15 - Examining Wireless Deployment Options

Question 1

• ___
o Used for hotspots or smaller enterprises
o Individual Access Point management
o Simple to deploy
• ___
o Campus environment where traffic is centralised
o APs connect to switches, which connect to centralised WLC
• ___
o Designed for enterprises that have branch or remote offices
o Locations with a relatively small number of APs where deployment of a WLC is not justified or desired
o WLAN data traffic is either tunnelled back to a central WLC (central switching) or data traffic is broken out locally at the wired interface (local switching) of the AP
• ____
o Integration of wireless access in the SD-Access architecture
o Moves the enterprise network from the current VLAN-centric architecture to a user group-based enterprise architecture with flexible Layer2 extensions within and across sites
o Automated network provisioning via the DNA Centre application
• ___
o Cloud-based virtual controllers provided via the Cisco Meraki or Cisco 9800 Cloud Controller solutions
o Centralised installation and management
o Scales from small branches to large networks
o Reduces operational costs
o Reduces IT staff size

Answer 1

• Autonomous
o Used for hotspots or smaller enterprises
o Individual Access Point management
o Simple to deploy
• Centralised
o Campus environment where traffic is centralised
o APs connect to switches, which connect to centralised WLC
• FlexConnect
o Designed for enterprises that have branch or remote offices
o Locations with a relatively small number of APs where deployment of a WLC is not justified or desired
o WLAN data traffic is either tunnelled back to a central WLC (central switching) or data traffic is broken out locally at the wired interface (local switching) of the AP
• SD-Access Wireless
o Integration of wireless access in the SD-Access architecture
o Moves the enterprise network from the current VLAN-centric architecture to a user group-based enterprise architecture with flexible Layer2 extensions within and across sites
o Automated network provisioning via the DNA Centre application
• Cloud managed
o Cloud-based virtual controllers provided via the Cisco Meraki or Cisco 9800 Cloud Controller solutions
o Centralised installation and management
o Scales from small branches to large networks
o Reduces operational costs
o Reduces IT staff size

Question 2

Each AP is an ___ – operates independently and has no knowledge of any other APs

Answer 2

independent cell

Question 3

The greatest benefit of an ___ AP deployment is that it is a simple and cost-effective way to extend an existing wired infrastructure for a small network

Answer 3

autonomous

Question 4

In an autonomous AP deployment, up to _ APs should be used.

Answer 4

5

Question 5

What are some benefits of an autonomous AP deployment?

Answer 5

• Lower CapEx
• Adapted to small deployments
• Flexible features for simplified deployments in small networks (RADIUS, user database, DHCP)
• Allow for basic dynamic channel assignments

Question 6

What are some limitations of an autonomous AP deployment?

Answer 6

• Each AP is managed individually
o Prone to configuration inconsistencies
o Individual software upgrades
o Scalability issues
• Base-level wifi functionality
o No dynamic RRM (Radio resource management)
o No advanced security such as rogue detection and mitigation, wIPS, guest access
• Fast, secure, and seamless roaming between subnets is not possible

Question 7

Because autonomous AP environments are small, factors such as roaming, and tightly synchronised AP transmit levels do not apply. Typical configuration parameters include:

Answer 7

• SSID
• Wireless security choice
• Transmit power levels to set the transmit power level of the APs so that the signal does not propagate into adjacent building spaces belonging to other tenants or into the parking lot

Question 8

What is the autonomous deployment traffic flow for a wireless to wired client?

Answer 8

• Client traffic flows across the wireless interface through the AP
• Coverts 803.11 frame to 802.3 frame
• Sends frame to local access switch

Question 9

What is the autonomous deployment traffic flow for a wireless to wireless client (same AP)?

Answer 9

• Traffic flows from one client to another client via the same AP
• Does not go beyond AP to the switch
• Does not create load of switch supporting AP
• AP cannot route between different VLANs so if clients are in different VLANs the AP must forward to the LAN until it reaches a router that will forward to the second client

Question 10

What is the autonomous deployment traffic flow for a wireless to wireless client (different AP)?

Answer 10

• Must transit through wired infrastructure

Question 11

Compared to autonomous APs, the APs in a __ architecture do not function independently. The have reduced functionality in the AP and depend upon the __ to configure, control and manage several APs.

