Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Cisco Confidential 1© 2013-2014 Cisco and/or its affiliates. All rights reserved.
§ Single-Switch Branch Design
Cisco Confidential 2© 2013-2014 Cisco and/or its affiliates. All rights reserved.
MA
CA Branch Design – MA and MC Placemen...
Cisco Confidential 3© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Branch
§ Small Inventory –
ü Single or L...
Cisco Confidential 4© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Floor-1
Floor-2
Floor-1
Floor-2
Floor-3
...
Cisco Confidential 5© 2013-2014 Cisco and/or its affiliates. All rights reserved.
ü Total Building/Site Count
o Typically ...
Cisco Confidential 6© 2013-2014 Cisco and/or its affiliates. All rights reserved.
§ Catalyst switch selection for MC role ...
Cisco Confidential 7© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Floor-1
Floor-2
§ 1 MC = 1 Sub-Domain. D...
Cisco Confidential 8© 2013-2014 Cisco and/or its affiliates. All rights reserved.
§ MC redundancy provides critical AP and...
Cisco Confidential 9© 2013-2014 Cisco and/or its affiliates. All rights reserved.
§ Cell coverage determines roaming
bound...
Cisco Confidential 10© 2013-2014 Cisco and/or its affiliates. All rights reserved.
§ Converged Access supports Layer 3 (de...
Cisco Confidential 11© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Floor-1
SPG-1
Floor-2
MC
MA MA
§ Most o...
Cisco Confidential 12© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Converged Access – Single Domain Key De...
Cisco Confidential 13© 2013-2014 Cisco and/or its affiliates. All rights reserved.
§ Multi-Domain Branch Design
Cisco Confidential 14© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Floor-1
Floor-2
Floor-1
Floor-2
Converg...
Cisco Confidential 15© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Converged Access – Multi Domain Design ...
Cisco Confidential 16© 2013-2014 Cisco and/or its affiliates. All rights reserved.
§ Total Building/Site Count
o Typically...
Cisco Confidential 17© 2013-2014 Cisco and/or its affiliates. All rights reserved.
§ Rule # 1 – Add More To Grow.
§ Cataly...
Cisco Confidential 18© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Multi Sub-domain Network
Floor-1
Floor-...
Cisco Confidential 19© 2013-2014 Cisco and/or its affiliates. All rights reserved.
MC-1-SPG-1
MC-2-SPG-1§ Expanded cell co...
Cisco Confidential 20© 2013-2014 Cisco and/or its affiliates. All rights reserved.
§ More scale hence more processing in l...
Cisco Confidential 21© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Floor-1
Floor-2
MA
MA MA
Floor-3
Floor-...
Cisco Confidential 22© 2013-2014 Cisco and/or its affiliates. All rights reserved.
§ Guest Network Design
Cisco Confidential 23© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Converged Access – Guest Network Design...
Cisco Confidential 24© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Converged Access – Guest Anchor Platfor...
Cisco Confidential 25© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Converged Access – Guest Anchor Scale C...
Thank you.
Upcoming SlideShare
Loading in …5
×

Converged Access - Branch Network Design

582 views

Published on

Part 2 of 3 of a discussion on converged access design.

