Best practices to deploy high-availability in Wireless LAN Architectures

Size: px
Start display at page:

Download "Best practices to deploy high-availability in Wireless LAN Architectures"

Transcription

1

2 Best practices to deploy high-availability in Wireless LAN Architectures Simone Arena Wireless Networking Group, TME

3 Abstract The proliferation of Wi-Fi enabled devices creates a significant challenge for IT organizations to create the same level of service and support on the wireless network as there currently is on the wired network. The primary goal of this session is to provide design guidance and share best practices around building reliable and highly available Wireless LAN networks. This session will review wireless design architectures including FlexConnect, RRM and software upgrade algorithms. Best practice and design guidance for achieving high availability for all components of the Cisco Wireless LAN network: NCS/Prime Infrastructure, WLC, APs and MSE will be covered in-depth. This session is applicable for attendees responsible for the design, deployment, operations, and management of highly available Wireless LAN Networks. 3

4 What is High Availability? High Availability Is this HA???? 4

5 Planned downtime Failover End-to-end access Redundancy Cost $$$$ Clustering/Pooling Survivability Performance High Availability Productivity Session Objectives Learn the Design Recommendations, Configuration Best Practices, Deployment tips, to have your wireless network.. ALWAYS ON 5

6 Agenda Ok..so what are we really talking about? Radio Frequency (RF) High Availability (HA) Site Survey, RRM, CleanAir Network Infrastructure HA Devices Physical layout Controller Redundancy and AP Failover AP Stateful Switchover (AP SSO) FlexConnect WAN and AAA Survivability Management and Mobility Services HA Prime Infrastructure Mobility Services Engine Conclusions 6

7 Radio Frequency High Availability RF HA is the ability to have redundancy in the physical layer. Creating a stable RF environment Dealing with coverage holes if an AP goes down How to mitigate an interference source Creating a pervasive, predictable RF environment 7

8 Radio Frequency High Availability Guidelines: Surveying for RF HA Rule of Thumb Want most radios at power level 3 Site Survey tools: Using Active Survey tools give you more info Examples: AirMagnet, Ekahau, Veriwave WaveDeploy Clients and AP should be same model as production network Get to know the area: Consider three dimensional radio propagation in multi-story buildings Be aware of perimeter and corner areas May not be optimal to start first survey with AP in corner Survey for lowest common client type and technology supported b/g, a, n Smartphones usually have lower power radio 8

9 Radio Frequency High Availability TX Power and Antenna gain comparison MacBook Pro ipad 3 iphone 4S iphone 5 Samsung S3 # Antennas 2.4 GHz 5 GHz Antenna Gain (dbi) 2.4 GHz 5 GHz n/a Total Tx Pwr (dbm) 2.4 GHz 5 GHz 28 (20) 26 (23) ave-peak ave-peak n/a ave-peak ave-peak Source: Placeholder for Notes is 12pts 9

10 Radio Frequency High Availability RRM Radio Resource Management What are RRM s objectives? Provide a system wide RF view of the network To dynamically balance the infrastructure and mitigate changes Monitor and maintain coverage for all clients Manage Spectrum Efficiency so as to provide the optimal throughput under changing conditions What RRM does not do Substitute for a site survey Correct an incorrectly architected network Manufacture spectrum 10

11 Radio Frequency High Availability RRM How does it work? DCA Dynamic Channel Assignment Each AP radio gets a transmit channel assigned to it Changes in air quality are monitored, AP channel assignment changed when deemed appropriate (based on DCA cost function) TPC Transmit Power Control Tx Power assignment based on radio to radio pathloss TPC is in charge of reducing Tx on some APs but may also increase Tx by defaulting back to power level higher than the current Tx level CHDM Coverage Hole Detection and Mitigation Detecting clients in coverage holes Deciding on Tx adjustment (typically Tx increase) on certain APs based on (in)adequacy of estimated downlink client coverage 11

12 Radio Frequency High Availability RF Profiles RF Profiles allow the administrator to tune groups of AP s sharing a common coverage zone together. Selectively changing how RRM will operate the AP s within that coverage zone RF Profiles are created for either the 2.4 GHz radio or 5GHz radio Profiles are applied to groups of AP s belonging to an AP Group, in which all AP s in the group will have the same Profile Settings There are two components to this feature: RF Groups Existing capability No impact on channel selection algorithms RF Profile New from 7.2, providing administrative control over: Min/Max TPC values TPCv1 Threshold TPCv2 Threshold Data Rates

13 Radio Frequency High Availability CleanAir- Self Healing & Optimizing the Spectrum BEFORE Wireless interference decreases reliability and performance AFTER CleanAir mitigates RF interference improving reliability and performance Wireless Client Performance AIR QUALITY PERFORMANCE AIR QUALITY PERFORMANCE Spectrum intelligence solution designed to proactively manage the challenges of a shared wireless spectrum Who, what, when, where, and how with interference Enables the network to act upon this information 13

14 Power Power Radio Frequency High Availability Why CleanAir? The Industry s ONLY in-line high-resolution spectrum analyzer Typical Wi-Fi chipset Spectral Resolution at 5 MHz Cisco CleanAir Wi-Fi chipset Spectral Resolution at 156 KHz Microwave oven Microwave oven? BlueTooth BlueTooth Identification is fuzzy, best guess 32 times WiFi chip s visibility Limited ability to differentiate devices Accurate classification Devices lost in the noise Multiple device recognition Chip View Visualization of Microwave oven and BlueTooth Interference 14

15 Radio Frequency High Availability Client Link: Reduced Coverage Holes ClientLink Disabled ClientLink Enabled Lower Data Rates Source: Miercom; AirMagnet/Fluke Iperf Survey Higher Data Rates 15

16 Network Infrastructure HA

17 Network Infrastructure HA Campus Design: Resiliency Structure, Modularity and Hierarchy Access Distribution Si Si Si Si Si Si Core Si Si Distribution Si Si Si Si Si Si Access WAN Data Center Anchor WLC - 1 Internet Anchor WLC - 2 WLC -1 WLC -2

18 Network Infrastructure HA AP Physical connection How to connect the AP Create redundancy throughout the access layer by homing APs into different switches Access Distribution Core

19 Network Infrastructure HA Controller Physical connection Access How to connect the WLC Configure Link Aggregation (LAG) Only one LAG is supported per AireOS WLC On the connecting switch: Set mode to ON (no Aggregation Protocol) Terminates on different modules or blades Load-balancing method for Catalyst switches is src-dst-ip Distribution Core

20 Network Infrastructure HA Controller Physical connection: connecting to a VSS switch Cisco 5508 WLC can be attached to a Cisco Catalyst VSS switch pair 4 ports of Cisco 5508 are connected to active VSS switch 2 nd set of 4 ports of Cisco 5508 is connected to standby VSS switch In case of failure of primary switch traffic continues to flow through secondary switch in the VSS pair Catalyst VSS Pair Cisco

21 Controller Redundancy and AP Failover

22 Controller Redundancy Dynamic mode Rely on CAPWAP to load-balance APs across controllers and populate APs with backup controllers (needs Mobility Group) Results in dynamic salt-and-pepper design Design works better when controllers are clustered in a centralized design Pros Easy to deploy and configure, less upfront work Cons Bigger operational challenges due to unpredictability More inter-controller roaming Longer failover times No fallback option in the event of controller failure If Dynamic mode is required, Cisco recommends to use it only for Layer 2 connected WLCs Deterministic redundancy or AP SSO is recommended AP1 AP2 AP3 AP4 AP5 AP6 AP7 AP8 AP9 WLC1 WLC2 22

23 Controller Redundancy Deterministic mode WLAN-Controller-A WLAN-Controller-B WLAN-Controller-C Primary: WLAN-Controller-A Secondary: WLAN-Controller-B Tertiary: WLAN-Controller-C Primary: WLAN-Controller-B Secondary: WLAN-Controller-C Tertiary: WLAN-Controller-A Primary: WLAN-Controller-C Secondary: WLAN-Controller-A Tertiary: WLAN-Controller-B Administrator statically assigns APs a primary, secondary, and/or tertiary controller Pros: Cons: Assigned from controller interface (per AP) or NCS/Prime Infrastructure (templatebased) You need to specify Name and IP if WLCs are not in the same Mobility Group Predictability: easier operational management Faster failover times Fallback option in the case of failover More flexible and powerful redundancy design options (1:1, N:1, N:N:1) More upfront planning and configuration 24

