• Like

Cisco on premise wireless update-clle-2014

  • 447 views
Uploaded on

 

More in: Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
447
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
47
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Local Edition Cisco On-Premise Wireless Update Robert Palmer Consulting Systems Engineer
  • 2. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition Network Level HA Autonomous FlexConnect Centralized Converged Access Traffic Distributed at AP Traffic Centralized at Controller Traffic Distributed at SwitchStandalone APs Target Positioning Small Wireless Network Branch Campus Branch and Campus Purchase Decision Wireless only Wireless only Wireless only Wired and Wireless High Availability • Can only claim AP quality • No RF HA • No Network layer HA • No services • Full RF HA • Client SSO when Local Switching • Most complete solution • Exploits HA in IOS switches Key Considerations • Limited features. Upgradable to controller based • Branch with WAN BW and latency requirements • Full features • Catalyst 3650/3850 in the access layer WAN
  • 3. Local Edition Network Infrastructure HA – Centralized Mode
  • 4. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition Centralized Mode HA 4 N+1 Redundancy (Deterministic/Stateless HA, a.k.a.: primary/secondary/tertiary) Each Controller has to be configured separately Available on all controllers Crosses L3 boundaries Flexible: 1:1, N:1, N:N HA-SKU available (> 7.4) AP SSO (SSID stateful switchover) Release: 7.3 and 7.4 WLC: 5508, WiSM2, 7500, 8510 Direct physical connection Same HW and SW 1:1 box redundancy AP state is synched No SSID downtime HA-SKU available (> 7.4) Client SSO Minimum release: 7.6 WLC: 5508, WiSM2, 7500, 8510 L2 connection Same HW and software 1:1 box redundancy Active Client State is synched AP state is synched No Application downtime HA-SKU available Requirements Benefits NetworkUptime
  • 5. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition N+1 Redundancy 5 • Administrator statically assigns APs a primary, secondary, and/or tertiary controller Assigned from controller interface (per AP) or Prime Infrastructure (template-based) You need to specify Name and IP if WLCs are not in the same Mobility Group • Pros: Support for L3 network between WLCs Flexible redundancy design options (1:1, N:1, N:N:1) WLCs can be of different HW and SW Predictability: easier operational management Faster failover times configurable “Fallback” option in the case of failover • Cons: Stateless redundancy More upfront planning and configuration WLAN-Controller-A WLAN-Controller-B WLAN-Controller-C Primary: WLAN-Controller-1 Secondary: WLAN-Controller-2 Tertiary: WLAN-Controller-3 Primary: WLAN-Controller-2 Secondary: WLAN-Controller-3 Tertiary: WLAN-Controller-1 Primary: WLAN-Controller-3 Secondary: WLAN-Controller-2 Tertiary: WLAN-Controller-1
  • 6. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition N+1 Redundancy Global backup Controllers 6  Backup controllers configured for all APs under Wireless > High Availability  Used if there are no primary/secondary/tertiary WLCs configured on the AP  The backup controllers are added to the primary discovery request message recipient list of the AP.