Answer 11

centralised, WLC

Question 12

In a centralised WLC deployment, APs handle only the __ MAC functionality and all the not-real-time MAC functionality is processed by the WLC

Answer 12

real time

Question 13

APs have visibility and awareness of the __ APs. The WLC can be informed if one of the APs becomes faulty and __ APS adjust power levels to compensate. WLC can also offload clients to a __ AP if one of the APs becomes overloaded.

Answer 13

neighbouring

Question 14

What are the benefits of a centralised WLC deployment?

Answer 14

• Centralised management and troubleshooting for low total cost of ownership
• Easy to deploy and manage
• RRM (Radio resource management)
• High availability
• Rogue detection and mitigation
• wIPS
• Identity networking, RADIUS change of authorisation, and Cisco ISE
• Voice and data over WLAN seamless roaming
• Location services
• Guest access
• Mesh (indoor and outdoor)
• Highly customisable and advanced feature set

Question 15

What are the limitations of a centralised WLC deployment?

Answer 15

• All end-user traffic is forwarded to WLC
• Poor use of LAN and WAN infrastructure when internal resources are distributed
• WLC can become a bottleneck
• WLC can be a single point of failure

Question 16

When APs join onto a controller, they only handle some 802.11 MAC functionality. The WLC handles the rest. This is called __ mode.

Answer 16

split MAC

Question 17

__ is used extensively between APs and WLCs within the centralised architecture

Answer 17

CAPWAP

Question 18

What are some features of CAPWAP?

Answer 18

• Is an open protocol that enables a controller to manage a collection of APs
• APs can discover and join a CAPWAP controller
• Control messages that are exchanged between the WLC and AP
• WLC control messages are used to support wireless station access, authentication and mobility
• Can also be used for statistics gathering and wireless security
• Differentiates between the control plane and data plane
• Protocol supports two modes of operation. Split MAC in centralised mode or the local-MAC in FlexConnect mode.

Question 19

What are the centralised deployment traffic flow models?

Answer 19

standard model, inter-controller, intra-controller different AP, intra-controller same AP

Question 20

__
• APs are in local mode
• All wireless client data traffic is first sent to the controller
• The controller then decides on the policy to apply to the incoming traffic (ACL, QoS) before deciding how to forward to the final destination
• Client data reaches the AP and is encapsulated in CAPWAP and forwarded to controller. This means that between the AP and the controller, you can see CAPWAP data packets from the AP IP address, with a random client port, sent to the controller AP manager IP address to CAPWAP data port udp/5247. The same logic applies to return traffic

Answer 20

standard model

Question 21

___
• Controller does not route between VLANs and subnets, so a router decides how to reach destination network
• On the last hop, the router sends an ARP request to resolve the MAC of the destination.
• The second controller acts as an ARP proxy and answers the request in the name of the wireless client
• The last hop router forwards to the second controller
• The second controller converts 802.3 frame to 802.11, and encapsulates into CAPWAP and sends to the AP

Answer 21

inter-controller

Question 22

___
• Controller receives CAPWAP encapsulated data from AP
• After deciding on QoS and security policy, controller examines the destination MAC and IP
• If destination MAC is a wireless client of controller in same subnet, 802.11 frame is re-encapsulated into CAPWPA and forwarded to AP
• If destination MAC is not a wireless client of controller, or a different wireless client of the controller, but different VLAN, the 802.11 is converted to 802.3 and forwarded to the controller interface of the associated VLAN

Answer 22

intra-controller different AP

Question 23

__
• Traffic is still forwarded to controller first before being sent back to the AP to be distributed to the client
• The frame must first reach the controller so that QoS and security policies can be applied

Answer 23

intra-controller same AP

Question 24

___ architecture is an extension to the centralised architecture designed for brand off and remote office deployments.

Answer 24

FlexConnect

Question 25

FlexConnect is best suited for locations with a relatively __ number of APs where a deployment of a Cisco WLC is not justified or desired.

Answer 25

small

Question 26

FlexConnect enables the configured and control of APs in a branch or remote office from the corporate office through a WAN link without the deployment of a __ in each office.

Answer 26

controller

Question 27

FlexConnect: Clients connecting to APs at remote locations can be:

Answer 27

• Authenticated locally and have their data bridged to the local ethernet segment (local switching)
• Have their traffic tunnelled over the WAN via CAPWAP to a WLC at a central site to be switched to the network (central switching)

Question 28

the AP will make the decision on the most efficient switching method rather than client traffic being needlessly sent across the WAN link via CAPWAP just to be returned over the WAN as ethernet traffic.

