Topic: Using Cisco wireless architectures and AP modes

What would a typical midmarket Cisco wireless LAN controller consist of these days? Meet the Cisco Catalyst 9800-L wireless controller (see Figure 13.1).

This unit offers the following features and hardware:

• ▸ Support for 5 Gbps throughput

• ▸ Support for 250 APs

• ▸ Support for 5000 clients

• ▸ 2x 10G/Multigigabit copper or 2x 10G/Multigigabit fiber

• ▸ 4x 2.5G/1G copper physical ports

• ▸ Console port

• ▸ Several deployment modes: Centralized (local), Distributed Branch (Cisco FlexConnect), SD-Access Wireless (fabric)

• ▸ A maximum of 4096 supported VLANs

• ▸ A maximum of 4096 WLANs

• ▸ High-availability support with Stateful Switchover (SSO)

• ▸ Link aggregation (LAG) for physical ports on the controller. (You configure an EtherChannel on the upstream switch to support the local LAG.)

These impressive controllers from Cisco Systems offer many management options. For example, you can use a web-based GUI, the CLI, Cisco DNA Center, Netconf/YANG, or the Cisco Prime Infrastructure to manage the WLC.

This controller supports all of your favorite management protocols and options, including Telnet, SSH, HTTP, HTTPS, and the console (serial). The Cisco WLC also supports the TACACS+ and RADIUS security protocols.

While the information listed here applies to the physical WLC appliance, keep in mind that you can also deploy the WLC functionality embedded in a Cisco switch, and there is also a virtualized cloud version.

When configuring a wireless LAN controller, you need to configure profiles for each of the following:

• ▸ WLAN

• ▸ Policy

• ▸ Site

• ▸ RF

You then configure the following tags for identification:

• ▸ Policy

• ▸ Site

• ▸ RF

Finally, you associate the appropriate tags to the appropriate access points in your infrastructure.

A major portion of your work on a controller involves configuring the wireless LAN. As mentioned earlier, you can create a whopping 4096 WLANs on the device. Each WLAN has a separate WLAN ID, a separate profile name, and a WLAN SSID.

A WLC can publish up to 16 WLANs to each connected access point. However, you can create the maximum number of supported WLANs and then selectively publish them (using access point groups) to different access points for managing your wireless network. Each WLAN can feature a different SSID, or multiple WLANs can all have the same SSID.

In addition to setting required parameters such as the RF band in use for the WLAN, you can set many advanced properties. For example, you can set various session timeout values, and you can even configure Cisco Compatible Extensions (CCX) so that you can have your WLC work with products from vendors other than Cisco.

Important quality of service (QoS) settings are available to help keep your wireless clients happy and productive. You can configure the following in this regard:

• ▸ SSID and client policies on wireless QoS targets

• ▸ Marking and policing of wireless traffic

• ▸ Mobility support for QoS

• ▸ The precious metal policies that come preconfigured on the controller, including the following:

  • ▸ Platinum for VoIP clients

  • ▸ Gold for video clients

  • ▸ Silver for traffic that can be considered best effort

  • ▸ Bronze for non-real-time (NRT) traffic

As you might guess, WLAN security profiles are critical configurations that you make on a WLC for your wireless infrastructures. Example 13.1 shows how such a profile is configured using the CLI on a WLC.

Example 13.1 Configuring WLAN Security Settings

Click here to view code image

Device# configure terminal
Device(config)# wlan mywlan 1 AJSneteworking
Device(config-wlan)# security wpa
Device(config-wlan)# security wpa wpa2 ciphers aes
Device(config-wlan)# end

How does the WLC connect to the various access points it manages in a secure fashion? Control and Provisioning of Wireless Access Points (CAPWAP) is the standard typically used. CAPWAP is based on Lightweight Access Point Protocol (LWAPP).

Remember that the access points (APs) that Cisco offers can typically operate in one of two overall modes:

• ▸ Autonomous: In autonomous mode, the access point does not need a wireless LAN controller for its operations. It possesses all the control plane intelligence it needs to function on the network and provide wireless services. Unfortunately, the feature set available and your ability to monitor and control the device are more limited. Notice that while “autonomous” sounds great, in the context of Cisco wireless solutions, it is actually not the preferred method. It might, however, be the perfect solution for very small office deployments where the power of a WLC is not needed.

• ▸ Lightweight: In lightweight mode, the access point requires a WLC in order to function properly on the network. Lightweight APs from Cisco can run in a number of different operational modes, as follows:

  • ▸ Local: This is the default mode in most deployments.

  • ▸ REAP/H-REAP/FlexConnect: Remote Edge Access Point (REAP) is used to address scalability issues with local mode when accommodating multiple remote locations.

  • ▸ Bridge: This mode permits bridging of the wired and wireless infrastructures.

  • ▸ SE-Connect: SE-Connect mode allows you to connect to the LAP using Cisco Spectrum Expert and gather vital information about the RF spectrum surrounding the LAP.

  • ▸ Sniffer: A LAP operating in Sniffer mode is strictly for troubleshooting purposes.

  • ▸ Rogue Detector: Rogue Detector mode connects to the wired infrastructure, usually over a trunk link, and watches the traffic traversing the VLANs.

Review Questions

1. What is a popular single-pane-of-glass approach to managing a Cisco WLC and other key Cisco components of the network infrastructure?

A. Cisco Configuration Manager

B. Cisco GUI Manager

C. DNA Center

D. CiscoWorks

2. What is the total throughput possible with a Cisco 9800 series WLC?

A. 5 Gbps

B. 10 Gbps

C. 40 Gbps

D. 80 Gbps

3. What technology permits high-availability configurations with physical ports on Cisco wireless LAN controllers?

A. VTP

B. STP

C. LAG

D. PoE

4. Which of the following are supported QoS settings for a WLAN built by a WLC? (Choose two.)

A. Mobility support

B. Buffered queuing

C. Dynamic buffer expansion

D. Marking and policing

Answers to Review Questions

1. C is correct. Cisco DNA Center is a single-pane-of-glass solution for the management of Cisco WLCs and other Cisco devices.

2. A is correct. 9800 series devices offer total throughput of 5 Gbps.

3. C is correct. WLCs support link aggregation (LAG), which permits the link bandwidth to be bundled together. LAG promotes high availability because even in the face of a failure of one link, the bundle can continue to forward traffic using surviving link members.

4. A and D are correct. QoS settings are possible through profiles. You can configure mobility support, marking and policing, and even prebuilt settings based on traffic classes.

Additional Resource

Fundamentals of Wireless Controllers

https://youtu.be/ZFTgI-2gWsI