  • 7. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition N+1 Redundancy AP Failover mechanism 7  When configured with Primary and backup Controller: ‒ AP uses heartbeats to validate current WLC connectivity ‒ AP uses Primary Discovery message to validate backup WLC list (every 30 sec) ‒ When AP looses 5 heartbeats it start join process to first backup WLC candidate ‒ Candidate Backup WLC is the first alive WLC in this order : primary, secondary, tertiary, global primary, global secondary. ‒ Failover is faster than Dynamic mode because AP goes back to discovery state just to make sure the backup WLC is UP and then immediately starts the JOIN process Discovery Reset Image Data Config Run AP Boots UP DTLS Setup Join When failover happens
  • 8. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition AP Failover • The access point maintains a list of backup controllers and periodically sends primary discovery requests to each entry on the list. • Configure a primary discovery request timer to specify the amount of time that a controller has to respond to the discovery request AP Primary Discovery Request Timer 8
  • 9. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition AP Failover • AP sends HA heartbeat packets, by default every 1 sec • Fast Heartbeats reduce the amount of time it takes to detect a controller failure • When the fast heartbeat timer expires, the AP sends a 3 fast echo requests to the WLC for 3 times • If no response primary is considered dead and the AP selects an available controller from its “backup controller” list in the order of primary, secondary, tertiary, primary backup controller, and secondary backup controller. • Fast Heartbeat only supported for Local and Flex mode Fast Heartbeat 9
  • 10. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition AP Failover • Assign priorities to APs: Critical, High, Medium, Low • Critical priority APs get precedence over all other APs when joining a controller • In a failover situation, a higher priority AP will be allowed in ahead of all other APs • If controller is full, existing lower priority APs will be dropped to accommodate higher priority APs AP Failover Priority AP Priority: Critical AP Priority: Medium Controller Critical AP fails over Medium priority AP dropped 10
  • 11. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition N+1 Redundancy • Best Practices 11  Most common Design is N+1 with Redundant WLC in a geographically separate location  Configure high availability parameters to detect failure and faster failover (min 30 sec)  Use AP priority in case of over subscription of redundant WLC, or  Use HA SKU available for 5508, 7500, 8500 and 2500 (from 7.5) controllers APs Configured With: Primary: WLAN- Controller-1 Secondary: WLC-BKP APs Configured With: Primary: WLAN- Controller-2 Secondary: WLC-BKP APs Configured With: Primary: WLAN- Controller-n Secondary: WLC-BKP WLAN-Controller-1 WLAN-Controller-2 WLAN-Controller-n WLC-BKP NOC or Data Center For more info: http://www.cisco.com/en/US/docs/wireless/technology/hi_avail/N1_HA_Overview.html or http://www.cisco.com/en/US/prod/collateral/wireless/ps6302/ps8322/ps10315/qa_c67-714540.html
  • 12. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition N+1 Redundancy • HA-SKU 12  No need to purchase licenses on backup WLC. When backup takes over, 90-days counter is started  HA-SKU Controller needs to be configured normally as you would do with the secondary controller (no auto synch).  Supported on 5508, WiSM2, Flex7500, 8510 and 2504  The HA-SKU provides the capability of the maximum number of APs supported on that hardware  From 7.6 you can add licenses to HA SKU and use it as Active controller Primary Controller: WiSM-2 License Count: 500 APs connected: 400 Primary Controller : 2504 License Count: 50 APs connected: 25 AIR-CT5508-HA-K9 Secondary Controller AIR-CT5508-HA-K9 Secondary Controller AIR-CT5508-HA-K9 Secondary Controller Max AP support:500 APs No licenses needed on secondary
  • 13. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition Quick recap… • Primary/Secondary/Tertiary WLC need to be defined on each AP – Each WLC configured separately and have their own unique IP Address • Primary and Secondary Backup are configured Globally • Fast Heartbeat can be used to speed up failover • With Failover detection AP goes in Discovery State and CAPWAP State Machine is restarted • Downtime between Failover may go up to 1.5 minutes depending upon number of APs • Each WLC is managed and monitored separately by Prime Infrastructure
  • 14. Local Edition Centralized Mode: Stateful Switchover
  • 15. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition Stateful Switchover (SSO) • True Box to Box High Availability i.e. 1:1 – One WLC in Active state and second WLC in Hot Standby state – Secondary continuously monitors the health of Active WLC via dedicated link • Configuration on Active is synched to Standby WLC – This happens at startup and incrementally at each configuration change on the Active • What else is synched between Active and Standby? – AP CAPWAP state in 7.3 and 7.4: APs will not restart upon failover, SSID stays UP – AP SSO – Active Client State in 7.5: client will not disconnect – Client SSO • Downtime during failover reduced to 5 - 1000 msec depending on Failover – In the case of power failure on the Active WLC it may take 350-500 msec – In case of network failover it can take up to few seconds • SSO is supported on 5500 / 7500 / 8500 and WiSM-2 WLC 15 For more info: http://www.cisco.com/en/US/docs/wireless/controller/technotes/7.5/High_Availability_DG.html
  • 16. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition STANDBY Redundancy Link Established (Over dedicated Redundancy Port) ONLY AP info SyncKeep-Alive failure/Notify Peer Client Associate AP Join AP session intact. Does not re-establish capwap AP SSO Effective downtime for client is Detection time + Switchover time + Reassociation Switch Redundancy Role Negotiation ACTIVE Client re- associates AP SSO Failover sequence
  • 17. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition STANDBY Redundancy Link Established (Over dedicated Redundancy Port) AP and Client info SyncKeep-Alive failure/Notify Peer Client session intact. Does not re-associate Client Associate AP Join AP session intact. Does not re-establish capwap CLIENT SSO Effective downtime for client is Detection time + Switchover time Switch Redundancy Role Negotiation ACTIVE Client SSO Failover sequence
  • 18. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition Stateful Switch Over (SSO) • Redundancy Management Interface (RMI) – To check gateway reachability sending ICMP packets every 1 sec – To verify peer reachability via the network once the Active does not respond to keepalives on the Redundant Port – Notification to standby in event of box failure or manual reset – Communication with Syslog, NTP, TFTP server for uploading configurations – Should be in same subnet as Management Interface • Redundancy Management Interface 18
  • 19. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition Stateful Switchover (SSO) • Redundancy Port (RP): – To check peer reachability sending udp keep alive messages every 100 msec – Notification to standby in event of box failure – Configuration synch from Active to Standby (Bulk and Incremental Config) – Auto generated IP Address where last 2 octets are picked from the last 2 octets of Redundancy Management Interface (First 2 octets are always 169.254) – If NTP is not configured manual time synch is done from Active to Standby • Redundancy Port 19
  • 20. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition Stateful Switchover (SSO) • Before configuring HA, Management interfaces on both WLCs must be on the same subnet • Mandatory Configuration for HA setup: – Redundant Management IP Address – Peer Redundant Management IP Address – Redundancy Mode set to SSO enable (7.3 and 7.4 would show AP SSO) – Primary/Secondary Configuration – Required if peer WLC’s UDI is not HA SKU – The Primary HA must have valid AP licenses – Unit can be secondary of it has at least 50 AP permanent licenses • Configuration 20 Optional Configuration: • Service Port Peer IP • Mobility MAC Address • Keep Alive and Peer Search Timer All can be configured on same page
  • 21. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition Stateful Switchover (SSO) • Pairing is possible only between same type of hardware and software version. • Reboot of WLC is required after HA is enabled. Pairing happens when WLC is booting. • WLC looks for peer (120 sec), the role is determined, configuration is synched from the Active WLC to the Standby WLC via the Redundant Port. • Initially, the WLC configured as Secondary will report XML mismatch and will download the configuration from Active and reboot again • HA Pairing
  • 22. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition Stateful Switchover (SSO) • During the second reboot, after role determination, Secondary WLC will validate the configuration again, report no XML mismatch, and process further in order to establish itself as the Standby WLC • HA Pairing
  • 23. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition Stateful Switchover (SSO) • While config is synching from Active to Standby WLC or Standby WLC is booting no config operation is possible on Active WLC. • Active and Standby election is not an automated process: – Active/Standby WLC is decided based on HA SKU. HA SKU is always the Standby – If no HA SKU present, Active/Standby is configurable • No configuration is possible on Standby WLC once paired: • HA Pairing
