Mobility Begins with Wireless - Cisco · • 5 new WLAN controllers Virtual Controller, 8510, 3850,...

© 2013 Cisco and/or its affiliates. All rights reserved. 1© 2013 Cisco and/or its affiliates. All rights reserved. 1

Mobility Begins with WirelessWalt Shaw

Director, Product ManagementWireless Networking Business Unit

October 2014

© 2013 Cisco and/or its affiliates. All rights reserved. 2

• Key Trends

• Access Point Portfolio

• Controller Portfolio

• Software Roadmap


Simple

Secure

Reduced TCOConnecting People

Connecting Clouds

Connecting Things

Cisco ONE Enterprise Networks Architecture


Device Trends

The first Blackberry with

email was released

• ~300M+ PCs

• ~100M+ Smartphones

• iPhone is unveiled

Smartphones surpassed

PC units sold

• ~600M+ Smartphones

• ~320M+ PCs

• ~iPad is unveiled

Tablets will surpass

PC units sold

• ~1+ Billion Smartphones

• ~300M+ Tablets

• ~250M+ PCs

• 150+ Billion mobile

applications downloaded

Pro

ductivity

20151997 20102007


• >50% of enterprise traffic will originate on Wi-Fi by 2017

• 50% of all new Wi-Fi devices in 2014 will be 802.11ac capable (ABI Research)

• Wave 1 802.11ac has 5+ years of affectivity for Smartphones and Tablets

• Wave 1 802.11ac improves battery efficiency by 2X for Smartphones, Tablets, and Laptops

2007200319991997 20152013

802.11 802.11n802.11b 802.11a/g

802.11ac

Wave 1

802.11ac

Wave 2

1 SpatialStream

3Spatial

Streams

8Spatial

Streams

2 G

iga

bit

Eth

ern

et

Up

lin

ks

2

11

54

24

65

600

450

300

6900**

1300*

870*

430* 430*

6900**

3500**

2340**

**Assuming 160 MHz Is Available and Suitable

Gig

ab

it

Eth

ern

et

Up

lin

k

Performance TrendsGigabit Wi-Fi as primary - Gigabit Ethernet as fallback

1730**2

SpatialStream

4Spatial

Streams

4SS Desktops

3SS Desktops / Laptops

2SS Laptops / Tablets

1 SS Tablets /

Smartphones

*Assuming 80 MHz Is Available and Suitable


Location Accuracy Trends

Access Point

• Association based

Management System

• Probe based

• RSSI & Time

• 5 meters / on demand

Location Engine+Sensor

• Packet based

• RSSI & Time

• 5 meters / 30 seconds

• Historical / Analytics

Location

Engine+Sensor+Algorithm

• Packet based

• RSSI & Time

• Angle of Arrival

• 1 meter / 5 seconds

• Historical / Analytics

Accura

cy

20151997 20102004

AP

w/ Sensor

AP

w/ Sensor


High Availability Trends

LAN & WLAN

• L2 and L3 Protocols

LAN Resiliency

WLAN Redundancy

• LAN Infrastructure

Stateful Switchover

• WLAN Controller

Redundancy

LAN Resiliency

WLAN Resiliency

• LAN Infrastructure

Stateful Switchover

• WLAN Controller and

Access Point Stateful

Switchover

LAN & WLAN

High Availability

• LAN & WLAN

Infrastructure Stateful

Switchover

• WLAN Client Stateful

Switchover

• Non-Stop WLAN Client

session in the event of

a network disruption

Availa

bili

ty

20141997 20122002

99%Uptime

99.9%Uptime

99.99%Uptime

99.999%Uptime


GUEST PRESENCE GUEST ACCESS GUEST EXPERIENCE

DETECT CONNECT ENGAGE

LOCATION ANALYTICSInsights Into Customer Online and Onsite Behavior, Traffic Paths, Dwell Times, Location Density Etc.

• Mobile device and characteristics detected before they enter the venue

• Seamless and secure Wi-Fi connectivity

• Preferences, profile, device and roaming credentials identified

• Highly-relevant content and services based on user attributes and real-time location


“New”

• 11 new Access Points

AP3602, AP2602, AP1602, AP702, AP702W, AP3702, AP1532, AP1552C/CU, AP1552E/EU, AP1552I, AP3700

• 5 new WLAN controllers

Virtual Controller, 8510, 3850, 3650, 5760

• 4 new Access Switches

2960, 3850, 3650, 6800

• 4 new branded technologies

AVC, BSD, SSO HD Experience

• 3 new AP modules

802.11ac Wave 1, WSSI, 3G Small Cell

• 1 new branded platform

CMX


High Density Experience (HDX)

