Upload
dangbao
View
220
Download
0
Embed Size (px)
Citation preview
IPMA
Cisco 21st Century Government
David Barker
Mobility Specialist
May 2015
Cisco Confidential 2 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Agenda
Best Practice Design Considerations (Coverage vs.
Capacity, Client Diversity, Multigenerational Wi-Fi)
Latest Trends with government mobility solutions (Gigabit,
Analytics, Mobile user Experiences, IoT)
2
1
Advantages of the CTS Wireless solution and Roadmap 3
Cisco Confidential 3 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
“How can technology improve
response time to emergencies?”
“How can I improve
communications and extend
resources?”
“How do I further my civic
agenda?”
“How can I demonstrate effective
leadership and communicate with
my constituents while keeping
costs low?”
“How can I maximize my
workforce and demonstrate
effective leadership?”
“How do I deliver my mandate as
quickly and efficiently as possible?”
“I want my voice to be heard,
and I want you to show
effective, responsible
leadership.”
“How can I participate and know
that I’m
being heard?”
State and Local Government and Public Safety Careabouts
Elected and
Appointed Official
Department/
Agency Head Public Safety
Citizens and
Businesses
Cisco Confidential 4 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Requirements for 21st Century Government
A social service employee logs into
a virtual desktop from his tablet to
update a report from a care facility
Remote expert citizen services are
delivered cost-effectively from a
Cisco TelePresence® kiosk
Emergency responders update
citizens in real time about an
evacuation through social media
from any device
Mobile Secure Connected
Cisco Confidential 5 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Wi-Fi is now the primary access network
State of the Wireless Enterprise
Network resources and capacity are
maxing out
of fixed IP traffic will be Wi-Fi, exceeding wired by 21% by 20191
53% Denser Network Traffic
Greater Bandwidth
Consumption
of device connections will be used for machine-to-machine traffic by 20191
28%
of mobile traffic will be video by 20191 72%
Source: Cisco 2015 Visual Networking Index Mobile Forecast
Cisco Confidential 6 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Worldwide IoT installed base to triple
9.9 billion
2013
30 billion
2020
16.8%
CAGR
Source: Worldwide and Regional Internet of Things (IoT) 2014-2020 Forecast Update by Technology Split (Nov 2014, IDC #252330)
The Connected Devices (NOT
autonomous) include – Smartphones,
Tablets, PCs, Wearables, Servers,
Connected Home devices
Cisco Confidential 7 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
The Landscape…
7
Refrigerator
Smart TV
Projector
Air Conditioner
Security
Camera
Bathroom
scales
Automobile
Thermostat Smart-
phone
Industrial sensors
Plant
sensor
Wearables Door Handles
BLE
Cisco Confidential 8 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
CL
IEN
TS
/ B
AN
DW
IDT
H
Early 2000 2002 2004 2006 2008 2010 2012 2014 2015
Wireless Standards – Past, Present, and Future
11Mbps
802.11n
450 Mbps
802.11ac
Wave2
3.5 Gbps
6.8 Gbps
Future
10 Gbps
802.11ac
Wave1
1 Gbps
802.11g
54 Mbps 802.11a,
802.11b
11 Mbps
Pervasive Nice to
Have
Media Rich
Applications
Mission
Critical
Cisco Confidential 9 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Device Challenges
• Low powered radio
• Battery saving modes
(sleeping)
• Small antenna
• Antenna orientation
• SISO
• Density
• Bluetooth Enabled
Cisco Confidential 10 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Recent Trends & Innovations
802.11ac WAVE2 BLE Hyperlocation
Cisco Confidential 11 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
What is Bluetooth Low Energy? Bluetooth Low Energy (BLE) is a subset of the Bluetooth 4.0 spec
- Ultra-low power consumption – run for years on a coin battery
- Low-cost system-on-chip solutions – proliferate in small devices
- Simplified communication protocol – easy to implement & extend
Operates on the 2.4GHz ISM band (2400-2483.5MHz)
- 40 channels in-between & overlapping WiFi Ch 1,6,11
- 1Mbps GFSK, frequency-hopping
- Reliable signalling up to 100m
Devices identify themselves with UUIDs
- Like a MAC address, but also encodes a “profile”
- Sensors, health monitors, alarms, etc.
