Connected Mining 1.0 Design Guide

Connected Mining 1.
0
Design Guide
March 2015
Building Architectures to Solve Business Problems

RANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING
FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE
LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITA-
TION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THE
DESIGNS, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
THE DESIGNS ARE SUBJECT TO CHANGE WITHOUT NOTICE. USERS ARE SOLELY RESPONSIBLE FOR THEIR
APPLICATION OF THE DESIGNS. THE DESIGNS DO NOT CONSTITUTE THE TECHNICAL OR OTHER PROFESSIONAL
ADVICE OF CISCO, ITS SUPPLIERS OR PARTNERS. USERS SHOULD CONSULT THEIR OWN TECHNICAL ADVISORS
BEFORE IMPLEMENTING THE DESIGNS. RESULTS MAY VARY DEPENDING ON FACTORS NOT TESTED BY CISCO.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of
California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved.
Copyright © 1981, Regents of the University of California.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other
countries. To view a list of Cisco trademarks, go to this URL: http://www.cisco.com/go/trademarks. Third-party trade-
marks mentioned are the property of their respective owners. The use of the word partner does not imply a partner-
ship relationship between Cisco and any other company. (1110R).
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual
addresses and phone numbers. Any examples, command display output, network topology diagrams, and other fig-
ures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone num-
bers in illustrative content is unintentional and coincidental.
Connected Mining 1.0 Design Guide
© 2015 Cisco Systems, Inc. All rights reserved.
ii Connected Mining 1.0 Design Guide

CONTENTS
CHAPTER 1 Introduction 1-1
CHAPTER 2 Use Cases 2-1
Unified Asset Visibility 2-1
Fleet Management 2-1
Miner Safety 2-2
Telemetry Data from RFID Tags 2-2
Availability of Mine-Wide Location Information 2-2
CHAPTER 3 System Overview 3-1
End Devices and Clients 3-2

AeroScout Industrial Tags 3-2
MobileView Clients 3-2
Cisco Prime Clients 3-2
Wireless Access Layer 3-2
Wireless Access Points 3-3
Exciters 3-3
Wired Access Layer 3-3
Distribution Layer 3-3
Core Network Layer 3-4
Data Center Layer 3-4

Wireless LAN Controller (WLC) 3-4
Mobility Service Engine (MSE) 3-4
Prime Infrastructure (PI) 3-4
Prime IP Express 3-5
Access Control Server (ACS) 3-5
AeroScout Location Engine (ALE) 3-5
AeroScout Engine Manager (AEM) 3-5
AeroScout MobileView 3-5
System Components 3-5
Cisco Products 3-6
AeroScout Products 3-6
Connected Mining 1.0

Design Guide iii
Contents
CHAPTER 4 System Design 4-1
End-to-End System Design 4-1

Inter-System Interfaces 4-2
AeroScout RFID Tags Interfacing with the Cisco Wi-Fi Network 4-2
AeroScout Industrial Exciters Interface 4-3
MV/PI Clients Interface 4-4
Interface between the WLC, MSE, ALE, and MobileView 4-4
Services Overview 4-6
SSID Considerations 4-6
VLAN Considerations 4-6
IP Address and DHCP Considerations 4-7
Services Flow 4-8

DHCP and CAPWAP Control Traffic Flow for Mesh Access Points 4-8
Tag Traffic Flow 4-8
MV/PI Client Traffic Flow 4-9
MV/PI Wireless Client Flow 4-9
MV/PI Wired Client Flow 4-9
MV/PI WGB Client Flow: Clients Connected WGB 4-10
Deployment Models 4-11
Wireless Access Layer Models 4-11
Deployment Guidelines 4-11
AP Deployment Models 4-12
Wired Access Layer Models 4-15
Access Switch Deployment Recommendations 4-18
Distribution and Core Layer Models 4-19
Small Mine and Co-located Data Center Topology 4-19
Large Size Mine Topology 4-20
System Design Considerations 4-21
Environmental Considerations 4-21
Network Coverage Considerations 4-21
Site Survey Requirements 4-22
Antenna Recommendation 4-22
Power Considerations 4-22
Security Considerations 4-22
Security Considerations at End Devices or Clients 4-22
Security Considerations for Wireless Network 4-22
Security Considerations at MSE 4-23
Security Considerations at WLC 4-23
Security Considerations at Wired Network 4-23

iv Design Guide
Contents
Security Features at AeroScout Equipment 4-24

QoS Considerations 4-25
QoS Considerations at End Devices or Clients 4-25
QoS Considerations at the Wireless Access Layer 4-25
High Availability Considerations 4-29
High Availability of End Devices or Clients 4-29
High Availability of Wireless Access Layer 4-29
High Availability of Wired Access Layer 4-30
High Availability of Distribution Layer 4-31
High Availability of Core Layer 4-31
High Availability of Data Center 4-31
System Scalability Considerations 4-33
Wireless Coverage Area Scalability 4-33
Wired Access Scalability 4-33
Distribution Layer Scalability 4-34
Core Layer Scalability 4-34
Data Center Scalability 4-34
Network Management Considerations 4-35
Future Readiness Evaluation for an Unified Enterprise and Control Network 4-36
Unified Network Requirements 4-36
Traffic Segregation 4-36
QoS Treatment for Control Traffic 4-36
Traffic Segregation at the Wireless Access Level 4-36
Traffic Segregation at the Wired Access and Backhaul 4-37
Traffic Segregation in Data Center 4-37
Control Traffic Resiliency Requirements 4-38
Wireless High Availability for Control Traffic 4-38
Bandwidth for Control Traffic 4-38
QoS Considerations for Control Traffic 4-39
Deployment Examples for Wired Backhaul 4-39
Deployment Example 1 4-39
System Design Constraints and Limitations 4-41
Wireless Bandwidth Limitations 4-41
Mesh Access Point Limitations 4-42
Wireless Mesh Convergence Limitations 4-42

Design Guide v
Contents
APPENDIX A References A-1
APPENDIX B Subsystem Product Comparison B-1
GLOSSARY

vi Design Guide
CH A P T E R 1
Introduction
This Cisco® Connected Mining 1.0 Design Guide serves as a design reference for deploying a core
networking infrastructure in underground mines and can be used for various overlaying services. It also
covers design details for real-time location-tracking systems in underground mines. This document
focuses on the best practices and design details of specific aspects of Connected Mining. Apart from the
end-to-end solution architecture, the scope of this document includes recommendations for technology,
products, and models suitable for underground mining environments and their varied topologies.
This system is provided in partnership with AeroScout® Industrial; thus, the scope and architecture of
this document accounts for the specific needs of deploying location tracking system using the AeroScout
Industrial equipment.
The proposed architecture also anticipates future expansion of various other services for which the
proposed system will be used as the backbone infrastructure. Although most of the current deployments
in mining have separate networks for enterprise and control traffic, considering the evident future
convergence, the current architecture conforms to the needs of unified enterprise and control network.
While many deployments already exist in various mines, this release is the first Cisco Validated Design
(CVD) to provide a comprehensive network that caters to current and anticipated future needs.

Design Guide 1-1
CH A P T E R 2
Use Cases
This chapter describes the following use cases implemented in the Connected Mining 1.0 release:
• Unified Asset Visibility, page 2-1
• Fleet Management, page 2-1
• Miner Safety, page 2-2
• Telemetry Data from RFID Tags, page 2-2
• Availability of Mine-Wide Location Information, page 2-2
Unified Asset Visibility

Mines are usually spread over a large geographical area. For example, the tunnels in underground mines
run for several miles. Also, frequently many branches and floors exist in an underground mine. Due to
this large mine structure maze and limited conveyance inside the mine, it can be a challenging and
time-consuming process to track and locate assets, vehicles, and people in real time. Cisco Connected
Mining 1.0 provides the following capabilities:
• Enables comprehensive real-time visibility of assets, which allows the current location of
equipment, vehicles, and miners to be tracked in real time with a user-friendly GUI and maps.
• Tracks the location of the equipment in real time and improves operational efficiency, equipment
utilization, and cost savings.
Fleet Management
For many mining enterprises, the mining-transport dispatch system is one of the main tools for
increasing productivity. Proper monitoring and control of the movements of vehicles will have evident
results from fuel and lubricant savings to more rational use of machinery to improved work safety. This
allows for the implementation of an automated traffic dispatch and control system for bolstering
efficiencies and controlling costs across its operations. Fleet management in Connected Mining 1.0
covers the following aspects:
• Tracks the real-time location of vehicles and helps in efficient fleet management (that is, diverting
the nearest vehicle to the pick up spot), thus improving operational efficiency and reducing cost.

Design Guide 2-1
Chapter 2 Use Cases
Miner Safety
• Live ignition monitoring of vehicles and tracking the vehicles runtime help to determine the optimal
time for routine and preventative maintenance, thus reducing downtime. Instead of time-based
routine maintenance, it is possible to schedule maintenance based on the actual runtime of the
vehicle.
Miner Safety
Miner safety, which is mandatory to meet industry regulatory norms, is achieved through the Connected
Mining 1.0 system design in the following ways:
• Enables monitoring of worker movements in dangerous zones (for example, blasting and unsafe
tunnels).
• Reduces incident response and rescue times with real-time worker location tracking.
• Helps to improve operational efficiency with login and logout mechanisms, as well as automatic
tracking of miners logging in for duty and logging out from duty.
• Creates a proactive approach to personal safety by identifying if a miner is not moving. Miners who
are trapped or have fainted can be detected by monitoring the movement of miners in real time. If a
miner is not moving longer than a predefined time, steps can be taken to contact the miner.
• During mock evacuation drills and real emergencies, the status of an evacuation can be monitored;
the number of miners reaching the safe assembly zone can be counted in real time.
• Miners can communicate potential danger or send an emergency alert message by pressing call
buttons equipped in the RFID tags.
Telemetry Data from RFID Tags

With their in-built sensors, which are developed by AeroScout, RFID tags can monitor various
environmental conditions (such as temperature, pressure, and humidity) across the mine and report the
collected telemetry data at regular intervals. This data is needed for maintaining a favorable work
environment and generating reports.
Availability of Mine-Wide Location Information

The real-time location information of various assets, vehicles, and miners can be viewed from anywhere
within the mine using the MobileView client installed on laptops and iPads. This improves operational
convenience and reduces time wasted in searching.

Design Guide 2-2
CH A P T E R 3
System Overview
This chapter, which describes the overall Connected Mining 1.0 system design, including various
functional blocks, their functionality and hierarchical organization, includes the following major
sections:
• End Devices and Clients, page 3-2
• Wireless Access Layer, page 3-2
• Wired Access Layer, page 3-3
• Distribution Layer, page 3-3
• Core Network Layer, page 3-4
• Data Center Layer, page 3-4
• System Components, page 3-5
Connected Mining 1.0 is a solution from Cisco, in partnership with AeroScout Industrial, for the
real-time asset location tracking and remote telemetry data monitoring requirements in mines, as shown
in Figure 3-1.
Figure 3-1 Zones in Connected Mine Architecture

Catalyst
Switch
• Wide Area Network (WAN) Internet Enterprise/IT Integration
• Physical or Virtualized Servers Collaboration
• ERP, Email Wireless
Beyond the scope
• Call Manager, etc. Si Si Application Optimization

of Mining 1.0
Web DNS FTP Outside Enterprise Zone

Catalyst Plant Firewalls: Application and Data share
Patch Management 2960- X • Inter -zone traffic segmentation Access Control
Terminal Services • ACLs, IPS and IDS Threat Protection
Data Share • VPN Services – Remote Site Access
Cisco Video Surveillance Data Share • Portal and Terminal Server proxy
Application Server Catalyst 2960 - X
AV Server ASA 55xx -X
Failover
ASA 55xx-X Industrial Demilitarized Zone
(Active) Inside (Standby)
1. Cisco Prime / MSE
2. Cisco WLC 5508
3. AeroScout MobileView Stacked
and Location Engine Cat 3750 - X
Mine Control Zone
Stacked
Cat 3750- X
Defined in Mining 1.0
Fixed Fixed
Client Client
IE2K IE2K IE2K IE2K
RAP RAP
LWAPP LWAPP
LWAPP LWAPP
REP Ring with REP Ring with
SSID 1 wireless mesh SSID1 SSID 1 wireless mesh IE2K SSID1
IE2K IE2K IE2K
IE2K IE2K IE2K IE2K

Fiber ring Max distance Fiber ring Max distance
between nodes 400m between nodes 400m
RAP RAP RAP RAP
LWAPP LWAPP
LWAPP LWAPP
SSID1 WGB MAP SSID1 WGB MAP

LWAPP LWAPP
SSID1 SSID1
Roaming SSID1 SSID1 Roaming SSID1
Client Client SSID1
374304
Mining Zone

Design Guide 3-1
Chapter 3 System Overview
End Devices and Clients
End Devices and Clients

In the current phase of the project, the end devices or clients in the network are the AeroScout Industrial
tags, clients of AeroScout MobileView, and Cisco Prime.
AeroScout Industrial Tags

AeroScout Industrial RFID tags are small form factor devices that can collect telemetry data and
communicate with the backhaul over standard Wi-Fi network. Different kinds of telemetry data include
temperature, humidity, and voltage. The tags do not associate with the Wi-Fi network. They broadcast
the telemetry data at regular intervals using unsolicited beacons over Wi-Fi media, which are received
by nearby wireless access points (APs). To counter possible packet loss, the tags repeat broadcasting of
beacons multiple times over multiple channels. The frequency or interval at which the tags send beacons
and the number of times they repeat at every interval is programmable. Tags go into sleep mode between
intervals, saving battery usage. Tags are also equipped with motion sensors, allowing for more frequent
updates while in motion.
Tags monitor temperature and humidity thresholds as part of beacons; the MobileView can be
programmed to generate alerts when there is a threshold violation. Some tags are equipped with one or
more call buttons; the user can press a call button and an alert message is sent via MobileView to an
operator.
MobileView Clients
MobileView clients are software clients that run on standard laptops, phones, Apple iPads, or PCs.
MobileView clients connect to a MobileView server to display the asset location, maps, alerts, events
and to generate reports. It is expected that MobileView clients will be available at various parts of the
mines.
Cisco Prime Clients

Cisco Prime clients connect to the Prime Infrastructure (PI) server for wireless and wired device life
cycle management and application visibility. It brings device management capabilities into operational
monitoring workflows to empower users to more effectively manage their network and the services the
network delivers.
Wireless Access Layer

The access layer represents the network edge, where traffic enters or exits the mining network.
Traditionally, the primary function of an access layer is to provide network access to the users. To
support needs of various applications both wireless and wired access layers are supported in the mining
network. Wireless access should be available at every part of the mine that assets and tags can reach.
These devices connect to the network over 802.11 b/g/n wireless access. The area between two wired
APs is divided into multiple regions called cells. A wireless AP is placed at the center of each cell.

