Remote Site A

TECH-WLAN P2 Cisco and/or its affiliates. All rights reserved.

Central Site

WAN

WLCM for

ISR/ISR-G2

Remote Site B

Cisco Public

Backup Central

Controller

CAPWAP

Cat-3850

Remote Site C

32

What do 25 APs cover exactly in a branch office?

Data + Voice coverage per AP: 230 m² per

Cisco’s guidelines

25 AP * 230m² = 5750 m² branch

Assuming 10 m² per employee (including all shared areas like lobby, restrooms, kitchen

…) per the ILO (International Labor

Organisation):

This is an up to 575 employees branch office!

If you consider an average of 1.6 wireless devices per employee to be the norm now, this means a little less (920) than the

1000 devices limit of the 3650 in this branch. of 40 devices per AP

TECH-WLAN P2 Cisco and/or its affiliates. All rights reserved. Cisco Public

Branch Office with Local WLAN Controller

AireOS vs Converged Access

Traditional Deployment

Dedicated WLC (2504 upto 75 APs)

Multiple OS/devices to manage

1 Gbps of Wireless traffic

Up to 1000 wireless clients

Cat3650 as Branch Controller

Cat. 3650 terminates wired and wireless traffic

– 40 Gbps Wireless

Up to 1000 W&Wless clients, 25 APs

Full IOS based branch, HA capable

Priced at par vs. traditional solutions

DMZ

Prime

ISE

Guest

Anchor

DMZ

Prime

ISE

Guest

Anchor

3650

*

vs.

2K-X

**

2K-XR

***

WLC

2504

Catalyst

2960X®

WAN

ISR

2900/3900

Catalyst

3650

WAN

ISR AX

5

29%

10

24%

15

10%

20

9%

25

1%

-9%

-8%

-13%

-12%

-15%

* 24 Port PoE IP Base w/1G UpL

** LAN Base + 2504 WLC

*** IP Lite + 2504 WLC

34

34

Guest

Guest

Cisco Public

Cisco Mobility Express Bundle

!

Simplify Day 0 configuration with

Over-The-Air Provisioning

 Cisco’s leading enterprise features available for smaller deployments

*For AP1700, *x = Regulatory domain: A,C,D, E, F,H,I, K, N, Q,S,T,Z

TECH-WLAN P2 Cisco and/or its affiliates. All rights reserved.

Aggressive pricing on both products and service

Outsell competition for small to mid-size deployments

Cisco Public

!

Branch Offices with Centralized WLAN Controller

Small Branches with <10 APs

Central Site

FlexConnect (HREAP)

Hybrid architecture

Single management and control point

Data Traffic Switching

Centralized traffic (split MAC)

Local traffic (local MAC)

HA will preserve local traffic only

Traffic Switching is configured per AP and per WLAN (SSID)

Mostly deployed over a WAN

RTT below 300 ms for data (100 ms for voice)

Minimum 500 bytes WAN MTU (with max four fragmented packets)

TECH-WLAN P2 Cisco and/or its affiliates. All rights reserved.

Centralized

Traffic

WAN

Local

Traffic

Cisco Public

Centralized

Traffic

Remote Office

36

FlexConnect Design Considerations

FlexConnect Considerations

• Local switching will impact availability of some features; other features are not impacted

• Local authorization will impact many features; other features don’t care

----------------- Connected ---------- |

Standalone

Feature Limitations In Standalone mode and Local Switching

• MAC/Web Auth in Standalone Mode

• IPv6 Mobility and First Hop Security (RA Guard is supported)

• SXP TrustSec

• Application Visibility and Control

- Coming in 8.1

• Service Discovery Gateway

• Native Profiling and Policy Classification

See full list in « FlexConnect Feature Matrix »

http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a0080b3690b.shtml

TECH-WLAN P2 Cisco and/or its affiliates. All rights reserved. Cisco Public

37

FlexConnect Design Considerations

WAN Limitations Apply

For Your

Reference

Deployment

Type

Data

Data

Data

Data+Voice

Data+Voice

Monitor

Monitor

WAN

Bandwidth

(Min)

64 kbps

640 kbps

1.44 Mbps

128 kbps

1.44 Mbps

64 kbps

640 kbps

WAN RTT

Latency (Max)