Assortment of RF Beacon vendors;
both proprietary & iBeacon
Cisco Confidential 12 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Once you have deployed your BLE tags, you need to configure and maintain them…
Where did you get your tags from?
Hundreds of tag makers today (Accent systems, trubeacon, miipharos, sticknfind, lassotag, Aircable, bluecats, BlueSense, Estimote, Footmarks, Gelo…)
BLE Management Challenges Replacement? Batteries? Lost? Stolen? Rogue Tags?
Which batteries need to be
replaced?
Has a tag been stolen?
Need to update info on all tags
in cafeteria…
How do I find Rogue Tags?
Cisco Confidential 13 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
BLE Aware BLE Capable BLE Gateway
• Combined WiFi + BLE Location and Analytics
• Extend CMX SDK to BLE
• Integrated BLE radio with Hyperlocation module
• Reduce number of beacons
• Transmit multiple UUIDs
• CleanAir Spectrum ASIC to detect BLE
• Check Beacon Health
• Track Assets with BLE
• Alert on rogue beacons
How do we leverage this trend?
MSE10.x and WLC 8.x MSE 10.x and WLC 8.1 MSE 10.x and WLC 8.0MR1
13
Cisco Confidential 14 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Integrated BLE Beacon Hyperlocation module; Integrated Bluetooth Beacons
• Hyperlocation Centrally-Managed Beacon Variables
• UUID/Major/Minor: up to 5x beacons/module
• Repetition Frequency (1-10 times/sec)
• RF Power level
• Set separately for each of 5 UUID/M/M
• Range programmable to 5-200 ft (depending on environment)
• AP-Integrated Beacons
• Complementary to Tag-based Beacons
• Expand on the Location Based Services (LBS) services
• Don’t run out of power
• Centrally managed and programmed
• More secure; out of reach
UUID Universal Unique Identifier
Cisco Confidential 15 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential 16 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
802.11ac Timeline of Events For Your Reference
http://www.wi-fi.org/beacon/wi-fi-alliance/wi-fi-
certified-ac-continues-to-innovate
For more see this URL:
Cisco Confidential 17 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Multi-User MIMO (MU-MIMO) How does it work? Why is it an advantage?
17
Clients are able to benefit in the downstream link for higher aggregate throughput by essentially “tuning out”
(nulling) portions of the RF to better decode their traffic.
Max 3SS simultaneously
This is Single-User MIMO This is Multi-User MIMO
Cisco Confidential 18 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
802.11ac Wave-2 Rates at 4 Spatial Streams For Your Reference
Note: While 4-SS
appears attractive, it
is very difficult to
maintain a 4-SS link
given you cannot
beam-form a 4-SS
signal given you only
have 4 antennas
Beamforming
requires N+1
antennas
Cisco Confidential 19 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Wireless Spectrum Management Reforming 5 GHz to Optimize for 802.11ac
• More non-overlapping channels enabling better 802.11ac experience
• 6x 80 MHz channels (5 in Canada and Europe)
• 2x 160 MHz channels (1 in Canada)
• Additional 5GHz spectrum liberalization (5.35-5.47 GHz and 5.85-5.925 GHz) allows:
Channel Bandwidth
(MHz)
No. of Non-
overlapping
Channels
20 37
40 18
80 9
160 4
Future 5GHz Opportunity
Cisco Confidential 21 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Enterprise Best In Class Mission Critical
Best in Class
3700
• 802.11ac W1, 1.3 Gbps PHY
• 4x4:3SS
• HDX: High Density Experience
• CleanAir 80 MHz
• ClientLink 3.0
• StadiumVision
• Modularity: Security, 3G Small Cell or Wave 2 802.11ac
* Planning
Enterprise Class
1700
• 802.11ac W1
• 870 Mbps PHY
• 3x3:2SS
• CleanAir Express
• Tx Beam Forming
• 2 GbE Ports
Mission Critical
2700
• 802.11ac W1
• 1.3 Gbps PHY
• 3x4:3SS
• HDX: High Density Experience
• CleanAir 80 MHz
• ClientLink 3.0
• 2 GbE Ports
Enterprise Class
1850
• 802.11ac W2
• 1.7 Mbps PHY
• 4x4:4SS
• Mobility Express
• Spectrum Awareness*
• Tx Beam Forming
• 2 GbE Ports, USB 2.0
WAVE2
Cisco Aironet Indoor Access Points Portfolio
Cisco Confidential 22 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Aironet Outdoor Access Points
Base
1530
High-Functionality
1550
Best in Class
1570
• Low Profile, Low Price
• Europe: Low Profile
• Emerging SP: Low Price
• Enterprise: Low profile & Price
• 11n, 2G: 3x3:3; 5G: 2x3:2
• Int/External Antennas
• Multiple models & features
• Enterprise, MSO
• DOCSIS3.0 8x4
• 11n, 2x3:2
• Int/External Antennas
• High-end Enterprise, MSO
• 11ac, 4x4:3
• NG-Cable: 24x8
• Int/External Antennas
• Modular: Future Proof
NEW
Cisco Confidential 24 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
WAVE2 will expose wired bottleneck
Existing Gigabit
infrastructure is insufficient to
handle .11ac growth beyond
1Gbps
Gigabit Ethernet has been
around since 1999 and has
now become the bottleneck
Market needs an innovative
technology to support >1Gbps
over existing cables
Limited to 1G!
