Design & Deployment of Outdoor Wireless Networks

Design & Deployment of Outdoor Wireless Networks Wes Purvis, Technical Marketing Engineer @realwespurvis

Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live Mobile App 2. Click Join the Discussion 3. Install Spark or go directly to the space 4. Enter messages/questions in the space cs.co/ciscolivebot# 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

Agenda Why Outdoor Wireless is important? Outdoor Wireless Components Cisco Outdoor Products and Deployment Modes Important Outdoor Wireless LAN Features Design Recommendations and Best Practices for Cisco Outdoor Wireless LAN Deployments

How mobile growth could affect your network? High volumes of mobile video can clog the airwaves Mobile applications are more prevalent in the workplace, generating more traffic Bring-your-own-device (BYOD) policies and mobile initiatives are increasing traffic and straining WLAN performance Faster 802.11ac Wave 2 capable enduser devices are becoming pervasive Customers, users, guests, visitors will still expect high-performance Wi-Fi access 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 5

Why use Cisco Wireless? Wireless is Cost effective Unlicensed spectrum Availability of client devices Zero on-going communication costs Wireless is Standardized IEEE 802.11 Can deliver throughput where you want it It s global. Same Frequencies everywhere Cisco Innovation 802.11a/b/g/n/ac Attention from the industry (ex. Security) ClientLink CleanAir HDX (High Density Experience) Cisco Manageability Cisco Scalability & Ease of use Just keep on adding nodes Low impact for new sites Outdoor extension of the indoor Wireless LAN 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 6

$M Outdoor Market in Growth Mode Outdoor market is growing 15-20% Q/Q! Still plenty of greenfield deployments Retail Open-air malls, Parking lots Higher Ed Campus Coverage $100.0 $80.0 $60.0 $40.0 $20.0 $0.0 WW Outdoor AP Market Dell Oro Manufacturing Distribution centers Hotels/Resorts Pools & Open spaces Hospitals Recovery gardens, Inter-building coverage 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

It's an 802.11ac Wi-Fi World! 802.11ac was introduced in 2 flavors Wave-1 & Wave-2 More than 90% of all new Wi-Fi devices in 2017 were 802.11ac capable Upwards of 50% of enterprise traffic will originate on Wi- Fi by 2017 802.11ac Wave-1 can fulfill smartphone and tablet bandwidth requirements for next 5 years All current and future outdoor deployment upgrades should look at 802.11ac standard to meet the demands 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 8

802.11 Technology Comparison 802.11n 802.11ac Wave 1 802.11ac Wave 2 2.4 and 5.0 GHz band 5.0 GHz band only 5.0 GHz band only 3X3 or 4X4 MIMO 3X3 or 4X4 MIMO 4X4 MIMO Single User MIMO (one to one) Single User MIMO (one to one) Multi User MIMO (one to many) 20/40 MHz Channel Width 40/80 MHz Channel 40/80 MHz Channel Width up to 160 MHz 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 9

Extend 802.11ac Wave 2 Wi-Fi Access to the Outdoors Ideal for Outdoor Enterprise and Carrier Wi-Fi Deployments Extend access to Truck stops and shopping malls Higher Ed customers demand ubiquitous Wi-Fi coverage Low profile, low cost outdoor Access Point provides high performance 802.11ac Wave 2 Cost effective enabler for improved productivity and revenue Provide More Bandwidth and Better coverage for High Density Networks Cisco Continues its leadership with the most complete Outdoor portfolio 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 10

Step 1: Choose the right products

Building Blocks of Outdoor Wireless

Cisco Digital Network Architecture DNA Center & Prime Infrastructure DNA Center Connected Mobile Experience (CMX) Access Points Wireless Controllers 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 14

Wireless Access Points

Outdoor Access Point Portfolio Industry s most comprehensive and innovative portfolio DNA Ready RF Excellence CMX Modular Future-proof 1540 802.11ac Wave 2, MU-MIMO 2x2:2, 80MHz, 867 Mbps Ultra low profile Internal antenna model (I) Internal directional antenna model (D) PoE (802.3af) power Centralized, FlexConnect, Mesh* and Mobility Express 802.11ac Wave 2 1560 802.11ac Wave 2, MU-MIMO 3x3:3, 80MHz, 1.3Gbps (I) 2x2:2, 80MHz, 867Mbps (E/D) Internal or External antenna model (I/E) Internal directional antenna model (D) SFP Flexible Antenna Ports CleanAir and ClientLink Centralized, FlexConnect, Mesh and Mobility Express 1570 802.11ac Wave 1 4x4:3 80 MHz; 1.3 Gbps External antenna model (EAC) Cable Modem model (IC/EC) SFP GPS PoE Out 802.3at (Ext Ant. only) Flexible Antenna Ports CleanAir and ClientLink Modularity (Ext Ant. only) Centralized, FlexConnect and Mesh Cable Modem Version Only (IC/EC) DOCSIS 3.0, 24x8 Internal or External antenna 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

Access Point 1542I 1542D 1562I 1562D 1562E 1572EAC 1572IC/EC List Price $995 $995 $1695 $1795 $1795 $4495 $5295 / $6695 Type 802.11ac W2 802.11ac W2 802.11ac W2 802.11ac W2 802.11ac W2 802.11ac W1 802.11ac W1 Radios 2.4G: 2x2:2 5G: 2x2:2 2.4G: 2x2:2 5G: 2x2:2 2.4G: 3x3:3 5G: 3x3:3 2.4G: 2x2:2 5G: 2x2:2 2.4G: 2x2:2 5G: 2x2:2 2.4G: 4x4:3 5G: 4x4:3 2.4G: 4x4:3 5G: 4x4:3 Tx Power / port 21 dbm 21 dbm 24 dbm 24 dbm 24 dbm 24 dbm 24 dbm Antennas Internal (wide) Internal (narrow) Internal Internal - Directional Flexible Antenna Port (dual or single band) Flexible Antenna Port (dual or single band) SPF Port PoE out Cable modem Power options 802.3af 802.3af UPoE/802.3at 48 VDC PoE+ (802.3at) 48 VDC PoE+ (802.3at) 48 VDC IC: Internal EC: External (EC) AC, 12 VDC, PoE 40-90V cable plant 12VDC Data rate (2.4/5G) Mbps 144 /867 144 / 867 216 / 1300 144 / 867 144 / 867 216 / 1300 216 / 1300 Clients per radio 100 100 200 200 200 200 200 CleanAir ClientLink Wireless mesh Mobility Express Environment IP-65 IP-65 IP-67 IP-67 IP-67 IP-67 IP-67 Temp Range C -40 to 65-40 to 65-40 to 65-40 to 65-40 to 65-40 to 65-40 to 65 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 17

Industrial Wireless IW3700 Series Access Point Optimized for Rail, Mining, Manufacturing, Oil & Gas N-type antenna ports for 4x4 MIMO with three spatial streams and support for up to 13 dbi gain antennas Diecast aluminum chassis with integrated heatsink and heaters Integrated mounting ears 10/100/1000Base-T, PoE and PoE+ in (M12) 10/100/1000Base-T, PoE out (M12) 10 to 60 VDC in (M12) Management console port (RJ-45 serial) 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 18

Indoor Access Points in a Outdoor Enclosure Outdoor rated NEMA enclosure (NEMA-National Electrical Manufacturing Association) Professional rated APs deployed outdoors, it must be enclosed Protects the AP against water, dust, extreme temperatures 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 19

Indoor Access Point Portfolio Industry s most comprehensive and innovative Enterprise Class Mission Critical Best in Class DNA Ready RF Excellence CMX Dual 5 GHz Flexible Radio HDX Future Proof 1815 Indoor / High-powered Indoor Wall Plate / Teleworker 2x2:2SS 80 MHz 867 Mbps Performance Tx Beam Forming Integrated BLE Gateway 1 Max Transmit Power (dbm) per local regulations 2 3 GE Local Ports, including 1 PoE out 3 Local ports 802.1x ready 3 1830 3x3:2SS 80 MHz 867 Mbps Performance Tx Beam Forming 1 GE Port Uplink USB 2.0 1850 4x4:3SS 80 MHz 1.7 Gbps Performance Internal or External Antenna Tx Beam Forming 2 GE Ports Uplink USB 2.0 USB 2.0 Centralized, 4 FlexConnect and Mobility Express 1 Future availability 2 Available for High-powered only 3 Available for wall-plate and teleworker only 4 Available for teleworker only 2800 4x4:3SS 160 MHz 5 Gbps Performance 2.4 and 5GHz or Dual 5GHz 2 GE Ports Uplink CleanAir and ClientLink Internal or External Antenna Smart Antenna Connector USB 2.0 3800 4x4:3SS 160 MHz 5 Gbps Performance 2.4 and 5GHz or Dual 5GHz 2 GE Ports Uplink or 1 GE + 1 mgig (5G) CleanAir and ClientLink StadiumVision Internal or External Antenna Smart Antenna Connector USB 2.0 Investment Proof Modularity 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

HDX AP Model Comparison AP Model 802.11ac Wave 1 802.11ac Wave 2 1570 3702E IW3700 1560 2800E Radio Design Antenna Configuration Power Options 4x4:3 802.11ac W1 External Single or dual band AC, DC, PoE PoE out = 802.3at Environment -40 to 65 C 4x4:3 802.11ac W1 External Dual band 4x4:3 802.11ac W1 External Dual band 3x3:3 802.11ac W2 External Dual band 4x4:3 802.11ac W2 External Dual band PoE PoE, DC (M12) PoE+/UPoE PoE+ -20 to 43 C NEMA enclosure required -50 to +75 C -40 to 65 C -20 to 43 C NEMA enclosure required 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 21

Cisco Wireless Controllers

Wireless Controller Portfolio Small Network Mid-size Enterprise, Branch Control at Central Site Cisco vwlc 3000 APs 32000 Clients Flexconnect mode Large Enterprise, Branch Control at Central Site Cisco 8540 6000 APs 64,000 clients 40 Gbps Mobility Express 50 APs/1000 Clients AP 18xx 100 AP/2000 Clients: AP2/3K Fleconnect mode Cisco 3504 150 APs 3000 Clients 4 Gbps Cisco 5520 1500 APs 20,000 Clients 20 Gbps 1-100 APs 150-1500 APs 1500-6000 APs 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

WLC 5520 and WLC8540 Controllers 5520 WLAN Controller 8540 WLAN Controller Highest Scalability Access Points 1,500 Clients 20,000 Deployment Modes Form Factor IO Interface Power Supply Centralized, FlexConnect and Mesh 1 RU Dual 1G or 10G ports with LAG AC w/optional Redundant Power Supply Access Points 6,000 Clients 64,000 Deployment Modes Centralized, FlexConnect and Mesh Form Factor 2 RU IO Interface Four port 1G or 10G with LAG Power Options AC or DC Redundancy Dual Power supply and HDD w/raid 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 24

Cisco Network Management

Location & Analytics

Integration

Integrating everything together Router Router Aggregation/ Core Switches DC Switches Access Switch Wireless Access Point Wireless Controller Network Management Platform Prime Infrastructure/ DNA Center Location & Analytics Platform CMX Policy Platform ISE SDN & Automation APIC-EM 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 30

Resiliency at every level For optimum high availability RF Coverage Redundancy Network Infrastructure Redundancy Wireless Controller Redundancy Services Redundancy 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 31

Step 2: Designing & Planning

Design for These 3 Key RF Relationships AP to Client How clients hear AP s Client to AP How AP s hear clients AP to AP How AP s hear each other 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 33

User Requirement High Density Experience Client Types Phones Tablets Project budget CAPEX & OPEX Type of Service Coverage System resiliency Laptops IoT Devices 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 35

Regulatory Considerations 802.11 Standard Radio Emissions Transmit Power Dynamic Frequency Selection (DFS) Certifications All this varies per country 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 36

2.4GHz vs. 5 GHz Number of non-overlapping channels RF Spectrum 2.4 GHz 5 GHz (ETSI) 2.4 GHz 5 GHz 3 19 Very Crowded Empty Spectrum 5 GHz Advantage: Over 6 times more channels Channel bonding 20/40/80/160 More bandwidth for higher throughput 5 GHz Advantage: Less utilized spectrum Very few non-wi Fi interfering devices More channels will be available in future 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 37

Dual Band vs. Single Band 5 GHz Antennas 2.4 GHz Antennas 2.4GHz + 5GHz Antennas Single Band/ Uni-band Separate 2.4GHz and 5GHz antennas Dual Band Allow the radio to share the same physical antennas 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 40

Flexible Antenna Ports Support for Uniband or Dualband Antennas Top Ports: 5 GHz FlexPort can support either dual-band or Top Ports: Not Used 30x30 º 30x30 º single band antennas on the same platform SW Switch Configurable via a software command 30x120º 30x30º Dual-band ports, use the bottom 2 antenna ports to connect to dual-band omni or directional antennas Bottom Ports: 2 & 5 GHz Bottom Ports: 2.4 GHz Single-band ports, use two separate 2.4 GHz and two 5 GHz antenna ports 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 41

Maximizing the Spectrum RSSI vs. SNR Check your noise floor in each band during peak usage Packet captures with a NIC that you trust (MacBook Pro, etc.) Fluke AirCheck Spectrum Expert Metageek Chanalyzer for Clean Air Sources of Noise: Non Wi-Fi Interferers Probing Clients, Rogue APs High Co-Channel Interference 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 43

Design and Planning General consideration Distance = 1 km MAP RAP In real world scenario you need to take in consideration obstacles Add more APs to have Line of Sight (LOS) Client type (smart phones, tablets, etc): weakest link typically would be the Uplink on a smart phone For backhaul set the data rate to auto The number of MAPs per RAP should be less than 32 but really depends on the application and bandwidth you want Max hop count is 8. Less than Four hops recommended Use the range and capacity calculator 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 44

Range Estimates, RAP to MAP RAP MAP MAP Reg Domain Frequenc y Ant. Gain Max Distance (MCS0 LOS) High Throughput Distance (2.4GHz: MCS23, 5GHz: 80 MHz MCS8-3 LOS) -A 2.4GHz 6 3.3km 200m 5GHz 8 2.7km 30m -E 2.4GHz 6 1km 30m 5GHz 8 1km 20m -A 2.4GHz 13 10km 335m 5GHz 13 3km 60m -E 2.4GHz 13 2.5km 70m 5GHz 13 1.5km 30m 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

Range Estimates, AP to Client Reg Domain Frequency Ant Gain Max Distance (MCS0 LOS) High Throughput Distance (2.4GHz: MCS23, 5GHz: 80 MHz MCS9-3 LOS) to iphone -A 2.4GHz 6 800m 140m 5GHz 8 160m 15m -E 2.4GHz 6 280m 45m 5GHz 8 160m 15m -A 2.4GHz 13 1.5km 250m 5GHz 13 275m 25m -E 2.4GHz 13 320m 60m 5GHz 13 180m 20m 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 46

Typical Throughput Typical Throughput loss: 30%-40% per hop Latency: 10 ms per Hop, 0.3-1 milliseconds typical Hops: Software supports 8 Hops but 3 4 Hops are recommended Daisy-Chaining increased the supported hop count Source: http://miercom.com/pdf/reports/20141212.pdf 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 48

Design and Planning At what distance shall I place the MAPs? It all depends on the bandwidth you need. Need to consider Data rate vs SNR Need to find a compromise between coverage and throughput MCS index Spatial Stream Media capacity (Mbps) ** Minimum LinkSNR * (db) MCS 0 1 15 9.3 MCS 1 1 30 11.3 MCS 2 1 45 13.3 MCS 3 1 60 17.3 MCS 4 1 90 21.3 MCS 5 1 120 24.3 MCS 6 1 135 26.3 MCS 7 1 157.5 27.3 MCS 8 2 30 12.3 MCS 9 2 60 14.3 MCS 10 2 90 16.3 MCS 11 2 120 20.3 MCS 12 2 180 24.3 MCS 13 2 240 27.3 MCS 14 2 270 29.3 MCS 15 2 300 30.3 (**) Max data rate considering 5Ghz, 40 Mhz channel, 40ns GI 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public For Your Reference

