With Flavien Richard
Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about how to overcome the challenges of planning, designing, deploying, and troubleshooting wireless networks with expert Flavien Richard.
High density, high availability, converged access, unified access, radio resource management, and site surveys: What do they have in common? They’re all complex and difficult to understand and implement properly, but there are tips and rules to follow that will make your life easier. Expert Flavien Richard will share best practices and make recommendations for the different phases, technologies, and features around enterprise wireless networks.
Flavien Richard is a technology solutions architect in the Borderless Networks team in France. He is an expert in wireless and mobility topics and serves as an escalation point of contact in the European theater. This gives him visibility over most of the biggest projects in EMEA. He is a technical interface between the Wireless business unit and Cisco customers, partners, and employees to help define and prioritize the new features and products for the mobility market. He is a frequent speaker and session manager at Cisco Live and other Cisco events on mobility. He also was a contributor to the writing of the first Wireless CCIE exams.
Remember to use the rating system to let Flavien know if you have received an adequate response.
Because of the volume expected during this event, Flavien might not be able to answer every question. Remember that you can continue the conversation in the Wireless Community, subcommunity Getting Started with Wireless shortly after the event. This event lasts through October 4, 2013. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.
As of today there is no option to modify the notification template used to email/print/sms the guest account details.
This feature is being looked at for future releases.
Hope this answers your question,
I recently discovered that the Cisco 1552 outdoor APs don't fully support wIPS when used as an LWAPP. I was wondering why an outdoor access point which has military style physical protection and would presumably be more open to electronic attack, would be lacking in some IPS functionality that is standard for indoor APs?
The 1552 is an industrial grade, outdoor rated access point. It has primarily been designed for Outdoor Mesh environments, and has been optimized with a wireless network self-building optimization in mind.
It is fully compatible and supports the integrated controller WIDS features (the signatures in the controller that you can also customize), but, as you mentioned, it is not designed to be used with the Advanced wIPS, using the MSE.
Would you be willing to use the 1552 as a Local mode AP with wIPS (no Mesh but serving clients and reporting to MSE for forensics for instance), or as a Monitor Mode AP dedicated to wIPS?
I am currently supporting a service provider network with client exclusions configured for clients that attempt to use an Ip assigned to another device. I have over 700 client exclusions presenlty but the worrying thing is most of them have this message 'client xx.xx.xx.xx.xx.xx (0.0.0.0) which was associated to interface 802.11b/g/n on APxx is excluded. The reason is code 3(attempted to use IP address assigned to another device)'. The Ip address that was attempted to be used is 0.0.0.0. Please can you explain why this is likely to happen.
Also at what stage do we say a client is associated to a Cisco AP? is it after a dhcp offer has been made?
Is it correct to say the 3850's are targeted for those who only need small WLC's (MC featue) at each campus?
What benefits would we gain w/ the 3850's MC, or MA wireless features, when we already have centralized deployment w/ NCS, WiSM2 & 8510's, and FlexConnect AP's dumping traffic to be switched/routed locally?
It may be a great option for some other folks, but for my deployment, using the 3850's for wireless actually adds additional management overhead, w/ little or no benefits...no?
I read somewhere that the AP's need to be "locally attached" to the 3850's.
Can they be L2 hop's away, attached to 2960's, which uplink to 3850's, or do the AP's need to physically connect to the 3850's?
Now that the 3650 & 3850's provide MC wireless feature for 25 & 50 AP's, is there any reason why anyone would want to purchase a 5508 w/ 25 or 50-AP license?
Are there wireless features that are only available on a pure WLC platform (5508 & 5700), and not on 3650/3850's?
Is the wireless functionality handled by a soft-module, which is handled & managed separately from the L2/L3 IOS switching & routing, or is everything mixed together?
In another word, when you do "show run" on 3850, does it include all the wireless MC/MA config as well like on a 871 router, or do you have to "session" to a separate virtual device, like a 881 router?
thanks in advance,
These are a lot of questions in just one post. Let me try to capture them all, but, before I begin, I would recommend you to have a close look into this document:
Cisco Catalyst 3850 Switch Deployment Guide
For your first question, this is a definite NO. The Converged Access deployment mode is an option for branch offices as well as for large campuses. As you will be seing here (the entire paragraph is very useful to understand the different deployment scenarios), http://www.cisco.com.by.com/en/US/prod/collateral/switches/ps5718/ps12686/deployment_guide_c07-727067.html#wp9000380
the Cisco Catalyst 3850 Switch can serve as an integrated wireless LAN controller for up to 50 directly attached Cisco access points and 2000 clients per stack. The Cisco Catalyst 3850 Switches can also form the basis of a deployment that supports up to 250 Cisco access points and 16,000 clients. AND, if you have more than 250 APs and/or 16000 clients, it can serve as Mobility Agent and you can still have 5508, WiSM-2 or 5760s as Mobility Controllers, and reach up to enormous numbers like 72000 Access Points and over 1 million wireless devices supported with this architecture.
The comparison between FlexConnect APs in the Campus and the Converged Access model is a great one, but, due to the size of the FlexConnect Groups, and the unavailability of L3 roaming for locally switched wlans, you cannot deploy a campus with this design. As a result, a deployment like that one with Converged Access will add much less additional management overhead than the FlexConnect local switching one. Eventually, when you are refreshing the Switching infrastructure, the configuration of the equipments for Wired and Wireless will be much more streamlined than a deployment of the switching infrastructure independently from the Wireless infrastructure.
Using the 3650 or 3850s offer many benefits in a campus deployment, including the Visibility of both the wired and wireless traffics, often from the same users who either plug in their laptops or use the same devices wirelessly. It also provides a relief of the datacenter links by optimizing the datapath, for wired and wireless Multicast for instance, or also to the Internet, not having to go back all the way to the datacenter encapsulated and leave it again to reach the Internet Gateway, which doesn't reside in the same network block most of the time.
Quite a few other benefits can be mentioned, like the more advanced, hierarchical QoS that can be applied properly at the closest point of access into the network, both wired and wireless, as well as the same downloadable ACLs for the users who connect sometimes wirelessly, and sometimes through the Ethernet port. All of these benefits may or may not appeal to you and/or apply to your environment, but Cisco is offering you the choice of architecture, and, more importantly, lets you migrate from one to the other easily as any 1600, 2600, 3600 access point bought today can be in Autonomous IOS, FlexConnect, Monitor mode, Local CUWN or Converged Access mode ! And you can buy the 3650/3850 switches today, and deploy wireless whenever you will be ready or whenever you will benefit from Converged Access if you are currently not fully convinced, with just a software activation (and Wireless AP licenses somewhere in the network).
The APs have to be "locally attached" to the 3650 or the 3850. There is no support for a "L2 hop away" function as you describe it.
Customers who do not upgrade their switching infrastructure to the 3650 or 3850 at the access will need the 5508 w/ 25 or 50 APs licenses, so this still applies, and, once again, this is an architectural choice, as I have seen customers with 100's of APs and very very few clients/traffic, and customers with too few APs and a lot of clients with very high volumes of traffic. The first type would probably still prefer to have the CUWN centralized deployment, whereas the second type would have the real choice and is actually moving over to 3850s as we speak.
Some wireless features, like the ones for Service Provider WiFi deployments, are different between 5508/WiSM-2 and 5760/3650/3850. Generally, the 3.3.0SE IOS features (available in October 2013) can be considered on-par with 7.4 AireOS wireless features.
Everything is integrated into the same IOS config, for Wired and Wireless features, as there is one UADP ASIC that handles wireless and wired termination and switching with 20Gbps performance. In a 48 ports switch, you can terminate and switch 40 Gbps of wireless traffic, and in a stack of up to 9 switches, you will be able to terminate and switch up to 480 Gbps of traffic (the capacity of StackWise).
1. Do 3850 & 3650's support Apple Bonjour Gateway as part of their MC feature?
2. 3850 datasheet says it supports up to 2000 clients.
Is this a hard limit, or soft recommendation?
What happens when the 2001st client tries to join? Rejected?
We ran into client count limitation w/ our older WiSM1's, before we migrated to WiSM2's, because there are so many mobile devices around, especially when our remote campuses share same building/space w/ other tenants.
If each 3850 can only recognize up to 2000 endpoints, even if they're just probing, then we'll probably stick w/ centralized WiSM2's.
Hi again Kevin,
1. As part of the IOS XE software version 3.3.0SE, available this month, Apple Bonjour Gateway is supported under the name "Services Discovery Gateway" which goes much farther than just Bonjour as it handles all types of configurable mdns services.
2. The 3850 supports up to 2000 wireless clients as an MC (Mobility Controller). But each stack can be configured with MC, and still have a single Mobility group between the MCs to have full Fast Secure L2/L3 roaming between them, and reach 250 APs and up to 16 000 wireless clients in the system (with each stack of 1 to 9 switches having a 2000 active clients limit). That being said, when the 2001st ACTIVE client (so, no timeout of any of the other 2000 clients happened), its "request association" will be ignored.
I am currently trying to configure the legacy mobility infrastructure mode also known as centralized mode on the 5760 controller. According to the deployment guide this is supported for this platform.
On the AireOS based WLC I configured:
On the 5760 WLC I configured:
It does not give me the option to configure the MAC address.
Yet both WLCs show that control and data path are down.
Is there anything additional which needs to be configured?
please make sure that you are using WLC versions 7.3 or 7.5, not any other code type on AireOS (not 7.2 or 7.4 for instance)?