Cat 5e Cables
WiFi @ 1G >1G
Cisco Confidential 25 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
The Solution – Cisco Multigigabit Technology Powered by NBASE-T
Delivers up to 5X Speeds in Enterprise without replacing Cabling Infrastructure
2.5-5G!
Cat 5e Cables
WiFi > 1G
Multigigabit
Switch Multigigabit
Capable AP
Is a game-changing innovation
allowing enterprise networks to
evolve beyond 1G
Enables 2.5 and 5 Gbps up to
100m on legacy cables
Supports all PoE standards
up to 60W
Cisco Multigigabit with
Cisco Confidential 26 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Auto-negotiation of cable type of speeds supported
* 0-55m: no restrictions 55-100m: based on customer cabling infrastructure and configuration, there are some corner cases in which customers
will experience less than 100m support. In these cases, the system will automatically default to 2.5G (post-FCS SW release support)
Cisco Multigigabit Ethernet Cabling Support Maximum Investment Protection
Cable Type 1G 2.5G 5G 10G
Cat5e 100m 100m 100m * N/A
Cat6 100m 100m 100m 55m
Cat6a 100m 100m 100m 100m
Cisco Confidential 27 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
What About Pulling A Second Cable (LAG)?
Case Study Enterprise Campus
1,000 Access Points Total Cable Upgrade
COST: $300k!!! Infrastructure upgrade involves
• New cable runs, including labor: average $300 per cable
• Link Aggregation issues
Cisco Confidential 28 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Catalyst Multigigabit Product Family
• NG Workspace switch
• Multigigabit in smallest form factor
• POE/POE+
• Instant Access support
• Industry leading Fixed Access
• 24 & 48 Port Stackable Switches
• 24 & 12 Multigigabit Ports
• New Uplinks
• Best In Class Modular Access
• New 48 Ports Line Card
• 12 Ports of Multigigabit per slot
• Up to 96 multigigabit ports per system
4500E 3850 3560CX
Innovation in multiple form factors!!
Cisco Confidential 29 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential 30 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
What is Hyperlocation? It’s a Technology, Solution, Module/s
• WiFi client location solution, with +/- 1m accuracy • Network/AP-based
• ± 1 meter accuracy (versus today’s ± 5 to 7 meters)
• Leverage AoA on top of RSSI technology
• Field Add-on module to AP3600/AP3700
• Integrated BLE beacon functionality
- AoA Angle of Arrival
- RSSI Receive Signal Strength
Indicator
- WSM Wireless Security Module
- BLE Bluetooth Low-Energy
Cisco Confidential 31 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
More Accurate Data Means Higher Business Intelligence
FastLocate: Critical to actionable data
T=00s T=30s
Standard Approach
Cisco® Approach
Detect
Cisco Confidential 32 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Hyperlocation Solution
After Location is determined based on three calculations.
Dramatic error reduction
Before Location is approximated based on a single calculation.
