ebook img

Campus Wireless LAN Technology Design Guide—April 2014 - Cisco PDF

302 Pages·2014·20.82 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Campus Wireless LAN Technology Design Guide—April 2014 - Cisco

Campus Wireless LAN Technology Design Guide April 2014 Table of Contents Preface ........................................................................................................................................1 CVD Navigator .............................................................................................................................2 Use Cases ..................................................................................................................................2 Scope .........................................................................................................................................2 Proficiency ..................................................................................................................................3 Introduction .................................................................................................................................4 Technology Use Cases ...............................................................................................................4 Use Case: Network Access for Mobile Devices ...................................................................................4 Use Case: Self-Administered Advanced Guest Wireless Access .........................................................4 Use Case: High Performance 802.11ac Access ...................................................................................5 Design Overview .........................................................................................................................5 Deployment Components ....................................................................................................................7 Wireless Design Models .......................................................................................................................9 High Availability ..................................................................................................................................12 Multicast Support ...............................................................................................................................12 Band Select........................................................................................................................................13 ClientLink ...........................................................................................................................................15 802.11ac Bandwidth Performance ......................................................................................................16 802.11ac Channel Planning ................................................................................................................17 Guest Wireless ...................................................................................................................................22 Deployment Details ....................................................................................................................24 Configuring Cisco Secure ACS for Wireless Infrastructure Access ....................................................25 Deploying Redundant Cisco ISE Servers ............................................................................................31 Configuring On-Site AireOS Wireless Controllers ..............................................................................49 Configuring On-Site 5760 (IOS-XE) Wireless Controller ....................................................................86 Configuring Controller Discovery and Access Point Connectivity ....................................................126 Configuring Remote-Site Wireless with Cisco FlexConnect .............................................................133 Configuring Guest Wireless: Shared Guest Controller .....................................................................184 Configuring Guest Wireless: Dedicated Guest Controller .................................................................202 Configuring Cisco ISE Sponsor Portal Services ...............................................................................265 Configuring ASA Firewall and ISE for Guest Wireless ......................................................................274 Creating and Using Guest Accounts ................................................................................................286 Appendix A: Product List .........................................................................................................291 Appendix B: Changes ..............................................................................................................297 Table of Contents Preface Cisco Validated Designs (CVDs) provide the foundation for systems design based on common use cases or current engineering system priorities. They incorporate a broad set of technologies, features, and applications to address customer needs. Cisco engineers have comprehensively tested and documented each CVD in order to ensure faster, more reliable, and fully predictable deployment. CVDs include two guide