Upload
others
View
10
Download
0
Embed Size (px)
Citation preview
© 2013 Cisco and/or its affiliates. All rights reserved. 1© 2013 Cisco and/or its affiliates. All rights reserved. 1
Mobility Begins with WirelessWalt Shaw
Director, Product ManagementWireless Networking Business Unit
October 2014
© 2013 Cisco and/or its affiliates. All rights reserved. 2
• Key Trends
• Access Point Portfolio
• Controller Portfolio
• Software Roadmap
© 2013 Cisco and/or its affiliates. All rights reserved. 3
Simple
Secure
Reduced TCOConnecting People
Connecting Clouds
Connecting Things
Cisco ONE Enterprise Networks Architecture
© 2013 Cisco and/or its affiliates. All rights reserved. 4
Device Trends
The first Blackberry with
email was released
• ~300M+ PCs
• ~100M+ Smartphones
• iPhone is unveiled
Smartphones surpassed
PC units sold
• ~600M+ Smartphones
• ~320M+ PCs
• ~iPad is unveiled
Tablets will surpass
PC units sold
• ~1+ Billion Smartphones
• ~300M+ Tablets
• ~250M+ PCs
• 150+ Billion mobile
applications downloaded
Pro
ductivity
20151997 20102007
© 2013 Cisco and/or its affiliates. All rights reserved. 5
• >50% of enterprise traffic will originate on Wi-Fi by 2017
• 50% of all new Wi-Fi devices in 2014 will be 802.11ac capable (ABI Research)
• Wave 1 802.11ac has 5+ years of affectivity for Smartphones and Tablets
• Wave 1 802.11ac improves battery efficiency by 2X for Smartphones, Tablets, and Laptops
2007200319991997 20152013
802.11 802.11n802.11b 802.11a/g
802.11ac
Wave 1
802.11ac
Wave 2
1 SpatialStream
3Spatial
Streams
8Spatial
Streams
2 G
iga
bit
Eth
ern
et
Up
lin
ks
2
11
54
24
65
600
450
300
6900**
1300*
870*
430* 430*
6900**
3500**
2340**
**Assuming 160 MHz Is Available and Suitable
Gig
ab
it
Eth
ern
et
Up
lin
k
Performance TrendsGigabit Wi-Fi as primary - Gigabit Ethernet as fallback
1730**2
SpatialStream
4Spatial
Streams
4SS Desktops
3SS Desktops / Laptops
2SS Laptops / Tablets
1 SS Tablets /
Smartphones
*Assuming 80 MHz Is Available and Suitable
© 2013 Cisco and/or its affiliates. All rights reserved. 6
Location Accuracy Trends
Access Point
• Association based
Management System
• Probe based
• RSSI & Time
• 5 meters / on demand
Location Engine+Sensor
• Packet based
• RSSI & Time
• 5 meters / 30 seconds
• Historical / Analytics
Location
Engine+Sensor+Algorithm
• Packet based
• RSSI & Time
• Angle of Arrival
• 1 meter / 5 seconds
• Historical / Analytics
Accura
cy
20151997 20102004
AP
w/ Sensor
AP
w/ Sensor
© 2013 Cisco and/or its affiliates. All rights reserved. 7
High Availability Trends
LAN & WLAN
• L2 and L3 Protocols
LAN Resiliency
WLAN Redundancy
• LAN Infrastructure
Stateful Switchover
• WLAN Controller
Redundancy
LAN Resiliency
WLAN Resiliency
• LAN Infrastructure
Stateful Switchover
• WLAN Controller and
Access Point Stateful
Switchover
LAN & WLAN
High Availability
• LAN & WLAN
Infrastructure Stateful
Switchover
• WLAN Client Stateful
Switchover
• Non-Stop WLAN Client
session in the event of
a network disruption
Availa
bili
ty
20141997 20122002
99%Uptime
99.9%Uptime
99.99%Uptime
99.999%Uptime
© 2013 Cisco and/or its affiliates. All rights reserved. 8
GUEST PRESENCE GUEST ACCESS GUEST EXPERIENCE
DETECT CONNECT ENGAGE
LOCATION ANALYTICSInsights Into Customer Online and Onsite Behavior, Traffic Paths, Dwell Times, Location Density Etc.
