Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

Ascom Interoperability On Cisco WLC - 8

Download as pdf or txt
Download as pdf or txt
You are on page 1of 20

Ascom i63

Cisco WLC
WLC controller platform
Cisco WLC v. 8.10.105
Ascom i63 v. 1.0.8
Morrisville, NC, USA
Feb 2020
Contents
Introduction..................................................................................................................................................... 3

About Ascom................................................................................................................................................................. 3

About Cisco ................................................................................................................................................................... 3

Site Information .............................................................................................................................................. 4

Verification site ............................................................................................................................................................. 4

Participants .................................................................................................................................................................... 4

Verification topology................................................................................................................................................... 4

Summary ......................................................................................................................................................... 5

General conclusions ................................................................................................................................................... 5

Compatibility information .......................................................................................................................................... 5

Verification overview .................................................................................................................................................. 6

Known limitations ..........................................................................................................................................................7

Appendix A: Validation Configurations ...................................................................................................... 8

Cisco WLC platform Version 8.10.105 .................................................................................................................... 8

Ascom i63 ..................................................................................................................................................................... 18

Appendix B: Interoperability Validation Records .................................................................................... 20

Document History ........................................................................................................................................ 20

Interoperability Report Date Page


Ascom i63 – Cisco WLC 15-jan-2020 2 / 20
Introduction
This document describes a summary of the interoperability verification results of the Ascom’s and Cisco’s platform,
necessary steps and guidelines to optimally configure the platforms and support contact details. The report should
be used in conjunction with both Cisco’s and Ascom’s platform configuration guides.

Ascom is a global solutions provider focused on healthcare ICT and mobile workflow solutions. The vision of
Ascom is to close digital information gaps allowing for the best possible decisions – anytime and anywhere.
Ascom’s mission is to provide mission-critical, real-time solutions for highly mobile, ad hoc, and time-sensitive
environments. Ascom uses its unique product and solutions portfolio and software architecture capabilities to
devise integration and mobilization solutions that provide truly smooth, complete and efficient workflows for
healthcare as well as for industry, security and retail sectors.

Ascom is headquartered in Baar (Switzerland), has operating businesses in 18 countries and employs around 1,300
people worldwide. Ascom registered shares (ASCN) are listed on the SIX Swiss Exchange in Zurich.

Cisco (NASDAQ: CSCO) is the worldwide technology leader that has been making the Internet work since 1984.
Our people, products and partners help society securely connect and seize tomorrow's digital opportunity today.
Discover more at thenetwork.cisco.com and follow us on Twitter at @Cisco.

Interoperability Report Date Page


Ascom i63 – Cisco WLC 15-jan-2020 3 / 20
Site Information

Ascom US
300 Perimeter park drive
Morrisville, NC, US-27560
USA

Karl-Magnus Olsson, Ascom, Morrisville

Interoperability Report Date Page


Ascom i63 – Cisco WLC 15-jan-2020 4 / 20
Summary

The Ascom interoperability verification produced very good results with regards to authentication, stability and
roaming.

A full validation test was performed towards AP 9120 and 9130. A less extensive regression test has been
performed towards the already certified AP models AP 3702, 4800, 9117

One Access point model from every product generation has been selected as a representation (3702, 3802, 4800,
9117, 9120 and 9130). By testing these access points we are considered cover all supported major Cisco access
points based on chipset compatibility listed below

Supported Partner Access Points with SW version 8.10.105:

AP1702, 2702, 3702

AP1832, 1852

AP2802, 3802

AP 4800

AP 9115, 9117, 9120, 9130

Supported Partner Controller Platforms with SW version 8.10.105:

Cisco 3504 Wireless Controller

Cisco 5520 Wireless Controller

Cisco 8540 Wireless Controller

Cisco Virtual Wireless Controller (vWLC)

Cisco Wireless Controllers for High Availability for Cisco 3504 WLC, Cisco 5520 WLC, and Cisco 8540 WLC.

Cisco Mobility Express Solution

Interoperability Report Date Page


Ascom i63 – Cisco WLC 15-jan-2020 5 / 20
WLAN Compatibility and Performance
High Level Functionality Result Comments

Association, Open with No Encryption NOK

Association, WPA2-PSK / AES Encryption OK

Association, PEAP-MSCHAPv2 Auth, AES Encryption OK

Association with EAP-TLS authentication OK

Association, Multiple ESSIDs OK

Beacon Interval and DTIM Period OK

PMKSA Caching OK

WPA2-opportunistic/proactive Key Caching OK

WMM Prioritization OK

802.11 Power-save mode OK

802.11e U-APSD OK

Roaming, WPA2-PSK, AES Encryption OK * Typical roaming time 39 ms

Roaming, WPA2-PSK, AES Encryption, 802.11r/FT OK Typical roaming time 25-40ms

Roaming, PEAP-MSCHAPv2 Auth, AES Encryption OK * Typical roaming time 50 ms

Roaming, PEAP-MSCHAPv2 Auth, AES Encryption, 802.11r/FT OK Typical roaming time 25-40ms

Average roaming times are measured using 802.11a/n. Refer to Appendix B for detailed test results

*) 802.11r / FT is generally recommended to enhance roaming performance.

