cisco tech update wireless...dnac 1.2.8 / w1 & w2 802.11ac aps internet public cloud ad managed...

© 2018 Cisco and/or its affiliates. All rights reserved.

Nicholas Swiatecki, Systems Engineer, <[email protected]>

November 2018

Tech Update – Wireless


Agenda

1

2

3

4

Software versioner

802.11ax / WiFi 6 + WPA3

Nyt i 8.8

Catalyst 9800

New Cisco Catalyst 9800 Series Wireless Controllers

Deploy Anywhere

Powered by IOS XEOpen and Programmable

Trustworthy SolutionsModular operating system

Always-on

• Software updates with no disruption

• Rolling AP upgrades

• Seamlessly add new APs

Secure

• Detect encrypted threats with ETA

• Automated macro/micro segmentation with SDA

• WPA3 Support*

• On-Prem, Private/Public cloud, Embed in a Switch

• Gov Cloud ready

• Scale as you grow

*Future

Cisco Catalyst 9800 Wireless - Platform Support

Wireless Controller

Cisco Catalyst 9800 Wireless Controller for

Cloud

Cisco Catalyst 9800 Wireless Controller

Catalyst 9800 SD-Access Embedded

Wireless

C9800-40-K9C9800-80-K9

C9800-CL-K9

Access Points

AP1810, AP1815, AP1830, AP1850

AP2800/ AP3800/AP4800

11ac Wave 1 and Wave 2 Access PointsAP18xx, 2802, 3802, 4800, 1540, 1560, 1700, 2700, 3700, 1570

Deployment ModesCentralized, Distributed Branch, SDA and Mobility Express (Future)

AP ModesLocal, FlexConnect, Monitor, Mesh^, Flex+Mesh^, Sensor, Sniffer

AP1540/AP1560

*GCP in 16.10 is EFT Only ^ supported on Wave 1 and outdoor Wave 2 APs

Unplanned EventsDevice and network interruptions

Always on - High Availability

16.10 Supported Supported after 16.10

Cisco Catalyst

9800 Wireless

Controller

Differentiators

Reducing downtime for Upgrades and Unplanned Events

Controller Software UpdateSoftware Maintenance updates ( SMU^ )

Cold PatchHA install on SSO Pair

Hot Patch(No Wireless Controller

reboot)Auto Install on Standby

AP Device PackNew AP Model

FlexiblePer-Site, Per-Model Updates

Access Point UpdatesNew AP Model & AP updates*

Rolling AP Update (No Wireless Controller

Reboot)

Software Image UpgradesWireless controller image upgrades

N+1 Hitless Rolling AP Upgrade

^ MD Release Only

SSO Active-Standby

N+1 Primary, Secondary

Per AP Primary, Secondary,

Tertiary

Deploy anywhere*

Catalyst 9800-806000 APs, 64K Clients, 80 Gbps

Catalyst 9800-402000 APs, 32K Clients, 40 Gbps

Catalyst 9800-CL6000 APs, 64K Clients^

Catalyst 9800-CL+

1000 APs, 10K Clients

Catalyst 9800-SW*200 APs, 4K Clients

Catalyst 9800-CL3000 APs, 32K Clients

200 APs 1000 APs 6000 APs2000 APs 3000 APs

*SD-Access only+C9800-CL for Public Cloud with Flexconnect; GCP for EFT only

^Centralized support for 6000 APs in FutureGCP- EFT ready

SD-Access Ready

ENCS

Kun SDA

© 2018 Cisco and/or its affiliates. All rights reserved. G loba l

Sa les T ra in ing

Cloud Wireless offer – FCS 16.10

ISE / AD DNA Center

ASSURANCE

AUTOMATION

DNAC 1.2.8 / W1 & W2 802.11ac APs

Internet

Public Cloud

AD

Managed VPN

Enterprise network

NFVIS

ENCS

Hypervisors: ESXi, KVM, NFVIS on ENCS

All deployments mode: Centralized, SDA, FlexConnect, Mesh

ESXi

W1 & W2 802.11ac APs

Amazon AWS, Google GCP (EFT Only) with Managed VPN

FlexConnect local switching only

Google Cloud Platform(EFT only)

ISE/AAA


Sa les T ra in ing

C9800-CLAireOS vWLC

8

C9800-CL brings in the best of appliance features to Private Cloud

NoSSO High Availability Yes

Flex OnlyDeployment Modes Flex, Local, Fabric

NoGuest Anchor Yes

NoDNA-C Automation & Assurance Yes

500 MbpsMax Throughput 2.5 Gbps

3k APs, 32k ClientsMax AP and Client Scale 6k APs, 64k Clients

MultipleInstallation Image Single for any scale

vs.


