280 likes | 466 Vues
Module 5. access point adoption. Objectives. Describe the adoption fundamentals for Layer 2 and Layer 3 Describe Motorola Solutions' proprietary DHCP options and best practices Identify and describe the adoption order of preference and process
E N D
Module 5 access point adoption
Objectives • Describe the adoption fundamentals for Layer 2 and Layer 3 • Describe Motorola Solutions' proprietary DHCP options and best practices • Identify and describe the adoption order of preference and process • Describe the key aspects of plug and play deployments and start up configuration • Identify the key Layer 2 and Layer 3 troubleshooting considerations
Introduction • WiNG5 provides plug-n-play AP adoption over wired networks • Dependent and Independent Access Points • Layer 2 and Layer 3 • Future WiNG5 versions will permit adoption over wireless links as well as centralized management from neighboring Access Points DHCP Layer 2 (VLAN) Layer 3 (IP) AP-650 AP-7131 AP-650 AP-7131 Layer 2 Adoption Layer 3 Adoption
Protocols • WiNG5 devices use MiNT protocol as the primary means of • device discovery • configuration • control • Wireless Controllers and Access Points form MiNT links, which can be established over a VLAN or IP network: • Discovery, management and control traffic over Layer 2 uses ether-type 0x8783 (Point to Multipoint) • Discovery, management and control traffic over Layer 3 uses UDP port 24576 (Point to Point) • Permits discovery, management and control traffic to be forwarded between devices irrespective of how those devices are connected to the physical network UDP 24576 0x8783 Layer 2 Layer 3 WiNG5 Network
Access Point Adoption Process • Layer 2 and Layer 3 Access Point adoption is still plug-n-play and operates in a similar manner to previous versions of WiNG • Discover possible adopters • Pick one and adopt • During adoption Access Points will Adopt to a Wireless Controller based on the following order of preference: • Local Wireless Controllers discovered at Layer 2 in the Access Points Preferred Controller Group • Least Loaded Wireless Controllers discovered at Layer 2 • Wireless Controllers discovered at Layer 3 in the Access Points Preferred Controller Group • Least Loaded Wireless Controllers discovered at Layer 3 • One major change in WiNG5 is that a layer 2 adopted Access Point may have an dynamic or static IP address assigned
Preferred Controller Group IDs • By default Access Points are automatically distributed between Wireless Controllers based on each Wireless Controllers load • A Wireless Controllers load is calculated based on Adoption Capacity minus Adopted Access Points • Access Points can be load-balanced at runtime (default) or can optionally be scheduled • Access Points can optionally be steered to a group of Wireless Controllers using Controller Groups: • Administrators define a Controller Group Name on one or more Wireless Controllers • Administrators assign a Preferred Controller Group Name on Access Points using device overrides or Profiles • When the same Controller Group Name is defined on multiple Wireless Controllers, Access Points will be load-balanced between the Wireless Controllers based on load
L3 Adoption - DHCP Options • Layer 3 discovery relies on DHCP option 191 being present in the DHCP Offer which can provide the Access Points with up to two groups of Wireless Controller IP Addresses: • group0– IP Addresses or Hostnames are tried first • group1 - IP Addresses or Hostnames is tried second • Useful when a particular set of IPs must be tried first (i.e. Local Controllers vs. Centralized Controllers) • DHCP option 189 is still supported (legacy) • Interpreted as group0
Access Point Adoption Process 1 The Access Point will learn about all the available Wireless Controllers using Link State Packets (LSPs) exchanged over the MiNT link • Once a Access Point has established a Layer 2 / Layer 3 link: The Access Point will send Load Request packets to each Wireless Controller discovered over the MiNT link 2 • Each Wireless Controller will respond with a load response which includes the Wireless Controllers load (Licensed APs minus Adopted APs) 3 The Access Point will adopt and receive its configuration from the Wireless Controller / Cluster The Access Point will select the best Wireless Controller based on the following criteria: 5 4 A Wireless Controller that is reachable over Layer 2 The Wireless Controllers Group Wireless Controller Load A B C
