© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 37 of 70
Converged Access with the Cisco Catalyst 3850
The Cisco Catalyst 3850 Switch offers scalable, resilient, and future-proofed wired and wireless services. It serves
as an integrated wireless LAN controller for up to 50 Cisco access points and 2000 clients per stack. The Cisco
Catalyst 3850 can form the basis of a deployment in which the access points and clients can scale up to 250 Cisco
access points and 16,000 clients, respectively. The converged access deployment mode builds on an existing
Cisco Unified Wireless Network. For deployments scaling beyond 250 access points and 16k clients, the Cisco
Catalyst 3850 can be used with the Cisco 5760 Wireless LAN Controller and can scale up to 72k access points and
864k clients.
The converged access deployment is achieved by distributing some of the functions from the wireless LAN
controllers (WLCs) down to the Cisco Catalyst 3850 Switches in the access. The access switches terminate the
CAPWAP encapsulated wireless traffic locally, converting the wireless traffic into Ethernet frames. This includes
the added advantage of unifying wired and wireless traffic on the switch and makes it possible to apply the rich and
intelligent wired services on wireless traffic.
This section explains the converged access deployment with the Cisco Catalyst 3850 Switches.
Before the details are explored, it is important to understand the functions that are distributed down to the access
switches.
Distributed Functions Enabling Converged Access
There are two important software functions among others that enable wireless services on WLC.
Mobility Agent
This software function manages CAPWAP tunnel terminations from access points and builds a database of client
stations (endpoints) that are served locally as well as roamed from an anchor WLC. The mobility agent also serves
the function of 802.1x authenticator, proxy IGMP, and proxy ARP for locally served clients.
Mobility Controller
This complements software functions of the mobility agent and manages mobility (roaming) for client stations from
one WLC to another, and provides guest access functionality by building a CAPWAP tunnel with the guest anchor
controller in the DMZ. The mobility controller manages the access point licenses as well. It also provides a central
way of managing the RF spectrum residing outbound of the access points. This is called radio resource
management (RRM) and includes rogue detection, dynamic channel assignment, transmit power on the access
points, coverage hole detection, and CleanAir®. In addition, the mobility controller builds a database of client
stations across all the mobility agents. The mobility controller is also responsible for caching the pairwise master
key (PMK) of all clients on all the mobility agents, enabling fast roaming of the clients within its subdomain and
mobility group.
Because of the preceding important functions, a mobility controller is a mandatory element in the converged
access deployment. The mobility controller software function runs in the active member of a Cisco Catalyst 3850
Switch stack and can be failed over to the standby member in the stack in the event of an active failover. A switch
stack hosting the mobility controller function can also run the mobility agent function on the active member for all
the locally connected Cisco access points.