wireless update - cisco.com · controller ewm license pid list price ... bug fixes, cco posting)...
TRANSCRIPT
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 1
Wireless update
Hans Donnerborg, [email protected]
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 2
Agenda
Cisco Mobility Services EngineContext Aware Solution
Indoor Access Points
Controllers
WCS Features
Security Features
1250 Powering options
Roadmap
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 3
Cisco Unified Wireless NetworkArchitecture Overview
Cisco Wireless Control System (WCS)
VoiceLocation & RFID
Guest
Security
Mobility Services
Cisco Wireless LAN Controller
Client Devices
Cisco Aironet Lightweight
Access Point
SSC
Switch/RoutedNetwork
• Seamless Mobility for WLAN Services
• Dynamic RF Management
• Centralized Management
• Planning and troubleshooting tools
• Easy to use GUI
• Security Management (IDS/IPS)
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 4
Cisco Mobility Services Engine
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 5
Cisco Mobility Services Engine Unifying the Mobility Network
Unified Wireless Network Controllers
Net
wor
k A
cces
sD
evic
eM
obili
ty S
ervi
ces
SiSi
Ethernet Cellular/WiMAX Wi-Fi Zigbee UWB RFID
Mobility Services Engine
App
licat
ions Physical Access
control
Device Mgmt/Troubleshoot
Secure ClientConnectivity
Conferencing
Presence
Messaging
Assembly LineMonitoring
TelemetryAlerting
Inventory Management ERP
CRMSCM
MiddlewareMiddleware
Open APIOpen API
Cisco Compatible Cisco Compatible -- Unified Mobility ClientUnified Mobility Client
Context Aware Adaptive Wireless IPS
Open Source ProtocolsOpen Source Protocols
Secure Client Manager
Mobile Intelligent Roaming
New!
VoiceSpectrum
IntelligenceGuest
Access
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 6
Allows Transport and Applicationsto evolve independently
Abstraction layer with CAPWAP/NMSP
Accelerate development and deployment of customized solutions
Eco-system of Application Partners
Introducing A Practical Approach Centralized, Scalable Mobility Services
Unified API enabling Enterprise 3.0 applications
Services and Applications Platform
Ease of deployment and efficientallocation of CapEx
Common Framework for Multiple Services
3300 Series Mobility Services Engine
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 7
Open Mobility Services Architecture
Centralize Mobility Services to ScaleCentralize Mobility Services to Scale
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 8
Cisco 3350 Series Mobility Services Engine
Appliance based platform that delivers a suite of mobility services software, integrates with WLAN Controller and Cisco WCS
Cisco 3350 Series Mobility Services Engine
Appliance based platform
Mix of hardware andsoftware
Extensible for existingand future software
Integrates with the WLAN Controller
Support for WCS for device and services management
SCALE
PER
FOR
MAN
CE
MSE 3350
3350 Model
FCS: July 2008
List Price: $19,995
Specifications:Dual quad core processors
8GB RAM
137GB storage
Hot swappable pwr supplies & disk; 1RU
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 9
Mobility Services Engine Modules
Mobile Intelligent Mobile Intelligent RoamingRoaming
Sustain mobility Sustain mobility applications applications
across public across public and private and private
wireless wireless networksnetworks
Consistent Mobile Consistent Mobile Business Experience Business Experience
Adaptive Wireless Adaptive Wireless IPSIPS
Advanced Advanced intrusion intrusion
prevention prevention solutionsolution
Enhanced IDS Enhanced IDS Signatures, ReportingSignatures, Reporting
Context AwareContext Aware
Use contextual Use contextual information such information such as location and as location and
telemetry to telemetry to optimize optimize business business
processesprocesses
WiWi--Fi Chokepoint, Fi Chokepoint, Sensoring, Passive Sensoring, Passive
RFIDRFID
Secure Client Secure Client ManagerManager
Centralized Centralized device/client device/client management management
and provisioningand provisioning
Central Client Central Client Configuration and Configuration and
Provisioning EngineProvisioning Engine
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 10
Cisco Context Aware Solution
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 11
SiSi
Cisco Wireless Control System
Cisco Access Point
Cisco Wireless LAN Controller
Wi-Fi devices
Cisco Mobility Services Engine
CCX tags
Tag and D
evicesN
etwork
Application and M
anagement
Chokepoint 125 kHz
CCX tags
Wi-Fi TDoA Receiver
System Manager
Context Aware Engine for tags
Context Aware Engine for
clients
Context Aware Software
Wi-Fi TDoA Receiver with a bridge
CCX tags
AeroScout AeroScout HW on Cisco price list:•Wi-Fi TDOA receivers •Chokepoints
AeroScout SW on Cisco price list:•Context Aware Engine for Tags
Both AeroScout SW and HWAre managed by AeroScout System Manager – Free client SW provided by Aeroscout
Items not on Cisco Price List•Tags•MobileView
Cisco Context Aware Mobility Solution How it works
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 12
Context Aware Engine
for ClientsContext Aware
Software
Cisco 3350 Mobility Services Engine
HW List: $19,995
SW License – List Price
$6,000
$11,000
$19,000
Unit = Tags
$55,000
$28,000
$15,0003000 units
6000 units
12000 units
$6,000
A la carte & Pay as you grow Licensing model
Context Aware Engine
for Tags
Unit = Clients
Cisco Context Aware Mobility Solution Licensing Model
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 13
Indoor only2,500 tags and clientsRSSI onlyIndustry’s 1st Location Solution Integrated into the WLAN infrastructureMainly position for locationOpen APIWCS Management
Cisco 2700 Series Wireless Location
Appliance
Cisco Context Aware Mobility Solution Why moving from 2710 to MSE
Indoor, Outdoor, High ceilings18,000 tags and clientsRSSI and TDOAMainly position for context awareOpen APIWCS ManagementRobust architecture for adding other technologies (UWB, Passive)Shared platform for other mobility services (incl. future)
Cisco 3300 Series Mobility Services Engine
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 14
Indoor Access points
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 15
Enterprise Wireless Mesh LicensingNew Direction: Controller-wide EWM license - Any AP connected to the controller can be configured as Mesh APEWM license is priced based on maximum AP count on the controller: same price points for 2112 / 4402-12 or 2125 / 4402-25Orderable TODAY; License enforced in 5.2
Controller EWM License PID List Price2106 AIR-AP-LIC-M-6 $500 2112 AIR-AP-LIC-M-12 $750 2125 AIR-AP-LIC-M-25 $1,500
WLCM-25 AIR-AP-LIC-M-25 $1,500 WLCM-50 AIR-AP-LIC-M-50 $2,500 4402-12 AIR-AP-LIC-M-12 $750 4402-25 AIR-AP-LIC-M-25 $1,500 4402-50 AIR-AP-LIC-M-50 $2,500
4404-100 AIR-AP-LIC-M-100 $4,000 WISM-300 AIR-AP-LIC-M-300 $12,000
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 16
New Antenna Overview2.4 GHz/ 5 GHz dual band antenna:
Aesthetically pleasingIndoor dual band APsAIR-ANT2451V-R= 3 dBi in 2.4 GHz, 3.5 dBi in 5 GHzAvailable in 5.1
2.4 GHz sector antenna:Indoor, outdoor AP usage RP-TNC connector with plenum rated cable5dBi sector antenna with 135 degree radiation patternAIR-ANT2450S-R= Sector Antenna in 5.2
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 18
Controller Product Portfolio
Cisco WiSM
# of APs100251- 4 12 50
Cisco 3750G
3006
Cisco 4402 Cisco 4402 Cisco 4404
Cisco 3750G
Cisco 2106
WLCM-E12
Cisco 4402
H-R
EAP
Per
form
ance
& S
cale
WLCM-E6 WLCM-E25
Cisco 2112 Cisco 2125New Products
New
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 19
Controller Product Positioning Cisco 2100 Series & WLCM vs. 4400 Series
Basic Secure CoverageRetail, Small/Medium Branch
Flagship Performance and Scale
Campus/Regional, Enterprise
ApplicationsScanner, Transaction Data, VoiceLimited Mobility and Multicast
250 clients6 - 25 Access PointsFast Ethernet & generic CPU802.11n support for Reliability & PredictabilityPCI Security SupportTable Top/Integrated form factorExternal Power brick for 2100
• Advanced ApplicationsVoice, Video, Data IntensiveMobility, Multicast and Location
