Content
In a Celona network, AI algorithms are programmed to constantly monitor your network performance for each MicroSlicing policy to ensure SLAs are being met for critical applications. The Celona AI engine works to optimize network performance and can even redirect traffic across different paths within the Celona mobile core. Roaming features also allow devices to use the public wide area networks while transitioning back to the private network if there is a lapse in coverage. This feature is ideal for companies that operate in large spaces such as farmland, oil fields, or large corporate campuses. This also allows employees to utilize dual SIM technology to authenticate once inside the network and return to their standard cellular service when they leave.
FlexConnect is designed to support wireless branch networks by allowing the data to be switched locally within the branch site, while the access points are being controlled and managed by a centralized controller. The Cisco Flex 7500 Series Cloud Controller aims to deliver a cost effective FlexConnect solution on a large scale. The Cisco 5520 Series Wireless LAN Controller is a highly scalable, service-rich, resilient, and flexible platform that is ideal for medium-sized to large enterprise and campus deployments. As part of the Cisco Unified Access Solution, the 5520 is optimized for the next generation of wireless networks, 802.11ac Wave 2. Widespread mobility and cloud adoption require an enhanced approach to protecting users, applications, and data. A zero-trust security framework helps to prevent unauthorized access, contain breaches, and reduce the risk of an attacker’s lateral movement through the network.
All of the fast secure roaming methods have their advantages and disadvantages, but in the end, you must verify that the wireless client stations support the specific method that you want to implement. You must select the best method that is supported by the wireless clients that connect to the specific WLAN/SSID. Redundancy is provided by deploying multiple controllers on the network which provide backup and share load.
Global—The prefer-mode is pushed to the default AP Group and all other AP-Groups on which the prefer-mode is not configured. Note that the prefer-mode cannot be manually defined on for the default AP Group. AP-Group Specific—The prefer-mode is pushed to an AP only when the prefer-mode of an AP-Group is configured and the AP belongs to that group. Note Please consult your Local Government regulations to ensure that DTLS encryption is permitted. IPv6 Deployments—At least one WLC should be configured for both IPv4 and IPv6 to support APs with older firmware that does not support IPv6.
Featured Network Infrastructure post
In this example a pair of WLCs are connected to a dedicated services switch block that connects to the core layer. The services switch block is a pair of Catalyst switches configured for multilayer or VSS. The services switch block is connected to the core layer using layer 3 links implementing EIGRP or OSPF for route aggregation. A mobility group is a set of controllers, identified by the same mobility group name that defines the realm of seamless roaming for wireless clients.
The small campus in this example is a single building with multiple access layer switches. Technologies such as multigig wireless can finally give you the best of both worlds — a speedy wireless network to boost effectiveness with security that will give you confidence. Wireless technologies are getting more deeply embedded in enterprise processes and services. Meanwhile, edge computing is evolving which of the following enterprise wireless deployment models to move processing closer to the physical location where things and people connect.
Chapter: Cisco Unified Wireless Technology and Architecture
This architecture also allows for faster convergence during a distribution layer failure as only a subset of the entries need to be re-learned by the affected distribution layer. If the campus deployment supports fewer than 25,000 clients, a centralized WLC architecture can be employed where the WLCs are connected to the core by means of a dedicated switch block . Figure 2-43 shows additional details for the wireless services block for a large campus deployment. In this example each pair of WLCs are connected to the distribution layer switches within each building.
An AP is normally configured with a list of one to three WLC management IP addresses that represent the preferred WLCs. – DNSv6 Discovery—Address records are defined on the name server for the cisco-capwap-controller hostname for each WLC managed IPv6 address to be supplied to the AP. When queried, the name server will respond with a list of IPv6 addresses for each AAAA record that was defined. – DNSv4 Discovery—Address records are defined on the name servers for the cisco-capwap-controller hostname for each WLC managed IPv4 address to be supplied to the AP.
Cisco Aironet 3600 Series
The Aironet 1600 Series also provides at least six times the throughput of existing 802.11a/g networks. As part of the Cisco Aironet Wireless portfolio, the Cisco Aironet 1600 Series access point provides low total cost of ownership and investment protection by integrating seamlessly with the existing network. With an entry-level path to 802.11n migration, the Aironet 1600 Series can add capacity to the network for future growth for expanding applications and bandwidth. For most deployments, DHCP or DNS discovery is used to provide one or more seed WLC addresses. A subsequent WLC discovery response provides the AP with a full list of WLC mobility group members.
- The equivalent WISM2 design consisting of two Catalyst 6500 series chassis in a VSS configuration each with a WiSM2 module installed.
- The WiSM2 helps to lower hardware costs and offers flexible configuration options that can reduce the total cost of operations and ownership for wireless networks.
- If a CAPWAP packet from an AP enters the controller on physical port 1, the WLC removes the CAPWAP wrapper, processes the packet, and forwards it to the network on physical port 1.
- The Cisco Aironet 600 Series OfficeExtend Access Points provide highly secure enterprise wireless coverage to home.
The Internet Engineering Task Force standard Control and Provisioning of Wireless Access Points Protocol is the underlying protocol used in the Cisco Centralized WLAN Architecture . CAPWAP provides the configuration and management of APs and WLANs in addition to encapsulation and forwarding of WLAN client traffic between an AP and a WLAN controller . Private cellular wireless provides an extra layer of security through SIM authentication. Small SIM cards inside each device provide authentication and identification details for each company asset. This creates an environment where only whitelisted devices are allowed to operate, which can be paired with additional forms of security such as two-factor authentication. Cellular connectivity has built in features that help provide a consistent and robust connection, even under difficult conditions.
The APs are configured to use the permanently licensed WLC as their primary WLC and the HA-SKU WLC as their secondary WLC. A Cisco Unified Wireless Network provides two architectures to support remote branch offices connected over a wide area network . For branch sites network administrators can implement APs operating in local or FlexConnect modes. Both CUWN architectures operate differently and solve different business needs.
Zero-trust networks
The 1700 Series meets the growing requirements of wireless networks by delivering better performance than 802.11n and providing key RF management features for improved wireless experiences. With Wi-Fi, it’s possible to manage Quality of Service across different devices and applications, but not service level agreements for throughput, latency/jitter and packet error rate assignment. This will have to be achieved through the use of a private cellular wireless network for the relevant critical mobile and IoT device infrastructure. A well-designed enterprise network provides the proper connectivity for all users, things, devices, and applications present in an organization, as appropriate for the role, purpose, and location of each. The WLCs connect to the distribution switches using static port-channels configured for 802.1Q VLAN tagging.
Perpetual enrollments include Multiparty Suite and Customer Collaboration Suite. Subscription enrollment includes Calling and Meetings for the Cisco Collaboration Flex Plan. The customer will not be charged for the overages in the final year of the term. Explore the possibility to hire a dedicated R&D team that helps your company to scale product development. Deployment progress should be summarized at regular intervals in progress reports to show a comparison between planned and actual elements.
IPv6 Client Mobility
If continuous wireless coverage is provided between some of the zones, the WLCs servicing those zones maybe assigned to the same Mobility group. Wireless clients will be able to maintain their network membership within those zones and be assigned to a new network when they connect enterprise wireless deployment to an AP in a separate zone. The Mobility group design for a very large campus is also an important consideration and is dependent on the wireless coverage provided between the buildings and zones. Ideally the buildings placed into each zone representing a wireless coverage area.
AP Group Applications
To address these challenges, IT professionals need a comprehensive solution that enables them to manage the network from a single graphical interface and the solution is Cisco Prime Infrastructure. It provides lifecycle management and service assurance networkwide, from the wireless user in the branch office, across the WAN, through the access layer, and now to the data center. Thanks to Celona’s 5G LAN solution, enterprises can now build their own private infrastructure to support their mobile networks. Owning your own infrastructure provides better security and overall control of your data. Businesses that have to adhere to compliance standards such as HIPAA can use private cellular connectivity to improve data security and device level policy enforcement.
All CAPWAP management and control traffic exchanged between an AP and WLC is encrypted and secured by default to provide control plane privacy and prevent Man-In-the-Middle attacks. This can take time to plan out your access and routing policies but will be well worth it in the management phase of your deployment. You may encounter times when certain access rules need to be specified to make sure devices work. If a company device connects to the guest Wi-Fi, will their corporate email still work? Without a doubt, this will be the most crucial step when building out your wireless network.
Reducing broadcast domain sizes by mapping WLAN clients to different interfaces or interface groups within a WLC. For example in a campus deployment, AP groups can be employed to map WLAN clients in separate buildings or floors to separate interfaces or interface groups on a single WLC. Controlling which WLANs are advertised by APs within specific geographic locations. For example in a campus deployment separate AP groups can be employed to only advertise a guest WLAN in public areas vs. campus wide. For retail deployments AP groups can be employed to advertise unique SSIDs for different brands stores or to provide guest Wi-Fi services to subsets of retail stores.
Distributing the WLCs between the buildings provides several scaling advantages as the number of wireless clients supported by a CUWN increases. As more devices are added to the wireless network, the number of layer 2 and layer 3 table entries that are processed and maintained by the service block switches increases exponentially. Figure 2-41 shows additional details for the wireless services block for a medium campus deployment.