Белая книга для Cisco Cisco Flex 7510 Wireless Controller
Copyright © 2011 Miercom Wireless LAN Controllers Page 2
metrics to evaluate how well each solution
addressed these concerns. We examined the
ability to authenticate new clients when the
controller fails, and/or the WAN link is down, as
well as how the solution avoids EAP
authentication session timeouts over high
latency WAN links. Finally, how does each
solution deal with the authentication when the
Radius server is down?
addressed these concerns. We examined the
ability to authenticate new clients when the
controller fails, and/or the WAN link is down, as
well as how the solution avoids EAP
authentication session timeouts over high
latency WAN links. Finally, how does each
solution deal with the authentication when the
Radius server is down?
Branch survivability during a WAN failure
includes the ability to continue mobile voice
calls. Therefore, we looked at the ability to
continue roaming voice calls within the branch
when the WAN is down. To evaluate the
situation where bandwidth may be limited, or
there are latency issues, we examined the Call
Admission Control (CAC) Support offered by
each product. In addition, how does each
solution protect against the threat of rogue
access points being installed in the branch.
includes the ability to continue mobile voice
calls. Therefore, we looked at the ability to
continue roaming voice calls within the branch
when the WAN is down. To evaluate the
situation where bandwidth may be limited, or
there are latency issues, we examined the Call
Admission Control (CAC) Support offered by
each product. In addition, how does each
solution protect against the threat of rogue
access points being installed in the branch.
In each of these metrics, the Cisco
FlexConnect solution clearly demonstrated its
advantages in providing Mobile Branch
Survivability, and cost containment of wireless
branch deployments by eliminating controllers
in each branch.
FlexConnect solution clearly demonstrated its
advantages in providing Mobile Branch
Survivability, and cost containment of wireless
branch deployments by eliminating controllers
in each branch.
Local Authentication/
Distributed Client Authentication
Distributed Client Authentication
Does the Cisco FlexConnect provide no
operational downtime when the controller fails
or the WAN link is down? A baseline was
established by successfully associating laptop
and VoIP clients with each vendor’s APs and
verifying successful authentication to the ACS
server through each vendor’s controller. The
link to the controller at the datacenter was then
purposefully brought down to simulate an
outage. VoIP calls and FTP download
sessions running on the laptops were
monitored for any drops.
operational downtime when the controller fails
or the WAN link is down? A baseline was
established by successfully associating laptop
and VoIP clients with each vendor’s APs and
verifying successful authentication to the ACS
server through each vendor’s controller. The
link to the controller at the datacenter was then
purposefully brought down to simulate an
outage. VoIP calls and FTP download
sessions running on the laptops were
monitored for any drops.
Cisco FlexConnect did not experience any
service outage when the controller was
unavailable. FTP downloads continued, and
VoIP calls remained up. The Cisco AP is
capable of authenticating with the ACS server
directly, bypassing the controller. Not only are
existing users able to remain connected but
new users may authenticate with the ACS
server and pass traffic successfully. Users do
not experience any down time during a
controller outage. We verified that the AP was
service outage when the controller was
unavailable. FTP downloads continued, and
VoIP calls remained up. The Cisco AP is
capable of authenticating with the ACS server
directly, bypassing the controller. Not only are
existing users able to remain connected but
new users may authenticate with the ACS
server and pass traffic successfully. Users do
not experience any down time during a
controller outage. We verified that the AP was
authenticating with the ACS directly by
generating the authentication log reports for the
last 30 minutes on the ACS. This indicated that
the AP was operating in “standalone” mode.
When the controller was brought back online, we
observed that the AP went into “connected”
mode, indicating that authentication would now
take place with the controller.
generating the authentication log reports for the
last 30 minutes on the ACS. This indicated that
the AP was operating in “standalone” mode.
When the controller was brought back online, we
observed that the AP went into “connected”
mode, indicating that authentication would now
take place with the controller.
There was a difference with the Motorola WiNG
v5.0. Motorola APs are entirely dependent on
the controller. During the simulated controller
outage, the entire branch loses wireless
functionality. All APs are down, and do not
broadcast an SSID. Existing clients lose
connections, and new clients cannot join. An
added headache from a network management
perspective is that when the controller is brought
back up, each access point at each branch must
be rebooted in order for wireless functionality to
be restored to end users.
v5.0. Motorola APs are entirely dependent on
the controller. During the simulated controller
outage, the entire branch loses wireless
functionality. All APs are down, and do not
broadcast an SSID. Existing clients lose
connections, and new clients cannot join. An
added headache from a network management
perspective is that when the controller is brought
back up, each access point at each branch must
be rebooted in order for wireless functionality to
be restored to end users.
For Aruba VBN 2.0, when the controller was
brought down, existing users kept their
connections. VoIP calls remained up, and FTP
sessions continued to download. However, new
users were unable to authenticate using 802.1x
as the APs were unable to authenticate on the
controllers behalf, with or without ACS available.
brought down, existing users kept their
connections. VoIP calls remained up, and FTP
sessions continued to download. However, new
users were unable to authenticate using 802.1x
as the APs were unable to authenticate on the
controllers behalf, with or without ACS available.
Local EAP (Wireless Resiliency)
What happens when the primary and backup
ACS Radius servers are both down at the
datacenter? FTP sessions were established
between existing clients accessing server
resources. Next, the port was shut down on the
switch which provided WAN access to the
Radius server. We attempted to add new clients
to
the AP with SSID: Branch. The AP console was
monitored for successful authentication of
the clients.
ACS Radius servers are both down at the
datacenter? FTP sessions were established
between existing clients accessing server
resources. Next, the port was shut down on the
switch which provided WAN access to the
Radius server. We attempted to add new clients
to
the AP with SSID: Branch. The AP console was
monitored for successful authentication of
the clients.
With both the Cisco Flex 7500 controller and the
primary and backup Radius servers unavailable,
the existing clients remained up and FTP
transfers were not interrupted. New clients were
able to join successfully by authenticating
directly with the access point. FlexConnect
allows the AP to function as a backup Branch
radius server. The authentication process took
slightly longer compared to baseline since the
system stepped through the alternate methods
of authentication. Branch communications in the
data plane remained up and the branch was
primary and backup Radius servers unavailable,
the existing clients remained up and FTP
transfers were not interrupted. New clients were
able to join successfully by authenticating
directly with the access point. FlexConnect
allows the AP to function as a backup Branch
radius server. The authentication process took
slightly longer compared to baseline since the
system stepped through the alternate methods
of authentication. Branch communications in the
data plane remained up and the branch was