Active / Standby RFS6000-1 AP Licenses: 48 Cluster AP Licenses: 48 Load: 24 RFS6000-2 AP Licenses: 0 Cluster AP Licenses: 48 Load: 24 RFS6000-2 AP Licenses: 0 Cluster AP Licenses: 48 Load: 0 RFS6000 (Active) RFS6000 (Standby) RFS6000 (Active) AP-650-11 AP-650-10 AP-650-9 AP-650-8 AP-650-4 AP-650-6 AP-650-5 AP-650-12 AP-650-7 AP-650-2 AP-650-17 AP-650-15 AP-650-16 AP-650-3 AP-650-18 AP-650-19 AP-650-20 AP-650-21 AP-650-22 AP-650-23 AP-650-24 AP-650-13 AP-650-1 AP-650-24 AP-650-3 AP-650-5 AP-650-6 AP-650-7 AP-650-8 AP-650-9 AP-650-10 AP-650-11 AP-650-12 AP-650-14 AP-650-4 AP-650-15 AP-650-16 AP-650-17 AP-650-18 AP-650-19 AP-650-20 AP-650-21 AP-650-22 AP-650-23 AP-650-14 AP-650-13 AP-650-1 AP-650-2
Active / Active RFS6000-1 AP Licenses: 48 Cluster AP Licenses: 48 Load: 12 RFS6000-1 AP Licenses: 0 Cluster AP Licenses: 48 Load: 24 RFS6000-2 AP Licenses: 0 Cluster AP Licenses: 48 Load: 12 RFS6000 (Active) RFS6000 (Active) AP-650-10 AP-650-13 AP-650-14 AP-650-16 AP-650-17 AP-650-19 AP-650-22 AP-650-3 AP-650-4 AP-650-2 AP-650-5 AP-650-6 AP-650-8 AP-650-23 AP-650-11 AP-650-24 AP-650-12 AP-650-21 AP-650-20 AP-650-21 AP-650-23 AP-650-1 AP-650-2 AP-650-3 AP-650-6 AP-650-7 AP-650-8 AP-650-9 AP-650-11 AP-650-12 AP-650-15 AP-650-18 AP-650-20 AP-650-15 AP-650-18 AP-650-9
Controller Groups RFS6000-1 AP Licenses: 48 Cluster AP Licenses: 48 Load: 12 RFS6000-1 AP Licenses: 48 Cluster AP Licenses: 48 Load: 24 RFS6000-2 AP Licenses: 0 Cluster AP Licenses: 48 Load: 12 RFS6000 (Active) Controller Group: DC1 RFS6000 (Active) Controller Group: DC2 AP-650-2 Group: DC2 AP-650-3 Group: DC1 AP-650-4 Group: DC2 AP-650-5 Group: DC1 AP-650-6 Group: DC2 AP-650-7 Group: DC1 AP-650-11 Group: DC2 AP-650-20 Group: DC2 AP-650-18 Group: DC2 AP-650-19 Group: DC1 AP-650-1 Group: DC1 AP-650-21 Group: DC1 AP-650-22 Group: DC2 AP-650-23 Group: DC1 AP-650-24 Group: DC2 AP-650-8 Group: DC2 AP-650-9 Group: DC2 AP-650-13 Group: DC2 AP-650-6 Group: DC2 AP-650-11 Group: DC2 AP-650-24 Group: DC2 AP-650-22 Group: DC2 AP-650-20 Group: DC2 AP-650-18 Group: DC2 AP-650-8 Group: DC2 AP-650-13 Group: DC2 AP-650-4 Group: DC2 AP-650-2 Group: DC2 AP-650-15 Group: DC2 AP-650-9 Group: DC2 AP-650-16 Group: DC1 AP-650-15 Group: DC2 AP-650-14 Group: DC1 AP-650-17 Group: DC1 AP-650-12 Group: DC1 AP-650-10 Group: DC1
Plug-n-Play Deployments • For plug-n-play deployments the AP-650/AP-7131 Access Points must be connected to a switch port with an untagged Native VLAN defined: • The Native VLAN is used to establish a Layer 2 / Layer 3 MiNT link with the Wireless Controller • By default the Ge ports on AP-650/AP-7131 Access Points are configured as Access (Untagged) assigned to VLAN 1 • Wireless Controller discovery is performed using VLAN 1 until adoption is completed and the AP-650/AP-7131 Access Points inherit their configuration from the Wireless Controller / Cluster Native VLAN Native VLAN Tagged VLAN Tagged VLAN
Example Use Case 1 (Out of the Box) • Access Points are directly connected to a Gigabit Ethernet port on a Controller with a Native VLAN 1 defined • Each AP establishes a Layer 2 link with the Wireless Controller on VLAN 1 • Each AP adopts to the Wireless Controller at Layer 2 over VLAN 1 • IP Address is not required on the AP • Same plug-n-play experience as in WiNG4! • Good for Demo/Branch office scenarios VLAN 1 VLAN 1 VLAN 1 AP-650 AP-7131 AP-7131 EtherType 0x8783
Example Use Case 2 (Layer 2 Adoption) • Controller is connected to a Layer 2 Ethernet Switch on VLAN 11 • Access Points are connected to Ethernet Switch edge port with a Native VLAN 11 defined • Each AP establishes a Layer 2 link with the Wireless Controller over VLAN 11 • Each AP adopts to the Wireless Controller at Layer 2 over VLAN 11 • IP Address is not required on the AP • Same plug-n-play experience as in WiNG4! • Good for Campus scenarios VLAN 11 VLAN 11 VLAN 11 VLAN 11 AP-650 AP-7131 AP-7131 EtherType 0x8783
Example Use Case 3 (Layer 3 Adoption) • Controller is connected to the Data Center on VLAN 10 • Access Points are connected to Layer 2 Switch ports in the Wiring Closet with various Native VLANs defined • Each AP establishes a Layer 3 link to a Wireless Controller in the Data Center over its native VLAN • Each AP adopts to Controller at Layer 3 over its native VLAN • IP is requires on the AP (static/DHCP) • Good for complex campus scenarios VLAN 10 VLAN 10: 192.168.10.1/24 VLAN 11: 192.168.11.1/24 VLAN 12: 192.168.12.1/24 VLAN 13: 192.168.13.1/24 VLAN 11 VLAN 12 VLAN 13 VLAN 11 VLAN 12 VLAN 13 AP-650 AP-7131 AP-7131 IP/UDP 24576
