Download - Wireless Branch Office Network Architecture
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 1
BRKEWN-2016
Architecturing Network for Branch Offices with Cisco Wireless
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 2
Abstract
This session focuses on the architecture concepts of the branch office WLAN deployments, emphasising the core technologies that drive and enable mobility in retail, banking, education, entreprise or managed wlan services. Topics covered include in-depth protocol description of H-Reap/FlexConnect, all deployment options in practice, and are based on customer case studies for their application into the branch environment.
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 3
Deploying Cisco’s FlexConnect Wireless Branch Solution
Increases Business Resiliency
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 4
Agenda
Cisco Unified Wireless Principles (Reminder)
Branches Using Remote Controllers
Understanding H-REAP Mode and Limitations
Understanding AP Groups and H-REAP Groups
Designing a Resilient Network
Operating an H-REAP–Based Branch Network
Retail Case Study
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 5
Agenda
Cisco Unified Wireless Principles
Branches Using Remote Controllers
Understanding H-REAP Mode and Limitations
Understanding AP Groups and H-REAP Groups
Designing a Resilient Network
Operating an H-REAP–Based Branch Network
Retail Case Study
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 6
Cisco Unified Wireless Principles
Components
• Wireless LAN controllers
• Aironet access points
• Management System (WCS)
• Mobility Service Engine (MSE)
Principles
• AP must have CAPWAP connectivity with WLC
• Configuration downloaded to AP by WLC
• All Wi-Fi traffic is forwarded to the WLC
Wireless LAN
Controllers
Aironet
Access Point
WCS
MSE
Campus
Network
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 7
Agenda
Cisco Unified Wireless Principles (Reminder)
Branches Using Remote Controllers
Understanding H-REAP Mode and Limitations
Understanding AP Groups and H-REAP Groups
Designing a Resilient Network
Operating an H-REAP–Based Branch Network
Retail Case Study
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 8
Branch Designs Using Remote ControllersOverview
Branches can also have local remote controllers
Small form factors WLC are available to have « small campus » : WLC-25xx or integrated controller modules in ISR/ISR-G2
High-availability design with central backup controller is supported; WAN limitations may apply
Remote Site BRemote Site A
WLC-25xx WLCM for
ISR/ISR-G2
Backup Central
Controller
WAN
Central Site
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 9
Branch Designs Using Remote ControllersAdvantages
Cookie cutter configuration for every branch site
Layer-3 roaming within the branch
ACL in the branch site
Peer to peer blocking
WGB support
Reliable Multicast (filtering)
Dynamic VLAN
Note: If you have ISR/ISR G2 at branch site then it is recommended to use the IOS Firewall at edge for unified access policies.
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 10
Agenda
Cisco Unified Wireless Principles (Reminder)
Branches Using Remote Controllers
Understanding H-REAP Mode and Limitations
Understanding AP Groups and H-REAP Groups
Designing a Resilient Network
Operating an H-REAP–Based Branch Network
Retail Case Study
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 11
CAPWAP is a standard, interoperable protocol that enables an Access Controller (AC) to manage a collection of Wireless Termination Points (WTPs)
CAPWAP carries control and data traffic between the two
Control plane is DTLS encrypted
Data plane is DTLS encrypted (optional)
CAPWAP supports only Layer 3 mode deployments
CAPWAP
CAPWAP OverviewControl and Provisioning of Wireless Access Point
Controller
Wi-Fi Client
Business
Application
Control Plane
Data PlaneAccess
Point
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 12
CAPWAP ModesSplit MAC
The CAPWAP protocol supports two modes of operation
Split MAC (Centralized Mode)
Local MAC (H-REAP/FlexConnect)
Split MAC
WTP ACSTA
Wireless Phy
MAC Sublayer
CAPWAP
Data Plane
Wireless Frame
802.3 Frame
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 13
CAPWAP ModesLocal MAC
Local MAC mode of operation allows for the data frames to be either locally bridged or tunneled as 802.3 frames
Locally bridged
WTP AC
Wireless Phy
MAC Sublayer
Wireless Frame
802.3 Frame
STA
H-REAP support locally bridged MAC and split MAC per SSID
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 14
CAPWAP ModesLocal MAC
Local MAC mode of operation allows for the data frames to be either locally bridged or tunneled as 802.3 frames
Tunneled as 802.3 frames
Wireless Phy
MAC Sublayer
Wireless Frame 802.3 Frame
802.3 Frame
CAPWAP
Data Plane
Tunneled local MAC is not supported by Cisco
WTP ACSTA
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 15
H-REAP Glossary
Connected mode – When H-REAP can reach Controller (connected state), it gets help from controller to complete client authentication.
Standalone mode – When controller is not reachable by H-REAP, it goes into standalone state and does client authentication by itself.
Local Switching – Data traffic switched onto local VLANs for an SSID
Central Switching – Data traffic tunneled back to WLC for an SSID
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 16
Branch Office DeploymentHREAP – Hybrid Remote Edge Access Point
Hybrid architecture
Single management and control point
Data Traffic Switching
Centralized traffic (split MAC)
Or
Local traffic (local MAC)
HA will preserve local traffic only
Traffic Switching is configured per AP and per WLAN (SSID)
WAN
Central Site
Remote
Office
Centralized
Traffic
Centralized
Traffic
Local
Traffic
Cluster of
WLC
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 17
Configure H-REAP ModeStep 1: Configure Access Point Mode
Enable H-REAP mode per AP
Supported AP: AP-1130, AP-1240, AP-1040, AP-1140, AP-1260, AP-1250, AP-3500
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 18
Configure H-REAP Local SwitchingStep 2: Enable Local Switching per WLAN
Only WLAN with “Local Switching” enabled will allow local switching at the H-REAP AP
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 19
Configure H-REAP VLAN MappingStep 3: H-REAP Specific Configuration
H-REAP AP can be connected on an access port (using native VLAN) or connected to a 802.1Q trunk port
VLAN mapping is a per AP configuration on WLC and by AP group using templates on a WCS
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 20
Configure H-REAP VLAN Mapping Step 4: Per AP SSID to VLAN Mapping
Mapping of SSID to 802.1Q VLAN is done per H-REAP AP
Use WCS for configuration with templates
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 21
Configure H-REAP VLAN MappingStep 4: Using WCS
With WCS, Configuration can be applied to all H-REAP AP with one template
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 22
H-REAP Design Considerations
Some WAN limitations apply
RTT must be below 300 ms data (100 ms voice)
Minimum 500 bytes WAN MTU (with maximum four fragmented packets)
Some features are not available in standalone mode or in local switching mode
ACL in local switching
MAC/Web Auth in standalone mode
See full list in « H-REAP Feature Matrix »http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a0080b3690b.shtml
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 23
Key Differentiation WAN Tolerance
• High Latency Networks
• WAN Survivability
Security
802.1x based port authentication
Voice support
• Voice CAC
• OKC/CCKM
Economies of Scale for Lean Branches
Flex 7500 Wireless Controller
Access Points 300-2,000
Clients 20,000
Branches 500
Access Points / Branch 50
Deployment Model FlexConnect
Form Factor 1 RU
IO Interface 2x 10GE
Upgrade Licenses 100, 200, 500, 1K
New
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 24
FlexConnect Improvements in New 7.0.116
WAN Survivability
FlexConnect AP provides wireless access and services to clients when the connection to the primary WLC fails
Local Authentication
Allows for the authentication capability to exist directly at the AP in FlexConnect instead of the WLC
Improved Scale
Group Scale: Max HREAP groups increased to 500 (7500s) and 100 (5500s)
APs per Group: 50 (7500s) and 25 (5500s)
Fast roaming in remote branches
Opportunistic Key Caching (OKC) between APs in a branch
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 25
Agenda
Cisco Unified Wireless Principles (Reminder)
Branches Using Remote Controllers
Understanding H-REAP Mode and Limitations
Understanding AP Groups and H-REAP Groups
Designing a Resilient Network
Operating an H-REAP–Based Branch Network
Retail Case Study
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 26
Understanding AP Groups
AP groups is a logical concept of grouping AP which deliver similar Wi-Fi services; these services can be:
By physical location, and/or
By functional services (data, voice, guest, …)
Same AP groups need to be defined in all WLC of a mobility group
Overview
Remote Site A Remote Site B
Central Site
WAN
AP Group 1
AP Group 2 AP Group 3
Flex 7500
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 27
Understanding AP GroupsRules to Know
Rules to know :
• One AP can be in only one AP Group
• One WLAN(SSID) can be in several AP Groups
• WLAN with ID 1-16 can not be removed from the ‘default-group’
• WLAN with ID greater than 16 will never be part of the ‘default-group’
• All AP with no AP Group name or an unknown AP Group name will be part of the ‘default-group’
Well known mistakes :
• Create no AP group, but create a WLAN with ID 17+.
• Having AP groups defined, Create WLAN with ID 17+ but never map the WLAN to any AP Group.
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 28
AP Groups
Configuration: Create a New Group
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 29
AP Groups
Configuration: Add AP to Group
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 30
WAN/MAN
AP Groups Usage
AP groups give the ability to enable Wi-Fi Services (WLAN) based on physical location
Example
Central Site
Corporate-Voice,
Corporate-Data, Guest-Access
Manufacturing Plan
Corporate-Voice, Corporate-Data, Scanners
Store
Corporate-Data, Guest-Access
Per Location SSIDCentral Site
StoreManufacturing Plan
AP Group 2
AP Group 3
AP Group 1
Corporate-Voice
Guest-Access
Corporate-Data
Guest-Access
Corporate-Data
@ Internet
Scanners
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 31
AP Groups UsagePer AP Group SSID to VLAN Mapping
AP groups give the ability to statically map Wi-Fi service (WLAN) to VLAN based on physical location
Users see the same Wi-Fi service on all sites but IP@ can be used for monitoring or filtering
Can also be used to have smaller Wi-Fi subnets
Corporate-Data
Corporate-Data
Corporate-Data
VLAN-1
VLAN-2
VLAN-3
Manufacturing
Plan Store
Central Site
WAN/MAN
AP Group 1
AP Group 2 AP Group 3
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 32
AP Groups
Configuration/VLAN Mapping
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 33
AP GroupsScaling
Scaling Flex 7500 WLC 5508 WLC 4400 WLC 2100
# AP Groups 500 500 300 50
# WLAN
(SSID)512 512 512 512
# VLAN
(Interfaces)512 512 512 512
New
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 34
Understanding H-REAP GroupsOverview
H-REAP groups allow sharing of:
CCKM/OKC fast roaming keys
Local backup RADIUS servers IP/keys
Local user authentication
Local EAP authentication
Scaling information
500 H-REAP groups for Flex 7500
50 AP per H-REAP group
H-REAP Group 1
Remote Site Remote Site
WAN
Central Site
H-REAP Group 2
Flex 7500
Cluster
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 35
H-REAP Groups and CCKM/OKC Keys
CCKM/OKC keys are stored on HREAP APs for Layer 2 fast roaming
The HREAP APs will receive the CCKM/OKC keys from the WLC
If a HREAP AP boots up in the standalonemode, it will not get the CCKM keys from the WLC and fast roaming is not supported
WAN
Central Site
Remote SiteH-REAP
Group 1 H-REAP
Group 2
Remote Site
RADIUS Server
CCKM Keys
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 36
Add a New
H-REAP Group
Add APs to the
H-REAP Group
H-REAP Groups and CCKM Keys
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 37
Agenda
Cisco Unified Wireless Principles (Reminder)
Branches Using Remote Controllers
Understanding H-REAP Mode and Limitations
Understanding AP Groups and H-REAP Groups
Designing a Resilient Network
Operating an H-REAP–Based Branch Network
Retail Case Study
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 38
H-REAP Backup ScenarioWAN Failure
H-REAP will backup on local switched mode
No impact for locally switched SSIDs
Disconnection of centrally switched SSIDs clients
Static authentication keys are locally stored in H-REAP AP
Lost features
RRM, WIDS, location, other AP modes
Web authentication, NAC
Remote Site
WAN
Central Site
Application
Server
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 39
H-REAP Backup ScenarioWLC Failure
H-REAP will first backup on local switched mode
No impact for locally switched SSIDs
Disconnection of centrally switched SSIDs clients
CCKM roaming allowed in H-REAP group
H-REAP AP will then search for backup WLC; when backup WLC is found, H-REAP AP will resync with WLC and resume client session with central traffic.
Client session with Local Traffic are not impacted during resync with Backup WLC.
Remote Site
WAN
Central Site
Application
Server
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 40
H-REAP Group: Local Backup RADIUSBackup Scenario
Normal authentication is done centrally
On WAN failure, AP authenticate new client with locally defined RADIUS server
Existing connected clients stay connected
Clients can roam with
CCKM fast roaming, or
Reauthentication
Remote Site
WAN
Central Site
H-REAP Group 1
Central RADIUS
Local Backup
RADIUS
CCKM Fast Roaming
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 41
H-REAP Group: Local Backup RADIUSConfiguration
Define primary and secondary local backup RADIUS server per H-REAP group
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 42
H-REAP Group: Local Backup AuthenticationBackup Scenario
Normal authentication is done centrally
On WAN failure, AP authenticate new client with its local database
Each H-REAP AP has a copy of the local user DB
Existing authenticated clients stay connected
Clients can roam with:
CCKM fast roaming, or
Local re-authentication
Only LEAP and EAP-FAST Supported!
