WEBVTT 0:00:03.040000 --> 0:00:08.540000 Hello and welcome to this video titled Cisco Access Point Modes. 0:00:08.540000 --> 0:00:11.600000 In this video I'm going to talk about an introduction to what the various 0:00:11.600000 --> 0:00:14.420000 modes are the Cisco Access Point could operate in. 0:00:14.420000 --> 0:00:18.380000 We're going to talk about local and bridged modes, flex connect mode, 0:00:18.380000 --> 0:00:26.860000 monitor mode, sniffer mode, sensor mode, and mesh mode. 0:00:26.860000 --> 0:00:31.000000 So Cisco Access Points can operate in several of different modes. 0:00:31.000000 --> 0:00:35.240000 We know that an autonomous access point is something all by itself, right? 0:00:35.240000 --> 0:00:40.840000 That's a mode that is not really a configurable mode when you buy an access 0:00:40.840000 --> 0:00:44.560000 point. If it's an autonomous access point, typically that's what it is 0:00:44.560000 --> 0:00:46.680000 unless you upgrade it with software. 0:00:46.680000 --> 0:00:49.800000 So with an autonomous access point, we wouldn't really consider that a 0:00:49.800000 --> 0:00:53.240000 mode. What we're talking about here are access points that are managed 0:00:53.240000 --> 0:00:55.120000 by a controller. 0:00:55.120000 --> 0:00:57.880000 So an access point that's managed by a controller, we call it a lightweight 0:00:57.880000 --> 0:01:02.040000 access point, but it can operate in several different modes. 0:01:02.040000 --> 0:01:05.080000 And that's something you would configure on the controller and push it 0:01:05.080000 --> 0:01:07.200000 down to the access point. 0:01:07.200000 --> 0:01:08.880000 So what these modes do? 0:01:08.880000 --> 0:01:12.440000 Well, these modes of operation determine such things as is the access 0:01:12.440000 --> 0:01:14.780000 point associated with a controller or not? 0:01:14.780000 --> 0:01:19.580000 Can the access point accept Wi -Fi connections from clients? 0:01:19.580000 --> 0:01:24.080000 How will the access point switch frames from the clients? 0:01:24.080000 --> 0:01:29.040000 Can the access point report on RF conditions capture Wi-Fi traffic and 0:01:29.040000 --> 0:01:32.480000 act as a sniffer or detect rogue access points? 0:01:32.480000 --> 0:01:36.200000 So let's look at what some of these various modes are as we go through 0:01:36.200000 --> 0:01:41.160000 them. So let's start with local and bridged modes. 0:01:41.160000 --> 0:01:45.460000 So local mode, this is your default mode for a lightweight access point. 0:01:45.460000 --> 0:01:49.240000 So this is when the access point is connected to a controller. 0:01:49.240000 --> 0:01:53.380000 The controller is basically controlling and managing that access point. 0:01:53.380000 --> 0:01:56.600000 So it's going to create a couple of CAPWAP tunnels to that controller, 0:01:56.600000 --> 0:02:01.340000 a data tunnel and a control tunnel, all within CAPWAP. 0:02:01.340000 --> 0:02:06.060000 And in local mode, if that CAPWAP tunnel fails due to like a WAN failure 0:02:06.060000 --> 0:02:10.200000 or a routing failure or something else, that access point is going to 0:02:10.200000 --> 0:02:14.480000 have to disconnect all of its wireless LAN clients and find another available 0:02:14.480000 --> 0:02:20.640000 controller. So in local mode, an access point can't operate if it's not 0:02:20.640000 --> 0:02:23.600000 talking to and connected to a controller. 0:02:23.600000 --> 0:02:26.220000 It can't operate independently. 0:02:26.220000 --> 0:02:28.940000 Now there's another mode you're probably not going to see very often. 0:02:28.940000 --> 0:02:32.460000 You're probably not going to use a lot, which is called bridge mode. 0:02:32.460000 --> 0:02:34.140000 Let's discuss that real briefly. 0:02:34.140000 --> 0:02:42.700000 So bridge mode, this allows an autonomous access point to act as a client, 0:02:42.700000 --> 0:02:47.960000 as a wireless LAN client, and associate to a local, or I should say a 0:02:47.960000 --> 0:02:50.020000 lightweight access point. 0:02:50.020000 --> 0:02:52.140000 So why would we do this? 0:02:52.140000 --> 0:02:54.780000 Well, this would be one of these one -off situations where you might have 0:02:54.780000 --> 0:02:56.540000 some wired clients. 0:02:56.540000 --> 0:02:59.140000 For example, maybe a wired network printer. 