CCNP Enterprise Wireless Design ENWLSD 300-425

CCNP Enterprise Study
Planner
Wireless Design
and lmplementation
ENWLSD 300-425 and ENWLSI 300-430
2nd Edition
JEROME HENRY, CCIE® No. 24750

ciscopress.com DAVID HUCABY, CCIE® No. 4594
FREE SAMPLE CHAPTER I OO •

CCNP Enterprise Wireless Design ENWLSD 300-425 and
Implementation ENWLSI 300-430 Official Cert Guide
2nd Edition
Companion Website and Pearson Test Prep Access Code

Access interactive study tools on this book’s companion website, including practice test software,
review exercises, Key Term flash card application, a study planner, and more!
To access the companion website, simply follow these steps:
1. Go to www.ciscopress.com/register.
2. Enter the print book ISBN: 9780138249892.
3. Answer the security question to validate your purchase.
4. Go to your account page.
5. Click on the Registered Products tab.
6. Under the book listing, click on the Access Bonus Content link.
When you register your book, your Pearson Test Prep practice test access code will automatically be
populated with the book listing under the Registered Products tab. You will need this code to access
the practice test that comes with this book. You can redeem the code at PearsonTestPrep.com.
Simply choose Pearson IT Certification as your product group and log into the site with the same
credentials you used to register your book. Click the Activate New Product button and enter the
access code. More detailed instructions on how to redeem your access code for both the online
and desktop versions can be found on the companion website.
If you have any issues accessing the companion website or obtaining your Pearson Test Prep
practice test access code, you can contact our support team by going to pearsonitp.echelp.org.
This page intentionally left blank
CCNP Enterprise
Wireless Design
ENWLSD 300-425
and Implementation
ENWLSI 300-430
Official Cert Guide
2nd Edition
JEROME HENRY, CCIE® No. 24750

DAVID HUCABY, CCIE® No. 4594, CWNE No. 292
Cisco Press
iv ENWLSD 300-425 and ENWLSI 300-430 Official Cert Guide
CCNP Enterprise Wireless Design

ENWLSD 300-425 and Implementation
ENWLSI 300-430 Official Cert Guide
2nd Edition
Jerome Henry
David Hucaby
Copyright© 2024 Cisco Systems, Inc.
Published by:
Cisco Press
$PrintCode
Library of Congress Control Number: 2023920459
ISBN-13: 978-0-13-824989-2
ISBN-10: 0-13-824989-X
Warning and Disclaimer

This book is designed to provide information about the CCNP Enterprise Wireless Design ENWLSD
300-425 and Enterprise Wireless Implementation ENWLSI 300-430 exams. Every effort has been made
to make this book as complete and as accurate as possible, but no warranty or fitness is implied.
The information is provided on an “as is” basis. The authors, Cisco Press, and Cisco Systems, Inc. shall
have neither liability nor responsibility to any person or entity with respect to any loss or damages
arising from the information contained in this book or from the use of the discs or programs that may
accompany it.
The opinions expressed in this book belong to the authors and are not necessarily those of
Cisco Systems, Inc.
Trademark Acknowledgments
All terms mentioned in this book that are known to be trademarks or service marks have been appropriately
capitalized. Cisco Press or Cisco Systems, Inc., cannot attest to the accuracy of this information. Use of a
term in this book should not be regarded as affecting the validity of any trademark or service mark.
Microsoft and/or its respective suppliers make no representations about the suitability of the information
contained in the documents and related graphics published as part of the services for any purpose all such
documents and related graphics are provided “as is” without warranty of any kind. Microsoft and/or its
respective suppliers hereby disclaim all warranties and conditions with regard to this information, includ-
ing all warranties and conditions of merchantability, whether express, implied or statutory, fitness for a
particular purpose, title and non-infringement. In no event shall Microsoft and/or its respective suppliers
be liable for any special, indirect or consequential damages or any damages whatsoever resulting from
loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising
out of or in connection with the use or performance of information available from the services.
The documents and related graphics contained herein could include technical inaccuracies or typographi-
cal errors. Changes are periodically added to the information herein. Microsoft and/or its respective sup-
pliers may make improvements and/or changes in the product(s) and/or the program(s) described herein at
any time. Partial screen shots may be viewed in full within the software version specified.
v
Microsoft® Windows®, and Microsoft Office® are registered trademarks of the Microsoft Corporation
in the U.S.A. and other countries. This book is not sponsored or endorsed by or affiliated with the Micro-
soft Corporation.
Special Sales
For information about buying this title in bulk quantities, or for special sales opportunities (which
may include electronic versions; custom cover designs; and content particular to your business,
training goals, marketing focus, or branding interests), please contact our corporate sales department at
corpsales@pearsoned.com or (800) 382-3419.
For government sales inquiries, please contact governmentsales@pearsoned.com.
For questions about sales outside the U.S., please contact intlcs@pearson.com.
Feedback Information
At Cisco Press, our goal is to create in-depth technical books of the highest quality and value. Each book
is crafted with care and precision, undergoing rigorous development that involves the unique expertise of
members from the professional technical community.
Readers’ feedback is a natural continuation of this process. If you have any comments regarding how we
could improve the quality of this book, or otherwise alter it to better suit your needs, you can contact us
through email at feedback@ciscopress.com. Please make sure to include the book title and ISBN in your
message.
We greatly appreciate your assistance.
Vice President, IT Professional: Mark Taub Copy Editor: Kitty Wilson
Alliance Manager: Caroline Antonio Technical Editor: Samuel Clements
Director, ITP Product Management: Brett Bartow Editorial Assistant: Cindy Teeters
Executive Editor: Nancy Davis Designer: Chuti Prasertsith
Managing Editor: Sandra Schroeder Composition: codeMantra
Development Editor: Ellie Bru Indexer: Erika Millen
Senior Project Editor: Mandie Frank Proofreader: Donna E. Mulder

vi ENWLSD 300-425 and ENWLSI 300-430 Official Cert Guide
Pearson’s Commitment to Diversity, Equity,

and Inclusion
Pearson is dedicated to creating bias-free content that reflects the diversity of all learners. We
embrace the many dimensions of diversity, including but not limited to race, ethnicity, gender,
socioeconomic status, ability, age, sexual orientation, and religious or political beliefs.
Education is a powerful force for equity and change in our world. It has the potential to
deliver opportunities that improve lives and enable economic mobility. As we work with
authors to create content for every product and service, we acknowledge our responsibil-
ity to demonstrate inclusivity and incorporate diverse scholarship so that everyone can
achieve their potential through learning. As the world’s leading learning company, we have
a duty to help drive change and live up to our purpose to help more people create a
better life for themselves and to create a better world.
Our ambition is to purposefully contribute to a world where:
■ Everyone has an equitable and lifelong opportunity to succeed through learning.
■ Our educational products and services are inclusive and represent the rich diversity
of learners.
■ Our educational content accurately reflects the histories and experiences of the
learners we serve.
■ Our educational content prompts deeper discussions with learners and motivates
them to expand their own learning (and worldview).
While we work hard to present unbiased content, we want to hear from you about any
concerns or needs with this Pearson product so that we can investigate and address them.
■ Please contact us with concerns about any potential bias at https://www.pearson.com/

report-bias.html.
vii
About the Authors

Jerome Henry, CCIE No. 24750, is a Distinguished Engineer in the Office of the
Wireless CTO at Cisco Systems. Jerome has more than 20 years’ experience teaching
technical Cisco courses, in more than 15 countries and four languages, to audiences
ranging from bachelor’s degree students to networking professionals and Cisco internal
system engineers. Focusing on his wireless and networking experience, Jerome joined
Cisco in 2012. Before that time, he was consulting and teaching about heterogeneous
networks and wireless integration with the European Airespace team, which was later
acquired by Cisco to become its main wireless solution. He then spent several years
with a Cisco Learning Partner, developing networking courses and working on training
materials for emerging technologies.
Jerome is a certified wireless networking expert (CWNE No. 45), has developed multiple
Cisco courses, and has authored several books and video courses on wireless technology.
Jerome holds more than 500 patents, is a member of the IEEE, where he was elevated to
Senior Member in 2013, and also represents Cisco in multiple Wi-Fi Alliance working
groups. With more than 10,000 hours in the classroom, Jerome was awarded the IT Training
Award Best Instructor silver medal. He is based in Research Triangle Park, North Carolina.
David Hucaby, CCIE No. 4594, CWNE No. 292, is a technical education content
engineer for Cisco Meraki. Previously, he worked as a wireless escalation engineer in
a large healthcare environment for over 20 years. David holds bachelor’s and master’s
degrees in electrical engineering. He has been authoring Cisco Press titles for 25 years.
David lives in Kentucky.
viii ENWLSD 300-425 and ENWLSI 300-430 Official Cert Guide
About the Technical Reviewer

Samuel Clements, CCIE Wireless No. 40629, is a Mobility Technical Solutions
Architect for World Wide Technology (wwt.com), a Global VAR. He is CWNE No.
101 and is active in all things Wi-Fi. You can find him blogging at http://www.sc-wifi.
com/ and on X (formerly Twitter) at @samuel_clements. When he’s not doing Wi-Fi
things, he’s spending time in Tennessee with his wife of 15 years, Sara, and his two
children, Tristan and Ginny.
ix
Dedications
In many ways, this century (and probably the previous ones) resembles Wi-Fi. Every
few years, new developments fundamentally change the way we work and communicate.
Each time we look back a few years, we realize that today we have more information to
absorb and more new technologies to understand. What was concluded as impossible is
now experimented with or achieved sooner and faster than we thought. As you open this
book, dear reader, to prepare for the CCNP exam, this step may look steep today, but it
will soon be just a memory of a time you knew less and could do less. Your will to excel
and deepen your knowledge is what you, dear reader, give to us, the authors, as a reason
to continue sharpening our expertise and sharing what we have learned on the way. So
this book is for you, dear reader, and your aspiration to excellence. As my family blazon
says, sic itur ad astro: “this is how you reach for the stars.”
—Jerome Henry
As always, my work is dedicated to my wife, my daughters, and my twin grandsons, for
their love and support, and to God, who has blessed me with opportunities to learn,
write, and work with so many friends—abundant life indeed!
—David Hucaby
x ENWLSD 300-425 and ENWLSI 300-430 Official Cert Guide
Acknowledgments
My dear wife, Corinne, often says that she knows “that look,” she knows “that pace,” when
I walk back and forth in the corridor of our home leading to my office. She knows when I
am not satisfied with a sentence, critical of an explanation that I do not find clear enough, or
unhappy with an example or an analogy that does not quite work like it should. Each time,
she patiently throws me a question to help me verbalize the problem and, in the end, puts her
finger on what was missing. This book would not have been possible without her patience.
“Patience made human” is also how I see Brett Bartow and Nancy Davis, who helped us navi-
gate the complexity of changing exam scopes, and Ellie Bru, who week after week herded us,
her authors, corrected our mistakes, and patted our backs to help us stay at the level of qual-
ity she expected. If this book is not a collection of disorganized notes on pieces of napkins,
it is thanks to them. And, of course, flying with multiple pilots only works if each of them
mixes excellence in their domain, acceptance that another one may be covering the left or the
right field, and a permanent re-assessment of who is where, who has covered what, and who
has left what gap or ground to complete. I could not dream of a better co-pilot than Dave,
who was kind enough to accept me and enjoy this flight together.
—Jerome Henry
It’s again a great pleasure to have worked on a project with Jerome Henry, whom I have
long admired for his Wi-Fi knowledge and experience. He’s not only that—he’s been a
superb co-author and a kind and gracious friend. Ellie Bru has been an awesome develop-
ment editor and has kept us motivated all along the way with encouragement and funny
GIFs. I’m grateful to Brett Bartow and Nancy Davis for giving me another opportunity
to write. Many thanks to Samuel Clements for his fine technical editing, expertise, and
review. I have graduated from reading his blog to reading his comments and suggestions.
—David Hucaby
xi
Contents at a Glance
Introduction xxvi
Part I Wireless Design (ENWLSD) 3

Chapter 1 Wireless Design Requirements 4
Chapter 2 Conducting an Offsite Site Survey 24
Chapter 3 Conducting an Onsite Site Survey 46
Chapter 4 Physical and Logical Infrastructure Requirements 70
Chapter 5 Applying Wireless Design Requirements 88
Chapter 6 Designing Radio Management 114
Chapter 7 Designing Wireless Mesh Networks 140
Chapter 8 Designing for Client Mobility 172
Chapter 9 Designing High Availability 196
Part II Wireless Implementation (ENWLSI) 213

Chapter 10 Implementing FlexConnect 214
Chapter 11 Implementing Quality of Service on a Wireless Network 254
Chapter 12 Implementing Multicast 292
Chapter 13 Location Services Deployment 318
Chapter 14 Advanced Location Services Implementation 346
Chapter 15 Security for Wireless Client Connectivity 384
Chapter 16 Monitoring and Troubleshooting WLAN Components 424
Chapter 17 Device Hardening 462
Chapter 18 Final Preparation 488
Chapter 19 ENWLSD 300-425 and ENWLSI 300-430 Exam Updates 494
Appendix A Wi-Fi 6 (802.11ax) 498
Appendix B Software-Defined Access with Wireless 508
Appendix C RRM TPC Algorithm Example 518

xii ENWLSD 300-425 and ENWLSI 300-430 Official Cert Guide
Appendix D Answers to the “Do I Know This Already?” Quizzes and Review
Questions 532
Glossary 545
Index 560
Online Element
Appendix E Study Planner
Reader Services
Register your copy at www.ciscopress.com/title/9780138249892 for convenient access
to downloads, updates, and corrections as they become available. To start the registration
process, go to www.ciscopress.com/register and log in or create an account.* Enter the
product ISBN 9780138249892 and click Submit. When the process is complete, you will
find any available bonus content under Registered Products.
*Be sure to check the box indicating that you would like to hear from us to receive
exclusive discounts on future editions of this product.
xiii
Contents
Introduction xxvi
Part I Wireless Design (ENWLSD) 3
Chapter 1 Wireless Design Requirements 4

“Do I Know This Already?” Quiz 5
Foundation Topics 7
Following a Design Process 7
Evaluating Customer Requirements 8
Evaluating Client Requirements 10
Examining Client 802.11 Capabilities 11
Examining Client RF Capabilities 13
Examining Client Security Capabilities 14
Examining Client Density 15
Choosing AP Types 15
Evaluating Security Requirements 16
AP Deployment Models 17
Data Deployment Model 17
Voice/Video Deployment Model 18
Location Deployment Model 20
AP Deployment Model Summary 22
Summary 23
Exam Preparation Tasks 23
Review All Key Topics 23
Define Key Terms 23
Chapter 2 Conducting an Offsite Site Survey 24

Foundation Topics 26
The Effect of Material Attenuation on Wireless Design 26
Common Deployment Models for Different Industries 28
Enterprise Office 28
Small or Home Offices 29
Healthcare 29
Hospitality and Hotels 30
Hotspots 31
Education 31
Retail 32
xiv ENWLSD 300-425 and ENWLSI 300-430 Official Cert Guide
Warehousing 32
Manufacturing 33
Designing with Regulations in Mind 34
Choosing the Right Survey Type 39
A Survey of Wireless Planning Tools 40
Conducting a Predictive Site Survey 41
Summary 43
References 43
Define Key Terms 44
Chapter 3 Conducting an Onsite Site Survey 46

Performing a Walkthrough Survey 48
Performing a Layer 1 Survey 51
L1 Sweep Tool Essentials 51
Interferer Types and Effects 54
Surveying for Interferers 56
Performing a Layer 2 Survey 56
The Site Survey Process 56
Data Versus Voice Versus Location Deployments 62
Performing a Post-Deployment Onsite Survey 66
Summary 68
References 68
Define Key Term 69
Chapter 4 Physical and Logical Infrastructure Requirements 70

Physical Infrastructure Requirements 72
PoE and PoE+ 73
UPOE and UPOE+ 73
Power Injectors 75
MultiGigabit 75
Mounting Access Points 76
xv
Ceiling and Wall Mounting Access Points 77

Mounting Access Points Below a Suspended Ceiling 78
Mounting Access Points Above the Ceiling Tiles 78
Grounding and Securing Access Points 79
Logical Infrastructure Requirements 80
CAPWAP Flow 80
AAA and DHCP Services Logical Path 83
Licensing Overview 83
Right to Use Licensing 84
Smart Licensing 84
Summary 85
References 85
Define Key Terms 86
Chapter 5 Applying Wireless Design Requirements 88

Defining AP Coverage 91
Considering Receive Sensitivity 92
Considering the Signal-to-Noise Ratio 93
Further AP Cell Considerations 95
Expanding Coverage with Additional APs 98
Designing a Wireless Network for Data 102
Designing a Wireless Network for High Density 103
Limiting the Transmit Power Level 106
Leveraging APs and Antennas 107
Designing a Wireless Network for Voice and Video 109
Designing a Wireless Network for Location 111
Summary 112
Define Key Terms 113
Chapter 6 Designing Radio Management 114

Understanding RRM 117
xvi ENWLSD 300-425 and ENWLSI 300-430 Official Cert Guide
Discovering the RF Neighborhood with NDP 118

RF Groups 122
Transmit Power Control (TPC) 124
Dynamic Channel Assignment (DCA) 128
Coverage Hole Detection 131
Flexible Radio Assignment (FRA) 132
Localizing RRM with RF Profiles 134
Optimizing AP Cell Sensitivity with RxSOP 136
Summary 138
Chapter 7 Designing Wireless Mesh Networks 140

Mesh Network Architecture and Components 142
Mesh Access Points 144
Access Point Roles in a Mesh Network 145
Mesh Network Architecture Overview 145
Site Preparation and Planning 147
Supported Frequency Bands 147
Dynamic Frequency Selection 149
Antenna and Mounting Considerations for Outdoor Mesh 150
Mesh Convergence and Traffic Flows 152
Adaptive Wireless Path Protocol 152
Traffic Flow Through the Mesh 155
Ethernet Bridging 156
Cisco Wi-Fi Mesh Configuration 157
Daisy-Chaining Wireless Mesh Links 163
Workgroup Bridges 166
Workgroup Bridging Overview 166
Configuring Workgroup Bridges 167
Summary 169
References 169
xvii
Chapter 8 Designing for Client Mobility 172

Roaming Review 175
Autonomous APs 176
Intra-Controller (Layer 2) Roam 176
Inter-Controller (Layer 2) Roam 176
Inter-Controller (Layer 3) Roam 177
Organizing Roaming Behavior with Mobility Groups 179
Defining the Mobility Hierarchy 179
Exploring Mobility Operations 181
Validating the Mobility Hierarchy and Tunneling 183
Optimizing AP Selection for Client Roaming 184
Optimizing the AP Scanning Process 184
Optimizing with CCX Assistance 186
Optimizing with 802.11k Assistance 186
Optimizing with 802.11v Assistance 187
Optimizing Security Processes for Roaming 187
RSN in a Nutshell 187
PMKID Caching or SKC Caching 189
Opportunistic Key Caching (OKC) 190
Preauthentication 190
CCKM 190
802.11r: Fast BSS Transition (FT) 190
Fast Secure Roaming Review 193
Summary 194
Chapter 9 Designing High Availability 196

Making Controller Connectivity More Resilient 200
Designing High Availability for APs 201
AP Prioritization 203
Detecting a Controller Failure 204
AP Fallback 205
xviii ENWLSD 300-425 and ENWLSI 300-430 Official Cert Guide
Designing High Availability for Controllers 205

N+1 Redundancy 205
N+N Redundancy 206
N+N+1 Redundancy 207
SSO Redundancy 208
Summary 209
Part II Wireless Implementation (ENWLSI) 213
Chapter 10 Implementing FlexConnect 214

Remote Office Wireless Deployment Modes 218
FlexConnect Overview and Requirements 220
Modes of Operation 221
WAN Requirements for FlexConnect 222
Implementing FlexConnect with AireOS 223
Converting the AP to FlexConnect Mode 223
Configuring the Locally Switched WLANs 224
Configuring the Native VLAN and WLAN-to-VLAN Mapping 225
Implementing FlexConnect Groups 227
FlexConnect High Availability and Resiliency 230
FlexConnect Resiliency Scenarios 230
AAA Survivability 231
Configuring AAA Survivability 232
CAPWAP Message Aggregation 233
FlexConnect ACLs 234
VLAN ACLs 234
FlexConnect Split Tunneling (Using the Split ACL Mapping Feature) 236
FlexConnect Smart AP Image Upgrades 237
Implementing FlexConnect with IOS XE Controllers 238
A Summary of FlexConnect Best Practice Recommendations 244
Office Extend 245
ME and EWC 247
Summary 251
References 251
xix

Chapter 11 Implementing Quality of Service on a Wireless Network 254

An Overview of Wireless QoS Principles 257
The Distributed Coordination Function 258
Retrofitting DCF: Enhanced Distributed Channel Access (EDCA) 262
Access Categories 263
Arbitration Interframe Space Number (AIFSN) 266
Contention Window Enhancements 266
Transmission Opportunity (TXOP) 267
802.11 Traffic Specification (TSpec) 268
Implementing QoS Policies on Wireless Controllers 269
QoS Mapping and Marking Schemes Between the Client and
Controller 269
Handling QoS Ceilings for the WLAN 272
Implementing QoS on an IOS XE Controller 274
Implementing QoS on an AireOS Controller 280
Implementing QoS for Wireless Clients 283
Implementing Client QoS Marking Schemes 283
Implementing Application Visibility and Control 285
Implementing AVC on a Cisco Wireless Controller 288
Summary 290
References 290
Chapter 12 Implementing Multicast 292

Multicast Overview 294
Multicast Delivery in a Wireless Network 297
IGMP Snooping 300
Implementing Wireless Multicast 302
Implementing mDNS 305
Implementing Multicast Direct 310
xx ENWLSD 300-425 and ENWLSI 300-430 Official Cert Guide
Summary 316
References 316
Chapter 13 Location Services Deployment 318

Indoor Location 320
Indoor Location Protocols 321
Infrastructure and 802.11-Based Location 323
Cell of Origin Techniques 323
RSSI Trilateration Techniques 323
Angle of Arrival (AoA) Techniques 324
802.11 Frames Used for Location 325
Precision Versus Accuracy 328
Deploying Location Services 329
Location Engines and Services 330
Configuring APs and WLCs for Location Support 332
Deploying Cisco Spaces and CMX 333
Initial Installation 333
CMX Deployment Configuration 334
Cisco Spaces Deployment Configuration 335
Tracking Clients, RFID Tags, Rogues, and Interferers 338
Tracking Mobile Devices with CMX 338
Tracking Mobile Devices with Cisco Spaces 341
Customizing Location Services 342
Customizing CMX Location Services 342
Customizing Cisco Spaces Location Services 344
Summary 344
References 345
Chapter 14 Advanced Location Services Implementation 346

xxi
CMX and Cisco Spaces Services and Licenses 348

CMX Services and Licenses 349
Cisco Spaces Services and Licenses 350
Implementing Analytics 351
Implementing CMX Analytics 351
Defining Zones 352
Configuring Analytics Widgets 353
Implementing Cisco Spaces Analytics 355
Initial Setup 355
Managing Cisco Spaces Analytics 356
Implementing Guest Portals 358
Implementing CMX Connect Service 358
Connect Service Overview 358
Configuring the WLC for Guest Portal Services 359
AireOS Versus C9800 ACLs 361
Configuring a Portal on CMX 363
Implementing Cisco Spaces Connect Service 365
Creating a New Portal from Scratch 365
Creating a New Portal from a Template 367
Implementing aWIPS on Catalyst Center 368
Catalyst Center aWIPS Configuration 368
Ensuring Location Operational Efficiency 374
Deploying CMX High Availability 374
Managing Location Accuracy 376
Location Requirements 376
Verifying AP Settings 377
Verifying Location Accuracy on MSE 379
Customizing the RF Calibration Model on Prime Infrastructure 380
Summary 381
References 381
Chapter 15 Security for Wireless Client Connectivity 384

Implementing 802.1X and AAA on Wireless Architectures 387
xxii ENWLSD 300-425 and ENWLSI 300-430 Official Cert Guide
Wireless Network Authentication Framework 387

Extensible Authentication Protocol (EAP) 389
Implementing Client Security on the Wireless Controller and ISE 392
Implementing Client Profiling 398
Wireless Client Profiling Principles 398
Configuring Local Client Profiling on an AireOS Wireless Controller 400
Configuring Local Client Profiling on an IOS-XE Wireless Controller 403
Implementing BYOD and Guest 406
Implementing BYOD and Guest 407
Local Web Authentication (LWA) with the Wireless Controller 408
Local Web Authentication on an AireOS Controller 409
Local Web Authentication on an IOS-XE Controller 412
Local Web Authentication with an Anchor Controller 413
Certificate Provisioning on the Wireless Controller 414
LWA and Self-Registration 415
Central Web Authentication (CWA) with ISE 416
Native Supplicant Provisioning Using ISE 419
Summary 420
References 421
Chapter 16 Monitoring and Troubleshooting WLAN Components 424

Using Reports on Cisco Prime Infrastructure and Catalyst Center 427
Reports on Cisco Prime Infrastructure 428
Report Types 429
Scheduling and Managing Reports 432
Reports on Cisco Catalyst Center 434
Managing Dashboards 434
AI Network Analytics 436
Managing Alarms on Cisco Prime Infrastructure and Catalyst Center 438
Alarms in Cisco Prime Infrastructure 438
Rogues 439
Alarms in Catalyst Center 442
Troubleshooting Client Connectivity 444
xxiii
Building a Troubleshooting Method 444

RF Coverage Validation 446
WLC, Prime Infrastructure, and Catalyst Center Client Troubleshooting
Tools 448
Client Troubleshooting on the WLC 448
Client Troubleshooting in Cisco Prime Infrastructure 451
Client Troubleshooting in Catalyst Center 452
Troubleshooting and Managing RF Interferences 455
WLC Interference Management Tools 455
Interferers on Cisco Prime Infrastructure and Catalyst Center 457
Summary 458
References 458
Chapter 17 Device Hardening 462

Implementing Device Access Controls 464
AAA Design Overview 465
AAA Configuration Overview on the Wireless Controller 466
Implementing TACACS+ Profiles and Command Authorization 468
Implementing Access Point Authentication 473
Implementing CPU ACLs on the Wireless Controller 483
Summary 485
References 485
Chapter 18 Final Preparation 488

Getting Ready 488
Tools for Final Preparation 489
Pearson Cert Practice Test Engine and Questions on the Website 489
Accessing the Pearson Test Prep Software Online 489
Accessing the Pearson Test Prep Software Offline 490
Customizing Your Exams 490
Updating Your Exams 491
xxiv ENWLSD 300-425 and ENWLSI 300-430 Official Cert Guide
Premium Edition 491

Chapter-Ending Review Tools 492
Suggested Plan for Final Review/Study 492
Summary 492
Chapter 19 ENWLSD 300-425 and ENWLSI 300-430 Exam Updates 494

The Purpose of This Chapter 494
About Possible Exam Updates 494
Impact on You and Your Study Plan 495
News About the Next Exam Release 496
Updated Technical Content 496
Appendix A Wi-Fi 6 (802.11ax) 498
Appendix B Software-Defined Access with Wireless 508
Appendix C RRM TPC Algorithm Example 518
Appendix D Answers to the “Do I Know This Already?” Quizzes and Review
Questions 532
Glossary 545
Index 560
Online Element
Appendix E Study Planner

xxv
Icons Used in This Book
vBond Switch Server VSS Laptop
vManage Router File Server Route Switch WWW Server

Processor
vSmart vEdge Cloud Wireless Router
Command Syntax Conventions

The conventions used to present command syntax in this book are the same conventions
used in the IOS Command Reference. The Command Reference describes these conven-
tions as follows:
■ Boldface indicates commands and keywords that are entered literally as shown. In
actual configuration examples and output (not general command syntax), boldface
indicates commands that are manually input by the user (such as a show command).
■ Italic indicates arguments for which you supply actual values.
■ Vertical bars (|) separate alternative, mutually exclusive elements.
■ Square brackets ([ ]) indicate an optional element.
■ Braces ({ }) indicate a required choice.
■ Braces within brackets ([{ }]) indicate a required choice within an optional element.
xxvi ENWLSD 300-425 and ENWLSI 300-430 Official Cert Guide
Introduction
Congratulations! If you are reading this Introduction, then you have probably decided to
obtain a Cisco certification. Obtaining a Cisco certification will ensure that you have a
solid understanding of common industry protocols along with Cisco’s device architecture
and configuration. Cisco has a high market share of network infrastructure of routers,
switches, and firewalls, with a global footprint.
Professional certifications have been an important part of the computing industry for
many years and will continue to become more important. Many reasons exist for these
certifications, but the most popularly cited reason is credibility. All other factors being
equal, a certified employee/consultant/job candidate is considered more valuable than
one who is not certified.
Cisco provides three levels of certifications: Cisco Certified Network Associate (CCNA),
Cisco Certified Network Professional (CCNP), and Cisco Certified Internetwork Expert
(CCIE). Cisco made changes to all three certifications, effective February 2020. The
following are the most notable of the many changes:
■ The exams include additional topics, such as programming.
■ The CCNA certification is not a prerequisite for obtaining the CCNP certification.
■ CCNA specializations are no longer offered.
■ The exams test a candidate’s ability to configure and troubleshoot network devices
in addition to their ability to answer multiple-choice questions.
■ The CCNP is obtained by taking and passing a Core exam and a Concentration
exam.
■ The CCIE certification requires candidates to pass the Core written exam before the
CCIE lab can be scheduled.
CCNP Enterprise candidates need to take and pass the Implementing and Operating
Cisco Enterprise Network Core Technologies ENCOR 350-401 examination. Then they
need to take and pass one of the following Concentration exams to obtain their CCNP
Enterprise:
■ 300-410 ENARSI: Implementing Cisco Enterprise Advanced Routing and Services

(ENARSI)
■ 300-415 ENSDWI: Implementing Cisco SD-WAN Solutions (ENSDWI)
■ 300-420 ENSLD: Designing Cisco Enterprise Networks (ENSLD)
■ 300-425 ENWLSD: Designing Cisco Enterprise Wireless Networks (ENWLSD)
■ 300-430 ENWLSI: Implementing Cisco Enterprise Wireless Networks (ENWLSI)
■ 300-435 ENAUTO: Automating and Programming Cisco Enterprise Solutions

(ENAUTO)
xxvii
This book helps you study for the CCNP ENWLSD 300-425 and ENWLSI 300-430
exams. The time allowed to take each test is 90 minutes to complete about 60 questions.
Testing is done at Pearson VUE testing centers.
Be sure to visit www.cisco.com to find the latest information on CCNP Concentration

requirements and to keep up to date on any new Concentration exams that are announced.
Goals and Methods

The most important and somewhat obvious goal of this book is to help you pass the
Designing Cisco Enterprise Wireless Networks ENWLSD 300-425 and Implementing
Cisco Enterprise Wireless Networks ENWLSI 300-430 exams. In fact, if the primary
objective of this book were different, the book’s title would be misleading; however, the
methods used in this book to help you pass the ENWLSD 300-425 and ENWLSI
300-430 exams are designed to also make you much more knowledgeable about how
to do your job. While this book and the companion website together have more than
enough questions to help you prepare for the actual exam, the goal is not to simply have
you memorize as many questions and answers as you possibly can.
One key methodology used in this book is to help you discover the exam topics you
need to review in more depth, to help you fully understand and remember those details,
and to help you prove to yourself that you have retained your knowledge of those top-
ics. So, this book does not try to help you pass by memorization; rather, it helps you
truly learn and understand the topics. Designing and implementing enterprise wireless
networks are two of the concentration areas you can focus on to obtain the CCNP
certification, and the knowledge contained within this book is vitally important to con-
sider yourself a truly skilled enterprise wireless networks engineer. This book will help
you pass the ENWLSD 300-425 and ENWLSI 300-430 exams by using the following
methods:
■ Helping you discover which test topics you have not mastered
■ Providing explanations and information to fill in your knowledge gaps
■ Supplying exercises and scenarios that enhance your ability to recall and deduce the
answers to test questions
Who Should Read This Book?

This book is not designed to be a general wireless networking topics book, although it
can be used in that way. This book is intended to tremendously increase your chances
of passing the Designing Cisco Enterprise Wireless Networks ENWLSD 300-425 and
Implementing Cisco Enterprise Wireless Networks ENWLSI 300-430 CCNP specializa-
tion exams. Although other objectives can be achieved from using this book, the book is
written with one goal in mind: to help you pass the exams.
xxviii ENWLSD 300-425 and ENWLSI 300-430 Official Cert Guide
Strategies for Exam Preparation

The strategy you use to study for the ENWLSD or ENWLSI exam might be slightly
different than strategies used by other readers, mainly depending on the skills, knowl-
edge, and experience you have already obtained. For instance, if you have attended the
ENWLSD or ENWLSI course, then you might take a different approach than someone
who has learned based on job experience alone.
Regardless of the strategy you use or the background you have, the book is designed to
help you get to the point where you can pass the exam in the least amount of time. For
instance, there is no need for you to practice or read about IP addressing and subnetting
if you fully understand it already. However, many people like to make sure they truly
know a topic and thus read over material they already know. Several book features will
help you gain the confidence you need to be convinced that you know some material
already and to also help you know what topics you need to study more.
The Companion Website for Online Content Review

All the electronic review elements, as well as other electronic components of the book,
exist on this book’s companion website.
How to Access the Companion Website

To access the companion website, which gives you access to the electronic content with
this book, start by establishing a login at www.ciscopress.com and registering your book.
To do so, simply go to www.ciscopress.com/register and enter the ISBN of the print
book: 9780138249892. After you have registered your book, go to your account page
and click the Registered Products tab. From there, click the Access Bonus Content link
to get access to the book’s companion website.
Note that if you buy the Premium Edition eBook and Practice Test version of this book
from Cisco Press, your book will automatically be registered on your account page.
Simply go to your account page, click the Registered Products tab, and select Access
Bonus Content to access the book’s companion website.
If you are unable to locate the files for this title by following the preceding steps, please
visit www.pearsonITcertification.com/contact and select the Site Problems/Comments
option. Our customer service representatives will assist you.
How This Book Is Organized

Although this book could be read cover to cover, it is designed to be flexible and allow
you to easily move between chapters and sections of chapters to cover just the material
you need more work with. Chapters 1 through 9 cover wireless design topics that are
relevant for the ENWLSD 300-425 exam, while Chapters 10 through 17 cover topics
related to implementing wireless networks for the ENWLSI 300-430 exam.
xxix
The core chapters, Chapters 1 through 17, cover the following topics:
■ Chapter 1, “Wireless Design Requirements”: This chapter covers important

wireless aspects of customer networks, access points, and client devices that can
drive an effective network design.
■ Chapter 2, “Conducting an Offsite Site Survey”: This chapter describes how to

prepare for an offsite site survey, by looking at common verticals requirements,
determining obstacles’ signal absorption, and conducting a predictive site survey.
■ Chapter 3, “Conducting an Onsite Site Survey”: This chapter discusses the onsite
survey process, including the survey tools and the survey methodology. This chapter
also provides recommendations on survey settings for data, voice, and location
services.
■ Chapter 4, “Physical and Logical Infrastructure Requirements”: This chapter

discusses the physical infrastructure, such as power and cabling, mounting, and
grounding. The chapter also discusses the logical infrastructure components that
support wireless services.
■ Chapter 5, “Applying Wireless Design Requirements”: This chapter discusses the

behavior of specific applications and traffic types being carried over a wireless
network, along with network design guidelines and best practices for each.
■ Chapter 6, “Designing Radio Management”: This chapter explains Radio Resource

Management (RRM) and how you can leverage it to automatically manage AP
transmit power levels and channel assignments, along with adjustments for changing
RF conditions.
■ Chapter 7, “Designing Wireless Mesh Networks”: This chapter introduces wireless

mesh technology and details how mesh networks are designed. The chapter reviews
mesh components and architecture and key design recommendations for outdoor
mesh environments.
■ Chapter 8, “Designing for Client Mobility”: This chapter covers wireless client
mobility, or the roaming process, along with ways to make it more efficient and
seamless.
■ Chapter 9, “Designing High Availability”: This chapter introduces the features and
strategies you can leverage to improve wireless LAN controller availability in the
event of equipment or link failure.
■ Chapter 10, “Implementing FlexConnect”: This chapter looks at branch office

wireless deployments, with a focus on FlexConnect. The chapter discusses how
FlexConnect groups can be implemented as well as key features of FlexConnect.
This chapter also discusses Office Extend AP (OEAP).
■ Chapter 11, “Implementing Quality of Service on a Wireless Network”: This

chapter begins with a review of wireless QoS standards and how they are implement-
ed in Cisco wireless controllers. The chapter also looks at key QoS capabilities such
as Application Visibility and Control (AVC).
xxx ENWLSD 300-425 and ENWLSI 300-430 Official Cert Guide
■ Chapter 12, “Implementing Multicast”: This chapter explains multicast traffic delivery
in a wireless network, along with the features that can make it more efficient. Also
covered are methods to handle multicast DNS as well as video stream delivery.
■ Chapter 13, “Location Services Deployment”: This chapter discusses how

location is achieved using Wi-Fi technologies. This chapter also explains how to
deploy location engines, such as CMX/MSE and Cisco Spaces, and how to use them
to track clients, interferers, and rogues.
■ Chapter 14, “Advanced Location Services Implementation”: This chapter explains

how to make the most of your location engine by implementing advanced features
such as location-aware guest services and wireless intrusion protection systems
(WIPSs). This chapter also discusses the implementation of analytics and presence
services.
■ Chapter 15, “Security for Wireless Client Connectivity”: This chapter discusses
wireless client authentication methods, such as Extensible Authentication Protocol
(EAP). The chapter also discusses guest wireless access and how devices can be
securely onboarded to a network using a bring your own devices (BYODs) policy.
■ Chapter 16, “Monitoring and Troubleshooting WLAN Components”: This chapter

covers report and alarm management on Cisco Prime Infrastructure and Catalyst
Center. This chapter also discusses how to troubleshoot client connectivity and
performance on a wireless LAN controller (WLC), Prime Infrastructure, and Catalyst
Center.
■ Chapter 17, “Device Hardening”: This chapter looks at how the security of wireless
devices can be improved by controlling access to the wireless infrastructure and how
APs can authenticate to a network.
Certification Exam Topics and This Book

The questions for each Cisco certification exam are a closely guarded secret. However,
Cisco has published exam blueprints that list which topics you must know to success-
fully complete the exam. Table I-1 lists each exam topic listed in the blueprint along
with a reference to the book chapter that covers the topic. These are the same topics
you should be proficient in when designing and implementing Cisco enterprise wireless
networks in the real world.
Table I-1 ENWLSD 300-425 and ENWLSI 300-430 Exam Topics and Chapter References
Exam Exam Topic Chapter in
Which Topic
Is Covered
ENWLSD 300-425 1.1 Collect design requirements and evaluate 1
constraints
ENWLSD 300-425 1.2 Describe material attenuation and its effect on 2
wireless design
xxxi

Which Topic
Is Covered
ENWLSD 300-425 1.3 Perform and analyze a Layer 1 site survey 3
ENWLSD 300-425 1.4 Perform a pre-deployment site survey 3
ENWLSD 300-425 1.5 Perform a post-deployment site survey 3
ENWLSD 300-425 1.6 Perform a predictive site survey 2
ENWLSD 300-425 1.7 Utilize planning tools and evaluate key network 2
metrics (Ekahau, AirMagnet, PI, Chanalyzer,
Spectrum Analyzer)
ENWLSD 300-425 2.1 Determine physical infrastructure requirements 4
such as AP power, cabling, switch port capacity,
mounting, and grounding
ENWLSD 300-425 2.2 Determine logical infrastructure requirements 4
such as WLC/AP licensing requirements based on the
type of wireless architecture
ENWLSD 300-425 2.3 Design radio management 6
ENWLSD 300-425 2.4 Apply design requirements for these types of 5
wireless networks
ENWLSD 300-425 2.5 Design high-density wireless networks and their 5
associated components
ENWLSD 300-425 2.6 Design wireless bridging (mesh) 7
ENWLSD 300-425 3.1 Design mobility groups based on mobility roles 8
ENWLSD 300-425 3.2 Optimize client roaming 8
ENWLSD 300-425 3.3 Validate mobility tunneling for data and 8
control path
ENWLSD 300-425 4.1 Design high availability for controllers 9
ENWLSD 300-425 4.2 Design high availability for APs 9
ENWLSI 300-430 1.1 Deploy FlexConnect components such as 10
switching and operating modes
ENWLSI 300-430 1.2 Deploy FlexConnect capabilities 10
ENWLSI 300-430 1.3 Implement Office Extend 10
ENWLSI 300-430 2.1 Implement QoS schemes based on requirements 11
including wired-to-wireless mapping
ENWLSI 300-430 2.2 Implement QoS for wireless clients 11
ENWLSI 300-430 2.3 Implement AVC including Fastlane (only on WLC) 11
ENWLSI 300-430 3.1 Implement multicast components 12
ENWLSI 300-430 3.2 Describe how multicast can affect wireless 12
networks
ENWLSI 300-430 3.3 Implement multicast on a WLAN 12
xxxii ENWLSD 300-425 and ENWLSI 300-430 Official Cert Guide

Which Topic
Is Covered
ENWLSI 300-430 3.4 Implement mDNS 12
ENWLSI 300-430 3.5 Implement Multicast Direct 12
ENWLSI 300-430 4.1 Deploy CMX and Cisco Spaces on a wireless 13
network
ENWLSI 300-430 4.2 Implement location services 13
ENWLSI 300-430 5.1 Implement CMX and Cisco Spaces components 14
ENWLSI 300-430 5.2 Implement location-aware guest services using 14
custom portal and Facebook Wi-Fi
ENWLSI 300-430 5.3 Troubleshoot location accuracy using Cisco 14
Hyperlocation
ENWLSI 300-430 5.4 Troubleshoot CMX high availability 14
ENWLSI 300-430 5.5 Implement WIPS using Cisco DNA Center 14
ENWLSI 300-430 6.1 Configure client profiling on WLC and ISE 15
ENWLSI 300-430 6.2 Implement BYOD and guest 15
ENWLSI 300-430 6.3 Implement 802.1X and AAA on different wireless 15
architectures and ISE
ENWLSI 300-430 6.4 Implement Identity-Based Networking on 15
different wireless architectures (VLANs, QoS, ACLs)
ENWLSI 300-430 7.1 Utilize reports on PI and Cisco DNA Center 16
ENWLSI 300-430 7.2 Manage alarms and rogues (APs and clients) 16
ENWLSI 300-430 7.3 Manage RF Interferers 16
ENWLSI 300-430 7.4 Troubleshoot client connectivity 16
ENWLSI 300-430 8.1 Implement device access controls (including 17
RADIUS and TACACS+)
ENWLSI 300-430 8.2 Implement access point authentication (including 17
802.1X)
ENWLSI 300-430 8.3 Implement control plane ACLs on the controller 17
Each version of the exam may include topics that emphasize different functions or
features, and some topics can be rather broad and generalized. The goal of this book is
to provide comprehensive coverage to ensure that you are well prepared for the exam.
Although some chapters might not address specific exam topics, they provide a foun-
dation that is necessary for a clear understanding of important topics. Your short-term
goal might be to pass an exam, but your long-term goal should be to become a qualified
CCNP Enterprise wireless engineer.
It is also important to understand that this book is a static reference, whereas the exam
topics are dynamic. Cisco can and does change the topics covered on certification exams
often.
xxxiii
This exam guide should not be your only reference when preparing for the certification
exam. You can find a wealth of information available at Cisco.com that covers each topic
in great detail. If you think you need more detailed information on a specific topic, read
the Cisco documentation that focuses on that topic.
Note that as CCNP Enterprise wireless network technologies continue to evolve, Cisco
reserves the right to change the exam topics without notice. Although you can refer to
the list of exam topics in Table I-1, always check Cisco.com to verify the actual list of
topics to ensure that you are prepared before taking the exam. You can view the current
exam topics on any current Cisco certification exam by visiting the Cisco.com website,
choosing Menu, clicking Training & Events, and then selecting from the Certifications
list. Note that, if needed, Cisco Press might post additional preparatory content on the
web page associated with this book, at www.ciscopress.com/title/9780138249892. It’s
a good idea to check the website a couple of weeks before taking your exam to be sure
that you have up-to-date content.
How to Access the Pearson Test Prep (PTP) App

You have two options for installing and using the Pearson Test Prep application: a web
app and a desktop app. To use the Pearson Test Prep application, start by finding the
registration code that comes with the book. You can find the code in these ways:
■ You can get your access code by registering the print ISBN (9780138249892) on
ciscopress.com/register. Make sure to use the print book ISBN, regardless of wheth-
er you purchased an eBook or the print book. After you register the book, your
access code will be populated on your account page under the Registered Products
tab. Instructions for how to redeem the code are available on the book’s companion
website by clicking the Access Bonus Content link.
■ If you purchase the Premium Edition eBook and Practice Test directly from the Cisco
Press website, the code will be populated on your account page after purchase. Just log
in at ciscopress.com, click Account to see details of your account, and click the digital
purchases tab.
Once you have the access code, to find instructions about both the PTP web app and the
desktop app, follow these steps:
NOTE After you register your book, your code can always be found in your account
under the Registered Products tab.
Step 1. Open this book’s companion website, as shown earlier in this Introduction,
under the heading, “How to Access the Companion Website.”
Step 2. Click the Practice Exams button.
Step 3. Follow the instructions listed there for both installing the desktop app and
using the web app.
xxxiv ENWLSD 300-425 and ENWLSI 300-430 Official Cert Guide
Note that if you want to use the web app only at this point, just navigate to
pearsontestprep.com, log in using the same credentials used to register your book or
purchase the Premium Edition, and register this book’s practice tests using the
registration code you just found. The process should take only a couple of minutes.
Customizing Your Exams

Once you are in the exam settings screen, you can choose to take exams in one of three
modes:
■ Study mode: Allows you to fully customize your exams and review answers as you
are taking the exam. This is typically the mode you would use first to assess your
knowledge and identify information gaps.
■ Practice Exam mode: Locks certain customization options, as it is presenting a

realistic exam experience. Use this mode when you are preparing to test your exam
readiness.
■ Flash Card mode: Strips out the answers and presents you with only the question
stem. This mode is great for late-stage preparation when you really want to challenge
yourself to provide answers without the benefit of seeing multiple-choice options.
This mode does not provide the detailed score reports that the other two modes do,
so you should not use it if you are trying to identify knowledge gaps.
In addition to these three modes, you will be able to select the source of your questions.
You can choose to take exams that cover all of the chapters, or you can narrow your
selection to just a single chapter or the chapters that make up specific parts in the book.
All chapters are selected by default. If you want to narrow your focus to individual chap-
ters, simply deselect all the chapters and then select only those on which you wish to
focus in the Objectives area.
You can also select the exam banks on which to focus. Each exam bank comes complete
with a full exam of questions that cover topics in every chapter. You can have the test
engine serve up exams from all test banks or just from one individual bank by selecting
the desired banks in the exam bank area.
There are several other customizations you can make to your exam from the exam set-
tings screen, such as the time of the exam, the number of questions served up, whether
to randomize questions and answers, whether to show the number of correct answers for
multiple-answer questions, and whether to serve up only specific types of questions. You
can also create custom test banks by selecting only questions that you have marked or
questions on which you have added notes.
Updating Your Exams

If you are using the online version of the Pearson Test Prep practice test software, you
should always have access to the latest version of the software as well as the exam data.
If you are using the Windows desktop version, every time you launch the software while
connected to the Internet, it checks whether there are any updates to your exam data and
xxxv
automatically downloads any changes that were made since the last time you used the
software.
Sometimes, due to many factors, the exam data may not fully download when you
activate your exam. If you find that figures or exhibits are missing, you may need to
manually update your exams. To update a particular exam you have already activated and
downloaded, simply click the Tools tab and click the Update Products button. Again,
this is an issue only with the desktop Windows application.
If you wish to check for updates to the Pearson Test Prep exam engine software,
Windows desktop version, simply click the Tools tab and click the Update Application
button. This ensures that you are running the latest version of the software engine.
xxxvi ENWLSD 300-425 and ENWLSI 300-430 Official Cert Guide
Credits
Figure 3-1, Figure 3-2: MetaGeek Inc
Figure 3-5: Ekahau, Inc
Chapter 7, Kimberlite Diamond Pipe Peace: Tatiana Grozetskaya/Shutterstock
Figure 7-3: IEC
Figure 11-21: Microsoft

CAPITULO 4
Requisitos de infraestructura física y

lógica
En este capítulo se analizan los siguientes temas:

Requisitos de infraestructura física: Alimentar un punto de acceso con alimentación a través de
Ethernet (PoE) tiene varias variantes, incluida la entrega de energía directamente desde un
conmutador o mediante un inyector de energía. Sin embargo, el propio PoE viene en varias
versiones que tienen dependencias de infraestructura de cableado. Esta sección analiza los
principales tipos de PoE, incluidos PoE, PoE+, UPoE y UPoE+, y los tipos de cables que los
admiten. Además, a medida que los estándares 802.11 modernos comienzan a ir más allá de 1
Gbps, las conexiones Ethernet tradicionales a través de cables de par trenzado ya no son
suficientes para soportar las capacidades máximas de rendimiento del punto de acceso. Esta
sección analiza las características de rendimiento mejoradas de mGig y los requisitos de red
necesarios. Esta sección también analiza las estrategias de montaje y conexión a tierra de AP.
Requisitos de infraestructura lógica: Esta sección analiza los elementos lógicos de una red
inalámbrica, como el flujo de comunicación del control CAPWAP y los canales de datos a medida
que atraviesan la red, y sus implicaciones en la infraestructura física subyacente. Además, esta
sección analiza los mecanismos de concesión de licencias de controladores y AP.
Este capítulo cubre los siguientes temas del examen ENWLSD:
■ ■ 2.1 Determinar los requisitos de infraestructura física, como la alimentación del AP, el
cableado, la capacidad del puerto del switch, el montaje y la conexión a tierra.
■ 2.2 Determinar los requisitos de infraestructura lógica, como los requisitos de licencia
WLC/AP, según el tipo de arquitectura inalámbrica.
El enfoque del diseño de redes inalámbricas a menudo gira en torno a los aspectos de RF de la
implementación y, de hecho, como se analiza a lo largo de este libro, el diseño de RF es la base de
cualquier red inalámbrica exitosa y casi siempre implica un estudio sólido del sitio. Sin embargo,
existen componentes clave de infraestructura que son igualmente importantes en cualquier
ejercicio de diseño inalámbrico. Generalmente se agrupan en dos clases principales: los
componentes de infraestructura física y los componentes de infraestructura lógica.
La infraestructura física incluye componentes del equipo de red física. Esto involucra el equipo
físico en sí, así como también cómo se cablean, alimentan, montan e incluso conectan a tierra los
puntos de acceso. Este aspecto del diseño va mucho más allá de los puntos de acceso y el
controlador. Por ejemplo, si se utiliza un conmutador para entregar PoE a un AP, el conmutador
debe poder adaptarse a los requisitos de energía del AP. Si no puede, el AP no se encenderá o ciertas
capacidades (como las radios secundarias) no funcionarán.
Además, la accesibilidad de los AP a través del cableado Ethernet estándar se convierte en un

criterio de diseño a medida que aumentan las distancias desde el conmutador y se utilizan
velocidades de datos más altas.
Cuando la planta de cable existente no puede soportar las distancias exigidas por la ubicación de los
AP, se puede utilizar una ubicación de AP subóptima, lo que a su vez puede conducir a una
cobertura de RF deficiente. Comprender los requisitos de diseño de la infraestructura física es un
aspecto crucial para desarrollar un diseño inalámbrico exitoso.
El segundo aspecto de la infraestructura es la red lógica; en otras palabras, el camino que siguen los
flujos de comunicación a través de la red, independientemente de la infraestructura física
subyacente. Las redes inalámbricas basadas en controladores utilizan CAPWAP (Control y
aprovisionamiento de puntos de acceso inalámbricos), tanto como canal de control como para
encapsular el tráfico de datos del cliente, canalizando efectivamente el tráfico del cliente
directamente desde el AP al controlador, y viceversa. Esto da la apariencia lógica de que los AP y el
controlador son adyacentes en la Capa 2, cuando en realidad pueden estar atravesando muchos
saltos de la red física subyacente. Comprender el comportamiento y la función de estos elementos
lógicos introduce consideraciones importantes al desarrollar el lado de la infraestructura del diseño
inalámbrico.
Este capítulo se centra en estos dos aspectos de la infraestructura, comenzando con la

infraestructura física y siguiendo por la infraestructura lógica.
“¿Ya lo sé?” Prueba

El cuestionario “¿Ya lo sé?” El cuestionario le permite evaluar si debe leer este capítulo completo
detenidamente o pasar a la sección "Tareas de preparación para el examen". Si tiene dudas sobre sus
respuestas a estas preguntas o sobre su propia evaluación de su conocimiento de los temas, lea el
capítulo completo. La Tabla 4-1 enumera los títulos principales de este capítulo y sus
correspondientes “¿Ya lo sé?” preguntas del cuestionario. Puede encontrar las respuestas en el
Apéndice D, “Respuestas a los cuestionarios y preguntas de repaso “¿Ya sé esto?””.
Tabla 4-1 “¿Ya lo sé?” Mapeo de sección a pregunta

Sección de Temas de Fundación Preguntas
Requisitos de infraestructura física 1–4
Requisitos de infraestructura logica 5–6
1. Se ha implementado un punto de acceso con funciones completas, incluidas radios duales e

hiperubicación. El AP requiere 38W de potencia. ¿Cuál de las siguientes capacidades de
alimentación a través de Ethernet debería recomendar utilizar?
a. PoE
b. PoE+
c. UPOE
d. UPOE+
2. Se acaba de instalar un grupo de nuevos AP Wi-Fi 6 (IEEE 802.11ax) en un edificio para
reemplazar los AP Wi-Fi 5 (802.11ac onda 1) más antiguos. ¿Cuál es una consideración de
diseño que debe tener en cuenta al implementar la infraestructura física?
a. Montaje de los nuevos AP para reflejar los cambios en el patrón de radiación de RF
802.11ax.
b. Será necesario un aumento de potencia. Será necesario actualizar el conmutador para que
sea compatible con UPOE o UPOE+.
C. La cantidad de AP Wi-Fi 6 necesarios será menor que la de los AP más antiguos gracias a
un mejor rendimiento y patrones de cobertura.
d. Es posible que sea necesario actualizar el conmutador conectado a los AP para que admita
mGig.
72 Guía de certificación oficial ENWLSD 300-425 y ENWLSI 300-430
3. Por razones de seguridad, el equipo de instalaciones del edificio cumple con una política de
que ningún dispositivo (incluidos los AP) puede ser visible desde el piso de la oficina. Como
alternativa, el equipo de red busca implementar los AP sobre el techo suspendido. ¿De qué
deberían ser conscientes?
a. Colocar los AP por encima del techo provocará una degradación de RF significativa, por
lo que es posible que sea necesario realizar un nuevo estudio del sitio.
b. Cisco no admite esta configuración.
c. Se necesitarán soportes de montaje especializados.
d. Los AP deben colocarse lo más cerca posible de los rieles de la barra en T.
4. Al implementar tecnologías inalámbricas de mayor rendimiento en modo Local, ¿qué
aspecto de diseño se debe considerar en relación con la posible sobresuscripción de la
infraestructura física?
a. Se deben considerar las capacidades de enlace ascendente del conmutador de acceso.
b. Se deben considerar las conexiones físicas entre el conmutador de acceso y el AP.
c. El rendimiento de la red troncal que se conecta al controlador debe estar alineado con
las demandas generales de rendimiento inalámbrico.
d. Se deben considerar las capacidades de rendimiento del controlador.
e. Todo lo anterior.
5. 5. ¿Qué interfaces en un controlador físico (como el WLC 5520) se utilizan para
comunicarse con servicios clave como ISE y Catalyst/DNA Center? (Escoge dos.)
a. El puerto de servicio
b. La interfaz de gestión
c. El puerto virtual
d. Cualquier puerto de interfaz LAN en el controlador
e. La interfaz AP-Manager
6. ¿Qué modelo de licencia inalámbrica de Cisco implica la agrupación de licencias?
a. Licencia de derecho de uso (RTU)
b. Licencia perpetua
c. Licencia a plazo
d. Licencia de clave de activación del producto (PAK)
e. Licencias inteligentes
Topicos fundamentales
Requisitos de infraestructura física
La infraestructura física de una red inalámbrica incluye todos los elementos físicos, incluidos los
puntos de acceso, controladores, conmutadores y enrutadores, y cualquier otro dispositivo de red
física que facilite la comunicación entre los usuarios inalámbricos y la red a la que intentan acceder.
Además de los dispositivos de red, la infraestructura física incluye suministro de energía, cableado,
montaje y conexión a tierra de puntos de acceso.
Capítulo 4: Requisitos de infraestructura física y lógica 73
PoE y PoE+
Power over Ethernet (PoE) es una tecnología de infraestructura ampliamente utilizada que permite proporcionar
alimentación de CC a un punto final a través de un cable Ethernet de par trenzado. La energía pasa desde el equipo
de suministro de energía (PSE), como un conmutador con capacidad PoE, a través del cable Ethernet de par
trenzado existente que transporta comunicaciones de datos a dispositivos alimentados (PD), como teléfonos IP,
cámaras de video, puntos de acceso inalámbrico, puntos. -máquinas de venta, lectores de tarjetas de control de
acceso, luminarias LED y muchos más. Mediante el uso de PoE, no se requiere alimentación externa de los puntos
finales, lo que reduce en gran medida el costo y el esfuerzo necesarios para implementar energía eléctrica en toda
la infraestructura. Normalmente, para que una empresa implemente cableado eléctrico en el techo se requiere que
un electricista certificado realice la tarea, mientras que cualquier persona puede realizar la implementación de
cables Ethernet (que pueden ejecutar PoE), lo que simplifica enormemente el trabajo de implementar puntos de
acceso dondequiera que se encuentren. tengo que irme.
Los requisitos de energía de los puntos finales varían según sus requisitos de consumo de energía, que
generalmente son función de la función física, la aplicación y la complejidad del dispositivo. Por ejemplo, los 4
teléfonos IP básicos pueden consumir aproximadamente 6 W de energía, mientras que los dispositivos de
iluminación LED contemporáneos pueden consumir hasta 50 W para su funcionamiento rutinario. Los AP
inalámbricos consumen diferentes niveles de potencia dependiendo de qué funciones están habilitadas y cuántas
radios están activas simultáneamente. Por ejemplo, el AP Cisco Catalyst 9100 normalmente consume un poco más
de 30 W con todas las funciones activadas.
La entrega de energía a través de par trenzado Ethernet se basa en el estándar IEEE 802.3af (2003) y entrega hasta
15,4 W de alimentación CC por puerto del PSE; sin embargo, debido a la disipación de energía en el cable, solo
12,95 W están disponibles para el PD.
Después de la introducción inicial de PoE en 2003, los puntos finales pronto demandaron mayor potencia de la
que podía ofrecer 802.3af. Así, en 2009 se estandarizó IEEE 802.3at, conocido como PoE Plus (PoE+). PoE+ ofrece
hasta 30 W de potencia CC por puerto, lo que garantiza 25,5 W de potencia a un PD debido a la disipación de
energía.
En ambos casos, PoE entrega energía a través de dos de los cuatro pares trenzados de cableado Clase D/Categoría
5e o mejor. El PSE utiliza sólo pares de señales, es decir, los pares formados por los pines 1 y 2 y los pines 3 y 6,
para transportar energía desde el PSE al PD y deja los pares de repuesto inactivos (que consisten en los pines 4 y 5
y los pines 7 y 6). 8). Tenga en cuenta que PoE no afecta el rendimiento de la red de los enlaces Ethernet al PD.
UPOE y UPOE+
En los últimos años, el espacio de trabajo empresarial ha seguido evolucionando, lo que ha dado
lugar a que un número cada vez mayor de dispositivos y cargas de trabajo converjan en la red IP.
Esto ha impulsado una demanda creciente de un mayor consumo de energía PD, muy por encima
de lo que PoE y PoE+ pueden ofrecer (más de 25,5 W).
Para satisfacer esta demanda, Cisco ha desarrollado capacidades PoE extendidas, incluyendo
Universal PoE (UPOE), capaz de entregar 60 W por puerto, y Universal PoE Plus (UPOE+), que es
capaz de entregar hasta 90 W por puerto. Tenga en cuenta que, si bien PoE y PoE+ han sido
estandarizados por IEEE, UPOE y UPOE+ son propiedad de Cisco. En 2018, el IEEE definió 802.3bt
como estándar para entregar hasta 90W (a veces denominado PoE++).
La capacidad de la red para entregar niveles más altos de energía a los puntos finales, a su vez, ha
ampliado significativamente el panorama de los puntos finales con capacidad PoE. Gracias a estas
mayores capacidades PoE, ahora se puede alimentar a través de Ethernet una amplia variedad de
dispositivos con mayores requisitos de energía sin necesidad de cableado eléctrico separado.
Estos incluyen terminales de video, accesorios de iluminación LED, señalización digital,

conmutadores compactos y, por supuesto, puntos de acceso más grandes y robustos.
802.3bt, UPOE y UPOE+ utilizan el mismo estándar de cableado que PoE/PoE+; sin embargo, en
lugar de entregar energía a través de solo dos de los pares trenzados, estas realizaciones de PoE de
mayor potencia utilizan los cuatro pares trenzados de cableado Ethernet estándar (Categoría 5e o
mejor). Lo hacen utilizando dos controladores PSE para alimentar tanto los pares de señales como
los pares de repuesto. La Figura 4-1 presenta la diferencia entre PoE/PoE+ y Cisco UPOE/UPOE+.
Figura 4-1 Comparación de PoE/PoE+ con UPOE/UPOE+
En el caso de PoE, PoE+ o UPOE, el tipo de cable Ethernet mínimo es Categoría 5e. En el caso de UPOE+,
se requiere como mínimo la Categoría 6a. Independientemente del método de alimentación a través de
Ethernet, la distancia máxima del cable sigue siendo la misma: 100 metros.
También es importante tener en cuenta que la compatibilidad con el tipo de PoE deseado depende de las
capacidades del conmutador Ethernet. Por ejemplo, es posible que los conmutadores más antiguos solo
admitan PoE/PoE+; sin embargo, los conmutadores modernos (como el Catalyst 9300) admiten UPOE y
ciertos conmutadores de gama alta (como el Catalyst 9400) admiten UPOE+.
La Tabla 4-2 resume las diversas opciones de PoE disponibles para alimentar dispositivos de red.
Tabla 4-2 Resumen de estándares y capacidades de alimentación a través de Ethernet

PoE PoE+ UPOE UPOE+ PoE++
(802.3bt
clase 4)
Minimo Cat5e Cat5e Cat5e Cat6a Cat6a
Tipo de cable
IEEE IEEE IEEE 802.3at Cisco Cisco IEEE 802.3bt
Estándar 802.3af propietario propietario
Máximo 15.4W 30W 60W 90W 100W (clase 4)
Potencia
puerto POE
Maximum 12.95W 25.5W 51W 71W 71W
Power to PD
Pares trenzados Dos pares Dos pares Cuatro pares Cuatro pares Cuatro pares
utilizados
Distancia <100 <100 metros <100 metros <100 metros <100 metros
metros
Power Injectors
PoE entregado por un conmutador de acceso es una opción natural para alimentar los AP en la mayoría de las
implementaciones inalámbricas. Esto reduce en gran medida el cableado necesario y permite la colocación flexible de
AP en todo el edificio. Dicho esto, todavía hay casos de uso en los que la PoE suministrada por el conmutador de acceso
no es práctica y se deben considerar los inyectores de energía. Por ejemplo, puede haber lugares donde el conmutador
simplemente no admita el modo PoE necesario, o tal vez el conmutador no tenga puertos compatibles con PoE
disponibles, o incluso puede tener un presupuesto de energía muy limitado debido a demasiados otros PD. En algunos
casos, ciertos AP con funciones completas habilitadas pueden tener mayores demandas de energía que las que puede
ofrecer un conmutador PoE heredado. En estas situaciones, utilizar un inyector eléctrico es una alternativa sencilla y, a
menudo, atractiva.
Los inyectores de energía generalmente tienen dos entradas Ethernet: una conectada al switch ascendente y otra
conectada al PD (es decir, el punto de acceso). El inyector de energía también se conecta a una fuente de energía a través
de la fuente de alimentación de 48 V CC, que luego inyecta energía en los dos pares, admitiendo PoE y PoE+.
4
Los inyectores de energía Cisco se ofrecen en dos factores de forma. La primera variante admite cables de cobre de
categoría 5e o superior tanto en la entrada como en la salida (conectados al switch y al punto de acceso). En este caso, la
distancia máxima del cable desde el conmutador al AP permanece en 100 metros; es decir, el inyector de energía no
funciona como repetidor y aumenta la distancia máxima de transmisión a través del cable de par trenzado.
La segunda variante es un enlace de fibra óptica entre el interruptor y el inyector de potencia. En este caso, el inyector de
energía funciona como un conversor de medios e inyecta energía al cable de par trenzado que se conecta al punto de
acceso. El uso de fibra monomodo permite colocar el inyector de energía a hasta 2 kilómetros del conmutador, lo que lo
convierte en una opción práctica para lugares donde el AP está lejos, como grandes fábricas, almacenes y otros lugares
con escasos armarios de cableado.
La Figura 4-2 ilustra las dos opciones de inyector de energía para los puntos de acceso de Cisco.
Power Source Power Source
48V Power Supply 48V Power Supply
Ethernet Fiber
(100m max) (2km max) 100m max
Inyector de energía conectado a un enlace Inyector de energía conectado a un enlace

ascendente de fibra ascendente de cobre (Cat5e o mejor)
Figure 4-2 Opciones de implementación del inyector de energía
MultiGigabit
Con velocidades de rendimiento cada vez mayores de 802.11ac Wave 2 (Wi-Fi 5) y, más
recientemente, 802.11ax (Wi-Fi 6), el rendimiento inalámbrico teórico máximo de un punto de
acceso está superando con creces la capacidad de 1 Gpbs del acceso Ethernet tradicional.
potencialmente haciendo que el enlace ascendente con un solo cable entre el AP y el conmutador
sea un punto de estrangulamiento.
Para resolver este problema, Cisco ha defendido el desarrollo de la tecnología MultiGigabit (mGig)
que ofrece velocidades de 2,5 Gbps, 5 Gbps o 10 Gbps en cables existentes. La NBASE-T Alliance
(creada en 2014) lideró inicialmente el desarrollo de estándares de MultiGigabit sobre Ethernet,
pero finalmente se fusionó con Ethernet Alliance en abril de 2019 y ahora Cisco la comercializa
como mGig. Además de las velocidades Ethernet tradicionales a través de cable de categoría 5e,
Cisco mGig admite velocidades de 2,5 Gbps, 5 Gbps y 10 Gbps. La tecnología también es compatible
con PoE, PoE+ y Cisco UPOE.
Las principales características de mGig son las siguientes:

■ ■ Velocidades variables: La tecnología Cisco mGig admite la negociación automática de
múltiples velocidades en los puertos del switch (100 Mbps, 1 Gbps, 2,5 Gbps y 5 Gbps en cable
Cat 5e y hasta 10 Gbps en cableado Cat 6a).
■ ■ Tipos de cables flexibles: mGig admite una amplia gama de tipos de cables, incluidos Cat 5e,
Cat 6 y Cat 6a o superiores.
■ ■ Alimentación PoE: La tecnología admite PoE, PoE+ y UPOE (hasta 60 W) para todas las
velocidades y tipos de cables admitidos, lo que proporciona a los puntos de acceso
alimentación adicional para funciones avanzadas, como hiperubicación y modularidad.
La Figura 4-3 ilustra el uso de mGig entre un conmutador de acceso capaz y un punto de acceso.
Wi-Fi > 1 Gbps AP

Cables de categoría 5e
existentes
Up to 5 Gpbs
MultiGigabit MultiGigabit
Capable Switch Capable AP
Figura 4-3 Conexión MultiGigabit a un punto de acceso
Los puntos de acceso de las series Cisco 3800 y 4800 (802.11ac Wave 2) y los AP de la serie Cisco
Catalyst 9100 (Wi-Fi 6/6E, 802.11ax) admiten la tecnología Cisco mGig a velocidades de 2,5 Gbps y 5
Gbps. Esta tecnología protege la inversión en la infraestructura de cableado, permitiendo que
tecnologías inalámbricas más nuevas y más rápidas se transporten a través de la misma infraestructura
física de Ethernet sin convertirse en un cuello de botella.
En resumen, la Tabla 4-3 ilustra las diferentes velocidades de mGig y las categorías de cable admitidas.
Tabla 4-3 Velocidades mGig admitidas con categorías de cable asociadas

1G 2.5G 5G 10G
Cat5e Si Si Si N/A
Cat6 Si Si Si Sí (hasta 55 m)
Cat6a Si Si Si Si
Montaje de puntos de acceso

Las implementaciones inalámbricas a menudo requieren una variedad de opciones de montaje de
AP diferentes según los atributos físicos y la accesibilidad de cada ubicación. Para abordar esto,
Cisco ofrece varias opciones diferentes de soportes de montaje.
Además, varios proveedores externos proporcionan gabinetes y soportes de montaje para

escenarios menos comunes.
Esta sección analiza las tres opciones más comunes para montar AP de Cisco:
■ Montaje en techo y pared

■ Montaje debajo de las placas del techo
■ Montaje encima de los paneles del techo
Puntos de acceso para montaje en techo y pared

Al realizar el montaje en una superficie horizontal o vertical, puede utilizar uno de los dos
soportes de montaje estándar:
■ AIR-AP-BRACKET-1: Esta opción de montaje presenta un perfil bajo, lo que la convierte en 4

una opción popular para techos.
■ AIR-AP-BRACKET-2: Este es un soporte de montaje universal que se usa a menudo si el AP
se montará en la pared o se colocará en un gabinete NEMA (Asociación Nacional de
Fabricantes Eléctricos).
La Figura 4-4 ilustra las dos opciones de soporte de montaje.
AIR-AP-BRACKET-1 (perfil bajo) AIR-AP-BRACKET-2 (universal)

Figura 4-4 Opciones de soporte de montaje del punto de acceso de Cisco
Cuando se desea montar en la pared, el instalador debe comprender que las paredes pueden ser un
obstáculo físico para la señal de RF; por lo tanto, la pared puede comprometer el mantenimiento de una
cobertura de 360 grados si el AP no se coloca correctamente. La pared es exterior y/o si el objetivo es
transmitir la señal en un haz mas estrecho (como por un pasillo de comida en una tienda de comestibles),
una antena direccional puede ser una mejor opción, suponiendo que el modelo de antena externa, se
utiliza un AP.
En la mayoría de los casos, se recomienda evitar los AP montados en la pared con antenas internas, ya
que la orientación de la antena de estos AP está diseñada de manera óptima para el montaje en el techo,
proporcionando cobertura de RF en un patrón de 360 grados al espacio debajo del piso. Si el AP está
montado en la pared, se recomienda utilizar un soporte en ángulo recto (donde el AP todavía esté
orientado hacia abajo) o antenas externas que proyecten la energía de RF en el espacio como se espera.
Por este motivo, generalmente se recomienda montar los AP de interior en el techo en lugar de en la
pared.
78 Guía oficial de certificación ENWLSD 300-425 y ENWLSI 300-430
Montaje de puntos de acceso debajo de un techo suspendido

Para facilitar el montaje de AP debajo de un techo suspendido, hay disponibles soportes de montaje
especializados que se enganchan al riel de un techo con barra en T. Las Figuras 4-5 y 4-6 ilustran el
soporte de montaje para estos tipos de techos.
AIR-AP-T-RAIL-R (empotrable) AIR-AP-T-RAIL-F (Enrasado)

Figura 4-5 Opciones de soporte de montaje en techo con barra en T
Figura 4-6 Detalle del soporte de montaje en techo con barra en T.
Montaje de puntos de acceso encima de los paneles del techo

La opción preferida es montar puntos de acceso debajo de las placas del techo; sin embargo, en
algunos casos, los ingenieros inalámbricos pueden preferir colocar los puntos de acceso de manera
que nada sea visible desde el suelo, o puede haber una política de instalaciones del edificio que
prohíba que cualquier dispositivo se fije al techo suspendido. También se puede preferir el montaje
sobre las placas del techo por razones estéticas, o se puede hacer como una forma de reducir el robo
en áreas vulnerables (como puntos de acceso público donde el robo o el daño pueden ser un
problema). En tales circunstancias, los puntos de acceso interior de Cisco, como la serie Catalyst
9100, tienen una clasificación UL-2043 para instalación en el área del pleno sobre el techo
suspendido, lo que les permite fijarlos a la malla de barra en T pero suspenderlos sobre la losa.
La Figura 4-7 ilustra un esquema de montaje para un AP encima de los paneles del techo.
Figura 4-7 Montaje del punto de acceso sobre los paneles del techo
Al montar el AP sobre los paneles del techo, es importante recordar que los paneles no deben ser
conductores, ya que esto tendría un efecto degradante en el rendimiento de RF del AP y puede
interferir con las funciones de la LAN inalámbrica que dependen de una cobertura uniforme, como
como servicios de voz y localización. Además, el AP debe montarse lo más cerca posible del centro
del techo y lejos de posibles obstrucciones, como conductos metálicos, tuberías, cableado u otros
objetos metálicos que puedan interferir con el rendimiento de RF.
Conexión a tierra y seguridad de puntos de acceso

No siempre se requiere conexión a tierra para instalaciones interiores porque los puntos de acceso
están clasificados como dispositivos de bajo voltaje y no contienen fuentes de alimentación
internas. Sin embargo, siempre se recomienda la conexión a tierra eléctrica para los puntos de
acceso al exterior. Siempre es mejor consultar las normas eléctricas locales para determinar si es
necesaria la conexión a tierra.
Aunque la conexión a tierra no es obligatoria para la mayoría de los puntos de acceso interiores, sí
es necesaria en determinados escenarios. Por ejemplo, en escenarios subterráneos como
operaciones mineras, los puntos de acceso interiores que están montados demasiado cerca de una
fuente electromagnética de interferencia, como una luz fluorescente, pueden reiniciarse
repentinamente o sufrir daños en el hardware. Esto puede ocurrir incluso si el AP no está tocando
físicamente la fuente eléctrica, sino que está muy cerca de la fuente electromagnética de
interferencia. Conectar a tierra el punto de acceso o el soporte de montaje ayuda a evitar que ocurra
este problema. Un técnico eléctrico certificado debe verificar si la instalación requiere conexión a
tierra.
La Figura 4-8 muestra un punto de acceso exterior con el conector de conexión a tierra.
Figura 4-8 Un punto de acceso exterior con conexión a tierra eléctrica (Crédito de la foto:
Ian Procyk)
Requisitos de infraestructura lógica

El camino que sigue el flujo de tráfico a través de una red puede aparecer de forma diferente según su punto
de vista. Por ejemplo, desde el punto de vista de un técnico de redes, un paquete viaja a través de la red en una
ruta salto a salto a través de cada dispositivo conectado físicamente. Sin embargo, desde la perspectiva de un
usuario final inalámbrico, si el tráfico se tuneliza en una superposición CAPWAP, es posible que el usuario
solo vea un salto entre un punto de acceso y el controlador, cuando en realidad se encontraron numerosos
saltos físicos a lo largo del camino de la red subyacente. Ésta es la diferencia entre la red física y la lógica.
El tráfico también fluye de manera diferente según el modelo de implementación elegido: los puntos de
acceso autónomos actúan como enlaces directos entre los lados inalámbrico y cableado de la red, mientras
que los puntos de acceso controlados centralmente en modo local deben reenviar todo el tráfico del cliente
inalámbrico al controlador a través de un CAPWAP encapsulado. túnel. En el modo FlexConnect, algunas
WLAN se pueden conmutar localmente en el AP, mientras que otras se pueden conmutar de forma
centralizada en el controlador.
La siguiente sección explorará algunas de las características de la infraestructura lógica de una red
inalámbrica, incluido el flujo de los canales CAPWAP, las conexiones lógicas a servicios que soportan la
infraestructura inalámbrica, como servidores AAA y DHCP, y finalmente las opciones de licencia que están
disponibles para soportar el despliegue inalámbrico.
Flujo CAPWAP
CAPWAP es un protocolo de conexión de red lógica entre puntos de acceso y un controlador de
LAN inalámbrica. CAPWAP se utiliza para gestionar el comportamiento de los AP, así como el
tráfico 802.11 encapsulado en túnel entre el AP y el controlador.
Las sesiones CAPWAP se establecen entre la dirección IP lógica del AP (obtenida a través de
DHCP) y la interfaz de administración del controlador. Los controladores basados en IOS XE
tienen una única dirección IP que se utiliza para todos los fines. En versiones anteriores de
AireOS, la sesión CAPWAP terminaba en la interfaz ap-manager; sin embargo, esto se ha
cambiado a la interfaz de administración en versiones más recientes de AireOS.
Ya sea en modo Local o FlexConnect, las sesiones CAPWAP entre el controlador y el AP se utilizan
para gestionar el comportamiento del AP. Cuando está en modo local, CAPWAP se utiliza
adicionalmente para encapsular y tunelizar todo el tráfico de clientes inalámbricos para que el
controlador pueda procesarlo de forma centralizada.
Las sesiones CAPWAP utilizan UDP tanto para el canal de control como para el de datos, de la siguiente
manera:
■ Canal de control CAPWAP: utiliza el puerto UDP 5246

■ Canal de datos CAPWAP: utiliza el puerto UDP 5247 y encapsula (túneles) las tramas 802.11
del cliente.
■ La Figura 4-9 ilustra los diferentes canales CAPWAP entre un AP y un controlador.
DTLS, UDP 5246

CAPWAP Control
4
AP WLC
CAPWAP Data
(DTLS) UDP 5247
Figura 4-9 Canales del plano de datos y control CAPWAP
Si hay un firewall o enrutador con listas de control de acceso (ACL) a lo largo de la ruta lógica entre
el AP y el controlador, es importante asegurarse de que existan reglas para permitir que tanto el
control CAPWAP como los puertos del canal de datos atraviesen el firewall para que el AP y el
controlador pueden comunicarse correctamente. Puede encontrar una lista completa de reglas de
firewall recomendadas aquí:
https://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/113344-
cuwn-ppm.html
A medida que crece la cantidad de AP, también aumenta la cantidad de túneles CAPWAP que
terminan en el controlador. La Figura 4-10 ilustra la conexión lógica de múltiples sesiones
CAPWAP a través de la infraestructura física.
Physical
AP Infrastructure
Upstream
Ethernet
AP Switch
Clients
AP WLC
AP
CAPWAP Tunnels
AP
Figura 4-10 Sesiones CAPWAP entre los AP y el controlador
NOTA En el modo autónomo, el AP conmuta todo el tráfico localmente y no se utiliza CAPWAP. En

el modo FlexConnect, el tráfico del cliente inalámbrico se conmuta localmente mientras el control del
AP se administra a través del canal de control CAPWAP. Sólo los AP controlados centralmente en
modo local utilizan tanto el control CAPWAP como los canales de datos. El modo FlexConnect puede
utilizar un híbrido: algunas WLAN se pueden conmutar localmente mientras que otras se conmutan
de forma centralizada, donde el tráfico de datos regresa al controlador a través del canal de datos
CAPWAP. En cualquier caso, los AP FlexCon-nect todavía son administrados por el canal de control
CAPWAP.
Teniendo en cuenta que todos los AP en modo local utilizan CAPWAP para canalizar el tráfico del cliente
802.11 entre el AP y el controlador, se debe considerar un criterio de diseño importante relacionado con la
carga de tráfico. Con 802.11ac Wave 2, el rendimiento teórico máximo de un único AP es de ~1,3 Gbps.
802.11ax (Wi-Fi 6/6E) ofrece velocidades aún mayores, con un rendimiento teórico superior a 10 Gbps
desde un único AP (basado en múltiples transmisiones). Teniendo en cuenta que el canal de datos
CAPWAP deberá soportar niveles crecientes de rendimiento de datos (sin mencionar la estructura y la
sobrecarga de paquetes), las demandas de la infraestructura lógica tienen una correlación directa con las
capacidades de la infraestructura física subyacente. En este sentido, se deben realizar análisis cuidadosos
en varios lugares de la red para determinar si se pueden satisfacer las demandas de rendimiento de la red
inalámbrica. Esto incluye los siguientes aspectos de diseño:
■ La conexión física entre el AP y el switch de acceso (evaluar si se requiere mGig).

■ Una estimación de la sobresuscripción del enlace ascendente del conmutador de acceso a la
red.
■ Capacidad troncal de la red central.
■ Velocidades de conexión WAN si los controladores están centralizados y los AP están en
modo local.
■ Velocidades de acceso a la red al controlador.
■ Capacidades de rendimiento del controlador.
Desde una perspectiva de diseño, el consumo máximo teórico de ancho de banda de un AP

generalmente nunca se alcanza. Sin embargo, si suficientes AP generan simultáneamente un gran
volumen de tráfico, un controlador puede quedarse sin recursos rápidamente. Tomemos el ejemplo
de un controlador con licencia para 500 AP. Si todos estos fueran AP Wi-Fi 6/6E que pasaran un
volumen de tráfico excesivamente alto, la capacidad de ancho de banda agregado de la conexión
física al controlador podría agotarse rápidamente, lo que significa que podrían ser necesarios más
controladores con menos AP.
Los problemas de rendimiento en el controlador pueden manifestarse de dos maneras posibles: (1) la
capacidad de la red subyacente para agregar todo el tráfico de datos CAPWAP y reenviarlo sin
sobresuscripción de los enlaces físicos conectados al controlador, y (2) el propio rendimiento del
controlador. limitaciones de rendimiento para poder procesar el volumen de datos que recibe.
Si surge alguno de estos dos casos, se pueden considerar ciertos cambios de diseño. Un cambio es
descentralizar y dividir la función de los controladores de modo que un solo controlador gestione
menos datos. Otra opción es simplemente reducir la cantidad de AP que administra cada
controlador. Si se prefiere descentralizar los controladores, también se debe considerar la ruta de
roaming. Si bien la itinerancia entre AP conectados al mismo controlador es simple y debería ser
fluida, si los clientes se desplazan a un AP conectado a un controlador diferente, la ruta de
itinerancia implicará comunicación entre controladores y una mayor complejidad de la red.
Otra área donde la sobresuscripción puede ser un problema es en el conmutador de acceso donde los
AP están conectados físicamente. Tomemos el ejemplo de un conmutador de acceso con varias
docenas de AP conectados con mGig, todos con Wi-Fi 6/6E. Si los clientes asociados a estos AP
generan grandes cantidades de datos agregados, las demandas de rendimiento podrían agotar
rápidamente incluso un enlace ascendente de 10 Gbps desde el conmutador de acceso. Por lo tanto,
es imperativo evaluar no sólo cuántos AP se están implementando (y cuántos de cada tipo), sino que
también se deben realizar cálculos cuidadosos para determinar si la capacidad de enlace ascendente
de los conmutadores de acceso puede acomodar las demandas de tráfico esperadas, incluida la
cantidad de AP que se están implementando (y cuántos de cada tipo). la sobresuscripción es
aceptable. Si se descubre que la tasa de sobresuscripción es excesiva, entonces se necesitarán
múltiples enlaces ascendentes (lo que requiere canalización de puertos) o se deberá implementar una
menor cantidad de AP en cada conmutador de acceso.
NOTA La sobresuscripción de AP controlados centralmente a través de la WAN se puede abordar

mediante el modo FlexConnect, que se analiza en detalle en el Capítulo 10, “Implementación de 4
FlexConnect”.
Ruta lógica de los servicios AAA y DHCP

Otra área donde la ruta lógica requiere una cuidadosa consideración es la ruta entre el controlador y
los servicios clave, como los servidores AAA y DHCP. Servicios como AAA (ISE), DHCP, DNS,
MSE/CMX, DNA Spaces y muchos más pueden ubicarse en ubicaciones de la red que tengan
firewalls que los protejan. Comprender la ruta lógica entre estos servicios a menudo requerirá la
apertura de reglas de firewall para que el servicio interactúe con el controlador.
Al igual que con CAPWAP, la interfaz de administración del controlador se utiliza para
comunicarse con servidores AAA, así como con una serie de otros servicios, incluidos servidores de
ubicación, servidores de directorio, servidores sys-log, otros controladores y más.
Para DHCP, los controladores envían proxy de comunicación al servidor DHCP en nombre de los
clientes utilizando la dirección IP del controlador en la VLAN asociada a la WLAN de esos clientes.
La Tabla 4-4 resume los puertos que deben estar abiertos para permitir que el controlador se
comunique con servicios clave.
Tabla 4-4 Resumen de los servicios y puertos AAA y DHCP utilizados para la infraestructura
inalámbrica
Service Port
Autenticación por RADIO Puerto UDP 1812 (algunas versiones anteriores usan el puerto UDP 1645)
Autorización RADIO Puerto UDP 1813 (algunas versiones anteriores usan el puerto UDP 1646)
DHCP Servidor UDP puerto 67
DHCP Cliente UDP puerto 68
Descripción general de las licencias

Además de comprar el controlador en sí, las implementaciones inalámbricas de Cisco requieren
licencias para activar el uso de los puntos de acceso. La siguiente sección proporciona un resumen
de cómo se otorgan licencias de los controladores inalámbricos y AP de Cisco.
Los controladores inalámbricos de Cisco admiten dos tipos de modelos de licencia: licencia de
derecho de uso (RTU) y licencia inteligente.
Licencia de derecho de uso