Wall Plate Access Points

ApplicationVisibility

HighAvailability

Internet of ThingsmDNS / Bonjour

Connected Mobile Experiences

IPv6

Software Defined Networks

Manageability


• Key Trends





Mission Specific

600 & 700

Enterprise Class

1700

Mission Critical

2700

Best in Class

3700

Enterprise Best In ClassValue-Based Mission Critical

• Up to 600 Mbps

• 702w: Wall Plate AP

• Hospitality, Dorms, MDU

• 702i: Compact Mid-market AP

• 600: Teleworker

• Up to 1 Gbps

• 3x3 MIMO : 2 SS

• CleanAir Express*

• Tx Beamforming

• Over 1 Gbps, 802.11ac

• 3x4 MIMO : 3 SS

• HDX Technology

• CleanAir 80 MHz, ClientLink 3.0, VideoStream

• Over 1 Gbps, 802.11ac

• 4x4 MIMO : 3SS

• HDX Technology

• CleanAir 80 MHz, ClientLink 3.0, VideoStream

• Future proof modularity: Security, 3G Small Cell, Location Accuracy or Wave 2 802.11ac

802.11n

802.11ac

802.11ac

802.11n

802.11ac

NEW

NEW


• Industry’s first and only 4x4 MIMO: 3 SS 802.11ac AP

• 3X performance of 802.11n 5Ghz WiFi• higher performance at a greater distance

• RF Excellence enabled in hardware

• High Density Experience Technology • Client density scale and performance

• Future proof, • Modular Architecture = investment protection• Security, 3G Small Cell or Wave 2 802.11ac

module options

with Integrated

802.11ac (4x4:3SS)

• 4x4 MIMO

• Modularity Architecture

• Built for Purpose WiFi Chipset

• 128 MB Dedicated Memory


Module 802.11ac

Wave 1(AP3600 Only)

Security 3G Small Cell Hyper Location

Accuracy

802.11ac

Wave 2

Benefits Support new

802.11ac data

clients and

Smartphones, up

to 1Gbps+ wireless

speeds

Full comprehensive

wireless security

posture with off

channel scan for

WIPS, CleanAir,

Rogue Detection,

Context Aware, and

RRM

Provides extended

3G cellular

infrastructure

coverage where

cell tower signals

cannot go (carpet

areas in high rises,

MDUs)

Provides <1m

location accuracy

802.11ac Phase 2

adding support for

Multi-User MIMO

and “switch like’

behavior, up to 2.5

Gbps+ wireless

speeds

Future2015 2015


DSPCPU 512 MHz

DRAM (128MB)

DSP

Customized AP Design

DRAM

(512MB)

Dual-Core*

CPU800 MHz

Cisco’s custom silicon architecture allows for distribution of processing between Radio CPU and

Main CPU along with a 4x4 Antenna Design.

On Radio CPU and memory for distributed packet processing and

optimizing throughput.

Radio – 5GHz

CPU 384 MHz

DRAM (128MB)

Radio – 2.4GHz

ASIC-based RF Architecture Advantagefor High Density Experience (HDX)

Traditional AP Design

DRAM

(512MB)

Dual-Core

CPU

800MHz

Radio – 2.4GHz

Radio – 5GHz

Merchant silicon architecture is heavily dependent on the single

CPU for all functions.

1x Dual Core

Processors

6x Total(1x Dual-Core,

2x Radio,

2x DSP)

512MB

Memory

768MB

*1 Core Enabled Today, 1 Reserved for Future Use

Merchant Silicon

Offering

Cisco AP2700

and AP3700

Merchant Silicon


0

50

100

150

200

250

300

350

5 10 15 20 25 30 35 40 45 50 55 60

MEG

AB

ITS

PER

SEC

ON

D

NUMBER OF CLIENTS

TCP Downlink Throughput 5GHz Multi -Client: Sixty 802.11ac Clients

HDX Multi-Client YouTube video:

http://www.youtube.com/watch?v=C8gfnCVm-3o&

Performance

Cisco

Competition

http://www.youtube.com/watch?v=C8gfnCVm-3o&


AP 3700 + WLC 8500


• Halo module wraps around AP

• 32 extra antennas to turbo-charge Angle of Arrival

• The Halo module supports the capability to detect Bluetooth beacons as well


$495 List

Compact wired + wireless solution for Multi Dwelling Unit (MDU)

Hospitality, Higher Ed dorms, Healthcare

Simultaneous Dual Radio, Dual Bandwith Integrated Antennas

4 GigE Ports

1 PoE Out Port

Mountable and lockable to most junction box worldwide

VLAN tag support in CUWN 8.0/IOS XE 3.6

Aironet 700w Series

20© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Aironet Outdoor Access PointsIndustry’s Best 802.11n & 802.11ac Series

