Documentos de Académico
Documentos de Profesional
Documentos de Cultura
Enterprise WLANs
Components
Wireless LAN controllers (WLC)
Wireless LAN
Aironet access points (AP) Controllers
Management (Prime Infrastructure) (PI) MSE/CMX
Mobility Service Engine (MSE) / CMX
Campus
Principles Network
AP must have CAPWAP connectivity with WLC
Configuration downloaded to AP by WLC
All Wi-Fi traffic is forwarded to the WLC Aironet Access
Point
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Centralized Wireless LAN Architecture
What is CAPWAP?
Data Plane
CAPWAP Controller
Wi-Fi Client
Access
Point Control Plane
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
CAPWAP State Machine
AP Boots UP
Reset
Discovery
Image Data
DTLS
Setup
Run
Join Config
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
AP Controller Discovery
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Efficient CAPWAP Operation
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Cisco Wireless
Plug-N-Play
Network Plug-N-Play Simple, Secure, Scalable
Todays Process Business Challenges
Direct Costs
Central Staging Facility Shipping after Configuring device
Ships
equipment Travel costs for IT installer
Install OS
Install Config
Prime device Complexity
Network
Reseller/Partner Admin Config errors
Different products / processes
Security
3rd party not secure
Installer
Time/Productivity
Site-1 Site-2 Site-3 Manual process
Shipping , Storage, Travel
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Network Plug-N-Play Simple, Secure, Scalable
Todays Process Network PnP
Central Staging Facility
Ships
Pre Provision
equipment 1 Projects/Sites
Install OS
Install Config
Prime device Network Admin
Network
Reseller/Partner Admin
Installer
Installer
Network Admin
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Network PnP Discovery Options
3 CAPWAP
CAPWAP based WLC discovery
(For AP only)
4 Cloud re-direction
Brand new
device only
Manual - using Installer App
5 iPhone, iPad, Android,
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
Branch Provisioning with PnP Server
PID Serial Hostna WLC IP AP Mode Flex
# me address Group Admin:
name Set auto convert feature
AIR- RFD0 AP- 192.168.15.1 FlexConnect Group-1
Configure DFG parameters
CAP3702I- PP2T0 Store1-1
A-K9 25
PnP Server
AP
Places AP in appropriate
flexgroup/default
Day 0 Apply relevant flex configs to
AP
Network Admin
Network Admin pre
provisions branch APs in Day 1
PnP server.
WLC IP (Prim/Sec/Ter) Remote Installer on branch
AP Name Mount and cable devices
AP Mode (Flex) Power-on
AP Group Name Installer * Resources required for PnP: 64 Gb RAM, 500 Gb Storage Scale: 10,000 devices
Flex Group Name
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Rule Example in APIC-EM
Create a site. Associate it with AP name, Product ID, Serial or MAC
Upload config file.
Configuration file contains WLC IP (Prim/Sec/Ter), AP Name, AP Mode
(Flex/Local), AP Group Name, FlexConnect Group Name
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Single Site Provisioning
Central Site
Site Rule WLC IP: WLC-1a
Product ID Serial # Hostname WLC IP AP Mode FlexGroup AP Name: Site-1-AP
AIR-CAP3702I-A-K9 RFD0PP2T025 Site-1-AP WLC-1a FlexConnect Site-1Group
AP Mode: FlexConnect
Flex Group: Site-1Group
PnP Server
Remote Site
WAN
WLC-1b
Site-1
Group
Radius WLC-1a
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Agenda
Controller-Based Architecture Overview
Mobility in the Cisco Unified WLAN Architecture
Architecture Building Blocks
Deploying the Cisco Unified Wireless Architecture
Bringing All Together Best Practices
Mobility Defined
Mobility is a key reason for wireless networks
Mobility means the end-user device is capable of moving location in the
networked environment
Roaming occurs when a wireless client moves association from one AP and re-
associates to another, typically because its mobile!
Mobility presents new challenges:
Need to scale the architecture to support client roamingroaming can occur
intra-controller and inter-controller
Need to support client roaming that is seamless (fast) and preserves security
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Scaling the Architecture with Mobility Groups
Mobility Group allows controllers to peer with each other to support seamless
roaming across controller boundaries
APs learn the IPs of the other members of the mobility group after the
CAPWAP Join process Controller-B
MAC: AA:AA:AA:AA:AA:02
mobility group
Ethernet in IP Tunnel
Mobility Group Neighbours:
Controller-B, AA:AA:AA:AA:AA:02
Controller-C, AA:AA:AA:AA:AA:03
Mobility messages
exchanged
between
controllers Controller-C
MAC: AA:AA:AA:AA:AA:03
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
Scaling the Architecture with Mobility Groups
With Inter Release Controller Mobility Mobility Domain
(IRCM) roaming is supported between 8.0, Mobility Group (8.0)
One
WLC Network Mobility Group (8.2)
Mobility Group
72 WLCs in a
Mobility Domain
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
How Long Does an STA Roam Take?
Time it takes for:
Client to disassociate +
Probe for and select a new AP +
802.11 Association +
802.1X/EAP Authentication +
Rekeying +
IP address (re) acquisition
All this can be on the order of seconds Can we make this faster?
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Roaming Requirements
Roaming must be fast Latency can be introduced by:
Client channel scanning and AP selection algorithms
Re-authentication of client device and re-keying
Refreshing of IP address
Roaming must maintain security
Open auth, static WEPsession continues on new AP
WPA/WPAv2 PersonalNew session key for encryption derived via standard
handshakes
802.1x, 802.11i, WPA/WPAv2 EnterpriseClient must be re-authenticated and new
session key derived for encryption
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
How Are We Going to Make Roaming Faster?