types that provide tested and validated design and deployment details: • Technology design guides provide deployment details, information about validated products and software, and best practices for specific types of technology. • Solution design guides integrate or reference existing CVDs, but also include product features and functionality across Cisco products and may include information about third-party integration. Both CVD types provide a tested starting point for Cisco partners or customers to begin designing and deploying systems using their own setup and configuration. How to Read Commands Many CVD guides tell you how to use a command-line interface (CLI) to configure network devices. This section describes the conventions used to specify commands that you must enter. Commands to enter at a CLI appear as follows: configure terminal Commands that specify a value for a variable appear as follows: ntp server 10.10.48.17 Commands with variables that you must define appear as follows: class-map [highest class name] Commands at a CLI or script prompt appear as follows: Router# enable Long commands that line wrap are underlined. Enter them as one command: police rate 10000 pps burst 10000 packets conform-action set-discard-class- transmit 48 exceed-action transmit Noteworthy parts of system output or device configuration files appear highlighted, as follows: interface Vlan64 ip address 10.5.204.5 255.255.255.0 Comments and Questions If you would like to comment on a guide or ask questions, please use the feedback form. For the most recent CVD guides, see the following site: http://www.cisco.com/go/cvd/campus Preface April 2014 1 CVD Navigator The CVD Navigator helps you determine the applicability of this guide by summarizing its key elements: the use cases, the scope or breadth of the technology covered, the proficiency or experience recommended, and CVDs related to this guide. This section is a quick reference only. For more details, see the Introduction. Use Cases This guide addresses the following technology use cases: Related CVD Guides • Network Access for Mobile Devices—At the headquarters and remote sites, mobile users require the same accessibility, security, quality of service (QoS), and high availability currently enjoyed by Campus CleanAir Technology wired users. VALIDATED Design Guide DESIGN • Self-Administered Advanced Guest Wireless Access—Authorized employees can administer a guest wireless network that supports time-based customized guest user accounts, multiple mobile device Campus Wired LAN types, and guest authentication portals. VALIDATED Technology Design Guide DESIGN • High Performance 802.11ac Access—Many organizations are looking to leverage high-performance 802.11ac wireless networks for local and remote sites that require wire-like performance for HD video, Device Management high client density, and bandwidth-intensive applications. VALIDATED Using ACS Technology DESIGN For more information, see the “Use Cases” section in this guide. Design Guide Scope This guide covers the following areas of technology and products: • Onsite, remote-site, and guest wireless LAN controllers • Integration of 802.11ac using the Cisco AireOS wireless LAN controllers • Integration of 802.11ac using the Cisco 5700 Series Wireless LAN controller • 802.11ac channel planning, channel bonding and RF-based best practices • Internet edge firewalls and demilitarized zone (DMZ) switching • Campus routing, switching, multicast and QoS • High availability wireless using HA stateful switchover (HA SSO) • Management of user authentication and policy using Cisco Identity Services Engine • Cisco ISE integration with Microsoft Active Directory • Integration of the above with the LAN and data center switching and Virtual Switching System (VSS)-based infrastructure • Guest account authentication web portals using Cisco AireOS To view the related CVD guides, wireless LAN controllers click the titles or visit the following site: • Guest account sponsor portals using Cisco ISE with AireOS and http://www.cisco.com/go/cvd/campus IOS-XE 5760 Controller CVD Navigator April 2014 2 Proficiency This guide is for people with the following technical proficiencies—or equivalent experience: • CCNP Wireless—3 to 5 years designing, installing, and troubleshooting wireless LANs • CCNA Routing and Switching—1 to 3 years installing, configuring, and maintaining routed and switched networks • CCNP Security—3 to 5 years testing, deploying, configuring, maintaining security appliances and other devices that establish the security posture of the network • VCP VMware—At least 6 months installing, deploying, scaling, and managing VMware vSphere environments CVD Navigator April 2014 3 Introduction Technology Use Cases With the adoption of smartphones and tablets, the need to stay connected while mobile has evolved from a nice- to-have to a must-have. The use of wireless technologies improves our effectiveness and efficiency by allowing us to stay connected, regardless of the location or platform being used. As an integrated part of the conventional wired network design, wireless technology allows connectivity while we move about throughout the day. Wireless technologies have the capabilities to turn cafeterias, home offices, classrooms, and our vehicles into meeting places