Wireless Branch Office Network Architecture

8,810 views

Published on

Architectural concepts of the branch office WLAN deployments emphasizing the core technologies that drive and enable mobility in retail banking education enterprise or managed WLAN services. Topics covered include in-depth protocol description of H-REAP (FlexConnect) all deployment options in practice and are based on customer case studies for their application into the branch environment. Learn More: http://www.cisco.com/go/wireless

Published in: Technology, Education

Wireless Branch Office Network Architecture

  1. 1. Architecturing Networkfor Branch Offices withCisco WirelessBRKEWN-2016 BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 1
  2. 2. Abstract This session focuses on the architecture concepts of the branch office WLAN deployments, emphasising the core technologies that drive and enable mobility in retail, banking, education, entreprise or managed wlan services. Topics covered include in-depth protocol description of H- Reap/FlexConnect, all deployment options in practice, and are based on customer case studies for their application into the branch environment.BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
  3. 3. Deploying Cisco’s FlexConnect Wireless Branch SolutionIncreases Business ResiliencyBRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
  4. 4. Agenda Cisco Unified Wireless Principles (Reminder) Branches Using Remote Controllers Understanding H-REAP Mode and Limitations Understanding AP Groups and H-REAP Groups Designing a Resilient Network Operating an H-REAP–Based Branch Network Retail Case StudyBRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
  5. 5. Agenda Cisco Unified Wireless Principles Branches Using Remote Controllers Understanding H-REAP Mode and Limitations Understanding AP Groups and H-REAP Groups Designing a Resilient Network Operating an H-REAP–Based Branch Network Retail Case StudyBRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
  6. 6. Cisco Unified Wireless Principles WCS Components • Wireless LAN controllers • Aironet access points Wireless LAN Controllers • Management System (WCS) MSE • Mobility Service Engine (MSE) Campus Principles Network • AP must have CAPWAP connectivity with WLC • Configuration Aironet downloaded to AP by WLC Access Point • All Wi-Fi traffic is forwarded to the WLC BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
  7. 7. Agenda Cisco Unified Wireless Principles (Reminder) Branches Using Remote Controllers Understanding H-REAP Mode and Limitations Understanding AP Groups and H-REAP Groups Designing a Resilient Network Operating an H-REAP–Based Branch Network Retail Case StudyBRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
  8. 8. Branch Designs Using Remote Controllers Overview Central Site Backup Central Branches can also have Controller local remote controllers Small form factors WLC are available to have « small campus » : WLC-25xx or integrated WAN controller modules in ISR/ISR-G2 WLC-25xx WLCM for ISR/ISR-G2 High-availability design with central backup controller is supported; WAN limitations may apply Remote Site A Remote Site B BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
  9. 9. Branch Designs Using Remote Controllers Advantages Cookie cutter configuration for every branch site Layer-3 roaming within the branch ACL in the branch site Peer to peer blocking WGB support Reliable Multicast (filtering) Dynamic VLANNote: If you have ISR/ISR G2 at branch site then it is recommended to use the IOS Firewall at edge for unified access policies. BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
  10. 10. Agenda Cisco Unified Wireless Principles (Reminder) Branches Using Remote Controllers Understanding H-REAP Mode and Limitations Understanding AP Groups and H-REAP Groups Designing a Resilient Network Operating an H-REAP–Based Branch Network Retail Case Study BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
  11. 11. CAPWAP Overview Control and Provisioning of Wireless Access Point  CAPWAP is a standard, interoperable protocol that enables an Access Controller (AC) to manage a collection of Wireless Termination Points (WTPs)  CAPWAP carries control and data traffic between the two Control plane is DTLS encrypted Data plane is DTLS encrypted (optional)  CAPWAP supports only Layer 3 mode deployments Business Application Data Plane Access Point CAPWAP ControllerWi-Fi Client Control Plane BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
  12. 12. CAPWAP ModesSplit MAC The CAPWAP protocol supports two modes of operation Split MAC (Centralized Mode) Local MAC (H-REAP/FlexConnect) Split MAC Wireless Frame Wireless Phy CAPWAP MAC Sublayer Data Plane 802.3 FrameSTA WTP ACBRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
