300-425 Designing Cisco Enterprise Wireless Networks (ENWLSD) Question and Answers

 Cisco FlexConnect mode is designed for branch offices that lack a wired backhaul. It allows APs to switch client data traffic locally while still performing client authentication centrally. This mode provides the flexibility needed for branch deployments, ensuring that client traffic is handled efficiently even if the WAN link to the central site is down. References: Cisco FlexConnect technical documentation and Designing Cisco Enterprise Wireless Networks (ENWLSD) training.

The exhibit refers to the Cisco Prime Infrastructure’s planning mode feature, which is a tool used for designing and planning wireless networks. The planning mode allows network administrators to input floor plans and simulate access point placement for optimal coverage. It does not require a special license; it is part of the Cisco Prime Infrastructure’s base functionalities. Planning mode does not necessarily present the recommended number of APs; instead, it allows users to manually place potential APs on a map to predict coverage areas. While synchronization with controllers may enhance functionality, it is not strictly necessary for planning mode to operate.

References := (CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide Premium Edition and Practice)

 When designing a network with a DMZ and an EoIP tunnel, it’s important to ensure that the data plane is encrypted to protect the data as it traverses potentially unsecured networks. Cisco IOS-XE on the Catalyst 9800 supports encryption of the data plane, which is essential for this design.

 In the scenario described, where some APs did not failover to their secondary controller despite having sufficient licenses, the issue likely lies with the configuration of the APs to recognize the secondary controller. Since the controllers are not in a mobility group but have A records for their hostnames in DNS, this suggests that they rely on DNS for AP discovery and failover. If APs are not failing over as expected, it could be due to an incorrect IP address configured for the secondary controller on the AP or within DNS. The exhibit shows that the “Secondary Controller” field has an IP address of “10.42.89.11”, which should be verified against DNS records and actual controller settings to ensure accuracy. References := (CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide Premium Edition and Practice)

 The concern with existing gigabit uplinked switches providing 802.3at is the output power limitation. 802.11ac Wave 2 APs may require more power than what 802.3at can deliver, especially for features like Multi-User Multiple Input Multiple Output (MU-MIMO). References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide.

 Interface groups allow for flexible WLAN to VLAN mappings by grouping multiple interfaces into a single entity. This enables a single WLAN to be mapped to multiple VLANs, providing scalability and flexibility in network design. AP groups are used to manage the configuration of multiple APs collectively, allowing for consistent WLAN to VLAN mappings across different APs in separate facilities.

For mobility tunnels to come up between WLCs, they need to be part of the same mobility group. If they are configured with different mobility groups, the mobility tunnels will not establish, preventing the WLCs from sharing client, AP, and security information.

Band Select is a feature on Cisco WLCs that encourages dual-band capable clients to connect to the less congested 5 GHz spectrum. It works by delaying the response to clients’ probes on the 2.4 GHz band, making the 5 GHz band more attractive to the client devices.

For a high-density WLAN environment like a 10,000-seat auditorium, placing APs under the seats can take advantage of human attenuation and maintain the aesthetics of the room. Human bodies absorb Wi-Fi signals, and placing APs under the seats helps in mitigating this effect by having the signals emanate from among the audience, rather than from above where the signals would have to pass through the audience, resulting in signal degradation1.

 Before replacing old APs with IEEE 802.11ac-capable APs, it is crucial to check the software version of the wireless LAN controller. The controller’s firmware must support the newer standards and capabilities of 802.11ac APs. An outdated software version may not support the advanced features and performance enhancements offered by 802.11ac technology, leading to compatibility issues and suboptimal network performance.

References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide Premium Edition and Practice.

 The Cisco 5520 WLC v8.3 requires a base license to use OfficeExtend AP functionality, which allows remote workers to have the same wireless connectivity as they would in an office environment.

When designing anchor redundancy for guest clients with auto-anchor configured on a WLC running version 8.1 or above, setting up Guest Anchor Priority ensures that one anchor is treated as active while another acts as standby rather than load-balancing clients between anchors which is not desired in this case. References := (CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide Premium Edition and Practice)

Voice over wireless roaming is sensitive to delays and interruptions. Full reauthentication, as mentioned in option A, can cause noticeable gaps in a voice conversation because it requires time to re-establish security credentials. This process can interrupt the seamless experience expected in voice communications. Option E is also correct because roaming with only 802.1x authentication indeed requires full reauthentication, which can introduce significant delays affecting voice quality. References: For more detailed information, refer to the CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide.

https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Mobility/vowlan/41dg/vowlan41dg-book/vowlan_ch5.html

 When a Wireless LAN Controller (WLC) SSO is set up between two WLCs in a service provider network, and there is a failover, the secondary WLC should ideally support the same client count as the primary. If only about half of the original client count is showing on the secondary WLC post-failover, it suggests that the WLCs had not completed the database synchronization before the primary WLC failed. This incomplete sync would result in a loss of client information, leading to a reduced client count on the secondary WLC.

