wi-fi technology deep dive: part 2 - network infrastructure€¦ · top selling – 802.11ac wave 1...
TRANSCRIPT
1
WI-FI TECHNOLOGY DEEP DIVE: PART 2
Vamshi Doma, Senior Product Manager, Avaya Wireless LAN Todd Savarese, Senior Wireless Architect, Avaya Wireless LAN
Deploying a high performance Wireless LAN with Avaya WLAN 9100
Thank you Sponsors!
Global
Sponsors
Gold
Sponsors
Silver
Sponsors
@Avaya
#AvayaATF
Join the
Conversation
© 2016 Avaya Inc. All right reserved 4 4
AGENDA – PART 1
What was covered in Part 1 of the Session
Radio Frequency Fundamentals
AP Configuration & Considerations
Special Considerations to optimize your wireless network
Q & A
© 2016 Avaya Inc. All right reserved 5 5
AGENDA – PART 2
Avaya WLAN 9100 Portfolio Overview
– Access Point & Antenna Options
– Access Point Positioning
Avaya WLAN 9100 Deployment Best Practices
– Network Planning & Design
– Radio Frequency Planning
– Feature Considerations
Q & A
What is covered in Part 2 – Current Session
AVAYA WLAN 9100
PORTFOLIO OVERVIEW
© 2016 Avaya Inc. All right reserved 7 7
INTRODUCING AVAYA WLAN 9100 SERIES
Next generation Application Recognition and
Control at the network edge
APPLICATIONS
Device fingerprinting & policy enforcement for
secure network access in BYOD environments
DEVICES
Spectrum optimization with Software
Programmable Radios to maximize 5GHz bandwidth
SPECTRUM
Avaya Fabric to the wireless edge enables network
automation for wireless deployment SIMPLICITY
1
2
3
4
© 2016 Avaya Inc. All right reserved 8
AVAYA WLAN 9100 SOLUTION
Portfolio Overview
WAP
9112
WAP
9114
WAP
9122
WAP
9123
WAP
9132
WAP
9133
WAP
9144
WAE
9132 External
WAO
9122 Outdoor
WAO
9132 Outdoor
WAP
9172/
9173
Wall mount
802.11ac
2x2 AP
Price Optimized
802.11ac
2x2 AP
802.11n
2x2 AP
802.11n
3x3 AP
802.11ac
2x2 AP
802.11ac
3x3 AP
802.11ac
Wave 2
4x4 AP
Plenum rated
802.11ac
2x2 AP
802.11n
2x2 AP
802.11ac
2x2 AP
802.11ac
2x2/3x3
2 Radios 2 Radios 2 Radios 2 Radios 2 Radios 2 Radios 2 Radios 2 Radios 2 Radios 2 Radios 4 Radios
Common Advanced Feature Set
Integrated Controller
On-Premise or Cloud Management (future)
AOS-Lite Software AOS Software
Application Control
Software Programmable Radios
Fabric Attach
© 2016 Avaya Inc. All right reserved 9
WAP9144
Next Generation 802.11ac Wave 2 Indoor Access Point
WAP9144xx-E6 – Two 4x4 802.11ac Wave 2 Radios
– Software Programmable Radios – Concurrent 802.11ac Wave 2 on both radios
– MU-MIMO – 4 simultaneous users
– Explicit Beam Forming
– 160MHz Bonding – For home office use. Not recommended for Multiple AP deployments in Enterprises
– Zero Wait DFS*
– AirIQ – Spectrum Analysis*
– Bluetooth Low Energy (BLE)*
Physical interfaces – 2 x 1GigE ports (Link aggregation, bonding, daisy chain)
– Maximum Power 24 W ( Requires PoE+)
Software – AOS version 8.1.0 or later
– WOS version 7.5.5 or later
Positioning – Enterprises seeking Future Proof, High Performance, Feature Rich solution.
– All Indoor 802.11ac Wave 2 deployments
– Deployments requiring BLE Support
* HW capability in release 8.1 – software support added in upcoming releases.
© 2016 Avaya Inc. All right reserved 10
WAP9133
High Performance 802.11ac Wave 1 Indoor Access Point
WAP9133xx-E6 – Two 3x3 802.11ac Wave 1 Radios
– Software Programmable Radios
– Concurrent 802.11ac Wave 1 on both radios
Physical interfaces – 2 x 1GigE ports (Link aggregation, bonding, daisy chain)
– Maximum Power 23.8 W (Requires PoE+)
Software – AOS version 7.0.0 or later (Rev 1 to Rev 3)
– AOS version 7.5.1 or later (Rev 4 and above)
– WOS version 7.0.0 or later
Positioning
– Enterprises seeking High Performance & Feature Rich 802.11ac Wave 1 Solution
– Environments where Personal Computers are the primary computing devices
– Examples
– Corporate Offices
– Higher Education – Universities & Colleges
– Health Care
© 2016 Avaya Inc. All right reserved 11
WAP9132
Top Selling – 802.11ac Wave 1 Indoor Access Point
WAP9132xx-E6
– Two 2x2 802.11ac Wave 1 Radios
– Software Programmable Radios
– Concurrent 802.11ac Wave 1 on both radios
Physical interfaces – 2 x 1 GigE ports (Link aggregation, bonding, daisy chain)
– Maximum Power
– 19 W (Requires PoE+)
– Supported with PoE switch with Restricted functionality
Software
– AOS version 7.0.0 or later (Rev 1 to Rev 3)
– AOS version 7.5.1 or later (Rev 4 and above)
– WOS version 7.0.0 or later
Positioning
– Enterprises seeking Economic & Feature Rich 802.11ac Wave 1 Solution without compromising on Performance
– Environments where Handheld Devices – Tablets or Smart Phones are the primary computing devices
– Examples
– K – 12 School Districts
– General Purpose Access Points suitable for all Indoor ceiling / wall installations in enterprises where WAP9144 or WAP9133 is not suitable due to budget availability
© 2016 Avaya Inc. All right reserved 12
WAP9114
802.11ac Wave 1 Indoor Access Point at 802.11n Cost
WAP9114xx-E6
– Two 2x2 Radios
– Fixed Radios - 802.11bgn (2.4GHz) & 802.11ac Wave 1 (5GHz)
– Enterprise Security, QoS
– Layer 2 Roaming
– Device Fingerprinting
– Statefull Filtering / Firewall
Physical interfaces – 1 x 1 GigE port
– Maximum Power 12.5 W (PoE)
Software
– AOS-Lite version 7.9.0 or later
– WOS version 7.5.5 or later (Can be managed via WOS only)
Positioning
– Small & Mid Market enterprises looking for 802.11ac performance at the lowest cost.
– When competing with competitive low end products
© 2016 Avaya Inc. All right reserved 13
WAE9132
Plenum Rated 802.11ac Wave 1 Indoor Access Point
WAE9132xx-E6
– Two 2x2 802.11ac Wave 1 Radios
– Software Programmable Radios
– Flexible coverage options using external antennas
Physical interfaces – 2 x 1 GigE ports (Link aggregation, bonding, daisy chain)
– Maximum Power 25.5W (PoE+)
– 4 N-Type Antenna Connectors (2 per Radio)
Software
– AOS Rel 7.6.0 or later
– WOS Rel 7.5.5 or later
Positioning
– Indoor Environments requiring directional coverage
– High density indoor environments
– Environments requiring plenum installation
– Examples
– Plenum installations in Healthcare
– Convention Centers, Auditoriums, Conference Halls with High Ceilings
– Indoor Stadiums / Arenas
– Indoor Point-To-Point WDS / Bridging
© 2016 Avaya Inc. All right reserved 14
WAO9132
Outdoor 802.11ac Wave 1 Access Point
WAEO132xx-E6
– Two 2x2 802.11ac Wave 1 Radios
– Software Programmable Radios
– Operating Temperature: -20C to +55C, 0-90% humidity, non-condensing
– Storage Temperature: -40C to 70C
– IP65 Rated
– Flexible coverage options using external antennas
Physical interfaces – 2 x 1 GigE ports (Link aggregation, bonding, daisy chain)
– Maximum Power 25.5W (PoE+)
– 4 N-Type Antenna Connectors (2 per Radio)
Software
– AOS Rel 7.6.0 or later
– WOS Rel 7.5.5 or later
Positioning
– All Outdoor Environments
– Examples
– Outdoor Stadiums / Arenas
– Outdoor Coverage for all Enterprises
– Outdoor Point–To– Point WDS / Bridging
© 2016 Avaya Inc. All right reserved 15
WAP9112
In Room 802.11ac Wave 1 Indoor Access Point – Wall Jack
WAP9112xx-E6 – Two 2x2 Radios
– Fixed Radios - 802.11bgn (2.4GHz) & 802.11ac Wave 1 (5GHz)
– Enterprise Security, QoS
– Layer 2 Roaming
– Device Fingerprinting
– Statefull Filtering / Firewall
Physical interfaces – 1 GigE Uplink Port
– 4 Port 10/100/1000 Switch includes 1 PoE port
– Pass through RJ-45
– Maximum Power 9 W (PoE for AP only) / 25.4 W (PoE+ when delivering power)
Software – AOS-Lite version 7.8.4 or later
– WOS version 7.5.3 or later (Can be managed via WOS only)
Positioning – In Room Wi-Fi Solution
– Examples
– Guest Rooms in Hotels & Lodging
– Dorm Rooms in Higher Education
– Walled Office Rooms
© 2016 Avaya Inc. All right reserved 16
WAP9172 / WAP9173
Four Radio 802.11ac Wave 1 Indoor Access Point
Four Radio Indoor Access Points
– 802.11ac, 2x2 (WAP9172) / 3x3 (WAP9173) MIMO Indoor Access Point.
– Four Software Programmable Radios
– 802.11ac Wave 1 support on all four radios.
– Integrated high gain 120° directional antennas.
Power Requirements
– WAP9172 - IEEE 802.3at Power Source
– WAP9173 – Up to 38Watts (Requires - WPR9100A2-E6 - New 75W power injector )
Software
– AOS version 7.2.4 or later
– WOS version 7.2.0 or later
– Consumes 2 AP Licenses on WOS and for Application Control
Positioning
– Indoor High Density environments
– Examples
– Convention Centers, Auditoriums, Conference Halls with Regular Ceilings
– High density Class Rooms / Lecture Halls
– Libraries
© 2016 Avaya Inc. All right reserved 17
WAP9172 / WAP9173
Sample Coverage Patterns of the 4 Directional Antennas
Radio 1
5GHz – Ch 40 (Timeshare)
Radio 2
5GHz – Ch 149
Radio 3
2.4GHz – Ch 11
Radio 4
5GHz – Ch 100
© 2016 Avaya Inc. All right reserved 18
WAT911035-E6
High Gain, High Density Dual Band Indoor / Outdoor Patch Antenna
Supported Models
– WAE9132 – 1 Antenna & 4 Cables per AP
– WAO9132 – 1 Antenna & 4 Cables per AP
Antenna Gain 13 dBi (2.4GHz & 5GHz)
Connectors : N-Type leads (4 – 2 per Radio)
Installation: Articulating Wall/Pole Mount (included)
Operating Temperature: -40 to 149°F (-40 to 65°C)
Wind Velocity: 130 mph (210 km/h)
Beamwidth
– Horizontal: 40°H, 40°V / 30°H, 35°V
– Vertical: 40°H, 40°V / 35°H, 30°V
Polarization: 2 Vertical 2 Horizontal
– Dual Polarity does not change the radiation pattern (coverage area), but modifies they way the sine wave travels
– Dual Polarity reduces signal collision improving data rates and signal efficiency.
© 2016 Avaya Inc. All right reserved 19
WAT911040-E6
Medium Gain, High Density Dual Band Indoor / Outdoor Patch Antenna
Supported Models
– WAE9132 – 1 Antenna & 4 Cables per AP
– WAO9132 – 1 Antenna & 4 Cables per AP
Antenna Gain 10 dBi 2.4 / 11 dBi 5GHz
Connectors : N-Type leads (4 – 2 per Radio)
Beamwidth
– Horizontal: 41°H, 52°V / 34°H, 40°V
– Vertical: 54°H, 40°V / 42°H, 33°V
Polarization: 2 Vertical, 2 Horizontal
– Dual Polarity does not change the radiation pattern (coverage area), but modifies they way the sine wave travels
– Dual Polarity reduces signal collision improving data rates and signal efficiency.
Installation: Articulating Wall/Pole Mount (included)
Operating Temperature: -40 to 149°F (-40 to 65°C)
Wind Velocity: 130 mph (210 km/h)
© 2016 Avaya Inc. All right reserved 20
WAT911090-E6
Medium Gain, High Density Dual Band Indoor / Outdoor Patch Antenna
Supported Models
– WAE9132 – 1 Antenna per AP
– WAO9132 – 1 Antenna per AP
Antenna Gain 4 dBi 2.4 / 7 dBi 5GHz
Connectors : N-Type leads (4 – 2 per Radio)
Cable Length: 36” (910mm)
Polarization: Vertical
Beamwidth
– Horizontal: 99°/58°
– Vertical: 65°/40°
Installation: Articulating Wall/Pole Mount (included)
Operating Temperature: -40 to 149°F (-40 to 65°C)
Wind Velocity: 130 mph (210 km/h)
© 2016 Avaya Inc. All right reserved 21
WAT912360-E6
High Gain Dual Band Indoor / Outdoor Omni-Directional Antenna
Supported Models
– WAE9132 – 1 Antenna per AP
– WAO9132 – 1 Antenna per AP
Antenna Gain 4 dBi 2.4 / 6 dBi 5GHz
Connectors : N-Type leads (4 – 2 per Radio)
Cable Length: 36” (910mm)
Polarization: Vertical
Beamwidth
– Horizontal: 360°
– Vertical: 144°/55°
Installation: Threaded Bolt with Nut and Wall/Pole Mount
Operating Temperature: -40 to 149°F (-40 to 65°C)
Wind Velocity: 130 mph (210 km/h)
© 2016 Avaya Inc. All right reserved 22
WAT91360R-E6
Dual Band Indoor Rubber Duck Antenna
Supported Models
– WAE9132 – 4 Antennas per AP – Cables Not Required
Antenna Gain: 2 dBi 2.4 GHz / 3 dBi 5GHz
Connector: N-Style Plug
Polarization: Vertical
Beamwidth
– Horizontal: 360°
Articulation: 90 Degrees
Installation: Direct Connect to AP
Installation Environment: Indoor
© 2016 Avaya Inc. All right reserved 23
ACCESSORIES
Enclosures
WAB910004-E6
– 12x12x6
– Solid door
– Latch Lock
– NEMA 4x
– Ideal Applications
– Carpeted space, Indoor/Outdoor WiFi, Stadium
WAB910005-E6
– 12x14x6
– Solid Door
– Key Lock
– NEMA 4x
– Ideal Applications
– Carpeted space, Indoor/Outdoor WiFi, Stadium
© 2016 Avaya Inc. All right reserved 24
Service Policies
Dashboard
RF Visibility Auto
Provisioning
Analytics Tools / API
WOS
WIRELESS LAN ORCHESTRATION SYSTEM
Intuitive Management
© 2016 Avaya Inc. All right reserved 25 25
25
Cloud Management
On-Premise
WIRELESS LAN ORCHESTRATION SYSTEM
On Premise & Cloud
© 2016 Avaya Inc. All right reserved 26
WI-FI DESIGNER
26
Windows based application
Predictive Site Surveys – Plan Wi-Fi Network Strategy, optimal number of Aps required and AP Placement.
Site Modeling - Model different site conditions, AP configurations and positioning options to visualize impact to RF coverage and capacity
Active Site Surveys – Perform onsite surveys with Avaya Aps taking real-time measurements to qualify the network design & AP placements.
Post Deployment Surveys - Validate post-installation capacity and coverage against the initial plan to ensure a successful deployment
Site Survey Application – Free Tool for Customers / Partners
© 2016 Avaya Inc. All right reserved 27
WAP9112 WAP9114 WAP9132 WAP9133 WAP9144
Operating System AOS Lite AOS Lite AOS AOS AOS
Management WOS WOS WOS, WMI, CLI WOS, WMI, CLI WOS, WMI, CLI
802.11ac Wave 1 Wave 1 Wave 1 Wave 1 Wave 2
Spatial Streams 2x2 2x2 2x2 3x3 4x4
802.11ac Radios per AP 1 1 2 2 2
Radio Band (2.4 or 5 GHz) Fixed Fixed Programmable Programmable Programmable
Power Requirement PoE / PoE+ PoE PoE+ / PoE* PoE+ PoE+
External Power Supply Optional PoE Injector PoE Injector PoE Injector PoE Injector
Uplink Ports 1 x 1 GigE 1 x 1 GigE 2 x 1 GigE 2 x 1 GigE 2 x 1 GigE
Switch Ports 4 + 1 Pass Through 0 1 (uplink) 1 (uplink) 1 (uplink)
Mounting Wall Ceiling / Wall Ceiling / Wall Ceiling / Wall Ceiling / Wall
Included Brackets Wall Ceiling Ceiling Ceiling Ceiling
Paintable Yes No No No No
* WAP9132 Requires PoE+ but is supported with PoE switch connection with restrictions
WLAN 9100 ACCESS POINT POSITIONING
Access Point Capability Comparison
© 2016 Avaya Inc. All right reserved 28
WAP9112 WAP9114 WAP9132 WAP9133 WAP9144
802.11a/b/g/n/ac
Integrated Controller
Wireless Security
Wireless QoS (WMM)
Multiple SSIDs / Radio
Wireless Client VLANs
Dynamic VLAN Assignment (RADIUS)
Auto Channel / Power
Stateful Filtering/Firewall
Device Fingerprinting
Layer 2 Roaming
Application Control * *
Fabric Attach * *
Intrusion Detection * *
External Captive Portal * *
User Groups * *
802.11k / 802.11r * * * * *
* Software Features planned for upcoming releases
WLAN 9100 ACCESS POINT POSITIONING
Access Point Feature Comparison
© 2016 Avaya Inc. All right reserved 29
WAP9112 WAP9114 WAP9132 WAP9133 WAP9144
Intrusion Prevention
Layer 3 Roaming
GRE Tunneling
Client Load Balancing / Band Steering
Roaming Assist / RF Optimizations
Bonjour / MDNS Gateway
Multicast Traffic Optimization
Internal Captive Portal/WPR
Internal RADIUS Server
CLI / WMI / SNMP
North Bound API
WOS Maps / RF Views
802.11 Location Services
BLE iBeacon for Location Services*
Zero Wait DFS*
AirIQ Spectrum Analysis*
* Future Proof - Hardware Capability at Launch – Software Capabilities planned for upcoming releases
WLAN 9100 ACCESS POINT POSITIONING
Access Point Feature Comparison
AVAYA WLAN 9100
DEPLOYMENT BEST PRACTICES
© 2016 Avaya Inc. All right reserved 31
INTRODUCTION
Wireless LAN Network Design Challenges
Mobility in any business is ubiquitous and is no longer a best effort solution.
Delivering a highly secure and reliable wireless network is the foundation for business continuity and growth.
Wireless LAN done right can be a strategic IT advantage that enables delivery of wired-like performance and predictability of mobile applications.
Often times business applications need to be supported on a broad spectrum of client devices that come with varying capabilities and are not always optimized for wireless connectivity.
Wireless Networks are also required to co-exist with a variety of legacy wireless technologies that interfere with 802.11 spectrums and must be resilient to interference from these sources.
Successful Wireless LAN deployments in complex RF environments and delivering diverse applications and services can a huge challenge for IT staff.
© 2016 Avaya Inc. All right reserved 32
INTRODUCTION
About these Best Practices
The complexity and diversity in enterprise environments means one design does not fit all the deployments.
These Best Practices are for WLAN 9100 deployments for typical indoor enterprise networks.
Wireless LAN Network Design at Large Public Venues require additional Planning and Tuning that is outside the scope of this guide.
The guidelines in this document should be considered as a reference while adapting them to address business and site specific requirements.
This best practices are organized into following sections
– Network Planning & Design
– Radio Frequency Planning
– Avaya WLAN 9100 Feature Considerations
© 2016 Avaya Inc. All right reserved 33
INTRODUCTION
Wireless LAN 9100 Solution - Requirements
Required Components
– Avaya WLAN 9100 Access Points
– Wireless LAN Orchestration System
Recommended Components
– Avaya Fabric Network
– Avaya Identity Engines – Ignition Server
Optional Components
– Avaya Identity Engines – Guest Manager
– Avaya Identity Engines – Access Portal
– Avaya Identity Engines – Guest Tunneling Server
© 2016 Avaya Inc. All right reserved 34
NETWORK PLANNING & DESIGN
Wireless LAN Management Network
Wireless LAN Management Network provides network connectivity for the Access Points
– Communication between Access Points for integrated controller functions.
– Communication of Access Point with external RADIUS Servers, Active Directories etc.
– External configuration and management using WOS, API, WMI, CLI or Virtual Console
Management Network Size
– It is recommended to limit the number of APs in a broadcast domain up to 500 or /23 subnet.
– APs in a contiguous roaming environment or a common RF “cloud” are recommended to be in the same management network
– If the site RF characteristics demand more than 500 APs in a single RF cloud, then it is recommended to create separate roaming zones and limit the broadcast domain.
– Use separate broadcast domains when wireless client does not require seamless RF coverage between buildings or sites.
© 2016 Avaya Inc. All right reserved 35
NETWORK PLANNING & DESIGN
Wireless LAN Management Network
It is recommended to separate Wireless LAN Management VLAN from the default VLAN of the wired network to isolate Wireless LAN Management Traffic.
Wireless LAN Management VLAN on AP is not required/recommended.
– AP uses untagged packets for all management traffic when management VLAN is not created.
Edge Switch Port Configuration
– PVID = WLAN Management Network
– Tagging with UntagPVIDOnly
– Trusted Port
– STP BPDU Filtering Disabled
Wireless LAN Management Network of all APs should be enabled for DHCP and it is recommended to have DHCP Reservations for the Access Points.
The DNS server for the AP Management Networks should be updated with the entry for AVAYA-WOS pointing to the WOS virtual machine.
© 2016 Avaya Inc. All right reserved 36
NETWORK PLANNING & DESIGN
Wireless LAN Management Network & Avaya Roaming Protocol
Avaya Roaming Protocol operates on the AP management network and exchanges key information to enable features like
– Seamless Roaming
– Auto RF - Auto Channel, Auto Cell, Auto Band
– Intrusion Detection and Prevention etc.
Protocol has two components
– Wireless component that enables Access Point to discover neighboring Access Points and key RF information.
– Wired component that enables Access Points to exchange information discovered over the air to converge on certain features as well as information about client sessions to facilitate fast roaming.
APs exchange Roaming Protocol messages upon
– Client association
– Client Disassociation
– Client Roaming
– Periodically at 30 second intervals to synchronize the required information
© 2016 Avaya Inc. All right reserved 37
NETWORK PLANNING & DESIGN
Wireless LAN Management Network & Avaya Roaming Protocol
WLAN Management Network in a contiguous RF environment is in a single broadcast domain
– Access Points use broadcast as a means to communicate Roaming Protocol messages with each other over the wire.
WLAN Management Network is separated across multiple Layer 3 subnets
– Access Points exchange unicast messages with other Access Points discovered over the Air.
For Layer 3 Roaming scenarios, when clients have to roam seamlessly across Layer 3 client subnets, Access Points are required to be in Unicast mode for message exchange even when their management network is a single broadcast domain.
© 2016 Avaya Inc. All right reserved 38
NETWORK PLANNING & DESIGN
Wireless LAN Client Networks
Wireless LAN Client Network is the Network an associated station is placed in upon successful association and authentication.
Wireless Stations may be assigned to separate Networks based on user or device policy
It is not required or recommended to have unique SSIDs to put stations in unique client networks.
A Wireless Client is assigned to a specific network based on one or more of the following criteria
– RADIUS Attribute specifying VLAN or User Group with unique VLAN
– VLAN mapped to User Group assigned via Device Finger Printing
– VLAN mapped to the SSID
– Management VLAN if there is no VLAN mapped to the SSID
In scenarios where multiple criteria apply the precedence is from top to bottom in the above list.
© 2016 Avaya Inc. All right reserved 39
NETWORK PLANNING & DESIGN
Wireless LAN Client Networks – Traffic Forwarding
Local Forwarding - Wireless Client Networks are extended to the Edge Switch Port
– AP considers the VLAN active and can forward traffic for the client in the specified Network.
– Default behavior of the APs due to the Integrated Controller architecture.
– Avaya Fabric Attach enables network automation to dynamically extend the client networks when an AP is plugged.
Guest Traffic Isolation
– Guest Network Isolation is a security requirement for network access control to separate the guest traffic out of intranet and vice-versa.
– For Avaya Fabric Connect customers, the preferred method of Guest Isolation would be a separate VSN for Guest Traffic.
– For non Fabric customers, Guest Network Isolation is achieved by tunneling Guest Traffic directly from the Access Points to the Guest Tunneling Server in the DMZ
© 2016 Avaya Inc. All right reserved 40
NETWORK PLANNING & DESIGN
Wireless LAN Client Networks – VLAN Pools
A VLAN pool is a set of VLANs that allows a client associating to an AP to be assigned to one of the VLANs in the pool rather than to a particular VLAN.
When using VLAN Pools, the VLAN Pool has to be defined and assigned to the SSID.
All the VLANs in the VLAN Pool have to be extended to the all the Edge Switch Ports connected to the AP.
– When deployed with Fabric Attach, VLANs are automatically extends the to the edge switch port.
When a new client associates to an SSID mapped to a VLAN Pool, the client is assigned to a VLAN in the pool based on the the client MAC and the number of VLANs in the pool.
The algorithm will always assign the same VLAN to a client even when it roams as long as the VLANs in the VLAN Pool are the same across APs.
VLAN Pooling is useful in specific networking situations where the client density requires distributing load on the DHCP/DNS/External Captive Portal Servers, Firewalls or Internet Gateways.
RADIUS or User Group specified VLAN takes precedence over VLAN assigned from the VLAN Pool.
© 2016 Avaya Inc. All right reserved 41
NETWORK PLANNING & DESIGN
Wireless LAN Client Networks – Roaming
Layer 2 Roaming Networks
– All the APs in a contiguous roaming environment or a common RF “cloud” have common client networks that are active.
– A client is assigned to the same VLAN/IP Subnet no matter which AP the client is associated to first.
– As Client roams from one AP to another within the RF cloud – traffic is locally forwarded.
Layer 3 Roaming Networks
– The APs in a contiguous roaming environment assign different VLANs based on which AP the client is associated to.
– The Client IP Subnet varies based on which AP the client does a new association.
– As Client roams from one AP to another – AP retains the original VLAN/IP for the client and tunnels to the AP where the client completed its original association.
– If a Client disassociates and comes back to the network, it is placed on the local network and it will get a new IP in the local subnet.
– Common example – APs on different floors use different client VLANs.
© 2016 Avaya Inc. All right reserved 42
NETWORK PLANNING & DESIGN
Wireless LAN Client Network
Deploy a common VLAN/IP subnet for a given wireless client/user on all the APs that are in a contiguous roaming environment or a common RF “cloud”.
Extend all the Client VLANs to all the APs in the contiguous roaming environment for Local Forwarding.
– Fabric Attach automatically extends client networks to the required Access Points and eliminate the need for manually configuring each wiring closet switch/port.
For large networks, where the traditional network design principles for limiting the broadcast domains is required, it is recommended to
– Use RADIUS /Active Directory or Device Fingerprinting based VLAN assignment
– Use VLAN Pools if multiple VLANs are required for the same group of users/devices.
– Air Cleaner capability of the 9100 solution eliminates unnecessary broadcast traffic from consuming air-time / RF resources.
It is not recommended to advertise separate SSIDs for Client Network Isolation/VLAN separation.
– Every SSID added hidden or advertised consumes Air time and impacts performance.
– When multiple SSIDs are required due to security policies or device capabilities, IT is recommended to separate that traffic on the network as well
– Legacy devices with limited security capabilities (WEP or WPA/TKIP) can degrade overall network security and performance..
– To prevent replication of broadcast traffic over the air for clients across multiple SSIDs.
© 2016 Avaya Inc. All right reserved 43
NETWORK PLANNING & DESIGN
Wireless LAN SSIDs Planning
A Service Set Identifier (SSID) is the identifier used for logical grouping of devices
– Normal practice to use multiple SSIDs on an Access Point to provide differentiated wireless services with respect to security, quality of service and network access.
The number of SSIDs enabled on a Radio will have a significant impact on the channel utilization and available bandwidth for wireless clients
The decision to enable a new SSID should always be approached with extreme caution and all redundant SSIDs have to be eliminated
Unique SSIDs should only be considered when network access has to be provided for devices and users with unique 802.11 Authentication & Encryption requirements like
– WPA2/802.1x Authentication for Staff
– WPA2/Pre-Shared Key for devices / users without 802.1x capability
– Open or Captive Portal Authentication for Guest access
– WEP/WPA-TKIP/MAC Authentication for Legacy Devices that cannot support the current secure standards.
© 2016 Avaya Inc. All right reserved 44
NETWORK PLANNING & DESIGN
Wireless LAN SSIDs Planning
Limit the number of SSIDs to 3.
Use User Groups instead of SSIDs for differentiated services including
– Wireless LAN Client VLAN,
– Application Control & Firewall Policies
– Quality of Service and Bandwidth/Time restrictions
– Unique Captive Portal Pages
User Groups can be assigned to clients based on
– RADIUS attributes
– Device fingerprinting.
Eliminate SSIDs from locations where it is not required to minimize the number of SSIDs throughout the campus,.
– This could increase the number of Profiles but helps the RF environment.
– For enable Guest SSID only in areas that permit Guest users instead of broadcasting it throughout the campus.
© 2016 Avaya Inc. All right reserved 45
NETWORK PLANNING & DESIGN
Wireless LAN SSID to Client Network Mapping
Wireless Clients associated to a SSID are assigned a Wireless LAN Network based User / Device Policy.
Avoid creating Multiple SSIDs on a Radio assigning devices to the same VLAN/Broadcast domain
Layer 2 Roaming
– Clients do not cross the Layer 3 subnet as they roam within the contiguous roaming area
– Layer 2 Roaming is achieved when a wireless client is assigned to a VLAN based on
– Common RADIUS attributes or Group Policies across the contiguous roaming area
– If all the Access Points in a contiguous roaming area are configured with the same SSID to VLAN /VLAN Pool Mapping
Layer 3 Roaming
– Client roams across APs that have different SSID to VLAN mapping and crosses Layer 3 subnet as it roams.
– The client retains its original IP Address/subnet while the session is active where new AP tunnels all the client traffic to the previous AP.
Many applications like Voice and Video or Medical Devices with low latency needs require seamless roaming and perform optimally under Layer 2 Roaming conditions.
It is best practice to ensure that all APs in a contiguous roaming area and share a common RF cloud maintain the same SSID to VLAN assignment between all access points.
