This document discusses wireless network design considerations for deploying Cisco's Unified Wireless Network (UWN) architecture. It covers topics such as wireless technologies, wireless network topologies, wireless network components, wireless LAN controllers, autonomous and lightweight access points, wireless security, site survey processes, and controller redundancy designs. The goal is to introduce the Cisco UWN architecture and discuss principles for designing wireless networks using lightweight access points and wireless LAN controllers.
SD WAN Overview | What is SD WAN | Benefits of SD WAN Ashutosh Kaushik
Small Brief on Next Generation SD-WAN
Dynamic business landscape and uncompromised demands of applications and users have driven dramatic transformation in IT Networking after many years of relative stability. Frequent changes in technologies are shifting networking from static Infrastructure to more agile, secured, future ready and hybrid-cloud infrastructure. This created un-precedented network management complexities that has become a growing concern for the enterprise.
Early Generation of SD-WAN providers were primarily focused on cost reduction via replacing MPLS with low-cost broadband.
Infinxt Next Generation SD-WAN handles data and network security with in-built NGFW, SLA based Application Performance Enhancement, Traffic Shaping, Multi/ Hybrid Cloud App aware routing, in addition to the traditional SD-WAN features
Infinxt Product Variants
1. Infinxt – Next Generation SD-WAN
Infinxt provides you with the best of the SD-WAN features that can address any of your WAN challenges. The device itself being a Zone based firewall, provides application visibility and control. The decoupled Data Plane and Control plane provides you with the needed flexibility and efficiency in addressing Day 0, Day 1 and Day 2 challenges.
The solution is industry and business agnostic whereby it would be able to meet any type of WAN requirements. The offering being indigenously made would be able to address unique requirements for niche industries too through customization
Features
2. Infinxt - Next Generation Firewall Powered by Palo Alto Networks
Legacy firewall security solutions react to new threats. Intelligent network security stays ahead of attackers and increases business agility. Infinxt SD-WAN comes with a pre-hosted Palo Alto Networks VM in the Infinxt iEdge devices. This offering is a boon for customers to convert their branches into next generation secured branches with the NGFW security capability of Palo Alto Networks.
3. Infinxt - Next Generation Secure SD-WAN Powered by Palo Alto Networks
The Secure Next Generation SD-WAN offering from Infinity Labs provides its customers with the best of both Network connectivity and Application security. It’s a unique combination where both the VMs are service chained to leverage their proficiency to provide a secured application experience to the users. Along with SD-WAN features it also gives NGFW features Powered by Palo Alto Networks.
Infinxt SD-WAN Console gives a Single UI for both SD-WAN and NGFW for ease of Network Operation and Management.
This feature gives the enterprises a unique proposition to have Palo Alto NGFW on tried and tested Infinxt Edge Device.
Palo Alto Networks Advantages
Software-Defined Networking (SDN): Unleashing the Power of the NetworkRobert Keahey
It goes without saying that cloud computing has dramatically reshaped the information technology services landscape. Virtualization is unleashing the power of commodity-based technology and open source communities are building new applications and services at an astonishing rate, but networking has lagged behind compute and storage in virtualization and automation. We’ve become accustomed to specialized networking silicon, complex operating systems and highly distributed control planes. For the most part, we’ve accepted the model along with its high costs.
All that is changing! New protocols such as OpenFlow are freeing the network control plane from proprietary operating systems and hardware platforms. We are entering a new era where customers control the features – and release schedules – of new, open networking applications that address the needs of the mega-scale world.
A lot of work is required to realize the potential of Software-Defined Networking (SDN), where we can enjoy the benefits derived from “software automating software.” This talk will examine some of the history that led us to the point where current networking architectures are no longer viable for cloud computing at mega-scale. We’ll take a look at the basics of SDN and some of its key elements – OpenFlow, network virtualization, and orchestration – along with some of the initiatives and companies that are setting the stage for the next generation of networking.
WiFi 6 is the latest industry certification program based on the IEEE 802.11ax standard for WiFi networks. It enables next-generation WiFi connectivity enabling high capacity, coverage, performance, & security. It provides a more consistent and reliable network connection with a seamless experience for users, IoT, & voice and video. It can achieve speeds up to 4 times faster than previous WiFi standards, promising better user experience and performance of bandwidth-consuming applications such as voice, video, and collaboration.
Moving towards a new Wi-Fi technology does not have to be too much of an undertaking. Of course, that's assuming great deal of planning and attention to detail in terms of defining the clear steps on how to get there. In this session we will discuss 802.11ac placement, Wi-Fi coverage and capacity planning for 802.11ac devices and how to take advantage of 802.11ac transmit beamforming.
