wireless update - cisco.com · controller ewm license pid list price ... bug fixes, cco posting)...

© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 1

Wireless update

Hans Donnerborg, [email protected]


Agenda

Cisco Mobility Services EngineContext Aware Solution

Indoor Access Points

Controllers

WCS Features

Security Features

1250 Powering options

Roadmap


Cisco Unified Wireless NetworkArchitecture Overview

Cisco Wireless Control System (WCS)

VoiceLocation & RFID

Guest

Security

Mobility Services

Cisco Wireless LAN Controller

Client Devices

Cisco Aironet Lightweight

Access Point

SSC

Switch/RoutedNetwork

• Seamless Mobility for WLAN Services

• Dynamic RF Management

• Centralized Management

• Planning and troubleshooting tools

• Easy to use GUI

• Security Management (IDS/IPS)


Cisco Mobility Services Engine


Cisco Mobility Services Engine Unifying the Mobility Network

Unified Wireless Network Controllers

Net

wor

k A

cces

sD

evic

eM

obili

ty S

ervi

ces

SiSi

Ethernet Cellular/WiMAX Wi-Fi Zigbee UWB RFID

Mobility Services Engine

App

licat

ions Physical Access

control

Device Mgmt/Troubleshoot

Secure ClientConnectivity

Conferencing

Presence

Messaging

Assembly LineMonitoring

TelemetryAlerting

Inventory Management ERP

CRMSCM

MiddlewareMiddleware

Open APIOpen API

Cisco Compatible Cisco Compatible -- Unified Mobility ClientUnified Mobility Client

Context Aware Adaptive Wireless IPS

Open Source ProtocolsOpen Source Protocols

Secure Client Manager

Mobile Intelligent Roaming

New!

VoiceSpectrum

IntelligenceGuest

Access

http://www.sap.com/index.epx

http://www.sap.com/index.epx


Allows Transport and Applicationsto evolve independently

Abstraction layer with CAPWAP/NMSP

Accelerate development and deployment of customized solutions

Eco-system of Application Partners

Introducing A Practical Approach Centralized, Scalable Mobility Services

Unified API enabling Enterprise 3.0 applications

Services and Applications Platform

Ease of deployment and efficientallocation of CapEx

Common Framework for Multiple Services

3300 Series Mobility Services Engine


Open Mobility Services Architecture

Centralize Mobility Services to ScaleCentralize Mobility Services to Scale


Cisco 3350 Series Mobility Services Engine

Appliance based platform that delivers a suite of mobility services software, integrates with WLAN Controller and Cisco WCS


Appliance based platform

Mix of hardware andsoftware

Extensible for existingand future software

Integrates with the WLAN Controller

Support for WCS for device and services management

SCALE

PER

FOR

MAN

CE

MSE 3350

3350 Model

FCS: July 2008

List Price: $19,995

Specifications:Dual quad core processors

8GB RAM

137GB storage

Hot swappable pwr supplies & disk; 1RU


Mobility Services Engine Modules

Mobile Intelligent Mobile Intelligent RoamingRoaming

Sustain mobility Sustain mobility applications applications

across public across public and private and private

wireless wireless networksnetworks

Consistent Mobile Consistent Mobile Business Experience Business Experience

Adaptive Wireless Adaptive Wireless IPSIPS

Advanced Advanced intrusion intrusion

prevention prevention solutionsolution

Enhanced IDS Enhanced IDS Signatures, ReportingSignatures, Reporting

Context AwareContext Aware

Use contextual Use contextual information such information such as location and as location and

