Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1495
Views
0
Helpful
2
Replies

SDA - How to choose fabric WLAN or non-fabric WLAN ?

aleopoldie
Level 3
Level 3

‎03-08-2019 04:43 PM - edited ‎07-05-2021 10:01 AM

Hello experts, 

 

In which case we decide to go for a fabric enabled WLAN or non-fabric enabled WLAN ?

 

Let's say I have my WLCs, RADIUS servers (ISEs) in a datacenter, and I have a fabric on the customer site.

1st question : If I want to go for a SSID in 802.1x, do I have to go for non-fabric enabled WLAN, and have a dynamic interface on the WLC ?

2nd question : I also have a third party controller in the datacenter for the guest access. Same question, do I have to go for a non-fabric SSID ?

In which case do you choose fabric on non-fabric SSID ?

 

Thank you.

Labels:
0 Helpful
2 Replies 2

Ric Beeching
Level 7
Level 7

‎03-08-2019 08:18 PM

Hi,

This is quite a deep topic as you're not just saying something like 'should I have another WLC for guest for security' but talking fundamental architecture choices for your network.

 

Firstly, are you going SDA fabric for your campus? If so, then you can begin to think about the two choices for wireless - over the top (OTT) or integrated fabric. I suggest you read the CVD if you haven't already to determine if you are at this stage yet:

 

https://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/Campus/CVD-Software-Defined-Access-Design-Sol1dot2-2018DEC.pdf

 

Note your hardware must be fabric capable e.g. 8540/5520/3504 WLCs, Catalyst 9000 switches etc plus ISE and the DNA-C appliances. It is not just a case of going to your existing hardware and going 'ok enable fabric'.

 

To answer your Qs:

 

1) You can have 802.1X enabled WLAN with either OTT or integrated no problem.

2) When you say third party, is that non-Cisco? If non-Cisco, you cannot integrate guest fabric at all with that WLC but you could in theory support over the top with capwap tunnels. If you are referring to an anchor Cisco WLC for guest services, this can be integrated with the fabric or performed with OTT and traditional anchor.

 

Based off deployments seen so far, many customers are doing fabric enabled on wired but OTT wireless with a migration plan to do fabric integrated wireless over time. This allows customers to solve any teething problems with the wired side before integrating everything. However, if time and money are constraints, you can shoot for full fabric.

 

Ric

-----------------------------
Please rate helpful / correct posts
0 Helpful

aleopoldie
Level 3
Level 3
In response to Ric Beeching

‎03-20-2019 03:58 AM

Hello,

 

Thank you for your answer. It's a new installation, not a migration from a standard campus to SDA, so it should be "easier". I had a look on the CVD, but there are not so much informations about OTT network.

 

By third party yes I mean non-cisco controller that will be used especially for a guest WLAN, my idea was to use OTT integration. Can you confirm that with OTT, it's the same as standard WLC integration, meaning the data traffic is going to the WLC over CAPWAP, and from the WLC dynamic interface the traffic should go the this third-party controller, right ?

 

Thank you.

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card