Design Guide 3-2
Wired Access Layer
Wireless Access Points

A mesh access point in the network can be in the role of root access point (RAP) or mesh access point
(MAP). While the RAPs have wired connections to their controller, the MAPs have wireless connections
to their controller. MAPs communicate among themselves and back to the RAP using wireless
connections over the 802.11a/n radio backhaul. MAPs use the Cisco Adaptive Wireless Path Protocol
(AWPP) to determine the best path through the other mesh access points to the controller based on their
cost. The cost of different paths is computed based on parameters such as signal strength and hop count.
After the path is established, AWPP continuously monitors path conditions and changes routes to reflect
any change in the path conditions. Wireless devices such as tags and management clients communicate
to the network via RAP or MAP.
Exciters
AeroScout Industrial Exciters are mounted at predefined locations such as the entry and exit of various
zones for identifying an asset's precise location. Exciters provide an immediate indication of a tracked
asset or person's location and status for enhanced monitoring and identification purposes. The Exciters’
detection capabilities leverage the same tags and Wi-Fi network for location tracking. Exciters use low
frequency signals to trigger AeroScout Industrial tags as they pass within the range of an Exciter. The
tag then transmits a message that is received by standard Wi-Fi access points. This helps to detect the
accurate location of the tag.
Wired Access Layer

The wired access layer provides wired connectivity to devices that can access the network. In Connected
Mining 1.0, wireless APs, fixed wireline clients (such as MobileView and Prime Infrastructure clients)
and Exciters are connected to wired access layer switches. In the future, voice, video, Internet and
intranet terminals may also connect to the wired access network. The access layer switches support the
following:
• Fiber and copper connectivity to support various kinds of applications and devices
• The Power Over Ethernet (PoE) feature for powering up certain end devices such as Exciters and
video cameras
• QoS
• Security
• Sub-second resiliency in case of a failure
Distribution Layer
The distribution layer interfaces between the access layer and the core layer to provide many key
functions, including:
• Aggregating access layer switches
• Providing intelligent switching, routing, and network access policy functions to access the rest of
the network

3-3 Design Guide
Core Network Layer
• Providing high availability through redundant distribution layer switches in StackWise mode and
equal cost paths to the core, as well as providing differentiated QoS services to various classes of
service applications at the distribution layer
For Connected Mining 1.0, equipment for the distribution layer and above needs to be placed in an
environmentally controlled location, such as a computer room or data center. Distribution layer
equipment needs to be placed in the proximity of the underground mine entrance.
Core Network Layer

The core layer is the network backbone that hierarchically aggregates the distribution layer of the mine
network and provides connectivity to data center components. The core layer also providing intelligent
switching, routing, network access policy functions, QoS services, and high availability through
redundant core layer switches.
Data Center Layer

This section discusses the components at the data center layer.
Wireless LAN Controller (WLC)

All traffic originating from or destined for the wireless network passes through the wireless LAN
controller (WLC). The WLC manages the lightweight APs and provides all security and network access
templates for the mesh network. All access points acquire their operating system and configurations
(individual or global) from the WLC. The controller does radio resource management on a 2.4Ghz radio
for better coverage and best use of available frequencies.
Mobility Service Engine (MSE)

Launched from the Cisco Prime Infrastructure, the Cisco Mobility Service Engine (MSE) displays the
location of RFID tags and the location of individual APs. The MSE gets information from the WLC
using the Network Mobility Services Protocol (NMSP) service. MSE provides the Context Aware
Service (CAS), which has the ability to track the physical location of wireless devices, using WLCs and
Cisco Aironet Lightweight APs (LAPs). This also allows a customer to track any Wi-Fi device, including
clients, active RFID tags, and rogue clients and APs.
Prime Infrastructure (PI)

Cisco PI is the one management solution for Connected Mining 1.0 wireless and wired components,
including their application visibility, security, policy monitoring, and troubleshooting. It also delivers
location and tracking of AeroScout tags with the Cisco MSE. It brings device management capabilities
into operational monitoring workflows to more effectively manage their network as well as the services
the network delivers.

Design Guide 3-4
System Components
Prime IP Express
Cisco Prime IP Express provides integrated, high-performance, reliable Domain Name System (DNS),
Dynamic Host Configuration Protocol (DHCP), and IP Address Management (IPAM) services for the
enterprise network.
Access Control Server (ACS)

Cisco Access Control Server (ACS) provides a comprehensive, identity-based access control solution for
Connected Mining 1.0 networks. Cisco ACS authenticates and authorizes MV/PI Clients, the Workgroup
Bridge (WGB), and Exciters. It also enforces pre-defined specific policies to the respective end devices.
AeroScout Location Engine (ALE)

The AeroScout Location Engine (ALE) receives information from the MSE and applies multiple
algorithms to produce accurate and reliable location and status data in mining environments.
The ALE server does the asset location calculations based on the Received Signal Strength Indicator
(RSSI) data received from one or more APs. ALE directly connects to the Exciters to configure and
monitor them. ALE is managed by using the AeroScout Engine Manager.
AeroScout Engine Manager (AEM)

AeroScout Engine Manager (AEM) is used to perform configuration, administration. and diagnostics
operations on ALE. Site maps are imported and managed through this module. The configuration tasks
include importing the site maps, setting up the system topology, and configuring Exciters.
Administration functions include recording event management and site monitoring. Separate modules
on AEM aid in performing coverage density analysis and location accuracy analysis on the field.
AeroScout MobileView
AeroScout MobileView is a Web-based software platform for asset location monitoring. It integrates
with the ALE and is responsible for a full range of visualization, reporting, management, and automated
alerting options. It also has the ability to deliver context-aware visibility data from many sources, such
as AeroScout Wi-Fi tags and Wi-Fi clients.
MobileView collects location, status, and condition data of assets; displays it on maps; and reports to the
web browsers or applications on end devices. It aids in automating business processes by generating
alerts and events triggered by asset location, status, and condition. It also has the complete application
solution for Incident Monitoring, Asset Utilization, Worker Safety, and Evacuation Monitoring.
MobileView is comprised of three modules: the Gateway, Asset Manager, and Database.
System Components
This section describes the various components, models and software versions used in the Connected
Mining 1.0 system design.

3-5 Design Guide
System Components
Cisco Products
Table 3-1 shows the Cisco hardware components used in the system design.
Table 3-1 Cisco Hardware Components
Device Model/Description Version

Industrial Ethernet 2000 IE-2000-4TS-G IOS Software-15.2.2E
IE-2000-4S-TS-G-L IOS Software-15.2.2E
Other IE2K models having 2GE uplink
can also be used based on the deployment
need.
Industrial Ethernet 3000 IE-3000-4TC IOS Software-15.2.2E
Other IE2K models having 2GE uplink
can also be used based on the deployment
need.
Catalyst 3750-X WS-C3750X-12S-S IOS Software-15.0.2-SE6
WS-C3750X-24S-S IOS Software-15.0.2-SE6
Aironet 1552H Access Point N/A 8.0 MR
Aironet 1532 Access Point N/A 8.0 MR
Cisco 5508 WLAN N/A 8.0 MR
Controller
WGB (819) Cisco 819 Hardened Dual Radio 802.11n IOS Software-15.3.3M3
Wi-Fi ISR
Table 3-2 shows the Cisco software components used in the system design.
Table 3-2 Cisco Software Components
Model Version and Description

Mobility Service Engine Mobility Services Engine Software - 8.0 MR
Prime - Unified Wireless LAN Prime Infrastructure Software - 2.1.1
Management
Access Control Server Cisco SNS - 3415-K9 - Secure Access Control System Software -
5.5.0.46
DHCP Windows 2012 DHCP Server
AeroScout Products
The AeroScout hardware components used in the system design include the following:
• T2 tags RFD
• T3 tags RFID
• T5 tags RFID
• Exciters (EX5200R/EX2000B)

Design Guide 3-6
System Components
Table 3-3 shows the AeroScout software components used in the system design.
Table 3-3 AeroScout Software Components
Model Description
MobileView Version 5.0
Location Engine Version 5.0

3-7 Design Guide
CH A P T E R 4
System Design
This chapter describes key design considerations at various layers (wireless access, wired access,
distribution, core, and data center levels) in the Connected Mining 1.0 system architecture. Primary
architectural considerations are described in the following major topics:
• End-to-End System Design, page 4-1
• Services Overview, page 4-6
• Services Flow, page 4-8
• Deployment Models, page 4-11
• System Design Considerations, page 4-21
• Future Readiness Evaluation for an Unified Enterprise and Control Network, page 4-36
• Deployment Examples for Wired Backhaul, page 4-39
• System Design Constraints and Limitations, page 4-41
End-to-End System Design

This section explains the Connected Mining 1.0 end-to-end architecture in detail. The overall
architecture topology is shown in Figure 4-1.
The Wireless Mesh network including RAPs and MAPs, provides wireless coverage inside mining for
AeroScout tags, WGB, and MV/PI clients. The RAPs are connected to IE2K/IE3K using the Ethernet
backhaul. All IE2K/IE3K are aggregated to 3750-X distribution layer switches by using ring, star, or bus
topology. The distribution layer switches are connected to core layer 3750-X switches where all data
center components are connected. Both distribution and core layer switches are configured as Layer 3
switches with respective switched virtual interfaces (SVI) configured as explained in Services Flow,
page 4-8.

Design Guide 4-1
Chapter 4 System Design
Figure 4-1 End-to-End System Architecture
AeroScout Location Engine

Cisco MSE Catalyst 3750-X
AeroScout MobileView
Cisco WLC 5508

Catalyst 3750-X Mine Control Zone
RAP Standalone
RAP LWAPP
Exciters
LWAPP
MAP SSID 1 Fixed MV/PI

LWAPP Client
SSID 1 IE2K IE2K
RAP
RAP LWAPP
LWAPP
REP Ring
SSID 1
SSID 1
IE2K IE2K
MV/PI
Exciter connected to
Wireless Clients
backhaul wired
IE2K IE2K
Fiber ring Max distance
between nodes 400m
RAP
Area between REP nodes RAP
LWAPP LWAPP
covered with WMESH
SSID 1
SSID 1 WGB MAP SSID 1
LWAPP
SSID 1
Specifications
• WLC, VSM, MV, PI located in Mine Control zone
MV/PI Clients • Tags beacons one directional over CAPWAP
connected to WGB Exciters Connected • Maximum 2 hops wireless mesh
to WGB • SSID -1 for WGB and MV/PI Clients
Exciter connected
374305
to backhaul wired Mining Zone
Inter-System Interfaces
This section describes the high-level inter-system interfaces between the third-party products and Cisco
components. The main inter-system interface present in this solution are AeroScout components (such
as Exciters and tags) interfacing with the Cisco wireless backhaul. The AeroScout tag's traffic needs to
be recognized and processed by Cisco APs and should be able to interface with AeroScout Exciters that
are connected to the network.
AeroScout RFID Tags Interfacing with the Cisco Wi-Fi Network

AeroScout Industrial Tags use a standard Wi-Fi radio to communicate with the stationary WLAN AP.
The tags from AeroScout are unique in that they use the beaconing method, rather than the association
method, thus keeping network utilization low and improving scalability and availability.
With the beaconing method, tag messages are broadcast to an Layer 2 multicast group address
recognizable by AeroScout Industrial compatible APs, thus eliminating the need for association and IP
address assignment.
The tags are programmed to send unidirectional standard 802.11b Wi-Fi messages at a configurable
interval on specific channels (can be set to 1, 6, 11) called beacons. These beacons are short messages
with 416 bits long payload consisting of the tag's MAC address, control data, and additional telemetry
information, if any. Typically, the transmit time of a beacon ranges from 200ms to 400ms.
AeroScout tags are compliant with the Cisco Compatible Extensions (CCX) for Wi-Fi tag specification;
thus, they are recognized by Cisco APs and are distinguished from other tracked devices in the network.
AeroScout tags transmit Layer 2 multicast packets (native multicast 01:0C:CC:00:00:00 or CCX v1
multicast format 01:40:96:00:00:03). Cisco APs—both in Unified/Centralized Architecture mode and
Autonomous/Standalone Architecture mode—can recognize these beacons from AeroScout tags and

4-2 Design Guide
process them. When the Cisco AP receives beacons from AeroScout tags, it measures the RSSI and
appends this data to the received packet and forwards to the Cisco WLC over a CAPWAP tunnel.
Figure 4-2 shows the capture of a Lightweight Access Point Protocol (LWAPP) frame (this is replaced
by CAPWAP in later versions).
As the packet is embedded in CAPWAP, the Layer 2 multicast address is not exposed to wired backhaul
or to the REP ring in the network. This Layer 2 multicast packet is intercepted and consumed by the
controller. Further, Cisco MSE queries the WLC at regular intervals to get the tag’s information from it,
which in turn sends this data to AeroScout Location Engine/MobileView. When multiple APs receive
the same tag signal, each of them computes RSSI and report. The data is then used to determine the
location of the tag.
Figure 4-2 LWAPP Capture of Tag Multicast Frame
AeroScout Industrial Exciters Interface

AeroScout Industrial Exciters can be connected to the access layer network via IE2K/IE3K, AP’s
bridged Ethernet ports, and WGB bridged port. ALE manages Exciters. Exciters can also be mounted as
standalone (offline) devices on an as-needed basis wherever the backhaul connectivity is not available.
They use low frequency 125 kHz signals to trigger tags. Exciters such as EX2000/EX2000B/-X1/-X3
have an adjustable range from 50 cm to 6 m (20 in to 20 ft). Exciters could be powered up by using PoE
or DC power supply.
Tag Activators
Tag Activators communicate with the Tag Manager to detect, configure, program, activate, and
deactivate tags. Tag Manager is an AeroScout Industrial application installed in a Windows machine,
which communicates to the Tag Activators via direct or Ethernet network connection. Tag Activators
send commands to tags at 125KHz; tags reply at 2.4GHz using Wi-Fi. Tags are programmed before
deploying in the field. Tag Managers and Tag Activators are not connected to the mining networks.