Published in: Technology
  • Be the first to comment

Converged Access - Branch Network Design

  1. 1. Cisco Confidential 1© 2013-2014 Cisco and/or its affiliates. All rights reserved. § Single-Switch Branch Design
  2. 2. Cisco Confidential 2© 2013-2014 Cisco and/or its affiliates. All rights reserved. MA CA Branch Design – MA and MC Placement WAN MC Branch MAMA MA Branch § Recommended to keep MA and MC to keep within administrative LAN boundary § Design – 1 or Design – 2 recommended depending on scale (Agent/AP/Client) and MC redundancy requirements § MC across WAN. Not Recommended. Not Supported. MC Placement Alternatives : Access Distribution Design – 1 = In Branch Access-Layer MC MAMA MA Branch MC Design – 2 = In Branch Dist-Layer ✕ Design – 3 = Across WAN-Layer MA Placement Alternatives : None. Static in Access
  3. 3. Cisco Confidential 3© 2013-2014 Cisco and/or its affiliates. All rights reserved. Branch § Small Inventory – ü Single or Logical Stack switch configuration ü Low AP and Client Counts ü Any Catalyst platform meets scale requirements § Simple Mobility Network Design ü Single Switch = 1 MC/MA, No separate MAthus No SPG ü Simplified configuration : Wireless, Mobility, VLAN, IP Subnet etc. ü Built-in HA – StackWise, AP/Tunnel SSO, StackPower, Redundant Fan/PSU § Better Roaming : ü Single floor L2 roaming boundary ü Optimal backplane utilization when stacked § Flexible Guest Wireless solution : ü Anchor-Based or Anchor-Less solution ü Centralized Web Authentication Converged Access – Single Switch Branch Design Internet GA DC CPI ISE MC MA WAN Roaming Boundary
  4. 4. Cisco Confidential 4© 2013-2014 Cisco and/or its affiliates. All rights reserved. Floor-1 Floor-2 Floor-1 Floor-2 Floor-3 Floor-4 Converged Access – Controller-Less Branch Design Medium-size Branch Large-size Branch Inventory Mobility Roaming Guest Variable Size and Deployment Models Follow 5 step design to deploy success : Foundation Internet GA DC CPI ISE WAN
  5. 5. Cisco Confidential 5© 2013-2014 Cisco and/or its affiliates. All rights reserved. ü Total Building/Site Count o Typically 1 Building/Site count ü Floors Count Per Building o Ranging 1-3 count o Check on RF-coverage gap between elevators/stairs etc. ü Switch Type and Count Per Building o Converged Access Platforms in Access & Distribution layer o Ranging 4 to 8. Stack if possible o Helps determine platform choice for MC role and its placement ü AP Count Per Building o Ranging 5-30 o Helps determine platform choice for MC role ü Client Count Per Building o Ranging 200-300 o Helps determine platform choice for MC role Converged Access – Single Domain Design Floor-1 Floor-2 Inventory Inventory – Sizing Network for Single Domain Design
  6. 6. Cisco Confidential 6© 2013-2014 Cisco and/or its affiliates. All rights reserved. § Catalyst switch selection for MC role depends on three following scale factors : ü Total Switch Count at selected site ü Total AP Count across all floors at selected site ü Total Client (devices) Count across all floors at selected site § As an MC the Catalyst 3850 has a recommended limit of 50 APs § 3650 in MC role supports half capacity. But as an MA the scale would depend on MC § Build Converged Access network with any supported Catalyst switch permutation § Common Software Release means common feature set support across complete portfolio Converged Access – Single Domain Design Mobility Mobility – Deciding MC System for Single Domain Design MC – Switch MA – Switch AP Client 3850-Ethernet 8 50 1000 3850-Fiber 8 50 1000 3650-Ethernet 4 25 500 Single-MC Max Scale Floor-1 Floor-2
  7. 7. Cisco Confidential 7© 2013-2014 Cisco and/or its affiliates. All rights reserved. Floor-1 Floor-2 § 1 MC = 1 Sub-Domain. Deploy another MC or Sub-Domain for additional scale in large network. Known as Multi-Domain Design § Total number of MC Count per building decision depends on following factor : o Scale = More AP/Client scale then one MC o HA = MC redundancy critical for Core Mobility services § Best Practices : o Keep simple with single MC if meets the scale o Stack/add Sup on MC if redundancy is concern o Mix Catalyst switch in design that allows MC redundancy and still supports full architecture Converged Access – Single Domain Design Mobility Mobility – Deciding MC System Count for Single Domain Design MC MA MA MA MA MCMC