When the mobility tunnel is not operational for the data path, it is essential to validate the network’s firewall settings. Firewall port 16666 must be open to allow mobility control messages to pass through, and firewall IP protocol 97 (EtherIP) must be permitted to enable the encapsulation of IP within IP, which is necessary for the data path of the mobility tunnel. Ensuring these firewall settings are correctly configured is critical for facilitating inter-controller roaming and operational mobility tunnels.

 For an active survey where the application requires a minimum RF of -73 dBm, the mobile device used for the survey should have a receiver sensitivity of -70 dBm or better. This ensures that the device is sensitive enough to detect the minimum required signal strength for the application to function properly.

For a wireless voice deployment, Cisco recommends that the edge of the cell should have a signal strength of -67 dBm to ensure reliable voice quality and seamless roaming capabilities.

Setting the Anchor priority for the primary controller to 1 ensures that clients connect to the primary controller first. The Anchor priority is a value assigned to each controller within a mobility group to determine the order in which clients should connect to the controllers. A lower priority value has higher precedence. Therefore, by setting the primary controller’s Anchor priority to 1, it becomes the preferred controller for client connections. If the primary controller fails, clients are then pushed to the secondary controller, which should have a higher Anchor priority value.

When conducting a Layer 2 site survey, it is recommended to match the survey to the worst client available. This ensures that the wireless network is designed to provide adequate coverage and performance even for the clients with the poorest capabilities, thereby ensuring a consistent user experience for all devices2.

https://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/116057-site-survey-guidelines-wlan-00.html

For a technology company with multiple buildings requiring seamless wireless coverage, client roaming, and centralized data center with two WLCs (Wireless LAN Controllers) along with core switches, a centralized wireless architecture is most suitable. This architecture allows for easier management of the network from a central location. References := CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide Premium Edition and Practice

An RSSI value of -77 dBm is within the range that a 5 GHz radio can receive and decode, provided it’s not below the RX-SOP threshold set for the RF profile. Since the RF profile is set to Medium for 802.11a, which operates in the 5 GHz band, the AP’s 5 GHz radio will decode the frames.

In a warehouse setting, the height at which access points are installed can significantly impact the wireless signal. If the access points are placed too high, the signal may not adequately reach the users. Additionally, absorption by materials commonly found in warehouses, such as metal racks and goods, can weaken the wireless signal, negatively affecting the users.

https://www.cisco.com/c/en/us/products/collateral/wireless/aironet-1250-series/design_guide_c07-693245.html#_Toc309331086

 To optimize RF performance across different buildings and user densities: C. Configure AP groups for each area type - This allows for customized settings for APs serving different areas. D. Configure RF profiles for each area type - RF profiles enable the customization of RF parameters to suit the specific needs of each building or area type.

References: The official Cisco ENWLSD 300-425 certification guide will provide more information on RF optimization strategies.

https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-10/config-guide/b_cg810/configuring_ap_groups.html

The 9800 Series Wireless Controller uses CAPWAP tunnels to encapsulate and transport both control and data traffic between access points and the controller. This allows for centralized management and control while also enabling efficient data forwarding.

https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/config-guide/b_wl_16_10_cg/mobility.html

 In an outdoor mesh network designed to cover sports fields, a 5 GHz, 14-dBi patch antenna is suitable for the RAP for backhaul connectivity. The higher gain and directional nature of a patch antenna help in focusing the signal over longer distances and in specific directions, which is ideal for connecting various points in a large outdoor area5.

https://www.cisco.com/c/en/us/products/collateral/wireless/aironet-antennas-accessories/product_data_sheet09186a008008883b.html

For optimized roaming across multiple Wireless LAN Controllers (WLCs) with Cisco 8821 phones, configuring mobility groups between WLCs allows for seamless roaming and sharing of security contexts. Additionally, using Cisco Centralized Key Management (CCKM) for authentication reduces the time required for re-authentication during roaming, providing a more efficient transition between access points3

: Band Select is a feature on Cisco Wireless LAN Controllers (WLC) that encourages dual-band wireless clients to connect to the less congested 5 GHz band. This helps to balance the client load between 2.4 GHz and 5 GHz and improve overall network performance in high-density environments.