Design Guide 4-3
MV/PI Clients Interface

MobileView and Prime clients accessed using laptops or iPads having wireless connectivity can be used
across the mine where wireless coverage is available. Mobile wireless clients are connected to the
nearest AP dynamically as per the SSID configuration. Clients that do not have wireless capability can
be connected to the wired Ethernet ports of IE2K access switches and WGB-bridged Ethernet ports.
Interface between the WLC, MSE, ALE, and MobileView

APs receive tag messages and forward them to the WLC on CAPWAP control packets. The only
configuration required on the WLC is to turn on Tag Data Collection. The MSE integrates and receives
data from the WLC through NMSP. Cisco PI is used to configure the MSE by SOAP/XML over
HTTP/HTTPs. It manages network design (such as map creation and calibration) and synchronizes the
network design and its components (tags and Exciters) with MSE.
The ALE server collects and processes location data received from MSE and further syncs up with the
MobileView server. The ALE server is managed by ALE Manager by importing site maps, setting up
system topology, configuring remote infrastructure, and processing data recorded through the ALE
server. The tag messages traffic flow is shown in Figure 4-4 on page 4-8.
MobileView provides a simple, yet powerful means of tracking the location, status, and condition of
assets and people. The Web-based software platform has a full range of visualization, reporting,
management, and automated alerting options, and the ability to deliver context-aware visibility data to
a variety of third-party applications.
The major MobileView components, which are depicted in Figure 4-3, include:
• Asset Manager Server—Contains the MobileView application server.
• Event Engine—Responsible for monitoring incoming location reports (according to the pre-defined
event conditions set in MobileView) and sending out alerts when those conditions are met. The
Event Engine is coupled with the Asset Manager Server for installation and configuration purposes.
• Gateway—The bridge between location data sources (AeroScout Location Engine) and
MobileView.
• Database—Stores all of the data used by MobileView.
Figure 4-3 MobileView Components and Functionality

Gateway
JMS Queue
Location Data
Source
Location Reports
Cache
Asset Events
Last Manager
Location Alerts Event Engine
Reports
Channel
Distributor
Status Old
changes Locations Alerts
JMS Queue
374307
OLAP DB MV Database

4-4 Design Guide
All MobileView applications contain the core functions of the following:

• Asset Locator
• Alert Manager
• Reports Manager
MobileView Asset Locator
The Asset Locator provides instant visual access to all mining assets' location and status information,
and the ability to view the entire site and drill down to particular locations. The Asset Locator offers a
feature for finding and viewing assets on maps and enables customization of how assets and alerts on
maps are viewed.
MobileView Alert Manager
MobileView Alert Manager offers the ability to fundamentally transform business processes by bringing
real-time location and status-based alerts about assets directly to users through virtually any channel.
Users can configure a wide variety of context-based events, using asset type, location, and condition.
When the conditions of those events are met, they automatically trigger a variety of alerts (both internal
and external). Alerts can be configured to send by various means such as e-mail, JMS Queue, XML
message, Web Service, and HTTP post. The following event types are supported:
• Entrance/Exit
• Location Changed
• Escort
• Overflow/Shortage
• Dwell/Absence
• Battery Level
• Telemetry
• Tamper
• Temperature
• Humidity
• Call Button
• Out of Sight/In Sight
• Tag Message
• Par Level
MobileView Reports Manager
MobileView's standard reports set offer the flexibility to generate instant reports on demand or to
pre-define report criteria and then specify a schedule by which to save or e-mail the finished reports.
Reports are available in a variety of formats, such as CSV, PDF, and HTML. In addition, MobileView
offers the ability to quickly and easily creates customized reports. The following reports are available:
• Temperature Report
• Events Report
• Battery Status Report

Design Guide 4-5
Services Overview
• Temperature/Humidity Report
• Temperature/Humidity History Report
• Temperature/Humidity Events Report
• Temperature/Humidity Summary Report
• Asset Utilization by Business Status
• Asset Utilization by Location
• Asset Location Summary Report
• All Assets Report
• Out of Sight Report
• Par Level Summary Report
• Par Level History Report
Services Overview
The Connected Mining Release 1.0 system proposes a scalable and resilient design of network
supporting the following services:
• Wireless connectivity throughout the underground mine
• Real-time location services of tags by carrying tag traffic to MobileView
• MV/PI client access to MobileView and Cisco Prime Infrastructure across the mine
SSID Considerations
Within the mining zone, a single SSID-1 is configured with WPA2-802.1x authentication in WLC for
MV/PI Client and WGB association.
VLAN Considerations
The recommendations for system-level VLAN configurations, with specific VLAN information listed in
Table 4-1, are as follows:
• WLC Mgmt interface and AP Manager are configured in VLAN 50 so that all MAPs are configured
in VLAN 10 creating a CAPWAP tunnel with WLC.
• VLAN 40 is configured for the SSID-1 by which MV/PI Wireless clients and WGB are associated.
• No VLAN is configured for wired clients connected to WGB. MV/PI Clients and Exciters traffic
connected to WGB's wired ports will use the configured SSID-1 VLAN (40).
• Fixed MV/PI Clients, which are connected to IE2K/3K, are configured with 802.1x authentication,
and put in Pre-auth VLAN. After successful authentication, MV/PI Clients are put in Service VLAN
41.
• VLAN 60 is configured on access ports where Exciter is connected.
• All access, core devices, and data center systems are part of Management VLAN 70.

4-6 Design Guide
Services Overview
• VLAN-30 is configured for the network inside the data center.

Table 4-1 VLAN Considerations
Device VLAN
WLC Management/AP Manager Interface 50
Enterprise-SSID-VLAN (MV/PI Wireless Clients and WGB) 40
Data Center Enterprise VLAN 30
Access Point VLAN 10
Exciters connected to IE2K/3K 60
MV/PI Clients connected to IE2K/3K 41
Management VLAN 70
Control-SSID-VLAN 200
Data Center Control Network VLAN 910
Control Clients connected to IE2K/3K 950
IP Address and DHCP Considerations

IP addressing of the wireless APs, WGBs, and end clients use DHCP services in order to support easy
dynamic deployment of APs in the network. Tags do not have IP addresses. Fixed IP addresses are
allocated to Exciters, hosts in the data center, and access and core switches. MobileView and PI clients
will also use DHCP to get an IP address. See Table 4-2.
Table 4-2 IP Address and DHCP Considerations
IP Allocation
Device/Host Mechanism Remarks
Hosts in data center, access, Fixed IP Address N/A
and core switches
Access points Dynamic IP Address Allocate same IP address every time by binding
IP address with MAC address at DHCP server.
Use a.b.c.0/23 bit mask (510 hosts).
Exciter Fixed IP Address Use a.b.c.0/24 bit mask (254 exciters).
MV/PI clients and WGBs Dynamic IP Address Allocate same IP address every time by binding
IP address with MAC address at DHCP server.
SVI interfaces (VLAN 10, 30, 41, 50, 60, 70) and inter-VLAN routing (10-50, 60-30, and 30-41) are
configured in the distribution layer 3750-X switches. SVI interfaces (VLAN 30, 40, 50 and 70) and
inter-VLAN routing (50-30, 40-30) are configured in the core layer 3750-X switches.
DHCP helper is configured with SSID-1 dynamic interface at WLC to cater to DHCP requests for VLAN
40 in CAPWAP packets (wireless clients and WGB clients). Similarly, to cater to DHCP requests for
VLANs 10, 41, and 60 from non-CAPWAP packets (APs, Exciters & MV/PI fixed clients), the DHCP
helper is configured at the respective data center SVI.

Design Guide 4-7
Services Flow
Services Flow
The Connected Mining 1.0 system involves the following traffic flows:
• DHCP and CAPWAP Control Traffic Flow for MAPs
• Tag Traffic Flow
• MV/PI Client Traffic Flow
DHCP and CAPWAP Control Traffic Flow for Mesh Access Points
In a Connected Mining network, RAPs connect to the IE 2000 in a separate VLAN (10) and get IP
addresses from the DHCP server configured in the data center VLAN (30). DHCP packets from APs are
relayed to the DHCP server using an IP helper address configured in AP VLAN SVI of the distribution
switch.
MAPs can use a vendor-specific DHCP Option 43 to join specific WLCs because the WLC is in a
different subnet than the MAP. To facilitate MAP discovery of WLAN controllers that use DHCP Option
43, the DHCP server must be configured to return the WLAN controller management interface IP
addresses based on the Vendor Class Identifier (VCI) of the respective 1550 and 1532 APs.
When the DHCP server sees a recognizable VCI in a DHCP discover from a DHCP client, it returns the
WLC IP address in its DHCP offer to the client as DHCP Option 43.
After the AP knows the WLC management IP address, each RAP/MAP creates a CAPWAP tunnel, with
WLC with its AP Manager Interface, through which respective client CAPWAP data traffic flows.
Tag Traffic Flow

This section describes the tag traffic flow in detail, as shown in Figure 4-4.
Figure 4-4 Tag Traffic Flow Diagram

DHCP, ACS Location Engine MSE, Prime,
Trunk Port MobileView VSM
LWAPP Allowed VLAN –40, 50
WLC
DHCP Helper
VLAN –30
SVI Stacked
VLAN 30, 40, 50, 70 Cat 3750 -X Mine Control Zone
Stacked MV/PI/Internet client

SVI
MV/PI/Internet client VLAN 10, 30, 41, 50, Cat 3750-X
SSID -1, VLAN 40 60, 70
802.1x username
SSID 1
LWAPP Exciter
IE2K IE2K
MV/PI/Internet client
LWAPP VLAN – 41
802.1x username
RAP
REP Ring: VLAN 10
LWAPP
SSID -1 MAP LWAPP
MAP Exciter
VLAN – 60 Exciter
802.1x MAC addr VLAN –60
802.1x MAC addr
374308
Mining Zone
1. Unsolicited beacons from tags are received by MAPs and sent across to WLC in CAPWAP tunnel.
2. Cisco MSE queries WLC at regular interval to get the tag’s information.

4-8 Design Guide
Services Flow
3. MSE sends this data to ALE/MV in order to compute the location tracking of the tags.
MV/PI Client Traffic Flow

This section describes the following three types of MV/PI client traffic flow in detail:
• MV/PI wireless client flow
• MV/PI wired client flow
• MV/PI WGB client flow
MV/PI Wireless Client Flow

Figure 4-5 depicts the MV/PI wireless client traffic flow.
Figure 4-5 MV/PI Wireless Client Traffic Flow

WLC
DHCP Helper
VLAN –30
SVI
Stacked
VLAN 30, 40, 50, 70 Mine Control Zone
Cat 3750 -X

SVI
SSID -1, VLAN 40 60, 70
802.1x username
SSID 1
LWAPP Exciter
IE2K IE2K
LWAPP VLAN – 41
802.1x username
RAP
REP Ring: VLAN 10
LWAPP
SSID -1 MAP LWAPP
MAP Exciter
VLAN – 60 Exciter
802.1x MAC addr
Mining Zone 374309
1. MV/PI wireless clients are associated to SSID-1 configured with WPA2-802.1x authentication and
get IP address from VLAN 40.
2. MV/PI wireless clients traffic to data center is forwarded by MAP to WLC in CAPWAP tunnel.
3. WLC will de-encapsulate the CAPWAP traffic and put it in SSID VLAN 40.
4. Core switch will further route the traffic to the data center VLAN in order to reach Mobile View and
Prime Infrastructure components.
5. The return traffic from data center component to MV/PI clients will follow the same path as marked
above.
MV/PI Wired Client Flow

Figure 4-6 depicts the MV/PI wired client traffic flow.