0:02:59.140000 --> 0:03:02.140000 So a printer that's got an Ethernet cable, but doesn't actually have any 0:03:02.140000 --> 0:03:04.740000 WiFi NIC inside of it. 0:03:04.740000 --> 0:03:09.420000 And we want to give that access to WiFi. 0:03:09.420000 --> 0:03:13.160000 So in other words, wired clients can connect to the Ethernet port on the 0:03:13.160000 --> 0:03:17.540000 back of the autonomous AP and have their traffic bridged across the wireless 0:03:17.540000 --> 0:03:20.760000 LAN to gain access to the distribution system. 0:03:20.760000 --> 0:03:24.040000 So let's just draw that out real quickly to see what that looks like. 0:03:24.040000 --> 0:03:32.220000 So let's say right here we have a wired network printer. 0:03:32.220000 --> 0:03:35.880000 He's got no WiFi capabilities. 0:03:35.880000 --> 0:03:41.680000 All right, over here we have a client that wants to talk to that printer. 0:03:41.680000 --> 0:03:44.520000 But here's our problem. 0:03:44.520000 --> 0:03:53.920000 This client is connected to a switch. 0:03:53.920000 --> 0:04:00.880000 And eventually we get to the point where maybe here's a controller. 0:04:00.880000 --> 0:04:08.960000 A wireless controller is connected to that switch. 0:04:08.960000 --> 0:04:14.380000 And then we get down here and then here we have our lightweight access 0:04:14.380000 --> 0:04:21.380000 point. So that wired printer can't physically be connected to that laptop 0:04:21.380000 --> 0:04:22.860000 or PC on the right. 0:04:22.860000 --> 0:04:26.740000 For whatever reason we can't move it onto that wired network that is physically 0:04:26.740000 --> 0:04:29.640000 disconnected from that wired network. 0:04:29.640000 --> 0:04:32.140000 Well, here's what we can do. 0:04:32.140000 --> 0:04:39.120000 We can take an autonomous AP. 0:04:39.120000 --> 0:04:43.800000 We know that he's got some Ethernet ports on the back of him. 0:04:43.800000 --> 0:04:47.860000 So why don't we connect our Ethernet port on him to that wired printer? 0:04:47.860000 --> 0:04:52.980000 And then that autonomous AP can associate to the lightweight AP. 0:04:52.980000 --> 0:04:57.560000 From the lightweight AP's perspective, this autonomous AP is going to 0:04:57.560000 --> 0:05:02.660000 look like a WiFi client. 0:05:02.660000 --> 0:05:06.820000 And now data can get back and forth from the wired printer to our distribution 0:05:06.820000 --> 0:05:11.240000 system over here because it's being bridged by the autonomous AP. 0:05:11.240000 --> 0:05:13.660000 So really the autonomous AP is just acting as a bridge. 0:05:13.660000 --> 0:05:18.440000 He's taking wired data from the printer and bridging it onto the WiFi 0:05:18.440000 --> 0:05:22.720000 network to be picked up by the lightweight access point. 0:05:22.720000 --> 0:05:24.200000 That's what bridge mode is. 0:05:24.200000 --> 0:05:33.920000 So bridge mode is this autonomous AP right here performing that service. 0:05:33.920000 --> 0:05:39.180000 Then we also have flex connect mode, also known as HREAP, which stands 0:05:39.180000 --> 0:05:44.520000 for hybrid remote edge AP. 0:05:44.520000 --> 0:05:47.840000 So in this case the access point is going to utilize the services of a 0:05:47.840000 --> 0:05:50.820000 controller just like it would if it was in local mode. 0:05:50.820000 --> 0:05:52.100000 But here's the difference. 0:05:52.100000 --> 0:05:55.440000 First of all, this special mode has to be configured and supported on 0:05:55.440000 --> 0:05:57.840000 the controller and the access point. 0:05:57.840000 --> 0:06:00.780000 Not all access points will support this. 0:06:00.780000 --> 0:06:03.760000 So the controller has to have this turned on with a switch or a button 0:06:03.760000 --> 0:06:05.500000 or a pull down menu. 0:06:05.500000 --> 0:06:08.360000 It has to push it down to the access point so the access point knows it's 0:06:08.360000 --> 0:06:09.680000 going to do this. 0:06:09.680000 --> 0:06:13.340000 Primarily designed for remote access points, right? 0:06:13.340000 --> 0:06:16.940000 Remember hybrid remote edge access point. 0:06:16.940000 --> 0:06:18.620000 So what's the benefit here? 0:06:18.620000 --> 0:06:22.840000 It will allow the access point to locally bridge WiFi traffic onto the 0:06:22.840000 --> 0:06:26.900000 wired LAN for certain SSID's. 0:06:26.900000 --> 0:06:32.500000 So in this particular case here, the controller will send down via a capwap 0:06:32.500000 --> 0:06:38.520000 tunnel and he'll tell the lab, hey, why don't you have a corporate SSID 0:06:38.520000 --> 0:06:46.000000 and maybe a office SSID. 0:06:46.000000 --> 0:06:51.380000 And the controller will say, hey, the corporate SSID, anybody that's associated 0:06:51.380000 --> 0:07:00.020000 to that has to send their data across the capwap tunnel. 0:07:00.020000 --> 0:07:07.740000 Anybody that's associated to the office SSID, that data can be bridged 0:07:07.740000 --> 0:07:16.020000 onto the local LAN. 0:07:16.020000 --> 0:07:18.840000 So the idea here is that people who are in this office, they would be 0:07:18.840000 --> 0:07:23.520000 told either via an email or maybe a sign posted on the wall, hey, if you're 0:07:23.520000 --> 0:07:28.580000 in this branch office right here, if you need to access our own local 0:07:28.580000 --> 0:07:33.080000 server, make sure you connect to the office SSID. 0:07:33.080000 --> 0:07:37.080000 Once they connect to that, the lightweight access point can put their 0:07:37.080000 --> 0:07:39.620000 data directly on that local LAN. 0:07:39.620000 --> 0:07:42.760000 Anything else they need to reach is over at the headquarters. 0:07:42.760000 --> 0:07:46.700000 They would disconnect or de-associate from the office SSID and they would 0:07:46.700000 --> 0:07:50.640000 now need to connect to the corporate SSID, in which case all their data 0:07:50.640000 --> 0:07:53.740000 now would go across the data capwap tunnel. 0:07:53.740000 --> 0:07:58.040000 That's what we call flex connect mode and the AP has to be configured 0:07:58.040000 --> 0:08:00.760000 to operate in that mode. 0:08:00.760000 --> 0:08:05.880000 Now there's some other also special modes here you can use for diagnostics 0:08:05.880000 --> 0:08:07.800000 and troubleshooting purposes. 0:08:07.800000 --> 0:08:12.080000 The first of which we'll talk about is monitor mode. 0:08:12.080000 --> 0:08:16.560000 Now most access points, whether they're Cisco or not Cisco, when they're 0:08:16.560000 --> 0:08:21.320000 operating is just a regular access point in local mode, so they're connected 0:08:21.320000 --> 0:08:24.520000 to a controller, they're also servicing clients. 0:08:24.520000 --> 0:08:28.700000 That access point will be told by the controller, hey, you need to be 0:08:28.700000 --> 0:08:32.540000 on channel one, or you need to be on channel 48 if you're in the 5GHz 0:08:32.540000 --> 0:08:37.120000 spectrum. So that will be the channel that the SSID is broadcast on and 0:08:37.120000 --> 0:08:38.900000 the clients will be associated to that. 0:08:38.900000 --> 0:08:45.520000 But the access point won't be listening to that channel 100% of the time. 0:08:45.520000 --> 0:08:49.980000 So in local mode, the access point will take tiny slices of time so when 0:08:49.980000 --> 0:08:54.180000 no client is talking, when everything is idle, the access point will go 0:08:54.180000 --> 0:08:58.720000 off that channel for, like it says here, very small slice, 0.2% of their 0:08:58.720000 --> 0:09:03.120000 overall time, they'll go off that channel and start scanning the other 0:09:03.120000 --> 0:09:07.460000 channels. And so while they're scanning the other channels they're trying 0:09:07.460000 --> 0:09:09.880000 to detect, hey, is there another access point? 0:09:09.880000 --> 0:09:13.880000 If I'm on primarily channel one, everything's idle right now, let me leave 0:09:13.880000 --> 0:09:18.240000 that channel for just a few milliseconds in scan channel one or scan channel 0:09:18.240000 --> 0:09:21.200000 six or channel 11 or channel 13. 0:09:21.200000 --> 0:09:26.160000 Do I hear any other access points that are advertising the same SSID as 0:09:26.160000 --> 0:09:30.020000 me? Or do I hear anything that looks like it could potentially be a Wi 0:09:30.020000 --> 0:09:31.700000 -Fi attack of some sort? 0:09:31.700000 --> 0:09:35.140000 And then I'll report that information up to the controller, then I'll 0:09:35.140000 --> 0:09:37.960000 go back to the channel it's supposed to be on. 0:09:37.960000 --> 0:09:42.440000 So this function is a part of what's called radio resource monitoring 0:09:42.440000 --> 0:09:44.720000 or radio resource management. 