FlexConnect

FlexConnect

Chapter 7 FlexConnect

Figure 7-7

Deployment Considerations

Hotspot Access using FlexConnect Local Switching

Hotspot

AAA

Service Provider

Web

Server

Cisco Prime

Infrastructure

Mobile

Worker

FlexConnect

CAPWAP

AZR

Centralized

WLAN Controller

Internet

Cisco

SSG

Walled

Garden

Deployment Considerations

The following section covers the various implementation and operational caveats associated with deploying FlexConnect APs.

WAN Link

For the FlexConnect AP to function predictably, keep in mind the following with respect to WAN link characteristics:

Latency—A given WAN link should not impose latencies greater than 100 ms. The AP sends heartbeat messages to the WLC once every thirty seconds. If a heartbeat response is missed, the AP sends five successive heartbeats (one per second) to determine whether connectivity still exists. If connectivity is lost, the FlexConnect AP switches to standalone mode.

Similarly, AP and WLC exchange echo CAPWAP packet to check the connectivity. If the echo

CAPWAP packet response is missed, the AP sends five successive echo CAPWAP packets (every three seconds) to determine whether the connectivity still exists. If the connectivity is lost, the

FlexConnect AP switches to standalone mode. (see

Operation Modes, page 7-3 for operation mode

definitions). The AP itself is relatively delay tolerant. However, at the client, timers associated with authentication are sensitive to link delay, and thus a constraint of < 100 ms is required. Otherwise, the client can time-out waiting to authenticate, which can cause other unpredictable behaviors, such as looping.

Bandwidth—WAN links should be at least 128 kbps for deployments when up to eight APs are being deployed at a given location. If more than eight APs are deployed, proportionally more bandwidth should be provisioned for the WAN link.

Path MTU—An MTU no smaller than 500 bytes is required.

OL-14435-01

Enterprise Mobility 7.3 Design Guide

7-7

Chapter 7 FlexConnect

Deployment Considerations

Roaming

When a FlexConnect AP is in connected mode, all client probes, association requests, 802.1x authentication requests, and corresponding response messages are exchanged between the AP and the

WLC via the CAPWAP control plane. This is true for open, static WEP, and WPA PSK-based WLANs even though CAPWAP connectivity is not required to use these authentication methods when the AP is in standalone mode.

Dynamic WEP/WPA—A client that roams between FlexConnect APs using one of these key management methods performs full authentication each time it roams. After successful authentication, new keys are passed back to the AP and client. This behavior is no different than a standard centralized WLAN deployment, except that in an FlexConnect topology, there can be link delay variations across the WAN, which can in turn impact total roam time. Depending on the WAN characteristics, RF design, back end authentication network, and authentication protocols being used, roam times may vary.

WPA2—To improve client roam times, WPA2 introduced key caching capabilities, based on the

IEEE 802.11i specification. Cisco created an extension to this specification called Proactive Key

Caching (PKC). PKC today is supported only by the Microsoft Zero Config Wireless supplicant and the Funk (Juniper) Odyssey client. Cisco CCKM is also compatible with WPA2.

Remote branch locations requiring predictable, fast roaming behavior in support of applications such as wireless IP telephony should consider deploying a local WLC (Virtual Controller on UCS blade or 2500 WLC).

Cisco Centralized Key Management (CCKM)—CCKM is a Cisco-developed protocol in which the

WLC caches the security credentials of CCKM-capable clients and forwards those credentials to other APs within a mobility group. When a client roams and associates with another AP, their credentials are forwarded to that AP, which allows the client to re-associate and authenticate in a two-step process. This eliminates the need for full authentication back to the AAA server.

CCKM-capable clients undergo full 802.1x authentication each time they roam from one

FlexConnect to another.

Layer 2 switch CAM table updates—When a client roams from one AP to another on a locally-switched WLAN, FlexConnect does not announce to a Layer 2 switch that the client has changed ports. The switch will not discover that the client has roamed until the client performs an

ARP request for its default router. This behavior, while subtle, can have an impact on roaming performance.

Note

A client that roams (for a given local switched WLAN) between FlexConnect APs that map the WLAN to a different VLAN/subnet will renew their IP addresses to ensure that they have an appropriate address for the network to which they have roamed.

Radio Resource Management

While in connected mode, all radio resource management (RRM) functionality is fundamentally available. However, because typical FlexConnect deployments comprise a smaller number of APs, RRM functionality might not be operational at a branch location. For example, in order for transmit power control (TPC) to work, there must be a minimum of four FlexConnect APs in proximity to each other.

Without TPC, other features such as coverage hole protection will be unavailable.

7-8

Enterprise Mobility 7.3 Design Guide

OL-14435-01

Chapter 7 FlexConnect

Deployment Considerations

Location Services

FlexConnect deployments typically consist of only a handful of APs at a given location. Cisco maintains strict guidelines regarding the number and placement of APs to achieve the highest level of location accuracy. As such, although it is possible to obtain location information from FlexConnect deployments, the level of accuracy may vary greatly across remote location deployments.

QoS Considerations

For WLANs that are centrally-switched, the FlexConnect AP handles QoS in the same way as standard

APs. Locally-switched WLANs implement QoS differently.

For locally-switched WLANs with Wi-Fi MultiMedia (WMM) traffic, the AP marks the dot1p value within the dot1q VLAN tag for upstream traffic. This happens only for tagged VLANs, not the native

VLAN.

For downstream traffic, FlexConnect uses the incoming dot1p tag from the locally-switched Ethernet and uses this to queue and mark the WMM values associated with frames destined to a given user across the

RF link.

The WLAN QoS profile is applied both for upstream and downstream packets. For downstream, if an

802.1p value that is higher than the default WLAN value is received, the default WLAN value is used.

For upstream, if the client sends a WMM value that is higher than the default WLAN value, the default

WLAN value is used. For non-WMM traffic, there is no CoS marking on the client frames from the AP.

For more information see Chapter 5, “Cisco Unified Wireless QoS.”

Note

Cisco strongly recommends that appropriate queuing/policing mechanisms be implemented across the

WAN to ensure proper handling of traffic based on its DSCP setting. An appropriate priority queue should be reserved for CAPWAP control traffic to ensure that a FlexConnect AP does not inadvertently cycle between connected and standalone modes because of congestion.

General Deployment Considerations

Although it is possible for any WLC to support FlexConnect APs, depending on the number of branch locations and subsequently the total number of APs being deployed, it makes sense (from an administrative standpoint) to consider using a dedicated WLC(s) to support a FlexConnect deployment.

FlexConnect APs typically do not share the same policies as APs within a main campus; each branch location is essentially an RF and mobility domain unto itself. Even though a single WLC cannot be partitioned into multiple logical RF and mobility domains, a dedicated WLC allows branch-specific configuration and policies to be logically separate from the campus.

If deployed, a dedicated FlexConnect WLC should be configured with a different mobility and RF network name than that of the main campus. All FlexConnect APs joined to the dedicated WLC become members of that RF and mobility domain.

From an auto-RF standpoint, assuming there are enough FlexConnect APs deployed within a given branch (see

Radio Resource Management, page 7-8 ), the WLC attempts to auto manage the RF coverage

associated with each branch.

OL-14435-01

Enterprise Mobility 7.3 Design Guide

7-9

Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement

Table of contents