Design Guide 4-9
Services Flow
Figure 4-6 MV/PI Wired Client Traffic Flow

WLC
DHCP Helper
VLAN –30
SVI
Stacked
Cat 3750 -X

SVI
SSID -1, VLAN 40 60, 70
802.1x username
SSID 1
LWAPP Exciter
IE2K IE2K
LWAPP VLAN – 41
802.1x username
RAP
REP Ring: VLAN 10
LWAPP
SSID -1 MAP LWAPP
MAP Exciter
VLAN – 60 Exciter
802.1x MAC addr
374566
Mining Zone
1. MV/PI wired clients connected to IE2K/3K directly are configured with 802.1x authentication.
Before 802.1x authentication, the IE2K/3K ports are configured in pre-auth VLAN and after
successful authentication, they will be put in Service VLAN of 41. Unauthorized clients do not gain
access to the network.
2. MV/PI wired clients traffic to the data center VLAN is getting routed from Service VLAN in
distribution layer switches and reaching the data center VLAN via core layer switches.
3. The return traffic from the data center component to MV/PI clients will follow the same path as
mentioned above and the bidirectional traffic is marked in Figure 4-6.
MV/PI WGB Client Flow: Clients Connected WGB

Figure 4-7 depicts the MV/PI WGB client traffic flow.

4-10 Design Guide
Deployment Models
Figure 4-7 MV/PI WGB Client Traffic Flow

WLC
DHCP Helper
VLAN –30
SVI
Stacked
Cat 3750 -X

SVI
SSID -1, VLAN 40 60, 70
802.1x username
SSID 1
LWAPP Exciter
IE2K IE2K
LWAPP VLAN – 41
802.1x username
RAP
REP Ring: VLAN 10
LWAPP
SSID -1 MAP LWAPP
MAP Exciter
VLAN – 60 Exciter
802.1x MAC addr
374567
Mining Zone
1. MV/PI clients are connected to WGB (819) Ethernet ports. MV/PI wireless clients are associated to
SSID-1 configured with WPA2-802.1x authentication and get IP address from VLAN 40.
Unauthorized clients do not gain access to the network.
2. MV/PI WGB clients traffic to the data center is forwarded by WGB to MAP and then to WLC in the
CAPWAP tunnel.
3. WLC will de-encapsulate the CAPWAP traffic and put it in SSID VLAN 40.
4. The core switch will further route the traffic to the data center VLAN in order to reach Mobile View
and Prime Infrastructure components.
5. The return traffic from the data center component to MV/PI clients will follow the same path as
mentioned above and the bidirectional traffic is marked in Figure 4-7.
Deployment Models
This section illustrates recommended topologies, including wireless and wired access layer models.
Wireless Access Layer Models

This section includes deployment guidelines and AP deployment models for wireless access.
Deployment Guidelines
1. Wireless coverage should be available across the mine where tags and assets can reach.
2. Triangulation method is used for location tracking. Tags have a transmission range of 200 meters.
Thus, for better location accuracy with triangulation method, at least three APs should be available
in the vicinity of 200 meters from any location. Refer to Table 4-4 and Table 4-5 for AP deployment
decision and density.

Design Guide 4-11
Deployment Models
3. Mesh mode is the preferred AP deployment. To keep the mesh convergence time to less than 40 sec,
it is recommended to limit wireless mesh to 2 hops. Also, for Video transportation on wireless mesh
maximum two hop mesh is recommended by Cisco WNBU.
4. To avoid SPOF, multiple RAPs that cover a single mesh area/cell should all parent to different access
switches.
5. Similarly, to avoid SPOF, multiple MAPs that cover a single area/cell should all parent to different
RAPs.
6. Wireless deployment best practices are to be followed such as adjacent APs, which should operate
in different 802.11a Channels (for example, channel 153 for AP1 and Channel 161 for AP2). MAP
backhaul should be on 5GHz and access should be in 2.4GHz channel. In a unified network where
both enterprise and control traffic coexist, it is preferable to have spectral segregation between
enterprise and control network traffic. Thus, 5 GHz can be shared between MAP backhaul and
enterprise wireless access traffic, whereas 2.4 GHz can be used for carrying the sensitive control
traffic.
AP Deployment Models
By considering that most of the areas in the underground mines are tunnel shaped and only a few tens of
meters diameter, the following deployment models should be followed as a guideline for wireless AP
deployment.
• Local Loop—the area between two adjacent IE2K access switches.
• Cell—the physical boundary of an access point and not the RF coverage area.
• Cell Region—the entire area within a cell.
Each local loop is divided into overlapping cells of 200 meters diameter. The overlapping of adjacent
cells should be 50%. An AP (RAP/MAP) should be placed at the center of each cell. Thus, placing one
AP every 100 meters is recommended. See Figure 4-8.
Figure 4-8 Description of Local Loop, Cell Area, and Distance between Adjacent Cells
AP AP AP AP AP
AP AP AP AP
P AP
IE2K IE2K Local

al Loop
L 400 m IE2K
Distance
between Cell area (Physical
100 m
adjacent boundary of an AP Copper
APs 100m 200m)
Fiber
Cell area (Physical

boundary of an AP)
374582
1. Wherever a wired (copper/fiber) access point can be placed at the center of each cell of a local loop,
provide wireless coverage for the entire local loop with RAPs. The RAPs of all adjacent cells should
connect to different IE2K switches. Refer to Figure 4-9.

4-12 Design Guide
Deployment Models
Figure 4-9 IE2K at 400 Meters, All APs are Configured as RAP
RAP RAP RAP RAP RAP RAP RAP
RAP RAP RAP RAP RAP RAP RAP
IE2K IE2K IE2K

IE2K 4 00 m
100 m 100 m 100 m

Copper
374310
Fiber
2. If all areas can't be covered with wired APs (RAP), then cover the area with a single hop mesh as
shown in Figure 4-10. Adjacent RAPs should be connected to different IE2K access switches. If this
is not practical, then it can be connected as shown in Figure 4-11.
Figure 4-10 Wireless Mesh, Adjacent RAPs Connect to Different IE2Ks
MAP MAP RAP RAP MAP MAP RAP RAP MAP MAP RAP RAP MAP
IE2K 400 m IE2K 400 m IE2K 400 m IE2K
100 m 100 m 100 m

Copper
374311
Fiber
Figure 4-11 Wireless Mesh, Adjacent RAPs Connect to Same IE2K
MAP
LWAPP
MAP
LWAPP
RAP LWAPP
RAP
LWAPP
MAP
LWAPP
MAP
LWAPP
RAP
LWAPP
RAP
LWAPP
MAP
LWAPP
MAP
LWAPP
RAP
LWAPP
RAP
LWAPP
MAP
LWAPP
LWAPP LWAPP LWAPP LWAPP LWAPP LWAPP LWAPP LWAPP LWAPP LWAPP LWAPP LWAPP LWAPP
100 m 100 m 100 m

Copper
Fiber
374312
3. With two hop mesh, a maximum 300 meters can be covered from the nearest RAP. A two-hop mesh
is shown in Figure 4-12.
4. Wired connection should be extended to areas more than 300 meters from the RAP.

Design Guide 4-13
Deployment Models
Figure 4-12 Recommendation 3: Two Hop Wireless Mesh Covering Nearly 300m
MAP
300 m
MAP
MAP MAP RAP RAP MAP MAP RAP RAP MAP MAP RAP RAP MAP
100 m 100 m 100 m
374313
Copper
Fiber
Table 4-3 summarizes the wireless access layer model recommendations.

Table 4-3 Wireless Access Layer Model Recommendations
Recommendation
Order Description Pros and Cons Requirements
1 All APs are • No single point failure (IE2K, • Access switch within
configured as ring, AP). 250m from any location.
RAPs.
• Sub-second convergence time. • Fiber availability to
connect APs from IE2K.
• Tags and other wireless clients
have at least three APs in the
vicinity at every place and time.
2 Single hop wireless • No single point of failure (IE2K, • Access switch within
mesh. ring, AP). 250m from any location.
• Mesh convergence time < 20 sec
(single hop).
• Tags can see at least three APs at
every place and time.
3 Two hop wireless • For the second hop MAP is the • Area to be covered is
mesh. single point of failure. within 300 meters from
the nearest RAP.
• Pockets of location only one MAP
can be seen by tags.
• Mesh convergence time for second
hop < 40sec.
The AeroScout Industrial tags have a maximum wireless range of 200 meters with a clear line of sight,
so ideally having APs at every 100 meters gives the best results, both in terms of continuous location
tracking and high availability. This kind of density is needed in all regions where accurate location
tracking and high availability is critical.

4-14 Design Guide
Deployment Models
In places where high availability is not mandatory, APs can be deployed up to 400 meters distance in the
tunnel. In this case, high availability cannot be provided; that is, if an AP fails, then tags in that area
cannot be tracked. In this system design, the pros and cons for each recommended topology are also
listed so the customer can choose the best suitable option based on his constraints.
If continuous location tracking is not needed and zone-based tracking is sufficient, then install an Exciter
at the entry and exit of each zone. Within 200 meters from the Exciter, one or two APs need to be
installed depending on whether high availability is needed or not, as shown in Table 4-4.
Table 4-4 Exciter and Access Point Deployment Decision Table
Redundancy/High Availability Redundancy/High Availability Not

Needed Needed
Continuous location One AP every 100 meters in one the One AP every 400 meters.
tracking needed. topologies illustrated in AP
Deployment Models, page 4-12.
Continuous location Install Exciter at entry and exit of Install Exciter at entry and exit of
tracking not needed. each zone. each zone.
(Zone-based tracking is Two APs within 200 meters from the One AP within 200 meters from the
enough.) Exciter. Exciter.
Wired Access Layer Models

The following models should be followed as a guideline for wired backhaul deployment in underground
mines.
It is recommended to use appropriate Cisco IE2K/IE3K series switches with suitable enclosures as the
access switch to connect APs and other wired clients such as camera, Exciters, and laptops. The
recommended maximum distance to a wired AP from any location in the mine is less than 250 meters.
In any topology, IE2K/IE3K switches need to be placed at a distance of 400 meters on the wired
backhaul. The area between two IE2K/IE3K access switches is called a local loop, which is covered by
wireless access.
1. Ring topology starting and terminating at the distribution layer switch is the preferred option as it
miminizes fiber requirement within the mine and utilizing REP protocol ring provides fast
convergence time. The maximum number of hops in an access ring should be limited to 12. This is
to meet latency, resiliency, and bandwidth requirements. With Layer 2 access switches, nearly (12
* 400meter) 5 km distance can be covered. Refer to Figure 4-13.

Design Guide 4-15
Deployment Models
Figure 4-13 Recommendation-1a—IE2K Connected with Fiber Ring at Every 400m
400 m 400 m
400 m 400 m
374314
2. If the underground mine length exceeds 5KM distance, multiple rings can run in parallel, all of them
starting and terminating at the distribution switch. In this topology (when two rings are running in
parallel), the access switch can be connected to alternate rings at alternate hops. For example, at
hop-1, access switch is connected to ring-1, at hop-2, access switch is connected to ring 2. This
provides additional redundancy for the ring failure. Refer to Figure 4-14.
Figure 4-14 Recommendation-1b—Dual Rings to Cover Tunnel Size > 5KM
800 m 800 m
800 m
374315
3. If the underground mine has multiple floors and each floor has a tunnel, a separate ring should be
laid for each floor, each ring starting and ending in the distribution switch. Refer to Figure 4-15.

4-16 Design Guide
Deployment Models
Figure 4-15 Recommendation-1c—Multi Level Mine One Ring per Level (All Rings Terminate at
Distribution Switch)
400 m 400 m
400 m
400 m 400 m
400 m
374316
4. If a ring cannot reach an area in the mine and the area to be covered is larger than the recommended
wireless cell area, then the wired LAN connection should be extended from the nearest IE2K/IE3K
access switch as a hub-and-spoke or star topology. Port channeling should be configured to protect
from a single link or port failure. IE2K/IE3K switch failures remain a limitation for this topology.
The maximum number of hops with this topology should not exceed a single hop or one local loop,
which is nearly 600 meters (400m local loop + 200m cell area). Refer to Figure 4-16.
Figure 4-16 Extended Wired LAN Connection from the Ring Port Channel for Link Redundancy
400 m
400 m 400 m
400 m 400 m
374317
5. If the area exceeds one local loop, then extending the ring is recommended to cover the area, provide
redundancy, and assure resiliency. If the branch size is greater than a single hop and extension of
main ring is not practical, then subtended rings can be used to cover the branch.

Design Guide 4-17
Deployment Models
Note IE2K and IE3K series switches have a maximum of two GE ports, so the subtended ring will be
an FE ring. Refer to Figure 4-17.
Figure 4-17 Recommendation-3—Subtended Ring (FE 100 Mbps)
Subtended ring
400 m 400 m
400 m 400 m 400 m
400 m 400 m
374318
Access Switch Deployment Recommendations
Table 4-5 provides a summary of access switch deployment recommendations.
Table 4-5 Access Switch Deployment Recommendations Summary
Recommendation
Order Description Outcome Description Requirements
1 Ring topology 1. Ring topology is preferred as it Fiber ring availability in
optimizes fiber requirement in the mine. the entire mine within 250
Also, ring topology with REP gives the meters.
fast convergence times.
2. No single point of failure (IE2K, ring,
AP).
3. Between 50 to 200msec convergence
time.

4-18 Design Guide
Deployment Models
Table 4-5 Access Switch Deployment Recommendations Summary (continued)
Recommendation
Order Description Outcome Description Requirements
2 Extended wired 1. Can be used when a sub tunnel size is Fiber access to extend the
LAN connection less than the size of a local loop. ring.
from the ring
2. Edge access switch and its parent are
single point of failure.
3 Subtended ring 1. Can be used when the branch size is Fiber availability to form a
topology greater than a local loop and fiber ring is ring in the branch.
practical.
2. Similar to ring, this has the sub-second
convergence time.
3. The network can also tolerate one failure
per ring.
4. IE2K and IE3K series switches have
maximum 2 GE ports. Thus, subtended
ring shall be a FE ring.
Distribution and Core Layer Models

The following models should be followed as a guideline for distribution layer deployment:
• Small Mine and Co-located Data Center Topology
• Large Size Mine Topology
Small Mine and Co-located Data Center Topology

The collapsed core architecture, as shown in Figure 4-18, is recommended for small mines where the
data center is co-located with the distribution layer switch. For a small mine at the distribution layer, two
switches are configured in StackWise mode and the same switch also functions as the data center switch.
In case of a collapsed core, the core layer does not exist. The distribution layer switch does the function
of both distribution and core layer switches. Industrial Demilitarized Zone and layers above are beyond
the scope of the current phase of the Connecting Mining system.

Design Guide 4-19
Deployment Models
Figure 4-18 Collapsed Distribution and Core for Small Mine and Co-Located Data Center
Catalyst
Switch
Beyond the scope

of Mining 1.0
Patch Management Catalyst Plant Firewalls: Application and Data share
2960- X • Inter -zone traffic segmentation Access Control
Terminal Services
• ACLs, IPS and IDS Threat Protection
Cisco Video Surveillance Data Share • Portal and Terminal Server proxy
Application Server
Catalyst 2960 -X
AV Server Failover
ASA 55xx-X ASA 55xx-X Industrial Demilitarized Zone
Inside
Active Set Standby Set
1Gb 1Gb
1. Cisco Prime / MSE 1. Cisco Prime / MSE
2. Cisco WLC 5508 2. Cisco WLC 5508
3. AeroScout MobileView 3. AeroScout MobileView
and Location Engine and Location Engine
4. DHCP Server Cat 3750 - X 4. DHCP Server
5. ACS 5. ACS
1Gb 1Gb Mine Control Zone
IE2K IE2K 1Gb

1Gb
Distribution
IE2K IE2K layer
REP Ring - 100

Access
Collapsed core
layer
(Small mine and
IE2K IE2K
co-located DC)
374319
Mining Zone
Large Size Mine Topology

In case of large mines or small mines with non-co-located data center, as shown in Figure 4-19, a
three-layer architecture is used. Here the uplink trunk ports of distribution switch terminate in core layer
switches by considering the following points:
• Stacked 3750-X is used as core layer switch. Depending on the need, either a 24 or 12 port model
can be used.
• Distribution network switches from multiple mine locations terminate at a central core layer.
• Two switches are stacked for redundancy.
• Core layer switches also connect the data center network.
• Port channel is configured for the network between distribution and core.

4-20 Design Guide
System Design Considerations
Figure 4-19 Three Layered for Large Mine/Small Mine with Non-co-located Data Center
Catalyst
Switch
Beyond the scope

of Mining 1.0
Catalyst Application and Data share
Patch Management 2960 - X Plant Firewalls:
• Inter -zone traffic segmentation Access Control
Terminal Services DMZ Threat Protection
• ACLs, IPS and IDS
Cisco Video Surveillance Data Share DMZ • Portal and Terminal Server proxy
Application Server Catalyst2960 - X
AV Server Failover Industrial Demilitarized Zone
ASA 55xx-X ASA 55xx-X
Inside
Active Set Nx1Gb Standby Set

Nx1Gb Stacked Cat 3750-X Nx1Gb
1. Cisco Prime / MSE 1. Cisco Prime / MSE
2. Cisco WLC 5508 2. Cisco WLC 5508
3. AeroScout MobileView 3. AeroScout MobileView
and Location Engine and Location Engine
4. DHCP Server 4. DHCP Server
5. ACS 5. ACS
1Gb 1Gb
Mine Control Zone
1Gb 1Gb
Three layer core

Stacked Cat 3750-X (Large mine / Small Stacked Cat 3750-X

mine with non
co-located DC)
IE2K IE2K 1Gb IE2K IE2K 1Gb

1Gb 1Gb
IE3K IE3K IE2K IE2K
REP Ring - 100 REP Ring - 101
IE2K IE2K IE3K IE3K
374320
Mining Zone

This section discusses system design considerations, including environmental, network coverage, power,
security, QoS, and high availability.
Environmental Considerations
Since mines have harsh environmental conditions such as water, high humidity, extreme temperatures,
and vibrations, all equipment used in mines needs to be ruggedized. All wired and wireless access layer
devices need to be Class1, Div2 certified. If a device is not Class 1, Div2 certified, then the equipment
needs to be enclosed in a Class 1 Div2-certified enclosure.
Network Coverage Considerations

Wireless network coverage should be available at every location in the mine where an asset or tag can
reach. Considering that the underground mine is an open tunnel, a clear line of sight can be assumed
between the tags and the AP.

Design Guide 4-21
Site Survey Requirements

Many factors need to be considered before implementing a WLAN in a mining environment. The first
important step is to obtain detailed information about the location and existing network infrastructure,
and then to identify application and network requirements.
A successful WLAN implementation should consider requirements and characteristics of the mine.
Proper RF design and a comprehensive site survey are recommended for any WLAN installation. This
is especially true for a mining environment, which has uneven structures and corners, high possibility of
multi-path, and key requirements such as network resiliency and high availability.
Antenna Recommendation
Considering that wireless coverage should be available 360 degrees in the underground mine for the tags
and wireless clients to communicate, omni-directional antennas can be used in all APs.
Power Considerations
It is assumed that the underground mine has reliable power availability to connect all wired and wireless
access equipment. A standard power source such as 220/110VAC or 48/24DC is expected. Depending
on the power available, appropriate power adapters can be used to connect the devices.
Some of the end devices such as 1532 Access Points and video cameras can be Powered over Ethernet
(PoE). The access switches need to have a PoE/PoE+ provision to connect such devices.
Security Considerations
Disruptions in the network create the greatest impact to the safety and functioning of the production
facility and are the primary consideration in the Connected Mining architecture.
• Security needs to be considered at every part of the network. Various security considerations such
as authentication, authorization/access control, encryption, flood control/DOS attacks, rogue
detection, tamper proof, jamming detection, and disconnection are considered at each part of the
network and appropriate protection need to be configured.
• At the same time, security services must not compromise mining operations or pose a threat to the
availability of the network to the clients in the network. The operational overhead should be
minimal.
Security Considerations at End Devices or Clients

Tamper-proof tags should be used wherever applicable.
Security Considerations for Wireless Network

• In a Cisco wireless backhaul network, traffic can be bridged between MAPs and RAPs. This traffic
can be from wired devices that are being bridged by the wireless mesh or CAPWAP traffic from the
MAPs. This traffic is always AES encrypted when it crosses a wireless mesh link, such as a wireless
backhaul. The MAPs and root security are by default EAP-FAST.

4-22 Design Guide
• The bridged virtual interface (BVI) MAC address for all MAPs and possible failover APs that are
used in the mesh network should be added into the appropriate controller MAC filtering
authorization list. The controller only responds to discovery requests from MAPs that appear in its
authorization list. If the AP has a self-signed certificate (SSC) and has been added to the AP
Authorization List, the MAC address of the AP does not need to be added to the MAC Filtering List.
• All the CAPWAP control packets from the AP toward the controller are by default encrypted using
dynamic transport layer security (DTLS). However, DTLS for data traffic can also be enabled on an
as-needed basis, since enabling DTLS for data traffic affects system performance.
• MAC ACL in IE2K will be provided for all Exciters connected to the Ethernet port of AP.
• The recommended security encryption for all the wireless clients and WGBs associated with the AP
is WPA2-802.1x. An ACS server can be used for any of the EAP methods for authentication for all
wireless clients associated to AP.
Security Considerations at MSE

• On MSE, Adaptive Wireless Intrusion Prevention System (wIPS) can be enabled that provides rogue
detection and mitigation, over-the-air wireless hacking and threat detection, security vulnerability
monitoring, performance monitoring, and self-optimization. In case of MAP, 17 different WLC
standard signature attacks can be detected.
• Normally, rogue AP detection is not needed since rogue APs are not expected in a secure and
controlled environment such as an underground mine. However, if warranted, IDS and rogue
detection on MAPs can be enabled on WLC.
• All unused ports should be shut down.
Security Considerations at WLC

• Enabling DHCP proxy in WLC is strongly recommended. WLC in DHCP proxy mode serves as a
DHCP helper function to achieve better security and control over DHCP transaction between the
DHCP server and the wireless clients. DHCP bridging mode provides an option to make controller's
role in DHCP transaction entirely transparent to the wireless clients.
• DHCP Option 82 is configured in the WLC to contain the MAC address of the AP for SSID-1 DHCP
requests. DHCP server verifies this information before offering IP addresses.
• Client exclusion policies have to be enabled on WLC in order to exclude clients for the
condition-specified thresholds such as association and dissociation failures. P2P blocking has to be
enabled on a per-SSID basis.
Security Considerations at Wired Network

Wired network security considerations has three parts. Security considerations at wired access layer,
distribution layer and core layer. These are discussed in the following sections.

Design Guide 4-23
Security Considerations at Wired Access Layer
The security considerations at wired access layer are shown in Table 4-6.
Table 4-6 Wired Access Layer Security Considerations
Security Consideration Required Control

Only authorized devices should connect to 802.1x authentication for MV/PI fixed clients.
the access switches
MAB filtering/MAC ACL (for wired Exciters only).
Denial of Service - MAC address flooding Switch port-port security.
Device authentication and authorization 1. Terminal Access Controller Access Control System
to access the console to control the switch (TACACS) for device authentication.
2. Local user name and password for fail safe.
Filter untrusted DHCP messages Enable DHCP snooping on all operational ports.
Unauthorized access of unused ports Shut down unused ports.
Additional port security Enable BPDU Guard.
Multicast storm Multicast storm control: 30%.
Broadcast storm Broadcast storm control:
• Host-facing ports 20% and uplinks 30%
• Lower threshold: 10% and 20%
For a description of these switch security features, please refer to Configuring Port-Based Traffic
Control at the following URL:
• http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/12-2_55_s
e/configuration/guide/3750xscg/swtrafc.html
Security Considerations at Distribution Layer
All unused ports should be in shutdown state. DHCP snooping should be enabled on operational ports.
No direct client connections are allowed.
Security Considerations at Core Layer
The security considerations at core layer are the same as in the distribution layer.
Security Features at AeroScout Equipment
Security Features at AeroScout Location Engine Manager (LEM
The user authorization function can be used to restrict access to the Location Engine Manager (LEM)
only to the authorized users who can view and manipulate system settings. Allowed user operations can
be defined with this list. The connection between the LEM and the Engine Server can be secured by TLS.

4-24 Design Guide
Security Features at MobileView
User authentication and assignment of roles (privilege levels) can be done using the Lightweight
Directory Access Protocol (LDAP) server. The connection to the LDAP server can be secured using
secure LDAP. MD5 can be used to ensure integrity of the database connection. The SMTP server
connection can be encrypted using TLS encryption.
QoS Considerations
This section discusses end-to-end QoS considerations in the system. Voice, Video, and Internet Client
traffic types are considered in this section, although they are not scoped in Connected Mining 1.0.
QoS Considerations at End Devices or Clients

No specific consideration or compliance is mandatory for the end clients such as tags, Exciters, and
wireless clients. Wi-Fi Multimedia (WMM) compliant clients can communicate priority value for
different flows to AP: non-WMM clients cannot.
QoS Considerations at the Wireless Access Layer

This section discusses QoS considerations at the wireless access layer, including the traffic types, their
corresponding priority queues, and the required SSID configurations in the network. See Table 4-7.
Table 4-7 Traffic Types, Required Bandwidth, and Desired Priority at RAP plus Two Levels MAP
Number
of B/W Required Priority
Traffic Types at RAP Streams (Mbps) Queuing Description
RAP control traffic 1 0.1 Platinum Mapped by default
Tag traffic 500 0.5 Platinum Mapped by default
MAP control 3 0.1 Platinum Mapped by default
Voice 10 1 Platinum Voice DSCP value mapped
Video surveillance 1 6 Gold Voice DSCP value mapped
Exciter - Connected to AP 1 0.1 Silver Mapped by default

wired port (bridged traffic)
MV/PI and Internet client 1 2 Silver Mapped by SSID-1

(wireless)
MV/PI and Internet client 1 2 Silver Mapped by SSID-1
(WGB)
Traffic from clients -- 11.8
associated to RAP

Design Guide 4-25
Table 4-7 Traffic Types, Required Bandwidth, and Desired Priority at RAP plus Two Levels MAP
Number
of B/W Required Priority
Traffic Types at RAP Streams (Mbps) Queuing Description
MAP data received at RAP 2 23.6 As per Mapped by default
priority queue
at MAP
Total traffic from RAP + 2 35.4
connected MAPs
SSID-1 is manually configured with the Silver profile so that MP/PI clients connected to SSID-1, WGB,
and AP-bridged port will have priority equivalent to the Silver profile. AP Control Traffic and Tag Traffic
have platinum priority by default. Voice and Video traffic are treated with Platinum and Gold priority,
respectively, which is not in scope for the current release, but will be considered in the future.
Per-user bandwidth rate limiting is configured on the Silver profile in order to limit the bandwidth to up
to 2 Mbps for users connecting to SSID-1. Upstream rate limiting for the priority queues is not supported
on mesh mode APs. The WLC, however, can do upstream/downstream rate limiting on its ingress/egress
ports.
QoS Mapping at Wireless Access Layer

In a unified wireless deployment, QoS settings for the CAPWAP are configured on the WLC and pushed
down to the AP for consistency and ease of configuration. As per WMM, the following are the four
access categories (AC) for wireless traffic:
• AC_BK—Background
• AC_BE—Best Effort
• AC_VI—Video
• AC_VO—Voice
Table 4-8 shows the recommended mapping between DSCP, CoS, and WMM queues for different traffic
classes.
Table 4-8 Recommended Mapping
Traffic Type DSCP (Default) CoS Mapping1 WMM Queue (AC)2

Wireless Control traffic 48 6 AC_VO
Tag traffic 48 6 AC_VO
Voice 46 6 AC_VO
Video surveillance 34 5 AC_VI
MV and PI client 0 0 AC_BE
1
Internal DSCP-to-CoS mapping in the AP.
2
For the bridged port, priority queuing is not supported in Unified Wireless Release 8.0.