  13. 13. CAPWAP ModesLocal MAC Local MAC mode of operation allows for the data frames to be either locally bridged or tunneled as 802.3 frames Locally bridged Wireless Frame Wireless Phy MAC Sublayer 802.3 FrameSTA WTP AC H-REAP support locally bridged MAC and split MAC per SSIDBRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
  14. 14. CAPWAP ModesLocal MAC Local MAC mode of operation allows for the data frames to be either locally bridged or tunneled as 802.3 frames Tunneled as 802.3 frames Wireless Frame 802.3 Frame Wireless Phy CAPWAP MAC Sublayer Data Plane 802.3 FrameSTA WTP AC Tunneled local MAC is not supported by CiscoBRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
  15. 15. H-REAP Glossary Connected mode – When H-REAP can reach Controller (connected state), it gets help from controller to complete client authentication. Standalone mode – When controller is not reachable by H-REAP, it goes into standalone state and does client authentication by itself. Local Switching – Data traffic switched onto local VLANs for an SSID Central Switching – Data traffic tunneled back to WLC for an SSIDBRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
  16. 16. Branch Office DeploymentHREAP – Hybrid Remote Edge Access Point Central Site Hybrid architecture Cluster of Centralized WLC Single management Traffic Centralized and control point Traffic Data Traffic Switching Centralized traffic (split MAC) Or WAN Local traffic (local MAC) HA will preserve local Local traffic only Traffic Traffic Switching is Remote configured per AP and Office per WLAN (SSID) BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
  17. 17. Configure H-REAP ModeStep 1: Configure Access Point Mode Enable H-REAP mode per AP Supported AP: AP-1130, AP-1240, AP-1040, AP-1140, AP-1260, AP-1250, AP-3500BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
  18. 18. Configure H-REAP Local SwitchingStep 2: Enable Local Switching per WLAN Only WLAN with “Local Switching” enabled will allow local switching at the H-REAP APBRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
  19. 19. Configure H-REAP VLAN MappingStep 3: H-REAP Specific Configuration H-REAP AP can be connected on an access port (using native VLAN) or connected to a 802.1Q trunk port VLAN mapping is a per AP configuration on WLC and by AP group using templates on a WCSBRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
  20. 20. Configure H-REAP VLAN MappingStep 4: Per AP SSID to VLAN Mapping Mapping of SSID to 802.1Q VLAN is done per H-REAP AP Use WCS for configuration with templatesBRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
  21. 21. Configure H-REAP VLAN MappingStep 4: Using WCS With WCS, Configuration can be applied to all H-REAP AP with one templateBRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
  22. 22. H-REAP Design Considerations Some WAN limitations apply RTT must be below 300 ms data (100 ms voice) Minimum 500 bytes WAN MTU (with maximum four fragmented packets) Some features are not available in standalone mode or in local switching mode ACL in local switching MAC/Web Auth in standalone mode See full list in « H-REAP Feature Matrix » http://www.cisco.com/en/US/products/ps6366/products_tec h_note09186a0080b3690b.shtmlBRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
  23. 23. Economies of Scale for Lean BranchesFlex 7500 Wireless Controller New Key Differentiation  WAN Tolerance • High Latency NetworksAccess Points 300-2,000 • WAN SurvivabilityClients 20,000  SecurityBranches 500 802.1x based port authenticationAccess Points / Branch 50  Voice supportDeployment Model FlexConnect • Voice CACForm Factor 1 RU • OKC/CCKMIO Interface 2x 10GEUpgrade Licenses 100, 200, 500, 1K BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
  24. 24. FlexConnect Improvements in New 7.0.116 WAN Survivability FlexConnect AP provides wireless access and services to clients when the connection to the primary WLC fails Local Authentication Allows for the authentication capability to exist directly at the AP in FlexConnect instead of the WLC Improved Scale Group Scale: Max HREAP groups increased to 500 (7500s) and 100 (5500s) APs per Group: 50 (7500s) and 25 (5500s) Fast roaming in remote branches Opportunistic Key Caching (OKC) between APs in a branch BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
  25. 25. Agenda Cisco Unified Wireless Principles (Reminder) Branches Using Remote Controllers Understanding H-REAP Mode and Limitations Understanding AP Groups and H-REAP Groups Designing a Resilient Network Operating an H-REAP–Based Branch Network Retail Case Study BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
  26. 26. Understanding AP GroupsOverview AP Group 1 Central Site Flex 7500 AP groups is a logical concept of grouping AP which deliver similar Wi-Fi services; these services can be: By physical location, WAN and/or By functional services Remote Site A Remote Site B (data, voice, guest, …) Same AP groups need AP Group 2 AP Group 3 to be defined in all WLC of a mobility groupBRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
  27. 27. Understanding AP Groups Rules to Know Rules to know : • One AP can be in only one AP Group • One WLAN(SSID) can be in several AP Groups • WLAN with ID 1-16 can not be removed from the ‘default-group’ • WLAN with ID greater than 16 will never be part of the ‘default- group’ • All AP with no AP Group name or an unknown AP Group name will be part of the ‘default-group’ Well known mistakes : • Create no AP group, but create a WLAN with ID 17+. • Having AP groups defined, Create WLAN with ID 17+ but never map the WLAN to any AP Group. BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
  28. 28. AP GroupsConfiguration: Create a New GroupBRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
  29. 29. AP GroupsConfiguration: Add AP to GroupBRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
  30. 30. AP Groups Usage @ InternetPer Location SSID Guest-Access AP Group 1 Central Site AP groups give the ability to enable Wi-Fi Corporate-Voice Services (WLAN) based on physical location Example Corporate-Data WAN/MAN Central Site Corporate-Voice, Corporate-Data, Manufacturing Plan Store Guest-Access Manufacturing Plan AP Group 3 Corporate-Voice, Corporate-Data, Scanners Scanners Store AP Group 2 Corporate-Data Corporate-Data, Guest-Access Guest-Access BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
  31. 31. AP Groups Usage Per AP Group SSID to VLAN Mapping AP groups give the VLAN-1 ability to statically map AP Group 1 Central Site Wi-Fi service (WLAN) to VLAN based on VLAN-2 physical location Users see the same VLAN-3 Wi-Fi service on all sites but IP@ can be used for WAN/MAN monitoring or filtering Corporate-Data Manufacturing Can also be used to Plan Store have smaller Wi-Fi AP Group 2 AP Group 3 subnets Corporate-Data Corporate-Data BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
  32. 32. AP GroupsConfiguration/VLAN MappingBRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
  33. 33. AP GroupsScaling New Scaling Flex 7500 WLC 5508 WLC 4400 WLC 2100# AP Groups 500 500 300 50 # WLAN 512 512 512 512 (SSID) # VLAN 512 512 512 512 (Interfaces)BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
  34. 34. Understanding H-REAP GroupsOverview Central Site Flex 7500 H-REAP groups allow sharing of: Cluster  CCKM/OKC fast roaming keys  Local backup RADIUS servers IP/keys  Local user authentication  Local EAP authentication WAN Scaling information Remote Site Remote Site  500 H-REAP groups for Flex 7500  50 AP per H-REAP group H-REAP Group 2 H-REAP Group 1 BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
  35. 35. H-REAP Groups and CCKM/OKC Keys CCKM Keys CCKM/OKC keys are stored on Central Site HREAP APs for Layer 2 fast roaming RADIUS Server The HREAP APs will receive the CCKM/OKC keys from the WLC If a HREAP AP boots up in the standalone Remote Site WAN mode, it will not get the H-REAP Remote Site CCKM keys from the Group 1 H-REAP Group 2 WLC and fast roaming is not supported BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
  36. 36. H-REAP Groups and CCKM KeysAdd a NewH-REAP GroupAdd APs to theH-REAP GroupBRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
  37. 37. Agenda Cisco Unified Wireless Principles (Reminder) Branches Using Remote Controllers Understanding H-REAP Mode and Limitations Understanding AP Groups and H-REAP Groups Designing a Resilient Network Operating an H-REAP–Based Branch Network Retail Case StudyBRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
  38. 38. H-REAP Backup ScenarioWAN Failure Central Site H-REAP will backup on local switched mode No impact for locally switched SSIDs Disconnection of centrally switched SSIDs clients Static authentication keys are locally WAN stored in H-REAP AP Lost features Remote Site RRM, WIDS, location, other AP modes Web authentication, NAC Application Server BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
  39. 39. H-REAP Backup ScenarioWLC Failure H-REAP will first backup on local Central Site switched mode No impact for locally switched SSIDs Disconnection of centrally switched SSIDs clients CCKM roaming allowed in H-REAP group WAN H-REAP AP will then search for backup WLC; when backup Remote Site WLC is found, H-REAP AP will resync with WLC and Application Server resume client session with central traffic. Client session with Local Traffic are not impacted during resync with Backup WLC. BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