References: Look for information on ‘Band Select’ in the official Cisco ENWLSD 300-425 certification guide.

By segmenting the VLAN into smaller subnets and assigning them by location, an engineer can use interface groups. This allows for efficient management of network resources and ensures that clients are connected to the closest subnet, reducing latency and improving performance.

Micro cells with reduced power levels are suitable for environments with a high concentration of wireless clients and multimedia applications, as they help manage interference and allow for better roaming capabilities. References: ENWLSD 300-425 Official Cert Guide.

 To ensure that the most critical APs at remote sites remain functional in the event of a failure, the Global AP Failover Priority feature can be used. By setting the priority of the most important APs to “critical”, these APs will be given precedence over others during a failover scenario. This allows the engineer to prioritize which APs should remain online without impacting the main site’s APs, which are set to a “high” priority.

 The most effective way to address the issue is to resurvey the areas with the correct survey devices. This ensures that the design accurately reflects the performance characteristics of the specified access points for each area type, leading to a more reliable and efficient wireless network design tailored to each environment’s specific needs.

The ‘tracert’ command is used to test connectivity between members of a mobility group by tracing the path that mobility control packets take over the network. This command helps identify any potential issues with the route that the packets are taking, which could affect the ability of guests to connect to the anchor controller in the DMZ. References := (CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide Premium Edition and Practice)

EoIP (Ethernet over IP) is used for communication between controllers in a guest anchor setup, allowing for seamless roaming. Inter-Controller Roaming Mechanism (IRCM) support is necessary for the controllers to facilitate roaming across different wireless LAN controllers.

 The issue described is indicative of a hidden node problem, where MAP-1 and MAP-3 cannot hear each other’s transmissions but can both communicate with RAP-2. This leads to frame collisions as both MAPs may attempt to transmit at the same time, unaware of the other’s actions. The design needs to address this by implementing mechanisms such as RTS/CTS or adjusting the placement of the APs to avoid this issue.

https://www.cisco.com/en/US/docs/solutions/Enterprise/Mobility/emob30dg/WiMesh.pdf

 Fast Transition (FT), also known as IEEE 802.11r, is the key-caching mechanism that must be configured to speed up the reauthentication delays on the wireless infrastructure. FT allows for rapid re-authentication when roaming between access points, reducing the time required for re-establishing security keys and thus speeding up the overall process2.

References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide Premium Edition and Practice.

 For mobility tunneling through a firewall in a Cisco wireless network environment, UDP port 16666 must be open along with IP Protocol number ‘97’, which is used for Encapsulating Security Payload (ESP) traffic typically found in IPsec tunnels. By ensuring these ports are mapped correctly through the firewall, R&D engineers can roam within their department while maintaining a secure mobility tunnel. References := (CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide Premium Edition and Practice)

 LAG-based redundancy is chosen for its ability to provide continuous connectivity as long as one port in the LAG is operational (B), utilize the full bandwidth capacity of all the links in the LAG (E), and allow for the grouping of ports into multiple LAGs for increased redundancy and bandwidth (F). References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide.

 Cisco Hyperlocation requires a dense deployment of access points for accurate location tracking. Adding more APs than a standard site survey suggests can meet the granular location requirements needed for Hyperlocation services. References: ENWLSD official certification guide.

 The design approach should use the 5 GHz frequency band without channel bonding to support 20 MHz channels. This provides a balance between network capacity and interference mitigation.

https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/108184-config-802-11n-wlc.html

The voice readiness tool in Cisco Prime inspects the network against a dBm range that is suitable for voice over Wi-Fi. The range of -72 to -67 dBm is considered optimal for voice applications, ensuring clear audio quality and minimal packet loss.

https://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/34/user/guide/bk_CiscoPrimeInfrastructure_3_4_0_UserGuide/bk_CiscoPrimeInfrastructure_3_4_0_UserGuide_chapter_01010.html

The mesh backhaul link uses Advanced Encryption Standard (AES) for encryption. AES is a robust encryption standard that is widely used in various security protocols, including WPA2 and WPA3, to provide a high level of security for wireless communications. It ensures that the data transmitted over the mesh backhaul link is protected against unauthorized access and eavesdropping.

References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide Premium Edition and Practice.