  8. 8. Cisco Confidential 8© 2013-2014 Cisco and/or its affiliates. All rights reserved. § MC redundancy provides critical AP and Tunnel SSO § Wireless control-plane redundancy with proven switching HA function : o 4500-Sup8E as MC – Dual-Sup NSF/SSO o 3850-Eth/Fiber as MC – StackWise-480 o 3650 as MC – StackWise-160 § Client SSO not supported. User impact none to minor : o Local Domain Clients – None o Local Clients – Re-associate. Sub-Second recovery o Foreign Clients – Re-associate. Sub-Second recovery Converged Access – Single Domain Design Mobility Mobility – MC Redundancy for Single Domain Design Floor-1 Floor-2 MC MA MA MA MA
  9. 9. Cisco Confidential 9© 2013-2014 Cisco and/or its affiliates. All rights reserved. § Cell coverage determines roaming boundary limit. Reflects how to construct Mobility topologies § Understand Soft Roam versus Hard Roam : o Soft Roam = Seamless move without rebuilding connection state o Hard Roam = Pervasive move with rebuilding connection state § Switch-Peer-Group (SPG) an logical group of switches to automatically builds Mobility topologies for seamless roaming support across network § 1 Catalyst MC = 1 Single SPG for these deployment size. More possible but no benefits and may complicate deployment. Converged Access – Single Domain Design Roaming Roaming – Designing SPG for Single Domain Network SPG-1 Floor-1 Floor-2 MC MA MA MA MA Soft-Roam User. No Reauth, same VLAN, IP, Policies Hard-Roam User. Full Reauth, new VLAN, IP, Policies
  10. 10. Cisco Confidential 10© 2013-2014 Cisco and/or its affiliates. All rights reserved. § Converged Access supports Layer 3 (default) and Layer 2 roam § Recommended Layer 3 roam key benefits : § Maintains Spanning-Tree best practices § Small link-local broadcast/multicast flood and fault domain § Rapid roam between Access switches even with policies § Proven Converged Access Design § Layer 2 roam possible with explicit configuration : § Pros – Local egress forwarding path with full client handoff § Cons – Large flood and fault domain size, slow roam with downloaded policies from AAA server § Anchored SSIDs, i.e. Guest don’t need any VLANs. Keep configuration default § Keep Wireless Management VLAN separate from Client VLANs – smaller broadcast/multicast domain, prevents policy conflict Converged Access – Single Domain Design Roaming Roaming – VLAN And Roam Design in Single Domain Network SSID-1 101 201 301 401 SSID-1 Layer 3 Roam SSID SSID-2 201 SSID-2 Layer 2 Roam SSID SSID-3 None SSID-3 Anchored SSID (Guest) WM 11 21 31 41 WM Wireless Management SPG-1 MC MAMA MAMA Wireless ClientVLAN Design
  11. 11. Cisco Confidential 11© 2013-2014 Cisco and/or its affiliates. All rights reserved. Floor-1 SPG-1 Floor-2 MC MA MA § Most of the devices perform soft-roam on single-floor. Voice may go beyond § Stack helps improves roaming performance. Rapid local switching roam instead over network § Stack switching helps maintaining VLAN best practices and optimizes converged distribution block Converged Access – Single Domain Design Roaming Mobility – Roaming Benefits with StackWise in Single Domain Network MA Distribution Access Access
  12. 12. Cisco Confidential 12© 2013-2014 Cisco and/or its affiliates. All rights reserved. Converged Access – Single Domain Key Design Summary üIdentify cell coverage and required roaming boundary üKeep SPG design simple. 1 MC = 1 SPG üRecommended default Layer 3 roam üUnique SSID and Wireless Mgmt VLAN Per-Access üOptimize roaming delays with StackWise in Access Roaming üStack in Distribution üStack inAccess if possible üMultilayer Network Design üEtherChannel üUnique Wired and Wireless VLAN (Design-1) üUnique Wireless Mgmt VLAN Per Access üCisco Borderless Campus CVD Best Practices Foundation üCollect Infrastructure Inventory üAnalyze RF coverage üUp to date RF survey üDesign conclusion based Inventory Inventory üKeep MC design simple. 1 MC per Branch üDesignate system for MC role to support scale üMC placement in Distribution if StackWise/VSS üAdd more HA component to MC if desired Mobility Floor-1 Floor-2 MC MA MA MA MA
  13. 13. Cisco Confidential 13© 2013-2014 Cisco and/or its affiliates. All rights reserved. § Multi-Domain Branch Design