24 Controller Redundancy Deterministic: backup Controllers Backup controllers configured for all APs under Wireless > High Availability tab Used if there are no primary/secondary/tertiary WLCs configured on the AP The backup controllers are added to the primary discovery request message recipient list of the AP. 25

25 Controller Redundancy Deterministic: N+1 Design Redundant WLC in a geographically separate location WLAN-Controller-1 APs Configured With: Primary: WLAN-Controller-1 Secondary: WLC-BKP Redundant WLC need not be part of the same mobility group Configure high availability parameters to detect failure and faster failover NOC or Data Center WLC-BKP WLAN-Controller-2 APs Configured With: Primary: WLAN-Controller-2 Secondary: WLC-BKP Use AP priority in case of over subscription of redundant WLC HA SKU available in 7.4 for 5508, 7500 and 8500 controllers WLAN-Controller-n APs Configured With: Primary: WLAN-Controller-n Secondary: WLC-BKP 26

26 Controller Redundancy Deterministic: HA SKU No need to purchase licenses on backup WLC. When backup takes over 90-days counter is started Needs to be configured normally as you would do with the secondary controller (no auto synch). Supported on 5508, WiSM2, Flex7500 and 8510 Primary Controller: WiSM-2 License Count: 500 APs connected: 400 No licenses needed on secondary AIR-CT5508-HA-K9 Secondary Controller Max AP support: APs 400 = 475 = APs Primary Controller : 2504 License Count: 50 APs connected: 25 27

27 Controller Redundancy Deterministic: 1+1 Design For every active primary controller there is a standby redundant controller. Redundant WLCs in a geographically separate location Layer-3 connectivity between the AP connected to primary WLC and the redundant WLC Configure High Availability parameters to detect failure and faster failover APs can be load balanced or not HA SKU available in

28 AP Failover

29 AP Failover Understanding the CAPWAP State Machine For Your Reference AP Boots UP Discovery Reset DTLS Setup Image Data Run Join Config 30

30 AP Failover Failover Principles: AP Boots UP Discovery Reset When configured with Primary and backup Controller: AP uses heartbeats to validate current WLC connectivity AP uses Primary Discovery message to validate backup WLC list (every 30 sec) DTLS Setup Join Config Image Data Run When AP looses 5 heartbeats it start join process to first backup WLC candidate Candidate Backup WLC is the first alive WLC in this order : primary, secondary, tertiary, global primary, global secondary. Failover is faster than Dynamic mode because AP goes back to discovery state just to make sure the backup WLC is UP and then immediately starts the JOIN process 31

31 AP Failover Fast Heartbeat AP sends HA heartbeat packets, by default every 1 sec Reduce the amount of time it takes to detect a controller failure When the fast heartbeat timer expires, the AP sends a 3 fast echo requests to the WLC for 3 times If no response primary is considered dead and the AP selects an available controller from its backup controller list in the order of primary, secondary, tertiary, primary backup controller, and secondary backup controller. Fast Heartbeat only supported for Local and Flex mode 33

32 AP Failover Failover Priority Critical AP fails over AP Priority: Critical Controller Assign priorities to APs: Critical, High, Medium, Low Critical priority APs get precedence over all other APs when joining a controller In a failover situation, a higher priority AP will be allowed in ahead of all other APs If controller is full, existing lower priority APs will be dropped to accommodate higher priority APs AP Priority: Medium Medium priority AP dropped 34

33 AP Stateful Switch Over (AP SSO)

34 High Availability before 7.3 code and AP SSO Summary of what we saw so far Primary/Secondary/Tertiary WLC need to be defined on each AP Each WLC configured separately and have their own unique IP Address Primary and Secondary Backup are configured Globally Fast Heartbeat can be used to speed up failover With Failover detection AP goes in Discovery State and CAPWAP State Machine is restarted Downtime between Failover may go up to 1.5 minutes depending upon number of APs Each WLC is managed and monitored separately by NCS/Prime Infrastructure

35 AP Stateful switchover (AP SSO) Overview True Box to Box High Availability i.e. 1:1 One WLC in Active state and second WLC in Hot Standby state Secondary continuously monitors the health of Active WLC via dedicated link Configuration on Active is synched to Standby WLC This happens at startup and incrementally at each configuration change on the Active CAPWAP state of APs is also synched APs do not go in Discovery state when Active WLC fails Downtime between failover reduced to msec in case failover AP SSO is supported on 5500 / 7500 / 8500 and WiSM-2 WLC Clients state is not synched, so Client SSO is not supported in 7.3 and 7.4 release Client will need to re-authenticate unless it s a FlexConnect AP with local switching

36 AP Stateful switchover (AP SSO) Overview Redundancy Management Interface To check gateway and peer reachability sending ICMP packets every 1 sec Notification to standby in event of box failure or manual reset Communication with Syslog, NTP, TFTP server for uploading configurations Should be in same subnet as Management Interface

37 AP Stateful switchover (AP SSO) Overview Redundancy Port To check peer reachability sending udp keep alive messages every 100 msec Notification to standby in event of box failure Configuration synch from Active to Standby (Bulk and Incremental Config) Auto generated IP Address where last 2 octets are picked from the last 2 octets of Redundancy Management Interface (First 2 octets are always ) If NTP is not configured manual time synch is done from Active to Standby

38 AP Stateful switchover (AP SSO) Controller physical connectivity Active Controller 5500/7500/8500 have dedicated Redundancy Port. Only direct connection supported in 7.4 WiSM-2 WLC have dedicated Redundancy VLAN which is used to synch configuration from Active to Standby WLC Redundancy VLAN should be a non-routable VLAN, meaning a Layer 3 interface should not be created for this VLAN Redundancy Port Connectivity RP 1 RP 2 Hot Stand-by Controller To achieve HA between WiSM-2 WLCs it can be deployed in single chassis OR can also be deployed between multiple chassis using VSS Single Chassis Connectivity Multi Chassis Connectivity

39 AP Stateful switchover (AP SSO) Controllers pairing HA Pairing is possible only between same type of hardware and software version. Mismatch may result in Maintenance mode. HA Pairing happens when WLC is booting. Reboot of WLC is required after HA is enabled. While booting WLCs try to discover their pair (waits for 120 seconds) using Redundant Management Interface and Redundant Port. Once discovered Active WLC start syncing all configuration to Standby WLC via Redundant Port.

40 AP Stateful switchover (AP SSO) Controllers pairing While config is synching from Active to Standby WLC or Standby WLC is booting no config operation is possible on Active WLC. Active and Standby decision is not an automated election process. Active/Standby WLC is decided based on HA SKU (Manufacturing Ordered UDI) from 7.3 release onwards. WLC with HA SKU UDI will always be Standby WLC For existing WLCs Active/Standby decision can be made based on configuration. No configuration is possible on Standby WLC

41 AP Stateful switchover (AP SSO) Controller Pairing: Maintenance Mode Standby WLC may transition to Maintenance Mode Non reachability to Gateway via Redundant Management Interface WLC with HA SKU which had never discovered peer Redundant Port is down WLC should be rebooted to bring it out of Maintenance Mode Only Console and Service Port is available in Maintenance and Standby Mode Telnet / SSH / SNMP / Web Access is not available on Management and Dynamic interface in Maintenance and Standby Mode No Web Access in available on Service Port when HA is enabled.

42 AP Stateful switchover (AP SSO) Controller Failover Failover in HA can be categorized as Box Failover Box Failover can occur due to software crash, software hang, manual reset and force switchover. Failover time will vary from msec*. Box Failover can also occur due to power failure or unhandled software hang/crash. Failover time varies from msec*. Client SSO is not supported. AP SSO will de-auth clients (with an exception for Flex Local Switching clients). Clients have to start fresh association on new Active WLC. After failover clients in mobility setup will deauth and come up as new client. * Failover time is dependent on number of APs and AP Mode

43 AP Stateful switchover (AP SSO) Controller failover: process in detail For Your Reference Standby WLC keep sending keepalive messages on Redundant Port every 100 msec to check the state of Active WLC If Active does not acknowledge keepalive message, Standby WLC will immediately send ICMP packet to Active s Redundant Management Interface to check the status via infra network. Active Controller HA Cloud RP 1 RP 2 Hot Stand-by Controller Standby WLC retransmit Keepalive message on Redundant Port after 75 msec. If keepalive is not acknowledged ICMP packet is sent again via Redundant Management interface. Active Connection Redundant Connection This process is repeated 3 rd time and this time keepalive is sent after 50 msec followed by ICMP packet on infra network if 3 rd keepalive packet is also not acknowledged. AP 1 AP 2 After failure of 3 rd Keepalive and ICMP packet Switchover will trigger and Standby WLC will take over the network serving as Active WLC. Anytime in the middle if there is response for ICMP packet, Switchover will not happen.

44 AP Stateful switchover (AP SSO) Configuration (mandatory) Mandatory Configuration for HA setup: Redundant Management IP Address Peer Redundant Management IP Address Redundancy Mode set to SSO enable (by default is disabled) Primary/Secondary Configuration Required if peer WLC s UDI is not HA SKU CLI Configuration: HA Configuration can be done from Configuration Wizard

45 AP Stateful switchover (AP SSO) Configuration (optional) Optional Configuration for HA setup Peer Service Port Config Peer Route Config Keep Alive Timer (Default timer 100 msec, Range msec in multiple of 50) Peer Search Timer (Default timer 120 sec, Range sec) Mobility MAC Configuration should be used to have control on MAC Address for mobility peer. If not configured Active WLC MAC address will always be used for mobility tunnel to come up. Force Switchover Manual Peer Reset CLI Configuration

46 AP Stateful switchover (AP SSO) Configuration via GUI By default HA is disabled. Configure Redundant Management and Peer Redundant Management IP first before enabling AP SSO

47 AP Stateful switchover (AP SSO) Configuration by GUI Configure AP SSO selecting Enable from drop down: All other optional configuration like Service Port Peer IP, Mobility MAC Address, Keep Alive and Peer Search Timer can be configured on same page To Reset Peer WLC click on Commands -> Redundancy -> Reset Peer

48 AP Stateful switchover (AP SSO) Important things to know Physical connection between Redundant Port and Infrastructure Network should be done first before HA configuration Keepalive and Peer Discovery timers should be left with default timer values for better performance Clear configuration on Active WLC will also initiate clear config on Standby WLC. Internal DHCP is not supported when HA configuration is enabled. GARP is sent for all the interfaces after switchover. 3 GARP packets are sent out after SSO. Standby WLC sends GARP only for Redundant Management Interface while booting. L2 MGID is synched but L3 MGID database is cleared with SSO Location and Rogue information is not synched. When HA is disabled on Active it will be pushed to Standby and after reboot all the ports will come up on Active and will be disabled on Standby.

49 AP Stateful switchover (AP SSO) Checking configuration To check the Redundancy Status and Switchover History Total 10 history counts are maintained for switchover.

50 AP Stateful switchover (AP SSO) Integration with existing Controller Redundancy model AP SSO can be deployed with Secondary and Tertiary Controllers Both Active and Standby combined in AP SSO setup are configured as primary. On failure of both Active and Standby WLC in AP SSO setup, APs will fall back to secondary and further to configured tertiary controller.

51 AP Stateful switchover (AP SSO) Integration with existing Controller Redundancy model When AP SSO is setup, by default Primary WLC mac-address is synched as Mobility Mac Address on standby WLC which should be used to form a mobility peer Custom MAC can also be configured as Mobility Mac instead of using Active WLC mac-address Mobility mac address should be configured before forming High Availability pair. Once HA pair is formed mobility mac cannot be changed or edited.

52 AP Stateful switchover (AP SSO) Licensing HA Pair with HA SKU License on one WLC HA SKU is a new SKU with Zero AP Count License The device with HA SKU becomes standby first time it pairs up AP-count license info will be pushed from Active to Standby On event of Active failure HA SKU will let APs join with AP-count obtained and will start 90-day count-down. The granularity of the same is in days. After 90-days, it starts nagging messages.won t disconnect connected APs With new WLC coming up HA SKU, at the time of paring, the Standby will get the AP Count: If new WLC has higher AP count than previous, 90 days counter is reset. If new WLC has lower AP count than previous, 90 days counter is not reset. Elapsed time and AP-count are remembered on reboot

53 AP Stateful switchover (AP SSO) Licensing HA Pair with both the WLC having Valid AP Count License Active / Standby WLC decided based on configuration. To be configured as Standby, WLC needs at least a minimal license count for that platform to be active (ex. 50 APs for 5508) AP-count license info will be pushed from Active to Standby In the event of a switch over, the new Active will operate with the license count of the previous Active and will start 90-day count-down. Rest of the behavior is same as defined for HA SKU HA Pair with one WLC running Evaluation License and other WLC with HA SKU The device with HA SKU becomes standby first time it pairs up with an existing Active WLC running Evaluation License AP-count license info will be pushed from Active to Standby In the event of a switch over, the new Active will operate with the license count of the previous Active and will start 90-day count-down. Rest of the behavior is same as defined for HA SKU

54 FlexConnect and WAN Survivability

55 FlexConnect overview Management and data plane are split Data Plane can be: Centralized (split MAC architecture) Local (local MAC architecture) Two modes of operation: Connected (when WLC is reachable) Standalone (when WLC is not reachable) Traffic Switching is configured per AP and per WLAN (SSID) From 7.3 split tunneling is supported on a WLAN basis FlexConnect Group: Defines the Key caching domain for Fast Roaming, allows backup Radius scenarios Centralized Traffic Central Site WAN Local Traffic Cluster of WLC Centralized Traffic Remote Office

56 FlexConnect Overview Feature Limitations For Your Reference Some features are not available in standalone mode or in local switching mode Local controller Web Auth in Standalone Mode Mesh AP VideoStream IPv6 L3 Mobility SXP TrustSec QoS override See full list in «FlexConnect Feature Matrix» :

57 FlexConnect Survivability: WAN Failure (or single central WLC failure) Central Site HA considerations: No impact for connected clients on locally switched SSIDs Disconnection for centrally switched SSIDs clients Static authentication keys are locally stored in FlexConnect AP New clients can join if authentication is based on static keys Fast roaming allowed within FlexConnect group for already connected clients Lost features RRM, CleanAir, WIDS, Location, other AP modes Web authentication, NAC Remote Site WAN Application Server Remote Office

58 FlexConnect Survivability: WLC failure with Primary/Secondary Central Site Secondary Primary HA considerations: No impact for locally switched SSIDs Disconnection of centrally switched SSIDs clients FlexConnect AP transitions to Standalone and then to Connected when joins the Secondary WAN When in Standalone mode, Fast roaming is allowed within the FlexConnect Group Remote Site Upon resync with Secondary, client sessions for local traffic are not impacted (provided that the configuration on the WLCs are identical) Application Server Remote Office

59 FlexConnect Survivability: WLC failure scenario with AP SSO Central Site Standby Active HA considerations: No impact for locally switched SSIDs Disconnection of centrally switched SSIDs clients FlexConnect AP will NOT transition to Standalone because AP SSO kicks in WAN AP will go straight to Connected mode with the Standby WLC Remote Site Client sessions for Local traffic are not impacted and this is really Client SSO Application Server Remote Office

60 FlexConnect Survivability : WAN/WLC Failure and AP reboots Central Site AP reboots with WAN down Central Switched WLANs will shutdown Web-auth WLANs will shutdown Local Switched WLANs will be up : Only Open, Shared and WPA-PSK are allowed Local 802.1x allowed with local AP authentication or local RADIUS Unsupported features RRM, CCKM, WIDS, Location, Other AP Mode, NAC WAN Application Server Remote Office

