novinky v bezdrôtových sieťach - · pdf fileit manager impact potential ... (sk...

Cisco Public 1© 2010 Cisco and/or its affiliates. All rights reserved.

Novinky v bezdrôtových sieťachIng. Peter Mesjar

Systems Engineer

CCIE #17428

[email protected]

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 2

During this session we will dive into Cisco CleanAir technology as well as introduce new access points and controllers that were announced recently:

• Why CleanAir

• What is CleanAir

• How CleanAir works

• How is CleanAir deployed

• What is new in borderless mobility


• From best effort to mission critical

System

Management

Scalable

Performance

Self Healing &

Optimizing

Hotspot


• 2.4GHz and 5GHz is unlicensed

Voice and Video are Latency Sensitive and Bandwidth Intensive

Explosion of Mobile Devices All Competing for Limited Spectrum

Interference is Invisible and Constantly Changing

Limited IT Resources, Lack of Tools and RF Expertise


Throughput

Reduction

Interference TypeNear(25 ft)

Far(75 ft)

2.4 or 5 GHz

Cordless

Phones100% 100%

Video Camera 100% 57%

Wi-Fi(busy neighbor)

90% 75%

Microwave

Oven63% 53%

Bluetooth

Headset20% 17%

DECT Phone 18% 10%

Reduced network capacity and coverage

Poor quality voice and video

Potential complete link failure

IT Manager Impact

Potential security breaches

Support calls

Increased cost of operation

Source: FarPoint Group

End User Impact

http://www.cisco.com/wirelesssecurity


CleanAir technology is a system-wide feature of the Cisco Unified Wireless Network that uses silicon-level intelligence

to automatically mitigate the impact of wireless interference and optimize network performance.

Continuous interference

detection

Automatic remedial action

Comprehensive reporting with

location


Detect and Classify

Mitigate

Locate

Cisco

CleanAir

High-resolution interference detection and classification

logic built-in to Cisco‟s 802.11n Wi-Fi chip design. Inline

operation with no CPU or performance impact.


• Industry‟s only in-line high-resolution spectrum analyzer

Typical Wi-Fi chipset

Spectral Resolution at 5 MHzCisco CleanAir Wi-Fi chipset

Spectral Resolution at 78 to 156 KHz

‘Chip View Visualization’ of Microwave oven and BlueTooth Interference

Microwave oven

BlueTooth

Microwave oven

BlueTooth

Po

we

r

Po

we

r

?


• RF spectrum optimization for better performance and reliability

Persistent

Device

AvoidanceSelf Learning to increase reliability

Event

Driven

RRM CH 1 CH 1 CH 11 CH 1

Self Healing to avoid Wi-Fi degradation

Interference

Aware

RRMMaximizes performance by avoiding interference


• Forensics for troubleshooting

Remote

Client

TroubleshootingQuickly determine connectivity issues

Spectrum

Expert

ConnectRemove need for onsite expertise

Location

Impact Analysis

History PlaybackInvestigate past problems

Air

Quality

802.11

Association

802.1X

Authentication

IP Address

Assignment

Successful

Association


• Wireless security at physical layer

IP and Application

Attacks & Exploits

WiFi Protocol

Attacks & Exploits

RF Signaling

Attacks & Exploits

Traditional IDS/IPSLayer 3-7

wIPSLayer 2

CleanAirLayer 1

Monitors Exploits Invisible to existing Systems

New Rogue

ThreatsDetects new „undetectable‟ Rogue/Clients

WiFi

JammersLocates and Expedite Interference Removal

2.4

GHz

5

GHz


• Policy enforcement via intelligent wireless device identification

Unwanted

Device

Notification

No Xbox

No Cordless Phone

No Bluetooth Data

Corporate Policy


Radio Troubleshooting and Automatic Interference Mitigation

Air Quality by Access Point

Air Quality Alarm Threshold

SNMP Interference Traps

3rd Party MIB

Spectrum Expert Connect Mode

Policy enforcement

Visibility into the performance and security of the wireless network

Locate Physical DOS Attacks and Hidden Rogues

Monitor and Alarm when Unwanted Devices are present

Location tracking for Zone of Impact

Merging Correlates Interference Data at a System Level

Historical Reporting and Trending allows Proactive Interference Management

Cisco Wireless Control System

(WCS)

Cisco Aironet 3500 Series and

Wireless LAN Controller

Mobility Services Engine (MSE)


