Cisco Tech Club Webináře
On-line každých 14 dní
Jaroslav Čížek, CiscoÚnor 2020
AP C9100, WLC C9800, PI/DNAC, DNA Spaces
Nové Cisco portfolio pro bezdrátové sítě
Cisco TechClubWebináře
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Úvod, trendy v bezdrátových sítích• Intent-based Networking, Cisco Next-Gen Wireless Stack, Wi-Fi 6 / 802.11ax, WPA3
• Cisco Next-Generation Wireless Stack• WLAN klienti – partnerství s výrobci koncových zařízení, Samsung Analytics
• Cisco AP C9100, Cisco WLC C9800
• Cisco Prime Infrastructure, Cisco DNA Center, Cisco DNA Spaces
• Vybrané technické detaily• Postupná migrace z AireOS (WLC5520/3504/5508) na IOS-XE (C9800)
• Doporučené verze AireOS / IOS-XE, PI / DNAC, DNA Spaces
• Shrnutí
Agenda
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco PublicALL the domains must cooperate to meet business intent
Cisco’s Vision: Enable Intent-based Networking Everywhere
Users & Devices
• Identify and onboard everything
• Authenticate and authorize access
Multi-Cloud
• Deliver application experience
• Secure internet and cloud access
SDAccess
(Cisco DNA Center)
SDNDC
(Cisco APIC)
SDWAN
(Cisco vManage)
Data & Applications
• Automate resources and workloads
• Prevent data breaches
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Principles of Intent-Based Networking
Powered by IOS-XE
Physical and VirtualInfrastructure
ASIC
Applications
APIs
Domain Controllers
Cisco DNA Center
Automation, built-in security, streaming telemetry, rich analytics, programmability
Custom ASICs, Virtualization
Modular, scalable, highly available OS
5
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Introducing Cisco’s Next Gen Wireless Stack
6
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Access SwitchesAccess Points Core Switches Wireless Controller
9200/9300/9400
Catalyst Catalyst9500/9600 Series
Catalyst9800 Series
The Full Experience End to End
Catalyst9100 Series
Most comprehensive mGig portfolio
Wi-Fi 6
Campus Optimized 25G/40G/100G
Industry’s only modular WLC with 40G/100G
uplinks
Wi-Fi 6, 802.3bt Ready
48P 5G + 25G/40G uplinks
Wi-Fi 6
Wi-Fi 6
Wi-Fi 6
Built for Intent-based networking
Security AnalyticsAutomation
Cisco Catalyst - End-to-end leadership Enabling next-generation Wi-Fi 6 mobility
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Higher data rates
• 1024-QAM for up to 9.6 Gbps per radio and single-antenna speeds of 1.2 Gbps
• 8x8:8SS
• Enables next-generation 4K/8K and AR/VR video
• 3x to 4x more throughput than 802.11ac via OFDMA
• Up to 4x capacity gain in dense scenarios with BSS coloring
• Multiuser MIMO gains on all client types
Increase in overall network capacity
• Scheduled uplink and downlink OFDMA for deterministic “cellular-like” latency, reliability, and QoS
• Optimized for IoT scale with hundreds of devices per AP
Reduced latency and greater reliability
• Up to 3x better battery life with Target Wake Time (TWT)
• New coding structure and signaling procedures for better transmit and receive efficiency
Improved power efficiency
For more information, see: https://www.cisco.com/c/en/us/products/collateral/wireless/white-paper-c11-740788.html
Wi-Fi 6 / IEEE 802.11axExperience: What is the big deal?
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Wi-Fi 6 is here and now
9
2018
Wi-Fi 6 WFA Certification
C9115AX, C9117AX, C9120AX
First Wi-Fi 6 device:
Samsung Galaxy S10
First Wi-Fi 6 laptops powered by Intel: HP, Dell
Samsung Galaxy
Note 10
Apple iPhone 11
Microsoft Surface Pro 7
Surface Laptop
C9130AX
Apr2019 Feb Jun OctSepJul Aug Nov 2020
IEEE 802.11ax Ratification
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Wi-Fi Protected Access (WPA) 3Coming up with AireOS, IOS-XE and 802.11ac W2 and Wi-Fi 6 APs
New Wi-Fi Alliance (WFA) certification
It certifies new security options defined in the IEEE 802.11-2016 standard
3 main innovations:
o Simultaneous Authentication of Equals (SAE) for WPA3-Personal (a variant of the Dragonfly handshake, resistant to offline dictionary attacks)
o Protected Management Frame (PMF) now mandatorywith WPA3 (already available but not always enforced)
o 192-bit security equivalent for WPA3-Enterprise(256-bit AES-GCM + 384-bit elliptic curves + SHA384 + 3072 bits RSA keys)
WPA3-Personal = WPA3 PSK based SSIDWPA3-Enterprise = WPA3 802.1X based SSID
10
WPA3 Mandatory Features
• Simultaneous Authentication of Equals (SAE)
• PSK replacement / Offline attack resistance
• Protected Management Frames (PMF)
• KRACK Testing
WPA3 Optional Features
• Suite B Cryptography
Wi-Fi Certified Enhanced Open
• Opportunistic Wireless Encryption (OWE)
• Encryption for Open SSIDs
Wi-Fi Certified Easy Connect*
• Device Provisioning Protocol (DPP)
• Setup for devices with no UI / IoT
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Next-GenerationWireless Stack
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Catalyst 9100 Access Points
Catalyst 9800 Wireless Controllers
DNA Automation & Assurance
DNA Spaces
Shipping
Next Generation Cisco Wireless Stack – Resilient, Secure & Intelligent
