Enterprise Infrastructure Design Scenariosbr.Comstor.com/documents/41459/Enterprise...

© 2010 Cisco Systems, Inc. All rights reserved. CUWN v7.0—6-1

WLAN Deployment Design Scenarios

Renato Saraiva, CCIE # 25336

Partner Systems Engineer

[email protected]

Enterprise Infrastructure Design Scenarios


Enterprise WLAN Requirement

A WLAN that allows computer users in a company to access any data or computing resource on both the intranet and internet.

– The Enterprise WLAN is business critical

If the network fails, the company is losing productivity

All users have credentials and must authenticate

Intrusion prevention and detection is required

Network is likely to:

– Have multiple locations on multiple floors.

– Be comprised of hard wall and cubicle work space.

Mobility is important especially for voice applications

May support guest users with scavenger class of service


Bandwidth

QualityScale

Enterprise WLAN Criteria (Cont.)

Cisco

Media

Ready

WLANVideoStream

ClientLink

End-to-End QoS

Call Admission

Control

Spectrum

Analysis

802.11n

BandSelect &

LoadBalance

The Enterprise WLAN supports multiple applications.

– Data

– Voice

– Video

– Context aware services

Location


Enterprise WLAN Design—Data

Generic guidelines for only data application

5000 ft2 per AP (1 ft2 = .093 Sq m2) or 464,52 m2

– 80,000 ft2 of carpeted area may require 16 APs

Used only to build a quick bill of materials

10% overlap of coverage cells for roaming support

– AP at 60% power for coverage redundancy

In case of AP failure

– Average -75dBm at the edge of each cell

Can only be confirmed by site survey


Enterprise WLAN Design—Data and Voice

Generic guidelines for voice and data applications

3000 ft2 per AP (1 ft2 = .093 Sq m2) or 278,71m2

– 80,000 ft2 of carpeted area may require 27 APs

Used only to build a quick bill of materials

15% overlap of coverage cells for roaming support

– AP at 60% power for coverage redundancy

In case of single AP failure

– Average -67dBm at the edge of each cell

Can only be confirmed by site survey

Implement Cisco Centralized Key Management

– Reduces latency associated with roaming

Do not implement Cisco Aggressive Load Balancing


Enterprise WLAN Design—Video

Generic guidelines for voice and data applications still apply.

Maximum of 20 clients per AP.

– Each multicast will be sent as a unicast to subscribed clients.

Each unicast will be sent to each device at their connected data rate.

– Changes dynamic of multicast being sent at lowest common denominator data rate.

– Must implement Cisco VideoStream technology.

Confirm that LAN can support multicast traffic loads prior to allowing application on WLAN.

– Implement IGMP snooping to prevent LAN from being overwhelmed with multicast traffic.


Enterprise WLAN Design—Location

Generic guidelines for video, voice or data applications still apply

AP placement must take triangulation into consideration

– Effective location requires three APs to detect signal

AP placement should be staggered

AP density should be greater

– Requires AP placement at the perimeter of building interior

– May require AP placement outside building perimeter.

Not a typical deployment for Enterprise WLAN

– Devices typically are used and located within the building

More typical deployment of HealthCare WLAN

– Devices may require connectivity and location outside of the building

– Devices may be restricted from leaving a building


Enterprise WLAN Solution Design


Enterprise WLAN Solution Design (Cont.)

The complete generic WLAN design solution is required for the Enterprise WLAN solution due to business critical classification.

WLAN controller choice:

– Based on current topology and total AP count – WLC5508 or WiSM2

– Designed with n+1 for failure redundancy

WLAN controller placement:

– Consider desired data flow for placement in network

Majority of implementations place controller at core

– Data flows to core for routing

– Seamless roaming

Some implementations place controller at edge

– Supports slow interconnection from access to core

– Keeps majority of data at access

5508 WLAN Controller Cisco WiSM-2



Implement 802.1X infrastructure:

– RADIUS server with EAP support for client authentication

– Dynamic keys and encryption for security

Minimize the SSID required to support applications:

– Create SSID based on authentication types

Place user in appropriate VLAN by user credentials

Quality of service can be implemented per VLAN using 802.1p:

– Voice only devices would be on separate VLAN

– Implement Session Initiation Protocol (SIP) flow detection of voice application from data device to provide priority

Skype



Utilize IPS

– Implement rogue classification policy

Malicious AP: AP not part of infrastructure using same SSID—should be contained

Friendly: Neighboring AP using unique SSID

Unclassified: Default value for all detected APs

– Implement client authentication policy

Exclusion list inappropriate clients

– Criteria based on number failed authentication attempts

– Monitor message logs

Note integrated signature violations



Utilize standard network management systems

– Syslog server

Implement syslog server to provide appropriate context

– Network time protocol server

Implement network time protocol server to provide accurate time stamps and activity correlation



APs

– Consider external antenna requirements

Mounting on ceiling, enclosure or wall

AP1130 AP1140 AP3500 AP1240 AP1250 AP1260 AP3500e



Aps

– Utilize Cisco RRM feature

Reduce interference from signal emitting devices

Reduce co-channel interference by optimizing channel configuration

Ch 1

Ch 6

CH 11



H-REAP or local controller for remote office support

– H-REAP not recommended to support video

– Solution based on following criteria

Desired data flow

Application latency requirements

– Determine required bandwidth from AP to controller

Required roaming

– Layer 2 roaming is supported by H-REAP

– Layer 3 roaming is not supported by H-REAP

WAN Link

(T1, DSL, FR)

Remote Office

Main Office CAPWAP Control

VLAN 101

LOCAL VLAN

Centrally Switched Client

Data

Locally

Switched

Client

Data



WCS

– Required for consistent multi-controller configuration

– Provides WLAN management tools for peak performance

Controller and AP templates

Location

Reports

Heat maps

Security audits

Location readiness tool

Voice readiness tool

Client troubleshooting tool



MSE (Mobility Service Engine)

– Required for multiple device client location

Location notification

Location tracking

– Historical data collection

– CleanAir support

Persistent channel avoidance

Interference correlation

– Advanced intrusion detection signatures

MSE 3310

CAS: 2,000 DevicesWIPS: 2,000 AP’s

CAS: 18,000 / >18,000 Devices *WIPS: 3,000/ >3,000 AP’s *

MSE 3355



Spectrum intelligence

– Required for effective troubleshooting

Stand alone console

Integrated into APs with CleanAir technology

Site survey tool

– Required for effective WLAN measurement

Packet capture analysis tool

35

20

63

97

90

100

Good

Bad


Summary

Enterprise WLAN Solutions allow computer users in a business setting to access any data or computing resource on both the intranet and internet and support multiple applications.

The data-only application requires 1000 square feet per AP and 10% overlap of coverage cells for roaming support.

The data and voice application requires that Cisco Centralized Key Management be implemented, not Cisco Aggressive Load Balancing.

The video Enterprise WLAN Solution uses the generic guidelines for data and voice applications and allows a maximum of 20 clients per AP.

If a location is to be implemented, different AP densities and AP placement schema may be required.

The integration of the Cisco WLAN solution into an existing multi-site data network infrastructure is shown as an example of an Enterprise WLAN Solution.

Enterprise Infrastructure Design Scenariosbr.Comstor.com/documents/41459/Enterprise...

Documents

Transcript of Enterprise Infrastructure Design Scenariosbr.Comstor.com/documents/41459/Enterprise...