2 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
AGENDA
Juniper WLAN what’s new
Q&A
Juniper ‘Simply connect’ intro
Juniper WLAN Solution
BYOD ‘Simply Connect’ overview
3 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
JUNIPER WLAN SOLUTION
4 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
WLAN ManagementWLAN Controller
COMPONENTS OF A WIRELESS LAN
Access Point
TrustedClient
802.1xAuthentication
EncryptedMAG
Access
Firewall
Wireless LAN CONTROLLER
(WLC)
CampusCore
(Location)WLM1200
WLANManagement
5 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
JUNIPER WLA SERIES ACCESS POINT FAMILY
Entry level 802.11n Indoor 11n Outdoor 11n
2x2 MIMOSingle Radio Entry-level AP
WLA321-WW
2x2 MIMODual Radio All-Purpose
AP
WLA322-WW
2x2 MIMODual Radio
High Density
WLA522(E)-WW
WLA Series Highlights
Highest performance APs in the industry Most cost effective APs in the industry Full featured Intelligent switching Spectrum analysis across the portfolio Bridging and mesh
3 x3 MIMO3 stream
Dual RadioMax.
Performance
WLA532(E)-WW
Fu
nct
ion
alit
y
6 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
Q!
JUNIPER WLC SERIES CONTROLLER FAMILY
WLC Series Highlights
Simplest solution in the Industry Highest Reliability in the industry Only vendor with In-service upgrades One software platform Full Featured distributed deployment
4 12 16 32 128 192 256 51264
4 AP
WLC2
WLC8
12 AP
16 - 128 11n AP’s
WLC800
Bra
nch
Cam
pu
sE
nte
rpri
se
16 - 256 11n AP’s
WLC880
64 - 512 11n AP
WLC2800
# of AP
4 - 256 AP’s
VMware
Virtual controller
4 - 32 AP
WLC100
1H-2013
1H-2013
7 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
Planning and deployment 3D predictive planning tool Indoor and outdoor network plan
Configuration and Verification Complete offline configuration System and service wizards Pushes configuration to WLCs
Monitoring and reporting By user, radio, AP, WLC, SSID 30 day history aids compliance WIDS/WIPS integration
Location aware Search by location Roaming history Geo fencing
RingMaster
Plan
Config
MonitorTroubleshoot
Report
JUNIPER WLM SERIES LIFE CYCLE MANAGEMENT
8 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
JUNIPER WIRELESS MANAGEMENTRINGMASTER
9 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
SMARTPASS – ACCESS CONTROL
SmartPass is a multi-faceted web-based, access control application suite
Guest access module Ease of use / Bulk user creation API for 3rd part application integration SMS / Email creation of guest coupons with
Self-Provisioning
Accounting database Detailed client accounting history Reporting available via RingMaster.
Access control module RFC 3576 support to change authorization attributes or disconnect client sessions (Dynamic
Radius) Location awareness for client sessions.
– Allow or deny access based on location
– Change any AAA attribute based on location Access Rules (location based, time based or a combination of both)
Centralized Guest Access
Database
10 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
Clustered controllers – act collectively as single virtual controller for wireless configuration
Old and Complex Approach
SIMPLICITY AT SCALE CONTROLLER CLUSTERING
Hot Stand-by orBack-up Controller
Controller A Controller B Controller C
VendorA
VendorB
Juniper’s Simplified Approach
x Scalex
Resiliency
x Reliability
Optimized for:
Management x
Discrete controllers operate independently for AP redundancy configuration
Optimized for:
Scale
Reliability
Resiliency
Management
11 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
Fat AP ArchitectureLocal Switching
Thin AP Architecture
Central Switching
Juniper WLAN Architecture
Local AND Central Switching
NO NEED TO COMPROMISE JUNIPER NETWORKS WIRELESS LAN EVOLUTION
xPerformance
xReliability
Security Management
Performance Reliability
Security Management
Performance
x Security x Managementx Reliability
Optimized for: Optimized for:Optimized for:
12 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
UNIQUE FLEXIBILITY OF THE CLUSTER ARCHITECTURE
Ring Master SmartPassAD/DHCP/DNSWLC1 / WLC2 WLC3 / WLC4
Remote Site 2
DC 1 DC 2192.168.1.0/24 192.168.2.0/24
Remote Site 1
192.168.5.0/24192.168.4.0/24
DHCP DHCP
WAN
192.168.3.0/24
192.168.6.0/24
As soon as WLC’s are installed on the same DC, AP affinity can be used
13 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
SINGLE POINT OF MANAGEMENTFEWER MANAGED DEVICES
Primary Seed
MemberMember Member
Secondary Seed
14 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
IN-SERVICE SOFTWARE UPGRADE
Member MemberMember
Secondary Seed
Primary Seed
AP moves associated stationsto alternate AP then upgrades
4
Secondary passes control back to Primary and
upgrades
2
Primary Controller initiates upgrade sequence; passes control to
Secondary and upgrades
1
Primary Seed coordinates individual member upgrades; Member moves APs to
backup controller and upgrades
3
HITLESSUPGRADE
15 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
AIRTIME FAIRNESS
What will Juniper’s Airtime Fairness do for the clients? Juniper’s Airtime Fairness will provide each clients with an equal amount of time to send traffic.When a client goes into retransmission for whatever reason, that client will get less time next time he wants to send traffic.This will improve the throughput for all of the other clients connecting to that ap.