  14. 14. Cisco Confidential 14© 2013-2014 Cisco and/or its affiliates. All rights reserved. Floor-1 Floor-2 Floor-1 Floor-2 Converged Access – Controller-Less Branch Design Inventory Mobility Roaming Guest Variable Size and Deployment Models Follow 5 step design to deploy success : Foundation MA MA MA MA MA MA MA MA MC Floor-3 Floor-4 MA MA MA MC MC Expanded Network Design CA – Single Sub-Domain Design CA – Multi Sub-Domain Design Multi Sub-Domain Design Principles : ü Add More To Grow ü Peer Only If Need Branch – 1 Branch – 2
  15. 15. Cisco Confidential 15© 2013-2014 Cisco and/or its affiliates. All rights reserved. Converged Access – Multi Domain Design Foundation Foundation – Build Solid Foundation To Scale Multi Sub-domain Design Floor-1 Floor-2 Floor-3 Floor-4 § Consistent network foundation design and principles as single sub-domain network § Modular-class platform for better density, scale, performance and resilient network § Integrated Wireless Controller functionality valuable but may not meet the required scale § Recommended network design o VSS* / StackWise o STP Loop-free topology with Layer 2 EtherChannel o Unique VLAN Per Access switch design
  16. 16. Cisco Confidential 16© 2013-2014 Cisco and/or its affiliates. All rights reserved. § Total Building/Site Count o Typically 1 Building/Site count § Floors Count Per Building o Ranging 5-10 count o Check on RF-coverage gap between elevators/stairs etc. § Switch Type and Count Per Building o Converged Access Platforms in Access & Distribution layer o Ranging 10 to 20. Stack if possible o Helps determine platform choice for MC role and its placement § AP Count Per Building o Ranging 50-150 o Helps determine platform choice for MC role § Client Count Per Building o Ranging 1000-2000 o Helps determine platform choice for MC role Converged Access – Multi Domain Design Inventory Inventory – Sizing Network for Single Sub-domain Design Floor-1 Floor-2 Floor-3 Floor-4
  17. 17. Cisco Confidential 17© 2013-2014 Cisco and/or its affiliates. All rights reserved. § Rule # 1 – Add More To Grow. § Catalyst switch selection for MC role depends on three following scale factors : ü Total Switch Count at selected site ü Total AP Count across all floors at selected site ü Total Client (devices) Count across all floors at selected site § Multiple MC’s may require to meet scale limit. All MCs can be same or mix Catalyst platforms § Recommended consistent IOS Software version is on each MC’s Converged Access – Multi Domain Design Mobility Mobility – Deciding MC System for Multi Sub-domain Design MC – Switch MA – Switch AP Client 3850-Ethernet 8 50 1000 3850-Fiber 8 50 1000 3650-Ethernet 8 25 500 Single-MC Max Scale Floor-1 Floor-2 MA MA MA Floor-3 Floor-4 MA MA MA MC MC
  18. 18. Cisco Confidential 18© 2013-2014 Cisco and/or its affiliates. All rights reserved. Multi Sub-domain Network Floor-1 Floor-2 Floor-3 Floor-4 § MC placement depends on following factors : o Distribution-Layer. Single-Domain design recommended if scale and HA fits the requirement o Access-Layer. Scales better MA/AP/Client § Simplify MC with StackWise or VSS* when deployed at Distribution-Layer § MC at Access-Layer follow certain design considerations : o 3850/3650 – StackWise. Default Standalone design may not provide enough redundancy § Best Practices : § Deploy MC either in Access or in Distribution. § Do not deploy at both layers Converged Access – Multi Domain Design Mobility Mobility – MC Placement In Multi Sub-domain Network MA MA MA MA MA MA MA MA MCMC Single Sub-domain Network
  19. 19. Cisco Confidential 19© 2013-2014 Cisco and/or its affiliates. All rights reserved. MC-1-SPG-1 MC-2-SPG-1§ Expanded cell coverage determines roaming boundary limit. Reflects how to construct Mobility topologies across multiple sub-domains § Contiguous Mobility RF domain covering entire building § Rule # 2 – Peer Only If Need § Static peering between MCs to build seamless indoor device roaming boundary limit § 1 Catalyst MC = 1 Single SPG for these deployment model. Converged Access – Multi Domain Design Roaming Roaming – Designing Mobility and SPG for Multi Sub-domain Network Floor-1 Floor-2 MA MA MA Floor-3 Floor-4 MA MA MA MC MC