WLAN Campus of the FutureNext-Gen Cisco Wireless Stack Designed for Wi-Fi 6
Wi-Fi 6 Clients are here Today! ~300 Clients in Cisco Interop Testbed
Wi-Fi 6 Clients
DNA Assurance helps with Wi-Fi 6 Migration, Troubleshooting & Analysis
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
v
Increasing Wi-Fi adoption
13
Cisco partners with major manufacturers to provide the best device experience
• Client & network interoperability
• Maximize performance increase
• Consistent & Reliable
• Improved power efficiency
• Client network analytics
• A client-centric view to DNAC Assurance
• Improve Wi-Fi roaming
• Performance: 5x faster Wi-Fi & cellular handoff
• Enable partners to integrate with Cisco autonomously
• Standards + features across multiple client devices
• TTM Differentiation • Grow Wi-Fi market
Best Wi-Fi 6 standards solution
Differentiation through standards +
Open Partner Framework
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Device ecosystem: Samsung Analytics
14
Client classification Client onboarding
Client roaming Wi-Fi coverage*
Device Type | SW-OS | Firmware version | Tx Power
Adaptive 11r : Samsung clients support 11r on Adaptive 11r SSIDClient-side forensics: Leverage client authentication failures while roaming
Client-side forensics: Leverage client onboarding state machine failures to root cause issues
Client RF View: Use client’s RF to draw coverage view
*Roadmap
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco’s Next Gen Wireless Stack
15
More resilient, more secure and intelligent than ever before
Intelligent
• Enhanced analytics with Cisco DNA
• Spectral Intelligence
• Deploy in infrastructure of choice and cloud of choice
Secure
• Detect encrypted threats with Encrypted Traffic Analytics (ETA)
• WPA3 support
• Software Define Access
• Multi Lingual Radio
Resilient
• Software updates with minimal disruption: ISSU, Rolling AP Upgrades, Hot patching
• Deterministic capacity at scale
• Superior battery life for IoT andmobile devices
Delivering the best experience Extending Cisco’s
Intent-based network Leadership in RF innovation
Powered by Cisco IOS® XEOpen and programmable
Powered by Wi-Fi 6 technologySuperior RF experience
Cisco Catalyst 9100Access Points
Cisco Catalyst 9800 Wireless Controllers
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco® Catalyst® 9100 Increased capacity with Wi-Fi 6 technology
Resiliency• Superior battery life for IoT and mobile devices
• Steady performance in demanding environments
Integrated security• WPA3, Trustworthy systems
• Multi-lingual AP with RF snapshots
Intelligent• Analytics for iOS and enhanced Cisco DNA Assurance
• Container support to host IOT applications
Platform benefits
Delivering RFinnovations
Expanding the device ecosystem
Extending Cisco’s intent-based network
Next-generation Cisco Catalyst access pointsReady for next-generation applications and devices
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Mission criticalIdeal for small to medium deployments Best in ClassPowered by Cisco RF ASIC
Cisco DNA Assurance withiCAP
Integrated or external antenna SKUsBluetooth 5 USB
9117AX
• 8x8 + 4x4• MU-MIMO, OFDMA (only DL)• 1 x 5 mGig• Spectrum intelligence• Integrated Antenna only
9115AX
• 4x4 + 4x4• MU-MIMO, OFDMA• 1 x 2.5 mGig• Spectrum Intelligence
9120AX
• 4x4 + 4x4• MU-MIMO, OFDMA• 1 x 2.5 mGig• Cisco RF ASIC for Next gen CleanAir• Dual 5GHz, Next Gen HDX• RF L1 details• IoT ready (Zigbee)• Application Hosting
9130AX
• 8x8 + 4x4 or 4x4 + 4x4 + 4x4• MU-MIMO, OFDMA• 1 x 5 mGig• Cisco RF ASIC for Next gen CleanAir• Tri-radio: Dual 5GHz + 2.4GHz• RF L1 details• IoT ready (Zigbee)• Application Hosting• Full iCap with data packets• First 8x8 AP with external antennas
NEW
New Cisco Catalyst 9100 Series Access PointsBest in Class Wi-Fi 6 technology
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco RF ASIC
Catalyst 9120 & 9130 Access Point powered by Cisco RF ASICEmbedded with superior analytics and security for mission critical deployments
*Roadmap© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Clean Air, Off-channel RRM, FRA
Dual Filter DFS,Zero-Wait DFS*
WIPS/WIDS/Rogue Detection
RF Signature Capture*
Fast Locate w/o performance
impact
Optimised Roaming for mobile devices
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
C9130AXi/e C9120AXi/e
19
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco PublicCleanAir on C9120/9130AX
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Off Channel Scanning - legacy AP (anything with 2 radio interfaces today)
• All Channels must be scanned EVERY 180s within 3 Minutes
• Dwell time is 50 ms, 10 ms for channel change = 60 ms off channel
• 180s / 25 Channels = off channel dwell every 7.2s
• Off Channel Scanning for WSSI/WSM module and 4800 AP
• Continuous cycle 1200 ms Dwell across 2.4 and 5 GHz
• Supports RRM, aWIPS/WIDS, Rogue, FastLocate, CleanAir
• Serving Radio still required for NDP* Tx off channel as the module/third radio has no active transmitter
Spectrum Management Requires DataOff Channel Scanning – on Every Cisco AP
OffChannel RRM
Catalyst AP with RF ASIC:All the above!