Base

1530

High-Functionality

1550

Best in Class

1570

• Low Profile, Low Price

• Europe: Low Profile

• Emerging SP: Low Price

• Enterprise: Low profile & Price

• 11n, 2G: 3x3:3; 5G: 2x3:2

• Int/External Antennas

• Multiple models & features

• Enterprise, MSO

• DOCSIS3.0 8x4

• 11n, 2x3:2


• High-end Enterprise, MSO

• 11ac, 4x4:3

• NG-Cable: 24x8


• Modular: Future Proof

NEW


Ideal for Campus coverage between buildings, seamless indoor to outdoor to indoor roaming

Small and ruggedized IP67 design for outdoors

Blends into the environment

Innovative flexible port architecture: dual or single band external antenna configuration via software

Flexible deployment modes: centralized, standalone, bridge, mesh, or daisy chain


• Key Trends





AUTONOMOUSCLOUD MANAGED FLEX CONNECT CENTRALIZED CONVERGED

• Common OS• Lean IT

• Mid-Market / Distributed Enterprise

• Intended for static installations• SP Hotspots

• Data center hosted controller• Distributed enterprises

• Premise-based controller• Traditional Overlay Model

• Highly Scalable

• Common OS• Consistent Wired/Wireless

• Highest performance

• MR Access Points• MS switches

• MX security• Dashboard

• Aironet Access Points• 11ac: 3700 / 2700

• 11n: 1600 / 700• Catalyst Switches

• 3850 / 3650

• 2960-X • Controllers

• N / A



• 6800/4500/3850/3650

• 4500-X / 2960-X• Controllers

• 8510 / 7510



• 6800/4500/3850/3650

• 4500-X / 2960-X• Controllers

• 8510 / 5760 / 5508 / WiSM2 / 2504 / vWLC



• 6800/4500*/3850/3650

• 4500-X • Controllers

• Integrated

• 5760 external MC*

Dashboard

WAN Intranet

Cisco Unified Access: 1 Architecture, 4 Deployment ModesCisco Cloud Networking

* Roadmap

Prime ISE


2500 Virtual WLC e.g. UCS-E on ISR G2

Flex 7500

850057605508 WISM2

Catalyst 3850

VirtualController

• 12 to 500 APs• 7000 clients• 8 Gbps

• 300 to 1000 APs• 15,000 clients• 20 Gbps



Large Campus and Service Provider

Small Campus / Branch (Controller On-Premise) Branch (Controller in DC)

• 5 to 75 APs• 1000 clients• 1 Gbps

• 5 to 200 APs• 3000 clients• 500 Mbps

• 1-50 APs per switch/stack(Directly connected APs)

• 2000 clients per stack• 40 Gbps per switch

• 5 to 200 APs• 3000 clients• 500 Mbps


• 1-25 APs per switch/stack(Directly connected APs)

• 1000 clients per stack• 40 Gbps per switch

Catalyst 3650

NEW

Now starts

at 100APs


WLAN Sub Second

Recovery/Convergence

Client Application Session Maintained

AireOS7.4 and IOS 3.3:

1:1 SSO—AP

Stateful Switchover

L3 NetworkAP State

Sync

AireOS And IOS

N:1 Redundancy

L3 NetworkAP Failover

HA Controller

Primary Controller’s

AP SYNC

Primary Controller

HA Controller

AireOS 7.5 and above 1:1 SSO—AP and *Client* Stateful

Switchover State Sync Over Any L2 Network

L3 Network

AP SYNC

AP and

Client

State

Sync

Primary Controller

HA Controller

L2 Network

Client

State

SYNC

7.4AP SSO with controllers

connected with ethernet

7.5Geo-separated

Client SSO

7.6Automatic recovery on

network re-convergence

8.0Various infrastructure

changes

http://www.cisco.com/en/US/products/ps10315/index.html















• AireOS 7.5 and IOS 3.6

• Granular Policy

Per User (role from AAA, MSAD)

Per Device (profiling)

Per Application (AVC)