Spectrum Expert

Connect

SAgE

CAPWAP

SensorD

CleanAir AP

NMSP SOAP

CleanAir Manager

IDRDB

Merging

History

Location

MSE

Web Server

CleanAir Manager

SNMP

AQ DB

WCS

IDR AQ

NMSP SNMPWLC

CAPWAPMerging

SOAP

USER - HTML

UDP 161/162

TCP 16113

TCP 37540/37550

WCS Plus WCS Base

TCP 443

Base CleanAir System

WLC + CleanAir AP

USER –HTML/CLI

Cisco

Spectrum Expert

TCP 443


• Information is driven in two ways

AQI – Air Quality index reporting

IDR – Interference device report

• Air Quality – Is derived by the AP‟s, Stored on WLC, and polled by WCS

• Interference Device Reports – are reported to WLC

WLC will merge multiple IDR‟s

Keep a limited Database (single reporting period)

Forward NMSP notification message with IDR payload to MSE

• Information passed from the AP to controllers is minimal. No off platform calculations are performed – it all happens on the AP


• Air Quality is a measurement of non-wifi and adjacent channel interference

• All individual devices when classifiedare assigned a severity value

• Air Quality is a measure of all Devices/Severities within a Radio, Floor, Building, or Campus

• Air Quality is observable at the Radio/channel level, or averaged together for a Floor, Building, Campus in a hierarchical fashion.

Good

Bad


• 2.4 GHz only

Bluetooth Link

Bluetooth Discovery

802.11FH

Microwave Oven

Industrial wireless/802.15.4

Xbox

• 5 GHz only

Radar

WiMAX Mobile

WiMAX Fixed

• 2.4 or 5 GHz

Jammer

WiFi Inverted

WiFi Invalid Channel

Continuous Transmitter

Video Camera

SuperAG

Canopy

Other (i.e. unclassified devices)

TDD Transmitter

DECT-like Phone

Definite Security Threat Devices

Potential Security Threat Devices

Performance Impacting Devices

1. Classifiers are expandable over time with software upgrade.

2. All third party trademarks are the property of their respective owners.


• For each Classified Device – a Severity Value is calculated

• Severity of 0 is not Severe – a Severity of 100 is very severe.

• All devices affecting a radio/channel are added together and subtracted from Air Quality for that for that radio/ served channel

• Severity is a local opinion of the reporting AP and takes into account the type of device, Duty Cycle (sk preklad “strieda” alebo aj “činiteľ plnenia”) and Power as measured by the AP.

• For the same device – severity will differ on each reporting AP because of the AP‟s RF relationship to that device.

100

63

35

97

90

20


• AP manages AQI data – averaging period is decided by WCS/WLC, and configured on AP by WLC

• Default AQ Averaging periods are15 min. default (up to 1 hour)

Rapid Update Mode – 30 seconds

• AP-SensorD reports AQ information every 15 seconds to IOS

• Each CleanAir AP sends AQ reports independently to the WLC for the channel it is serving (15 Minutes by default) or all channels if in Monitor Mode (MMAP)

• WLC Maintains last AQ report for each CleanAir AP until next update is received

SensorD

IOS

WLC

WCS

CleanAir AP 15 sec.

Normal -15 min.

Rapid – 30 sec.

Normal -15 min.

Rapid – 30 sec.

CleanAir

AQI


• IDR‟s are reports of devices classified by SensorD

• Top 10, by severity are reported to WLC

• A Security IDR will always be reported regardless of severity

• IDR up/down reporting is near real time

• AP tracks all IDR‟s not reported to WLC

TYPE SEV WLC

SEC 1 *

INT 20 *

INT 9 *

INT 2 *

INT 2 *

INT 1 *

INT 1 *

INT 1 *

INT 1 *

INT 1 *

INT 1

INT 1

INT 1

SensorD

IOS

WLC

CleanAir AP


We see multiple AP tags showing the detection of DECT

and the corresponding RSSI. But which ones are really the

same device?