Interoperability Report Date Page


Ascom i63 – Cisco WLC 15-jan-2020 6 / 20
Description and Consequence Workaround Ticket(s) raised

Open authentication not working. To be corrected in next


WH2-2382
Ascom i63 release.

Disable or set Protected


Management Frames to
Authentication with 802.11w (Protected Management Frames)
optional in the Cisco WLC
does not work in conjunction with 802.11r
WH2-2356

Disable Protected
Management Frames in the
Call Admission Control not working in conjunction with 802.11w WH2-2363
Cisco WLC if CAC is being
(Protected Management Frames)
used

2 second delay before call is set up when Call Admission WH2-2362


Control is enabled.

For additional information regarding the known limitations please contact interop@ascom.com or
support@ascom.com.

For detailed verification results, refer to Appendix B: Interoperability Validation Records.

Interoperability Report Date Page


Ascom i63 – Cisco WLC 15-jan-2020 7 / 20
Appendix A: Validation Configurations

In the following chapter you will find screenshots and explanations of basic settings in order to get a Cisco WLC
WLAN system to operate with an Ascom i63. Please note that security settings were modified according to
requirements in individual test cases.

Security settings (PSK)

Example of how to configure the system for PSK (WPA2-AES)

Security profile WPA2-PSK, AES encryption

- Select WPA2 Policy with AES encryption.

- Select PSK and enter a key (Here in ASCII format)

- It is strongly recommended to use Fast Transition (802.11r) for enhanced roaming performance

- Select both PSK and FT PSK for compatibility with i62 and Myco 1 & 2 on the same SSID.

Note. 802.11r is not supported by Ascom i62 and Myco 1 & 2 but the devices have no problem operating on a SSIDs
were 802.11r (FT) is advertised in conjunction with a legacy method.

Interoperability Report Date Page


Ascom i63 – Cisco WLC 15-jan-2020 8 / 20
802.1X authentication (PEAP-MSCHAPv2).

Example of how to configure the system for .1X authentication

Configuration of authentication using external Radius server, 802.1X (Step 1). In this example is WPA2-AES used.
Select 802.1X as Authentication Key Management.

- It is strongly recommended to use Fast Transition (802.11r) for enhanced roaming performance

- Select WPA2 Policy with AES encryption.

- Select both 802.1X and FT 802.1X for compatibility with i62 and Myco 1 and 2 on the same SSID.

In cases were i62 and Myco 1 & 2 using CCKM, select both CCKM and FT 802.1X for compatibility.

Note. 802.11r is not supported by Ascom i62 and Myco 1 & 2 but the devices have no problem operating
on a SSIDs were 802.11r (FT) is advertised in conjunction with a legacy method.

Interoperability Report Date Page


Ascom i63 – Cisco WLC 15-jan-2020 9 / 20
Example of authentication configuration using external Radius server (Step 2). Select the server to use. The server
is configured under tab Security/Radius. See configuration of server below.

Interoperability Report Date Page


Ascom i63 – Cisco WLC 15-jan-2020 10 / 20
Configuration of authentication using external Radius server (Step 3). The IP address and the secret must
correspond to the IP and the credential used by the Radius server. Tests were performed using FreeRadius as
RADIUS server.

Note. Depending on authentication method used it might be necessary to add a certificate into the i63. PEAP-
MSCHAPv2 requires a CA certificate and EAP-TLS requires both a CA certificate and a client certificate.

Note. Refer to the i63 section in for matching handset configurations.

Interoperability Report Date Page


Ascom i63 – Cisco WLC 15-jan-2020 11 / 20
General settings (QoS, Radio)

Set QoS to “Platinum (Voice)”

Make sure that WMM policy is set to “Required” or “Allowed”

Interoperability Report Date Page


Ascom i63 – Cisco WLC 15-jan-2020 12 / 20
- Make sure “Session timeout” is disabled or set to a very large value.

- Coverage Hole Detection can be left enabled if RRM is used in the system.

- Aironet IE is not needed for i63

- Ascom recommends a DTIM period of at least 2 but no higher than 5.