La licencia de derecho de uso (RTU) es un mecanismo de licencia basado en el honor que permite
habilitar licencias AP en controladores inalámbricos (como los controladores de la serie 8500) con la
aceptación del acuerdo de licencia de usuario final (EULA). El esquema de licencia RTU simplifica la
adición, eliminación y transferencia de licencias AP y no requiere claves de licencia especializadas ni
licencias de clave de activación de producto (PAK).
Con la licencia RTU, existen tres tipos de licencias:
■ Licencias permanentes: el recuento de AP se programa en la memoria no volátil en el

momento de la fabricación. Estas licencias no son transferibles de un responsable del
tratamiento a otro.
■ Licencias de recuento de puntos de acceso Adder: Son licencias adicionales que se pueden
activar mediante la aceptación del acuerdo. Estas licencias también son transferibles entre
responsables y tipos de responsables.
■ Licencias de evaluación: Se utilizan para períodos de demostración y/o prueba y tienen una
validez de 90 días y, de forma predeterminada, alcanzan la capacidad total del controlador. La
activación de la licencia de evaluación se realiza a través de la interfaz de línea de comandos
(CLI).
Smart Licensing
Smart Licensing es un modelo de licencia flexible basado en la nube que simplifica la forma en que se
administran las licencias en toda una organización en lugar de hacerlo por controlador. La intención
de Smart Licensing es facilitar la gestión e implementación de licencias de software de Cisco desde
un repositorio central sin tener que realizar un seguimiento de cómo se utilizan las licencias en
productos individuales. Los controladores basados en IOS XE, como el Catalyst 9800, han
migrado a Smart Licensing. Si bien no se requieren licencias para iniciar el controlador, para
conectar cualquier punto de acceso, se requieren licencias Cisco DNA administradas a través de
Smart Licensing para cada punto de acceso que se conecta al controlador. Si bien una licencia
faltante no impedirá que un AP se una al controlador y funcione normalmente, el controlador
registrará la falta de licencia. Los controladores AireOS admiten Smart Licensing además del modelo
de licencia RTU.
En lugar de utilizar claves de activación de producto (PAK) o licencias RTU, las licencias inteligentes
establecen un grupo central de licencias de software AP en una cuenta inteligente definida por el
cliente que se puede utilizar en toda la empresa y en todos los controladores o AP. Los productos
con licencia inteligente se registran automáticamente tras la configuración y activación con un solo
token, lo que elimina la necesidad de registrar productos individualmente con PAK separados o
aceptar un acuerdo de licencia. Por lo tanto, en lugar de otorgar licencias a cada controlador
individual para la cantidad de AP que el administrador prevé que administre, el conjunto de
licencias se puede compartir entre todos los controladores de la empresa y usarse según sea
necesario. Este enfoque tiene una clara ventaja sobre los modelos de licencias heredados al
simplificar y optimizar enormemente el uso de las licencias.
En el modelo RTU, un controlador puede tener licencia para muchos más AP de los que administra
actualmente, mientras que otro controlador puede no tener suficientes licencias para lo que necesita.
Smart Licensing elimina los gastos generales y el desperdicio simplemente colocando todas las
licencias de AP en un grupo central que se puede administrar y presupuestar según surja la
necesidad. A medida que se agregan o mueven nuevos AP en la organización, el administrador ya no
necesita determinar el recuento de licencias actual por controlador; solo es necesario monitorear y
mantener el conjunto de licencias de AP de Smart Licensing. Esto no sólo proporciona una mejor
utilización de las licencias, sino que también facilita la adquisición e implementación de licencias a
medida que la organización crece.
Para utilizar Smart Licensing se deben seguir los siguientes pasos:

Paso 1. Cree una cuenta inteligente:
a. Cree una Cuenta Inteligente en el siguiente enlace: https://software.cisco.com/software/
company/smartaccounts/home#accountcreation-account.
b. Vaya a Cisco Software Central en software.cisco.com.
c. Aparece un perfil editable.
d. Se envía automáticamente un correo electrónico al administrador de la cuenta inteligente
del cliente.
Paso 2. Registre el controlador Cisco usando la cuenta inteligente.
a. Para los clientes existentes, deposite las licencias existentes, si las hubiera, en
la Cuenta Inteligente.
b. Para una nueva compra, compre una licencia de Cisco DNA para los puntos 4
de acceso que se conectan al controlador Cisco Catalyst.
Paso 3. Configure el nivel de licencia en el controlador, según lo desee.
Resumen
Este capítulo se centró en los requisitos de infraestructura física y lógica de las implementaciones de
LAN inalámbrica. En este capítulo has aprendido lo siguiente:
■ Las diversas opciones de PoE disponibles para diferentes AP, así como las capacidades y
funciones de cada mecanismo PoE.
■ Cómo se pueden admitir estándares inalámbricos de mayor rendimiento, como 802.11ac
Wave 2 (Wi-Fi 5) y 802.11ax (Wi-Fi 6/6E), a través de mGig
■ Opciones de montaje AP, incluidas opciones de montaje en techo y en pared encima y
debajo de una losa
■ La importancia de conectar a tierra los AP en determinadas situaciones
■ La necesidad de considerar la ruta lógica y su impacto en la infraestructura física subyacente,
incluidos los canales de datos y control CAPWAP, así como los servicios AAA y DHCP.
■ Diferentes tipos de modelos de licencia disponibles para diferentes controladores de LAN
inalámbrica de Cisco, incluidas las licencias RTU y las licencias inteligentes, que es un
método para agrupar licencias en toda la empresa.
Referencias
Para obtener información adicional, consulte estos recursos:
Cisco Enterprise Wireless—Intuitive Wi-Fi Starts Here: https://www.cisco.com/c/dam/en/

us/products/collateral/wireless/nb-06-wireless-wifi-starts-here-ebook-cte-en.pdf
Catalyst 9120 Access Point Deployment Guide: https://www.cisco.com/c/en/us/products/
collateral/wireless/catalyst-9100ax-access-points/guide-c07-742311.html
Network World—Best Practices When Cabling an Access Point: https://www.networkworld.

com/article/3290459/what-are-the-best-practices-when-cabling-for-wi-fi.html
Power over Ethernet: Empowering Digital Transformation: https://www.cisco.com/c/dam/
en/us/products/collateral/switches/catalyst-9000/nb-06-upoe-plus-wp-cte-en.pdf
Transform the Workspace with Cisco MultiGigabit Ethernet White Paper: https://www.
cisco.com/c/en/us/solutions/collateral/enterprise-networks/catalyst-multigigabit-switching/
white-paper-c11-733705.html
Cisco Smart Licensing Overview: https://www.cisco.com/c/dam/en/us/products/collateral/
software/smart-accounts/q-and-a-c67-741561.pdf
Tareas de preparación de exámenes

Tiene un par de opciones para la preparación del examen: las siguientes secciones de revisión,
Capítulo 18, “Preparación final” y las preguntas de práctica del examen en el sitio web complementario.
Revisar todos los temas clave

Revise los temas más importantes de este capítulo, señalados con el ícono de Tema clave en el margen
exterior de la página. La Tabla 4-5 enumera estos temas clave y los números de página en los que se
encuentra cada uno.
Tabla 4-5 Temas clave para el Capítulo 4

Elemento clave del tema Descripcion Número página
Table 4-2 Resumen de estándares y capacidades de 74
alimentación a través de Ethernet
Table 4-3 Velocidades mGig admitidas con categorías de cable 76
asociadas
Figure 4-9 Canales de control y plano de datos CAPWAP 81
Table 4-4 Resumen de servicios y puertos AAA y DHCP 83
utilizados para la infraestructura inalámbrica
Definir términos clave

Defina los siguientes términos clave de este capítulo y verifique sus respuestas en el glosario:
PoE, PoE+, UPOE, UPOE+, Equipo de suministro de energía (PSE), Dispositivo alimentado,
Inyector de energía, Cisco MultiGigabit, Derecho de uso (RTU), Acuerdo de licencia de
usuario final (EULA), Smart Licensing.
Index
Numbers precision versus accuracy in, 328

RSSI trilateration techniques,
3GPP, 498 323–324
4G, 503 802.11e, 262–269
4-way handshake, 188 802.11g, 11–13
5G, 498, 503 802.11h, 149
802.1Q trunking mode, 200 802.11k, 11–13, 134, 186–187
802.1X_reqd, 445–446 802.11n, 11–13
802.11 standard 802.11r, 11–13, 190–193
802.11a, 11–13, 296 802.11v, 187
802.11ac, 11–13, 75 BSS transition, 134
802.11ax optimizing client mobility with,
187
efficiency of, 499–500
802.11w, 11–13
IoT improvements in, 503–505
authentication, 188
logical infrastructure
requirements, 82 broadcast and multicast frames, 296
overview of, 75, 498 client capabilities, 11–13
physical infrastructure configuration, 480
requirements, 75 DCF (distributed coordination
references, 506 function), 258–262
scheduling method in, 501–503 Ethernet bridging, 156–157
specifications, 11–13 expansion of coverage with additional
APs, 98–102
Wi-Fi 6E, 505–506
location services and. See location
Wi-Fi 7, 506 services
802.11b, 11–13 probe suppression, 134
802.11-based location, 323–328 quality of service. See QoS (quality of
802.11 frames used for location, service)
325–328 security, 392–398
AoA (Angle of Arrival) specifications, 11–13
techniques, 324–325
TSpec (traffic specification), 268–269
cell of origin techniques, 323
UPOE and UPOE+, 263 configuration overview, 466–468
Wi-Fi RF regulations for, 34–39 CWA (central web authentication),
WMM (Wireless Multimedia), 416–419
263–266 definition of, 16
802.15.4 standard, 321 design of, 465–466
802.3af standard, 73 EAP (Extensible Authentication
802.3at standard, 73 Protocol), 389–392
802.3bt standard, 73 EAP-FAST (Flexible
Authentication via Secure
Tunnels), 391, 392, 481
A EAP-MSCHAPv2, 390
EAPoL (EAP over LAN), 188, 389
AAA (authentication, authorization,
and accounting). See also 802.11 EAP-TLS (Transport Layer
standard Security), 390–392
ACLs (access control lists) fast secure roaming methods
AireOS Versus C9800, 361–363 802.11r, 190–193
CAPWAP control flow, 81 CCKM (Cisco Centralized Key
Management), 190
FlexConnect, 234–237
OKC (Opportunistic Key
overview of, 483–484
Caching), 190
preauthentication, 359–360
PMKID (Pairwise Master Key
split tunneling, 234, 236–237 ID) caching, 189–190
VLAN, 234–235 preauthentication, 190
WebPolicy, 234 RSN (robust security network),
authentication credentials, 481–482 187–189
authentication rules, 482–483 FlexConnect
authorization, 474–476 AAA survivability, 231–232
authorization method lists, 475 ACLs (access control lists),
BYOD (Bring Your Own Device) 234–237
certificate provisioning, 414 best practices, 244–245
CWA (central web CAPWAP Message Aggregation,
authentication), 416–419 233
implementation, 407–408 central switching, 228
LWA (local web authentication), FlexConnect groups, 227–230
408–416 implementing with AireOS,
native supplicant provisioning, 223–227
419–420 implementing with IOS XE
overview of, 406–407 controllers, 238–244
self-registration, 415–416 local switching, 220
modes of operation, 221–222
562 AAA (authentication, authorization, and accounting)
overview of, 157, 219, 220–221, access categories, EDCA (Enhanced

231–232, 234–237 Distributed Channel Access),
resiliency, 230–231 263–266
Smart AP Image Upgrades, access control lists. See ACLs (access
237–238 control lists)
split tunneling, 236–237 access points. See APs (access points)
WAN requirements for, 222–223 accounting. See AAA (authentication,
authorization, and accounting)
guest access
accuracy, location
certificate provisioning, 414
deployment, 321, 324, 325, 328
CWA (central web
authentication), 416–419 managing
implementation, 407–408 AP setting verification, 377–379
LWA (local web authentication), location requirements, 376–377
408–416 on MSE, 379–380
native supplicant provisioning, RF Calibration Model on Prime
419–420 Infrastructure, 380–381
overview of, 406–407 ACK, broadcast and multicast delivery,
self-registration, 415–416 296
ISE (Identity Services Engine), ACLs (access control lists)
392–398. See also device access AireOS Versus C9800, 361–363
controls CAPWAP control flow, 81
client profiling, 398–405 FlexConnect, 234–237
CWA (central web overview of, 483–484
authentication), 416–419
preauthentication, 359–360
native supplicant provisioning,
split tunneling, 234, 236–237
419–420
VLAN, 234–235
overview of, 449, 508
WebPolicy, 234
security, 392–398
ACM (Admission Control Mandatory),
ports, 83
268–269
RADIUS, 387–391, 392–398, 412,
Act license, Cisco Spaces, 350
416–417, 466–468
active scanning, 185
services and ports for, 83
ad hoc rogues, 439, 442
TACACS+, 468–472
Adaptive Wireless Intrusion Prevention
wireless network authentication
System, 337
framework, 387–389
Adaptive Wireless Path Protocol
AAA method list, 474
(AWPP), 145–146, 152–155
AAA Wizard, 467
adder access point count licenses, 84
acceptable use policy (AUP), 407
addresses, MAC, 326, 455–456, 457,
476
ap-manager interface 563
Admission Control Mandatory (ACM), algorithms

268–269 DCA (dynamic channel assignment),
Advanced license, CMX, 349 128–131
Advanced Malware Protection (AMP), FRA (Flexible Radio Assignment), 108,
419 132–134
advertisements, NDP (Neighbor TPC (transmit power control), 149
Discovery Protocol), 118–122 AP cell sizes, 527–531
AFC (Automatic Frequency AP transmit power level value
Coordinator), 36 correlation, 524
AI network analytics, Cisco Catalyst example scenario for, 518
Center, 436–438
gathering data for, 518–521
AIFS (arbitration interframe space),
neighbor lists, 521–524
266
AIFSN (Arbitration Interframe Space
Number), 266 parameters for AP-1 through
AP-10, 527–531
Air Quality Index (AQI), 456–457, 458
parameters to calculate Tx_Ideal,
AIR-AP-BRACKET-1/AIR-AP-
526
BRACKET-2, 77
results of, 524–531
AireOS controllers. See also controllers
AMP (Advanced Malware Protection),
ACLs (access control lists), 361–363
419
AP priority, 204
analytics, location services
Cisco Spaces deployment, 335–337
Cisco Catalyst Center, 436–438
client profiling configuration on,
Cisco Spaces, 355–358
400–402
initial setup, 355
FlexConnect implementation with,
223–227 managing, 356–358
HA (high availability), 205–209 CMX, 351–355
LWA (local web authentication), widgets, 353–355
409–412 zones, 352
ME (Mobility Express), 219 anchor controllers, 178, 179, 413–414
multicast. See multicast traffic Angle of Arrival (AoA), 65, 324–325
QoS (quality of service) on, 280–282 antennas, 65, 107–109
resiliency, 200–201 mesh networks, 150–152
AirMagnet Survey Pro, 41, 57 omnidirectional, 92, 106–108, 111
alarms patch, 107–108
Cisco Catalyst Center, 442–444 AoA (Angle of Arrival), 65, 324–325
Cisco Prime Infrastructure, 438–442 AP Join command, 463
categories of, 438–439 AP-COS, 167
Rogue APs, 439–442 ap-manager interface, 80
564 APoS (AP-on-a-stick) surveys
APoS (AP-on-a-stick) surveys, 40, 57 implementing with AireOS,

Application alarms, Cisco Catalyst 223–227
Center, 443 implementing with IOS XE
Application Visibility and Control controllers, 238–244
(AVC), 285–289 local switching, 220
APs (access points). See also site modes of operation, 221–222
surveys overview of, 219, 220–221
authentication, 473–483 resiliency, 230–231
autonomous, 176, 429 Smart AP Image Upgrades,
CAPWAP and 237–238
HA (high availability), 200, 203 split tunneling, 236–237
SD-Access (Software-Defined WAN requirements for, 222–223
Access), 514–516 grounding and securing, 79–80
session flow, 80–83 HA (high availability)
cells, 91 AP fallback, 205
CHDM (coverage hole detection and AP prioritization, 203–204
mitigation), 131–132
controller failures, detecting,
for client roaming 204–205
scanning process optimization, design of, 201–203
184–187
selection of, 184
location services for, 332–333
deployment. See deployment models
logical infrastructure requirements
design requirements
AAA (authentication,
coverage, defining, 91–98 authorization, and
coverage expansion with accounting), 83
additional APs, 98–102 CAPWAP flow, 80–83
for data deployment, 102–103 DHCP (Dynamic Host
high density, 103–111 Configuration Protocol), 83
for location, 111–112 licensing, 83–85
discovery, 118–122 overview of, 70, 80
fabric mode, 510 MAC addresses, 326, 455–456, 457,
FlexConnect 476
AAA survivability, 231–232 MAPs (mesh access points), 143, 144–
145, 431
ACLs (access control lists),
234–237 antennas, 150–152
best practices, 244–245 architecture of, 145–147
CAPWAP Message Aggregation, AWPP (Adaptive Wireless Path
233 Protocol), 152–154
FlexConnect groups, 227–230
Autonomous mode 565
daisy-chaining wireless mesh with CCX (Cisco Compatibility

links, 163–166 Extensions), 186
definition of, 145 sensitivity level, 92–93, 136–138
Ethernet bridging, 156–157 types of, 15–16
traffic flow through mesh, verifying location accuracy on,
155–156 377–379
modes of operation, 373 Wi-Fi 6 (802.11ax), 500–503
mounting, 76–79 ap-type ewc-ap command, 247
OEAP (Office Extend AP) on, 219, AQI (Air Quality Index), 456–457, 458
245–247 arbitration interframe space (AIFS),
physical infrastructure requirements 266
mounting access points, 76–79 architecture, SD-Access (Software-
MultiGigabit, 75–76 Defined Access)
overview of, 70 control plane, 511–512
PoE and PoE+, 73, 74 data plane, 512–513
power injectors, 75 overlay networks, 511–512
UPOE and UPOE+, 73–74 security plane, 512–513
RAPs (root access points), 145, 431 underlay networks, 511–512
antennas, 150–152 wireless capabilities, 514–516
architecture of, 145–147 archive download-sw command, 247
AWPP (Adaptive Wireless Path AR/VR, 498
Protocol), 152–154 association, 176
daisy-chaining wireless mesh asymmetric transmit power levels, 96
links, 163–166 attenuation values, 26–28
Ethernet bridging, 156–157 AUP (acceptable use policy), 407
traffic flow through mesh, authentication. See AAA
155–156 (authentication, authorization, and
RF (radio frequency) groups, 122–123 accounting)
RF (radio frequency) neighborhoods, authentication servers (AS), 388
118–121 authenticators, 388
rogue, 338–339, 439–442 authorization. See AAA
RSSI (received signal strength (authentication, authorization, and
indicator), 53, 92, 518 accounting)
scanning process optimization authorization method lists, 475
with 802.11k, 186–187 Automatic Frequency Coordinator
with 802.11v, 187 (AFC), 36
AP (access point) scanning autonomous APs (access points), 176,
process, 184–187 429
Autonomous mode, 82
566 AutoQoS, Fastlane
AutoQoS, Fastlane, 277–280 BYOD (Bring Your Own Device)

Availability alarms, Cisco Catalyst certificate provisioning, 414
Center, 443 CWA (central web authentication),
AVC (Application Visibility and 416–419
Control), 285–289 implementation, 407–408
AWPP (Adaptive Wireless Path LWA (local web authentication),
Protocol), 145–146, 152–155 415–416
on AireOS controller, 409–412
B with anchor controller, 413–414
with wireless controller, 408
BAR (Block Ack Responses), 329
Base license, CMX, 349 419–420
basic service area (BSA), 91 overview of, 406–407
basic service set (BSS), 91, 103, 500 self-registration, 415–416
BGN (bridge group name), 152
binary phase-shift keying (BPSK), 503
BLE (Bluetooth Low Energy), 65,
C
321–322, 338 C9800 ACLs (access control lists),
Block Ack Responses (BAR), 329 361–363
blueprint studies, 39 cable, MultiGigabit, 76
Bluetooth, 55, 321–322 caching
Bluetooth Low Energy (BLE), 65, OKC (Opportunistic Key Caching),
321–322, 338 190
Bonjour Gateway, 307 PKC (Proactive Key Caching), 190
BPSK (binary phase-shift keying), 503 PMKID (Pairwise Master Key ID),
bridge group name (BGN), 152 189–190
Bridge mode, 158 SKC (Secure Key Caching), 189–190
bridging, Ethernet, 156–157 Calibration Model, RF, 380–381
Bring Your Own Device. See BYOD CAM (Content-addressable memory)
(Bring Your Own Device) tables, 257
broadcast traffic CAPWAP (Control And Provisioning of
Wireless Access Points)
broadcast management frames, 296,
325–326 HA (high availability), 200, 203
definition of, 295 location services, 329
broadcast-unicast mode, WLCs mesh networks, 155–156
(wireless LAN controllers), 297 Message Aggregation, 233
Bronze QoS profile, 272–274 multicast traffic, 297–299
BSA (basic service area), 91 multicast traffic and, 295
BSS (basic service set), 91, 103, 500 QoS (quality of service)
Cisco Compatible Extensions (CCX) 567
mapping and marking schemes CCX (Cisco Compatible Extensions),

between client/controller, 96, 186, 430
269–271, 283–284 ceiling mounting access points, 77–79
profiles, 272–274 ceilings, QoS (quality of service),
SD-Access (Software-Defined Access), 272–274
514–516 cell of origin techniques, 323
session flow, 80–83 cells, access point
capwap ap mode bridge command, 161 further AP cell considerations, 95–98
capwap ap mode local command, 161 overview of, 91
Carrier Sense Multiple Access with receiver sensitivity level, 92–93
Collision Detection (CSMA/CD),
SNR (signal-to-noise ratio), 93–95
258–259
central switching, FlexConnect, 228
Carrier Sense Multiple Access/Collision
Avoidance (CSMA/CA), 259 central web authentication (CWA),
416–419
Cat5e cable, 76
Cat6 cable, 76
certificate-based EAP methods, 391
Cat6a cable, 76
certification
Catalyst 9800 Telemetry stats, 430
certification tracks, 495
Catalyst Center
references, 506
alarms, 442–444
Wi-Fi 6E, 505–506
client troubleshooting on, 452–454
Wi-Fi 7, 506
interference troubleshooting on,
457–458 Chanalyzer, 51–53
overview of, 334–335, 508 CHDM (coverage hole detection and
reports
Cisco Adaptive Wireless Intrusion
AI network analytics, 436–438
Prevention System, 337
dashboards, 434–436
Cisco Adaptive Wireless Path Protocol
overview of, 427–428, 434–438 (AWPP), 145–146, 152–155
types of, 434 Cisco Admission Control (NAC), 479
WIPS (Wireless Intrusion Prevention Cisco Catalyst Center. See Catalyst
System) on, 368–374 Center
CBWFQ (Class-Based Weighted Fair Cisco Centralized Key Management
Queueing), 266 (CCKM), 190, 227
CCA (clear channel assessment), Cisco Certification Roadmap, 495–496
101–102
Cisco CleanAir, 52, 338–339, 430,
CCKM (Cisco Centralized Key 455–458
Management), 190, 227
Cisco Compatible Extensions (CCX),
CCNA Community, 496 96, 186, 430
568 Cisco Connected Mobile Experience
Cisco Connected Mobile Experience. on WLCs (wireless LAN controllers),

