如何用建構校園網絡迎接e-learning時代v2.10
TRANSCRIPT
Clement Tam
How to build Campus Network to
embrace e-Learning Era 2.10
Unified Access for Education
One Policy – One Management – One Network
Andy Lam
15th June, 2013
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
Internet Floor 4
Floor 3
Floor 2
Floor 1
Core Switch & Wireless
Controller One Management
Tool for Wired and Wireless
Identity Services Engine
Hall (High Density AP)
Building / Classroom
Playground (Outdoor AP)
Application Firewall
Perfect Campus Infrastructure
Edge Switches
Access Point (AP)
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
Preparing students for
success in the global
economy
Keeping students fully
engaged – Adaptive Learning
Obsoleting traditional
textbooks for E-Textbooks
Implementing mandated
Online Testing
Protecting student and
school district data
Providing safe learning
environments
BYOD for faculty, staff, students, and
parents
Tech savvy students
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
Wish List
Authentication Services I only want to allow the “right” users
and devices on my network
Authorization Services I want user and devices to receive
appropriate network services
Guest Lifecycle
Management
I want to allow guests into the
network and control their behavior
Profiling Services I need to allow/deny iPads
in my network (BYOD)
Posture Services I want to ensure that devices
on my network are clean
Secure Groups Access I need a scalable way of enforcing
access policy across the network
Identity
Services
Engine
Simplified
Policy
Management
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
Wired+Wireless+WAN Policy/Guest Management
AFTER Unified Context-based Policy Management for
Employees and Guests Across The Network
Account for every device and
block unwanted devices
AAA + profiling, provisioning,
and posturing = secure BYOD
Simple | Unified | Automated
Who? What? When? Where? How?
Provides Unparalleled Control
BEFORE Separate Policy And Guest Management
Wired | Wireless | WAN
Improved
Control
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Policy
Guest
Student
Faculty
Personal Device
Personal Device
Faculty Device
Personal Device
Wireless Classrooms Captive Portal
DMZ Guest Tunnel
Faculty VLAN
5 Dimensions of Policy and Provisioning
Anytime
Anytime
Student VLAN
Student ACL
Wired
Wireless
VPN
Faculty ACL
Guest VLAN
M–S 8 am–6 pm
Time Location Access Method
Device User
Anywhere
Anywhere
Anytime
Anytime
Anytime
Anywhere
Anywhere
Wired
Wireless
IF $Identity AND $Device AND $Access
AND $Location AND $Time THEN $Policy
Library
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
Account
Sponsorship
Account Notification
Credentials Automatically Provided to Guest Via Email,
SMS, or Printed Receipt Web Browser Redirects to Login Screen
User Can Manage Access for Their Own Device
Successful Authentication
• Isolated Guest Network on DMZ
• Role Based Policy Applied
• User granted access to Internet
Example K-12 Education Walkthrough—Guest
Approved Sponsor Creates Account.
Captive
Portal
Access
Granted
ISE
Policy / Guest Engine
Internal WLC
Anchor WLC
Guest User on DMZ
DMZ
Internet
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
Wish List
Planning Services I want clear visibility in
to the RF environment
Discovery Services I want to discover and inventory any
and all devices attached to the network
Deployment Services I want flexible and easy to use
templates and deployment tools
Monitoring Services I want to monitor the LAN, WLAN, and
WAN with a single application
Troubleshooting Services I want to troubleshoot the LAN, WLAN,
and WAN from a single application
Compliance Services I need to monitor and audit system-wide
configurations for compliance purposes
Prime
Infrastructure
Simplified
Network
Management
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Single Pane of Glass View and Management of WLAN – LAN - WAN
AFTER Comprehensive User and Unified Access Network
Visibility and Advanced Troubleshooting
Provides Unparalleled Visibility
BEFORE Separated management
Improved
Visibility WLAN
LAN
WAN
+
Identity
Simple Improves IT efficiency
Unified Single view of all user access data
Advanced Troubleshooting Less time
and resources consumed
×
×
×
Siloed Inefficient operational model
Repetitive Manual correlation of data
Error Prone Consumes time and resources
WLAN
LAN
WAN
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
• You can use to column grid for laying out slides with more
Grey:
Disconnected
AP
Yellow: AP w/
unresolved
non-critical
alarms
Red: AP
w/ critical
alarms
Active
rogue
APs
802.11u
location
specific
service
Zoom &
Pan
controls
Next-Gen Maps • Reduced Clutter • Faster Loading • Better Navigation • Scalable Vector
Graphics • High quality
images with zoom in/out
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
Experience
Analy
sis
Server
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
Control and Visibility for IT—Predictability for Users