SD WAN Overview | What is SD WAN | Benefits of SD WAN Ashutosh Kaushik
Small Brief on Next Generation SD-WAN
Dynamic business landscape and uncompromised demands of applications and users have driven dramatic transformation in IT Networking after many years of relative stability. Frequent changes in technologies are shifting networking from static Infrastructure to more agile, secured, future ready and hybrid-cloud infrastructure. This created un-precedented network management complexities that has become a growing concern for the enterprise.
Early Generation of SD-WAN providers were primarily focused on cost reduction via replacing MPLS with low-cost broadband.
Infinxt Next Generation SD-WAN handles data and network security with in-built NGFW, SLA based Application Performance Enhancement, Traffic Shaping, Multi/ Hybrid Cloud App aware routing, in addition to the traditional SD-WAN features
Infinxt Product Variants
1. Infinxt – Next Generation SD-WAN
Infinxt provides you with the best of the SD-WAN features that can address any of your WAN challenges. The device itself being a Zone based firewall, provides application visibility and control. The decoupled Data Plane and Control plane provides you with the needed flexibility and efficiency in addressing Day 0, Day 1 and Day 2 challenges.
The solution is industry and business agnostic whereby it would be able to meet any type of WAN requirements. The offering being indigenously made would be able to address unique requirements for niche industries too through customization
Features
2. Infinxt - Next Generation Firewall Powered by Palo Alto Networks
Legacy firewall security solutions react to new threats. Intelligent network security stays ahead of attackers and increases business agility. Infinxt SD-WAN comes with a pre-hosted Palo Alto Networks VM in the Infinxt iEdge devices. This offering is a boon for customers to convert their branches into next generation secured branches with the NGFW security capability of Palo Alto Networks.
3. Infinxt - Next Generation Secure SD-WAN Powered by Palo Alto Networks
The Secure Next Generation SD-WAN offering from Infinity Labs provides its customers with the best of both Network connectivity and Application security. It’s a unique combination where both the VMs are service chained to leverage their proficiency to provide a secured application experience to the users. Along with SD-WAN features it also gives NGFW features Powered by Palo Alto Networks.
Infinxt SD-WAN Console gives a Single UI for both SD-WAN and NGFW for ease of Network Operation and Management.
This feature gives the enterprises a unique proposition to have Palo Alto NGFW on tried and tested Infinxt Edge Device.
Palo Alto Networks Advantages
Software-Defined Networking (SDN): Unleashing the Power of the NetworkRobert Keahey
It goes without saying that cloud computing has dramatically reshaped the information technology services landscape. Virtualization is unleashing the power of commodity-based technology and open source communities are building new applications and services at an astonishing rate, but networking has lagged behind compute and storage in virtualization and automation. We’ve become accustomed to specialized networking silicon, complex operating systems and highly distributed control planes. For the most part, we’ve accepted the model along with its high costs.
All that is changing! New protocols such as OpenFlow are freeing the network control plane from proprietary operating systems and hardware platforms. We are entering a new era where customers control the features – and release schedules – of new, open networking applications that address the needs of the mega-scale world.
A lot of work is required to realize the potential of Software-Defined Networking (SDN), where we can enjoy the benefits derived from “software automating software.” This talk will examine some of the history that led us to the point where current networking architectures are no longer viable for cloud computing at mega-scale. We’ll take a look at the basics of SDN and some of its key elements – OpenFlow, network virtualization, and orchestration – along with some of the initiatives and companies that are setting the stage for the next generation of networking.
WiFi 6 is the latest industry certification program based on the IEEE 802.11ax standard for WiFi networks. It enables next-generation WiFi connectivity enabling high capacity, coverage, performance, & security. It provides a more consistent and reliable network connection with a seamless experience for users, IoT, & voice and video. It can achieve speeds up to 4 times faster than previous WiFi standards, promising better user experience and performance of bandwidth-consuming applications such as voice, video, and collaboration.
Moving towards a new Wi-Fi technology does not have to be too much of an undertaking. Of course, that's assuming great deal of planning and attention to detail in terms of defining the clear steps on how to get there. In this session we will discuss 802.11ac placement, Wi-Fi coverage and capacity planning for 802.11ac devices and how to take advantage of 802.11ac transmit beamforming.
The network can now learn, adapt, and evolve. Designed to be intuitive, the network can recognize intent, mitigate threats through segmentation and encryption, and learn and change over time. The new network helps your organization unlock opportunities, enhance security, be more agile, and operate more efficiently.
SDN Basics – What You Need to Know about Software-Defined NetworkingSDxCentral
SDNUniversity™ is our exclusive educational series on software-defined networking (SDN) and network functions virtualization (NFV) designed to help you develop practical, real-world knowledge and skills. Take advantage of this opportunity to learn SDN basics through a free, interactive online training session featuring experts from SDNCentral and Computerlinks.
This is a power point Presentation about wifi and the various standards of IEEE used for the transmission of data over the wireless network.
You must have encountered with term 802.11.a/b/g/n of your wireless network device.
