SD-Access Wireless: why would you care?
|
|
- Alan Hensley
- 6 years ago
- Views:
Transcription
1 SD-Access Wireless: why would you care?
2 CUWN Architecture - Centralized Overview Policy Definition Enforcement Point for Wi-Fi clients Client keeps same IP address while roaming WLC Single point of Ingress to wired network Wireless VLANs are centrally defined WLC AAA AD LDAP MDM IPAM DNS NTP SMTP DHCP Anchor WLC Internet Architecture Benefits: Overlay: works on any wired network Simplified Access switch configuration Single point of Ingress for wireless traffic Easy seamless mobility Simplified IP addressing for wireless Centralized Management Easy wireless Guest tunneling solution SW DMZ Policy Definition and Enforcement Point for wired clients Traditional Campus Switch 1 Switch 2 AP1 Traditional switches Customers may NOT like: Limited scalability for East-West traffic Separated policies for wired and wireless Different enforcement point for wired and wireless Lack of visibility between WLC and APs SSID Employee SSID Guest Local mode AP Packet to wired CAPWAP Control & Data EoIP Tunnel 2
3 CUWN Architecture - FlexConnect Overview Data Center Centralized Management for all branches WLC AAA AD LDAP MDM IPAM DNS NTP SMTP DHCP Architecture Benefits: Overlay: works on any wired network Centralized Management / Lean IT Branch cookie cutter configuration Distributed data plane Reduced hardware footprint at the branch Built-in resiliency (WAN survivability for locally switched traffic) SW DMZ Distributed Data plane Traditional switches WAN Internet No Controller at the branch Customers may NOT like: Separated policies for wired and wireless Different enforcement point for wired and wireless No Layer 3 roaming support Limited seamless roaming scope (FlexConnect Group) Additional configuration on the access switch (trunk and allowed VLANs) Flex mode AP CAPWAP Control & Data dot1q trunk Branch 3
4 Converged Access Architecture Overview MC WLC MA Guest Tunnel through the MC WLC AAA AD LDAP MDM IPAM DNS NTP SMTP DHCP Anchor WLC Internet Architecture Benefits Distributed Data Plane: scalability One Policy enforcement point for wired Reduced HW footprint and less devices to manage (branch is the sweet spot) One common software Policies enforced at the edge Wireless traffic visibility at the edge SW DMZ Easy wireless Guest tunneling solution Switch is the Policy Enforcement for wired and wireless SSID Employee CA Network Switch 1 Switch 2 Packet to wired For roaming, traffic is anchored back to the original switch SSID Guest MA Switch with Mobility Agent Local mode AP CAPWAP Control & Data MA to MA tunnels EoIP tunnel Customers may NOT like: Distributed Management plane Multiple wireless touch points Wired and wireless software dependencies Anchoring solutions for seamless mobility Support for Local mode AP only Lack of feature parity with CUWN 4
5 What is the Problem? Policy Model Today Network Policy Enterprise Network QoS Security Redirect/copy Traffic engineering etc. SRC DST PAYLOAD DATA DSCP PROT IP SRC IP DST PORT PORT Policy is based on 5 Tuple Only Transitive information Survives end to end 5
6 What is the Problem? Policy Model Today Network Policy access-list 102 deny udp gt eq 2165 access-list 102 deny udp lt gt 428 access-list 102 permit ip eq gt 1511 access-list 102 deny tcp gt gt 1945 access-list 102 permit icmp lt eq 116 access-list 102 deny udp eq eq 959 access-list 102 deny tcp eq lt 4993 access-list 102 deny tcp eq lt 848 access-list 102 deny ip eq gt 4878 access-list 102 permit icmp lt eq 1216 access-list 102 deny icmp gt gt 1111 access-list 102 deny ip eq eq 4175 access-list 102 permit tcp lt gt 1462 Enterprise Network access-list 102 permit tcp gt lt 4384 SRC DST PAYLOAD DATA DSCP PROT IP SRC IP DST PORT PORT IP ADDRESSES Locate you Identify you Drive treatment Constrain you IP Address meaning OVERLOAD VLAN 20 VLAN 30 SSID D SSID C User/device info? SSID A VLAN 10 VLAN 40 SSID B 6
7 What is the Problem? User Group policy rollout - Today 1. Define Groups in AD Production Servers Developer Servers Multiple Steps and Touch Points LAN Core L3 Switch Trunk WLAN 4. Implement Policy What Trunks if You Need to Add Another Define Group ACLs & Policy? Apply ACLs L2 Switch One SSID AAA DHCP AD 2. Define Policies VLAN/subnet based 3. Implement VLANs/Subnets Create VLANs Define DHCP scope Create subnets and L3 interfaces Routing for new subnets Map SSID to Interface/VLAN 5. Many different User Interfaces. AAA WLC Devices CLI BYOD Employee Contractor 7
8 What is the Problem? User Group policy rollout - Today Production Servers Developer Servers LAN Core AAA DHCP AD Customer requirements Three user Groups One single SSID Differentiated policies per Group Guest segmentation (wired and wireless) L3 Switch Trunks Trunk WLC Customer Policy Customer Policy requirements: Employee Production Serv. Developer Serv. L2 Switch BYOD Network Touch Points Contractor One SSID BYOD Employee Contractor 8
