Managing an Enterprise WLAN with
Wireless Control System (WCS)
BRKEWN-2011

Session Agenda
§ The Role of WCS/NCS in the Network
§ Introducing Cisco Prime Network Control System
§ Planning and Deploying a Wireless Network
§ Monitoring
§ Tools and Troubleshooting
§ Reporting
§ Advanced Topics
§ WCS to NCS Migration
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 2

Session Objective
§ Original session objective: The objective of this
session is to show WCS s role in the network and
its lifecycle, and to demonstrate WCS features and
how they can be used to perform practical tasks;
the session also provides suggestions and best
practices on topics where appropriate
§ Modified session objective: Since Cisco Prime
Network Control System (NCS) has been
announced, this session will cover WCS and
introduce NCS in the context of WCS in terms of
common areas and key differences.
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 3

The Role of WCS/NCS in the Network
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 4

Introducing
Cisco
Prime
Network
Control
System
(NCS)

What is Network Control System (NCS)?
§ Single platform for consolidated view of wired and
wireless access infrastructure and endpoints
§ Built on the foundation of Cisco WCS, provides
complete lifecycle management of wired and
wireless access networks
§ Provides monitoring of endpoint security policy
integration with Cisco Identity Services Engine
(ISE)
§ All existing functionality in WCS is also supported in
NCS
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 6

NCS – Key Enhancements
Increased Scale 15,000 lightweight AP’s
5,000 aIOS AP’s
5,000 switches
Unified Access and Manage access layer of network – wireless and wired
Services Wireless NetOps
Management Wired NetOps
SecOps
Enhanced UI “drag and drop” customization, advanced filters (list
pages), improved page navigation
Comprehensive Integrated user/device monitoring and troubleshooting
Identity M&T with Cisco Identity Services Engine (ISE)
Reporting Increased reporting scale, optimization
Enhancements
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 7

NCS – Increased Device Scale
Device WCS Devices NCS Devices
Supported Supported
Cisco 3,000 15,000
Lightweight
Access Points
Cisco 1,250 5,000
Autonomous
Access Points
Cisco Switches 0 5,000
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 8

Appliance Delivery Models
Physical Appliance Virtual Appliance
Application & Components Application & Components Cisco
Cisco Provided
Provided
OS OS
Customer
Cisco-branded Hardware Provided
(1RU)
Virtual Infrastructure
Discontinuation of software binaries
- Replaced by new Complete Appliance Model
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 9

Appliance-Based Solution
Physical Appliance Virtual Appliance
Hardware and software VMware image (OS + NCS)
from Cisco Supported on:
(OS and NCS pre-installed) • VMware ESX/ESXi version 3.5
• VMware ESX/ESXi version 4.1
15,000 lightweight AP’s Large: 15K/1.2K/5K/5K
1,200 WLC’s Medium: 7.5K/600/2.5K/2.5K
5,000 aIOS AP’s Small: 3.5K/240/1K/1K
5,000 switches
Cisco hardware appliance High-end: 8x2.93GHz CPU/1GB
• Not supported on WLSE DRAM/300GB HD
hardware Standard: 4x2.93 GHz/12 GB/200 GB
Low-end: 2x2.93 GHz/8 GB/150 GB
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 10

Planning
and
Deployment

Planning and Deployment
§ Using Planning Tool
§ Setting up Network Elements via WCS/NCS
Controller Configuration Groups
Configuration Template LaunchPad
Controller Auto-Provisioning
Configuration Auditing Methods
§ Provisioning Maps and Context-Aware Service
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 12

Planning—Overview
Launching the Planning and Editing Tools
§ Create a new Campus/Building
§ Create a floor you want to plan for (import floor plan)
§ Pick Planning Mode or Map Editor from the drop-down menu
Planning Mode—High-Level Options
§ Add AP: Allows adding new Access Points to the Map
§ Delete AP: Remove existing Access Points from the Map
§ Map Editor: Edit the floor plan to draw objects such as light/thick walls, light/
heavy doors, cubicles, glass, coverage areas, perimeters, markers, etc.
§ Synchronize with Deployment: Pull in currently deployed and placed Access
Points on the floor to tweak existing deployment
§ Generate Proposal: Generates a document that maybe provided to a 3rd
party deployment company; additionally, also provides various heat maps
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 13

Planning Tool—Map Editor
§ Accounts for objects and obstacles
on a floor
For a precise RF propagation model
display (predictive heat maps)
Attenuation characteristics for objects
and obstacles help predictive engine
§ Helps specify areas and regions
such as:
Coverage Area and Markers—used for
location notifications
Perimeter—defines the outer boundary
Location Inclusion and Exclusion Regions — used for location events and
notifications
§ Objects and obstacles that may
be specified:
Walls (Light and Heavy)—2dB and 13dB
Cubicle (Walls)—1dB
Doors (Light and Heavy)—4dB and 15dB
Glass (doors, windows, walls)—1.5dB
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 14

Planning Tool—Options
Specify AP Prefix and AP Placement
method (automatic vs. manual)
Selecting AP type determines the
antenna choices available for both the
2.4GHz and 5GHz band
Select the protocol (band) and
minimum desired throughput per band
Enable planning mode for advance that s required for this plan
options for data, voice, location and
others
Data and Voice provide safety
margins for design help. Safety
margins help design for certain RSSI
Location with monitor-mode factors in
thresholds (detailed in online help).
AP(s) that could be deployed to
augment location accuracy
Location typically requires a denser
deployment than data and the location
Both the Demand and Override… checkbox helps plan for the advertised
options allow for planning for any location accuracy
special cases where there s a high-
density of client presence such
conference rooms or lecture halls
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 15

Planning Tool—Customize Plan
Default suggestions after running
the planning tool present AP
deployment choices and ability to
switch between data and signal
strength heatmap
Clicking an AP in
the plan allows
customization
(added, deleted or
simply modify
properties) before
a proposal may
be generated
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 16

Planning Tool—Proposal
Proposal Contents:
§ Floor Plan Details
§ Disclaimer/Scope/Assumptions
§ Proposed AP Placement
§ Coverage and Data Rate Heatmap
§ Coverage Analysis
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 17

Configuration — Config-Groups Overview
What Are Config-Groups?
§ An easy way to group controllers logically
§ Provides a way to manage controllers with similar configurations
Extract templates from existing controller to provision
Schedule configuration sets
Cascade Reboot
§ Manage Mobility Groups, DCA, and Configuration Auditing
When Are Config-Groups Used?
§ Group sites together for easier management for:
Mobility Groups
DCA and Regulatory Domain Settings
Schedule remote configuration changes
§ Groups sites to ensure compliance with configuration policies
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 18

Configuration-Groups How-To: Setup
• Select and add later: Only create
the config group and then add
controllers and templates at
another time
• Copy Templates from
controller: Copy templates from
one of the controllers currently in
WCS and then apply them to
controllers in this config group.
Note, if controllers’ templates are
not already discovered, they can be
discovered from the “Configure –
Controllers” page
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 19

Configuration-Groups How-To: Setup
§ Adding Controllers: Controllers in WCS are
presented and can be moved over to the newly
config group
§ Applying Templates: Discovered or already
present template(s) can then be applied to controller
§ Auditing: Ensure template-based audit is selected
in audit settings and then audit controllers in group
to ensure they comply with policies
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 20

Configuration-Groups: Things to Remember
§ Template order is very important!
§ Background audit is performed during network
and controller audit
§ Background audit and audit enforcement can
only run when template-based audit is selected
(under Administration—Settings)
§ WLC(s) may be part of multiple configuration
groups so be careful while setting mobility
group names
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 21

Configuration—Templates Overview
What Are Configuration Templates?
§ Sets of configurations that may be applied to devices at system/global level
§ May be re-used to modify already applied configurations
§ May be used to replicate configuration to other devices added subsequently
§ May be to used to schedule configuration changes
§ May be to used to audit against
Types of Templates
§ Controller templates
§ Lightweight AP templates
§ Autonomous AP migration templates
§ Controller and Autonomous Command-Line templates
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 22