Prone to errors
Engage Guests and
Improve their Experiences
High accuracy
Multi-technology
calculation:
Angle
of arrival, RSSI,
Bluetooth low
energy
Improved
calculation
Approximated
based on
received signal
strength
indication
(RSSI) only
Range inferred Room-level
accuracy
Granular Indoor Location Accuracy to Contextually Connect Users
Blue dot spotlight
projected at the
user’s feet
New 8.1
Cisco Confidential 33 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Improving Location on all dimensions (Using Hyperlocation Module and antenna array) With Hyperlocation module, Antenna
Location Metrics AP Only AP with
Hyperlocation Module
AP with
Hyperlocation Module + Antenna
Precision (Accuracy)
± 5 - 7m ± 5 - 7m ± 1m
Refresh Rate (Better blue dot)
1 - 2 updates per minute 8 - 10 updates per minute 8 - 10 updates per minute
System Latency (Actionable data)
10 - 20 sec 10 - 20 sec 2 - 4 sec
Single AP
location Presence only Presence only Location (x,y) possible
System Latency - Notification time it takes to be triggered after a mobile probes.
AoA data from the antenna array helps to speed this up significantly
Cisco Confidential 34 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Components - New Hyperlocation Module & Antenna
Simple to install, AP
placed inside
antenna, module
secures it
Special connector on
module connects to
antenna array
Cisco Confidential 35 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Connected Experiences with Cisco’s CMX
Guest Presence
• Presence detection
• Auto-launch apps
Detect
Guest Access
• Easy Wi-Fi login, custom or social
• Zone-based, custom splash pages
Connect
Guest Experience
• Location-based push notifications
• App-based mobile engagement
Engage
Analytics
Cisco Confidential 36 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Location-Specific Guest Access Connect
Simplify Access with User Opt-In Offer Clear Terms and Conditions
Multiple Access Methods Custom or Social Media
Customized Access and Promotion Proximity-Based Landing Pages and Video
Understand Who Is in Your Location Enhanced Analytics
Cisco Confidential 37 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Understand How People Interact in the Location Connect
Where people spend time
New compared to repeat visitors NEW
Number people by venue and zones
Peak time in venue
Common traffic patterns
Cisco Confidential 38 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Engage: Using Location-Based Wi-Fi to Engage
Work with Cisco and/or Ecosystem Partners to
Align to Business Needs
Fully Customizable Applications
Location-Aware App
for Personalized Experience
Integrate with Business Systems
Engage Engage
Cisco Confidential 39 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential 40 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Design Process
Gather Inventory Forecast Capacity
Predictive Modeling Deployment Site Survey
Credit: Andrew von Nagy – RevolutionWiFi.net
For Your Reference
Cisco Confidential 41 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Design for These 3 Key RF Relationships
How AP’s hear each other
Did you know
that?
41
How AP’s hear clients
How clients hear AP’s You knew that
A MFG
thing right?
For Your Reference
Cisco Confidential 42 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
It All Starts with Layer 1: RF Design
42
Antenna Selection: Decide which antenna is right for the job.
Antenna Placement: Where will this antenna provide the best throughput and most reliable service?
Consider:
• Line of sight
• Isolation from ambient RF
• Angle of incidence to client devices
Consider:
• Density of clients to be served
• Available mounting assets
• Within ~20m of furthest client
• Reasonable range 15-23m
For Your Reference
Cisco Confidential 43 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Antenna Selection
43
Dual-Band Patch Antenna
3702e/p + AIR-ANT2566P4W-R
Dual-Band Stadium Antenna
3702p + AIR-ANT2513P4M-N
Integrated or External Omni
3702i or 3702e + AIR-ANT2524V4C-R
Primary overhead coverage (i.e. seating areas)
Low density,
Back-of-house
Beam Use Case Name/Part No. Photo
105°/125° Az
70°/60° Elev
2.4/5GHz
30°/30° Az
30°/30° Elev
Omni Az
69°/60° Elev
Augmentation and short-distance HD coverage (<15m to client)
For Your Reference
Cisco Confidential 44 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Determine BW needed
Consider the total number of Applications you will support
Design for Highest Aggregate bandwidth
Consider minimum acceptable throughput the application(s) will require
Measure this yourself on multiple platforms
Trust and Verify is always a better career bet.