 For optimal Voice over WLAN (VoWLAN) design, a higher data rate is preferred to ensure quality of service and reliability. -67 dBm is a commonly recommended signal level for VoWLAN, and 802.11an, which operates in the 5 GHz band, is capable of supporting higher data rates compared to 802.11bgn, which operates in the 2.4 GHz band. The 5 GHz band is less crowded and prone to interference, making it suitable for high-speed data and voice applications.

 AP groups allow the mapping of specific WLANs (SSIDs) to distinct VLANs for different locations. This design enables clients to be on different subnets based on their building location without modifying the access points’ mode of operation.

 RXSOP (Receive Start of Packet Detection Threshold) and TPC (Transmit Power Control) are two features that can help manage the challenges associated with a high AP (Access Point) count in a dense environment like a university auditorium. RXSOP can be adjusted to refine how APs differentiate between noise and valid packets, which is particularly useful in high-density areas where multiple APs might otherwise respond to the same signal. TPC helps in managing the transmit power of APs, allowing for better coverage and reduced interference among APs that are in close proximity to each other. References: Designing Cisco Enterprise Wireless Networks (ENWLSD 300-425)

https://www.cisco.com/c/en/us/support/docs/wireless-mobility/80211/200069-Overview-on-802-11h-Transmit-Power-Cont.html

AP Fallback is a feature that allows APs to rejoin their primary controller after they have connected to a secondary controller due to a failure. By enabling AP Fallback on the primary controller, the APs will automatically rejoin it when it becomes available again after a power interruption. This ensures that APs return to their designated primary controller for normal operations.

Setting AP fallback to disabled will prevent the AP from moving back to its defined Cisco WLCs automatically after failing over to an undefined controller. This allows manual intervention to determine when the AP should revert to its primary controller.

 When collapsing all controllers to a single cluster in a central location, one must consider the availability of channels across different regions. Regulatory domains vary globally, and certain channels allowed in Europe may not be available or legal in other parts of the world. This can affect the consistency of wireless coverage and performance.

https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/86/b_Cisco_Wireless_LAN_Controller_Configuration_Best_Practices.html

In a mobility group design, it is essential that all Wireless LAN Controllers (WLCs) share the same mobility domain name to ensure seamless client mobility and roaming between WLCs. This allows for clients to be recognized across the network and maintain their sessions as they roam. Additionally, when WLCs are in a Stateful Switch Over (SSO) high availability pair, they must use the same virtual IP address to present a single network entity to the wireless clients, ensuring uninterrupted service in the event of a failover.

In high-density environments, such as stadiums or auditoriums, APs are often mounted under the seats to provide a controlled cell size with attenuation. This placement helps to manage the RF environment by providing attenuation of 6 dB to 20 dB, which can reduce co-channel interference and improve the user experience by ensuring a strong signal and minimizing noise from other cells.

The data path issue between the Cisco Catalyst 9800-CL and AireOS 5520, despite an active control path, is likely due to encrypted mobility being enabled on the AireOS 5520. Encrypted mobility requires both peers to have a matching configuration for encryption, which includes proper certificates and shared secrets. If there’s a mismatch, the control path may be established, but the data path can fail due to the inability to establish an encrypted tunnel.

In Cisco WLC version 8, the need for separate WPlus licenses has been eliminated as all features that were previously part of the WPlus license are now included in the Base license. This consolidation simplifies licensing management and ensures that customers have access to all necessary features without requiring additional licenses. References := (CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide Premium Edition and Practice)

For Cisco Wireless LAN Controllers (WLCs) to operate in High Availability (HA) with Stateful Switch Over (SSO), they must be connected through a Redundancy Port (RP). This dedicated port is used for synchronization of stateful information and ensuring seamless failover without service interruption.

 Cisco 3800 Series APs support higher speeds provided by IEEE 802.11ac Wave 2, which Fast Ethernet switches cannot fully support. Replacing them with mGig or gigabit switches with 10G uplinks will ensure the infrastructure can handle the increased data rates. The CAT 6A standard supports these speeds, so there’s no need to replace the wiring if it’s already CAT 6A.

For an effective office site survey, it’s recommended to: A. Use a battery pack to power APs - This allows for mobility and testing in various locations without relying on fixed power sources. B. Use a drawing of the office space to mark AP and client placements - This helps in planning the optimal locations for AP installation. F. Use APs with built-in antennas - They are commonly used for site surveys as they represent the typical deployment scenario.

References: The official Cisco ENWLSD 300-425 certification guide will have more details on conducting site surveys.

https://www.cisco.com/c/en/us/td/docs/wireless/technology/mesh/8-4/b_mesh_84/Site_Preparation_and_Planning.html#ID3405