Advanced Networking

ITNAA2 – B12

Eduvos (Pty) Ltd (formerly Pearson Institute of Higher Education) is registered with the Department of Higher Education and Training as a private higher education institution under the
Higher Education Act, 101, of 1997. Registration Certificate number: 2001/HE07/008
Week 3: Lesson 1
Introduction

Objectives:
You will learn about:

• WLAN Deployment Models

• Cisco Wireless Architecture
• Autonomous/ Standalone AP Architecture
WLAN Deployment Models

Cisco’s Unified Wireless Networks (CUWN) was brought into this world to save our sanity
by making it a lot less painful to tackle WLAN management issues like these:

• Integrating diverse devices types into our WLANs while ensuring they play nicely and
work together well
• Maintaining a consistent security configuration with a constant onslaught of APs being
added into the enterprise.
• Monitoring the environment for new sources of interference and redeploying existing
devices as necessary
• Properly managing channel allocation to minimize co-channel and adjacent channel
interference, while ensuring that enough APs are deployed in areas requiring high
Cisco Wireless Architecture

Cisco Wireless Architecture and AP modes connects the wireless network with a wired network to
transfer the data securely. We can use different Cisco wireless architectures in a network
infrastructure to connect to a wired network and have a safe data transfer. Autonomous AP, Cloud-
based, and Split-MAC wireless network architecture are the most common.

The Cisco Wireless Architecture and AP modes divided in three types :

• Autonomous AP Architecture,

• Split MAC AP architecture.

• cloud based AP architecture

Autonomous/ Standalone AP Architecture

• From the name itself, Autonomous Architecture means ‘in charge of everything.’ It is a
standalone management Cisco Wireless Access Point architecture.

• We use most wireless networks as an extension of the wired network. Wireless and wired
clients are on the same LAN and can communicate with each other

• An autonomous AP has all the required intelligence to serve wireless clients and to connect to
the wired network. The AP can offer one or more BSSes and connect VLANs to SSIDs.

• Autonomous Access Points are self-sufficient systems that do not depend on Wireless LAN
Controllers (WLCs).
Autonomous/ Standalone AP Architecture

Each of the Access Points in an Autonomous AP is configured individually. They can be configured
by the following:

• Console Cable (CLI)

• Telnet/SSH (CLI)
• HTTP/HTTPS web connection (GUI)

Configuring APs individually is comparatively easy in a small network. In a large network, it

becomes very difficult. For the remote management of APs, an IP address needs to be configured.
Autonomous/
Standalone AP
Architecture
• We need to manually configure RF
parameters such as frequency
power, channel, etc.
• Each AP handles its own security
policies.
• QoS rules are handled by each AP
on its own.
• Each AP manages itself. There is no
central management or monitoring
of APs.
 Autonomous/ Standalone AP
Architecture
•The Autonomous AP handles all of the listed roles below:

•Approval of association requests

•Transmitter power management

•Radio Frequency (RF) management

•Basic Service Set (BSS) Management

Autonomous/ Standalone AP Architecture

 You can see in the image below that there is a different VLAN running on the connections. Let
us say VLAN A is for the office employees’ VLAN to connect to their company software. VLAN
B is for guests that will have limited access.

 The Autonomous AP could broadcast two different SSIDs. With this setup, since the APs have
all the tasks, you may need to log in to every AP to configure it, both on the initial design and
every time you need to update the configuration, such as adding VLAN to support wireless
clients.
Autonomous/ Standalone AP Architecture
Features of an Autonomous AP
The following are the features of an Autonomous AP:

• Autonomous APs are connected to wired networks with the help of trunks.

• Autonomous APs work best in small networks. However, they are not suitable for
medium or large networks.

• Large networks can have thousands of Access Points.

• Autonomous APs can also function as repeaters, outdoor bridges, workgroup

bridges, etc.
Cisco Wireless Architecture
Lightweight Model
• The CUWN lightweight model definitely requires centralized control, which we gained
via Cisco WLAN controllers (WLCs)… more on these in a bit. For now, know that APs
are controlled and monitored by the WLC. All clients and APs transmit information
back to the WLC, including stats about coverage, interference and even client data.

• All transmitted data is sent between the APs and the WLCs via a mouthful of an
encapsulation protocol called Control And Provisioning of Wireless Access Point
(CAPWAP). CAPWAP carries and encapsulates control information between the APs
and the WLC over an encrypted tunnel over UDP 5246 for control traffic and UDP
5247 for the data.
Cisco Wireless Architecture
Lightweight Model

All the real-time operations such as transmitting or receiving RF traffic, sending out
beacons or probes, encryption or decryption of traffic, etc. are handled by Lightweight
Access Points (APs)..

