15 - Examining Wireless Deployment Options Flashcards
• ___
o Used for hotspots or smaller enterprises
o Individual Access Point management
o Simple to deploy
• ___
o Campus environment where traffic is centralised
o APs connect to switches, which connect to centralised WLC
• ___
o Designed for enterprises that have branch or remote offices
o Locations with a relatively small number of APs where deployment of a WLC is not justified or desired
o WLAN data traffic is either tunnelled back to a central WLC (central switching) or data traffic is broken out locally at the wired interface (local switching) of the AP
• ____
o Integration of wireless access in the SD-Access architecture
o Moves the enterprise network from the current VLAN-centric architecture to a user group-based enterprise architecture with flexible Layer2 extensions within and across sites
o Automated network provisioning via the DNA Centre application
• ___
o Cloud-based virtual controllers provided via the Cisco Meraki or Cisco 9800 Cloud Controller solutions
o Centralised installation and management
o Scales from small branches to large networks
o Reduces operational costs
o Reduces IT staff size
• Autonomous
o Used for hotspots or smaller enterprises
o Individual Access Point management
o Simple to deploy
• Centralised
o Campus environment where traffic is centralised
o APs connect to switches, which connect to centralised WLC
• FlexConnect
o Designed for enterprises that have branch or remote offices
o Locations with a relatively small number of APs where deployment of a WLC is not justified or desired
o WLAN data traffic is either tunnelled back to a central WLC (central switching) or data traffic is broken out locally at the wired interface (local switching) of the AP
• SD-Access Wireless
o Integration of wireless access in the SD-Access architecture
o Moves the enterprise network from the current VLAN-centric architecture to a user group-based enterprise architecture with flexible Layer2 extensions within and across sites
o Automated network provisioning via the DNA Centre application
• Cloud managed
o Cloud-based virtual controllers provided via the Cisco Meraki or Cisco 9800 Cloud Controller solutions
o Centralised installation and management
o Scales from small branches to large networks
o Reduces operational costs
o Reduces IT staff size
Each AP is an ___ – operates independently and has no knowledge of any other APs
independent cell
The greatest benefit of an ___ AP deployment is that it is a simple and cost-effective way to extend an existing wired infrastructure for a small network
autonomous
In an autonomous AP deployment, up to _ APs should be used.
5
What are some benefits of an autonomous AP deployment?
- Lower CapEx
- Adapted to small deployments
- Flexible features for simplified deployments in small networks (RADIUS, user database, DHCP)
- Allow for basic dynamic channel assignments
What are some limitations of an autonomous AP deployment?
• Each AP is managed individually
o Prone to configuration inconsistencies
o Individual software upgrades
o Scalability issues
• Base-level wifi functionality
o No dynamic RRM (Radio resource management)
o No advanced security such as rogue detection and mitigation, wIPS, guest access
• Fast, secure, and seamless roaming between subnets is not possible
Because autonomous AP environments are small, factors such as roaming, and tightly synchronised AP transmit levels do not apply. Typical configuration parameters include:
- SSID
- Wireless security choice
- Transmit power levels to set the transmit power level of the APs so that the signal does not propagate into adjacent building spaces belonging to other tenants or into the parking lot
What is the autonomous deployment traffic flow for a wireless to wired client?
- Client traffic flows across the wireless interface through the AP
- Coverts 803.11 frame to 802.3 frame
- Sends frame to local access switch
What is the autonomous deployment traffic flow for a wireless to wireless client (same AP)?
- Traffic flows from one client to another client via the same AP
- Does not go beyond AP to the switch
- Does not create load of switch supporting AP
- AP cannot route between different VLANs so if clients are in different VLANs the AP must forward to the LAN until it reaches a router that will forward to the second client
What is the autonomous deployment traffic flow for a wireless to wireless client (different AP)?
• Must transit through wired infrastructure
Compared to autonomous APs, the APs in a __ architecture do not function independently. The have reduced functionality in the AP and depend upon the __ to configure, control and manage several APs.
centralised, WLC
In a centralised WLC deployment, APs handle only the __ MAC functionality and all the not-real-time MAC functionality is processed by the WLC
real time
APs have visibility and awareness of the __ APs. The WLC can be informed if one of the APs becomes faulty and __ APS adjust power levels to compensate. WLC can also offload clients to a __ AP if one of the APs becomes overloaded.
neighbouring
What are the benefits of a centralised WLC deployment?
- Centralised management and troubleshooting for low total cost of ownership
- Easy to deploy and manage
- RRM (Radio resource management)
- High availability
- Rogue detection and mitigation
- wIPS
- Identity networking, RADIUS change of authorisation, and Cisco ISE
- Voice and data over WLAN seamless roaming
- Location services
- Guest access
- Mesh (indoor and outdoor)
- Highly customisable and advanced feature set
What are the limitations of a centralised WLC deployment?
- All end-user traffic is forwarded to WLC
- Poor use of LAN and WAN infrastructure when internal resources are distributed
- WLC can become a bottleneck
- WLC can be a single point of failure
When APs join onto a controller, they only handle some 802.11 MAC functionality. The WLC handles the rest. This is called __ mode.
split MAC
__ is used extensively between APs and WLCs within the centralised architecture
CAPWAP
What are some features of CAPWAP?
- Is an open protocol that enables a controller to manage a collection of APs
- APs can discover and join a CAPWAP controller
- Control messages that are exchanged between the WLC and AP
- WLC control messages are used to support wireless station access, authentication and mobility
- Can also be used for statistics gathering and wireless security
- Differentiates between the control plane and data plane
- Protocol supports two modes of operation. Split MAC in centralised mode or the local-MAC in FlexConnect mode.
What are the centralised deployment traffic flow models?
standard model, inter-controller, intra-controller different AP, intra-controller same AP
__
• APs are in local mode
• All wireless client data traffic is first sent to the controller
• The controller then decides on the policy to apply to the incoming traffic (ACL, QoS) before deciding how to forward to the final destination
• Client data reaches the AP and is encapsulated in CAPWAP and forwarded to controller. This means that between the AP and the controller, you can see CAPWAP data packets from the AP IP address, with a random client port, sent to the controller AP manager IP address to CAPWAP data port udp/5247. The same logic applies to return traffic
standard model
___
• Controller does not route between VLANs and subnets, so a router decides how to reach destination network
• On the last hop, the router sends an ARP request to resolve the MAC of the destination.
• The second controller acts as an ARP proxy and answers the request in the name of the wireless client
• The last hop router forwards to the second controller
• The second controller converts 802.3 frame to 802.11, and encapsulates into CAPWAP and sends to the AP
inter-controller
___
• Controller receives CAPWAP encapsulated data from AP
• After deciding on QoS and security policy, controller examines the destination MAC and IP
• If destination MAC is a wireless client of controller in same subnet, 802.11 frame is re-encapsulated into CAPWPA and forwarded to AP
• If destination MAC is not a wireless client of controller, or a different wireless client of the controller, but different VLAN, the 802.11 is converted to 802.3 and forwarded to the controller interface of the associated VLAN
intra-controller different AP
__
• Traffic is still forwarded to controller first before being sent back to the AP to be distributed to the client
• The frame must first reach the controller so that QoS and security policies can be applied
intra-controller same AP
___ architecture is an extension to the centralised architecture designed for brand off and remote office deployments.
FlexConnect