Plus: Better radios, Custom ASIC, Tx for NDP, and more…*Neighbor Discovery Protocol
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
High-Density Client Test- ResultsCisco Wi-Fi 6 vs Wi-Fi 5 APs
Cisco 9100 series APs have clear advantage over Cisco Wave 2/Wi-Fi 5 APs
Cisco 9120AX overperforms Cisco
AP2800 by 25%
OffChannel RRM
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
▪ Pervasive 2.4 GHz and 5 GHz coverage (default mode)
Why Dual 5 GHz and FRA*?
5GHz
Serving
2.4GHz
Serving
▪ High Density Client Performance improvements
▪ Maximum over the air data rate up to 5.2 Gbps
5GHz
Serving
5GHz
Serving
• PROBLEM: You designed a network for dense 5 GHz coverage, now you have too many 2.4 GHz radios(2.4 GHz range is approx. 1.5x farther)
• Prior to dual 5 GHz/FRA your only option was to disable these radios.
• Disabling the radio provides no value other than making the 2.4 GHz spectrum manageable. → you effectively wasted ½ the functionality of the Access Point crippling it to 5 GHz only.
*Flexible Radio Assignment
Dual Band
Dual 5GHz
BENEFIT of Dual 5 GHz/FRA: allows the AP to run at 100%, increasing network capacity
& performance
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Catalyst 9100 Series Flexible power options: 802.3af support for ALL Wi-Fi 6 APs
* If USB is enabled 5GHz will be reduced to 4x4
AP Model Power source Power Type 2.4 GHz Radio 5 GHz Radio Link Speed USB Power Draw
C9130AXI / C9130AXE 802.3at PoE+ 4x4 8x8 5G OFF 25.5W
C9130AXI 802.3at PoE+ 4x4 4x4 5G ON 25.4W
C9130AXI / C9130AXE 802.3bt UPoE 4x4 8x8 5G ON 30.5W
C9130AXI / C9130AXE 802.3af PoE 1x1 1x1 1G OFF 13.4W
C9120AXI 802.3at PoE+ 4x4 4x4 2.5G ON 25.5W
C9120AXE 802.3at PoE+ 4x4 4x4 2.5G ON 25.5W
C9120AXI / C9120AXE 802.3af PoE 1x1 1x1 1G OFF 13.4 W
C9120AXI / C9120AXE 802.3af PoE 2x2 N 1G OFF 13.4 W
C9120AXI / C9120AXE 802.3af PoE N 2x2 1G OFF 13.4 W
C9115AXI / C9115AXE 802.3at PoE+ 4x4 4x4 2.5G ON 20.4W
C9115AXI / C9115AXE 802.3af PoE 2x2 2x2 1G OFF 15.4W
C9117AXI 802.3bt UPoE 4x4 8x8 5G ON 28.9W
C9117AXI 802.3at PoE+ 4x4 8x8 5G OFF* 25.4W
C9117AXI 802.3af PoE 2x2 2x2 2.5G OFF 13.5W
Reference
91
15
91
20
91
30
91
17
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
3 new antennas to support 8 port external antenna AP C9130AXE:
• 8-DART connector to simplify installation
• Self Identifying Antenna (SIA) circuitry to automate provisioning
• LED to mimic AP LED status
• New Industrial Design to match new 11ax APs
NEW - 8x8 SIA External Antennas for AP C9130
C-ANT9101= C-ANT9102= C-ANT9103=
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
NEW - Self Identifying Antennas for AP C9120
Product ID Description Gain Models*
AIR-ANT2524DW-RS/= 2.4 GHz 2 dBi/5 GHz 4 dBi Dipole Ant., White, connectors RP-TNC 2 dBi (2.4 GHz)
4 dBi (5 GHz)9120E9120P
AIR-ANT2535SDW-RS/= 2.4 GHz 3dBi/5 GHz 5 dBi Low Profile Antenna, White, connectors RP-TNC3 dBi (2.4 GHz)
5 dBi (5 GHz)
9120E9120P
AIR-ANT2566P4W-RS= 2.4 GHz 6 dBi/5 GHz 6 dBi Directionnel Ant., 4-port, connectors RP-TNC6 dBi (2.4 GHz)
6 dBi (5 GHz)
9120E9120P
AIR-ANT2524V4C-RS= 2.4GHz 2 dBi/5GHz 4 dBi Ceiling Mount Omni Ant., 4-port, connectors RP-TNC2 dBi (2.4 GHz)
4 dBi (5 GHz)
9120E9120P
AIR-ANT2544V4M-RS= 2.4GHz 4 dBi/5GHz 4 dBi Wall Mount Omni Ant., 4-port, connectors RP-TNC 4 dBi (2.4 GHz)
4 dBi (5 GHz)
9120E9120P
AIR-ANT2566D4M-RS= 2.4 GHz 6 dBi/5 GHz 6 dBi 60 Deg. Patch Ant., 4-port, RP-TNC 6 dBi (2.4 GHz)
6 dBi (5 GHz)
9120E9120P
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco’s Next Gen Wireless Stack
27
More resilient, more secure and intelligent than ever before
Intelligent
• Enhanced analytics with Cisco DNA
• Spectral Intelligence
• Deploy in infrastructure of choice and cloud of choice
Secure
• Detect encrypted threats with Encrypted Traffic Analytics (ETA)
• WPA3 support
• Software Define Access
• Multi Lingual Radio
Resilient
• Software updates with minimal disruption: ISSU, Rolling AP Upgrades, Hot patching
• Deterministic capacity at scale
• Superior battery life for IoT andmobile devices
Delivering the best experience Extending Cisco’s
Intent-based network Leadership in RF innovation
Powered by Cisco IOS® XEOpen and programmable
Powered by Wi-Fi 6 technologySuperior RF experience
Cisco Catalyst 9100Access Points
Cisco Catalyst 9800 Wireless Controllers
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Catalyst 9800 Series Wireless Controllers
28
Cisco DNA CenterTranslate business intent into network policy and capture actionable insight with Cisco DNA Center
Cisco Catalyst 9800-40Cisco® Catalyst® 9800-80 Cisco Catalyst 9800-L
Works with Cisco Aironet 802.11ac Wave 1, Wave 2 and 802.11axCatalyst 9100 access points
*Supports 802.11ac Wave 2 access points as client serving
Cisco Catalyst 9800 Series Wireless Controllers for Catalyst 9000 switches
Cisco Embedded Wireless Controllerfor Catalyst 9100 access points
Cisco Catalyst 9800 for Cloud
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Catalyst 9800-L Wireless Controller
29
Up to 250 APs Up to 5,000 Clients 5 Gbps
Console
Port
USB
3.0
SP/RP
Ports
10 GE mGig
Ports4x 1GE/2.5GE mGig Ports
NEW – Performance License (500 APs, 10k clients, up to 9 Gbps)
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Embedded Wireless Controller on Catalyst 9100 Ready for Enterprise deployments
Use Mobile App, WebUIand DNA-C to Deploy, Manage and Monitor
Flexible Management Options
HA, SMU, aWIPS, Umbrella, NetFlow, ICAP
Supports Advanced Enterprise Feature Set
Modern OS, scalable, open and programmable, supports telemetry
Runs C9800 IOS-XEWireless Controller on Catalyst Access Points
Migrate Access Points to controller for more than 100 Access Points
Investment Protection
IOS-XE 16.12.2 with Cisco DNA-C 1.3.2
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Deploying Cisco Embedded Wireless Controller
• EWC capable Access Points can be connected to an access port or a trunk port on the switch depending on the deployment method• Management traffic is always untagged
Embedded Wireless Controller for Catalyst 9100 Series
EmployeeContractor Guest
VLAN 10
If Access Points and WLANs are all on different VLANs, EWC capable Access Points will connect to a trunk port on the switch and traffic for individual WLANs will be switched locally.
If Access Points and WLANs are all on the same network, EWC capable Access Points can connect to an access port on the switch port.
Pros: SimpleCons: Less Flexible
Pros: Flexible, Secure Cons: More configuration
EmployeeContractor Guest
VLAN 10
VLAN 20
VLAN 30
VLAN 40
31
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Embedded Wireless Controller - WLAN Deployment Next-Gen Wi-Fi designed for Single or Multi-Site Small to Medium Size Enterprises
Single Office Distributed Office Distributed Enterprise
Mobile App or WebUI
Embedded Wireless Controller
DNA Center
AssuranceAutomationPolicy Security CMXISE
Embedded Wireless ControllerController in CampusEmbedded Wireless Controller
in Branch
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
AP support on ME and EWC-AP Deployments
ME APs Subordinate APs (no ME)
AIR-AP1815 C9100 (Release 8.9.111.0 +)
AIR-AP1832 AP1700/2700/3700 Series APs
AIR-AP1840 AP1800i
AIR-AP1852 AP1810w
AIR-AP2802 AP700 Series APs
AIR-AP3802
AIR-AP4802
AIR-AP1542
AIR-AP1562
APs Supported in Cisco AireOS Mobility Express
EWC APs Subordinate APs (no EWC)
C9100 (16.12.2 +) All C9100
AIR-AP1815
AIR-AP1832
AIR-AP1840
AIR-AP1852
AIR-AP2802
AIR-AP3802
AIR-AP4802
AIR-AP1542
AIR-AP1562
Cisco APs Supported in Cisco Catalyst EWC-AP
• Only C9100 APs can be EWC-AP i.e. running controller functionality• 11AC Wave2 APs can be subordinate APs • No EWC-AP support on 11AC Wave 2
• Only 11AC Wave2 APs can have ME functionality• C9100 Series and 11AC Wave1 APs can be subordinate APs• No AireOS ME on C9100 Series APs
Reference
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Next-generation wireless infrastructure for any scale
34
Distributed branch and small campus Medium-sized campus Large campus
Cisco Catalyst 9800 Embedded Wireless*100 APs, 2000 clients
Cisco Catalyst 9800 Embedded Wireless**200 APs, 4000 clients
Cisco Catalyst 9800-L250 APs, 5000 clients, 5 Gbps
Cisco Catalyst 9800-CL***1000 APs, 10,000 clients
Cisco Catalyst 9800-402000 APs, 32,000 clients, 40 Gbps
Cisco Catalyst 9800-CL1000, 3000, or 6000 APs
10,000, 32,000 or 64,000 clients
Cisco Catalyst 9800-80 6000 APs, 64,000 clients 80 Gbps
Up to 100 APs Up to 250 APs Up to 1000 APs Up to 3000 APs Up to 6000 APs
*Supports Cisco FlexConnect® local switching only
**SD-Access only
***Cisco Catalyst 9800 for public cloud: Cisco FlexConnect only
ENCS
Reference
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco’s Next Gen Wireless Stack
35
More resilient, more secure and intelligent than ever before
Intelligent
• Enhanced analytics with Cisco DNA
• Spectral Intelligence
• Deploy in infrastructure of choice and cloud of choice
Secure
• Detect encrypted threats with Encrypted Traffic Analytics (ETA)
• WPA3 support
• Software Define Access
• Multi Lingual Radio
Resilient
• Software updates with minimal disruption: ISSU, Rolling AP Upgrades, Hot patching
• Deterministic capacity at scale
• Superior battery life for IoT andmobile devices
Delivering the best experience Extending Cisco’s
Intent-based network Leadership in RF innovation
Powered by Cisco IOS® XEOpen and programmable
Powered by Wi-Fi 6 technologySuperior RF experience
Cisco Catalyst 9100Access Points
Cisco Catalyst 9800 Wireless Controllers
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Catalyst 9800 High Availability
36
Contain impact within releaseFixes for defects and security issues without need to requalify a new release
Faster resolution to critical issuesProvide fixes to critical issues found in network devices that are time-sensitive
Unplanned EventsDevice and network interruptions
✓ Stateful Switch Over with an active standby
✓ N+1 redundancy for always-on network, services and clients
Infrastructure UpdatesSoftware maintenance & AP updates
✓ Seamless software updates for wireless controllers and APs
✓ AP device pack and flexible per-site updates contain impact area
Software Image UpgradesWireless controller image upgrades
✓ N+1 rolling AP upgrades ensure seamless client connectivity
✓ Radio resource management automates group creation
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Unplanned Events
37
Catalyst 9800 High Availability
Always on NetworkAPs continue to stay associated
Always on ServicesUninterrupted voice, video and data services
Always on ClientsUsers and end-points continue to stay connected
How it Works
✓ Upstream device and network interruptions trigger a switchover to maintain end-point connectivity
✓ Hot standby controller takes over in case of failure of an active controller
✓ Seamless connectivity with Stateful Switchover (SSO) for end-points
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
End-to-End Wireless Network Security
Air UsersDevices
Rogue intrusion detection and prevention - wIPS
Enhanced threat detection with ETA
Seamless BYOD onboarding with ISE
Standards compliance with WPA3• Enhanced security on open Wi-Fi
• Robust password protection
• Superior data protection
• Seamless customer migration
Identity-Based segmentation with SD-Access
Secure device management with MPSK and iPSK
38
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Secure device management with MPSK and iPSKWLAN Endpoint Population
Guest IoT (Internet of Things) BYOD (Bring Your Own Device)
Employee Device (Organization Provided)
Level of Trust None Low Medium High
Control Low Low Medium High
Access Requirement Internet Internet and/or IoT Controller
Internet and/or Limited Internal
Full Access
Authentication method Open, WebAuth PSK PSK, 802.1X 802.1X
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
MAC-Filtering
wlan C9800-MPSK 1 C9800-MPSK
mac-filtering default
security wpa psk set-key ascii 0 Cisco123
no security wpa akm dot1x
security wpa akm psk
security wpa wpa2 mpsk
priority 0 set-key ascii 0 Cisco123
priority 1 set-key ascii 0 zD235o1M
priority 2 set-key ascii 0 Ktghmo9M
priority 3 set-key ascii 0 uTx6oDm1
priority 4 set-key ascii 0 PY9CK5tL
