Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Feature
Best
Practices
Enhance
Usability and
Manageability
Experience
Drive Feature
Adoption
Fine-tune
features to
Optimum Best
Derive
Maximum
Potential from
WLAN
Deployment
Audit
Upgrade
Workflow
CAA
WLCCA
Agenda
WLCCA Update
RF Health
Monitoring
and RF
Dashboard
Express
Setup
CAA
WLCCA
Infrastructure
RF/RRM
FlexConnect
Feature
Best
Practices
Audit
Upgrade
Workflow
http://bit.ly/clus2015
WLC
2.
WLCCA
CAA
Best
Audit
AppPractice
Engage
Dashboard View
8.1
Config
Analyzer
Cisco
Active Advisor
Windows Executable
show run-config Based
Analyzer Tool
upgrade
Downloadable client
Express Setup
Enhance
Usability &
Manageability
Experience
Drive Feature
Adoption
Fine-tune
features to
Optimum Best
Derive
Maximum
Potential from
WLAN
Deployment
WLC
2.
WLCCA
CAA
Upgrade
Audit Workflow
App Engage
8.1
Config
Analyzer
Cisco
Active Advisor
upgrade
Enable RF Optimization
Confirm settings
Load Balancing
Rogue Threshold Enabled
Client Exclusion Enabled
FastSSID Enabled
Infra MFP
Virtual IP 192.0.2.1
RRM-DCA Auto
RRM-TPC Auto
CleanAir Enabled
EDRRM Enabled
RF parameter setting
ease of use
Enhanced performance,
security, resiliency with
best practice
recommendations turned
on at boot up time
Mobility Name
RF Group same as Mobility Name
Aironet IE Disabled
WLC
2.
WLCCA
CAA
Best
Audit
AppPractice
Engage
Dashboard View
8.1
Config
Analyzer
Cisco
Active Advisor
Windows Executable
show run-config Based
Analyzer Tool
upgrade
Downloadable client
Enhance
Usability and
Manageability
Experience
Drive
Feature
Adoption
Fine-tune
features to
Optimum
Best
Derive
Maximum
Potential
from WLAN
Deployment
Audit Upgrades
Dashboard Views
Enhance
Usability and
Manageability
Experience
Drive
Feature
Adoption
Fine-tune
features to
Optimum
Best
Derive
Maximum
Potential
from WLAN
Deployment
Monitoring Dashboard
APs
Clients
WLANs
Add/delete Widgets
Tabular/Graphical View
Inventory
Uptime
Usage
RF Interference
Legacy Devices
impacting performance
Insufficient coverage
not enough APs
AP / Band Distribution
Signal Quality
Legacy Devices
Application Usage
Client Capabilities
Neighbouring APs
Client Connectivity
Issues
Poor Client
Performance
WLC
2.
WLCCA
CAA
Best
Audit
AppPractice
Engage
Dashboard View
8.1
Config
Analyzer
Cisco
Active Advisor
Windows Executable
show run-config Based
Analyzer Tool
upgrade
Downloadable client
Enhance
Usability and
Manageability
Experience
Drive
Feature
Adoption
Fine-tune
features to
Optimum
Best
Derive
Maximum
Potential
from WLAN
Deployment
https://supportforums.cisco.com/document/7711/wlc-config-analyzer
Voice
Security
Flex
Mesh
Enterprise*
BYOD*
*Coming Soon !
General
AP
Mobility
RF
Security
Voice
Mesh
Flex
Per-Controller Compliance
Level for Each category
Total/Passed/Failed checks
0-40%
Red
41-80%
Yellow
81-100%
Green
0-40%
Red
41-80%
Yellow
81-100%
Green
Meaning
Config Error
Bad Configuration
Parsing Error
Error on File
Processing
Informational
Informational
messages
Best Practices
Compliance Checks
Message
Severity
Error
( Critical )
Warning
( Highly
Recommended)
Informational
( Good to Have )
WLCCA Updates
show run-config
Downloadable client
RF Health Analysis
Single
AP
Flex
Groups
RF
Health
RF
Neighborhood
AP
Groups
WLC
2.
