Policy Based Automation John Mead - July 2019

cnMatrixCloud Managed Access

Cambium Networks

Cambium Networks

Agenda

• Introduction to Cambium Switching Portfolio – cnMatrix• HW & SW Overview

• cnMatrix Roadmap – What’s next• Policy Based Automation – Intro• Policy Based Automation – Example• Policy Based Automation – Summary• cnMaestro on boarding with PBA – Live Demo• Summary

Copyright 2014 Cambium Networks, Ltd. All rights reserved.

2

cnMatrix - Purpose Built for Target Deployment Use Cases

Copyright 2019 Cambium Networks, Ltd. All rights reserved.

3

Enterprise Indoor Access Switch

Q4 2018

WISP Tower

In Development

Video Surveillance & Smart City Deployments

In Development

HW & SW Overview cnMatrix

cnMatrix – Enterprise Switches (EX 2K) – HW Overview

Copyright 2019 Cambium Networks, Ltd. All rights reserved.

5

• HW Overview• Cambium designed switch - NOT an OEM switch• Silicon based Switching Solution

• Dedicated HW data plane- L2 & L3 line rate processing• Rich L2 & L3 functionality - Extensive QoS, ACL, & Filtering

• 4 Models Available• 8 Port & 24 port models with and without PoE+

• 24 Port – 4 SFP+(10GE) Uplinks• 8 Port – 2 SFP(1GE) Uplinks

• USB, OOB/MGMT, & RJ45 console port• Fan-less: All models except the 24 port PoE SKU

Future proof the network with cnMatrix

Copyright 2019 Cambium Networks, Ltd. All rights reserved. 6

Future Proof Your Network

Zero Touch Provisioning

Fully Managed

Fully Featured

Advanced Features

Intelligent PoE

10G Uplinks

• Fully Featured Switches– Layer 2, Layer 3 – Extensive ACL’s, Filters, & QoS support– Security

• Fully Managed– Web GUI, CLI, & SNMP– NMS - cnMaestro Cloud/On-Prem

• Uplinks– 10G uplinks as compared to 1G

• Intelligent PoE– 8/24-Port PoE+– Healthy Power Budget– Complete Control – Enable, disable, monitor, prioritize, automate

• Advanced Features– Layer 3 – Static and Dynamic Routing– Automatic Device Profiling– Policy Based Automation

• A true Zero Touch Experience– Initial Deployment– Day to day operations with Automation

Get all for a low all-inclusive price!

Market Positioning cnMatrix

cnMatrix EX 2K - Enterprise Campus – 3 Tier Network Architecture

2017 Copyright Cambium Networks, Ltd. All Rights Reserved

8

Distribution Distribution Switch

Distribution Switch

Access ………...L2/L3 Switch

AP AP…

L2/L3 Switch

AP AP…

………...L2/L3 Switch

AP AP…

L2/L3 Switch

AP AP…

Users/DevicesD … D D … D D … D D … D D … D D … D D … D D … D

CoreNetwork Core

Switches

cnMatrix

cnPilot

TAM $14 Billion

On Premise Network

Management

Cloud Based Network

ManagementcnMaestro cnMaestro

Roadmap cnMatrix

cnMatrix Roadmap

Dec Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Jan

2018 2019

Copyright 2019 Cambium Networks, Ltd. All Rights Reserved CONFIDENTIAL RESTRICTED11

Rel 2.0 R1• Current

Manufacturing Release

PLAN OF INTENTSUBJECT TO CHANGE

July 11,, 2019

Rel 2.0.1 R3- Web GUI Cleanup

Rel 2.0.4-R1 - Maintenance Release- cnMaestro Phase 1

Rel 2.2 (Minor SW)• cnMaestro Object

based configuration

2020

Rel 2.1.0 (Major SW Release)• Dynamic Routing RIP, OSPF• USB Support• Enhanced PBA• Reload command - Rollback• Enhanced Web-GUI• Troubleshooting Utilities• cnMaestro Phase 2

• Enhanced Monitoring• Additional Trouble shooting utilities• Additional Statistics• Enhanced topology view

