Wireless Deployments Flashcards
WLAN Deployments
1) Autonomous
2) Centralized
3) FlexConnect
4) Cisco Software-Defined Access Wireless
5) Cloud-managed
WLAN Deployment - Autonomous
- used for hotspots or smaller enterprises
- individual access point management
- simple to deploy and cost-effective
- no advanced security (Rogue detection and mitigation, Cisco Wireless Intrusion Prevention System wIPS, Guess access)
- Wireless Domain Services (WDS) can exchange client creds among APs in the same subnet, but no mechanism to support roaming among APs in different subnets
- configurations include SSID, security choice, and transmit power levels
WLAN Deployment - Centralized
- Campus environment where traffic is centralized
- APs connect to switches, which connect to centralized WLCs
- WLC can be informed if one of the APs becomes faulty and neighboring APs adjust power levesl to compensate
- WLC can offload clients to another AP if one becomes overloaded
- when APs are in local mode, all data traffic is sent to the WLC first for policy analysis before deciding how to foward the client traffic
WLAN Deployment - FlexConnect
- Designed for enterprised that have branch or remote offices
- Locations with a relatively small number of APs where deployment of a WLC is not justified or desired
- WLAN data traffic is either tunneled back to a central WLC (central switching) or the data traffic is broken out locally at the wired interface (local switching) of the AP
- RTT must be below 300ms for data and 100 ms for voice
- minimum 500 bytes WAN MTU with maximum four fragmented packets
- require the implementation of a sitewide VLAN for roaming
- upon booting, the AP always tries to reach the WLC to obtain its config
- if the controller becomes unreachable, the AP takes over client authentication and key mgmt
- you can configure some WLANS to be locally switched and decide specific WLAN-to-VLAN mappings
WLAN Deployment - Cisco SD-Access Wireless
- integration of wireless access in the SD-Access architecture
- moves the enterprise network from the current VLAN-centric architecture to a user group-based enterprise architecture, with flexible L2 extensions within and across sites
- automated network provisioning through the Cisco Digital Network Architecture (DNA) Center application
- No L3 roaming
- Requires sitewide VLAN for roaming (VoWLAN)
- only mgmt data flows through the Meraki cloud; user data traffic stays on the private network
WLAN Deployment - Cloud-managed
- Cloud-based virtual controllers provided through the Cisco Meraki or the Cisco 9800 Cloud Controller solutions
- Centralized installation and management
- Scales from small branched to large networks
- Reduces operational costs
- Reduces IT staff size
Autonomous Deployment Traffic Flow Scenarios
1) Wireless-to-wired clients
2) Traffic from wireless client to wireless client connected to the same AP in the same subnet
3) Traffic from clients sending frames to other clients connected on other APs
Centralized Deployment Traffic Flow Scenarios
1) Destination subnet is on a VLAN associated to another WLC
2) Both clients are associated to different APs connected to the same WLC
3) Even if both clients are on the same AP, traffic is forwarded to the controller before being sent back to the AP to be distributed to the client
Local Switching
- clients connecting to APs at remote locations can be authenticated locally and have their data bridged to the local Ethernet segment
Central Switching
- clients connecting to APs at remote locations can have their traffic tunneled over the WAN through CAPWAP to a WLC at a central site to be switched to the network
Cisco Connected Mobile Experiences (CMX)
- capture metrics such as visitor capture rate, user visit time, and repeat visits by listening for wireless devices
- deployed either as on-prem or cloud-based
- on-prem software can be deployed on a pre-installed Cisco Mobility Services Engine (MSE) appliance or as a VM on something like UCS
- cloud-based has 2 licensing tiers
Application Visibility and Control (AVC)
Identify which applications are being used and then prioritize critical applications while limiting recreational apps
Catalyst 9800 Embedded WLC
- can support up to 200 APs and 4000 clients when running on a Catalyst 9300
- 9300 Series switch either functions has a colocated border and control plane, or functioning as Fabric in a Box (FiaB)
- only supports SD-Access model
- supports APs only in fabric mode
- L2 roaming without having to span VLANs
- no need for guest anchor
- support for 802.11ax / Wave-2
Cisco Mobility Express
- a virtual wireless LAN controller integrated on an AP
- by default, all APs run the Aironet CAPWAP image. To acquire the WLC functionality, the Cisco Mobility Express image needs to be installed on a Cisco 802.11ac Wave 2 AP
- all APs must be in the same VLAN
Mobility Express Components
1) Primary AP - the AP that runs the WLC function. Can manage up to 100 APs and 2000 clients, depending on the model. Can also service clients at the same time.
2) Subordinate AP - managed by the primary and can be 802.11ac Wave2 APs. Only service clients.