4-26 Design Guide
QoS Considerations at Wired Access Layer
Table 4-9 defines the traffic types, bandwidth, and QoS requirements for this system.
Table 4-9 Traffic Types, Bandwidth and QoS Requirements
Incoming Traffic Bandwidth

Incoming Traffic Type (Mbps)1 QoS Requirements
Network control, tag beacons 20 No policing
Voice 10 Low latency
Video 500 No policing
MobileView, PI clients, Exciter 200 Low packet loss
Internet clients -- Best effort
1
The traffic calculation is for 100 MV/PI clients, 100 to 125 video cameras, 20,000 tags, and 100 VoIP
calls.
The access layer and core layer switches support QoS at the ingress and egress queues. However, the
Connected Mining architecture and design does not specify ingress QoS for deployment; only egress
QoS is sufficient.
Egress QoS Design

With proper egress QoS, appropriate latency treatment and bandwidth allocation can be done for
different kinds of traffic. With no QoS, packets get dropped randomly from different streams. With QoS,
bandwidth and buffers are guaranteed as per the configuration. See Figure 4-20 on page 4-28.
The IE2K, 3750-X model switches support four egress queues (Q1 to Q4) per port. Of the four, Q1 is the
priority queue. The system SRR supports two modes: shared mode and shaped mode. In shaped mode.
a hard bandwidth limit exists. For egress QoS, we recommend shared mode. The proposed egress
queuing model and considerations are explained below:
• 1P3Q3T model (one priority, three normal queues, three thresholds).
• Q1 is configured as the priority queue. The priority queue is serviced in real time at the rate of
incoming bandwidth.
• The remaining bandwidth is distributed in WRR fashion among Q2, Q3, and Q4. This makes sure
unused bandwidth by a queue is made available to other queues.
• High priority traffic such as control traffic, tag traffic, and voice traffic are assigned to the priority
queue Q1. Only 10% of buffer space is allotted to priority queue, since the traffic of this queue is
processed at line rate. No buffering is expected.
• Video is assigned to Q2. Video traffic is sensitive to both delay and packet drops. Sufficient
bandwidth (500 Mbps) is allocated to support 100 to 125 cameras without any packet drop. Adding
more buffers doesn't help the situation, since delay will lead to higher jitter. Thus, nominal buffers
15% is configured for Q2.
• MV and PI traffic is assigned to Q3. Similarly, Internet traffic is assigned to Q4. Only 50% of the
buffers allocated to MV/PI clients and Internet clients are reserved for them. The rest is put in a
common pool, which both of them can use. However, we are setting the maximum threshold allowed
for these clients over their allocated buffers. Figure 4-21 on page 4-28 represents the reserved and
maximum buffers for MV/PI and Internet clients.
• We are not making use of the threshold levels, since we don't have traffic to be differentiated within
a queue.

Design Guide 4-27
For the wired clients connecting to the access switch, an 802.1x authentication access_accept msg will
be received and Cisco Auto SmartPort macro will be invoked, which will configure the switch port with
DSCP value. For clients such as Exciter that don’t support 802.1x, MAC Authentication Bypass (MAB)
is used and the same method as above is followed. The repository of MAC addresses is maintained at the
Cisco Access Control Server (ACS) server.
Table 4-10 captures the mappings of DSCP/CoS value, bandwidth, and buffer allocation to the individual
queue.
Table 4-10 Egress QoS for Access, Distribution, and Core Switches (IE2K/IE3K and 3750-X)
DSCP-to-Q CoS-to-Q BW Allocated Buffer Buffer Maximum

Traffic Type Map Map Q Name (Mbps) Allocated Reserved Threshold Queue
Network control 46, 48 6,7 Q1 Line rate 10% 100% 100% Queue 1
(Priority)
Tag beacons
Voice
Video 34 5 Q2 500 15% 100% 100% Queue 2
MobileView, PI 0 0 Q3 300 50% 50% 125% Queue 3
Clients, Exciter
Internet clients 18 1 Q4 200 25% 50% 200% Queue 4
Figure 4-20 Default Egress Queue Map Configuration
Q4
Q3
Egress Port
SRR
Q2
Q1
374321
Figure 4-21 Buffer Allocations for Q3 and Q4
75
Reserved 25 Max 62.5
MV Client Internet
374322
Max 50 Reserved 12.5

4-28 Design Guide
Downlink Traffic QoS Considerations at Wired Access Layer

Table 4-11 shows the downlink traffic QoS considerations at the wired access layer.
Table 4-11 Downlink Traffic QoS Considerations
Layer Egress QoS

Access switch No egress policy needed for access ports.
Ring network uplink and downlink policy must be the same since the ring can operate
in either direction.
Distribution Both uplink and ring are1G ports, thus blocking and QoS do not need to be applied.
switch
The same applies to both small and large mines.
WLC Per-user basis rate limiting to be applied (2Mbps per user MV/PI/Internet). This will
apply to all wireless users.
Data center DSCP marking to be done on access ports (Internet). This can be done based on
switch source IP or protocol.
QoS Considerations at Distribution Layer
QoS at the distribution layer is the same as for the wired access layer.
QoS Considerations at Core Layer
QoS at the core layer is the same as for the wired access layer.
QoS Considerations at Data Center
The data center is a non-blocking network. No specific QoS considerations exist at the data center. For
downlink QoS, refer to Table 4-11 above.
High Availability Considerations

Minimal downtime is critical and essential for the mining network because of the presence of real-time
applications such as location tracking, emergency reporting, and hazard monitoring.
Overall, as per the Connected Mining 1.0 requirement, the system should have a downtime or resiliency
time of less than a second. To ensure this, alternate paths at various levels, quick restoration, and high
availability are needed at every part of the network.
High Availability of End Devices or Clients

Typically, high availability is provided for infrastructure devices, not for end devices. However, high
availability for location tracking, which is a very critical resource, can be achieved by attaching multiple
tags to the resource. The firm can also ensure spare MV/PI clients and similar other end devices.
High Availability of Wireless Access Layer

For the wireless access layer:
• Overlapping coverage should exist and each location should be covered by multiple APs.

Design Guide 4-29
• To maintain high probability of delivery, the beacons from tags should reach more than one AP from
any given place at all times.
• More than one AP should broadcast the same SSID in a given area for the client to switch over
during AP failure.
• Adjacent RAPs should connect to different access switches to avoid the access switch being a SPOF
for covering an area.
• MAPs should have at least two neighbor RAPs in the vicinity that are connected to different access
switches. The neighbor RAPs should operate in different channels.
High Availability of Wired Access Layer

For the wired access layer:
• Redundancy should be available.
• Alternate paths to carry traffic should exist in case of failure of one leg of the network.
• Wherever practical, ring topology with Resilient Ethernet Protocol (REP) redundancy should be
considered as the first choice.
Please refer to the following URLs:
• Cisco Resilient Ethernet Protocol (white paper):
– http://www.cisco.com/c/dam/en/us/products/collateral/switches/me-3400-series-ethernet-access-
switches/prod_white_paper0900aecd806ec6fa.pdf
• Deploying the Resilient Ethernet Protocol (REP) in a Converged Plantwide Ethernet System
(CPwE) Design Guide:
– http://literature.rockwellautomation.com/idc/groups/literature/documents/td/enet-td005_-en-p.p
df
The Connected Mining 1.0 system uses REP rings as a segment protocol in the access layer, connecting
IE2K/3K in unique segment IDs. This provides a way to control network loops, handle link failures, and
improve convergence time.
• REP controls a group of ports connected in a segment, ensures that the segment does not create any
bridging loops, and responds to link failures within the segment.
• A REP segment is a chain of ports connected to each other and configured with a segment ID.
• One switch can have only two ports belonging to the same segment, and be part of multiple
segments.
• REP guarantees no connectivity exists between two edge ports on a segment.
• When all interfaces in the segment are UP, the alternate port is blocking.
• When a link or switch failure occurs on the segment, then the blocked port is forwarded.
The key benefits of considering the REP feature in the Connected Mining 1.0 system design are:
• Fast convergence times varying 50-250 ms.
• Allows multiple rings, identified by Segment IDs.
If ring is not practical, an Ether channel or port channel should be considered as the alternative. If the
mine has multiple branches, which cannot be covered with a single ring, a bus extension with port
channel should be considered. If the depth of the branch is more than a kilometer, subtended ring should
be considered.

4-30 Design Guide
High Availability of Distribution Layer

• To avoid SPOF, redundancy needs to be provisioned in distribution layer switches. As high
availability with warm standby having sub-second switchover times is needed, the distribution layer
switches are configured with homogeneous stacking mode.
• A stackable switch is a network switch that is fully functional operating standalone, but which can
also be set up to operate together with one or more other network switches. Stackable switches are
preferred in Connected Mining 1.0 because this group of switches shows the characteristics of a
single switch, but has the port capacity of the sum of the combined switches.
• Each REP ring's edge ports are connected to different switch stack members to give high availability
in terms of any switch member failures.
High Availability of Core Layer

• To avoid SPOF, redundancy need to be provisioned in core layer switches. High availability with
warm standby having sub-second switchover times is necessary.
• Core layer switches are configured with homogeneous stacking in order to achieve high availability.
• Distribution switches port channel uplinks are connected to different switch stack members to give
high availability in terms of any switch member failures.
High Availability of Data Center

• Network redundancy should be provided within the data center with multiple links; redundant power
supply and UPS is recommended for all data center equipment.
• Physical server redundancy needs to be provisioned for all virtual machines (VMs) running different
services (such as MSE, PI, LE, and MV) in the data center. The redundant VMs, WLCs, and other
servers should connect to different switches with in the data center.
• Vendor-specific best practice / recommendations need to be followed for deployment of AeroScout
Industrial control center equipment to achieve high availability and sub-second resiliency.
AeroScout DC Equipment Redundancy
Location Engine
High availability is deployed at the level of the VM. The VM environment is set to duplicate the machine
in case of a failure. In the event of a physical server failure, affected VMs are automatically restarted on
another production server with spare capacity. This production server will come up with the same IP
address. In the case of operating system failure, vSphere high availability restarts the affected VM on
the same physical server. At any given point, only a single virtual machine is up and a single Advanced
Encryption Standard (AES) is running. On an VMware ESX that uses cluster high availability, the
minimum requirement is 8 GB reserved RAM.
MobileView
MobileView high availability is provided at individual module levels—Gateway and Asset Manager.
• Gateway—To ensure high availability, install two gateways. The gateways are configured in active,
stand-by mode. The gateways that form the active-standby pair are defined as a group. When two
gateways are in a single group, both receive location data from the Location Engine, but only one
passes location reports to the Asset Manager server, ensuring the reception of location reports if at
least one gateway in the group is operational.

Design Guide 4-31
• Asset Manager—Asset Manager high availability involves two components: Location Report
Detector (LRD) and Web. To provide high availability, two Asset Managers are configured in
clustered mode. At any point, only one node will contain an active LRD, while the other node
remains passive. The passive node will be activated only when the active node fails to report. The
passive node’s data stays up-to-date because the passive nodes receive updates from all the domain
objects at the cache level (just as the active nodes do). This means that at all times the passive nodes
are synchronized with the active nodes, allowing users to be directed to either node.
Cisco Data Center Equipment Redundancy
Prime Infrastructure (PI)

Cisco Prime Infrastructure is delivered as a virtual appliance known as Open Virtualization Archive
(OVA) file. OVA files deploy a prepackaged VM along with an operating system.
The Cisco PI high availability implementation allows one primary Cisco PI server to failover to one
secondary (backup) Cisco PI server. A second server is required that has sufficient resources (CPU, hard
drive, and network connection) to take over Cisco PI operation if the primary Cisco PI system fails. In
Cisco PI, the only high availability configuration supported is 1:1—1 primary system, 1 secondary
system.
The size of the secondary server must be larger than or equal to that of the primary server; for example,
if the primary Cisco PI server is the medium OVA, then the secondary Cisco PI server must be the
medium or large OVA.
Mobility Service Engine (MSE)

MSE is a platform that is capable of running multiple related services. These services provide high-level
service functionality such as location-based services and WIPs. Therefore, consideration for high
availability is critical in maintaining the highest service confidence. In our Connected Mining solution,
we consider high availability only for MSE placed in the data center for base location services and WIPs.
With high availability enabled, every active MSE is backed up by another inactive instance. MSE high
availability introduces the health monitor in which it configures, manages, and monitors the high
availability setup. A heartbeat is maintained between the primary and secondary MSE. The health
monitor is responsible for setting up a database, file replication, and monitoring the application. When
the primary MSE fails and the secondary takes over, the virtual address of the primary MSE is switched
transparently.
Wireless LAN Controller (WLC)

The WLC high availability architecture is box-to-box redundancy. In other words, this is a 1:1 pairing
in which one WLC is in an active state and the other WLC is in a hot standby state, continuously
monitoring the health of the Active WLC using a redundant port.
The redundancy port is used for configuration, operational data synchronization, and role negotiation
between the primary and secondary controllers.
The redundancy port checks for peer reachability by sending User Datagram Protocol (UDP) keep-alive
messages every 100 milliseconds (default frequency) from the standby-hot controller to the active
controller. If the active controller fails, the redundancy port is used to notify the standby hot controller.