Rel 2.0.5-R1 - Maintenance ReleaseCompleted Gate 2

Committed Gate 7In Planning Gate 10Evaluating Gate 13Candidate Gate 15

Rel 3.0 (New HW & SW)• Supports all cnMatrix HW• New HW Platforms

• EX 2052R-P• EX 2052-P• EX 2052• EX 2016M-P

• New SW• TBD

New Enterprise SKUs cnMatrix

Enterprise Switching Portfolio – cnMatrix EX 2k

2019 Copyright Cambium Networks, Ltd. All Rights Reserved15

C o ns o le

9

10

1 3 5 7

2 4 6 8cnMaestro

USB

console

PoE+

cnMatrix | EX2010-P

MGMTSFP

C o ns o le

9

10

1 3 5 7

2 4 6 8cnMaestro

USB

console cnMatrix | EX2010

MGMTSFP

1 3 5 7

2 4 6 8 10 12 14 16 18 20 22 24

17 19 21 23

26 28

25 27

cnMaestroUSB

console

PoE+ PoE+

9 11 13 15

PoE+MGMT

cnMatrix | EX2028-P

SFP+SFP+

1 3 5 7

2 4 6 8 10 12 14 16 18 20 22 24

17 19 21 23

26 28

25 27

cnMaestroUSB

console

9 11 13 15

MGMT

cnMatrix | EX2028

SFP+SFP+

16

15

cnMaestroUSB

console

uPoE

9 10

MGMT

cnMatrix | EX2016M-P

uPoE

11 12

uPoE

13 14

10/100/1G/2.5G

SFP+

1 3 5 7

2 4 6 8PoE+

MGMT

14 16 18 20 22 24 26 28

21 23 25 27

50 52

49 51

cnMaestro

13 15 17 19cnMatrix | EX2052-P

1 3 5 7

2 4 6 8PoE+

USB

console9 11

10 12 30 32

29 31

34 36

33 35

38 40

37 39

42 44

41 43

46 48

45 47

SFP+

EX2052-P

MGMT

MGMT

14 16 18 20 22 24 26 28

21 23 25 27

50 52

49 51

cnMaestro

13 15 17 19cnMatrix | EX2052

1 3 5 7

2 4 6 8USB

console9 11

10 12 30 32

29 31

34 36

33 35

38 40

37 39

42 44

41 43

46 48

45 47

SFP+

EX2052

MGMT

Policy Based Automation

A True Zero Touch Experience cnMatrix

cnMatrix – A True Zero Touch Experience

2018 Copyright Cambium Networks, Ltd. All Rights Reserved17

‘Zero Touch’Automating Configuration

Configuration required for

ongoing Network changes

Examples• Static VLANs• Uplink Ports• Link Aggregation• IP address• Static Routes• QoS, ACLs• Radius Server• 802.1x• etc

Examples• Connecting APs• Connecting Cameras• Connecting Printers• Connecting IoT devices• Removing devices• Moving devices

Configuration for Initial

Deployment

Solution: cnMaestro

Solution: Policy Based Automation

cnMatrix – Policy Based Automation (PBA)

• User created Policies that will automate switch and port configuration• Policies can be created via any Management interface

• cnMaestro configures all switches simultaneously• Policies have 2 components

1. Match Criteria• LLDP information• MAC information

2. Actions• VLANs, QoS, ACLs, Security, PoE Priority, Port Labeling

• Configuration as a result of policies is dynamic – Auto cleaned upon:• Link down, Device disconnects• Match criteria is no longer valid• Policy is disabled

2019 Copyright Cambium Networks, Ltd. All Rights Reserved18

Example: Required Switch Configuration when connecting an AP

cnMatrix(config)# interface gigabitethernet 0/5cnMatrix(config-if)# switchport mode hybridcnMatrix(config-if)# switchport acceptable-frame-type allcnMatrix(config-vlan)# exitcnMatrix(config)# vlan 50cnMatrix(config-vlan)# port add gigabitethernet 0/5cnMatrix(config-vlan)# exitcnMatrix(config)# vlan 60cnMatrix(config-vlan)#port add gigabitethernet 0/5cnMatrix(config-vlan)#exitcnMatrix(config)# vlan 40cnMatrix(config-vlan)# port add gigabitethernet 0/5cnMatrix(config-vlan)#exitcnMatrix(config)# interface gigabitethernet 0/5cnMatrix(config-if)# switchport pvid 40cnMatrix(config-if)# end

2019 Copyright Cambium Networks, Ltd. All Rights Reserved19

cnMatrix(config)# auto-attach policy E430 match LLDP-ANY 430 set vlan 40,50,60 pvid 40

Example: Needed Switch Configuration - VLANs, 40, 50, 60: PVID 40: port 5 – Hybrid Mode

cnMatrix – Policy Based Automation – Key Take Aways

• Automates ‘Adds’, ‘Moves’, and ‘Changes’• Eliminates error prone manual configuration

• Simplifies and reduces trouble-shooting• Every port is treated equally• Enhances security by auto segmenting devices • Little or no IT needed for deploying new devices• Reduce expenses required to deploy and manage

201 Copyright Cambium Networks, Ltd. All Rights Reserved20

Policy Based Automation

On Boarding with cnMaestro cnMatrix

cnMatrix Live Demo - Zero Touch with cnMaestro and PBA

• Cambium’s ‘Cloud Managed Access’• cnMaestro – cloud based Network Management Solution• cnMatrix – Access layer switching (1 EX2010-P)• cnPilot – Access layer WiFi (2 E430s)

• A True Zero touch experience• Covers Initial Deployment• Covers Day to Day operations

• 3 Simple Steps1. Create Configuration file (cnMaestro)2. Claim Device(s) (cnMaestro)3. Connect devices to network4. Finished!!