• Mobile device and characteristics detected before they enter the venue
• Seamless and secure Wi-Fi connectivity
• Preferences, profile, device and roaming credentials identified
• Highly-relevant content and services based on user attributes and real-time location
© 2013 Cisco and/or its affiliates. All rights reserved. 9
“New”
• 11 new Access Points
AP3602, AP2602, AP1602, AP702, AP702W, AP3702, AP1532, AP1552C/CU, AP1552E/EU, AP1552I, AP3700
• 5 new WLAN controllers
Virtual Controller, 8510, 3850, 3650, 5760
• 4 new Access Switches
2960, 3850, 3650, 6800
• 4 new branded technologies
AVC, BSD, SSO HD Experience
• 3 new AP modules
802.11ac Wave 1, WSSI, 3G Small Cell
• 1 new branded platform
CMX
© 2013 Cisco and/or its affiliates. All rights reserved. 10
High Density Experience (HDX)
Wall Plate Access Points
ApplicationVisibility
HighAvailability
Internet of ThingsmDNS / Bonjour
Connected Mobile Experiences
IPv6
Software Defined Networks
Manageability
© 2013 Cisco and/or its affiliates. All rights reserved. 11
• Key Trends
• Access Point Portfolio
• Controller Portfolio
• Software Roadmap
© 2013 Cisco and/or its affiliates. All rights reserved. 12
Mission Specific
600 & 700
Enterprise Class
1700
Mission Critical
2700
Best in Class
3700
Enterprise Best In ClassValue-Based Mission Critical
• Up to 600 Mbps
• 702w: Wall Plate AP
• Hospitality, Dorms, MDU
• 702i: Compact Mid-market AP
• 600: Teleworker
• Up to 1 Gbps
• 3x3 MIMO : 2 SS
• CleanAir Express*
• Tx Beamforming
• Over 1 Gbps, 802.11ac
• 3x4 MIMO : 3 SS
• HDX Technology
• CleanAir 80 MHz, ClientLink 3.0, VideoStream
• Over 1 Gbps, 802.11ac
• 4x4 MIMO : 3SS
• HDX Technology
• CleanAir 80 MHz, ClientLink 3.0, VideoStream
• Future proof modularity: Security, 3G Small Cell, Location Accuracy or Wave 2 802.11ac
802.11n
802.11ac
802.11ac
802.11n
802.11ac
NEW
NEW
© 2013 Cisco and/or its affiliates. All rights reserved. 13
• Industry’s first and only 4x4 MIMO: 3 SS 802.11ac AP
• 3X performance of 802.11n 5Ghz WiFi• higher performance at a greater distance
• RF Excellence enabled in hardware
• High Density Experience Technology • Client density scale and performance
• Future proof, • Modular Architecture = investment protection• Security, 3G Small Cell or Wave 2 802.11ac
module options
with Integrated
802.11ac (4x4:3SS)
• 4x4 MIMO
• Modularity Architecture
• Built for Purpose WiFi Chipset
• 128 MB Dedicated Memory
© 2013 Cisco and/or its affiliates. All rights reserved. 14
Module 802.11ac
Wave 1(AP3600 Only)
Security 3G Small Cell Hyper Location
Accuracy
802.11ac
Wave 2
Benefits Support new
802.11ac data
clients and
Smartphones, up
to 1Gbps+ wireless
speeds
Full comprehensive
wireless security
posture with off
channel scan for
WIPS, CleanAir,
Rogue Detection,
Context Aware, and
RRM
Provides extended
3G cellular
infrastructure
coverage where
cell tower signals
cannot go (carpet
areas in high rises,
MDUs)
Provides <1m
location accuracy
802.11ac Phase 2
adding support for
Multi-User MIMO
and “switch like’
behavior, up to 2.5
Gbps+ wireless
speeds
Future2015 2015
© 2013 Cisco and/or its affiliates. All rights reserved. 15
DSPCPU 512 MHz
DRAM (128MB)
DSP
Customized AP Design
DRAM
(512MB)
Dual-Core*
CPU800 MHz
Cisco’s custom silicon architecture allows for distribution of processing between Radio CPU and
Main CPU along with a 4x4 Antenna Design.