• Flexible Policy Actions

• Rate limit, Prioritize, Drop traffic

• BYOD basic onboarding

• Vlan, ACL assignment

ACTIONS

RADIUS

Auth

AD memberOf = cisco-

av-pair

Device

ProfilingAVC

DEVICETYPE

USER ROLECISCO-AV-PAIR

Faculty

Student

APPLICATION NAME

Voice

Video

BIND

PrioritizeQoS

DropACL

Change VLANVLAN

Service PatchingBonjour

WLC

Release 8.0 Adds:1. Tie-in to AVC & Bonjour

2. Support for 150 device profiles

3. ability to download device

profiles dynamically w/o WLC

image upgrade


Port Level Visibility

HTTP = 75%

SMTP = 15%

FTP = 2%

Telnet = 1%

SNMP = 3%

L4 Port Session Visibility and Control

View, Control and

Troubleshoot – End User

Application Experience

NBAR2 LIBRARYDeep Packet inspection

Traffic

Real Time

Interactive

Non-Real Time

Background

POLICY

Packet Mark and

Drop

Wireless LAN ControllerVisibility to the port level interaction but not the

applications running within the port

• NBAR2 accurately classifies many more apps vs URL & Port based competitors e.g. Youtube, FileZilla, Facetime, Skype, Bonjour

• Only Cisco supports dynamic protocol pack updates to support ever-growing library of apps

• Rich per-user, per-app policy and history on all controllers in the portfolio without ANY additional licenses

BeforeApplication View and Control Based On L4 Port Sessions

AfterNetwork Based Application Recognition—NBAR2

Deep Packet Inspection and App ID



http://images.google.fr/imgres?imgurl=http://www.nowhereelse.fr/wp-content/docs/youtube-logo5.jpg&imgrefurl=http://www.nowhereelse.fr/youtube-live-video-streaming-12525/&usg=__MyBsEJIR3joE8gm-rBq5Wel1qGA=&h=428&w=570&sz=33&hl=fr&start=1&sig2=z2krQGjzyqJMHPDfVwLLvg&um=1&tbnid=RKDnixEb39ds5M:&tbnh=101&tbnw=134&prev=/images?q=video+streaming+logo&hl=fr&safe=off&rlz=1T4GGLL_frFR328FR328&um=1&ei=0czJSp79EcSD4QaBkoTHAQ


http://images.google.fr/imgres?imgurl=http://elbconsultingllc.com/images/SAP-Logo.jpg&imgrefurl=http://elbconsultingllc.com/index.html&usg=__ttrD8hVR0ZecJBAgUc1jjcxqsZQ=&h=551&w=945&sz=36&hl=fr&start=1&sig2=eDSzYadbfwaGzGedWvK1-g&um=1&tbnid=9f5hdQ6CnNYH3M:&tbnh=86&tbnw=148&prev=/images?q=sap+logo&hl=fr&safe=off&rlz=1T4GGLL_frFR328FR328&um=1&ei=reDBSv2WCZa7jAfWrvXgBQ







Deep Packet Inspection

Example

Three classifications flows for Microsoft Lync & Cisco

Jabber

MS-Lync Media

(Audio Flow)

MS-Lync

(Desktop Sharing, Chat)MS-Lync Media

(Video Flow)

*Cisco is now MS-LYNC Certified. A certification landing page is in coming soon


Med

AVC Profile – Drop Bittorrent

Control application

usage and

performance

Control

Low

High

Medium

Low

Custom DSCP Marking

Predefined Markings for Voice, Video,

etc.

AVC Profile – Mark Citrix


User and Device specific Application Policies

ROLE BASED APPLICATION POLICY

• Alice(User) and Bob(IT Admin) are both employees

• Both Alice and connected to same SSID.

• Bob can access certain applications (for e.g. YouTube), Alice cannot

ROLE BASED + DEVICE TYPE APPLICATION POLICY

• Alice can access inventory info on an IT provisioned Windows Laptop

• Alice cannot access inventory info on her personal iPAD

ROLE BASED + DEVICE TYPE + APPLICATION SPECIFIC POLICY

• Alice has limited access (rate limit) to Skype on her iPhone

7.4AVC

7.5Dynamic protocol

pack update

7.6Ability to classify

Jabber, Lync 2013, etc.

8.0User and device

aware policy tie-in


CAPWAP Tunnel

AirPrint

Apple TV

VLAN 23

VLAN 20

VLAN 99 iPad

Cache:TV1 – VLAN 20

TV2 – VLAN 23

Bonjour Response

From Controller

7.4Bonjour Gateway

7.5RRM based location

tie-in

8.0Per user-group,

granular location

policies


Location aware Bonjour + AVC: per user, per device type

MEETING ROOM: Wired AppleTV’s and wireless clients

Use Case 1: On same vlan, employee can project from iPad to AppleTV but guests cannot. Filter out non-local AppleTVs

Use Case 2: Employee can allow guest to project to AppleTV – PI 2.2 H2 14

IT MANAGED DEVICES

ACCESS TO RESOURCES: Wired AppleTV’s and wireless clients

Use Case 3: Employees should be provided a list of nearby

printers and allowed to print. Guests should not

USER MANAGED DEVICES

BYO Devices: User managed AppleTV’s/ Printers (wireless/wired) and wireless

clients: ISE H1 CY15

Use Case 4: Only employee who owns the Bonjour Service is able to use it.