16 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
AUTOMATIC CLIENT LOAD BALANCING
5 GHz capable client ‘encouraged’ to connect at 5 GHz
2.4 GHz only client connects at 2.4 GHz
Automatic Load Balancing per
RF Band
Band Steering
17 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
PERFORMANCE - SPECTRUM MANAGEMENT - MONITORING AND ALERTING
Alerting on interference source Classification and other properties
RSSI
Duty Cycle
Channel(s) impacted
Associated events with that source
Per AP historical information
30 day history
Spectrograph All channels in 2.4GHz and 5GHz band
Multiple AP views
Real time FFT (min, max average of interference signal), Swept spectrum, Duty cycle, 5 minute rolling history
Auto reconciliation for planned sources Automatic correlation between planned
and monitored source
Reduce false alarms
18 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
JUNIPER WLAN WHAT’S NEW
19 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
JUNIPER WL SERIES FLAGSHIP ACCESS POINTWLA532 INDOOR 802.11N AP
3 Industry Bests Highest Performance AP Lowest Power Consumption AP Smallest Form Factor AP
Mandate this technology in RFP 450Mbps data rate (3x3, 3 spatial stream)
What to know
• Juniper WLAN is 15-20% less expensive when comparing complete BOMs
• Juniper WLA 532 outperforms Cisco and Aruba by up to 35% as validated by Novarum
• Ideal for High Density environments
• Look movie about WLA532 http://techvangelist.net/juniper-at-wfd3
20 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
WLA532E AVAILABLE FOR USAGE EXTERNAL ANTENNA’S
21 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
REMOTE BRANCH ENHANCEMENTS
Branch
WLA532
SRX
EX2200
Resilient SSIDWLA in the remote branch will be able to accept new client requests in the remote branch while in outage mode on pre-configured back-up SSIDs, supporting either clear or PSK authentication.
Path MTUThis enhancement will make it possible to set the correct MTU size to avoid packet fragmentation.
Remote-site Country CodeThis enhancement will provide a way to group WLAs in remote sites, each such site having its own country-code for geographical deployed WLA’s.
WLAN Round Trip LatencyWireless clients will be able to authenticate to a WLA over high latency WLA-WLC connections.
Remote Office DFS SupportWLAs in outage mode will be able to change channels to avoid operating on radar enabled channels.
WIDS LoggingWhen in outage mode, rogue and other attack information can be forwarded to a log server directly from the WLA.
WAN
Ringmaster
SRX
EX4400WLC2800
22 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
WATCHED CLIENT LIST
New and Improved Client Watch List from legacy RM 5.0 version.
Allows RingMaster to collect detailed data for a subset of clients to assist troubleshooting.
Collected data includes session properties, location history, events, and statistics.
All the clients in the Watch List are tracked by MAC address.
Data lifetime: Non-trended data for Watch List clients including session details, events, and locations will be stored for 30 days.
Retrieves and stores RADIUS accounting data and location from the configuredSmartPass server
23 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
WATCHED LIST AP/CONTROLLER
RingMaster is able to collect detailed information for WLC's and WLA's. In the Equipment view of the Status Monitoring page, you can add WLCs and WLA’s to the Watched list
Data lifetime: This information is kept up to 1 Year.