Multiply this number by the number of devices that you need to support
Do the Math:
AGG_BW = NumDev * (APPBW1+APPBW2…)
Application – By Use Case Throughput –
Nominal
Web - Casual 500 Kbps
Web - Instructional 1 Mbps
Audio - Casual 100 Kbps
Audio - instructional 1 Mbps
Video - Casual 1 Mbps
Video - Instructional 2-4 Mbps
Printing 1 Mbps
File Sharing - Casual 1 Mbps
File Sharing - Instructional 2-8 Mbps
Online Testing 2-4 Mbps
Device Backups 10-50 Mbps
For Your Reference
Cisco Confidential 45 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Maximize the Spectrum Avoid Excessive Management Traffic
45
Always aim for 1 SSID – Especially in dense areas
More SSID’s = Worse Performance
Why? – Each SSID requires a separate Beacon
– Each SSID will beacon at the minimum mandatory data rate
Each broadcast SSID will respond to null probe requests – Exponential amounts of airtime wasted
For Your Reference
Cisco Confidential 46 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Probe Requests & Responses
Often #1 frame types observed in HD packet captures
Especially in smaller enclosed venues
Why? – Venue is packed with omni-antenna
equipped smartphones probing at 1mbps
– Result: we hear probe requests from client devices far outside our own cell
46
For Your Reference
Cisco Confidential 47 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Maximize the Spectrum PHY Rate Tuning: Why PHY Rates Matter
47
How fast can we talk?
–Signal (RSSI) and Noise are key factors
As client moves further from AP or as noise worsens, client rate-shifts downward
Lower rate, more airtime consumed
Position AP’s and antennas to allow elimination of low rates (i.e., <18mbps)
Eliminate 802.11b rates
54Mbps
48Mbps
36Mbps
24Mbps
18Mbps Client near AP:
Higher PHY Rate
More Efficient
(high signal-to-noise ratio)
Client far from AP:
Lower PHY Rate
Less Efficient
(lower signal-to-noise ratio)
For Your Reference
Cisco Confidential 48 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Maximizing the Spectrum RSSI vs. SNR
48
Check your noise floor in each band during peak usage – Packet captures with a NIC that you trust
(MacBook Pro, etc.)
– Fluke AirCheck
– Spectrum Expert
– Metageek Chanalyzer for Clean Air Sample sensitivity table for MCS rates
For Your Reference
Cisco Confidential 49 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Maximizing the Spectrum
• Employ an effective RF policy to manage non Wi-Fi interference as it occurs
Develop and Enforce an Spectrum Policy
49
Causes exponential load on the air
due to probe requests/responses
and beacons
http://www.cisco.com/en/US/prod/collateral/wireless/ps93
91/ps9393/prod_white_paper0900aecd8073bef9.html
For Your Reference
Cisco Confidential 50 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
E
Cisco High Density Experience (HDX) Use the available performance features
*Future
Cisco CleanAir® 80Mhz Automatically mitigates interference
and improves performance
Turbo Performance Dedicated CPU and Memory per
Radio improves performance
Cisco ClientLink 3.0 Improves legacy and 802.11ac
downstream performance
Noise Reduction* Enables Dense Access Point
Coexistence / implementation
Optimized Roaming Intelligently determines the optimum
time to roam
Cisco Confidential 51 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Application Visibility Control What Protocols are eating my bandwidth? What can I do about it?
51
How is my network
being used?
Netflix? Software
updates? Facebook?
Use AVC to advance
your network
intelligence
http://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/115756-avc-guide-00.html
Cisco Confidential 52 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Data-Gathering Tools
WLCCA
Prime & MSE
OmniPeek and/or Wireshark
Fluke AirCheck
MetaGeek EyePA
SUCCESS
YOUR BRAIN
52
Survey & Analysis
Metageek Chanalyzer & CleanAir
For Your Reference
Cisco Confidential 53 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Key Takeaways
• Design the RF environment with appropriate antennas and sensible physical placements
• Employ HD-focused WLC feature configurations such as RF Profiles for more flexible and robust designs
• Understand the key outside factors that may impact a live HD WLAN, including enemies of performance
• Get comfortable with Wi-Fi analysis and optimization tools to make informed, data-driven decisions
53
Cisco Confidential 54 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Wireless Best Practices N
ET
WO
RK
DE
SIG
N
Enable High Availability (AP and Client SSO)
Enable Pre-image download
Enable AP Failover Priority
Enable AVC (application visibility and control)
Enable NetFlow in your WLC
Enable local Profiling (DHCP and HTTP)
Enable VLAN Pooling
Enable NTP
Enable FlexConnect Groups
Enable “FlexConnect AP Upgrade”
Enable 802.1x and WPA/WPA2 on WLAN/SSID
Change advance EAP timers
Enable SSH and SNMPv3
Enable DHCP proxy
Enable 11w / 11k and 11v
Enable client exclusion
Enable rogue classification
Enable LSC (Logically Significant Certificate)
Enable IDS / WiPS
Install WSSI / Security module to monitor all channels
Enable “Max Concurrent Logins for a user name”
Enable strong password policies
Enable ACL on your WLAN
INF
RA
ST
RU
CT
UR
E
Enable EoIP for guest anchor WLC
Enable external or internal webauth for guest
Enable “Split Tunneling “ for OEAP
Enable Fast SSID change
Enable per-user band width contract
Enable WMM
Enable Qos on your WLAN
Enable Multicast Mobility for large mobility
domains
Enable 802.1x authentications for AP
WIR
ELE
SS
/ R
F
http://www.cisco.com/c/en/us/td/docs/wireless/technology/wlc/82463-wlc-config-best-practice.html
SE
CU
RIT
Y
Disable 11b data rates
Restrict number of WLAN/SSID below 3
Enable channel bonding – 40 or 80 MHz
Enable BandSelect
Use AP Groups & RF Groups
Use RF Profiles to meet network needs
Set the RSSI Low Checks
Enable RRM (DCA & TPC) to be auto
Enable Auto-RF group leader selection
Enable Cisco CleanAir and EDRRM
Enable Noise & Rogue Monitoring on all channels
Enable Client Load Balancing
For Your Reference
Cisco Confidential 55 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential 56 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Identity Services Engine
Security policy management and control platform. It automates and simplifies access control and security compliance for wireless connectivity and optionally wired and VPN connectivity.
Cisco Wireless Controller
Centralized provisioning and management of Cisco wireless access points, providing simplified operations and centralized control.
Cisco wireless access points
Cisco wireless access points deliver mission-critical and enterprise-class wireless service with multiple antennas and high throughput.
Cisco Prime Infrastructure
Provides comprehensive network lifecycle management, including user access visibility, inventory, configuration management, radio frequency planning, and best practices reporting
Cisco Mobility Services Engine
Location services for advanced spectrum analysis and the detection, tracking and tracing of rogue devices, interferers, and Wi-Fi clients
Optionally, provides for Adaptive Wireless Intrusion Prevention System (wIPS) Service for comprehensive over-the-air threat detection, location, and mitigation.
Solution Components
Cisco Confidential 57 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
<Local Agency Name> Access
CTS Datacenter Agency
Internet
DOR VRF DOR
Employee
ISE
CTS WLC
AP
AP AP
AP
CAPWAP Tunnels
802.1x Authentication via ISE
Connects to “DOR” SSID
Placed on Agency VLAN
Query AD: User Belongs to
Agency Group
Other Agency VRFs
Cisco Confidential 58 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Roaming Access
CTS Datacenter Agency A
DSHS VRF
Internet
DOR VRF
Roaming
DSHS
Employee ISE
CTS WLC
AP
AP AP
AP
CAPWAP Tunnels
CAPWAP Tunnels
(from other agencies) 802.1x Authentication via ISE
Placed on Agency B VLAN
Query AD: User Belongs to
Roaming Agency B Group
Connects to “Roaming”
SSID
Cisco Confidential 59 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Guest Access
(Guest and/or Sponsored Guest) Internet
CTS Datacenter Agency
Other Agency VRF
Agency VRF
ISE
CTS WLC
AP
AP AP
AP
CAPWAP Tunnels
Guest Connects to “Guest” or
“Sponsored Guest” SSID
Sponsored Guest SSID:
802.1X Authentication
using ISE guest account
Guest Users placed on
Internet VLAN
Guest SSID: Pre-shared
key
Cisco Confidential 60 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
What’s Next?
If you would like more information about CTS Wireless, please open a CTS Service Desk ticket and we will contact you to schedule an orientation session.
For more info on CTS offering, please attend CTS Session Wed 9:45-10:45: “Anytime, Anywhere, Any Device: Strategies and Tools to Enable a Mobile Workforce”
Questions?