See CMX (Cisco Connected Mobile 448–451
Experience) client profiling
Cisco Hyperlocation, 324, 332–333 configuration on AireOS controller,
Cisco MultiGigabit, 76 400–402
Cisco Network Admission Control configuration on IOS-XE controller,
(NAC), 479 403–405
Cisco Prime Infrastructure, 519 overview of, 398
Cisco radio resource management. See principles of, 398–400
RRM (radio resource management) Client reports, Cisco Prime
Cisco Secure Client, 419 Infrastructure, 430
Cisco Spaces clients
analytics, 355–358 802.11 capabilities, 11–13
initial setup, 355 connectivity, troubleshooting,
managing, 356–358 444–454
Connect service, 365–368 on Cisco Catalyst Center,
452–454
portal creation from scratch,
365–366 on Cisco Prime Infrastructure,
451–452
portal creation from template,
367–368 RF coverage validation, 446–448
location services, customizing, 344 troubleshooting method,
444–446
overview of, 331, 335–337
on WLCs (wireless LAN
services and licenses, 350–351
controllers), 448–451
tracking mobile devices with, 341
density
Cisco Spectrum Expert, 51–52
antennas, 107–109
Cisco Wi-Fi mesh configuration,
design requirements for, 103–109
157–163
Class-Based Weighted Fair Queueing
(CBWFQ), 266 transmit power level, limiting,
106
CleanAir, 52, 338–339, 430, 455–458
mobility
clear channel assessment (CCA),
101–102 AP (access point) scanning
optimization, 184–187
client connectivity, troubleshooting,
444–454 AP (access point) selection for,
184
on Cisco Catalyst Center, 452–454
association/reassociation, 176
on Cisco Prime Infrastructure,
451–452 autonomous APs, 176
RF coverage validation, 446–448 basic roaming process, 175–176
troubleshooting method, 444–446 fast secure roaming methods,
187–194
CommView for WiFi 569
inter-controller (Layer 2) WLC (wireless LAN controller)

roaming, 176–177 configuration, 359–361
inter-controller (Layer 3) HA (high availability), 374–376
roaming, 177–179 location services, customizing,
ME (Mobility Express), 219– 342–344
220, 247–251 services and licenses, 349, 350–351
mobility groups, 179–184 tracking mobile devices with, 338–341
mobility hierarchy, 179–181 cmxctl config command, 332, 333
mobility operations, 181–183 COF (Coverage Overlap Factor), 133
optimization, 184–187 command authorization, TACACS+,
tunneling, testing, 183–184 468–472
profiling commands
configuration on AireOS ap-type ewc-ap, 247
controller, 400–402 archive download-sw, 247
configuration on IOS-XE capwap ap mode bridge, 161
controller, 403–405
capwap ap mode local, 161
overview of, 398
cmxctl config, 332, 333
principles of, 398–400
config network a-discovery nat-ip-only
QoS (quality of service) on, 283–284 disable, 246
requirements for, 10–11 cping, 183–184
RF (radio frequency) capabilities, more bootflash:ewc_day0_device_
13–14 provisioning_guide, 248
rogue, 338–339 ping, 183–184
security capabilities, 14–15 show ip interface brief, 248
tracking show run, 243
with Cisco Spaces, 341 show wireless tag, 244
with CMX, 338–341 COMMANDS role, TACACS+, 468
CMs (cost metrics), 129–130 common deployment models
CMX (Cisco Connected Mobile education, 31–32
Experience), 330, 333–335
enterprise office, 28–29
analytics, 351–355
healthcare, 29–30
widgets, 353–355
hospitality and hotels, 30–31
zones, 352
hotspots, 31
Connect service, 358–365
manufacturing, 33
AireOS Versus C9800 ACLs,
retail, 32
361–363
small or home office, 29
CommView for WiFi, 51–52
portal configuration, 363–365
570 Compliance reports, Cisco Prime Infrastructure
Compliance reports, Cisco Prime Content-addressable memory (CAM)

Infrastructure, 430 tables, 257
Composite reports, Cisco Prime contention windows (CWs), 260,
Infrastructure, 430 266–267
Conference of Postal and Control And Provisioning of Wireless
Telecommunications Administrations Access Points. See CAPWAP
(CEPT) bands, 35 (Control And Provisioning of
config network a-discovery nat-ip-only Wireless Access Points)
disable command, 246 control channel, CAPWAP, 81
configuration. See implementation control plane (CP)
Connect service mapping server, 509
Cisco Spaces SD-Access, 511–512
portal creation from scratch, CONTROLLER role, TACACS+, 468
365–366 controllers, 518. See also deployment
portal creation from template, models; QoS (quality of service)
367–368 AAA (authentication, authorization,
CMX (Cisco Connected Mobile and accounting)
Experience) configuration overview, 466–468
AireOS Versus C9800 ACLs, RADIUS, 466–468
361–363
TACACS+, 468–472
AireOS
portal configuration, 363–365
WLC (wireless LAN controller) 361–363
configuration, 359–361
AP priority, 204
Connected alarms, Cisco Catalyst
Cisco Spaces deployment,
Center, 443
335–337
Connected mode, FlexConnect,
221–222
400–402
connectivity, troubleshooting,
FlexConnect implementation
444–454
with, 223–227
on Cisco Catalyst Center, 452–454
HA (high availability), 205–209
LWA (local web authentication),
451–452
409–412
RF coverage validation, 446–448
ME (Mobility Express), 219
troubleshooting method, 444–446
multicast. See multicast traffic
on WLCs (wireless LAN controllers),
QoS (quality of service) on,
448–451
280–282
Connectivity alarms, Cisco Catalyst
resiliency, 200–201
Center, 443
anchor, 178, 179, 413–414
convergence, mesh networks 571
client troubleshooting on, 448–451 IGMP snooping, 300–301, 304

EWC (Embedded Wireless Controller), LSS (Location Specific Services),
219–220, 247–251 306–307
failures, detecting, 204–205 mDNS (multicast DNS), 305–309
foreign, 178, 413 MGIDs (multicast group IDs),
guest portals, 359–361 299
Cisco Spaces Connect service, MLD (Multicast Listener
365–368 Discovery), 301
CMX Connect service, 358–365 multicast delivery, 297–299
HA (high availability) multicast delivery mode, 297
N+1 redundancy, 205–206 Multicast Direct, 310–314
N+N redundancy, 206 multicast groups, 295
N+N+1 redundancy, 207 multicast mode and group
address configuration,
overview of, 205
302–305
SSO redundancy, 208–209
interference troubleshooting on,
unicast/broadcast compared to,
455–457
294–297
IOS XE
unidirectional nature of, 296
POA (point of attachment), 178–179
403–405
POP (point of presence), 178–179
EWC (Embedded Wireless
Controller), 219–220, remote office wireless deployment
247–251 modes
FlexConnect implementation EWC (Embedded Wireless
with, 238–244 Controller), 219–220,
247–251
local deployment, 218–219
FlexConnect. See FlexConnect
local controller at each branch,
QoS (quality of service) on,
218–219
274–280
ME (Mobility Express), 219,
location services, 332–333
247–251
LWA (local web authentication), 408
OEAP (Office Extend AP), 219,
management interfaces, 80, 83 245–247
mapping and marking schemes resiliency of, 200–201
between client/controller, 269–271,
security, 392–398
283–284
convergence, mesh networks, 152–157
mesh networks, 143
AWPP (Adaptive Wireless Path
multicast traffic
Protocol), 145–146
definition of, 295
Cisco Adaptive Wireless Path Protocol
frames, 296 (AWPP), 152–155
572 convergence, mesh networks
Ethernet bridging, 156–157 CMX, 342–344

traffic flow through mesh, 155–156 Pearson Cert Practice Test Engine,
convex hull, 65 490–491
cost metrics (CMs), 129–130 CWA (central web authentication),
416–419
coverage, access point
CWs (contention windows), 260,
CHDM (coverage hole detection and
266–267
COF (Coverage Overlap Factor), 133
defining, 91–98 D
further AP cell considerations,
daisy-chaining wireless mesh links,
95–98
163–166
overview of, 91
dashboards, Cisco Catalyst Center,
receiver sensitivity level, 92–93 434–436
SNR (signal-to-noise ratio), data channel, CAPWAP, 81
93–95
data deployment model, 17–18, 62–65
expanding with additional APs,
AP (access point) deployment models,
98–102
17
validation of, 446–448
design requirements for, 102–103
coverage hole detection and mitigation
data plane, SD-Access, 512–513
(CHDM), 131–132
DBS (Dynamic Bandwidth Selection),
coverage holes, 131–132
129
Coverage Overlap Factor (COF), 133
DCA (dynamic channel assignment),
cping command, 183–184 128–131
CPU ACLs (access control lists), DCF (distributed coordination
483–484 function), 258–262
Create Custom Report page,, Cisco DCF Interframe Space (DIFS) timer,
Prime Infrastructure, 433–434 259
CSMA/CA (o Carrier Sense Multiple decibel milliwatts (dBm), 27
Access/Collision Avoidance), 259
decibels (dB), 27
CSMA/CD (Carrier Sense Multiple
deep packet inspection (DPI), 285
Access with Collision Detection),
258–259 default identity store, 477–478
Current reporting, Cisco Prime delivery, 297–299
Infrastructure, 429 density, client
customer requirements, evaluating, antennas, 107–109
8–10 overview of, 15, 103–106
customization transmit power level, limiting, 106
location services deny statement, 410
Cisco Spaces, 344
design, wireless network 573
deployment models, 17. See also EWC (Embedded Wireless

design, wireless network; site Controller), 219–220,
surveys 247–251
common models FlexConnect. See FlexConnect
education, 31–32 local controller at each branch,
enterprise office, 28–29 218–219
healthcare, 29–30 ME (Mobility Express), 219,
247–251
hospitality and hotels, 30–31
OEAP (Office Extend AP), 219,
hotspots, 31
245–247
manufacturing, 33
retail, 32
summary of, 22
voice/video
data
design requirements, applying,
design requirements, applying, 109–111
102–103
design, wireless network
design requirements, applying
AAA (authentication, authorization,
AP coverage, defining, 91–98 and accounting). See AAA
coverage expansion with (authentication, authorization, and
additional APs, 98–102 accounting)
for data deployment, 102–103 APs (access points). See APs (access
for high density, 103–109 points)
for location, 111–112 client mobility
for voice and video, 109–111 AP (access point) scanning
location services
AP (access point) selection for,
APs (access points), 332–333
184
association/reassociation, 176
CMX (Cisco Connected Mobile
autonomous APs, 176
basic roaming process, 175–176
design requirements, applying,
111–112 fast secure roaming methods,
187–194
location engines and services,
330–331 inter-controller (Layer 2)
roaming, 176–177
inter-controller (Layer 3)
overview of, 17
roaming, 177–179
remote office wireless deployment
mobility groups, 179–184
modes
mobility hierarchy, 179–181
mobility operations, 181–183
574 design, wireless network
tunneling, testing, 183–184 AAA (authentication,

clients authorization, and
accounting), 83
802.11 capabilities, 11–13
CAPWAP flow, 80–83
density of, 15
DHCP (Dynamic Host
requirements for, 10–11
Configuration Protocol), 83
RF (radio frequency) capabilities,
licensing, 83–85
13–14
overview of, 70, 80
security capabilities, 14–15
mesh networks. See mesh networks
customer requirements, 8–10
offsite site surveys
design process, 7–8
APoS (AP-on-a-stick) surveys, 40
design requirements
blueprint studies, 39
AP coverage, defining, 91–98
common deployment models,
coverage expansion with
28–33
additional APs, 98–102
effect of material attenuation on
for data deployment, 102–103
wireless design, 26–28
for high density, 103–109
Layer 1 sweep, 40
for location, 111–112
Layer 2 (validation), 40
for voice and video, 109–111
post-deployment, 40
effect of material attenuation on,
predictive, 39, 41–42
26–28
regulations, 34–39
HA (high availability) for APs
types of, 39–40
AP fallback, 205
validation survey, 40
AP prioritization, 203–204
walkthroughs, 39
204–205 wireless planning tools, 40–41
design of, 201–203 onsite site surveys
HA (high availability) for controllers AP-on-a-stick (APoS) surveys, 57
N+1 redundancy, 205–206 Layer 1 sweep, 51–56
N+N redundancy, 206 Layer 2 surveys, 56–65
N+N+1 redundancy, 207 post-deployment, 66–68
overview of, 205 walkthrough, 48–51
resiliency, 200–201 physical infrastructure requirements
SSO redundancy, 208–209 mounting access points, 76–79
wireless network failure points, MultiGigabit, 75–76
198–199 overview of, 70
logical infrastructure requirements PoE and PoE+, 73, 74
power injectors, 75
UPOE and UPOE+, 73–74
EDCA (Enhanced Distributed Channel Access) 575
process of, 7–8 DMVPN, 508

radio management. See RRM (radio DNA Center. See Catalyst Center
resource management) DPI (deep packet inspection), 285
validation surveys, 57–58 DRS (dynamic rate shifting), 95, 110
destination, MAC, 156 DS (distribution system), 200
device access controls DSCP (differentiated services code
AAA (authentication, authorization, point), 263–266
and accounting) DTPC (Dynamic Transmit Power
configuration overview, 466–468 Control), 96
design of, 465–466 duty cycle, 456
RADIUS, 466–468 Dynamic Bandwidth Selection (DBS),
TACACS+, 468–472 129
overview of, 464–465 dynamic channel assignment (DCA),
128–131
Device alarms, Cisco Catalyst Center,
443 Dynamic Frequency Selection (DFS)
channels, 12
device hardening
Dynamic Host Configuration Protocol
access point authentication, 473–483
(DHCP), 83
CPU ACLs (access control lists),
dynamic rate shifting (DRS), 95, 110
483–484
Dynamic Transmit Power Control
device access controls
(DTPC), 96
AAA (authentication,
authorization, and
accounting), 465–472 E
EAP (Extensible Authentication
Device reports, Cisco Prime
Infrastructure, 431
EAP-FAST (Flexible Authentication via
DFS (Dynamic Frequency Selection)
Secure Tunnels), 391, 392, 481
channels, 12, 149–150
EAP-MSCHAPv2, 390
DHCP (Dynamic Host Configuration
Protocol), 83 EAPoL (EAP over LAN), 188, 389
DHCP_reqd, 446 EAP-TLS (Transport Layer Security),
390–392
differentiated services code point
(DSCP), 263–266 earplugs, 488
DIFS (DCF Interframe Space) timer, ease, 152–153
259 EDCA (Enhanced Distributed Channel
discovery, NDP (Neighbor Discovery Access), 262–269
Protocol), 118–122, 518 802.11 TSpec (traffic specification),
distributed coordination function 268–269
(DCF), 258–262 access categories, 263–266
distribution system (DS), 200
576 EDCA (Enhanced Distributed Channel Access)
AIFSN (Arbitration Interframe Space exam updates, 491–492, 494–496

Number), 266 final preparation, 488–492
CW (Contention Window) study/review plan, 492
enhancements, 266–267
time management, 488
tools for, 489–491
TXOP (transmission opportunity),
ENWLSI 300–430 exam preparation
267–268
exam updates, 491–492, 494–496
EDRRM (Event-Driven RRM), 131,
457 final preparation, 488–492
education deployment model, 31–32 study/review plan, 492
effective isotropic radiated power time management, 488
(EIRP), 35, 147 tools for, 489–491
efficiency, location services, 374–381 EoIP (Ethernet-over-IP), 183, 413
CMX high availability, 374–376 EtherChannel, 201
location accuracy, managing, 376–381 Ethernet
AP setting verification, 377–379 bridging, 156–157
location requirements, 376–377 EoIP (Ethernet-over-IP), 183, 413
on MSE, 379–380 PoE (Power over Ethernet), 73, 74
RF Calibration Model on Prime ETSI (European Telecommunications
Infrastructure, 380–381 Standards Institute), 34–39
EIFS (extended interframe space), 504 EULA (end user license agreement), 84
EIGRP (effective isotropic radiated evaluation licenses, 84
power), 147 Event-Driven RRM (EDRRM), 131,
EIRP (effective isotropic radiated 457
power), 35 EWC (Embedded Wireless Controller),
Ekahau Pro, 41, 57 219–220, 247–251
Ekahau Survey, 57 exam preparation
ELM (Enhanced Local mode), 373 exam updates, 491–492, 494–496
Embedded Wireless Controller (EWC), final preparation, 488–492
219–220, 247–251 study/review plan, 492
end user license agreement (EULA), 84 time management, 488
engines, location, 330–331 tools for, 489–491
Enhanced Distributed Channel Access. exclusion areas, CMX location
See EDCA (Enhanced Distributed services, 352
Channel Access)
Extend license, Cisco Spaces, 350
Enhanced Local mode (ELM), 373
extended interframe space (EIFS), 504
enterprise office deployment model,
extended nodes, SD-Access (Software-
28–29
Defined Access), 510
ENWLSD 300–425 exam preparation
frequency bands 577
F CAPWAP Message Aggregation, 233

central switching, 228
fabric border nodes, 509 FlexConnect groups, 227–230
fabric edge nodes, 509 implementing with AireOS, 223–227
fabric mode APs, 510 implementing with IOS XE controllers,
238–244
fabric wireless controllers, 510
local switching, 220
fabrics, network, 508–510
modes of operation, 221–222
failover, CMX, 375–376
failure points, 198–199, 204–205
fallback, AP (access point), 205
Smart AP Image Upgrades, 237–238
Fast BSS Transition (FT), 190–193
split tunneling, 236–237
fast Fourier transform (FFT), 53
WAN requirements for, 222–223
fast secure roaming methods
Flexible Authentication via Secure
802.11r, 190–193
Tunnels (EAP-FAST), 391, 392
CCKM (Cisco Centralized Key
Flexible NetFlow (FNF), 285
Management), 190
Flexible Radio Assignment (FRA), 108,
OKC (Opportunistic Key Caching),
132–134
190
FlexVPN, 508
PMKID (Pairwise Master Key ID)
caching, 189–190 FNF (Flexible NetFlow), 285
preauthentication, 190 foreign controllers, 178, 413
RSN (robust security network), FQDNs (fully qualified domain names),
187–189 431–432
Fastlane, 276–280 FRA (Flexible Radio Assignment), 108,
132–134
FastLocate, 327–330, 332–333, 335
frames
Fault reports, Cisco Prime
Infrastructure, 431 802.11 frames used for location,
325–328
FCC (Federal Communications
Commission), 34 broadcast, 296
FFT (fast Fourier transform), 53 multicast, 296
Fine Timing Measurement (FTM), 65, frequency bands
322 mesh networks
fingerprinting, RF, 323 DFS (Dynamic Frequency
Flex+Bridge mode, 158 Selection), 149–150
FlexConnect, 157 supported frequency bands,
147–149
AAA survivability, 231–232
U-NII (Unlicensed National
ACLs (access control lists), 234–237
Information Infrastructure), 12–13,
best practices, 244–245 35–36, 147–149
578 frequency bands
UWB (Ultra-Wide Band), 321 LWA (local web authentication),

FTM (Fine Timing Measurement), 65, 409–416
322 native supplicant provisioning,
fully integrated SD-Access mode, 419–420
514–516 overview of, 406–407
fully qualified domain names (FQDNs), self-registration, 415–416
431–432 guest anchors, 179
guest portals
G Cisco Spaces Connect service,
365–368
Generic Protocol Extension (GPE), 513 portal creation from scratch,
generic routing encapsulation (GRE), 365–366
508 portal creation from template,
GMKs (Group Master Keys), 188 367–368
Gold QoS profile, 272–274 CMX Connect service, 358–365
GPE (Generic Protocol Extension), 513 AireOS Versus C9800 ACLs,
GPS, 320. See also location services 359–361
GRE (generic routing encapsulation), overview of, 358–359
508 WLC (wireless LAN controller)
grounding, 79–80 configuration, 359–361
group address configuration, 302–305 Guest reports, Cisco Prime
Infrastructure, 431
group leaders, 122–123
Group Master Keys (GMKs), 188
groups H
FlexConnect, 227–230
HA (high availability)
LAGs (link aggregation groups),
for APs (access points), 201–205
200–201
AP fallback, 205
mobility
AP prioritization, 203–204
mobility hierarchy, 179–181
mobility operations, 181–183
204–205
overview of, 179
design of, 201–203
tunneling, testing, 183–184
CMX location services, 374–376
multicast, 295
for controllers
RF (radio frequency), 122–123
N+1 redundancy, 205–206
guest access
N+N redundancy, 206
N+N+1 redundancy, 207
CWA (central web authentication),
overview of, 205
416–419
implementation, 407–408
implementation 579
SSO redundancy, 208–209 IEEE (Institute of Electrical and

wireless network failure points, Electronics Engineers), 34, 73
198–199 802.11 standard. See 802.11 standard
Hamina, 40, 57 802.15.4 standard, 321
handshake, 4-way, 188 802.3af standard, 73
Health page, Catalyst Center, 802.3at standard, 73
434–436, 452–453 802.3bt standard, 73
healthcare deployment model, 29–30 WPA3 (Wireless Protected Access
heat maps, 339 version 3), 384–385
Hide Acknowledge Alarms setting, IGMP (Internet Group Management
Cisco Prime Infrastructure, 440 Protocol)
hierarchy, mobility, 179–181 IGMP snooping, 300–301, 304
high density, design requirements for Membership Report messages, 297
antennas, 107–109 images, Smart AP Image Upgrades,
overview of, 103–109 237–238
transmit power level, limiting, 106 implementation
Historical reporting, Cisco Prime access point authentication, 473–483
Infrastructure, 429 CPU ACLs (access control lists),
home office deployment model, 29 483–484
hospitality/hotels deployment model, device access controls
30–31 AAA (authentication,
hotspots, 31 authorization, and
accounting), 465–472
HTTPS traffic, AireOS Versus C9800
ACLs for, 361–363 overview of, 464–465
Hyperlocation, 324, 332–333 RADIUS, 466–468
TACACS+, 468–472
I device hardening
access point authentication,
IAPP (Internet Access Point Protocol), 473–483
167 CPU ACLs (access control lists),
IBN (intent-based networking), 508 483–484
Identity Services Engine. See ISE device access controls, 464–472
(Identity Services Engine) EWC (Embedded Wireless Controller),
identity stores, 389, 390, 396, 415, 219–220, 247–251
477–478 FlexConnect
IDF (intermediate distribution frame), AAA survivability, 231–232
50 ACLs (access control lists),
IEC (International Electrotechnical 234–237
Commission), 33 with AireOS, 223–227
580 implementation
best practices, 244–245 unidirectional nature of, 296