Design and Planning How to check backhaul connected data rate? How do you see the actual backhaul rate? Is it 802.11n rate? (Cisco Controller) >show mesh neigh summary MAP_8c40 AP Name/Radio Channel Rate Link-Snr Flags State ----------------- ------- ---- -------- ------- ----- RAP_e380 136 m15 33 0x0 UPDATED NEIGH PARENT BEACON Or: Cisco Controller) >show mesh neigh detail MAP_8c40 AP MAC : 1C:AA:07:5F:E3:80 AP Name: RAP_e380 backhaul rate m15 FLAGS : 86F UPDATED NEIGH PARENT BEACON Neighbor reported by slot: 1 worstdv 0, Ant 0, channel 136, biters 0, ppiters 10 Numroutes 1, snr 0, snrup 40, snrdown 43, linksnr 39 adjustedease 8648576, unadjustedease 8648576 [ snip] 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 50

Site Survey

The importance of site surveys Given the nature of the outdoor environment and the lightly licensed spectrum being used for Wi-Fi based outdoor MESH Site Survey s are important Spectrum scans are equally important You may not be able to remove the interference source But you can design around it Remember to also survey at street level where clients will be operating If possible survey with either the client or worst client you expect to support Time based surveys may also be required n months after deployment Check for power availability Do you have the permits? 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 52

Tools For Active & Predictive Site Survey Ekahau Site Survey: https://www.ekahau.com/products/ekahau-site-survey/overview/ AirMagnet Site Survey: http://enterprise.netscout.com/products/airmagnet-survey 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 53

Which APs to use for site survey? AP 1530 AP 1550 AP 1570 AP 1540 AP 1560 & Future Access Points Autonomous Mode Mobility Express Mode 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 54

Mounting the APs Mount the Root AP to have a good view of the area to be covered Understand RAP coverage. Use Directional Antennas for the RAPs on the Roof Tops. Max recommended height for MAPs is 30 feet/10 meters Recommend placing the APs at the same height Minimum recommendation is 20~25 db of SNR, RSSI of -67 dbm for all data rates, 15% cell overlap Do not install the MAPs in an area where structures, trees, or hills obstruct radio signals to and from the access point RF Shadow Close to Building; Poor SNR Beyond RF Coverage Area; Poor SNR 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 57

Architecture to Deploy Outdoor Wireless

There are multiple ways to achieve a robust outdoor wireless solution Deploying an outdoor network without proper planning can get expensive and time consuming This part of the session will help provide information so you can: Plan networks around your end users needs Select the correct operating mode for your network Meet your business needs 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 59

Supported Outdoor Modes Autonomous Mobility Express FlexConnect/ Flex+Bridge Centralized C WAN Intranet Independent Access Points Controller running on AP Traffic Distributed at AP Traffic Centralized at Controller Best suited for Small Small-Medium Branch Outdoors SP/Enterprise Benefits Simple and costeffective for small networks Simple and cost-effective for small-medium networks Highly scalable for large number of remote branches Simple wireless operations with DC hosted controller Simplified operations with centralized control for Wireless Wireless Traffic visibility at the controller Bridge/Local modes Key Considerations Low scale P2P Moderate Scale L2 roaming only L2 roaming only WAN BW and latency requirements System throughput 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 60

Cisco Outdoor Autonomous Deployment

Outdoor Autonomous Root Bridge The root in a point to point (P2P) or point to multipoint (P2MP) deployment. Designed to take on non-root bridges, but can also accept associations from clients on non-backhaul radio Non-Root Bridge Designed to connect to Root Bridge mode autonomous access points. Allows wired and wireless clients on nonbackhaul radio Workgroup Bridge Designed to connect as a client to the unified wireless architecture. Can bridge up to 20 wired clients. Recommended for mobile units. Install Mode - Uses a series of LED flashes to measure link RSSI between bridges. Allows installers to align access points http://www.cisco.com/c/en/us/td/docs/wireless/access_point/15_2_4_ja/configuration/guide/scg15-2-4_book.html 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 62

Cisco Autonomous Deployment Overview Bridging L3/L2 switch Root Bridge 5GHz/2.4 GHz Non Root Bridge L2 switch Point To Point L2 switch Internet Point To Multipoint Bridging: basic LAN to LAN wireless connectivity 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 63

Cisco Prime Management of Autonomous APs Autonomous Management Capabilities: Access Point Heat maps Monitoring AP Status Monitoring Client Status Configuration Templates Reporting 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 64

Autonomous Additional Information Quick Start Configuration Template: https://supportforums.cisco.com/document/61936/autonomous-ap-and-bridge-basicconfiguration-template Autonomous Configuration Guide http://www.cisco.com/c/en/us/td/docs/wireless/access_point/15_2_4_ja/configuration/g uide/scg15-2-4_book.html 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 66

Cisco Outdoor Mobility Express Deployment

What is Mobility Express? Increases scalability without replacing access points. You just add a controller Activates best-practice settings by default and supports presencebased analytics 05 04 01 Cisco Mobility Express 02 Runs Wireless LAN Controller function on an access point Presents an over-theair wizard or Network PnP to configure up to 100 access points per controller 03 Easily manages and troubleshoots your network using advanced software-based functions 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 68

Cisco Mobility Express Uses 802.11ac Wave 2 technology: Fastest Wi-Fi available NEW: Mobility Express Enables simple and Fast IT: You re up and running in minutes Manages all current Aironet access point models Embeds an advanced, virtual WLAN controller into your access point Simple, yet sophisticated deployment Supports Cisco s industry-leading WLAN controller features with no price premium 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 69

High-end features, no price premium Uses 802.11ac Wave 2 technology: Fastest Wi-Fi available Improved client density support with multiuser multiple input, multiple output (MU-MIMO) technology Apple Fastlane - automatically assures highest priority, fastest performance for trusted apps on trusted Apple device Self optimized RF with Flexible Radio Assignment: radio automatically adjusts to dual 5GHz or monitor (on select models) Integrated Connected Mobile Experiences with easy Guest Wi-Fi and powerful analytics 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 70

Mobility Express: Best dashboard for Wi-Fi Troubleshooting alert New software notification icon Rogues (Access points and clients) Make-a-wish to send email feedback directly to Product Management team: MobilityExpress@cisco.com Switch between Standard View and Expert View Interferers Higher scalability already built-in the dashboard 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 71

Expert View Introduces a wealth of options for wireless experts Enable 2.4 GHz Band Enable 5.0 GHz Band Enable Auto FRA Enable Optimized Roaming Enable EDRRM Enable CleanAir Select Channel Width Slider for enabling 2.4 and 5 GHz Data rates Select DCA channels for 2.4 and 5 GHz 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 72

Cisco Outdoor Centralized/ FlexConnect

Controller Based Access Point Modes Overview Cisco Access Points Support: Local mode Monitor mode Flexconnect Mode Bridge Mode Flex + Bridge Mode (from 8.0 release) Sniffer Mode Rogue Detector Mode W2 Indoor APs do not yet support bridge mode (18xx, 28xx, 38xx) Why use a outdoor AP15xx, not an indoor AP? Ruggedized AP (IP67 rated) Transmits at higher power levels (depending on Regulatory Domain) Meets outdoor regulatory constrains No expensive NEMA enclosure 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 74

Local Mode vs. Bridge Mode Local Mode + 100% Client Access on both 2.4 and 5GHz Bridge Mode - 5GHz for Backhaul, can be shared for 5GHz client access - Requires wired Ethernet drop per AP including cabling and installation costs Should be used for High Density Deployments Use Case: Large City deployment (Extension to indoor enterprise deployment outdoors) + Does not require wired Ethernet drop, only power Should be used to cover large areas Use Case: Open Mining Facility (Temporary deployments) 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 75

Use Case: High Density City Deployment WLC 8540 with HA At a distance of approx. 1 AP roughly every 250 SqMeters (2700 Sqft) Depending on client density APs can be spaced closer/farther Directional antennas / HDX features allow more additional APs APs should be in Local/Flexconnect mode RRM should be enabled with full HDX feature set 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 76

Bridge/ Mesh Mode

Cisco Outdoor Mesh architecture overview From Bridging to Mesh L3/L2 switch RAP (Root AP) Backhaul 5GHz MAP (Mesh AP) 2.4 GHz Access L2 switch CPI WLC MSE Backhaul 5GHz Wired access MAP 5 GHz Access 5 GHz Access WGB Mesh Deployment Flexibility: LAN-to-LAN connectivity Multiple hop backhaul 2.4 GHz and 5GHz wireless client access Ethernet Access to wired clients LAN-to-LAN in motion with Work Group Bridge (WGB) 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 78

