cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8440
Views
5
Helpful
25
Replies

ASK THE EXPERTS:Branch Office Wireless Strategies

ciscomoderator
Community Manager
Community Manager

Read the bioWith Jeevan Patil

Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to ask how to consolidate your Wireless Branch Network Cisco subject matter expert Jeevan Patil. Mr. Jeevan Patil is a product manager for the Cisco Wireless Controller product portfolio. He has been involved with the wireless industry for over 12 years - since the first days of 802.11 becoming a standard through the evolution to 802.11n. Mr. Patil has been with Cisco for over 12 years. For the first 5 years he was a software engineer working on security, network management and wireless. In the past 7 years he has been the product manager on various initiatives such 802.11n standards, Access Points hardware, Client hardware, CCX, standalone (Autonomous) software, WLSE hardware and software and currently the product line manager on Wireless LAN Controllers.

Remember to use the rating system to let Jeevan know if you have received an adequate response.  

Jeevan might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Other Wireless – Mobility Subjects discussion forum shortly after the event. This event lasts through August 12, 2011. Visit this forum often to view responses to your questions and the questions of other community members.

25 Replies 25

wififofum
Level 4
Level 4

Hi Jeevan,  Just wondering if H-REAP/Flex Connect will support FSR for clients without previously (controller-derived) PMKs.  Thanks,

Hello,

Thank you for sending this question and giving me the opportunity to clarify.

In case of local mode APs key caching is done and shared across controllers in a mobility group using Cisco CCKM now as well as with standards based 802.11r.

With the flex architecture; the way that fast secure roaming works is via sharing the keys across all APs in the Flexconnect group(branch). This is limited up to 50 APs in a branch with the Flex7500. There is no L3 roaming OR roaming of clients across two Flex controllers.

Best Regards,

Jeevan

Hello,

Does CleanAir still function on H-REAP APs?

Hi,

Yes CleanAir works on Flexconnect architecture as well

Best Regards,

Jeevan

Tekunov Mikhail
Level 1
Level 1

Hi Jeevan.

How can you divide the users on an external RADIUS using two VLAN (and SSID) with WebAuth on a single controller.

Debug shows the same results. Differ only in the field of vendor-specific.

VLAN 1 (SSID net1)

radrecv: Packet from host 10.10.30.10 code = 1, id = 10, length = 142

     User-Name = "xxxx"

     User-Password = "x \ xxx \ xxx \ xxxx \ xxx \"

     Service-Type = Login-User

     NAS-IP-Address = xxx.xxx.xxx.xxx

     NAS-Port = 1

     NAS-Identifier = "c4402"

     NAS-Port-Type = 19

     Vendor-Specific = "V14179: T1: L6: \ 000 \ 000 \ 000 \ 001"

     Calling-Station-Id = "yyy.yyy.yyy.yyy"

     Called-Station-Id = "xxx.xxx.xxx.xxx"

     Message-Authenticator = ""

VLAN 2 (SSID net2)

radrecv: Packet from host 10.10.30.10 code = 1, id = 10, length = 142

     User-Name = "xxxx"

     User-Password = "x \ xxx \ xxx \ xxxx \ xxx \"

     Service-Type = Login-User

     NAS-IP-Address = xxx.xxx.xxx.xxx

     NAS-Port = 1

     NAS-Identifier = "c4402"

     NAS-Port-Type = 19

     Vendor-Specific = "V14179: T1: L6: \ 000 \ 000 \ 000 \ 002"

     Calling-Station-Id = "zzz.zzz.zzz.zzz"

     Called-Station-Id = "xxx.xxx.xxx.xxx"

     Message-Authenticator = ""

Use RADIUS Cisco ACS Express 5.0

Hello Tekunov,

Please take a look at the deployment guide for the vlan pooling feature:

http://www.cisco.com/image/gif/paws/112932/vlan-optfeatures-guide-00.pdf

Best Regards,

Jeevan

Nigel Bowden
Level 2
Level 2

Jeevan,

What is the maximum WAN link latency that a H-REAP access point will work across?

Regards

Nigel.

Hi Nigel,

Please take a look at the "WAN Requirements" section from the following Flex7500 deployment guide:

http://www.cisco.com/en/US/products/ps11635/products_tech_note09186a0080b7f141.shtml

It is highly recommended that the minimum bandwidth restriction remains 128 kbps with the round trip latency no greater than 300 ms for data deployments and 100 ms for data + voice deployments. The maximum transmission unit (MTU) must be at least 500 bytes.

Deployment TypeWAN Bandwidth (Min)WAN RTT Latency (Max)Max APs per BranchMax Clients per Branch
Data128 kbps300 ms525
Data + Voice128 kbps100 ms525
Data128 kbps1 sec11
Monitor128 kbps2 sec5N/A
Data1.44 Mbps300 ms501000
Data + Voice1.44 Mbps100 ms501000
Data1.44 Mbps1 sec501000
Monitor1.44 Mbps2 sec50N/A


Best Regards,
Jeevan

unnikannanvj
Level 1
Level 1

Hi Jeevan

Could you please address on the security configuration of the 1410 bridge and on how to test the bandwidth/throughput between two 1410 Bridges setup for point-to-point connectivity.

We have setup this in one of our Client sites.

Awaiting your reply.

Thanks in advance!

Regards

Unni Kannan

Systems Engineer

Hello,

Please take a look at the following deployment guide from our resident expert Navdeep for details on 1400:

http://www.cisco.com/univercd/cc/td/doc/product/wireless/aero1400/br1410/techref/index.htm

Best Regards,

Jeevan

That link appears broken.  It opens in a page that contains a single link for a deployment guide. When I click on that link

it draws a page that says I need to go to the Services and Support site.  Then 6 seconds later, it says the page is not available and asks me what I _really_ wanted.

Sorry for that.

Let me work with the marketing team in getting that fixed.

In the meantime; please download the attachment

Sorry for that.

Let me work with the marketing team in getting that fixed.

In the meantime please take a look at the attached file

v750cruiser
Level 1
Level 1

I have an existing home office network with a special Actiontec modem to support 20 meg down and 5 meg up DSL speeds.  Behind this modem are 4 gig LAN ports with a network of several printers, servers, and PCs using DHCP and some static IP addresses.  The modem supports DHCP, port forwarding (which I am using) as well as wireless 'n' networking along with other features.  I would like to keep all this as is.

Can I purchase a Cisco RV110W and configure it so that it just looks like another device on my existing network with either a DHCP or a static IP address on my home network?  If I can do this, can I also set it up to receive all VPN requests so I can connect to my home network from any remote location?  I can configure my existing modem to port forward all VPN requests to the RV110W address.

I really need a VPN device on my home network that will allow me to connect remotely, receive a DHCP address for my home network and then act as though it is just another computer on my network so I can access all the printers, servers, PCs, etc and use my VPN connection to send out internet traffic through the Actiontec modem.  Can I do this with the RV110W?

I've tried 3 types of VPN hardware so far and none of them have worked.  I cannot use PPTP due to existing firewalls where I am currently trying to connect.  I have to use IPsec or perhaps SSL to get out of the remote network.

Your ideas or suggestions?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: