Рекомендации по настройке контроллеров БЛВС Cisco Флавьен Ришар , Technical Solutions Architect Виктор Платов , Системный инженер - консультант
Содержание Ø Рекомендованные настройки Audit Monitoring Express § Инфраструктура and RF Upgrade Setup Dashboard Workflow § RF/RRM Cisco Active WLCCA § Безопасность и BYOD Advisor § FlexConnect Feature Best Practices 2
Инфраструктура 3
Рекомендации по инфраструктурным настройкам Инфраструктура Ø Включить High Availability (Client SSO) Ø Включить AP Failover Priority Ø Включить AP Multicast Mode Ø Включить Multicast VLAN Ø Включить Pre-image download Ø Включить AVC Ø Включить NetFlow Ø Включить Local Profiling (DHCP and HTTP) Ø Включить NTP Ø Изменить the AP Re-transmit Parameters Ø Включить FastSSID change Ø Включить Per-user BW contracts Ø Включить Multicast Mobility Ø Включить Client Load balancing Ø Отключить Aironet IE http://www.cisco.com/c/en/us/td/docs/wireless/technology/wlc/82463-wlc-config-best-practice.html 4
Инфраструктура : Включить High Availability (Client SSO) Для работы данной технологии требуется прямой физический или L2 линк между Active и Standby Redundant портами C ходимость в пределах одной секунды 5
Инфраструктура : Включить AP Failover Priority Wireless à Access Points à Global Configurations Wireless à Access Points à All APs->AP_NAME à High Availability Позволяет настроить приоритет ТД , учитываемый при перегрузке контроллера 6
Инфраструктура : Включить AP Multicast mode Controller à General à AP Multicast Mode Уникален среди всех WLC и не пересекается с другими протоколами Сетевая инфраструктура должна обеспечивать мультикаст маршрутизацию между management интерфейсом и подсетью ТД Отсылает мультикаст пакет всем ТД вместо юникаст пакетов каждой ТД 7
Инфраструктура : Multicast VLAN для Interface Groups WLANs à WLAN Name à General VLAN1 VLAN2 (mcast_vlan ) Network VLAN3 VLAN4 Interface group Ограничивает отсылку мультикаст пакетов в эфир только одним vlan- ом 8
Инфраструктура : Включить Pre-image download Wireless à Global Configurations à AP Image Pre-download Меньшее время на обновление ПО в рамках всей сети 9
Инфраструктура : Включить AVC Wireless à Application Visibility and Control à AVC Profiles Включить Application Visibility Add per application rules Classifies applications, provides real-time analysis, and allows users to drop or mark data. Per- user, per-device granularity for control 10
Инфраструктура : Включить NetFlow на контроллере Wireless à Netflow à Exporter à Create ‘New’ Wireless à Netflow à Monitor à New NetFlow export to Cisco Prime or third party network management tool 11
Инфраструктура : Включить Local Profiling WLANs à Edit à WLAN_NAME à Advanced Client devices can be profiled based on their manufacturer and operating system 12
Инфраструктура : Включить NTP Controller à NTP à Keys Controller à NTP à Server If NTP requires authentication, first add key Synchronizes the time among all devices on the network including Access Point and Controller as we have X.509 certificates installed in AP and WLC, Context-aware and location services, MFP, Debugging 13
Инфраструктура : Изменить параметры AP Re-transmit Wireless à Access Points à Global Configuration Number of times the AP will try to join the WLC (3-8) Number of seconds to wait before rejoining (2-5sec) Allows user to customize the way APs attempt to join a WLC. Increase count and interval for larger latency links like FlexConnect and satellite links 14
Инфраструктура : Включить Fast SSID change Controller à General Allows clients to move faster between SSIDs, by not clearing the client entry 15
Инфраструктура : Включить per-user bandwidth contract WLANs à Edit ‘WLAN_NAME’ à QoS Limit data rates for Guest and Contractor accounts Enforces limits on non-mission critical clients 16
Инфраструктура : Включить Multicast Mobility for mobility domains Controller à General Controller à Multicast Allows clients to announce messages to all mobility peers, instead of individual WLCs, benefiting time, CPU usage, and network utilization. Multicast routing between controllers 17
