advertisement
[ ]
INTEROPERABILITY REPORT
Ascom i62
Cisco WLC Plattform AP1140/1250/1260/1600/1700/2600/2700/2800
3500/3600/3700/3800
Cisco WLC Version 8.3.121
Ascom i62 and OEM derivatives 5.5.0
Ascom, Gothenburg
July 2017
Interoperability Report - Ascom i62 – Cisco WLC
2017-07-14
1
TABLE OF CONTENT:
INTRODUCTION ........................................................................................................................... 3
About Ascom ............................................................................................................................ 3
About Cisco .............................................................................................................................. 3
SITE INFORMATION .................................................................................................................... 4
SUMMARY AND TEST RESULTS ................................................................................................ 5
Known issues and limitations .................................................................................................... 6
Compatibility information .......................................................................................................... 6
APPENDIX A: TEST CONFIGURATIONS .................................................................................... 7
Cisco WLC 5508 Version 8.3.121 ............................................................................................. 7
Security settings (PSK) ......................................................................................................... 7
802.1X authentication (PEAP-MSCHAPv2). ......................................................................... 8
EAP-FAST using an internal authentication server. ............................................................ 11
General settings (QoS, Radio) ............................................................................................ 14
Ascom i62 ............................................................................................................................... 21
Innovaphone IP6000 (IP PBX) ................................................................................................ 23
APPENDIX B: DETAILED TEST RECORDS .............................................................................. 24
Interoperability Report - Ascom i62 – Cisco WLC
2017-07-14
2
INTRODUCTION
This document describes necessary steps and guidelines to optimally configure the Cisco WLC platform with Ascom i62 VoWiFi handsets.
The guide should be used in conjunction with both Cisco and Ascoms configuration guide(s).
About Ascom
Ascom is a global solutions provider focused on healthcare ICT and mobile workflow solutions. The vision of Ascom is to close digital information gaps allowing for the best possible decisions – anytime and anywhere. Ascom’s mission is to provide mission-critical, real-time solutions for highly mobile, ad hoc, and time-sensitive environments. Ascom uses its unique product and solutions portfolio and software architecture capabilities to devise integration and mobilization solutions that provide truly smooth, complete and efficient workflows for healthcare as well as for industry, security and retail sectors.
Ascom is headquartered in Baar (Switzerland), has subsidiaries in 15 countries and employs around
1,300 people worldwide. Ascom registered shares (ASCN) are listed on the SIX Swiss Exchange in
Zurich.
About Cisco
Cisco (NASDAQ: CSCO) is the worldwide technology leader that has been making the Internet work since 1984. Our people, products and partners help society securely connect and seize tomorrow's digital opportunity today. Discover more at thenetwork.cisco.com and follow us on Twitter at @Cisco.
Interoperability Report - Ascom i62 – Cisco WLC
2017-07-14
3
SITE INFORMATION
Test Site:
Ascom US
300 Perimeter park drive
Morrisville, NC, US-27560
USA
Participants:
Karl-Magnus Olsson, Ascom HQ, Gothenburg Sweden
TEST TOPOLOGY
Interoperability Report - Ascom i62 – Cisco WLC
2017-07-14
4
SUMMARY AND TEST RESULTS
Please refer to Appendix B for detailed results.
WLAN Controller Features
High Level Functionality
Association, Open with No Encryption
Association, WPA2-PSK, AES Encryption
Association, PEAP-MSCHAPv2 Auth., AES Encryption
Association with EAP-FAST authentication
Association, EAP-TLS
Association, Multiple ESSIDs
Beacon Interval and DTIM Period
PMKSA Caching
WPA2-opportunistic/proactive Key Caching
WMM Prioritization
Active Mode (load test)
802.11 Power-save mode
802.11e U-APSD
802.11e U-APSD (load test)
*) Enabled by default
Roaming
High Level Functionality
Roaming, Open with No Encryption
Roaming, WPA2-PSK, AES Encryption
Result
OK
OK
OK
OK
OK
OK
OK
OK*
OK*
OK
OK
OK
OK
OK
Result
OK
OK (Typical roaming time 43ms)*
Roaming, EAP-FAST, CCKM OK (Typical roaming time 33ms)*
*) Average roaming times are measured using 802.11a/n. Refer to Appendix B for detailed test results
* *) Measured times is with opportunistic/proactive Key Caching enabled (default enabled)
Interoperability Report - Ascom i62 – Cisco WLC
2017-07-14
5
Known issues and limitations
- Important. AP 1832 and AP1852 periodically stops sending downlink data resulting in lost data and voice streams. High impact. Support for AP1832 and 1852 has temporarily been revoked until issue has been corrected.
Under investigation. Refer to Ascom ticket INTOP-76
- Important. It is essential to follow the “General guidelines when deploying Ascom i62 handsets in
802.11a/n/ac environments” on page 16 not to exceed not exceed the recommended number of enabled channels in the system.
Not doing so might cause the Ascom i62 to randomly lose connection to the network for a few seconds (“no network” including audible signal)
- Note that Cisco AP 2800 and 3800 does not support full CCX and DTPC. Refer to Cisco release notes for additional information.
- Call Admission Control/TSPEC. Beacon and Probe response information in QBSS IE - "Available
Admission Capacity" does not decrease with added calls. Hence i62 might still consider access points that have reached their capacity limit to be roaming candidates. Result is loss of speech.
AP2800/3800 only. Investigation is ongoing.
- Call Admission Control and EAP-FAST does not work together. All requests for admission will be declined even if bandwidth is available. Works with PSK, PEAP, EAP-TLS.
Under investigation. Refer to Ascom ticket INTOP-76
For additional information regarding the known issues please contact [email protected]
Compatibility information
Supported access points with Cisco WLC version 8.3.121:
AP1140, AP1250, AP1260, AP1600,
AP1700, AP2600, AP2700, AP2800, AP3500,
AP3600, AP3700, AP3800, 1830 and 1850
Supported controller platforms with Cisco WLC version 8.3.121:
2500 series WLC
5500 series WLC
Cisco Flex 7500 / 8500 series controllers
Cisco WiSM2 for Catalyst 6500 Series Switches
Cisco Virtual Wireless Controllers
Interoperability Report - Ascom i62 – Cisco WLC
2017-07-14
6
APPENDIX A: TEST CONFIGURATIONS
Cisco WLC 5508 Version 8.3.121
In the following chapter you will find screenshots and explanations of basic settings in order to get a Cisco
WLC WLAN system to operate with an Ascom i62. Please note that security settings were modified according to requirements in individual test cases.
Security settings (PSK)
Example of how to configure the system for PSK (WPA2-AES)
Security profile WPA2-PSK, AES encryption
- Select WPA2 Policy with AES encryption.
- Select PSK and enter a key (Here in ASCII format)
Interoperability Report - Ascom i62 – Cisco WLC
2017-07-14
7
802.1X authentication (PEAP-MSCHAPv2).
Example of how to configure the system for .1X authentication
Configuration of authentication using external Radius sever, 802.1X (Step 1). In this example is WPA2-
AES used. Select 802.1X as Authentication Key Management.
Note. To use CCKM, replace 802.1X with CCKM check box. The “security mode” in the i62 has to be set to “Advanced” and CCKM has to be selected as “Authentication Key Management” instead of the default 802.1X.
Interoperability Report - Ascom i62 – Cisco WLC
2017-07-14
8
Example of authentication configuration using external Radius sever (Step 2). Select the server to use.
The server is configured under tab Security/Radius. See configuration of server below.
Interoperability Report - Ascom i62 – Cisco WLC
2017-07-14
9
Configuration of authentication using external Radius sever (Step 3). The IP address and the secret must correspond to the IP and the credential used by the Radius server. Tests were performed using Cisco
ACS as RADIUS server.
Note. Depending authentication method used it might be necessary to add a certificate into the i62. PEAP-MSCHAPv2 requires a CA certificate and EAP-TLS requires both a CA certificate and a client certificate. Server certificate validation can be overridden in version 4.1.12 and above per handset setting.
Note. Refer to the i62 section in Appendix A for matching handset configurations.
Interoperability Report - Ascom i62 – Cisco WLC
2017-07-14
10
EAP-FAST using an internal authentication server.
Configuration of authentication using internal Radius sever and EAP-FAST (Step 1). In this example is
WPA2-AES/CCMP used.
Note. To use CCKM, replace 802.1X with CCKM check box. The “security mode” in the i62 has to be set to “Advanced” and CCKM has to be selected as “Authentication Key Management” instead of the default 802.1X.
Interoperability Report - Ascom i62 – Cisco WLC
2017-07-14
11
Configuration of authentication using internal Radius sever and EAP-FAST (Step 2). Check the box
“Local EAP Authentication” and choose your local EAP profile (created in step 4).
Configuration of authentication using internal Radius sever and EAP-FAST (Step 3). Create a local user and assign a password.
Interoperability Report - Ascom i62 – Cisco WLC
2017-07-14
12
Configuration of authentication using internal Radius sever and EAP-FAST (Step 4). Create a local EAP profile and choose the EAP method to use.
Interoperability Report - Ascom i62 – Cisco WLC
2017-07-14
13
General settings (QoS, Radio)
Set QoS to “Platinum (Voice)”
Make sure that WMM policy is set to “Required”
Interoperability Report - Ascom i62 – Cisco WLC
2017-07-14
14
Make sure “Session timeout” is disabled. Coverage Hole Detection can be left enabled if RRM is used in the system. Set DTIM period to Ascom recommended value 5. DTIM value 5 values are recommended in order to allow maximum battery conservation without impacting the quality. Using a lower DTIM value is possible but will reduce the standby time.
Make sure 11k – Neighbor list is disabled.
Interoperability Report - Ascom i62 – Cisco WLC
2017-07-14
15
Channel configuration. See next picture for additional information.
Ascom recommended settings for 802.11b/g/n are to only use channel 1, 6 and 11. For 802.11a/n/ac use channels according to the infrastructure manufacturer, country regulations and per guidelines below.
Note that Tx power level and channel was manually set for test purpose.
General guidelines when deploying Ascom i62 handsets in 802.11a/n/ac environments:
1. Enabling more than 8 channels will degrade roaming performance. In situations where
UNII1 and UNII3 are used, a maximum of 9 enabled channels can be allowed.
Ascom does not recommend exceeding this limit.
2. Using 40 MHz channels (or “channel-bonding”) will reduce the number of non-DFS* channels to two in ETSI regions (Europe). In FCC regions (North America), 20MHz is a more viable option because of the availability of additional non-DFS channels. The handset can co-exist with 40MHz stations in the same ESS.
3. Ascom do support and can coexist in 80MHz channel bonding environments. The recommendations is however to avoid 80MHz channel bonding as it severely reduces the number of available non overlapping channels.
Interoperability Report - Ascom i62 – Cisco WLC
2017-07-14
16
4. Make sure that all non-DFS channel are taken before resorting to DFS channels. The handset can cope in mixed non-DFS and DFS environments; however, due to
“unpredictability” introduced by radar detection protocols, voice quality may become distorted and roaming delayed. Hence Ascom recommends if possible avoiding the use of
DFS channels in VoWIFI deployments.
*) Dynamic Frequency Selection (radar detection)
The default data rate set will work just fine, however Ascom recommends disabling the lowest speeds and have 12Mbits as lowest supported speed.
Interoperability Report - Ascom i62 – Cisco WLC
2017-07-14
17
As Ascom i62 do support Channel Switch Announcement it’s recommended to have this setting enabled in the system (only applicable when DFS channels are used)
Ascom does support both usage of “11n Mode” and “11ac Mode” including 40 MHz and 80MHz channels
Note. Follow the recommendations “General guidelines when deploying Ascom i62 handsets in
802.11a/n/ac environments“ on Page 16
The default data rate set will work just fine, however Ascom recommends disabling the lowest speeds and have 12Mbits as lowest supported speed. To further optimize performance it is recommended to disallow 802.11b clients to associate by setting 12Mbps rate to mandatory in 802.11g configuration.
Interoperability Report - Ascom i62 – Cisco WLC
2017-07-14
18
Ascom recommends “EDCA Profile”: Voice Optimized
Make sure Low Latency MAC is disabled. (Both 802.11a/n/ac and 802.11b/g/n)
Note. Using EDCA Profile “WMM” is acceptable but “Voice Optimized” is to prefer when voice clients are present in the system.
Depending on the infrastructure (switches) ”Protocol Type” may have to be disabled.
Interoperability Report - Ascom i62 – Cisco WLC
2017-07-14
19
Cisco Configuration file
See attached file (Running config.log) for complete Cisco WLC configuration.
Interoperability Report - Ascom i62 – Cisco WLC
2017-07-14
20
Ascom i62
Network settings for WPA2-PSK
Note. Make sure that the enabled channels in the i62 handset match the channel plan used in the system.
Note. FCC is no longer allowing 802.11d to determine regulatory domain. Devices deployed in
USA must set Regulatory domain to “USA”.
Interoperability Report - Ascom i62 – Cisco WLC
2017-07-14
21
Network settings for .1X authentication (PEAP-MSCHAPv2)
802.1X Authentication requires a CA certificate to be uploaded to the phone by “right clicking” - > Edit certificates. EAP-TLS will require both a CA and a client certificate.
Note that both a CA and a client certificate are needed for TLS. Otherwise only a CA certificate is needed. Server certificate validation can be overridden in version 4.1.12 and above per handset setting.
Interoperability Report - Ascom i62 – Cisco WLC
2017-07-14
22
Innovaphone IP6000 (IP PBX)
The Innovaphone IP6000 was configured with a static IP address of 192.168.0.50. Signaling is less relevant here since testing homes in on interoperability in relation to the WLAN infrastructure and not features of the IP PBX. During the tests the IP6000 also was used as DHCP server.
IP6000 configuration:
See attached file (complete-IP6000-08-03-a6.txt) for IP6000 configuration
Interoperability Report - Ascom i62 – Cisco WLC
2017-07-14
23
APPENDIX B: DETAILED TEST RECORDS
VoWIFI
Pass 11
Fail 0
Comments 1
Untested 11
Total 22
See attached files for each AP model (WLANinteroperabilityTestReport_ wcl8_3_i62.xls) for detailed test results.
Please refer to the test specification for WLAN systems on Ascom’s interoperability web page for explicit information regarding each test case.
See URL (requires login): https://www.ascom-ws.com/AscomPartnerWeb/en/startpage/Sales-tools/Interoperability
Interoperability Report - Ascom i62 – Cisco WLC
2017-07-14
24
Document History
Rev
P1
Date Author
2016-11-08 SEKMO
R1
R2
2016-11-17 SEKMO
2017-05-09 SEKMO
R3 2017-07-13 SEKMO
Description
Ascom i62 WLC v8.3.102 draft
Updates after review. Revision R1
Regression test and update report 8.3.112
Regression test 8.3.121. Document updated.
Interoperability Report - Ascom i62 – Cisco WLC
2017-07-14
25
advertisement
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project