Cisco on premise wireless update-clle-2014

Local Edition

Cisco On-Premise Wireless Update

Robert PalmerConsulting Systems Engineer

© 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco PublicLocal Edition

Network Level HAAutonomous FlexConnect Centralized Converged Access

Traffic Distributed at AP Traffic Centralized at Controller

Traffic Distributed at SwitchStandalone APs

Target Positioning Small Wireless Network Branch Campus Branch and Campus

Purchase Decision

Wireless only Wireless only Wireless only Wired and Wireless

High Availability

• Can only claim AP quality• No RF HA• No Network layer HA • No services

• Full RF HA• Client SSO when Local

Switching• Most complete solution • Exploits HA in IOS switches

Key Considerations

• Limited features. Upgradable to controller based

• Branch with WAN BW and latency requirements

• Full features• Catalyst 3650/3850 in the access

layer

WAN

Local Edition

Network Infrastructure HA – Centralized Mode


Centralized Mode HA

4

N+1 Redundancy(Deterministic/Stateless HA,

a.k.a.: primary/secondary/tertiary)

Each Controller has to be configured separately

Available on all controllersCrosses L3 boundariesFlexible: 1:1, N:1, N:N

HA-SKU available (> 7.4)

AP SSO(SSID stateful switchover)

Release: 7.3 and 7.4WLC: 5508, WiSM2, 7500, 8510

Direct physical connectionSame HW and SW1:1 box redundancy

AP state is synched No SSID downtime

HA-SKU available (> 7.4)

Client SSO

Minimum release: 7.6WLC: 5508, WiSM2, 7500, 8510

L2 connectionSame HW and software

1:1 box redundancy

Active Client State is synched AP state is synched

No Application downtimeHA-SKU available

Requirements Benefits

Net

wo

rk U

pti

me


N+1 Redundancy

5

• Administrator statically assigns APs a primary, secondary, and/or tertiary controller

Assigned from controller interface (per AP) or Prime Infrastructure (template-based)

You need to specify Name and IP if WLCs are not in the same Mobility Group

• Pros:

Support for L3 network between WLCs

Flexible redundancy design options (1:1, N:1, N:N:1)

WLCs can be of different HW and SW

Predictability: easier operational management

Faster failover times configurable

“Fallback” option in the case of failover

• Cons:

Stateless redundancy

More upfront planning and configuration

WLAN-Controller-A WLAN-Controller-B WLAN-Controller-C

Primary: WLAN-Controller-1Secondary: WLAN-Controller-2Tertiary: WLAN-Controller-3




N+1 RedundancyGlobal backup Controllers

6

Backup controllers configured for all APs under Wireless > High Availability

Used if there are no primary/secondary/tertiary WLCs configured on the AP

The backup controllers are added to the primary discovery request message recipient list of the AP.


7

N+1 RedundancyAP Failover mechanism

When configured with Primary and backup Controller:

‒ AP uses heartbeats to validate current WLC connectivity

‒ AP uses Primary Discovery message to validate backup WLC list (every 30 sec)

‒ When AP looses 5 heartbeats it start join process to first backup WLC candidate

‒ Candidate Backup WLC is the first alive WLC in this order : primary, secondary, tertiary, global primary, global secondary.

‒ Failover is faster than Dynamic mode because AP goes back to discovery state just to make sure the backup WLC is UP and then immediately starts the JOIN process

DiscoveryReset

Image Data

Config

Run

AP Boots UP

DTLS Setup

Join

When failover happens


8

AP Failover

• The access point maintains a list of backup controllers and periodically sends primary discovery requests to each entry on the list.

• Configure a primary discovery request timer to specify the amount of time that a controller has to respond to the discovery request

AP Primary Discovery Request Timer


9

AP Failover

• AP sends HA heartbeat packets, by default every 1 sec• Fast Heartbeats reduce the amount of time it takes to detect a controller failure• When the fast heartbeat timer expires, the AP sends a 3 fast echo requests to the WLC for 3 times• If no response primary is considered dead and the AP selects an available controller from its

“backup controller” list in the order of primary, secondary, tertiary, primary backup controller, and secondary backup controller.

