More Related Content Similar to Wireless Branch Office Network Architecture (20) More from Cisco Mobility (8) Wireless Branch Office Network Architecture2. Abstract
This session focuses on the architecture concepts
of the branch office WLAN deployments,
emphasising the core technologies that drive and
enable mobility in retail, banking, education,
entreprise or managed wlan services. Topics
covered include in-depth protocol description of H-
Reap/FlexConnect, all deployment options in
practice, and are based on customer case studies
for their application into the branch environment.
BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
3. Deploying Cisco’s FlexConnect
Wireless Branch Solution
Increases Business Resiliency
BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
4. Agenda
Cisco Unified Wireless Principles (Reminder)
Branches Using Remote Controllers
Understanding H-REAP Mode and Limitations
Understanding AP Groups and H-REAP Groups
Designing a Resilient Network
Operating an H-REAP–Based Branch Network
Retail Case Study
BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
5. Agenda
Cisco Unified Wireless Principles
Branches Using Remote Controllers
Understanding H-REAP Mode and Limitations
Understanding AP Groups and H-REAP Groups
Designing a Resilient Network
Operating an H-REAP–Based Branch Network
Retail Case Study
BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
6. Cisco Unified Wireless Principles
WCS
Components
• Wireless LAN controllers
• Aironet access points Wireless LAN
Controllers
• Management System (WCS)
MSE
• Mobility Service Engine
(MSE)
Campus
Principles Network
• AP must have CAPWAP
connectivity with WLC
• Configuration Aironet
downloaded to AP by WLC Access Point
• All Wi-Fi traffic is
forwarded to the WLC
BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
7. Agenda
Cisco Unified Wireless Principles (Reminder)
Branches Using Remote Controllers
Understanding H-REAP Mode and Limitations
Understanding AP Groups and H-REAP Groups
Designing a Resilient Network
Operating an H-REAP–Based Branch Network
Retail Case Study
BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
8. Branch Designs Using Remote Controllers
Overview
Central Site Backup Central
Branches can also have Controller
local remote controllers
Small form factors WLC
are available to have
« small campus » :
WLC-25xx or integrated WAN
controller modules in
ISR/ISR-G2 WLC-25xx WLCM for
ISR/ISR-G2
High-availability design
with central backup
controller is supported;
WAN limitations may
apply
Remote Site A Remote Site B
BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
9. Branch Designs Using Remote Controllers
Advantages
Cookie cutter configuration for every branch site
Layer-3 roaming within the branch
ACL in the branch site
Peer to peer blocking
WGB support
Reliable Multicast (filtering)
Dynamic VLAN
Note: If you have ISR/ISR G2 at branch site then it is recommended to
use the IOS Firewall at edge for unified access policies.
BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
10. Agenda
Cisco Unified Wireless Principles (Reminder)
Branches Using Remote Controllers
Understanding H-REAP Mode and Limitations
Understanding AP Groups and H-REAP Groups
Designing a Resilient Network
Operating an H-REAP–Based Branch Network
Retail Case Study
BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
11. CAPWAP Overview
Control and Provisioning of Wireless Access Point
CAPWAP is a standard, interoperable protocol that enables an
Access Controller (AC) to manage a collection of Wireless
Termination Points (WTPs)
CAPWAP carries control and data traffic between the two
Control plane is DTLS encrypted
Data plane is DTLS encrypted (optional)
CAPWAP supports only Layer 3 mode deployments
Business
Application
Data Plane
Access
Point CAPWAP Controller
Wi-Fi Client
Control Plane
BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
12. CAPWAP Modes
Split MAC
The CAPWAP protocol supports two modes of
operation
Split MAC (Centralized Mode)
Local MAC (H-REAP/FlexConnect)
Split MAC
Wireless Frame
Wireless Phy CAPWAP
MAC Sublayer Data Plane 802.3 Frame
STA WTP AC
BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
13. CAPWAP Modes
Local MAC
Local MAC mode of operation allows for the data
frames to be either locally bridged or tunneled as
802.3 frames
Locally bridged
Wireless Frame
Wireless Phy
MAC Sublayer 802.3 Frame
STA WTP AC
H-REAP support locally bridged MAC and split
MAC per SSID
BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
14. CAPWAP Modes
Local MAC
Local MAC mode of operation allows for the data
frames to be either locally bridged or tunneled as
802.3 frames
Tunneled as 802.3 frames
Wireless Frame 802.3 Frame
Wireless Phy CAPWAP
MAC Sublayer Data Plane 802.3 Frame
STA WTP AC
Tunneled local MAC is not supported by Cisco
BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
15. H-REAP Glossary
Connected mode – When H-REAP can reach
Controller (connected state), it gets help from
controller to complete client authentication.