  • 24. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition Stateful Switchover (SSO) • Configuration validation 24  Main command is “show redundancy summary”
  • 25. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition Stateful Switchover (SSO)  Only Console and Service Port is available to connect to Standby WLC  TFTP, NTP and Syslog traffic use the Redundant Management Interface on the Standby WLC  Telnet / SSH / SNMP / Web Access is not available on Management and Dynamic interface on Standby WLC  When SSO is enabled, there is no SNMP/GUI access on the service port for both the WLCs in the HA setup • Connectivity to the boxes
  • 26. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition Stateful Switchover (SSO) • Standby WLC may transition to Maintenance Mode if – Gateway not reachable via Redundant Management Interface – Software mismatch – WLC with HA SKU have never discovered its peer – Redundant Port is down  In Maintenance mode same rule to connect to standby box apply  WLC should be rebooted to bring it out of Maintenance Mode ─ From 7.6 it will recover automatically after the network converges again • Maintenance Mode
  • 27. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition Active Controller Hot Stand-by Controller RP 1 RP 2 Stateful Switchover (SSO) How shall I connect the HA Controllers? • 5500/7500/8500 have dedicated Redundancy Ports – Direct connection supported in 7.3 and 7.4 – L2 connection supported in 7.6 and above • WiSM-2 has dedicated Redundancy VLAN – Redundancy VLAN should be a non-routable VLAN, meaning a Layer 3 interface should not be created for this VLAN – WISM-2 can be deployed in single chassis OR multiple chassis – WISM-2 in multiple chassis needs to use VSS (7.3, 7.4) – WISM-2 in multiple chassis can be L2 connected in 7.5 and above • Requirements for L2 connection: RTT Latency: < 80 ms; Bandwidth: > 60 Mbps; MTU: 1500 • Design & Deployment considerations L2 network (7.5)
  • 28. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition Stateful Switchover (SSO) • HA Pairing is possible only between the same type of hardware and software versions • Physical connection between Redundant Ports should be done first before HA configuration • Keepalive and Peer Discovery timers should be left at default values for better performance • Internal DHCP is not supported when HA configuration is enabled • Location, Rogue information, Device and root certificates are not auto synched • When HA is disabled on Active it will be pushed to Standby and after reboot all the ports will come up on Active and will be disabled on Standby • SSO and MESH APs: only RAP are supported from 7.5, for MAPs the state is not synched • In Service Software upgrades are not supported (ISSU): plan for down time when upgrading software • Design & Deployment considerations
  • 29. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition Stateful Switchover (SSO) After the WLCs are configured in the HA setup, the Standby WLC cannot be upgraded directly from the TFTP/FTP server. 1. Initiate upgrade on the Active WLC in the HA setup via CLI/GUI, and wait for the upgrade to finish. 2. Once the Active WLC executes all the upgrade scripts, it will transfer the entire image to the Standby WLC via the Redundant Port. 3. When the Standby WLC receives the image from the Active WLC, it will start executing the upgrade scripts. 4. Issue the show boot command on the Active WLC in order to make sure the new image is set as the primary image. 5. Once verified, optionally initiate primary image pre-download on the Active WLC in order to transfer the new image to all the APs in the network. 6. It is recommended to reboot both the WLCs almost together after upgrade so that there is no software version mismatch. The Standby WLC can be rebooted from the Active WLC using the reset peer-system command if a scheduled reset is not planned. 7. Schedule Reset applies to both the WLCs in the HA setup. The peer WLC reboots one minute before the scheduled timer expiry on the Active WLC. • Design & Deployment considerations: software upgrade procedure For Your Reference