Инфраструктура : Включить Client Load Balancing WLANs à Edit “WLAN-NAME” à Advanced Client Window Size 1-20 Maximum Denial Count 0-10 Balances the number of clients connect to a WLAN between multiple APs Not suitable for Voice, Low Density and single AP deployments like hotspots 18
Инфраструктура : Отключить Aironet IE WLANs à Edit “WLAN-NAME” à Advanced • Aironet IE 0x85 in beacons and probe responses • AP name, load, client count etc. • Controller sends Aironet IEs 0x85 and 0x95 in the reassociation response if it receives Aironet IE 0x85 in the reassociation request • Management IP address of WLC • IP address of AP Can cause compatibility issues with some types of wireless clients Включить для WGB и Cisco voice. Optional for CCX based clients 19
Инфраструктура : Same Virtual IP if same mobility name Controller à Interfaces à virtual Mobility Group 192.0.2.1 192.0.2.1 Inter-controller roaming can appear to work, but the hand-off does not complete and the client loses connectivity when DHCP renew is performed if DHCP proxy enabled 20
Инфраструктура : Fast Restart 73% Faster Commands à Restart Use Cases ü LAG <-> no LAG ü 10 G <-> 1 G ü High Availability SSO Pairing ü Post Configuration Wizard ü Web-auth certificate installation ü Transfer Download of XML Supported on Cisco WLC 7510, 8510, 5520, 8540 and vWLC Version 8.1 required Process Restart to reduce network and service downtime and improve serviceability 21
Рекомендации RF & RRM RF = Radio Frequencies RRM = Radio Resources Management 22
Рекомендации RF & RRM 23
RF & RRM: Отключить 802.11b Data Rates Wireless à 802.11b/g/n à Network Management frames sent at lowest mandatory rate - slows down the entire cell 24
RF & RRM: Отключить 802.11b Data Rates Demonstrating the impact of 802.11b data rates on Channel Utilization 1 Mbps Mandatory : Channel Utilization 67% 6 Mbps Mandatory : Channel Utilization 23% 25
RF & RRM: Restrict Number of WLANs below 4 WLANs à WLANs Each SSID needs a separate probe response and beaconing, the more SSIDs the less RF space available for real data traffic 26
RF & RRM: Включить Channel Bonding – Best Wireless à 802.11a/n/ac à RRM à DCA “Best” Automatically selects the widest Channel Width with: • Highest Client Data Rates • Lowest Channel Utilization per Radio • Minimize Data Retries / CRC errors • On the 5GHz Band While avoiding: • Rogue APs • CleanAir Interferers 40/80MHz wide channels in the 5GHz space can 2x/4x the amount of user data than can be transmitted. For extreme HD deployments use 20 MHz channels to keep cell size small. 27
RF & RRM : Отключить Avoid Cisco AP Load Wireless à 802.11a/n/ac à RRM à DCA Wireless à 802.11b/g/n à RRM à DCA To avoid frequent changes in DCA due to varying Load conditions 28
RF & RRM: Включить Client Band Select WLANs à Edit “WLAN-NAME” à Advanced Allows dual-band clients to move to the less congested 5GHz band Not always recommended for Voice deployments 29
RF & RRM: make use of RF Profiles • RF Profiles work in Conjunction with AP Groups (since release 7.2) • You can create separate RF profiles for both 2.4 and 5 GHz • 1 profile for each band (802.11a/802.11b) can be assigned to an AP group • Today with 8.x, you can use RF Profiles for: • 802.11 data rates • TPC Power Threshold and Min max Power settings • DCA (Dynamic Channel number Assignment) • Coverage hole Mitigation algorithm settings • High Density – HDX configurations like RX_SOP, Client Limit, Multicast data rate • Client Distribution More granular control of the RF network 30
RF Profiles : Granular Control TPC, DCA, Coverage Hole Data Rates High Density Load Balancing 31
Network Profiles Sets pre-defined RF parameters depending on “Client” Density and Traffic Type Client Density : High, Typical, Low Traffic Type : Data, Data and Voice 32
Recommend
More recommend