CCDA 640-864 Summary Notes – Chapter 5 – Day 12

Exam Topic 3: Wireless LAN Design

Controller Redundancy Design:

  • Deterministic
  • Dynamic

Deterministic Controller Redundancy

  • Ap is configured with
    • Primary Controller
    • Secondary controller
    • Tertiary controller
  • DisAdvantages
    • More planning required
    • More configuration
  • Advantages
    • Better predictability
    • Faster failover times
    • Network stability
    • Flexible and powerful redundancy design options
    • Fallback incase of failover
  • Recommended best practice
  • Examples:
    • N+1
    • N+N
    • N+N+1

N+1 WLC Redundancy
  • 1 WLC acts as backup for several WLCs
  • Backup is configured as secondary WLC on each AP
  • Disadvantages:
    • Backup may become oversubscribed incase of too many failures on primary WLC
    • Backup is normally placed in  DataCenter


N+N WLC Redundancy
  • Equal numberof WLCs back up each other
  • Should be enough capacity to manage failover on each WLC


N+N+1 WLC Redundancy
  • Equal number of WLCs backup each other
  • Backup WLC configured as tertiary for APs


Dynamic  Controller Redundancy

  • Uses CAPWAP to load balance APs across WLCs
  • CAPWAP populates AP with backup WLC
  • Best used when WLCs are organised in a centralized cluster
  • Disadvantages
    • Longer failover times
    • unpredictable operations
    • more intercontroller roaming
    • no fallback options if WLC fails
  • Advantages
    • Easy to deploy
    • Easy to configure
    • APs dynamically load balance
  • Example
    • Adjacent APs register to different WLCs

Radio Management and Radio Groups

  • Recommended:
    • Limit numbe of data devices connected to AP = 20
    • < 7 concurrent Voice over WLAN calls using G711
    • < 8 VoWLANs calls using G.729

Cisco Radio Resource Management (RRM) Algorithm

  • Used to managed AP RF channel and power configuration
  • Used by WLCs to automatically configure, optimize and power configuration
  • Functions:
    • Radio resource monitoring: LWAPs monitors all channels and sent the gathered packets to the WLC which in return checks for rogue APs, cliients and interfering APs
    • Dynamic channel assignment: WLCs automatically assign channels so as to avoid interference
    • Interference detection and avoidance: LWAPs monitor all channels and detect interference by a predefined threshold (default = 10%)
    • Dynamic transmit power control: WLCs dynamically adjust power levels
    • Coverage hole detection and correction: WLCs may adjust the power output of APs if clients report that a low received signal strength indication (RSSI) level is detected
    • Client and network load balancing: to maintain network balance, clients can be influenced to join certain APs
  • AP selfhealig
    • WLCs useRRM to
      • raise power levels
      • adjust channel selection of neighbour AP  to compensate for lost coverage of failed AP
  • AP is considered a lost neighbour if neighbour messages are no longer received at -70dBm

RF Groups

  • Cluster of WLCs that coordinate using their RRM calculations.
  • If a neighbour message sent from one AP to another is above-80dBn,WLCs form an RF group
    • WLCs select RF leader
      • Leader uses UDP port 12114 for 802.11b/g/n and UDP port 12115 for 802.11a to exchange messages with group members
    • WLCs analyze RF data

Group formation

  • APs exchange neighbour messages with encrypted shared key configured in WLC and sent to APs
  • APs with same secret key can validate messages from each other. If message is over -80dBm – RF Group is formed
  • RF Group members elect group leader  to maintain master power and channel scheme for RF group.
  • Group leader analyzes real time radio data collected by scheme and calculates master power

RF Site Survey

  • Used for:
    • determine design parameters for WLANs
    • determine customer requirements
    • determine coverage areas
    • check RF interference
    • determine placement of APs


  • Define customer requirements
    • Service level
    • VoIP support
    • Devices to support
    • Site where APs will be located
  • Get a facility diagram to check for RF obstacles
  • Inspect facility visually. Check for RF barriers eg. metal racks, stairs, elevator shafts
  • Identify user areas that will be intensly used and those that will not be heavily used
  • Determine preliminary AP locations
  • Perform actual survey by using AP
    • RF strength
    • check effects of the electrical interference
  • Document findings. Record:
    • Target AP locations
    • log signal readings
    • data ratesat outer boundaries

Final report should have:

  • Detail customer requirements + Diagram AP coverage
  • Parts list
  • Survey tools used
  • Survey methods used

Using Ethernet over IP (EoIP) Tunnels for Guest Services

Ways of securing guest traffic from corporate traffic:

  • Segregate traffic using separate VLANs
  • Broadcast guest SSID but dont broadcast corporate SSID
  • Configure security features
  • Use EoIP tunnel

EoIP Tunnel

  • Used to tunnel guest traffic from the edge CAPWAP AP to anchor WLC
  • Used to logically segment guest traffic
  • N need for guest VLANs in network
  • Ethernet frames from guests are maintained in the tunnel


Wireless Mesh for Outdoor Wireless


  • Each AP is wired to network
  • Limited to point to point and point to multipoint bridging between buildings

Wireless Mesh solution:

  • No need to wire each AP
  • Users can roam from one area to another without having to reconnect