300 ms

300 ms

1 sec

100 ms

100 ms

2 sec

2 sec

Max APs per

Branch

5

50

50

5

50

5

50

Max Clients per

Branch

25

1000

1000

25

1000

N/A

N/A

TECH-WLAN P2 Cisco and/or its affiliates. All rights reserved. Cisco Public

38

Converged Access vs FlexConnect

Architecture comparison: the differences

Converged Access (3x50) Function

Control and data plane separation

Control and data plane termination

Wired and Wireless traffic

MC and MA functionalities are used

Both terminated at the switch

True wireless and wired convergence

For Your

Reference

FlexConnect (local switching)

Controller handles the Control plane, AP the data plane

Control Plane terminated at the WLC (300ms max RTT requirement), AP bridging for data traffic

Local access switch sees wireless traffic as if it was wired traffic through a bridge

Dot1x Authentication

L2/L3 Seamless Roaming

Switch acts as dot1x Authenticator for wireless and wired

All supported

WLC or AP is authenticator for wireless

Fast Roaming Supported

Only L2 roaming supported

Supported within the FlexConnect Group (different scalability for different controller platforms)

Subnetting definition

QoS policies Enforcement point

Security Enforcement point

WAN dependencies

TECH-WLAN P2

Flexibility of having wireless in same or different VLANs per wiring closet

Local switch and same for wired and for wireless

Local switch and same for wired and for wireless

No WAN dependencies for Wireless service

Cisco and/or its affiliates. All rights reserved.

Same VLAN is required for seamless roaming

WLC, AP or access switch, and usually different for wireless and wired

WLC, AP or access switch, and usually different for wireless and wired

Different requirements based on type of traffic (voice, data, monitor Aps only)*

Cisco Public

Converged Access vs FlexConnect

Feature comparison: the differences

Feature (*)

All AP modes (Mesh, Flex, OEAP)

3650 / 3850 in the Branch

Not supported (roadmap), and only 11n+

APs

Supported 802.11r Fast Secure Roaming

No service interruption upon controller failure

(***)

AP SSO is supported within stack

Vlan Select (interface Group)

Downloadable ACL

Security Group Tag (SGT) and Security Group

ACLs (SGA)

IPv6 client Mobility

Advanced Modular QoS and QoS override

Netflow

VideoStream (multicast to unicast)

Application Visibility and Control

Bonjour Services

TECH-WLAN P2

Supported

Supported

Supported

Supported

Supported

Supported

Supported

Supported

Supported

Cisco and/or its affiliates. All rights reserved.

Supported

Supported

For Your

Reference

Flex (**) Local Mode

Supported (Mesh and Flex since 8.0)

Not supported

Not supported (Airespace ACL)

Not supported

Not supported

Not supported

Not supported

Supported

Not Supported (planned for 8.1)

Supported

Cisco Public

FlexConnect Feature Introduction

FlexConnect Features

AAA-VLAN Override, ALCs & P2P Blocking

Smart AP Image Upgrade

External Web-Auth & Mobile Device On-boarding

VLAN Based Central Switching

Split-tunneling

Work Group Bridge (WGB) Support

Bi-Directional Rate Limiting

ISE BYOD Registration & Provisioning

AAA-ACL & AAA-QoS Override

EAP-TLS & PEAP Support for Local Authentication

Ethernet Fallback

VideoStream for Local Switching

Faster time to deploy

FlexConnext on Mesh APs

AVC for FlexConnect

TECH-WLAN P2

VLAN Name override for FlexConnect

Cisco and/or its affiliates. All rights reserved.

Release Version

7.2

7.2

7.2

7.3

7.3

7.3

7.6

8.0

8.0

8.0

7.4

7.4

7.5

7.5

8.1

8.1

Cisco Public

For Your

Reference

41

Understanding FlexConnect AP Groups

Overview

AP Groups is a logical concept of grouping AP’s which deliver similar

Wi-Fi services; these services can be:

By physical location, and/or

By functional services

(data, voice, guest

, …)

AP Group 1

Same AP groups need to be defined in all

WLC’s of a mobility group

Remote Site A

Scaling

# AP Groups

# WLAN

(SSID)

# VLAN

(Interfaces)

7500/8500

6000

512

4095

CT-5508

500

512

512

WiSM-2

1000

512

CT-2504

50

16

512 16

AP Group 2

Central Site

Flex 7500

WAN

Remote Site B

AP Group 3

TECH-WLAN P2 Cisco and/or its affiliates. All rights reserved. Cisco Public

42

Understanding FlexConnect Groups

Overview

FlexConnect groups allow sharing of:

CCKM/OKC fast roaming keys

Local/backup RADIUS servers IP/keys

Local EAP authentication

AAA-Override for Local Switching

Smart Image Upgrade

FlexConnect AVC (8.1)

Scaling

FlexConnect

Groups

AP per Group

Flex

7500/

8500

2000

100

CT-5508 WiSM2 CT-2504

100

25

100

25

30

25

Remote Site

FlexConnect Group 1

TECH-WLAN P2 Cisco and/or its affiliates. All rights reserved. Cisco Public

Central Site

WAN

Flex 7500

Cluster

Remote Site

FlexConnect Group 2

43

FlexConnect AAA VLAN Override

AAA VLAN Override with local or central authentication

Up to 16 VLANs per FlexConnect AP

VLAN ID must be enabled per AP or

FlexConnect Group

If VLAN ID does not exist, default VLAN is used, unless « VLAN Based Central

Switching » enabled

Starting from 7.5 AAA override for

QoS is also supported.

RADIUS

Central Site

VLAN 3

QoS = Platinum

WAN

Application

Server

Remote Site

Starting from 7.2

FlexConnect Group

Cisco Public TECH-WLAN P2 Cisco and/or its affiliates. All rights reserved.

44

Coming in 8.1

FlexConnect - VLAN Name AAA Override

Central Site

Aire-Interface-Name or

IETF Tunnel-Private-Group-ID

VLAN NAME=

Marketing

WAN

Application

Server

Remote Site

Remote Site

VLAN 20

VLAN Name VLAN ID

Engineering 10

Marketing

Sales

20

30

Remote Site A

Cisco and/or its affiliates. All rights reserved.

VLAN 21

Remote Site B

Cisco Public TECH-WLAN P2

VLAN Name VLAN ID

Engineering

Marketing

Sales

11

21

31

FlexConnect on Mesh APs

New AP mode that allows

Flexconnect behavior across mesh-enabled AP

Per SSID

Flexconnect Groups

Max 8 Mesh hops,

Max 32 MAPs per RAP

Local AAA support

A WLC have a mix of Bridge and Flex + Bridge

MAPs inherent VLANs from its connected RAP

TECH-WLAN P2 Cisco and/or its affiliates. All rights reserved.

Starting from 8.0

Centralized

Traffic

Central Site

WAN

Local

Traffic

Local Data WLAN

Central Data WLAN

Cisco Public

Remote

Office

46

AVC on FlexConnect APs

Coming in 8.1

Katana

Gen2 AP

BRANCH

Netflow Export from AP to WLC

Real-time information for last 90 seconds

Stateful context transfer on roam

WAN

Gen2 AP

Flow ID

1

2

3

App Name

WebEx

Msft-Lync

Skype

Packets

1000

2300

660

TECH-WLAN P2

STATIC NETFLOW TO

CPI OR THIRD PARTY

NETFLOW COLLECTOR

NBAR2 (1000+ Applications) and Netflow will be ported onto Access Points!

Stateful context transfer will be supported for intra FlexConnect Group roams

Cisco and/or its affiliates. All rights reserved. Cisco Public

Summary: What shall I consider for Branch WLAN?

Multiple options exist, depending on the type and size of branch

1 AP: OfficeExtend / Autonomous, CVO Router

Up to 10 APs: FlexConnect with vWLC, 7500 or 5508/WiSM-2

Up to 25 APs: Converged Access, FlexConnect, Local 2504 bundles

2500

Branch Controller On-Premise

Virtual WLC e.g.

UCS-E on ISR G2

Catalyst

3650

Catalyst

3850

Controller in DC

Virtual

Controller

Flex 7500

5 to 75 APs

1000 clients

1 Gbps

5 to 200 APs

3000 clients

500 Mbps

1-25 APs per switch/stack

(Directly connected APs)

1000 clients per stack

40 Gbps per switch

1-50 APs per switch/stack

(Directly connected APs)

2000 clients per stack

40 Gbps per switch

5 to 200 APs

3000 clients

500 Mbps

300 to 6000 APs

64,000 clients

1 Gbps central

TECH-WLAN P2 Cisco and/or its affiliates. All rights reserved. Cisco Public

Vybraná témata v kontextu

WLAN architektur

Wireless QoS

Access Categories Act like Transmit Queues

EDCA Timers

Access Categories Act like Transmit Queues

802.11e - when wireless frames are transmitted, a 3-bit QoS value known as the

User Priority (UP) is written into the 802.11

L2 frame

This is used to classify wireless traffic and place the frames in the correct AC

TECH-WLAN P2 Cisco and/or its affiliates. All rights reserved.

EDCA / WMM AC Name 802.11e UP Value

Voice 6, 7

Video 4, 5

Best Effort

Background

0, 3

1, 2

Cisco Public

50

AireOS QoS Profile Marking Logic Example

Platinum Profile

– Voice Stream

UP

6

DSCP Payload

46

DSCP

46

CAPWAP Encapsulated

802.1p

802.11

DSCP Payload

46

5

DSCP

46

CAPWAP Encapsulated

802.11

DSCP Payload

46

802.1p

DSCP Payload

5

46

AP

Access mode

AP

802.1Q Trunk

WLAN Controller

802.1Q Trunk

Ethernet Switch

UP

6

DSCP Payload

46

TECH-WLAN P2

AP

DSCP

46

CAPWAP Encapsulated

802.1p

DSCP

UP DSCP Payload

6

46

5

46

CAPWAP Encapsulated

UP DSCP Payload

6

46

Cisco and/or its affiliates. All rights reserved.

46 = EF

Cisco Public

802.1p

DSCP Payload

5

46

A Closer Look: MS Lync QoS Mappings

*Note: Lync DSCP is set globally by Group Policy

MS Lync DSCP is set by?

Group Policy (part of a domain)

Policy-Based QoS on Client (when not part of domain)

TECH-WLAN P2

On Microsoft platforms, 3 MSB of DSCP is used to derive UP

This is hard-coded, and cannot be changed!

On Apple, DSCP has no connection to UP value

Likely is assigned based on traffic type

(e.g. RTP = UP 5))

Cisco and/or its affiliates. All rights reserved. Cisco Public

52

Cisco AVC - Key Points To Know (AireOS + IOS-XE)

Client behavior partly depends on OS and application

AVC helps you bring predictable behavior to most traffic

TECH-WLAN P2 Cisco and/or its affiliates. All rights reserved. Cisco Public

Coming in 8.1

Lync SDN Integration with WLC

Classify Lync Voice, Video, Desktop Sharing and File

Transfer

Automate QoS policy to control any given Lync call.

Supports 5508, WISM2 and 8510 controller and HA.

Supports L2/3 roaming where policy and call info are maintained.

In Mobility group, all Controllers register with SDN server and show same call data across all controllers

Data Plane

Report/Monitor and assist with diagnostics of endpoint detail:

Call status

Call type

Source/Destination

URIs

MOS

Jitter

Call Duration

Policy

Applied to

LYNC call from WLC

Control Plane

Client

Lync Call

Cisco Public TECH-WLAN P2 Cisco and/or its affiliates. All rights reserved.

MS Lync Server

HTTP

Daemo n

Client

Network

Lync Configuration - WLAN QoS

WLAN QoS Configuration:

config wlan lync priority audio/video/desktop-sharing/filetransfer Bronze/Silver/Gold/Platinum <wlan-id>

(Cisco Controller) >show WLAN 1

Local Policy

----------------

Priority Policy Name

-------- ---------------

Lync State ..................................Enabled

Audio QoS Policy................................. Silver

Video QoS Policy................................. Silver

Desktop Sharing QoS Policy.................Silver

File Transfer QoS Policy.......................Silver

TECH-WLAN P2 Cisco and/or its affiliates. All rights reserved. Cisco Public

Coming in 8.1

MS Lync

– Wireless Deployments

Wireless client with MS Lync is NOT ROAMING during

the call!!!

The

Lync application sets “streaming mode” in the classic API and

“VoIP mode” in the Metro API for real-time communication which disables wireless background scanning. This will cause the wireless client to try to stay connected to an AP when a better option would be to roam to an AP with a better signal. The end result can be choppy audio and video in the Lync session when the user is mobile

Source:

http://www.microsoft.com/en-us/download/details.aspx?id=36494

TECH-WLAN P2 Cisco and/or its affiliates. All rights reserved. Cisco Public

Wireless Controller HA: Deployment Modes

Autonomous FlexConnect Centralized Converged Access

WAN

Standalone APs Traffic Distributed at AP Traffic Centralized at Controller

Traffic Distributed at Switch

Target

Positioning

Small Wireless Network Branch Campus Branch and Campus

Scope

High

Availability

Wireless only

Can only claim AP quality

No RF HA

No Network layer HA

No services

Wireless only

Full RF HA

Client SSO when Local

Switching

Wireless only

Most complete solution

Key

Considerations

Limited features. Upgradable to controller based

TECH-WLAN P2

Branch with WAN BW and latency requirements

Full features

Cisco and/or its affiliates. All rights reserved.

