Motorola provided the Wireless Field Day delegates guest on boarding information prior to us arrive at their facilities, but I didn't walk through the enrollment process until I arrived at their facility the first morning of Wireless Field Day 4. The on boarding process wasn't smooth for my Macbook client device. I received a message that the provisioning had been done properly but I received a pop up asking for my WPA PSK credentials (which I did not have). Rather than spend a lot of time figuring out why I couldn't connect, I just joined the wireless network that Stephen Foskett brings as a backup internet connection for all of the Tech Field Day Events.
Motorola Solutions Wi-Fi Overview from WFD4 from Stephen Foskett on Vimeo.
Cherie Martin (Sr. Manager Field Enablement and Support) began by describing their Wireless Next Generation (WiNG) architecture and the Motorola Adaptive Networks. She described a their distributed deployment topology as an affordable way to handle higher network demands. Their solution uses thick access points at the edge and uses local traffic forwarding to avoid bringing data back to the central controller unnecessarily. The access points create a MINT link on a local VLAN (can be L2 or L3) and devices and a branch office will discover each other as neighbors. The access point runs IGMP snooping and creates snoop table of clients listening to a multicast video stream. The access points without clients listening to the stream do not receive the multicast information of the stream. As with most vendors' best practices, put all APs on separate VLAN to control AP chatting.
Motorola WiNG5 Distributed Architecture from Stephen Foskett on Vimeo.
The Motorola controllers aren't fully licensed when you purchase them, you only buy licenses for as many access points as you need to support, not blocks of access point licenses (25, 50, 100). If you have a pair of controllers, the secondary controller doesn't need to be licensed. If the primary controller fails, the secondary controller will take over the failed controller licensing from the main controller. WiNG 5 Distributed Architecture runs on every single Motorola wireless product.
One access point at a remote location is elected as an RF manager and acts as a local controller. If you have more than 64 access points at a remote site you would want to use physical controllers instead of an access point acting as an RF manager. One site manager access point can only support up to 64 access points due to memory restrictions in the access point. The Motorola access points are designed so the data plane is separate from the management plane so managing access points does not affect client traffic.
The deployment strategy for a large branch would to have a local controller that downloaded its config from a NX9510 at the NOC HQ. Controller configuration is downloaded over the MINT link, one of the local WLCs is elected the RF domain/site manager and the other controller will tear down it's MINT link back to the NOC. The neighbor status is maintained only by the RF-Domain manager. The access points are unaware of that link. Default gateways are referred to as "mint gateways" DHCP options can be used to find MINT controllers if they are not found via L2 discovery methods.
Client information is shared between access points to allow peer to peer blocking even with local switching. When using a PSK, the PKMID is sent to all the access points that have that PKI. If you have 2k clients, all 2k keys will be pushed to all the access points. An access point can hold a large number of keys. The NOC WLC can have 4096 different RF domains/sites. The next generation of the WLC will be able to support 10240 RF domains. The access request for a client can originate from an access point or the RF domain manager.
The only feature not included as part of the base WiNG OS is Advanced WIPS.
NOC Controller discovery is done (or can be done) through DHCP options but static IPs are recommended for the controllers.
AutoIPSEC to NOC controller (optional)
MINT link to NOC controller and Adoption over MINT link.
MINT (medium independent network transport) Motorola's proprietary protocol for communication between branch controllers and the NOC HQ.
Controller code updates can be scheduled, or you can stagger reboots or choose not to reboot until a specific date/time. There are two image slots on the access point to hold two different code versions if need be (gives you an upgrade/rollback option). It takes approximately 25-30min to upgrade remote site over a typical WAN link. The traffic across the WAN link is routing information and a deployment with 50 access points at a remote site will utilize 4-6k of bandwidth to send this routing information across the WAN. Firmware distribution can be optimized for deployment across WAN links as well.
WiNG configuration has gone from a flat configuration format to a modular design. The RF domains and device type parameters are the modular building blocks of a controller config. These device type parameters can be any of the following:
Site parameters
- country code
- vlans
- rf
- wips
- hw differences
- trunking
- wlan mapping
- mesh type (root/non-root)
- wlan on a specific ap
- hostname/ip addresses
- services/policies
Motorola Auto AP Provisioning & Troubleshooting from Stephen Foskett on Vimeo.
An auto provisioning rule pushes site profiles based on location or IP (CDP, LLDP, VLANs etc) and you can use wildcards to create site specific configuration parameters. One example of this is configuring tri-radio model access points to have the third radio configured as a RF sensor.
Other useful CLI commands are: show adoption status
show wireless ap config
Remote debugs:
It is possible to do a live debug against a given client MAC address and have a live packet capture created to do centralized troubleshooting
remote-debug wireless rf-domain SFO-BR002 clients
You can view the debug in ASCII output on the WLC, save the capture to an FTP file, stream the capture to an FTP server or encap TZSP (TaZman sniffer protocol) and send it to a Wireshark destination. You can filter on variables up to Layer 4.
The remote debug also allows you to troubleshoot client roaming issues. As client roams the information about the client is forwarded to the troubleshooting destination.
No comments:
Post a Comment