Sa les T ra in ing

101010100010101010100000101010101010101010101

111101010101010111100010101001010001001001001

010100100100101000100100011001001001001001001

001001010010010100100101010100010101010100000

101010101010101010101111101010101010111100010

101001010001001001001010100100100101000100100

011001001001001001001001001010010010100100

101010100010101010100000101010101010101010101

111101010101010111100010101001010001001001001

010100100100101000100100011001001001001001001

001001010010010100100010100001010101111010101

Introducing ETA on Cisco Catalyst 9800 Series

Enhance Visibility Promote ComplianceShorten Time to Response Save Time & Money

Malware detection and

cryptographic compliance

on Cisco Stealthwatch

Cisco Stealthwatch®

Netflow

Telemetry

Encrypted

Wireless Traffic

Supported on Catalyst 9800 Series Wireless

Controller in Centralized Wireless Deployment

Seamlessly migrate existing DNA enabled customers to Catalyst 9800 Wireless Controllers

Portability with DNA licenses

Catalyst 9800 Series Wireless Controllers

Any AireOS

Wireless Controller

*GCP EFT Only

Mandatory DNA LicensingSeamless portability & investment protection

with DNA Licensing

Smart License Management DNA License consumption & tracking with Smart

Licensing and mandatory Smart Accounts

Catalyst 9800 Series Wireless Controller availability / release timeline

November 2018

December 2018

March 2019

• Orderable:• C9800-40• C9800-80• C9800-CL*• C9800-SW• C9800 Modules

• Downloadable / Deployable:• C9800-CL • C9800-SW

• 16.10.1 Release• Enterprise Ready

• DNA 1.2.8 Release• C9800 ready

• 16.11.1 Release

• DNA 1.3 Release• Enhanced C9800 Flows

• FCS:• C9800-40 • C9800-80• C9800 Modules

*GCP for EFT only


Sa les T ra in ingG loba l

Sa les T ra in ing

Rolling AP Update/Upgrade Infrastructure




High Availability


Cisco Catalyst

9800 Wireless

Controller

Differentiators









Reboot)


^ MD Release Only

SSO Active-Standby



Tertiary

User selects % of APs to upgrade in one go [5, 15, 25]For 25%, Neighbors marked = 6 [Expected number of iterations ~ 5]For 15%, Neighbors marked = 12 [Expected number of iterations ~ 12]For 5%, Neighbors marked = 24 [Expected number of iterations ~ 22]

Neighbor Marking

N=8 Neighbor APs N=24 Neighbor APsN=4 Neighbor APs


Sa les T ra in ing

802.11v

• Clients steered from candidate APs to non-candidate APs

• 802.11v BSS Transition Request

• Dissociation imminent

• If clients do not honor this, they will be de-authenticated before AP reload

Client Steering



Sa les T ra in ing

Using Rolling AP Infrastructure

Hitless N+1 Image Upgrade




High Availability


Cisco Catalyst

9800 Wireless

Controller

Differentiators


SSO Active-Standby



Tertiary








Reboot)


^ MD Release Only


Sa les T ra in ing

AP

Version : X Version: X+1

1. Device auto selects candidate APs based on selected % and RRM AP Neighbor Map

2. Upgrade process kicks-in • Image download to Primary Wireless

Controller• Image pre-download to APs• Selective redirect of clients using

11v• APs moved to N+1 Wireless

Controller in rolling manner• Primary Wireless Controller Reboot• APs moved back to Primary

Wireless Controller (optional)

3. Monitor progress on the Device

Version : X+1

Primary

Trigger Rolling Upgrade

Upgraded N+1

N+1 Rolling AP UpgradeWireless Controller image upgrade using N+1 staging Controller

Mobility Group


Sa les T ra in ing

Benefits of New Config Model

Reusability

Config modularized as

objects

Simplicity

No inheritance or

containers

Easy Provisioning

With AP attribute

Tagging

Rule-based

Using rules on

PnP and Wireless

Controller

Change Management

MAC, Location, Name

filtering


Sa les T ra in ing

Hvad forsøger vi at undgå?

