Cisco®CCDA Exam Cram Notes : Designing A Basic Enterprise Network

3. Enterprise Network Design

3.2 Design a basic enterprise network

3.2.b WAN connectivity

Client - Server farm architectures require high-capacity links to the servers and redundant connections to provide high availability. Costs are lower for peer-to-peer applications and highest for applications that traverse the network with high availability. For example, you have an application server at the company head quarters, and you are accessing it from a branch office over a WAN link, you need high speed, high-availability link. The costs associated with this link are obviously higher than if the application server is located within the branch itself (even better if it resides within the LAN segment).

The following are the recommended best practices for placing WLCs (Wireless LAN Controllers):

1. Place WLCs in secured wiring closets or in the data center.

2. Deterministic redundancy is recommended, and intercontroller roaming should be minimized.

3. WLCs can be placed in a central location or distributed in the campus distribution layer.

The advantages of dynamic redundancy design of Wireless are:

1. APs dynamically load balance

2. Easy to deploy and configure

The disadvantages are:

1. Network stability is not predictable

2. Longer fail over times

3. Some times, fallback option may not be available

4. More inter controller roaming

Typical WAN interfaces, that one come across frequently are:

EIA 232, EIA 449, EIA 530, V.35, and X.21. The Cisco router serial interface will be a 60-pin D-shell connector. This in turn is connected to service provider equipment, usually through a CSU/ DSU. Therefore, appropriate conversion cable need to be used when interfacing with a WAN device such a CSU/DSU. CSU/ DSU in turn is connected to the service provider through the cable supplied by the service provider.

The serial port on a router is commonly used for connecting to an ISP's T1 circuit.

WANS are connected over serial lines that operate at lower speeds than LANs. Some of the WAN terms are:

1. Modems: Modems connect to public telephone circuits through dial-up.

2. CSU/DSU: Stands for Channel Service Unit / Data Service Unit. CSU/DSUs are used for connecting to Central Office of a Telephone switching company and provides serial WAN connections.

3. Multiplexors (mux): Multiplexors combine two or more signals before transmitting on a single channel. Multiplexing can be done by sharing "time" or "frequency".

4. CPE stands for Customer Premise Equipment.

5. Demarc : Demarcation point between carrier equipment and CPE.

Internet connectivity is normally achieved using a WAN connection. Therefore, you need a serial port for connecting to the Internet. On the other hand, a switch normally requires an Ethernet port for connectivity.

The following are the advantages of deterministic Controllers design in a wireless network:

a. Predictability

b. Network stability

c. Flexible and powerful redundancy design options

d. Faster fail over times

e. Fallback option in case of fail over

The disadvantage being the difficulty in configuring the WLCs compared to dynamic redundancy design.

Typically, in an Enterprise Edge, the following module are used:

1. DMZ/E-Commerce

2. Remote Access VPN

3. Internet


All these Enterprise edge modules typically connect to the Campus Core.

The following are Cisco recommendations for mesh design:

1. Per hop latency: < 10-ms latency per hop. Typically 2 ms to 3 ms.

2. Outdoor deployment : Four or fewer hops are recommended for best performance. A maximum of eight hops is supported.

3. Indoor deployment : One hop is supported.

4. Number of MAP nodes : 20 or less MAP nodes per RAP is recommended. Up to 32 MAPs is supported per RAP.

5. Throughput : one hop =14 Mbps, two hops = 7 Mbps, three hops = 3 Mbps, four hops = 1 Mbps.

The following are the important Wireless Mesh network components and respective descriptions:

1. Wireless Control System (WCS): Provides network-wide configuration and management using wireless mesh SNMP management system.

2. WLAN Controller (WLC): Performs management of multiple APs, reduce radio interference; manage security, Layer 3 mobility among others.

3. Rooftop AP (RAP): Connects the mesh to the wired network and serves as the root AP. Typically installed on towers or rooftops, it communicates directly with the MAPs.

4. Mesh Access Point (MAP): MAPs provide access to wireless clients. They connect to wired network through RAPs. In outdoors, MAPs are usually located on top of a pole, such as a lamppost. For indoors, MAPs are located in conference rooms, etc.

Important components of a wireless network consist of Wireless Lan Controller, Wireless Control System, Mesh Access Points, and Rooftop Access Points. The diagram below shows typical placement of these components.

Placement of Wireless Mesh network components

There are several Enterprise WAN architectures, including the following:

1. Private WAN, the Enterprise owns the WAN. It is characterized by high flexibility, security, ease of management, and bandwidth. One of the dis-advantages is the difficulty in migrating to other WAN technologies, should the Enterprise decide on it at a later date. Another disadvantage is the high cost associated with private WAN setup.

2. ISP WAN Service, this provides good flexibility and scalability. However, it offers moderate performance levels with respect to quality of service. It is cheaper when compared with other WAN architectures.

3. SP MPLS/IP VPN, this WAN architecture provides good scalability, security, quality (QoS, etc.). On-going costs are moderate to high.

4. Private MPLS, this WAN architecture also provides good scalability, security, and quality (QoS, etc.). On-going costs are moderate to high. Easy to migrate to other WAN technologies.

Connectivity Methods:

MPLS: MPLS Labels correspond to the Layer 3 destination address, which makes MPLS the same as destination-based routing. MPLS maximizes switching using labels and minimize Layer 3 routing, thus enhancing the throughput of the network. MPLS labels can also be used to implement traffic engineering. The PE router is in the service provider network and CE router corresponds to Customer End.

1. Metro Ethernet using dark fiber typically used private WAN to connect distant LANs

2. TDM, SONET uses leased circuits from telecom companies to connect to distant LANs

3. MPLS or Frame Relay uses shared packet switched network, such as Internet to connect to distant LANs

Shared networks using MPLS/FR are cheaper than leased circuits or private networks.

DHCP : Short for Dynamic Host Computer Protocol servers are used to allocate network addresses and deliver configuration parameters dynamically to hosts. A DHCP server provides client computers with configuration information including IP address, subnet mask, IP default gateway, DNS servers, WINS servers, and other optional parameters that you can assign to clients

There are three ways that assignments are made to the client computers:

1. Dynamic: This mechanism can reuse the IP address after the lease expires.

2. Auto: Dispatches an IP address allocated to a specific MAC address.

3. Manual: Allocations of IP addresses are permanently assign to a computer

1. Bridge wireless: Wireless bridges connect two separate wireless networks, typically located in two separate buildings. This technology enables high data rates for use with line-of-sight applications.

2. Commonly called IEEE 802.11a/b/g/n or WiFi networks, wireless LANs are increasingly used in campus networks. 802.11n is now available and provides typical data rates of 150 Mbps to 300 Mbps.

3. Mobile Wireless: Several technologies come under this category. These primarily consist of cellular applications and mobile phones. Mobile wireless technologies include GSM, GPRS, and UMTS.

Connections to data center:

The following are the advantages of data-center Access Layer:

1. Provides required port density for server farms

2. Provides support for single/dual homed servers

3. Provides high-performance, low-latency Layer 2 switching

4. Supports mix of over subscription requirements

Data center aggregation layer typically supports advanced application and security services.

Some of the important characteristics of Data-center Aggregation layer are given below

1. Aggregation layer (Distribution layer) aggregates traffic from DC access and connects to DC core.

2. It supports advanced application and security services.

3. Provides support for Layer 4 services such as firewall, server load balancing, SSL offload, and IPS.

4. Supports large STP processing load.

5. Provides highly flexible and scalable design for meeting the current and future demands of the Data-center.

One important characteristic of Access layer is higher port density. High port density is required to connect to server farm, and provide virtualisation.

Cisco Unified fabric: A key building block for general-purpose, virtualized and Cloud-based data centers, Cisco Unified Fabric provides the foundational connectivity and unifies storage, data networking and network services delivering architectural flexibility and consistent networking across physical, virtual and cloud environment.

SAN is nothing but a high speed network that makes connections between storage devices and servers.

Any server that shares its own storage with others on the network and acts as a file server is the simplest form NAS

Please make a note of the fact that Network Attached Storage shares files over the network. Not storage device over the network.

When conducting an RF site survey, consider these general steps:

1. Obtain a facility diagram: Before getting too far with the site survey, ask for a set of building blueprints. If not available, prepare a floor plan drawing that depicts the location of walls, walkways, etc.

2. Visually inspect the facility: Note any potential barriers that may affect the propagation of RF signals. For example, a visual inspection will uncover obstacles to RF such as metal racks and partitions, items that building drawings usually don't show. Mark the same on facility diagram.

3. Identify user areas: Identify the areas of fixed and mobile users on the facility diagram. In addition to identifying where mobile users may roam, or fixed.

4. Determine preliminary access point locations: By considering the location of wireless users and range estimations of the wireless LAN products you're using, approximate the locations of access points that will provide adequate coverage throughout the user areas. Plan for some propagation overlap among adjacent access points, but keep in mind that channel assignments for access points will need to be far enough apart to avoid inter-access point interference.

5. Verify access point locations: This is when the real testing begins. Many wireless LAN vendors, including Cisco, Symbol, and Proxim, provide free RF site survey tools that identifies the associated access point, data rate, signal strength, and signal quality. You can load this software on a laptop or PocketPC and test the coverage of each preliminary access point location. Alternately, you could use a handheld site survey tool available from several different companies. For example, Berkeley Varitronics Systems offers a line of handheld devices, such as Grasshopper and Scorpion, which provide advanced site survey functions.

6. Install an access point at each preliminary location, and monitor the site survey software readings by walking varying distances away from the access point. There's no need to connect the access point to the distribution system because the tests merely ping the access point; however, you'll need AC power. So be sure to take along an extension cord, and learn where AC outlets exist.

7. Take note of data rates and signal readings at different points as you move to the outer bounds of the access point coverage. In a multi-floor facility, perform tests on the floor above and below the access point. Keep in mind that a poor signal quality reading likely indicates that RF interference is affecting the wireless LAN. This would warrant the use of a spectrum analyzer to characterize the interference, especially if there are no other indications of its source. Based on the results of the testing, you might need to reconsider the location of some access points and redo the affected tests.

8. Document findings: Once you're satisfied that the planned location of access points will provide adequate coverage, identify on the facility diagrams recommended mounting locations. Of course the installers will need this information. Also, provide a log of signal readings and supported data rates near the outer propagation boundary of each access point as a basis for future redesign efforts.

As per Cisco, data center technologies have been chronologically divided into three categories:

Data center 1.0 signified by the use of mainframes

Data center 2.0 signified by the use of distributed computing and client server model

Data center 3.0: Signified by the use of service oriented and web 2.0 based environment. Unifies computing, storage, networking and management into a single platform.

RF group members using UDP port 12114 for 802.11b/g/n and UDP port 12115 for 802.11a.

1. APs neighbor messages are encrypted using shared secret and configured on WLC(s).

2. The RF group leader analyzes real-time radio data collected by the system and calculates the master power and channel plan.

3. Neighbor messages need to be over - 80dBm to form a RF group.

The following functions are associated with Cisco Remote Radio Management (RRM):

1. Radio Resource Monitoring : Identify interfering signals, rogue APs, and other RF conditions that may interfere with the normal operation of wireless network.

2. Dynamic channel assignment: WLCs automatically assign channels to minimize interfering signals.

3. Dynamic transmit power control : The WLCs automatically adjust power levels.

4. Coverage hole detection and correction : WLCs may adjust the power output of APs if clients report that a low Received Signal Strength Indication (RSSI) level is detected.

5. Client and network load balancing : Clients may be put on different AP (other than the closest AP) to maintain network balance.

Mobility, or roaming, is a wireless LAN client's ability to maintain its association seamlessly from one access point to another securely.

The following are the important characteristics of a Mobility group:

1. The upper limit of APs supported in a mobility group is determined by the number of APs that the controllers support.

2. A mobility list is a group of controllers configured on a single controller that specifies members in different mobility groups.

3. A Mobility Group is a group of Wireless LAN Controllers (WLCs) in a network with he same Mobility Group name, and supports inter-controller roaming by wireless clients.

4. A Wireless LAN Controller (WLC) can be configured only one Mobility Groups at a given time.

5. Controllers can communicate across mobility groups and clients can roam between access points in different mobility groups if the controllers are included in each other's mobility lists.

Mobility Anchor: also referred to as Guest tunnelling or Auto Anchor Mobility, is a feature where all the client traffic that belongs to a WLAN (Specially Guest WLAN) is tunnelled to a predefined WLC or set of controllers that are configured as Anchor for that specific WLAN. This feature helps to restrict clients to a specific subnet and have more control over the user traffic.

Mobility Group: A Mobility Group is a group of Wireless LAN Controllers (WLCs) in a network with the same Mobility Group name. Wireless LAN Controllers (WLCs) can be configured only in one Mobility Group.

Mobility List: A mobility list is a group of controllers configured on a single controller that specifies members in different mobility groups. Controllers can communicate across mobility groups and clients can roam between access points in different mobility groups if the controllers are included in each other's mobility lists.

RF Group: An RF Group, also known as an RF domain, is a cluster of WLCs for which Radio Resource Management (RRM) calculations are done on a whole. RF Groups also help you to discover Rogue APs. RF groups are formed dynamically.

Cisco 4404 -100 series WLCs support 100 APs. On the other hand each of 2100 Wireless Controller supports 25 APs. You need to decide on the number and type of WLCs required during the design phase of the wireless network.

Intra-controller roaming: When the wireless client moves its association from one access point to another, the controller simply updates the client database with the newly associated access point. If necessary, new security context and associations are established as well.

Inter-controller roaming: When the client associates to an access point joined to a new controller, the new controller exchanges mobility messages with the original controller, and the client database entry is moved to the new controller. New security context and associations are established if necessary, and the client database entry is updated for the new access point. This process remains transparent to the user.

Inter-subnet roaming: Inter-subnet roaming occurs when the controller's wireless LAN interfaces are on different IP subnets. Inter-subnet roaming is similar to inter-controller roaming in that the controllers exchange mobility messages on the client roam. However, instead of moving the client database entry to the new controller, the original controller marks the client with an "Anchor" entry in its own client database. The database entry is copied to the new controller client database and marked with a "Foreign" entry in the new controller. The roam remains transparent to the wireless client, and the client maintains its original IP address.

In inter-subnet roaming, WLANs on both anchor and foreign controllers need to have the same network access privileges.

The important characteristics of Layer-3 inter-controller roaming (by wireless client):

1. The wireless client maintains its original IP address even after the wireless client roams to the new WLC

2. The traffic from the client is forwarded by the new WLC (that the client is attached most recently)

3. Traffic to the client arrives at the Anchor WLC which in turn forwards it to the Foreign WLC. The Foreign WLC then forwards the traffic to the wireless client.

4. When the client associates with the new WLC, the original client database is not moved to new WLC. Instead, original WLC marks the client with an "Anchor" entry in its database. The database entry is copied to the new WLC database and is marked as a "Foreign" entry.

When the client associates to an access point joined to a new controller, the new wireless controller exchanges mobility messages with the original wireless controller, and the client database entry is moved to the new controller. New security context and associations are established if necessary, and the client database entry is updated for the new access point. This process remains transparent to the user.

1. You cannot configure the controller's ports into separate LAG groups. Only one LAG group is supported per controller. Therefore, you can connect a controller in LAG mode to only one neighbor device

2. When you enable LAG, you can configure only one AP-manager interface because only one logical port is needed. LAG removes the requirement for supporting multiple AP-manager interfaces.