  40. 40. H-REAP Group: Local Backup RADIUSBackup Scenario Central Site Normal authentication is done centrally Central RADIUS On WAN failure, AP authenticate new client with locally defined RADIUS server WAN Existing connected clients stay connected Local Backup RADIUS Remote Site Clients can roam with CCKM fast roaming, or Reauthentication H-REAP Group 1 CCKM Fast Roaming BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
  41. 41. H-REAP Group: Local Backup RADIUSConfiguration Define primary and secondary local backup RADIUS server per H-REAP groupBRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
  42. 42. H-REAP Group: Local Backup Authentication Backup Scenario Central Site Normal authentication is done centrally Central RADIUS On WAN failure, AP authenticate new client with its local database Each H-REAP AP has a WAN copy of the local user DB Existing authenticated clients Remote Site stay connected Clients can roam with: CCKM fast roaming, or H-REAP Group 1 Local re-authentication! Only LEAP and EAP-FAST Supported CCKM Fast Roaming BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
  43. 43. H-REAP Group: Local Backup AuthenticationConfiguration  Define users (max 100) and passwords  Define EAP parameters (LEAP or EAP-FAST) BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
  44. 44. H-REAP Backup ScenarioWAN Down Behavior (Bootup Standalone Mode) Central Switched WLANs will shutdown Web-auth WLANs will shutdown Local Switched WLANs will be up : Only Open, Shared and WPA-PSK are allowed. Local 802.1x allowed with local authentication or local RADIUS Unsupported features RRM, CCKM, WIDS, Location, Other AP Mode, NAC.BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
  45. 45. Not Supported Backup Scenario! AP Changing Mode on Failure Central Site AP can not automatically change from local mode to H-REAP mode on local WLC failure Changing mode is a configuration task of the AP WAN Why it does not make sense Need for dual configuration at the Remote Site switch level (access port for central, 802.1Q for H-REAP) Application Server Lost controller features when going to H-REAP If you accept H-REAP locally, then don’t but local WLC ! Not Supported Backup Scenario BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
  46. 46. Not Supported Backup Scenario ! Auto-Enabling Backup Local Switching Central Site H-REAP AP can not be configured with Primary Application two SSID with same name; one in central Server switching mode, one in local switching mode; when central switching is down, local switched SSID becomes active Changing enable status of an SSID is a WAN configuration task of the WLC level Cisco recommends using Local Remote Site Switching. Why? H-REAP AP SSID “Data” (Central Switching) Fault Tolerance will always keep client Backup Application connection UP. Server SSID “Data”! Not Supported Backup Scenario (Local Switching) Disable Enable BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
  47. 47. Failover Matrix WAN Up WAN Down Feature (Connected) (Standalone)Static Security Keys Yes Yes(WEP, WPA2/PSK) 802.1x/EAP Yes Yes Yes RADIUS Yes (local RADIUS Backup)Local Authentication Yes New Yes Yes OKC Fast Roaming Yes New (not new clients)WebAuth & MAC Auth Yes NoBRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
  48. 48. Agenda Cisco Unified Wireless Principles (Reminder) Branches Using Remote Controllers Understanding H-REAP Mode and Limitations Understanding AP Groups and H-REAP Groups Designing a Resilient Network Operating an H-REAP Based Branch Network Retail Case Study BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
  49. 49. Monitor H-REAP Latency RTT for H-REAP AP must be 300ms maximum Latency tool will help monitor WAN latencyBRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
  50. 50. Upgrading an H-REAP DeploymentConcerns Sites using H-REAP AP are usually sites with low WAN bandwidth Each site may have small number of AP, but an enterprise may have a lot of branches Upgrading ~2000 AP through a low bandwidth WAN is a challenge : • Time needed to download all the AP firmware • Exhaust of the WAN link • Risk of failures during the download BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
  51. 51. Upgrading an H-REAP DeploymentSafe Process Firmware ImageUse “Pre-Download” 7.0 6.0 7.0 6.0 Primary SecondaryFeature and Control the 7.0Process Before Effectively Wireless Control Wireless LANDo the Upgrade System Central Site Controller1.Download WLC upgradedfirmware (will become primary)2.Force the « boot image »to be the secondary (and not thenewly upgraded one) to avoid WANparallel download of all AP in case Remote Site-1 Remote Site-Nof unexpectedWLC reboot BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
