BRKEWN-2011-Prime to Manage Wlan

#clmel

Using Prime to Manage Wireless LAN Deployments

BRKEWN-2011

Tjie Seng, Njauw

Consulting Systems Engineer

2

2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public

Session Agenda

Introducing Cisco Prime Infrastructure

Installation and Initial Setup

Planning and Deploying a Wireless Network (planning tool, AirMagnet/Ekahau integration)

Configuration Tools

Monitoring the Network

Tools and Troubleshooting

Reporting

Advanced Topics

3


Session Objective

This session focuses on Cisco Prime Infrastructure (PI) as a deployment, management, and troubleshooting tool for Cisco Unified Wireless and wired (access) networks. Attendees are required to have familiarity with basics of PI installation; topics covered in this session are, but not limited to: deployment options with PI (templates, auto-provisioning); operational insights, system dashboards, trends, alarms; drill-downs, cross-linked intuitive workflows to monitor client related information; enhanced reporting interface design and customisation abilities.

4

Introducing Cisco Prime Infrastructure


Cisco Prime Infrastructure

Single platform for consolidated management of wired and wireless access infrastructure and endpoints

Extends the functionality of Cisco WCS/NCS, provides complete lifecycle management of wired and wireless access networks

Provides monitoring of endpoint security policy integration with Cisco Identity Services Engine (ISE)

All functionality in Cisco WCS/NCS is also supported in PI

6


Cisco Prime Infrastructure Where It Fits In The Network

7

NMSP over SSL

Cisco Prime

Infrastructure

Cisco Wireless LAN

ControllerCisco

Mobility Services

Engine (MSE)

Access

Point

Location API via

SOAP/XML over

HTTPS

3rd-party location

applicationHTTPS

Client Browser

Active

RFID Tag

Wireless

Client

API

ISE

Installation and Initial Setup


Virtual AppliancePhysical Appliance

Appliance Delivery Models

9

Application &

Components

OS

Cisco-branded

Hardware

(1RU)

Cisco

Provided

Application &

Components

OS

Cisco

Provided

Customer

Provided

Virtual Infrastructure


Initial Setup

Setup script

Guides network administration through set of questions for setting basic parameters

Changes to set parameters can be made at a later time via CLI

Secondary (HA) server setup

Same software is configured during setup for primary of secondary operation

Server configured for primary operation cannot be reconfigured for secondary operation (or vice versa)

- appliance needs to be reinstalled and configured for secondary operation

10


Prime Infrastructure 2.X: Virtual OVA ServerVirtual

Appliance Size

Virtual

CPU

Memory

(DRAM)

HDD Size Throughput

(Disk I/O)

Max

Concurrent

Clients/Users

API

Clients

Express 4 12 GB 300 GB 200 MBps 5 2

Custom

Express8 16 GB 600 GB 200 MBps 10 2

Standard 16 16 GB 900 GB 200 MBps 25 5

Pro 16 24 GB 1200 GB 200 MBps 50 5

Mapping of PI 1.x to 2.x

OVA/Bundle/SKU

PI 1.x PI 2.x

Small Express

Medium Express or Custom Express

Large Standard

Extra

Large

Pro

If using a Small or Med OVA from PI 1.2/1.3 and have not

significantly added more devices or turned on new features,

can migrate to the Express OVA. All current numbers of

scale with PI 1.2/1.3 will carry forward to PI 2.x

** Important Field Notice **

11


Prime Infrastructure 2.X ( Gen 1 )Physical Appliance and Mapping

If your customer is using the PI Physical Appliance with PI 1.2/1.3 and have not significantly added more

devices or turned on new features, they can migrate to PI 2.1 with the same number of APs or devices.

** Important Field Notice **

In PI 2.1, the PI Physical Appliance maps to the Standard OVA (for scalability purposes) Physical Appliances are field upgradable Prime Infrastructure Appliance comes pre-installed with Prime Infrastructure 2.0 Deploying Cisco Prime NCS Virtual Appliance on CiscoWorks Wireless LAN Solution Engine (WLSE)

models 1130-19 or 1133 is not supported.