- Make sure Client Load Balancing and Client Band select is disabled.

- Make sure 11k – Neighbour list is enabled.

- 11v BSS Transition Support is not supported by Ascom i63 but can be left enabled per default
configuration.

Note for mixed device installation. Ascom i62 and Myco 1 & 2 do not support 11k but have no problem operating on
an SSID were these settings are enabled. (Assuming i62 version 6.0.0 and later)

Interoperability Report Date Page


Ascom i63 – Cisco WLC 15-jan-2020 13 / 20
Channel configuration. See next picture for additional information.

Ascom recommended settings for 802.11b/g/n are to only use channel 1, 6 and 11. For 802.11a/n/ac use channels
according to the infrastructure manufacturer, country regulations and per guidelines below.

Note that Tx power level and channel was manually set for test purpose.

General guidelines when deploying Ascom i63 handsets in 802.11a/n/ac environments:

1. For environments not utilizing 802.11k Neighbor Report - Enabling more than 8 channels will degrade
roaming performance. (In situations where UNII1 and UNII3 are used, a maximum of 9 enabled
channels can be allowed) Ascom does not recommend exceeding this limit unless 802.11k is in use.

2. Ascom do support and can coexist in 80MHz channel bonding environments. The recommendations is
however to avoid 80 MHz channel bonding as it severely reduces the number of available non
overlapping channels.

3. Make sure that all non-DFS channel are taken before resorting to DFS channels. The handset can cope
in mixed non-DFS and DFS environments; however, due to “unpredictability” introduced by radar
detection protocols, voice quality may become distorted and roaming delayed. Hence Ascom
recommends if possible avoiding the use of DFS channels in VoWIFI deployments.

Interoperability Report Date Page


Ascom i63 – Cisco WLC 15-jan-2020 14 / 20
The default data rate set will work just fine, however Ascom recommends disabling the lowest data rates and have
12Mbps as lowest data rate.

As Ascom i63 do support Channel Switch Announcement it’s recommended to have this setting enabled in the
system (only applicable when DFS channels are used)

Interoperability Report Date Page


Ascom i63 – Cisco WLC 15-jan-2020 15 / 20
Ascom does support both usage of “11n Mode” and “11ac Mode” including 40 MHz and 80MHz channels

Follow the recommendations “General guidelines when deploying Ascom i63 handsets in 802.11a/n/ac
environments“

The default data rate set will work fine, however for optimization Ascom recommends disabling the lowest data
rates and have 12Mbps as lowest mandatory rate.

Interoperability Report Date Page


Ascom i63 – Cisco WLC 15-jan-2020 16 / 20
Ascom recommends “EDCA Profile”: Voice Optimized

Make sure Low Latency MAC is disabled. (Both 802.11a/n/ac and 802.11b/g/n)

Note. Using EDCA Profile “WMM” is acceptable but “Voice Optimized” is to prefer when voice clients are present in
the system.

Depending on the infrastructure (switches) ”Protocol Type” may have to be disabled.

Interoperability Report Date Page


Ascom i63 – Cisco WLC 15-jan-2020 17 / 20
Network settings for WPA2-PSK

Note. Make sure that the enabled channels in the i63 handset match the channel plan used in the system.

Note. FCC is no longer allowing 802.11d to determine regulatory domain. Devices deployed in USA must set
Regulatory domain to “USA”.

Interoperability Report Date Page


Ascom i63 – Cisco WLC 15-jan-2020 18 / 20
Network settings for .1X authentication (PEAP-MSCHAPv2)

802.1X Authentication requires a CA certificate to be uploaded to the phone by “right clicking” - > Edit certificates.
EAP-TLS will require both a CA and a client certificate.

Note that both a CA and a client certificate are needed for TLS. Otherwise only a CA certificate is needed. Server
certificate validation can be overridden in version 4.1.12 and above per handset setting.

Interoperability Report Date Page


Ascom i63 – Cisco WLC 15-jan-2020 19 / 20
Appendix B: Interoperability Validation Records
Pass 20

Fail 2

Comments 3

Not verified 1

Total 26

Refer to the attached file for detailed verification results.

Refer to the verification specification for explicit information regarding each verification case.
The specification can be found here (requires login):
https://www.ascom-ws.com/AscomPartnerWeb/en/startpage/Sales-tools/Interoperability/Templates/

Document History

Rev Date Author Description

P1 15-Jan-20 SEKMO Draft

R1 3-Feb-20 SEKMO Updates after review. Revision R1

Interoperability Report Date Page


Ascom i63 – Cisco WLC 15-jan-2020 20 / 20

You might also like