On Radio CPU and memory for distributed packet processing and
optimizing throughput.
Radio – 5GHz
CPU 384 MHz
DRAM (128MB)
Radio – 2.4GHz
ASIC-based RF Architecture Advantagefor High Density Experience (HDX)
Traditional AP Design
DRAM
(512MB)
Dual-Core
CPU
800MHz
Radio – 2.4GHz
Radio – 5GHz
Merchant silicon architecture is heavily dependent on the single
CPU for all functions.
1x Dual Core
Processors
6x Total(1x Dual-Core,
2x Radio,
2x DSP)
512MB
Memory
768MB
*1 Core Enabled Today, 1 Reserved for Future Use
Merchant Silicon
Offering
Cisco AP2700
and AP3700
Merchant Silicon
© 2013 Cisco and/or its affiliates. All rights reserved. 16
0
50
100
150
200
250
300
350
5 10 15 20 25 30 35 40 45 50 55 60
MEG
AB
ITS
PER
SEC
ON
D
NUMBER OF CLIENTS
TCP Downlink Throughput 5GHz Multi -Client: Sixty 802.11ac Clients
HDX Multi-Client YouTube video:
http://www.youtube.com/watch?v=C8gfnCVm-3o&
Performance
Cisco
Competition
© 2013 Cisco and/or its affiliates. All rights reserved. 17
AP 3700 + WLC 8500
© 2013 Cisco and/or its affiliates. All rights reserved. 18
• Halo module wraps around AP
• 32 extra antennas to turbo-charge Angle of Arrival
• The Halo module supports the capability to detect Bluetooth beacons as well
© 2013 Cisco and/or its affiliates. All rights reserved. 19
$495 List
Compact wired + wireless solution for Multi Dwelling Unit (MDU)
Hospitality, Higher Ed dorms, Healthcare
Simultaneous Dual Radio, Dual Bandwith Integrated Antennas
4 GigE Ports
1 PoE Out Port
Mountable and lockable to most junction box worldwide
VLAN tag support in CUWN 8.0/IOS XE 3.6
Aironet 700w Series
20© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Aironet Outdoor Access PointsIndustry’s Best 802.11n & 802.11ac Series
Base
1530
High-Functionality
1550
Best in Class
1570
• Low Profile, Low Price
• Europe: Low Profile
• Emerging SP: Low Price
• Enterprise: Low profile & Price
• 11n, 2G: 3x3:3; 5G: 2x3:2
• Int/External Antennas
• Multiple models & features
• Enterprise, MSO
• DOCSIS3.0 8x4
• 11n, 2x3:2
• Int/External Antennas
• High-end Enterprise, MSO
• 11ac, 4x4:3
• NG-Cable: 24x8
• Int/External Antennas
• Modular: Future Proof
NEW
© 2013 Cisco and/or its affiliates. All rights reserved. 21
Ideal for Campus coverage between buildings, seamless indoor to outdoor to indoor roaming
Small and ruggedized IP67 design for outdoors
Blends into the environment
Innovative flexible port architecture: dual or single band external antenna configuration via software
Flexible deployment modes: centralized, standalone, bridge, mesh, or daisy chain
© 2013 Cisco and/or its affiliates. All rights reserved. 22
• Key Trends
• Access Point Portfolio
• Controller Portfolio
• Software Roadmap
© 2013 Cisco and/or its affiliates. All rights reserved. 23
AUTONOMOUSCLOUD MANAGED FLEX CONNECT CENTRALIZED CONVERGED
• Common OS• Lean IT
• Mid-Market / Distributed Enterprise
• Intended for static installations• SP Hotspots
• Data center hosted controller• Distributed enterprises
• Premise-based controller• Traditional Overlay Model
• Highly Scalable
• Common OS• Consistent Wired/Wireless
• Highest performance