• Fast Heartbeat only supported for Local and Flex mode

Fast Heartbeat


10

AP Failover

• Assign priorities to APs: Critical, High, Medium, Low

• Critical priority APs get precedence over all other APs when joining a controller

• In a failover situation, a higher priority AP will be allowed in ahead of all other APs

• If controller is full, existing lower priority APs will be dropped to accommodate higher priority APs

AP Failover Priority

AP Priority: Critical

AP Priority: Medium

Controller

Critical AP fails over

Medium priorityAP dropped


N+1 RedundancyBest Practices

11

Most common Design is N+1 with Redundant WLC in a geographically separate location

Configure high availability parameters to detect failure and faster failover (min 30 sec)

Use AP priority in case of over subscription of redundant WLC, or

Use HA SKU available for 5508, 7500, 8500 and 2500 (from 7.5) controllers

APs Configured With:Primary: WLAN-Controller-1Secondary: WLC-BKP

APs Configured With:Primary: WLAN-Controller-2Secondary: WLC-BKP

APs Configured With:Primary: WLAN-Controller-nSecondary: WLC-BKP

WLAN-Controller-1

WLAN-Controller-2

WLAN-Controller-n

WLC-BKP

NOC or Data Center

For more info: http://www.cisco.com/en/US/docs/wireless/technology/hi_avail/N1_HA_Overview.html or http://www.cisco.com/en/US/prod/collateral/wireless/ps6302/ps8322/ps10315/qa_c67-714540.html

http://www.cisco.com/en/US/docs/wireless/technology/hi_avail/N1_HA_Overview.html

http://www.cisco.com/en/US/docs/wireless/technology/hi_avail/N1_HA_Overview.html

http://www.cisco.com/en/US/prod/collateral/wireless/ps6302/ps8322/ps10315/qa_c67-714540.html

http://www.cisco.com/en/US/prod/collateral/wireless/ps6302/ps8322/ps10315/qa_c67-714540.html


N+1 RedundancyHA-SKU

12

No need to purchase licenses on backup WLC. When backup takes over, 90-days counter is started HA-SKU Controller needs to be configured normally as you would do with the secondary controller

(no auto synch). Supported on 5508, WiSM2, Flex7500, 8510 and 2504 The HA-SKU provides the capability of the maximum number of APs supported on that hardware From 7.6 you can add licenses to HA SKU and use it as Active controller

Primary Controller: WiSM-2 License Count: 500APs connected: 400

Primary Controller : 2504License Count: 50APs connected: 25

AIR-CT5508-HA-K9Secondary ControllerAIR-CT5508-HA-K9Secondary ControllerAIR-CT5508-HA-K9Secondary ControllerMax AP support:500 APs

No licenses needed on secondary


Quick recap…

• Primary/Secondary/Tertiary WLC need to be defined on each AP– Each WLC configured separately and have their own unique IP Address

• Primary and Secondary Backup are configured Globally

• Fast Heartbeat can be used to speed up failover

• With Failover detection AP goes in Discovery State and CAPWAP State Machine is restarted

• Downtime between Failover may go up to 1.5 minutes depending upon number of APs

• Each WLC is managed and monitored separately by Prime Infrastructure

Local Edition

Centralized Mode: Stateful Switchover


Stateful Switchover (SSO)

• True Box to Box High Availability i.e. 1:1– One WLC in Active state and second WLC in Hot Standby state – Secondary continuously monitors the health of Active WLC via dedicated link

• Configuration on Active is synched to Standby WLC– This happens at startup and incrementally at each configuration change on the Active

• What else is synched between Active and Standby?– AP CAPWAP state in 7.3 and 7.4: APs will not restart upon failover, SSID stays UP – AP SSO– Active Client State in 7.5: client will not disconnect – Client SSO

• Downtime during failover reduced to 5 - 1000 msec depending on Failover– In the case of power failure on the Active WLC it may take 350-500 msec