WLCCA
CAA
Best
Audit
AppPractice
Engage
Dashboard View
8.1
Config
Analyzer
Cisco
Active Advisor
Windows Executable
show run-config Based
Analyzer Tool
upgrade
Downloadable client
It provides customers:
Accessible at:
www.CiscoActiveAdvisor.com
Enhance
Usability and
Manageability
Experience
Drive
Feature
Adoption
Fine-tune
features to
Optimum
Best
Derive
Maximum
Potential
from WLAN
Deployment
Improve
Personalized device
health score
Free, cloud-based
service
Automatically takes an
inventory of your Cisco
network
Feature
Best Practices
Enhance
Usability &
Manageability
Experience
Drive
Feature
Adoption
Fine-tune
features to
Optimum
Best
Derive
Maximum
Potential
from WLAN
Deployment
SECURITY
Make it work
Recommendations
WIRELESS / RF
INFRASTRUCTURE
MESH
Best
Make it Easy
Practices
For Your
Reference
http://www.cisco.com/c/en/us/td/docs/wireless/technology/wlc/82463-wlc-config-best-practice.html
INFRASTRUCTURE
Allows certain APs to be assigned higher WLC join priorities, so they are given preference while
joining a WLC
Network infrastructure must provide multicast routing between management interface subnet and AP subnet
Forward multicast traffic to Access Points instead of sending unicast messages to each individual AP
VLAN1
VLAN2 (mcast_vlan)
Network
VLAN3
VLAN4
Interface group
To limit the multicast on the air to a single copy on a predefined multicast VLAN
Enable Application
Visibility
Add per
application rules
Classifies applications, provides real-time analysis, and allows users to drop or mark data. Peruser, per-device granularity for control
Client devices can be profiled based on their manufacturer and operating system
If NTP requires
authentication, first
add key
Synchronizes the time among all devices on the network including Access Point and Controller as
we have X.509 certificates installed in AP and WLC, Context-aware and location services, MFP,
Debugging
Allows clients to move faster between SSIDs, by not clearing the client entry
Allows clients to announce messages to all mobility peers, instead of individual WLCs, benefiting
time, CPU usage, and network utilization. Multicast routing between controllers
Mobility Group
192.0.2.1
192.0.2.1
Inter-controller roaming can appear to work, but the hand-off does not complete and the
client loses connectivity when DHCP renew is performed if DHCP proxy enabled
Use Cases
Better Serviceability
Clear Configuration
Fast Restart to reduce network and service downtime and improve serviceability
RRM / RF
Management frames sent at lowest mandatory rate - slows down the entire cell
Each SSID needs a separate probe response and beaconing, the more SSIDs the less
RF space available for real data traffic
40/80MHz wide channels in the 5GHz space can 2x/4x the amount of user data than can be
transmitted. For extreme HD deployments use 20 MHz channels to keep cell size small
You can create separate RF profiles for both 2.4 and 5 GHz
Today
Data Rates
Load Balancing
High Density
Network Profiles
Sets pre-defined RF parameters depending on Client Density and Traffic
Type
Client Density : High,
Typical, Low
Pre-built RF profiles
Client Density specific pre-built RF profiles for 2.4 GHz and 5GHz Bands to be used
with AP Groups
Ability to enable Wi-Fi Services and segregation of traffic based on physical location
Allows RRM to automatically select the best channel for each radio
DCA defaults work for typical carpeted offices
Sensitivity threshold
recommended to Medium
EDRRM triggers RRM to run when an access point detects a certain level of interference
If the RF Group Leader does not support 802.11ac (Release 7.5+), APs in the RF Group
cannot select 80MHz channel widths
Recommended to use
TPCv1
Allows RRM to automatically select the best transmit power for each radio
Tune RRM parameters with Network and pre-built RF profiles
97
100
63
90
20
35
CleanAir identifies non-WIFI interferers and generates interferer and air quality reports
Increase the number of channels in 5GHz band. 412 additional channels based on regulatory domain
Allows more 5GHz channels (only in regulatory domains that support UNII-2 Extended).
Please note that some clients do not support DFS channels
SECURITY
Provides greater network security by enabling 802.1x on the switch port where AP is
connected. Not supported for Mesh deployments
0 implies no sessions
will be allowed
Provides greater security by allowing secure access and denying unencrypted access
Unauthorized Devices
Corporate
Laptop
Corporate
WLAN
Prevent security hole if the device is connected to both the infrastructure and a
Personal Area Network (PAN) at the same time. Will break Android devices
Range is between 0 8.
Zero indicates no limit
Prevent login attacks by restricting the numbers the users who can use the same login
credentials between 1 - 5
Enable exclusion policies to prevent the network from Assoc/Auth failure attacks.
Disable for Voice deployments
Friendly
Malicious
Enable the wireless IDS features in the controller and enable 17 built-in features to avoid
intrusion attacks
Control overall access to the WLC by filtering management protocols such as SSH,
SNMP, etc such that they can only hit the CPU if they originate from our management
networks
To prevent pre-mature failover since the default of 2 seconds is generally low for ISE as ISE relies
on backend databases for user lookups and group fetches. Too high causes queue issues on WLC
Longer is better for AAA load up to a value of 86400 seconds for 802.1x SSIDs or 65535
seconds for open/CWA SSIDs, shorter is better from security point of view.
For networks where users stay largely within the coverage area the setting can be
increased to 3600 seconds for an SSID running 802.1x or RADIUS NAC against ISE.
180 seconds is the recommended default with ISE though 60 seconds is the WLC
default. The reason behind this is the minimum reject interval on ISE for miss-configured
supplicant detection is 5 minutes or 300 seconds
Recommended EAPoL-Key Timeout < 1000 ms and EAPoL-Key Max Retries <= 2
Recommeded EAP Request timeout <30 sec ( 10 sec ) and EAP Max Retries =<2
Interim accounting adds additional unneeded load with no added benefit to ISE.
Only fails over to the next AAA server if there are three consecutive clients that
fail to receive a response from the RADIUS server
In some circumstances it can cause the WLC to pre-maturely mark ISE dead in times of
high load and cause additional load on ISE
FLEX
CONNECT
Central Site
WAN
Allow users to assign specific APs to groups with set configurations, OKC/CCKM key
caching for Voice, Local RADIUS server configuration, consistent WLAN mappings
FlexConnect AVC
VLAN
Support/Native
VLAN
New
Wireless Control
System
Wireless
LAN
Controller
WAN
Master AP
Avoids downloading multiple copies of the Access Point software over the slow WAN link
to the remote site, reduces service downtime and reduces risk of download failure
SSO
AVC
Local
Profiling
Pre-image
download
Data Rates
SSID Limit
RF profiles
802.1x
WLAN
Client
Exclusion
Rogue
Detection
Flex
Groups
Key Takeaways
Enhance
Usability and
Manageability
Experience
Audit Upgrades
Downloadable client
Enhanced performance,
security, resiliency with
best practice
recommendations at boot
time
Express
Setup
Audit
Upgrade
Workflow
Monitoring
and RF
Dashboar
d
Improve
Derive
Maximum
Potential
from WLAN
Deployment
Fine-tune
features to
Optimum
Best
Drive
Feature
Adoption
Personalized device
health score
Free, cloud-based
service
Automatically takes an
inventory of your Cisco
network
WLCCA
CAA
Feature
Best
Practices
Promote your favorite speaker through Twitter and you could win $200 of Cisco
Press products (@CiscoPress)
You can submit an entry for more than one of your favorite speakers
Table Topics
Related sessions
Thank you