• The Wireless LAN Controllers communicate with the Lightweight APs using the
Lightweight Access Point Protocol (LWAPP), now referred to as CAPWAP.

• Functions such as RF management, QoS/Security management, client authentication,

roaming management, etc are all carried out by Wireless LAN Controllers.
Cisco Wireless Architecture
Lightweight Model

• Since the functions are split between the lightweight APs and Wireless LAN
Controllers (WLCs), such an architecture is called Split-MAC Architecture.

• WLC can also be used to configure lightweight APs centrally.

• A WLC can manage lightweight APs either by being in the same subnet/VLAN or in a
different subnet/VLAN.
Cisco Wireless
Architecture
• Lightweight Model

• Only authorized APs can

join the network as WLC
and lightweight APs
authenticate each other
using digital certificates.
This prevents hackers
from creeping in!.
Features of Split-MAC architecture
• Some of the significant features of Split-MAC architecture are:

• A protocol called CAPWAP (Control and Provisioning of Wireless Access Points) is

used by WLCs and Lightweight APs to talk to each other. It is based on the older
LWAPP protocol.
• There are two tunnels that are formed between each AP and WLC:
• Control Tunnel
• Data Tunnel
• Since CAPWAP directs all the traffic from wireless clients to WLC, APs are
connected to switch access ports, not the trunk ports.
Cisco’s Unified Wireless Networks (CUWN)

The CUWN consists of five elements that work together to provide a unified enterprise solution:

• Client devices
• APs
• Network unification
• Network management
• Mobility services
Cloud-Based Access Points (APs)

• A slick new way to manage your wireless infrastructure is by using Cisco’s APs - Donald.
Meraki is entirely managed by the cloud, so all you have to do is ensure the access points are
able to reach the internet. From there you can now manage your entire Meraki network from a
publicly accessible web interface.

• This means you can make changes to your network from anywhere. A control plane is
formed to the cloud to allow for management, which provides monitoring information to help
with troubleshooting as well as aid to other features. The cloud provides automatic firmware
upgrades, analytics, security features and updates, plus a central point for automation..
Cloud-Based Access Points (APs)

• The data plane remains on the premises, so end-user traffic isn’t affected by cloud management
at all. The downside to the cloud model is that APs just don’t offer much local management on the
devices—they don’t support command line interfaces (CLI).

• This means you can make changes to your network from anywhere. A control plane is formed to
the cloud to allow for management, which provides monitoring information to help with
troubleshooting as well as aid to other features. The cloud provides automatic firmware upgrades,
analytics, security features and updates, plus a central point for automation.

• So if the Internet connection goes down at the office, you won’t be able to make many changes to
your network until the Meraki device can get back online! Another caveat with Meraki is because
its focus is ease of use, it doesn’t offer as many features as other Cisco controllers offer.
Cloud-Based Access Points (APs)

• So basically, Meraki can be a great tool for companies that don’t have a highly skilled IT team to
deploy more complex solutions. It would also work for branches that just don’t have IT staff to
help with configurations or troubleshooting

• Cloud-based Access Points are nothing but autonomous APs that the Cloud centrally manages.
Therefore, Cloud Based Access Point architecture is somewhere in between the Autonomous AP
and Split-MAC architecture..
Cloud-Based Access Points (APs)

• One of the most popular cloud-based Wi-Fi solutions is Cisco Meraki.

• The Meraki dashboard can be used for:
• Configuring APs
• Monitoring the network
• Generating performance reports
• Each AP is guided by Meraki to know which channel to use and with what transmit power, etc.
• Note that the data traffic is not sent to the cloud. It is sent to the wired network directly similarly to
in the autonomous APs.
• Only control or management traffic is sent to the cloud...
Cloud-Based Access Points (APs)
What Is a Wireless LAN Controller (WLC)?
• While the demand for Wi-Fi access is increasing, more and more wireless Access Points (APs) are
used in the network to ensure signal coverage in campuses, schools, or organization buildings,
which makes the network operations & maintenance difficult for administrators.

• Wireless Access Controllers (ACs) come into being to settle this bottleneck by running and
administrating these multiple wireless access points. The wireless access point (AP) has lost the
intelligent characteristic, while the wireless access controller turns into the new brain for WLAN.