High Density HDX

Data Rates

DCA, TPC, CHDM

Profile threshold

for traps

Client Distribution

AireOS vs. Catalyst 9800 Config ModelGranular & simplified

What Policies on which Sites with what RF

characteristics

Going towards a more Modularized and Reusable model with Logical decoupling of configuration entities

Basic

Wireless

Advanced

Wireless

Wireless Security

Switching Policy

Network Policy

WLAN AP Group Flex Group

Network Policies

Wireless site

settings

RF Parameters

Site Specific

Policies

RF Profiles

Network Policies

Wireless security

Remote Site

Config

Remote site

parameters

Switching Policies

RF Profile

High Density HDX

Data Rates

DCA, TPC, CHDM

Profile threshold

for traps

Client Distribution

WLAN

Policy

Profile

Flex

Profile

AP Join

Profile

Basic

Wireless

Advanced

Wireless

Wireless Security

Switching Policy

Network Policy

Site

Tag

RF

Tag

Wireless site

settings

Site Specific

Policies

Remote Site

Config

Remote site

parameters

High Density HDX

Data Rates

DCA, TPC, CHDM

Profile threshold

for traps

Client Distribution

RF Profile

Policy

Tag

Site

Tag

RF Tag

Decouple

Modularize

AireOS Config Model

Policy

Tag

b/g

a/n/ac


• Tag = Samling afprofiles

• 3 typer tags:

• Site

• RF

• Policy


Sa les T ra in ing

Cisco Catalyst 9800 Wireless Config Model

WLAN Profile

Policy Profile

Policy Tag

AP Join Profile

Flex Profile

RF Profile 2.4 GHz

RF Profile 5 GHz

SiteTag

RF Tag

Access Points

Defines the RF properties of

the network

Defines the properties of the

central and the remote site APs

Defines the broadcast domain (list of

WLANs to be broadcasted) with the

properties of the respective SSIDs

Components of Policy Tag

WLAN

Profile

Policy

Profile

Policy Tag

VLAN - Mgmt. Vlan

Session timeout – 1800

Idle time out - 300

AVC profile - null

Client Qos(input/and output) – default

BSSID Qos(input/and output) – default

ACL – None

Local switching – disabled (all other

related parameters are disabled)

Central switching – enabled

Central DHCP – disabled

Central Assoc – disabled

Central Authentication – enabled

Local profiling – disabled

Policy map - none

Authentication - Central

Components of Policy Profile

Profile Name

Status

WLAN ID

SSID

Broadcast SSID

L2 Security

L3 Security

AAA Servers

Coverage Hole detection

Aironet IE

Diagnostic Channel

P2P blocking

Max Client connections

11v BSS transition Support

Off channel Scan defer

Load Balance

Band Select

Components of WLAN Profile

Components of Site Tag

AP Join

Profile

Flex

Profile

SiteTag

Com

pon

en

ts o

f F

lex

Pro

file

AP

Jo

in P

rofi

le -

def

au

lts

LED state – Enable

Heartbeat timer– 30 secs

Primary discovery timer – 120 sec

Primed join timeout – 0 seconds

Discovery timeout - 10 secs

Fast heart beat timer – 1 sec

Fast heart beat – disabled

TCP/MSS - enabled (set to 1250)

Retransmit count – 5 secs

Retransmit interval – 15 secs

Dot1x authentication – disabled

UDP lite – disabled

11u venue group – unspecified

Username/password – “current default”

Preferred mode – IPV4

11u venue type – unspecified

Client QinQ – disabled

DHCP QinQ – disabled

Reset - Disable

Static nameserver/domain name – current

default

Backup primary/secondary – current default

Core dump – “current default”

Syslog - “current default”

Hyperlocation – disable

Native VLAN ID

HTTP Proxy Port

HTTP Proxy IP Address

Fallback Radio Shut

ARP Caching

Efficient Image Upgrade

Local Authentication

Local Auth Users

Policy ACL

VLAN Name and ID

Data Rates

MCS Settings

Maximum and Minimum Power Level Assignment

Power Threshold v1/v2

DCA Channel Width

DCA Foreign AP Interference Avoid Enable

DCA Channel list

Coverage Hole Detection Parameters (Data/Voice

RSSI, Coverage Exception, Coverage Level)

Profile Threshold for Traps

(Interference/Clients/Noise/Utilization)

Maximum Clients

Multicast Data Rates

Rx Sop Threshold

Load Balancing (window & denial)

Band Select Parameters (Applicable only for

802.11bg)

Components of RF Tag

RF

Profile 2.4 GHz

RF Tag

RF

Profile

5 GHz

Components of RF Profile

• 1 step configuration : Create SSID [1-16]

• Default Policy Tag is used

• Default Site Tag is used

• Default RF Tag is used

• APs Tagged with Defaults automatically

Use cases : Central site – Default config with minimal changes

Default RF Tag

Default Site Tag

Default Policy Tag WLAN

Default AP Join

Profile

Default RF

Profile

Default Policy

Profile

WLAN

Profile

Policy

Profile

Policy Tag AP

Join

Profile

Flex

Profile

SiteTagRF

Profile 2.4 GHz

RF Tag

RF

Profile

5 GHz

Requirements

1. Classrooms have University SSIDs for students and teachers

2. Dorms to broadcast the above plus guest SSIDs

3. Dining Hall to broadcast the above plus guest SSIDs

4. Same policies across campus

5. RF characteristic of Dining Hall is different than the classroom(default RF) and the dorm(dorm RF)

Use Case: Central Site University Environment

Dining Hall RF

Tag

Default Site Tag

Default Policy Tag

University

SSID

Default AP Join Profile

Dorm RF TagClassroom RF

Tag

Guest SSID

Default Policy

Profile

Guest Policy Profile

Classroom DormDining Hall

WLAN

Profile

Policy

Profile

Policy Tag AP

Join

Profile

Flex

Profile

SiteTagRF

Profile 2.4 GHz

RF Tag

RF

Profile

5 GHz

University SSID

Default Policy Profile

Initial Requirements

1. All sites should broadcast the same common SSID ‘Store’

2. All the sites should have same policies per SSID

3. Roaming is expected per store/flex-grp

4. All sites should have the same Site parameters

Use Case: Multi-site Retail Environment

Site 1

Seamless roaming

within site

Site 2

Seamless roaming

within site

Site 3

Seamless roaming

within site

Store WLAN profile Store policy profile

Store Policy Tag

Common RF Tag

Common Flex Profile

WLAN

Profile

Policy

Profile

Policy Tag AP Join

Profile

Flex

Profile

SiteTagRF

Profile

2.4 GHz

RF Tag

RF

Profile 5

GHz

Additional Requirements

1. APs near freezer needs to have a different RF policy

2. Site 2 and 3 have additionally ‘Guest’ SSIDs

3. Independent Per site parameters


Site 1

Seamless roaming

within site

Site 2

Seamless roaming

within site

Site 3

Seamless roaming

within site

Sto

re s

ectio

n R

F

Freezer section – different

RF characteristics

Store

RF Tag

Freezer RF

TagCommon RF Tag

Store

WLAN

profile

Common

policy

profile

Guest WLAN profile Common policy profile

WLAN

Profile

Policy

Profile

Policy Tag AP Join

Profile

Flex

Profile

SiteTag

RF

Profile

2.4 GHz

RF Tag

RF

Profile 5

GHz

Store WLAN profile Common policy profile

Site 1 Tag Site 2 Tag Site 3 Tag

Additional Requirements

• The Common SSID need to have store-specific policies


Site 1

Seamless roaming

within site

Site 2

Seamless roaming

within site

Site 3

Seamless roaming

within site

Sto

re s

ectio

n R

F

Store

RF Tag

Freezer RF

TagCommon RF Tag

Store WAN

profile

Store1

policy profile

Guest WLAN

profile

Guest

policy

profile

Store WLAN

profile

Store2 policy

profile

StoreWLAN

profile

Store3 policy

profile

Site 1 Tag Site 2 Tag Site 3 Tag

WLAN

Profile

Policy

Profile

Policy Tag AP Join

Profile

Flex

Profile

SiteTag

RF

Profile

2.4 GHz

RF Tag

RF

Profile 5

GHz

Guest WLAN

profile

Guest

policy

profile



Sa les T ra in ing

Integrating with existing AireOSDeployments

Inter Release Controller Mobility (IRCM) for AireOS and Catalyst 9800


Sa les T ra in ing

Seamless roaming b/w Catalyst 9800 and AireOS 8.8 MR2 (3504/5520/8540)

Catalyst 9800

IRCM : AireOS and Cisco Catalyst 9800

Catalyst 9800Deployment

AireOS WLC

AireOSDeployment

Secure Mobility(CAPWAP)