CAPWAP Message Aggregation, OEAP (Office Extend AP), 219,
233 245–247
central switching, 228 QoS (quality of service)
FlexConnect groups, 227–230 ACM (Admission Control
with IOS XE controllers, Mandatory), 268–269
238–244 on AireOS controllers, 280–282
local switching, 220 AVC (Application Visibility and
modes of operation, 221–222 Control), 285–289
overview of, 219, 220–221 CSMA/CA (o Carrier Sense
Multiple Access/Collision
Avoidance), 259
Smart AP Image Upgrades,
CSMA/CD (Carrier Sense
237–238
Multiple Access with Collision
split tunneling, 236–237 Detection), 258–259
WAN requirements for, 222–223 CWs (contention windows), 260
local controller at each branch, DCF (distributed coordination
218–219 function), 258–262
location services. See location services DSCP (differentiated services
ME (Mobility Express), 219 code point), 263–266
multicast EDCA (Enhanced Distributed
definition of, 295 Channel Access), 262–269
frames, 296 Fastlane, 263–266
IGMP snooping, 300–301, 304 on IOS XE controllers, 274–280
LSS (Location Specific Services), mapping and marking schemes
306–307 between client/controller,
269–271, 283–284
mDNS (multicast DNS), 305–309
MGIDs (multicast group IDs),
299 profiles, 272–274
MLD (Multicast Listener QoS ceilings for WLAN,
Discovery), 301 272–274
multicast delivery, 297–299 for wireless clients, 283–284
Multicast Direct, 310–314 WMM (Wireless Multimedia),
263–266
multicast groups, 295
security. See also AAA
multicast mode and group
(authentication, authorization, and
address configuration,
accounting)
302–305
802.1X, 392–398
BYOD (Bring Your Own Device),
unicast/broadcast compared to,
406–420
294–297
interferers 581
client profiling, 398–405 AAA (authentication,

EAP (Extensible Authentication authorization, and
Protocol), 389–392 accounting), 83
guest access, 406–420 CAPWAP flow, 80–83
ISE (Identity Services Engine), DHCP (Dynamic Host
392–398 Configuration Protocol), 83
wireless controllers, 392–398 licensing, 83–85
wireless network authentication overview of, 70, 80
framework, 387–389 physical
inclusion areas, CMX location services, mounting access points, 76–79
352 MultiGigabit, 75–76
indoor location overview of, 70
infrastructure and 802.11-based PoE and PoE+, 73, 74
location, 323–328
power injectors, 75
protocols, 321–322
initiating station (ISTA), 322
industries, common deployment
inner methods, EAP (Extensible
models for
Authentication Protocol), 390
education, 31–32
Intelligent Capture, 337, 434, 449, 454
enterprise office, 28–29
intent-based networking (IBN), 508
healthcare, 29–30
inter-controller (Layer 2) roaming,
hospitality and hotels, 30–31 176–177
hotspots, 31 inter-controller (Layer 3) roaming,
manufacturing, 33 177–179
retail, 32 interfaces
small or home office, 29 definition of, 299
infrastructure, location services, primary, 155–156
323–328 secondary, 155–156
802.11 frames used for location, interferences, troubleshooting,
325–328 455–458
AoA (Angle of Arrival) techniques, on Cisco Catalyst Center, 457–458
324–325
cell of origin techniques, 323 457–458
precision versus accuracy in, 328 on WLCs (wireless LAN controllers),
RSSI trilateration techniques, 323–324 455–457
infrastructure requirements interferers, 338–339
logical mapping and evaluation, 56
types and effects, 54–56
582 intermediate distribution frame (IDF)
intermediate distribution frame (IDF), native supplicant provisioning,

50 419–420
intermediate nodes, 510 overview of, 449, 508
International Electrotechnical security, 392–398
Commission (IEC), 33 IS-IS, 511
Internet Access Point Protocol (IAPP), ISM (Industrial, Scientific, and
161 Medical) bands, 35, 49
Internet Group Management Protocol. ISTA (initiating station), 322
See IGMP (Internet Group
Management Protocol)
Internet of Things, 503–505 J-K
Inter-Release Controller Mobility
jammers, 56
(IRCM), 183
jitter, 19, 21, 110
IOS XE controllers. See also controllers
keys
AP priority, 204
Management), 227
403–405
GMKs (Group Master Keys), 188
EWC (Embedded Wireless Controller),
219–220, 247–251 MSKs (Master Session Keys), 188
FlexConnect implementation with, OKC (Opportunistic Key Caching),
238–244 190, 227
HA (high availability), 205–209 PMKID (Pairwise Master Key ID)
caching, 189–190
local deployment, 218–219
PSKs (pre-shared keys), 175, 187, 407
KPIs (key performance indicators), AI
QoS (quality of service) on, 274–280
network analytics, 436–438
IoT (Internet of Things), 503–505
IRCM (Inter-Release Controller
L
Mobility), 183
L2authcomplete, 445–446
ISE (Identity Services Engine). See also
LAGs (link aggregation groups),
device access controls
200–201
client profiling
latency, 19, 21, 110
configuration on AireOS
Layer 1 sweep
interferer types and effects, 54–56
configuration on IOS-XE
controller, 403–405 overview of, 40, 51
overview of, 398 tools for, 51–54
principles of, 398–400 Layer 2 surveys
CWA (central web authentication), data/voice/location deployments,
416–419 62–65
logical infrastructure requirements 583
overview of, 40 location engines and services,

site survey process, 56–62 330–331
LDAP (Lightweight Directory Access overview of, 329–337
Protocol), 389, 412 FastLocate, 327–330, 332–333, 335
licensing, 83–85 guest portals
Cisco Spaces, 350–351 Cisco Spaces Connect service,
CMX, 349 365–368
RTU (Right to Use), 84 CMX Connect service, 358–365
Smart Licensing, 84–85 indoor location
lifecycle, network, 427 infrastructure and 802.11-based
location, 323–328
Lightweight Directory Access Protocol
(LDAP), 389, 412 overview of, 320–321
link aggregation groups (LAGs), protocols, 321–322
200–201 location accuracy, 321, 324, 325, 328,
LISP, 512 376–381
LOBBY role, TACACS+, 468 location operational efficiency,
374–381
Local (standard) mode, 373
CMX high availability, 374–376
local mode, 157
location accuracy, managing,
local switching, 220
376–381
local web authentication. See LWA
location precision, 328
(local web authentication)
mobile device tracking
location accuracy, 321, 324, 325, 328
with Cisco Spaces, 341
location deployment model, 20–21,
62–65, 111–112 with CMX, 338–341
location precision, 328 position versus location, 321
location services services and licenses
analytics Cisco Spaces, 350–351
Cisco Spaces, 355–358 CMX, 349, 350–351
CMX, 351–355 WIPS (Wireless Intrusion Prevention
System) on Catalyst Center,
Cisco Hyperlocation, 332–333
368–374
customizing
zones, 352–355
Cisco Spaces, 344
Location Specific Services (LSS),
CMX location services, 342–344 306–307
deployment of, 329–337 logical infrastructure requirements
APs (access points), 332–333 AAA (authentication, authorization,
Cisco Spaces, 329–337 and accounting), 83
CMX (Cisco Connected Mobile CAPWAP flow, 80–83
584 logical infrastructure requirements
DHCP (Dynamic Host Configuration mDNS (multicast DNS), 305–309

Protocol), 83 ME (Mobility Express), 219, 247–251
licensing, 83–85 Membership Report messages (IGMP),
overview of, 70, 80 297
LSS (Location Specific Services), mesh networks
306–307 architecture and components
LTE (4G), 503 mesh access points, 143,
LWA (local web authentication) 144–145
on AireOS controller, 409–412 overview of, 142–143, 145–147
with anchor controller, 413–414 Prime Infrastructure/Catalyst
overview of, 415–416 Center, 143
with wireless controller, 408, 409–412 WLCs (wireless LAN
controllers), 143
M Cisco Wi-Fi mesh configuration,

157–163
convergence and traffic flow
MAC addresses, 326, 455–456, 457,
476 AWPP (Adaptive Wireless Path
management interfaces, 80, 83
Cisco Adaptive Wireless Path
MANAGEMENT role, TACACS+, 468
Protocol (AWPP), 152–155
manufacturing deployment model, 33
Ethernet bridging, 156–157
mapping schemes between client/
traffic flow through mesh,
155–156
MAPs (mesh access points), 431
antennas, 150–152 163–166
architecture of, 145–147 MAPs (mesh access points)
AWPP (Adaptive Wireless Path antennas, 150–152
architecture of, 145–147
AWPP (Adaptive Wireless Path
163–166
definition of, 145
daisy-chaining wireless mesh
Ethernet bridging, 156–157 links, 163–166
traffic flow through mesh, 155–156 definition of, 145
marking schemes between client/ Ethernet bridging, 156–157
controller, 269–271, 283–284
traffic flow through mesh,
Master Session Keys (MSKs), 188 155–156
material attenuation, effect on wireless RAPs (root access points), 145
design, 26–28
antennas, 150–152
MCS (modulation and coding schemes),
architecture of, 145–147
56–57
modulation and coding schemes (MCS) 585
AWPP (Adaptive Wireless Path 802.11v, 187

Protocol), 152–154 CCX (Cisco Compatibility
daisy-chaining wireless mesh Extensions), 186
links, 163–166 passive versus active scanning,
Ethernet bridging, 156–157 185
traffic flow through mesh, AP (access point) selection for, 184
155–156 association/reassociation, 176
reports, 431 autonomous APs, 176
site preparation and planning basic roaming process, 175–176
antennas and mounting fast secure roaming methods
considerations, 150–152
802.11r, 190–193
challenges of, 147
DFS (Dynamic Frequency Management), 190
Selection), 149–150
supported frequency bands, Caching), 190
147–149
WGBs (workgroup bridges), 169 ID) caching, 189–190
Mesh reports, Cisco Prime preauthentication, 190
Infrastructure, 431
RSN (robust security network),
Message Aggregation, CAPWAP, 233 187–189
MetaGeek Chanalyzer, 51–53 inter-controller (Layer 2) roaming,
MetaGeek Map-Plan, 57 176–177
MGIDs (multicast group IDs), 299 inter-controller (Layer 3) roaming,
mGig. See MultiGigabit 177–179
Microsoft Challenge-Handshake ME (Mobility Express), 219–220,
Authentication Protocol (MSCHAP), 247–251
390 mobility domains, 180
microwave ovens, 55 mobility groups
MIMO (multiple input, multiple mobility hierarchy, 179–181
output), 499 mobility operations, 181–183
MLD (Multicast Listener Discovery), overview of, 179
301
tunneling, testing, 183–184
mobile device tracking
Mobility Express. See ME (Mobility
with Cisco Spaces, 341 Express)
with CMX, 338–341 modes of operation, FlexConnect,
mobility, client 221–222
AP (access point) scanning modulation and coding schemes (MCS),
optimization, 184–187 56–57
802.11k, 186–187
586 Monitor mode
Monitor mode, 157, 373 mounting considerations, 76–79,

MONITOR role, TACACS+, 468 149–150
monitoring WLAN (wireless LAN) MPLS (Multiprotocol Label Switching),
components 508
Cisco Catalyst Center alarms, MSCHAP (Microsoft Challenge-
442–444 Handshake Authentication Protocol),
390
Cisco Catalyst Center reports
MSE, managing location accuracy on,
AI network analytics, 436–438
379–380
MSKs (Master Session Keys), 188
Multicast Direct, 310–314
types of, 434
multicast DNS (mDNS), 305–309
Cisco Prime Infrastructure alarms
multicast group IDs (MGIDs), 299
categories of, 438–439
Multicast Listener Discovery (MLD),
Rogue APs, 439–442 301
Cisco Prime Infrastructure reports multicast mode, 297–299, 302–305
overview of, 427–428 multicast traffic
scheduling and managing, definition of, 295
432–434
frames, 296
types of, 428–432
group address configuration, 302–305
client connectivity, troubleshooting
IGMP snooping, 300–301, 304
on Cisco Catalyst Center,
LSS (Location Specific Services),
452–454
306–307
mDNS (multicast DNS), 305–309
451–452
MGIDs (multicast group IDs), 299
MLD (Multicast Listener Discovery),
troubleshooting method,
301
444–446
multicast delivery in wireless
networks, 297–299
Multicast Direct, 310–314
RF (radio frequency) interferences
multicast groups, 295
457–458 overview of, 294–297
on Cisco Prime Infrastructure, unicast/broadcast compared to,
457–458 294–297
on WLCs (wireless LAN unidirectional nature of, 296
controllers), 455–457 multicast-unicast mode, 297–299
more bootflash:ewc_day0_device_ MultiGigabit, 75–76
provisioning_guide command, 248 multiple input, multiple output
(MIMO), 499
offsite site surveys 587
Multiprotocol Label Switching (MPLS), profiles, 476–477

508 Network Devices menu, 469
MU-MINO (multi-user MIMO), 500 network fabrics, 508–510
Network Health page, Catalyst Center,
N 434–436, 452–453
network lifecycle, 427
N+1 redundancy, 205–206 Network Mobility Services Protocol
N+N redundancy, 206 (NMSP), 337
N+N+1 redundancy, 207 Network Spectrum Interface (NSI), 52
NAC (Cisco Admission Control), 479 Network Summary reports, Cisco
NADs (Network Access Devices), 388 Prime Infrastructure, 431
narrow transmitters, 55 Network-Based Application
Recognition Version 2 (NBAR2), 285
NAS (Network Authentication Server),
388 NMSP (Network Mobility Services
Protocol), 337
National Electrical Manufacturers
Association (NEMA), 32, 33, 77 nodes, SD-Access (Software-Defined
Access), 509–510
419–420 noise floor, 93
native VLAN configuration, note taking, 489
FlexConnect, 225–227 NSI (Network Spectrum Interface), 52
NBAR2 (Network-Based Application
Recognition Version 2), 285
NBASE-T Alliance, 76
O
NDP (Neighbor Discovery Protocol), Occupational Safety and Health
118–122, 518 Administration (OSHA), 39
neighbor lists, 521–524 OEAP (Office Extend AP), 219,
neighborhoods, RF (radio frequency), 245–247
123 OFDM (orthogonal frequency-division
NEMA (National Electrical multiplexing), 499, 501–503
Manufacturers Association), 32, 33, OFDMA (orthogonal frequency-
77 division multiple access), 501–503
NetSpot, 57 Office Extend AP (OEAP), 219,
Network Access Devices (NADs), 388 245–247
Network Authentication Server (NAS), offline access, Pearson Cert Practice
388 Test Engine, 489–491
network design. See design, wireless offsite predictive tools, 40
network offsite site surveys
network devices APoS (AP-on-a-stick) surveys, 40
adding, 469 blueprint studies, 39
588 offsite site surveys
common deployment models data/voice/location

education, 31–32 deployments, 62–65
enterprise office, 28–29 site survey process, 56–62
healthcare, 29–30 post-deployment, 66–68
hospitality and hotels, 30–31 walkthrough, 48–51
hotspots, 31 onsite survey tools, 40
manufacturing, 33 operational efficiency, location
services, 374–381
retail, 32
CMX high availability, 374–376
location accuracy, managing, 376–381
effect of material attenuation on
wireless design, 26–28 AP setting verification, 377–379
Layer 1 sweep, 40 location requirements, 376–377
Layer 2 (validation), 40 on MSE, 379–380
post-deployment, 40 RF Calibration Model on Prime
Infrastructure, 380–381
predictive, 39, 41–42
operations, mobility, 181–183
regulations, 28–29, 34–39
Opportunistic Key Caching (OKC),
types of, 39–40
190, 227
optimization
walkthroughs, 39
AP (access point) call sensitivity,
wireless planning tools, 40–41 136–138
OKC (Opportunistic Key Caching), client mobility
190, 227
with 802.11k, 186–187
omnidirectional antenna, 92, 106–108,
with 802.11v, 187
111
AP (access point) scanning
Onboarding alarms, Cisco Catalyst
process, 184–187
Center, 443
with CCX (Cisco Compatibility
online access, Pearson Cert Practice
Extensions), 186
Test Engine, 489–491
fast secure roaming methods,
onsite site surveys
187–194
AP-on-a-stick (APoS) surveys, 57
orchestration, SD-Access (Software-
Layer 1 sweep Defined Access), 508
interferer mapping and orthogonal frequency-division multiple
evaluation, 56 access (OFDMA), 501–503
interferer types and effects, orthogonal frequency-division
54–56 multiplexing (OFDM), 499, 501–503
overview of, 51 OSHA (Occupational Safety and
tools for, 51–54 Health Administration), 39
Layer 2 surveys OTT (over-the-top) model, 514
overlay networks, 511–512
practice exams, Pearson Cert Practice Test Engine 589
P planning. See also design, wireless

network
mesh network sites
packet loss, 19, 21, 110
antennas and mounting
Pairwise Master Key ID (PMKID)
considerations, 150–152
caching, 189–190
challenges of, 147
PAKs (product activation keys), 84
DFS (Dynamic Frequency
passive scanning, 185
Selection), 149–150
patch antennas, 107–108
supported frequency bands,
Path Trace, 453 147–149
PBM (Plan-Build-Manage) process, 7–8 tools for, 40–41
PCI (Payment Card Industry), 32, 430 plans, study/review, 492
PDs (powered devices), 73 Platinum QoS profile, 272–274
PEAP (Protected EAP), 391, 392 PMKID (Pairwise Master Key ID)
Pearson Cert Practice Test Engine, caching, 189–190
489–491 POA (point of attachment), 178–179
peer-to-peer blocking, 17 PoE (Power over Ethernet), 50
PER (packet error rate), 110 comparison of, 74
Performance reports, Cisco Prime PoE and PoE+, 73, 74
Infrastructure, 431
perimeter, 352
policy
permanent licenses, 84
policy sets, 482–483
permit statement, 410
SD-Access (Software-Defined Access),
PHY technologies, 498 508
physical infrastructure requirements TACACS+, 471–473
mounting access points, 76–79 Policy Services Node (PSN), 419
MultiGigabit, 75–76 POP (point of presence), 178–179
overview of, 70 portals. See guest portals
PoE and PoE+, 73, 74 ports, 83
power injectors, 75 position, location versus, 321
UPOE and UPOE+, 73–74 post-deployment site surveys, 40,
PI. See Prime Infrastructure 66–68
PIM (Protocol Independent Multicast), power injectors, 75
297 Power over Ethernet (PoE), 50, 73, 74
ping command, 183–184 power sourcing equipment (PSE), 73
PKC (Proactive Key Caching), 190 powered devices (PDs), 73
Plan-Build-Manage (PBM) process, 7–8 PPDIOO process, 7–8, 427
planes, SD-Access (Software-Defined practice exams, Pearson Cert Practice
Access), 511–512 Test Engine, 489–491
590 preauthentication
preauthentication, 190, 359–360 product activation keys (PAKs), 84