• 5000 clients• 12 - 100 Access Points• 2 – 4 Gig ports & Network Processor Unit• 802.11n support for Performance,
Reliability & Predictability• PCI Security Support • Rack Mountable• Redundant Power Supply• FIPS Certified
Cisco 2100 Series WLCM
Cisco 4400 Series
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 20
Wireless SW Release Plan
FCSMD Release
D
EDRelease
E
FCSEDRelease
F
EDRelease
G
FCSMD Release
H
~3 years total – FCS to EoSW Maint(no more maintenance, bug fixes, CCO posting)
4.210/07
6.001/09
5.002/08
5.105/08
5.209/08
02/08 05/08 08/08 12/08 05/09 12/09
04/09 07/09 10/09 02/10 08/10 02/11
MR106/08
09/08
01/09
FCS
FCS
EoS AP1xxxLast supported
release is 4.2 –2 yrsEoSWM for AP1xxx
05/10
08/12
05/11
Pull from CCO
Pull from CCO
MR7MR2 MR3 MR4 MR5 MR6MR1
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 22
Cisco Unified Wireless Network Software Release 5.1
• Real-time summary of security vulnerabilities
Mobility Services
• Increased efficiencies in location calculation
Infrastructure
• AP failover priority provides more granular control for IT
• Cisco WCS Virtual Domains for enhanced access control
• Audit WLAN controller configurations
• Gather, track and report key information for client devices
• Roaming across 72 controllers
Security Services
Location Services
New Product Introduction
High Availability
Ease-of-Use and Operations
Increased Scalability
• Supports retail and branches with 6, 12, or 25 APs
Cisco 2100 series and WLCM
Cisco Mobility Services Engine• Open platform that enables
industry mobility services
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 23
Indoor AP Features for Release 5.1Feature Description Benefit
RRM support for 802.11n 40- MHz channels
RRM channel planning takes into consideration 40-MHz channels
Optimized performance for 802.11n
RRM dashboard in Cisco WCS
Provide simple, relevant feedback to users about RF environment performance
Ease of troubleshooting & operation of wireless networks
Cisco Spectrum Intelligence solution using Cisco Spectrum Expert Sensor Wi-Fi 210C
Detect, classify, and find sources of RF interference using next generation spectrum analysis engine
Faster interference detection with reduced host CPU load
AP failover priority Allows network managers to configure join priorities for lightweight APs in the event of a controller failover.
More granular control in configuring HA for WLAN
AP1250 with 1 or 2 antennas per radio
Support for varied deployment scenarios e.g., workgroup bridging, conventional a/b/g mode, and reduced 802.11n throughput mode
Lower cost of deployment
New dipole antennas support in Cisco WCS
5 GHz, 3.5dBi : AIR-ANT5135DW-R, AIR- ANT5135DG-R
2.4GHz, 2.2dBi : AIR-ANT2422DW-R, AIR- ANT2422DB-R, AIR-ANT2422DG-R
Expanded antenna choice for customers
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 24
RRM Support for 40 MHz
40-MHz channels can be configured automatically using Cisco WCS or Controller - only applies to 5-GHz radios
40-MHz channels can still be statically configured on 2.4-GHz radios
Improves 802.11n network performance
20-MHz
20-MHz40-MHzGained
Space
40-MHz = 2 aggregated 20-MHz channels
Takes advantage of the reserved channel space through bonding to gain more than double the data rate of 2 20-MHz channels
Available 40MHz Channels
No DFS Support
DFS Support
4 11
2
1 3 5 7 9 11
4 6 8 10
5GHz 40MHz Channels
Aironet 1250DFS and Available Bandwidth
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 25
Cisco WCS RRM Dashboard
New graphical interface in Cisco WCS for RRMFeaturesAPs with most channel changes APs running at maximum powerAPs with coverage hole eventsTop channel change reasonsRRM related configuration
mismatches across all controllers in RF Group
BenefitsSimplified troubleshooting of
RRM-related events
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 26
Getting to the RRM DashboardFound under “Monitor” Main Menu
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 27
RRM Dashboard – Main Screen (1 of 3)
Quick Snapshot of the Network, and the reasons behind a certain event, such as, channel changes
Visibility into RF Groups!
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 28
RRM Dashboard – Main Screen (2 of 3)
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 29
RRM Dashboard – APs at Max Power
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 30
RRM Dashboard – APs with most Channel Changes
“Sort Order”, with multi- sort
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 31
RRM Dashboard – APs Reporting Coverage Holes
Perhaps there’s not enough coverage in these areas if the same AP is seen here often, or reports multiple events in a short span
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 32
AP1250 with < 3 Antennas per Radio
AP1250 with 1 or 2 antennas per radioSupport for varied deployment scenarios Workgroup bridgingDirectional antennaConventional a/b/g modeReduced 802.11n throughput
mode
Available in Unified (LWAPP) and Standalone versions
Aironet 1250
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 33
Cisco Unified Wireless Network Release 5.1
Controller Features
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 34
Increased Scalability
Mobility Group - mobile-9
Roaming Client Device
FeatureRoaming is supported across 72 controllers
BenefitExpand the mobility space where users can roam across 72 controllers
Mobility Group – mobile-10 Mobility Group – mobile-11
mcast group
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 35
AP Failover Priority
FeaturesAssign priorities to APs: Critical, High, Medium, LowCritical priority APs get precedence over all other APs when joining a controllerIn a failover situation, a higher priority AP will be allowed in ahead of all other APsIf controller is full, existing lower priority APs will be dropped to accommodate higher priority APs
BenefitsEnsures 24/7 coverage for mission critical areasProvides flexibility to prioritize in the event that an AP loses access to a controller
AP Priority: Critical
AP Priority: Medium
Controller
Critical AP fails over
Medium priorityAP dropped
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 36
AP Join Priority
Central Backup Wireless LAN
Controller
Central Cisco Secure Access Control Server (ACS)
Remote Wireless LAN Controller
Branch Office #3 Mobility Group 3
Branch Office #4 Mobility Group 4
Remote Wireless LAN Controller
AP Priority – Critical (4)
Branch Office #2Mobility Group 2
Remote Wireless LAN Controller
WAN
AP Priority – High (3) AP Priority – High (3) AP Priority – Critical (4)
Branch Office #1Mobility Group 1
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 37
Feature Description
When a primary WLC goes down, backup WLC gets the Discovery and Join request from multiple AP’s and might drop some requests
Currently (till 5.0 release) the controller responds first come first served
In the 5.1 release, Access Points can be configured with Join Priorities
1 – Low priority
2 – Medium
3 – High
4 – Critical
The default value will be 1.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 38
Global AP Failover PriorityEnable Global AP Failover Priority on the controller
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 39
AP Join Priority
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 40
High Availability
FeatureAP & client down time is reduced by:
Improved failure detection with faster timers
Better AP DHCP process by reusing same IP address
Enhanced AP discovery process
BenefitThis feature results in higher availability
Help to maintain data and voice sessions
Ensure consistent end-user experience
Beneficial for industries such as Financial services, Healthcare, etc.