Physical

AppliancePhysical CPU Memory HDD Size

Throughput

(Disk I/O)

Max. Web

Clients

Max. API

Clients

Cisco Prime Appliance

2 CPUs

8 Cores (16 Threads)

16 GB

900 GB

(4x300GB RAID5)

200 MB/s 25 5

12


Prime Infrastructure 2.x Scaling/Sizing Guidelines

Equiv PI 1.x => SmallSmall/Mediu

mLarge

Extra Large

PhysicalAppliance

PI 2.x => ExpressCustom Express

Standard Pro Physical

Devices

Max Unified AP 300 2,500 5,000 20,000 5,000Max Autonomous AP 300 1,000 3,000 3,000 3,000Max WLAN Controllers

5 50 500 1,000 500

Max Wired (Switches, Routers)

300 500 6,000 13,000 6,000

Max MSE 5 10 25 25 25NAMs 5 5 500 1,000 500Max Number of Devices

500 3,000 10,000 24,000 10,000

Clients

Wireless (Roaming) Clients

4,000 30,000 75,,000 200,000 75,000

Wireless (Transcient) Clients

1,000 5,000 25,000 40,000 25,000

Wired Clients 6,000 50,000 50,000 50,000 50,00013


Equiv PI 1.x => SmallSmall /

MediumLarge

Extra Large

PhysicalAppliance

PI 2.x => ExpressCustom Express

Standard

Pro Physical*

Monitoring

Max Interfaces 12,000 50,000 25,0000 35,0000 25,000Netflow Rate (flows/sec) 3,000 3,000 16,000 80,000 16,000Events Sustained Rate (events/sec)

100 100 300 1000 300

Max NAM Data Polling Enabled

5 5 20 40 20

SystemMax Number Sites/Campus 200 500 2,500 2,500 2,500Max Virtual Domains 100 600 1,200 1,200 1,200

VM Requirements(vCPU/ Mem/ Disk / Disk I/O)

4v CPU/12GB / 300 GB / 200

Mbps

8 vCPU/16GB / 600 GB /200

Mbps

16 vCPU/ 16GB / 900GB /

200 Mbps

16 vCPU / 24GB /

1200GB / 200 Mbps

16 Threads / 16GB /

900GB (w/ RAID 5) / 200 Mbps

VMWare ESX Requirements ESXi 4.1 or 5.0ESXi 4.1 or

5.0ESXi 5.0 ESXi 5.0 N/A

14


Virtual Machine Sizing

15

With Hyper-threading 1 core = 2 threads = 2 vCPUs; Without Hyper-threading 1 core = 1 Thread 1 vCPU

Custom Express OVA is not available as a downloadable OVA. Customers can start with Express OVA and customise with specified

parameters for # of vCPU, RAM Size, Disk Size: Refer to:

https://supportforums.cisco.com/docs/DOC-37253

Custom express OVA can be used to deploy Assurance along with Prime Infrastructure Lifecycle licenses


Browser Support

Note:

It is strongly recommended to use a client with at least 4 GB or more; more memory helpsend-user experience

Clearing browser and flash cache helps; use the latest version of Adobe Flash

Browser Version Notes

Internet Explorer 10, 11Plug-in is not required for Lobby

Ambassador user

Mozilla Firefox 30 or laterLatest version may work, but may

not have been tested

Mozilla Firefox ESR 17 or 24ESR is stable version w/ less

frequent updates

Google Chrome 30 or laterLatest version may work, but may

not have been tested

16


Scaling

With Hyper-threading 1 core = 2 threads = 2 vCPUs;Without Hyper-threading 1 core = 1 Thread = 1 vCPU

Custom Express OVA is not available as a downloadable OVA. Customers can start with Express OVA and customise with specified parameters for # of vCPU, RAM Size, Disk Size: Refer to:

https://supportforums.cisco.com/docs/DOC-37253

Please note: the scale numbers are generally soft limits and are provided as deployment guidelines for each of the OVA sizes and physical appliances

17


OVA Migration to PI 2.X Matrix

Pre-2.1 Physical/Virtual

ApplianceMaps to

WCS 7.x Standard OVA1

Physical Appliance Physical Appliance2

Small Express OVA

Medium Express OVA

Large Standard OVA (for Netflow Rate 16K flows/sec, move to Pro instead of Standard

18


WCS/NCS/Prime Infrastructure - Migration Path Summary

Upgrade

to PI 1.2.1

Upgrade to

NCS 1.1

WCS7.0.164.3

7.0.172.0

7.0.220.0

7.0.230.07.0.240.0

NCS1.0.1.4

1.0.2.29

1.1.0.58

1.1.1.241.1.2.12 SR-X*

NCS/PA-WAN1.1 (1.1.0.1114)

1.1.1 (1.1.0.1116)

CPI

1.2.0.1031.2.1.12

Upgrade

to PI 1.3

Inline upgrade

Need to install a

patch

DB Migration

License Migration

Upgrade

to PI 2.1

CPI

1.3.0.20

Requires Patch

ncs_1_1_1_24-Update.13.4.tar.gz

CPI

2.1.0.85

* Requires special patch to migrate forwards

19


Migration, Maintaining DB Integrity

Step 1 - Older WCS upgrade to WCS 7.0.230.0

Step 2 - WCS 7.0.230.0 upgrade to NCS 1.1.1.24

Step 3 - NCS 1.1.1.24 load patch ncs_1.1.1.24-Update.13.4.tar.gz

Step 4 - NCS 1.1.1.24 (patched) upgrade to PI 2.1.0.85

Not all content is migratedAll Events, Certain Reports (AP Image Predownload, AP Profile Status, AP Summary, Client Count, Client Summary, Client Traffic, PCI Report, PCI Compliance Detailed and Summary reports, Preferred Call Network Summary report, Rogue APs, Adhoc Rogues, New Adhoc Rogues, Security Summary, and Guest Session reports). Dashboard customisation.

Also RADIUS/TACACS server IP and credentials and root password are not migrated

Non-root users and their credentials are migrated. Also, client historical session information will be migrated.

20


Initial Setup

21

Setup script guides network administration through set of questions for setting basic parameters

Changes to set parameters can be made at a later time via CLI

Secondary (HA) server setup (no additional licensing costs)

Same software is configured during setup for primary or secondary operation

Server configured for primary operation cannot be reconfigured for secondary operation (or vice versa)

- software must be reinstalled to be configured for secondary operation

Licensing based on (v)UDI (Unique Device Identifier) of primary server


High-Availability - Components and Operation

22

At the heart of the high-availability design is the Health Monitor (HM) Process

Other components in Prime are JVM (PI), Database, and Apache webserver

HM is sub-divided into smaller components: Core HM: Configures, maintains state and starts/stops the HA configuration

across Prime servers

Heartbeat: Responsible for maintaining communication between the primary and secondary servers (over HTTPS, port 8082); timeout is set to two (??) seconds, with three retries

Application Monitor: Communicates with the Prime framework components on the primary server

DB Monitor: Configures database replication

File Sync: Identifies file changes, compression, and statistics maintenance


Cisco Prime Infrastructure High Availability

23

When an active (primary) Prime fails, secondary Prime takes over operations for the failed primary Prime and continues to provide service.

If the standby Prime doesnt receive 3 heartbeats (timeout=30 seconds) then either the standby Prime will become active (automatic failover) or email will be sent to network admin (manual failover)

Failover (primary to secondary) can be automatic or manual

Failback (secondary to primary) is always manual

Active Standby

Database replication

HeartbeatHeartbeat


High-AvailabilityThings to Know

24

Both the primary and failover Prime servers should run the same software version

Both the primary and failover Prime servers should be the same size

Email server and receiver must be configured (used for notifications)

For communication between the primary and secondary, HM port must be allowed through firewall if firewall is in the path between primary and secondary servers

Failover mode must be carefully selected (and remembered): manual vs. automatic

Authentication key is created during the install, and is used by the primaryand failover Prime servers for communication(and also logging into the HM web page)

HM available at: https://:HMport (e.g.: https://10.10.10.20:8082)

Planning and Deployment


Site Grouping

26

Sites can be organised into a hierarchy of Campuses and Buildings

Sites allows for Devices, Traffic, End-users and Alarms/Events to be organised based on the physical structure of the network

Users of Prime Infrastructure can be assigned to manage specific groups of Sites, called Virtual Domains based on their responsibilities

The Monitoring Dashboards allows all the data collected by Prime Infrastructure / Prime Assurance to be viewed based on Sites


Adding Devices to Sites and Groups

27

Operate > Device Work Centre


Virtual Domains

28

Virtual Domain consists of a set of devices and/or sites

user view can be restricted to information based on virtual domain

user can add new virtual domain by navigating to Administration > Virtual Domains

To add users, navigate to Administration > User Roles & AAA.