  52. 52. Upgrading an H-REAP DeploymentSafe Process (Cont…) Firmware Image3. « Pre-download » the AP firmware in the secondary 7.0 6.0 7.0 6.0 « boot image » (will not Primary Secondary disrupt the actual service)— Can be started AP per AP to Wireless Control System Wireless LAN Central Site Controller limit WAN exhaust4. Check that all the H-REAP AP are up-to-date (all download succeed)5. Swap the « boot image » WAN of the AP to the new one, AP Firmware Image Remote Site-1 Remote Site-N change the « boot image » of the WLC to the new one 7.0 6.0 7.0 6.06. Reboot the controller Primary Secondary BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
  53. 53. Agenda Cisco Unified Wireless Principles (Reminder) Branches Using Remote Controllers Understanding H-REAP Mode and Limitations Understanding AP Groups and H-REAP Groups Designing a Resilient Network Operating an H-REAP–Based Branch Network Retail Case StudyBRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
  54. 54. Customer Requirements ~1000 Medium stores (“Supermarket”) Up to 5 AP per store. L2 connectivity between the AP. AP on access port (no 802.1Q trunk today) Existing local resources (servers, …) WLAN Services : SSID for Scanners : • WPA-PSK will be used on scanners • Same SSID name for all the stores, but different key per store • Local Switching in the store SSID for Laptops : • WPA/TKIP or WPA2/AES for laptops • Same SSID name and VLAN for all the stores • Central RADIUS authentication • Central Switching BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
  55. 55. RADIUS CT-5508 Data Center Cluster WLAN 17 : Store 1 WLAN 200 : Store-Data  SSID=Scanner  SSID=Laptop  WPA-PSK=XYZ  WPA/RADIUS  Local VLAN=native  Central VLAN=Tag- … WLAN 17+N : Store-N  SSID=Scanner  WPA-PSK=ZYX  Local VLAN=native WAN Store-1 Store-NLocal Resource Local Resource 1000 Stores H-REAP H-REAP SSID-Scanner SSID-Scanner (Key-Store-1) SSID-Laptop (Key-Store-N) SSID-Laptop (WPA2) (WPA2) Scanners Laptops Scanners Laptops (WPA-PSK) (WPA2) (WPA-PSK) (WPA2) BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
  56. 56. RADIUS CT-5508 Data Center Cluster AP Group 1 : Store 1  WLANs : Store-1 Store-data … AP Group N : Store-N  SSID=Scanner  WLANs : Store-N Store-data WAN Store-1 Store-NLocal Resource AP-Group-1 Local Resource AP-Group-N 1000 Stores H-REAP H-REAP SSID-Scanner SSID-Scanner (Key-Store-1) SSID-Laptop (Key-Store-N) SSID-Laptop (WPA2) (WPA2) Scanners Laptops Scanners Laptops (WPA-PSK) (WPA2) (WPA-PSK) (WPA2) BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
  57. 57. Project Scale 1000 Stores with an average of 5 AP per store : 5000 AP 10 x CT-5508-500 to support 5000 AP 1000 Stores means : • 1000 WLAN profiles with 1000 same SSID for Scanners each with a different WPA2-PSK key per store (*) • 1 WLAN profile with same SSID for Laptops with central switching and central WPA/Radius authentication • 1000 AP Groups to map the WLAN profiles on each store Capabilities to be supported by CT-5508-500 for this case study : • 100 Stores managed by a CT-5508 • 100 different WLAN Profiles with same H-REAP SSID per CT • 100 AP Groups per CT • No H-REAP Groups for phase 1 BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
  58. 58. Summary
  59. 59. Summary  Cisco Unified Wireless Network based on Controllers deliver Wireless Branch Solution  H-REAP is the feature designed to solve remote connectivity and WAN constraints  Several Failover Scenario are targeted to offer Survivability of Small Remote SitesDeployment Guide URL- http://www.cisco.com/***** BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
  60. 60. Deploying Cisco’s FlexConnect Wireless Branch SolutionIncreases Business ResiliencyBRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
  61. 61. Recommended ReadingBRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 61
  62. 62. Visit the Cisco Store for Related Titles http://theciscostores.comBRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
  63. 63. Complete Your OnlineSession Evaluation Receive 25 Cisco Preferred Access points for each session evaluation you complete. Give us your feedback and you could win fabulous prizes. Points are calculated on a daily basis. Winners will be notified by email after July 22nd. Complete your session evaluation online now (open a browser through our wireless network to access our portal) or visit one of the Internet stations throughout the Convention Center. Don’t forget to activate your Cisco Live and Networkers Virtual account for access to all session materials, communities, and on-demand and live activities throughout the year. Activate your account at any internet station or visit www.ciscolivevirtual.com.BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
  64. 64. BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
  65. 65. Thank you.BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 65

×