9 SD-Access Wireless Architecture BRKE
10 SD-Access Fabric Architecture Roles and Terminology Group Repository Fabric Border Intermediate Nodes (Underlay) ISE / AD B B C DNA Controller Fabric Mode WLC Control-Plane Nodes DNA Controller Enterprise SDN Controller provides GUI management abstraction via multiple Service Apps, which share information Group Repository External ID Services (e.g.. ISE) is leveraged for dynamic User or Device to Group mapping and policy definition Control-Plane (CP) Node Map System that manages Endpoint ID to Location relationships. Also known as Host Tracking DB (HTDB) Border Nodes A Fabric device (e.g.. Core) that connects External L3 network(s) to the SDA Fabric Edge Nodes A Fabric device (e.g.. Access or Distribution) that connects wired endpoints to the SDA Fabric Fabric Edge Nodes SD-Access Fabric Fabric Mode APs Fabric Wireless Controller Wireless Controller (WLC) fabric-enabled, participate in LISP control plane Fabric Mode APs Access Points that are fabric-enabled. Wireless traffic is VXLAN encapsulated at AP 1 0
11 SD-Access Wireless Architecture Bringing the best of both architectures by... 1 Simplifying the Control & Management Plane 2 Optimizing the Data Plane 3 Integrating Policy & Segmentation E2E 1 1
12 SD-Access Wireless Architecture Simplifying the Control Plane CAPWAP Cntrl plane LISP Cntrl plane ISE / AD B DNAC B Policy Abstraction and Configuration Automation WLC Fabric enabled WLC: WLC is part of LISP control plane 1 Automation DNAC simplifies the Fabric deployment, Including the wireless integration component Centralized Wireless Control Plane WLC still provides client session management AP Mgmt, Mobility, RRM, etc. Same operational advantages of CUWN SD-Access Fabric C LISP control plane Management WLC integrates with LISP control plane WLC updates the CP for wireless clients Mobility is integrated in Fabric thanks to LISP CP 1 2
13 SD-Access Wireless Architecture Optimizing the Data Plane CAPWAP Cntrl plane LISP Cntrl plane VXLAN Data plane ISE / AD B DNAC B SD-Access Fabric Policy Abstraction and Configuration Automation C VXLAN (Data Plane) WLC Fabric enabled WLC: WLC is part of LISP control plane Fabric enabled AP: AP encapsulates Fabric SSID traffic in VXLAN 2 Automation DNAC simplifies the Fabric deployment, Including the wireless integration component Centralized Wireless Control Plane WLC still provides client session management AP Mgmt, Mobility, RRM, etc. Same operational advantages of CUWN LISP control plane Management WLC integrates with LISP control plane WLC updates the CP for wireless clients Mobility is integrated in Fabric thanks to LISP CP Optimized Distributed Data Plane Fabric overlay with Anycast GW + Stretched subnet VLAN extension with no complications All roaming are Layer 2 VXLAN from the AP Carrying hierarchical policy segmentation starting from the edge of the network 1 3
14 SD-Access Wireless Architecture Optimizing the Data Plane: Stretched subnets A Closer Look 2 Fabric Mode AP integrates with the VXLAN Data Plane Wireless Data Plane is distributed across APs Fabric mode AP is a local mode AP and needs to be directly connected to FE CAPWAP control plane goes to the WLC using Fabric Fabric is enabled per SSID: For Fabric enabled SSID, AP converts traffic to and encapsulates it into VXLAN encoding VNI and SGT info of the client Forwards client traffic based on forwarding table as programmed by the WLC. Usually VXLAN DST is first hop switch. AP applies all wireless specific feature like SSID policies, AVC, QoS, etc. VXLAN (Data) CAPWAP Control plane 1 4
15 SD-Access Wireless Architecture Simplifying policy and Segmentation 3 VXLAN (Data) FE A C B SD Fabric FE B IP payload IP AP removes the header EID IP payload IP VXLAN UDP underlay IP 2 AP adds the 802.3/VXLAN/underlay IP header 1 5
16 SD-Access Wireless Architecture Simplifying policy and Segmentation 3 VXLAN (Data) FE A C B SD Fabric FE B R Client SGT Client VRF R EID IP payload IP VXLAN UDP underlay IP Hierarchical Segmentation: 1. Virtual Network (VN) == VRF - isolated Control Plane + Data Plane 2. Scalable Group Tag (SGT) User Group identifier 2 APs embed the Policy information in the VXLAN header and forwards it 1 6
17 SD-Access Wireless Architecture Simplifying policy and Segmentation 3 VXLAN (Data) FE A C B SD Fabric FE B Client is placed in the right VRF EID IP payload IP VXLAN UDP underlay IP 3 FE removes the outer IP header, looks at the L2 VNID and maps it to the VLAN and L2 LISP instance. Then encapsulates to the destination FE 1 7
18 SD-Access Wireless Architecture Simplifying policy and Segmentation 3 VXLAN (Data) FE A C B SD Fabric FE B SGT policy is applied Client Policy is carried end to end in the overlay EID IP payload IP VXLAN UDP underlay IP 4 FE removes the outer IP header, looks at the L2 VNID maps it to the VLAN. Also looks at the SGT and apply the policy before forwarding the packet 1 8
19 SD-Access Wireless Benefits User Group policy rollout Production Servers Developer Servers DNA Center LAN core AAA DHCP AD 1. Define Groups in AD 2. Design and Deploy in DNA-C Create Virtual Network for Corporate Define Policies Role/Group based Apply Policies SGT based Corporate VN L3 Switch L3 Switch VN ID Contractor BYOD Employee SGT VXN HDR Trunk Fabric SRC Fabric DST WLC Employee SGT 100 BYOD SGT 200 Production Serv. SGT 10 Developer Serv. SGT 20 Touch Point Original packet One SSID BYOD Employee Contractor Contractor SGT Upon user authentication, Policy is automatically applied and carried end to end 1 9
20 SD-Access Wireless Benefits User Group policy rollout Production Servers Developer Servers IoT/HVAC Virtual Network L3 Switch Guest Virtual Network Corporate VN L3 Switch DNA Center LAN core Trunk AAA DHCP AD WLC 1. Define Groups in AD 2. Design and Deploy in DNA-C Create Virtual Network for Corporate Define Policies Role/Group based Apply Policies SGT based Employee SGT 100 BYOD SGT 200 Production Serv. SGT 10 One Touch Point Developer Serv. SGT 20 Touch Point One SSID BYOD Employee Contractor Contractor SGT Upon user authentication, Policy is automatically applied and carried end to end 2 0
21 DEMO
22 SDA Wireless Automation Install of new AP
23 SDA Wireless Site and Profiles
24 SDA Guest Creation of a Guest Network
25 What products make this Architecture? BRKE
26 SD-Access Fabric Wireless Platform Support 3504 WLC NEW 5520 WLC 8540 WLC Wave 2 APs *with Caveats Wave 1 APs AIR-CT3504 1G/mGig AireOS 8.5+ AIR-CT5520 No G/10G SFP+ AireOS 8.5+ AIR-CT supported 1G/10G SFP+ AireOS /2800/ ac Wave2 APs 1G/MGIG RJ45 AireOS /2700/ ac Wave1 APs* 1G RJ45 AireOS
27 SD-Access Wireless Design Considerations
28 Wireless Integration in SDA Fabric CUWN wireless Over The Top (OTT) SD-Access Wireless ISE / AD APIC-EM ISE / AD APIC-EM CAPWAP Cntrl & Data B B SD-Access Fabric C Non-Fabric WLC VS. CAPWAP Cntrl plane VXLAN Data plane B B SD-Access Fabric C Fabric enabled WLC Non-Fabric APs Fabric enabled APs CAPWAP for Control Plane and Data Plane SDA Fabric is just a transport Supported on any WLC/AP software and hardware Migration step to full SDA CAPWAP Control Plane, VXLAN Data plane WLC/APs integrated in Fabric, SD-Access advantages Requires software upgrade (8.5+) Optimized for ac Wave 2 APs
29 CUWN Over the Top (OTT) Definition: Wireless OTT: this CAPWAP wireless overlay to Fabric: traditional CAPWAP deployment connected to Fabric overlay. Fabric is a transport for CAPWAP Why wireless OTT? Migration step: customers wants/need to first migrate wired (different Ops teams managing wired and wireless, get familiar with Fabric, different buying cycles, etc.) Longer term solution: customer doesn t want/cannot migrate to Fabric (new software, no n, wireless too critical to make changes) CAPWAP tunnel SD-Access Fabric Non Fabric AP Non Fabric WLC
30 Key Takeaways BRKE
31 SDA for Mobility Innovate Faster with Fabric-Enabled Wireless DNA Center Software Defined Wireless Centralized management across wired-wireless Consistent Policy for Wired/Wireless Secure Policy based Automation Optimized distributed traffic flows for future scalability Simplified enablement of Wi-Fi Services Seamless L2 roam across Campus Policy stays with user Simplified Provisioning Optimized data plane with Campus-Wide Roaming Easy end to end Virtualization and Segmentation Wired and Wireless Policy Consistency BRKE 3 1
32 Thank you
Tech Update Oktober Rene Andersen / Ib Hansen
Tech Update 10 12 Oktober 2017 Rene Andersen / Ib Hansen DNA Solution Cisco Enterprise Portfolio DNA Center Simple Workflows DESIGN PROVISION POLICY ASSURANCE Identity Services Engine DNA Center APIC-EM
More informationVeč kot SDN - SDA arhitektura v uporabniških omrežjih
Več kot SDN - SDA arhitektura v uporabniških omrežjih Aleksander Kocelj SE Cisco Agenda - Introduction to Software Defined Access - Brief description on SDA - Cisco SDA Assurance - DEMO 2 New Requirements
More informationSD-Access Wireless Design and Deployment Guide
SD-Access Wireless Design and Deployment Guide Executive Summary 2 Software Defined Access 2 SD Access Wireless 3 SD Access Wireless Architecture 4 Setting up SD-Access Wireless with DNAC 13 SD Access
More informationP ART 3. Configuring the Infrastructure
P ART 3 Configuring the Infrastructure CHAPTER 8 Summary of Configuring the Infrastructure Revised: August 7, 2013 This part of the CVD section discusses the different infrastructure components that are
More informationSoftware-Defined Access Wireless
Introduction to, page 1 Configuring SD-Access Wireless (CLI), page 7 Enabling SD-Access Wireless (GUI), page 8 Configuring SD-Access Wireless VNID (GUI), page 9 Configuring SD-Access Wireless WLAN (GUI),
More informationSoftware-Defined Access Wireless
Introduction to, page 1 Configuring SD-Access Wireless (CLI), page 7 Introduction to The Enterprise Fabric provides end-to-end enterprise-wide segmentation, flexible subnet addressing, and controller-based
More informationSoftware-Defined Access Wireless
Introduction to, page 1 Configuring SD-Access Wireless (CLI), page 7 Enabling SD-Access Wireless (GUI), page 8 Configuring SD-Access Wireless VNID (GUI), page 9 Configuring SD-Access Wireless WLAN (GUI),
More informationCisco Campus Fabric Introduction. Vedran Hafner Systems engineer Cisco
Cisco Campus Fabric Introduction Vedran Hafner Systems engineer Cisco Campus Fabric Abstract Is your Campus network facing some, or all, of these challenges? Host Mobility (w/o stretching VLANs) Network
More informationCisco.Network.Intuitive FastLane IT Forum. Andreas Korn Systems Engineer
Cisco.Network.Intuitive FastLane IT Forum Andreas Korn Systems Engineer 12.10.2017 Ziele dieser Session New Era of Networking - Was ist darunter zu verstehen? Software Defined Access Wie revolutioniert
More informationCisco Software Defined Access (SDA)
Cisco Software Defined Access (SDA) Transformational Approach to Network Design & Provisioning Sanjay Kumar Regional Manager- ASEAN, Cisco Systems What is network about? Source: google.de images Security
More informationCisco SD-Access Hands-on Lab
LTRCRS-2810 Cisco SD-Access Hands-on Lab Larissa Overbey - Technical Marketing Engineer, Cisco Derek Huckaby - Technical Marketing Engineer, Cisco https://cisco.box.com/v/ltrcrs-2810-bcn2018 Password:
More informationCampus Fabric Configuration Guide, Cisco IOS XE Everest 16.6.x (Catalyst 9300 Switches)
Campus Fabric Configuration Guide, Cisco IOS XE Everest 16.6.x (Catalyst 9300 Switches) First Published: 2017-07-31 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706
More informationCampus Fabric Configuration Guide, Cisco IOS XE Everest 16.6.x (Catalyst 3650 Switches)
Campus Fabric Configuration Guide, Cisco IOS XE Everest 16.6.x (Catalyst 3650 Switches) First Published: 2017-07-31 Last Modified: 2017-11-03 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive
More informationCisco SD-Access Policy Driven Manageability
BRKCRS-3811 Cisco SD-Access Policy Driven Manageability Victor Moreno, Distinguished Engineer Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session
More informationSoftware-Defined Access Design Guide
Cisco Validated design Software-Defined Access Design Guide December 2017 Solution 1.1 Table of Contents Table of Contents Cisco Digital Network Architecture and Software-Defined Access Introduction...
More informationSoftware-Defined Access 1.0
Software-Defined Access 1.0 What is Cisco Software-Defined Access? The Cisco Software-Defined Access (SD-Access) solution uses Cisco DNA Center to provide intent-based policy, automation, and assurance
More informationEvolving your Campus Network with. Campus Fabric. Shawn Wargo. Technical Marketing Engineer BRKCRS-3800
Evolving your Campus Network with Campus Fabric Shawn Wargo Technical Marketing Engineer BRKCRS-3800 Campus Fabric Abstract Is your Campus network facing some, or all, of these challenges? Host Mobility
More informationCisco Software-Defined Access
Migration Guide Cisco Software-Defined Access 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 31 Contents Cisco SD-Access... 3 Evolution of Networking
More informationSoftware-Defined Access 1.0
White Paper Software-Defined Access 1.0 Solution White Paper Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA https://www.cisco.com/ Tel: 408 526-4000 800 553-NETS
More informationCisco Software-Defined Access
Cisco Software-Defined Access Introducing an entirely new era in networking. What if you could give time back to IT? Provide network access in minutes for any user or device to any application-without
More informationP ART 2. BYOD Design Overview
P ART 2 BYOD Design Overview CHAPTER 2 Summary of Design Overview Revised: August 7, 2013 This part of the CVD describes design considerations to implement a successful BYOD solution and different deployment
More informationArchitecting Network for Branch Offices with Cisco Unified Wireless
Architecting Network for Branch Offices with Cisco Unified Wireless Karan Sheth - Sr. Technical Marketing Engineer Objective Design & Deploy Branch Network That Increases Business Resiliency 2 Agenda Learn
More informationCampus Fabric. How To Integrate With Your Existing Networks. Kedar Karmarkar - Technical Leader BRKCRS-2801