• MR Access Points• MS switches
• MX security• Dashboard
• Aironet Access Points• 11ac: 3700 / 2700
• 11n: 1600 / 700• Catalyst Switches
• 3850 / 3650
• 2960-X • Controllers
• N / A
• Aironet Access Points• 11ac: 3700 / 2700
• 11n: 1600 / 700• Catalyst Switches
• 6800/4500/3850/3650
• 4500-X / 2960-X• Controllers
• 8510 / 7510
• Aironet Access Points• 11ac: 3700 / 2700
• 11n: 1600 / 700• Catalyst Switches
• 6800/4500/3850/3650
• 4500-X / 2960-X• Controllers
• 8510 / 5760 / 5508 / WiSM2 / 2504 / vWLC
• Aironet Access Points• 11ac: 3700 / 2700
• 11n: 1600 / 700• Catalyst Switches
• 6800/4500*/3850/3650
• 4500-X • Controllers
• Integrated
• 5760 external MC*
Dashboard
WAN Intranet
Cisco Unified Access: 1 Architecture, 4 Deployment ModesCisco Cloud Networking
* Roadmap
Prime ISE
© 2013 Cisco and/or its affiliates. All rights reserved. 24
2500 Virtual WLC e.g. UCS-E on ISR G2
Flex 7500
850057605508 WISM2
Catalyst 3850
VirtualController
• 12 to 500 APs• 7000 clients• 8 Gbps
• 300 to 1000 APs• 15,000 clients• 20 Gbps
• 25 to 1000 APs• 12,000 clients• 60 Gbps
• 100 to 6000 APs• 64,000 clients• 10 Gbps
Large Campus and Service Provider
Small Campus / Branch (Controller On-Premise) Branch (Controller in DC)
• 5 to 75 APs• 1000 clients• 1 Gbps
• 5 to 200 APs• 3000 clients• 500 Mbps
• 1-50 APs per switch/stack(Directly connected APs)
• 2000 clients per stack• 40 Gbps per switch
• 5 to 200 APs• 3000 clients• 500 Mbps
• 300 to 6000 APs• 64,000 clients• 1 Gbps
• 1-25 APs per switch/stack(Directly connected APs)
• 1000 clients per stack• 40 Gbps per switch
Catalyst 3650
NEW
Now starts
at 100APs
© 2013 Cisco and/or its affiliates. All rights reserved. 25
WLAN Sub Second
Recovery/Convergence
Client Application Session Maintained
AireOS7.4 and IOS 3.3:
1:1 SSO—AP
Stateful Switchover
L3 NetworkAP State
Sync
AireOS And IOS
N:1 Redundancy
L3 NetworkAP Failover
HA Controller
Primary Controller’s
AP SYNC
Primary Controller
HA Controller
AireOS 7.5 and above 1:1 SSO—AP and *Client* Stateful
Switchover State Sync Over Any L2 Network
L3 Network
AP SYNC
AP and
Client
State
Sync
Primary Controller
HA Controller
L2 Network
Client
State
SYNC
7.4AP SSO with controllers
connected with ethernet
7.5Geo-separated
Client SSO
7.6Automatic recovery on
network re-convergence
8.0Various infrastructure
changes
© 2013 Cisco and/or its affiliates. All rights reserved. 26
• AireOS 7.5 and IOS 3.6
• Granular Policy
Per User (role from AAA, MSAD)
Per Device (profiling)
Per Application (AVC)
• Flexible Policy Actions
• Rate limit, Prioritize, Drop traffic
• BYOD basic onboarding
• Vlan, ACL assignment
ACTIONS
RADIUS
Auth
AD memberOf = cisco-
av-pair
Device
ProfilingAVC
DEVICETYPE
USER ROLECISCO-AV-PAIR
Faculty
Student
APPLICATION NAME
Voice
Video
BIND
PrioritizeQoS
DropACL
Change VLANVLAN
Service PatchingBonjour
WLC
Release 8.0 Adds:1. Tie-in to AVC & Bonjour
2. Support for 150 device profiles
3. ability to download device
profiles dynamically w/o WLC
image upgrade
© 2013 Cisco and/or its affiliates. All rights reserved. 27
Port Level Visibility
HTTP = 75%
SMTP = 15%
FTP = 2%
Telnet = 1%
SNMP = 3%