Seamless roaming, L3 only

Also supported on AireOS 8.5MR4 Special

AireOS8.8 MR2


Sa les T ra in ing

AireOS Deployment(8.8. MR2)

Catalyst 9800

IRCM: AireOS and Cisco Catalyst 9800


AireOS WLC8.8 MR2

Seamless roaming, L3 only

AireOS WLC

34

AireOSDeployment

Seamless roaming,

L2 and L3

Upgrade only the AireOS controller in the roaming path

Enabling seamless roaming across Campus


EOIP-basedMobility


Sa les T ra in ing

Catalyst 9800

Guest : AireOS and Cisco Catalyst 9800



Guest Anchor

AireOS WLC

35

AireOSDeployment

EOIP-basedMobility

AireOS Guest Anchor

Guest Anchor

Upgrade the AireOS Guest Anchor to 8.8 MR2 (on 3504/5520/8540)and manage both Catalyst 9800 and AireOS Foreign

AireOS8.8 MR2


Software Versioner


• 8.2 – Ikke flere MR

• 8.3 – Ikke flere MR (muligvis en PSIRT opsamling i April)

• 8.5 – “long life”, MRs indtil 2020. MR4 ude nu!

• 8.8 – Næste “long-life” MR.

• 8.9 – Primo 2019

• 16.10.1 ude nu – vær OBS!

• 16.11.x forventes marts. Feature parity med 8.8

Software versioner


8.3: “TAC recommends 8.3.143.0” Brug kun hvis behovet for gamle APer er der

8.5 - Generelt anbefalet

• AireOS 8.5.135.0. ”Customers who do not require any post-8.5 features or hardware should stay with the 8.5 train”.

• 20/11: ”fifth & final refresh of 8.5MR4 Interim version 8.5.137.107 for PRODUCTION deployments”

• Brugt ved Cisco Lives i 2018 samt MWC

Mobility Express: 8.5.135.0 – (dog mange super features i 8.8)

TAC anbefalet SW versioner

https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/200046-tac-recommended-aireos.html#anc2


AP og Controllere

• 1131/1242 (EOL/LDOS) 8.0 (EOL)

• 1142/1260 (EOL/LDOS) 8.3

• 3500, 1600, 2600,3600 (EOS) 8.5

• 1700, 2700, 3700 (EOS 04/19) 8.5

• 1800, 2800, 3800 8.5

• 1540, 1815m og 1815t 8.5

• 4800 8.7/8.8

• 2504/5508/8510 (EOS) + WISM2/7510 (EOS) 8.5 (sidsterelease)

• 3504 Starter ved 8.5

• 5520/8540 8.5

• 9800 Starter ved 16.10.1


AireOS 8.8 (og 8.7)


• Daisy Chain support for AP 1560 and 1542I/D

• Wave 2 Aps:Bidirectional Rate limiting - FlexSupport for DHCP Opt 60Support for Remote LAN (RLAN) on Aux portSupport for Wired 802.1x EAP-TLS & PEAPFlex+Bridge supportIPv6 SDA + Outdoor AP SDA SupportFlexConnect Split-tunneling supportPlanlagt til MR1 WGB support on models 3800/2800/1562

https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/201007-AireOS-feature-list-per-release.html#anc8

Nyt i 8.7 + 8.8

Generelt rigtig meget nyt ift. Wave 2 AP, bl.a.


Sa les T ra in ing

Encryption on the RP interfaces in rel 8.8

Encrypted

Encrypted Redundancy Link Between two controllers in HA mode

8.8



Sa les T ra in ing

Policy Enforcement and Quota management


Sa les T ra in ing

Quota Policy Enforcement

Wireless clients are allotted QoS policy and data rate limits on authenticating with AAA Server

WLC does not support dynamic ‘run-time' policy enforcement as the client gets new policies during full authentication

RFC-5176 allows dynamic rate limiting using Change-of-Authorization(CoA) request / response

End clients get provisioned with maximum allotted Quota by Service providers based on prepaid / postpaid data plans

External billing servers notify AAA on reaching maximum data limit per client basis

8.8


Sa les T ra in ing

Policy Enforcement Use Case

• A Service Provider had requirement to manage Policy and Quota dynamically on the fly without disconnecting the wireless customer

• Prior to release 8.8 our controller didn’t accept TLV (Type-Length-Value) from the Accounting or Billing severs dynamically in real time and thus users had to be disconnected when quota was exceeded