– In case of network failover it can take up to few seconds

• SSO is supported on 5500 / 7500 / 8500 and WiSM-2 WLC

15

For more info: http://www.cisco.com/en/US/docs/wireless/controller/technotes/7.5/High_Availability_DG.html

http://www.cisco.com/en/US/docs/wireless/controller/technotes/7.5/High_Availability_DG.html

http://www.cisco.com/en/US/docs/wireless/controller/technotes/7.5/High_Availability_DG.html


STANDBY

Redundancy Link Established(Over dedicated Redundancy Port)

ONLY AP info SyncKeep-Alive failure/Notify Peer

GARP

Client Associate

AP Join

AP session intact. Does not re-establish

capwap

AP SSOEffective downtime for client is Detection time + Switchover time + Reassociation

Switch

Redundancy Role Negotiation

ACTIVE

disassoc

Client re-associates

AP SSO Failover sequence


STANDBY

Redundancy Link Established(Over dedicated Redundancy Port)

AP and Client info SyncKeep-Alive failure/Notify Peer

GARP

Client session intact. Does not re-associate

Client Associate

AP Join

AP session intact. Does not re-establish

capwap

CLIENT SSOEffective downtime for client is

Detection time + Switchover time

Switch

Redundancy Role Negotiation

ACTIVE

Client SSO Failover sequence


Stateful Switch Over (SSO)

• Redundancy Management Interface (RMI)– To check gateway reachability sending ICMP packets every 1 sec– To verify peer reachability via the network once the Active does not respond to keepalives on the Redundant Port– Notification to standby in event of box failure or manual reset– Communication with Syslog, NTP, TFTP server for uploading configurations– Should be in same subnet as Management Interface

Redundancy Management Interface

18



• Redundancy Port (RP):

– To check peer reachability sending udp keep alive messages every 100 msec

– Notification to standby in event of box failure

– Configuration synch from Active to Standby (Bulk and Incremental Config)

– Auto generated IP Address where last 2 octets are picked from the last 2 octets of Redundancy Management Interface (First 2 octets are always 169.254)

– If NTP is not configured manual time synch is done from Active to Standby

Redundancy Port

19



• Before configuring HA, Management interfaces on both WLCs must be on the same subnet

• Mandatory Configuration for HA setup:

– Redundant Management IP Address

– Peer Redundant Management IP Address

– Redundancy Mode set to SSO enable (7.3 and 7.4 would show AP SSO)

– Primary/Secondary Configuration – Required if peer WLC’s UDI is not HA SKU

– The Primary HA must have valid AP licenses

– Unit can be secondary of it has at least 50 AP permanent licenses

Configuration

20

Optional Configuration:• Service Port Peer IP• Mobility MAC Address• Keep Alive and Peer Search Timer All can be configured on same page



• Pairing is possible only between same type of hardware and software version.

• Reboot of WLC is required after HA is enabled. Pairing happens when WLC is booting.

• WLC looks for peer (120 sec), the role is determined, configuration is synched from the Active WLC to the Standby WLC via the Redundant Port.

• Initially, the WLC configured as Secondary will report XML mismatch and will download the configuration from Active and reboot again

HA Pairing



• During the second reboot, after role determination, Secondary WLC will validate the configuration again, report no XML mismatch, and process further in order to establish itself as the Standby WLC

HA Pairing



• While config is synching from Active to Standby WLC or Standby WLC is booting no config operation is possible on Active WLC.

