Evolution to Wireless TechnologyFat AP Architecture (Autonomous Switching)Wireless Controller and Access Point are built into one device.Doesn’t scale well as each device must be managed individually.Thin AP Architecture (Centralized Switching)Separated Wireless Controller and AP into separate devices.APs are controlled by a controller reducing management improving security and scalability.Juniper Wireless Architecture (Centralized and Distributed Switching)Supports both Centralized and Distributed Switching from same AP.Distributed switching separates data traffic from control and management traffic.Provides the most direct path for data to go through your core network.Data can go directly from AP to AP or AP to backend system.Provides you with the lowest latency architecture for wireless.
Client Load BalancingAP’s maintain awareness of "rf neighborhood" based on neighboring Aps and client location, AP determines a target loadthe system uses various techniques to "coax" clients to less loaded AP’s. If devices are persistent the system will allow them on. if an AP detects a client on both 2.4Ghz and 5Ghz bands, the same techniques are used to "coax" a client to less loaded band The purpose of bandwidth control is to allow the setting of bandwidth limits to ensure reliable accessThere are three methods for controlling bandwidth:Maximum bandwidth per SSIDConfigured limit is full duplex in units of KbpsMaximum bandwidth per UserFull-duplex rate limit for aggregate of all packets through a clientWeighted fair queuing per Radio ProfileService-profiles compete for transmit opportunities based on the configured weightsBandwidth limits are defined in a QoS profileA VSA allows QoS profiles to be dynamically assigned
Discuss 7.7 remote AP features
SmartPass IFMAP SupportAn important piece of the BYOD use cases that we’ve looked at and that we’ll look at in upcoming slides, revolves around IF Map support in the SmartPass application. So, this is how we get information about wireless users from the WL system into UAC, so that UAC can build role and policy details and propagate those out to the various enforcement points, either the SRX or the EX. So, SmartPass 77 is where we introduced this feature. There are two primary use cases that are supported in our guest use case that we just looked at. That’s our guest user federation case. So, SmartPass in this example is authenticating the guest users and publishing via IF Map a complete user picture. So, such as the username, IP address Mac, everything that UAC needs to build role and policy is learned via SmartPass. So, the SmartPass publishes this, UAC builds a role, pushes that information out to the SRX and the EXs for enforcement. Now, the other important use case that SmartPass supports with IF Map, is the case where SmartPass is not the authenticator. So, .1X example where .1X, has performed against UAC directly from non agent to users. The UAC is going to be missing, kind of missing through the critical IP Mac binding. So, SmartPass 77 provides the ability to now publish that via IF Map as well. So, in this case, the user authenticates against UAC, so UAC knows user identity and knows Mac address, is missing IP address. So, when the WLC communicates with SmartPass via accounting data, SmartPass learns about IP address, via those accounting messages and updates the UAC via IF Map with that missing IP Mac binding, which then enables UAC to do coordinated policy enforcement across the network.