telemetry to telemetry to optimize optimize business business

processesprocesses

WiWi--Fi Chokepoint, Fi Chokepoint, Sensoring, Passive Sensoring, Passive

RFIDRFID

Secure Client Secure Client ManagerManager

Centralized Centralized device/client device/client management management

and provisioningand provisioning

Central Client Central Client Configuration and Configuration and

Provisioning EngineProvisioning Engine


Cisco Context Aware Solution


SiSi

Cisco Wireless Control System

Cisco Access Point

Cisco Wireless LAN Controller

Wi-Fi devices

Cisco Mobility Services Engine

CCX tags

Tag and D

evicesN

etwork

Application and M

anagement

Chokepoint 125 kHz

CCX tags

Wi-Fi TDoA Receiver

System Manager

Context Aware Engine for tags

Context Aware Engine for

clients

Context Aware Software

Wi-Fi TDoA Receiver with a bridge

CCX tags

AeroScout AeroScout HW on Cisco price list:•Wi-Fi TDOA receivers •Chokepoints

AeroScout SW on Cisco price list:•Context Aware Engine for Tags

Both AeroScout SW and HWAre managed by AeroScout System Manager – Free client SW provided by Aeroscout

Items not on Cisco Price List•Tags•MobileView

Cisco Context Aware Mobility Solution How it works


Context Aware Engine

for ClientsContext Aware

Software

Cisco 3350 Mobility Services Engine

HW List: $19,995

SW License – List Price

$6,000

$11,000

$19,000

Unit = Tags

$55,000

$28,000

$15,0003000 units

6000 units

12000 units

$6,000

A la carte & Pay as you grow Licensing model

Context Aware Engine

for Tags

Unit = Clients

Cisco Context Aware Mobility Solution Licensing Model


Indoor only2,500 tags and clientsRSSI onlyIndustry’s 1st Location Solution Integrated into the WLAN infrastructureMainly position for locationOpen APIWCS Management

Cisco 2700 Series Wireless Location

Appliance

Cisco Context Aware Mobility Solution Why moving from 2710 to MSE

Indoor, Outdoor, High ceilings18,000 tags and clientsRSSI and TDOAMainly position for context awareOpen APIWCS ManagementRobust architecture for adding other technologies (UWB, Passive)Shared platform for other mobility services (incl. future)



Indoor Access points


Enterprise Wireless Mesh LicensingNew Direction: Controller-wide EWM license - Any AP connected to the controller can be configured as Mesh APEWM license is priced based on maximum AP count on the controller: same price points for 2112 / 4402-12 or 2125 / 4402-25Orderable TODAY; License enforced in 5.2

Controller EWM License PID List Price2106 AIR-AP-LIC-M-6 $500 2112 AIR-AP-LIC-M-12 $750 2125 AIR-AP-LIC-M-25 $1,500

WLCM-25 AIR-AP-LIC-M-25 $1,500 WLCM-50 AIR-AP-LIC-M-50 $2,500 4402-12 AIR-AP-LIC-M-12 $750 4402-25 AIR-AP-LIC-M-25 $1,500 4402-50 AIR-AP-LIC-M-50 $2,500

4404-100 AIR-AP-LIC-M-100 $4,000 WISM-300 AIR-AP-LIC-M-300 $12,000


New Antenna Overview2.4 GHz/ 5 GHz dual band antenna:

Aesthetically pleasingIndoor dual band APsAIR-ANT2451V-R= 3 dBi in 2.4 GHz, 3.5 dBi in 5 GHzAvailable in 5.1

2.4 GHz sector antenna:Indoor, outdoor AP usage RP-TNC connector with plenum rated cable5dBi sector antenna with 135 degree radiation patternAIR-ANT2450S-R= Sector Antenna in 5.2


Controllers


Controller Product Portfolio

Cisco WiSM

# of APs100251- 4 12 50

Cisco 3750G

3006

Cisco 4402 Cisco 4402 Cisco 4404

Cisco 3750G

Cisco 2106

WLCM-E12

Cisco 4402

H-R

EAP

Per

form

ance

& S

cale

WLCM-E6 WLCM-E25

Cisco 2112 Cisco 2125New Products

New


Controller Product Positioning Cisco 2100 Series & WLCM vs. 4400 Series

Basic Secure CoverageRetail, Small/Medium Branch

Flagship Performance and Scale

Campus/Regional, Enterprise

ApplicationsScanner, Transaction Data, VoiceLimited Mobility and Multicast

250 clients6 - 25 Access PointsFast Ethernet & generic CPU802.11n support for Reliability & PredictabilityPCI Security SupportTable Top/Integrated form factorExternal Power brick for 2100

