Professional Documents
Culture Documents
BRKEWN-2010
Cisco Public
Agenda
Controller-Based Architecture Overview Mobility in the Cisco Unified WLAN Architecture Architecture Building Blocks Deploying the Cisco Unified Wireless Architecture
BRKEWN-2010
Cisco Public
Agenda
Controller-Based Architecture Overview Mobility in the Cisco Unified WLAN Architecture Architecture Building Blocks Deploying the Cisco Unified Wireless Architecture
BRKEWN-2010
Cisco Public
Management VLAN
Voice VLAN
Data VLAN
Management VLAN
LWAPP/CAPWAP Tunnel
Voice VLAN
BRKEWN-2010
Cisco Public
LWAPP-enabled access points can discover and join a CAPWAP controller, and conversion to a CAPWAP controller is seamless CAPWAP is not supported on Layer 2 mode deployment
Access Point Wi-Fi Client Data Plane Business Application
CAPWAP
Controller
Control Plane
BRKEWN-2010 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public
CAPWAP Modes
Split MAC The CAPWAP protocol supports two modes of operation
Split MAC (centralized mode) Local MAC (H-REAP)
Split MAC
Wireless Frame Wireless Phy MAC Sublayer CAPWAP Data Plane 802.3 Frame
STA
WTP
AC
BRKEWN-2010
Cisco Public
CAPWAP Modes
Local MAC Local MAC mode of operation allows for the data frames to be either locally bridged or tunneled as 802.3 frames Locally bridged
Wireless Frame Wireless Phy MAC Sublayer
802.3 Frame
STA
WTP
AC
BRKEWN-2010
Cisco Public
CAPWAP Modes
Local MAC Local MAC mode of operation allows for the data frames to be either locally bridged or tunneled as 802.3 frames Tunneled as 802.3 frames
Wireless Frame Wireless Phy MAC Sublayer 802.3 Frame CAPWAP Data Plane 802.3 Frame
STA
WTP
AC
Tunneled local MAC is not supported by Cisco H-REAP support locally bridged MAC and split MAC per SSID
BRKEWN-2010 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public
Discovery
Image Data
DTLS Setup
Run
Join
Config
BRKEWN-2010
Cisco Public
AP Controller Discovery
Controller Discovery Order Layer 2 join procedure attempted on LWAPP APs
(CAPWAP does not support Layer 2 APs) Broadcast message sent to discover controller on a local subnet
Layer 3 join process on CAPWAP APs and on LWAPP APs after Layer 2 fails
Previously learned or primed controllers Subnet broadcast DHCP option 43 DNS lookup
BRKEWN-2010
Cisco Public
10
BRKEWN-2010
11
CISCO-CAPWAP-CONTROLLER.localdomain 192.168.1.2
192.168.1.2
BRKEWN-2010
Cisco Public
12
Option #2 and option #3 allow for two approaches to controller redundancy and AP load balancing: deterministic and dynamic
BRKEWN-2010 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public
13
CAPWAP Join Response: If controller validates AP request, it sends the CAPWAP Join Response indicating that the AP is now registered with that controller
CAPWAP Join Response
BRKEWN-2010
Cisco Public
14
Configuration Phase
Firmware and Configuration Download Firmware is downloaded by the AP from the WLC
Configuration Download
Access Points
LWAPP-L3
Firmware Download
BRKEWN-2010
Cisco Public
15
WLC 5508 supports 6.0, 7.0.98 and 7.0.116 WLC7500, WiSM-2 and WLC2504 only supported in 7.0.116 6.0.202 is the latest MD 7.0.116 will be tested for AssureWave (Blue Ribbon) Please note the current revision of 7.0- 7.0.116.0 which is the recommended one for you today
BRKEWN-2010 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public
16
Agenda
Controller-Based Architecture Overview Mobility in the Cisco Unified WLAN Architecture Architecture Building Blocks Deploying the Cisco Unified Wireless Architecture
BRKEWN-2010
Cisco Public
17
Mobility Defined
Mobility is a key reason for wireless networks Mobility means the end-user device is capable of moving location in the networked environment Roaming occurs when a wireless client moves association from one AP and re-associates to another, typically because its mobile! Mobility presents new challenges:
Need to scale the architecture to support client roaming roaming can occur intra-controller and inter-controller Need to support client roaming that is seamless (fast) and preserves security
BRKEWN-2010
Cisco Public
18
Mobility messages exchanged between controllers Data tunneled between controllers in EtherIP (RFC 3378)
BRKEWN-2010 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public
Controller-C MAC: AA:AA:AA:AA:AA:03 Mobility Group Name: MyMobilityGroup Mobility Group Neighbors: Controller-A, AA:AA:AA:AA:AA:01 Controller-B, AA:AA:AA:AA:AA:02
Ethernet in IP Tunnel
Mobility Group Name: MyMobilityGroup Mobility Group Neighbors: Controller-A, AA:AA:AA:AA:AA:01 Controller-C, AA:AA:AA:AA:AA:03 Controller-A MAC: AA:AA:AA:AA:AA:01 Mobility Group Name: MyMobilityGroup Mobility Group Neighbors: Controller-B, AA:AA:AA:AA:AA:02 Controller-C, AA:AA:AA:AA:AA:03
Mobility Messages
19
Mobility Sub-Domain 3
Ethernet in IP Tunnel Ethernet in IP Tunnel
Mobility Sub-Domain 2
Mobility Messages BRKEWN-2010 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public
20
All this can be on the order of seconds Can we make this faster?
BRKEWN-2010
Cisco Public
21
Roaming Requirements
Roaming must be fast Latency can be introduced by:
Client channel scanning and AP selection algorithms Re-authentication of client device and re-keying Refreshing of IP address
BRKEWN-2010
Cisco Public
22
Eliminating the (re)IP address acquisition challenge Eliminating full 802.1X/EAP reauthentication
BRKEWN-2010
Cisco Public
23
Intra-Controller roam happens when an AP moves association between APs joined to the same controller Client must be reauthenticated and new security session established
BRKEWN-2010
Cisco Public
24
WLC-1
Client database entry with new AP and appropriate security context No IP address refresh needed
BRKEWN-2010
Cisco Public
25
VLAN Z
Client Data WLC-2 Client Database (MAC, IP, QoS, Security) WLC-2
BRKEWN-2010
Cisco Public
26
VLAN Z
Client Data WLC-2 Client Database (MAC, IP, QoS, Security) WLC-2 Foreign Controller
Data Tunnel
BRKEWN-2010
Cisco Public
27
Mobility Group-1
WLC-1 Anchor Controller Pre Roaming Data Path
Mobility Group-2
WLC-2 Foreign Controller
BRKEWN-2010
Cisco Public
29
Roaming: Inter-Controller
Layer 3
L3 inter-controller roam: STA moves association between APs joined to the different controllers but client traffic bridged onto different subnets Client must be re-authenticated and new security session established Client database entry copied to new controller entry exists in both WLC client DBs Original controller tagged as the anchor, new controller tagged as the foreign WLCs must be in same mobility group or domain No IP address refresh needed Symmetric traffic path established -- asymmetric option has been eliminated as of 6.0 release Account for mobility message exchange in network design
BRKEWN-2010 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public
30
Eliminating the (re)IP address acquisition challenge Eliminating full 802.1X/EAP reauthentication
BRKEWN-2010
Cisco Public
31
802.1X authentication in wireless today requires a roaming client to reauthenticate, incurring an additional 500+ ms to the roam
AP2
AP1
32
BRKEWN-2010
Cisco Public
33
BRKEWN-2010
Cisco Public
34
OKC/PKC
Key Data Points
Requires client/supplicant support Supported in Windows since XP SP2 Many ASDs support OKC and/or PKC Check on client support for TKIP vs. CCMP mostly CCMP only Enabled by default on WLCs with WPAv2 Requires WLCs to be in the same mobility group Important design note: pre-positioning of roaming clients consumes spots in client DB In highly controlled test environments, OKC/PKC roam times consistently measure in the 10-20 msec range!
BRKEWN-2010 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public
35
Network latency will have an impact on these times consideration for controller placement With a fast secure roaming technology, roam times under 150 msecs are consistently achievable, though mileage may vary
BRKEWN-2010
Cisco Public
36
BRKEWN-2010
Cisco Public
37
38
Agenda
Controller-Based Architecture Overview Mobility in the Cisco Unified WLAN Architecture Architecture Building Blocks Deploying the Cisco Unified Wireless Architecture
BRKEWN-2010
Cisco Public
39
BRKEWN-2010
Cisco Public
40
BRKEWN-2010
Cisco Public
41
WiSM2
Higher performance
Throughput Concurrent rich-media application flows
100500 10,000 10G 3500 APs and 70,000 Clients 500 1 225W
42
Key Attributes
Best in class performance
Industry-leading encrypted throughput
BRKEWN-2010
Cisco Public
43
Controller Comparison
5500
Number of Access Points Throughput Clients Concurrent AP Upgrades/Joins Network I/O Mobility Domain Size Number of Controllers per Physical Device Power Consumption AP Count Upgrade via Licensing Encrypted Data Link Between AP and Controller OfficeExtend Solution
BRKEWN-2010 2011 Cisco and/or its affiliates. All rights reserved.
WiSM-2
500 Up to 10 Gbps Up to 10,000 Up to 500 Cisco Catalyst 6000 Series Backplane Up to 36,000 APs 1 225W Yes Yes Yes
Cisco Public
12, 25, 50, 100, 250, 500 Up to 8 Gbps Up to 7000 Up to 500 Up to 8 1 Gbps SFPs Up to 36,000 APs 1 125W Yes Yes Yes
44
Key Attributes
Access Points Clients Throughput Deployment Model Form Factor IO Interface Upgrade Licenses 5-50 500 500 Mbps Local and FlexConnect Desktop 4x 1GE 5, 25
Ability to scale the network as you grow with licensing Part of a PCI certified architecture Ability to support various deployment modes
BRKEWN-2010
Cisco Public
45
Access Points Clients Throughput Deployment Model Form Factor Upgrade Licenses Device Supported On
5-10 5-50
Key Attributes
Single Box for branch services Consistency of functionality and management with controllers
500 Mbps Local and FlexConnect SRE (ISM/SM) 5, 25 1941, 2900 and 3900 Series ISR G2
BRKEWN-2010
Cisco Public
46
Cisco CleanAir
BRKEWN-2010
A System-Wide Feature that Uses Silicon-Level Intelligence to Automatically Mitigate the Impact of Wireless Interference, Optimize Network Performance, and Reduce Troubleshooting Costs
2011 Cisco and/or its affiliates. All rights reserved. Cisco Public
47
What Is CleanAir?
Detect and Classify
97 100 63 90 20 35
Uniquely identify and track multiple interferers Assess unique impact to Wi-Fi performance Monitor air quality
Cisco CleanAir
BRKEWN-2010
High-Resolution Interference Detection and Classification Logic Built in to Ciscos 802.11n Wi-Fi Chip Design; Inline Operation with no CPU or Performance Impact
2011 Cisco and/or its affiliates. All rights reserved. Cisco Public
48
What Is CleanAir?
Locate
WCS, MSE
Mitigate
Wireless LAN Controller
Classification processed on access point Interference impact and data sent to WLC for real-time action WCS and MSE store data for location, history, and troubleshooting
Visualize and Troubleshoot
POOR
GOOD
CH 1
CH 11
Cisco CleanAir
BRKEWN-2010
Cisco CleanAir Technology Integrates Interference Information from the AP into the Entire System
2011 Cisco and/or its affiliates. All rights reserved. Cisco Public
49
11n + CleanAir
3500e
New
1040 600
1140
3500i
Carpeted
BRKEWN-2010
Cisco Public
50
Flexible Deployment
Access or Mesh Network, Fiber, UTP or Wireless Backhaul
BRKEWN-2010
Cisco Public
51
1552E
2.4 GHz 5 GHz Type Antenna 802.11 b/g/n 802.11 a/n Standard External
1552H
802.11b/g/n 802.11a/n Hazardous Loc. External
1552C
802.11b/g/n 802. 11a/n Cable Modem Integrated
1552I
802.11b/g/n 802.11a/n Standard Integrated
Cisco Public
52
BRKEWN-2010
Cisco Public
53
Adaptive wIPS
Attack Detection
24x7 Scanning
Over-the-Air Detection
Configuration
wIPS AP Management
Alarm Archival
Capture Storage
Complex Attack Analysis, Forensics, Events
Centralized Monitoring
Historic Reporting
Monitoring, Reporting
Cisco Public
54
Without ELM
Data Serving Monitor Mode
With ELM
Single Data and WIPS AP
BRKEWN-2010
Cisco Public
55
Deployment Recommendation
Option A Option B
Local Mode
WIPS Monitor Mode or CleanAir MM + WIPS MM on CleanAir AP: Recommendation Ratio of 1:5 MMAP to Local Mode APs
BRKEWN-2010
Cisco Public
56
Distributed Enforcement AAA Services Posture Assessment Guest Access Services Device Profiling
Identity Services Engine
57
iPad Template
Custom Template
ISE
1 EAP Authentication 2 Accept with VLAN 30 4 Accept with VLAN 40 VLAN 30 Same-SSID
CAPWAP
Employee
Corporate Resources
BRKEWN-2010
Cisco Public
59
Corporate Internet
BRKEWN-2010
Cisco Public
60
CoA
BRKEWN-2010
Cisco Public
61
BRKEWN-2010
Cisco Public
62
Customizable Profiles
BRKEWN-2010
Cisco Public
63
Agenda
Controller-Based Architecture Overview Mobility in the Cisco Unified WLAN Architecture Architecture Building Blocks Deploying the Cisco Unified Wireless Architecture
BRKEWN-2010
Cisco Public
64
BRKEWN-2010
Cisco Public
65
BRKEWN-2010
Cisco Public
66
Controller Redundancy
Dynamic
Rely on CAPWAP to load-balance APs across controllers and populate APs with backup controllers Results in dynamic salt-and-pepper design Design works better when controllers are clustered in a centralized design Pros
Easy to deploy and configureless upfront work APs dynamically load-balance (though never perfectly)
Cons
More intercontroller roaming Bigger operational challenges due to unpredictability Longer failover times No fallback option in the event of controller failure
Ciscos general recommendation is: Only for Layer 2 roaming Use deterministic redundancy instead of dynamic redundancy
BRKEWN-2010 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public
67
Controller Redundancy
Deterministic
WLAN-Controller-A WLAN-Controller-B WLAN-Controller-C
Pros
Predictabilityeasier operational management More network stability
Primary: WLAN-Controller-A Secondary: WLAN-Controller-B Tertiary: WLAN-Controller-C Primary: WLAN-Controller-B Secondary: WLAN-Controller-C Tertiary: WLAN-Controller-A Primary: WLAN-Controller-C Secondary: WLAN-Controller-A Tertiary: WLAN-Controller-B
More flexible and powerful redundancy design options Faster failover times Fallback option in the case of failover
Con
More upfront planning and configuration
68
Controller Redundancy
Architecture Resiliency
Resiliency
WLAN-Controller-A WLAN-Controller-B WLAN-Controller-C
N:1 Redundancy
WLAN-Controller-1 APs Configured With: Primary: WLAN-Controller-1 Secondary: WLAN-Controller-BKP
WLAN-Controller-n
N:N Redundancy
WLAN-Controller-A APs Configured With: Primary: WLAN-Controller-A Secondary: WLAN-Controller-B
N:N:1 Redundancy
WLAN-Controller-A
WLAN-Controller-B
WLAN-Controller-B
BRKEWN-2010
Cisco Public
69
Si
Si
Si
Si
Primary WLC5508
BRKEWN-2010
70
Si
Si
In case of uplink failure of the primary switch Standby switch Standby becomes the HSRP Switch active HSRP New Active switch HSRP Switch APs are still connected to primary WiSM Traffic flows thru the new HSRP active switch
Cisco Public
BRKEWN-2010
71
Si
Si
Primary WiSM
Secondary WiSM
BRKEWN-2010
Cisco Public
Cisco 5508
BRKEWN-2010
Cisco Public
73
FWSM Active
FWSM Standby
WiSM-2 Active
WiSM-2 Standby
BRKEWN-2010
Cisco Public
74
Controller Redundancy
High Availability High Availability Principles
AP is registered with a WLC and maintain a backup list of WLC AP use heartbeats to validate WLC connectivity AP use Primary Discovery message to validate backup WLC list When AP lose three heartbeats it start join process to first backup WLC candidate Candidate Backup WLC is the first alive WLC in this order: primary, secondary, tertiary, global primary, global secondary AP do not re-initiate discovery process
BRKEWN-2010 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public
Primary WLC
Secondary WLC
75
Controller Redundancy
High Availability with 7.0.116
To Accommodate Both Local and Remote Settings, There Are Configurable Options Provided, so that Administrator Can Fine Tune the Settings Based on the Requirements
New Timers Heartbeat: Fast Heartbeat Timeout: AP Retransmit Interval: AP Retrans with FH Enabled: AP Retrans with FH Disabled: Old Timers-5508 Old Timers-Non-5508
1-30 Seconds 1-10 Seconds 2-5 Seconds 3-8 Times 3-8 Times 12 Seconds
AP Pre-image Download
Access Points
CAPWAP-L3
78
BRKEWN-2010
Cisco Public
79
BRKEWN-2010
Cisco Public
80
AP-Groups
Default AP-Group
The first 16 WLANs created (WLAN IDs 116) on the WLC are included in the default AP-Group Default AP-Group cannot be modified APs with no assignment to an specific AP-Group will use the Default AP-Group The 17th and higher WLAN (WLAN IDs 17 and up) can be assigned to any AP-Groups Any given WLAN can be mapped to different dynamic interfaces in different AP-Groups
WLC 2106 (AP groups: 50), WLC 2504 (AP groups:50) WLC 4400 and WiSM (AP groups: 300), WLC 5508 & WiSM-2 (AP groups: 500), WLC 7500 (AP Groups : 500)
BRKEWN-2010
Cisco Public
81
AP-Grouping in Campus
VLAN 100 VLAN 100 VLAN 100
Access
Si
Si
Si
Si
Si
Si
Distribution
CAPWAP
Core
Si Si
Si
Si
VLAN 100 / 21
Si Si Si
Si
Distribution
Access
Single SSID = Employee
WAN WLC-1
Internet
82
BRKEWN-2010
AP-Grouping in Campus
AP-Group-1
VLAN 60 /23
AP-Group-2
VLAN 70 /23
AP-Group-3
VLAN 80 /23
Access
Si
Si
Si
Si
Si
Si
Distribution
CAPWAP
Core
Si Si
Si
Si
Si
Si
Si
Si
Distribution
Access
Single SSID = Employee
WAN WLC-1
Internet
83
BRKEWN-2010
Default AP-Group
Network Name
Default AP Group
BRKEWN-2010
Cisco Public
84
Multiple AP-Groups
AP Group 1
AP Group 2
AP Group 3
BRKEWN-2010
Cisco Public
85
Interface-Groups
7.0.116
Interface-groups allows for a WLAN to be mapped to a single interface or multiple interfaces Clients associating to this WLAN get an IP address from a pool of subnets identified by the interfaces in round robin fashion Extends current AP group and AAA override, with multiple interfaces using interface groups Controllers WiSM-2, 5508, 7500, 2500 WiSM, 4400 2100 and 2504 Interface-Groups/Interfaces 64/64 32/32 4/4
BRKEWN-2010
Cisco Public
86
Access
Si
Si
Si
Si
Si
Si
Distribution
LWAPP/CAPWAP
Core
Si Si
Si
Si
Si
Si
Si
Si
Distribution
Access
Internet
WAN WLC-1
BRKEWN-2010
87
Interface Group 2
Interface Group 3
BRKEWN-2010 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public
88
BRKEWN-2010
Cisco Public
89
Ethernet II | IPv6
802.11| IPv6
BRKEWN-2010
90
BRKEWN-2010
Cisco Public
91
BRKEWN-2010
Cisco Public
92
BRKEWN-2010
Cisco Public
93
Central Site
Centralized Traffic
Local Traffic
Remote Office
BRKEWN-2010
Cisco Public
94
Some features are not available in standalone mode or in local switching mode
ACL in local switching, MAC/Web Auth in standalone mode, PMK caching (OKC) See full list in H-REAP Feature Matrix http://www.cisco.com/en/US/products/ps6366/ products_tech_note09186a0080b3690b.shtml
BRKEWN-2010
Cisco Public
95
BRKEWN-2010
Cisco Public
96
BRKEWN-2010
Cisco Public
97
BRKEWN-2010
Cisco Public
98
99
Key Differentiation
WAN Tolerance
High Latency Networks Access Points Clients Branches Access Points / Branch Deployment Model Form Factor IO Interface Upgrade Licenses 300-2,000 20,000 500 50 FlexConnect 1 RU 2x 10GE 100, 200, 500, 1K WAN Survivability
Security
802.1x based port authentication
Voice support
Voice CAC OKC/CCKM
BRKEWN-2010
Cisco Public
100
WAN
H-REAP Group 1
BRKEWN-2010
Cisco Public
101
CCKM keys are stored on HREAP APs for Layer 2 fast roaming The HREAP APs will receive the CCKM keys from the WLC If a HREAP AP boots up in the standalone mode, it will not get the CCKM keys from the WLC and fast roaming is not supported
Central Site
RADIUS Server
WAN
BRKEWN-2010
Cisco Public
102
BRKEWN-2010
Cisco Public
103
RADIUS Server
WAN
BRKEWN-2010
Cisco Public
104
BRKEWN-2010
Cisco Public
105
Central Site
RADIUS Server
RADIUS Server
WAN
106
Select the Remote RADIUS Server Details in HREAP Group of the Remote
BRKEWN-2010
Cisco Public
107
Local Authentication
Allows for the authentication capability to exist directly at the AP in FlexConnect instead of the WLC
Improved Scale
Group Scale: Max HREAP groups increased to 500 (7500s) and 100 (5500s) APs per Group: 50 (7500s) and 25 (5500s)
108
Controller Portfolio
Features/Performance
NEW
WiSM2
5500 2500
NEW
WLCM2
NEW
Lean Branch
Scale
BRKEWN-2010 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public
110
Mobility Services
Controllers
WLC
Access Points
BRKEWN-2010
Cisco Public
111
BRKEWN-2010
Cisco Public
112
Headquarters
Branch Office
Appliance controllers
Cisco 2504-12 Cisco 5508-12, 5508-25
Internet VPN
Small Office
Integrated controller
WLAN controller module (WLCM-2) for ISR G2
BRKEWN-2010 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public
Headquarters
Cisco Unified Wireless Network with controller-based Multiple Integrated WAN options on ISR Consistent branch-HQ services, features, and performance Standardized branch configuration extends the unified wired and wireless network Branch configuration management from central WCS
BRKEWN-2010
Small Office
Internet VPN
WLCM-2 **
**AP Count Vary Depending on Channel Utilization and Data Rates
Cisco Public
114
BRKEWN-2010
Cisco Public
115
BRKEWN-2010
Cisco Public
116
Internet
DMZ or Anchor Wireless Controller
Cisco ASA Firewall EoIP Guest Tunnel Wireless LAN Controller CAPWAP
Guest 117
Anchor2
Anchor1
EtherIP Guest Tunnel
Si
Campus Core
EtherIP ACS/ISE
Guest Tunnel
Wireless VLAN-1/WLANA
Wireless VLAN2/WLANA
Si Secure
Si Secure
Wireless VLAN3/WLANA
Wireless VLAN-4/WLANA
Foreign WLCs
Wireless VLANs/Interface Gr
Guest
Secure
Guest
Secure
BRKEWN-2010
Cisco Public
118
BRKEWN-2010
Cisco Public
119
BRKEWN-2010
Cisco Public
120
BRKEWN-2010
Cisco Public
121
Cisco controller installed in the DMZ of the corporate network OfficeExtend AP (OEAP) installed at teleworkers home
MPLS Corporate access to employee over ATM centrally configured SSID
Headquarters
Internet VPN
BRKEWN-2010
Cisco Public
122
OEAP 600
802.11n AP with dual concurrent 2.4GHz and 5GHz radios for teleworker home 4 local Ethernet ports 1 Corporate-bound port, 3 for local Ethernet devices Up to 4 clients behind the corporate port Corporate SSID and user-configurable Personal SSID Traffic segmenting supported (corporate vs. personal traffic) Local DHCP and NAT support Control and data plane encryption
BRKEWN-2010
Cisco Public
123
OEAP 600
802.1X and MAC filtering support Can be pre-provisioned by IT (batch setup, zero touch for end user) or locally provisioned by end user Easy GUI setup with Corporate SSID ready in minutes Desktop (horizontal) or cradle (vertical) orientation Supported by all WLC 5508, 2500 and WiSM2 platforms and WCS Hardware Limited Lifetime Warranty
BRKEWN-2010
Cisco Public
124
BRKEWN-2010
Cisco Public
125
BRKEWN-2010
Cisco Public
126
SOHO
Cisco 800 or 1800 Spoke Routers
Head-End
Cisco ISR (2800/3800) or Cisco 7206 VXR with VSA or WLC
Corporate Network
127
Access Network
Highly Distributed Design 3750G Unified WLC Enterprise Hybrid REAP Distributed WLC Design 440x, 5508 WLC, WiSM Unified WLC Network Core or Data Center Centralized WLC Design 440x, 5508 WLC, WiSM Unified WLC
Distribution Network
Internet Branch Office Unified WLC Options: 5508, 440x, 210x 3750G Unified WLC WLCM Module Hybrid REAP Standalone AP Data Center Internet
Unified Management: Wireless Control System Services Platform: Mobility Services Engine
2011 Cisco and/or its affiliates. All rights reserved. Cisco Public
BRKEWN-2010
128
BRKEWN-2010
Cisco Public
129
Documentation
Aironet 600 Series OEAP Access Point Configuration Guide
http://www.cisco.com/en/US/products/ps11579/products_tech_note09186a0080b7f10e.shtml
BRKEWN-2010
Cisco Public
130
BRKEWN-2010
Cisco Public
131
BRKEWN-2010
Cisco Public
132
BRKEWN-2010
Cisco Public
133
Thank you.
BRKEWN-2010
Cisco Public
134