This presentation will break the ice for your knowledge about those terms, their standards and how they get connected.
Let's Get Started.
Visit www.seminarlinks.blogspot.com to Download
WiMAX is a digital wireless data communication system that can deliver high-speed broadband services up to a large distance of 50KMs.The name WiMAX was created by WiMAX forum, the consortium promoting this standard. The term WiMAX is derived from the phrase Worldwide Interoperability for Microwave Access.
Here is the ppt related to wlan and its architecture, please go through to know better.Thank you. Hope you understand well! Please share your view on it .
The network can now learn, adapt, and evolve. Designed to be intuitive, the network can recognize intent, mitigate threats through segmentation and encryption, and learn and change over time. The new network helps your organization unlock opportunities, enhance security, be more agile, and operate more efficiently.
SDN Basics – What You Need to Know about Software-Defined NetworkingSDxCentral
SDNUniversity™ is our exclusive educational series on software-defined networking (SDN) and network functions virtualization (NFV) designed to help you develop practical, real-world knowledge and skills. Take advantage of this opportunity to learn SDN basics through a free, interactive online training session featuring experts from SDNCentral and Computerlinks.
This is a power point Presentation about wifi and the various standards of IEEE used for the transmission of data over the wireless network.
You must have encountered with term 802.11.a/b/g/n of your wireless network device.
This presentation will break the ice for your knowledge about those terms, their standards and how they get connected.
Let's Get Started.
Visit www.seminarlinks.blogspot.com to Download
WiMAX is a digital wireless data communication system that can deliver high-speed broadband services up to a large distance of 50KMs.The name WiMAX was created by WiMAX forum, the consortium promoting this standard. The term WiMAX is derived from the phrase Worldwide Interoperability for Microwave Access.
Here is the ppt related to wlan and its architecture, please go through to know better.Thank you. Hope you understand well! Please share your view on it .
Wireless LANs are used all around the world for communication at nearly the speed of light. Learn about WLANs, their components, and working. Also, learn about the architecture of networks and the principle behind WiFi
Immunizing Image Classifiers Against Localized Adversary Attacksgerogepatton
This paper addresses the vulnerability of deep learning models, particularly convolutional neural networks
(CNN)s, to adversarial attacks and presents a proactive training technique designed to counter them. We
introduce a novel volumization algorithm, which transforms 2D images into 3D volumetric representations.
When combined with 3D convolution and deep curriculum learning optimization (CLO), itsignificantly improves
the immunity of models against localized universal attacks by up to 40%. We evaluate our proposed approach
using contemporary CNN architectures and the modified Canadian Institute for Advanced Research (CIFAR-10
and CIFAR-100) and ImageNet Large Scale Visual Recognition Challenge (ILSVRC12) datasets, showcasing
accuracy improvements over previous techniques. The results indicate that the combination of the volumetric
input and curriculum learning holds significant promise for mitigating adversarial attacks without necessitating
adversary training.
Cosmetic shop management system project report.pdfKamal Acharya
Buying new cosmetic products is difficult. It can even be scary for those who have sensitive skin and are prone to skin trouble. The information needed to alleviate this problem is on the back of each product, but it's thought to interpret those ingredient lists unless you have a background in chemistry.
Instead of buying and hoping for the best, we can use data science to help us predict which products may be good fits for us. It includes various function programs to do the above mentioned tasks.
Data file handling has been effectively used in the program.
The automated cosmetic shop management system should deal with the automation of general workflow and administration process of the shop. The main processes of the system focus on customer's request where the system is able to search the most appropriate products and deliver it to the customers. It should help the employees to quickly identify the list of cosmetic product that have reached the minimum quantity and also keep a track of expired date for each cosmetic product. It should help the employees to find the rack number in which the product is placed.It is also Faster and more efficient way.
Hierarchical Digital Twin of a Naval Power SystemKerry Sado
A hierarchical digital twin of a Naval DC power system has been developed and experimentally verified. Similar to other state-of-the-art digital twins, this technology creates a digital replica of the physical system executed in real-time or faster, which can modify hardware controls. However, its advantage stems from distributing computational efforts by utilizing a hierarchical structure composed of lower-level digital twin blocks and a higher-level system digital twin. Each digital twin block is associated with a physical subsystem of the hardware and communicates with a singular system digital twin, which creates a system-level response. By extracting information from each level of the hierarchy, power system controls of the hardware were reconfigured autonomously. This hierarchical digital twin development offers several advantages over other digital twins, particularly in the field of naval power systems. The hierarchical structure allows for greater computational efficiency and scalability while the ability to autonomously reconfigure hardware controls offers increased flexibility and responsiveness. The hierarchical decomposition and models utilized were well aligned with the physical twin, as indicated by the maximum deviations between the developed digital twin hierarchy and the hardware.
