Академический Документы
Профессиональный Документы
Культура Документы
BRKAGG-2010
Presentation_ID
Cisco Public
Presentation_ID
Cisco Public
Mobility
QoSand Multicast
Design and deployment guidelines for the Cisco Unified WLAN Architecture
Campus Branch office
BRKAGG-2010 Presentation_ID
Cisco Public
BRKAGG-2010 Presentation_ID
Cisco Public
Session Agenda
Understanding the Cisco Unified Wireless Architecture
Lightweight Access Point Protocol Understanding Mobility Understanding Qos and Multicast
BRKAGG-2010 Presentation_ID
Cisco Public
Integrated and Unified Security (AAA, NAC, SDN, IDS/IPS, etc) Exploding Number of Wi-Fi Clients (Laptops, DualMode PCS Phones, Video PDAs) Higher-Capacity, Higher-Density WLANs (Pico Cells) Unified Wired+Wireless Support for Applications (Voice/Video, Location Services, AAA) Extending Networking Outdoors (Mesh, Outdoor AP, Etc.) Enterprise Scale and Reliability
2000 - Present
BRKAGG-2010 Presentation_ID 2008 Cisco Systems, Inc. All rights reserved.
2003 - Present
Cisco Public
2005 - Future
7
Cisco Public
LWAPP Overview
BRKAGG-2010 Presentation_ID
Cisco Public
Section Agenda
However beautiful the strategy, you should occasionally look at the results. Winston Churchill
Quick Facts
LWAPP Join Wireless LAN Controller Basics Centralized vs Local Switching Mobility Location
WCS Fundamentals
Data Delivery
Unicast/Multicast TCP/UDP
BRKAGG-2010 Presentation_ID
Cisco Public
10
Quick Facts
WLC IPv4/IPv6 Multicast/QoS More 5000 Clients 512VLAN Support WCS Windows 2003/Linux 3000 Access-Points 40,000 Events Location RSSI and TDOA Methods 10,000 devices Open API Multi-Vendor RFID support WCS Navigator 20 WCS Managers 30,000 Access-Points
BRKAGG-2010 Presentation_ID
Cisco Public
11
Section Agenda
Controller-based Architecture Overview Lightweight Access Point Protocol (LWAPP)
Protocol Overview LWAPP AP Discovery and Join Process LWAPP Operations
Cisco Public
12
BRKAGG-2010 Presentation_ID
Cisco Public
13
Hybrid REAP
Data VLAN
LWAPP
Tunnel
Management VLAN
Locally Switched
BRKAGG-2010 Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Public
Centrally Switched
14
Section Agenda
Controller-based Architecture Overview Lightweight Access Point Protocol (LWAPP)
Protocol Overview LWAPP AP Discovery and Join Process LWAPP Operations
Cisco Public
15
Mobility Defined
Mobility is the killer app for WLANs Mobilityend-user device is portable but still capable of being connected to networked resources Roaming occurs when a wireless client moves association from one AP and re-associates to another Mobility/roaming presents new challenges:
Architecture must scale to support client roaming Client roaming must be fast and preserve security, QoS, etc.