• Pseudo – MAC applied to analog device signatures

• PMAC will never calculate exactly the same on all AP‟s detecting the same device – but rather similar

• PMAC will change overtime for a given device

Battery operated devices – voltage drop – temp variations

Measurement accuracy – or inaccuracy

• The AP will combine devices that can not reliably be merged with devices seen by another AP


• WLC performs comparison function on received IDR‟s PMAC

• WLC can merge devices for AP‟s physically connected to it

• WLC merge results are only viewable in IDR traps sent to trap receiver (WCS)

• No Location is performed on WLC merged interferers

• The result of a WLC merge is forwarded to the MSE (If present) along with all of the supporting IDR‟s


• All IDR‟s received by a WLC are sent to MSE via NMSP notify with IDR payload

• NMSP message includes the merged IDR and the individual IDR‟s used for that conclusion

• IDR‟s are re-merged at the MSE, this accommodates multiple WLC systems

• A tracked Interferer is equal to a client for CAS license purpose –each active merged interferer will consume 1 seat

• For MMAP you need MSE even when you have single controller


• Persistent Device Avoidance – PDA

Operates on Classification – IDR on a per AP basis

Once set – biases DCA against the PDA channel for the detecting AP only

Remembers interference and avoids placing the AP back on the same channel

• PDA use caseMicrowave Oven detected

Channel 11 – highest

Impact.

• PDA logs the device for this AP.

• A CM bias is added to this AP‟s channel 11 only

• The bias works in normal DCA operations to steer the AP away from channel 11 – it does not prevent the AP from re-selecting this channel

• AP remembers this bias for 7 days, which is re-set if the device is seen again within that period

• If DCA determines that the affected AP is best on channel 11 it will be assigned


• Event Driven – RRM or EDRRM

Fast acting (=< 30 seconds)

Works on AQI on a per AP basis

Designed to prevent catastrophic interference from disrupting channel/clients

• EDRRM use case

• Video camera is fired up, blocking channel 6

• EDRRM is run within next 30 seconds

• Clients with decent roaming capabilities will reconnect

• EDRRM AQI thresholds are 35 low, 50 medium (default), 60 high

NOTE: Both PDA and EDRRM are

only Available with full CleanAir

enabled installation – not overlay


Feature PartialOverlay Monitor

Full(Pervasive In-line

Detect Detect and Analyze RF signals ✔ ✔

Classify Classify Interference source and impact severity ✔ ✔

Locate Locate on map with zone of impact ✔ ✔

TroubleshootCisco Spectrum Expert Connect ✔ ✔

WCS Integration ✔ ✔

AP Service

CleanAir ✔ ✔

Monitoring (RRM, Rogue, WIPS, Location, etc) ✔ ✔

Client Traffic ✔

MitigateEvent Driven channel changes ✔

Persistent Device avoidance ✔

Overlay Monitor deployments are recommended for a 1:5 ratio


Pervasive 3500(local mode)

Adding to existing AP deployment

Self Healing

Troubleshooting

Location

Pervasive 1140, 1250, 1260(local mode or non-Cisco)

Overlay 3500(monitor mode 5:1 ratio)

Self Healing

Troubleshooting

Location

Pervasive 1140, 1250, 1260(local mode or non-Cisco)

Inlay 3500(local mode 5:1 ratio)

Self Healing

Troubleshooting

Location

o CleanAir Technology

required in AP for Self

Healing (local mode)

Existing 802.11n

deployments

Competitive Installed

802.11n deployments

New or Upgrading to 802.11n

New areas for ongoing

802.11n deployments

Networks severely impacted

by non-WiFi interference

o CleanAir Technology

required in AP for Self

Healing (local mode)

Limited spectrum visibility

and location capabilities

because local mode 3500

spectrum scans only data

serving channel.

Not Recommended

Recommended for: Recommended for:

Pervasive Overlay Mixed


AP1140 AP1250

AP3500i AP3500e


More Applications Supported

at Any Given Location

Email

Web

Voice

Video

Backup

ERP

ABG

ABG

ABG

ABG

Improved coverage at

higher data rates

1 for 1 replacement

AP1140, 3500i reuses existing

AP1130 T-Rail Clip


• A CleanAir AP is the license – no special WLC license is required, you need WLC that can run code 7.0 or greater

• CleanAir will work with WCS Base – what you do not get is interference history and location

• Adding an MSE – requires WCS Plus for location

• CAS (Context Aware) license required for Interference location

• Interference and Client location functionally identical – and use the same license count

• If license is 1000, and interferers are 500, then 500 clients can be displayed


CleanAir is enabled

by Default on the AP

Interface

it is disabled Globally

by default on the

controller.