Sa les T ra in ing

Quota ManagementWLC will accept the Radius user Change of Authorization (CoA) request and allocate different quota to the same user without disconnecting the user

• AP monitors the bandwidth usage and reports the statistics to the controller

• The controller sends the Interim update to the radius server for IPv4 and/or IPv6 users

• If SP allotted Quota is exhausted, AAA sends CoA to change the policy to a different default

plan - (CoA override)

• A client gets moved to a new lower plan without being disconnected from the network

This feature is supported in:

• Local and Bridge (Central Switching)

• Flex and Flex+Bridge (Local Switching)


Sa les T ra in ing

CoA GUI Configuration

AAA will respond with Access-Accept with the new policy on rate/bandwidth

enforcement

WLC will forward these new QoSparameters to AP using existing

AP_AAA_QOS_PARAMS_PAYLOAD

AP will apply the new QoS values to the flex local switched client.

There will not be any Disassociation / De-Authentication message sent from WLC or AP to the end client



Sa les T ra in ing

Captive Portal with Multiple Splash Pages per WLAN


Sa les T ra in ing

Captive Portal – Multiple Splash Pages on the same WLAN

This feature allows users to have multiple splash pages per WLAN/AP Group/Flex Group

Users will have the capability to have different Splash Pages in different Locations based FC or AP grouping.

If both WLAN and AP group configurations do not override it

If either WLAN or AP group configuration overrides the global config

If both WLAN and AP group configurations override the global config

Global URLConfig Used

Specific URL Used

AP Group URL Used

8.8


Sa les T ra in ing

Captive Portal Use Case

• A Service Provider had an issue where they had to utilize hundreds of Captive Portals without AAA override in different geo-locations


Sa les T ra in ing

Captive Portal – WLAN Override Global Configuration


Sa les T ra in ing

Captive Portal – AP Group Override Global Configuration

(WLC)config wlan apgroup custom-web global <apgroup_name> enable/disable

(WLC)config wlan apgroup custom-web ext-webauth-url add/del <ext-webauth-url> <apgroup_name>


Sa les T ra in ing

Default DSCP Value for AVC Profile

Prior to rel 8.8 with AVC enabled, we cannot override all applications DSCP values only for Application flows configured on

the AVC profile

For a flow where a rule is not configured in the AVC Profile, NO action is performed & DSCP is left intact

AVC profile supports 32 application rules – not sufficient for typical managed services flows

The new AVC enhancement allows a “default-class” rule to override the DSCP values for all application flows where AVC Rule is not

configured.

"default-class" is like last rule with Any/Any conditions


Sa les T ra in ing

AVC Default DSCP Use Case

• Many apps come in but we can only control 32, rest of them not controlled and DSCP values are left in tact

• Other, non control application can starve wireless bandwidth

• This new feature will override the default DSCP values more like last rule of Any/Any condition


Identity PSK (iPSK) – fra 8.5 Ét SSID, multiple PSK - nøgler

Wireless LAN Controller

Device MAC Group Private PSK

IOT Devices aabbcc

Sensors xxyyzz

Employees ---

IOT Devices

Sensors

Employees

Cisco-AVPair += "psk-mode=ascii”Cisco-AVPair += "psk=xxyyzz"

WLAN PSK

xxyyzz

aabbcc

ISEAccess Point


P2P blokering mellem iPSK grupper (8.8)

• Intra-gruppe trafik kanblokeres eller accepters

• Gruppe medlemskab erbaseret på PSK


iPSK config

https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-8/b_Identity_PSK_Feature_Deployment_Guide.html


Sa les T ra in ing

P2P Blocking with iPSK on Flex Connect APs

If the P2P blocking configuration in WLAN is set to ‘Allow Private Group’ the AP Data plane will:

Forward the traffic up stream - if the destination MAC is found in the PMK cache and the devices have the same Tag values, but not associate to the same AP

Forward the traffic up stream - if the destination MAC is NOT found in the PMK cache

Bridge the traffic - if the devices have the same Tag values and the destination MAC is found in the PMK cache, and associate to the same AP

Drop the traffic - if the destination MAC is found in the PMK cache and the devices have different Tag values

8.8 MR2


802.11ax (WiFi 6) + WPA3


802.11ax (WiFi 6)