BRKAGG-2010 Presentation_ID
Cisco Public
16
Non-real time 802.11 handled at controllerincluding association/re-association Controller is the 802.1x authenticator Controller centrally stores client QoS, security context
Control Messages
Data Encapsulation
802.11 data frames are encrypted/decrypted at the RF interface Action frames are management frames as defined by 802.11
BRKAGG-2010 Presentation_ID
Cisco Public
17
BRKAGG-2010 Presentation_ID
Cisco Public
18
BRKAGG-2010 Presentation_ID
Cisco Public
19
Intra-Controller Roaming
Intra-controller roam happens when an AP moves association between APs joined to the same controller Client must be reauthenticated and new security session established Controller updates client database entry with new AP and appropriate security context No IP address refresh needed
BRKAGG-2010 Presentation_ID
Cisco Public
20
Layer-2 RoamingInter-Controller
L2 inter-controller roam happens when an AP moves association between APs joined to the different controllers but client traffic bridged onto the same subnet
BRKAGG-2010 Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Public
Client must be re-authenticated and new security session established Client database entry moved to new controller No IP address refresh needed
21
Layer-3 RoamingInter-Controller
Client must be re-authenticated and new security session established Client database entry copied to new controller Original controller tagged as the anchor New controller tagged as the foreign No IP address refresh needed Asymmetric traffic path established
L3 inter-controller roam happens when an AP moves association between APs joined to the different controllers but client traffic bridged onto different subnet
BRKAGG-2010 Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Public
22
Foreign controllers will send Layer 3 roaming clients packet back to its anchor controller through EtherIP tunneling Source IP address of the packet will be the foreign controllers management IP address Upstream routers that have Reverse Path Forwarding (RPF) will forward on packets Configurable option in software release 4.1
BRKAGG-2010 Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Public
23
Roaming Requirements
Roaming must be fast Latency can be introduced by:
Client channel scanning and AP selection algorithms Re-authentication of client device and re-keying Refreshing of IP address
802.1x, 802.11i, WPA/WPAv2 enterprise Client must be reauthenticated and new session key derived for encryption
BRKAGG-2010 Presentation_ID
Cisco Public
24
BRKAGG-2010 Presentation_ID
Cisco Public
25
26
Section Agenda
Controller-based Architecture Overview Lightweight Access Point Protocol (LWAPP)
Protocol Overview LWAPP AP Discovery and Join Process LWAPP Operations
Cisco Public
27
QoS Overview
Ensures packets receive the proper QoS handling end-to-end Makes sure packet will maintain QoS information as it traverses network
Policing of 802.11e UP / 802.1p and IP DSCP values ensures endpoints conform to network QoS policies
Uses Ciscos AVVID packet marking mappings and IEEE mappings as appropriate Supported on Cisco 2000, 4100, and 4400 series WLAN controllers; wireless services module (WiSM); wireless LAN controller module
Supported on Cisco Aironet 1000, 1130, 1200, 1230, 1240, and 1500 series lightweight access points
Support for Cisco 7920/7921,Spectalink phones
BRKAGG-2010 Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Public
28
QoS Description
Support for layer 3 IP differentiated services code point (DSCP) marking of packets WLAN data is tunneled between AP and WLAN controller via LWAPP To maintain the original QoS classification across this tunnel, the QoS settings of the encapsulated data packet must be appropriately mapped to the Layer 2 (802.1p) and Layer 3 (IP DSCP) fields of the outer tunnel packet.
802.1p UP Outer
IP DSCP Outer
LWAPP encapsulated
Incoming 802.1p UP
IP DSCP Inner.