Catalyst 3650/3850 in the access

Cisco Public layer

Wired and Wireless

Exploits HA in IOS switches

Network Infrastructure HA

Connecting an AP to the wired network

Recommendations

• Create redundancy throughout the access layer by homing APs to different switches

• If the AP is in Local mode, configure the port as access with SPT PortFast, BPDU guard, etc.

• If the AP is in Flex mode and Local

Switching, configure the port as trunk and allow only the VLANs you need

TECH-WLAN P2 Cisco and/or its affiliates. All rights reserved. Cisco Public

58

Network Infrastructure HA

Connecting a Controller to the wired network: options

1) To a single Modular Switch or StackWise

Use EtherChannel (EC)/LAG

2/4/8 ports in a bundle to optimize load sharing

Spread ports across Line Cards/Stack members

2) To a VSS pair

Same as Option 1

Spread ports across VSS members

3) To a pair of Distribution switches

Not supported by single AireOS Controllers

Use Multiple EtherChannel/LAG

Use STP (recommended) or FlexLink (5760-WLC only)

L2 trunk connections to Distribution switches

WLC

WLC

WLC

TECH-WLAN P2 Cisco and/or its affiliates. All rights reserved. Cisco Public

Modular

Switch/Stack

VSS pair

Switch pair

High Density - The New Normal

High Density

How many devices have you got today?

High Performance

Smartphone, Laptops,

Tablets?

TECH-WLAN P2 Cisco and/or its affiliates. All rights reserved. Cisco Public

High Quality

No coverage holes

60

Why High Client Density?

Wireless is the preferred option in edge technology (last mile)

Started with stadiums/arenas but with users carrying up to 3 devices

High Density is everywhere

The explosion of smart devices and increasing connection counts per seat are everywhere

– spectrum is precious

Application are more throughput hungry

Even with the fantastic advances - wireless is still a shared

Half Duplex medium and requires efficient spectrum use to succeed (decreasing channel utilization is key)

Design for the future, not the now! Expect every wired client on your network to convert to wireless over the next few years

TECH-WLAN P2 Cisco and/or its affiliates. All rights reserved. Cisco Public

61

Review HD Wi-Fi -- Best Practices

Solid RF Design

Constrain RF

Directional Antennas,

Down-Tilt

Good RF

Layout/Design:

Channels, Tx Power

– Enough AP’s in right location

Design for 5GHz

Eliminate Interference

Rogues (Wi-Fi) and Non-

Wi-Fi Interference (Clean

Air)

Disable Low Data

Basic Tuning

Minimize number of

SSIDs

Rates

Helps with Sticky

Clients, Improves capacity

Band Steering

Push dual-band clients to 5 GHz

RF Profiles

Advanced

Rx-SOP Tuning

Greatly improves capacity by reducing co-channel impact

Also reduces sticky clients

Optimized Multicast

Video

Optimized Roaming

2700’s and 3700’s http://www.cisco.com/c/en/us/solutions/enterprise/design-zone-mobility/density_wireless.html#~overview

TECH-WLAN P2 Cisco and/or its affiliates. All rights reserved. Cisco Public

RF Profiles Recommended Values

TECH-WLAN P2

Dependency Typical

(Enterprise - default profile)

High Density

(Throughput)

Low Density

(Coverage

Open Space)

Legacy

(if disabled RF opt)

TPC

Threshold

Global per band

Specific RF Profile per band

TPC Min

Global per band

Specific RF Profile per band

TPC Max

Global per band

Specific RF Profile per band

Rx

Sensitivity (r xsop)

Global per band

(Advanced Rx Sop)

RF profiles

Coverage

RSSI

Threshold

Global per band data and voice RSSI in (Coverage)

RF Profile

CCA

Threshold

Global per band

802.11 a only (hidden)

RF Profile default default default default default default

-65 dBm (5GHz)