0:09:44.720000 --> 0:09:50.760000 Now, like it mentions, by default it spends only about 0.2% of its time 0:09:50.760000 --> 0:09:54.380000 on there, so about, and once it leaves and it goes on to a different channel, 0:09:54.380000 --> 0:09:57.880000 start scanning it, it's only scanning it for, like it says, 60 milliseconds 0:09:57.880000 --> 0:10:04.000000 per scan. So if you're on the controller, yes, you're getting some data, 0:10:04.000000 --> 0:10:06.900000 right? You're getting some data about this, these off-channel scans it's 0:10:06.900000 --> 0:10:10.320000 doing, but the data is not very holistic. 0:10:10.320000 --> 0:10:13.340000 It's not really giving you a very good picture because it was only on 0:10:13.340000 --> 0:10:16.820000 those other channels for a very, very brief slice of time. 0:10:16.820000 --> 0:10:19.740000 This is what monitor mode was designed to fix. 0:10:19.740000 --> 0:10:24.440000 So with monitor mode you say, okay, I'm going to have my local mode access 0:10:24.440000 --> 0:10:27.740000 points with my CAPWEP tunnels to the controller. 0:10:27.740000 --> 0:10:30.340000 They've got clients associated to them, they can do what they want to 0:10:30.340000 --> 0:10:33.540000 do, but I want to have a little bit more visibility into everything that's 0:10:33.540000 --> 0:10:39.740000 going on. So the design idea is that for every five access points you 0:10:39.740000 --> 0:10:44.260000 have, one of them should be placed in its own special mode called monitor 0:10:44.260000 --> 0:10:48.400000 mode. And in monitor mode you can see here, the access point does not 0:10:48.400000 --> 0:10:50.040000 accept any clients. 0:10:50.040000 --> 0:10:53.000000 He's not there to service Wi-Fi clients. 0:10:53.000000 --> 0:10:57.400000 What he's doing is he's scanning all the channels every 12 seconds and 0:10:57.400000 --> 0:11:01.640000 he's spending a lot more time on all those channels. 0:11:01.640000 --> 0:11:05.420000 So now because he's spending more time on them, he can import more accurate 0:11:05.420000 --> 0:11:10.140000 statistics back to the controller. 0:11:10.140000 --> 0:11:14.320000 So you can see here, here's a screenshot of what we might do on a controller 0:11:14.320000 --> 0:11:17.160000 to set an access point to monitor mode. 0:11:17.160000 --> 0:11:21.940000 And once it's set to monitor mode, it can detect a lot more things because 0:11:21.940000 --> 0:11:25.540000 it's spending a lot more time on all these different channels. 0:11:25.540000 --> 0:11:28.480000 I'm not going to go into the details of all those different attacks you 0:11:28.480000 --> 0:11:29.660000 see there on the right. 0:11:29.660000 --> 0:11:32.040000 Feel free to Google those or look those up. 0:11:32.040000 --> 0:11:37.360000 But the point is we have an access point whose main primary job is to 0:11:37.360000 --> 0:11:41.780000 monitor the surroundings, not for the clients, but just to see what's 0:11:41.780000 --> 0:11:45.880000 going on there. So that is monitor mode. 0:11:45.880000 --> 0:11:50.260000 And this particular case, you would go onto the controller to see your 0:11:50.260000 --> 0:11:54.520000 graphs and charts and bars and everything about what data has been collected 0:11:54.520000 --> 0:11:59.160000 by this access point and sent upstream to the controller. 0:11:59.160000 --> 0:12:00.560000 Well, that's great. 0:12:00.560000 --> 0:12:04.680000 But one thing this isn't necessarily going to show you is what if you 0:12:04.680000 --> 0:12:08.100000 say to yourself, you know what, I would like to have an access point that 0:12:08.100000 --> 0:12:10.800000 kind of does this right here. 0:12:10.800000 --> 0:12:14.120000 I need an access point that's not really going to serve as clients, but 0:12:14.120000 --> 0:12:19.620000 I want to see every single Wi-Fi data frame on any given channel. 0:12:19.620000 --> 0:12:21.840000 As a matter of fact, I'd like to see that on my sniffer. 0:12:21.840000 --> 0:12:24.620000 I'd like to, here's a really cool thing what I'd like to do. 0:12:24.620000 --> 0:12:28.280000 I would like to have an access point that collects all this data on off 0:12:28.280000 --> 0:12:32.020000 -channel scanning, sends it up to the controller because after all, everything 0:12:32.020000 --> 0:12:32.820000 goes to the controller. 