ControllerFailover
APFailover
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 41
Feature Description
In current wireless network deployment, when a controller goes down, it takes long time for all APs and the associated clients to move to a backup controller and wireless service to resume
In release (5.0), following areas are enhanced1) Failure detection techniques, so that a failure can be
detected within 4 seconds by introducing fast timers2) AP DHCP process by avoiding the re-starting of DHCP
process whenever AP loses connection to the home controller
3) AP discovery process by shortening the delay in discovery process by modifying the “AP Fallback” feature and the existing primary discovery mechanism for AP failover
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 42
New Fast Heartbeat Request / Response
To reduce the controller failure detection time, new heartbeatshave been added between WLC and AP with smaller timeout values
In addition to the option of configuring Primary / Secondary / Tertiary WLC on the AP side. A new configuration on the WLC is introduced to set up primary and/or secondary backup controller(s)
If there is no primary/secondary/tertiary WLCs are configured on the AP side and primary backup controller and/or secondary backup controller are configured on the controller side (downloaded to AP), primary backup controller and/or secondary backup controller are added to the Primary Discovery Request message recipient list of AP
The existing Primary Discovery mechanism is enhanced to have AP maintaining “backup controller” list
The result of each Primary Discovery Response is used to maintain “backup controller” list
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 43
Timers Added in WLC GUIBackup Primary and Secondary controller information can now be updated from the GUI
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 44
Cisco Unified Wireless Network Release 5.1
WCS Features
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 45
Cisco WCS virtual domains
PCI Compliance Assistance Reporting
Green initiative
Configuration auditing
Cisco WCS integration with Cisco Secure Access Control Server (ACS) View Server 4.0
Template scheduling and status
Detailed client report
Ease of use enhancements: Client Reports
Ease of use enhancements: Templates
Cisco WCS – 5.1 Software Release Features
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 46
Cisco WCS Virtual DomainsFeature
Allows individual IT administrators to manage the segments of the wireless network under their responsibility
Grouped by hierarchical domainsPartition by access points, wireless
LAN controllers or mapsRestrict users to discrete infrastructure
components, service entities or geographic regions.
Infrastructure components include: controllers, lightweight access points, standalone (autonomous) access points, configuration templates, rogue access points, rogue adhocs, summary page, events, reports, alarms, tags, clients, and choke points.
Service entities include: guest access and location serversGeographic regions include: maps, buildings, floors, and
campus areas
BenefitsEnhanced access control. Limit access to only wireless network segments under an individual’s responsibilityService providers can easily manage multiple customer WLANs from a single Cisco WCS platform.
New York
Detroit
Entire US Network
Eastern Region
Central Region
IT Manager #2 IT Manager #3
One Cisco WCS
Platform
IT Manager #1 (Root Domain)
New JerseyChicago Milwaukee
Boston
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 47
Cisco WCS Virtual Domains
Hierarchical Domains
Selected users have access to individual domains
Top (root) user has complete access to all domains
Standard Cisco WCS features for all domains
Distributed Controller Deployment
Dedicated Controller per virtual domain
Configuration and monitoring of WLC allowed at individual domain level
Centralized Controller DeploymentShared Controller (e.g.: WISM, 44xx) across multiple virtual domains
Only monitoring views for particular domain; configuration of shared WLC at topmost domain
AP 1
Controller 1Controller
2Controller 3
AP 3
AP 6
AP 5
AP 11 AP 12
AP 10
MarketingPurchasing
Engineering
Virtual Domains - Organization Name
Bldg 1
Remote Site #1 Bldg 4
Campus A Campus C
Virtual Domains - Geographic Regions
Remote Site #2
Bldg 3
Bldg 2
Bldg 5
Bldg 6Bldg 8
Blgd10
Bldg 9Bldg 7
Campus B
AP 7
AP 8
AP 9AP 2 AP 4
Root Domain
Root Domain
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 48
Setting Up Cisco WCS Virtual Domains
Step #1: Create Virtual Domain Step #2: Assign Virtual Domains to Users
• Create/edit/delete virtual domains
• Export protocol-specific data into AAA server
• Click on “Users” (left-hand menu)
• Specify which Virtual Domains user can access
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 49
PCI Compliance Assistance ReportFeatures
Payment Card Industry (PCI) report generation
Interpretation of wireless PCI requirements for the Unified Wireless Network
Accumulates data needed for PCI Assessment easing administrative tasks
Reports on wireless network
WCS scans for configurations and settings across the wireless network
BenefitsProvides assistance necessary to complete a PCI Assessment for the wireless network
Reduces time required to analyze settings and create manual reporting
Report generation per partition
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 50
Green InitiativeFeature
Improved power management of Cisco Aironet access points to support the Cisco Green initiative.