61 FlexConnect and AAA Survivability

62 FlexConnect Survivability: AAA server backup Central Site By default authentication is done centrally in connected mode When WLC/WAN fails, AP goes in Standalone mode In Standalone mode, the AP can be configured to authenticate new clients with backup RADIUS defined locally at the AP Backup AAA servers are configured at FlexConnect Group level Upon WAN/WLC failure: Existing connected clients stay connected New clients are authenticated to the locally defined AAA Local Backup RADIUS Central RADIUS WAN FlexConnect Group Remote Office

63 FlexConnect AAA server backup Configuration Define primary and secondary local backup RADIUS server under FlexConnect Group configuration

64 FlexConnect Survivability: AAA server on AP By default authentication is done centrally in connected mode When WLC/WAN fails AP goes in Standalone mode In Standalone, the AP can act as a AAA server Only EAP-FAST and LEAP and a max of 100 clients supported Upon WAN/WLC failure: Existing connected clients stay connected New clients are authenticated to the locally defined AAA Central RADIUS Remote Site Central Site WAN

65 FlexConnect AAA server on AP - Configuration Define users (max 100) and passwords Define EAP parameters (LEAP or EAP-FAST)

66 FlexConnect Survivability: FlexConnect Local Auth Central Site By default FlexConnect AP authenticates clients through central controller when in Connected mode Central RADIUS This feature allows AP to act as an Authenticator even in Connected mode AAA servers are defined at the FlexGroup level Useful HA scenarios: Local RADIUS Remote Site WAN WAN goes down and Local users are authenticated to Local site AAA WLC goes down and Local users are authenticated from AP to Central site AAA Remote Office

67 FlexConnect FlexConnect Local Auth: configuration

68 Management and Mobility Services HA

69 Network Control System/Prime Infrastructure (PI) High Availability PI runs in an active / standby (1:1) mode Secondary PI not accessible Requires same HW and SW - Physical-physical and virtual-virtual supported No database loss when failover occurs Failover can be Automatic or Manual. Failback is always manual If the standby PI doesn t receive 3 heartbeats (timeout 2 seconds) then either the standby PI will become active or will be sent to network admin. Active Standby 76

70 Prime Infrastructure HA Health Monitor The Health Monitor (HM) is a process implemented in PI, that is the primary component that manages the high availability operation of the system. It displays valuable logging and troubleshooting information For Your Reference To get to the Health Monitor direct the secondary PI to the 8082 port secondary PI ip address>:8082 Note if you navigate to the primary s port 8082 you will not be able to login as it is only available on the secondary PI 77

71 Prime Infrastructure HA Configuration of HA Feature For Your Reference The first step is to install and configure the Secondary PI. When configuring the Primary PI for HA, the Secondary PI needs to be installed and reachable by the Primary PI The following parameters must be configured on the primary PI: name/ip address of secondary PI address of network administrator for system notification manual or automatic failover option Secondary PI must always be a new installation and this option must be selected during PI install process, i.e. standalone or primary PI cannot be converted to secondary PI. Standalone PI can be converted to HA Primary. 79

72 Prime Infrastructure HA Configuration cont. For Your Reference Verify that the configuration is complete on the HA Status tab. After initial deployment of PI, the entire configuration of primary PI is replicated to the host of the secondary PI This process can be time consuming and take up to a half hour to run After database is replicated on the delta of changes will be pushed over to the secondary PI 80

73 Mobility Service Engine HA

74 Mobility Service Engine (MSE) High Availability A heartbeat is maintained between the primary and secondary MSE When the primary MSE fails and the secondary takes over, the virtual address of the primary MSE is switched transparently. HA for all services supported; Failover times < 1 min No HA license or a second set of client/ WIPS license required Supports 1:1 & 2:1 configuration (2 primaries can be backed to one secondary) HA supports Network Connected and Direct Connected. Directly connected with a cable can help reduce latencies in heartbeat response times, data replication and failure detection times. WLC1 Primary MSE Virtual IP: Eth0: WLC2 Directly or network connected Secondary MSE Eth0: PI 3 rd Party 82

75 MSE HA Deployment Considerations Only MSE Layer-2 redundancy is supported. Both the health monitor IP and virtual IP must be on the same subnet and accessible from the Network Control System (PI). Layer-3 redundancy is not supported. Supports automatic & manual failover / failback Physical to physical & virtual to virtual HA supported Every active primary MSE is backed up by another inactive instance. The secondary MSE becomes active only after the failover procedure is initiated. The failover procedure can be manual or automatic. Failover to Secondary WLC1 Directly or network connected Primary MSE Eth0: WLC2 Secondary MSE Virtual IP: Eth0: PI 3 rd Party 83

76 MSE HA Configuration For Your Reference Additional config required under HA HA mode in Start up script Define secondary name & ip address 84

77 MSE HA Verification For Your Reference Status shows active under the HA Configuration Sync is complete 85

78 Conclusions Let s recap HA for wireless starts from a good RF Site survey! Know your environment Leverage RRM Implement the Cisco advanced features for RF HA is about deterministic behavior Create a blueprint for the wired network to support a HA wireless deployment Deterministic Controller failover Stateful switchover for wireless: AP SSO is the first step Remote site and branch office: leverage the HA capability of FlexConnect Wireless ALWAYS ON? We are getting there 86

79 87

80

High Availability (AP SSO) Deployment Guide

High Availability (AP SSO) Deployment Guide High Availability (AP SSO) Deployment Guide Document ID: 113681 Contents Introduction Prerequisites Requirements Components Used Conventions Topology New HA Overview HA Connectivity Using Redundant Port

More information

Best Practices to Deploy High-Availability in Wireless LAN Architectures

Best Practices to Deploy High-Availability in Wireless LAN Architectures Best Practices to Deploy High-Availability in Wireless LAN Architectures Brian Levin ENG, Technical Marketing Engineer The New Normal High Density How many devices have you got today? High Quality No coverage

More information

Best Practices to Deploy High-Availability in Wireless LAN Architectures

Best Practices to Deploy High-Availability in Wireless LAN Architectures Best Practices to Deploy High-Availability in Wireless LAN Architectures Kara Muessig Technical Solutions Architect CCIE (Wireless) #29572 Planned downtime Failover Redundancy Survivability Clustering/Pooling

More information

Cisco 8500 Series Wireless Controller Deployment Guide

Cisco 8500 Series Wireless Controller Deployment Guide Cisco 8500 Series Wireless Controller Deployment Guide Document ID: 113695 Contents Introduction Prerequisites Requirements Components Used Conventions Product Overview Product Specifications Features

More information

Cisco Deploying Basic Wireless LANs

Cisco Deploying Basic Wireless LANs Cisco Deploying Basic Wireless LANs WDBWL v1.2; 3 days, Instructor-led Course Description This 3-day instructor-led, hands-on course is designed to give you a firm understanding of the Cisco Unified Wireless

More information

CCIE Wireless v3 Lab Video Series 1 Table of Contents

CCIE Wireless v3 Lab Video Series 1 Table of Contents CCIE Wireless v3 Lab Video Series 1 Table of Contents Section 1: Network Infrastructure Layer 2 Technologies VLANs VTP Layer 2 Interfaces DTP Spanning Tree- Root Election Spanning Tree- Path Control Spanning

More information

Architecting Network for Branch Offices with Cisco Unified Wireless

Architecting Network for Branch Offices with Cisco Unified Wireless Architecting Network for Branch Offices with Cisco Unified Wireless Karan Sheth - Sr. Technical Marketing Engineer Objective Design & Deploy Branch Network That Increases Business Resiliency 2 Agenda Learn

More information

Deploying Cisco Wireless Enterprise Networks

Deploying Cisco Wireless Enterprise Networks 300-365 Deploying Cisco Wireless Enterprise Networks NWExam.com SUCCESS GUIDE TO CISCO CERTIFICATION Exam Summary Syllabus Questions Table of Contents Introduction to 300-365 Exam on Deploying Cisco Wireless

