Wireless SD-Access Overview

Wireless SD-Access Overview

In this overview, you will get familiarized with the architecture of SD-Access wireless network, its component roles, and the protocols that are used to get it up and running. You will also get familiarized with the supported network devices. This overview also describes and compares the wireless network rollout options that are available with SD-Access fabric.

Software-defined wireless with Cisco DNA Center includes the following benefits:

• Centralized management across wired and wireless domains with policy unification and consistency
• Secure policy-based automation with easy end-to-end segmentation
• Optimized distributed traffic flows for future scalability
• Simplified enablement of Wi-Fi services

SD-Access Wireless Architecture

The main components of SD-Access wireless are fabric enabled Wireless LAN Controller (WLC) and fabric enabled access points (APs).

Fabric WLC integrates and interacts with the fabric control plane nodes to locate the fabric mode APs and update the control plane with the onboarded wireless client details.

Fabric enabled or fabric mode APs integrate with the fabric edge nodes to build Virtual Extensible LAN (VXLAN)-based distributed data plane for wireless clients in the fabric overlay.

The fabric provides connectivity between all the components and carries the wireless client traffic together with the policy information end to end.

Cisco DNA Center automates the entire deployment and presents a single and unified user interface for simplified management of all wireless and wired network features and services.

The automation advantages are:

• Cisco DNA Center simplifies the fabric deployment, including the wireless integration component.

The centralized wireless control plane includes these features:

• WLC provides client session management.
• AP management, mobility, RRM, and so on.
• Same operational advantages of Cisco Unified Wireless Network (CUWN).

LISP control plane management includes these actions:

• WLC integrates with LISP control plane.
• WLC updates the control plane for wireless clients.
• Mobility is integrated in the fabric, thanks to the LISP control plane.

Optimized distributed data plane includes these features:

• Fabric overlay with anycast gateway and stretched subnet.
• VLAN extension with no complications.
• All roaming is Layer 2.

VXLAN from the AP includes this process:

• It carries hierarchical policy segmentation starting from the edge of the network.

SD-Access Wireless: Supported Devices

In the figure below, you can see the supported AireOS-based and IOS XE-based fabric wireless controllers and the fabric mode APs. The fabric mode APs are Cisco WiFi6 and 802.11ac Wave 2 and Wave 1 APs

Fabric Mode Wireless LAN Controller

Fabric wireless controller manages and controls the fabric mode APs in the same way as traditional centralized local-mode controllers, offering the same operational advantages.

Fabric mode Wireless LAN Controller remains the centralized control plane for all of the following wireless functions:

• AP image and configuration management
• Radio Resource Management (RRM)
• Client session management and roaming 

The key difference between traditional and fabric mode WLC is the way wireless endpoint traffic is handled.

In traditional centralized mode deployments, both control and user traffic are tunneled through Control and Provisioning of Wireless Access Points (CAPWAP) to the WLC. At the WLC, the user traffic is broken out via a specific dynamic interface for a Service Set Identifier (SSID).

In fabric mode deployments, the control traffic is still tunneled to the WLC via CAPWAP, but the end-user traffic is broken out locally at the AP and forwarded to the fabric edge via VXLAN. The fabric edge routes the wireless endpoint traffic in the same way wired endpoint traffic is routed.

To accomplish this result, fabric mode WLC integrates with the Locator/ID Separation Protocol (LISP) control plane by registering the client Media Access Control (MAC) addresses with Scalable Group Tag (SGT) and Layer 2 VXLAN network identifier (VNID) in the host tracking Database (DB) on control plane nodes.

The key characteristics of the fabric control plane for wireless are:

• The Virtual Network (VN) information is a Layer 2 VNID, which maps to a VLAN on fabric edges.
• Wireless client MAC address is used as an endpoint identifier (EID).
• WLC updates the host tracking DB with roaming information of wireless clients.
• Fabric enabled WLC must be co-located at the same site with APs.
• The latency between the AP and WLC must not exceed 20 ms.

Fabric Edge Node

Fabric edge node is based on a LISP tunnel router and provides connectivity for users and devices in the fabric by implementing the following functions:

• Identifying and authenticating wired endpoints
• Registering endpoint ID information with one or more control plane nodes
• Providing VN services for wireless clients (via Layer 3 VNID)
• Onboarding APs into the fabric and forming VXLAN tunnels with APs
• Providing anycast Layer 3 gateway for connected endpoints 

It is switches, not APS, that work as Fabric edge nodes for wireless clients. Wireless APs are not edge nodes, their VXLAN tunnels terminate on the fabric edge node switches to which APs connect directly or via extended node switches. Fabric mode APs use VXLAN only to encapsulate wireless client data traffic. They rely on the fabric edge nodes to provide fabric services, such as the Layer 3 anycast gateway.