Campus Fabric How To Integrate With Your Existing Networks Kedar Karmarkar - Technical Leader Campus Fabric Abstract Is your Campus network facing some, or all, of these challenges? Host Mobility (w/o
More informationConfigure Devices Using Converged Access Deployment Templates for Campus and Branch Networks
Configure Devices Using Converged Access Deployment Templates for Campus and Branch Networks What Are Converged Access Workflows?, on page 1 Supported Cisco IOS-XE Platforms, on page 3 Prerequisites for
More informationCisco ACI Multi-Pod/Multi-Site Deployment Options Max Ardica Principal Engineer BRKACI-2003
Cisco ACI Multi-Pod/Multi-Site Deployment Options Max Ardica Principal Engineer BRKACI-2003 Agenda ACI Introduction and Multi-Fabric Use Cases ACI Multi-Fabric Design Options ACI Stretched Fabric Overview
More informationArchitecting Network for Branch Offices with Cisco Unified Wireless Karan Sheth Sr. Technical Marketing Engineer
Architecting Network for Branch Offices with Cisco Unified Wireless Karan Sheth Sr. Technical Marketing Engineer BRKEWN-2016 Abstract This session focuses on the architecture concepts of the branch office
More informationDNA Campus Fabric. How to Migrate The Existing Network. Kedar Karmarkar - Technical Leader BRKCRS-2801
DNA Campus Fabric How to Migrate The Existing Network Kedar Karmarkar - Technical Leader Campus Fabric Abstract Is your Campus network facing some, or all, of these challenges? Host Mobility (w/o stretching
More informationCisco Enterprise Silicon
Cisco Enterprise Silicon Delivering Innovation for Advanced Routing and Switching Dave Zacks Peter Jones BRKARC-3467 Distinguished System Engineer Principal Engineer @DaveZacks @petergjones #HighBitRate
More informationUniversal Wireless Controller Configuration for Cisco Identity Services Engine. Secure Access How-To Guide Series
Universal Wireless Controller Configuration for Cisco Identity Services Engine Secure Access How-To Guide Series Author: Hosuk Won Date: November 2015 Table of Contents Introduction... 3 What Is Cisco
More informationBorderless Networks. Tom Schepers, Director Systems Engineering
Borderless Networks Tom Schepers, Director Systems Engineering Agenda Introducing Enterprise Network Architecture Unified Access Cloud Intelligent Network & Unified Services Enterprise Networks in Action
More informationTrustSec Configuration Guides. TrustSec Capabilities on Wireless 8.4 Software-Defined Segmentation through SGACL Enforcement on Wireless Access Points
TrustSec Configuration Guides TrustSec Capabilities on Wireless 8.4 Software-Defined Segmentation through SGACL Enforcement on Wireless Access Points Table of Contents TrustSec Capabilities on Wireless
More informationNetwork as an Enforcer (NaaE) Cisco Services. Network as an Enforcer Cisco and/or its affiliates. All rights reserved.
Network as an Enforcer (NaaE) Cisco Services INTRODUCTION... 6 Overview of Network as an Enforcer... 6 Key Benefits... 6 Audience... 6 Scope... 6... 8 Guidelines and Limitations... 8 Configuring SGACL
More informationSecuring BYOD with Cisco TrustSec Security Group Firewalling
White Paper Securing BYOD with Cisco TrustSec Security Group Firewalling Getting Started with TrustSec What You Will Learn The bring-your-own-device (BYOD) trend can spur greater enterprise productivity
More informationAutomatisierung im LAN Der Start in eine neue Ära des Networkings
Automatisierung im LAN Der Start in eine neue Ära des Networkings Thomas Spiegel Consulting Systems Engineer September 2017 Cisco Disclaimer Cisco Roadmap Disclaimer. Some of the products and features
More informationCisco SD-Access: Enterprise Networking Made Fast and Flexible. November 2017
Cisco SD-Access: Enterprise Networking Made Fast and Flexible November 2017 Executive Summary Enterprise networking remains a lot harder than it needs to be. For far too long, enterprises have wrestled
More informationImplementing VXLAN in DataCenter
Implementing VXLAN in DataCenter LTRDCT-1223 Lilian Quan Technical Marketing Engineering, INSBU Erum Frahim Technical Leader, ecats John Weston Technical Leader, ecats Why Overlays? Robust Underlay/Fabric
More informationCisco 8500 Series Wireless Controller Deployment Guide
Cisco 8500 Series Wireless Controller Deployment Guide Document ID: 113695 Contents Introduction Prerequisites Requirements Components Used Conventions Product Overview Product Specifications Features
More informationConfigure Flexconnect ACL's on WLC
Configure Flexconnect ACL's on WLC Contents Introduction Prerequisites Requirements Components Used ACL Types 1. VLAN ACL ACL Directions ACL Mapping Considerations Verify if ACL is Applied on AP 2. Webauth
More informationCertKiller q
CertKiller.500-451.28q Number: 500-451 Passing Score: 800 Time Limit: 120 min File Version: 5.3 500-451 Cisco Unified Access Systems Engineer Exam I just passed today with 89%. My sole focus was the VCE.
More informationCisco SD-Access Building the Routed Underlay
Cisco SD-Access Building the Routed Underlay Rahul Kachalia Sr. Technical Leader Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the
More informationImplementing VXLAN. Prerequisites for implementing VXLANs. Information about Implementing VXLAN
This module provides conceptual information for VXLAN in general and configuration information for layer 2 VXLAN on Cisco ASR 9000 Series Router. For configuration information of layer 3 VXLAN, see Implementing
More informationDNA SA Border Node Support
Digital Network Architecture (DNA) Security Access (SA) is an Enterprise architecture that brings together multiple building blocks needed for a programmable, secure, and highly automated fabric. Secure
More informationDeploying Cisco Wireless Enterprise Networks
300-365 Deploying Cisco Wireless Enterprise Networks NWExam.com SUCCESS GUIDE TO CISCO CERTIFICATION Exam Summary Syllabus Questions Table of Contents Introduction to 300-365 Exam on Deploying Cisco Wireless
More informationCisco Software-Defined Access. Enabling Intent-based Networking
Cisco Software-Defined Access Enabling Intent-based Networking Table of contents Preface Authors Acknowledgments Organization of this book Intended Audience Book Writing Methodology 6 7 8 9 10 11 Introduction
More informationRouting Underlay and NFV Automation with DNA Center
BRKRST-1888 Routing Underlay and NFV Automation with DNA Center Prakash Rajamani, Director, Product Management Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session
More informationCisco 440X Series Wireless LAN Controllers Deployment Guide
Cisco 440X Series Wireless LAN Controllers Deployment Guide Cisco customers are rapidly adopting the Cisco Unified Wireless Network architecture for next generation wireless LAN performance and advanced
More informationTroubleshooting sieci opartej na. Mariusz Kazmierski, CCIE #25082 (R&S, SP) TAC EMEAR Technical Leader Switching
Troubleshooting sieci opartej na architekturze SDA Mariusz Kazmierski, CCIE #25082 (R&S, SP) TAC EMEAR Technical Leader Switching What s on the Network? Overlay Network Control Plane based on LISP Policy
More information2012 Cisco and/or its affiliates. All rights reserved. 1
2012 Cisco and/or its affiliates. All rights reserved. 1 Policy Access Control: Challenges and Architecture UA with Cisco ISE Onboarding demo (BYOD) Cisco Access Devices and Identity Security Group Access
More informationCisco Deploying Basic Wireless LANs
Cisco Deploying Basic Wireless LANs WDBWL v1.2; 3 days, Instructor-led Course Description This 3-day instructor-led, hands-on course is designed to give you a firm understanding of the Cisco Unified Wireless
More informationOpenFlow: What s it Good for?
OpenFlow: What s it Good for? Apricot 2016 Pete Moyer pmoyer@brocade.com Principal Solutions Architect Agenda SDN & OpenFlow Refresher How we got here SDN/OF Deployment Examples Other practical use cases
More informationAutomating Enterprise Networks with Cisco DNA Center
White Paper Automating Enterprise Networks with Cisco DNA Center 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 30 Contents Introduction...
More informationAPIC-EM / EasyQoS - End to End Orchestration of QoS in Enterprise Networks
APIC-EM / EasyQoS - End to End Orchestration of QoS in Enterprise Networks Saurav Prasad Technical Marketing Engineer CTHNMS-1002 Cisco Spark How Questions? Use Cisco Spark to chat with the speaker after
More informationIdentity Based Network Access
Identity Based Network Access Identity Based Network Access - Agenda What are my issues Cisco ISE Power training What have I achieved What do I want to do What are the issues? Guest Student Staff Contractor
More informationConfiguring Auto-Anchor Mobility
Information About Auto-Anchor Mobility, page 1 Information About Auto-Anchor Mobility You can use auto-anchor mobility (also called guest tunneling) to improve load balancing and security for roaming clients
More informationConfiguring Client Profiling
Prerequisites for, page 1 Restrictions for, page 2 Information About Client Profiling, page 2, page 3 Configuring Custom HTTP Port for Profiling, page 4 Prerequisites for By default, client profiling will
More informationConfiguring Auto-Anchor Mobility
Information About Auto-Anchor Mobility, page 1 Guest Anchor Priority, page 5 Information About Auto-Anchor Mobility You can use auto-anchor mobility (also called guest tunneling) to improve load balancing
More informationPorts and Interfaces. Ports. Information About Ports. Ports, page 1 Link Aggregation, page 5 Interfaces, page 10
Ports, page 1 Link Aggregation, page 5 Interfaces, page 10 Ports Information About Ports A port is a physical entity that is used for connections on the Cisco WLC platform. Cisco WLCs have two types of
More informationMobility Groups. Information About Mobility
Information About Mobility, page 1 Information About, page 5 Prerequisites for Configuring, page 10 Configuring (GUI), page 12 Configuring (CLI), page 13 Information About Mobility Mobility, or roaming,
More informationConfiguring Application Visibility and Control
Information About Application Visibility and Control, page 1 Restrictions for Application Visibility and Control, page 2 (GUI), page 3 (CLI), page 4 Configuring NetFlow, page 5 Information About Application
More informationIntelligent WAN Multiple VRFs Deployment Guide
Cisco Validated design Intelligent WAN Multiple VRFs Deployment Guide September 2017 Table of Contents Table of Contents Deploying the Cisco Intelligent WAN... 1 Deploying the Cisco IWAN Multiple VRFs...