Final project report on grocery store management system..pdfKamal Acharya
In today’s fast-changing business environment, it’s extremely important to be able to respond to client needs in the most effective and timely manner. If your customers wish to see your business online and have instant access to your products or services.
Online Grocery Store is an e-commerce website, which retails various grocery products. This project allows viewing various products available enables registered users to purchase desired products instantly using Paytm, UPI payment processor (Instant Pay) and also can place order by using Cash on Delivery (Pay Later) option. This project provides an easy access to Administrators and Managers to view orders placed using Pay Later and Instant Pay options.
In order to develop an e-commerce website, a number of Technologies must be studied and understood. These include multi-tiered architecture, server and client-side scripting techniques, implementation technologies, programming language (such as PHP, HTML, CSS, JavaScript) and MySQL relational databases. This is a project with the objective to develop a basic website where a consumer is provided with a shopping cart website and also to know about the technologies used to develop such a website.
This document will discuss each of the underlying technologies to create and implement an e- commerce website.
Explore the innovative world of trenchless pipe repair with our comprehensive guide, "The Benefits and Techniques of Trenchless Pipe Repair." This document delves into the modern methods of repairing underground pipes without the need for extensive excavation, highlighting the numerous advantages and the latest techniques used in the industry.
Learn about the cost savings, reduced environmental impact, and minimal disruption associated with trenchless technology. Discover detailed explanations of popular techniques such as pipe bursting, cured-in-place pipe (CIPP) lining, and directional drilling. Understand how these methods can be applied to various types of infrastructure, from residential plumbing to large-scale municipal systems.
Ideal for homeowners, contractors, engineers, and anyone interested in modern plumbing solutions, this guide provides valuable insights into why trenchless pipe repair is becoming the preferred choice for pipe rehabilitation. Stay informed about the latest advancements and best practices in the field.
Overview of the fundamental roles in Hydropower generation and the components involved in wider Electrical Engineering.
This paper presents the design and construction of hydroelectric dams from the hydrologist’s survey of the valley before construction, all aspects and involved disciplines, fluid dynamics, structural engineering, generation and mains frequency regulation to the very transmission of power through the network in the United Kingdom.
Author: Robbie Edward Sayers
Collaborators and co editors: Charlie Sims and Connor Healey.
(C) 2024 Robbie E. Sayers
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)MdTanvirMahtab2
This presentation is about the working procedure of Shahjalal Fertilizer Company Limited (SFCL). A Govt. owned Company of Bangladesh Chemical Industries Corporation under Ministry of Industries.
Student information management system project report ii.pdfKamal Acharya
Our project explains about the student management. This project mainly explains the various actions related to student details. This project shows some ease in adding, editing and deleting the student details. It also provides a less time consuming process for viewing, adding, editing and deleting the marks of the students.
Welcome to WIPAC Monthly the magazine brought to you by the LinkedIn Group Water Industry Process Automation & Control.
In this month's edition, along with this month's industry news to celebrate the 13 years since the group was created we have articles including
A case study of the used of Advanced Process Control at the Wastewater Treatment works at Lleida in Spain
A look back on an article on smart wastewater networks in order to see how the industry has measured up in the interim around the adoption of Digital Transformation in the Water Industry.
About
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
• Remote control: Parallel or serial interface.
• Compatible with MAFI CCR system.
• Compatible with IDM8000 CCR.
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
• Easy in configuration using DIP switches.
Technical Specifications
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
Key Features
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
• Remote control: Parallel or serial interface
• Compatible with MAFI CCR system
• Copatiable with IDM8000 CCR
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
Application
• Remote control: Parallel or serial interface.
• Compatible with MAFI CCR system.
• Compatible with IDM8000 CCR.
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
• Easy in configuration using DIP switches.
2. COURSE OUTCOME
Students shall be able to explain design considerations for
deploying wireless network infrastructure.
3. OUTLINE
This module describes wireless network design principles and includes the
following sections:
■ Introduction to Wireless Technology
■ The Cisco Unified Wireless Network
■ Designing Wireless Networks with Lightweight Access Points and Wireless
LAN Controllers
The goal of this module is to introduce the Cisco Unified Wireless Network
(UWN) architecture
and to discuss wireless design principles.
The module starts with an introduction to wireless technologies. Then the
Cisco UWN is described. The chapter concludes with an exploration of
4. INTRODUCTION TO WIRELESS
TECHNOLOGY
A wireless communication system uses radio frequency (RF) energy to transmit data
from one
point to another, through the air; the term signal is used to refer to this RF energy.
The data to
be transmitted is first modulated onto a carrier and then sent; receivers demodulate
the signal
and process the data.
There are many different types of wireless network technologies, each providing a
defined
coverage area
5. INTRODUCTION TO WIRELESS
TECHNOLOGY
■ Personal-area network (PAN): A PAN typically covers a person’s personal
workspace.