Use Case 5: Employee 1 allows Employee 2 to access their Bonjour service


Intuitive MonitoringWLAN Express Setup Wizard

• Simplified User Interface

• No console cable or CLI terminal

• Basic Employee and a Guest WLAN

• Improved Guest captive-portal

Best Practices ON by default

• Band Select

• Radio Resource Management

• Clean Air and intrusion detection

• Application Visibility

• Client Profiling

• Bonjour Service Directory

• Internet only Guest Access Controls

• Best practice default settings

Available on CT2504 software release 7.6.120.0 or later



NE

TW

OR

K D

ES

IGN Enable High Availability (AP and Client SSO)

Enable Pre-image download

Enable AP Failover Priority

Enable AVC (application visibility and control)

Enable NetFlow in your WLC

Enable local Profiling (DHCP and HTTP)

Enable VLAN Pooling

Enable NTP

Enable FlexConnect Groups

Enable “FlexConnect AP Upgrade”

Enable 802.1x and WPA/WPA2 on WLAN/SSID

Change advance EAP timers

Enable SSH and SNMPv3

Enable DHCP proxy

Enable 11w / 11k and 11v ?

Enable client exclusion

Enable rogue classification

Enable LSC (Logically Significant Certificate)

Enable IDS / WiPS

Install WSSI / Security module to monitor all channels

Enable “Max Concurrent Logins for a user name”

Enable strong password policies

Enable ACL on your WLAN

INF

RA

ST

RU

CT

UR

E

Enable EoIP for guest anchor WLC

Enable external or internal webauth for guest

Enable “Split Tunneling “ for OEAP

Enable Fast SSID change

Enable per-user band width contract

Enable WMM

Enable Qos on your WLAN

Enable Multicast Mobility for large mobility

domains

Enable 802.1x authentications for AP

WIR

EL

ES

S / R

F

http://www.cisco.com/c/en/us/td/docs/wireless/technology/wlc/82463-wlc-config-best-practice.htmlS

EC

UR

ITY

Disable 11b data rates

Restrict number of WLAN/SSID below 3

Enable channel bonding – 40 or 80 MHz

Enable BandSelect

Use AP Groups & RF Groups

Use RF Profiles to meet network needs

Set the RSSI Low Checks

Enable RRM (DCA & TPC) to be auto

Enable Auto-RF group leader selection

Enable Cisco CleanAir and EDRRM

Enable Noise &Rogue Monitoring on all channels

Enable Client Load Balancing


Standard Benefits Vendor/Release AireOS Release IOS Release

11r Standard for

roaming

Apple iOS 6 7.2.110.0 3.3

11k Neighbor List Apple iOS 6 7.4 3.3

11u HS 2.0 Apple iOS 7, Samsung 7.3 Future

11v Power Save Apple iOS 7 8.0 Future

11w Mgmt Frames Microsoft Windows 8 7.4 3.3



1. Associated device send

packets for regular data

access only to connected

access points (A)

2. Other AP (B,C) that “hear”

that MAC address talking to

associated AP can report on

signal strength to WLC/MSE

3. Additional smart techniques

are used for quiet devices


• Close-proximity (iBeacon) and site-wide location (CMX) for broad range of use cases - Coexist today.

• 8.1 Integration: Provides visibility and secures iBeacon/BLE deployments

• AP-based spectrum analysis (CleanAir) and MSE location capabilities detect and locate iBeacons

• Strong roadmap for site-wide iBeaconmanageability and control


Probe Occurs every 60 Seconds Packet RSSI every 6 seconds

Zone A Zone B Zone C Zone A Zone B Zone C

Analytics CAN NOT capture all zone utilization

Location Zones Location Zones

Analytics captures all zone utilization


Summary

• ASIC-based 802.11ac Access Points with HDX Technology

• Industry Leadership with Standards Evolution

• Client Stateful Switchover for WLCs

• Optimized for Webex, Jabber, Lync, Skype and other real-time applications

• Location accuracy innovation with Data Packet RSSI and Bluetooth Low Energy technology

Summary


Thank You

Date post:	13-Jul-2020
Category:	Documents
Upload:	others
View:	5 times
Download:	0 times

Mobility Begins with Wireless - Cisco · • 5 new WLAN controllers Virtual Controller, 8510, 3850,...

Documents