with the same effectiveness as being connected to the wired network. In fact, the wireless network has in many cases become more strategic in our lives than wired networks have been. Given our reliance on mobility, network access for mobile devices, including guest wireless access, is essential. Use Case: Network Access for Mobile Devices At the headquarters and remote sites, the mobile user requires the same accessibility, security, quality of service (QoS), and high availability currently enjoyed by wired users. This design guide enables the following network capabilities: • Mobility within buildings or campus—Facilitates implementation of applications that require an always-on network and that involve movement within a campus environment. • Secure network connectivity—Enables employees to be authenticated through IEEE 802.1X and Extensible Authentication Protocol (EAP), and encrypts all information sent and received on the WLAN. • Simple device access—Allows employees to attach any of their devices to the WLAN using only their Microsoft Active Directory credentials. • Voice services—Enables the mobility and flexibility of wireless networking to Cisco Compatible Extensions voice-enabled client devices. • Consistent capabilities—Enables users to experience the same network services at main sites and remote offices. Use Case: Self-Administered Advanced Guest Wireless Access Most organizations host guest user-access services for customers, partners, contractors, and vendors. Often these services give guest users the ability to check their email and other services over the Internet. This design guide enables the following network capabilities: • Allows Internet access for guest users and denies them access to corporate resources • Allows groups of users called sponsors to create and manage guest user accounts • Enables the use of shared and dedicated guest controller architectures Introduction April 2014 4 Use Case: High Performance 802.11ac Access With the adoption of 802.11ac devices and the explosive growth of mobile devices, many organizations are employing 802.11ac to support both higher performance and increased client densities. A well understood fact today is that many more people carry Wi-Fi-enabled devices on a daily basis. What is not commonly realized is that the number of Wi-Fi devices per person is also increasing. To address these trends, an increasing number of organizations are deploying 802.11ac. The result is a dramatically improved client experience—similar to that of wired Gigabit Ethernet in many cases. This design guide enables the following 802.11ac capabilities: • Introduces 802.11ac on Cisco AireOS and IOS-XE 5760 Wireless LAN Controllers • Introduces the Cisco Aironet 3700 Series Access Point, which supports 802.11ac • Introduces 802.11ac support for the Cisco Aironet 3600 Series Access Point • Provides guidance on 802.11ac channel planning and the use of Dynamic Channel Assignment • Provides guidance on RF considerations in mixed 802.11 deployments • Introduces 80-MHz channels through the use of 802.11ac channel bonding Design Overview This deployment uses a wireless network in order to provide ubiquitous data and voice connectivity for employees and to provide wireless guest access for visitors to connect to the Internet. Regardless of their location within the organization, on large campuses, or at remote sites, wireless users can have a similar experience when connecting to voice, video, and data services. The benefits of this deployment include: • Productivity gains through secure, location-independent network access—Measurable productivity improvements and communication. • Additional network flexibility—Hard-to-wire locations can be reached without costly construction. • Cost effective deployment—Adoption of virtualized technologies within the overall wireless architecture. • Easy to manage and operate—From a single pane of glass, an organization has centralized control of a distributed wireless environment. • Plug-and-play deployment—Automatic provisioning when an access point is connected to the supporting wired network. • Resilient, fault-tolerant design—Reliable wireless connectivity in mission-critical environments, including complete RF-spectrum management. • Support for wireless users—Bring-your-own-device (BYOD) design models. • Efficient transmission of multicast traffic— Support for many group communication applications, such as video and push-to-talk. This Cisco Validated Design (CVD) deployment uses a controller-based wireless design. Centralizing configuration and control on Cisco wireless LAN controllers (WLC) allows the wireless LAN (WLAN) to operate as an intelligent information network and support advanced services. This centralized deployment simplifies operational management by collapsing large numbers of managed endpoints. Introduction April 2014 5 The following are some of the benefits of a centralized wireless deployment: • Lower operational expenses—A controller-based, centralized architecture enables zero-touch configurations for lightweight access points. Similarly, it enables easy design of channel and power settings and real-time management, including identifying any RF holes in order to optimize the RF environment. The architecture offers seamless mobility across the various