Standalone mode – When controller is not
reachable by H-REAP, it goes into standalone state
and does client authentication by itself.
Local Switching – Data traffic switched onto local
VLANs for an SSID
Central Switching – Data traffic tunneled back to
WLC for an SSID
BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
16. Branch Office Deployment
HREAP – Hybrid Remote Edge Access Point
Central Site
Hybrid architecture Cluster of
Centralized WLC
Single management Traffic
Centralized
and control point Traffic
Data Traffic Switching
Centralized traffic
(split MAC)
Or
WAN
Local traffic (local MAC)
HA will preserve local
Local
traffic only Traffic
Traffic Switching is
Remote
configured per AP and Office
per WLAN (SSID)
BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
17. Configure H-REAP Mode
Step 1: Configure Access Point Mode
Enable H-REAP mode per AP
Supported AP: AP-1130, AP-1240, AP-1040,
AP-1140, AP-1260, AP-1250, AP-3500
BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
18. Configure H-REAP Local Switching
Step 2: Enable Local Switching per WLAN
Only WLAN with “Local Switching” enabled will
allow local switching at the H-REAP AP
BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
19. Configure H-REAP VLAN Mapping
Step 3: H-REAP Specific Configuration
H-REAP AP can be connected on an access port
(using native VLAN) or connected to a 802.1Q
trunk port
VLAN mapping is a per AP configuration on WLC
and by AP group using templates on a WCS
BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
20. Configure H-REAP VLAN Mapping
Step 4: Per AP SSID to VLAN Mapping
Mapping of SSID to 802.1Q VLAN is done per
H-REAP AP
Use WCS for configuration with templates
BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
21. Configure H-REAP VLAN Mapping
Step 4: Using WCS
With WCS, Configuration can be applied to all H-REAP AP
with one template
BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
22. H-REAP Design Considerations
Some WAN limitations apply
RTT must be below 300 ms data (100 ms voice)
Minimum 500 bytes WAN MTU (with maximum four
fragmented packets)
Some features are not available in standalone
mode or in local switching mode
ACL in local switching
MAC/Web Auth in standalone mode
See full list in « H-REAP Feature Matrix »
http://www.cisco.com/en/US/products/ps6366/products_tec
h_note09186a0080b3690b.shtml
BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
23. Economies of Scale for Lean Branches
Flex 7500 Wireless Controller
New
Key Differentiation
WAN Tolerance
• High Latency Networks
Access Points 300-2,000 • WAN Survivability
Clients 20,000 Security
Branches 500 802.1x based port authentication
Access Points / Branch 50 Voice support
Deployment Model FlexConnect • Voice CAC
Form Factor 1 RU • OKC/CCKM
IO Interface 2x 10GE
Upgrade Licenses 100, 200, 500, 1K
BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
24. FlexConnect Improvements in New 7.0.116
WAN Survivability
FlexConnect AP provides wireless access and services to clients
when the connection to the primary WLC fails
Local Authentication
Allows for the authentication capability to exist directly at the AP in
FlexConnect instead of the WLC
Improved Scale
Group Scale: Max HREAP groups increased to 500 (7500s) and 100
(5500s)
APs per Group: 50 (7500s) and 25 (5500s)
Fast roaming in remote branches
Opportunistic Key Caching (OKC) between APs in a branch
BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
25. Agenda
Cisco Unified Wireless Principles (Reminder)
Branches Using Remote Controllers
Understanding H-REAP Mode and Limitations
Understanding AP Groups and H-REAP Groups
Designing a Resilient Network
Operating an H-REAP–Based Branch Network
Retail Case Study
BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
26. Understanding AP Groups
Overview AP Group 1
Central Site
Flex 7500
AP groups is a logical
concept of grouping AP
which deliver similar
Wi-Fi services; these
services can be:
By physical location, WAN
and/or
By functional services Remote Site A Remote Site B
(data, voice, guest, …)
Same AP groups need AP Group 2 AP Group 3
to be defined in all WLC
of a mobility group
BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
27. Understanding AP Groups
Rules to Know
Rules to know :
• One AP can be in only one AP Group
• One WLAN(SSID) can be in several AP Groups
• WLAN with ID 1-16 can not be removed from the ‘default-group’
• WLAN with ID greater than 16 will never be part of the ‘default-
group’
• All AP with no AP Group name or an unknown AP Group name will
be part of the ‘default-group’
Well known mistakes :
• Create no AP group, but create a WLAN with ID 17+.
• Having AP groups defined, Create WLAN with ID 17+ but never
map the WLAN to any AP Group.
BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
30. AP Groups Usage
@ Internet
Per Location SSID Guest-Access
AP Group 1
Central Site
AP groups give the
ability to enable Wi-Fi Corporate-Voice
Services (WLAN)
based on physical
location
Example Corporate-Data
WAN/MAN
Central Site
Corporate-Voice,
Corporate-Data, Manufacturing Plan
Store
Guest-Access
Manufacturing Plan
AP Group 3
Corporate-Voice,
Corporate-Data,
Scanners
Scanners
Store
AP Group 2 Corporate-Data
Corporate-Data,
Guest-Access
Guest-Access
BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
31. AP Groups Usage
Per AP Group SSID to VLAN Mapping
AP groups give the VLAN-1
ability to statically map AP Group 1
Central Site
Wi-Fi service (WLAN) to
VLAN based on VLAN-2
physical location
Users see the same VLAN-3
Wi-Fi service on all sites
but IP@ can be used for WAN/MAN
monitoring or filtering Corporate-Data
Manufacturing
Can also be used to Plan Store
have smaller Wi-Fi AP Group 2 AP Group 3
subnets
Corporate-Data
Corporate-Data
BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
33. AP Groups
Scaling
New
Scaling Flex 7500 WLC 5508 WLC 4400 WLC 2100
# AP Groups 500 500 300 50
# WLAN
512 512 512 512
(SSID)
# VLAN
512 512 512 512
(Interfaces)
BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
34. Understanding H-REAP Groups
Overview
Central Site
Flex 7500
H-REAP groups allow sharing of: Cluster
CCKM/OKC fast roaming keys
Local backup RADIUS servers
IP/keys
Local user authentication
Local EAP authentication WAN
Scaling information Remote Site Remote Site
500 H-REAP groups for Flex 7500
50 AP per H-REAP group H-REAP Group 2
H-REAP Group 1
BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
35. H-REAP Groups and CCKM/OKC Keys
CCKM Keys
CCKM/OKC keys are stored on
Central Site
HREAP APs for Layer 2 fast roaming RADIUS Server
The HREAP APs will receive the
CCKM/OKC keys from the WLC
If a HREAP AP boots up
in the standalone Remote Site WAN
mode, it will not get the H-REAP
Remote Site
CCKM keys from the Group 1 H-REAP
Group 2
WLC and fast roaming
is not supported
BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
36. H-REAP Groups and CCKM Keys
Add a New
H-REAP Group
Add APs to the
H-REAP Group
BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
37. Agenda
Cisco Unified Wireless Principles (Reminder)
Branches Using Remote Controllers
Understanding H-REAP Mode and Limitations
Understanding AP Groups and H-REAP Groups
Designing a Resilient Network
Operating an H-REAP–Based Branch Network
Retail Case Study
BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
38. H-REAP Backup Scenario
WAN Failure
Central Site
H-REAP will backup on local
switched mode
No impact for locally switched SSIDs
Disconnection of centrally switched SSIDs clients
Static authentication keys are locally
WAN
stored in H-REAP AP
Lost features
Remote Site
RRM, WIDS, location, other AP modes
Web authentication, NAC
Application
Server
BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
39. H-REAP Backup Scenario
WLC Failure
H-REAP will first backup on local Central Site
switched mode
No impact for locally switched SSIDs
Disconnection of centrally switched
SSIDs clients
CCKM roaming allowed in
H-REAP group WAN
H-REAP AP will then search
for backup WLC; when backup Remote Site
WLC is found, H-REAP AP will
resync with WLC and Application
Server
resume client session with central
traffic.
Client session with Local Traffic
are not impacted during resync
with Backup WLC.
BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
40. H-REAP Group: Local Backup RADIUS
Backup Scenario
Central Site
Normal authentication is done
centrally Central RADIUS
On WAN failure, AP
authenticate new client with
locally defined RADIUS server
WAN
Existing connected clients
stay connected Local Backup
RADIUS Remote Site
Clients can roam with
CCKM fast roaming, or
Reauthentication
H-REAP Group 1
CCKM Fast Roaming
BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
41. H-REAP Group: Local Backup RADIUS
Configuration
Define primary and secondary local backup
RADIUS server per H-REAP group
BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
42. H-REAP Group: Local Backup Authentication
Backup Scenario
Central Site
Normal authentication is
done centrally Central RADIUS
On WAN failure, AP
authenticate new client with
its local database
Each H-REAP AP has a WAN
copy of the local user DB
Existing authenticated clients Remote Site
stay connected
Clients can roam with:
CCKM fast roaming, or H-REAP Group 1
Local re-authentication
! Only LEAP and EAP-FAST Supported CCKM Fast Roaming
BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
43. H-REAP Group: Local Backup Authentication
Configuration
Define users (max 100) and passwords
Define EAP parameters (LEAP or EAP-FAST)
BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
44. H-REAP Backup Scenario
WAN Down Behavior (Bootup Standalone Mode)
Central Switched WLANs will shutdown
Web-auth WLANs will shutdown
Local Switched WLANs will be up :
Only Open, Shared and WPA-PSK are allowed.
Local 802.1x allowed with local authentication or local
RADIUS
Unsupported features
RRM, CCKM, WIDS, Location, Other AP Mode, NAC.
BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
45. Not Supported Backup Scenario
! AP Changing Mode on Failure
Central Site
AP can not automatically
change from local mode to
H-REAP mode on local WLC
failure
Changing mode is a configuration
task of the AP
WAN
Why it does not make sense
Need for dual configuration at the Remote Site
switch level (access port for central,
802.1Q for H-REAP) Application
Server
Lost controller features
when going to H-REAP
If you accept H-REAP locally,
then don’t but local WLC
! Not Supported Backup Scenario
BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
46. Not Supported Backup Scenario
! Auto-Enabling Backup Local Switching
Central Site
H-REAP AP can not be configured with Primary
Application
two SSID with same name; one in central Server
switching mode, one in local switching
mode; when central switching is down,
local switched SSID becomes active
Changing enable status of an SSID is a WAN
configuration task of the WLC level
Cisco recommends using Local Remote Site
Switching. Why? H-REAP AP
SSID “Data”
(Central Switching)
Fault Tolerance will always keep client Backup
Application
connection UP. Server
SSID “Data”
! Not Supported Backup Scenario (Local Switching)
Disable Enable
BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
47. Failover Matrix
WAN Up WAN Down
Feature
(Connected) (Standalone)
Static Security Keys
Yes Yes
(WEP, WPA2/PSK)
802.1x/EAP Yes Yes
Yes
RADIUS Yes
(local RADIUS Backup)
Local Authentication Yes New Yes
Yes
OKC Fast Roaming Yes New
(not new clients)
WebAuth & MAC Auth Yes No
BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
48. Agenda
Cisco Unified Wireless Principles (Reminder)
Branches Using Remote Controllers
Understanding H-REAP Mode and Limitations
Understanding AP Groups and H-REAP Groups
Designing a Resilient Network
Operating an H-REAP Based Branch Network
Retail Case Study
BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
49. Monitor H-REAP Latency
RTT for H-REAP AP must be 300ms maximum
Latency tool will help monitor WAN latency
BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
50. Upgrading an H-REAP Deployment
Concerns
Sites using H-REAP AP are usually sites with low WAN
bandwidth
Each site may have small number of AP, but an
enterprise may have a lot of branches
Upgrading ~2000 AP through a low bandwidth WAN is a
challenge :
• Time needed to download all the AP firmware
• Exhaust of the WAN link
• Risk of failures during the download
BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
51. Upgrading an H-REAP Deployment
Safe Process
Firmware Image
Use “Pre-Download” 7.0
6.0 7.0
6.0
Primary Secondary
Feature and Control the 7.0
Process Before Effectively Wireless Control Wireless LAN
Do the Upgrade System
Central Site Controller
1.Download WLC upgraded
firmware (will become primary)
2.Force the « boot image »
to be the secondary (and not the
newly upgraded one) to avoid WAN
parallel download of all AP in case
Remote Site-1 Remote Site-N
of unexpected
WLC reboot
BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
52. Upgrading an H-REAP Deployment
Safe Process (Cont…)
Firmware Image
3. « Pre-download » the AP
firmware in the secondary 7.0
6.0 7.0
6.0
« boot image » (will not Primary Secondary
disrupt the actual service)—
Can be started AP per AP to Wireless Control
System
Wireless LAN
Central Site Controller
limit WAN exhaust
4. Check that all the H-REAP
AP are up-to-date (all
download succeed)
5. Swap the « boot image » WAN
of the AP to the new one, AP Firmware Image
Remote Site-1 Remote Site-N
change the « boot image »
of the WLC to the new one
7.0
6.0 7.0
6.0
6. Reboot the controller Primary Secondary
BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
53. Agenda
Cisco Unified Wireless Principles (Reminder)
Branches Using Remote Controllers
Understanding H-REAP Mode and Limitations
Understanding AP Groups and H-REAP Groups
Designing a Resilient Network
Operating an H-REAP–Based Branch Network
Retail Case Study
BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
54. Customer Requirements
~1000 Medium stores (“Supermarket”)
Up to 5 AP per store.
L2 connectivity between the AP. AP on access port (no 802.1Q
trunk today)
Existing local resources (servers, …)
WLAN Services :
SSID for Scanners :
• WPA-PSK will be used on scanners
• Same SSID name for all the stores, but different key per store
• Local Switching in the store
SSID for Laptops :
• WPA/TKIP or WPA2/AES for laptops
• Same SSID name and VLAN for all the stores
• Central RADIUS authentication
• Central Switching
BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
55. RADIUS
CT-5508 Data Center
Cluster
WLAN 17 : Store 1 WLAN 200 : Store-Data
SSID=Scanner SSID=Laptop
WPA-PSK=XYZ WPA/RADIUS
Local VLAN=native Central VLAN=Tag-
…
WLAN 17+N : Store-N
SSID=Scanner
WPA-PSK=ZYX
Local VLAN=native
WAN
Store-1 Store-N
Local Resource Local Resource
1000 Stores
H-REAP H-REAP
SSID-Scanner SSID-Scanner
(Key-Store-1) SSID-Laptop (Key-Store-N) SSID-Laptop
(WPA2) (WPA2)
Scanners Laptops Scanners Laptops
(WPA-PSK) (WPA2) (WPA-PSK) (WPA2)
BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
56. RADIUS
CT-5508 Data Center
Cluster
AP Group 1 : Store 1
WLANs : Store-1
Store-data
…
AP Group N : Store-N
SSID=Scanner
WLANs : Store-N
Store-data
WAN
Store-1 Store-N
Local Resource AP-Group-1 Local Resource AP-Group-N
1000 Stores
H-REAP H-REAP
SSID-Scanner SSID-Scanner
(Key-Store-1) SSID-Laptop (Key-Store-N) SSID-Laptop
(WPA2) (WPA2)
Scanners Laptops Scanners Laptops
(WPA-PSK) (WPA2) (WPA-PSK) (WPA2)
BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
57. Project Scale
1000 Stores with an average of 5 AP per store : 5000 AP
10 x CT-5508-500 to support 5000 AP
1000 Stores means :
• 1000 WLAN profiles with 1000 same SSID for Scanners each with a different
WPA2-PSK key per store (*)
• 1 WLAN profile with same SSID for Laptops with central switching and central
WPA/Radius authentication
• 1000 AP Groups to map the WLAN profiles on each store
Capabilities to be supported by CT-5508-500 for this case study :
• 100 Stores managed by a CT-5508
• 100 different WLAN Profiles with same H-REAP SSID per CT
• 100 AP Groups per CT
• No H-REAP Groups for phase 1
BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
59. Summary
Cisco Unified Wireless Network based on
Controllers deliver Wireless Branch Solution
H-REAP is the feature designed to solve remote
connectivity and WAN constraints
Several Failover Scenario are targeted to offer
Survivability of Small Remote Sites
Deployment Guide URL- http://www.cisco.com/*****
BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
60. Deploying Cisco’s FlexConnect
Wireless Branch Solution
Increases Business Resiliency
BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
62. Visit the Cisco Store for
Related Titles
http://theciscostores.com
BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
63. Complete Your Online
Session Evaluation
Receive 25 Cisco Preferred Access points for each session
evaluation you complete.
Give us your feedback and you could win fabulous prizes.
Points are calculated on a daily basis. Winners will be notified
by email after July 22nd.
Complete your session evaluation online now (open a browser
through our wireless network to access our portal) or visit one
of the Internet stations throughout the Convention Center.
Don’t forget to activate your Cisco Live and Networkers
Virtual account for access to all session materials,
communities, and on-demand and live activities throughout
the year. Activate your account at any internet station or visit
www.ciscolivevirtual.com.
BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
64. BRKEWN-2018 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 64