■ Local-area network: Wireless LANs (WLAN) are designed to be enterprise-
based
networks that allow the use of complete suites of enterprise applications,
without wires.
■ Metropolitan-area network (MAN): Wireless MANs are deployed inside a
metropolitan
area, allowing wireless connectivity throughout an urban area.
■ Wide-area network: Wireless WANs are typically slower but offer more
coverage, such as
across rural areas.
6.
7. WLAN TOPOLOGIES
Cisco wireless products support the following three topologies:
■ Wireless client access: For mobile user connectivity
■ Wireless bridging: To interconnect LANs that are physically
separated—for example, in different buildings
■ Wireless mesh networking: To provide both client access and a
dynamic, redundant connection between buildings
8. WLAN COMPONENTS
Client devices use wireless NICs or adapters to connect to a wireless
network in either ad hoc (peer-to-peer) mode or infrastructure mode
using APs. Cisco APs can be either autonomous or lightweight.
9. CISCO-COMPATIBLE WLAN
CLIENTS
The Cisco Compatible Extensions (CCX) program for WLAN client devices
allows vendors of
WLAN client devices or adapters to ensure interoperability with the Cisco
WLAN infrastructure
and take advantage of Cisco innovations.
Wireless client products are submitted to an independent lab for rigorous
testing; passing this testing process allows the devices to be marketed as
Cisco Compatible client devices.
There are four versions of the Cisco Compatible specification, versions 1
through 4.
Each version builds on its predecessors; with a few exceptions, every
feature that must
10. AUTONOMOUS APS
An autonomous AP has a local configuration and requires local management,
which might make consistent configurations difficult and add to the cost of
network management.
Cisco’s core WLAN feature set includes autonomous APs and the CiscoWorks
Wireless
LAN Solutions Engine (WLSE) management appliance.
CiscoWorks WLSE is a turnkey and scalable management platform for
managing hundreds to
thousands of Cisco Aironet autonomous APs and wireless bridges.
Autonomous APs may also be configured with CiscoWorks WLSE Express, a
complete WLAN management solution with an integrated authentication,
authorization, and accounting (AAA) server for small to medium-sized
enterprise facilities or branch offices using Cisco Aironet autonomous APs
11. LIGHTWEIGHT APS
A lightweight AP receives control and configuration from a WLAN
controller (WLC) to
which it is associated. This provides a single point of management and
reduces the security
concern of a stolen AP.
The WLCs and lightweight APs communicate over any Layer 2 (Ethernet) or
Layer 3 (IP)
infrastructure using the Lightweight AP Protocol (LWAPP) to support
automation of numerous
WLAN configuration and management functions. WLCs are responsible for
centralized
System wide WLAN management functions, such as security policies,
intrusion prevention, RF
management, quality of service (QoS), and mobility.
The Cisco advanced WLAN feature set includes lightweight APs, WLCs, and
the Wireless
12. AP POWER
One issue for WLANs is that power might not be available where APs
need to be located. Two solutions to this issue are Power over
Ethernet (PoE) and power injectors. PoE, or inline power, provides
operating current to a device, such as an AP, from an Ethernet port,
over the Category 5 cable.
A midspan power injector is a standalone unit that adds PoE
capability to existing networking equipment. The power injector is
inserted into the LAN between the Ethernet switch and the device
requiring power, such as an AP.
13. WLAN OPERATION
The coverage area of an AP is called the Basic Service Set (BSS); other names
for the BSS are microcell and cell. The identifier of the BSS is called the BSS
identifier (BSSID).
If a single cell does not provide enough coverage, any number of cells can be
added to extend the range to an extended service area (ESA). It is
recommended that the ESA cells have 10 to 15 percent overlap to allow
remote users to roam without losing RF connections. If VoIP is implemented
in the wireless network, it is recommended that the ESA cells have a 15 to 20
percent overlap.
The bordering cells should be set to different non overlapping channels for
best performance.
A Service Set Identifier (SSID) is an identifier or name of a WLAN.
An SSID on an AP and on an associated client must match exactly. APs
broadcast their SSIDs in
a beacon, announcing their available services; clients associate with a
specific SSID or learn the available SSIDs from the beacon and choose one
with which to associate.
14. WLAN OPERATION
APs can be configured not to broadcast a particular SSID, but the SSID
is still sent in the header of all the packets sent and thus is
discoverable by wireless survey tools. Therefore, configuring the AP
not to broadcast an SSID is not considered a strong security
mechanism by itself. This feature should be combined with some of
the stronger mechanisms.
Roaming occurs when a wireless client moves from being associated
to one AP to another AP—from one cell to another cell—within the
same SSID.
15. WLAN SECURITY
WLAN security includes the following:
■ Authentication: Ensures that only legitimate clients access the network via
trusted APs.
■ Encryption: Ensures the confidentiality of transmitted data.