• In the case of the Wireless LAN network, also known as WLAN, you can use the WLC or Wireless
LAN Controller, whose purpose is to centralize the control of Access Points (APs).
What Is a Wireless LAN Controller (WLC)?
A Wireless LAN Controller (WLC) is a device that is used in wireless network environments to
centrally manage wireless access points (APs). It plays a crucial role in enterprise and large-scale
wireless networks. Here are the key functions and features of a WLC:

• Centralized Management: The WLC provides a single point of control for the entire wireless
network. This includes configuring and managing all the APs, which simplifies the administration of
the network.

• Automatic Configuration: When new APs are added to the network, the WLC can automatically
configure them with the necessary settings, firmware, and policies. This makes scaling the network
easier and more efficient.
What Is a Wireless LAN Controller (WLC)?
• Load Balancing and Optimization: WLCs can balance the load across different APs to ensure
optimal network performance. They can also adjust the power and channels of APs to reduce
interference and optimize coverage.

• Security: WLCs enforce security policies across the wireless network. They can manage
authentication, encryption, and provide advanced security features like intrusion detection and
prevention.

• Quality of Service (QoS): WLCs can prioritize traffic to ensure that critical applications receive the
bandwidth they need. This is especially important in environments with voice over IP (VoIP) or
video streaming.
What Is a Wireless LAN Controller (WLC)?
• Guest Access and Mobility Services: WLCs facilitate guest networking services, providing
secure access for visitors. They also support seamless roaming for users moving across different
areas of the wireless network.

• Monitoring and Reporting: WLCs offer comprehensive monitoring of the wireless network,
providing insights into the performance, usage, and health of APs and connected devices. They
can generate reports for network analysis and troubleshooting.

• Scalability and Redundancy: Wireless LAN Controllers are designed to support a wide range of
APs, making them suitable for networks of all sizes. They can also be configured for high
availability, ensuring continuous operation in case of a device failure.
What Is a Wireless
LAN Controller
(WLC)?

Cisco Wireless LAN Controller (WLC)

Basic Configuration.
• In this lesson, we’ll create a basic
network with the Cisco Wireless LAN
Controller (WLC) and two access
points. We use a Cisco WLC 2504 and
2702 access points, but any other
WLC and access points will work.

• This network will have three VLANs:

10, 20, and 30:
Cisco Wireless LAN Controller (WLC) Basic
Configuration.

Cisco Wireless LAN Controller (WLC) Basic Configuration.

• VLAN 10 is the management VLAN. The WLC uses the management interface to communicate with the
access points, and we can use the management interface to configure the WLC through SSH or the GUI.

• VLAN 20 and 30 are for wireless networks.

We want to separate our management traffic from our wireless client traffic, which is why we have a
separate management VLAN. Each SSID can map to a different VLAN so, with two VLANs, we can create two
separate wireless networks. For example, you could create one wireless network for corporate users and
another one for guest users.
Cisco Wireless LAN Controller (WLC)
Basic Configuration.

Cisco Wireless LAN Controller (WLC) Basic Configuration.

SW1 and the WLC will have a static IP address in VLAN 10:

• WLC1: 192.168.10.100
• SW1: 192.168.10.254
Cisco Wireless LAN Controller (WLC) Basic
Configuration.

We’ll configure SW1 as a DHCP server, so the access points receive a dynamic IP address. The access points
will be able to find the WLC automatically because they are in the same VLAN.

SW1
Let’s start with the switch and create those VLANs :

SW1(config)#vlan 10
SW1(config-vlan)#name MANAGEMENT
SW1(config-vlan)#exit
SW1(config)#vlan 20
SW1(config-vlan)#name SSID1
SW1(config-vlan)#exit
SW1(config)#vlan 30
SW1(config-vlan)#name SSID2
SW1(config-vlan)#exit
Cisco Wireless LAN Controller (WLC) Basic
Configuration.

The WLC requires access to all three VLANs, so we need a trunk

between the WLC and the switch. Let’s configure the interface:

SW1(config)#interface GigabitEthernet 0/6

SW1(config-if)#switchport trunk encapsulation dot1q
SW1(config-if)#switchport mode trunk
SW1(config-if)#switchport trunk allowed vlan 10,20,30
Cisco Wireless LAN Controller (WLC) Basic
Configuration.

The WLC requires access to all three VLANs, so we need a trunk

between the WLC and the switch. Let’s configure the interface:

SW1(config)#interface GigabitEthernet 0/6

SW1(config-if)#switchport trunk encapsulation dot1q
SW1(config-if)#switchport mode trunk
SW1(config-if)#switchport trunk allowed vlan 10,20,30
Questions for Discussion