More information

Architecting Network for Branch Offices with Cisco Unified Wireless Karan Sheth Sr. Technical Marketing Engineer

Architecting Network for Branch Offices with Cisco Unified Wireless Karan Sheth Sr. Technical Marketing Engineer Architecting Network for Branch Offices with Cisco Unified Wireless Karan Sheth Sr. Technical Marketing Engineer BRKEWN-2016 Abstract This session focuses on the architecture concepts of the branch office

More information

Configuring OfficeExtend Access Points

Configuring OfficeExtend Access Points Information About OfficeExtend Access Points, page 1 OEAP 600 Series Access Points, page 2 OEAP in Local Mode, page 3 Supported WLAN Settings for 600 Series OfficeExtend Access Point, page 3 WLAN Security

More information

exam. Number: Passing Score: 800 Time Limit: 120 min CISCO Deploying Cisco Wireless Enterprise Networks. Version 1.

exam. Number: Passing Score: 800 Time Limit: 120 min CISCO Deploying Cisco Wireless Enterprise Networks. Version 1. 300-365.exam Number: 300-365 Passing Score: 800 Time Limit: 120 min CISCO 300-365 Deploying Cisco Wireless Enterprise Networks Version 1.0 Exam A QUESTION 1 The customer has deployed C7960 phones with

More information

CCIE Wireless v3 Workbook Volume 1

CCIE Wireless v3 Workbook Volume 1 CCIE Wireless v3 Workbook Volume 1 Table of Contents Diagrams and Tables 7 Topology Diagram 7 Table 1- VLANs and IP Subnets 8 Table 2- Device Management IPs 9 Table 3- Device Credentials 10 Table 4- Term

More information

Configuring Hybrid REAP

Configuring Hybrid REAP 13 CHAPTER This chapter describes hybrid REAP and explains how to configure this feature on controllers and access points. It contains the following sections: Information About Hybrid REAP, page 13-1,

More information

Cisco Troubleshooting Cisco Wireless Enterprise Networks WITSHOOT v1.1

Cisco Troubleshooting Cisco Wireless Enterprise Networks WITSHOOT v1.1 Course Overview Provides students information to troubleshoot Cisco wireless networks. The course provides guidelines for troubleshooting Wi-Fi architectures of Cisco wireless components. Who Should Attend

More information

Converged Access: Wireless AP and RF

Converged Access: Wireless AP and RF This chapter describes the best recommendation or practices of Radio Resource Management (RRM), beam forming, Fast SSID, and Cisco CleanAir features. The examples provided in this chapter are sufficient

More information

Mobility Groups. Information About Mobility

Mobility Groups. Information About Mobility Information About Mobility, page 1 Information About, page 5 Prerequisites for Configuring, page 10 Configuring (GUI), page 12 Configuring (CLI), page 13 Information About Mobility Mobility, or roaming,

More information

CCIE Wireless v3.1 Workbook Volume 1

CCIE Wireless v3.1 Workbook Volume 1 CCIE Wireless v3.1 Workbook Volume 1 Table of Contents Diagrams and Tables 7 Topology Diagram 7 Table 1- VLANs and IP Subnets 8 Table 2- Device Management IPs 9 Table 3- Device Credentials 10 Table 4-

More information

Cisco Catalyst 9800 Wireless Controller Series Web UI Deployment Guide

Cisco Catalyst 9800 Wireless Controller Series Web UI Deployment Guide Cisco Catalyst 9800 Wireless Controller Series Web UI Deployment Guide Introduction 2 Feature Overview 2 Elements of the configuration model Tags and Profiles 2 Association of tags to APs 5 Day 0 Express

More information

Configuring High Availability (HA)

Configuring High Availability (HA) 4 CHAPTER This chapter covers the following topics: Adding High Availability Cisco NAC Appliance To Your Network, page 4-1 Installing a Clean Access Manager High Availability Pair, page 4-3 Installing

More information

Configuring RF Profiles

Configuring RF Profiles Prerequisites for, page 1 Restrictions for, page 1 Information About RF Profiles, page 2 Configuring an RF Profile (GUI), page 5 Configuring an RF Profile (CLI), page 6 Applying an RF Profile to AP Groups

More information

Real4Test. Real IT Certification Exam Study materials/braindumps

Real4Test.   Real IT Certification Exam Study materials/braindumps Real4Test http://www.real4test.com Real IT Certification Exam Study materials/braindumps Exam : 400-351 Title : CCIE Wireless Vendor : Cisco Version : DEMO Get Latest & Valid 400-351 Exam's Question and

More information

Configuring FlexConnect Groups

Configuring FlexConnect Groups Information About FlexConnect Groups, page 1, page 5 Configuring VLAN-ACL Mapping on FlexConnect Groups, page 10 Configuring WLAN-VLAN Mappings on FlexConnect Groups, page 11 Information About FlexConnect

More information

Deployment Guide for Cisco Guest Access Using the Cisco Wireless LAN Controller, Release 4.1

Deployment Guide for Cisco Guest Access Using the Cisco Wireless LAN Controller, Release 4.1 Deployment Guide for Cisco Guest Access Using the Cisco Wireless LAN Controller, Release 4.1 Last revised: February 1, 2008 Contents Overview section on page 1 Configuring Guest Access on the Cisco Wireless

More information

P ART 3. Configuring the Infrastructure

P ART 3. Configuring the Infrastructure P ART 3 Configuring the Infrastructure CHAPTER 8 Summary of Configuring the Infrastructure Revised: August 7, 2013 This part of the CVD section discusses the different infrastructure components that are

More information

Configure Devices Using Converged Access Deployment Templates for Campus and Branch Networks

Configure Devices Using Converged Access Deployment Templates for Campus and Branch Networks Configure Devices Using Converged Access Deployment Templates for Campus and Branch Networks What Are Converged Access Workflows?, on page 1 Supported Cisco IOS-XE Platforms, on page 3 Prerequisites for

More information

Cisco TrustSec How-To Guide: Universal Configuration for the Cisco Wireless LAN Controller

Cisco TrustSec How-To Guide: Universal Configuration for the Cisco Wireless LAN Controller Cisco TrustSec How-To Guide: Universal Configuration for the Cisco Wireless LAN Controller For Comments, please email: howtoguides@external.cisco.com Current Document Version: 3.0 August 27, 2012 Table

More information

Software-Defined Access Wireless

Software-Defined Access Wireless Introduction to, page 1 Configuring SD-Access Wireless (CLI), page 7 Enabling SD-Access Wireless (GUI), page 8 Configuring SD-Access Wireless VNID (GUI), page 9 Configuring SD-Access Wireless WLAN (GUI),

More information

FortiNAC. Cisco Airespace Wireless Controller Integration. Version: 8.x. Date: 8/28/2018. Rev: B

FortiNAC. Cisco Airespace Wireless Controller Integration. Version: 8.x. Date: 8/28/2018. Rev: B FortiNAC Cisco Airespace Wireless Controller Integration Version: 8.x Date: 8/28/2018 Rev: B FORTINET DOCUMENT LIBRARY http://docs.fortinet.com FORTINET VIDEO GUIDE http://video.fortinet.com FORTINET KNOWLEDGE

More information

Test Results Summary for Cisco Unified Wireless LAN Test 7.4 for Japan (Release )

Test Results Summary for Cisco Unified Wireless LAN Test 7.4 for Japan (Release ) Test Results Summary for Cisco Unified Wireless LAN Test 7.4 for Japan (Release 7.4.100.0) First Published: January 25, 2013 Last Modified: March 25, 2013 Americas Headquarters Cisco Systems, Inc. 170

More information

Configuring Backup Controllers

Configuring Backup Controllers Information About, page 1 Restrictions for, page 2 (GUI), page 2 (CLI), page 3 Information About A single controller at a centralized location can act as a backup for access points when they lose connectivity