The types of collected data include the following:- Name- IP Address- Model- Serial Number- Version- Mobility Domain- Last Updated
- Client Count- Client Count by SSID- Port Statistics- Traffic Information- Traffic by VLAN- Booted WLAs- CPU and Memory Management- Connectivity Graph
24 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
IF-MAP
25 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
IF-MAP(THE INTERFACE FOR METADATA ACCESS POINTS )IF-Map is a SOAP based protocol for publishing data to the MAP-server and querying or subscribing to get data from it.IF-Map is an open, non-proprietary standard that is multi-vendor compatible.
26 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
SMARTPASS IF-MAP SUPPORT
Wireless Clients
WLC
SmartPass
SmartPass 7.7 adds support for two IF-MAP use cases Guest User Federation – Guest users authenticating with SmartPass have
complete session information published to IF-MAP; UAC can apply dynamic policy based on “learned” sessions
IP-MAC Binding for Non-agented Dot1x Sessions – Dot1x users authenticate directly with UAC; WLC sends session IP-MAC binding to SmartPass via RADIUS acct and SmartPass updates dot1x session in IF-MAP
IFMAP
UAC
HTTP Redirect (guest users)
RADIUS Auth (dot1x users)
RADIUS Acct (dot1x users)
27 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
DEVICE FINGERPRINTING
28 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
DEVICE FINGERPRINTING SOLUTIONS
• All controllers and 11N WLA’s.
• Pre-configured list of device fingerprints.
• Additional fingerprints can be added by user.
• Device detection and attribute assignment is be supported with regular authentication mechanisms.
• Ability to query MSS to show total counts by device-type and device-profile.
•Each device fingerprint has a label, called device-type, that is used to identify the fingerprint.•User will be able to add/delete/modify these fingerprints.
•There are various fingerprinting techniques available which use protocols like DHCP, ARP, DNS, HTTP to determine the type of device. For detection, it will be used DHCP in MSS
•Whenever the DHCP client issues a DHCP request, it asks for DHCP option
•Examine the DHCP messages for their DHCP option.
SupportMSS device fingerprint database characteristics
Detection
29 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
DEVICE FINGERPRINTING - CONFIGURATION
30 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
Autotune Channel
31 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
NEW TERM: “INTERFERENCE DOMAIN”
Overlapping coverage, so affected by each other’s channel settings Conversely, radios in different InDos do not mutually interfere
Example: radios that aren’t on the same band
Only purpose is to improve scaling characteristics of the feature In a large MoDo, most overlaps are too weak to affect the solution Don’t want to store & process large tables of near-zero interference
InDos are created automatically from the same RF data that drives the channel selection algorithm
Def.: A set of radios in a MoDo that can interfere with each other
Temporary, non-configured, non-user-facing
32 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
DOMAINS OF PROCESSING
AP Radio
Set of radios that affect each other
Communications infrastructure MoDo
InDo
Radio Radio Radio
InDo
Radio Radio
33 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
IPv6 address detection
Session visibility in CLI, SNMP and RingMaster
QoS support using DSCP
Captive Portal with dual stack clients
IPV6
IPV6 FEATURES
ACLs
34 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
TRANSMIT BEAMFORMING
A radio-frequency (RF) technique that focuses the RF energy to radiate directly at the receiver to improve signal reception and thus increase throughput.
We implemented 802.11n-based transmit beamforming (TxBF): does not require special antenna design only works with clients that support 802.11n-based TxBF
TxBF is supported in the following AP models in MSS 8.0: WLA532, WLA322 and WLA321
Without TxBF With TxBF
35 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
TRANSMIT BEAMFORMING
802.11n standard specifies 2 different TxBF methods.
We support Explicit TxBF based on the Atheros radio capabilities.
Implicit TxBF Explicit TxBF
1. Beamformee transmits Long Training Symbols (LTSs) to beamformer. Beamformer makes channel estimate on the LTS.
beamformerbeamformee
2. Beamformer computes the transmit steering matrix based on the reciprocal of the channel estimate. Beamformer can then perform TxBF.
Implicit TxBF requires the radio to be calibrated accurately to improve reciprocity which complicates the transceiver design.
1. Beamformee makes direct channel estimate from LTSs sent from Beamformer.
beamformerbeamformee
2. Beamformee returns channel feedback based on the channel estimate.
3. Beamformer computes the transmit steering matrix based on the channel feedback. Beamformer can then perform TxBF.
Channel feedback