Role of wireless_in_cisco_unified_access_baderaltaibi

Cisco Public 1 © 2011 Cisco and/or its affiliates. All rights reserved.

Bader Alotaibi Mobility Consultant Engineer

~ Thomas Watson, Chairman and CEO of IBM (1943)

“ 

Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 3

The world !

4 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID

we estimate

new networked devices

Cisco Confidential 5

2015 1997

Unified Access

Unified Access WLAN

WLAN WLAN

1SS and 2 SS 802.11n

with Spectrum

Intelligence

Controller and

Coordinated Access Points

Autonomous Access Points

2012 15 Years 3 Years

6

Supporting the Future of Mobile Computing

Next-Generation Switching

ONE NETWORK

The Cisco Unified Access

network

Next-Generation Wireless

!"#$%%%%%%%%!"&'$%%%%%%%!"()$%%%%%%%!"(*($%%%%%%%+#,$%

ONE POLICY Cisco ISE

ONE MGMT

Cisco Prime

One Policy, One Management, One Network

SINGLE BUSINESS POLICY Wired, Wireless, and VPN -‐-‐ Managed & BYOD assets With MDM integra9on

One Policy

CONTEXT-‐BASED CONTROL

Central access to authorize access based on who, what, when, where – with advanced segmenta9on

USER-‐SPECIFIC SERVICES Self-‐service on-‐boarding, with lifecycle guest handling and context-‐based monitoring

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8

Define network policy as an extension of business goals

Finance Manager

Corporate issued laptop

Personal iPad

Product Bookings

SalesForce.com

X

Customer Data

Policy extends to all access types (wired, wireless, VPN)

Encryption-based Policies for Security-conscious users

Lifecycle Services Integration – guest, profiling, posture

Enabled with ISE ISE Unified Policy

Policy-based Access Enables “Business Policy”


Who, What, When, Where – Device Profiling

Corp PC doctor office

Personal laptop doctor office

Personal laptop patient hotspot

Printer N/A office

IP Phone N/A office

TelePresence N/A conf room

2 1 1

1

2

1

Device Aware

Identity aware

Location aware

CDP LLDP DHCP MAC

Device Sensor gleans into protocol data to classify endpoints based on device type, user identity, and location


Centralized Policy Enforcement (dACL/VLAN)




Printer N/A office

IP Phone N/A office


2 1 1

1

2

1

Device Aware

Identity aware

Location aware

CDP LLDP DHCP MAC

ISE maintains a centralized view of device inventory and policy assignment

VLAN100

VLAN200

VLAN300

VLAN100

ACL 500 VLAN10

Policy

VLAN assignment •  Does not require

switch port ACL management

•  Require topology redesign (IP address change)

Downloadable ACL

•  Less disruptive to endpoints (no IP address change required)

•  Easily exhaust TCAM usage

X

VLAN

200

VLAN

300

ACL 500 permit tcp <src> <dst> eq sip Permit udp <src> <dst>eq domain Permit udp <src> <dst> eq tftp Permit udp <ssrc> <dst> eq 8080 ….

VLAN100 routed interface VLAN300 routed interface

VLAN10 routed interface


Centralized Policy Enforcement – SGA




Printer N/A office

IP Phone N/A office


2 1 1

1

2

1

Device Aware

Identity aware

Location aware

CDP LLDP DHCP MAC

ISE maintains a centralized view of device inventory and policy assignment

Secure Group

doctor

doctor

patient

video

voice

facility

Patient record

internet facility

doctor permit permit permit

patient deny permit deny

voice deny ACL_v deny

SG Tag imposed to incoming traffic

SGACL enforces policy at access, campus edge, or DC

X Security Group Access

•  Simplifies ACL management

•  Uniformly enforces policy independent of topology

•  Fine-grained access control

Cisco Innovation

COMPREHENSIVE VISIBILITY

Single management console for user/device-‐centric visibility across users, devices, loca9on, posture

One Management

OPERATIONAL EFFICIENCY Intui9ve workflows

LOWER TCO Simplified troubleshoo9ng and service assurance

Integrated wired/wireless lifecycle and assurance management

Benefits

–  Consolida9on and extensibility – reduces OpEx and maximizes ROI

–  Accelerates applica9on and service rollout, reduces down9me

–  Consistent end-‐user quality of experience

– Maximizes the network investment

• Comprehensive Lifecycle mgmt – simplify end-‐to-‐end network opera9ons

• Deep applica9on visibility and performance Assurance

• Rich compliance audi9ng and repor9ng

• One install – Single-‐pane-‐of-‐glass soln

Integrated PlaSorm


  3rd Party Support for Wired and Wireless Devices

  Basic : MIB2 Monitoring, Inventory, and Availability


I can’t get access to the financial data I need. I guess both the wireless and wired networks

must be down!

Sorry Amy, as a contractor, you are not authorized to access financial data.

The tech searches on her name and immediately can see full diagnostics.


•  Less time needed to resolve problems •  Communicate with other Cisco experts

  Integrated Cisco service request management: Automates the service request process

  Create support cases with Cisco-TAC and partners

  Case status look-up   Automatic attachment of

problem context to the support cases


Troubleshooting and Monitoring on-the-go for Prime Infrastructure •  Can be downloaded from iTunes •  Configure any Prime Infrastructure

1.2 servers. •  Prime Infrastructure can be

configured to send Alarm notifications as SMS to open into Mobile App.

•  Mobile App connects securely through NB API interface

CleanAir High-‐Resolu9on Interference Detec9on, Classifica9on, and Mi9ga9on at Chip Level

Best Performance from Your Wireless LAN Automa9cally

ClientLink Advanced Beam Forming Technology Improves Wireless Client Performance and User Experience

VideoStream Op9mized End-‐to-‐End Video Star9ng at the Access Point

AP Stateful Switchover Subsecond controller failover with no SSID outage

20

Industry’s First Chip Level Proactive and Automatic Interference Protection

BEFORE Wireless interference decreases

reliability and performance

AFTER CleanAir mitigates RF interference

improving reliability and performance

Cisco CleanAir–Improves Performance and Predictability

AIR QUALITY PERFORMANCE AIR QUALITY PERFORMANCE

Wireless Client Performance

21

•  CleanAir Radio ASIC •  Detect Wi-Fi and

non-Wi-Fi interference sources

•  Assess impact to Wi-Fi performance

•  Proactively change channels when interference occurs

•  Monitor air quality

High Resolution Interference Detection, Classification, and Mitigation at Chip Level

63

97

35

20

Detect | Classify | Locate | Mitigate

90

100


BEFORE Beam Not Directed Towards Clients Resulting Inconsistent Performance

AFTER Beam Directed Towards Client Resulting in

Consistent Experience and Better Performance

Advanced Beam Forming Technology Improves Wireless Client Performance

802.11a/g (ClientLink) 802.11a/g/n (ClientLink 2.0)

802.11a/g (ClientLink) 802.11a/g/n (ClientLink 2.0)

Beam Strength X

802.11n

Cisco ClientLink—Improves Predictability and Performance

Wireless Client

Performance

Beam Forming

802.11n

23

Cisco ClientLink 2.0—Improves Predictability and Performance

Reduces Coverage Holes/Improves Both Upstream and Downstream

ClientLink Disabled ClientLink Enabled

450 Mbps

300 Mbps

150 Mbps

65 Mbps

6 Mbps

450 Mbps

300 Mbps

150 Mbps

65 Mbps 6 Mbps Beacon Rate

Connection Rate

24

Sub second recovery / convergence for both WLAN and LAN

BEFORE WLAN & LAN recovery / convergence times

significantly different

AFTER WLAN & LAN recovery / convergence times

are both sub second

Cisco SSO—Improves Predictability

Provide Mission Critical Support

WLAN 30+ second recovery / convergence LAN Sub second recovery / convergence

WLAN Sub second recovery / convergence LAN Sub second recovery / convergence

AP Resiliency AP Failover AP

State Sync

N+1 Redundancy High Availability

A single source of policy across wired, wireless, and VPN •  Cisco ISE Release 1.1.1

One Policy

Converged plaSorm for wired & wireless lifecycle management and applica9on visibility

•  Cisco Prime Infrastructure version 1.2

One Management

One Network

Smarter, faster access layer to handle the onslaught of new devices and applica9ons

•  New line of 2nd generaNon 802.11n access points (Cisco Aironet 1600 & 2600 APs)

•  Future-‐proof 802.11ac support •  New Cisco Wireless 8500 Series Controller •  New Cisco Virtual Wireless Controller •  Complete applicaNon visibility and control


Thank You Teşekkür Ederim !

Role of wireless_in_cisco_unified_access_baderaltaibi

Technology

Transcript of Role of wireless_in_cisco_unified_access_baderaltaibi