User can be added and assigned predefined static roles. Besides complete access, you can give administrative access with differentiated privileges to certain user groups


Virtual Domains

29

Hierarchical Domains Selected users have access to individual domains

Top (root) user has complete access to all domains

Standard Prime Infrastructure features for all domains

Distributed Router Deployment Dedicated Router per virtual domain

Configuration and monitoring of Router allowed at individual domain level

Centralised Router Deployment Shared Controller (e.g.: ISR,) across multiple

virtual domains

Only monitoring views for particular domain; configuration of shared ISR at topmost domain

SW 1

ASR 1ASR

2ASR 3

SW 3

ISR

6

ISR

5

ISR

11

ISR 12

ISR 10

MarketingPurchasing

Engineering

Virtual Domains - Organisation Name

Bldg 1

Remote Site #1 Bldg 4

Campus A Campus C

Virtual Domains - Geographic Regions

Remote Site #2

Bldg 3

Bldg 2

Bldg 5

Bldg 6Bldg 8

Blgd10

Bldg 9Bldg 7

Campus B

ISR

7ISR

8ISR

9SW 2 SW 4

Root Domain

Root Domain

2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public 30

Network PartitioningProvides the capability for PI to be segmented by network elements (controllers, APs, switches, maps).

Partitioning GranularityAlarms, reports, searches, applied templates, config groups are virtual domain aware.

User-Level ControlGranular control of user/admin privilege level (defined in PI and RADIUS/TACACS).

Virtual Domains vs. Roles

30

2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public 31

Virtual Domain Setup

Define to network

components (maps,

wired/wireless devices)

in virtual domain

Assign virtual domain to

user to limit user-level

visibility and control.


Virtual Domain Roles: User Setup

32Cisco ACS Cisco PI

Assign virtual

domain to user to

limit user-level

visibility and control.

User accounts

provides

granular level

of user access.

Configuration Tools


Controller Template LaunchPad

34

Tree-based hierarchy continues to

exist as left-hand navigation

All-in-one, high-level view of

template categories in PI which

may be expanded or collapsed for

easier navigation and viewing

Each template provides a callout icon

which, on mouse-over, provides easy

to understand description of what the

template is and how it may be used to

configure certain attribute(s).


Templates: Discovery From Controller

35

Templates are added to PI database when a WLC is first added to PI

Template names can be changed to more meaningful names after discovery

Additional configuration changes on the WLC may be pulled in to PI via the Discover templates from controller option


Configuration Config-Groups Overview

36

What Are Config-Groups?

An easy way to group controllers logically

Provides a way to manage controllers with similar configurations

Extract templates from existing controller to provision

Schedule configuration sets

Cascade Reboot

Manage Mobility Groups, DCA, and Configuration Auditing

When Are Config-Groups Used?

Group sites together for easier management for:

Mobility Groups

DCA and Regulatory Domain Settings

Schedule remote configuration changes

Groups sites to ensure compliance with configuration policies


Configuration-Groups How-To: Setup

37

Select and add later: Only create the config group and then add controllers and

templates at another time

Copy Templates from controller: Copy templates from one of the controllers

currently in PI and then apply them to

controllers in this config group.

Note: if controllers templates are not already discovered, they can be

discovered from the Configure Controllers page


Configuration-Groups: Things to Remember

Template order is very important!

Background audit is performed during network and controller audit

Background audit and audit enforcement can only run when template-based audit is selected (under AdministrationSettings)

WLC(s) may be part of multiple configuration groups so be careful while setting mobility group names

38


Automatic audits based on

configuration syncbackground task.

Specify frequency of audit

Allows easy reconciliation in the event of a configuration mismatch

Helps ensure WLCs comply with configuration policies

ConfigurationAuditing

39


Quick Audit Summary and Reconciliation

40

Audit Summary

Restore or Maintain Config


Audit Settings

Audit Mode Basic Audit: Perform an audit on current WLC configuration and compare it

with the configuration in PI

Template-Based Audit: Perform an audit on current WLC configuration with respect to applied templates, config groups background templates and then the configuration in PI

Audit On All Parameters: Audit on entire WLC configuration

Selected Parameters: Audit on selected parameters from the templates

41


Scheduled Image Download to Controller

42

Provides option to schedule software download (FTP/TFTP) to controllers.

Task can be saved for future scheduling.

Reboot can be scheduled at a future date/time.

Email notification can be sent after completion of download.


Configuration - Maps

Why Maps?

Track wireless clients and tags, and play location history across campus

Track and mitigate rogue devices

Display Chokepoints

Display Mesh AP relationships

Integrate outdoor wireless mesh with Google Earth

Represent wireless coverage on campus, and plan for growth

View Channel and Tx Power plans provisioned by RRM

View AP and RF Profile at the floor level

Provision and display coverage areas, markers and other objects and use them with location notifications

Post-Deployment: VoWLAN and Location Readiness tools

43


Map Export/Import

44

Provides ability to export maps from source WCS/NCS/PI servers to destination PI server.

Can select all maps or subset. Export/import of map includes both map and APs

placed on map.

Option to export calibration information. Exported via tar gzipped XML file. Import process ungzips/untars XML file automatically.


Adding APs to Maps

AP Discovery

This can be dynamic or manual depending on AP naming syntax used and how APs are physically deployed

Manual

self explanatory and with a small number of APs probably the most typical way for deploying and selecting AP for positioning on MAPs with large multi site deployments impracticable, time consuming and prone to error

Dynamic

Using Hierarchy Naming convention based on Campus, Building Floor and Device automates a complex time consuming process APs require naming before importing into the data baseDoes not eliminate final map APs x and y position

45


Hierarchical AP Provisioning

Select Hierarchy Creation

Use Sample AP Name for

Syntax

46


Maps Layout

47

Hierarchical

Layout for easy

navigation

Default View of Campus,

Buildings, and Floors can be

easily changed with the

Quick Filters

Adding Campus or Buildings are

made easy with the drop-down

menu actions through an easy

wizard that walks you through

provisioning floor plans and APsBuilding view provides a

quick glance in to floorsstatus and alarm summary

for easier troubleshooting


Maps Layout CleanAir

48

Quickly filter on

subset of interferers

on floor.

Can specify other

parameters: severity

level, zone of impact.


New Maps - Interferer Clusters

49

Interferers that are in close

proximity to one another

are displayed as cluster.

Allows user to see

interferer details.

Interferer details can

be optionally

displayed.


New Maps Client Clusters

50

New UI clusters clients that

are in close proximity to one

another.

Workflow allows user to see

specific client information.


Real-Time Heatmaps

Based on AP-to-AP RSSI measurements

Predictive (legacy) heat maps still supported

Provides graphical view of RSSI based on set of nearest APs vs. AP transmit power (predictive heat map)

Configurable options for real-time heat maps:

Min. number of APs

Recompilation interval

51


Can view list of

neighbouring APs and RSSI value that they

hear the selected AP

Real-Time Heat Map

52


Real-Time Heat Map

53

Provides list of

neighbouring APs and RSSI value

that hear the selected AP

Monitoring The Network


Monitoring Dashboard Concepts

Canned tabs of high-level system views

Ability to add/remove tabs

Ability to add/remove components within tabs

Customise individual components

Introduction of trending information at system level

Quick drill-downs

55


Information Layout and Workflow Concepts

Presents many intuitive ways to arrive at information

Ability to drill-down to an individual client-level detail from dashboard

Ability to drill-down with the help of Quick Filters

Ability to sort on different attributes in client list pages

Ability to perform and save intelligent searches

Ability to customise list layout, items per page and content

Perform advanced context-sensitive actions (such as launching a report from AP page) from page drop-downs

56


Dashlet Customisation

57

Customisation

per dashlet


Finding Data Search Capability

58

PI and MSE represent a large data store

How does admin filter on what category of data they are looking for?

PI provides Advanced Search capability

Search categories: alarms, access points, controller licenses, switches, clients (wired, wireless), chokepoints, events, interferers, wifi TDOA receivers, maps, rogue clients, shunned client, RFID tags

Various filter criteria depending on search categories


Basic Search Searches for: clients, devices (APs, controllers, switches), rogues (AP, ad hoc), alarms.

Output is categorised.

Advanced Search Multiple search categories and criteria (alarms,

APs, controller licenses, switches, clients, chokepoints, interferers, TDOA receivers, maps,

rogue clients, shunned clients, RFID tags).

Searches can be saved for future use.