-70 dBm(2.4GHz)

7 dBm default

Medium default default

-60 dBm (5GHz)

-65 dBm(2.4 GHz) default default low

Higher default default default default default default default

Cisco and/or its affiliates. All rights reserved. Cisco Public

For Your

Reference

RF Profiles Recommended Values

TECH-WLAN P2

Dependency Typical

(Enterprise - default profile)

Coverage

Client

Count

Global Per band

(Coverage Exception)

RF Profiles (Coverage

Hole Detection) default

Data Rates

Global per band

(network)

RF Profiles

Band Select

Per WLAN basis

SI

ED-RRM

PDA

Global per band (Clean

Air )

Global per band (DCA)

Global per band

(802.11a/802.11b channel…)

Load

Balancing

DCA

Sensitivity

Per WLAN basis

Channel

Global per band (DCA)

RF Profiles

12 Mbps mandatory

9 supported

1,2, 5.5, 6, 11

Mbps disable

Enable

Enable

Disable

Enable

Disable default default

Cisco and/or its affiliates. All rights reserved.

High Density

(Throughput) default

12 Mbps mandatory

9 supported

1,2, 5.5, 6, 11

Mbps disable

Enabled

Enable

Disable

Enable

Enabled

High default

Low Density

(Coverage

Open Space)

Lower

(1-3)

CCK rates enable

1,2, 5.5, 6,

9,11,12 Mbps enable

Disable

Enable

Disable

Enable

Disable

High default

Cisco Public

Legacy

(if disabled RF opt) default default

Enable

Enable

Disable

Enable

Disable default default

For Your

Reference

Pre-built RF profiles

Client Density specific pre-built RF profiles for 2.4 GHz and 5GHz Bands

– to be used with AP Groups

New in

AireOS 8.1

TECH-WLAN P2 Cisco and/or its affiliates. All rights reserved.

Pre-built RF profiles for use with AP Groups

Cisco Public

Internet of Everything / Internet of Things

TECH-WLAN P2 Cisco and/or its affiliates. All rights reserved. Cisco Public

66

Cisco Internet of Things Portfolio

Manufacturing Mining Energy-Utility Oil and Gas Transportation City Defense SP/M2M

Connected Factory

Connected Train

City Safety and Security

Energy Distribution Automation

Connected Well

Industrial

Switching

IE 2000

IE 3000

CGS2000

IP67

IE 5000

IE

4000

Industrial

Routing

CGR 2000

ASR 903

Industrial

Wireless

Field AP - 1552

Industrial AP

(Rockwell)

Field AP - IW 3700

802.11ac

Positive Train Control

Field

Network

CGR 1000

819H

IR910

IR 509

829H

809H

Embedded

Networks

5900 ESR,

ESS 2020

Switches

5921 ESR

Software

Router

Connected Safety

& Security

Video

Surveillance

Manager and

IP Cameras

Physical

Access

Manager

Digital Media

DMM

Digital Media

Manager

Digital Media

Processors

IoT Security

Application Enablement [Fog Computing/IOx]

Management

TECH-WLAN P2 Cisco and/or its affiliates. All rights reserved. Cisco Public

67

Wireless Architectures for Manufacturing

Autonomous Architecture

Unified Architecture

WLC

Controller

HMI

WGB

Autonomous

AP

SSID1

5 GHz

Controller

TECH-WLAN P2

EtherNet/IP

WGB

Controller

WGB

Controller

SSID2

5 GHz

Autonomous

AP

Controller

WGB

Controller

Controller

HMI

EtherNet/IP

EtherNet/IP

WGB

LWAP

LWAPP

SSID1

5 GHz

WGB

LWAP

LWAPP

LWAP

LWAPP

WGB

LWAP

LWAPP

SSID2

5 GHz

WGB

Controller

Controller Controller

Controller

Cisco and/or its affiliates. All rights reserved. Cisco Public

Cisco Meraki WLAN řešení

A journey to network simplification

TECH-WLAN P2

You are Here

Cisco and/or its affiliates. All rights reserved. Cisco Public

70

Meraki Video

– “Meet Dave the IT guy ”

Cisco on Premise and Cloud-Managed

Primary positioning

Cisco On Premise Networking

• Flexible deployment and configuration options

• Highly customizable and advanced feature set

• Advanced professional services, extended support

• Extensive integration capabilities

Network-As-A-Platform

Cisco Cloud Managed Networking

• Easy to deploy and manage over the web

• Out-of-the-box optimized feature set

• Ongoing managed upgrades and enhancements

• Optimized for lean IT, with limited requirement for 3 rd

Party integration

Network-As-A-Service

TECH-WLAN P2 Cisco and/or its affiliates. All rights reserved. Cisco Public

Today: 100% cloud managed edge networking

Cisco Meraki MR

Wireless

LAN

TECH-WLAN P2

Cisco Meraki MX

Security

Appliances

Cisco and/or its affiliates. All rights reserved.

