Cisco Connect Clubftp.cisco.cz/Seminare/2013-ConnectClub/2014-06-05... · • WLAN design s...
Transcript of Cisco Connect Clubftp.cisco.cz/Seminare/2013-ConnectClub/2014-06-05... · • WLAN design s...
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Connect 1 1 © 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Connect Club
Architektura WLAN sítí – řešení pro pobočky
Jaroslav Čížek – Cisco
Červen 2014
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 2
Architektura WLAN sití – řešení pro pobočky
• Úvod
• Modely nasazení WLAN pro pobočky
• WLAN design s lokálními kontrolery na pobočkách
- klasické kontrolery - konvergovaný přístup
• WLAN design s kontrolery v centru a AP na pobočkách (FlexConnect)
• Cloudové řešení
• Vybrané vlastnosti Cisco FlexConnect řešení
• Obecné FlexConnect vlastnosti
• Novinky a zajímavosti
• Cisco WLAN portfolio pro pobočkové sítě
• Shrnutí
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 3
ORGANIZATION
TIME
Smartphone adoption is growing
at 50%+ annually
By 2015, tablets will
constitute 50% of
laptop sales
Market Landscape: Influx of Mobile Devices
© 2013 Cisco and/or its affiliates. All rights reserved. 4
Modely nasazení WLAN pro pobočky
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 5
Wireless Deployment Modes - Overview
One Policy, One Management, One Network
Unified Access Wireless
Unparalleled Deployment Flexibility
Autonomous FlexConnect
(Private
Cloud)
Centralized Converged
Access
Ease of Use
Unified
Network
Public
Cloud
N.A.A.S.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 6
Unified Wireless Principles
6
• Components
• Wireless LAN Controllers
• Aironet Access Points
• Management
• Mobility Services Engine
• Principles
• AP must have CAPWAP connectivity with WLC
• Configuration downloaded to AP by WLC
• All Wi-Fi traffic is forwarded to the WLC
Wireless LAN
Controllers
Aironet Access
Point
Cisco Prime
Infrastructure
Campus
Network
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 7
Branch Office with Local WLAN Controller
7
• Branches can also have local remote controllers
• Small or Mid-size Branch WLCs
CT-2504,
Integrated controller modules in ISR/ISR-G2
Converged Access Cat-3850/3650
• High-availability design with central backup controller is supported; WAN limitations may apply
Overview
Remote Site B
Remote Site A
WLC-25xx WLCM for
ISR/ISR-G2
Backup Central
Controller
WAN
Central Site
Remote Site C
Cat-3850
CAPWAP
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 8
Branch Deployments with Converged Access
Single platform for wired and wireless
Wired and wireless traffic visibility at every hop
Consistent security and QoS control
Maximum resiliency with fast stateful recovery
Scale with distributed wired and wireless data
plane (480G Stack/40G wireless per switch)
• Allows for Advanced QoS, WAN optimization,
NetFlow, and other services for wireless and wired traffic
• Supports Layer 3 roaming
• Good availability due to MA/MC redundancy within the 3850
stack – provides wireless continuity with either WAN outage or
switch failure within the stack
25 (– 100)
AP’s
Multilayer or
Routed Access
DEPOYABLE
TODAY
DMZ
ISE Prime
3850/3650
8 Employee Guest
BRANCH
WAN
INTEGRATED
CONTROLLER
Converged Access With:
Cat-3650/3850 (NOW), Cat4500 (H2CY2014)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 9
Branch Office with Local WLAN Controller
9
• Cookie cutter configuration for every branch site
• Layer-3 roaming within the branch
• Reliable Multicast (filtering)
• IPv6 L3 Mobility
• AVC (Application Visibility and Control)
Note: If you have ISR/ISR G2 at branch site then it is recommended to use the IOS Firewall at edge for unified access policies.
Advantages
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 10
Evolution of Medium/Large Branch Deployment
DMZ Prime
ISE
10 Employee Guest
Guest
Anchor
Catalyst
2960S
ISR
2900/3900
WAN
WLC
2504
DMZ Prime
ISE
WAN
10 Employee Guest
Guest
Anchor
Catalyst
3650
/3850
ISR AX
Traditional Deployment Cat. 3650/3850 as Branch Controller
• Dedicated WLC (2504 up to 75
APs)
• Multiple OS/devices to manage
• 1 Gbps of Wireless traffic
• Up to 1000 wireless clients
• Cat. 3650/3850 terminates wired
and wlan traffic – 40 Gbps Wireless
• Up to 1000 W&Wless clients, 25/50
APs
• Full IOS based branch, HA capable
Priced at par vs. traditional solutions
3650* vs.
2K-X** 2K-XR***
# o
f A
P’s
in
So
luti
on
5 29% -9%
10 24% -8%
15 10% -13%
20 9% -12%
25 1% -15%
* 24 Port PoE IP Base w/1G UpL
** LAN Base + 2504 WLC
*** IP Lite + 2504 WLC
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 11
• Management and data plane are split
• Data Plane can be:
Centralized (SSID traffic sent all to WLC)
Local (SSID traffic sent all to local VLAN)
• Two modes of operation:
Connected (when WLC is reachable)
Standalone (when WLC is not reachable)
• Traffic Switching mode is configured per AP and per WLAN (SSID)
From 7.3 split tunneling is supported on a per-WLAN basis: the AP can NAT unicast IPv4 to local hosts
• FlexConnect Group:
Defines the Key caching domain for Fast L2 Roaming, allows backup Radius scenarios and fast code upgrade
WAN
Central Site
Remote Office
with
FlexConnect
Centralized
Traffic
Centralized
Traffic
Local
Traffic
Cluster of
WLC Branch Office Deployment FlexConnect (HREAP)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 12
FlexConnect Design Considerations
• Note: 12 kbps per AP is worse case scenarios, tested with aWIPS, CleanAir, Location services on. Best case scenario is around 1-2 kbps
WAN Limitations
Deployment Type WAN Bandwidth
(Min)
WAN RTT Latency
(Max)
Max APs per
Branch
Max Clients per
Branch
Data 64 kbps 300 ms 5 25
Data+Voice 128 kbps 100 ms 5 25
Monitor 64 kbps 2 sec 5 N/A
Data 640 kbps 300 ms 50 1000
Data+Voice 1.44 Mbps 100 ms 50 1000
Monitor 640 kbps 2 sec 50 N/A
12
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 13 13
FlexConnect Design Considerations
• Some features are not available in standalone mode or in local switching mode
MAC/Web Auth in Standalone Mode
VideoStream
IPv6 L3 Mobility
SXP TrustSec
See full list in « FlexConnect Feature Matrix »
http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a0080b3690b.shtml
Feature Limitations Apply
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 14
Converged Access vs FlexConnect Architecture comparison:
the differences
Function Converged Access (3x50) FlexConnect (local switching)
Control and data plane separation MC and MA functionalities are used Controller handles the Control plane, AP the data plane
Control and data plane termination Both terminated at the switch Control Plane terminated at the WLC (300ms max RTT requirement), AP bridging for data traffic
Wired and Wireless traffic True wireless and wired convergence Local access switch sees wireless traffic as if it was wired
traffic through a bridge
Dot1x Authentication Switch acts as dot1x Authenticator for wireless and wired
WLC or AP is authenticator for wireless
L2/L3 Seamless Roaming Both supported Only L2 roaming supported
Fast Roaming Supported Supported within the FlexConnect Group (different scalability for different controller platforms)
Subnetting definition Flexibility of having wireless in same or different VLANs per wiring closet
Same VLAN is required for seamless roaming
QoS policies Enforcement point Local switch and same for wired and for wireless
WLC, AP or access switch, and usually different for wireless and wired
Security Enforcement point Local switch and same for wired and for wireless
WLC, AP or access switch, and usually different for wireless and wired
WAN dependencies No WAN dependencies for Wireless
service Different requirements based on type of traffic (voice, data,
monitor Aps only)*
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 15
Headquarters
Internet VPN
Home Office Design OEAP AP
• Cisco controller installed in the DMZ of the corporate network
• OfficeExtend AP (OEAP) installed at teleworker’s home
• Corporate access to employee over centrally configured SSID
• Family Internet access over a locally configured SSID
WLC 5508 / 2504 / WiSM-2
/ WLC7500 / vWLC
Prime
15
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 16
Cloud-managed networking architecture
Network endpoints securely
connected to the cloud
Cloud-hosted centralized
management platform
Intuitive browser-based
dashboard
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 17
Cisco Meraki - - Bringing the cloud to enterprise networks
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 18
Out of band cloud management in every product Scalable
- Unlimited throughput, no bottlenecks
- Add devices or sites in minutes
Reliable
- Highly available cloud with multiple datacenters
- Network functions even if connection to cloud is interrupted
- 99.99% uptime SLA
Secure
- No user traffic passes through cloud
- Fully HIPAA / PCI compliant (level 1 certified)
- 3rd party security audits, daily penetration testing
- Automatic firmware and security updates (user-scheduled)
Reliability and security information at meraki.cisco.com/trust
Management
data (1 kb/s)
WAN
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 19
Cisco ONE Architecture
Cisco Enterprise Cisco Cloud Managed
Deployment Flexibility
Catalyst 2K/3K/4K/6K
ISR-AX, ASA: Routing, Security, WAAS, UCS-E
Aironet Access Points
3rd Party MDM Integration
Catalyst with integrated
controller
WLAN Controllers
Ease of Use
MS Switches
MX Security
Appliances (UTM)
MR Access Points
Systems Manager
Prime ISE
The Cisco ONE Architecture
Cloud Management
© 2013 Cisco and/or its affiliates. All rights reserved. 20
Vybrané vlastnosti Cisco FlexConnect řešení
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 21 21
Understanding AP Groups
• AP Groups is a logical concept of grouping AP’s which deliver similar Wi-Fi services; these services can be:
By physical location, and/or
By functional services (data, voice, guest, …)
• Same AP groups need to be defined in all WLC’s of a mobility group
Overview
Remote Site A Remote Site B
Central Site
WAN
AP Group 1
AP Group 2 AP Group 3
Flex 7500
Scaling Flex
7500 vWLC 5508 WiSM-2 2504
# AP Groups 6000 200 500 1000 50
# WLAN
(SSID) 512 512 512 512 16
# VLAN
(Interfaces) 4095 512 512 512 16
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 22
22
Understanding FlexConnect Groups
• FlexConnect groups allow sharing of:
CCKM/OKC fast roaming keys
Local/backup RADIUS servers IP/keys
Local user authentication
Local EAP authentication
AAA-Override for Local Switching
Smart Image Upgrade
• Scaling information
Overview
FlexConnect Group 1
Remote Site Remote Site
WAN
Central Site
FlexConnect Group 2
Flex 7500
Cluster
Scaling Flex
7500 vWLC 5508 WiSM2 2504
FlexConnect
Groups 2000 100 100 100 30
AP per Group 100 100 25 25 25
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 23 23
FlexConnect Backup Scenario
• FlexConnect will backup on local switched mode
No impact for locally switched SSIDs
Disconnection of centrally switched SSIDs clients
• Static authentication keys are locally stored in FlexConnect AP
• Lost features
RRM, WIDS, location, other AP modes
Web authentication, NAC
WAN Failure
Remote Site
WAN
Central Site
Application
Server
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 24 24
• FlexConnect will first backup on local switched mode
No impact for locally switched SSIDs
Disconnection of centrally switched SSIDs clients
• CCKM roaming allowed in FlexConnect group
• FlexConnect AP will then search for backup WLC; when backup WLC is found, FlexConnect AP will resync with WLC and resume client sessions with central traffic.
• Client sessions with Local Traffic are not impacted during resync with Backup WLC.
Remote Site
WAN
Central Site
Application
Server
FlexConnect Backup Scenario WLC Failure
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 25 25
FlexConnect Group: Local Backup RADIUS
• Normal authentication is done centrally
• On WAN failure, AP authenticates new clients with locally defined RADIUS server
• Existing connected clients stay connected
• Clients can roam with
CCKM fast roaming, or
Reauthentication
Backup Scenario
Remote Site
WAN
Central Site
FlexConnect Group 1
Central RADIUS
Local Backup
RADIUS
CCKM Fast Roaming
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 26
FlexConnect Group: Local Backup Authentication
• Normal authentication is done centrally
• On WAN failure, AP authenticates new clients with its local database
• Each FlexConnect AP has a copy of the local user DB
• Existing authenticated clients stay connected
• Clients can roam with:
CCKM fast roaming, or
Local re-authentication
Backup Scenario
Remote Site
WAN
Central Site
Central RADIUS
CCKM Fast Roaming
FlexConnect Group 1
26
Supported Security Types Release Version
LEAP 6.0
EAP-FAST 6.0
PEAP 7.5
EAP-TLS 7.5
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 27
FlexConnect Improvements in 7.2 – 7.5
• Smart AP Image Upgrade
• ACL’s on FlexConnect AP
• AAA Over-ride of VLAN - dynamic VLAN assignment for locally switched clients
• H-REAP -> FlexConnect Re-branding
• Fast Roaming for Voice Clients
• Peer to Peer Blocking
• PEAP and EAP-TLS Support (7.5)
• FlexConnect Group specific WLAN-VLAN mapping (7.5)
• AAA Client ACL (7.5)
• Ethernet Fallback (7.6)
• Videostream for Local switching (8.0)
• Faster time to deploy (8.0)
• Flex with Mesh deployment support (8.0)
• Flex 7500 Scale Update
• VLAN Based Central Switching
• Split Tunneling
• Central DHCP Processing
• WGB/uWGB Support with local switching
• Bidirectional Rate Limiting
• Support for ISE BYOD Registration & Provisioning
27
7.2 7.3 & 7.4 7.5, 7.6 & 8.0
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 28
VLAN 7
QoS =
Platinum
VLAN 3
QoS = Silver
FlexConnect AAA VLAN Override
• AAA VLAN Override with local or central authentication
• Up to 16 VLANs per FlexConnect AP
• VLAN ID must be enabled per AP or FlexConnect Group
• If VLAN ID does not exist, default VLAN is used, unless « VLAN Based Central Switching » enabled
• Starting from 7.5 AAA override for QoS is also supported.
Remote Site
WAN
Central Site
FlexConnect Group 1
RADIUS
Application
Server
Starting
from 7.2
28
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 29
FlexConnect ACL – VLAN Mapping
Remote Site
WAN
Central Site
Application
Server
• FlexConnects ACL are applied per VLAN
• FlexConnect ACL are Ingress / Egress oriented
• Starting from 7.5 FlexConnect ACL support AAA-returned Client ACL
512 FlexConnect ACL per WLC
• 16 ingress ACL & 16 egress ACL per AP
• 64 ACL rules per ACL
• No IPv6 ACL
Scale
Starting
from 7.2
29
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 30
Local Switching Peer-to-peer Blocking
• Support for Peer-to-Peer blocking in FlexConnect AP
• Apply for clients on same FlexConnect AP
• P2P blocking modes : disable or drop
• For P2P blocking inter-AP use ACL or Private VLAN function
Remote Site
WAN
Central Site
Application
Server
Starting
from 7.2
30
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 31
FlexConnect ACL – Split Tunneling
• Split tunneling allow some traffic to be locally switched although the WLAN is defined as centrally switched
• Split tunneling is using a NAT/PAT feature with ACL to perform the local switching
• Split tunneling is using the AP IP@ for the NAT/PAT feature
WLC FlexConnect AP CAPWAP
WAN
Central Server
Central Traffic
Local Printer
NAT/PAT
ACL
Local Traffic
Starting
from 7.3
31
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 32
WAN
FlexConnect Smart AP Image Upgrade
Smart AP Image Upgrade use a « master » AP in each FlexConnect Group to download the code.
Other FlexConnect AP download the code from the master locally
1. Download WLC upgraded firmware (will become primary)
2. Force the « boot image » to be the secondary (and not the newly upgraded one) to avoid parallel download of all AP in case of unexpected WLC reboot
3. WLC elect a master AP in each FlexConnect Group (can be also set manually)
Remote Site-1 Remote Site-N
Wireless Control
System Wireless LAN
Controller
Primary Secondary
Firmware Image
New
Old New New Old
Central Site
Master AP
Starting
from 7.2
32
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 33
WAN
FlexConnect Smart AP Image Upgrade
4. Master AP « Pre-download » the AP firmware in the secondary « boot image » (will not disrupt the actual service)—Can be started group per group to limit WAN exhaust
5. Slave AP « Pre-download » the AP firmware from the Master AP
6. Change the « boot image » of the WLC to the new image
7. Reboot the controller
Old New New Old
New Old
Central Site
Remote Site-1 Remote Site-N
Wireless Control
System Wireless LAN
Controller
Primary Secondary
Firmware Image
Primary Secondary
AP Firmware Image
New Old
Primary Secondary
AP Firmware Image
Master AP
33
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 34
Flex + Bridge (Flex on Mesh) • New AP mode that allows Flexconnect
behavior across mesh-enabled AP
Control plane supports:
Connected (WLC is reachable)
Standalone (WLC not reachable)
Data Plane supports:
Centralized (split MAC)
Local (local MAC)
Flexconnect Groups
Max 8 Mesh hops, Max 32 MAPs per RAP
Local AAA support
• A WLC have a mix of Bridge and Flex + Bridge
• MAPs inherent VLANs from its connected RAP
3
4
WAN
Central Site
Remote
Office
Centralized
Traffic
Local
Traffic
WLCs
Local Data WLAN
Central Data WLAN
Starting
from 8.0
© 2013 Cisco and/or its affiliates. All rights reserved. 35
Cisco WLAN portfolio pro pobočkové sítě
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 36
Cisco Aironet Indoor Access Point Industry’s Best 802.11n and 802.11ac Series Access Points
Mission Specific
600 & 700
Enterprise Class
1600
Mission Critical
2700
Best in Class
3700
Enterprise Best In Class Value-Based Mission Critical
• Up to 600 Mbps
• 702w: Wall Plate AP
• Hospitality, Dorms, MDU
• 702i: Compact Mid-market AP
• 600: Teleworker
• Up to 600 Mbps
• 3x3 MIMO : 2 SS
• CleanAir Express*
• ClientLink 2.0
• Over 1 Gbps, 802.11ac
• 3x4 MIMO : 3 SS
• HDX Technology
• CleanAir 80 MHz, ClientLink 3.0, VideoStream
• Over 1 Gbps, 802.11ac
• 4x4 MIMO : 3SS
• HDX Technology
• CleanAir 80 MHz, ClientLink 3.0, VideoStream
• Future proof modularity: Security, 3G Small Cell, Location Accuracy or Wave 2 802.11ac
NEW
NEW
802.11n
802.11ac
802.11ac
802.11n
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37
2500 Virtual WLC e.g.
UCS-E on ISR G2
Flex 7500
8500 5760 5508 WISM2
Catalyst 3850
Catalyst 3850
Virtual Controller
• 1-50 AP/switch per stack (Directly connected APs) • 2000 clients/stack • 40 Gbps/switch
• 12 to 500 APs • 7000 clients • 8 Gbps
• 100 to 1000 APs • 15,000 clients • 20 Gbps
• 25 to 1000 APs • 12,000 clients • 60 Gbps
• 300 to 6000 APs • 64,000 clients • 10 Gbps
Large Campus Service Provider
Small Campus / Branch (Controller On-Premise) Branch (Controller in DC)
• 5 to 75 APs • 1000 clients • 1 Gbps
• 5 to 200 APs • 3000 clients • 500 Mbps
• 1-50 APs per switch/stack (Directly connected APs) • 2000 clients per stack • 40 Gbps per switch
• 5 to 200 APs • 3000 clients • 500 Mbps
• 300 to 6000 APs
• 64,000 clients • 1 Gbps central
WLAN Controller Portfolio Industry’s broadest portfolio from standalone appliance, virtual and infrastructure-based
Catalyst 4500-E Sup8E*
• 1 to 50 APs • 2000 clients • 888 Gbps
• 1-25 APs per switch/stack (Directly connected APs) • 1000 clients per stack • 40 Gbps per switch
Catalyst 3650
AireOS Controllers have a rich roadmap and will be the lead WLC platforms for FY14
*Q4 CY14
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 38
Cisco Prime Infrastructure Realizing the Vision of One Management
Lifecycle
Converged
Management with
Integrated Best
Practices
Convergence Consolidation Cisco Advantage
Data Center
Simplified
Operations
management
Assurance
End-to-End Application
Experience & Visibility
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 39
Network Visibility
• Single view showing clients, rogues, tags, interferer, etc.
• Enhanced with clear icon indicators.
• Location data can be tracked historically.
Rogue AP Guest Rogue Client Interferer WIPS Attacker Tags
PI
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 40
GUEST PRESENCE GUEST ACCESS GUEST EXPERIENCE
MSE / Connected Mobile Experience
ENGAGE DETECT CONNECT
The customer’s personal mobile device detected as they enter the venue
The customer is seamlessly and securely connected to the Wi-Fi network
The customer receives highly relevant content and services based on their preferences, profile and location
Customer: Presence in the venue. IT: understand network utilization, peak usage, number and types of devices on the network.
ANALYTICS
Business: insights into customer online and onsite behavior, most traffic paths, dwell times, location density etc.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 41
Who? What? When? Where? How?
Cisco’s Unified Access Innovations Best in Class and Best of Breed
Unified Access Innovations (Predictability) Policy and Network Management
CleanAir Chip level proactive and automatic interference
mitigation
ISE (Control)
Prime (Visibility)
Chip level proactive and automatic electronic
beamforming ClientLink
TrustSec—Secure Group Access
Simplified user and resource based segmentation –
independent of topology
Always-On context-aware
VPN connectivity AnyConnect
Wired multicast efficiency over a Wireless network VideoStream
Sub second WLAN and
LAN convergence Stateful Switchover
Identify, analyze, and optimize application traffic Application Visibility and Control
Automatic advanced RF shaping
and management Radio Resource Management
© 2013 Cisco and/or its affiliates. All rights reserved. 42
Shrnutí
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 43
Unified Access: Wireless Deployment Options
AUTONOMOUS CLOUD MANAGED FLEX CONNECT CENTRALIZED CONVERGED
• Common OS • Lean IT
• Mid-Market / Distributed Enterprise
• Intended for static installations • SP Hotspots
• Data center hosted controller • Distributed enterprises
• Premise-based controller • Traditional Overlay Model
• Highly Scalable
• Common OS • Consistent Wired/Wireless
• Highest performance
• MR Access Points • MS switches
• MX security • Dashboard
• Aironet Access Points • 11ac: 3700 / 2700
• 11n: 1600 / 700 • Catalyst Switches
• 3850 / 3650 • 2960-X
• Controllers • N / A
• Aironet Access Points • 11ac: 3700 / 2700
• 11n: 1600 / 700 • Catalyst Switches
• 6800/4500/3850/3650 • 4500-X / 2960-X
• Controllers • 8510 / 7510/vWLC
• Aironet Access Points • 11ac: 3700 / 2700
• 11n: 1600 / 700 • Catalyst Switches
• 6800/4500/3850/3650 • 4500-X / 2960-X
• Controllers • 8510 / 5760 / 5508 /
WiSM2 / 2504
• Aironet Access Points • 11ac: 3700 / 2700
• 11n: 1600 / 700 • Catalyst Switches
• 6800/4500*/3850/3650 • 4500-X
• Controllers • Integrated
• 5760 external MC
Dashboard
WAN Intranet
Cisco Unified Access: 1 Architecture, 4 Deployment Modes Cisco Cloud Networking
* Roadmap
Prime ISE
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 44
Best Practices – Branch Deployment
• Select correct architecture for branch office – local controller or FlexConnect
• Prioritize the right traffic over the WAN
• Have correct WAN survivability model
• Proper WAN bandwidth and Latency to support voice and multimedia applications
• Enable Enhanced Local Mode (ELM) or WiPS using WSSI module for security.
• Take advantage of latest BYOD enhancements with FlexConnect architecture
© 2011 Cisco and/or its affiliates. All rights reserved. 45 45 © 2013 Cisco and/or its affiliates. All rights reserved.
Otázky a odpovědi
© 2013 Cisco and/or its affiliates. All rights reserved. 46
Děkujeme za pozornost.