The document discusses building a campus network to support e-learning. It recommends a unified network with one policy, one management system, and one network across wired and wireless. This allows supporting needs like online testing, BYOD, and digital content while improving security, visibility and control through the use of technologies like Identity Services Engine and Prime Infrastructure.

1. Clement Tam
How to build Campus Network to
embrace e-Learning Era 2.10
UnifiedAccess for Education
One Policy – One Management – One Network
Andy Lam
15th June, 2013

2. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
Internet
Floor 4
Floor 3
Floor 2
Floor 1
Core Switch &
Wireless
Controller
One Management
Tool for Wired
and Wireless
Identity Services
Engine
Hall
(High Density AP)
Building /
Classroom
Playground
(Outdoor AP)
Application
Firewall
Perfect Campus Infrastructure
Edge Switches
Access Point
(AP)

3. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
Preparing
students for
success in the
global
economy
Keeping
students fully
engaged –
Adaptive
Learning
Obsoleting
traditional
textbooks for
E-Textbooks
Implementing
mandated
Online Testing
Protecting
student and
school district
data
Providing safe
learning
environments
BYOD for
faculty, staff,
students, and
parents
Tech savvy
students

4. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
Wish List
Authentication Services
I only want to allow the “right” users
and devices on my network
Authorization Services
I want user and devices to receive
appropriate network services
Guest Lifecycle
Management
I want to allow guests into the
network and control their behavior
Profiling Services
I need to allow/deny iPads
in my network (BYOD)
Posture Services
I want to ensure that devices
on my network are clean
Secure Groups Access
I need a scalable way of enforcing
access policy across the network
Identity
Services
Engine
Simplified
Policy
Management

5. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
Wired+Wireless+WAN Policy/Guest Management
AFTER
Unified Context-based Policy Management for
Employees and Guests Across The Network
Account for every device and
block unwanted devices
AAA + profiling, provisioning,
and posturing = secure BYOD
Simple | Unified | Automated
Who? What? When? Where? How?
Provides Unparalleled Control
BEFORE
Separate Policy And Guest Management
Wired | Wireless | WAN
Improved
Control

6. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Policy
Guest
Student
Faculty
Personal Device
Personal Device
Faculty Device
Personal Device
Wireless Classrooms
Captive Portal
DMZ Guest Tunnel
Faculty
VLAN
5 Dimensions of Policy and Provisioning
Anytime
Anytime
Student VLAN
Student ACL
Wired
Wireless
VPN
Faculty
ACL
Guest VLAN
M–S
8 am–6 pm
TimeLocation
Access
Method
DeviceUser
Anywhere
Anywhere
Anytime
Anytime
Anytime
Anywhere
Anywhere
Wired
Wireless
IF $Identity AND $Device AND $Access
AND $Location AND $Time THEN $Policy
Library

7. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
Account
Sponsorship
Account Notification
Credentials Automatically
Provided to Guest Via Email,
SMS, or Printed Receipt
Web Browser Redirects to Login Screen
User Can Manage Access for Their Own Device
Successful Authentication
• Isolated Guest Network on DMZ
• Role Based Policy Applied
• User granted access to Internet
Example K-12 Education Walkthrough—Guest
Approved Sponsor
Creates Account.
Captive
Portal
Access
Granted
ISE
Policy /
Guest Engine
Internal
WLC
Anchor WLC
Guest User
on DMZ
DMZ
Internet

8. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
Wish List
Planning Services
I want clear visibility in
to the RF environment
Discovery Services
I want to discover and inventory any
and all devices attached to the network
Deployment Services
I want flexible and easy to use
templates and deployment tools
Monitoring Services
I want to monitor the LAN, WLAN, and
WAN with a single application
Troubleshooting Services
I want to troubleshoot the LAN, WLAN,
and WAN from a single application
Compliance Services
I need to monitor and audit system-wide
configurations for compliance purposes
Prime
Infrastructure
Simplified
Network
Management

9. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Single Pane of Glass View and Management of
WLAN – LAN - WAN
AFTER
Comprehensive User and Unified Access Network
Visibility and Advanced Troubleshooting
Provides Unparalleled Visibility
BEFORE
Separated management
Improved
Visibility WLAN
LAN
WAN
+
Identity



Simple Improves IT efficiency
Unified Single view of all user access data
Advanced Troubleshooting Less time
and resources consumed
×
×
×
Siloed Inefficient operational model
Repetitive Manual correlation of data
Error Prone Consumes time and resources
WLAN
LAN
WAN

10. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
• You can use to column grid for
laying out slides with more
Grey:
Disconnected
AP
Yellow: AP w/
unresolved
non-critical
alarms
Red: AP
w/ critical
alarms
Active
rogue
APs
802.11u
location
specific
service
Zoom &
Pan
controls
Next-Gen Maps
• Reduced Clutter
• Faster Loading
• Better Navigation
• Scalable Vector
Graphics
• High quality
images with zoom
in/out

11. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
ExperienceAnalysis
Server

12. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
Control and Visibility for IT—Predictability for Users
Access Switches
Compact 3750-X/3560-X2960-S 4500E
Core Switches
6500 Series
Access Points
600 Series
Teleworker
3600 Series
Density
1550 Series
Outdoor
1600
2600
2600e
3600
Indoor
Mobility Services Engine
3310 and 3355
Physical or Virtual
Wireless LAN Controllers
2500 Series WLC on SRE
5500 Series WiSM2
7500
Identity and Policy
Data Integration
ISE
PI
Physical
or Virtual
8500

13. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
BEFORE
Wireless Interference Decreases
Reliability and Performance
AFTER
Cleanair Mitigates RF Interference
Improving Reliability and Performance
Wireless Client
Performance
Chip Level Proactive and Automatic Interference
Protection
Improves Performance and Predictability
Air Quality Performance
Air Quality Performance

14. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
High Resolution Interference Detection,
Classification, and Mitigation at Chip Level
Detect | Classify | Locate | Mitigate
• CleanAir radio ASIC
• Detect Wi-Fi
and non-Wi-Fi
interference sources
• Assess impact to
Wi-Fi performance
• Proactively change
channels when
interference occurs
• Monitor air quality
35
100
63
97
2090

15. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
Identify, Analyze, and Optimize Application Traffic
AFTER
Network Based Application Recognition –
NBAR2 Deep Packet Inspection and App ID
Provides Unparalleled Visibility and Control
BEFORE
Application View and ControL Based
On L4 Firewall Sessions
NBAR2 LIBRARY
Deep Packet Inspection
Real Time
Interactive
Non-Real Time
Background
POLICY
Packet Mark
and Drop
First Generation
Firewall
Visibility to the port level interaction but not
the applications running within the port
View, Control and
Troubleshoot – End User Application ExperienceFW L4 Session Visibility and Control
HTTP = 75%
SMTP = 15%
FTP = 2%
Telnet = 1%
SNMP = 3%
Wireless LAN Controller
Traffic
Improved
Visibility and
Control

16. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
Reduces Coverage Holes/Improves Both
Upstream and Downstream
Improves Predictability and Performance
ClientLink Disabled ClientLink Enabled
450 Mbps
300 Mbps
150 Mbps
65 Mbps
6 Mbps
450 Mbps
300 Mbps
150 Mbps
65 Mbps
6 MbpsBeacon Rate
Connection Rate

17. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
600
Mbps
450
Mbps
802.11
1999 2003 2007
2
Mbps
11
Mbps
802.11b
54
Mbps
802.11ag
24
Mbps
300
Mbps
65
Mbps
802.11n
6900
Mbps
1300
Mbps
870
Mbps
290
Mbps
6900
Mbps
3500*
Mbps
1730*
Mbps
290
Mbps
2013
Wave 1
802.11ac
2014
Wave 2
802.11ac
* Assumes 160MHz channel width is available and usable
802.11ac = game changer
802.11n 802.11ac
Band 2.4GHz & 5.0GHz 5.0GHz only
PHY Rate 65 Mbps – 600 Mbps 290 Mbps – 6.9 Gbps
MAC
Throughput
45 Mbps – 420 Mbps 194 Mbps – 4.8 Gbps
Spatial Streams 4 8
Modulation 64 QAM 256 QAM
Channel Width 20 or 40 MHz
20, 40, 80, *80+80, 160
MHz
1
Spatial
Streams
3
Spatial
Streams
8
Spatial
Streams
Key benefits:
• Increased speed
• Improved battery life
GigabitEthernetUplink
2GigabitEthernetUplinks

18. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
Wired-Like Video Delivery over Wireless
AFTER
Dynamic RF Management
Improves Predictability and Performance
BEFORE
Manual RF Management
High School
Superintendent | Classroom | K12Superintendent | Classroom | K12

19. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
Apple Bonjour and other consumer protocol service gateway.
BEFORE
Isolated Apple Bonjour Network
AFTER
Bonjour Discovery, Advertisement & Policy
Bonjour Services Directory
Apple Bonjour discovery, advertisement and policy
Enterprise / Higher
Education / K-12
Isolated
Services
No Network
Policy
L2
Only
Service
Cache and
advertise
VLAN and
WLAN Policy
Enforcement
Services
Across L3
boundary
Routed
Network
Apple TV Apple TV
Printer
WLAN
X
mDNS & Bonjour
Services NOT Routed
Routed
Network
Apple TV Apple TV
Printer
WLAN
WLAN
Controller
mDNS Profiles
Policy & Control

20. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
Sub Second Recovery / Convergence for
Both WLAN and LAN
AFTER
WLAN and LAN Recovery / Convergence
Times Are Both Sub Second
Improves Predictability
BEFORE
WLAN and LAN Recovery / Convergence
Times Significantly Different
×

WLAN 30+ second recovery / convergence
LAN Sub second recovery / convergence
AP
State
Sync
AP Failover
N+1 Redundancy


WLAN Sub second recovery / convergence
LAN Sub second recovery / convergence
AP Resiliency
High AvailabilityProvide Mission
Critical Support

21. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23

22. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
Simplify IT Operations with One Policy –
One Management – One Network
Visualize and control what applications
are running on the network
Make sure that policy follows the user
wherever they go on the network?”
Easily manage onboarding and access rights
for students, faculty, staff and guests
Enables you to “say yes” to BYOD
without increasing your IT staff
Delivers the most predictable
user experience in the industry

23. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
Thank You