Secure device management with MPSK and iPSKMPSK (Multi-PSK)
• Can configure up to 5 different PSK per WLAN
• (Optional) ISE may be used for validating MAC address
• Supported with C9800 16.10.1, Embedded WLC on Catalyst AP
(AKA IOS-XE Mobility Express AP)16.12.2
Cisco ISEPSK WLAN
PSK=Cisco123
PSK= uTx6oDm1
PSK= PY9CK5tL
PSK= Ktghmo9M
PSK= Ktghmo9M
PSK= uTx6oDm1
PSK= PY9CK5tL
PSK= Ktghmo9M
PSK= zD235o1M
C9800 &Embedded WLC on
Catalyst AP
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Secure device management with MPSK and iPSKiPSK (identity PSK) with optional P2P blocking
• Each endpoints associate to the single WLAN with it’s own PSK value,
Endpoints with same PSK value defines segmented network
• ISE provides mapping of MAC address to PSK
• Supported with AireOS 8.5, C9800 16.10.1, Mobility Express AP 8.8MR2,
Embedded WLC on Catalyst AP 16.12.2, Meraki MR 26.5
• P2P blocking requires AireOS Controller running 8.8 or C9800 Running 17.1
PSK WLAN
PSK= uTx6oDm1
PSK= Ktghmo9M
PSK= Ktghmo9M
PSK=Cisco123
PSK= PY9CK5tL
Cisco ISEAireOS WLC, C9800
MAC-Filtering
MAC= 20:C9:D0:2B:80:F7 PSK= PY9CK5tL
PSK= uTx6oDm1
PSK= Ktghmo9M
PSK= Ktghmo9MMAC= 50:C7:BF:BA:D9:75
MAC= 50:C7:BF:BA:D3:23
MAC= 9C:3D:CF:4A:72:4D
Group == Medical Cart PSK= zD235o1M
PSK= 8GB10vaqProfile == Smart TV
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Complete control of your Day 0-N operations with open and programmable APIs
Day 0 Day 1 Day 2 Day N
Onboarding
Zero touch provisioning
Plug and Play
Configuration
YANG data modelsConfiguration protocols,
NETCONF, RESTCONF, ..
Monitoring
Streaming telemetryNETCONF, gRPC, gNMI
Optimization
Guest shell(on-box Python)
EEM Scripts
Provisioning Automation^
Model drivenprogrammability
Model driventelemetry
Software imagemanagement
^FutureIOS XE Programmability Book: http://cs.co/programmabilitybookAutomated Backup SSID with EEM on C9800 Wireless Controllers: https://community.cisco.com/t5/wireless-mobility-documents/automated-backup-
ssid-with-eem-on-catalyst-9800-wireless/ta-p/3743838
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco DNA CenterCisco Prime Infrastructure
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Network complexity and High costs of operation
Too many tools
Offers fragmented visibility
Reactive SystemsPlaying catch up analysis after the problem
$60B Annually spent on network operations, labor, and tools1
75%of OpEx is spent on
changes and troubleshooting
Legacy Approach
SNMP based polls; no real-time visibility
Limited InsightsYour report vs my report
1Cisco McKinsey Study
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Intent base Network Management
• No events/alarms, but insights and impact analytics with Guided remediation
• Automation, day0, day1, day2
• Policy and segmentation control
• Software update (ITSM, Compliance)
• Network telemetry data collection
• Baselining over time, baseline against others
• No manual configuration required
• API and Business API
Traditional Network Management
• Software Image Distribution
• Configuration Archive/Backup
• Templating for Automation
• Reporting
• Assurance
• Events
• Tons of data, but not enoughinsights
• Semiclosed system with predefinedconfigurations
Prime InfrastructureCisco DNA
Center
Cisco DNA Center
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Operating Model with Prime – DNAC Co-existence
Prime DNAC
• Network wide reports• Alarms and
Notifications for the network
• Maps and day 2 changes
• Configuration management of network changes
• Adv troubleshooting with granular data
• Sensor based proactive troubleshooting
• iCAP and Packet troubleshooting
• ML/AI • CMX integration
Cisco Prime Infrastructure to Cisco Digital Network Architecture (DNA) Center Co-existence Guide
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco DNA Center
Policy AssuranceDesignProvision
Physical and virtual infrastructure
Cisco and third party
Cisco DNA Center ApplianceComplete network management system• Single pane of glass for all devices
• End-to-end health information in real time
• Granular visibility
• Simplified workflows
Automation for provisioning• Zero-touch deployment
• Device lifecycle management
• Policy enforcement
Analytics for assurance • Verify intent of network settings
• Proactively resolve issues
• Reduce time spent troubleshooting
Platform for extensibility • Integrate APIs with third-party solutions
• Integrate and customize ServiceNow
• Evolve operational tools and processes
Cisco DNA Center
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco DNA Wireless AssuranceTroubleshooting Tool-kits for a Network operator
Active SensorTesting
iOS and SamsungAnalytics
Streaming Telemetry
AI NetworkInsight
Intelligent Capture Auto PCAPs
AI AnomalyBaselining
MachineReasoning
Active Sensor for Wireless Network SLA assessment
AI
Aironet 2800/3800/4800, C9xxx AP with Intelligent Capture
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Network Health
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Network Health
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Network Health
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Wireless Assurance
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Wireless Assurance
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Wireless Assurance
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Client Health
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Client Health
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Client Health
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Client Health
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Wireless Active SensorSensor Tests
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Wireless Active SensorSensor Tests