Answer 28

split tunneling

Question 29

What are the benefits of Flexconnect deployment?

Answer 29

• Many of the same benefits as centralised architecture
• High availability and WLAN survivability
• Fast, secure roaming
• Dynamic VLAN and ACL assignment per user
• Flexible deployment and configuration
• Simple wireless operations with a data centre-hosted controller
• Efficient use of WAN resources for branches
• Only desired traffic is tunnelled to controller
• Scalable

Question 30

What are the limitations of a FlexConnect deployment?

Answer 30

• WAN connectivity limitations
o RTT must be below 300 ms data (100 ms voice)
o Minimum 500 bytes WAN MTU
o Deployments require the implementation of a site-wide VLAN for roaming.

Question 31

By changing APs to ___ mode, you can configure the traffic for one or several remote site WLANs to be switched locally.

Answer 31

FlexConnect

Question 32

If the controller becomes unreachable, the FlexConnect AP takes over the ___and key management. As long as the controller stays reachable, ___ is performed at the controller level.

Answer 32

client authentication

Question 33

The ___deployment option offers wireless networking as a service for clients who require ease of use and management. The function of the WLC is no longer limited to an appliance in the network. The functionality can be located via software in the public cloud.

Answer 33

Cisco Meraki

Question 34

What are the benefits of a Cisco Meraki deployment?

Answer 34

• Ease of deployment – zero-touch provisioning shortens deployment and configuration
• Centralised management and monitoring
• BYOD support – automatically apply access policies
• Cisco Connected Mobile Experiences (CMX) Location Analytics – ability to capture powerful metrics such as visitor capture rate, user visit time
• Application visibility and control
• High-capacity RF
• Automatic RF optimisation
• Dedicated security radio

Question 35

What are the limitations of a Cisco Meraki deployment?

Answer 35

• Organization much embrace cloud services
• Limited customisation capability
• Single architecture means less flexibility
• No layer 3 roaming
• Requires site-wide VLAN for roaming (VoWLAN)
• Limited integration with third party solutions

Question 36

Cisco Meraki devices automatically connect to the ___ over a secure link, register with their network, and download their configuration.

Answer 36

Cisco Meraki cloud

Question 37

With ___, there is no need to manually stage APs or log in to switches for manual configuration and provisioning

Answer 37

Cisco Meraki

Question 38

Meraki APs use ___ to self-configure and optimise RF settings from maximum performance

Answer 38

Auto AF

Question 39

Meraki uses an ___ management architecture, meaning that only management data flows through the meraki cloud infrastructure. No user traffic passes through the Meraki data centres.

Answer 39

out-of-band

Question 40

Cisco Catalyst ___ Series Controllers are next-gen WLCs built for intent-based networking

Answer 40

9800

Question 41

What are some features of the Cisco Catalyst 9800 Series Controller?

Answer 41

• High availability and seamless software updates
• Built-in security: secure boot, run-time defences, image signing, integrity verification, and hardware authenticity
• Can be deployed anywhere – on-premise, on cloud, embedded on a switch
• Can be managed using Cisco DNA centre, NETCONF/YANG, web-based GUI or CLI
• Built on a modular OS. Open and programmable APIs enable the automation of your Day 0-N network operations

Question 42

____ is a reliable and affordable wireless solution for enterprise branches or small to medium size businesses that want a managed AP solution without the need to buy, maintain and manage a separate WLAN controller appliance.

Answer 42

Cisco Mobility express

Question 43

__ is a virtual wireless LAN controller integrated on an access point. By default, all APs run the Cisco Aironet CAPWAP image. To acquire the wireless LAN controller functionality, the CME image needs to be installed on a Cisco 802.11 ac Wave 2 AP.

Answer 43

Cisco Mobility express

Question 44

CME solution consists of the following:

Answer 44

• Master Access Point – AP which runs the virtual WLC function. Depending on the model, the master AP can manage up to 100 APs and 2000 clients.
• Subordinate AP – AP which are managed by the master AP in a CME network. Subordinate APs only service clients and do not actively run the WLC function.

Question 45

How do you configure the master AP in a Cisco Mobility Express deployment?

Answer 45

• Power up Master AP by connecting to PoE enabled switch
• After AP has finished rebooting, it will broadcast the CiscoAirProvision SSID. This can take up to 10 mins
• Connect wifi to SSID. When prompted, enter password
• Open browser and access mobilyexpress.cisco to navigate to the setup wizard.