  20. 20. Cisco Confidential 20© 2013-2014 Cisco and/or its affiliates. All rights reserved. § More scale hence more processing in large size network § Large flood/fault domain with VLAN spanning across Access may impact performance and network reliability § Recommended unique VLAN design per Access : o Imperative building loop-free and small size broadcast domain o Aligned with Wired best practice for large port count § Decouple user data-plane and wireless control-plane with unique VLAN per Access § Evaluate Distribution Layer switch specifications to support required scale and performance Converged Access – Multi Domain Design Roaming Roaming – VLAN And Roam Design in Multi Sub-domain Network SSID-1 101 201 301 401 SSID-1 Layer 3 Roam SSID SSID-2 201 SSID-2 Layer 2 Roam SSID SSID-3 None SSID-3 Anchored SSID (Guest) WM 11 21 31 41 WM Wireless Management Wireless ClientVLAN Design MC-1-SPG-1 MC MAMA MC MC-2-SPG-1
  21. 21. Cisco Confidential 21© 2013-2014 Cisco and/or its affiliates. All rights reserved. Floor-1 Floor-2 MA MA MA Floor-3 Floor-4 MA MA MA MC MC Converged Access – Multi Sub-domain Key Design Summary üIdentify cell coverage and required roaming boundary üKeep SPG design simple. 1 MC = 1 SPG üRecommended default Layer 3 roam üUnique SSID and Wireless Mgmt VLAN Per-Access üOptimize roaming delays with StackWise in Access Roaming üStack/VSS in Distribution üStack inAccess if possible üMultilayer Network Design üEtherChannel üUnique Wired and Wireless VLAN (Design-1) üUnique Wireless Mgmt VLAN Per Access üCisco Borderless Campus CVD Best Practices Foundation üCollect Infrastructure Inventory üAnalyze RF coverage üUp to date RF survey üDesign conclusion based Inventory Inventory üMC placement in Access for 2X scale üKeep MC design simple. 2 MCs per Branch üDesignate system for MC role to support scale üAdd more HA components to MC if desired Mobility
  22. 22. Cisco Confidential 22© 2013-2014 Cisco and/or its affiliates. All rights reserved. § Guest Network Design
  23. 23. Cisco Confidential 23© 2013-2014 Cisco and/or its affiliates. All rights reserved. Converged Access – Guest Network Design Alternatives § Ideal for Small Branch to provide local Internet Access § Catalyst integrated L2/L3 security with central policy- engine, i.e. Cisco ISE § Local L2/L3 network termination with possible L3 segmentation to WAN edge MC/MA Branch MC/MA Branch MC/MA Branch SiSiSiSiSiSi MA MC/MA Sub-Domain-1 SPG-1 MA MC/MA Sub-Domain-2 SPG-2 Sub-Domain-1 SPG-1 MA MA MC Sub-Domain-2 MA MA MC SPG-2 SiSiSiSiSiSi SiSiSiSiSiSi Internet GA DC CPI ISE Controller-Less Single-Switch Branch Controller-Less Multi-Domain Branch/CampusController-Less Single/Multi-Domain Branch Anchor-Less Guest Solution : Internet DC CPI ISE Anchor-Based Guest Solution : § Common solution for Guest termination close to Internet point § Controller-based integrated L2/L3 security with central policy- engine, i.e. Cisco ISE § Transparent Guest network termination to Anchor in DMZ for centralized policy enforcement
  24. 24. Cisco Confidential 24© 2013-2014 Cisco and/or its affiliates. All rights reserved. Converged Access – Guest Anchor Platform Support Sub-Domain-1 SPG-1 MA MA MC Sub-Domain-2 MA MA MC SPG-2 SiSiSiSiSiSi SiSiSiSiSiSi Internet GA DC CPI ISE Sub-Domain-1 SPG-1 MA MA MC Sub-Domain-2 MA MA MC SPG-2 Controller-Less Multi-Domain Branch/Campus Controller-Based Multi-Domain Campus Foreign Anchor Guest Anchor WLC Software Release New Mobility Catalyst : Catalyst 3650/3850 AireOS WLC : 5508 and WiSM2 New AireOS WLC : 8510, 5520 and 8540 5508/WiSM2 7.3.112 andabove Required * 8510 8.1 and above Required * 5520 / 8540 8.1 and above Required * § Current generation 5508 and WiSM2 with New Mobility § Continue to support beyond 8.1 AireOS Software release. No change in strategy § New AireOS Platform Support – 8510 and 5520 / 8540 * = Non-Default. Required configuration change and reboot WLC WLC-1 AP AP AP AP AP AP WLC-2 Centralized Multi-Domain Campus Guest Anchor WLC Product Support Matrix Key Points
  25. 25. Cisco Confidential 25© 2013-2014 Cisco and/or its affiliates. All rights reserved. Converged Access – Guest Anchor Scale Consideration Internet GA DC CPI ISE MC/MA Branch MC/MA Branch MC/MA Branch SiSiSiSiSiSi MA MC/MA Sub-Domain-1 SPG-1 MA MC/MA Sub-Domain-2 SPG-2 § Maximum 71 Mobility Tunnel support on AireOS platform § Consider GA WLC : MC tunnel ratio across Branch locations Guest Anchor WLC Max Mobility Tunnel Max Client Count 5508 71 7000 WiSM2 71 15000 8510 71 64000 5520 71 20000 8540 71 64000 Guest Anchor WLC Tunnel and Client Scale Matrix Key Points
  26. 26. Thank you.

×