More information

Per-WLAN Wireless Settings

Per-WLAN Wireless Settings DTIM Period, page 1 Off-Channel Scanning Deferral, page 3 Cisco Client Extensions, page 10 Client Profiling, page 12 Client Count per WLAN, page 15 DTIM Period Information About DTIM Period In the 802.11

More information

Managing Rogue Devices

Managing Rogue Devices Information About Rogue Devices, page 1 Configuring Rogue Detection (GUI), page 5 Configuring Rogue Detection (CLI), page 8 Information About Rogue Devices Rogue access points can disrupt wireless LAN

More information

Cisco Unified Wireless Network Software Release 7.4

Cisco Unified Wireless Network Software Release 7.4 Product Bulletin Cisco Unified Wireless Network Software Release 7.4 PB722724 Overview Cisco Unified Wireless Network (CUWN) Software Release 7.4 brings advancements to the wireless market with innovative

More information

Cisco Exam Implementing Advanced Cisco Unified Wireless Security v2.0 Version: 9.0 [ Total Questions: 206 ]

Cisco Exam Implementing Advanced Cisco Unified Wireless Security v2.0 Version: 9.0 [ Total Questions: 206 ] s@lm@n Cisco Exam 642-737 Implementing Advanced Cisco Unified Wireless Security v2.0 Version: 9.0 [ Total Questions: 206 ] Cisco 642-737 : Practice Test Question No : 1 RADIUS is set up with multiple servers

More information

Template information can be overridden on individual devices.

Template information can be overridden on individual devices. CHAPTER 12 This chapter describes the Controller Template Launch Pad. It is a hub for all controller templates. Templates provide a way to set parameters that you can then apply to multiple devices without

More information

Template information can be overridden on individual devices.

Template information can be overridden on individual devices. CHAPTER 12 This chapter describes the Controller Template Launch Pad. It is a hub for all controller templates. Templates provide a way to set parameters that you can then apply to multiple devices without

More information

FlexConnect. Information About FlexConnect

FlexConnect. Information About FlexConnect Information About, on page 1 Restrictions on, on page 6 Configuring, on page 8 Information About (previously known as Hybrid Remote Edge Access Point or H-REAP) is a wireless solution for branch office

More information

Introduction to Technology

Introduction to Technology Introduction to 802.11 Technology Suebpong Nitichai Email: sniticha@cisco.com 1 IEEE 802.11 Family Technology Overview IEEE 802.11 Standard define : A Physical layer Radio Frequencies, Data Modulation,

More information

Configuring Auto-Anchor Mobility

Configuring Auto-Anchor Mobility Information About Auto-Anchor Mobility, page 1 Guest Anchor Priority, page 5 Information About Auto-Anchor Mobility You can use auto-anchor mobility (also called guest tunneling) to improve load balancing

More information

Architecting Network for Branch Offices with Cisco Unified Wireless

Architecting Network for Branch Offices with Cisco Unified Wireless Architecting Network for Branch Offices with Cisco Unified Wireless Aparajita Sood Technical Marketing Engineer Objective Design & Deploy Branch Network That Increases Business Resiliency 3 Agenda Learn

More information

Wireless LAN Controller (WLC) Mobility Groups FAQ

Wireless LAN Controller (WLC) Mobility Groups FAQ Wireless LAN Controller (WLC) Mobility Groups FAQ Document ID: 107188 Contents Introduction What is a Mobility Group? What are the prerequisites for a Mobility Group? How do I configure a Mobility Group

More information

Performing Administrative Tasks

Performing Administrative Tasks CHAPTER 15 The Administration enables you to schedule tasks, administer accounts, and configure local and external authentication and authorization. Also, set logging options, configure mail servers, and

More information

Configuring FlexConnect Groups

Configuring FlexConnect Groups Information About FlexConnect Groups, page 1, page 3 Configuring VLAN-ACL Mapping on FlexConnect Groups, page 8 Information About FlexConnect Groups To organize and manage your FlexConnect access points,

More information

Software-Defined Access Wireless

Software-Defined Access Wireless Introduction to, page 1 Configuring SD-Access Wireless (CLI), page 7 Enabling SD-Access Wireless (GUI), page 8 Configuring SD-Access Wireless VNID (GUI), page 9 Configuring SD-Access Wireless WLAN (GUI),

More information

Managing Software. Upgrading the Controller Software. Considerations for Upgrading Controller Software

Managing Software. Upgrading the Controller Software. Considerations for Upgrading Controller Software Upgrading the Controller Software, on page 1 Considerations for Upgrading Controller Software, on page 1 Upgrading Controller Software (GUI), on page 2 Upgrading Controller Software (CLI), on page 5 Predownloading

More information

Configuring Layer2 Security

Configuring Layer2 Security Prerequisites for Layer 2 Security, page 1 Configuring Static WEP Keys (CLI), page 2 Configuring Dynamic 802.1X Keys and Authorization (CLI), page 2 Configuring 802.11r BSS Fast Transition, page 3 Configuring

More information

Universal Wireless Controller Configuration for Cisco Identity Services Engine. Secure Access How-To Guide Series

Universal Wireless Controller Configuration for Cisco Identity Services Engine. Secure Access How-To Guide Series Universal Wireless Controller Configuration for Cisco Identity Services Engine Secure Access How-To Guide Series Author: Hosuk Won Date: November 2015 Table of Contents Introduction... 3 What Is Cisco

More information

Cisco Exam Troubleshooting Cisco Wireless Enterprise Networks Version: 7.0 [ Total Questions: 60 ]

Cisco Exam Troubleshooting Cisco Wireless Enterprise Networks Version: 7.0 [ Total Questions: 60 ] s@lm@n Cisco Exam 300-370 Troubleshooting Cisco Wireless Enterprise Networks Version: 7.0 [ Total Questions: 60 ] Cisco 300-370 : Practice Test Question No : 1 An engineer must open a support case with

More information

DEPLOYING BASIC CISCO WIRELESS LANS (WDBWL)

DEPLOYING BASIC CISCO WIRELESS LANS (WDBWL) [Type a quote from the document or the summary of an interesting point. You can position the text box anywhere in the document. Use the Drawing Tools tab to change the formatting of the pull quote text

More information

Client Data Tunneling

Client Data Tunneling Ethernet over GRE Tunnels, on page 1 Proxy Mobile IPv6, on page 9 Ethernet over GRE Tunnels Ethernet over GRE (EoGRE) is a new aggregation solution for aggregating Wi-Fi traffic from hotspots. This solution

More information

Using Access Point Communication Protocols

Using Access Point Communication Protocols Information About Access Point Communication Protocols, page 1 Restrictions for Access Point Communication Protocols, page 2 Configuring Data Encryption, page 2 Viewing CAPWAP Maximum Transmission Unit

More information

Multicast/Broadcast Setup

Multicast/Broadcast Setup Configuring Multicast Mode, page 1 Mediastream, page 9 Configuring Multicast Domain Name System, page 14 Configuring Multicast Mode Information About Multicast/Broadcast Mode If your network supports packet

More information

Ports and Interfaces. Ports. Information About Ports. Ports, page 1 Link Aggregation, page 5 Interfaces, page 10

Ports and Interfaces. Ports. Information About Ports. Ports, page 1 Link Aggregation, page 5 Interfaces, page 10 Ports, page 1 Link Aggregation, page 5 Interfaces, page 10 Ports Information About Ports A port is a physical entity that is used for connections on the Cisco WLC platform. Cisco WLCs have two types of

More information

Cisco Wireless LAN Controller Configuration Guide

Cisco Wireless LAN Controller Configuration Guide Cisco Wireless LAN Controller Configuration Guide Software Release 7.0.116.0 April 2011 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com

More information

Software-Defined Access Wireless

Software-Defined Access Wireless Introduction to, page 1 Configuring SD-Access Wireless (CLI), page 7 Introduction to The Enterprise Fabric provides end-to-end enterprise-wide segmentation, flexible subnet addressing, and controller-based

More information

Managing Rogue Devices

Managing Rogue Devices Finding Feature Information, page 1 Information About Rogue Devices, page 1 How to Configure Rogue Detection, page 6 Monitoring Rogue Detection, page 8 Examples: Rogue Detection Configuration, page 9 Additional

More information

Multicast VLAN, page 1 Passive Clients, page 2 Dynamic Anchoring for Clients with Static IP Addresses, page 5

Multicast VLAN, page 1 Passive Clients, page 2 Dynamic Anchoring for Clients with Static IP Addresses, page 5 Multicast VLAN, page 1 Passive Clients, page 2 Dynamic Anchoring for Clients with Static IP Addresses, page 5 Multicast VLAN Information About Multicast Optimization Prior to the 7.0.116.0 release, multicast

More information

Configuring Client Profiling

Configuring Client Profiling Prerequisites for, page 1 Restrictions for, page 2 Information About Client Profiling, page 2, page 3 Configuring Custom HTTP Port for Profiling, page 4 Prerequisites for By default, client profiling will

More information

Cisco 8540 Wireless LAN Controller Deployment Guide 4

Cisco 8540 Wireless LAN Controller Deployment Guide 4 Cisco 8540 Wireless LAN Controller Deployment Guide Cisco 8540 Wireless LAN Controller Deployment Guide 4 Introduction 4 Prerequisites 4 Product Overview 4 Cisco 8540 Controller Key Attributes 5 AP Platform

More information

Test Results Summary for Cisco Unified Wireless LAN Test 7.5 for Japan (Release )

Test Results Summary for Cisco Unified Wireless LAN Test 7.5 for Japan (Release ) Test Results Summary for Cisco Unified Wireless LAN Test 7.5 for Japan (Release 7.5.102.0) First Published: May 14, 2013 Last Modified: July 10, 2013 Americas Headquarters Cisco Systems, Inc. 170 West

More information

Wireless Domain Services FAQ

Wireless Domain Services FAQ Wireless Domain Services FAQ Document ID: 65346 Contents Introduction What is WDS? How do I configure my AP as a WDS? On what platforms does Cisco Structured Wireless Aware Network (SWAN) WDS run? How

More information

Configuring Cisco CleanAir on the Controller, page 1 Configuring Cisco CleanAir on an Access Point, page 7

Configuring Cisco CleanAir on the Controller, page 1 Configuring Cisco CleanAir on an Access Point, page 7 Configuring on the Controller, page 1 Configuring on an Access Point, page 7 Configuring on the Controller Configuring on the Cisco Wireless LAN Controller (GUI) Step 1 Step 2 Step 3 Step 4 Step 5 Choose

More information

Release Notes for Avaya WLAN 9100 Software Patch Release WLAN Release Notes

Release Notes for Avaya WLAN 9100 Software Patch Release WLAN Release Notes WLAN 9100 Release Notes Release Notes for Avaya WLAN 9100 Software Patch Release AP Operating System Rel 7.2.8 Wireless LAN Orchestration System Rel 7.4.2 Avaya Inc - External Distribution Avaya Inc -

More information

Using the Web Graphical User Interface

Using the Web Graphical User Interface Prerequisites for Using the Web GUI, page 1 Information About Using The Web GUI, page 2 Connecting the Console Port of the Switch, page 3 Logging On to the GUI, page 4 Enabling Web and Secure Web Modes,

More information

Using the Web Graphical User Interface

Using the Web Graphical User Interface Prerequisites for Using the Web GUI, page 1 Information About Using The Web GUI, page 1 Connecting the Console Port of the Device, page 3 Logging On to the Web GUI, page 3 Enabling Web and Secure Web Modes,

More information

High Availability Synchronization PAN-OS 5.0.3

High Availability Synchronization PAN-OS 5.0.3 High Availability Synchronization PAN-OS 5.0.3 Revision B 2013, Palo Alto Networks, Inc. www.paloaltonetworks.com Contents Overview... 3 Device Configuration... 4 Network Configuration... 9 Objects Configuration...

More information

FortiNAC. Aerohive Wireless Access Point Integration. Version 8.x 8/28/2018. Rev: E

FortiNAC. Aerohive Wireless Access Point Integration. Version 8.x 8/28/2018. Rev: E FortiNAC Aerohive Wireless Access Point Integration Version 8.x 8/28/2018 Rev: E FORTINET DOCUMENT LIBRARY http://docs.fortinet.com FORTINET VIDEO GUIDE http://video.fortinet.com FORTINET KNOWLEDGE BASE

More information

Politecnico di Torino Network architecture and management. Outline 11/01/2016. Marcello Maggiora, Antonio Lantieri, Marco Ricca

Politecnico di Torino Network architecture and management. Outline 11/01/2016. Marcello Maggiora, Antonio Lantieri, Marco Ricca Politecnico di Torino Network architecture and management Marcello Maggiora, Antonio Lantieri, Marco Ricca Outline Politecnico di Torino network: Overview Building blocks: Edge, Core, Distribution, Access

More information

AP Connectivity to Cisco WLC

AP Connectivity to Cisco WLC CAPWAP, page 1 Discovering and Joining Cisco WLC, page 12 Authorizing Access Points, page 23 AP 802.1X Supplicant, page 29 Infrastructure MFP, page 34 Troubleshooting the Access Point Join Process, page

More information

Configuring AP Groups

Configuring AP Groups Prerequisites for, page 1 Restrictions on Configuring Access Point Groups, page 2 Information About Access Point Groups, page 3 Configuring Access Point Groups, page 3 Creating Access Point Groups (GUI),

More information

Using the CLI to Configure the Syslog Server for Access Points

Using the CLI to Configure the Syslog Server for Access Points Chapter 8 Autonomous Access Points Converted to Lightweight Mode Using the CLI to Configure the Syslog Server for Access Points To configure the syslog server for access points using the controller CLI,

More information

Grandstream Networks, Inc. GWN76xx Wi-Fi Access Points Master/Slave Architecture Guide

Grandstream Networks, Inc. GWN76xx Wi-Fi Access Points Master/Slave Architecture Guide Grandstream Networks, Inc. GWN76xx Wi-Fi Access Points Master/Slave Architecture Guide Table of Contents INTRODUCTION... 4 DISCOVER AND PAIR GWN76XX ACCESS POINTS... 5 Discover GWN76xx... 5 Method 1: Discover

More information

Converged Access CT 5760 AVC Deployment Guide, Cisco IOS XE Release 3.3

Converged Access CT 5760 AVC Deployment Guide, Cisco IOS XE Release 3.3 Converged Access CT 5760 AVC Deployment Guide, Cisco IOS XE Release 3.3 Last Updated: November, 2013 Introduction This guide is designed to help you deploy and monitor new features introduced in the IOS

More information

Securing Wireless LAN Controllers (WLCs)

Securing Wireless LAN Controllers (WLCs) Securing Wireless LAN Controllers (WLCs) Document ID: 109669 Contents Introduction Prerequisites Requirements Components Used Conventions Traffic Handling in WLCs Controlling Traffic Controlling Management

More information

2100/2500/4400/5500/7500/8500 Series WLC (Wireless LAN Controller),

2100/2500/4400/5500/7500/8500 Series WLC (Wireless LAN Controller), VIEW Certified Configuration Guide Cisco Systems Inc. 2100/2500/4400/5500/7500/8500 Series WLC (Wireless LAN Controller), WiSM (Wireless Services Module), WiSM2, WLC Module, WLC SW for SRE, 3750G Integrated

More information

High Density Experience Features in Release 8.0

High Density Experience Features in Release 8.0 This section covers the following topics in depth: Receiver Start of Packet Detection Threshold, page 1 Optimized Roaming, page 5 Dynamic Channel Assignment in RF Profiles, page 11 Receiver Start of Packet

More information

Verify Radius Server Connectivity with Test AAA Radius Command

Verify Radius Server Connectivity with Test AAA Radius Command Verify Connectivity with Test AAA Radius Command Contents Introduction Prerequisites Requirements Components Used Background Information How The Feature Works Command Syntax Scenario 1. Passed Authentication

More information

SD-Access Wireless: why would you care?