Example Use Case 4 (Layer 3 Adoption) • Controller is connected to the Data Center on VLAN 10 • Access Points are connected to Layer 2 Switch Ports at each site with various Native VLANs defined • Each Access Point establishes a Layer 3 link to a Wireless Controller in the Data Center over its native VLAN • Each Access Point adopts to a Wireless Controller in the Data Center at Layer 3 over its native VLAN • IP is required on the AP (static/DHCP) • Good for multi-site deployments VLAN 10 Ge1: 192.168.10.1/24 S0: 192.168.100.1/24 S0: 192.168.100.2/24 Ge1: 192.168.20.1/24 S0: 192.168.100.3/24 Ge1: 192.168.30.1/24 VLAN 20 VLAN 30 VLAN 20 VLAN 20 VLAN 30 VLAN 30 IP/UDP 24576
Access Point Startup Configuration • ! Store startup-config • ! with all information • profile ap650 default-ap650 • .. • configuration-persistence • .. • ! • ! Store startup-config except for • ! secure information • profile ap650 default-ap650 • .. • configuration-persistence secure • .. • ! • WiNG5 now allows administrators to control if the startup-configuration is stored on Access Points • The option is also provided to control if sensitive information such as keys, passphrases and passwords are stored in the startup-config • By default full startup-configuration is saved on AP-7131 Access Points • By default no startup-configuration is saved on AP-650 Access Points • Configuration is controlled using Profiles or Device Overrides
Control VLAN • ! RF Domain • rf-domain lab-rfdomain • location lab • contact me@dev.null • country-code gb • control-vlan 11 • ! • ! Device Override Example • ap7131 00-23-68-31-14-2D • .. • control-vlan 11 • .. • ! • rf-domain default • .. • no control-vlan • .. • ! • The VLAN on which AP looks for the controller is called Control VLAN. • MiNT tunnel is established over this VLAN • By default AP looks for the controller on VLAN1 • With WING5 AP may have connectivity to the Controller over multiple VLANs • It is important to specify the Control VLAN in this case • This is done in RF Domain (on the premises that most probably this will be a per-site or a per-building setting) or using device overrides
Multiple DHCP Interfaces • ! Profile Example • profile ap7131 default-ap7131 • .. • interface vlan 11 • ip address dhcp • ipdhcp client requestoptions all • .. • ! • ! Device Override Example • ap7131 00-23-68-31-14-2D • .. • interface vlan 11 • ip address dhcp • ipdhcp client request options all • .. • ! • When using DHCP client on multiple Virtual IP interfaces, you must specify one that the Controller or AP uses to learn Gateway and DNS information • Controllers and AP should only have one Default Gateway at a time • VLAN1 is the default interface to learn this information • Can only be learned from one Virtual IP interface at a time
Considerations 1 Both Dependent and Independent Access Points can be adopted at Layer 2 or Layer 3 Layer 2 adopted Access Points do not require network addressing from DHCP 2 Layer 3 adopted Access Points can discover Wireless Controller using static IP lists, DHCP options or DNS name resolution 3 By default Access Points are automatically load-balanced between Wireless Controllers based on load 4 Access Points can be steered to groups of Wireless Controllers using Preferred Controller Group IDs For plug-n-play deployments Access Points should be connected to a wired port with an untagged Native VLAN When deployed in a Spanning-Tree environment, it is recommended that wired ports should be configured for Fast Start or Edge modes 5 6 7
LAB 3: access point adoption LAB 03: Activities Plug’n’Play Adoption over Layer 2 Auto Provisioning Policies Plug’n’Play Adoption over Layer 3
Describe the adoption fundamentals for Layer 2 and Layer 3 • Describe Motorola Solutions' proprietary DHCP options and best practices • Identify and describe the adoption order of preference and process • Describe the key aspects of plug and play deployments and start up configuration • Identify the key Layer 2 and Layer 3 troubleshooting considerations • Module Summary