© 2016 Avaya Inc. All right reserved 46 46
1. Wireless access points (AP) plugged into the edge switch.
Policy control configures AP’s and adds them to the network
2. User VSNs/VLANs are automatically extended to the edge
when the AP is plugged in.
3. When the AP is disconnected – the VSNs/VLANs are
retracted.
4. When a new device say a Phone or PC is plugged in, the
VSNs/VLANs authorized for that device are now extended to
the port
Keep the edge of your network locked down while providing authorized users with
plug-and-play connectivity
NETWORK PLANNING & DESIGN
AVAYA Fabric Attach - Automate the Edge Using Secure Elastic Zones
© 2016 Avaya Inc. All right reserved 47 47
NETWORK PLANNING & DESIGN
Delivers a Zero Touch Network – Automation of Network Edge, Distribution and Core
– Service Provisioning at the Edge of the Network
– Authentication & Authorization of Services
Requirements – Avaya Fabric Network
– Avaya Identity Engines as a Fabric Attach Policy Server
– Avaya Wireless LAN 9100 Access Points
New Deployment – Configure Profiles in Wireless LAN Orchestration System
– Configure Service Bindings in Identity Engines
– Plug in APs
New Service Provisioning – Update Profile in Wireless LAN Orchestration System
– Update Service Bindings in Identity Engines
– Trigger Change of Authorization via Identity Engines
AVAYA Fabric Attach - End to End Fabric Environments
© 2016 Avaya Inc. All right reserved 48 48
NETWORK PLANNING & DESIGN
Delivers a Zero Touch Edge – Configure Core/Distribution manually
– Automation of Network Edge – Fabric Attach Standalone Proxy
– Service Provisioning at the Edge of the Network
Requirements – Avaya Fabric Attach Standalone Proxy capable switch
– Avaya Wireless LAN 9100 Access Points
New Deployment – Configure Distribution / Core Network with services extended to Wiring Closet Ports.
– Plug in Wiring Closet Switches – Enable FA Standalone Proxy mode
– Configure Profiles in Wireless LAN Orchestration System
– Plug in APs
New Service Provisioning – Update Profile in Wireless LAN Orchestration System
AVAYA Fabric Attach - Non Fabric Environments
© 2016 Avaya Inc. All right reserved 49
RADIO FREQUENCY PLANNING
Key Challenges
Designing a wireless network in an enterprise environment requires specific attention in several key areas.
Every Wi-Fi environment has unique characteristics
– Floor Plans, Coverage Areas, Building Materials, objects inside the walls like plumbing, ventilation, wiring, objects on the floor all change the dynamics of Radio Frequency and have a significant impact.
Application & Device requirements vary considerably when it comes to wireless network access and performance.
– Applications like Voice and Video have low latency, jitter, roaming delay etc. compared to web or file transfer applications.
– The minimum signal strength that might be acceptable also differs from application to application.
The Antenna capability and power vary from deice to device
– The Number of Spatial Streams of client devices varies between 1x1 (smartphones), 2x2 (tablets/notebooks) or 3x3(notebooks)
– Transmit Power/Receive Sensitivity of the clients varies considerably.
– Mobile devices are often optimized for conserving battery and not for Wi-Fi performance.
– Roaming characteristics vary from device to device
© 2016 Avaya Inc. All right reserved 50
RADIO FREQUENCY PLANNING
Coverage Area Considerations
When designing a wireless network the areas that require Wi-Fi coverage have to be identified up front.
In environments where critical applications including Voice over Wi-Fi and Real Time Location Services are enabled, careful consideration has to be given to areas that require coverage compared to a typical enterprise environment where these locations may not require coverage.
Areas like shielded rooms, elevators or coverage area where signal has to cross the elevators, metal beams, heavy equipment can all interfere or block 802.11 signals and need to be considered during coverage area planning.
When performing a Site Survey, the coverage should be planned such that the minimum signal strength is -65dbM with a signal to noise ratio of 25db in all areas where coverage is required to support Wi-Fi applications.
In environments where single band devices are used, it is important to ensure the minimum coverage requirements are met for both 2.4GHz and 5GHz frequencies.
© 2016 Avaya Inc. All right reserved 51
RADIO FREQUENCY PLANNING
Cell Overlap Considerations
Cell overlap plays an important role in ensuring optimal client performance and roaming
Cell overlap should also be sufficient to ensure that a single AP failure will not negatively impact the performance of critical mobile applications.
Client should not have to have its signal deteriorate to the extent that the application performance is impacted before it makes a decision to roam.
Recommendation is to achieve 50% cell overlap while the transmit power matches that of the most sensitive wireless client.
Ex. Vocera recommends that you want to strive to keep -19dBm separation between similar non-overlapping channels (a client on channel 1 at -65dBm or better should not hear another channel 1 with a reading of -84dBm or better)
© 2016 Avaya Inc. All right reserved 52
RADIO FREQUENCY PLANNING
Radio Transmit Power Considerations
The output power of most Voice over Wi-Fi devices and smartphones is typically about 30mW (~15db)
– Check the client specification when determining the right value.
Avoid Asymmetric connections between the AP and the client
– Results in application performance issues and poor roaming behavior.
Match AP Tx Power with that of the business Critical Client.
For dual band clients,
– Match the 5GHz radio Tx Power with the client
– Keep the 2.4GHz radio Tx power about 3 to 6 dB lower
– This can steer the clients naturally towards 5GHz.
100mW (20dB)
32mW (15db)
10mW (10db)
32mW (15db)
32mW (15db)
32mW (15db)
© 2016 Avaya Inc. All right reserved 53 53
RADIO FREQUENCY PLANNING
Receive Signal Strength Indicator
– RSSI is a receivers interpretation of a signal based on the device’s receive sensitivity.
– Recommended Signal Strength for Voice and Multi-media applications is-50dBm
– Site Planning should consider a minimum signal strength of -65 is achieved throughout the coverage area.
– Although signal strength can be adjusted by tuning the transmit power of the antennas post installation, it can create an imbalance with that of the client transmit power as described in the previous section.
Signal To Noise Ratio – SNR
– Indicates how much useable signal is available
– Higher data rates achieved via advanced modulation require higher SNR values
– Maximize your SNR for successful wireless deployments
– SNR of 25 or above is recommended for optimal performance
RF Signal Quality Considerations
Access/Modulation Method ~ Required SNR (dB)
BPSK 1 / 2 8
BPSK 3 / 4 9
QPSK 1 / 2 11
QPSK 3 / 4 13
16-QAM 1 / 2 16
16-QAM 3 / 4 20
64-QAM 2 / 3 24
64-QAM 3 / 4 25
64-QAM 5 / 6 30
256-QAM 3 / 4 32
256-QAM 5 / 6 34
© 2016 Avaya Inc. All right reserved 54
RADIO FREQUENCY PLANNING
PHY Data Rate Considerations
AP Capability, Client Capability, RSSI & SNR determine the actual data rate for a client association
– Higher data rates require a higher SNR and hence a higher receiver sensitivity.
– 802.11ac data rates require an SNR greater than 30dB
– As the SNR starts going down, the data rates have to go down in order for the device to decode the signal.
– This results in lower data rates as the client starts moving away from the AP.
Lower data rates result in higher air time consumption increasing channel utilization and reducing the available air time for other devices.
Deployments should be planned to provide a minimum data rate of 24mbps for the clients.
Disable 802.11b data rates of 1, 2, 5.5 and 11mbps when there are no 802.11b only devices that require network access.
In order to reduce the air time usage 802.11 management frames, it is recommended to set the Basic Data Rate at 6mbps or higher.
Having higher basic data rate compared to supported data rate can help achieve better client roaming.
Relative data rates for 802.11ac vs 802.11n
© 2016 Avaya Inc. All right reserved 55
RADIO FREQUENCY PLANNING
Auto Channel Optimization
Auto Channel selects optimal channel assignments for an Access Point’s Radios.
– Access Points brings down the radios an starts auto channel selection by bringing up one radio at a time.
– Access Point scans the surrounding area for RF activity on all channels to select the best available channel
– The Signal Strength of valid 802.11 and non-802.11 signals, Noise floor and SNR are taken into consideration
– When Auto Channel completes, the new channels are set and automatically saved.
– Once set, the option is available to lock channel settings so that they will not be changed again by another Auto Channel operation unless explicitly unlocked.
– When Access Point is reset to factory configuration, the radios select a random channel for 2.4 and 5GHz radios.
Channel Optimization can be performed in 3 ways
– On Demand - through WOS Access Point Monitoring Page by selecting the Access Points in a specific building or floor and clicking “Optimize Channels” under “Configure”. (Recommended)
– On Boot-Up – configured in the AP Profile under Radio Settings, Advanced Settings Page (Optional)
– On a schedule configured within the Profile – create a schedule for automatically run auto-channel at periodic intervals (Not Recommended)
– This will start the algorithm on all APs at the same time and can provide inconsistent results
© 2016 Avaya Inc. All right reserved 56
RADIO FREQUENCY PLANNING
Auto Channel Optimization
Perform Auto Channel Optimization after installation.
– Use Optimize Channels Option on the Configure -> Access Points Screen within WOS
Review Channel Assignment on the Maps to ensure optimal channels have been selected.
– Adjust channels if required by clicking in the corresponding semi-circle of a radio.
Recommendation is to Lock the Channels after the initial Optimization.
– Especially for deployments with Voice or RTLS requirements or for High density deployments
– Go to WOS -> Monitor Radios -> Select the Radios and Lock the channels using the Bulk Edit option.
Do no run Auto-Channel in a live environment
– All the radios shut down during the optimization causing a network outage.
Auto Channel normally assigns individual 20MHz channels.
40MHz bonds will be preserved
– If Auto bond is enabled on 5GHz channels on the Global Settings .11n page, and have 40MHz channels set up prior to running Auto Channel
80MHz bonds will not be preserved.
© 2016 Avaya Inc. All right reserved 57
RADIO FREQUENCY PLANNING
Auto Cell Optimization
Auto Cell Optimization adjusts radio power to balance cell size between the selected Access Points
– Optimizes coverage while limiting channel interference between neighboring APs.
– Uses communication between Access Points to set radio power so that coverage is provided to all areas at the minimum power level required.
– This reduces potential interference with neighboring networks.
Auto Cell Optimization can be performed in two ways
– Single Channel Auto Cell
– Use for Lobby/Hallway deployments
– Multi-channel Auto Cell (Recommended)
– Use for in-room, carpeted office deployments
© 2016 Avaya Inc. All right reserved 58
RADIO FREQUENCY PLANNING
Auto Cell Optimization
AP transmits a broadcast probe request on the Timeshare Radio on every channel every 250 msec and at max power.
APs hearing a probe request on an operating channel reply with a probe response.
– The probe response will be transmitted at max power.
– The probe response will contain an additional information element (IE) containing
– The max power setting of the radio (power probe response was transmitted).
– The current power level setting of the radio.
– Who this AP hears the ‘loudest’ (highest RSSI)
As the initial AP receives probe responses, it performs the following functions:
– Tracks by channel which AP it has heard the loudest probe response.
– Data is updated every 10 seconds.
– Checks to see if a probe response indicates that another AP hears this AP’s probe responses loudest
– The path loss between the APs is calculated from the information in the probe responses.
– Based on the overlap value (0% to 100%), the power of the radio operating on this channel is adjusted
© 2016 Avaya Inc. All right reserved 59
RADIO FREQUENCY PLANNING
Auto Cell Optimization
Cell Overlap Tuning
– For an overlap of 0%, the power is adjusted so that the remote AP (that hears loudest) hears at -90dBm RSSI.
– For an overlap of 100%, the power is adjusted so that the AP (that hears loudest) hears at -70dBm RSSI.
– There is an adjustable minimum TX power (default is 10dbm) to maintain a minimum cell size.
– Recommended to set the overlap to be 50% for optimal performance for Voice or RTLS networks and 20 to 25% for typical enterprise environments.
– If a probe response is not received on a particular channel (indicating that no other AP hears this AP the loudest), the operating radio on that channel will be set to Max power in Single Channel Auto Cell Mode.
Recommendation is to perform Auto Cell Optimization after installation.
– Use Optimize Power Option on the Configure -> Access Points Screen within WOS and select Multi-Channel
Review Power Assignment and make transmit power adjustments as required.
– Adjust transmit power if auto-cell set power is different from the Tx Power of the key wireless clients using the network.
For on-going auto-cell adjustments, auto-cell interval has to be enabled in the Profile.
– Not recommended for Voice over Wi-Fi deployments or Large Public Venues where manual it is recommended to lock down the power settings after the initial tuning and post installation validation.
© 2016 Avaya Inc. All right reserved 60
FEATURE CONSIDERATIONS
Client Roaming
Client Roaming consists of the following stages:
– Client makes the roaming decision according to the received signal strength and signal quality
– Client does a channel scan to search for a better signal from another AP by Processing received Beacon frames from other APs
– Depending on the signal strength from other APs, if the signal threshold programmed within the client is reached, the client makes a decision to roam.
– Client sends a Probe Request to the AP it wants to roam to
– Upon receiving a probe response back from the AP client sends
– 802.11 de-authentication to its current AP
– An 802.11 authenticate followed by re-associate message to the new AP
– For networks using WPA/WPA2 Pre-shared Key or Enterprise the client completes a 4 way EAPOL Handshake
With 802.11k support, WLAN 9100 offers faster and more efficient roaming.
– When enabled, each AP beacon lists the channels that nearby APs offer.
– This supports improves channel scanning, resulting in faster roam times and increased battery life of the clients due to shorter scan times since the station knows where to look for nearby APs.
– The WAP will also respond to requests from stations for an 802.11K Neighbor Report with additional information about nearby APs. This setting is enabled by default.
© 2016 Avaya Inc. All right reserved 61
FEATURE CONSIDERATIONS
Client Roaming
Avaya WLAN 9100 Access Points support fast and seamless roaming of wireless clients between two radios on the same or different APs within Layer 2 and Layer 3 networks, while maintaining security.
Access Points handle Fast Roaming using a combination 802.11i and Avaya Roaming Protocol.
– 802.11i allows key caching for fast roaming as clients can pre-authenticate with Access Point and master keys can be cached by both client and Access Point.
– The Roaming Protocol allows Access Points to exchange the Pairwise Master Keys (PMK) with other Access Points as specified in the configuration options.
– Roaming Protocol facilitates the exchange of client authentication status and other relevant information like SSID, VLAN, User Group, Device ID etc. between WLAN 9100 Access Points over the Gig-E interfaces.
– Opportunistic Key Caching(OKC) is supported by the 9100 to enable fast roaming for clients that support OKC.
802.11r support is in the roadmap for both AOS & AOS-Lite Access Points
AOS-Lite Access (WAP9112 and WAP9114) do not support Layer 3 Roaming
© 2016 Avaya Inc. All right reserved 62
FEATURE CONSIDERATIONS
Client Roaming – Roaming Modes
Broadcast Mode
– In Broadcast Mode APs share Fast Roaming information using Layer 2 broadcast messages to other access points.
– All the Access Points in the same layer 2 network will receive and process the information and will be targets for Layer 2 Client Roaming.
– This mode cannot be used for Layer 3 Client Roaming.
– This mode can only be used if all the Access Points in a contiguous roaming area are in the same subnet and the Client is assigned to the same VLAN on all the APs.
Tunneled Mode
– In Tunneled Mode, APs establish an OpenVPN Tunnel with other Access Points In Range and fast roaming information is shared using these tunnels.
– Tunneled Mode can be used for Layer 2 and Layer 3 Client Roaming scenarios.
– For Layer 3 Roaming
– When a client roams to an AP where the SSID is mapped to a different VLAN, the AP will tunnel the client traffic to the previous AP from which it had received the roaming information for this client.