4-32 Design Guide
System Scalability Considerations

The proposed Connected Mining 1.0 system is scalable for different sizes of mines. The scalability
computation is shown in Table 4-12.
Table 4-12 Mine Size Classification
Small Mine Large Mine

(One mine location) (Up to 10 times small mine)
Equipment Size Traffic (Mbps) Equipment Size Traffic (Mbps)
Mine size in KM 5 50
Number of tags 10000 10 100000 100
Number of MV/PI/Internet clients 100 200 1000 2000
Number of voice connections (10% of tags) 100 10 1000 100
Number or video camera (one per 100 meters) 50 300 500 3000
Total traffic 520 5200
Backhaul concentration percentage 70 364 70 3640
Approximate BOM
Number of APs needed to cover 100% area in 50 500
underground mine (one AP per 100 meters)
Number of IE2K switches one per 400 meters 12 120
Number of REP rings 1 to 4 10
Number or 12 port 3750-X switches needed at 2 1 G uplink 2 per site
Distribution with StackWise configuration
Number of 12 or 24 port 3750-X switches needed 2
at Core configured in StackWise mode
Wireless Coverage Area Scalability

The APs are modular in nature. The wireless coverage area is scalable with additional APs to cover the
regions.
Wired Access Scalability

• If the underground mine to be covered has a single level/floor and is less than 5 KM, one ring with
12 access switches will suffice.
• If the tunnel size is greater than 5 KM, multiple concurrent fiber rings can be placed each with 12
access switches.
• If multiple floors exist, each floor can be covered with a separate ring. All rings terminate at the
edge distribution layer switch.

Design Guide 4-33
Distribution Layer Scalability

A single pair of distribution layer switches in stacked mode can support the required number of rings in
a small mine. However, if the mine has multiple independent mining areas, then it is recommended to
have a pair of distribution layer switches locally at the vicinity of each mine area refer to Table 4-12.
Core Layer Scalability

As discussed earlier, mines are classified into small and large mines. In small mines, core layer is not
needed. For large and distributed mines, three-layer architecture is recommended. A single pair of 12 or
24-port core layer switches can cater to the requirement of large mines, which are up to 10 times the
small mines refer to Table 4-12.
Data Center Scalability

WLC 5508 is provisioned to cater to up to 500 APs. Thus, a single WLC 5508 with a redundancy pair
has enough capacity to support a large mine. All other components of the data center run on VMs. The
VM requirements for various applications are discussed below.
Data Center Applications and Virtual Machine Requirements
Table 4-13 summarizes the VM requirements for various applications in the data center. These numbers
are taken based on the recommendations given in the installation and operation guide of respective
products.
Table 4-13 Various Data Center Applications and Their Virtual Machine Requirements
Virtual Machine Configuration

for Application Selection vCPU RAM (GB) Disk (GB) References
MSE Standard Virtual 8 16 500 Cisco Mobility Services Engine Data Sheet
Appliance (2500 AP,
http://www.cisco.com/c/en/us/products/collater
25000 tracked
al/wireless/mobility-services-engine/data_sheet
devices)
_c78-475378.html
Prime Custom express 8 16 600 Cisco Prime Infrastructure 2.0 Quick Start
(2500 AP, GUI Guide
clients 10)
http://www.cisco.com/c/en/us/td/docs/net_mgm
t/prime/infrastructure/2-0/quickstart/guide/cpi_
qsg.html#pgfId-43348
ACS Minimum 2 4 300 Installing ACS in a VMware Virtual Machine
Requirements
http://www.cisco.com/c/en/us/td/docs/net_mgm
t/cisco_secure_access_control_system/5-5/insta
llation/guide/csacs_book/csacs_vmware.html
AeroScout Minimum 2 8 100 ALE Deployment and Configuration Guide
Location Engine Requirements Version 5
AeroScout Engine Minimum 2 4 50 ALE Deployment and Configuration Guide
Manager Requirements Version 5

4-34 Design Guide
Table 4-13 Various Data Center Applications and Their Virtual Machine Requirements (continued)
Virtual Machine Configuration

for Application Selection vCPU RAM (GB) Disk (GB) References
MobileView: System profile: 4 8 500 MobileView Version 5 SP1 Deployment Guide
Database Large (7000 - 18000
tracked units, 25
concurrent users)
Server (Asset Large
Manager)

Gateway Large
Windows 2012 R2 2 8 200
(DHCP, DNS,
NTP, and so on)
Total 34 72 2150
Thus, 34 vCPUs, 72 GB RAM and 2.2 TB disk space is needed for all data center applications. With 1+1
redundancy, this requirement will be two times; that is, 68 vCPUs, 144 GB RAM and 4.4 TB disk space.
One UCS-C220M3 LFF box has (UCS-CPU-E52660B) 20 CPU cores, out of which two CPU cores are
reserved for the hypervisor. The remaining 18 CPU cores can be used by applications. Up to four SAS
drives with 1 TB (UCS-HDD1TI2F212) each are supported. With RAID5, three drives per box are
needed. Thus, per box, 2 TB disk space will be available. The above requirements, including redundancy,
can be met with four UCS-C220M3 LFF boxes. The applications can be scaled with additional VMs in
the future. The operating system to be used is Windows 2012. External SAN storage is not considered
for the current phase.
Network Management Considerations

Prime Infrastructure manages the wireless components (WLC, APs, and MSE). Cisco Prime will also
manage limited configuration management and performance monitoring functions for all wired
infrastructure such as access, distribution, core, and data center switches.
A separate management VLAN 70 is used to manage access, distribution, and core switches via console
or SSH by enabling necessary routing configurations.
For more details, refer to the Cisco Prime Infrastructure Deployment Guide:
• http://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/prime-infrastructure/g
uide-c07-731626.html

Design Guide 4-35
Future Readiness Evaluation for an Unified Enterprise and Control Network
Future Readiness Evaluation for an Unified Enterprise and

Control Network
In the current release of Connecting Mining, the end-to-end design and evaluation is done for Enterprise
traffic; however, a future readiness evaluation is done with basic sanity testing for a unified network.
Thus, the design details mentioned in this section are only for information purposes and do not apply for
implementing Connecting Mining 1.0.
To reap the complete benefits of Internet of Things (IoT, which is a converged IT and OT), a unified
network carrying the traffic of both control and OT is preferred. In the context of this document,
Enterprise traffic refers to current tags traffic, MV/PI client traffic, future voice, video, and Internet
traffic generated from the underground mine. In contrast, control traffic refers to traffic generated by the
OT equipment such as PLCs, SCADA systems, and other process automation and control systems.
However, to cater to this requirement, the network needs to satisfy a number of challenges and
requirements as described in this section.
Unified Network Requirements

Unified Network requirements include traffic segregation and QoS treatment for control traffic.
Traffic Segregation
It is important to segregate control and enterprise traffic end-to-end. This is needed from a security and
a QoS perspective. Segregating control traffic from enterprise traffic at the wireless access level at wired
backhaul transport and in the data center is preferred. Thus, contention is avoided and dedicated
bandwidth width is available for the control traffic at all times.
QoS Treatment for Control Traffic

High priority QoS treatment needs to be given for the control traffic. Apart from this, the system should
meet desired resiliency (sub-second convergence) and high availability requirements for control traffic.
Traffic Segregation at the Wireless Access Level

Both the AP models (1552H and 1532) selected for Connected Mining support 5GHz and 2.4GHz radio.
5GHz is the recommended radio for the backhaul connectivity between RAP and MAP. To avoid
contention between enterprise and control traffic, use 5GHz for backhaul traffic and access traffic and
dedicate 2.4GHz for control access traffic.
The APs can be divided into two AP groups: one comprising all RAPs and the other comprising all
MAPs.
To segregate association of control and enterprise clients, the RAPs AP group can broadcast two SSIDs:
Enterprise SSID on 5GHz and Control SSID on 2.4GHz. Enterprise clients will be associating using
Enterprise SSID over 5GHz and control clients will be associating using Control SSID over 2.4GHz.
AeroScout tags send multicast beacons over 2.4GHz. Thus, apart from control traffic, RAPs will receive
tag beacons on 2.4GHz. However, the bandwidth consumed by tag traffic is very low, causing minimal
contention for the control traffic.

4-36 Design Guide
In many deployment scenarios, the control clients will connect to WGB-1532 with a wired interface.
WGB associates to RAP using the Control SSID over 2.4GHz.
The MAP’s AP group will broadcast only Enterprise SSID over 5GHz. Control clients are restricted to
associate only to RAPs due to the convergence limitation of MAPs. To receive tag beacons, MAPs also
enable 2.4GHz on the access. However, no SSID is broadcasted on 2.4GHz at MAP.
Thus, enterprise client and tags can roam across RAPs and MAPs. Control clients are restricted to RAPs
only due to their stringent convergence time requirement.
Traffic Segregation at the Wired Access and Backhaul

All wireless control clients associate to the control SSID. The control SSID is mapped to VLAN 200.
Since a single CAPWAP is carried from AP to controller for all SSID traffic carried by the AP, both
control and enterprise traffic is carried over single CAPWAP from AP to controller. The controller uses
the SSID-VLAN to send the traffic on the DC network. Thus, control traffic will flow in VLAN 200 from
WLC to data center switch, whereas VLAN-40 is used for enterprise traffic.
The wired control clients that connect to IE2K/IE3K are configured with separate VLANs at the access
port (VLAN 950). The corresponding SVI is configured at the distribution switch. Distribution switch
routes all non-CAPWAP traffic to control network cloud. The data center switch switches all VLAN-200
and other traffic destined to the data center cloud on DC-Control-VLAN-910.
Traffic Segregation in Data Center

To avoid influence and disruption of the control network by enterprise network traffic and load, the data
center network and servers for the two are isolated. The data center network is isolated by separate
VLANs, as described in the previous section. The data center servers such as DHCP and ACS are also
separated. Dedicated separate servers are either physically separated or VMs are used for control
network and enterprise network applications. All access from the external world to the mine control zone
are guarded by a firewall. Figure 4-22 is a traffic flow diagram for a unified enterprise and control
network.

Design Guide 4-37
Figure 4-22 Traffic Flow in Unified Enterprise and Control Network
IDMZ
RAS/ACS
VPN
10
Location Engine MSE, Prime,
DHCP
–9
MobileView VSM
LWAPP VLAN –40, 50, 200
N
VLA
WLC
DHCP Helper Enterprise

VLAN –30
SVI – 30, 40, 50, 70, Stacked

200, 910 Cat 3750 -X Mine Control Zone

MV/PI/Internet client SVI – 10, 30, 41, 50, Cat 3750-X
SSID -1, VLAN 40 60, 70, 910, 950 5GHz
802.1x username Controller
SSID 1
LWAPP Exciter
IE2K IE2K
LWAPP VLAN – 41
802.1x username
2.4 GHz RAP
REP Ring: VLAN 10 Controller
LWAPP Hz 1
5G ID-
SS VLAN – 950
MAP LWAPP
MAP Exciter
VLAN – 60 Exciter
802.1x MAC addr
374323
Mining Zone
Control Traffic Resiliency Requirements

The time criticality of control network traffic has strict convergence time requirements of the order of
sub-seconds. As per the study done in Cisco Converged Plantwide Ethernet (CPwE), the convergence
time of wired backhaul (REP ring) is within 50ms to 150ms (tested with 24 switches and 3750). As per
the 8.0 controller version of software, RAPs have sub-second convergence time except when the
controller fails, where the convergence time can go up to 1 to 3 sec. Thus, overall network convergence
time for a control network remains sub-second when control clients connect directly to wired access
network (IE2K/IE3K) or when control network clients connected to RAP, with the exception of
controller failure.
The convergence time for first hop MAP is on the order of 20 sec and second hop MAP is on the order
of 40 sec. Due to this high convergence time, MAPs are not recommended to carry control traffic and
broadcast of Control SSID is limited to RAPs. Therefore, all areas that need coverage for control
network traffic are to be covered with RAPs.
Wireless High Availability for Control Traffic

Control traffic is supported only on RAP; therefore, for control traffic high availability, all RAP locations
should be covered with more than one RAP. Typically, since wired network backhaul is available in most
part of the tunnels, it is recommended to provide wireless coverage with RAPs. Exceptions include the
places where wired backhaul is not available within 250 meters. Refer to Table 4-3 on page 4-14.

4-38 Design Guide
Deployment Examples for Wired Backhaul
Bandwidth for Control Traffic

The wireless access for enterprise traffic and control traffic are segregated. The 2.4GHz radio is fully
dedicated for the control traffic with no contention from enterprise traffic except for tag traffic.
Considering that 500 tags is a peak tag concentration near an AP, the worst case tag traffic generated is
nearly 0.5Mbps (refer to Table 4-9 on page 4-27). Thus, the entire bandwidth of 802.11n (minus 0.5) at
the RAP is available for control traffic.
The RAP backhaul has 100Mbps, of which a maximum 35.4Mbps is used by enterprise traffic. The
remaining bandwidth is available for control traffic.
QoS Considerations for Control Traffic

Based on the application, the control traffic can have different priority streams. This version of the
document assumes that four different priorities of control traffic exist. See Table 4-14 and Table 4-15.
Table 4-14 Control Traffic QoS Classification at RAP
Traffic Type (Generic Name Used) DSCP (Default) CoS Mapping1 WMM Queue (AC)2
Platinum rated 48 6 AC_VO
Gold rated 46 5 AC_VI
Silver rated 34 3 AC_BE
Bronze rated 0 0 AC_BK
1
Internal DSCP-to-CoS mapping in the AP.
2
For the bridged port, priority queuing is not supported in Unified Wireless release 8.0.
Table 4-15 Control Traffic CoS Classification at IE2K
Traffic Type (Generic Name Used) CoS Queue Name Queue

Platinum rated 6,7 Q1 Queue 1 (Priority)
Gold rated 46 Q2 Queue 2
Silver rated 34 Q3 Queue 3
Bronze rated 0 Q4 Queue 4

This section describes deployment examples for wired backhaul.
Deployment Example 1
Figure 4-23 shows the wired backhaul connectivity in a multi-floor mine having vertical and horizontal
shafts. Each floor is covered with a horizontal shaft. Multiple tunnels in the same floor join at the
horizontal shaft. The mine is covered with one main ring per floor and multiple subtended rings, one per
tunnel as depicted. Main rings are 1Gbps terminating at the distribution switch and subtended rings are
of 100Mbps terminating at IE2K/IE3K switches. Wireless access is provided across the mine by RAPs
and MAPs connected to the wired backhaul, which is not shown.

Design Guide 4-39
Figure 4-23 Multi-Floor Underground Mine Covered with Main and Subtended Ring
1 G bps
100 Mbps
1 Gbps
100 Mbps
100 Mbps
<300m wireless
coverage
>300m extend wired
network, no service
disruption during
extension
374324
Figure 4-24 shows the wired backhaul connectivity in a multi-floor mine. Here each floor is covered with
a ring terminating at the distribution switch. The end of the tunnel, where active digging is in progress,
is covered with wireless MAPs. Wherever wired backhaul is available in the vicinity wireless access is
provided with RAP. The wireless coverage is not shown.
Figure 4-24 Multifloor Underground Mine Existing Tunnel Covered with Wired Backhaul and
Active Mining Area Covered with Wireless
< 300m
Wireless
> 300m
Wired
< 300m wireless coverage Current

>300m extend wired network, no Wireless Extension
service disruption during extension Wired Extension

4-40 Design Guide
System Design Constraints and Limitations
Figure 4-25 shows the wired backhaul connectivity in a multi-floor mine. Here a main shaft connects to
multiple tunnels. The main shaft is covered with a wired ring. Short tunnels are covered with a wireless
mesh and wired subtended rings are used to cover long tunnels. Wireless access points connect to access
switches connected on the main ring or on the subtended ring.
Figure 4-25 Short Tunnels Covered with Wireless and Long Tunnels Covered with Subtended Ring
and Wireless
100 Mbps
1 G bps
100 Mbps
< 300m
wireless
374326

This section includes system design constraints and limitations.
Wireless Bandwidth Limitations

Since all the RAPs are connected to a Fast Ethernet port of IE2K, traffic beyond 100Mbps can't be sent
from the individual port to which RAP is connected. Hence, backhaul capacity and throughput degrades
at every hop level. The subtended rings are connected with 100Mbps ports with the primary ring due to
insufficient 1Gbps ports.
These limitations can be overcome in the future by means of IE4K, which will have up to 16 Gbps access
ports and 4 Gbps uplinks.

Design Guide 4-41
Mesh Access Point Limitations

MAPs do not support stateful WLC high availability failover, so that with any WLC failover, all MAPs
will re-establish the CAPWAP tunnel with standby WLC. All associated clients will be deconnected and
re-associated. While configuring WiPS, MAPs can detect only 17 standard signature attacks.
Wireless Mesh Convergence Limitations

If deploying access points in mesh/bridge mode, a mesh convergence of at least 20 seconds occurs at
each hop in case of any mesh formation failures.

4-42 Design Guide
A P P E N D I X A
References
• Cisco UCS C220 M3 Rack Server Data Sheet:

http://www.cisco.com/c/en/us/products/collateral/servers-unified-computing/ucs-c220-m3-rack-ser
ver/data_sheet_c78-700626.html
• Cisco Prime Infrastructure 2.0 Quick Start Guide:
http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/2-0/quickstart/guide/cpi_qsg
.html#pgfId-43348
• Cisco UCS C220 M3 High-Density Rack Server (Large Form Factor Hard Disk Drive Model)
Specification Sheet:
http://www.cisco.com/c/dam/en/us/products/collateral/servers-unified-computing/ucs-c-series-rac
k-servers/C220M3_LFF_SpecSheet.pdf
• Cisco Wireless Mesh Access Points, Design and Deployment Guide, Release 8.0:
http://www.cisco.com/c/en/us/td/docs/wireless/technology/mesh/80/design/guide/mesh80.html
• Cisco Prime Infrastructure Configuration Guide, Release 2.1:
http://www.cisco.com/en/US/docs/wireless/prime_infrastructure/1.2/configuration/guide/wst.html
• MSE Software Release 8.0 Virtual Appliance Configuration and Deployment Guide:
http://www.cisco.com/c/en/us/td/docs/wireless/mse/8-0/MSE_CMX/8_0_MSE_CAS.htmlD

Design Guide A-1
A P P E N D I X B
Subsystem Product Comparison
This appendix shows a comparison of the AeroScout Industrial tags (Table B-1) and then compares the
same tags relative to use cases (Table B-2).
Table B-1 AeroScout Industrial Tags Comparison Chart
T2 Tags T3 Tags T5a Tags T6 Tags

Description Asset and people Asset and people Sensor tags GPS tags (GPS
tracking tracking (temperature and and wi-fi for
humidity large outdoor
monitoring environments)
solutions)
Form Factor 62mm x 40mm x 74mm x 50mm x 62mm x 40mm x 100mmx80mmx
17mm (2.44" x 10 mm (2.91in x 17mm (2.4in x
55mm(3.9"x3.1"
1.57" x .67") 1.97in x 0.39in) 1.6in x 0.7in)
x
2.2")
Weight 35g (1.2oz) ? 35g (1.2oz) to
137g (4.8oz)
Motion Sensor Yes Yes Yes
Battery Life Static 4 Years 4 Years 4 Years
3.75 years
(transmission
every 5 minutes)
3 years
(transmission
every 1 minute)
2.33 years
(transmission
every 30 seconds)
Range Outdoor 200m (650 ft) 200m (650 ft) 200m (650 ft)
Indoor 80m (260 ft) 80m (260 ft) 80m (260 ft)

Design Guide B-1
Appendix B Subsystem Product Comparison
Table B-1 AeroScout Industrial Tags Comparison Chart (continued)
T2 Tags T3 Tags T5a Tags T6 Tags

Suitability Underground Yes Yes Yes No
Open pit Yes Yes Yes Yes
Transmission Power Up to +19dBm, +19dBm +19dBm Up to +19dBm,

(~81mW) (~81mW)
~81mW ~81mW
Enclosure IP67, IP68 rated IP65 (advanced
enclosure. durability,
water-resistance,
Water resistant, to
and can withstand
withstand
significant
significant
physical shocks
physical shocks
and drops)
and drops
RADIO 802.11b/g (2.4 802.11b/g (2.4 802.11b/g (2.4 802.11b/g (2.4
GHz), RFID low GHz), RFID low GHz), RFID low GHz)
frequency receiver frequency frequency
(125kHz) receiver (125kHz) receiver (125kHz)
Clear Channel Assessment Yes Yes
Transmission Interval Range 128ms to 3.5hrs 128ms to 3.5hrs 1sec to 3.5hrs
Remote Firmware Upgrade (Infrared Yes
Programmability)
Number of Call Buttons 2 0 0
Telemetry Mileage, fuel or Fuel gauge, Mileage,
pressure mileage, or pressure or fuel
measurements, on pressure level
board temperature measurements
sensor
Serial Interface for Data Telemetry Yes Yes Yes
Interface
Tamper Proof Yes
Storage 10 messages of 10 Yes
bytes each
Programmability Pre-Programmed Pre-Programmed
by Tag Manager or by Tag Manager
AeroScout exciter or AeroScout
exciter
Number of LED Indication 3 2 (emergency
reporting, parts
replenishment, or
triggering alarms)
Choke Point Detection Yes Yes
Flexible Mounting Option Yes Yes

Design Guide B-2
Appendix B Subsystem Product Comparison
Table B-2 AeroScout Industrial Tags Comparison Chart
Applicable Use Cases T2 Tags T3 Tags T5 Tags T6 Tags

People tracking Indoor Yes Yes No No
Outdoor Yes Yes No No
Asset tracking Indoor Yes Yes Yes Yes
Outdoor Yes Yes Yes Yes
Motion sensor Yes Yes Yes Yes
Temperature sensor No No Yes No
GPS No No No Yes
Ignition sensor No No Yes No

B-3 Design Guide
GLOSSARY
A
AC access category
ACS Cisco Access Control Server
AEM AeroScout Engine Manager
AES Advanced Encryption Standard
ALE AeroScout Location Engine
AP access point
AWAPP Adaptive Wireless Path Protocol
B
BPDU bridge protocol data unit
BVI bridged virtual interface
C
CAPWAP Control and Provisioning of Wireless Access Points
CAS Context Aware Service
CCX Cisco Compatible Extensions
D
DTLS dynamic transport layer security

Design Guide GL-1
Glossary
I
IDS Intrusion Detection System
IPAM IP Address Management
L
LAP Cisco Aironet Lightweight APs
LDAP Lightweight Directory Access Protocol
LEM AeroScout Location Engine Manager
LWAPP Lightweight Access Point Protocol
M
MAP mesh access point
MSE Mobility Service Engine
N
NMSP Network Mobility Services Protocol
O
OVA Open Virtualization Archive
P
PI Cisco Prime Infrastructure
PoE Power over Ethernet
R
RAP root access point
REP Resilient Ethernet Protocol

GL-2 Design Guide
Glossary
S
SSC self-signed certificate
SVI switched virtual interfaces
T
TACACS Terminal Access Controller Access Control System
T
TACACS Terminal Access Controller Access Control System
U
UDP User Datagram Protocol
V
VCI Vendor Class Identifier
VM virtual machine
VMDC Virtualized Multiservice Data Center
W
WGB Workgroup Bridge
wIPS wireless Intrusion Prevention Sysetm
WLC Wireless LAN Controller
WFF Wi-Fi Multimedia

Design Guide GL-3

Connected Mining 1.0 Design Guide

Încărcat de

Informații document

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Connected Mining 1.0 Design Guide

Încărcat de

Drepturi de autor:

Formate disponibile

Connected Mining 1.

Building Architectures to Solve Business Problems

Connected Mining 1.0 Design Guide

© 2015 Cisco Systems, Inc. All rights reserved.

ii Connected Mining 1.0 Design Guide

CHAPTER 1 Introduction 1-1

CHAPTER 2 Use Cases 2-1

Unified Asset Visibility 2-1

Fleet Management 2-1

Miner Safety 2-2

Telemetry Data from RFID Tags 2-2

Availability of Mine-Wide Location Information 2-2

CHAPTER 3 System Overview 3-1

End Devices and Clients 3-2

Core Network Layer 3-4

Data Center Layer 3-4

Connected Mining 1.0

CHAPTER 4 System Design 4-1

End-to-End System Design 4-1

Services Flow 4-8

Connected Mining 1.0

Security Features at AeroScout Equipment 4-24

Connected Mining 1.0

APPENDIX A References A-1

APPENDIX B Subsystem Product Comparison B-1

Connected Mining 1.0

Connected Mining 1.0

Unified Asset Visibility

Connected Mining 1.0

Telemetry Data from RFID Tags

Availability of Mine-Wide Location Information

Connected Mining 1.0

Figure 3-1 Zones in Connected Mine Architecture

• Call Manager, etc. Si Si Application Optimization

Web DNS FTP Outside Enterprise Zone

IE2K IE2K IE2K IE2K

SSID1 WGB MAP SSID1 WGB MAP

Connected Mining 1.0

End Devices and Clients

AeroScout Industrial Tags

Cisco Prime Clients

Wireless Access Layer

Connected Mining 1.0

Wireless Access Points

Wired Access Layer

Connected Mining 1.0

Core Network Layer

Data Center Layer

Wireless LAN Controller (WLC)

Mobility Service Engine (MSE)

Prime Infrastructure (PI)

Connected Mining 1.0

Access Control Server (ACS)

AeroScout Location Engine (ALE)

AeroScout Engine Manager (AEM)

Connected Mining 1.0

Device Model/Description Version

Model Version and Description

Connected Mining 1.0

Connected Mining 1.0

End-to-End System Design

Connected Mining 1.0

Figure 4-1 End-to-End System Architecture

AeroScout Location Engine