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Wireless Active SensorSensor Tests
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
iOS and Samsung Analytics
• Samsung
• S10 Series (S10e/S10/S10+/S10 5G), Note10, Galaxy Fold
• Galaxy M10, M20, Galaxy Tab S5e, A10.1(2019)
• Apple
• iPhone 7
• iPad Pro 2017
• iOS 10
Wireless Client Insights
Device Profile
Client shares these details1. Model2. OS version
Wi-Fi analytics
Client shares these details1. BSSID2. RSSI3. Channel number
Assurance
Client provides disassociation reason code
Clarity into the reliability of connectivity
Insights into the client’s view of the network
Support per-device-group policies and analytics
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco AI Network Analytics
Intelligently define personalized ”network normal” using unified global telemetry collected
Increase signal-to-noise, improve issue relevancy, and accurately identify trends and root causes
Create automated resolution options for IT to act on based on machine reasoning algorithms
Visibility: Personalized Baselining
Insight: Intelligent Analysis
Action: Accelerated RemediationCisco DNA Center
vAI Network Analytics
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Solving the Most common Wireless problems through AI/ML -
Focus on Client Experience
Wireless Onboarding Application Experience
Wireless User Failed to ConnectWireless User took too long to Connect
Wireless User’s Application throughput is declining
Excessive TimeExcessive Failures
Excessive DHCP Time
Excessive DHCP Failures
Excessive AAA Time
Excessive AAA Failures
Excessive Assoc. Time
Excessive Assoc. Failures
Total RadioMedia Application
Throughput
Cloud ApplicationSocial Application
Throughput
• Wi-Fi Onboarding Analytics
• Wi-Fi Radio Performance Analytics
• App Perf.Analytics on Wi-Fi network
Analytics and OutlierDetection on
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Predictive Modelling
• Static thresholds can often lead to false positives and negatives
• Dynamic threshold generated based on predictive model
• Improves alert quality
Cisco AI Network Analytics
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Predictive Modelling
• Static thresholds can often lead to false positives and negatives
• Dynamic threshold generated based on predictive model
• Improves alert quality
• Correlation with other network issues
• Potential root cause analysis
Cisco AI Network Analytics
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Network HeatmapsCisco AI Network Analytics
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Anomaly Detection
• Analyses trends and identifies changes in behaviour
• Automatically generated on a weekly basis
• Illustrates weekly trends over the previous month
• Links back to Network Heatmap and AP360 for additional contextual information
Cisco AI Network Analytics
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco DNA Spaces
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Wireless Network :
Connectivity + Digitization
See what’s happening at your spaces
Leverage digitization toolkits to act on insights
Drive business outcomes with partner apps and enterprise extensions
See
Act
Extend
Cisco DNA SpacesDigitizing Spaces: People & Things
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Providing Insights and Enabling ExperiencesLine of Business ITOperations
Optimize OperationsEnterprise Integrations and Data Export
Employee Productivity Centralized Management
Drive Efficiencies Compliance
Reduce manual processes and save cost
End-to-End Monitoring and SLAs
Boost Satisfaction
Customer Acquisition & Loyalty
Improve Experience
Understand Visitor Behavior
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco DNA Spaces: SEE
Open Roaming
• Auto Onboarding to Guest Wi-Fi• Improved Guest Wi-Fi Experience
Cisco PI / DNA-C Integration
• Client Location• Intelligent Capture• Assurance• Rogue Location
DNA Spaces Cloud
• Behavior metrics• Right now metrics• Location hierarchy• Cloud Detect & Locate (Base)• Location Analytics (Base)• Report Export
73
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco DNA Spaces: EXTEND
Partner
• Partner Dashboard• Partner Stream (e.g. for Stanley)• Partner Firehose• SLA & Monitoring for APIs
App Center
• Advanced Analytics• Indoor Mapping and Wayfinding• Digital Signage• Asset Management• Productivity
And many more
Includes SEE
Customer• On-prem and cloud APIs• Customer Firehose• Streaming Data Export
Enterprise SoftwareExtend location data into enterprise software platforms such as CRMs, Data hubs, Analytics Platforms, Marketing clouds, etc.
74
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco DNA Spaces: ACT
Smart Captive Portals
• Acquire & identify visitors and map to enterprise identity
Applications
• Location Personas : Profile and segment
visitors based on at-location behavior
• Engagement Rules: Trigger notifications
to visitors & employees via multiple
channels
• DNA Spaces SDK: Coming Soon
• Edge Device Manager: Coming Soon
Cloud Detect & Locate (enhanced)
• RSSI location in Cloud• Cloud Location APIs• Cloud Location History (Coming Soon)
Hyperlocation• 1-3m accuracy with AP4800
Location Analytics (Advanced)• Zone based (Coming Soon)
Includes SEE and EXTEND
75
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Vybrané technické detaily
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Link to public document: https://www.cisco.com/c/dam/en/us/products/collateral/security/at-a-glance-c45-741619.pdf
• As of November 2018, there are no plans to make an end-of-sale announcement for the 3504, 5520 and 8540 platforms within the next two years. This means that the EOS is currently anticipated to be at least three years away . Cisco’s standard practice is to support the hardware for an additional five years after EOS.
