Design – Cisco Wireless Campus

High-performance and reliable wired and wireless networks are essential for business continuity and growth in today’s fast-paced business environment. In this post, we will explore four Cisco wireless LAN design models, their recommended use cases, and recommendations for implementing wired and wireless LANs according to Cisco’s guidelines. 

Wireless LAN Design Models

1. Centralized (Local-Mode) Design Model

The Centralized design model is primarily recommended for large site deployments. This model offers the benefit of simplified IP address management, configuration, and troubleshooting, along with the ability to support roaming at scale. In this model, both the WLAN controller and APs are located within the same site, allowing the wireless clients’ termination subnet to be separate from the AP, thus making the deployment process more straightforward.

Notably, if a site possesses any of the following characteristics, deploying a controller locally should be considered:

  • The site has a data center.
  • The site has a LAN distribution layer.*
  • The site has more than 100 APs.
  • The site has a WAN latency greater than 100ms round-trip to a proposed shared controller.

I put an asterisk next to “The site has a LAN distribution layer” because there could be some remote sites configured with this, but it might still be a good idea to do Flexconennect and not use WLCs. But I’ll leave the reasons why Cisco recommends this:

  • The distribution layer provides ideal network connectivity for the controller – it can connect directly to the core network infrastructure.
  • The distribution layer offers redundancy, high availability, and advanced network services that benefit centralized wireless deployment.
  • Local breakout of wireless user traffic is optimal if the traffic needs to access applications and services within the same site. Avoiding tunneling traffic back to a remote centralized controller reduces latency.
  • A local controller at the same site as the distribution layer simplifies the management and coordination of wired and wireless policies and services.
  • The distribution layer provides ideal network transport for CAPWAP tunnels between the centralized controller and APs.

2. Cisco FlexConnect Design Model

Cisco FlexConnect is primarily recommended for deployments consisting of multiple small remote sites connected to a central site. This model provides a cost-effective solution by enabling organizations to configure and control remote-site APs from headquarters through the WAN without deploying a controller at each remote site. Cisco APs operating in FlexConnect mode can switch client data traffic locally, using 802.1Q trunks to segment multiple WLANs.

3. Cisco SD-Access Wireless Design Model

The SD-Access Wireless model integrates fully with a wired Cisco SD-Access model, providing a unified experience across both wired and wireless with common policy enforcement. This model has fabric WLCs that communicate wireless client information to the fabric control plane, and fabric APs encapsulate traffic into the VXLAN data path.

4. Cisco Catalyst 9800 Embedded on Catalyst 9100 Series APs (EWC) Wireless Design Model

The EWC model is an effective alternative to Cisco FlexConnect deployments for small wireless deployments. This model embeds a Cisco Catalyst 9800 Series Wireless Controller into the Cisco Catalyst 9100 Series APs, eliminating the need for a separate on-premise controller.

Wired and Wireless LAN Recommendations

Wired LAN Recommendations:

  • Use a hierarchical design with access, distribution, and core layers. Simplify the distribution layer with technologies like switch stacks or StackWise Virtual.
  • The Catalyst 9200, 9300, and 9400 Series are recommended for access layer switches. Use the Catalyst 9400, 9500, and 9600 Series for the distribution layer. For the core layer, use the Catalyst 9500 and 9600 Series.
  • Migrate access layer uplinks to mGig and 25/100GbE ports on distribution switches as required to support 802.11ax APs.
  • Implement network security best practices like DHCP snooping, Dynamic ARP inspection, BPDU guard, 802.1X, Layer 3 to access, etc.
  • Use QoS to prioritize real-time traffic like voice and video.

Wireless LAN Recommendations:

  • Deploy Wi-Fi 6 access points like the Catalyst 9100 Series for high performance. Use CleanAir APs where possible.
  • The recommended wireless controllers are the Catalyst 9800 Series appliances, the embedded wireless controller, and the 9800-CL for cloud deployments.
  • For large campus sites, use the Centralized Wireless Architecture. For small sites, consider the FlexConnect or EWC models.
  • Implement WPA2/WPA3 Enterprise for security and use 802.1X authentication.
  • Use the DNA Center for automation, assurance, and fabric-based SD-Access architectures, and consider using Prime for more complex deployments.

The selection of a wireless design model and specific implementation recommendations depends on the organization’s size, resources, and specific requirements. By considering these points when designing and implementing a network, enterprises can ensure a reliable, efficient, and scalable solution that fits their needs.