  • 30. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition Stateful Switchover (SSO) • ONLY Clients in RUN state are maintained during failover – Transient list is deleted – Clients in transitions like roaming, dot1x key regeneration, webauth logout, etc. are disassociated – Posture and NAC OOB are not supported, since client is not in RUN state • Some clients and related information are not synced between Active and Standby – CCX Based apps - need to be re-started post Switch-over – Client Statistics are not synced – PMIPv6, NBAR, SIP static CAC tree are not synced, need to be re-learned after SSO – WGB and clients associated to it are not synced – OEAP(600) clients are not synced – Passive clients are not synced • New mobility is NOT supported with SSO • Design & Deployment considerations specific to 7.6 (client SSO) 30
  • 31. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition Stateful Switchover (SSO)  Hybrid Design: SSO HA can work together with N+1 failover  SSO pair can act as the Primary Controller and be deployed with Secondary and Tertiary  On failure of both Active and Standby WLC in SSO setup, APs will fall back to secondary and further to configured tertiary controller  Useful to reduce downtime for SSO pair software upgrade • Design: Integration with N+1 deployments
  • 32. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition Stateful Switchover (SSO) • HA Pair with HA-SKU License on one WLC: – HA-SKU is a new SKU with Zero AP Count License – The device with HA-SKU becomes Standby first time it pairs up – AP-count license info will be pushed from Active to Standby – On event of Active failure HA-SKU will let APs join with AP-count obtained and will start 90-day count-down. The granularity of the same is in days. – After 90-days, HA-SKU WLC starts nagging messages but won’t disconnect connected APs – With new WLC coming up HA SKU, at the time of paring, the Standby will get the AP Count: • If new WLC has higher AP count than previous, 90 days counter is reset. • If new WLC has lower AP count than previous, 90 days counter is not reset. • Elapsed time and AP-count are remembered on reboot • Licensing
  • 33. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition AFTER Network Based Application Recognition – NBAR2 Deep Packet Inspection and App ID Cisco WLAN AVC and Prime Assurance Provides Unparalleled Visibility and Control BEFORE Application View and ControL Based On L4 Firewall Sessions Identify, Analyze, and Optimize Application Traffic NBAR2 LIBRARY Deep Packet Inspection Real Time Interactive Non-Real Time Background POLICY Packet Mark and Drop First Generation Firewall Visibility to the port level interaction but not the applications running within the port View, Control and Troubleshoot – End User Application ExperienceFW L4 Session Visibility and Control HTTP = 75% SMTP = 15% FTP = 2% Telnet = 1% SNMP = 3% Wireless LAN Controller Improved Visibility and Control Traffic
  • 34. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition If you have Several Traffic Types to Target: Use Application Visibility and Control • Internal application recognition engine based on NBAR • More than 1000 applications recognized, including Netflix, Skype, Lync audio, Lync video viber, ventrilo, etc. 34
  • 35. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition Application Visibility and Control • With AVC, you can create rules to mark untagged applications (but also to permit or deny some application traffic!): 1. Create a new policy 2. Add rules, including what application to recognize, and what to do with it: • Marking application will help prioritization between AP and WLC, and from AP to the cell Wireless > AVC > AVC Profiles > New 35
  • 36. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition Application Visibility and Control 3. Apply your policy to the WLAN: 4. Watch your traffic: 36
  • 37. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition Client Profiling • ISE offers a rich set of BYOD features: e.g. device identification, onboarding, posture and policy • Customers who do not deploy ISE but still require some of ISE features directly in WLC: • Native profiling of identifying network end devices based on protocols like HTTP, DHCP • Device-based policies enforcement per user or per device policy on the network. • Statistics based on per user or per device end points and policies applicable per device.
  • 38. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition Client Profiling • WLC-based local policy consists of 2 separate elements. – Profiling can be based on: • Role - defining user type or the user group the user belongs to. • Device type – e.g. Windows, OS_X, iPad, iPhone, Android, etc. • EAP Type - check what EAP method the client is getting connected to. – Action is policy that can be enforced after profiling: • VLAN - override WLAN interface with VLAN id on WLC • QoS level – override WLAN QoS • ACL – override with named ACL • Session timeout – override WLAN session timeout value • Time of day – policy override based on time of the day, else default to WLAN.