BRKAGG-2010 Presentation_ID
Cisco Public
29
LWAPP QoS
LWAPP Encapsulated 802.11e DSCP Payload 802.1p DSCP DSCP Payload 802.1p DSCP Payload
LWAPP Tunnels
Si
WLC Ethernet Switch
AP
3
LWAPP Encapsulated 802.11e DSCP Payload DSCP
4
802.1p DSCP Payload DSCP Payload
Ensures that packets receive the proper QoS handling from end to end Policing of 802.11e UP / 802.1p and IP DSCP values ensures that wireless endpoints conform to network QoS policies
BRKAGG-2010 Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Public
30
Per-user data bandwidth contract configurable peak and average data rate enforced in the Network Processing Unit (NPU) for non-UDP traffic
Per-user real-time bandwidth contract configurable peak and average data rate enforced in the NPU for UDP traffic
BRKAGG-2010 Presentation_ID
Cisco Public
31
Maximum RF usage per AP (%) defined maximum percentage of air bandwidth given to a user level Queue depth defined depth of queue for a particular user level that will cause packets in excess of the defined value to be dropped
BRKAGG-2010 Presentation_ID
Cisco Public
32
802.1p tag is applied to wired side to allow proper precedence to be applied to traffic across entire network infrastructure
BRKAGG-2010 Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Public
33
WMM Options
BRKAGG-2010 Presentation_ID
Cisco Public
34
BRKAGG-2010 Presentation_ID
Cisco Public
35
(Cisco Controller) >show wlan 2 WLAN Identifier.................................. 2 Network Name (SSID).............................. WLAN2 Status........................................... Enabled . . . Quality of Service............................... Platinum (voice) WMM.............................................. Required 802.11e.......................................... Disabled Dot11-Phone Mode (7920).......................... ap-cac-limit Wired Protocol................................... None IPv6 Support..................................... Disabled Radio Policy..................................... 802.11B and 802.1G only Security 802.11 Authentication:........................ Open System Static WEP Keys............................... enabled Key Index:...................................... 1 Encryption:..................................... 104-bit WEP
BRKAGG-2010 Presentation_ID
Cisco Public
36
Section Agenda
Controller-based Architecture Overview Lightweight Access Point Protocol (LWAPP)
Protocol Overview LWAPP AP Discovery and Join Process LWAPP Operations
Cisco Public
37
LWAPP Tunnels
Multicast Mechanism
Improved multicast performance over wireless networks Multicast packet replication occurs only at points in the network where it is required, saving wired network bandwidth
BRKAGG-2010 Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Public
38
BRKAGG-2010 Presentation_ID
Cisco Public
39
IGMP join
Client Sends an IGMP Join which travels through the access-point to the Wireless LAN Controller (WLC). The WLC then forwards the IGMP join through the upstream switch to the PIM enabled router
IGMP
IGMP leave
With a client who gracefully leaves the multicast group. The client will send an IGMP leave through the accesspoint to the WLC. The WLC will forward this IGMP leave through the upstream switch to the PIM enabled router. The PIM enabled router will then send a group specific query for other interested clients before pruning group from subnet.
IGMP
BRKAGG-2010 Presentation_ID
Cisco Public
40
Multicast source
If the client is the source of a multicast group, the traffic will flood across all access-points on the same controller. The multicast traffic will also be forwarded upstream through the connected switch to the PIM enabled Router. The PIM enabled router will do an RPF check before processing the packet further.
BRKAGG-2010 Presentation_ID
Cisco Public
41
IGMP snooping
Switch CAM entry is created for specific multicast group toward controller 1
IGMP
General IGMP Query Sent From the WLC to the Client, Allowing Traffic to Flow
Multicast
BRKAGG-2010 Presentation_ID
Cisco Public
42
IGMP join/leave
Mcast Traffic
Both the initial join and leave (if a graceful leave happens) will be processed the same as any other join or leave. Once a client has roamed, neither the infrastructure nor the client are required to send a new join to verify traffic follows?? No Audio
Multicast source
Client that is the Source of the multicast group the upstream router will drop the packet as the source address was received on the wrong interface.
??
BRKAGG-2010 Presentation_ID
Cisco Public
43
Section Agenda
Controller-based Architecture Overview Lightweight Access Point Protocol (LWAPP)
Protocol Overview LWAPP AP Discovery and Join Process LWAPP Operations
Cisco Public
44
WLC
Cisco Unified Wireless LAN controllers aggregrate WLAN client traffic and control the Wireless network
APs
Lightweight access points are used in all unified wireless architectures and provides client wireless access, and tunneling to the WLC.