– This enables the client to continue to maintain its IP address in the old subnet and maintain the application sessions. When the client is disassociated from the new AP and re-associates after the Station Timeout (default is 300 seconds) expires, the client will get a new IP address in the subnet corresponding to the SSID/VLAN mapping on this AP.
– For Tunneled Mode to work correctly, the APs within roaming range should all be visible to each other.
– If a client roams from one AP to another but the APs cannot see each other, the fast roaming may fail.
© 2016 Avaya Inc. All right reserved 63
FEATURE CONSIDERATIONS
Client Roaming - Layer 3 Roaming Challenges
Increased AP & Network Performance Load
– In L3 Roaming scenario, when clients roam from one AP to another, its traffic is still tunneled to the AP in the original subnet to which the client was previously connected.
– This becomes challenging in environments where users connect to an AP at the entrance of the building and then roam to other APs in the building that require L3 Roaming.
– In this case, there is potential that all the user traffic has to be tunneled to AP at the entrance resulting in over-subscription of the Gig-E link.
Complexity in configuration and troubleshooting
– Although the “All” and “In Range” options allow for automatic tunnel creation, there is increased complexity within the network on how traffic flows.
– Troubleshooting can also become challenging as well.
Running out of IP Addresses in the subnet & DHCP Traffic on the network
– In all Layer 3 Roaming environments, it is a common practice to stop tunneling the client traffic when client de-authenticates and establishes a new 802.11 association (after the Station Timeout is expired).
– This could result in client connectivity issues if the client does not restart DHCP process again.
– DHCP Lease times have to be configured to smaller time periods in-order to preserve IP addresses as clients move from one location to other.
– This increases the broadcast traffic on the network as clients have to renew their IP addresses frequently negating one of the main reasons to create a Layer 3 Roaming environment to contain broadcast domains.
© 2016 Avaya Inc. All right reserved 64
FEATURE CONSIDERATIONS
Client Roaming - Layer 3 Roaming Solutions
Consider the network design alternatives to environments that otherwise require Layer 3 Roaming
– RADIUS VLAN Assignment –
– The client is assigned to the same VLAN no matter where the client roams to within the site.
– The client also maintains the same VLAN / IP address even if it disconnects and connects back on a different AP.
– Device ID & Dynamic Group Assignment –
– Device fingerprinting assigns devices to unique User Groups with a unique VLAN.
– The client is assigned to the same Group / VLAN as the device identification will be the same across all the APs.
For Networks that cannot use alternatives – Use GRE Tunneling with Ignition Guest Tunneling Server (IGT)
– WLAN 9100 supports GRE Tunneling to encapsulate and transport user traffic to a centralized location.
– Avaya Ignition Guest Tunneling Server is used to terminate the GRE tunneled traffic from the APs.
– The APs support VLAN Split tunneling so that local VLAN traffic is switched on the LAN while Layer 3 Roaming traffic is tunneled to the IGT and processed in the user home VLAN.
© 2016 Avaya Inc. All right reserved 65
FEATURE CONSIDERATIONS
Client Roaming - Roaming Assist
Smart Phones and Tablet devices are optimized to maximize battery life and not for Wi-Fi roaming. This leads to sticky clients.
– Devices will stay connected to a radio with poor signal quality, even when there’s a radio with better signal strength within range.
Roaming assist helps clients roam to APs that can provide a better wireless connections.
When roaming assist is threshold is hit, the AP “assists” the device by deauthenticating which forces the client to go through a re-association.
– In most cases the device now re-associates with the optimal AP based on its signal strength data.
– This encourages a client with a high roaming threshold (i.e., a device that may not roam until signal quality has seriously dropped) to move to an AP that gives it a better signal.
The roaming threshold is the difference in signal strength between radios that will trigger a deauthentication.
– If the client’s signal is lower than the sum of the threshold and the stronger neighbor radio’s RSSI, then we “assist” the client.
It has been observed that some wireless clients do not handle the deauthentication gracefully and look for other known SSIDs or switch to a cellular connection before retrying the advertised SSID.
© 2016 Avaya Inc. All right reserved 66
FEATURE CONSIDERATIONS
Client Roaming – Recommendations
Roaming Mode = Broadcast
– Make sure all the Access Points in a contiguous roaming area are in the same subnet and the Client is assigned to the same VLAN on all the APs.
Share Roaming Info with ALL APs.
For Large Wireless Networks that require Layer 3 Roaming scalability - consider
– Using alternatives for VLAN assignment
– Using GRE tunneling option to tunnel Roamed client traffic to a central location.
With 802.11k support in the latest iOS or Android devices, it is recommended to leave 802.11k enabled on the AP instead of Roaming Assist for improving client roaming performance.
Roaming Assist is recommended for networks with a lot of legacy devices that do not support 802.11k and clients demonstrate AP stickiness.
© 2016 Avaya Inc. All right reserved 67
FEATURE CONSIDERATIONS
Web Page Redirect / Captive Portal
Web Page Redirect (WPR) / Captive Portal serves two key functions for WLAN 9100 solution
– Guest Access Management
– BYOD – Onboarding / Self Registration of personal devices.
Captive Portal Challenges in Controller Architectures
– Users/Devices associate to an open or known SSID but do not always complete Captive Portal Authentication.
– While the device is associated to the AP, the client traffic is continuously redirected to the web server hosting the Captive Portal pages.
– The Captive Portal Web Server scalability becomes a significant challenge in LPVs and other large networks with all the users in a wireless network hitting a centralized web server in the controller.
WLAN 9100 Access Points support Captive Portal Functionality directly on the Access Points.
– WLAN 9100 resolves the scalability challenge by using a built in captive portal.
– Only clients associated to an AP needs to be served by the web server within the AP therefore not exposed to the scaling challenges.
– All user traffic is blocked at the AP until the WPR/Captive Portal authentication is completed.
– When a client completes Captive Portal Authentication, the session information is shared with other APs to allow for seamless client roaming.
Wireless LAN Orchestration System allows for visual customization of the Captive Portal Splash or Login Page.
© 2016 Avaya Inc. All right reserved 68
FEATURE CONSIDERATIONS
Web Page Redirect / Captive Portal
Landing Page Only
– User is redirected to a pre-configured URL upon association and when a browser is opened.
– No action is required by the user.
Internal Web Server
– The web server within the Access Point hosts the splash page or login page
– The user HTTP traffic is redirected to the internal web server for completing the Captive Portal authentication.
– User Authentication can be performed using an external RADIUS server.
DNS
802.11 Authentication / Association
DNS Resolution
URL Request to Destination IP
Redirection to Internal Web Server IP
URL Request Internal Web Server IP
WPR Splash / Login Page Presented
Client Post with Login/Password
Redirection to Original Web Server IP
URL Request to Original Web Server IP
Internet
© 2016 Avaya Inc. All right reserved 69
FEATURE CONSIDERATIONS
Web Page Redirect / Captive Portal
External Web Server
– User traffic is blocked on the AP and redirected to a login page that resides on an external web server for authentication.
– The external login page will collect the username and password and then pass the credentials back to the AP for authentication.
– The AP then sends the username and password to the internal or external RADIUS server to verify user authentication.
– If authentication is successful, the client browser is redirected back to the user-requested URL or the specified landing page.
DNS
802.11 Authentication / Association
DNS Resolution
URL Request to Destination IP
Redirection to External Web Server IP
URL Request External Web Server IP
WPR Splash / Login Page Presented
Client Post with Login/Password
Redirection to Original Web Server IP
URL Request to Original Web Server IP
Internet
© 2016 Avaya Inc. All right reserved 70
FEATURE CONSIDERATIONS
Web Page Redirect / Captive Portal
Recommendation is to use Internal Web Server when possible
– Provides simple customization options and better scalability
Using External Web Server can be advantageous in some cases
– Changes made to the Login page can be done in a single location instead of doing it within multiple profiles when present.