Access Switches
Compact 3750-X/3560-X 2960-S 4500E
Core Switches
6500 Series
Access Points
600 Series
Teleworker
3600 Series
Density
1550 Series
Outdoor
1600
2600
2600e
3600
Indoor
Mobility Services Engine
3310 and 3355
Physical or Virtual
Wireless LAN Controllers
2500 Series WLC on SRE
5500 Series WiSM2
7500
Identity and Policy Data Integration
ISE
PI
Physical
or Virtual
8500
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
BEFORE Wireless Interference Decreases
Reliability and Performance
AFTER Cleanair Mitigates RF Interference
Improving Reliability and Performance
Wireless Client
Performance
Chip Level Proactive and Automatic Interference Protection
Improves Performance and Predictability
Air Quality Performance Air Quality Performance
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
High Resolution Interference Detection, Classification, and Mitigation at Chip Level
Detect | Classify | Locate | Mitigate
• CleanAir radio ASIC
• Detect Wi-Fi and non-Wi-Fi interference sources
• Assess impact to Wi-Fi performance
• Proactively change channels when interference occurs
• Monitor air quality
35
100
63
97
20 90
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
Identify, Analyze, and Optimize Application Traffic
AFTER Network Based Application Recognition –
NBAR2 Deep Packet Inspection and App ID
Provides Unparalleled Visibility and Control
BEFORE Application View and ControL Based
On L4 Firewall Sessions
NBAR2 LIBRARY
Deep Packet Inspection
Real Time
Interactive
Non-Real Time
Background
POLICY
Packet Mark
and Drop
First Generation
Firewall
Visibility to the port level interaction but not
the applications running within the port
View, Control and
Troubleshoot – End User Application Experience FW L4 Session Visibility and Control
HTTP = 75%
SMTP = 15%
FTP = 2%
Telnet = 1%
SNMP = 3%
Wireless LAN Controller
Traffic
Improved
Visibility and
Control
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
Reduces Coverage Holes/Improves Both Upstream and Downstream
Improves Predictability and Performance
ClientLink Disabled ClientLink Enabled
450 Mbps
300 Mbps
150 Mbps
65 Mbps
6 Mbps
450 Mbps
300 Mbps
150 Mbps
65 Mbps
6 Mbps Beacon Rate
Connection Rate
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
600 Mbps
450 Mbps
802.11
1999 2003 2007
2 Mbps
11 Mbps
802.11b
54 Mbps
802.11ag
24 Mbps
300 Mbps
65 Mbps
802.11n
6900 Mbps
1300 Mbps
870 Mbps
290 Mbps
6900 Mbps
3500* Mbps
1730* Mbps
290 Mbps
2013
Wave 1
802.11ac
2014
Wave 2
802.11ac
* Assumes 160MHz channel width is available and usable
802.11ac = game changer
802.11n 802.11ac
Band 2.4GHz & 5.0GHz 5.0GHz only
PHY Rate 65 Mbps – 600 Mbps 290 Mbps – 6.9 Gbps
MAC
Throughput 45 Mbps – 420 Mbps 194 Mbps – 4.8 Gbps
Spatial Streams 4 8
Modulation 64 QAM 256 QAM
Channel Width 20 or 40 MHz 20, 40, 80, *80+80, 160
MHz 1
Spatial
Streams
3
Spatial
Streams
8
Spatial
Streams
Key benefits:
• Increased speed
• Improved battery life
Gig
ab
it E
the
rne
t U
pli
nk
2 G
igab
it E
thern
et
Up
lin
ks
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
Wired-Like Video Delivery over Wireless
AFTER Dynamic RF Management
Improves Predictability and Performance
BEFORE Manual RF Management
High School
Superintendent | Classroom | K12 Superintendent | Classroom | K12
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
Apple Bonjour and other consumer protocol service gateway.
BEFORE Isolated Apple Bonjour Network
AFTER Bonjour Discovery, Advertisement & Policy
Bonjour Services Directory Apple Bonjour discovery, advertisement and policy
Enterprise / Higher
Education / K-12
Isolated
Services
No Network
Policy
L2
Only
Service
Cache and
advertise
VLAN and
WLAN Policy
Enforcement
Services
Across L3
boundary
Routed Network
Apple TV Apple TV
Printer
WLAN
X
mDNS & Bonjour Services NOT Routed
Routed Network
Apple TV Apple TV
Printer
WLAN
WLAN Controller
mDNS Profiles Policy & Control
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
Sub Second Recovery / Convergence for Both WLAN and LAN
AFTER WLAN and LAN Recovery / Convergence
Times Are Both Sub Second
Improves Predictability
BEFORE WLAN and LAN Recovery / Convergence
Times Significantly Different
×
WLAN 30+ second recovery / convergence
LAN Sub second recovery / convergence
AP
State
Sync AP Failover
N+1 Redundancy
WLAN Sub second recovery / convergence
LAN Sub second recovery / convergence
AP Resiliency
High Availability Provide Mission
Critical Support
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
Simplify IT Operations with One Policy –
One Management – One Network
Visualize and control what applications
are running on the network
Make sure that policy follows the user
wherever they go on the network?”
Easily manage onboarding and access rights
for students, faculty, staff and guests
Enables you to “say yes” to BYOD
without increasing your IT staff
Delivers the most predictable
user experience in the industry
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
Thank You