WCS
Cisco Wireless Control System provides centralized management, RF planning and visualization tools, and location services
BRKAGG-2010 Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Public
45
Client Devices
Client Devices
Features
Benefits
Accelerates innovation Supports diverse enterprise applications Ensures multi-vendor interoperability Enables simplified deployment of mobile WLAN clients
http://www.cisco.com/go/ciscocompatible/wireless
BRKAGG-2010 Presentation_ID
Cisco Public
46
Key Features:
802.1X authentication for wired and wireless devices Windows XP/2000 support
Features
Unified wired and wireless client Support for industry standards
Endpoint integrity
Single sign-on capable Enabling of group policies Administrative control
EAP:
EAP-FAST, EAP-MD5, PEAPMSCHAP, PEAP-GTC, EAPTLS, EAP-TTLS, Cisco LEAP
Encryption:
WEP, Dynamic WEP, TKIP, AES
Benefits
Reduces client software Simple, secure device connectivity Minimizes chances of network compromise from infected devices Reduces complexity Restricts unauthorized network access
SSC
Standards:
WPA and WPA2
Centralized provisioning
47
BRKAGG-2010 Presentation_ID
Cisco Public
1130AG
1121BG
Industrys best range and throughput Enterprise class security Many configuration options Simultaneous air monitoring and traffic delivery Wide area networking for outdoor areas
Benefits
1240AG 1250AGN 1230AG
Zero touch management No dedicated air monitors Supports all deployment scenarios (indoor and outdoor) From secure coverage to advanced services
1500
BRKAGG-2010 Presentation_ID
1400
1300
Cisco Public
48
Intelligent Access
Ease of Deployment
Distribution
Network Core
Lower TCO
Scalability
High Availability
Flexibility
Investment Protection
Branch Office
Remote Office
BRKAGG-2010 Presentation_ID
Cisco Public
49
H-REAP
>=2-6 APs
>=12 APs
>=25 APs
>=50 APs
>=100 APs
<300 APs
Deployment Size
BRKAGG-2010 Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Public
50
Features
Client troubleshooting (via CCX) Planning, configuration, monitoring, location, IDS/IPS, and troubleshooting Hierarchical maps Intuitive GUI and templates Policy based networking (QoS, security, RRM, etc.)
Benefits
Lower OPEX and CAPEX Better visibility and control of the air space Consolidate functionality into a single management system Determines location and voice readiness
BRKAGG-2010 Presentation_ID
Cisco Public
51
In working group balloting, sponsor ballot mid 2008, approval mid 2009* Draft-11n certification launched by WiFi Alliance (WFA) in June of 2008
Cisco is in the WFA Draft-11n test bed
BRKAGG-2010 Presentation_ID
Cisco Public
52
BRKAGG-2010 Presentation_ID
Cisco Public
53
Section Agenda
Connecting Controllers and APs to Networks Controller Redundancy and AP Load Balancing Campus WLAN Controller Designs Branch Office WLAN Controller Designs Migrating from Autonomous APs to the Controllerbased Architecture
BRKAGG-2010 Presentation_ID
Cisco Public
54
LWAPP
Tunnel
Management VLAN
Voice VLAN
WLAN controller
For wireless end-user devices, the controller is a 802.1Q bridge that takes traffic of the air and puts it on a VLAN From the perspective of the AP, the controller is an LWAPP tunnel end-point with an IP address From the perspective of the network, its a layer-2 device connected via one or more 802.1Q trunk interfaces
Cisco Public
55
PortPhysical connection to a neighbor switch/router InterfaceLogical connection mapping to a VLAN on the neighbor switch/router
Management interface AP Manager interface(s) Dynamic interface(s) Virtual interface Service interface
WLANEntity that maps an SSID to an interface at the controller, along with security, QoS, radio policies, and other wireless networking parameters
BRKAGG-2010 Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Public
56
Service Port
Management Port
AP Manager Port
Virtual Gateway
57
BRKAGG-2010 Presentation_ID
Cisco Public
58
LAG is the only option for WiSM, Cisco 3750G integrated WLAN controller switch
440x-based controller allows 48 APs per port in the absence of LAG Use multiple AP Manager interfaces to support more than 48 APs on the WLC without LAGLWAPP algorithm will load balance APs across the AP managers
LAG allows use of 1 AP Manager interface by loadbalancing traffic across an EtherChannel interface
BRKAGG-2010 Presentation_ID
Cisco Public
59
BRKAGG-2010 Presentation_ID
Cisco Public
60
BRKAGG-2010 Presentation_ID
Cisco Public
61
BRKAGG-2010 Presentation_ID
Cisco Public
62
LAG is a must for Cisco WiSM, so make sure you create two separate port-channels
LED
BRKAGG-2010 Presentation_ID
Cisco Public
63
Section Agenda
Connecting Controllers and APs to Networks Controller Redundancy and AP Load Balancing Design Considerations Migration from Autonomous APs to the Controllerbased Architecture
BRKAGG-2010 Presentation_ID
Cisco Public
64
2. 3.
#1 and #3 allow for two approaches to controller redundancy and AP load balancingdynamic and deterministic
BRKAGG-2010 Presentation_ID
Cisco Public
65
Dynamic Redundancy
Rely on LWAPP to load-balance APs across controllers and populate APs with backup controllers Results in dynamic salt-andpepper design Design works better when controllers are clustered in a centralized design Pros:
Easy to deploy and configure less upfront work APs dynamically load-balance (though never perfectly)
Cons:
More inter-controller roaming Bigger operational challenges due to unpredictability Longer failover times No Fallback option in the event of controller failure
Ciscos general recommendation is:Only for Layer 2 Roaming Use deterministic redundancy instead of dynamic redundancy
BRKAGG-2010 Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Public
66
Deterministic Redundancy
Administrator statically assigns APs a primary, secondary, and/or tertiary controller
Assigned from controller interface (per AP) or WCS (template-based)
Pro
PredictabilityEasier operational management More network stability More flexible and powerful redundancy design options Faster failover times Fallback option in the case of failover
Con
More upfront planning and configuration
BRKAGG-2010 Presentation_ID
Cisco Public
67
BRKAGG-2010 Presentation_ID
Cisco Public
68
Section Agenda
Connecting Controllers and APs to Networks Controller Redundancy and AP Load Balancing Design Considerations Migration from Autonomous APs to the Controllerbased Architecture
BRKAGG-2010 Presentation_ID
Cisco Public
69
BRKAGG-2010 Presentation_ID
Cisco Public
70
Design Verticals
Each site is unique Healthcare Requirements
Highest use of Multicast Critical Data over Voice
Retail
Mixture of Carpet and Warehouse plus PCI Requirements
Enterprise
Voice is the critical application
Manufacturing
Worst Radio Environment
71
440x
Appliance
Integrated controller
Routed network can exist on the same platform Layer 2 connection is internal
WiSM
Cisco Public
72
WiSM(s) or 440x WLAN controller(s) connected at distribution layer Controller redundancy Key design considerations:
Spanning tree HSRP/GLBP Traffic flow Load balancing Resiliency Access layer collapsed into distribution layer Access layer IP addressing Access layer features need to be implemented in the distribution layer
Clients
Layer 2
Voice AP
Data
Voice
Access Subnets
Data AP
Mobility!
BRKAGG-2010 Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Public
73
Healthcare
Multicast is Number one Protocol
Core
Intranet
74
Retail
PCI COMPLIANCE!! Carpeted and Warehouse environment
HeadQuarters
Internet
Small Store
BRKAGG-2010 Presentation_ID
Large Store
Cisco Public
75
Enterprise Requirements
Voice is the essential Application
Core
Intranet/Inter net
BRKAGG-2010 Presentation_ID
76
Manufacturing
Multipath intensive environment
Can benefit from both indoor mesh and the standard central solution
HREAP could be used for small solutions
Internet
Headquarters
Choose the design that makes the most sense for you
Current network and policies Future growth plans
BRKAGG-2010 Presentation_ID
Cisco Public
78
Supported on 1130 and 1240 AP platforms Allows bridging/tagging of traffic locally (local switching) by WLAN Allows simultaneous tunneling of traffic to WLC (central switching) by WLAN Connected ModeLWAPP control centralized Standalone Mode (WAN outage)
Locally switched WLANs stay up Some lost functionality
100 msecs latency between APs and WLC H-REAP APs should be connected to trunk portsallow only the relevant, locally switched VLANs No optimization for:
Fast, secure roaming (CCKM, PKC) Voice (no CAC or TSPEC support in standalone mode)
BRKAGG-2010 Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Public
79
BRKAGG-2010 Presentation_ID
Cisco Public
80
BRKAGG-2010 Presentation_ID
Cisco Public
81
H-REAP AP Configuration
Select a desired AP...