0:12:32.820000 --> 0:12:37.220000 But what if I could get that controller to then offload that data to another 0:12:37.220000 --> 0:12:41.960000 device where I could open it up and like wire shark or arrow peak or something 0:12:41.960000 --> 0:12:45.060000 like that. That brings us to our next mode. 0:12:45.060000 --> 0:12:48.620000 We can put our access point into what's called sniffer mode. 0:12:48.620000 --> 0:12:53.140000 Now this is very similar like it says here to monitor mode in that it's 0:12:53.140000 --> 0:12:56.220000 not going to be accepting any clients, any Wi-Fi clients. 0:12:56.220000 --> 0:12:57.780000 But here's the difference. 0:12:57.780000 --> 0:13:05.200000 Look at this. When you were in monitor mode, it was spending a little 0:13:05.200000 --> 0:13:11.480000 bit of time on every available 2.4 gigahertz and 5 gigahertz channel. 0:13:11.480000 --> 0:13:14.840000 And as reporting back to the controller, everything it heard across all 0:13:14.840000 --> 0:13:17.440000 those channels. So we're talking about dozens of channels here between 0:13:17.440000 --> 0:13:20.900000 2.4 gigahertz and 5 gigahertz. 0:13:20.900000 --> 0:13:24.600000 In sniffer mode, number one, you put it in this mode so this is different 0:13:24.600000 --> 0:13:29.160000 sniffer mode. And then part of this is you select an individual channel. 0:13:29.160000 --> 0:13:31.900000 You tell the access point, hey, I want you to be in sniffer mode for channel 0:13:31.900000 --> 0:13:37.120000 one or channel six or the 5 gigahertz spectrum for channel 48. 0:13:37.120000 --> 0:13:41.480000 Now it's going to stay on there and it's going to capture all the Wi-Fi 0:13:41.480000 --> 0:13:44.520000 traffic on that channel, send it to the controller. 0:13:44.520000 --> 0:13:46.720000 Now here's the difference, a real big difference. 0:13:46.720000 --> 0:13:51.040000 The controller now in turn is configured with the IP address of a host 0:13:51.040000 --> 0:13:56.220000 like a server or even a laptop that's running, wire shark or omni-peak 0:13:56.220000 --> 0:13:59.000000 or aeropique or air magnet. 0:13:59.000000 --> 0:14:02.300000 And now all those captured packets that the controller is getting from 0:14:02.300000 --> 0:14:06.520000 the AP are redirected to that host. 0:14:06.520000 --> 0:14:10.360000 They're sent to the host encapsulated in UDP with a sourced UDP port of 0:14:10.360000 --> 0:14:15.060000 55.55 and a destination port of 5,000. 0:14:15.060000 --> 0:14:20.680000 And now you can display all of them in wire shark or omni-peak or aeropique 0:14:20.680000 --> 0:14:26.160000 or air magnet. Now there's another mode that's sort of similar to all 0:14:26.160000 --> 0:14:30.840000 of these things here, which is sensor mode. 0:14:30.840000 --> 0:14:33.740000 Now let's say here's your situation. 0:14:33.740000 --> 0:14:38.360000 Let's say you know what, I've got thousands of Wi-Fi clients connected 0:14:38.360000 --> 0:14:44.340000 to my access points, but I'm really only alert to problems after the fact. 0:14:44.340000 --> 0:14:49.140000 I'm tired of getting phone calls saying, hey, the network is really slow. 0:14:49.140000 --> 0:14:53.560000 I'm getting a lot of latency to my email server or to my web browser or, 0:14:53.560000 --> 0:14:57.580000 hey, the time it's taking me to authenticate and connect to the wireless 0:14:57.580000 --> 0:15:00.240000 LAN in the first place is taking forever. 0:15:00.240000 --> 0:15:05.220000 I'd like to sort of detect that in advance before my employees start calling 0:15:05.220000 --> 0:15:06.460000 me up with these problems. 0:15:06.460000 --> 0:15:11.460000 It would be really cool if I could have an access point that sort of acted 0:15:11.460000 --> 0:15:15.860000 like a Wi-Fi client, an access point that actually started associating 0:15:15.860000 --> 0:15:20.340000 to other access points that were around it like laptops do like tablets 0:15:20.340000 --> 0:15:25.160000 do. And then once it was associated, it could report back to the controller, 0:15:25.160000 --> 0:15:28.500000 hey, how long did it take me to associate to each of the access points 0:15:28.500000 --> 0:15:32.420000 around me? Even more than that, what if that access point, once it was 0:15:32.420000 --> 0:15:36.500000 associated, could run some network tests like it could try to contact 0:15:36.500000 --> 0:15:40.440000 an email server, try to contact a web server and report back to the controller 0:15:40.440000 --> 0:15:42.400000 how long that took. 0:15:42.400000 --> 0:15:46.360000 Or maybe it wasn't successful at all with those network tests. 