TWAS and the role of STI for sustainable development: Role of ...
Role of wireless_in_cisco_unified_access_baderaltaibi
-
Upload
cisco-turkey -
Category
Technology
-
view
165 -
download
2
description
Transcript of Role of wireless_in_cisco_unified_access_baderaltaibi
Cisco Public 1 © 2011 Cisco and/or its affiliates. All rights reserved.
Bader Alotaibi Mobility Consultant Engineer
~ Thomas Watson, Chairman and CEO of IBM (1943)
“
Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 3
The world !
4 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID
we estimate
new networked devices
Cisco Confidential 5
2015 1997
Unified Access
Unified Access WLAN
WLAN WLAN
1SS and 2 SS 802.11n
with Spectrum
Intelligence
Controller and
Coordinated Access Points
Autonomous Access Points
2012 15 Years 3 Years
6
Supporting the Future of Mobile Computing
Next-Generation Switching
ONE NETWORK
The Cisco Unified Access
network
Next-Generation Wireless
!"#$%%%%%%%%!"&'$%%%%%%%!"()$%%%%%%%!"(*($%%%%%%%+#,$%
ONE POLICY Cisco ISE
ONE MGMT
Cisco Prime
One Policy, One Management, One Network
SINGLE BUSINESS POLICY Wired, Wireless, and VPN -‐-‐ Managed & BYOD assets With MDM integra9on
One Policy
CONTEXT-‐BASED CONTROL
Central access to authorize access based on who, what, when, where – with advanced segmenta9on
USER-‐SPECIFIC SERVICES Self-‐service on-‐boarding, with lifecycle guest handling and context-‐based monitoring
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
Define network policy as an extension of business goals
Finance Manager
Corporate issued laptop
Personal iPad
Product Bookings
SalesForce.com
X
Customer Data
Policy extends to all access types (wired, wireless, VPN)
Encryption-based Policies for Security-conscious users
Lifecycle Services Integration – guest, profiling, posture
Enabled with ISE ISE Unified Policy
Policy-based Access Enables “Business Policy”
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
Who, What, When, Where – Device Profiling
Corp PC doctor office
Personal laptop doctor office
Personal laptop patient hotspot
Printer N/A office
IP Phone N/A office
TelePresence N/A conf room
2 1 1
1
2
1
Device Aware
Identity aware
Location aware
CDP LLDP DHCP MAC
Device Sensor gleans into protocol data to classify endpoints based on device type, user identity, and location
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Centralized Policy Enforcement (dACL/VLAN)
Corp PC doctor office
Personal laptop doctor office
Personal laptop patient hotspot
Printer N/A office
IP Phone N/A office
TelePresence N/A conf room
2 1 1
1
2
1
Device Aware
Identity aware
Location aware
CDP LLDP DHCP MAC
ISE maintains a centralized view of device inventory and policy assignment
VLAN100
VLAN200
VLAN300
VLAN100
ACL 500 VLAN10
Policy
VLAN assignment • Does not require
switch port ACL management
• Require topology redesign (IP address change)
Downloadable ACL
• Less disruptive to endpoints (no IP address change required)
• Easily exhaust TCAM usage
X
VLAN
200
VLAN
300
ACL 500 permit tcp <src> <dst> eq sip Permit udp <src> <dst>eq domain Permit udp <src> <dst> eq tftp Permit udp <ssrc> <dst> eq 8080 ….
VLAN100 routed interface VLAN300 routed interface
VLAN10 routed interface
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Centralized Policy Enforcement – SGA
Corp PC doctor office
Personal laptop doctor office
Personal laptop patient hotspot
Printer N/A office
IP Phone N/A office
TelePresence N/A conf room
2 1 1
1
2
1
Device Aware
Identity aware
Location aware
CDP LLDP DHCP MAC
ISE maintains a centralized view of device inventory and policy assignment
Secure Group
doctor
doctor
patient
video
voice
facility
Patient record
internet facility
doctor permit permit permit
patient deny permit deny
voice deny ACL_v deny
SG Tag imposed to incoming traffic
SGACL enforces policy at access, campus edge, or DC
X Security Group Access
• Simplifies ACL management
• Uniformly enforces policy independent of topology
• Fine-grained access control
Cisco Innovation
COMPREHENSIVE VISIBILITY
Single management console for user/device-‐centric visibility across users, devices, loca9on, posture
One Management
OPERATIONAL EFFICIENCY Intui9ve workflows
LOWER TCO Simplified troubleshoo9ng and service assurance
Integrated wired/wireless lifecycle and assurance management
Benefits
– Consolida9on and extensibility – reduces OpEx and maximizes ROI
– Accelerates applica9on and service rollout, reduces down9me
– Consistent end-‐user quality of experience
– Maximizes the network investment
• Comprehensive Lifecycle mgmt – simplify end-‐to-‐end network opera9ons
• Deep applica9on visibility and performance Assurance
• Rich compliance audi9ng and repor9ng
• One install – Single-‐pane-‐of-‐glass soln
Integrated PlaSorm
Cisco Confidential 14
3rd Party Support for Wired and Wireless Devices
Basic : MIB2 Monitoring, Inventory, and Availability
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
I can’t get access to the financial data I need. I guess both the wireless and wired networks
must be down!
Sorry Amy, as a contractor, you are not authorized to access financial data.
The tech searches on her name and immediately can see full diagnostics.
Cisco Confidential 16
• Less time needed to resolve problems • Communicate with other Cisco experts
Integrated Cisco service request management: Automates the service request process
Create support cases with Cisco-TAC and partners
Case status look-up Automatic attachment of
problem context to the support cases
Cisco Confidential 17
Troubleshooting and Monitoring on-the-go for Prime Infrastructure • Can be downloaded from iTunes • Configure any Prime Infrastructure
1.2 servers. • Prime Infrastructure can be
configured to send Alarm notifications as SMS to open into Mobile App.
• Mobile App connects securely through NB API interface
Cisco Public 18 © 2011 Cisco and/or its affiliates. All rights reserved.
Prime Infrastructure 1.2 Demo
CleanAir High-‐Resolu9on Interference Detec9on, Classifica9on, and Mi9ga9on at Chip Level
Best Performance from Your Wireless LAN Automa9cally
ClientLink Advanced Beam Forming Technology Improves Wireless Client Performance and User Experience
VideoStream Op9mized End-‐to-‐End Video Star9ng at the Access Point
AP Stateful Switchover Subsecond controller failover with no SSID outage
20
Industry’s First Chip Level Proactive and Automatic Interference Protection
BEFORE Wireless interference decreases
reliability and performance
AFTER CleanAir mitigates RF interference
improving reliability and performance
Cisco CleanAir–Improves Performance and Predictability
AIR QUALITY PERFORMANCE AIR QUALITY PERFORMANCE
Wireless Client Performance
21
• CleanAir Radio ASIC • Detect Wi-Fi and
non-Wi-Fi interference sources
• Assess impact to Wi-Fi performance
• Proactively change channels when interference occurs
• Monitor air quality
High Resolution Interference Detection, Classification, and Mitigation at Chip Level
63
97
35
20
Detect | Classify | Locate | Mitigate
90
100
Cisco Confidential 22
BEFORE Beam Not Directed Towards Clients Resulting Inconsistent Performance
AFTER Beam Directed Towards Client Resulting in
Consistent Experience and Better Performance
Advanced Beam Forming Technology Improves Wireless Client Performance
802.11a/g (ClientLink) 802.11a/g/n (ClientLink 2.0)
802.11a/g (ClientLink) 802.11a/g/n (ClientLink 2.0)
Beam Strength X
802.11n
Cisco ClientLink—Improves Predictability and Performance
Wireless Client
Performance
Beam Forming
802.11n
23
Cisco ClientLink 2.0—Improves Predictability and Performance
Reduces Coverage Holes/Improves Both Upstream and Downstream
ClientLink Disabled ClientLink Enabled
450 Mbps
300 Mbps
150 Mbps
65 Mbps
6 Mbps
450 Mbps
300 Mbps
150 Mbps
65 Mbps 6 Mbps Beacon Rate
Connection Rate
24
Sub second recovery / convergence for both WLAN and LAN
BEFORE WLAN & LAN recovery / convergence times
significantly different
AFTER WLAN & LAN recovery / convergence times
are both sub second
Cisco SSO—Improves Predictability
Provide Mission Critical Support
WLAN 30+ second recovery / convergence LAN Sub second recovery / convergence
WLAN Sub second recovery / convergence LAN Sub second recovery / convergence
AP Resiliency AP Failover AP
State Sync
N+1 Redundancy High Availability
A single source of policy across wired, wireless, and VPN • Cisco ISE Release 1.1.1
One Policy
Converged plaSorm for wired & wireless lifecycle management and applica9on visibility
• Cisco Prime Infrastructure version 1.2
One Management
One Network
Smarter, faster access layer to handle the onslaught of new devices and applica9ons
• New line of 2nd generaNon 802.11n access points (Cisco Aironet 1600 & 2600 APs)
• Future-‐proof 802.11ac support • New Cisco Wireless 8500 Series Controller • New Cisco Virtual Wireless Controller • Complete applicaNon visibility and control
Cisco Confidential 26
Thank You Teşekkür Ederim !