BRKAGG-2010 Presentation_ID
Cisco Public
82
BRKAGG-2010 Presentation_ID
Cisco Public
83
BRKAGG-2010 Presentation_ID
Cisco Public
84
440x
Appliance
Integrated controller
WLAN controller module (WLCM) for ISR Cisco 3750 integrated WLAN controller (support for 25, 50 APs)
WLCM in ISR
Integrated
BRKAGG-2010 Presentation_ID
Cisco Public
85
Section Agenda
Connecting Controllers and APs to Networks Controller Redundancy and AP Load Balancing Design Considerations Migration from Autonomous APs to the Controllerbased Architecture
BRKAGG-2010 Presentation_ID
Cisco Public
86
1200 series, including 1210, 1230 (802.11B/G and/or 2nd generation 802.11A radiosRM21A, RM22A) 1130AG 1240AG BR1310 (only AP mode is supported in LWAPP)
87
or
Each APs information is input into a text file in the following format:
ap-ip-address,telnet-username,telnet-user-password,enable-password ap-ip-address,telnet-username,telnet-user-password,enable-password
BRKAGG-2010 Presentation_ID
Cisco Public
88
APs with static IP addresses will rely on DNS to find WLCs across router hops
1 5 APs may be upgraded simultaneously. Their completion status bars are shown here.
Cisco Public
89
Upgrade tool issues commands to AP to have it generate an RSA key pair and a self-signed certificate (SSC) and installs the root CAs so that the AP can authenticate controllers SSCs must be individually authorized on each controller Upgrade tool extracts the public key and can install it on 1 controller. It also stores an AP MAC, public key tuple in a CSV file that can be imported into WCS and other controllers http://www.cisco.com/en/US/partner/products/hw/wireless/ps430/pr od_technical_reference09186a00804fc3dc.html
BRKAGG-2010 Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Public
90
91
Upgrading Autonomous Access Points to LWAPP ModePlanning the LWAPP Discovery Strategy
Options for discovery when upgrading autonomous access points to LWAPP:
Local subnet broadcast of LWAPP discovery request Vendor-specific DHCP option 43 DNS resolution of CISCO-LWAPP-CONTROLLER.localdomain Console port priming commands (valid only with LWAPP recovery IOS image) OTAP is not supported in the LWAPP recovery IOS image
Most autonomous Cisco Aironet APs are deployed with static IP addresses
AP preserves static IP address, default gateway, sysName, DNS server, domain name during the upgrade process
Many Cisco customers have chosen to erase the AP configurations before upgrading and migrate to DHCP addresses instead of static IP addresses
BRKAGG-2010 Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Public
92
http://www.cisco.com/en/US/partner/products/hw/modules/ps2706/products_configuration_example 09186a008073614c.shtml
BRKAGG-2010 Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Public
93
Consider network architectural impact and any necessary changes very carefully
Upgraded APs should be connected to access ports instead of trunk ports May need to clean-up and harvest old, unnecessary VLANs and IP subnets
Plan out new IP addressing schemes for wireless clients and APs
BRKAGG-2010 Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Public
94
AssureWave
BRKAGG-2010 Presentation_ID
Cisco Public
95
AssureWave
HealthCare, Retail and Manufacturing
BRKAGG-2010 Presentation_ID
Cisco Public
96
BRKAGG-2010 Presentation_ID
Cisco Public
97
BRKAGG-2010 Presentation_ID
Cisco Public
98