  • 39. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition Client Profiles • When profiling is enabled, a client Device Type can be shown on WLAN. (Cisco Controller) >show client summary devicetype Number of Clients................................ 3 MAC Address AP Name Status Device Type ----------------- ---------------- ------------- ------------------------------- - 14:10:9f:ea:b8:c2 AP3600MM Associated OS_X-Workstation c8:d7:19:34:7e:dd AP3600MM Associated Windows7-Workstation d8:d1:cb:9a:28:f8 AP3600MM Associated
  • 40. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition Security Local Policies Match - How to Identify a Device • Role • EAP Type • Device Type Action - Policy to Enforce • VLAN • QoS • Session Timeout • Sleeping Client Timeout • Time of Day
  • 41. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition Bandwidth Control – per Device Type • You can also identify connecting devices, from the WLC or though Cisco ISE, and create a policy based on what they are: How to identify that device What policy to apply Close to 100 types on WLC 41
  • 42. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition Configuring Policies • You can then apply the policies to the WLANs, in the order you want them to be applied, up to 16 policies per WLAN: • Each policy can group several devices Set the index. Pick the policy, then click Add 42
  • 43. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition The Protocol Problem • Why Bonjour services need modifications? Bonjour • Apple service discovery protocol • mDNS packets advertise and discover services clients • Does not cross subnets or VLANs. Result: Clients can’t see services on other subnets
  • 44. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition CAPWAP Tunnel Apple TV 224.0.0.251 Bonjour is Link-Local Multicast and can’t be Routed 224.0.0.251 VLAN X VLAN X VLAN Y • Bonjour is link local multicast • AirPlay (Apple TV) and AirPrint supported only on a single VLAN
  • 45. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition Step 1 – Listen for Bonjour Services CAPWAP Tunnel AirPrint Apple TV VLAN 23 Bonjour Advertisement VLAN 20 VLAN 99 iPad AirPrint Offered Bonjour Advertisement
  • 46. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition Step 2 – Cache Bonjour Services on Controller CAPWAP Tunnel AirPrint Apple TV VLAN 23 VLAN 20 VLAN 99 iPad AirPrint Offered Bonjour Cache: AirPlay – VLAN 20 AirPrint – VLAN 23
  • 47. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition Step 3 – Listen for Client Service Queries for Services CAPWAP Tunnel AirPrint Apple TV VLAN 23 VLAN 20 VLAN 99 iPad Bonjour Cache: AirPlay – VLAN 20 AirPrint – VLAN 23 Bonjour Query
  • 48. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition Step 4 – Respond to Client Queries for Bonjour Services CAPWAP Tunnel AirPrint Apple TV VLAN 23 VLAN 20 VLAN 99 iPad Bonjour Cache: AirPlay – VLAN 20 AirPrint – VLAN 23 Bonjour Response From Controller
  • 49. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition CAPWAP Tunnel Apple TV 224.0.0.251 With mDNS-AP Bonjour services can be seen from any VLAN 224.0.0.251 VLAN X VLAN X VLAN Y Deployment Changes with Bonjour Services Phase 2 • Bonjour is link local multicast and thus forwarded on Local L2 domain • mDNS AP snoop Bonjour services behind the Router or not L2 adjacent VLANs and forwards them to WLC in CAPWAP tunnel. Apple Services mDNS AP CAPWAP Tunnel VLAN Y VLAN Y
  • 50. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition • Teachers are allowed to print, access the Apple TV and file shares. • Students are allowed to print and share iTunes, but not access the Apple TV, or file shares. Teacher Network Services Directory Student Network AirPrint AirPlay File Share Teacher Service Policy AirPrint AirPlay File Share Student Service Policy iTunes Sharing
  • 51. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition What is coming in 8.0? • https://www.youtube.com/watch?v=2g5aMDjL6LQ&feature=youtu.be 51
  • 52. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition Why High Density Wi-Fi? • Wireless has become the preferred access technology -- and in many cases the only practical one • The need for high density started with stadiums and auditoriums – but has reached every network • The explosion of smart devices and increasing connection counts per seat are everywhere • Application demands are increasing • Even with advances - wireless is still a shared half-duplex medium and requires efficient use to succeed. 2 to 3 devices per user
  • 53. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition What are Some Typical Challenges? • Interference from other WiFi networks in the venue • Interference from non-WiFi systems operating in the same band • Co-channel interference: Many APs in the venue, but effectively no more capacity • Clients operating at low data rates (ex. 802.11b) pull down the performance of the network • Clients mistakenly choose a 2.4 GHz radio (louder signal) instead of 5 GHz (less load) • Sticky Clients: Clients mistakenly stay on the same AP, even when person has moved from one end of the venue to another • Limitations on mounting assets. Hard to put APs where you want them • Probe storms: 2.4 GHz clients probe on all 11 overlapping channels
  • 54. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition AdvancedSolid RF Design Basic Tuning • Constrain RF – Directional Antennas, Down-Tilt • Good RF Layout/Design: – Channels, Tx Power • Eliminate Interference – Rogues and Non-Wi- Fi Interference • Minimize SSIDs • Disable Low Data Rates – Helps with Sticky Clients, Improves capacity • Band Steering – Push dual-band clients to 5 GHz • RF Profiles • Rx-SOP Tuning – Greatly improves capacity by reducing co-channel impact – Also reduces sticky clients • Optimized Multicast Video
  • 55. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition CleanAir 80 MHz Optimal performance for high throughput, high density environments RF interference detection & mitigation optimized for 802.11ac’s wider channel bandwidths ClientLink 3.0 Increase performance & range by up to 60% Cisco patented implicit beamforming technology for 802.11ac clients, complementing Explicit BF. Also extend capabilities to 802.11a/g/n clients. Optimized Roaming Intelligently assist client roaming based on configurable attributes Right size WiFi cell to better assist client handoff in a dense network RF Turbo Performance Support highly dense clients without performance degradation Scale seamlessly to 60+ 802.11ac clients using interactive video and multimedia traffic with no performance degradation. *Available post-FCS RF Noise Reduction* Enables higher density AP deployments to support client density and increased bandwidth Increase spectrum usage efficiency to improve co- channel performance
  • 56. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition Aironet Indoor Series 700 1600 2700 3700 Wireless Standards 802.11a/g/n 802.11a/g/n 802.11a/g/n/ac 802.11a/g/n/ac Max Data Rate 600 Mbps 600 Mbps 900 Mbps Over 1 Gbps RF Design MIMO:Spatial Stream 2x2:2 3x3:2 3x4:3 4x4:3 Performance uu uuu uuuu uuuuu Max No. of Clients per AP 200 256 400 400 RRM ✔ ✔ ✔ ✔ CleanAir CleanAir Express* ✔ ✔ High Density Experience ✔ ✔ ClientLink ClientLink 2.0 ClientLink 3.0 ClientLink 3.0 Max No. of ClientLink Clients per AP 64 256 256 BandSelect ✔ ✔ ✔ ✔ VideoStream ✔ ✔ ✔ ✔ Rogue AP Detection ✔ ✔ ✔ ✔ Adaptive wIPS ✔ ✔ ✔ ✔ External Antenna Opt ✔ ✔ ✔ Other Benefits 700w: 4 GigE Ports, PoE Out StadiumVision Option; Module Options: Security, 3G Small Cell* or Wave 2 802.11ac*
  • 57. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition
  • 58. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition Optimized Roaming RX-SOP Low RSSI Check Disable Lower Data Rates Reduces Cell Bleeding & Increases Efficiency by Lowering Duty Cycle Eliminates Sticky Client by Forcing Clients with Dropping Signal Strength to Move Quickly Between Adjacent Cells Offers Access to Clients with Strongest Signal
  • 59. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition 24Mb ps Without Disabling Lower Data Rates I can hear beacons from the AP, so I can associate with it & reduce the overall performance 24Mb ps Disabling Lower Data Rates I cannot hear beacons from the AP, so now I am forced to search for a AP with a stronger signal 18Mb ps 12Mb ps 9Mbp s 6Mbp s Cell Size reduction increase efficiency and lowers duty cycle