Controller Template LaunchPad
All-in-one, high-level view of
template categories in WCS which
may be expanded or collapsed for
easier navigation and viewing
Tree-based hierarchy continues to
exist as left-hand navigation
Each template provides a callout
icon which, on mouse-over,
provides easy to understand
description of what the template is
and how it may be used to
configure certain attribute(s).
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 23

Templates: Things to Remember—1
§ Templates are added to WCS database when a WLC
is first added to WCS
§ Template names can be changed to more meaningful names
after discovery
§ Additional configuration changes on the WLC may be pulled
in to WCS via the Discover templates from controller
option
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 24

Templates: Things to Remember—2
§ Upon configuration refresh from WCS, template
associations may be deleted or maintained
§ Use the Templates Applied to Controller option to see
a mapping of existing templates (pushed from WCS)
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 25

Templates: Things to Remember—3
§ WLAN override feature was re-designed and merged under AP
Groups—WCS does provide backward compatibility so newer
releases (5.2 and above) provision this differently
§ WCS supports template creation for WLC s dynamic interfaces
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 26

Configuration—Auditing
§ Easy way to identify
configuration gaps between
WCS and WLC
Manual on-demand audit capability
Automatic audits based on
configuration sync background
task
§ Allows easy reconciliation
in the event of a
configuration mismatch
§ Helps ensure WLCs comply
with configuration policies
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 27

Quick Audit Summary and Reconciliation
Audit Summary
Restore or Maintain Config
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 28

Audit Settings
Audit Settings
§ Audit Mode
Basic Audit: Perform an audit on current WLC configuration and compare
it with the configuration in WCS
Template-Based Audit: Perform an audit on current WLC configuration
with respect to applied templates, config groups background templates
and then the configuration in WCS
§ Audit On
All Parameters: Audit on entire WLC configuration
Selected Parameters: Audit on selected parameters from the templates
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 29

Configuration—Auto-Provisioning
What Is Auto-Provisioning?
§ Ability to automatically detect and configure new WLCs (locally or at
remote sites)
§ Allows detection based on multiple criterion: Hostname, MAC
Address or Serial number (.cfg file on TFTP server)
§ Adds WLC to WCS for further configuration after provisioning
When Would You Use It?
§ Large distributed deployments
§ Limited IT resources
§ Streamline operations and eliminate configuration mismatches
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 30

Controller Auto-Provisioning
§ Monitor Only: Controllers matched by this filter
will not be configurable by WCS in the auto
provision process
§ Filter Mode: Choose from hostname, MAC Address
or Serial number to match the WLC
§ Config Group Name: Add the auto-provisioned
WLC(s) to their own config group for
easier management since these might share
common policies
§ Input Device: Select from single or multiple devices
to provision. Selecting CSV option provides a link to
download a sample file to understand the syntax.
§ Device Configuration: Other device parameters
that can be configured at this stage.
After hitting “Submit”, the filter is saved with one entry
for the “member” you just added. At this point, you may
add other members (WLCs) to this filter as well. This
filter also creates a WLC config file in WCS’s TFTP
directory. Ensure your DHCP server’s option 150
points to WCS Server
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 31

Scheduled Image Download to Controller
• Provides option to schedule software
download (FTP/TFTP) to controllers.
• Task can be saved for future scheduling.
• Reboot can be scheduled at a future
date/time.
• Email notification can be sent after
completion of download.
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 32

Scheduling AP Pre-Image Download
• Provides option to schedule image
download to AP.
• Reboot can be scheduled at a future date/
time.
• Email notification can be sent after
completion of download.
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 33

Configuration—Maps
Why Maps?
§ Track wireless clients and tags, and play location history across campus
§ Track and mitigate rogue devices
§ Display Chokepoints
§ Display Mesh AP relationships
§ Integrate outdoor wireless mesh with Google Earth
§ Represent wireless coverage on campus, and plan for growth
§ View Channel and Tx Power plans provisioned by RRM
§ View AP and RF Profile at the floor level
§ Provision and display coverage areas, markers and other objects and use
them with location notifications
§ Post-Deployment: VoWLAN and Location Readiness tools
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 34

Maps Layout
Default View of Campus, Buildings,
and Floors can be easily changed with
the Quick Filters
Hierarchical Layout Adding Campus or Buildings are made easy
for easy navigation with the drop-down menu actions through an
easy wizard that walks you through
provisioning floor plans and APs
Building view provides a quick glance
in to floors status and alarm summary
for easier troubleshooting
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 35

Maps Layout—Floor View
Display and locate interference sources
and zone of interference
Commonly used map
actions are ever-present
in icon format
Quickly Add/Remove Layers that may be
placed on the floor plan and heat maps
Mouse-over on objects on the
map provides quick object
summaries
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 36

Maps Layout—Floor View
Commonly used map
actions are ever-present
in icon format
Quickly Add/Remove Layers that may be
placed on the floor plan and heat maps
Display and locate
interference
sources and zone
of interference
Mouse-over on objects on the
map provides quick object
summaries
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 37

WCS Map Export/Import
• Provides ability to export maps from one
WCS to target WCS.
• Can select all maps or subset.
• Export/import of map includes both map and
AP’s placed on MAP.
• Exported via tar gzipped XML file.
• Import process ungzips/untars XML file
automatically.
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 38

Real-Time Heat Maps

Real-Time Heatmaps
NCS provides:
§ AP-to-AP RSSI measurements reflected
in heat maps
§ Option to switch between real-time (new)
and predictive (legacy) heat maps
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 40

Real-Time Heat Maps
Real-time heatmap
(NCS)
Predictive heatmap
(WCS)
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 41

Real-Time Heat Maps + Rx Neighbors
Provides list of neighboring AP’s and
RSSI value that they “hear” the
selected AP
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 42

Advantages of Real-Time Heat Maps
§ Provides graphical view of RSSI based on
set of nearest AP’s vs. AP transmit power
(predictive heat map)
§ Configurable options:
§ Min. number of APs
§ Recomputation interval
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 43

Monitoring

Section Agenda: Monitoring
§ General Monitoring
Dashboard Concepts
§ Client-Related Monitoring
Client Details and Client List Pages
Client Dashboard
§ Using Search
§ NCS: Monitoring Autonomous APs
§ NCS: Monitoring Switches
§ Alarms and Events
Setting up Alarm Summary
Differentiation Between Alarms and Events
Severity and Layout Customization
Setting Up Notifications and Help Desk-Like Usage
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 45

Monitoring—WCS Dashboard Concepts
§ Canned tabs of high-level system views
§ Ability to add/remove tabs
§ Ability to add/remove components within tabs
§ Customize individual components
§ Introduction of trending information at system level
§ Quick drill-downs
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 46

Customizing WCS Dashboard
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 47

Customizing and Historical Trending
Custom Tab
Custom
Components
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 48

Information Layout and Workflow Concepts
§ WCS presents many intuitive ways to arrive at information
§ Ability to drill-down to an individual client-level detail
from dashboard
§ Ability to drill-down with the help of Quick Filters
§ Ability to sort on different attributes in client list pages
§ Ability to perform and save intelligent searches
§ Ability to customize list layout, items per page and content
§ Perform advance context-sensitive actions (such as launching a
report from AP page) from page drop-downs
§ Consistent breadcrumbs for navigational assistance
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 49

System-Level to Drill-Down
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 50

Quick Filters, Custom List Layout
Use Quick Filters or Column Sorting to
arrange information relevant to the task
Edit List Pages for content relevant to you
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 51

NCS UX/UI Enhancements

NCS Homepage
“drag and drop”
dashboard
customization
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 53

Dashlet Customization
Data customization
per dashlet
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 54

Using Search
Global Search Capability
§ Searches can be performed on
partial input
§ Search output provides
configuration and monitor links
based on device type found
§ Search parameters include IP
Address, Usernames, MAC
Addresses, SSIDs ,Rogues and
AP Names
Advanced searches can be saved
for easy future reference and use
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 55

Monitoring—Client-Related Workflow
Common Steps in a Troubleshooting Scenario:
§ Lookup a client: MAC Address, Username, IP Address, Client
type, Client state, From AP Details Page (example below)
§ Where is the client now (and how is their RF profile)
§ Where has this client been (Location playback, session and
AP history)
§ Active troubleshooting
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 56

Monitoring: Client Details—1
Basic Client Properties—can be
expanded for further details
Client Association, Session
History and Roam Reason
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 57

Monitoring: Client Details—2
Client AP Association History
Client Statistics
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 58

Wired/Wireless Client Monitoring

Client Status: Wireless
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 60

Monitoring: Wired Clients
General client Session details Security details
information
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 61

Wired Client Details
Provides connectivity details for wired client including switch/port
info, authorization details
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 62

Client Status: Wired
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 63

Track Clients
Create policy for
tracking one or more
clients detected on
the network
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 64

Unknown Users
Assign username
to client on
network not
authenticated via
ISE.
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 65

Autonomous AP Support

Managing Autonomous Access Points
NCS 1.0 will provide:
§ Autonomous AP monitoring
§ Autonomous AP reports
§ Client Visibility
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 67

Autonomous AP Reports
Provides visibility into operation of aIOS AP’s
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 68

Switch Monitoring

Switch Summary
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 70

VLAN Information
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 71

Spanning Tree Details
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 72

Monitoring—Alarms and Events
What Are Events?
§ An occurrence of a condition (or change in condition) in the network
managed by WCS
§ Not necessarily generated for every condition but could be a result
of a pattern or threshold match by the WLC
§ Events may not be useful in their raw form (unless troubleshooting,
for example) and usually need further processing
What Are Alarms?
§ Correlated events result in alarms (WCS allows looking up event history for
alarms)
§ Both Alarms and Events are categorized by severities
Critical
Major
Minor
Warning
Informational
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 73

Alarm System and Logic Simplified
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 74

Alarms Layout and Search
Expandable Widget
persistent across WCS Granular Alarm searches can
be performed via the
Advance Search feature,
and saved for future re-use
Alarms Sorted by Categories
and Severities are
hyperlinked to quickly
drill-down
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 75

Alarms
Ac>ons
and
Customiza>ons
Quick
access
to
Alarm
Ac>ons
Alarm
message
details
Customizable
Layout
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 76

Working with an Alarm
Manage Alarms
Manage Security
Historical Data.
Note First Seen
and Last Seen
Trace Alarm Source
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 77

Northbound
Event
No>fica>ons
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 78

Alarms—Things to Remember
§ It s common to ignore email configuration in WCS
§ WCS sends email notifications for Major events only!
§ Acknowledged alarms suppress email notifications even
if the severity changes
§ Help! My alarms seem to have disappeared!
Alarms that get cleared move in to the Cleared state so be sure to check
cleared alarms (or look under event history)
§ Clearing an alarm does not remove it from WCS database
(deleting it does)
§ Alarm severities can be customized from Administration—
Settings—Alarms
§ Alarm acknowledgement works on individual alarm instance
(and not on category or condition)
§ Even if traps are disabled on WLC, WCS could generate alarms from the
regular polling it performs
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 79

Tools
and
Troubleshoo>ng

Section Agenda: Troubleshooting
§ Client Troubleshooting Tool
§ Voice Audit Tool
§ Location Tools
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 81

Client Troubleshooting Tool
§ An easy way to identify client-related issues from within WCS, without the need
for extensive WLC debugs
Look at the client s current state (and at what stage of the connection they might be
having issues at)
Allows for real-time troubleshooting and log retrieval from the WLC
Allows for looking up historical, and relevant client and AP events
Allows integration with ACS View Server for authentication log retrieval
§ But, first things first—common problems:
Watch out for misconfigured clients (common areas are WLAN profile settings,
authentication and encryption settings, and any advanced extensions that might not be
required
Ensure WLC settings match the provisioned client profiles (security, SSID broadcast,
WLAN override, etc.)
Ensure data rate settings on the WLC (Mandatory, Supported and Disabled rates)
Look for client exclusion settings (easy way to find excluded clients is via the quick
filter in Monitor—Clients page
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 82

Client Troubleshooting—Launch Points
Multiple Launch points
to initiate client
troubleshooting tool
allows for diverse
workflow integration
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 83

Client Troubleshooting—Examples
Identify whether the problem
occurs at 802.11 or higher layers
Suggestions on where to look
and how to potentially resolve
the error condition(s)
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 84

Client Troubleshooting—Examples
Provides visibility into logs, event
history, and related CleanAir
information
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 85

NCS: Wired Client Troubleshooting
Client connectivity
status/issues
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 86

APs Detecting a Specific Client
Client MAC
address
List of APs that
heard client probe
requests, 802.11
band, RSSI, how
long ago AP heard
this client
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 87

ISE Integration

NCS and ISE Integration
§ NCS leverages ISE API for posture
assessment and report generation
§ Ability to drill-down to an individual client-
level security details
§ Ability to troubleshoot client connectivity
issues
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 89

NCS + ISE: Client Posture and Profiling
ISE determines client to Client authenticated
be Microsoft using 802.1x via ISE
Workstation based on
device fingerprinting
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 90

Client Troubleshooting: Wireless Client
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 91

Client Troubleshooting: Wired Client
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 92

Voice Audit Tool
§ Allows auditing current network configuration from a
VoWLAN deployment perspective
§ Use default rules and thresholds based on Cisco best
practices
§ Ability to customize the rules to match your network and
requirements
§ Provides a simple report with a list of configuration gaps
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 93

Voice Audit—Example
Customizable Rules
Voice Audit Tool
Report
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 94

Voice Readiness Tool—Example
Simple, post-deployment tool to
verify or correct AP deployment and
provides a way to determine
VoWLAN readiness by band, and
RSSI cutoff values
BRKAGG-2011 Presentation_ID Cisco Systems, Inc. All rights reserved. its affiliates. All Public reserved.
© 2009 © 2011 Cisco and/or Cisco rights Cisco Public 95

Location Accuracy Tool—Example
Determine Accuracy Probability,
Correct Deployment
Test with Clients, Tags,
Exciters
Schedule Accuracy Tests
BRKAGG-2011 Presentation_ID Cisco Systems, Inc. All rights reserved. its affiliates. All Public reserved.
© 2009 © 2011 Cisco and/or Cisco rights Cisco Public 96

Location Readiness—Example
Simple, post-deployment tool to
verify or correct AP deployment and
provides information on what areas
are under the Cisco recommended
estimates
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 97

Sending Network Details to TAC
Input TAC case number directly into
WCS for sending captured files
Select network and device info to
attach to TAC case
Option to send directly to TAC or
download file
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 98

Device Data Collection
Execute controller CLI
commands and easily
capture command output
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 99

Repor>ng

Section Agenda: Reporting
§ Report LaunchPad
§ Report Customizations
Multi-Level Filtering
Customizing Report Output
Multi-Level Sorting in Report Output
§ Report Scheduling
§ NCS + ISE Reporting
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 101

Report LaunchPad
Report LaunchPad – Easy
Drill-Down
Callouts – Report Descriptions
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 102

Report Customization
Multi-Level
Filters
Customized Reports
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 103

Graphical Report Content
Graphical
Reporting
Graphical Summaries
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 104

Client Summary Report - Endpoint Type
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 105

NCS + ISE: Report Cross-Launch
New set of reports
launched from NCS
cross-launches reports
in ISE.
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 106

NCS + ISE: Report Cross-Launch
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 107

Advanced
Topic

High-Availability—Components and Operation
§ At the heart of the high-availability design is the Health
Monitor (HM) Process
Other components in WCS are JVM (WCS), Database, and Apache webserver
§ HM is sub-divided into smaller components:
Core HM: Configures, maintains state and starts/stops the HA configuration across
WCS servers
Heartbeat: Responsible for maintaining communication between the primary and
secondary servers (over HTTPS, port 8082); timeout is set to two seconds, with
three retries
Application Monitor: Communicates with the WCS framework components
on the primary server
DB Monitor: Configures database replication
File Sync: Identifies file changes, compression, and statistics maintenance
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 109

High-Availability—Things to Know
§ Both the primary and failover WCS servers should run the same software
version
§ Both the primary and failover WCS servers should be running
on the same OS type (can t mix Windows and Linux installs)
§ Email server and receiver must be configured (used for notifications)
§ Communication between the primary and failover WCS must be enabled on HM
port if firewall is in the path
§ Failover mode must be carefully selected (and remembered): manual vs.
automatic
§ Authentication key is created during the install, and is used by
the primary and failover WCS servers for communication (and
also logging into the HMweb page)
§ HM available at: https://ip.address:HMport (example: https://10.10.10.200:8082)
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 110

WCS High-Availability—Things to Know
§ Available in release 5.2 and above
§ Requires the WCS PLUS license (only on the primary server)
§ Feature supports failover of up to two primary WCS servers to one
backup server
Primary Secondary
1 Low-end WCS 1 Low or higher-end WCS
1 Standard WCS 1 Standard or higher WCS
1 High-end WCS 1 High-end WCS
§ Suggested deployment matrix in a 2:1 model
Primary Secondary
2 Low-end WCS 1 Standard or higher WCS
2 Standard WCS 1 Standard or higher WCS
2 Standard WCS 1 High-end WCS
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 111

NCS High-Availability—Things to Know
§ No longer BASE and PLUS license
(now single-tier license), so HA is
available at no extra charge
§ Feature supports failover of one
primary NCS servers to one backup
server
§ Functionally the same as WCS HA
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 112

Virtual Domains
What They Are (or do) What They’re Not (or don’t do)
Quick way to partition WCS objects Not necessarily a complete replacement
for RBAC (for example, via TACACS+)
Allows users to be mapped to separate If none specified, users are added to the
virtual domains at the time of creation “root” virtual domain by default
Separate Reports, Controllers, Access Don’t separate Google Earth Maps, Auto-
Points, Search, Templates, Config Provisioning, MSEs, and Ethernet
Groups, Alarms and other objects Switches
Objects may be assigned to multiple Avoid changing configurations from
domains at the same time multiple domains management simple
“root” domain is a superset of all sub- Not all objects are available at the “root”
domains level – objects such as Search and
Reports are domain specific
Only the “root” domain may location, and For more caveats, visit:
any other email notifications http://www.cisco.com/en/US/docs/
wireless/wcs/5.2/configuration/guide/
5_2virtual.html
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 113

WCS
to
NCS
Migra>on

Why Upgrade from WCS to NCS?
§ Increased scale (total device count: 25K)
§ Wired/wireless integrated management:
manage access layer
§ 64-bit architecture: increased memory
footprint
§ Appliance mode: no need for customer for
procure server (HW, OS + patches)
§ Tight integration with Cisco ISE: device
posture enforcement, AAA
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 115

Cisco WCS to Cisco Prime NCS Migration
Cisco WCS 7.0.X Cisco Prime NCS
Multi-tier License Model Licenses
Single-tier License Model
WCS Base License
(Examples: WCS-APBASE-X or
WCS-WLSE-APB-X)
Prime NCS License
(Example: L-NCS-1.0-X)
WCS Plus License
(Examples: WCS-Plus-X or WCS-
WLSE-Plus-X)
Database Migration
Must be on
WCS 1:1 Upgrade
7.0.164.0 or
7.0.164.3
WCS 7.X is the last release running on CiscoWorks Wireless LAN Solution Engine (WLSE)
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 116

Greenfield Deployment: Why WCS?
§ Wired/wireless integrated management: manage
access layer (infrastructure and endpoints)
§ Appliance model (physical and virtual/VM): no
need to procure server (HW, OS + patches)
§ High device scale: up to 25K infrastructure
devices
§ State of the art UI
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 117

Key Takeaways
§ Wired/wireless access – infrastructure and
endpoints – need to be managed together
§ WCS and NCS provide full lifecycle
management
§ NCS builds on the features/functionality of WCS
and adds wired management
§ Easy migration from WCS to NCS – both
platform and learning curve
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 118

Helpful Links
§ Cisco Prime Network Control System (NCS) Datasheet
http://www.cisco.com/en/US/prod/collateral/wireless/ps5755/ps11682/ps11686/ps11688/
data_sheet_c78-650051.html
§ NCS Learning Modules
http://www.cisco.com/en/US/products/ps11686/
tsd_products_support_online_learning_modules_list.html
§ TACACS+ Configuration Example
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a0080851f7c.shtml
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 119

Thank you.
Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 120