How does the Mesh converge? Self-configuring, Self-healing Mesh Optimal parent selection selects the path ease across each available backhaul Ease based on number of hops and link SNR (Signal Noise Ratio) AWPP uses a Parent Stickiness value to mitigate Route Flaps MAP Neighbor Parent RAP Controller AWPP integrates 802.11h DFS (Dynamic Frequency Selection) for radar detection and avoidance Preferred parent can be manually configured if needed Adaptive Wireless Path Protocol (AWPP) establishes the best path to the Root 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 79

Adaptive Wireless Path Protocol (AWPP) establishes the best path to the Root How does AWPP Port-control flow work? Blocked parent selection AWPP packets (Adj req, resp, beacon) Parent not associated yet Authentication AWPP security packets (Encrypted Tunnel is established) Authorized Control DHCP, ARP, CAPWAP control (AP gets IP Address) Open CAPWAP Authorized ALL packets 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 80

Security with Cisco Mesh AP X.509 Certificate Authentication Dynamic VLAN Assignment 802.1x WPA/WPA2 Mutual AP Auth EAP for Encrypted Links Controller IPSec VPN Si 802.11i WPA/WPA2 security + Dynamic VLAN assignment AP to AP and AP to Controller mutual authentication EAP authenticated and AES-based encrypted backhaul mesh links Robust embedded security MAC Authentication Certificate Authentication Encrypted control traffic between AP and Controller Rogue AP detection and blacklisting Integrated Wireless IDS and Attack correlation software Mobile L3 VPNs for confidential client traffic Cisco s AnyConnectVPN Client uninterrupted L3 roaming between Wi-Fi, cellular, etc. networks PSK based authentication (Introduced in 8.2) EAP Encryption between hops Secured WLAN (802.1X, WPA/WPA2) Client VPN 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 81

Cisco Outdoor Mesh architecture scaling Scalability at different layers Access Point 32 MAPs per RAP (<20 recommended) 8 Hops (4 recommended) 16 SSIDs per AP (512 at WLC) Management Prime manages up to 20,000 APs, 200K wireless Clients Intranet Controller Up to 72 Controllers can be part of an 1:1, N+1 or N+N+1 cluster Mobility Groups allow clients to maintain layer 3 IP stack for seamless roaming 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 82

Bridge Group Names (BGN)

Determining how the mesh forms General Mesh Deployment recommendations include: Placing Access Points where the desired parent will have the highest link SNR Setting Bridge Group Names (BGN) Configuring a Preferred Parent Monitoring Mesh Links on Prime Mesh Links show color based on SNR 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 84

Bridge Groups Sectorization (Bridge Group) 3 Hops 2 Hops Logically groups APs and controls the association of the radios 1 Hop For adding capacity we recommend that you have more than one RAP in the same sector, with the same BGN, but on different channels MAP MAP RAP Having multiple RAPs with same BGN in an area is good for redundancy: when a RAP goes down its MAPs will join a different sector with same name A factory default BGN is empty (NULL VALUE). It allows the MAP to do the first association 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 85

How to Configure Bridge Groups Setting Bridge Group Name (BGN) config ap bridgegroupname set MESH-BGN AP_NAME Use bridge group names to logically group the mesh access points to avoid two networks on the same channel from communicating with each other If BGN is mismatched, the AP will join a mesh network of another BGN, but after 15 mins, the AP will drop AWPP and scan for its own BGN BGN misconfigurations will cause network instability 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 86

Preferred Parent Preferred Parent will be selected for the following conditions: P.P parent is the best parent P.P link SNR is at least 20dB (In this case, other parents, however good, are ignored) P.P has link SNR between 12 and 20 db, but no other parent is significantly better (SNR more than 20% better). For lower than 12dB SNR, P.P configuration is ignored P.P is not blacklisted P.P is not in silent mode due to DFS. P.P is in the same Bridge Group Name (BGN). If no other parent available in the same BGN, the child will join the P.P using the default BGN 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 87

Strict BGN Matching Scan 10 times for finding the matched BGN parent After 10 scans, if no parent with matched BGN, connect to the non-matched BGN After 15 mins, break connection and scan again Adds a higher AWPP priority on BGN but does not strand AP with mis-configured BGNs WLC GUI: Wireless->AP_NAME->Mesh Available from 8.0 Release 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 88

Mesh Traffic and Convergence

How does Traffic pass in a Bridge Mode Deployment? Deployment flexibility MAP WLAN Controller RAP Intranet MAPs dynamically build a tree with the best path to the RAP 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 93

How does Traffic pass in a Bridge Mode Deployment? Deployment flexibility MAP WLAN Controller RAP Intranet Mesh carries two types of traffic: 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 94

How does Traffic pass in a Bridge Mode Deployment? Deployment flexibility MAP WLAN Controller RAP Intranet Mesh carries two types of traffic: Wired client traffic 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 95

How does Traffic pass in a Bridge Mode Deployment? Deployment flexibility Ethernet in mesh header MAP WLAN Controller RAP Intranet Mesh carries two types of traffic: Wired client traffic Mesh header 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 96

How does Traffic pass in a Bridge Mode Deployment? Deployment flexibility Ethernet in mesh header MAP WLAN Controller RAP Intranet Mesh carries two types of traffic: Wired client traffic CAPWAP in mesh header Mesh header 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 98

How does Traffic pass in a Bridge Mode Deployment? Deployment flexibility Ethernet in mesh header MAP WLAN Controller RAP Intranet Mesh carries two types of traffic: Wired client traffic CAPWAP in mesh header Mesh header CAPWAP traffic 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 99

How does Traffic pass in a Bridge Mode Deployment? Deployment flexibility Ethernet in mesh header MAP WLAN Controller RAP Intranet Mesh carries two types of traffic: Wired client traffic Wireless client traffic CAPWAP in mesh header Mesh header CAPWAP traffic 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 100

Mesh APs scanning - Before joining a RAP Listens to Beacons on each domain channel Identifies channels where neighbors are heard MESH AP Post initial scan, MAP goes to seek state to identify the best RAP and initiate a connection 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 101

Evolution of Wi-Fi Mesh Background Scanning for Fast Convergence RAPs and MAPs support 802.1x and MAC authentication RAP and MAPs support 802.11ac - More speed > Faster Convergence RAPs and MAPs run RRM MAPs run Fast Convergence 20 sec/hop MAPs run convergence with Back Ground Scan 4-10 sec/hop RAPs and MAPs support AWPP MAPs Authenticate to WLC WPA-PSK MAP run Standard Convergence 50 sec/hop MAPs run Very Fast Convergence 15 sec/hop 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 102

Mesh Fast Convergence Parent Loss Detection / Keep Alive Timers Channel Scan/Seek DHCP / CAPWAP Information Time per hop (sec) Standard 21 / 3 sec Scan/Seek all 2.4 & 5GHz channels Renew / Restart CAPWAP 48.6* Fast 7 / 3 sec Scan/Seek only channels found in same bridge group Maintain DHCP and CAPWAP 20.5* Very Fast 4 / 1.5 sec Scan/Seek only channels found in same bridge group Maintain DHCP and CAPWAP 15.9* CCN/BG Scan Fast/VF 4 sec / Off-Channel scan every 3 sec and stay for 50ms Scan/Seek only channels found in same bridge group Maintain DHCP and CAPWAP 8-10sec *Number are shown for same WLC, same channel, and same subnet. Times are longer if these variables are changed WLC CLI Configuration only (Warning: Decreasing convergence time may lead to more parents changes) Mesh convergence configuration - (Cisco Controller) > config mesh convergence { standard fast very-fast } all Background scanning configuration - (Cisco Controller) > config mesh background-scanning {enable disable} 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 103

How Mesh APs scan DFS and non-dfs bands? AP first scans the serving on-channel (DFS or Non-DFS) to find any neighbors Off-Channel Scanning If Non-DFS Channels (UNII-1, UNII-3) AP actively scans (transmitting packets) non-dfs channels periodically If DFS Channels (UNII-2, UNII-2 extended) AP first checks if the channel is declared safe, then passively scans (no transmitting) DFS channels If Radar is detected, channel is completely avoided 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 104

Mesh Convergence - Building the Off-Channel List 1. MAP1 Scan for parents WLC Switch RAP1 Ch 36 MAP1 RAP2 Ch 44,48 RAP3 Ch 40 MAP3 Ch 40 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 106

Mesh Convergence - Building the Off-Channel List 1. MAP1 Scan for parents 2. Finds and joins Best Parent WLC Switch RAP1 Ch 36 MAP1 RAP2 Ch 44,48 RAP3 Ch 40 MAP3 Ch 40 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 107