• Klienter forventes eftersommeren 2019

• WFA WiFi 6 = 2019Q3

• 802.11ax endeligstandard = slut 2019

• “Infliction point” for klienter = 2020


WPA3

• Ca. Midt 2019

• Ingen klienter endnu

• x800 serie AP’er (pga. crypto)


The industry’s most comprehensive and innovative access point portfolioThe best infrastructure leads to the best outcomes

Good - Enterprise class Better Best in class

Ideal for small to medium-sized deployments Mission critical High density

2800 Series• 4x4:3 SS 160 MHz

• 5 Gbps performance

• 2.4 and 5 GHz or dual 5 GHz

• 2 GE ports uplink

• Cisco CleanAir® and ClientLink

• Internal or external antenna

• Smart antenna connector

• USB 2.0

3800 Series• 4x4:3 SS 160 MHz



• 2 GE ports uplink or 1 GE + 1 Multigigabit (5G)

• Cisco CleanAir and ClientLink

• StadiumVision™

• Internal or external antenna

• Smart antenna connector

• USB 2.0

• Modularity for investment protection

4800• 4 embedded radios

(3 Wi-Fi and 1 BLE)

• 4x4:3 SS 160 MHz



• 2 GE ports uplink or 1 GE + 1 Multigigabit (5G)

• Embedded Hyperlocation

• Real-time analytics and packet capture

• Cisco CleanAir and ClientLink

• Internal antenna

• USB 2.0

• Integrated BLE

1815 SeriesIndoor/high-powered Indoor Wall plate/teleworker

• 2x2:2 SS 80 MHz

• 867 Mbps performance

• Tx beamforming

• Integrated BLE1

• Max transmit power (dBm) per local regulations2

• 3 GE local ports, including 1 PoE out3

• Local ports 802.1X ready3

• USB 2.04

1830/1850 Series• 3x3:2 SS 80 MHz/4x4:3

SS 80 MHz

• 867 Mbps or 1.7 Gbpsperformance

• 1 or 2 GE ports uplink

• Internal or external antenna (1850)

• Tx beamforming

• USB 2.0

2 Available for high-powered only1 Future availability 3 Available for wall plate and teleworker only 4 Available for teleworker only


AP-4800 is a more advanced than the AP-3800Similar to the AP-3800i but it has an additional Flexible Radio for Analytics + Advanced Hyperlocation antenna array

• Location Antenna array is now integrated

• Bluetooth Low Energy radio is now integrated

• Embedded analytics/location radio is now integrated

Hyperlocation

antenna array

+ =DNA Analytics, Monitoring

and Location Radio AP-4800

Best in ClassRadio 0: Dual band (2.4GHz/5GHz) (XOR) radio

Radio 1: Dedicated 5GHz radio

Radio 2: Hyperlocation Rx only(XOR) radio


AP-4800 Integrating Proven Technology

A – 2.4/5GHz Macro Cell

Wide Coverage

(4 antennas)

B – Monitor / Sniffer

(4 antennas)

C – Bluetooth Low Energy

BLE Beacon on Tx

(1 antenna)

D – Hyperlocation Array

(16 antennas) for

Precise Location

E – 5GHz Micro Cell

High Density Coverage

(4 antennas)

Hyperlocation

AP-4800 Antenna System

▪ Full 2.4 and 5 GHz sweeps

▪ Client Serving on Slot 0 and Slot1

2800/3800 series AP’s - Dual 5 GHz Client Serving Role

Metageek/Spectrum Expert Enabled!

Hyper

5 GHz

Hyper

2.4 Ghz

Metageek/Spectrum Expert Enabled! 4800 series AP’s Only - Same as WSM on Slot 2/Hyperlocate Radio


AP4800 ophæng

AP4800 AP3800i Length 251.46mm

Width 220.47mm

Thickness 72.9mm

Weight 2.54 kg

Length 219.96mm

Width 220.47mm

Thickness 62.48mm

Weight 2.09 kg

Bruger standard “Bracket-1” og “Bracket-2”

Deployment Recommendations AP-3800 & AP-4800

• Greenfield – Install new AP-4800’s

• Brownfield – do not “salt and pepper” 3800 & 4800’s keep like devices together. This will allow for better accuracy when using DNA features such as “Intelligent Capture”.

• Use AP3800e for applications requiring external antennas

• Use AP3800e for designs requiring Macro/Macro cells

• Use AP3800i/e for designs requiring modularity support

cisco tech update wireless...dnac 1.2.8 / w1 & w2 802.11ac aps internet public cloud ad managed...

Documents