SD-Access Wireless: why would you care? SD-Access Wireless: why would you care? CUWN Architecture - Centralized Overview Policy Definition Enforcement Point for Wi-Fi clients Client keeps same IP address while roaming WLC Single point of Ingress

More information

Editing WLAN SSID or Profile Name for WLANs (CLI), page 6

Editing WLAN SSID or Profile Name for WLANs (CLI), page 6 Prerequisites for WLANs, page 1 Restrictions for WLANs, page 2 Information About WLANs, page 3 Creating and Removing WLANs (GUI), page 3 Enabling and Disabling WLANs (GUI), page 4 Editing WLAN SSID or

More information

WisCloud Access Controller V /6/9

WisCloud Access Controller V /6/9 WISNETWORKS User Manual WisCloud Access Controller V 2.0 2017/6/9 Software Version 3.05.20 Table of contents WISNETWORKS... 1 Chapter 1 Overview... 3 1.1 Access Point...3 1.2 Online Use... 3 1.3 Interferences...3

More information

NXC Series. Handbook. NXC Controllers NXC 2500/ Default Login Details. Firmware Version 5.00 Edition 19, 5/

NXC Series. Handbook. NXC Controllers NXC 2500/ Default Login Details. Firmware Version 5.00 Edition 19, 5/ NXC Series NXC 2500/ 5500 NXC Controllers Firmware Version 5.00 Edition 19, 5/2017 Handbook Default Login Details LAN Port IP Address https://192.168.1.1 User Name admin Password 1234 Copyright 2017 ZyXEL

More information

Cisco Mobility Express Solution

Cisco Mobility Express Solution FAQ Cisco Mobility Express Solution 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 8 Contents General Information... 3 Access Point Compatibility

More information

Configuring Link Aggregation

Configuring Link Aggregation Information About Link Aggregation, page 1 Restrictions for Link Aggregation, page 2 (GUI), page 4 (CLI), page 4 Verifying Link Aggregation Settings (CLI), page 5 Configuring Neighbor Devices to Support

More information

A connected workforce is a more productive workforce

A connected workforce is a more productive workforce A connected workforce is a more productive workforce D-Link wireless networking solutions enable business networks of all sizes to create highly mobile, highly productive work environments at a low total

More information

AP Power and LAN Connections

AP Power and LAN Connections Power over Ethernet, on page 1 Cisco Discovery Protocol, on page 4 Cisco Aironet 700 Series Access Points, on page 11 Power over Ethernet Configuring Power over Ethernet (GUI) Choose Wireless > Access

More information

2100/2500/4400/5500/7500/8500 Series WLC (Wireless LAN Controller),

2100/2500/4400/5500/7500/8500 Series WLC (Wireless LAN Controller), VIEW Certified Configuration Guide Cisco Systems Inc. 2100/2500/4400/5500/7500/8500 Series WLC (Wireless LAN Controller), WiSM (Wireless Services Module), WiSM2, WLC Module, WLC SW for SRE, 3750G Integrated

More information

"Charting the Course... Implementing Cisco Unified Wireless Networking Essentials v2.0 (IUWNE) Course Summary

Charting the Course... Implementing Cisco Unified Wireless Networking Essentials v2.0 (IUWNE) Course Summary Course Summary Description Implementing Cisco Unified Wireless Networking Essentials (IUWNE) v2.0 is a five-day instructor-led course that is designed to help students prepare for the CCNA _ wireless certification,

More information

Use Plug and Play to Deploy New Devices

Use Plug and Play to Deploy New Devices About Plug and Play, page 1 Prerequisites for Using Plug and Play, page 2 Plug and Play Workflow, page 2 Use the Plug and Play Dashboard to Monitor New Device Deployments, page 4 Create Plug and Play Profiles

More information

Wireless Challenges and Resolutions

Wireless Challenges and Resolutions Wireless Challenges and Resolutions 1 Steven Shelton Senior Network Engineer Oak Ridge National Laboratory Oak Ridge, Tennessee ows@ornl.gov 2 Wireless Challenges and Resolutions Sections Common Problems

More information

Cisco Wireless Release 7.6

Cisco Wireless Release 7.6 Product Bulletin Cisco Wireless Release 7.6 PB730102 Overview The IEEE 802.11ac standard promises to bring wire-like performance to wireless technologies. With Cisco Wireless Release 7.6, customers can

More information

Vendor: Cisco. Exam Code: Exam Name: Implementing Advanced Cisco Unified Wireless Security (IAUWS) v2.0. Version: Demo

Vendor: Cisco. Exam Code: Exam Name: Implementing Advanced Cisco Unified Wireless Security (IAUWS) v2.0. Version: Demo Vendor: Cisco Exam Code: 642-737 Exam Name: Implementing Advanced Cisco Unified Wireless Security (IAUWS) v2.0 Version: Demo QUESTION 1 Which statement describes the major difference between PEAP and EAP-FAST

More information

Cisco Structured Wireless-Aware Network (SWAN) Implementation Guide

Cisco Structured Wireless-Aware Network (SWAN) Implementation Guide Cisco Structured Wireless-Aware Network (SWAN) Implementation Guide The Cisco Structured Wireless-Aware Network (SWAN) provides the framework to integrate and extend wired and wireless networks to deliver

More information

Firepower Threat Defense Cluster for the Firepower 4100/9300

Firepower Threat Defense Cluster for the Firepower 4100/9300 Firepower Threat Defense Cluster for the Firepower 4100/9300 Clustering lets you group multiple Firepower Threat Defense units together as a single logical device. Clustering is only supported for the

More information

ITCertMaster. Safe, simple and fast. 100% Pass guarantee! IT Certification Guaranteed, The Easy Way!

ITCertMaster.   Safe, simple and fast. 100% Pass guarantee! IT Certification Guaranteed, The Easy Way! ITCertMaster Safe, simple and fast. 100% Pass guarantee! http://www.itcertmaster.com Exam : 350-050 Title : CCIE Wireless Exam (V2.0) Vendor : Cisco Version : DEMO Get Latest & Valid 350-050 Exam's Question

More information

Numerics INDEX. 2.4-GHz WMIC, contrasted with 4.9-GHz WMIC g 3-6, x authentication 4-13

Numerics INDEX. 2.4-GHz WMIC, contrasted with 4.9-GHz WMIC g 3-6, x authentication 4-13 INDEX Numerics 2.4-GHz WMIC, contrasted with 4.9-GHz WMIC 1-8 802.11g 3-6, 3-9 802.1x authentication 4-13 A AAA server group 4-25 aaa authentication login command 4-24 aaa authorization command 4-27 aaa

More information

Lesson Overview & Objectives

Lesson Overview & Objectives Cisco Unified Wireless Network Administration: AP Association Finding a Controller Cisco Unified Wireless Network Administration: AP Association - Finding a Controller 2010 Cisco Systems, Inc. All rights

More information

Chapter 3 Managing System Settings

Chapter 3 Managing System Settings Chapter 3 Managing System Settings Using the System Settings Utility The navigation pane at the top of the web browser interface contains a System tab that enables you to manage your FS700TSSmart Switch

More information

Configuring Repeater and Standby Access Points and Workgroup Bridge Mode

Configuring Repeater and Standby Access Points and Workgroup Bridge Mode CHAPTER 19 Configuring Repeater and Standby Access Points and Workgroup Bridge Mode This chapter describes how to configure your access point as a repeater, as a hot standby unit, or as a workgroup bridge.

More information

Configuring Auto-Anchor Mobility

Configuring Auto-Anchor Mobility Information About Auto-Anchor Mobility, page 1 Information About Auto-Anchor Mobility You can use auto-anchor mobility (also called guest tunneling) to improve load balancing and security for roaming clients

More information

Exam Questions Demo Cisco. Exam Questions

Exam Questions Demo   Cisco. Exam Questions Cisco Exam Questions 300-370 WITSHOOT Troubleshooting Cisco Wireless Enterprise Network Version:Demo 1. An engineer must open a support case with Cisco TAC. Which two commands verify the model and serial

More information