Mesh Convergence - Building the Off-Channel List WLC Switch RAP1 Ch 36 MAP1 1. MAP1 Scan for parents 2. Finds and joins Best Parent 3. Background scans all neighbors RAP2 Ch 44,48 RAP3 Ch 40 MAP3 Ch 40 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 108

Mesh Convergence - Building the Off-Channel List WLC Switch RAP1 Ch 36 RAP2 Ch 44,48 MAP1 RAP3 Ch 40 MAP3 Ch 40 1. MAP1 Scan for parents 2. Finds and joins Best Parent 3. Background scans all neighbors 4. Creates an Off-Channel Scanning List using channels with neighbors present Off-Channel Scanning List Standard Scan channels heard during initial full scan then scan Off- Channels found with neighbors (44,40) then scan all remaining channels on domain (In US there are 25 channels) Fast/Very Fast Scan channels heard during initial full scan then scan Off- Channels found with neighbors (44,40) then scan just the subset of the channels (44,48,40) 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 109

Mesh Convergence Background Scan & Messaging RAP1 Ch 60 1. MAP1 Scan for parents RAP2 Ch 100 MAP1 MAP2 RAP3 Ch 140 Available from 8.1 Release 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

Mesh Convergence Background Scan & Messaging RAP1 Ch 60 1. MAP1 Scan for parents 2. Finds Best Parent RAP2 Ch 100 MAP1 MAP2 BGN RAP Channels BGN_1 60, 100, 140 Available from 8.1 Release RAP3 Ch 140 Off-Channel Neighbor list (Example) Channel AP Link SNR Ease RAP1 35 3500 60 MAP2 30 1200 100 RAP2 25 2500 140 RAP3 10 1000 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

Mesh Convergence Background Scan & Messaging RAP1 Ch 60 1. MAP1 Scan for parents 2. Finds Best Parent 3. Background Scans all parents RAP2 Ch 100 MAP1 MAP2 BGN RAP Channels BGN_1 60, 100, 140 Available from 8.1 Release RAP3 Ch 140 Off-Channel Neighbor list (Example) Channel AP Link SNR Ease RAP1 35 3500 60 MAP2 30 1200 100 RAP2 25 2500 140 RAP3 10 1000 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

Mesh Convergence Background Scan & Messaging RAP1 Ch 60 RAP2 Ch 100 MAP1 MAP2 1. MAP1 Scan for parents 2. Finds Best Parent 3. Background Scans all parents 4. Parent Fails BGN RAP Channels BGN_1 60, 100, 140 Available from 8.1 Release RAP3 Ch 140 Off-Channel Neighbor list (Example) Channel AP Link SNR Ease RAP1 35 3500 60 MAP2 30 1200 100 RAP2 25 2500 140 RAP3 10 1000 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

Mesh Convergence Background Scan & Messaging RAP1 Ch 60 RAP2 Ch 100 MAP1 MAP2 1. MAP1 Scan for parents 2. Finds Best Parent 3. Background Scans all parents 4. Parent Fails 5. Send CCN_WAIT to children BGN RAP Channels BGN_1 60, 100, 140 Available from 8.1 Release RAP3 Ch 140 CCN_ WAIT Off-Channel Neighbor list (Example) Channel AP Link SNR Ease 60 RAP1 35 3500 MAP2 30 1200 100 RAP2 25 2500 140 RAP3 10 1000 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

Mesh Convergence Background Scan & Messaging RAP1 Ch 60 RAP2 Ch 100 MAP1 MAP2 1. MAP1 Scan for parents 2. Finds Best Parent 3. Background Scans all parents 4. Parent Fails 5. Send CCN_WAIT to children 6. Join New Parent from list BGN RAP Channels BGN_1 60, 100, 140 Available from 8.1 Release RAP3 Ch 140 Off-Channel Neighbor list (Example) Channel AP Link SNR Ease RAP1 35 3500 60 MAP2 30 1200 100 RAP2 25 2500 140 RAP3 10 1000 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

Mesh Convergence Background Scan & Messaging RAP1 Ch 60 RAP2 Ch 100 MAP1 MAP2 1. MAP1 Scan for parents 2. Finds Best Parent 3. Background Scans all parents 4. Parent Fails 5. Send CCN_WAIT to children 6. Join New Parent from list 7. Notifies child of channel change BGN RAP Channels BGN_1 60, 100, 140 Available from 8.1 Release RAP3 Ch 140 CCN_ CINFO Off-Channel Neighbor list (Example) Channel AP Link SNR Ease 60 RAP1 35 3500 MAP2 30 1200 100 RAP2 25 2500 140 RAP3 10 1000 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

Daisy Chaining

Daisy-chaining: Serial Backhaul Deployments WLAN Controller RAP MAP (Master) AP (Slave) MAP2 80MHz 80MHz Both 1532s and 1572s in Bridge Mode can utilize this configuration Master MAP & Slave MAP are operating on different 5GHz channels to maximize throughput across the mesh link BGN configuration and the Preferred Parent command are recommended to maintain the mesh tree Slave MAP must be configured in RAP Mode 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 118

Daisy-Chaining: Mixing Access Points WLAN Controller RAP MAP (Master) AP (Slave) 80MHz Slave Access Point can be: 1530 / 1550 / 3700P With 1572, PoE-Out is 802.11at (25.5w), 1532E / 3702P can be powered directly! For PoE-Out, the 1572 power source must be AC / DC / or PoC 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 119

Daisy-chaining: Dedicated Client Access Device Deployments WLAN Controller RAP MAP (Master) Local AP 5GHz Local AP is dedicated for Client Access, while Master MAP will provide the mesh backhaul link 2.4/5GHz In this configuration, LocalAP should be in local mode or flex-connect mode The Master MAP must have Ethernet bridging enabled 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 120

Configuring Daisy-chaining (Cisco Controller) >config ap daisy-chaining [enable/disable] <ap_name> AP#capwap ap daisy-chaining <enable/disable> 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 121

Use Case: Roadside Video Surveillance High Throughput over Multiple Mesh Hops RAP Daisy-Chain Daisy-Chain Daisy-Chain WLC 8540 with HA WLC8500 to support high number of access points Daisy-Chaining allows 5GHz backhaul to operate on different channels maximizing throughput over distance High throughput applications such as HD video can span up to 8 mesh hops 5GHz radios should use directional antennas to maximize distance 2.4GHz radios can serve clients 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 122

Flex + Bridge

Flex + Bridge (Flex on Mesh) Central Site WLCs New AP mode that allows Flexconnect behavior across mesh-enabled AP Control plane supports: Connected (WLC is reachable) Standalone (WLC not reachable) Data Plane supports: Centralized (split MAC) Local (local MAC) Flexconnect Groups Max 8 Mesh hops, Max 32 MAPs per RAP Local AAA support Local Traffic WAN Centralized Traffic Remote Office A WLC have a mix of Bridge and Flex + Bridge RAPs inherent VLANs from its connected MAP Local Data WLAN Central Data WLAN 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 124

How does Traffic pass in a Flex + Bridge Mode Deployment? MAP WLAN Controller RAP WAN Local Intranet Flex+Bridge carries the following traffic: 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 126

How does Traffic pass in a Flex + Bridge Mode Deployment? MAP WLAN Controller RAP WAN Local Intranet Flex+Bridge carries the following traffic: Wired client traffic 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 127

How does Traffic pass in a Flex + Bridge Mode Deployment? Ethernet in mesh header MAP WLAN Controller RAP WAN Local Intranet Flex+Bridge carries the following traffic: Wired client traffic Mesh header 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 128

How does Traffic pass in a Flex + Bridge Mode Deployment? Ethernet in mesh header MAP WLAN Controller RAP WAN Local Intranet Flex+Bridge carries the following traffic: Wired client traffic Flexconnect WLAN Mesh header 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 129

How does Traffic pass in a Flex + Bridge Mode Deployment? Ethernet in mesh header MAP WLAN Controller RAP WAN Local Intranet Flex+Bridge carries the following traffic: Wired client traffic Local Wireless client traffic Ethernet in mesh header Flexconnect WLAN Mesh header 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 130

How does Traffic pass in a Flex + Bridge Mode Deployment? Ethernet in mesh header MAP WLAN Controller RAP Central WLAN WAN Local Intranet Flex+Bridge carries the following traffic: Wired client traffic Local Wireless client traffic Ethernet in mesh header Flexconnect WLAN Mesh header CAPWAP Central Wireless client traffic 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 131

Use Case: Open Mining Facility Flex + Bridge to increase Reliability RAP Mobile WGB in Open Mine MAP WAN Flex WLC with HA Local Applications Remote Mining Site: Flex WLC at the Corporate Data Center RAP/MAPs operating in Flex+Bridge Mode around mine WGB controlling vehicle connects via mesh network Local Applications continue to operate, even if the WAN link is down 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 135

Additional New Features for Outdoor Mesh

Native VLAN Support Pre 8.0, VLAN 1 assigned on all backhaul links Now the native VLAN can be assigned to match switchport interface GigabitEthernet0/1 switchport trunk encapsulation dot1q switchport trunk native vlan 161 switchport mode trunk RAP MAP Available from 8.0 Release Note: Start configuration with your last Mesh hop 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 137

Multi-country Domain Support on a WLC 8.1 Code allows multiple Country Codes to be configured A Single WLC can now manage multiple regions Best Practices: APs of different regulatory domains should be deployed if: Different Physical locations Different Bridge Group Names (BGNs) This will avoid stranding MAPs -A Channel 165 BGN_US -A Channel 165 BGN_US Available from 8.1 Release -E Channel 140 BGN_AT -E Channel 140 BGN_AT 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

RRM on 5GHz when in Bridge Mode RRM Consists of: Transmit Power Control (TPC) Dynamic Channel Assignment (DCA) Coverage Hole Detection and Mitigation (CHDM) Bridge / Flex+Bridge Mode RRM on 2.4GHz already existed Now RRM on 5GHz if: AP is a RAP and RAP has a wired link (Ethernet/Fiber/Co-ax) to WLC and RAP is without Child MAP Local / Flex Mode RRM on both bands 5GHz RRM is an optional feature. Enable manually if desired 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 139

Mesh 2.4 GHz Backhaul MAPs Backhaul issue prior to version 8.2 In some countries 5 GHz backhaul is not permitted Under certain conditions 2.4 GHz backhaul is preferred Some customers may prefer both 5 GHz and 2.4 GHz backhauls MAPs 2.4 GHz backhaul solution in version 8.2 Mesh backhauls can be configured globally or per Parent RAP RAPs can be configured for either 5 or 2.4 GHz backhauls Backhaul selection from Parent RAP propagates to all MAP children in a tree Extra precaution should be used when using different versions controller software 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 146

Cisco Outdoor Mesh 2.4 GHz and 5GHz Backhauls Root AP Backhaul 5 GHz Mesh AP 2.4 GHz Access L3/L2 switch Root AP Backhaul 2.4GHz Mesh AP L2 switch CPI WLC MSE Wired access Backhaul 2.4GHz MAP 5 GHz Access 5 GHz Access WGB Mesh Deployment Flexibility: LAN-to-LAN connectivity Backhaul 2.4GHz Multiple hop backhaul at 5 or 2.4 GHz 2.4 GHz and 5GHz wireless client access Ethernet Access to wired clients LAN-to-LAN in motion with Work Group Bridge (WGB) Mesh AP 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 147

High Availability anti-stranded features Stranded: a MAP that is not able to associate and find a path to WLC DEFAULT BGN (Bridge Group Name): Mesh APs with incorrect BGN, can still join a running network using BGN named DEFAULT. With DEFAULT BGN: MAP associates clients, and forms mesh relationships After 15 minutes APs will go to SCAN state rather than rebooting Do not confuse an unassigned BGN (null value) with DEFAULT, which is a mode that the access point uses to connect when it cannot find its own BGN DHCP fall back: this features allow a MAP configured with a wrong static IP address to fall back to DHCP and find a WLC. If even this fails, AP then attempts to discover a controller in Layer 2 mode FULL SECTOR DFS: DFS functionality allows a MAP that detects a radar signal to transmit that up to the RAP, which then acts as if it has experienced radar and moves the sector 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 148

Mesh Leaf Node Support Mesh AP relationships Parent access point - Offers the best route back to the RAP Child access point - Selects the parent access point as its best route back to the RAP Enable/disable mesh AP as leaf node When APs in the mesh network have different radio performance (i.e. 802.11n and 802.11ac mixed), lower radio performance mesh AP can be configured to work only as leaf node, so that the wireless backhaul performance will not be downgraded. Mesh leaf node - Cannot be selected as parent access point by other MAPs, only work as a child MAP WLC CLI (Cisco Controller) >config mesh block-child <ap_name> {enable disable} 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 149

Workgroup Bridge (WGB)

Mesh: Stationary Network WGB: Roaming/Nomadic Network HSR aka Fast WGB Roaming Workgroup Bridge / Autonomous Features WGB Roaming Coordination (8.4) 802.11r on WGB (8.6) Ethernet daisy chain Wireless Bridge Auto-Negotiation (8.5) DLEP client (8.5) SSID prioritization in WGB Broadcast support for multiple VLANs 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 151

IoT Wireless WGB Roaming Evolution Basic WGB roaming Fast WGB roaming PRP enhanced roaming Low to moderate speed Limited Scanning of channels High speed (Tested up to 100Km/h) 802.11v BSS Fast Transition on WGB RSSI smoothing filter Optimized rate-shifting algorithm Highest speed (Tested up to 160Km/h) PRP (Parallel Redundancy Protocol) over wireless Dual radios approach enables always-best-connected at speeds Dual WGBs, dual radios (parallel 5GHz) roaming Single WGB, dual radios (parallel 2.4GHz and 5GHz) roaming Roaming coordination prevents two radios from roaming at the same time 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 152

Seamless, Resilient Connectivity for Mobile Assets 1. Fast WGB Roaming enables consistent throughput and stable rate-shifting at high speeds WGB support for 802.11v Fast BSS Transition Enhanced RSSI filter algorithm 2. Roaming Coordination decouples roaming events on the 2.4 and 5 GHz interfaces Channel 11 Channel 48 WLAN interfaces coordinate roaming sequence and utilize delay timer Single or Dual-WGB configurations 3. Traffic distribution using PRP over Wi-Fi effectively overcomes single channel handover or failure Bandwidth profile after discard of PRP duplicates PRP stack integrated in WGB or using external PRP switch Also reduces packet delay variation 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 153

WGB Roaming Coordination When two radios that work under WGB mode are connected to each other, there is a roaming coordination mechanism between the two radios to prevent them from roaming at the same time Roaming coordination mechanism can be applied to two scenarios Two connected radios on two separate IW3702s in WGB mode Two radios on the single IW3702, both configured as WGB When a WGB, needs to roam, it sends an indication to the other WGB indicating it wants to start roam, the other WGB shall wait for 100ms (configurable) by default if it also needs to roam, once the roam event on the WGB is complete or if the timeout expires, the other WGB is free to roam Roaming Coordination mechanism facilitates seamless connectivity when multiple RF paths are involved such as in case of PRP or DLEP 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 154

PRP over Wireless Redundancy Options Dual WGB, Dual Radio - WLC 8.4 Single WGB, Dual Radio - WLC 8.5 5GHz 5GHz WGB WGB 2.4GHz 5GHz PRP Switch as RedBox WGB as RedBox External PRP switch as RedBox (redundancy box) performs packet duplication/duplication discard function Redundant path available via two 5GHz radios on two WGBs Network infrastructure side PRP switch as RedBox Application examples: Train to track side, industrial automation and amusement ride applications WGB as RedBox (redundancy box) performs packet duplication/duplication discard function Redundant path available via 2.4GHz and 5GHz radios on single WGB Network infrastructure side PRP switch as RedBox Application examples: Autonomous vehicles and straddle carriers and mission critical application etc. 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 155

Guidelines for Dual WGB PRP Configuration Redundant path in the network Duplicated traffic is mapped to two SSID A and SSID B, each within specified VLAN Each WGB is configured to associate to either SSID A or SSID B Redundant 5GHz wireless paths are provided for wired clients behind the WGB, traffic from/to the client are duplicated, MGMT frames and other traffic are not duplicated It is recommended that wired clients behind WGB use different VLAN from the VLANs assigned to SSID A or SSID B Traffic between aggregate switch and APs are in QinQ format to identify which path they come from QinQ function on AP is enabled by PRP feature QinQ function on Aggregate switch is enabled by switch configuration Pair of WGBs support roaming coordination function by connection between their second Gigabit Ethernet interface Currently only FlexConnect mode (central authentication, local switching) is supported Supported platforms - Infrastructure side AP: IW3702, AP1572 series, WGB: IW3702 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 156

Guidelines for Single WGB PRP Configuration Redundant wireless path in the network Duplicated traffic is mapped to two SSID A and SSID B, each within specified VLAN Each radio on single WGB is configured to associate to either SSID A or SSID B Redundant 2.4GHz and 5GHz wireless paths are provided for wired clients behind the WGB, traffic from/to the client are duplicated, MGMT frames and other traffic are not duplicated It is recommended that wired clients behind WGB use different VLAN from the VLANs assigned to SSID A or SSID B Traffic between aggregate switch and APs are in QinQ format to identify which path they come from QinQ function on AP is enabled by PRP feature QinQ function on Aggregate switch is enabled by switch configuration Currently only FlexConnect mode (central authentication, local switching) is supported Supported platforms - Infrastructure side AP: IW3702, AP3700, AP2700, AP1572 series, WGB: IW3702 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 157

Sample Configuration Network Infrastructure Side WLC configuration Create WLAN with SSID (PRP1/PRP2) Enable local switching for each WLAN Configure AP to flexconnect mode, enable VLAN mapping Enable WGB multiple vlan support (WLC) >config wgb vlan enable Enable PRP under WLAN (CLI) - GUI available starting WLC 8.5 (WLC) >config wlan wgb prp enable? <WLAN id> Enter WLAN Identifier between 1 and 512 Aggregate Switch - QinQ configuration interface FastEthernet1/0/1 description *** Port to AP *** switchport trunk encapsulation dot1q switchport trunk native vlan 201 switchport trunk allowed vlan 201,801,802 switchport mode trunk interface FastEthernet1/0/3 description ***Port to AP*** switchport trunk encapsulation dot1q switchport trunk native vlan 201 switchport trunk allowed vlan 201,801,802 switchport mode trunk interface FastEthernet1/0/7 description ***Port to PRP SW*** switchport access vlan 801 switchport mode dot1q-tunnel interface FastEthernet1/0/8 description *** Port to PRP SW *** switchport access vlan 802 switchport mode dot1q-tunnel PRP Switch - PRP configuration interface PRP-channel1 switchport mode trunk! interface GigabitEthernet0/1 switchport mode trunk no ptp enable no cdp enable prp-channel-group 1! interface GigabitEthernet0/2 switchport mode trunk no ptp enable no cdp enable prp-channel-group 1 To create PRP channel and group, follow the PRP configuration guide at http://www.cisco.com/c/en/us/td/docs/switches/lan/i ndustrial/software/configuration/guide/b_prp_ie4k_ 5k.html#task_1055346 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 158

Sample Configuration Dual WGB PRP Configuration WGB1 Configuration Client VLAN 800, SSID VLAN 801 hostname WGB1 dot11 ssid PRP1 vlan 801 authentication open interface Dot11Radio1 no ip address ssid PRP1 station-role workgroup-bridge! interface Dot11Radio1.800 encapsulation dot1q 800 bridge-group 2 bridge-group 2 spanning-disabled! interface Dot11Radio1.801 encapsulation dot1q 801 native bridge-group 1 bridge-group 1 spanning-disabled! interface GigabitEthernet0.800 encapsulation dot1q 800 bridge-group 2! interface GigabitEthernet0.801 encapsulation dot1q 801 native bridge-group 1! workgroup-bridge unified-vlan-client WGB2 Configuration Client VLAN 800, SSID VLAN 802 hostname WGB2 dot11 ssid PRP2 vlan 802 authentication open interface Dot11Radio1 no ip address ssid PRP2 station-role workgroup-bridge! interface Dot11Radio1.800 encapsulation dot1q 800 bridge-group 2 bridge-group 2 spanning-disabled! interface Dot11Radio1.802 encapsulation dot1q 802 native bridge-group 1 bridge-group 1 spanning-disabled! interface GigabitEthernet0.800 encapsulation dot1q 800 bridge-group 2! interface GigabitEthernet0.802 encapsulation dot1q 802 native bridge-group 1! workgroup-bridge unified-vlan-client 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 159

Sample Configuration Single WGB PRP Configuration Client Vlan 800, SSID PRP1 VLAN 801, SSID PRP2 VLAN 802, BVI VLAN 900 dot11 wgb prp no shutdown bvi-vlanid 900! dot11 ssid PRP1 vlan 801 authentication open no ids mfp client! dot11 ssid PRP2 vlan 802 authentication open no ids mfp client! interface Dot11Radio0 ssid PRP1 packet retries 32 drop-packet station-role workgroup-bridge rts retries 32 bridge-group 1 bridge-group 1 spanning-disabled! interface Dot11Radio0.800 encapsulation dot1q 800 bridge-group 50 bridge-group 50 spanning-disabled! interface Dot11Radio0.801 encapsulation dot1q 801 bridge-group 100 bridge-group 100 spanning-disabled! interface Dot11Radio1 ssid PRP2 packet retries 32 drop-packet station-role workgroup-bridge rts retries 32 bridge-group 1 bridge-group 1 spanning-disabled! interface Dot11Radio1.800 encapsulation dot1q 800 bridge-group 50 bridge-group 50 spanning-disabled! interface Dot11Radio1.802 encapsulation dot1q 802 bridge-group 200 bridge-group 200 spanning-disabled interface GigabitEthernet0 no ip address load-interval 30 duplex auto speed auto bridge-group 1 bridge-group 1 spanning-disabled! interface GigabitEthernet0.800 encapsulation dot1q 800 bridge-group 50 bridge-group 50 spanning-disabled! workgroup-bridge unified-vlan-client 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 160

Supported PRP Switch (Redundancy Box) IE2000U (Specific models) IE4000 (All models) IE-2000U-8TC-G IE-2000U-16TC-G IE-2000U-16TC-G-X IE-2000U-16TC-GP IE4010 (All models) IE5000 (All models) 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 161

Step 3: Deployment

Making sure few things before installation By default the following parameters are set AP Role: MAP Default 2.4GHz and 5GHz channels are selected Default Transmit Power is set: Power Level 1 Default Mesh Distances estimation is set to 12000ft Default BGN Backhaul Client Access is enabled Default Mesh Encryption type is EAP Primary, Secondary, Tertiary Wireless LAN Controller should be set DCHP Sever Option 43 IP addresses of Wireless LAN Controllers Option 60 AP Type Option 82 DHCP Relay Information MAC-Authentication must be performed At each Wireless LAN Controller Use an External AAA 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 163

AP Accessories GPS Antenna Lightning Arrestors Grounding AP Ensure that the GPS antenna always has a clear unobstructed view of the sky, for proper functioning Cisco recommends a high-quality, low-loss cable for use with the lightning arrestor. The grounding lug and hardware used must comply with local and national electrical codes. Cisco AP Hardware Installation Guide: http://www.cisco.com/c/en/us/td/docs/wireless/access_point/1570/installation/guide/1570hig/1570_chinstallaccs.html 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 165

Provisioning

Simplifies and Accelerates Wi-Fi Deployment Connect Using Any Wireless Device Configure using Setup Wizard Use Best-Practice Templates with Advanced Features Out-of-the-Box 2 3 1 Radio Resource Management Guest Access Application Visibility CleanAir Band Select Client Profiling 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 172

What if you have 1000s APs & 100s sites?

Network Plug-N-Play Simple, Secure, Scalable Ships equipment Reseller/Partner Today s Process Central Staging Facility Network Admin Install OS Install Config Prime device Business Challenges Direct Costs Shipping after Configuring device Travel costs for IT installer Complexity Config errors Different products / processes Security 3 rd party not secure Installer Site-1 Site-2 Site-3 Time/Productivity Manual process Shipping, Storage, Travel 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 174

Network Plug-N-Play Simple, Secure, Scalable Today s Process Network Ships equipment Reseller/Partner Central Staging Facility Network Admin Install OS Install Config Prime device 1 Pre Provision Projects/Sites Network Admin 2 Install & Power-on devices 3 Monitor device installation Installer Installer Network Admin Site-1 Site-2 Site-3 Site(s) 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 175

Network PnP support What are we trying to solve here? Customers can deploy Access Points and/or Mobility Express controller without manually doing staging or Day 0 How? Customers would use private cloud or Cisco public cloud redirect to create and/or upload a controller configuration for a site 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 176

What are those support options again? Private Cloud DNAC server which can be reached by Access points or Mobility Express capable APs. These APs can download the controller configuration file from DNAC server which resides in the premises of the organization. Cisco Cloud Redirect Plug and Play Connect Cisco cloud redirecting Access Points or Mobility Express APs to a specific DNAC IP address. This would be defined by customer/partner in Smart account. These APs can download the controller configuration file from DNAC server managed by customer. 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 177

Network PnP support for APs Private Cloud Master AP running PnP Agent LAN/Internet LAN PnP Server PnP Server uses self signed SSL certificate DHCP Request DHCP response with APIC-EM IP address in DHCP option 43 PnP Agent initiates HTTP communication with the server and sends the device UDI PnP Agent installs local trustpoint for the server SSL certificate PnP Agent initiates HTTPS communication with the server and sends the device UDI HTTP PnP work request with device serial number (UDI) HTTPS PnP work request with device serial number (UDI) PnP Server receives UDI and sends server SSL certificate over HTTP PnP Server receives UDI and sends ME controller configuration over HTTPS 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 178

Network PnP support for APs Cisco Cloud Redirect Master AP running PnP Agent Cisco Cloud Redirect Server Internet PnP Server PnP Server uses self signed SSL certificate DHCP Request DHCP server responds with device IP, domain name and DNS server* PnP Agent initiates HTTP communication with the APIC-EM server and sends the device UDI Device creates pre-defined cloud redirect server name (devicehelper.cisco.com) and resolves for IP address Device establishes HTTP request with device serial number (UDI) communication with Cloud Redirect Server PnP Agent installs local trustpoint for the server SSL certificate PnP Agent initiates HTTPS communication with the server and sends the device UDI HTTP PnP work request with device serial number (UDI) Cloud redirect server receives UDI and sends APIC-EM IP address HTTPS PnP work request with device serial number (UDI) PnP Server receives UDI and sends server SSL certificate over HTTP PnP Server receives UDI and sends ME controller configuration over HTTPS 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 179

Step 4: Day 1 & Day 2

Best Practices

Infrastructure Enable High Availability (AP and Client SSO) Enable AP Failover Priority Enable AP Multicast Mode Enable Multicast VLAN Enable Pre-image download Enable AVC Enable NetFlow Enable Local Profiling (DHCP and HTTP) Enable NTP Modify the AP Re-transmit Parameters Enable Fast SSID change Enable Per-user BW contracts Enable Multicast Mobility Enable Client Load balancing Disable Aironet IE FlexConnect Groups and Smart AP Upgrade Apple FastLane AVC AP Groups RF Groups Client SSO 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 183

Wireless/ RF Disable 802.11b data rates Restrict number of WLAN below 4 Channel bonding 40 or 80 MHz Enable Band Select Use RF Profiles and AP Groups Enable RRM (DCA & TPC) to be auto Enable Auto-RF group leader selection Enable Cisco CleanAir and EDRRM Enable Noise &Rogue Monitoring on all channels Enable DFS channels Avoid Cisco AP Load Less than 4 SSIDs RRM CleanAir RF Groups Enable DFS 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 184

Mesh Set Bridge Group Name Set Preferred Parent Multiple Root APs in each BGN Set Backhaul rate to "Auto" Set Backhaul Channel Width to 40/80 MHz Backhaul Link SNR > 25 dbm Avoid DFS channels for Backhaul (FCC only) If possible External RADIUS server for Mesh MAC Authentication Enable IDS Enable EAP Mesh Security Mode Set BGN Set PP Multiple RAP Backhaul Link SNR>25 Backhaul rate: Auto 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 185

Security Enable 802.1x and WPA/WPA2 on WLAN Enable 802.1x authentication for AP Change advance EAP timers Enable SSH and disable telnet Disable Management Over Wireless Disable WiFi Direct Secure Web Access (HTTPS) Enable User Policies Enable Client exclusion policies Enable rogue policies and Rogue Detection RSSI Strong password Policies Enable IDS BYOD Timers dot1x SSID AP dot1x Supplicant Disable Telnet https web acces User policies 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 186

MESH WIRELESS / RF INFRASTRUCTURE SECURITY Make it it Easy Easy Make it Work it work Make it Perform it perform Enable High Availability (AP and Client SSO) Enable AP Failover Priority Enable AP Multicast Mode Enable Multicast VLAN Enable Pre-image download Enable AVC Enable NetFlow Enable Local Profiling (DHCP and HTTP) Enable NTP Modify the AP Re-transmit Parameters Enable Fast SSID change Enable Per-user BW contracts Enable Multicast Mobility Enable Client Load balancing Disable Aironet IE FlexConnect Groups and Smart AP Upgrade Set Bridge Group Name Set Preferred Parent Multiple Root APs in each BGN Set Backhaul rate to "Auto" Set Backhaul Channel Width to 40/80 MHz Backhaul Link SNR > 25 dbm Avoid DFS channels for Backhaul (FCC only) External RADIUS server for Mesh MAC Authentication Enable IDS Enable EAP Mesh Security Mode Enable 802.1x and WPA/WPA2 on WLAN Enable 802.1x authentication for AP Change advance EAP timers Enable SSH and disable telnet Disable Management Over Wireless Disable WiFi Direct Secure Web Access (HTTPS) Enable User Policies Enable Client exclusion policies Enable rogue policies and Rogue Detection RSSI Strong password Policies Enable IDS BYOD Timers Disable 802.11b data rates Restrict number of WLAN below 4 Enable channel bonding 40 or 80 MHz Enable Band Select Use RF Profiles and AP Groups Enable RRM (DCA & TPC) to be auto Enable Auto-RF group leader selection Enable Cisco CleanAir and EDRRM Enable Noise &Rogue Monitoring on all channels Enable DFS channels Avoid Cisco AP Load http://www.cisco.com/c/en/us/td/docs/wireless/technology/wlc/82463-wlc-config-best-practice.html 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

Backup Configurations

Mesh : Set Bridge Group Name ( BGN ) Wireless All APs AP Name Mesh Bridge Group Name Enables mesh APs to join pre-determined Bridge Groups using the BGN 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 189

Mesh : Set Backhaul Rate to auto Wireless All APs AP Name Mesh Bridge Data Rate Allow the backhaul data rate to change dynamically as the quality of the link fluctuates 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 192

Mesh : Backhaul Link SNR > 25 show mesh path CLI states the Link-SNR To avoid poor backhaul links that lead to poor overall mesh performance 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 194

Mesh : Avoid DFS channels for Backhaul Wireless Access Points Radios 802.11a/n/ac Configure Minimizes the number of backhaul channel changes due to radar events Only applies to US Regulatory Domain 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 195

Mesh : Enable Mesh IDS Wireless Mesh Additional security by monitoring the wireless network for un-wanted rogue access points or potential wireless attackers 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 197

Important Links for Outdoor WLAN Cisco Wireless Best Practices: http://www.cisco.com/c/en/us/td/docs/wireless/technology/wlc/8-0/82463-wlc-config-best-practice.html Mesh Deployment Guide: https://www.cisco.com/c/en/us/td/docs/wireless/technology/mesh/8-6/b_mesh_86.html AP1532 Deployment Guide: http://www.cisco.com/en/us/docs/wireless/controller/technotes/7.6/b_1532_dg.html AP1560 Guide: http://www.cisco.com/c/en/us/products/collateral/wireless/aironet-1560- series/datasheet-c78-737416.html AP1530 Hardware Installation Guide http://www.cisco.com/c/en/us/td/docs/wireless/access_point/1530/installation/guide/1530hig.html AP1570 Hardware Installation Guide http://www.cisco.com/c/en/us/td/docs/wireless/access_point/1570/installation/guide/1570hig.html AP1530 Ordering Guide http://www.cisco.com/c/en/us/products/collateral/wireless/aironet-1530- series/guide-c07-729725.html 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 199

Please complete your Online Session Evaluations after each session Complete 4 Session Evaluations & the Overall Conference Evaluation (available from Thursday) to receive your Cisco Live T-shirt All surveys can be completed via the Cisco Live Mobile App or the Communication Stations Complete Your Online Session Evaluation Don t forget: Cisco Live sessions will be available for viewing on-demand after the event at www.ciscolive.com/global/on-demand-library/. 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public