• Active and Standby election is not an automated process: – Active/Standby WLC is decided based on HA SKU. HA SKU is always the Standby– If no HA SKU present, Active/Standby is configurable

• No configuration is possible on Standby WLC once paired:

HA Pairing


Stateful Switchover (SSO)Configuration validation

24

Main command is “show redundancy summary”



Only Console and Service Port is available to connect to Standby WLC

TFTP, NTP and Syslog traffic use the Redundant Management Interface on the Standby WLC

Telnet / SSH / SNMP / Web Access is not available on Management and Dynamic interface on Standby WLC

When SSO is enabled, there is no SNMP/GUI access on the service port for both the WLCs in the HA setup

Connectivity to the boxes



• Standby WLC may transition to Maintenance Mode if– Gateway not reachable via Redundant Management Interface

– Software mismatch

– WLC with HA SKU have never discovered its peer

– Redundant Port is down

In Maintenance mode same rule to connect to standby box apply

WLC should be rebooted to bring it out of Maintenance Mode

─ From 7.6 it will recover automatically after the network converges again

Maintenance Mode


Active Controller

Hot Stand-by Controller

RP 1

RP 2


How shall I connect the HA Controllers?

• 5500/7500/8500 have dedicated Redundancy Ports– Direct connection supported in 7.3 and 7.4– L2 connection supported in 7.6 and above

• WiSM-2 has dedicated Redundancy VLAN– Redundancy VLAN should be a non-routable VLAN, meaning a

Layer 3 interface should not be created for this VLAN

– WISM-2 can be deployed in single chassis OR multiple chassis

– WISM-2 in multiple chassis needs to use VSS (7.3, 7.4)

– WISM-2 in multiple chassis can be L2 connected in 7.5 and above

• Requirements for L2 connection: RTT Latency: < 80 ms; Bandwidth: > 60 Mbps; MTU: 1500

Design & Deployment considerations

L2 network (7.5)



• HA Pairing is possible only between the same type of hardware and software versions

• Physical connection between Redundant Ports should be done first before HA configuration

• Keepalive and Peer Discovery timers should be left at default values for better performance

• Internal DHCP is not supported when HA configuration is enabled

• Location, Rogue information, Device and root certificates are not auto synched

• When HA is disabled on Active it will be pushed to Standby and after reboot all the ports will come up on Active and will be disabled on Standby

• SSO and MESH APs: only RAP are supported from 7.5, for MAPs the state is not synched

• In Service Software upgrades are not supported (ISSU): plan for down time when upgrading software

Design & Deployment considerations



After the WLCs are configured in the HA setup, the Standby WLC cannot be upgraded directly from the TFTP/FTP server.

1. Initiate upgrade on the Active WLC in the HA setup via CLI/GUI, and wait for the upgrade to finish.

2. Once the Active WLC executes all the upgrade scripts, it will transfer the entire image to the Standby WLC via the Redundant Port.

3. When the Standby WLC receives the image from the Active WLC, it will start executing the upgrade scripts.

4. Issue the show boot command on the Active WLC in order to make sure the new image is set as the primary image.

5. Once verified, optionally initiate primary image pre-download on the Active WLC in order to transfer the new image to all the APs in the network.

6. It is recommended to reboot both the WLCs almost together after upgrade so that there is no software version mismatch. The Standby WLC can be rebooted from the Active WLC using the reset peer-system command if a scheduled reset is not planned.

7. Schedule Reset applies to both the WLCs in the HA setup. The peer WLC reboots one minute before the scheduled timer expiry on the Active WLC.

Design & Deployment considerations: software upgrade procedure

For YourReference



• ONLY Clients in RUN state are maintained during failover– Transient list is deleted– Clients in transitions like roaming, dot1x key regeneration, webauth logout, etc. are disassociated– Posture and NAC OOB are not supported, since client is not in RUN state

• Some clients and related information are not synced between Active and Standby– CCX Based apps - need to be re-started post Switch-over– Client Statistics are not synced– PMIPv6, NBAR, SIP static CAC tree are not synced, need to be re-learned after SSO– WGB and clients associated to it are not synced– OEAP(600) clients are not synced– Passive clients are not synced

• New mobility is NOT supported with SSO

Design & Deployment considerations specific to 7.6 (client SSO)

30



Hybrid Design: SSO HA can work together with N+1 failover

SSO pair can act as the Primary Controller and be deployed with Secondary and Tertiary

On failure of both Active and Standby WLC in SSO setup, APs will fall back to secondary and further to configured tertiary controller

Useful to reduce downtime for SSO pair software upgrade

Design: Integration with N+1 deployments



• HA Pair with HA-SKU License on one WLC:– HA-SKU is a new SKU with Zero AP Count License

– The device with HA-SKU becomes Standby first time it pairs up

– AP-count license info will be pushed from Active to Standby

– On event of Active failure HA-SKU will let APs join with AP-count obtained and will start 90-day count-down. The granularity of the same is in days.

