Embrace the BYOD wave and explore the untapped potential of your wireless controllers. In this session, you will learn how the features in controller code release 7.2 - 7.4, can help you scale up your wireless deployment and open the door to a world of new potential. Topics will include: Application Visibility and Control (AVC), Flex Connect, IPv6, Identity Services Engine integration and other configuration best practices.

1. © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Connect 11© 2012 Cisco and/or its affiliates. All rights reserved.
Toronto, Canada
May 30th ,2013
Wireless Features
And perhaps some best practices… J
Ian Procyk, VE7HHS
Wireless Consulting Systems Engineer
iprocyk@cisco.com

2. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 2
Strap in, as the
next 2hrs is gonna
hustle like this guy
à
This session is aimed at folks who are already
designing/supporting or architecting wireless
networks and assumes at at least some
familiarity with AireOS

3. Agenda
Portfolio review
7.2
7.3
7.4
Tips & Tricks
“In the Year 2000”

4. Are you enabling BYOD & HD Wireless?

5. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 5
INDOORACCESS POINT PORTFOLIO
600 1600 2600 3600
• 2X2 MIMO-2 Spatial Streams
• Local Ethernet Ports
• 3X3 MIMO-2 Spatial Streams
• CleanAir Express (software)
• ClientLink 2.0
• 3X4 MIMO-3 Spatial Streams
• CleanAir
• ClientLink 2.0
• 4X4 MIMO–3 Spatial Streams
• 802.11ac module (planned)
• Security and SI module
• CleanAir
• ClinetLink 2.0

6. AP Comparison Chart
3600 Series 2600 Series 1600 Series 600 Series
Max Data Rate 1.3 Gbps 450 Mbps 300 Mbps 300 Mbps
Radio Design MIMO:Spatial
Stream
11n: 4x4:3
11ac: 3x3:3
3X4:3 3X3:2 2X3:2
Module Option
802.11ac or Security Monitor
(FCS Q1CY13)
CleanAir ✔ ✔ Software based
ClientLink
ClientLink 2.0
EBF for 802.11ac
ClientLink 2.0 ClientLink 2.0
Max No. of ClientLink Clients ** 128 128 32
BandSelect ✔ ✔ ✔
VideoStream ✔ ✔ ✔
Rogue AP Detection ✔ ✔ ✔
Adaptive wIPS ✔ ✔ ✔ ✔
OfficeExtend ✔ ✔ ✔ ✔
FlexConnect ✔ ✔ ✔ ✔
Data Uplink (Mbps) 10/100/1000 10/100/1000 10/100/1000 10/100/1000
Power
11n: 802.3af, 11ac: Enhanced
PoE, 802.3at or UPoE
802.3af, AC Adapter 802.3af, AC Adapter
100 to 240 VAC, 50-60
Hz
Temperature Range
(i) 0 to 40° C
(e) -20 to 55°C
(i) 0 to 40° C
(e) -20 to 55°C
(i) 0 to 40° C
(e) -20 to 50°C
0 to 40°C

7. And if you really wanted to know…
• AP 1600 (left) vs AP 2600 (right)

8. AP3502 vs AP2600
• The AP2600 surpasses the
AP3502 in performance for $200
less
• AP2602 = $1,195CDN list
• AP3502 =$1,395CDN list

9. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 9
1552I
1552E
1552EU
1552C
1552CU
• Integrated Antennas
• Low Power Consumption
• CleanAir
• ClientLink
• External Antennas
• High Power Gain
• Fiber SPF Option
• PoE Out
• CleanAir
• ClientLink
• Integrated DOCSIS 3.0 Cable
Modem
• Cable Plant Powered
• High Power Gain
• CleanAir
• ClientLink
1552H
1552S
• ATEX Certified Class1 / Div2/
Zone2
• Integrated Honeywell Sensor
Gateway (S)
• Fiber SPF Option
• PoE Out
• CleanAir
• ClientLink
OUTDOORACCESS POINT PORTFOLIO

10. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 10
WLANCONTROLLERPORTFOLIO
5500
500 APs
7,000 Clients
WiSM2
1,000 APs 20Gbps
15,000 Clients
8500
6,000 APs
64,000 Clients
2500
75 APs
1,000 Clients
Virtual Controller
200 APs
3,000 Clients
Flex7500
6,000 Aps
64,000 Clients
Cloud
Optimized for Teleworker,
Branch, and Distributed
EnterpriseS
Converged Access
FlexConnect Only
Centralized
and/or
FlexConnect
Cloud
3850
50 APs
2,000 Clients
5760
1,000 APs
12,000 Clients

11. “State of the union”
• 7.0.240.0
Last long-lived maintenance release
End of the line for 4400/WISM1
• 7.2.115.1
The BYOD release support for the Identity Services Engine (ISE), 802.11r (fast roaming)
• 7.3.112.1
High availability, Virtual Controller (vWLC), Bi-Directional Rate Limiting, + ISE http sensor, CA interop
• 7.4.100.60
Application Visibility & Control, Bonjour Gateway Phase 1, 802.11k (neighbor list), 2500 improvements

12. WLC 8500
Target customer - SP
802.11r
L2 Fast Roaming
ISE - Flex integration
Flex / Local Mode parity with
ISE
Outdoor AP Integrated
Antenna
AP 2600
802.11n G2
AP1600
802.11n G2
HA - AP SSO
HA Licensing
Scale Flex7500
6K APs
Virtual Controller
AP3600
WSSI Module
FlexConnect Split Tunneling
802.11r – Flex Modes
Bi-directional rate-limiting
Voice/Video:
11n CAC
Local and
FlexConnect support on 1552
APs
Outdoor AP Honeywell
integration
Outdoor AP
Uni Band Antenna
Application visibility and control
(AVC)
Bonjour Services Directory –
phase 1
AP neighbor list
Subset of 802.11k
Scale WLC 2500
Guest Anchor on WLC2500
LAG on Flex7500, WLC 8500,
WLC 2500
**Voice Enterprise Certification targeted on a special release – FCS beyond 7
HA Licensing, N:1
PMIPv6 on WLC
Executed
7.2MR1 7.3 7.4
May 2012 September 2012 December 2012
S/W Release
UnifiedAccess
WLANInfrastructure
802.11w
Protected Mgmt Frame
WLC Code

13. 7.2
• ISE Registration & Profiling (COA)
• ISE DHCP Sensor
• External Web-Auth for Flex Connect Local
Switching
• 802.11r
• 1552i/1552s support
• RF Profiles !
• NOT supported are any 4400’s or WISM1’s

14. ISE, ISE baby…
Scenarios ISE 1.0 + WLC 7.0.116 ISE 1.1 + WLC 7.2
802.1X Auth Yes Yes
802.1X with Posture Yes Yes
Profiling Yes (802.1X only) 802.1x and Non-802.1X
Local Web Auth (LWA) Yes Yes
Central Web Auth (CWA) No Yes
MAC Filtering Open Auth
for Radius NAC WLAN
No Yes (LWA and CWA)
CoA 802.1x (VLAN, ACL) • 802.1x (VLAN/ACL)
• LWA/CWA (ACL*)
Posture for Guest No Yes
Device Registration No Yes
SXP No Yes

15. RF Profiles
• Per AP control of data rates
TIP:
Don’t disable MCS 0-15 if you are
running 20MHz wide channels.
Otherwise you will run into problems
with OSX’s 64bit radio drivers.

16. RF Profiles
• Tune RRM
TIP:
Great for dealing with
challenging RF
environments, or trying
to make the most out of
older deployments that
are co-located with
newer high density
designs.

17. RF Profiles
• High user count
notification

18. RF Profiles
• Aggressive load
balancing

19. 7.3
• Virtual Controller (vWLC)
• AP SSO (High Availability)
• ISE HTTP Sensor
• Bi Directional Rate Limiting
• Out of Box RF Profiles
• SIP Snooping
• AP2600 support
• SP WIFI features get started (PMIPv6 MAG,
Passpoint HotSpot 2.0)

20. Standby WLC
Redundancy Role Negotiation
Redundancy Link Established
(Over dedicated Redundancy Port)
AP Information and Config SyncKeep-Alive failure/Notify Peer
Client re-
associates
Client
Associate
AP Join AP session intact. Does
not re-establish capwap
Switch
Effective downtime for client is
Detection time + Switchover
time + Client Association time
Active WLC
Stateful HA with APSSO

21. Bi-Directional Rate Limiting

22. Virtual Controller (vWLC)
Product Scope Target Market
• 5 to 200 AP support, 3,000 clients
• One AP adder license
• FlexConnect mode only
• Support on VMware ESX/ESXi at
FCS (similar to NCS and MSE)
• Support on Cisco UCS C-Series and
B-Series and equivalent servers
• Mid-market with spare compute platform
• Alternative to Flex 7500 for
customers with fewer branches
• Partner/MSP-hosted Wi-Fi service
• NOT for large campus
Pricing
• Base SKU (with five AP licenses) = $750
• One AP Adder license = $150

23. Out of box AP mode
• Ever need to
ensure that newly
installed AP’s
come up with their
radios disabled?
We can do that
now.
• No longer do you need
to use WLAN index’s
>16 and AP groups to
hide your SSIDS from
newly installed APs J

24. New Mobility Architecture & Converged Access Interop
• Converged access
(3850/5760)
moves mobility
messaging and
anchoring away
from EOIP…
• Now in CA,
mobility is handled
by CAPWAP as
well!

25. 7.4
• Application Visibility & Control (AVC)
• Bonjour Services Directory
• 802.11k (AP neighbor list)
• WLC2504 higher scale
• Guest anchor on 2504
• LAG on 7510,8510,2504
• AP1600 support
• MSE licensing now by AP count, not device
count

26. Real Time
Interactive
Non-Real Time
Background
NBAR2 LIBRARY
Deep Packet inspection
NETFLOW (STATIC TEMPLATE)
provides Flow Export
POLICY
Packet Mark and Drop
Traffic
CISCO PRIME 2.0
TROUBLESHOOTINGCAPACITY PLANNINGCOMPLIANCE
THIRD PARTY NETFLOW
COLLECTOR
What is Application Visibility & Control?

27. • 1000 + applications can be detected by default
AVC Application – Controller GUI

28. Custom AVC Profiles created to do traffic shaping

29. Stats from UBC (33APs 14days)…

30. Netflow Monitor
• Configuring Netflow Exporter on the Controller and apply to WLAN

31. Bonjour
• Apple service discovery protocol
• mDNS packets advertise and discover services
clients
• Does not cross subnets or VLANs.
Result: Clients can’t see services on other subnets
The Protocol Problem…

32. CAPWAP Tunnel
Apple TV
224.0.0.251
Bonjour is Link-Local Multicast and can’t be
Routed
224.0.0.251
VLAN X
VLAN X
VLAN Y
• Bonjour is link local multicast and thus forwarded on Local L2 domain
• AirPlay (Apple TV) and AirPrint supported only on a single VLAN
• mDNS operates at UDP port 5353 and sent to the reserved group addresses:
IPv4 Group Address – 224.0.0.251
IPv6 Group Address – FF02::FB
Deployment Challenges

33. Bonjour GW on WLC
• Step 1 – Listen for Bonjour Services
CAPWAP Tunnel
AirPrint
Apple TV
VLAN 23
Bonjour Advertisement
VLAN 20
VLAN 99 iPad
AirPlay Offered
AirPrint
Offered
Bonjour Advertisement
• In 7.4 Bonjour Services with mDNS gateway on the controller don’t require multicast services to be enabled.

34. Bonjour GW on WLC
• Step 2 – Bonjour Services cached on Controller
CAPWAP Tunnel
AirPrint
Apple TV
VLAN 23
VLAN 20
VLAN 99 iPad
AirPlay Offered
AirPrint
Offered
Bonjour Cache:
AirPlay – VLAN 20
AirPrint – VLAN 23
With deployment of mDNS gateway Bonjour Services don’t flood subnet with mDNS advertisements

35. Bonjour GW on WLC
• Step 3 – Listen for Client Service Queries for Services
CAPWAP Tunnel
AirPrint
Apple TV
VLAN 23
VLAN 20
VLAN 99 iPad
Bonjour Cache:
AirPlay – VLAN 20
AirPrint – VLAN 23
Is AirPlay Offered?
Bonjour Query
WLC will snoop all Bonjour discovery packets and will not forward the same on AIR or Infra network

36. Bonjour GW on WLC
• Step 4 – Respond to Client Queries for Bonjour Services
CAPWAP Tunnel
AirPrint
Apple TV
VLAN 23
VLAN 20
VLAN 99 iPad
Bonjour Cache:
AirPlay – VLAN 20
AirPrint – VLAN 23
Bonjour Response From
Controller
Only Clients that require Bonjour services will receive those services

37. Bonjour Services Directory Policy Capabilities
The Bonjour Policy
Profile is a list of allowed
network applications.
(i.e. AirPlay or Printing)
Per WLAN
Per VLAN (AP
Group)
Per Interface
Group
Enforced via Multiple Methods
AirPrint AirPlay File
Share
Service Policy
The Bonjour service profile provides
filtering to allow only certain WLANs,
Interfaces or Interface Groups to access
specific service types.

38. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 38
MSE 7.4 Licensing Changes
Q.
• I have a CAS license and would like to upgrade to
software release 7.4. or later. How do we handle CAS
licenses? How does the conversion from endpoint CAS
licenses to access point licenses work?
A.
• Upgrade to the 7.4 release. Existing CAS licenses will be
automatically converted to Location Services (not
Advanced Location Services) licenses based on the
ratio of 50 endpoints to one access point.
For example, 50 CAS licenses will translate to one access point
Location Services license. If the number of deployed access points is
higher than the number of access point Location licenses, you will
receive free conversion licenses for any remaining access points until
the end of July 2013. Based on the scaling guidance, you may need to
purchase additional MSE physical or virtual appliances.

39. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 39
Some tips &
observations…

40. © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40Cisco ConfidentialCisco Connect 40© 2012 Cisco and/or its affiliates. All rights reserved.
“ Wireless Spectrum is your most
valuable resource. Once you run
out, you can’t buy more. Full is
full…”
Jim Florwick, Wireless TME

41. What code version should I be running?
• The answer is that it all depends…
It’s been a wild ride over the last year with TONS of new features in code.
Not everyone needs to run the latest greatest code
If it ain’t broke – don’t fix it J
• That being said…
Most of the university customers I work with are running 7.3_esc (means TAC escalation image)
Most are awaiting the first maintenance release of 7.4
The 7.4_MR1 is due out within a month (Yes there is a BETA of the MR out now)
This show was brought to you by that BETA release J

42. Stats from THIS show…
33 APs
• 243 Clients
• Public 2.4
103 Clients
• Public 5
78 Clients

43. Stats from THIS show…
• By 10am
1.8GB down
• 53% HTTP
• 21% SSL
• Etc…

44. Stats from THIS show…

45. What’s all the FUS about?
• Field Upgradeable Software
Important low-level software upgrades to the
controllers hardware (FPGA, etc)
Pay attention to release notes as to requirements
for FUS.
Not often is FUS needed, but as was the case
with 7.4, if no FUS was applied AVC would not
work on some platforms (such as 2504).

46. Excellent Design / Architecture Resources
• Enterprise Mobility Design Guide 4.1
http://www.cisco.com/en/US/docs/solutions/Enterprise/Mobility/emob41dg/eMob4.1.pdf
• Wireless Software Compatibility Matrix
http://www.cisco.com/en/US/docs/wireless/controller/5500/tech_notes/
Wireless_Software_Compatibility_Matrix.pdf
• Controller Configuration Guide 7.x
http://www.cisco.com/en/US/docs/wireless/controller/7.4/configuration/guides/consolidated/
b_cg74_CONSOLIDATED.pdf
•
High Density Wireless Design Guide
http://www.cisco.com/web/strategy/docs/education/cisco_wlan_design_guide.pdf
Source Information

47. Excellent resources if times get tough…
• Controller System Message Guide
http://www.cisco.com/en/US/docs/wireless/controller/7.4/message/guide/sysmsg.pdf
• Reason Codes
https://supportforums.cisco.com/docs/DOC-14033
• WLAN Controller Command Reference
http://www.cisco.com/en/US/docs/wireless/controller/7.4/command/reference/consolidated/
b_cr74_CONSOLIDATED.pdf
“This is the sample pull quote.
This can be used for long quotes
or short. We have also removed
the bottom content bar from this
slide as well.”
Source Information

48. Excellent resources
• Inter-Release Controller Mobility (found in software compatibility doc)
“This is the sample pull quote.
This can be used for long quotes
or short. We have also removed
the bottom content bar from this
slide as well.”
Source Information

49. Excellent resources
• Prime compatibility
“This is the sample pull quote.
This can be used for long quotes
or short. We have also removed
the bottom content bar from this
slide as well.”
Source Information

50. Cisco ClientLink—Improves Predictability and Performance
Clean Air Has Got Your Back…

51. © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 51Cisco ConfidentialCisco Connect 51© 2012 Cisco and/or its affiliates. All rights reserved.
In the year 2000…

52. What the future holds…

53. 802.11ac – The next Step in Wi-Fi
Next gen multi-gigabit Wi-Fi – spec’d up to 6.9
Gbps
1997 1999 2003 2007
1SS
8SS

54. • The
next
genera+on
of
wireless
building
upon
802.11n,
designed
to
provide
be6er
bandwidth
and
be6er
coverage
• Focused
on
driving
wireless
data
rates
from
1Gbps,
up
to
6.9Gbps
802.11ac compared with 802.11n
Feature 802.11n Standard 802.11ac Draft 2
Band supported 2.4 GHz and 5 GHz 5 GHz only
PHY Rate
MAC Throughput*
65 Mbps - 600a Mbps
45* Mbps - 420* Mbps
290 Mbps - 6.9a Gbps
194* Mbps - 4.8* Gbps
# of Spatial Streams 4a 8a
Modulation 64 QAM 256 QAM
Channel Width 20, 40 MHz 20, 40, 80, 80+80, 160 MHz
MIMO Single User MIMO Multi User MIMO
802.11 protocol support b,g,n and a,n a, ac, n
* : MAC throughput calculated @ 70% the defined PHY capability
a : Theoretical Maximum as per the respective standards/specifications

55. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 55
• The 802.11ac standard will come to market in 2 phases “Waves”
• Each Wave of 802.11ac will require new chip sets - and introduce new HW
* : MAC throughput calculated @ 70% the defined PHY capability
b : Commercial chipset dependent, subset of theoretical max defined in the standard
Feature Wave 1 – 2013 Wave 2 – 2014
PHY Rate
MAC Throughput
290 Mbps - 1.3 Gbps
194* Mbps - 910* Mbps
3.5 Gbps
2.4* Gbps
# of Spatial Streams 3b 4b
Modulation 256 QAM 256 QAM
Channel Width 20, 40, 80 MHz 20, 40, 80, 80+80, 160 MHz
MIMO Single User Multi User
802.11 protocol support a, n, ac a, n, ac
802.11ac: First 2 Waves

56. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 56
802.11ac module antennas fully integrate into
the AP for aesthetics and excellent RF
performance
Leverages same modular architecture as the
Security Monitor Module
How the module fits in

57. • A field-upgradable 802.11ac module add-on to the AP3600
• 802.11ac Wave 1 – 5 GHz AP3600 Module
5 GHz radio module
Supporting 802.11a and n clients along with ac clients
1.3 Gbps PHY / ~1 Gbps MAC (throughput)
3 Spatial Streams, 80 MHz, 256 QAM
Explicit Beamforming support as per the 802.11ac standard
• AP3600 maintains dual-band support 2.4 and 5 GHz
Supporting b/g/n on 2.4 GHz and a/ac/n on 5 GHz
• Power requirement with the 802.11ac Module installed
Power draw with 802.11ac Module exceeds 15.4 Watts (802.3af), and will require either:
Enhanced PoE, 802.3at PoE+, Local Supply or Power Injector 4
• Universal Mounting Brackets (Bracket-2) required, or Ceiling Mounting
Brackets (Bracket-3)
Module specifics…

58. Complete Your Paper
“Session Evaluation”
Give us your feedback and you could win
1 of 2 fabulous prizes in a random draw.
Complete and return your paper
evaluation form to the room attendant
as you leave this session.
Winners will be announced today.
You must be present to win!
..visit them at BOOTH# 100

59. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 59
Thank you.