■ Intrusion detection and intrusion protection: Monitors, detects, and
mitigates unauthorized access and attacks against the network.
Initially, basic 802.11 WLAN security was provided via Wired Equivalent Privacy
(WEP)
authentication and encryption, using static keys. With static WEP, the
encryption keys must match
on both the client and the access point. Unfortunately, the keys are relatively
easy to compromise,
16. THE CISCO UNIFIED WIRELESS
NETWORK
In a traditional WLAN, each AP operates as a separate autonomous node
configured with SSID, RF channel, RF power settings, and so forth. Scaling to
large contiguous, coordinated WLANs and adding higher-level applications is
challenging with these autonomous APs. For example, if an autonomous AP
hears a nearby AP operating on the same channel, the autonomous AP has no
way of determining whether the adjacent AP is part of the same network or a
neighboring network.
Some form of centralized coordination is needed to allow multiple APs to
operate across rooms and floors.
17. THE CISCO UWN ARCHITECTURE
The Cisco UWN architectural elements allow a WLAN to operate as an
intelligent information network and to support advanced mobility
services. Beginning with a base of client devices, each element
provides additional capabilities needed as networks evolve and grow,
interconnecting with the elements above and below it to create a
unified, secure, end-to-end enterprise-class WLAN solution.
18. CISCO UWN ELEMENTS
The five interconnected elements of the Cisco UWN architecture are as follows:
Client devices: With more than 90 percent of shipping client devices certified
as Cisco Compatible under the CCX program, almost any client device that is
selected will support the Cisco UWN advanced features.
Lightweight APs: Dynamically configured APs provide ubiquitous network
access in all environments. Enhanced productivity is supported through plug-
and-play with the LWAPP used between the APs and the Cisco WLCs. Cisco APs
are a proven platform with a large installed base and market share leadership.
All Cisco lightweight APs support mobility services, such as fast secure
roaming for voice, and location services for real-time network visibility.
Network unification: Integration of wired and wireless networks is critical for
unified
network control, scalability, security, and reliability. Seamless functionality is
provided
through wireless integration into all major switching and routing platforms.
19. CISCO UWN ELEMENTS
Network management: The same level of security, scalability, reliability, ease
of deployment, and management for WLANs as wired LANs is provided
through network management systems such as the Cisco WCS, which helps
visualize and secure the airspace. The Cisco wireless location appliance
provides location services.
Mobility services: Unified mobility services include advanced security threat
detection and
mitigation, voice services, location services, and guest access.
Benefits of the Cisco UWN architecture include ease of deployment and
upgrades, reliable
connectivity through dynamic RF management, optimized per-user
performance through user
load balancing, guest networking, Layer 2 and 3 roaming, embedded wireless
IDS, location
services, voice over IP support, lowered total cost of ownership, and wired and
20. CISCO UWN LIGHTWEIGHT AP AND
WLC OPERATION
An autonomous AP acts as an 802.1Q translational bridge and is
responsible for putting the wireless client RF traffic into the
appropriate local VLAN on the wired network
Wi-Fi Alliance–interoperable implementation of 802.11i with AES is
called WPA2.
21. CISCO UWN LIGHTWEIGHT AP AND
WLC OPERATION
The Cisco UWN architecture centralizes WLAN configuration and control on
a WLC; the APs are lightweight, meaning that they cannot act independently
of a WLC.
The lightweight APs and WLCs communicate using LWAPP, and the WLCs are
responsible for putting the wireless client traffic into the appropriate VLAN.
22. CISCO UWN LIGHTWEIGHT AP AND WLC
OPERATION
It is a recommended enterprise practice that the connection between client
device and APs be both authenticated and encrypted.
When a WLAN client sends a packet as an RF signal, it is received by a
lightweight AP, decrypted if necessary, encapsulated with an LWAPP
(Lightweight AP Protocol) header, and forwarded to the WLC (WLAN
controller).
From the perspective of the AP, the controller is an LWAPP(Lightweight AP
Protocol) tunnel endpoint with an IP address.
At the controller, the LWAPP header is stripped off, and the frame is
switched from the controller onto the appropriate VLAN in the campus
infrastructure.
In the Cisco UWN architecture, the WLC(WLAN controller) is an 802.1Q
bridge that takes client traffic from the LWAPP tunnel (from the lightweight
AP) and puts it on the appropriate VLAN in the wired network.
24. CISCO UWN LIGHTWEIGHT AP AND
WLC OPERATION
When a client on the wired network sends a packet to a WLAN client, the
packet first goes into the WLC, which encapsulates it with an LWAPP header
and forwards it to the appropriate AP.
The AP strips off the LWAPP header, encrypts the frame if necessary, and
then bridges the frame onto the RF medium.
Most of the traditional WLAN functionality has moved from autonomous
APs to a centralized WLC under the Cisco UWN architecture. LWAPP splits
the MAC functions of an AP between the WLC and the lightweight AP.