Remote Site
WAN
Central Site
Central RADIUS
CCKM Fast Roaming
H-REAP Group 1
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 43
H-REAP Group: Local Backup AuthenticationConfiguration
Define users (max 100) and passwords
Define EAP parameters (LEAP or EAP-FAST)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 44
H-REAP Backup ScenarioWAN Down Behavior (Bootup Standalone Mode)
Central Switched WLANs will shutdown
Web-auth WLANs will shutdown
Local Switched WLANs will be up :
Only Open, Shared and WPA-PSK are allowed.
Local 802.1x allowed with local authentication or local RADIUS
Unsupported features
RRM, CCKM, WIDS, Location, Other AP Mode, NAC.
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 45
Not Supported Backup ScenarioAP Changing Mode on Failure
AP can not automatically change from local mode to H-REAP mode on local WLC failure
Changing mode is a configuration task of the AP
Why it does not make sense
Need for dual configuration at the switch level (access port for central, 802.1Q for H-REAP)
Lost controller features when going to H-REAP
If you accept H-REAP locally, then don’t but local WLC
!
Remote Site
Central Site
WAN
Application
Server
Not Supported Backup Scenario!
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 46
H-REAP AP can not be configured with two SSID with same name; one in central switching mode, one in local switching mode; when central switching is down, local switched SSID becomes active
Changing enable status of an SSID is a configuration task of the WLC level
Cisco recommends using Local Switching. Why?
Fault Tolerance will always keep client connection UP.
Not Supported Backup ScenarioAuto-Enabling Backup Local Switching
Remote Site
Central Site
Backup
Application
Server
SSID “Data”(Central Switching)
SSID “Data”(Local Switching)
H-REAP AP
Disable Enable
Primary
Application
Server
Not Supported Backup Scenario!
!
WAN
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 47
Failover Matrix
FeatureWAN Up
(Connected)
WAN Down
(Standalone)
Static Security Keys
(WEP, WPA2/PSK)Yes Yes
802.1x/EAP Yes Yes
RADIUS YesYes
(local RADIUS Backup)
Local Authentication Yes Yes
OKC Fast Roaming YesYes
(not new clients)
WebAuth & MAC Auth Yes No
New
New
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 48
Agenda
Cisco Unified Wireless Principles (Reminder)
Branches Using Remote Controllers
Understanding H-REAP Mode and Limitations
Understanding AP Groups and H-REAP Groups
Designing a Resilient Network
Operating an H-REAP Based Branch Network
Retail Case Study
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 49
RTT for H-REAP AP must be 300ms maximum
Latency tool will help monitor WAN latency
Monitor H-REAP Latency
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 50
Upgrading an H-REAP DeploymentConcerns
Sites using H-REAP AP are usually sites with low WAN bandwidth
Each site may have small number of AP, but an enterprise may have a lot of branches
Upgrading ~2000 AP through a low bandwidth WAN is a challenge :
• Time needed to download all the AP firmware
• Exhaust of the WAN link
• Risk of failures during the download
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 51
WAN
Upgrading an H-REAP DeploymentSafe Process
Use “Pre-Download”Feature and Control the Process Before Effectively Do the Upgrade
1.Download WLC upgraded firmware (will become primary)
2.Force the « boot image » to be the secondary (and not the newly upgraded one) to avoid parallel download of all AP in case of unexpected WLC reboot
Remote Site-1 Remote Site-N
Wireless Control
SystemWireless LAN
Controller
Primary Secondary
Firmware Image
7.0
6.07.07.06.0
Central Site
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 52
WAN
3. « Pre-download » the AP firmware in the secondary « boot image » (will not disrupt the actual service)—Can be started AP per AP to limit WAN exhaust
4. Check that all the H-REAP AP are up-to-date (all download succeed)
5. Swap the « boot image » of the AP to the new one, change the « boot image » of the WLC to the new one
6. Reboot the controller
6.07.07.06.0
6.07.07.06.0
Central Site
Remote Site-1 Remote Site-N
Wireless Control
SystemWireless LAN
Controller
Primary Secondary
Firmware Image
Primary Secondary
AP Firmware Image
Upgrading an H-REAP DeploymentSafe Process (Cont…)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 53
Agenda
Cisco Unified Wireless Principles (Reminder)
Branches Using Remote Controllers
Understanding H-REAP Mode and Limitations
Understanding AP Groups and H-REAP Groups
Designing a Resilient Network
Operating an H-REAP–Based Branch Network
Retail Case Study
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 54
Customer Requirements
~1000 Medium stores (“Supermarket”)
Up to 5 AP per store.