Wireless=>802.11a/b=>CleanAir

WLC CLI

(Cisco Controller) >config 802.11a/b cleanair enable


• Monitor=>Access Points=>Radios=>802.11a/b

• CleanAir Admin Status and CleanAir Operational Status displayed on the page


• For each CleanAir AP attached to the controller you can view detailed CleanAir metrics represented in graphs


• Detailed Graphs show all

relevant CleanAir information for

the radio assignment of the AP

• Active interference

• Average Air Quality

• Minimum Air Quality

• Non Wi-Fi Channel Utilization –

Identifies what percentage of

Spectrum is being used by the

interference source

• Non Wi-Fi interference power –

Identifies the power level by

channel being affected

NOTE: This is a view of a Monitor Mode AP – Local Mode AP will only

populate the served channel


• For each CleanAir AP attached to the controller – device type, affected channels, severity, duty cycle, RSSI, PMAC

• Without MSE, once they go away, they are no longer in the system

Note: AP0022.bd18.87c0 is in monitor mode, rest of APs are in local mode.


Note: AP0022.bd18.87c0 is in monitor mode and AQ value

Is reported for each channel monitored


WLC GUI - Wireless=>802.11a/b=>RRM=>DCA

WCS – Configure=>controllers=>802.11a/b=>RRM=>DCA

Enabled Per Band

Same on WCS or WLC

EDRRM has threshold variable


Interferers displayed in this way do not require MSE – However they are

Raw and not coordinated to eliminate duplicates

Selecting a map for a given floor provides detail relevant to the selected floor. You can change the AP tags

to display CleanAir information such as CleanAir Status (shows which AP‟s are capable), Min or average AQ

values, or Average and Minimum values. The values are relevant to the band selected.


• You can also view interference information being seen on any radio interface by drilling down on the AP Icon and selecting the radio


• Air Quality heatmaps can be selected to provide a visualization of the AQ over mapped area.

AQ Heatmaps only display

for active AP‟s – the white area

is an AP in monitor mode


• Next generation Wireless LAN Controller for Cat6k chassis

Feature WiSM2

Number of APs 100 - 500

Number of clients Up to 10,000

Throughput Cat6k backplane

Mobility support Both L2 and L3

Encrypted Data Link

between AP and ControllerYes

OfficeExtend Solution Yes

RRM, CleanAir Yes

Videostream Yes

Guest service Both wired and wireless

Up to 7 WiSM2 blades

per Cat6k chassis


• Desktop wireless LAN controller for small enterprise

Feature 2500 series


Number of clients Up to 500

Throughput 500 Mbps

Mobility support Both L2 and L3

Encrypted Data Link


OfficeExtend Solution Yes

RRM, CleanAir Yes

Videostream Yes

Guest service Wireless only

4 GE interfaces for

infrastructure

connectivity, PoE

support on 2


• Flexconnect deployment model for cloud

Feature Flex 7500 series


Number of clients Up to 20,000

Throughput 2x 10GE

Mobility support L2 only

Encrypted Data Link

between AP and ControllerNo

OfficeExtend Solution No

RRM, CleanAir Yes

Videostream No

Guest service Wireless only

1RU with 2x 10 GE

interfaces for

infrastructure

connectivity


• Part of OfficeExtend Teleworker Solution

Full 802.11n speed

Dual band

Zero touch deployment

Desktop placement

Feature Flex 7500 series

802.11a/b/g/n Yes

Simultaneous Dual band Yes

Antenna Internal

Home traffic segmentation SSID for home and office

Zero touch deployment

with OfficeExtendYes

Encrypted Data Link


CleanAir No

Controllers supported 2500, 5500, WiSM2

Power consumption 15W


• Improving Air Quality with Cisco CleanAir (Techwise TV)

http://www.cisco.com/en/US/solutions/ns340/ns339/ns638/ns914/html_TWTV/twtv_episode_67.html

• CleanAir resources

www.cisco.com/go/cleanair

• CleanAir AP 3500

www.cisco.com/go/ap3500

• WiSM2

www.cisco.com/go/wism2

• Flex 7500 cloud WLC

www.cisco.com/go/flex7500

• WLC 2500 series

www.cisco.com/go/2500controller

• OfficeExtened AP 600

www.cisco.com/go/ap600

http://www.cisco.com/en/US/solutions/ns340/ns339/ns638/ns914/html_TWTV/twtv_episode_67.html

http://www.cisco.com/go/cleanair

http://www.cisco.com/go/ap3500

http://www.cisco.com/go/wism2

http://www.cisco.com/go/flex7500

http://www.cisco.com/go/2500controller

http://www.cisco.com/go/ap600

Thank you.

novinky v bezdrôtových sieťach - · pdf fileit manager impact potential ... (sk...

Documents