“precious metal” QoS profiles, 272–274 profiles
precision, location, 328 client profiling
predictive planning site surveys, 41–42 configuration on AireOS
predictive surveys, 39 controller, 400–402
Premium Edition, 491–492 configuration on IOS-XE
preparation, exam
overview of, 398
exam updates, 494–496
principles of, 398–400
final preparation, 488–492
network device, 476–477
study/review plan, 492
QoS (quality of service), 272–274
time management, 488
RF (radio frequency), 134–136
tools for, 489–491
TACACS+, 468–472
preparation, mesh network sites
WIPS (Wireless Intrusion Prevention
antennas and mounting considerations,
System), 368–374
150–152
Protected EAP (PEAP), 391, 392
challenges of, 147
Protocol Independent Multicast (PIM),
DFS (Dynamic Frequency Selection),
297
149–150
provisioning, certificate, 414
supported frequency bands, 147–149
PSE (power sourcing equipment), 73
pre-shared keys (PSKs), 175, 187, 407
pseudo-MAC addresses, 455–456, 457
primary interfaces, 155–156
PSKs (pre-shared keys), 175, 187, 407
Prime Infrastructure
PSN (Policy Services Node), 419
alarms, 438–442
categories of, 438–439
Rogue APs, 439–442 Q
client troubleshooting on, 451–452
QAM (quadrature amplitude
interference troubleshooting on, modulation), 499
457–458
QoS (quality of service)
overview of, 41, 143, 334–335, 519
ACM (Admission Control Mandatory),
reports 268–269
overview of, 427–428 on AireOS controllers, 280–282
scheduling and managing, AVC (Application Visibility and
432–434 Control), 285–289
types of, 428–432 CSMA/CA (o Carrier Sense Multiple
RF Calibration Model on, 380–381 Access/Collision Avoidance), 259
prioritization, 203–204 CSMA/CD (Carrier Sense Multiple
Proactive Key Caching (PKC), 190 Access with Collision Detection),
258–259
Probing, 445
remote office wireless deployment modes 591
CWs (contention windows), 260 RAPs (root access points), 145, 431
DCF (distributed coordination Raw NetFlow reports, 431–432
function), 258–262 real-time location services (RTLS),
DSCP (differentiated services code 20–21 111
point), 263–266 reassociation, 176
EDCA (Enhanced Distributed Channel received signal strength indicator
Access) (RSSI), 53, 92, 118–121, 518
802.11 TSpec (traffic receiver sensitivity level, 14, 20, 92–93,
specification), 268–269 136–138
access categories, 263–266 Receiver Start of Packet Threshold
AIFSN (Arbitration Interframe Detection (RxSOP), 136–138
Space Number), 266 receivers, MAC, 156
CW (Contention Window) redundancy, controllers
enhancements, 266–267
N+1 redundancy, 205–206
N+N redundancy, 206
TXOP (transmission
N+N+1 redundancy, 207
opportunity), 267–268
SSO redundancy, 208–209
Fastlane, 263–266
regulations, site surveys, 34–39
on IOS XE controllers, 274–280
Remote Authentication Dial-In User
mapping and marking schemes
Service. See RADIUS (Remote
between client/controller, 269–271,
Authentication Dial-In User Service)
283–284
remote office wireless deployment
modes
profiles, 272–274
EWC (Embedded Wireless Controller),
QoS ceilings for WLAN, 272–274 219–220, 247–251
for wireless clients, 283–284 FlexConnect
WMM (Wireless Multimedia), AAA survivability, 231–232
263–266
quadrature amplitude modulation 234–237
(QAM), 499
best practices, 244–245
CAPWAP Message Aggregation,
R 233
central switching, 228
radio frequency. See RF (radio
FlexConnect groups, 227–230
frequency)
implementing with AireOS,
radio resource management. See RRM
223–227
(radio resource management)
implementing with IOS XE
RADIUS (Remote Authentication
controllers, 238–244
Dial-In User Service), 387–391,
392–398, 412, 416–417, 466–468 modes of operation, 221–222
592 remote office wireless deployment modes
overview of, 219, 220–221 transmit power level, limiting,

resiliency, 230–231 106
Smart AP Image Upgrades, for location, 111–112
237–238 for voice and video, 109–111
split tunneling, 236–237 resiliency
WAN requirements for, 222–223 of controllers, 201–205
local controller at each branch, FlexConnect, 230–231
218–219 resource units (RUs), 501
ME (Mobility Express), 219, 247–251 responding station (RSTA), 322
OEAP (Office Extend AP), 219, retail deployment model, 32
245–247
RF (radio frequency), 91. See also APs
overview of, 218–220 (access points)
reports ASIC chip, 455–456
Cisco Catalyst Center reports client capabilities, 13–14
AI network analytics, 436–438 coverage, validation of, 446–448
dashboards, 434–436 fingerprinting, 323
overview of, 427–428 group leaders, 122–123
types of, 434 interferences, troubleshooting
Cisco Prime Infrastructure on Cisco Catalyst Center,
overview of, 427–428 457–458
scheduling and managing, on Cisco Prime Infrastructure,
432–434 457–458
types of, 428–432 on WLCs (wireless LAN
requirements for wireless design, controllers), 455–457
applying neighborhoods, 123
AP coverage, defining profiles, 134–136
further AP cell considerations, RF Calibration Model on Prime
95–98 Infrastructure, 380–381
overview of, 91 RF groups, 122–123
receiver sensitivity level, 92–93 RF shadowing effect, 151
SNR (signal-to-noise ratio), Wi-Fi RF regulations, 34–39
93–95 RFID tags, 338–339
coverage expansion with additional Right to Use (RTU) licensing, 84
APs, 98–102
RLDP (Rogue Location Discovery
for data deployment, 102–103 Protocol), 441
for high density RLOCs (routing locators), 512
antennas, 107–109 roaming
overview of, 103–106 AP (access point) scanning
RRM (radio resource management) 593
802.11k, 186–187 architecture of, 145–147

802.11v, 187 AWPP (Adaptive Wireless Path
CCX (Cisco Compatibility Protocol), 152–154
Extensions), 186 daisy-chaining wireless mesh links,
passive versus active scanning, 163–166
185 Ethernet bridging, 156–157
AP (access point) selection for, 184 traffic flow through mesh, 155–156
association/reassociation, 176 routing locators (RLOC), 512
autonomous APs, 176 RRM (radio resource management)
basic roaming process, 175–176 AP call sensitivity optimization,
fast secure roaming methods 136–138
802.11r, 190–193 CHDM (coverage hole detection and
Management), 190 DCA (dynamic channel assignment),
128–131
Caching), 190 EDRRM (Event-Driven RRM), 131,
457
ID) caching, 189–190 FRA (Flexible Radio Assignment),
132–134
preauthentication, 190
NDP (Neighbor Discovery Protocol),
RSN (robust security network),
118–122, 518
187–189
overview of, 29, 63, 103, 117–118,
inter-controller (Layer 2), 176–177
215, 515
inter-controller (Layer 3), 177–179
RF (radio frequency) groups, 122–123
mobility groups
RF (radio frequency) neighborhoods,
mobility hierarchy, 179–181 118–121
mobility operations, 181–183 RF (radio frequency) profiles, 134–136
tunneling, testing, 183–184 RxSOP (Receiver Start of Packet
robust security network (RSN), Threshold Detection), 136–138
187–189 TPC (transmit power control)
Rogue Location Discovery Protocol algorithm
(RLDP), 441 AP cell sizes, 527–531
rogues AP transmit power level value
ad hoc rogues, 439, 442 correlation, 524
rogue APs, 338–339, 439–442 example scenario for, 518
rogue clients, 338–339 gathering data for, 518–521
roles, TACACS+, 468 neighbor lists, 521–524
root access points (RAPs), 145, 431 overview of, 124–128
antennas, 150–152 parameters for AP-1 through
AP-10, 526–527
594 RRM (radio resource management)
parameters to calculate Tx_Ideal, policy, 508

526 security plane, 512–513
results of, 524–531 software-defined networking (SDN)
RSN (robust security network), components, 508
187–189 underlay networks, 511–512
RSSI (received signal strength wireless capabilities of, 514–516
indicator)
SDN (software-defined networking)
Cisco Spaces settings, 344 components, 508
CMX settings, 342–344 secondary interfaces, 155–156
NDP (Neighbor Discovery Protocol), SE-Connect mode, 52, 157–158
118–121
Secure Key Caching (SKC), 189–190
overview of, 53, 92, 518
Secure Shell (SSH), 200
trilateration techniques, 323–324
security. See also AAA (authentication,
RSTA (responding station), 322 authorization, and accounting)
RTLS (real-time location services), APs (access points), 79–80
20–21, 111
BYOD (Bring Your Own Device)
RTU (Right to Use) licensing, 84
rules, authentication, 482–483
CWA (central web
Run state, 443, 446 authentication), 416–419
RUs (resource units), 501 implementation, 407–408
RxSOP (Receiver Start of Packet LWA (local web authentication),
Threshold Detection), 136–138 409–416
S 419–420
SAgE (Spectrum Analysis Engine), 455 self-registration, 415–416
scalable group tags (SGTs), 508 client capabilities, 14–15
scanning APs (access points), 184–187 client profiling
scheduling configuration on AireOS
Cisco Prime Infrastructure reports, controller, 400–402
432–434 configuration on IOS-XE
Wi-Fi 6 (802.11ax), 501–503 controller, 403–405
SD-Access (Software-Defined Access) overview of, 398
control plane, 512–513 principles of, 398–400
data plane, 512–513 EAP (Extensible Authentication
network fabrics, 508–510 Protocol), 389–392
orchestration, 508 guest access
overlay networks, 511–512 certificate provisioning, 414
site surveys 595
CWA (central web show ip interface brief command, 248

authentication), 416–419 show run command, 243
implementation, 407–408 show wireless tag command, 244
LWA (local web authentication), SIFS (Short Interframe Space), 260
409–416
signal-to-noise ratio (SNR), 14, 53, 69,
native supplicant provisioning, 93–95
419–420
Silver QoS profile, 272–274
Simple Network Management Protocol
self-registration, 415–416 (SNMP), 200, 337
ISE (Identity Services Engine), site preparation and planning, mesh
392–398 networks
peer-to-peer blocking, 17 antennas and mounting considerations,
RADIUS, 387–391, 392–398, 412, 150–152
416–417 challenges of, 147
wireless controllers, 392–398 DFS (Dynamic Frequency Selection),
wireless network authentication 149–150
framework, 387–389 supported frequency bands, 147–149
security plane, SD-Access, 512–513 site surveys
Security reports, Cisco Prime offsite
Infrastructure, 431–432
APoS (AP-on-a-stick) surveys, 40
SECURITY role, TACACS+, 468
blueprint studies, 39
See license, Cisco Spaces, 350
common deployment models,
self-registration, 415–416 28–33
sensitivity, receiver, 14, 20 effect of material attenuation on
sensitivity level, 92–93, 136–138 wireless design, 26–28
Sensor Test, Cisco Catalyst Center, 443 Layer 1 sweep, 40
server groups, TACACS+, 474–476 Layer 2 (validation), 40
Service List for Incoming (IN) setting, post-deployment, 40
308 predictive, 39, 41–42
Service List for Outgoing (OUT) regulations, 28–29, 34–39
setting, 308
types of, 39–40
services
validation, 40, 57–58
walkthroughs, 39
CMX, 349
wireless planning tools, 40–41
severity level, 425, 434, 438–439, 443,
onsite
456
AP-on-a-stick (APoS) surveys, 57
SGTs (scalable group tags), 508
Layer 1 sweep, 51–56
Short Interframe Space (SIFS), 260
Layer 2 surveys, 56–65
596 site surveys
post-deployment, 66–68 static UP tunneling, 179

walkthrough, 48–51 study trackers, 488
SKC (Secure Key Caching), 189–190 study/review plan, 492
small office deployment model, 29 supplicants, 388–391
Smart AP Image Upgrades, 237–238 supported frequency bands, mesh
Smart Licensing, 84–85 networks, 147–149
sniffer mode, 157 surveys. See site surveys
SNMP (Simple Network Management symbols, 501
Protocol), 200, 337 System Monitoring reports, Cisco
snooping, 307 Prime Infrastructure, 432
IGMP, 300–301, 304
mDNS (multicast DNS), 305–309 T
SNR (signal-to-noise ratio), 14, 53, 69,
93–95 TACACS+ (Terminal Access Controller
Access-Control System+), 468–472
software, Pearson Cert Practice Test
Engine, 489–491 policy, 471–473
Software-Defined Access. See profiles, 469
SD-Access (Software-Defined roles, 468
Access) server groups, 474–476
software-defined networking (SDN) tags, RFID, 338–339
components, 508
target wake time (TWT), 503
SolarWinds WiFi Heat Map, 41
T-bar ceiling access points, 78
source, MAC, 156
Telecom Engineering Center (Telec), 34
spatial streams (SS), 500
templates, portal creation from,
spectral masks, 100–102 367–368
Spectrum Analysis Engine (SAgE), 455 Terminal Access Controller Access-
spectrum analyzers, 51–54 Control System+. See TACACS+
Spectrum Expert, 51–52 (Terminal Access Controller Access-
Control System+)
Spectrum Intelligence, 455–458
testing
split tunneling, 234, 236–237
mobility messaging, 183–184
SS (spatial streams), 500
post-deployment onsite surveys,
SSH (Secure Shell), 200
66–68
SSIDs
TFTP (Trivial File Transfer Protocol),
FlexConnect. See FlexConnect 200
onsite site surveys, 64 time management, exam, 488
SSO (stateful switchover), 208–209, time of flight (ToF), 322
230–231
timers, DIFS (DCF Interframe Space),
Standalone mode, FlexConnect, 259
221–222
tunneling 597
TLS (Transport Layer Security), EAP- troubleshooting WLAN (wireless LAN)

TLS, 390 components
tools, wireless planning, 40–41 Cisco Catalyst Center alarms,
TPC (transmit power control) 442–444
algorithm, 106 Cisco Catalyst Center reports
AP cell sizes, 527–531 AI network analytics, 436–438
AP transmit power level value dashboards, 434–436
correlation, 524 overview of, 427–428
example scenario for, 518 types of, 434
gathering data for, 518–521 Cisco Prime Infrastructure alarms
neighbor lists, 521–524 categories of, 438–439
overview of, 37, 97, 124–128, 149 Rogue APs, 439–442
parameters for AP-1 through AP-10, Cisco Prime Infrastructure reports
526–527
parameters to calculate Tx_Ideal, 526
scheduling and managing,
results of, 524–531 432–434
tracking mobile devices types of, 428–432
with Cisco Spaces, 341 client connectivity, troubleshooting
with CMX, 338–341 on Cisco Catalyst Center,
traffic flow through mesh 452–454
AWPP (Adaptive Wireless Path on Cisco Prime Infrastructure,
Protocol), 145–146 451–452
Cisco Adaptive Wireless Path Protocol RF coverage validation, 446–448
(AWPP), 152–155 troubleshooting method,
Ethernet bridging, 156–157 444–446
traffic flow through mesh, 155–156 on WLCs (wireless LAN
traffic specification (TSpec), 268–269 controllers), 448–451
transmission opportunity (TXOP), RF (radio frequency) interferences
267–268 on Cisco Catalyst Center,
transmit power control. See TPC 457–458
(transmit power control) algorithm on Cisco Prime Infrastructure,
transmitters, MAC, 156 457–458
Transport Layer Security, EAP-TLS, on WLCs (wireless LAN
390–392 controllers), 455–457
Trend reporting, Cisco Prime trunking, 802.1Q, 200
Infrastructure, 429 TSpec (traffic specification), 268–269
trilateration, 64, 323–324 tunnel methods, 390
Trivial File Transfer Protocol (TFTP), tunneling
200 split, 234, 236–237
598 tunneling
testing, 183–184 virtual private networks (VPNs), 508

TWT (target wake time), 503 Virtual Router Redundancy Protocol
TXOP (transmission opportunity), (VRRP), 250
267–268 virtual routing and forwarding (VRF),
511
U VisiWave, 57
VLAN ACLs (access control lists),
UL MU-MIMO (upstream MU-MIMO), 234–235
500 VNs (virtual networks), 509
Ultra-Wide Band (UWB), 321 voice deployments, 18–20, 62–65,
underlay networks, 511–512 109–111
unicast data frames, 327 VPNs (virtual private networks), 508
unicast mode, 297 VRF (virtual routing and forwarding),
511
unicast traffic, 294–295
VRF-Lite, 511
U-NII (Unlicensed National Information
Infrastructure) bands, 12–13, VRRP (Virtual Router Redundancy
35–36, 147–149 Protocol), 250
Universal PoE (UPOE), 73–74 VXLANs (Virtual Extensible LANs),
508, 509, 513
UP (User Priority), 263
updates, exam, 491–492, 494–496
UPOE (Universal PoE), 73–74 W
upstream MU-MIMO (UL MU-MIMO),
walkthrough surveys, 39, 48–51
500
wall mounting access points, 77–79
User Priority (UP), 263
Webauth_reqd, 446
Utilization alarms, Cisco Catalyst
Center, 443 WebPolicy ACLs (access control lists),
234
UWB (Ultra-Wide Band), 321
WFA. See Wi-Fi Alliance (WFA)
V WGBs (workgroup bridges), 169

widgets, CMX analytics, 353–355
A/V transmitters, 55 WIDS (wireless intrusion detection
system), 122
Wi-Fi
validation surveys, 40, 57–58
location services. See location services
video cameras, 55
Wi-Fi 5 (802.11ac Wave 2), 75–76
video deployment model, 109–111
Wi-Fi 6 (802.11ax)
Virtual network identifiers (VNIs), 513,
515 channel access, 258
virtual network identifiers (VNIs), 513, development of, 498
515 efficiency of, 499–500
zones 599
IoT improvements in, 503–505 scheduling and managing,

MultiGigabit, 75–76 432–434
overview of, 498 types of, 428–432
references, 506 client connectivity, troubleshooting
scheduling method in, 501–503 on Cisco Catalyst Center,
452–454
Wi-Fi 6E, 505–506
Wi-Fi 7, 506
451–452
Wi-Fi Alliance (WFA), 34
Wi-Fi Alliance Wireless Protected
troubleshooting method,
Access (WPA), 387, 395
444–446
WiFi Surveyor, 51–52
WiPry-Clarity, 51–52 controllers), 448–451
WiPry-Pro, 51–52 QoS ceilings, 272–274
WIPS (Wireless Intrusion Prevention RF (radio frequency) interferences
System) on Catalyst Center,
368–374
457–458
wireless intrusion detection system
(WIDS), 122
457–458
wireless LAN controllers. See
controllers
Wireless Multimedia (WMM), 257
WLAN role, TACACS+, 468
wireless planning tools, 40–41
WLAN-to-VLAN mapping,
Wireless Protected Access version 3 FlexConnect, 225–227
(WPA3), 384–385
WLCs (wireless LAN controllers). See
WIRELESS role, TACACS+, 468 controllers
WLAN (wireless LAN) components, WMM (Wireless Multimedia), 257
monitoring and troubleshooting
workgroup bridges (WGBs), 169
Cisco Catalyst Center alarms,
WPA (Wi-Fi Alliance Wireless
442–444
Protected Access), 387, 395
Cisco Catalyst Center reports
WPA3 (Wireless Protected Access
AI network analytics, 436–438 version 3), 384–385, 392–398
types of, 434
X-Y-Z
Cisco Prime Infrastructure alarms Yagna RF Wi-Fi site planner, 41
categories of, 438–439 zones
Rogue APs, 439–442 CMX analytics, 352
Cisco Prime Infrastructure reports location services, 352–355

CCNP Enterprise Wireless Design ENWLSD 300-425

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CCNP Enterprise Wireless Design ENWLSD 300-425

Uploaded by

Copyright:

Available Formats

CCNP Enterprise Study

JEROME HENRY, CCIE® No. 24750

FREE SAMPLE CHAPTER I OO •

Companion Website and Pearson Test Prep Access Code

To access the companion website, simply follow these steps:

2. Enter the print book ISBN: 9780138249892.

3. Answer the security question to validate your purchase.

4. Go to your account page.

5. Click on the Registered Products tab.

JEROME HENRY, CCIE® No. 24750

CCNP Enterprise Wireless Design

Copyright© 2024 Cisco Systems, Inc.

Warning and Disclaimer

For government sales inquiries, please contact governmentsales@pearsoned.com.

We greatly appreciate your assistance.

Vice President, IT Professional: Mark Taub Copy Editor: Kitty Wilson

Alliance Manager: Caroline Antonio Technical Editor: Samuel Clements

Executive Editor: Nancy Davis Designer: Chuti Prasertsith

Managing Editor: Sandra Schroeder Composition: codeMantra

Development Editor: Ellie Bru Indexer: Erika Millen

Senior Project Editor: Mandie Frank Proofreader: Donna E. Mulder

Pearson’s Commitment to Diversity, Equity,

Our ambition is to purposefully contribute to a world where:

■ Everyone has an equitable and lifelong opportunity to succeed through learning.

■ Please contact us with concerns about any potential bias at https://www.pearson.com/

About the Authors

About the Technical Reviewer

Part I Wireless Design (ENWLSD) 3

Chapter 2 Conducting an Offsite Site Survey 24

Chapter 3 Conducting an Onsite Site Survey 46

Chapter 4 Physical and Logical Infrastructure Requirements 70

Chapter 5 Applying Wireless Design Requirements 88

Chapter 6 Designing Radio Management 114

Chapter 7 Designing Wireless Mesh Networks 140

Chapter 8 Designing for Client Mobility 172

Chapter 9 Designing High Availability 196

Part II Wireless Implementation (ENWLSI) 213

Chapter 11 Implementing Quality of Service on a Wireless Network 254

Chapter 12 Implementing Multicast 292

Chapter 13 Location Services Deployment 318

Chapter 14 Advanced Location Services Implementation 346

Chapter 15 Security for Wireless Client Connectivity 384

Chapter 16 Monitoring and Troubleshooting WLAN Components 424

Chapter 17 Device Hardening 462

Chapter 18 Final Preparation 488

Chapter 19 ENWLSD 300-425 and ENWLSI 300-430 Exam Updates 494

Appendix A Wi-Fi 6 (802.11ax) 498

Appendix B Software-Defined Access with Wireless 508

Appendix C RRM TPC Algorithm Example 518

Appendix E Study Planner

Part I Wireless Design (ENWLSD) 3

Chapter 1 Wireless Design Requirements 4

Chapter 2 Conducting an Offsite Site Survey 24

Chapter 3 Conducting an Onsite Site Survey 46

Chapter 4 Physical and Logical Infrastructure Requirements 70

Ceiling and Wall Mounting Access Points 77

Chapter 5 Applying Wireless Design Requirements 88

Chapter 6 Designing Radio Management 114

Discovering the RF Neighborhood with NDP 118

Chapter 7 Designing Wireless Mesh Networks 140

Chapter 8 Designing for Client Mobility 172

Chapter 9 Designing High Availability 196

Designing High Availability for Controllers 205

Part II Wireless Implementation (ENWLSI) 213