– After 90-days, HA-SKU WLC starts nagging messages but won’t disconnect connected APs

– With new WLC coming up HA SKU, at the time of paring, the Standby will get the AP Count:

• If new WLC has higher AP count than previous, 90 days counter is reset.

• If new WLC has lower AP count than previous, 90 days counter is not reset.

• Elapsed time and AP-count are remembered on reboot

Licensing


AFTERNetwork Based Application Recognition –

NBAR2 Deep Packet Inspection and App ID

Cisco WLAN AVC and Prime Assurance Provides Unparalleled Visibility and Control

BEFOREApplication View and ControL Based

On L4 Firewall Sessions

Cisco’s Application Visibility and ControlIdentify, Analyze, and Optimize Application Traffic

NBAR2 LIBRARYDeep Packet Inspection

Real TimeInteractiveNon-Real TimeBackground

POLICYPacket Mark

and Drop

First Generation Firewall

Visibility to the port level interaction but not the applications running within the port

View, Control and Troubleshoot – End User Application ExperienceFW L4 Session Visibility and Control

HTTP = 75%SMTP = 15%FTP = 2%Telnet = 1%SNMP = 3%

Wireless LAN Controller Improved

Visibility and Control

Traffic


If you have Several Traffic Types to Target: Use Application Visibility and Control• Internal application

recognitionengine based on NBAR

• More than 1000 applicationsrecognized, including Netflix,Skype, Lync audio, Lync video viber, ventrilo, etc.

34


Application Visibility and Control

• With AVC, you can create rules to mark untagged applications (but also to permit or deny some application traffic!):

1. Create a new policy

2. Add rules, including what application to recognize, and what to do with it:

• Marking application will help prioritization between AP and WLC, and from AP to the cell

Wireless > AVC > AVC Profiles > New

35


Application Visibility and Control

3. Apply your policy to the WLAN:

4. Watch your traffic:

36


Client Profiling

• ISE offers a rich set of BYOD features: e.g. device identification, onboarding, posture and policy

• Customers who do not deploy ISE but still require some of ISE features directly in WLC:• Native profiling of identifying network end devices based on

protocols like HTTP, DHCP• Device-based policies enforcement per user or per device

policy on the network. • Statistics based on per user or per device end points and

policies applicable per device.


Client Profiling

• WLC-based local policy consists of 2 separate elements.– Profiling can be based on:

• Role - defining user type or the user group the user belongs to.• Device type – e.g. Windows, OS_X, iPad, iPhone, Android, etc.• EAP Type - check what EAP method the client is getting connected to.

– Action is policy that can be enforced after profiling:• VLAN - override WLAN interface with VLAN id on WLC• QoS level – override WLAN QoS• ACL – override with named ACL• Session timeout – override WLAN session timeout value• Time of day – policy override based on time of the day, else default to

WLAN.


Client Profiles• When profiling is enabled, a client Device Type can be shown on

WLAN.

(Cisco Controller) >show client summary devicetype

Number of Clients................................ 3

MAC Address AP Name Status Device Type ----------------- ---------------- ------------- --------------------------------

14:10:9f:ea:b8:c2 AP3600MM Associated OS_X-Workstation c8:d7:19:34:7e:dd AP3600MM Associated Windows7-Workstation d8:d1:cb:9a:28:f8 AP3600MM Associated Apple-iPhone


Security Local Policies

Match - How to Identify a Device• Role• EAP Type• Device Type

Action - Policy to Enforce• VLAN• QoS• Session Timeout• Sleeping Client

Timeout• Time of Day


Bandwidth Control – per Device Type

• You can also identify connecting devices, from the WLC or though Cisco ISE, and create a policy based on what they are:

How to identify that deviceWhat policy to apply

Close to 100 types on WLC

41


Configuring Policies

• You can then apply the policies to the WLANs, in the order you want them to be applied, up to 16 policies per WLAN:

• Each policy can groupseveral devices

Set the index.