Search Basic Versus Advanced

59


Using Search

60

Global Search Capability

Searches can be performed on partial input

Search output provides configuration and monitor links

based on device type found

Search parameters include IP Address, Usernames, MAC

Addresses, SSIDs ,Rogues and

AP Names

Advanced searches can be saved

for easy future reference and use


Finding Data Interferers

61

Customised

search for

interferer criteria


Finding Data Client Search

62

Use case: search for all authenticated wireless clients (802.11n, 5 GHz) on SSID blizzard

Customised search for

specific client criteria


Monitoring - Client-Related Workflow

Common Steps in a Troubleshooting Scenario:

Lookup a client: MAC Address, Username, IP Address, Client type, Client state, From AP Details Page (example below)

Where is the client now (and how is their RF profile)

Where has this client been (Location playback, session and AP history)

Active troubleshooting

63


Monitoring: Client Details1

64

Basic Client Propertiescan be expanded for further details

Client Association, Session

History and Roam Reason


Monitoring: Client Details2

65

Client AP Association History

Signal Statistics History

Client Data Rate History


Client Information: Location

66

Provides location

information based

from MSE


Client Information: Location History

67

Provides the ability

to play back location

history of client.


Client Troubleshooting: Wireless Client

68

Status of client

connectivity


Client Troubleshooting: Wired Client

69

Client status with

recommended

troubleshooting

steps


Client Troubleshooting Tool

An easy way to identify client-related issues from within PI, without the need for extensive WLC debugs

Look at the clients current state (and at what stage of the connection they might be having issues at)

Allows for real-time troubleshooting and log retrieval from the WLC

Allows for looking up historical, and relevant client and AP events

Allows integration with ISE for authentication log retrieval

Common problems:

Watch out for misconfigured clients (common areas are WLAN profile settings, authentication and encryption settings, and any advanced extensions that might not be required

Ensure WLC settings match the provisioned client profiles (security, SSID broadcast, WLAN override, etc.)

Ensure data rate settings on the WLC (Mandatory, Supported and Disabled rates)

Look for client exclusion settings (easy way to find excluded clients is via the quick filter in MonitorClients page

70


Sleeping Client

71

Prior to WLC 7.5 release, client device connected to the WLC on web-auth enabled WLANs has to enter login credentials every time the client goes to sleep and wakes up.

In WLC 7.5 release, client entry is cached for a configurable duration (up to 30 days / 720 hours)

Sleeping interval is configured on a per WLAN basis

When exceeding the user-idle timeout, client database entry is moved to a cache section of the database for the duration of the cache duration


Enable sleeping client

and timeout value in

WLAN template

Sleeping Client Configuration

72


Tracking Clients

73

Create policy for tracking one

or more clients detected on

the network


MonitoringAlarms and Events

What Are Events? An occurrence of a condition (or change in condition) in the network managed by PI

Not necessarily generated for every condition but could be a result of a pattern or threshold match by the WLC

Events may not be useful in their raw form (unless troubleshooting, for example) and usually need further processing

What Are Alarms? Correlated events result in alarms (PI allows looking up event history for alarms)

Both Alarms and Events are categorised by severities Critical

Major

Minor

Warning

Informational

74


PI - Alarms and Events

Single page view of alarms and events for wired and wireless

Persistent alarm summary and browser

Quick and Advanced Filtering

Advanced search capabilities

75


Alarms Browser

76

Alarms sorted by Categories

and Severities are hyperlinked

to allow quick drill-down

On-demand refresh

and view

customisation

Persistent Alarm Summary

toolbar. Expands to display

alarm categories.


Alarm Details

77

Provides filtered view of alarms

for wired and wireless

Expandable view for

each alarm for details


Northbound Event Notifications

Cisco Wireless LAN Controller

Cisco Prime Infrastructure

NetworkManagementSystem (NMS)

NorthboundSNMP Receiver

SNMP Agent (sends notifications only)

SNMP Manager (does GET/SET, receives traps)

SNMP Agent

SNMP

SNMP

78


PI + ISE: Client Posture and Profiling

79

Client authenticated using 802.1x

via ISE

ISE determines client to be

Microsoft Workstation based

on device fingerprinting

Client session

history


WLC - Native Client Profiling

80

WLC determines client to

be Microsoft Workstation


Voice Audit Tool

81

Allows auditing current network configuration from a VoWLAN deployment perspective

Use default rules and thresholds based on Cisco best practices

Ability to customise the rules to match your network and requirements

Provides a simple report with a list of configuration gaps


Voice Audit

Select/edit audit rules based on VoWLAN best

practice guidelines

Select what to

audit on (device,

floor map)


Voice Audit

83

Report provides details

on rules that were not

met.


Voice Readiness ToolExample

84

Simple, post-deployment tool

to verify or correct AP

deployment and provides a

way to determine VoWLAN

readiness by band, and RSSI

cutoff values

2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKAGG-2011


Location ReadinessExample

85

Simple, post-deployment tool to verify

or correct AP deployment and provides

information on what areas are under

the Cisco recommended estimates

Reporting


Report LaunchPad

87

Report LaunchPad Easy Drill-Down

Easily navigate to

created/scheduled reports

Modify/run existing reports


Report Customisation

88

Customise reports: select

data most relevant for

each report.

Run report immediately or

schedule to be run one-

time only or periodically.

Save report in user-

specified destination, or

mailed to one or more

recipients.


Client Summary Report - Endpoint Type

89


ISE Reports in PI

90

ISE reports cross-

launched from within PI

(single sign-on)


Subset of ISE reports

cross-launched from

within PI (single sign-on).

PI + ISE Reports

91


Application Visibility and Control (AVC)

92

AVC on a controller can classify and take action on 1039 different applications.

Two actions, either DROP or MARK, are possible on any classified application.

A maximum of 16 AVC profiles can be created on a WLC.

Each AVC profile can be configured with a maximum of 32 rules.

Same AVC profile can be mapped to multiple WLANs. However, one WLAN can have only one AVC profile.

AVC is supported on WLANs configured for central switching only.

Any application, which is not supported or recognised by AVC engine on WLC, is captured under the bucket of UNCLASSIFIED traffic.


AVC Application Visibility and Control

93

Application-level information -

complete visibility of applications

sending/receiving data on the

network


AVC Wireless LAN Controller GUI

94


Key Takeaways

95

PI provides full lifecycle management for wired/wireless infrastructure and endpoints

Wired/wireless access infrastructure and endpoints need to be managed together

Prime Infrastructure 2.1 is the single release for AireOS and IOS based controllers supporting all current and near term future network devices

Provides license and data migration from WCS/NCS to PI


Learning Resources - Free & Paid Resources Available!

Instructor-Led Training

3-days training available from learning partners

www.cisco.com/go/primeinfrastructure under Learn More

Electronic-Led Training

3 hours+ training available on Cisco.com

www.cisco.com/go/primeinfrastructure under Learn More

18-segment Prime Infrastructure Quick Start VoDs

2 hours+ How to series

Available on Ciscos YouTube Channel & PEC

http://bit.ly/PIQuickStartVODs

Prime Demo Series

96


For More Information

Cisco Prime

http://www.cisco.com/en/US/products/ps12239/index.html

Cisco Prime Infrastructure Release Noteshttps://www.cisco.com/en/US/products/ps12239/prod_release_notes_list.html

Cisco Prime Evaluation Software Downloads

Cisco Prime CCO Software Downloads

http://software.cisco.com/download

Cisco Prime Infrastructure White Papers

http://www.cisco.com/en/US/products/ps12239/prod_white_papers_list.html

http://www.cisco.com/pcgi-bin/marketplace/welcome.pl

97


Participate in the My Favorite Speaker Contest

Promote your favorite speaker through Twitter and you could win $200 of Cisco Press products (@CiscoPress)

Send a tweet and include

Your favorite speakers Twitter handle

Two hashtags: #CLUS #MyFavoriteSpeaker

You can submit an entry for more than one of your favorite speakers

Dont forget to follow @CiscoLive and @CiscoPress

View the official rules at http://bit.ly/CLUSwin

Promote Your Favorite Speaker and You Could be a Winner

98


Continue Your Education

Demos

Labs

Lunch Topics

Final copy TBD

99


Give us your feedback and receive a

Cisco Live 2015 T-Shirt!

Complete your Overall Event Survey and 5 Session

Evaluations.

Directly from your mobile device on the Cisco Live Mobile App

By visiting the Cisco Live Mobile Site http://showcase.genie-connect.com/clmelbourne2015

Visit any Cisco Live Internet Station located throughout the venue

T-Shirts can be collected in the World of Solutions

on Friday 20 March 12:00pm - 2:00pm

Complete Your Online Session Evaluation

Learn online with Cisco Live!

Visit us online after the conference for full

access to session videos and

presentations. www.CiscoLiveAPAC.com

Thank you.

Documents

BRKEWN-2011-Prime to Manage Wlan