Focus on Where We Can Have the Biggest Impact
Eliminating the (re)IP address acquisition challenge
Eliminating full 802.1X/EAP reauthentication
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Intra-Controller Roaming:
VLAN X
WLC-1 Client WLC-2 Client
Database Client Data Database
(MAC, IP, QoS,
Security)
Client Roams to a
Different AP
Layer 2 Roaming
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
Client Roaming Between Subnets:
VLAN X VLAN Z
WLC-1 Client Client Data (MAC, IP, WLC-2 Client Database
Client Data (MAC,
Database QoS, Security) IP, QoS, Security)
Preroaming Data
Path
Client Roams to a
Different AP
Layer 3
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Roaming: Inter-Controller
L3 inter-controller roam: STA moves association between APs joined to the different
controllers but client traffic bridged onto different subnets
Client must be re-authenticated and new security session established
Client database entry copied to new controller entry exists in both WLC client DBs
Original controller tagged as the anchor, new controller tagged as the foreign
WLCs must be in same mobility group or domain
No IP address refresh needed
Symmetric traffic path established -- asymmetric option has been eliminated as of 6.0
release
Account for mobility message exchange in network design
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
Designing a Mobility Group/Domain
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
How Are We Going to Make Roaming Faster?
Focus on Where We Can Have the Biggest Impact
Eliminating the (re)IP address acquisition challenge
Eliminating full 802.1X/EAP reauthentication
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
Fast Secure Roamingtandard Wi-Fi Secure Roaming
802.1X authentication in wireless today requires three
end-to-end transactions with an overall transaction
time of > 500 ms
WAN
802.1X authentication in wireless today requires a
Cisco AAA roaming client to reauthenticate, incurring an
Server additional 500+ ms to the roam
(ACS or
ISE)
1. 802.1X Initial
Authentication
AP2 Transaction AP1
2. 802.1X
Reauthenti-
cation After
Roaming
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
Cisco Centralised Key Management (CCKM)
In highly controlled test environments, CCKM roam times consistently measure in the 5-8
msec range!
CCX-based laptops may not fully support CCKM depends on supplicant capabilities
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
Protocols that Help Your BYOD Roam
Issues will come as you reach the edge of the cell you need to expedite the
jump to the next cell:
802.11k: helps the BYOD discover the next cell
802.11r (FT): helps the BYOD exchange credentials fast while roaming
802.11v BSS Transition Management: pushes the BYOD to the next cell
How do you know if your BYOD supports 802.11k or 802.11r?
Apple devices support both since IOS 6
On Android it depends on the device vendors certify for 802.11r and/or 802.11k
devices targeted for the enterprise market, not for the home market
Two URLs can help you:
http://www.cisco.com/c/en/us/td/docs/wireless/controller/
technotes/8-0/device_classification_guide.html
http://clients.mikealbano.com/ (look for RM fields in
frame captures for 802.11k support)
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
Apple & Cisco
Cisco and Apple join hands to build a fast lane
Cisco AP
Apple iOS 10
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
How does Fast Lane work for Apple devices
connecting to Cisco Wireless networks?
iOS 10 devices and Cisco APs perform a handshake that
allow them to recognize each other
Aloha! Hello Amigo!
Apple iOS 10
Cisco AireOS 8.3
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
Three New Wireless Innovations Resulting from
Apple / Cisco Partnership
1. Enhanced QoS for iOS 10+
2. Improved Roaming
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
Foundation 1: Enhanced QoS for iOS Devices
Wireless is becoming the new edge of
the network
Real-Time apps (voice and video) are
becoming the norm on WLANs
Endpoint vendors QoS implementation
is weak, resulting in poor quality voice
and video experience over wireless
2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Wi-Fis Biggest QoS Challenge:
Shared, Half-Duplex and Contention Based!
TECEWN-3010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
As WLANs become Busier, Each Client (and the AP)
Need to Wait Longer (bad for real-time apps)
My MOS
score is
terrible!
Wait Wait
Wait
Finished!
Wait
My MOS 11ac
My MOS
score is Sending Wait score is
terrible! Wait terrible!
My MOS
Wait Wait score is
terrible!
Wait
TECEWN-3010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
How Much Does Contention Affect Performance
The Breaking Point Depends on How Many Clients You Have
120%
100%
As more clients associate and
Throughput (%)
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
802.11e Solves the Problem by creating wireless queues
(Access Categories) and forcing lower priority queues to wait
longer before transmitting
Application Data
Long Short
Wait Time Before Attempting to Send
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
802.11e QoS Mappings Before Fast Lane
Endpoint/Client Voice (EF) Video (AF41/42) Control (CS3)
WMM Convention 6 5 4
2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
802.11e QoS Mappings After Fast Lane
Endpoint/Client Voice (EF) Video (AF41) Control (CS3)
Cisco
6 5 4
Recommendation
Jabber for iOS 10+
6 5 5
(iPad, iPhone)
Jabber for
6 5 3
Android
2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
Foundation 2: Improved Roaming Performance
In 802.11, delay in roaming causes poor
experience, especially for rich-media real-
time applications. Interoperability increases
complexity and prevents adoption.
2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
802.11k, 802.11v, 802.11r help efficient roaming
Association
802.11r enables fast roaming without complete reauth
802.11k sends you list of neighbors
802.11v BSS Transition sends you the new best AP
Cisco-AP-2 to connect to
802.11k, 802.11v
are on by default
Non-Cisco-AP Cisco-AP
2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Foundation 3: Centralized Policy Management of
iOS 10 Devices
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
Cisco Apple Fast lane QoS Profiles
Apple iOS 10
Cisco AireOS 8.3
*By default, all applications are whitelisted. This means that if there is no profile,
all apps get QoS. If there is a profile, only the apps in the profile get QoS
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
Creating Fast Lane Profiles
Meraki Systems
Apple Configurator Manager MDM
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
Agenda
Controller-Based Architecture Overview
Mobility in the Cisco Unified WLAN Architecture
Architecture Building Blocks
Deploying the Cisco Unified Wireless Architecture
Bringing All Together Best Practices
Cisco Controller Portfolio Large Enterprise/Branch
Mid-size Enterprise/Branch
Cisco 8540
Cisco vWLC
Small Network, Small Branch 1500 APs
6000 APs
64,000 clients
16000 Clients
500 Mbps 40 Gbps
Cisco 5520
1500 APs
Mobility Express Cisco 3504 3000 Clients
150 APs 20 Gbps
Compact, mGig ready, dedicated RP/SP ports, side by side rack mount and much more
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
Previous 12 Months
5520 WLAN Controller 8540 WLAN Controller
Highest
Scalability
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
Cisco Aironet 802.11ac Wave 2 Portfolio
Industrys most comprehensive and innovative AP portfolio
Enterprise Class Mission Critical Best in Class
DNA Ready | RF Excellence | CMX | Centralized, FlexConnect or Mobility Express
Dual 5 GHz | Flexible Radio | HDX
Future Proof
3800
2800
1830 1850 4x4:3SS 160 MHz
1815 4x4:3SS 160 MHz 5 Gbps Performance
Indoor / High-powered Indoor 4x4:3SS 80Mhz 5 Gbps Performance 2.4 and 5GHz or
Wall Plate / Teleworker 3x3:2SS 80MHz Dual 5GHz
1.7 Gbps Performance 2.4 and 5GHz or
2x2:2SS 80 MHz 867 Mbps Performance Dual 5GHz 2 GE Ports Uplink or
Internal or External
867 Mbps Performance Tx Beam Forming Antenna 2 GE Ports Uplink 1 GE + 1 mGig (5G)
Tx Beam Forming 1 GE Port Uplink Tx Beam Forming CleanAir and ClientLink CleanAir and ClientLink
Integrated BLE Gateway1 USB 2.0 2 GE Ports Uplink Internal or External StadiumVision
Max Transmit Power (dBm) USB 2.0 Antenna Internal or External Antenna
per local regulations2 Smart Antenna Connector Smart Antenna Connector
3 GE Local Ports, including USB 2.0 USB 2.0
1 PoE out3
Investment Proof Modularity
Local ports 802.1x ready3
Bluetooth
Other
Beacon
Stadium 3G Security
Adv. and
Other Panel and LTE
Spectrum Bluetooth
Other
Antenna Small Cell
Analysis Beaconing
Offload
SMART MODULE
ANTENNA PORT
PORT
Custom
Custom
Directional location Future Wi-Fi Video
Application
Application
Antennas Antennas Standard Surveillance
Using Linux
Using Linux
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
Wireless excellence and innovations delivered only by
Cisco Aironet 2800, 3800 Series Access Points
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 61
Wireless excellence and innovations delivered only by
Cisco Aironet 2800, 3800 Series Access Points
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
Wireless excellence and innovations delivered only by
Cisco Aironet 2800, 3800 Series Access Points
RF RF
2. High Application
Planning Optimization
App Engage Availability Visibility & Control
Engineer the WLAN for Optimize Gigabit Wi-Fi as Replicate the High Prioritize mission critical
data, voice, video, location, primary connectivity Gig Availability of the LAN on business applications over
and client density Ethernet as fallback the WLAN personal applications
802.11ac : -65 to -67 RSSI Cisco CleanAir LAN SSO Edge, Core, Disti Cisco AVC Identify,
10 20% cell overlap Clientlink WLAN SSO Client, AP, Prioritize, Control Apps
1 AP / 2500 sq ft RRM Controller across LAN, WLAN
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 65
Deploying the Cisco Unified Wireless Architecture
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
Controller Redundancy
Redundant WLC in a geographically
separate location WLAN-Controller-1
APs Configured With:
Primary: WLAN-Controller-1
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
Controller Redundancy High Availability
Primary WLC
High Availability Principles :
AP is registered with a WLC and
maintain a backup list of WLC.
AP use heartbeats to validate WLC
connectivity
AP use Primary Discovery
message to validate backup WLC list
When AP loose 3 heartbeats it start Secondary WLC
join process to first backup WLC
candidate
Candidate Backup WLC is the first
alive WLC in this order : primary,
secondary, tertiary, global primary, New Timers 7.2
global secondary. Heartbeat Timeout 1-30 secs
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
SSO Failover Sequence
AP and Client info Sync
Redundancy Link Established
(Over dedicated Redundancy Port)
ACTIVE STANDBY
Client
Associate
Switch
AP Join
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
SSO Failover Sequence
Keep-Alive failure/Notify Peer
Redundancy Link Established
(Over dedicated Redundancy Port)
ACTIVE STANDBY
Client
Associate
Switch
AP Join
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
SSO Failover Sequence
ACTIVE
STANDBY
ACTIVE
Client
Associate
Switch
AP Join
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 73
SSO Failover Sequence
ACTIVE
STANDBY
ACTIVE
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 74
Pairing 5520/8540 for SSO
L
L 2
2
Po 1 Po 2 Po 1 Po 2
Trunk Trunk
Port-channels Port-channels
L2 L2
Spread the links in each PC among the two physical switches to prevent a WLC switchover upon a failure of one of
the VSS switch
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
Web-GUI Configuration
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 77
SSO Behaviour and Recommendations
RTT latency on Redundancy Link : 80 milliseconds or less. 80% of keep alive timer.
Preferred MTU on Redundancy Link : 1500 or above.
Bandwidth on Redundancy Link : 60Mbps or more.
Recommended to have Redundancy Link and RMI Connectivity between WLCs on different switches
or on different L2 networks
Keep alive/Peer Discovery timers should be left with default timer values for better performance
Default box failover detection time is 3 *100 = 300+60 = 360 +jitter (12 msec)= ~400 msec
2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Fast Restart Highlights 8.1
Use Cases
LAG Configuration change
Clear Configuration
Process Restart to reduce network and service downtime Post Configuration Wizard
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 79
Deploying the Cisco Unified Wireless Architecture
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 81
AP-Grouping in Campus
VLAN 100 VLAN 100 VLAN 100
Access
Si Si Si Si Si Si
Distribution
CAPWAP Si Si
Core
Si Si
Si Si
Si Si Distribution
VLAN 100 / 21
Access
Single WAN Data Centre Internet
SSID =
Employee WLC-1 WLC-2
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 82
AP-Grouping in Campus
AP-Group-1 AP-Group-2 AP-Group-3
VLAN 60 /23 VLAN 70 /23 VLAN 80 /23
Access
Si Si Si Si Si Si
Distribution
CAPWAP Si Si
Core
Si Si
VLAN 100 Si Si VLAN 60
Si Si Distribution
/21 VLAN 70
VLAN 80
Access
Single WAN Data Centre Internet
SSID =
Employee WLC-1 WLC-2
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 83
Default AP-Group
Network Name
Default AP Group
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 84
Multiple AP-Groups
AP Group 1
AP Group 2
AP Group 3
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 85
HD Config Tip: RF Profiles for Fine-Tuning
RF Profiles work in Conjunction with AP Groups (beginning in release 7.2)
You can create separate RF profiles for both 2.4 and 5 GHz
1 profile for each band (802.11a/802.11b) can be assigned to an AP group
Today
802.11 data rates
TPC Power Threshold and Min max Power settings
DCA
Coverage hole algorithm settings
High Density HDX configurations RX_SOP, Client Limit, Mcast data rate
Client Distribution
Load Balancing
High Density
2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
8.1
Network Profiles GUI
Sets pre-defined RF parameters depending on Client Density and
Traffic Type
Client Density : High,
Typical, Low
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 88
Pre-built RF Profiles
Client Density specific pre-built RF profiles for 2.4 GHz and 5GHz Bands to be used
with AP Groups
Si Si Si Si Si Si
Distribution
CAPWAP
Si Si
Core
Si Si
Si Si VLAN 60
Si Si Distribution
VLAN 61
VLAN 70
VLAN 71
VLAN 80 Access
VLAN 81
Single WAN Data Centre Internet
SSID =
Employee WLC-1 WLC-2
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 90
The Worlds Most Versatile Access Points
All The Benefits of 802.11ac Wave 2
Highest Wi-Fi Performance Ever Better End Device Efficiency
5GHz 5GHz
Dual 5GHz Support, both radios serving clients on 5GHz
Serving Serving Maximum over the air data rate up to 5.2Gbps
5GHz Wireless
Wireless Security Monitoring
Serving Security Scan both 2.4GHz and 5GHz for security threats
Mode Serve Client of 5GHz
Monitor 5 GHz
A Radio ROLE,
Sniffer* Monitor
is assigned to a single radio Interface
Spectrum Connect* WSM
2800/3800 WSA*
Slot 0 802.11-abgn= XOR radio
* Post FCS
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 93
Radio Role Assignment Auto/Manual
Selecting a 2800/3800
802.11-abgn interface
config
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 94
Radio Role Assignment Auto/Manual
Selecting a 2800/3800
802.11-abgn interface
config
Auto (default) makes the
radio available to FRA
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 95
Radio Role Assignment Auto/Manual
Selecting a 2800/3800
802.11-abgn interface
config
Auto (default) makes the
radio available to FRA
Manual, takes the Radio
out of Global FRA
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 96
Dual 5 GHz operation Custom Channel
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 97
Dual 5 GHz operation Custom Channel
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 98
FRA - Config
FRA is Disabled by
Default
Enable and FRA is active
Sensitivity=
Low (100%)
Medium (95%)
High (90%)
Interval
1-24 hours
1 hour default
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 99
FRA Assignment Priority
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 100
Cisco Dynamic Bandwidth Selection (DBS) 8.1
D B S
Client
Non WiFi Protocol &
Noise Traffic
11n/11ac
DBS:
Channel Auto
Utilization Configure
Globally
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 101
Deploying the Cisco Unified Wireless Architecture
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 103
Policy Classification
Identity
Session Time of
VLAN ACL QoS
timeout Day
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 104
Configuring Client Profiles
Client profiling uses pre-existing profiles in the controller
Custom profiles are not supported in this release
Wireless clients are profiled based on the MAC OUI, DHCP,HTTP user agent
DHCP is required for DHCP profiling, Webauth for HTTP user agent
8.3 release contains 233 pre-existing profiles:
(Cisco Controller) >show profiling policy summary
Number of Builtin Classification Profiles: 233
ID Name Parent Min CM Valid
==== ================================================ ====== ====== =====
0 Android None 30 Yes
1 Apple-Device None 10 Yes
2 Apple-MacBook 1 20 Yes
3 Apple-iPad 1 20 Yes
4 Apple-iPhone 1 20 Yes
/ 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Local Client Profiling Configuration
At the WLAN level, enable Local Client Profiling (DHCP and HTTP)
DHCP required is checked automatically when selecting DHCP profiling
config wlan profiling {local | radius} {dhcp | http | all} <wlan ID>
(Cisco Controller) >config wlan profiling local all enable 1
2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Client Profiles in 7.6 and Above
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 107
Deploying the Cisco Unified Wireless Architecture
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 109
Cisco AVC ecosystem
Device Sensors/Platforms Orchestration/Management
Cisco AVC
3rd Party Visualization 3rd Party Security/Billing
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 110
Wi-Fi Calling Introduction
Setting to use Wi-Fi for calls instead of cellular network
Useful for poor cellular / good Wi-Fi scenarios, and SP offloading
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 111
How Does AVC Classify Applications: Cisco Jabber
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 112
How Does AVC Classify Applications: MS Lync
Deep Packet Inspection
MS-Lync-Video
MS-Lync Media
(Desktop Sharing, MS-Lync File Transfer
(Audio and Video Flows)
Chat)
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 113
Enabling Application Visibility and Control
AVC is enabled per WLAN to Allow Deep Packet Inspection
1
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 114
Discover and Export Capacity Planning
Identify and Monitor 1200+ Applications Natively
App Name
Source and
HTTP Byte
Dest IP
CountProtocol
TOS
Netflow v9
HTTPHTTP VLAN ID
User
Name
Flow Monitoring &
L7 Classification Performance Collection Troubleshooting
Enhanced Netflow export of 17 new flow records to better integrate with Netflow partners like Lancope.
Helps track applications & Traffic flows by User ID
Supported on 5520 and 8500 series controllers
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 116
Policy tie-in with AVC
User-aware and Device-aware
WLC v7.4 and later
Application-based Policies
Per WLAN
WLC v8.0
User-role aware
Device-aware
Alice cannot access Netflix but Bob can even though both are employees connecting to same SSID
Alice can access EHS records on (IT provisioned) Windows Laptop but cannot on personal (unsecure) iPad
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 117
AVC Profile Per User Device
WLC AAA
Cisco-av-pair=avc-profile-name=<avc profile on
wlc>
Cisco-av-pair=role=<role name>
Switch
Teacher Student
AP
SSID: Classroom
Security:WPA2/802.1x
Student Network
Teacher Network
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 118
For Your
Applying AVC Profiles Reference
2 3
Apply AVC Profile per client Apply AVC Profile per
using Local profiling on client using AAA Override
WLC (Radius Server)
2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
8:4 OpenDNS WLC Integration
OpenDNS- Offering Domain Level Visibility
Internet wide
visibility
CATEGORY IDENTITY
Ransomware,
Malware Internal IP malware/Botnet
OpenDNS Cloud Phishing AD User
COVERAGE
PROTECTION
Predictive Threat
DNS layer Security Intelligence
INTELLIGENCE
Security Visibility-
Application Insights,
Policy Compliance
Cloud delivered network security service PERFORMANCE
https://youtu.be/cMdX8sBBYG4
2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 121
OpenDNS - Terminology. How does it work on WLC?
1 2 3
DNS request DNS traffic redirects OpenDNS resolves
precedes web request to OpenDNS request
NOTE If the blocked domain was from HTTPS request, clients web browser will see certificate error because OpenDNS cloud may
2017 notand/or
Cisco haveitsthe certificates
affiliates. from theCisco
All rights reserved. blocked
Public server.
OpenDNS Policy Segmentation
Current ISR Implementation Wireless Controller for Dynamic
Site specific Policy, Enforced per Interface Evaluation of Attributes for Access Control
Policy
ISR 4K
Identity Server
Returns attributes
Contractor Guest
Corp network Guest network
Corp
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 123
OpenDNS- WLC Solution Overview
WLC and OpenDNS registration
(One Time) Content Filtering
Security Enforcement
OpenDNS: Get API. Token for device registration OpenDNS Cloud
WLC: Apply Token and create Profile
Device (Profile) Registration
HTTPS used in this phase
Internet
Web Services
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 124
8.4 Wireless TrustSec
access-list 102 deny tcp 82.1.221.1 255.255.255.255 eq 2587 174.222.14.125 0.0.31.255 lt 4993
access-list 102 deny tcp 103.10.93.140 255.255.255.255 eq 970 71.103.141.91 0.0.0.127 lt 848
access-list 102 deny ip 32.15.78.227 0.0.0.127 eq 1493 72.92.200.157 0.0.0.255 gt 4878
access-list 102 permit icmp 100.211.144.227 0.0.1.255 lt 4962 94.127.214.49 0.255.255.255 eq 1216
access-list 102 deny icmp 88.91.79.30 0.0.0.255 gt 26 207.4.250.132 0.0.1.255 gt 1111
access-list 102 deny ip 167.17.174.35 0.0.1.255 eq 3914 140.119.154.142 255.255.255.255 eq 4175
access-list 102 permit tcp 37.85.170.24 0.0.0.127 lt 3146 77.26.232.98 0.0.0.127 gt 1462
access-list 102 permit tcp 155.237.22.232 0.0.0.127 gt 1843 239.16.35.19 0.0.1.255 lt 4384
access-list 102 permit icmp 136.237.66.158 255.255.255.255 eq 946 119.186.148.222 0.255.255.255 eq 878
access-list 102 deny tcp 103.10.93.140 255.255.255.255 eq 970 71.103.141.91 0.0.0.127 lt 848
Employees
access-list 102 deny ip 32.15.78.227 0.0.0.127 eq 1493 72.92.200.157 0.0.0.255 gt 4878
access-list 102 permit icmp 100.211.144.227 0.0.1.255 lt 4962 94.127.214.49 0.255.255.255 eq 1216
access-list 102 deny icmp 88.91.79.30 0.0.0.255 gt 26 207.4.250.132 0.0.1.255 gt 1111
access-list 102 deny ip 167.17.174.35 0.0.1.255 eq 3914 140.119.154.142 255.255.255.255 eq 4175
Contractors
access-list 102 permit tcp 37.85.170.24 0.0.0.127 lt 3146 77.26.232.98 0.0.0.127 gt 1462
access-list 102 permit tcp 155.237.22.232 0.0.0.127 gt 1843 239.16.35.19 0.0.1.255 lt 4384
access-list 102 permit icmp 136.237.66.158 255.255.255.255 eq 946 119.186.148.222 0.255.255.255 eq 878 Vendors VLANs
access-list 102 permit ip 129.100.41.114 255.255.255.255 gt 3972 47.135.28.103 0.0.0.255 eq 467
access-list 102 permit udp 126.183.90.85 0.0.0.255 eq 3256 114.53.254.245 255.255.255.255 lt 1780
access-list 102 deny icmp 203.36.110.37 255.255.255.255 lt 999 229.216.9.232 0.0.0.127 gt 3611
access-list 102 permit tcp 131.249.33.123 0.0.0.127 lt 4765 71.219.207.89 0.255.255.255 eq 606
Guests
access-list 102 deny tcp 112.174.162.193 0.255.255.255 gt 368 4.151.192.136 0.0.0.255 gt 4005
access-list 102 permit ip 189.71.213.162 0.0.0.127 gt 2282 74.67.181.47 0.0.0.127 eq 199
access-list 102 deny udp 130.237.66.56 255.255.255.255 lt 3943 141.68.48.108 0.0.0.255 gt 3782 PCI Devices
Campus Branch
Complex IP based policies Extend segments over -
Layer 3 boundaries
Need updates as topology changes
Line of Business
Compliance BYOD
Retain Security & Compliance
Various Segmentation needs as network expand and grow
https://youtu.be/A7H4HtzpCwM
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 126
End-to-End TrustSec in Enterprise Network
WAN
SERVICES
Routers
BRANCH OFFICE
Data Center
Campus Internet
Network
NXOS Network
Switches
Wireless IOS
Public
Switches Cloud
DATA CENTER
CAMPUS NETWORK
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 127
DNA Security &
Security and
Compliance
Compliance
Wireless TrustSec Support
5 Employee
6 Voice A B
7 Partner
Employee Tag
Supplier Tag
Non-Compliant Employee Employee Supplier Non-Compliant Non-Compliant Tag
VLAN: Data-2 VLAN: Data-1
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 129
Deploying the Cisco Unified Wireless Architecture
CAPWAPv6 VLAN
Ethernet Ethernet
2001:db8:a:0:2329:9834:3231:1111
10.10.10.52 CAPWAPv6
Tunnel IPv4/v6 router
2001:db8:a:0:1827:91bf:c41b:9683
Mgmt: 2001:db8:a::2/64
10.10.10.2 2001:db8:a::1/64
IPv6 Client
10.10.10.1
IPv4 Client
802.11
2001:db8:a:0:8a56:caff:1547:9150
10.10.10.51 IP: 2001:db8:a:5/64 IP: 2001:db8:a:6/64
SNMP Server, Syslog Server, NTP Server
tftp/ftp/scp Server
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 131
Management Access (telnet, SSH, HTTP, HTTPS)
Mgmt: 2001:db8:a::2/64
10.10.10.2
WLC can be accessed from wired/wireless via its IPv6 Management Interface using:
telnet
SSH
HTTP
HTTPS
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 132
CAPWAPv6
AP can get IPv6 addresses from
state-full DHCPv6/SLAAC or static
assignment
If statically assigned, the gateway can
be the unique global or Link-Local
address of the router
Either CAPWAPv4 or CAPWAPv6
can be used, but not both
APs in bridge mode do not support
CAPWAPv6
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 133
AP Failover
WLC1 WLC2 WLC3
Management IP address must be
reachable
One entry per WLC
The AP will join either IPv4 or IPv6
address of the WLC (regardless of
management IP listed)
Primary: WLC1
Secondary: WLC2
Primary: WLC2
Secondary: WLC3
Primary: WLC3
Secondary: WLC2
All other AP Failover behaviour is the
Tertiary: WLC3 Tertiary: WLC1 Tertiary: WLC1
same as previous versions
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 134
IPv6 Guest Access
Virtual IP address is IPv4 only
Uses IPv4-Mapped address for IPv6 web-authentication clients
Virtual IP should be the same for all WLCs in the same mobility group
For example the IPv6 address will display as [::ffff:192.0.2.1]
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 135
Wireless IPv6 client First Hop Security on WLAN
CAPWAP IPv6
Tunnel VLAN
Ethernet
IPv6
802.11 IPv6
802.11
CAPWAP
IPv4
Ethernet
Router Advertisement
RA Guard - RA from client blocked at AP (Local and FlexConnect)
Undesired IPv6
Addresses/Prefix Source Guard
Wireless
Network
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 138
How CMX Cloud will work with WLC 8.3
Access Points
CMX Cloud
WLAN Controller
https
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 139
Deploying the Cisco Unified Wireless Architecture
High Availability (AP and Client SSO)
RF Optimization - AP Groups / RF Groups / HDX
Security & Policies
Local Profiling and Policy Classification
Application Visibility Control
OpenDNS
TrustSec
IPv6 Deployment with Controllers
CMX Cloud
Branch Office Designs
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 140
Branch Office with Local WLAN Controller
Overview
Backup Central
Controller
Central Site
Branches can also have local
controllers
CAPWAP
Small or Mid-size Branch WLCs
WLC 2504, WAN
Cat-3850
WLC-2504
Virtual WLC
vWLC
Converged Access Cat-3850
High-availability design with central
backup controller is supported;
WAN limitations may apply
Remote Site C
Remote Site A
Remote Site B
2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 141
Branch Office Deployment
Central Site
FlexConnect
Centralized
Hybrid architecture Traffic
Centralized
Traffic
Single management and control point
Data Traffic Switching
Centralised traffic
(split MAC)
or
WAN
Local traffic (local MAC)
Local Switching Data traffic switched onto local VLANs for an SSID
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 143
Flex AVC WAN Bandwidth Considerations
Deployment Type WAN Bandwidth ( WAN RTT Max APs per Branch Max Clients per
Min) Latency(Max) Branch
Test Conditions :
5 APs, 25 Client Setup
1 Locally Switched WLAN with WPA2 and PEAP
Local Authentication with RADIUS server on FCG
Application Visibility turned on at FCG
Applications HTTP, FTP, RTP
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 144
Agenda
Controller-Based Architecture Overview
Mobility in the Cisco Unified WLAN Architecture
Architecture Building Blocks
Deploying the Cisco Unified Wireless Architecture
Bringing All Together Best Practices
Bringing All Together
Best Practices
For Your
Make it Easy Make it Work Make it Perform
Make it Easy Make it work Make it perform Reference
Enable High Availability (AP and Client SSO)
Enable AP Failover Priority Enable 802.1x and WPA/WPA2 on WLAN
Enable AP Multicast Mode Enable 802.1x authentication for AP
Enable Multicast VLAN Change advance EAP timers
Enable Pre-image download
INFRASTRUCTURE
BEST PRACTICES (AirOS)
SECURITY
Enable AVC Disable Management Over Wireless
Enable NetFlow Disable WiFi Direct
Enable Local Profiling (DHCP and HTTP) Secure Web Access (HTTPS)
Enable NTP Enable User Policies
Modify the AP Re-transmit Parameters Enable Client exclusion policies
Enable FastSSID change Enable rogue policies and Rogue Detection RSSI
Enable Per-user BW contracts Strong password Policies
Enable Multicast Mobility Enable IDS
Enable Client Load balancing BYOD Timers
Disable Aironet IE
FlexConnect Groups and Smart AP Upgrade Disable 802.11b data rates
Restrict number of WLAN below 4
Set Bridge Group Name Enable channel bonding 40 or 80 MHz
WIRELESS / RF
Set Preferred Parent Enable BandSelect
Multiple Root APs in each BGN Use RF Profiles and AP Groups
Set Backhaul rate to "Auto"
MESH
WLC WLC
2. WLCCA CAA
WLAN Express Upgrade
App Audit
Engage Config Cisco
Setup Workflow Analyzer Active Advisor
7.6 MR2, 8.0, 8.1 8.1
Best Practices defaults, Audit Page on Upgrade, Windows Executable Free, cloud based service
RF Parameter Optimisation, One-click Fix It, show run-config Based Agentless nothing to
Network Profiles Manual Config Option Analyzer Tool download
Optimum starting point at Day 0/1 Downloadable client Cisco Personalized device
network setup Compliance metric and reporting health score
natively on WLC Configuration stays local
RF parameter setting Ease of use Compare your wireless network
Identify missing best practice Simplified operational use to configuration to Ciscos
Enhanced performance, security, configuration on upgrade quickly identify and and fix recommended best practices
resiliency with best practice problem areas
recommendations turned on boot Easy one-click fix It option to turn Automated Inventory
up time on Best Practice Knobs RF Health metrics, IOS Support, Management and Network
Mobility Group support
Restore Defaults to revert Scanning
configuration to default
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 148
WLAN Express Setup
7.6 MR2, 8.0
8.1
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 149
WLC WLAN Express Setup Best Practices Day 0/1
Best Practice Knobs Best Practice Knobs
8.5
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 151
WLC Config Analyser Per Controller Compliance
Best Practices categorized
into
General
AP
Mobility
RF
Security
Voice
Mesh
Flex
0-40% Red
Per-Controller Compliance
Level for Each category 41-80% Yellow
Latest @ https://upload.cisco.com/cgi-bin/swc/fileexg/main.cgi?CONTYPES=wlc-conf-app-dev
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 152
Summary Key Takeways
Take advantage of the standards (CAPWAP, DTLS,802.11 i, e, k, r..) and the
Apple+Cisco relationship
Wide range of architecture / design choices amd High Availability
Brand new controllers (WLC3504, WLC5520, WLC8540, vWLC) portfolio with
investment protection
Take advantage of innovations from Cisco (11ac wave2, Flexible Radio
Architectrure (FRA), CleanAir, BandSelect, ClientLink, Security, CCX,
FlexConnect, etc)
Ciscos investment into technology Cisco Prime, ISE, New hardware and
CMX
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 153
Cisco Wireless LAN Documentation
INSTALLATION GUIDES RADIO CONFIGURATION CLIENT ADDRESSING POLICY ENGINE
5520 WLC 802.11r BSS Fast Transition Bi-Directional Rate Limiting AVC
8540 WLC Adaptive wIPS Flex AP-EoGRE Tunnel Gtwy Bonjour
AP1570 ATF Ph 1 & 2 IPv6 Chromecast
AP1810 OE CleanAir Jabber Device Classification
AP1810W Wall Plate CMX FastLocate Jabber and UCM Domain Filtering
AP1850 High Density Microsoft Lync mDNS Gateway w/Chromecast
AP2700/3700 Rogue Management Passpoint Configuration Wireless Device Profiling & Policy Classification
AP2800/3800 RRM RF Grouping Algorithm Real-Time Traffic Over WLAN BEST PRACTICES
AP702W RRM White Paper VideoStream Apple Devices
APIC-EM Wireless AP PnP Vocera IP Phone in WLAN Enterprise Mobility Design Guide
ENCRYPTION
Flex7500 WLC VoWLAN Troubleshooting High Availability (SSO)
BYOD for FlexConnect
Mesh APs HyperLocation
BYOD with ISE
Mobility Express iPhone 6 Roaming
Security Integration
Smart Licensing N+1 High Availability
Univ. AP Regulatory Domain WLAN Express
Virtual WLC WLC Configuration Best Practices
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 154
Click - https://www.youtube.com/user/CiscoWLAN/
VoD Links
Faster Innovation
Cisco CMX Solution https://www.youtube.com/watch?v=KQRb8vfU0qM Fastlane App Demo
https://www.youtube.com/watch?v=N1QMUcv3aRQ
CMX Hyperlocation vs RSSI Demo
https://www.youtube.com/watch?v=6ls7EHbSK4A Cisco APIC-EM Wireless PnP Demo
https://www.youtube.com/watch?v=_9P2-bU66PU
Reduce Cisco Dual 5GHz Wi-Fi https://www.youtube.com/watch?v=mbpjiETvDXc
Cisco Aironet Plug and Play Cloud Redirection
https://www.youtube.com/watch?v=W7fBZ6xfSxw
Cost & Cisco Aironet AP-3800 RF Excellence
https://www.youtube.com/watch?v=dBpGsTKeyNM&t=64s
Wireless LAN Controller Dashboard Review
Complexity https://www.youtube.com/watch?v=af09TBaafRI&feature=youtu.be
Digital Network Architecture with Wave2 with 802.11ac
https://www.youtube.com/watch?v=ySjN13hPhXY&t=2s
Cisco Wireless Mobile App
https://www.youtube.com/watch?v=HyvZ4mbVAWs
Cisco Aironet Series Flexible Radio Assignment
https://www.youtube.com/watch?v=K_-BykT_YIM
WLC Advanced UI Client Troubleshooting
https://www.youtube.com/watch?v=dZVxI6jOx_Q
TechWiseTV: Apple and Cisco: Fast-Tracking the Mobile Enterprise
https://www.youtube.com/watch?v=bh8rEvrzm7Y&feature=youtu.be
Lower ISE Simplified Wireless Setup
https://www.youtube.com/watch?v=A3F2DrFu7Lo&feature=youtu.be
Prioritized Business Apps
https://www.youtube.com/watch?v=z0EOKNxL964&feature=youtu.be Risk
Cisco Wireless TrustSec Demo
https://www.youtube.com/watch?v=A3F2DrFu7Lo&feature=youtu.be
Apple and Cisco: Three Solutions Coming Together
https://www.youtube.com/watch?v=7MgsDkf55wQ&feature=youtu.be
Cisco Wireless Netflow Lancope Integration Demo
https://www.youtube.com/watch?v=TuWYkrt94CQ
WiFi Optimized Feature
https://www.youtube.com/watch?v=xgPfxAolJoQ&feature=youtu.be
OpenDNS Integration with WLC
https://www.youtube.com/watch?v=cMdX8sBBYG4
Complete Your Online Session Evaluation
Please complete your Online
Session Evaluations after each
session
Complete 4 Session Evaluations &
the Overall Conference Evaluation
(available from Thursday) to receive
your Cisco Live T-shirt
All surveys can be completed via
the Cisco Live Mobile App or the
Dont forget: Cisco Live sessions will be available
Communication Stations for viewing on-demand after the event at
CiscoLive.com/Online
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 157
Continue Your Education
Demos in the Cisco campus
Walk-in Self-Paced Labs
Lunch & Learn
Meet the Engineer 1:1 meetings
Related sessions
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 158
Call to Action: Learning more about IPv6
LTRSEC-3004 Advanced IOS IPSec VPN with FlexVPN hands-on Lab Tue 09:00:00
BRKIP6-2616 Addressing Networking challenges with latest Innovations in IPv6 Tue 11:15:00 Lunch and Learn:
BRKRST-2337 OSPF Deployment in Modern Networks Tue 11:15:00 IPv6 in the Enterprise: Tue 13:00
BRKEWN-2010 Design and Deployment of Enterprise WLANs Tue 14:15:00
BRKSEC-2501 Deploying AnyConnect SSL VPN with ASA5500 Tue 14:15:00 All Things IPv6: Wed 13:00
LTRRST-2005 Introductory - LISP Cloud extension, VPN and DC Mobility Tue 14:15:00
BRKRST-2116 Intermediate - IPv6 from Intro to Intermediate Tue 14:15:00
BRKRST-2022 IPv6 Routing Protocols Update Tue 16:45:00
Experiment with IPv6-only WiFi:
BRKSPG-2061 IPv6 Deployment Best Practices for the Cable Access Network Wed 09:00:00 SSID: CL-NAT64
BRKRST-3045 LISP - A Next Generation Networking Architecture Wed 09:00:00
LABSPG-7122 Advanced IPv6 Routing and services lab Wed 09:00:00
WPA passphrase: cl-nat64
BRKSEC-3200 Advanced IPv6 Security Threats and Mitigation Wed 11:30:00 SLAAC + stateless DHCP
BRKIPM-2239 Multicast and Segment Routing Wed 14:30:00
NAT64 included to access legacy
BRKIP6-2002 IPv6 for the World of IoT Wed 16:30:00
LABIPM-2007 Intermediate - IPv6 Hands on Lab Thu 09:00:00
BRKSEC-3003 Advanced IPv6 Security in the LAN Thu 11:30:00
Ask all World of Solutions exhibitors for
BRKRST-2336 EIGRP Deployment in Modern Networks Thu 11:30:00
their IPv6 support
LABSPG-7122 Advanced IPv6 Routing and services lab Thu 14:00:00
BRKRST-2045 BGP operational security best practices Thu 14:30:00
BRKCOL-2020 IPv6 in Enterprise Unified Communications Networks Thu 14:30:00 DevNet Zone: IPv6 Content Networking
LABIPM-2007 Intermediate - IPv6 Hands on Lab Fri 09:00:00
BRKRST-2301 Intermediate - Enterprise IPv6 Deployment Fri 09:00:00 + ask other demos
BRKSPG-2602 IPv4 Exhaustion: NAT and Transition to IPv6 for Service Providers Fri 11:30:00
BRKEWN-2010 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 159
Q&A
Thank You