Cisco access points can be turned on or off periodically at scheduled intervals to save power
Benefits
Reduce power costs by turning access points on or off periodically at scheduled intervals
Manage network security or restrict WLAN usage
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 51
Configuration AuditingFeature
Supports auditing the configuration of each wireless LAN controller to confirm that it’s running configuration is identical to the configuration listed in Cisco WCS database.
Implementation levels: controller, mobility group or network
Configuration templates need to be created and applied to a set of controllers before adding the templates to the configuration audit set
BenefitImprovement of configuration audit feature to allow organizations to more easily audit their controller configurations
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 52
Cisco WCS Integration with Cisco Secure Access Control Server (ACS) View Server 4.0
FeatureCisco WCS client troubleshooting tool integrates with Cisco Secure ACS View Server 4.0
Provide aggregated client status information from multiple Cisco ACS Servers
Poll Cisco Secure ACS View Server on- demand
Determine if client issues are related to authentication and potential reason for authentication failures
New tab on client troubleshooting tool
Benefit
Easily troubleshoot client problems associated with client authentication failures with Cisco Secure ACS View Server
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 53
Template Scheduling and Status
FeaturesTasks can be scheduled to be applied at a future day/time:
Access point template
Configuration groups templates
Information provided about scheduled tasks for templates:
Summary page of scheduled tasks
History of the success or failure status of scheduled tasks for up 31 days
BenefitReduce operational costs by using Cisco WCS to automate controller provisioning and software management at anytime-without manual intervention
All scheduling is done according to the Cisco WCS machine’s time clock.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 54
Detailed Client Report
FeaturesNew report added called “Detailed Client Report”
Customizable report fields
Client statistics (MAC, AP associated, Tx/Rx throughout, RSSI, CCX, SNR, etc)
Generate report based on variety of criteria such as floor area, controllers, access point, and SSID
BenefitEasily gather, track and report on key information about client devices on the network
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 55
Ease of Use Enhancements Client Reports
FeaturesNew ease-of-use enhancements for Client Association Report
Customization of column order and display is added to the Client Association Report
Client details page now has interactive charts that are customizable to view client statistics including bytes sent/received, SNR and RSSI
BenefitCustomize Cisco WCS to meet organizational needs and simplify network operations
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 56
FeaturesReuse and apply templates to one or all wireless LAN controllers
New templates are uniquely identifiable by user supplied template name
Controller in a config group can be part of multiple config groups
Association between a configuration group and mobility group is now optional
Prompts when deleting template to indicate if it should be removed from controllers and Cisco WCS
BenefitManage controller configurations more easily and accurately
Ease of Use Enhancements Templates
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 57
Cisco Unified Wireless Network Release 5.1
Security Features
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 58
Wireless Security Features
1 Wireless Security Vulnerability Assessment
Wireless Security Vulnerability Assessment2 Rogue Switch-Port Tracing and Disable
3 Re-Designed WCS Security Dashboard4 AP Wired Port Authentication with 802.1X5 PCI Assessment and Reporting6 NAC Out-of-Band Support
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 59
Automated Wireless Security Vulnerability Assessment
• Provides network-wide security health summary
• Proactively monitors entire wireless network • WLCs, APs and • management interfaces
• Identifies vulnerabilities in: • Encryption• User/network auth• Threat mitigation• Management