Cisco Meraki MS

Ethernet

Switches

Cisco Public

Cisco Meraki SM

Mobile Device

Management

Cloud-managed networking architecture

Network endpoints securely connected to the cloud

Cloud-hosted centralized management platform

Intuitive browser-based dashboard

TECH-WLAN P2 Cisco and/or its affiliates. All rights reserved. Cisco Public

Out of band cloud management

WAN

TECH-WLAN P2

Management data (1 kb/s)

Scalable

Unlimited throughput, no bottlenecks, scale to any size

Add devices or sites in minutes

Reliable

Highly available cloud with multiple datacenters

Network functions even if connection to cloud is interrupted

Secure

No user traffic passes through cloud

Fully HIPAA / PCI compliant (level 1 certified)

3rd party security audits, daily penetration testing

Future-proof

New features pushed through firmware, guided by customer feedback

Automatic firmware and security updates (user-scheduled)

Reliability and security information at meraki.cisco.com/trust

Cisco and/or its affiliates. All rights reserved. Cisco Public

The EU Cloud

EU privacy laws limit the transfer of private data out of the EU

Meraki EU Cloud features local datacenters: Frankfurt, Munich,

Dublin

Management info, user traffic analytics, location data never leave the EU

Scalable, secure networks that comply with EU privacy regulations

TECH-WLAN P2 Cisco and/or its affiliates. All rights reserved. Cisco Public

All-in-one solution

– Network as a Service (NaS)

Meraki solution =

Hardware

+

License

1:1 ratio of hardware : license

1-yr, 3-yr, 5-yr, 7-yr, and 10-yr options

All licenses co-terminate

Cloud-based solution includes:

Centralized management and network-wide visibility and control

Seamless firmware and security updates

Phone support and lifetime warrantee (except outdoor APs)

Cisco and/or its affiliates. All rights reserved. Cisco Public TECH-WLAN P2

Zero-touch installation and configuration

Customer Site

MSP NOC

Unbox & Plug-in

TECH-WLAN P2 Cisco and/or its affiliates. All rights reserved.

1. Configure network once

2. Enter PO# into Customer Network

Cisco Public

MR wireless access points

Feature highlights

BYOD policies

Application traffic shaping

Guest access

Enterprise security

WIDS / WIPS

Location analytics

7 models

including indoor / outdoor, high performance and value-priced

Enterprise-class silicon

including RF optimization, PoE, voice / video support

Lifetime warranty

on indoor APs

TECH-WLAN P2 Cisco and/or its affiliates. All rights reserved. Cisco Public

MR Wireless Access Points Family

Indoor

APs

MR18 MR26

2 Stream Triple-Radio

802.11a/b/g/n

3 Stream Triple-Radio

802.11a/b/g/n

600 Mbit/s 900 Mbit/s

Lifetime warranty on indoor APs

MR32

2 Stream Quad-Radio

802.11ac

1.2 Gbit/s

MR34

3 Stream Triple-Radio

802.11ac

1.75 Gbit/s

Outdoor

APs

MR66

2 Stream Dual-Radio

802.11a/b/g/n

600 Mbit/s

MR72

2 Stream Quad-Radio

802.11ac

1.2 Gbit/s

TECH-WLAN P2 Cisco and/or its affiliates. All rights reserved. Cisco Public

81

Intuitive, browser-based Dashboard

Wired + wireless

User fingerprints

Application

QoS

TECH-WLAN P2

Live tools enable extensive remote-troubleshooting

Cisco and/or its affiliates. All rights reserved. Cisco Public

Instant search

Client location

Real-time control

Bring your own device (BYOD)

Out-of-the-box security, management, and capacity for

BYOD-ready deployments

Device-aware security

Integrated MDM

Simplified onboarding

Device-aware firewall and access control; Antivirus scan; LAN isolation;

Bonjour Gateway; Content and security filtering

Enforce encryption, passcodes, and device restrictions; Deploy enterprise applications; Remotely lock or wipe devices

Flexible authentication with AD integration, SMS authentication, hosted splash pages, and automatic MDM enrollment

TECH-WLAN P2 Cisco and/or its affiliates. All rights reserved. Cisco Public

Rich, Integrated Reporting

- Deep insight into network usage:

- Number of devices, device types (iPhone, Android, iPads, etc.)