0:15:46.360000 --> 0:15:48.100000 Wouldn't that be nice? 0:15:48.100000 --> 0:15:51.220000 That's what sensor mode is all about. 0:15:51.220000 --> 0:15:57.160000 So in sensor mode, this is a solution involving three components, a wireless 0:15:57.160000 --> 0:16:03.340000 LAN controller, an access point, and Cisco DNA center. 0:16:03.340000 --> 0:16:07.120000 So you have to have all three of these components to get the most effect 0:16:07.120000 --> 0:16:08.760000 out of sensor mode. 0:16:08.760000 --> 0:16:10.700000 So here's how this works. 0:16:10.700000 --> 0:16:13.620000 You start by going into Cisco DNA center. 0:16:13.620000 --> 0:16:16.780000 Now in case you're not familiar with the Cisco DNA center, I'd recommend 0:16:16.780000 --> 0:16:19.800000 you watch some of our other videos in which we give an introduction to 0:16:19.800000 --> 0:16:24.640000 that. But just in a very high level nutshell here, Cisco DNA center is 0:16:24.640000 --> 0:16:26.040000 sold as an appliance. 0:16:26.040000 --> 0:16:30.740000 So it's a physical box that you rack and stack into a rack somewhere. 0:16:30.740000 --> 0:16:34.940000 But it has special software inside of it that can program and control 0:16:34.940000 --> 0:16:37.480000 pretty much all the elements of your network. 0:16:37.480000 --> 0:16:41.360000 It can program and automate your routers, your switches, and your access 0:16:41.360000 --> 0:16:45.640000 points. It can reach out to a controller and send down templates to the 0:16:45.640000 --> 0:16:47.120000 controller and all sorts of things. 0:16:47.120000 --> 0:16:51.420000 So it's sort of like a high level automation and programming tool that 0:16:51.420000 --> 0:16:54.080000 you can implement into your network. 0:16:54.080000 --> 0:16:56.240000 So here's how this works. 0:16:56.240000 --> 0:17:00.620000 You start, first of all, by getting DNA center and the controller to talk 0:17:00.620000 --> 0:17:04.200000 to each other, so they have to associate to each other and know each other. 0:17:04.200000 --> 0:17:07.680000 Then on Cisco DNA center, within like wireless profiles, you configure 0:17:07.680000 --> 0:17:10.980000 these various wireless tests. 0:17:10.980000 --> 0:17:16.700000 And then the controller will receive those pre-configured tests from DNA 0:17:16.700000 --> 0:17:22.040000 center. The controller in turn will push those tests down to your access 0:17:22.040000 --> 0:17:25.820000 points that are operating in sensor mode. 0:17:25.820000 --> 0:17:32.600000 Now also the controller will tell the various access points, hey, here 0:17:32.600000 --> 0:17:35.280000 are the SSID's I want you to test. 0:17:35.280000 --> 0:17:40.120000 So while you're in sensor mode, test the SSID of corporate of guests, 0:17:40.120000 --> 0:17:43.440000 you know, of all the access points you can hear from, so you tell the 0:17:43.440000 --> 0:17:47.800000 sensor mode AP, hey, sensor mode AP, you're going to hear a bunch of other 0:17:47.800000 --> 0:17:51.320000 access points around you, broadcasting their beacons. 0:17:51.320000 --> 0:17:55.300000 When you hear five or ten or fifteen other access points around you, they're 0:17:55.300000 --> 0:17:59.360000 all broadcasting the beacon of corporate or guest. 0:17:59.360000 --> 0:18:03.020000 What I want you to do is I want you to connect to each one of them in 0:18:03.020000 --> 0:18:05.100000 turn as a client. 0:18:05.100000 --> 0:18:08.180000 I want you to associate to those access points. 0:18:08.180000 --> 0:18:09.880000 And then I want you to start running these tests. 0:18:09.880000 --> 0:18:12.880000 I want you to start running some onboarding tests and report back to me. 0:18:12.880000 --> 0:18:14.820000 How long did it take you to associate? 0:18:14.820000 --> 0:18:18.260000 How long did it take you to authenticate, like a client? 0:18:18.260000 --> 0:18:20.660000 I want you to do a network test. 0:18:20.660000 --> 0:18:24.040000 How long did it take you to actually get an IP address? 0:18:24.040000 --> 0:18:26.980000 I want you to do some application tests. 0:18:26.980000 --> 0:18:31.080000 How long did it take you to reach my email server or to reach my TFTP 0:18:31.080000 --> 0:18:36.340000 or FTP server? And then all those results, those test results will be 0:18:36.340000 --> 0:18:41.360000 sent directly from the AP back to DNA center. 0:18:41.360000 --> 0:18:45.940000 So in this particular environment here, the main job of the controller 0:18:45.940000 --> 0:18:49.980000 is to speak to the lightweight access points, say, here's the mode you're 0:18:49.980000 --> 0:18:52.560000 in. You need to be in sensor mode. 0:18:52.560000 --> 0:18:54.780000 Here's the tests I want you to run. 0:18:54.780000 --> 0:18:58.140000 And I want you to run these tests against these various SSIDs. 0:18:58.140000 --> 0:19:03.000000 At that point, the controller sits back, the access point goes into the 0:19:03.000000 --> 0:19:07.000000 sensor mode and does all this stuff and communicates directly with DNA 0:19:07.000000 --> 0:19:10.600000 center, with the server running DNA center and says, hey, DNA center, 0:19:10.600000 --> 0:19:12.620000 here's all the stuff I found. 0:19:12.620000 --> 0:19:14.740000 So here's an example screenshot. 0:19:14.740000 --> 0:19:19.480000 This is taken from Cisco.com's website of all the various different tests 0:19:19.480000 --> 0:19:23.440000 you could put your sensor AP into. 0:19:23.440000 --> 0:19:30.540000 The last mode I want to talk about in this video is mesh mode. 0:19:30.540000 --> 0:19:34.440000 Like the first bullet says, you're going to have some environments where 0:19:34.440000 --> 0:19:38.120000 you want to provide Wi-Fi access to clients, so they're going to need 0:19:38.120000 --> 0:19:40.680000 an access point to associate, but here's the problem. 0:19:40.680000 --> 0:19:45.160000 Where that access point is physically located, there might not be any 0:19:45.160000 --> 0:19:47.360000 physical connection for Ethernet. 0:19:47.360000 --> 0:19:51.140000 You might not be able to string an Ethernet cable out to that access point. 0:19:51.140000 --> 0:19:52.780000 Think of it being in a park. 0:19:52.780000 --> 0:19:57.200000 Maybe it's on top of a telephone pole or a light pole, a city street, 0:19:57.200000 --> 0:20:00.840000 or maybe an amphitheater, or even a warehouse. 0:20:00.840000 --> 0:20:04.420000 These are situations where we need to have an access point out there to 0:20:04.420000 --> 0:20:08.360000 give people Wi-Fi connectivity, but once they're associated to that access 0:20:08.360000 --> 0:20:10.100000 point, and they send their Wi-Fi connection to the network, they send 0:20:10.100000 --> 0:20:10.100000 their Wi-Fi connection to the network. 0:20:10.100000 --> 0:20:14.600000 If you send Wi-Fi frames to that access point, there's no wired connection. 0:20:14.600000 --> 0:20:16.680000 So where do we go from there? 0:20:16.680000 --> 0:20:18.260000 What if we had this? 0:20:18.260000 --> 0:20:21.220000 What if we had a series of access points like that? 0:20:21.220000 --> 0:20:25.000000 One access point connects to the clients, receives the data, now it sends 0:20:25.000000 --> 0:20:28.540000 that data to access point number two, wirelessly. 0:20:28.540000 --> 0:20:32.640000 It sends that data to access point number three wirelessly, and we keep 0:20:32.640000 --> 0:20:38.260000 going hop by hop by hop until we reach an access point that actually does 0:20:38.260000 --> 0:20:39.360000 have wired Ethernet. 0:20:39.360000 --> 0:20:43.120000 That does have a connection to the wired distribution system. 0:20:43.120000 --> 0:20:47.100000 That is the whole concept behind mesh. 0:20:47.100000 --> 0:20:52.360000 So this is a mode of access points in which they will associate with each 0:20:52.360000 --> 0:20:58.760000 other to carry data from a Wi-Fi client through multiple mesh nodes and 0:20:58.760000 --> 0:21:03.880000 ultimately be able to place that data onto the wired distribution system. 0:21:03.880000 --> 0:21:08.160000 So this is what it looks like right here. 0:21:08.160000 --> 0:21:10.720000 So let's talk about mesh mode a little bit more. 0:21:10.720000 --> 0:21:16.680000 So when an access point is placed into mesh mode, it can operate in one 0:21:16.680000 --> 0:21:22.100000 of two ways. As what's called a root access point, which means that mesh 0:21:22.100000 --> 0:21:27.080000 access point can associate with other access points, and in addition to 0:21:27.080000 --> 0:21:30.740000 that, it has wired access to a controller. 0:21:30.740000 --> 0:21:33.580000 So once a root access point, that means we've got an access point that 0:21:33.580000 --> 0:21:37.740000 physically has at least one Ethernet cable plugged into the back of it. 0:21:37.740000 --> 0:21:41.700000 And when it forms a capwap tunnel to the controller, that capwap tunnel 0:21:41.700000 --> 0:21:45.560000 is going to be going across the wired distribution system. 0:21:45.560000 --> 0:21:49.640000 Or for the access points that we have stuck out on light poles or electrical 0:21:49.640000 --> 0:21:53.980000 poles or something like that that have no physical Ethernet cable plugged 0:21:53.980000 --> 0:21:58.940000 into them, those will be called maps, mesh access points. 0:21:58.940000 --> 0:22:03.400000 They will also connect to the controller because after all, these are 0:22:03.400000 --> 0:22:05.440000 still lightweight access points. 0:22:05.440000 --> 0:22:09.460000 So they will still have to form capwap control and data tunnels to the 0:22:09.460000 --> 0:22:15.800000 controller, but their tunnels will be running through other access points. 0:22:15.800000 --> 0:22:22.600000 So what a mesh Wi-Fi network requires at least one root access point and 0:22:22.600000 --> 0:22:26.840000 then one or more mesh access points. 0:22:26.840000 --> 0:22:32.340000 So the idea is once a mesh access point receives data, either from a directly 0:22:32.340000 --> 0:22:39.300000 associated Wi-Fi client, like a laptop or a tablet or a smartphone, it 0:22:39.300000 --> 0:22:44.960000 needs to get that data to the root access point, the quickest path possible. 0:22:44.960000 --> 0:22:49.900000 Now that data might have to jump across several other mesh access points 0:22:49.900000 --> 0:22:52.020000 before it gets to the root access point. 0:22:52.020000 --> 0:22:54.000000 How is it going to determine the best path? 0:22:54.000000 --> 0:22:56.020000 Well that's what this bullet point is talking about. 0:22:56.020000 --> 0:23:00.600000 It's going to use the Cisco adaptive wireless path protocol to determine 0:23:00.600000 --> 0:23:05.040000 the best path through the other mesh access points to get to the controller. 0:23:05.040000 --> 0:23:10.840000 Now each of those mesh access points can also simultaneously operate in 0:23:10.840000 --> 0:23:12.580000 any one of the previously mentioned modes. 0:23:12.580000 --> 0:23:16.200000 We've talked about sniffer mode, monitor mode, sensor mode, so mesh access 0:23:16.200000 --> 0:23:19.620000 point could also be doing that as well. 0:23:19.620000 --> 0:23:23.600000 And lastly, in this video I just want to briefly talk about what the traffic 0:23:23.600000 --> 0:23:27.400000 flow looks like from the client's perspective. 0:23:27.400000 --> 0:23:31.640000 So each of these mesh access points is presumably going to have two radios 0:23:31.640000 --> 0:23:36.880000 on it, a 2.4GHz radio and a 5GHz radio. 0:23:36.880000 --> 0:23:41.860000 So your clients, your tablets, your smartphones, they're going to associate 0:23:41.860000 --> 0:23:46.640000 on an SSID that's advertised on the 2.4GHz radio. 0:23:46.640000 --> 0:23:48.560000 That's where they're going to send their data. 0:23:48.560000 --> 0:23:49.860000 Now here's the interesting thing. 0:23:49.860000 --> 0:23:54.120000 At that point, the mesh access point is going to transfer that data to 0:23:54.120000 --> 0:24:00.080000 its 5GHz radio and transfer it across a special SSID that's used as a 0:24:00.080000 --> 0:24:05.440000 backhaul network that's only used for one mesh access point to talk to 0:24:05.440000 --> 0:24:07.080000 another mesh access point. 0:24:07.080000 --> 0:24:11.100000 So for example, we've seen an example animation of that right here, is 0:24:11.100000 --> 0:24:13.740000 that data is going from one map to another. 0:24:13.740000 --> 0:24:17.720000 This is happening across the 5GHz backhaul network. 0:24:17.720000 --> 0:24:21.620000 Finally, the data gets to the root access point. 0:24:21.620000 --> 0:24:26.460000 He's got a physical wired ethernet connection, so now he can dump it onto 0:24:26.460000 --> 0:24:28.120000 the wired network. 0:24:28.120000 --> 0:24:32.960000 This whole time that data has been going into a CAPWAP tunnel or being 0:24:32.960000 --> 0:24:35.840000 transferred across a CAPWAP tunnel. 0:24:35.840000 --> 0:24:39.880000 So that concludes this video. 0:24:39.880000 --> 0:24:40.780000 Thank you for watching.