Professional Documents
Culture Documents
5 Detail Description of Technology Used: Understanding WLAN Controllers
5 Detail Description of Technology Used: Understanding WLAN Controllers
CAPWAP: Control and Provisioning of Wireless Access Points is used between APs
and WLAN controller and based on LWAPP.
CAPWAP carries control and data traffic between the two Control plane is DTLS
encrypted Data plane is DTLS encrypted (optional)
LWAPP-enabled access points can discover and join a CAPWAP controller, and
conversion to a CAPWAP controller is seamless
CAPWAP is not supported on Layer 2 mode deployment
Mobility Defined
Mobility is a key reason for wireless networks. Mobility means the end-user device is
capable of moving location in the networked environment.
Roaming occurs when a wireless client moves association from one AP and re-
associates to another, typically because it’s mobile.
Mobility presents new challenges: Need to scale the architecture to support client
roaming— roaming can occur intra-controller and inter-controller Need to support
client roaming that is seamless (fast) and preserves security
Scaling the Architecture with Mobility Groups
Mobility Group allows controllers to peer with each other to support seamless
roaming across controller boundaries.
APs learn the IPs of the other members of the mobility group after the LWAPP Join
process
Support for up to 24 controllers, 3600 APs per mobility group ! Mobility messages
exchanged between controllers
Data tunneled between controllers in EtherIP (RFC 3378)
Roaming Requirements
Roaming must be fast, Latency can be introduced by: Client channel scanning and
AP selection algorithms Re-authentication of client device and re-keying Refreshing
of IP addresS
Roaming must maintain security Open auth, static WEP—session continues on new
AP WPA/WPAv2 Personal—New session key for encryption derived via standard
handshakes 802.1x, 802.11i, WPA/WPAv2 Enterprise—Client must be
reauthenticated and new session key derived for encryption
Eliminating the (re)IP address acquisition challenge. Eliminating full 802.1X/EAP
reauthentication
Appliance Design
Client will be using Virtual Machines (VMs) for their ISE deployment. There will be
three different build specs used for theses. There will be a build for Admin Nodes,
Monitoring nodes and PSN nodes. Below are the three builds specs used for each
VM.
ISE Objectives
Users, using the same SSID, can be associated to different wired VLAN interfaces
after EAP authentication.
Employee using corporate laptop with their AD user id can be assigned to have full
access to the network.
Employee using personal iPad/iPhone with their AD user id can be assigned to
Guest to have internet access only.
Above fig explains how guest users and employees can be assigned different vlan’s to provide network connectivity.
The objective of the ISE Deployment is to integrate Identity Based Network Solutions
(IBNS) into Wireless Guest network architecture.
The ISE deployment will integrate with the following services:
Microsoft Active Directory
Client Certificate Authority (GeoTrust Certificate)
Wireless Channels
Channels in 2.4GHz
There are only 3 non overlapping channels in 2.4GHz radios and this is the reason
this band congested and currently we are seeing this band as over populated.
CHANNE NORTH
EUROPE
L AMERICA JAPAN
(ETSI)
NUMBER (FCC)
1 ✔ ✔ ✔
2 ✔ ✔ ✔
3 ✔ ✔ ✔
4 ✔ ✔ ✔
5 ✔ ✔ ✔
6 ✔ ✔ ✔
7 ✔ ✔ ✔
8 ✔ ✔ ✔
9 ✔ ✔ ✔
10 ✔ ✔ ✔
11 ✔ ✔ ✔
12 No ✔ ✔
13 No ✔ ✔
14 No No 802.11b only
Channels in 5GHz
Cell Over-Lapping
While doing site survey, vendors have to ensure there is proper overlapping
approximately 15 to 20%, this is enable seamless client roaming from one AP to
another AP without any interruptions in connection.
Co-Channel Interference
Did you notice none of the same channel is overlapping in above diagram, in some
high density wireless environment we may end up reusing the same channel, when
the same channel overlaps then it is considered as co-channel interference and
wireless network is not going to work well.
Usually this channel planning job is taken care by RRM in WLC automatically, but I
want to explain the issues in co-channel interference to everyone, that is the reason
we are talking about co-channel interference here.
Please note as already mentioned in high density wireless environments sometimes
it may be difficult to reuse same channels and it will end up with co-channel
interference.
In Normal office environments we can deploy AP with dipole antenna, if the office
environment is high density, then it is recommended to use internal antenna AP, if
the environment is warehouse with high ceiling, plant, cold storage we have to seek
for antenna recommendations from the site survey vendors, because there are many
different types of antenna which can be used with cisco AP and vendors can
recommend the best by emulating the environment through active survey.