- Application traffic statistics

- Network stats summarized automatically

- Monthly email reports to share with faculty and teachers

TECH-WLAN P2 Cisco and/or its affiliates. All rights reserved. Cisco Public

Guest Access

Cisco and/or its affiliates. All rights reserved.

Access control

– Open, WPA2-PSK, Guest Ambassador

– Secure LAN isolation in 1 click

– VLAN tagging

Click through splash pages

– Show logo, terms of use

Bandwidth and content restrictions

– Application traffic shaping (limit P2P)

– Adult content filtering

Time-based SSIDs

Cisco Public TECH-WLAN P2

Network resiliency with local RADIUS on each AP

When internet connectivity is lost clients can still authenticate due to local RADIUS running on each AP

RADIUS

Eliminates single point of failure for authentication

RADIUS

LDAP/AD server

Cached

Credentials

Resilient to WAN loss

Provides resiliency for mission-critical networks

Clients can authenticate even without internet connectivity

TECH-WLAN P2 Cisco and/or its affiliates. All rights reserved. Cisco Public

Branch-Office Network Topology and Out-of-Band Management

TECH-WLAN P2 Cisco and/or its affiliates. All rights reserved. Cisco Public

VPN Branch to Central site

TECH-WLAN P2 Cisco and/or its affiliates. All rights reserved. Cisco Public

Typical Customer Deployment Example

Hospitality

Cisco Enterprise Networking

Cisco Cloud-Managed Networking

Customer

Profile

Key

Considerations

Largest resort and casino owner in the Las

Vegas strip covering Bellagio, Mandalay Bay,

MGM Grand, The Mirage.

• 1000’s of AP per property

Network as a platform for Guest Services

Advanced Integration with existing IT systems

Location aware Connected Mobile Experience

Custom Integration with ThinkSmart and

Mobility Services Engine

Large number of distributed hotel sites (Motel 6) with Lean IT per hotel site

15 APs per site, across 600+ sites.

Seamless Scalability Across Distributed

Sites

Lean IT supports tens of thousands of devices

Deploy policies across thousands of branches,

APs, or switch ports

Seamlessly add capacity on-demand

TECH-WLAN P2 Cisco and/or its affiliates. All rights reserved. Cisco Public

VYHRAJTE Cisco Meraki AP,

Apple nebo Android hodinky nebo dokonce tropickou dovolenou

Meraki Challenge

Závěr

Unified Access: Wireless Deployment Options

Cisco Cloud Managed

Prime

Cisco Unified Access: 1 Architecture, 4 Deployment Modes, Same APs

ISE

Dashboard

WAN Intranet

CLOUD MANAGED

AUTONOMOUS FLEX CONNECT CENTRALIZED CONVERGED

Common OS

Lean IT

Mid-Market / Distributed

Enterprise

Intended for static installations

SP and Hotspots

Data center hosted controller

Distributed enterprises

Premise-based controller

Traditional Overlay Model

Highly Scalable

Common IOS

Consistent

Wired/Wireless

Highest performance

TECH-WLAN P2 Cisco and/or its affiliates. All rights reserved. Cisco Public

Cisco Enterprise and Cloud-Managed

Primary positioning

Cisco Enterprise Networking

• Flexible deployment and configuration options

• Highly customizable and advanced feature set

• Advanced professional services, extended support

• Extensive integration capabilities

Network-As-A-Platform

Cisco Cloud Managed Networking

• Easy to deploy and manage over the web

• Out-of-the-box optimized feature set

• Ongoing managed upgrades and enhancements

• Optimized for lean IT, with limited requirement for 3 rd

Party integration

Network-As-A-Service

TECH-WLAN P2 Cisco and/or its affiliates. All rights reserved. Cisco Public

Q & A

Prosíme, ohodnoťte tuto přednášku - TECH-WLAN P2

• Děkujeme

94

Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement