cisco bluesnet enterprise WLAN design and deployment

Understanding WLAN Controllers—The WLAN Controller as a Network Device the neighbor switch/router Management interface AP Manager interfaces Dynamic interfaces Virtual interface Service

Network Design Overview

Section Agenda

Controller-based Architecture

Understanding WLAN Controllers—The

WLAN Controller as a Network Device

Understanding WLAN Controllers—The

WLAN Controller as a Network Device

the neighbor switch/router

Management interface

AP Manager interface(s) Dynamic interface(s) Virtual interface

Service interface

controller, along with security, QoS, radio policies, and

Three Important Concepts to Understand:

Welcome to the Cisco Wizard Configuration Tool

Use the '-' character to backup

System Name [Cisco_44:36:c3]:

Enter Administrative User Name (24 characters max): admin

Enter Administrative Password (24 characters max): admin

Service Interface IP Address Configuration [none][DHCP]: <ENTER>

Enable Link Aggregation (LAG) [yes][NO]:no

Enter Port number : 1

Management Interface IP Address: 10.10.80.3

Management Interface Netmask: 255.255.255.0

Management Interface Default Router: 10.10.80.1

Management Interface VLAN Identifier (0 = untagged): 0

Management Interface Port Num [1 to 2]: 1

Management Interface DHCP Server IP Address: 10.10.80.1

AP Transport Mode [layer2][LAYER3]: layer3

AP Manager Interface IP Address: 10.10.80.4

AP-Manager is on Management subnet, using same values

AP Manager Interface DHCP Server (10.10.80.1):<ENTER>

Virtual Gateway IP Address: 1.1.1.1

Mobility/RF Group Name: mobile-1

Enable Symmetric Mobility Tunneling: No

Network Name (SSID): secure-1

Allow Static IP Addresses [YES][no]:<ENTER>

Configure a RADIUS Server now? [YES][no]:<ENTER>

Enter the RADIUS Server's Address: 10.10.10.12

Initial Controller Configuration

Service Port

Management Port

AP Manager Port

Virtual Gateway

Initial Configuration Screen of WLC

Connecting the WLAN Controller

to the Network

Options - Link aggregation (LAG) or no LAG

LAG supported on 440x, WiSM, Cisco 3750G integrated WLAN controller switch

LAG is the only option for WiSM, Cisco 3750G integrated WLAN controller switch

440x-based controller allows 48 APs per port in the absence

of LAG

Use multiple “AP Manager” interfaces to support more than

48 APs on the WLC without LAG—LWAPP algorithm will

load balance APs across the AP managers

LAG allows use of 1 “AP Manager” interface by

load-balancing traffic across an EtherChannel interface

Multiple AP Manager Interfaces

Link Aggregation—

Single AP Manager Interface

negotiation (LACP, PAgP):

Set “etherchannel mode on” for neighboring switchports

Requires ip-src-dst load

balancing for the switch

Etherchannel

Default on 6K Default on 3750 is scr-mac

out the same port they

arrived on

is supported

Putting It All Together

Section Agenda

Controller-based Architecture

Controller Redundancy

and AP Load Balancing

controller type, controller AP capacity, current AP load, “Master

Controller” status, AP manager IP address(es) and number of APs

joined to the AP manager

LWAPP discovery response:

1 If AP has been previously configured with a primary, secondary, and/or tertiary controller, the AP will attempt to join these first (specified by controller sysName)

2 Attempt to join a WLAN controller configured as a “Master” controller

3 Attempt to join the WLAN controller with the greatest excess AP capacity, using least loaded AP manager

AP load balancing—dynamic and deterministic

More upfront planning and configuration

This is Cisco’s recommended best practice!

Controller Redundancy Designs—N:1

Section Agenda

Controller-based Architecture

First Question!

Applications

What is the Network for?

Campus WLAN Controller Options

440x

Cisco 3750G Integrated WLAN Controller

WiSM

Appliance

Where to Place a WLAN Controller?

Access layer IP addressing Access layer features need to

Clinic or Remote office

Depending upon size HREAP or Controller Deployment

Core

environment

mesh and the standard

Distributed vs Centralized Design

Use integrated platform(s)—WiSM for small/medium/large, Cisco 3750G Integrated WLAN Controller for small/medium

Current network and policies Future growth plans

networks

Branch Office Deployment—

Hybrid REAP

by WLAN

Locally switched WLANs stay up Some lost functionality

locally switched VLANs

Design Considerations:

Sample HREAP Network

H-REAP WLAN Configuration

H-REAP AP Configuration

H-REAP AP Configuration (Cont.)

Enable VLAN Support and Enter the Native VLAN Information

H-REAP AP Configuration (Cont.)

Set the VLAN ID per Locally Switched

WLAN

WLANs with LOCAL SWITCHING Are Not Configurable

Branch Office WLAN Controller Options

25, 50 APs)

2106 440x

Cisco 3750 Integrated WLAN Controller

Appliance

WLCM in ISR

Section Agenda

Controller-based Architecture

Upgrading Autonomous Access Points

to LWAPP Mode

Basic AP upgrade process:

Use Cisco-provided upgrade tool to load “LWAPP Recovery IOS Image” onto the AP(s)

AP joins a controller, downloads full LWAPP IOS image

LWAPP IOS upgrade is supported on the following

LWAPP Upgrade Requirements

format:

ap-ip-address,telnet-username,telnet-user-password,enable-password ap-ip-address,telnet-username,telnet-user-password,enable-password

…

(WLC_CLI) >config network telnet enable

In the WLC GUI, Go to: Management | Telnet-SSH and Enable Telnet.

or

Using the LWAPP Upgrade Tool

Point the Upgrade Tool to the AP csv

text file

Make sure the time is correctly set

1 – 5 APs may be upgraded simultaneously Their

completion status bars are shown here.

Telnet must be enabled on a WLC

APs with static IP addresses will rely on DNS to find WLCs

across router hops Ensure the latest IOS LWAPP (JX) image is available

via TFTP

Upgrading Autonomous Access Points to

LWAPP Mode—Self-signed Certificates

installed public/private keys

All Cisco APs manufactured after July 18, 2005 have “Manufacturing Installed Certificates” ( MIC )

Cisco Aironet APs manufactured prior to July 18, 2005 do not have factory installed public/private keys and certificates

CAs so that the AP can authenticate controllers

controller It also stores an AP MAC, public key tuple in a CSV file

that can be imported into WCS and other controllers

Upgrading Autonomous Access Points

to LWAPP Mode—Best Practices

Deploy, validate controllers and WCS

Plan an LWAPP discovery strategy so APs can discover controllers

Test the process in a lab or on low-traffic, easy-to-troubleshoot APs to validate the procedure

Do the migration during a change window and allow time for troubleshooting

Save the CSV file(s) with the MAC/Public Key mappings even if you import them to WCS

Upgrading Autonomous Access Points to LWAPP Mode—Planning the LWAPP Discovery Strategy

configurations before upgrading and migrate to DHCP addresses

Upgrading Autonomous Access Points to

LWAPP Mode—WLSM and WiSM Co-Existence

Supervisor 720: 12.2(18)SXF2

WLSM: Version 1.4.1

WiSM: 3.2.116.x

Coexistence Between Autonomous Access Point and Controller-Based Architecture

No seamless roaming between architectures

No coordination between WLSE radio management (RM)

and Cisco Unified Architecture RRM

RM and RRM algorithms should account for contention Each architecture may report other’s APs as rogue

Consider network architectural impact and any necessary

changes very carefully

Upgraded APs should be connected to access ports instead of trunk ports

May need to clean-up and harvest old, unnecessary VLANs and

IP subnets

Plan out new IP addressing schemes for wireless clients