– Hosting the page on an external web server can give the customer more flexibility and control over the cgi script and even allow for the use of PHP or ASP as the backend scripting language.
– When External CA Certificate needs to be used to meet corporate security policy.
– When Captive Portal Pages are required to be presented in a language other than English.
AOS-Lite Access Points (WAP9112 & WAP9114) only support the External Web Server option.
Avaya Identity Engines Access Portal supports WLAN 9100 External Web Server Option
– Enables IDE Access Portal to act as an offline Captive Portal Application where User Traffic does not flow through the Access Portal.
– Brings the advanced BYOD and Guest management capabilities of the IDE portfolio to enable Unified Wired/Wireless Policy enforcement.
© 2016 Avaya Inc. All right reserved 71
FEATURE CONSIDERATIONS
User Groups
User or Device based segmentation or policy enforcement is critical for majority of the wireless networks.
Using SSIDs for providing the service differentiation degrades the capacity and performance of the wireless network.
User Groups enables the ability to define user policies independent of the SSID thereby reducing the number of SSIDs in the network.
– Group assignment can be done by the RADIUS server based on a User or Device Policy –
– Standard RADIUS Attribute “filter-id” is used to specify the User Group in the RADIUS Response message.
– Allowed when using WPA/WPA2 Enterprise or RADIUS MAC for authentication with External RADIUS Server.
– Group assignment can also be done within the AP based on Device Fingerprinting
– User Groups allow for differentiation in VLAN mapping, traffic limits, QoS, Application control , Captive Portal Page displayed etc.
– The characteristics specified in a User Group take precedence over those specified for the SSID.
It is recommended to use User Groups when multiple types of user profiles exist that can share the same encryption type, but have the need for different network resources due to a security policy.
It is not recommend to use User Groups when using dynamic VLANs via RADIUS. The User Group’s VLAN setting will override the Dynamic VLAN settings.
© 2016 Avaya Inc. All right reserved 72
FEATURE CONSIDERATIONS
Load Balancing / Band Steering
Load Balancing feature on the WLAN 9100 is designed to distribute clients across multiple radios/access points rather than just the closest radio with the strongest signal strength.
In Wi-Fi networks, the client decides to which radio it will associate. The AP cannot actually force load balancing, however the AP can “encourage” stations to associate in a more uniform fashion across the radios within an AP or across APs.
The goal of load balancing is to distribute the stations’ data traffic to more effectively utilize all of the bandwidth offered by the different APs / Radios associate to radios with weaker signal strength.
The AP calculates a weight for each radio that receives a probe request from a wireless client taking into account
– Band Capability
– Number of Spatial Streams
– VHT (.11ac) capability
– HT (.11n) capability
– SNR (Signal to Noise ratio)
© 2016 Avaya Inc. All right reserved 73
FEATURE CONSIDERATIONS
Load Balancing / Band Steering
A station will be allowed to associate, regardless of weighting, if it the number of attempts to associate has reached
– The third attempt on a specific Radio of an AP.
– The forth attempt across all the Radios of an AP.
– The sixth attempt across all APs in the contiguous roaming area.
– A station is re-associating. If it was already associated to this radio, it is let back in immediately.
– If a station does attempt to associate w/o sending a probe request, it will be allowed to associate immediately regardless of weighting.
– If radio, SSID, or band specific station counts are already exceeded.
It is recommended to use Load Balancing in high user density environments only.
Load Balancing Steers the Client to the best radio option available and not just based on Band or Number of Clients associated to the Radio/AP.
– Ex. If a dual band client is associating to a 2.4GHz radio, it may be allowed instead of steering it to a 5GHz radio because the 2.4GHz radio is the best available option or the 2.4GHz radio is capable of providing acceptable performance.
© 2016 Avaya Inc. All right reserved 74
FEATURE CONSIDERATIONS
Broadcast & Multicast Optimization
Per 802.11 standards, broadcast and multicast traffic is always transmitted over the air at the lowest supported data rate.
– This results in broadcast / multicast traffic consuming a lot more air-time and reducing the medium capacity for other business critical applications.
Broadcast Optimization
– Changes the rates of broadcast traffic sent by the AP (including beacons).
– When Broadcast Rates are set to Optimized, each broadcast or multicast packet that is transmitted on each radio is sent at the lowest transmit rate used by any client associated to that radio at that time.
– This results in each radio broadcasting at the highest AP Tx data rate that can be heard by all associated stations, improving system performance.
– The rate is determined dynamically to ensure the best broadcast/multicast performance possible.
– When set to Standard (the default), broadcasts are sent out at the lowest basic rate only — 6 Mbps for 5GHz clients, or 1 Mbps for 2.4GHz clients. The option you select here is applied to all radios.
Multicast Optimization
– Multicast Traffic when sent un-modified - the packet is sent as a broadcast packet over the air or at the lowest supported data rate.
– When Multicast to Unicast conversion is applied, the multicast packet is sent as a unicast packets to individual clients that have joined a particular stream.
– The benefit of using the higher data rates for unicast packets goes away as the number of clients joining the group increases due to packet replication.
© 2016 Avaya Inc. All right reserved 75
FEATURE CONSIDERATIONS
Air Cleaner
The Air Cleaner feature offers a number of predetermined filter rules that eliminate a great deal of unnecessary wireless traffic, resulting in improved performance.
It is recommended to add Air-Cleaner Filters to the Global Filter list for optimum performance.
You may select all of the air cleaner rules for the greatest effect, or only specific rules, such as broadcast or multicast, to eliminate only a particular source of traffic. Sample rules are
– Air-cleaner-Arp.1 blocks ARPs from one client from being transmitted to clients via all of the radios. The station-to-station block setting doesn't block this traffic, so this filter eliminates this unnecessary traffic.
– Air-cleaner-Dhcp.1 drops all DHCP client traffic coming in from the Gigabit interface. This traffic doesn't need to be transmitted by the radios since there shouldn't be any DHCP server associated to the radios and offering DHCP addresses. For large subnets the DHCP discover/request broadcast traffic can be significant.
– Air-cleaner-Dhcp.2 drops all DHCP server traffic coming in from the radio interfaces. There should not be any DHCP server associated to the radios. These rogue DHCP servers are blocked from doing any damage with this filter. There have been quite a few cases in public venues like schools and conventions where such traffic is seen.
– Air-cleaner-Mcast.1 drops all multicast traffic with a destination MAC address starting with 01. This filters out a lot of IP multicast traffic that starts with 224.
– Air-cleaner-Mcast.2 drops all multicast traffic with a destination MAC address starting with 33. A lot of IPv6 traffic and other multicast traffic is blocked by this filter.
– Air-cleaner-Mcast.3 drops all multicast traffic with a destination MAC address starting with 09. A lot of Appletalk traffic and other multicast traffic is blocked by this filter. Note that for OSX 10.6.* Snow Leopard no longer supports Appletalk.
– Air-cleaner-Bcast.1 allows all ARP traffic (other than the traffic that was denied by Air-cleaner-Arp.1). This is needed because Air-cleaner-Bcast.5 would drop this valid traffic.
– Air-cleaner-Bcast.4 allows all roaming protocol traffic from WAPs to be received from the wire. This is needed because Air-cleaner-Bcast.5 would drop this valid traffic.
– Air-cleaner-Bcast.5 drops all other broadcast traffic that hasn't previously been explicitly allowed. This filter will catch all UDP broadcast traffic as well as all other known and unknown protocol broadcast traffic.
Q & A
Visit Our Smart City
6:30pm 9:00pm
Monday, April 4
7:00am 8:30am
12:15pm 1:30pm
Tuesday, April 5
7:00am 8:30am
12:15pm 1:30pm
6:00pm 8:00pm
Wednesday, April 6
7:00am 8:30am
(Expo closes after
breakfast)
Thursday, April 7
Expo Hours
Complete your survey at the end of the session in the Mobile App
✓
✓
✓
✓
✓
© 2016 Avaya Inc. All right reserved 79