Wireless Plug and Play
The Cisco Network Plug and Play solution provides a simple, secure, unified, and integrated offering for enterprise network customers to ease new branch or campus rollouts, or for provisioning updates to an existing network. The solution allows use of Cloud Redirection service, on-prem, or combination which provide a unified approach to provision enterprise networks comprised of Cisco routers, switches, and wireless devices with a near zero touch deployment experience.
This deployment guide introduces the Cisco Network Plug and Play application for wireless access points. This application allows you to pre-provision the remote site. When you provision a large site, you can use the Cisco Network Plug and Play application to pre-provision the site and add access points to the site. This includes entering access point information and setting up a bootstrap configuration if required. The bootstrap configuration enables the Plug and Play Agent to configure the access point such as the WLC info, hostname, AP group, FlexGroup, AP mode, etc.
When you create small sites where pre-provisioning is not required, access points can be deployed without prior set up on the Cisco Network Plug and Play application and then claimed. When an installer installs and powers up the access point, it auto-discovers the Cisco APIC-EM controller by using the DHCP, DNS or cloud redirection service. After the auto-discovery process is complete, the AP either joins a WLC with configuration from local PnP server, or communicates with the cloud redirection service for direction to target WLC or PnP server.
Wireless PnP Support:
Table 12-1
|
|
Cisco Aironet Wireless Access Points |
802.11n Generation 2 702I, 702W, 1600, 2600, 3600 802.11ac Wave 1, 17/27/3700, 18/28/3800 802.11ac Wave 2 |
APIC EM 1.5 Requirement (also see scale limit chart below) :
- Server : 64-bit x86 (Ubuntu 14.04 LTS)
- vCPU : 6 (2.4 GHz) or more
- RAM : 64 GB (for single-host deployments)/32 GB (for multi-host deployments)
- Network Adapter : 1
- Storage : 500 GB HDD of available/usable storage after hardware RAID
- Disk I/O : 200 MBps
- Browser : Google Chrome or Firefox
- Hypervisor : VMware vSphere 5.x/6.x (for Virtual Appliance)
- Access Points : Up to 10,000
:
APIC EM Access Point Scale Limits:
|
|
|
|
|
|
Cisco APIC-EM installed on a Virtual Machine (32 GB) |
12 |
32 GB |
200 GB Internal data store Disk speed 15000 RPM |
2.9 GHz |
RAID 10 |
Cisco APIC-EM installed on a Virtual Machine (64 GB) |
8 |
64 GB |
500 GB Disk speed 15000 RPM |
2.9 GHz |
RAID 10 |
Cisco APIC-EM installed on a Virtual Machine (64 GB) |
12 |
64 GB |
1 TB Disk speed 15000 RPM |
2.9 GHz |
RAID 10 |
Cisco APIC-EM installed on a Virtual Machine (128 GB) |
20 |
128 GB |
2 TB Disk speed 15000 RPM |
2.9 GHz |
RAID 10 |
DHCP request/ response (Option43) :
The PnP agent on the access points starts up with no configuration assigns an IP address via DHCP. The device sends out a DHCP discovery message. The DHCP server could have the capability to provide the PnP Server IP address as part of the DHCP option 43. As part of the DHCP response if the PnP Agent receives the DHCP Option 43 which is the APIC PnP server IP address, then the PnP Agent on the AP initiates a HTTPS request to the PnP server. Once the security credentials are validated a full configuration is pushed down to the AP.
DNS Response:
The PnP agent on the AP starts up with no configuration. The PnP Agent tries to assign an IP address via DHCP. The AP sends out a DHCP discovery message. If the DNS server IP address is populated as part of the DHCP response, then the PnP Agent on the AP send a DNS query for the name ‘pnpserver.localdomain’. The DNS server could resolve this to the APIC EM PnP Server IP address. The PnP Agent on the AP initiates a HTTPS request to the PnP server. Once the security credentials are validated a full configuration is pushed down to the AP.
Both the above cases are ideal in an Enterprise managed or Service Provider managed network where the DHCP response or DNS resolution is being managed. If there are scenarios where the AP would connect onto an unmanaged network or when the DHCP or DNS services are not trusted then there is a need for a separate entity which could tie in the device ownership with the PnP Server details. The Cisco PnP Redirect Cloud instance on the Public Internet has this capability.
Cisco Cloud PnP Redirection Service :
The PnP Agent on the access point would initially do a DHCP discovery. If there is no DHCP Option 43 and the DNS server fails to resolve the pnpserver.localdomain then the AP does a DNS lookup for devicehelper.cisco.com. This domain name is resolved to the PnP Redirect Cloud Server (or PnPRC) which validates the AP credentials. Once it validates the credentials it would then need to tie it in with the previously customer provided PnP Server IP address. The PnP Server IP Address would be different for each customer and would typically be hosted On Premises in the Enterprise or Service Provider. The PnPRC would then redirect the HTTPS GET request to the PnP Server IP Address. This redirection mechanism would also be applicable in any other use case where the AP would automatically get Internet access.
Please note that for Access Points (AP’s) the Wireless LAN Controller (WLC) logically serves as the PnP Server; the process the AP uses to discover the correct WLC to join is very similar to the process described above. In the event that the AP is not successful in discovering the WLC it would then communicate with the PnPRC to retrieve the WLC IP Address (logically the PnP Server IP). The AP would then use this IP address to attempt to join the associated WLC. Assuming the AP is authenticated then the WLC would complete the join process and initiate the AP provisioning process.
An example high-level flow of this is shown below: