Embrace the BYOD wave and explore the untapped potential of your wireless controllers. In this session, you will learn how the features in controller code release 7.2 - 7.4, can help you scale up your wireless deployment and open the door to a world of new potential. Topics will include: Application Visibility and Control (AVC), Flex Connect, IPv6, Identity Services Engine integration and other configuration best practices.
6. AP Comparison Chart
3600 Series 2600 Series 1600 Series 600 Series
Max Data Rate 1.3 Gbps 450 Mbps 300 Mbps 300 Mbps
Radio Design MIMO:Spatial
Stream
11n: 4x4:3
11ac: 3x3:3
3X4:3 3X3:2 2X3:2
Module Option
802.11ac or Security Monitor
(FCS Q1CY13)
CleanAir ✔ ✔ Software based
ClientLink
ClientLink 2.0
EBF for 802.11ac
ClientLink 2.0 ClientLink 2.0
Max No. of ClientLink Clients ** 128 128 32
BandSelect ✔ ✔ ✔
VideoStream ✔ ✔ ✔
Rogue AP Detection ✔ ✔ ✔
Adaptive wIPS ✔ ✔ ✔ ✔
OfficeExtend ✔ ✔ ✔ ✔
FlexConnect ✔ ✔ ✔ ✔
Data Uplink (Mbps) 10/100/1000 10/100/1000 10/100/1000 10/100/1000
Power
11n: 802.3af, 11ac: Enhanced
PoE, 802.3at or UPoE
802.3af, AC Adapter 802.3af, AC Adapter
100 to 240 VAC, 50-60
Hz
Temperature Range
(i) 0 to 40° C
(e) -20 to 55°C
(i) 0 to 40° C
(e) -20 to 55°C
(i) 0 to 40° C
(e) -20 to 50°C
0 to 40°C
7. And if you really wanted to know…
• AP 1600 (left) vs AP 2600 (right)
8. AP3502 vs AP2600
• The AP2600 surpasses the
AP3502 in performance for $200
less
• AP2602 = $1,195CDN list
• AP3502 =$1,395CDN list
11. “State of the union”
• 7.0.240.0
Last long-lived maintenance release
End of the line for 4400/WISM1
• 7.2.115.1
The BYOD release support for the Identity Services Engine (ISE), 802.11r (fast roaming)
• 7.3.112.1
High availability, Virtual Controller (vWLC), Bi-Directional Rate Limiting, + ISE http sensor, CA interop
• 7.4.100.60
Application Visibility & Control, Bonjour Gateway Phase 1, 802.11k (neighbor list), 2500 improvements
12. WLC 8500
Target customer - SP
802.11r
L2 Fast Roaming
ISE - Flex integration
Flex / Local Mode parity with
ISE
Outdoor AP Integrated
Antenna
AP 2600
802.11n G2
AP1600
802.11n G2
HA - AP SSO
HA Licensing
Scale Flex7500
6K APs
Virtual Controller
AP3600
WSSI Module
FlexConnect Split Tunneling
802.11r – Flex Modes
Bi-directional rate-limiting
Voice/Video:
11n CAC
Local and
FlexConnect support on 1552
APs
Outdoor AP Honeywell
integration
Outdoor AP
Uni Band Antenna
Application visibility and control
(AVC)
Bonjour Services Directory –
phase 1
AP neighbor list
Subset of 802.11k
Scale WLC 2500
Guest Anchor on WLC2500
LAG on Flex7500, WLC 8500,
WLC 2500
**Voice Enterprise Certification targeted on a special release – FCS beyond 7
HA Licensing, N:1
PMIPv6 on WLC
Executed
7.2MR1 7.3 7.4
May 2012 September 2012 December 2012
S/W Release
UnifiedAccess
WLANInfrastructure
802.11w
Protected Mgmt Frame
WLC Code
13. 7.2
• ISE Registration & Profiling (COA)
• ISE DHCP Sensor
• External Web-Auth for Flex Connect Local
Switching
• 802.11r
• 1552i/1552s support
• RF Profiles !
• NOT supported are any 4400’s or WISM1’s
14. ISE, ISE baby…
Scenarios ISE 1.0 + WLC 7.0.116 ISE 1.1 + WLC 7.2
802.1X Auth Yes Yes
802.1X with Posture Yes Yes
Profiling Yes (802.1X only) 802.1x and Non-802.1X
Local Web Auth (LWA) Yes Yes
Central Web Auth (CWA) No Yes
MAC Filtering Open Auth
for Radius NAC WLAN
No Yes (LWA and CWA)
CoA 802.1x (VLAN, ACL) • 802.1x (VLAN/ACL)
• LWA/CWA (ACL*)
Posture for Guest No Yes
Device Registration No Yes
SXP No Yes
15. RF Profiles
• Per AP control of data rates
TIP:
Don’t disable MCS 0-15 if you are
running 20MHz wide channels.
Otherwise you will run into problems
with OSX’s 64bit radio drivers.
16. RF Profiles
• Tune RRM
TIP:
Great for dealing with
challenging RF
environments, or trying
to make the most out of
older deployments that
are co-located with
newer high density
designs.
19. 7.3
• Virtual Controller (vWLC)
• AP SSO (High Availability)
• ISE HTTP Sensor
• Bi Directional Rate Limiting
• Out of Box RF Profiles
• SIP Snooping
• AP2600 support
• SP WIFI features get started (PMIPv6 MAG,
Passpoint HotSpot 2.0)
20. Standby WLC
Redundancy Role Negotiation
Redundancy Link Established
(Over dedicated Redundancy Port)
AP Information and Config SyncKeep-Alive failure/Notify Peer
Client re-
associates
Client
Associate
AP Join AP session intact. Does
not re-establish capwap
Switch
Effective downtime for client is
Detection time + Switchover
time + Client Association time
Active WLC
Stateful HA with APSSO
22. Virtual Controller (vWLC)
Product Scope Target Market
• 5 to 200 AP support, 3,000 clients
• One AP adder license
• FlexConnect mode only
• Support on VMware ESX/ESXi at
FCS (similar to NCS and MSE)
• Support on Cisco UCS C-Series and
B-Series and equivalent servers
• Mid-market with spare compute platform
• Alternative to Flex 7500 for
customers with fewer branches
• Partner/MSP-hosted Wi-Fi service
• NOT for large campus
Pricing
• Base SKU (with five AP licenses) = $750
• One AP Adder license = $150
23. Out of box AP mode
• Ever need to
ensure that newly
installed AP’s
come up with their
radios disabled?
We can do that
now.
• No longer do you need
to use WLAN index’s
>16 and AP groups to
hide your SSIDS from
newly installed APs J
24. New Mobility Architecture & Converged Access Interop
• Converged access
(3850/5760)
moves mobility
messaging and
anchoring away
from EOIP…
• Now in CA,
mobility is handled
by CAPWAP as
well!
25. 7.4
• Application Visibility & Control (AVC)
• Bonjour Services Directory
• 802.11k (AP neighbor list)
• WLC2504 higher scale
• Guest anchor on 2504
• LAG on 7510,8510,2504
• AP1600 support
• MSE licensing now by AP count, not device
count
26. Real Time
Interactive
Non-Real Time
Background
NBAR2 LIBRARY
Deep Packet inspection
NETFLOW (STATIC TEMPLATE)
provides Flow Export
POLICY
Packet Mark and Drop
Traffic
CISCO PRIME 2.0
TROUBLESHOOTINGCAPACITY PLANNINGCOMPLIANCE
THIRD PARTY NETFLOW
COLLECTOR
What is Application Visibility & Control?
27. • 1000 + applications can be detected by default
AVC Application – Controller GUI
31. Bonjour
• Apple service discovery protocol
• mDNS packets advertise and discover services
clients
• Does not cross subnets or VLANs.
Result: Clients can’t see services on other subnets
The Protocol Problem…
32. CAPWAP Tunnel
Apple TV
224.0.0.251
Bonjour is Link-Local Multicast and can’t be
Routed
224.0.0.251
VLAN X
VLAN X
VLAN Y
• Bonjour is link local multicast and thus forwarded on Local L2 domain
• AirPlay (Apple TV) and AirPrint supported only on a single VLAN
• mDNS operates at UDP port 5353 and sent to the reserved group addresses:
IPv4 Group Address – 224.0.0.251
IPv6 Group Address – FF02::FB
Deployment Challenges
33. Bonjour GW on WLC
• Step 1 – Listen for Bonjour Services
CAPWAP Tunnel
AirPrint
Apple TV
VLAN 23
Bonjour Advertisement
VLAN 20
VLAN 99 iPad
AirPlay Offered
AirPrint
Offered
Bonjour Advertisement
• In 7.4 Bonjour Services with mDNS gateway on the controller don’t require multicast services to be enabled.
34. Bonjour GW on WLC
• Step 2 – Bonjour Services cached on Controller
CAPWAP Tunnel
AirPrint
Apple TV
VLAN 23
VLAN 20
VLAN 99 iPad
AirPlay Offered
AirPrint
Offered
Bonjour Cache:
AirPlay – VLAN 20
AirPrint – VLAN 23
With deployment of mDNS gateway Bonjour Services don’t flood subnet with mDNS advertisements
35. Bonjour GW on WLC
• Step 3 – Listen for Client Service Queries for Services
CAPWAP Tunnel
AirPrint
Apple TV
VLAN 23
VLAN 20
VLAN 99 iPad
Bonjour Cache:
AirPlay – VLAN 20
AirPrint – VLAN 23
Is AirPlay Offered?
Bonjour Query
WLC will snoop all Bonjour discovery packets and will not forward the same on AIR or Infra network
36. Bonjour GW on WLC
• Step 4 – Respond to Client Queries for Bonjour Services
CAPWAP Tunnel
AirPrint
Apple TV
VLAN 23
VLAN 20
VLAN 99 iPad
Bonjour Cache:
AirPlay – VLAN 20
AirPrint – VLAN 23
Bonjour Response From
Controller
Only Clients that require Bonjour services will receive those services
37. Bonjour Services Directory Policy Capabilities
The Bonjour Policy
Profile is a list of allowed
network applications.
(i.e. AirPlay or Printing)
Per WLAN
Per VLAN (AP
Group)
Per Interface
Group
Enforced via Multiple Methods
AirPrint AirPlay File
Share
Service Policy
The Bonjour service profile provides
filtering to allow only certain WLANs,
Interfaces or Interface Groups to access
specific service types.
41. What code version should I be running?
• The answer is that it all depends…
It’s been a wild ride over the last year with TONS of new features in code.
Not everyone needs to run the latest greatest code
If it ain’t broke – don’t fix it J
• That being said…
Most of the university customers I work with are running 7.3_esc (means TAC escalation image)
Most are awaiting the first maintenance release of 7.4
The 7.4_MR1 is due out within a month (Yes there is a BETA of the MR out now)
This show was brought to you by that BETA release J
42. Stats from THIS show…
33 APs
• 243 Clients
• Public 2.4
103 Clients
• Public 5
78 Clients
43. Stats from THIS show…
• By 10am
1.8GB down
• 53% HTTP
• 21% SSL
• Etc…
45. What’s all the FUS about?
• Field Upgradeable Software
Important low-level software upgrades to the
controllers hardware (FPGA, etc)
Pay attention to release notes as to requirements
for FUS.
Not often is FUS needed, but as was the case
with 7.4, if no FUS was applied AVC would not
work on some platforms (such as 2504).
47. Excellent resources if times get tough…
• Controller System Message Guide
http://www.cisco.com/en/US/docs/wireless/controller/7.4/message/guide/sysmsg.pdf
• Reason Codes
https://supportforums.cisco.com/docs/DOC-14033
• WLAN Controller Command Reference
http://www.cisco.com/en/US/docs/wireless/controller/7.4/command/reference/consolidated/
b_cr74_CONSOLIDATED.pdf
“This is the sample pull quote.
This can be used for long quotes
or short. We have also removed
the bottom content bar from this
slide as well.”
Source Information
48. Excellent resources
• Inter-Release Controller Mobility (found in software compatibility doc)
“This is the sample pull quote.
This can be used for long quotes
or short. We have also removed
the bottom content bar from this
slide as well.”
Source Information
49. Excellent resources
• Prime compatibility
“This is the sample pull quote.
This can be used for long quotes
or short. We have also removed
the bottom content bar from this
slide as well.”
Source Information
53. 802.11ac – The next Step in Wi-Fi
Next gen multi-gigabit Wi-Fi – spec’d up to 6.9
Gbps
1997 1999 2003 2007
1SS
8SS
54. • The
next
genera+on
of
wireless
building
upon
802.11n,
designed
to
provide
be6er
bandwidth
and
be6er
coverage
• Focused
on
driving
wireless
data
rates
from
1Gbps,
up
to
6.9Gbps
802.11ac compared with 802.11n
Feature 802.11n Standard 802.11ac Draft 2
Band supported 2.4 GHz and 5 GHz 5 GHz only
PHY Rate
MAC Throughput*
65 Mbps - 600a Mbps
45* Mbps - 420* Mbps
290 Mbps - 6.9a Gbps
194* Mbps - 4.8* Gbps
# of Spatial Streams 4a 8a
Modulation 64 QAM 256 QAM
Channel Width 20, 40 MHz 20, 40, 80, 80+80, 160 MHz
MIMO Single User MIMO Multi User MIMO
802.11 protocol support b,g,n and a,n a, ac, n
* : MAC throughput calculated @ 70% the defined PHY capability
a : Theoretical Maximum as per the respective standards/specifications
57. • A field-upgradable 802.11ac module add-on to the AP3600
• 802.11ac Wave 1 – 5 GHz AP3600 Module
5 GHz radio module
Supporting 802.11a and n clients along with ac clients
1.3 Gbps PHY / ~1 Gbps MAC (throughput)
3 Spatial Streams, 80 MHz, 256 QAM
Explicit Beamforming support as per the 802.11ac standard
• AP3600 maintains dual-band support 2.4 and 5 GHz
Supporting b/g/n on 2.4 GHz and a/ac/n on 5 GHz
• Power requirement with the 802.11ac Module installed
Power draw with 802.11ac Module exceeds 15.4 Watts (802.3af), and will require either:
Enhanced PoE, 802.3at PoE+, Local Supply or Power Injector 4
• Universal Mounting Brackets (Bracket-2) required, or Ceiling Mounting
Brackets (Bracket-3)
Module specifics…
58. Complete Your Paper
“Session Evaluation”
Give us your feedback and you could win
1 of 2 fabulous prizes in a random draw.
Complete and return your paper
evaluation form to the room attendant
as you leave this session.
Winners will be announced today.
You must be present to win!
..visit them at BOOTH# 100