AireOS Statement of Direction
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
AireOS Mobility Innovations Journey
8.6 8.8 and 8.8MR1/2 8.7
• Scheduled AP upgrade
• Securing the Network protocols - CSDL
• MSP features
• Diagnostic Support bundle
• EoGRE enhancements
• Sensor AP 1800s
• Wave 2 11ac features
• Beacon Point Module
4800 AP Intro
Intelligent Capture
BLE Strategy
Infrastructure
• HA Monitoring Enhancement
• Encrypted Tunnel
• Cloud PnP Support
• Improved Web-authScale
Wave 2 AP features
• DNS Pre-auth ACL
• 802.1x on AP (EAP-TLS, EAP-PEAP )
• AUX Ethernet Port Enabled
• Flex Connect IOS Parity
ME Enhancements
8.8 Infrastructure
▪ Intelligent Capture
▪ P2P blocking with iPSK
▪ AVC PP – Zoom and Wi-Fi Calling
▪ AVC Engine and PP update
▪ Flex+Mesh Captive Portal
▪ Default DSCP assignment for Apps
▪ EoGRE enhancements
▪ Rate limiting with CoA
▪ Flex Connect IOS Parity
▪ ME enhancements
▪ Flex Auto-LAG
8.8 Security / CSDL
▪ ASLR - address space logical randomization
▪ Object Size checking library ( OSCL )
▪ IPv6 DNS Filtering for BYOD
8.8 MR1and MR2 Features
▪ WGB on Wave-2 APs- MR1
▪ IRCM between eWLC and Legacy WLC-MR1
▪ P2P blocking with iPSK on Flex Connect APs- MR2
▪ 4000 SSID scale on WLC – MR2
▪ FIPS Certification – MR2
▪ Additional ME enhancements –MR2
8.9 and 8.10
8.9 Wi-Fi 6 802.11ax AP support
• C9115/C9117/C9120
8.10 Oct 2019
• C9130, IW6300
• Wi-Fi6 Features –OFDMA, MU-MIMO, HE
• WPA3 (SAE, ENT, Enhanced Open)
• Mesh support for indoor w2 APs 1815/2800 (2017+) /3800 (2017+) /4800
• Air Time Fairness (ATF) for AP 2800/3800/4800/1560 and IW6300
• Intelligent Capture on ac w2 and ax APs
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Migration Strategy to the Next-Gen WLAN Stack
Evaluation• Understand the advantages of NG stack
• Build the knowledge of NG stack
• Verify platform support
• Evaluate feature gaps
• Evaluate new licensing model
Design• Select the C9800 and AP platform and
chose the deployment mode
• Design for C9800 vs. AireOS WLC coexistence and AP migration areas
• Understand the gotchas
• Choose a Management Platform
Implementation• Check the Site Survey & Heat Map
• Replace the legacy APs
• Check switch PoE
• Lab validation
• Go-Live and Day 2 Support
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
AireOS and C9800 - coexistence and migration RF Group, Roaming, Guest
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Recommended ReleasesCatalyst 9800 and AireOS Wireless Controllers
Access Points IOS-XE AireOS DNA-C Prime CMX ISE
C9115AX, C9117AX, C9120AX, C9130AX
16.12.2s 8.10.112.0 1.3.1.4 3.7 10.6.22.42.6
Wave (1/)2 APs 16.12.2s8.10.112.08.5.161.0
1.3.1.4 3.710.6.2
2.42.6
Older APs NA8.5.161.08.3.15x.0
NA 3.x 10.6.22.42.6
Please check these links for the latest infohttps://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/214749-tac-recommended-ios-xe-builds-for-wirele.htmlhttps://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/200046-tac-recommended-aireos.html
For YourReference
81
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Shrnutí
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
PI / DNA-C
Transition to Cisco Next-Gen Wireless Stack
C9800
Wi-Fi 6
ISEISE Services
PrimeNetwork
Management
AireOSWireless LAN
Controller
Access Points
Clients andSensors
MSE
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco DNA Advantage
Prime
Cisco DNA Advantage
3/5/7 Year SubscriptionsSingle SKU
AP License
Cisco DNA Essentials
Automation and Assurance
Enterprise Agreement Eligible
Base Automation
Cisco DNA Essentials
Prime
Cisco DNA Essentials
AP License
3/5/7 Year SubscriptionsSingle SKU
3/5/7 Year SubscriptionsSingle SKU
Prime
AP License
CMX Base
ISE Base + ISE Plus
Cisco DNA Advantage
Cisco DNA Essentials
Automation, Assurance, SDA, Security and Location
Enterprise Agreement Eligible
11AX, Wave 2 APs and Controllers - CAT 9800-40, CAT 9800-80, C9800-CL, Embedded Wireless
Cisco Wireless Subscription Offer StructureCisco DNA Premier
Software Support Service (SWSS) included in all subscriptions
*Customers can also get Cisco DNA software on 3504/5520/8540
Cisco DNA Spaces SEECisco DNA Space SEE
Reference
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco DEVNET Wireless – Wi-Fi6, C9800, …
https://developer.cisco.com/wireless/