L4 Port Session Visibility and Control
View, Control and
Troubleshoot – End User
Application Experience
NBAR2 LIBRARYDeep Packet inspection
Traffic
Real Time
Interactive
Non-Real Time
Background
POLICY
Packet Mark and
Drop
Wireless LAN ControllerVisibility to the port level interaction but not the
applications running within the port
• NBAR2 accurately classifies many more apps vs URL & Port based competitors e.g. Youtube, FileZilla, Facetime, Skype, Bonjour
• Only Cisco supports dynamic protocol pack updates to support ever-growing library of apps
• Rich per-user, per-app policy and history on all controllers in the portfolio without ANY additional licenses
BeforeApplication View and Control Based On L4 Port Sessions
AfterNetwork Based Application Recognition—NBAR2
Deep Packet Inspection and App ID
© 2013 Cisco and/or its affiliates. All rights reserved. 28
Deep Packet Inspection
Example
Three classifications flows for Microsoft Lync & Cisco
Jabber
MS-Lync Media
(Audio Flow)
MS-Lync
(Desktop Sharing, Chat)MS-Lync Media
(Video Flow)
*Cisco is now MS-LYNC Certified. A certification landing page is in coming soon
© 2013 Cisco and/or its affiliates. All rights reserved. 29
Med
AVC Profile – Drop Bittorrent
Control application
usage and
performance
Control
Low
High
Medium
Low
Custom DSCP Marking
Predefined Markings for Voice, Video,
etc.
AVC Profile – Mark Citrix
© 2013 Cisco and/or its affiliates. All rights reserved. 30
User and Device specific Application Policies
ROLE BASED APPLICATION POLICY
• Alice(User) and Bob(IT Admin) are both employees
• Both Alice and connected to same SSID.
• Bob can access certain applications (for e.g. YouTube), Alice cannot
ROLE BASED + DEVICE TYPE APPLICATION POLICY
• Alice can access inventory info on an IT provisioned Windows Laptop
• Alice cannot access inventory info on her personal iPAD
ROLE BASED + DEVICE TYPE + APPLICATION SPECIFIC POLICY
• Alice has limited access (rate limit) to Skype on her iPhone
7.4AVC
7.5Dynamic protocol
pack update
7.6Ability to classify
Jabber, Lync 2013, etc.
8.0User and device
aware policy tie-in
© 2013 Cisco and/or its affiliates. All rights reserved. 31
CAPWAP Tunnel
AirPrint
Apple TV
VLAN 23
VLAN 20
VLAN 99 iPad
Cache:TV1 – VLAN 20
TV2 – VLAN 23
Bonjour Response
From Controller
7.4Bonjour Gateway
7.5RRM based location
tie-in
8.0Per user-group,
granular location
policies
© 2013 Cisco and/or its affiliates. All rights reserved. 32
Location aware Bonjour + AVC: per user, per device type
MEETING ROOM: Wired AppleTV’s and wireless clients
Use Case 1: On same vlan, employee can project from iPad to AppleTV but guests cannot. Filter out non-local AppleTVs
Use Case 2: Employee can allow guest to project to AppleTV – PI 2.2 H2 14
IT MANAGED DEVICES
ACCESS TO RESOURCES: Wired AppleTV’s and wireless clients
Use Case 3: Employees should be provided a list of nearby
printers and allowed to print. Guests should not
USER MANAGED DEVICES
BYO Devices: User managed AppleTV’s/ Printers (wireless/wired) and wireless
clients: ISE H1 CY15
Use Case 4: Only employee who owns the Bonjour Service is able to use it.