• Advanced ApplicationsVoice, Video, Data IntensiveMobility, Multicast and Location

• 5000 clients• 12 - 100 Access Points• 2 – 4 Gig ports & Network Processor Unit• 802.11n support for Performance,

Reliability & Predictability• PCI Security Support • Rack Mountable• Redundant Power Supply• FIPS Certified

Cisco 2100 Series WLCM

Cisco 4400 Series


Wireless SW Release Plan

FCSMD Release

D

EDRelease

E

FCSEDRelease

F

EDRelease

G

FCSMD Release

H

~3 years total – FCS to EoSW Maint(no more maintenance, bug fixes, CCO posting)

4.210/07

6.001/09

5.002/08

5.105/08

5.209/08

02/08 05/08 08/08 12/08 05/09 12/09

04/09 07/09 10/09 02/10 08/10 02/11

MR106/08

09/08

01/09

FCS

FCS

EoS AP1xxxLast supported

release is 4.2 –2 yrsEoSWM for AP1xxx

05/10

08/12

05/11

Pull from CCO

Pull from CCO

MR7MR2 MR3 MR4 MR5 MR6MR1


5.1 Software


Cisco Unified Wireless Network Software Release 5.1

• Real-time summary of security vulnerabilities

Mobility Services

• Increased efficiencies in location calculation

Infrastructure

• AP failover priority provides more granular control for IT

• Cisco WCS Virtual Domains for enhanced access control

• Audit WLAN controller configurations

• Gather, track and report key information for client devices

• Roaming across 72 controllers

Security Services

Location Services

New Product Introduction

High Availability

Ease-of-Use and Operations

Increased Scalability

• Supports retail and branches with 6, 12, or 25 APs

Cisco 2100 series and WLCM

Cisco Mobility Services Engine• Open platform that enables

industry mobility services


Indoor AP Features for Release 5.1Feature Description Benefit

RRM support for 802.11n 40- MHz channels

RRM channel planning takes into consideration 40-MHz channels

Optimized performance for 802.11n

RRM dashboard in Cisco WCS

Provide simple, relevant feedback to users about RF environment performance

Ease of troubleshooting & operation of wireless networks

Cisco Spectrum Intelligence solution using Cisco Spectrum Expert Sensor Wi-Fi 210C

Detect, classify, and find sources of RF interference using next generation spectrum analysis engine

Faster interference detection with reduced host CPU load

AP failover priority Allows network managers to configure join priorities for lightweight APs in the event of a controller failover.

More granular control in configuring HA for WLAN

AP1250 with 1 or 2 antennas per radio

Support for varied deployment scenarios e.g., workgroup bridging, conventional a/b/g mode, and reduced 802.11n throughput mode

Lower cost of deployment

New dipole antennas support in Cisco WCS

5 GHz, 3.5dBi : AIR-ANT5135DW-R, AIR- ANT5135DG-R

2.4GHz, 2.2dBi : AIR-ANT2422DW-R, AIR- ANT2422DB-R, AIR-ANT2422DG-R

Expanded antenna choice for customers


RRM Support for 40 MHz

40-MHz channels can be configured automatically using Cisco WCS or Controller - only applies to 5-GHz radios

40-MHz channels can still be statically configured on 2.4-GHz radios

Improves 802.11n network performance

20-MHz

20-MHz40-MHzGained

Space

40-MHz = 2 aggregated 20-MHz channels

Takes advantage of the reserved channel space through bonding to gain more than double the data rate of 2 20-MHz channels

Available 40MHz Channels

No DFS Support

DFS Support

4 11

2

1 3 5 7 9 11

4 6 8 10

5GHz 40MHz Channels

Aironet 1250DFS and Available Bandwidth


Cisco WCS RRM Dashboard

New graphical interface in Cisco WCS for RRMFeaturesAPs with most channel changes APs running at maximum powerAPs with coverage hole eventsTop channel change reasonsRRM related configuration

mismatches across all controllers in RF Group

BenefitsSimplified troubleshooting of

RRM-related events


Getting to the RRM DashboardFound under “Monitor” Main Menu


RRM Dashboard – Main Screen (1 of 3)

Quick Snapshot of the Network, and the reasons behind a certain event, such as, channel changes

Visibility into RF Groups!


RRM Dashboard – Main Screen (2 of 3)


RRM Dashboard – APs at Max Power


RRM Dashboard – APs with most Channel Changes

“Sort Order”, with multi- sort


RRM Dashboard – APs Reporting Coverage Holes

Perhaps there’s not enough coverage in these areas if the same AP is seen here often, or reports multiple events in a short span


AP1250 with < 3 Antennas per Radio

AP1250 with 1 or 2 antennas per radioSupport for varied deployment scenarios Workgroup bridgingDirectional antennaConventional a/b/g modeReduced 802.11n throughput

mode

Available in Unified (LWAPP) and Standalone versions

Aironet 1250


Cisco Unified Wireless Network Release 5.1

Controller Features


Increased Scalability

Mobility Group - mobile-9

Roaming Client Device

FeatureRoaming is supported across 72 controllers

BenefitExpand the mobility space where users can roam across 72 controllers

Mobility Group – mobile-10 Mobility Group – mobile-11

mcast group


AP Failover Priority

FeaturesAssign priorities to APs: Critical, High, Medium, LowCritical priority APs get precedence over all other APs when joining a controllerIn a failover situation, a higher priority AP will be allowed in ahead of all other APsIf controller is full, existing lower priority APs will be dropped to accommodate higher priority APs

BenefitsEnsures 24/7 coverage for mission critical areasProvides flexibility to prioritize in the event that an AP loses access to a controller

AP Priority: Critical

AP Priority: Medium

Controller

Critical AP fails over

Medium priorityAP dropped


AP Join Priority

Central Backup Wireless LAN

Controller

Central Cisco Secure Access Control Server (ACS)

Remote Wireless LAN Controller

Branch Office #3 Mobility Group 3

Branch Office #4 Mobility Group 4


AP Priority – Critical (4)

Branch Office #2Mobility Group 2


WAN

AP Priority – High (3) AP Priority – High (3) AP Priority – Critical (4)

Branch Office #1Mobility Group 1


Feature Description

When a primary WLC goes down, backup WLC gets the Discovery and Join request from multiple AP’s and might drop some requests

Currently (till 5.0 release) the controller responds first come first served

In the 5.1 release, Access Points can be configured with Join Priorities

1 – Low priority

2 – Medium

3 – High

4 – Critical

The default value will be 1.


Global AP Failover PriorityEnable Global AP Failover Priority on the controller


AP Join Priority


High Availability

FeatureAP & client down time is reduced by:

Improved failure detection with faster timers

Better AP DHCP process by reusing same IP address

Enhanced AP discovery process

BenefitThis feature results in higher availability

Help to maintain data and voice sessions

Ensure consistent end-user experience

Beneficial for industries such as Financial services, Healthcare, etc.

ControllerFailover

APFailover


Feature Description

In current wireless network deployment, when a controller goes down, it takes long time for all APs and the associated clients to move to a backup controller and wireless service to resume

In release (5.0), following areas are enhanced1) Failure detection techniques, so that a failure can be

detected within 4 seconds by introducing fast timers2) AP DHCP process by avoiding the re-starting of DHCP

process whenever AP loses connection to the home controller

3) AP discovery process by shortening the delay in discovery process by modifying the “AP Fallback” feature and the existing primary discovery mechanism for AP failover


New Fast Heartbeat Request / Response

To reduce the controller failure detection time, new heartbeatshave been added between WLC and AP with smaller timeout values

In addition to the option of configuring Primary / Secondary / Tertiary WLC on the AP side. A new configuration on the WLC is introduced to set up primary and/or secondary backup controller(s)

If there is no primary/secondary/tertiary WLCs are configured on the AP side and primary backup controller and/or secondary backup controller are configured on the controller side (downloaded to AP), primary backup controller and/or secondary backup controller are added to the Primary Discovery Request message recipient list of AP

The existing Primary Discovery mechanism is enhanced to have AP maintaining “backup controller” list

The result of each Primary Discovery Response is used to maintain “backup controller” list


Timers Added in WLC GUIBackup Primary and Secondary controller information can now be updated from the GUI



WCS Features


Cisco WCS virtual domains

PCI Compliance Assistance Reporting

Green initiative

Configuration auditing

Cisco WCS integration with Cisco Secure Access Control Server (ACS) View Server 4.0

Template scheduling and status

Detailed client report

Ease of use enhancements: Client Reports

Ease of use enhancements: Templates

Cisco WCS – 5.1 Software Release Features


Cisco WCS Virtual DomainsFeature

Allows individual IT administrators to manage the segments of the wireless network under their responsibility

Grouped by hierarchical domainsPartition by access points, wireless

LAN controllers or mapsRestrict users to discrete infrastructure

components, service entities or geographic regions.

Infrastructure components include: controllers, lightweight access points, standalone (autonomous) access points, configuration templates, rogue access points, rogue adhocs, summary page, events, reports, alarms, tags, clients, and choke points.

Service entities include: guest access and location serversGeographic regions include: maps, buildings, floors, and

campus areas

BenefitsEnhanced access control. Limit access to only wireless network segments under an individual’s responsibilityService providers can easily manage multiple customer WLANs from a single Cisco WCS platform.

New York

Detroit

Entire US Network

Eastern Region

Central Region

IT Manager #2 IT Manager #3

One Cisco WCS

Platform

IT Manager #1 (Root Domain)

New JerseyChicago Milwaukee

Boston


Cisco WCS Virtual Domains

Hierarchical Domains

Selected users have access to individual domains

Top (root) user has complete access to all domains

Standard Cisco WCS features for all domains

Distributed Controller Deployment

Dedicated Controller per virtual domain

Configuration and monitoring of WLC allowed at individual domain level

Centralized Controller DeploymentShared Controller (e.g.: WISM, 44xx) across multiple virtual domains

Only monitoring views for particular domain; configuration of shared WLC at topmost domain

AP 1

Controller 1Controller

2Controller 3

AP 3

AP 6

AP 5

AP 11 AP 12

AP 10

MarketingPurchasing

Engineering

Virtual Domains - Organization Name

Bldg 1

Remote Site #1 Bldg 4

Campus A Campus C

Virtual Domains - Geographic Regions

Remote Site #2

Bldg 3

Bldg 2

Bldg 5

Bldg 6Bldg 8

Blgd10

Bldg 9Bldg 7

Campus B

AP 7

AP 8

AP 9AP 2 AP 4

Root Domain

Root Domain


Setting Up Cisco WCS Virtual Domains

Step #1: Create Virtual Domain Step #2: Assign Virtual Domains to Users

• Create/edit/delete virtual domains

• Export protocol-specific data into AAA server

• Click on “Users” (left-hand menu)

• Specify which Virtual Domains user can access


PCI Compliance Assistance ReportFeatures

Payment Card Industry (PCI) report generation

Interpretation of wireless PCI requirements for the Unified Wireless Network

Accumulates data needed for PCI Assessment easing administrative tasks

Reports on wireless network

WCS scans for configurations and settings across the wireless network

BenefitsProvides assistance necessary to complete a PCI Assessment for the wireless network

Reduces time required to analyze settings and create manual reporting

Report generation per partition


Green InitiativeFeature

Improved power management of Cisco Aironet access points to support the Cisco Green initiative.

Cisco access points can be turned on or off periodically at scheduled intervals to save power

Benefits

Reduce power costs by turning access points on or off periodically at scheduled intervals

Manage network security or restrict WLAN usage


Configuration AuditingFeature

Supports auditing the configuration of each wireless LAN controller to confirm that it’s running configuration is identical to the configuration listed in Cisco WCS database.

Implementation levels: controller, mobility group or network

Configuration templates need to be created and applied to a set of controllers before adding the templates to the configuration audit set

BenefitImprovement of configuration audit feature to allow organizations to more easily audit their controller configurations


Cisco WCS Integration with Cisco Secure Access Control Server (ACS) View Server 4.0

FeatureCisco WCS client troubleshooting tool integrates with Cisco Secure ACS View Server 4.0

Provide aggregated client status information from multiple Cisco ACS Servers

Poll Cisco Secure ACS View Server on- demand

Determine if client issues are related to authentication and potential reason for authentication failures

New tab on client troubleshooting tool

Benefit

Easily troubleshoot client problems associated with client authentication failures with Cisco Secure ACS View Server


Template Scheduling and Status

FeaturesTasks can be scheduled to be applied at a future day/time:

Access point template

Configuration groups templates

Information provided about scheduled tasks for templates:

Summary page of scheduled tasks

History of the success or failure status of scheduled tasks for up 31 days

BenefitReduce operational costs by using Cisco WCS to automate controller provisioning and software management at anytime-without manual intervention

All scheduling is done according to the Cisco WCS machine’s time clock.


Detailed Client Report

FeaturesNew report added called “Detailed Client Report”

Customizable report fields

Client statistics (MAC, AP associated, Tx/Rx throughout, RSSI, CCX, SNR, etc)

Generate report based on variety of criteria such as floor area, controllers, access point, and SSID

BenefitEasily gather, track and report on key information about client devices on the network


Ease of Use Enhancements Client Reports

FeaturesNew ease-of-use enhancements for Client Association Report

Customization of column order and display is added to the Client Association Report

Client details page now has interactive charts that are customizable to view client statistics including bytes sent/received, SNR and RSSI

BenefitCustomize Cisco WCS to meet organizational needs and simplify network operations


FeaturesReuse and apply templates to one or all wireless LAN controllers

New templates are uniquely identifiable by user supplied template name

Controller in a config group can be part of multiple config groups

Association between a configuration group and mobility group is now optional

Prompts when deleting template to indicate if it should be removed from controllers and Cisco WCS

BenefitManage controller configurations more easily and accurately

Ease of Use Enhancements Templates



Security Features


Wireless Security Features

1 Wireless Security Vulnerability Assessment

Wireless Security Vulnerability Assessment2 Rogue Switch-Port Tracing and Disable

3 Re-Designed WCS Security Dashboard4 AP Wired Port Authentication with 802.1X5 PCI Assessment and Reporting6 NAC Out-of-Band Support


Automated Wireless Security Vulnerability Assessment

• Provides network-wide security health summary

• Proactively monitors entire wireless network • WLCs, APs and • management interfaces

• Identifies vulnerabilities in: • Encryption• User/network auth• Threat mitigation• Management

• Reduces configuration errors by recommending optimal security settings

• Increases awareness of potential security issues•


Re-Designed “At-a-Glance” WCS Security Dashboard

Graphically-oriented “at-a-glance” security posture and state

Dynamically generates view of only current alarms

Click to drill down to any level of reported event

Single view for wireless security events

– MFP alarms and errors– Grouping by attack types

Reduces time required by administrator to determine status and respond to alarms

Dynamic Security Index• Provides automated,

persistent vulnerability assessment

• Summarizes top issues for easy status update

Dynamic Event Population

• Only shows current alarms

• Grouped by attack type

Cisco Wired IPS Events• Shows wireless client

abuse of wired network


Rogue Switch-Port Tracing and Disable

Uses WCS to identify location of a rogue AP on the wired network and disables the port

Uses CDP trace and OUI rules

Integrated into the existing rogue detection and containment workflow and reporting in WCS

Tracing “on-demand” by operator

Operate across all Catalyst switches: 6500, 4500, 3750, 3560, and 2900

Reduces time and resources spent searching for rogue access points

Can be used to disable rogue APsin remote locations

Protects the wired and wireless network from attacks

Rogue AP

WCS

Switched Network


Switchport Tracing – Configuration (detail)Step 1

–Click on Monitor Alarms


Step 2- Verify the Managed access point detecting the rogue- Verify SSID of Rogue Access point- Verify Rogue Access point Vendor type- Verify for Rogue Clients