Mesh components:

  • Wireless Control System (WCS) – SNMP management system
  • WLC
    • links mesh APs to wired network
    • AP Management
    • Mitigate radio interference
    • manage security
    • L3 mobility
  • Rooftop AP (RAP)
    • connects mesh to wired network and serves as root
    • communicates with MAPs
    • placed on roof tops or towers
  • Mesh AP (MAP)
    • provide access to wireless clients
    • communicate with RAP
    • usually located on top of a pole


Mesh Design Recommendations

  • < 10 ms latency per hop (typical: 2 – 3 ms)
  • Outdoor:
    • < 4 hops recommended.
    • Maximum 8 hops supported
  • Indoor
    • 1 hop supported
  • (Recommend) 20 MAPs per 1 RAP
  • Max 32 MAPs per RAP
  • Throughput:
    • 1 hop = 14 Mbps
    • 2 hops = 7 Mbps
    • 3 hops = 3 Mbps
    • 4 hops = 1 Mbps

Campus Design Considerations

№ of APs

  • 20 devices per AP
  • 7 G.711 concurrent VoWLAN calls
  • 8 G.729 concurrent VoWLAN calls

AP Placement

  • Centralized location

AP Power

  • PoE prefered

Number of WLCs

  • Depends on redundancy model (deterministic recommended)
  • Depends on number of required APs
  • Depends on number of supported APs on WLC

WLC Placement

  • Secure wiring closet or DC
  • Minimize intercontroller roaming
  • Can be centralized or distributed

Wireless APs


AP 1130
Data uplink 10/100
Power Requirement 802.3af
Installation Carpeted Office
Temp Range 0 to 40C
Antennas Internal
WiFi Standard a/b/g
Flash 16 MB


AP 1140
Data uplink 10/100/1000
Power Requirement 802.3af
Installation Carpeted Office
Temp Range 0 to 40C
Antennas Internal
WiFi Standard a/b/g/n
Flash 32 MB



AP 3500i
Data uplink 10/100/1000
Power Requirement 802.3af
Installation Carpeted Office
Temp Range 0 to 40C
Antennas Internal
WiFi Standard a/b/g/n
Flash 32 MB


AP 1240
Data uplink 10/100
Power Requirement 802.3af
Installation Rugged
Temp Range 20 to 55C
Antennas External
WiFi Standard a/b/g
Flash 16 MB


AP 1250
Data uplink 10/100/1000
Power Requirement E-PoE 802.3af
Installation Rugged
Temp Range 20 to 55C
Antennas External
WiFi Standard a/b/g/n
Flash 32 MB


AP 1260
Data uplink 10/100/1000
Power Requirement 802.3af
Installation Rugged
Temp Range 20 to 55C
Antennas External
WiFi Standard a/b/g/n
Flash 32 MB
AP 3500e
Data uplink 10/100/1000
Power Requirement 802.3af
Installation Rugged
Temp Range 20 to 55C
Antennas External
WiFi Standard a/b/g/n
Flash 32 MB

Branch Design Considerations


  • Consider Number of APs
  • Consider placement of AP
  • Consider physical location
  • Consider expected number of WLC clients in office
  • RTT between AP and WLC < 300ms
  • For centralized WLCs use REAP or HREAP

Local Media Access Control (MAC)

  • Supported by CAPWAP
  • AP provides MAC management support for association requests and actions
  • Client traffic is terminated at the wired port of the AP and not at the WLC
  • Traffic does not have to traverse WLC
  • WLAN clients continue to function even if WAN link is down

Remote-Edge AP (REAP)

  • Used to support remote offices
  • Extends controller timer
  • Traffic is encapsulated in LWAPP tunnel and sent to WLC
  • Management control + RF Management done over WAN
  • Client data is locally bridged
  • Local clients still have connectivity in the event of a WAN failure
  • Support layer 2 security policies only
  • No NAT support
  • Need a routable IP add

Hybrid Remote-Edge AP (H-REAP)

  • REAP enhancement
  • Supports NAt
  • More security options
  • Can control up to 3 APs remotely
  • Prefered option for remote and small office
  • Delay sensitive. RTT between AP and WLc should be <300ms
  • CAPWAP must be prioritized over other traffic

Security modes:

  • Standalone
    • When WLC is unreachable, HREAP can authenticate the client
    • Supports WPA-PSk, WPA2-PSk for clients
  • Connected
    • Client authentication is done by WLC
    • Supports WPA-PSk, WPA2-PSk, VPNs, L2TP, EAp and web authentication for clients

Branch Office Controller Options


  • WLC 2100 for 25 APs
  • WLC 4402-12 for 12 APs
  • WLC 4402-24 for 24 APs
  • WLC Module in ISR for 25APs
  • 3750 with WLC for 25 or 50 APs

UDP Ports for Wireless protocols

LWAPP control UDP 12223
LWAPP data UDP 12224
WLC exchange messages (unencrypted) UDP 16666
WLC exchange messages (encrypted) UDP 16667
RF group IEEE 802.11b/g UDP 12114
RF group IEEE 802.11a UDP 12115
CAPWAP control UDP 5246
CAPWAP data UDP 5247





Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s