access points within the mobility group. A controller-based architecture gives the network administrator a holistic view of the network and the ability to make decisions about scale, security, and overall operations. • Improved return on investment—With the adoption of virtualization, wireless deployments can now utilize a virtualized instance of the wireless LAN controller, reducing the total cost of ownership by leveraging their investment in virtualization. • Easier way to scale with optimal design—As the wireless deployment scales for pervasive coverage and to address the ever-increasing density of clients, operational complexity starts growing exponentially. In such a scenario, having the right architecture enables the network to scale well. Cisco wireless networks support two design models: local mode for campus environments and Cisco FlexConnect for lean remote sites. Figure 1 - Wireless overview VSS Services Block Internet Edge Data Center On-site WLC N+1 Internet LAN Core Switches On-site WLC HA Pair Guest Anchor Controller(s) Remote Site HA or N+1 WLCs WAN On-site Headquarters WLCs HA or N+1 Remote Site CAPWAP Tunnel Wireless Data CAPWAP MobilityTunnel Wireless Voice to Guest Anchor Guest Traffic Regional Site CAPWAP Mobility Tunnel 8 7 1 1 Introduction April 2014 6 Deployment Components The CVD WLAN deployment is built around two main components: Cisco wireless LAN controllers and Cisco lightweight access points. Cisco Wireless LAN Controllers Cisco wireless LAN controllers are responsible for system-wide WLAN functions, such as security policies, intrusion prevention, RF management, quality of service (QoS), and mobility. They work in conjunction with Cisco lightweight access points to support business-critical wireless applications. From voice and data services to location tracking, Cisco wireless LAN controllers provide the control, scalability, security, and reliability that network managers need to build secure, scalable wireless networks—from large campus environments to remote sites. Although a standalone controller can support lightweight access points across multiple floors and buildings simultaneously, you should deploy controllers in pairs for resiliency. There are many different ways to configure controller resiliency; the simplest is to use a primary/secondary model where all the access points at the site prefer to join the primary controller and only join the secondary controller during a failure event. However, even when configured as a pair, wireless LAN controllers do not share configuration information. Each wireless LAN controller must be configured separately. The following controllers are included in this CVD release: • Cisco 2500 Series Wireless LAN Controller—This Cisco AireOS-based controller supports up to 75 lightweight access points and 1000 clients. Cisco 2500 Series Wireless LAN Controllers are ideal for small, single-site WLAN deployments. • Cisco 5500 Series Wireless LAN Controller—This Cisco AireOS-based controller supports up to 500 lightweight access points and 7000 clients, making it ideal for large-site and multi-site WLAN deployments. High availability is supported through Stateful Switchover (SSO), which provides sub- second controller failover without requiring the wireless client to re-authenticate. • Cisco WiSM2—The Cisco Wireless Services Module 2 (WiSM2) for the Cisco Catalyst 6500 series switch is a Cisco AireOS-based controller supporting up to 1000 access points in a service module form factor. When coupled with the Cisco Sup720 or Sup2T supervisor module in the 6500-E or 6500 non-E chassis, the WiSM2 provides the rich set of features available within the AireOS-based family of controllers. High availability is supported through SSO, which provides sub-second controller failover without requiring the wireless client to re-authenticate. • Cisco 5760 Series Wireless LAN Controller—The Cisco 5760 is designed for 802.11ac networks with up to 60 Gbps of capacity, supporting up to 1000 access points and 12,000 clients per controller. This is accomplished through the Cisco Unified Access Data Plan application-specific integrated circuit (ASIC). The 5760 provides investment protection in a proven high performance and scalable architecture. • Cisco Virtual Wireless LAN Controller—vWLCs are compatible with ESXi 4.x and 5.x and support up to 200 lightweight access points across two or more Cisco FlexConnect groups and 3000 clients total. Each vWLC has a maximum aggregate throughput of 500 Mbps when centrally switched with additional capacity achieved horizontally through the use of mobility groups. The virtualized appliance is well suited for small and medium-sized deployments utilizing a FlexConnect architecture. • Cisco Flex 7500 Series Cloud Controller—Cisco Flex 7500 Series Cloud Controller for up to 6000 Cisco access points supports up to 64,000 clients. This controller is designed to meet the scaling requirements to deploy the Cisco FlexConnect solution in remote-site networks. High availability is supported through SSO, which provides sub-second controller failover without requiring the wireless client to re-authenticate. Introduction April 2014 7

Description:
Deploy ubiquitous wireless access, including basic wireless guest access.
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.