Pick the policy, then click Add

42


The Protocol Problem• Why Bonjour services need modifications?

Bonjour • Apple service discovery protocol

• mDNS packets advertise and discover services clients

• Does not cross subnets or VLANs.

Result: Clients can’t see services on other subnets


CAPWAP Tunnel

Apple TV

224.0.0.251

Bonjour is Link-Local Multicast and can’t be Routed

224.0.0.251

VLAN X

VLAN X

VLAN Y

Deployment Challenges

• Bonjour is link local multicast

• AirPlay (Apple TV) and AirPrint supported only on a single VLAN


Bonjour GW on WLCStep 1 – Listen for Bonjour Services

CAPWAP Tunnel

AirPrint

Apple TV

VLAN 23

Bonjour Advertisement

VLAN 20

VLAN 99 iPad

AirPlay Offered

AirP

rint

Offe

red

Bonjour Advertisement


Bonjour GW on WLCStep 2 – Cache Bonjour Services on Controller

CAPWAP Tunnel

AirPrint

Apple TV

VLAN 23

VLAN 20

VLAN 99 iPad

AirPlay Offered

AirP

rint

Offe

red

Bonjour Cache:AirPlay – VLAN 20AirPrint – VLAN 23


Bonjour GW on WLCStep 3 – Listen for Client Service Queries for Services

CAPWAP Tunnel

AirPrint

Apple TV

VLAN 23

VLAN 20

VLAN 99 iPad


Is AirPlay Offered?

Bonjour Query


Bonjour GW on WLCStep 4 – Respond to Client Queries for Bonjour Services

CAPWAP Tunnel

AirPrint

Apple TV

VLAN 23

VLAN 20

VLAN 99 iPad


AirPlay is available on VLAN20

Bonjour Response From Controller


CAPWAP Tunnel

Apple TV

224.0.0.251

With mDNS-AP Bonjour services can be seen from any VLAN

224.0.0.251

VLAN X

VLAN X VLAN Y

Deployment Changes with Bonjour Services Phase 2

• Bonjour is link local multicast and thus forwarded on Local L2 domain

• mDNS AP snoop Bonjour services behind the Router or not L2 adjacent VLANs and forwards them to WLC in CAPWAP tunnel.

Apple Services

mDNS AP

CAPWAP Tunnel

VLAN Y

VLAN Y


Bonjour Services Directory Policy Example for Education

• Teachers are allowed to print, access the Apple TV and file shares.

• Students are allowed to print and share iTunes, but not access the Apple TV, or file shares.

Teacher Network

Services Directory

StudentNetwork

AirPrint AirPlay FileShare

Teacher Service Policy

AirPrint AirPlay FileShare

StudentService Policy

iTunesSharing


What is coming in 8.0?

• https://www.youtube.com/watch?v=2g5aMDjL6LQ&feature=youtu.be

51

https://www.youtube.com/watch?v=2g5aMDjL6LQ&feature=youtu.be

https://www.youtube.com/watch?v=2g5aMDjL6LQ&feature=youtu.be


Why High Density Wi-Fi?

• Wireless has become the preferred access technology -- and in many cases the only practical one

• The need for high density started with stadiums and auditoriums – but has reached every network

• The explosion of smart devices and increasing connection counts per seat are everywhere

• Application demands are increasing

• Even with advances - wireless is still a shared half-duplex medium and requires efficient use to succeed.

2 to 3 devices per user


What are Some Typical Challenges?

• Interference from other WiFi networks in the venue

• Interference from non-WiFi systems operating in the same band

• Co-channel interference: Many APs in the venue, but effectively no more capacity

• Clients operating at low data rates (ex. 802.11b) pull down the performance of the network

• Clients mistakenly choose a 2.4 GHz radio (louder signal) instead of 5 GHz (less load)

• Sticky Clients: Clients mistakenly stay on the same AP, even when person has moved from one end of the venue to another

• Limitations on mounting assets. Hard to put APs where you want them

• Probe storms: 2.4 GHz clients probe on all 11 overlapping channels


Advanced

Solid RF Design Basic Tuning

• Constrain RF– Directional Antennas,

Down-Tilt

• Good RF Layout/Design: – Channels, Tx Power

• Eliminate Interference– Rogues and Non-Wi-

Fi Interference

• Minimize SSIDs

• Disable Low Data Rates– Helps with Sticky

Clients, Improves capacity

• Band Steering– Push dual-band

clients to 5 GHz

• RF Profiles

• Rx-SOP Tuning– Greatly improves

capacity by reducing co-channel impact

– Also reduces sticky clients

• Optimized Multicast Video

HD Wi-Fi -- Best Practices


Cisco High Density Experience TechnologyOptimized for high Client Density Networks

CleanAir 80 MHzOptimal performance for high throughput, high density environmentsRF interference detection & mitigation optimized for 802.11ac’s wider channel bandwidths

ClientLink 3.0Increase performance & range by up to 60% Cisco patented implicit beamforming technology for 802.11ac clients, complementing Explicit BF. Also extend capabilities to 802.11a/g/n clients.

Optimized RoamingIntelligently assist client roaming based on configurable attributesRight size WiFi cell to better assist client handoff in a dense network

RF Turbo PerformanceSupport highly dense clients without performance degradationScale seamlessly to 60+ 802.11ac clients using interactive video and multimedia traffic with no performance degradation.

*Available post-FCS

RF Noise Reduction*Enables higher density AP deployments to support client density and increased bandwidthIncrease spectrum usage efficiency to improve co-channel performance


Indoor Access Point Comparison

Aironet Indoor Series 700 1600 2700 3700Wireless Standards 802.11a/g/n 802.11a/g/n 802.11a/g/n/ac 802.11a/g/n/ac

Max Data Rate 600 Mbps 600 Mbps 900 Mbps Over 1 Gbps

RF Design MIMO:Spatial Stream

2x2:2 3x3:2 3x4:3 4x4:3

Performance uu uuu uuuu uuuuu

Max No. of Clients per AP 200 256 400 400

RRM ✔ ✔ ✔ ✔

CleanAir CleanAir Express* ✔ ✔

High Density Experience ✔ ✔

ClientLink ClientLink 2.0 ClientLink 3.0 ClientLink 3.0

Max No. of ClientLink Clientsper AP

64 256 256

BandSelect ✔ ✔ ✔ ✔

VideoStream ✔ ✔ ✔ ✔

Rogue AP Detection ✔ ✔ ✔ ✔

Adaptive wIPS ✔ ✔ ✔ ✔

External Antenna Opt ✔ ✔ ✔

Other Benefits700w: 4 GigE Ports,

PoE Out

StadiumVision Option;Module Options: Security, 3G Small Cell* or Wave 2

802.11ac*


AP-3700 Architecture


How do we provide optimized roaming experience?

RX-SOP

Low RSSI Check

Disable Lower Data Rates

Reduces Cell Bleeding & Increases Efficiency by Lowering Duty Cycle

Eliminates Sticky Client by Forcing Clients with Dropping Signal Strength to Move Quickly Between

Adjacent Cells

Offers Access to Clients with Strongest Signal


Disable Mandatory Lower Data Rates

24Mbps

Without Disabling Lower Data Rates

I can hear beacons from the AP, so I can

associate with it & reduce the overall

performance

24Mbps

Disabling Lower Data Rates

I cannot hear beacons from the AP, so now I am forced to search for a AP with a

stronger signal

18Mbps

12Mbps

9Mbps

6Mbps

Cell Size reduction increase efficiency and

lowers duty cycle


Low RSSI Check

-85dB

-86dB

-80dB

-80dB

Without Low RSSI Check With Low RSSI Check Set to -80dBm (Default)

My “Association Request” will Receive

“Association Response” SUCCESS

My “Association Request” will Receive “Association

Response” REJECT – Poor Channel

“Association Response” SUCCESS is restricted to clients

within CELL range better than -80dBm

-81dB


Rx-Sop

• Rx Sop is radio’s receiver sensitivity – How well AP can hear clients

• Decreasing Rx-SOP to lower level (-95 dBm), increases cell size

• Raising Rx-SOP to higher level (-75 dBm), reduces the cell size, which provides much better spatial re-use

• Smaller cell size and efficient re-use of spectrum is key in the High Density

Higher Rx-Sop Threshold = Smaller Cell Size = Better spectrum re-use

Local Edition62

-80dB

-85dB

Today’s Solution Cisco “Optimized Roaming”

3G or 4G

-80dB -80dBWeak Wi-Fi Signal

Client Stickiness Causes Poor

User Experience

Overall Drop In Cell

Performance

Consistent User Experience

Efficient Cell Usage

Introducing Cisco “Optimized Roaming”


Controller Parameters

RX-SOP Threshold

High Medium Low Auto

2.4 GHz -76 dBm -78 dBm -80 dBmRadio default

5 GHz -79 dBm -82 dBm -85 dBmRadio default

Smart Roam RX-SOP (future release)


Case StudiesCisco Live Orlando 2013 Super Bowl XLVII (2013)

Over 20,000 attendees

Over 600 access points

Cisco Prime for Management

Cisco MSE for Analytics

Network reliability: 99.999%

http://www.cisco.com/en/US/prod/collateral/wireless/ps5678/ps11983/case_study_c36-729140.html

Over 30,000 simultaneous connections

Over 600 access point

Over 370 GB of data transfer over Wi-Fi

Always ON wireless network

http://arstechnica.com/information-technology/2013/02/super-bowl-plans-to-handle-30000-wi-fi-users-at-once-and-sniff-out-rogue-devices/








Advanced

Solid RF Design Basic Tuning

• Constrain RF– Directional Antennas,

Down-Tilt

• Good RF Layout/Design: – Channels, Tx Power

• Eliminate Interference– Rogues and Non-Wi-

Fi Interference

• Minimize SSIDs

• Disable Low Data Rates– Helps with Sticky

Clients, Improves capacity

• Band Steering– Push dual-band

clients to 5 GHz

• RF Profiles

• Rx-SOP Tuning– Greatly improves

capacity by reducing co-channel impact

– Also reduces sticky clients

• Optimized Multicast Video

HD Wi-Fi -- Best Practices


Participate in the “My Favorite Speaker” Contest

• Promote your favorite speaker through Twitter and you could win $200 of Cisco Press products (@CiscoPress)

• Send a tweet and include – Your favorite speaker’s Twitter handle <Speaker – enter your twitter handle here>– Two hashtags: #CLUS #MyFavoriteSpeaker

• You can submit an entry for more than one of your “favorite” speakers

• Don’t forget to follow @CiscoLive and @CiscoPress

• View the official rules at http://bit.ly/CLUSwin

Promote Your Favorite Speaker and You Could be a Winner

66

http://bit.ly/CLUSwin


Complete Your Online Session Evaluation

• Give us your feedback and youcould win fabulous prizes. Winners announced daily.

• Complete your session evaluation through the Cisco Live mobile appor visit one of the interactive kiosks located throughout the convention center.

Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online

67

https://www.ciscolive.com/online


Continue Your Education

• Demos in the Cisco Campus

• Walk-in Self-Paced Labs

• Table Topics

• Meet the Engineer 1:1 meetings

68


Register for CiscoLive! – San Francisco

69

CiscoLive! – San FranciscoMay 18 – 22, 2014www.ciscolive.com/us

http://www.ciscolive.com/us

Local Edition