More informationCisco DNA Center Migration to Release 1.2.5
Migration Guide Cisco DNA Center Migration to Release 1.2.5 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 10 Contents Introduction... 3 SD-Access
More informationCisco TrustSec Software-Defined Segmentation Platform and Capability Matrix Release 6.3
TrustSec Software-Defined Segmentation Platform and Capability Matrix Release 6.3 TrustSec uniquely builds upon your existing identity-aware infrastructure by enforcing segmentation and access control
More informationSecuring Wireless LAN Controllers (WLCs)
Securing Wireless LAN Controllers (WLCs) Document ID: 109669 Contents Introduction Prerequisites Requirements Components Used Conventions Traffic Handling in WLCs Controlling Traffic Controlling Management
More informationNext Gen Enterprise Management and Operations with Cisco DNA
Next Gen Enterprise Management and Operations with Cisco DNA Ramit Kanda Director PM, Enterprise Network Transformation Prakash Rajamani Director PM, Enterprise Network Transformation BRKNMS 1601 Cisco
More informationResilient WAN and Security for Distributed Networks with Cisco Meraki MX
Resilient WAN and Security for Distributed Networks with Cisco Meraki MX Daghan Altas, Director of Product Management BRKSEC-2900 Agenda Problem Cisco CNG Live network creation demo (45m) Product Brief
More informationConverged Access Mobility Design & Architecture
Converged Access Mobility Design & Architecture Sujit Ghosh Sr. Mgr. Technical Marketing Enterprise Networking Group Converged Access Architecture Overview Diving into the One Network BRKCRS-2022 Session
More informationDemand-Based Control Planes for Switching Fabrics
Demand-Based Control Planes for Switching Fabrics Modern switching fabrics use virtual network overlays to support mobility, segmentation, and programmability at very large scale. Overlays are a key enabler
More informationBader Alotaibi Cisco and/or its affiliates. All rights reserved. 1
Bader Alotaibi 2012 Cisco and/or its affiliates. All rights reserved. 1 Nice to Have Pervasive Media Rich Applications Mission Critical 10Gbps C LIENTS / BANDWIDTH 11Mbps 802.11a, 802.11b 11 Mbps 802.11g
More informationConfiguring Link Aggregation
Information About Link Aggregation, page 1 Restrictions for Link Aggregation, page 2 (GUI), page 4 (CLI), page 4 Verifying Link Aggregation Settings (CLI), page 5 Configuring Neighbor Devices to Support
More informationMulticast VLAN, page 1 Passive Clients, page 2 Dynamic Anchoring for Clients with Static IP Addresses, page 5
Multicast VLAN, page 1 Passive Clients, page 2 Dynamic Anchoring for Clients with Static IP Addresses, page 5 Multicast VLAN Information About Multicast Optimization Prior to the 7.0.116.0 release, multicast
More informationCisco Catalyst 6500 Series Wireless LAN Services Module: Detailed Design and Implementation Guide
Cisco Catalyst 6500 Series Wireless LAN Services Module: Detailed Design and Implementation Guide Introduction This is the first of a series of documents on the design and implementation of a wireless
More informationCisco TrustSec 4.0:How to Create Campus and Branch-Office Segmentation
Ordering Guide TrustSec 4.0:How to Create Campus and Branch-Office Segmentation Ordering Guide November 2013 2013 and/or its affiliates. All rights reserved. This document is Public Information. Page 1
More informationVXLAN Overview: Cisco Nexus 9000 Series Switches
White Paper VXLAN Overview: Cisco Nexus 9000 Series Switches What You Will Learn Traditional network segmentation has been provided by VLANs that are standardized under the IEEE 802.1Q group. VLANs provide
More informationCCIE Wireless v3 Lab Video Series 1 Table of Contents
CCIE Wireless v3 Lab Video Series 1 Table of Contents Section 1: Network Infrastructure Layer 2 Technologies VLANs VTP Layer 2 Interfaces DTP Spanning Tree- Root Election Spanning Tree- Path Control Spanning
More informationUsing Access Point Communication Protocols
Information About Access Point Communication Protocols, page 1 Restrictions for Access Point Communication Protocols, page 2 Configuring Data Encryption, page 2 Viewing CAPWAP Maximum Transmission Unit
More informationTHE NETWORK. INTUITIVE. Powered by intent, informed by context. Rajinder Singh Product Sales Specialist - ASEAN August 2017
THE NETWORK. INTUITIVE. Powered by intent, informed by context. Rajinder Singh Product Sales Specialist - ASEAN August 2017 The Network. Intuitive. Constantly learning, adapting and protecting. L E A R
More informationWireless LAN Controller (WLC) Mobility Groups FAQ
Wireless LAN Controller (WLC) Mobility Groups FAQ Document ID: 107188 Contents Introduction What is a Mobility Group? What are the prerequisites for a Mobility Group? How do I configure a Mobility Group
More informationExam Questions Demo Cisco. Exam Questions
Cisco Exam Questions 300-208 SISAS Implementing Cisco Secure Access Solutions (SISAS) Version:Demo 1. Which functionality does the Cisco ISE self-provisioning flow provide? A. It provides support for native
More informationFortiNAC. Cisco Airespace Wireless Controller Integration. Version: 8.x. Date: 8/28/2018. Rev: B
FortiNAC Cisco Airespace Wireless Controller Integration Version: 8.x Date: 8/28/2018 Rev: B FORTINET DOCUMENT LIBRARY http://docs.fortinet.com FORTINET VIDEO GUIDE http://video.fortinet.com FORTINET KNOWLEDGE
More informationRelease Notes for Avaya WLAN 9100 AOS-Lite Operating System WAP9112 Release WAP9114 Release 8.1.0
WLAN 9100 Release Notes Release Notes for Avaya WLAN 9100 AOS-Lite Operating System WAP9112 Release 8.1.0 WAP9114 Release 8.1.0 Avaya Inc - External Distribution 1. Introduction This document provides
More informationCisco Mobility Express Solution
FAQ Cisco Mobility Express Solution 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 8 Contents General Information... 3 Access Point Compatibility
More informationConfiguring Hybrid REAP
13 CHAPTER This chapter describes hybrid REAP and explains how to configure this feature on controllers and access points. It contains the following sections: Information About Hybrid REAP, page 13-1,
More informationFundamentals of IP Networking 2017 Webinar Series Part 4 Building a Segmented IP Network Focused On Performance & Security
Fundamentals of IP Networking 2017 Webinar Series Part 4 Building a Segmented IP Network Focused On Performance & Security Wayne M. Pecena, CPBE, CBNE Texas A&M University Educational Broadcast Services
More informationDeployment Guide for Cisco Guest Access Using the Cisco Wireless LAN Controller, Release 4.1
Deployment Guide for Cisco Guest Access Using the Cisco Wireless LAN Controller, Release 4.1 Last revised: February 1, 2008 Contents Overview section on page 1 Configuring Guest Access on the Cisco Wireless
More informationConfiguring FlexConnect Groups
Information About FlexConnect Groups, page 1, page 5 Configuring VLAN-ACL Mapping on FlexConnect Groups, page 10 Configuring WLAN-VLAN Mappings on FlexConnect Groups, page 11 Information About FlexConnect
More informationMP-BGP VxLAN, ACI & Demo. Brian Kvisgaard System Engineer, CCIE SP #41039 November 2017
MP-BGP VxLAN, ACI & Demo Brian Kvisgaard System Engineer, CCIE SP #41039 November 2017 Datacenter solutions Programmable Fabric Classic Ethernet VxLAN-BGP EVPN standard-based Cisco DCNM Automation Modern
More informationWireless Client Isolation. Overview. Bridge Mode Client Isolation. Configuration
Wireless Client Isolation Overview Wireless Client Isolation is a security feature that prevents wireless clients from communicating with one another. This feature is useful for guest and BYOD SSIDs adding
More informationVendor: Cisco. Exam Code: Exam Name: Implementing Cisco Secure Access Solutions. Version: Demo
Vendor: Cisco Exam Code: 300-208 Exam Name: Implementing Cisco Secure Access Solutions Version: Demo QUESTION 1 By default, how many days does Cisco ISE wait before it purges the expired guest accounts?
More informationexam. Number: Passing Score: 800 Time Limit: 120 min CISCO Deploying Cisco Wireless Enterprise Networks. Version 1.
300-365.exam Number: 300-365 Passing Score: 800 Time Limit: 120 min CISCO 300-365 Deploying Cisco Wireless Enterprise Networks Version 1.0 Exam A QUESTION 1 The customer has deployed C7960 phones with
More informationCisco TrustSec How-To Guide: Universal Configuration for the Cisco Wireless LAN Controller
Cisco TrustSec How-To Guide: Universal Configuration for the Cisco Wireless LAN Controller For Comments, please email: howtoguides@external.cisco.com Current Document Version: 3.0 August 27, 2012 Table
More informationCisco TrustSec How-To Guide: Central Web Authentication
Cisco TrustSec How-To Guide: Central Web Authentication For Comments, please email: howtoguides@external.cisco.com Current Document Version: 3.0 August 27, 2012 Table of Contents Table of Contents... 1
More informationSecuring Cisco Wireless Enterprise Networks ( )
Securing Cisco Wireless Enterprise Networks (300-375) Exam Description: The 300-375 Securing Wireless Enterprise Networks (WISECURE) exam is a 90minute, 60-70 question assessment that is associated with
More informationPASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year
PASS4TEST \ http://www.pass4test.com We offer free update service for one year Exam : 642-737 Title : Implementing Advanced Cisco Unified Wireless Security (IAUWS) v2.0 Vendor : Cisco Version : DEMO Get
More informationBranch Office Wireless LAN Design
Branch Office Wireless LAN Design Rajat Tayal (Technical Marketing Engineer) Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco
More informationCisco Troubleshooting Cisco Wireless Enterprise Networks WITSHOOT v1.1
Course Overview Provides students information to troubleshoot Cisco wireless networks. The course provides guidelines for troubleshooting Wi-Fi architectures of Cisco wireless components. Who Should Attend
More informationCISCO SWITCH CATALYST 3650 SERIES DATA SHEET
CISCO SWITCH CATALYST 3650 SERIES DATA SHEET ROUTER-SWITCH.COM Leading Network Hardware Supplier CONTENT Overview...2 Appearance... 2 Key Features and Benefits...3 Product Specifications... 6 Basic Ordering
More informationCisco Wide Area Bonjour Solution Overview
, page 1 Topology Overview, page 2 About the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM), page 5 The Cisco Wide Area Bonjour solution is based on a distributed and hierarchical
More informationData Center Configuration. 1. Configuring VXLAN
Data Center Configuration 1. 1 1.1 Overview Virtual Extensible Local Area Network (VXLAN) is a virtual Ethernet based on the physical IP (overlay) network. It is a technology that encapsulates layer 2
More informationCisco Exam Questions and Answers (PDF) Cisco Exam Questions BrainDumps
Cisco 300-375 Dumps with Valid 300-375 Exam Questions PDF [2018] The Cisco 300-375 Securing Cisco Wireless Enterprise Networks (WISECURE) exam is an ultimate source for professionals to retain their credentials
More informationCCNA ICND Exam Updates
Appendix B CCNA ICND2 200-105 Exam Updates Over time, reader feedback allows Pearson to gauge which topics give our readers the most problems when taking the exams. To assist readers with those topics,
More information