2018 Copyright Cambium Networks, Ltd. All Rights Reserved22

cnMatrix – Demo details

• Step 1 – Create Configuration File/Template• Configuration can be as large or as small as you want• My example template – ‘cnMatrix – Johns Demo’

• Create VLAN 10, All ports a member of VLAN 10• Create Policy for Cambium WiFi APs

• Step 2 – Claim Devices• Open up your cnMaestro account• Claim devices of purchased Cambium equipment

• You do not need to have received the equipment• Claim devices by entering serial #s• Select configuration template and then approve device

• Step 3 – Connect devices to network• When ready – days, weeks, or months after Step 2• Power on Switch(es)• Connect switch to network – in default state – NO NEED TO PRE-CONFIGURE• Connect devices to switch• Switch(es) will be auto discovered and auto configured.• As devices (that are covered by policies) are added, switch will be auto configured

2018 Copyright Cambium Networks, Ltd. All Rights Reserved23

cnMatrix – cnMaestro Configuration Template

2019 Copyright Cambium Networks, Ltd. All Rights Reserved24

Creates VLAN 10 and makes ports 1-8 a member of VLAN 10

Creates a rule that uses LLDP to detect Cambium cnPilot APs

Creates an action that:1) Makes port a member of VLANS 20,30,402) Sets the PoE priority of port to ‘Critical’3) Sets uplink port to port 8

Auto labels port with LLDP sys name

Creates policy using Action and Rule

### begin script### Create VLAN 10 ### Add all ports as tagged to vlan 10config terminal vlan 10 port add gigabitethernet 0/1-8end ### Now set up a PBA Policyconfigure terminal # set port descriptionauto-attach update-port-desc lldp-sys-name# Create Ruleauto-attach rule Pilot430-rule LLDP-ANY Pilot# Create Actionauto-attach action Pilot430-action vlan 20,30,40 poe-priority critical uplink Gi0/8 # Create Policyauto-attach policy Pilot430-policy match rule Pilot430-rule set action Pilot430-action end

cnMatrix – Go To Demo

2018 Copyright Cambium Networks, Ltd. All Rights Reserved25

cnMatrix – Policy Based Automation – Key Take Aways

• Automates ‘Adds’, ‘Moves’, and ‘Changes’• Eliminates error prone manual configuration

• Simplifies and reduces trouble-shooting• Every port is treated equally• Enhances security by auto segmenting devices • Little or no IT needed for deploying new devices• Reduce expenses required to deploy and manage

201 Copyright Cambium Networks, Ltd. All Rights Reserved26

cnMatrix – Summary

• Enterprise Grade Layer 2 & Layer 3 Functionality• Cloud Management with cnMaestro• Ease of Use – Zero Touch Provisioning

• Initial Deployment – On boarding with cnMaestro• Policy Based Automation – Automation of device dependent configuration

• Enhanced Security – Device profiling and segmentation• Complete Access Layer – cnMatrix+cnPilot+cnMaestro• Limited Lifetime Warranty & Best in Class Support• Best in Class TCO

Copyright 2014 Cambium Networks, Ltd. All rights reserved.

27

Cambium NetworkscnMaestro + cnPilot + cnMatrix

2017 Copyright Cambium Networks, Ltd. All Rights Reserved28

Q & A

Policy Based AutomationAgendacnMatrix - Purpose Built for Target Deployment Use CasesHW & SW OverviewcnMatrix – Enterprise Switches (EX 2K) – HW Overview Future proof the network with cnMatrixMarket PositioningcnMatrix EX 2K - Enterprise Campus – 3 Tier Network ArchitectureRoadmapcnMatrix RoadmapNew Enterprise SKUsEnterprise Switching Portfolio – cnMatrix EX 2kPolicy Based Automation ��A True Zero Touch Experience�cnMatrix – A True Zero Touch ExperiencecnMatrix – Policy Based Automation (PBA)Example: Required Switch Configuration when connecting an APcnMatrix – Policy Based Automation – Key Take AwaysPolicy Based Automation ��On Boarding with cnMaestro�cnMatrix Live Demo - Zero Touch with cnMaestro and PBAcnMatrix – Demo detailscnMatrix – cnMaestro Configuration TemplatecnMatrix – Go To DemocnMatrix – Policy Based Automation – Key Take AwayscnMatrix – SummaryCambium Networks�cnMaestro + cnPilot + cnMatrixSlide Number 29