The lightweight APs handle only real-time MAC functionality, leaving the
WLC to process all the non-real-time MAC functionality. This split- MAC
functionality allows the APs to be deployed in a zero-touch fashion such
that individual configuration of APs is not required.
Cisco WLCs always connect to 802.1Q trunks on a switch or a router,
Cisco lightweight APs do not understand VLAN tagging and so should be
connected only to untagged access ports on a neighbor switch. Table 9-3
summarizes the lightweight AP and WLC MAC functions within the Cisco
UWN.
25. DESIGNING WIRELESS NETWORKS WITH
LIGHTWEIGHT ACCESS POINTS
AND WIRELESS LAN CONTROLLERS
This section discusses design considerations for using lightweight APs and
WLCs in various
scenarios. RF site surveys and their importance in the design process are
introduced first.
Controller redundancy design is described, followed by considerations for
WLAN design for guest services, outdoor wireless networks, campus wireless
networks, and branch wireless networks.
26. RF SITE SURVEY PROCESS
Typical steps in an RF site survey process include the following:
Step 1 Define customer requirements: This includes the number and type of wireless devices to
support, the sites where such devices will be located, and the service levels expected. Peak
requirements, such as support for
conference rooms, should also be identified. APs should be placed to support the locations
and numbers of WLAN clients.
Step 2 Identify coverage areas and user density: Obtain a facility diagram, and visually inspect
the facility to identify the potential RF obstacles. Identify areas that might have a large number
of users, such as conference rooms,
and the areas that are not used as heavily, such as stairwells.
Step 3 Determine preliminary AP locations: AP location information includes the availability of
power, wired network access, cell coverage and overlap, channel selection, and mounting
locations and antenna type.
Step 4 Perform the actual survey: The actual survey verifies the AP locations. Be sure to use the
same AP model for the survey that is in use or will be used in the network. During the survey,
relocate APs as needed, and retest.
Step 5 Document the findings: Record the locations and log signal readings and data rates at
the outer boundaries of the WLAN.
27. PERFORM THE ACTUAL SURVEY
The next step in the process is to conduct the actual survey to determine the
coverage based on the planned AP locations. The process to determine the coverage
characteristics of an enterprise office site includes the following:
1. Measure the radius of the coverage area for a given data rate.
2. Move from the corner to the edge of the coverage area, and measure the data
rate.
3. Determine the coverage range behind stairwells, offices, supply rooms, cubicles,
and so on.
4. With as many APs as available, build the planned wireless coverage.
5. Establish non overlapping channels as often as possible to reduce contention.
6. Repeat this process until all the required coverage areas are set up.
28. PERFORM THE ACTUAL SURVEY
A tool, such as AirMagnet Survey PRO, can be used to perform a
manual site survey; results include the following:
■ Signal strength
■ Noise level
■ Signal-to-noise ratio
■ Channel interference
■ Data rate
■ Retry rate
■ Loss rate
29. DOCUMENT THE FINDINGS
After completing the site survey, the final step in the process is to document the
findings. A proper
site survey report provides detailed information that includes customer
requirements, AP
coverage, interference sources, equipment placement, power considerations, and
wiring
requirements. The site survey documentation serves as a guide for the wireless
network design,
and for the installation and verification of the wireless communication
infrastructure. The site
survey report should also contain a list of the parts that will be needed, including
the following:
■ The total number of APs, and a recommendation that a spare be kept on hand
in case of
30. DOCUMENT THE FINDINGS
The site survey report should include diagrams showing the facility, AP locations
and coverage,
and proposed cable runs. Covered areas, as well as those not needing coverage,
should be
indicated. Whenever possible, include photographs of the planned AP location or
proposed
antenna installation to make it very clear how and where the equipment should be
installed. The
tools and methods used for the site survey should be described.
If wireless voice support is required, the site survey methodology needs to be
enhanced to plan for
voice coverage and capacity. For example, wireless data is less susceptible to
disruption than
wireless voice when it comes to cell overlap, RF noise, and packet delay. Therefore,
32. DYNAMIC CONTROLLER
REDUNDANCY
The LWAPP protocol supports dynamic controller load balancing and
redundancy. In the controller LWAPP Discovery Response, the WLC
embeds information about its current AP load (defined as the number
of APs joined to it at the time), its AP capacity, and the number of
wireless clients connected to the controller.
With dynamic load balancing, an AP attempts to join the least-
loaded controller, defined as the controller with the greatest available
AP capacity. Dynamic load balancing works best when the controllers
are clustered in a centralized design.
33. DYNAMIC CONTROLLER
REDUNDANCY
This dynamic load balancing can also be the basis for a dynamic controller
redundancy scheme.