L2 connectivity between the AP. AP on access port (no 802.1Q trunk today)
Existing local resources (servers, …)
WLAN Services :
SSID for Scanners :
• WPA-PSK will be used on scanners
• Same SSID name for all the stores, but different key per store
• Local Switching in the store
SSID for Laptops :
• WPA/TKIP or WPA2/AES for laptops
• Same SSID name and VLAN for all the stores
• Central RADIUS authentication
• Central Switching
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 55
Data Center
Store-1
WAN
Local Resource
H-REAP
CT-5508
Cluster
RADIUS
Scanners
(WPA-PSK)
SSID-Scanner
(Key-Store-1) SSID-Laptop
(WPA2)
Laptops
(WPA2)
Store-N
H-REAP
Scanners
(WPA-PSK)
SSID-Scanner
(Key-Store-N) SSID-Laptop
(WPA2)
Laptops
(WPA2)
1000 Stores
Local Resource
WLAN 17 : Store 1 SSID=Scanner
WPA-PSK=XYZ
Local VLAN=native
…
WLAN 17+N : Store-N SSID=Scanner
WPA-PSK=ZYX
Local VLAN=native
WLAN 200 : Store-Data SSID=Laptop
WPA/RADIUS
Central VLAN=Tag-
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 56
Data Center
Store-1
WAN
H-REAP
Scanners
(WPA-PSK)
SSID-Scanner
(Key-Store-1) SSID-Laptop
(WPA2)
Laptops
(WPA2)
AP-Group-1
Store-N
H-REAP
Scanners
(WPA-PSK)
SSID-Scanner
(Key-Store-N) SSID-Laptop
(WPA2)
Laptops
(WPA2)
AP-Group-N
1000 Stores
Local Resource Local Resource
CT-5508
ClusterAP Group 1 : Store 1 WLANs : Store-1
Store-data
…
AP Group N : Store-N SSID=Scanner
WLANs : Store-N
Store-data
RADIUS
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 57
Project Scale
1000 Stores with an average of 5 AP per store : 5000 AP
10 x CT-5508-500 to support 5000 AP
1000 Stores means :
• 1000 WLAN profiles with 1000 same SSID for Scanners each with a different WPA2-PSK key per store (*)
• 1 WLAN profile with same SSID for Laptops with central switching and central WPA/Radius authentication
• 1000 AP Groups to map the WLAN profiles on each store
Capabilities to be supported by CT-5508-500 for this case study :
• 100 Stores managed by a CT-5508
• 100 different WLAN Profiles with same H-REAP SSID per CT
• 100 AP Groups per CT
• No H-REAP Groups for phase 1
Summary
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 59
Summary
Cisco Unified Wireless Network based on Controllers deliver Wireless Branch Solution
H-REAP is the feature designed to solve remote connectivity and WAN constraints
Several Failover Scenario are targeted to offer Survivability of Small Remote Sites
Deployment Guide URL- http://www.cisco.com/*****
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 60
Deploying Cisco’s FlexConnect Wireless Branch Solution
Increases Business Resiliency
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 61
Recommended Reading
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 62
Visit the Cisco Store for Related Titles
http://theciscostores.com
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 63
Complete Your Online Session Evaluation
Receive 25 Cisco Preferred Access points for each session evaluation you complete.
Give us your feedback and you could win fabulous prizes. Points are calculated on a daily basis. Winners will be notified by email after July 22nd.
Complete your session evaluation online now (open a browser through our wireless network to access our portal) or visit one of the Internet stations throughout the Convention Center.
Don’t forget to activate your Cisco Live and Networkers Virtual account for access to all session materials, communities, and on-demand and live activities throughout the year. Activate your account at any internet station or visit www.ciscolivevirtual.com.
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 64
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKEWN-2018 65
Thank you.