Use Case 5: Employee 1 allows Employee 2 to access their Bonjour service
© 2013 Cisco and/or its affiliates. All rights reserved. 33
Intuitive MonitoringWLAN Express Setup Wizard
• Simplified User Interface
• No console cable or CLI terminal
• Basic Employee and a Guest WLAN
• Improved Guest captive-portal
Best Practices ON by default
• Band Select
• Radio Resource Management
• Clean Air and intrusion detection
• Application Visibility
• Client Profiling
• Bonjour Service Directory
• Internet only Guest Access Controls
• Best practice default settings
Available on CT2504 software release 7.6.120.0 or later
© 2013 Cisco and/or its affiliates. All rights reserved. 34
© 2013 Cisco and/or its affiliates. All rights reserved. 35
NE
TW
OR
K D
ES
IGN Enable High Availability (AP and Client SSO)
Enable Pre-image download
Enable AP Failover Priority
Enable AVC (application visibility and control)
Enable NetFlow in your WLC
Enable local Profiling (DHCP and HTTP)
Enable VLAN Pooling
Enable NTP
Enable FlexConnect Groups
Enable “FlexConnect AP Upgrade”
Enable 802.1x and WPA/WPA2 on WLAN/SSID
Change advance EAP timers
Enable SSH and SNMPv3
Enable DHCP proxy
Enable 11w / 11k and 11v ?
Enable client exclusion
Enable rogue classification
Enable LSC (Logically Significant Certificate)
Enable IDS / WiPS
Install WSSI / Security module to monitor all channels
Enable “Max Concurrent Logins for a user name”
Enable strong password policies
Enable ACL on your WLAN
INF
RA
ST
RU
CT
UR
E
Enable EoIP for guest anchor WLC
Enable external or internal webauth for guest
Enable “Split Tunneling “ for OEAP
Enable Fast SSID change
Enable per-user band width contract
Enable WMM
Enable Qos on your WLAN
Enable Multicast Mobility for large mobility
domains
Enable 802.1x authentications for AP
WIR
EL
ES
S / R
F
http://www.cisco.com/c/en/us/td/docs/wireless/technology/wlc/82463-wlc-config-best-practice.htmlS
EC
UR
ITY
Disable 11b data rates
Restrict number of WLAN/SSID below 3
Enable channel bonding – 40 or 80 MHz
Enable BandSelect
Use AP Groups & RF Groups
Use RF Profiles to meet network needs
Set the RSSI Low Checks
Enable RRM (DCA & TPC) to be auto
Enable Auto-RF group leader selection
Enable Cisco CleanAir and EDRRM
Enable Noise &Rogue Monitoring on all channels
Enable Client Load Balancing
© 2013 Cisco and/or its affiliates. All rights reserved. 36
Standard Benefits Vendor/Release AireOS Release IOS Release
11r Standard for
roaming
Apple iOS 6 7.2.110.0 3.3
11k Neighbor List Apple iOS 6 7.4 3.3
11u HS 2.0 Apple iOS 7, Samsung 7.3 Future
11v Power Save Apple iOS 7 8.0 Future
11w Mgmt Frames Microsoft Windows 8 7.4 3.3
© 2013 Cisco and/or its affiliates. All rights reserved. 37
© 2013 Cisco and/or its affiliates. All rights reserved. 38
1. Associated device send
packets for regular data
access only to connected
access points (A)
2. Other AP (B,C) that “hear”
that MAC address talking to
associated AP can report on
signal strength to WLC/MSE
3. Additional smart techniques
are used for quiet devices
© 2013 Cisco and/or its affiliates. All rights reserved. 39
• Close-proximity (iBeacon) and site-wide location (CMX) for broad range of use cases - Coexist today.
• 8.1 Integration: Provides visibility and secures iBeacon/BLE deployments
• AP-based spectrum analysis (CleanAir) and MSE location capabilities detect and locate iBeacons
• Strong roadmap for site-wide iBeaconmanageability and control
© 2013 Cisco and/or its affiliates. All rights reserved. 40
Probe Occurs every 60 Seconds Packet RSSI every 6 seconds
Zone A Zone B Zone C Zone A Zone B Zone C
Analytics CAN NOT capture all zone utilization
Location Zones Location Zones
Analytics captures all zone utilization
© 2013 Cisco and/or its affiliates. All rights reserved. 41
Summary
• ASIC-based 802.11ac Access Points with HDX Technology
• Industry Leadership with Standards Evolution
• Client Stateful Switchover for WLCs
• Optimized for Webex, Jabber, Lync, Skype and other real-time applications
• Location accuracy innovation with Data Packet RSSI and Bluetooth Low Energy technology
Summary
© 2013 Cisco and/or its affiliates. All rights reserved. 42
Thank You