3. When you enable LAG, all ports participate in LAG by default. You must configure LAG for all of the connected ports in the neighbor switch.

4. When you disable LAG, you must assign an AP- manager interface to each port on the controller. Otherwise, access points are unable to join.

5. When you enable LAG, if any single link goes down, traffic migrates to the other links.

The following are cisco supported access points
Platform Number of Supported Access Points
 Cisco 2100 series WLC  25
 Cisco WLC for ISRs  25
 Catalyst 3750 Integrated WLC  50
 Cisco 4400 series WLC  100
 Cisco 6500/7600 series WLC module  300
 Cisco 5500 series WLC  500
WLC Interface Type Description
 Management interface  Used for in-band management
 Service-port interface  Used for out-of-band management
 AP manager interface  Used for Layer 3 discovery and association
 Dynamic interface  Dedicated to WLAN client data; analogous to VLANs
 Virtual interface  Used for Layer 3 authentication and mobility

A WLC interface is a logical connection that maps to a VLAN on the wired network. Each interface is configured with a unique IP address, physical port, and DHCP server. The following WLC interfaces are mandatory

1. Management interface

2. AP Manager interface

3. Virtual interface

Service port interface is optional, whereas dynamic interface is designated for client data and it is user defined.

Each interface is mapped to at least one primary port, and some interfaces (management and dynamic) can be mapped to an optional secondary (or backup) port.

Access Point modes are as given below:

Local mode ............................. The default mode of operation.
H-REAP mode....................... Used for remote LWAP management across WAN links.
Monitor mode ........................ The APs exclude themselves from handling data traffic and dedicate themselves to location-based services (LBS).
Rogue Detector mode........... Monitors for rouge APs.
Sniffer mode ........................... Captures and forwards all packets of a remote sniffer.
Bridge mode ........................... Used for point-to-point and point-to-multipoint solutions

In Cisco Unified Wireless Network architecture, access points (APs) are lightweight. This means they cannot act independently of a wireless LAN controller (WLC). The lightweight access points (LAPs) have to first discover the WLCs and register with them before the LAPs service wireless clients. Given below are the sequence of events that occur in the process of registering LAPs with WLCs.

1. LAP checks if it has been configured with static IP address. If not, the LAP issues a DHCP discovery request to get an IP address.

2. The LAP sends LWAPP discovery request messages to the WLCs.

3. Any WLC that receives the LWAPP discovery request responds with an LWAPP discovery response message.

4. From the LWAPP discovery responses that the LAP receives, the LAP selects a WLC to join.

5. The LAP then sends an LWAPP join request to the WLC and expects an LWAPP join response.

6. The WLC validates the LAP and then sends an LWAPP join response to the LAP.

7. The LAP validates the WLC, which completes the discovery and join process. The LWAPP join process includes mutual authentication and encryption key derivation, which is used to secure the join process and future LWAPP control messages.

8. The LAP registers with the controller.

The Management interface is the default interface for in-band management of the WLC and connectivity to enterprise services such as AAA servers.The management interface is also used for layer two communications between the WLC and access points. The Management interface is the only consistently "pingable" in-band interface IP address on the WLC.

WLCs embed this information in the LWAPP discovery response:

i. The controller sysName

ii. The controller type

iii. The controller AP capacity and its current AP load

iv. The Master Controller flag

v. An AP-manager IP address

The following are true about LAPs and LWAPP in Cisco Unified Wireless Network Architecture:

1. LAP CANNOT operate independent of a wireless LAN controller (WLC)

2. In order to connect an autonomous AP to a WLC, you must first convert the autonomous AP to lightweight mode.

3. The Lightweight APs are "zero touch" deployed, and individual configuration of APs is not necessary.

4. LAPs use split MAC architecture

5. A wireless client CANNOT roam between LWAPP APs and autonomous APs. You first need to convert the autonomous AP to a LAP, and join the WLC. Not all APs may be converted to LAPs.

Previous   Contents   Next

CCDA Cram Notes Contents ad