  • 60. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition - 85d B - 86dB - 80dB - 80dB Without Low RSSI Check With Low RSSI Check Set to -80dBm (Default) My “Association Request” will Receive “Association Response” SUCCESS My “Association Request” will Receive “Association Response” REJECT – Poor Channel “Association Response” SUCCESS is restricted to clients within CELL range better than -80dBm - 81dB
  • 61. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition Rx-Sop • Rx Sop is radio’s receiver sensitivity – How well AP can hear clients • Decreasing Rx-SOP to lower level (-95 dBm), increases cell size • Raising Rx-SOP to higher level (-75 dBm), reduces the cell size, which provides much better spatial re-use • Smaller cell size and efficient re-use of spectrum is key in the High Density Higher Rx-Sop Threshold = Smaller Cell Size = Better spectrum re-use
  • 62. Local Edition 62 - 80dB - 85dB Today’s Solution Cisco “Optimized Roaming” 3G or 4G -80dB -80dBWeak Wi-Fi Signal Client Stickiness Causes Poor User Experience Overall Drop In Cell Performance Consistent User Experience Efficient Cell Usage
  • 63. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition RX-SOP Threshold High Medium Low Auto 2.4 GHz -76 dBm -78 dBm -80 dBm Radio default 5 GHz -79 dBm -82 dBm -85 dBm Radio default Smart Roam RX-SOP (future release)
  • 64. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition Case Studies Cisco Live Orlando 2013 Super Bowl XLVII (2013) Over 20,000 attendees Over 600 access points Cisco Prime for Management Cisco MSE for Analytics Network reliability: 99.999% http://www.cisco.com/en/US/prod/collateral/wir eless/ps5678/ps11983/case_study_c36- 729140.html Over 30,000 simultaneous connections Over 600 access point Over 370 GB of data transfer over Wi-Fi Always ON wireless network http://arstechnica.com/information- technology/2013/02/super-bowl-plans-to-handle- 30000-wi-fi-users-at-once-and-sniff-out-rogue- devices/
  • 65. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition AdvancedSolid RF Design Basic Tuning • Constrain RF – Directional Antennas, Down-Tilt • Good RF Layout/Design: – Channels, Tx Power • Eliminate Interference – Rogues and Non-Wi- Fi Interference • Minimize SSIDs • Disable Low Data Rates – Helps with Sticky Clients, Improves capacity • Band Steering – Push dual-band clients to 5 GHz • RF Profiles • Rx-SOP Tuning – Greatly improves capacity by reducing co-channel impact – Also reduces sticky clients • Optimized Multicast Video
  • 66. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition Participate in the “My Favorite Speaker” Contest • Promote your favorite speaker through Twitter and you could win $200 of Cisco Press products (@CiscoPress) • Send a tweet and include – Your favorite speaker’s Twitter handle <Speaker – enter your twitter handle here> – Two hashtags: #CLUS #MyFavoriteSpeaker • You can submit an entry for more than one of your “favorite” speakers • Don’t forget to follow @CiscoLive and @CiscoPress • View the official rules at http://bit.ly/CLUSwin Promote Your Favorite Speaker and You Could be a Winner 66
  • 67. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition Complete Your Online Session Evaluation • Give us your feedback and you could win fabulous prizes. Winners announced daily. • Complete your session evaluation through the Cisco Live mobile app or visit one of the interactive kiosks located throughout the convention center. Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online 67
  • 68. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition Continue Your Education • Demos in the Cisco Campus • Walk-in Self-Paced Labs • Table Topics • Meet the Engineer 1:1 meetings 68
  • 69. © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition Register for CiscoLive! – San Francisco 69 CiscoLive! – San Francisco May 18 – 22, 2014 www.ciscolive.com/us
  • 70. Local Edition