Recall that when an AP misses a heartbeat acknowledgment from a WLC, the AP
resends the
heartbeat messages up to five times at 1-second intervals. If no acknowledgment is
received after
five retries, the AP declares the controller unreachable, releases and renews its IP
address, and
looks for a new controller.
The advantages of dynamic controller redundancy are that it is easy to deploy and
configure, and that APs dynamically load-balance across WLCs.
Disadvantages include the following:
■ More inter controller roaming
■ More operational challenges because of the unpredictability of traffic patterns
34. DYNAMIC CONTROLLER
REDUNDANCY
With dynamic load balancing, the APs can join controllers in no particular
order or sequence, which might be acceptable if there are not many roaming
clients. But, if many clients are roaming, many inter controller roaming events
can have a potential impact on aggregate network performance.
Traffic patterns from wireless clients are unpredictable, making it difficult to
implement stateful security mechanisms in the infrastructure and take
advantage of some other security features in Cisco switches. For example, if
the APs are enabled sequentially with dynamic redundancy, the network can
develop a “salt and pepper” AP design, where adjacent APs are joined to
different controllers, as shown in Figure. Every odd-numbered AP is joined to
WLC1, and every even numbered AP is joined to WLC2.
In theory, this design provides for dynamic traffic load-balancing across
WLCs and coverage redundancy in the event of a WLC failure.
In actual practice, this type of design can result in a large number of inter
controller roaming events and therefore generally is not widely recommended
or deployed.
35. DETERMINISTIC CONTROLLER
REDUNDANCY
Figure shows three APs configured with primary, secondary, and tertiary
WLCs. If WLC-B fails, its attached AP connects to WLC-C. If WLC-A fails while
WLC-B is down, its APs connect to WLC-C.
36. DETERMINISTIC CONTROLLER
REDUNDANCY
With deterministic controller redundancy, the network administrator statically
configures a primary, a secondary, and, optionally, a tertiary controller.
Advantages of using deterministic controller redundancy include the
following:
■ Predictability (easier operational management)
■ Higher network stability
■ More flexible and powerful redundancy design options
■ Faster failover times
■ Fallback option in the case of failover
When an AP determines, from missed heartbeat acknowledgments, that its
primary controller is unreachable, it attempts to join the secondary controller.
If the AP fails to join the secondary controller, it attempts to join the tertiary
controller. If the primary, secondary, and tertiary controllers are not available,
the AP resorts to the dynamic LWAPP algorithms to connect to the least-
loaded available controller.
37. DETERMINISTIC CONTROLLER
REDUNDANCY
With this process, the network administrator can deterministically predict the
results of an AP reassociation, resulting in easier operational management of the
WLAN.
The network can be designed for WLC infrastructure redundancy, and extra
capacity on the secondary and tertiary controllers can be provisioned to be available
in the event of catastrophic WLC failures.
WLCs have a configurable parameter for AP fallback. When the WLC AP fallback
option is
enabled, APs return to their primary controllers when the primary controller comes
back online
after a failover event. This feature is enabled by default, and some administrators
choose to leave
the AP fallback default value in place.
But, when an AP falls back to its primary controller, there is a brief window of time,
usually approximately 30 seconds, during which service to wireless clients is
interrupted because the APs are rejoining the primary WLC.
A disadvantage of deterministic controller redundancy is that it requires more
upfront planning
and configuration. The configuration of primary, secondary, and tertiary WLCs can
38. CASE STUDY- HOSPITAL UWN
CONSIDERATIONS
In this case study you develop a high-level UWN design for the hospital
network. A site
survey is required to determine RF propagation characteristics, select AP
locations
and antennas, look for interference (possibly a major factor in hospitals),
and so forth.
Hospitals also might have areas where radio signals would interfere with
critical equipment; such areas must be protected from wireless AP signals.
No sources of interference or RF prohibitions were discovered.
For this design, assume that the wireless devices can be supported by the
existing Ethernet ports. Notice that wireless coverage in the cafeteria on
floor 1 of Main Building 1 has been added. The required ports in the remote
clinics have also been added.
40. CASE STUDY- HOSPITAL UWN
CONSIDERATIONS
Complete the following steps:
Step 1 Determine where to place controllers, how many of them to use, and
which models to use. How will LWAPP WLC discovery be done? Justify your
choices.
Step 2 The hospital wants to separate wireless traffic based on its three
staff organizations: Financial, Medical, and Support. The intent is to
enforce compliance with the U.S. Health Insurance Portability and
Accountability Act (HIPAA) by allowing staff to authenticate to only the
appropriate SSID based on the type of access they need. How does this
affect your wireless design? What could you do to enforce the HIPAA access
restrictions?
Step 3 What IP addressing scheme will you use to support the WLANs? How
will you modify or extend the IP addressing scheme to the various wireless
groups?
Step 4 What will your mobility group(s) be?
Step 5 How will wireless for the remote clinics be handled?