• Reduces configuration errors by recommending optimal security settings
• Increases awareness of potential security issues•
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 60
Re-Designed “At-a-Glance” WCS Security Dashboard
Graphically-oriented “at-a-glance” security posture and state
Dynamically generates view of only current alarms
Click to drill down to any level of reported event
Single view for wireless security events
– MFP alarms and errors– Grouping by attack types
Reduces time required by administrator to determine status and respond to alarms
Dynamic Security Index• Provides automated,
persistent vulnerability assessment
• Summarizes top issues for easy status update
Dynamic Event Population
• Only shows current alarms
• Grouped by attack type
Cisco Wired IPS Events• Shows wireless client
abuse of wired network
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 61
Rogue Switch-Port Tracing and Disable
Uses WCS to identify location of a rogue AP on the wired network and disables the port
Uses CDP trace and OUI rules
Integrated into the existing rogue detection and containment workflow and reporting in WCS
Tracing “on-demand” by operator
Operate across all Catalyst switches: 6500, 4500, 3750, 3560, and 2900
Reduces time and resources spent searching for rogue access points
Can be used to disable rogue APsin remote locations
Protects the wired and wireless network from attacks
Rogue AP
WCS
Switched Network
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 62
Switchport Tracing – Configuration (detail)Step 1
–Click on Monitor Alarms
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 63
Step 2- Verify the Managed access point detecting the rogue- Verify SSID of Rogue Access point- Verify Rogue Access point Vendor type- Verify for Rogue Clients
Switchport Tracing – Configuration (detail)
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 64
Switchport Tracing – Configuration (detail)Step 3
– View rogue client details
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 65
Step 4
Trace Switch Port details
Switchport Tracing – Configuration (detail)
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 66
Switchport Tracing – Configuration (detail)Step 5
– Verify Shut Switch Port
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 67
AP Wired Port Authentication with 802.1X
User Identity BasedNetwork Access
Campus Network
AuthorizedUsers/Devices
UnauthorizedUsers/Devices
AAA/DHCPAuthenticates any wireless access point plugged into a wired portAP presents 802.1X authentication to join the wired networkAny AP without credentials is denied access to the wired or wireless networkProactively eliminates rogue APs on the wired networkFacilitates secure AP provisioning
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 68
Feature Description
Currently the Cisco Aironet Access Points cannot be connected switch port where 802.1x authentication is enabled
With 5.1 release of controller code, Cisco Aironet AP’s can be connected to a IEEE 802.1x enabled port
The AP will act like a 802.1x supplicant and do dot1x authentication with the switch
All modes of LWAPP will be supported like Local, HREAP, Monitor & Sniffer. There will be no support for the Bridge mode of LWAPP
802.1x is supported in access port only, so if HREAP AP is connected to a trunk port, 802.1x on AP will not work
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 69
802.1x on AP Supported Platforms
802.1x on AP will be supported on the following WLC Platforms
Cisco 4400 Series Wireless LAN Controllers Cisco 2000 Series Wireless LAN Controllers Cisco Catalyst 6500 Series Wireless Services Module (WiSM) Cisco Catalyst 3750G Integrated Wireless LAN Controller Cisco Wireless LAN Controller Module
802.1x on AP will be supported on following Access Points Cisco Aironet 1250Cisco Aironet 1240Cisco Aironet 1130
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 70
System Flow for AP (LOCAL/HREAP connected Mode)
Assuming that the LWAPP AP has been enabled for Dot1x Authentication and its credentials configured
1. LWAPP AP boots up2. Once the Ethernet port is UP, the switch initiates sending
EAP-IDReq to the AP3. AP may also start with EAPOL-START.4. AP and SW exchanges EAPOL pkts.5. If AuthFAILURE, the AP will go back to (3) and retry6. Upon SUCCESS, the SW will open up the port7. Once port is opened for normal data flow, AP starts DHCP,
LWAPP process like any other normal LWAPP AP would do, to JOIN the Controller etc
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 71
WLC Configconfig ap dot1xuser add username <user> password <passwd> all
config ap dot1xuser add username <user> password <passwd> <APName>
config ap dot1xuser delete <APName>
config ap dot1xuser disable <all>
Config dot1xuser disable <AP-Name>
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 72
Over-ride Global Config
AP Configlwapp ap dot1x username <username> password <password>
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 73
Cisco Wireless Control System PCI Compliance Assistance Reporting
Payment Card Industry (PCI) report generation
– Interpretation of PCI wireless requirements
– Makes WCS the PCI expert so WLAN admins don’t have to be
WCS scans for configurations and settings across the wireless network
Provides guidance necessary to complete a PCI Assessment for the wireless network
Reduces time required to analyze settings and create manual reporting
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 74
NAC Out-of-Band SupportNAC
Appliance
Cat6K
LWA
PP
AAA/DHCP
AP
Intranet
DNSRemediation
Server
FeaturesNo longer requires all WLAN traffic to route through the NAC Appliance
Can be used upon authentication for posture assessment and remediation
Will poll devices to determine policy and configuration status
Supported in NAC Appliance version 4.5
BenefitsOffers flexibility in design
Lowers capital expense, especially for branch office deployments
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 75
Cisco Aironet 1250 Series Power Options
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 77
Wired-Wireless Migration
2-StepMigration
Direct Migration
802.3af 10/100 Switch
802.11a/b/gDeployment
802.3af 10/100 Switch
Limited Performance802.11n Deployment
• Limited functionality and performance
ePoE GigE Switch
Full Performance802.11n Deployment
• Maximum wired & wireless functionality and performance
• Low TCO vs power injectors
RECOMMENDEDRECOMMENDED
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 79
Enhanced PoE (ePoE)Delivers higher power than 802.3af (Class 3, 15.4W) but lower than 20 Watts per port
This is not draft 802.3at/POE+ (Standard is still being baked)High power mode is negotiated via CDP between the switch and the APSupported on Catalyst E-series switches and Catalyst 6500 line cards
Operation when AP1250 is plugged into a Cisco switchAP1250 boots up as a class 3 device with radios disabledSwitch and AP auto-negotiate a higher power level using CDP
Switch informs the AP what power level it is capable of providingAP1250 chooses the appropriate mode of operation
If the switch cannot provide the required power then radios remain offWhen powered with a non-Cisco standard PoE switch source AP1250 will operate under 15.4W
-Even if the non-Cisco switch is able to provide higher power AP1250 will not operate in enhanced PoE mode.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 80
AP1250 Dual Radio Powering Options
Power Mode 802.3af Cisco Enhanced PoEMax Power at
PSE15.4 W 16.8-20 W
# of radios supported
1 or 2 2
MIMO Mode (Tx x Rx)
1 radio: 2x32 radios: 1x31
2x3
Dual radio Limitations1
No MCS 8-15 data rates in 2.4 & 5GHz (maximum PHY data-rate 157.5 Mbps/radio)
1:1 replacement of legacy APs2 ensures maximum performance and functionality. (Max PHY data-rate 300 Mbps per radio)
Catalyst Switch Support
Any 802.3af switch 3560E, 3750-E4500E: X4648-E, X4648+E6500: X6148 / X6148A / X6548
1 Limitations are only applicable to dual radio configurations. In single radio configurations, full capabilities are available for all power options.
2 If AP density is lower than one AP per 5,000 sq feet (data only) OR one AP per 3,000 sq feet (for voice, location); then additional power source may be needed
A Power Injector and Power Supply are also available as powering options
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 81
Controller UI for powering options
• Medium(15.4W)
• Medium(16.8W) and
• High(20.0W)
Command Use
show power inline Shows Maximum power configured per port, power drawn up by the device on the port
Power inline port max 20000
Power inline auto" or "Power inline static"
Commands needed to get this feature working on the C3750/C4K