Switchport Tracing – Configuration (detail)



– View rogue client details


Step 4

Trace Switch Port details

Switchport Tracing – Configuration (detail)



– Verify Shut Switch Port


AP Wired Port Authentication with 802.1X

User Identity BasedNetwork Access

Campus Network

AuthorizedUsers/Devices

UnauthorizedUsers/Devices

AAA/DHCPAuthenticates any wireless access point plugged into a wired portAP presents 802.1X authentication to join the wired networkAny AP without credentials is denied access to the wired or wireless networkProactively eliminates rogue APs on the wired networkFacilitates secure AP provisioning


Feature Description

Currently the Cisco Aironet Access Points cannot be connected switch port where 802.1x authentication is enabled

With 5.1 release of controller code, Cisco Aironet AP’s can be connected to a IEEE 802.1x enabled port

The AP will act like a 802.1x supplicant and do dot1x authentication with the switch

All modes of LWAPP will be supported like Local, HREAP, Monitor & Sniffer. There will be no support for the Bridge mode of LWAPP

802.1x is supported in access port only, so if HREAP AP is connected to a trunk port, 802.1x on AP will not work


802.1x on AP Supported Platforms

802.1x on AP will be supported on the following WLC Platforms

Cisco 4400 Series Wireless LAN Controllers Cisco 2000 Series Wireless LAN Controllers Cisco Catalyst 6500 Series Wireless Services Module (WiSM) Cisco Catalyst 3750G Integrated Wireless LAN Controller Cisco Wireless LAN Controller Module

802.1x on AP will be supported on following Access Points Cisco Aironet 1250Cisco Aironet 1240Cisco Aironet 1130


System Flow for AP (LOCAL/HREAP connected Mode)

Assuming that the LWAPP AP has been enabled for Dot1x Authentication and its credentials configured

1. LWAPP AP boots up2. Once the Ethernet port is UP, the switch initiates sending

EAP-IDReq to the AP3. AP may also start with EAPOL-START.4. AP and SW exchanges EAPOL pkts.5. If AuthFAILURE, the AP will go back to (3) and retry6. Upon SUCCESS, the SW will open up the port7. Once port is opened for normal data flow, AP starts DHCP,

LWAPP process like any other normal LWAPP AP would do, to JOIN the Controller etc


WLC Configconfig ap dot1xuser add username <user> password <passwd> all

config ap dot1xuser add username <user> password <passwd> <APName>

config ap dot1xuser delete <APName>

config ap dot1xuser disable <all>

Config dot1xuser disable <AP-Name>


Over-ride Global Config

AP Configlwapp ap dot1x username <username> password <password>


Cisco Wireless Control System PCI Compliance Assistance Reporting

Payment Card Industry (PCI) report generation

– Interpretation of PCI wireless requirements

– Makes WCS the PCI expert so WLAN admins don’t have to be

WCS scans for configurations and settings across the wireless network

Provides guidance necessary to complete a PCI Assessment for the wireless network

Reduces time required to analyze settings and create manual reporting


NAC Out-of-Band SupportNAC

Appliance

Cat6K

LWA

PP

AAA/DHCP

AP

Intranet

DNSRemediation

Server

FeaturesNo longer requires all WLAN traffic to route through the NAC Appliance

Can be used upon authentication for posture assessment and remediation

Will poll devices to determine policy and configuration status

Supported in NAC Appliance version 4.5

BenefitsOffers flexibility in design

Lowers capital expense, especially for branch office deployments


Cisco Aironet 1250 Series Power Options


Solution ??!


Wired-Wireless Migration

2-StepMigration

Direct Migration

802.3af 10/100 Switch

802.11a/b/gDeployment

802.3af 10/100 Switch

Limited Performance802.11n Deployment

• Limited functionality and performance

ePoE GigE Switch

Full Performance802.11n Deployment

• Maximum wired & wireless functionality and performance

• Low TCO vs power injectors

RECOMMENDEDRECOMMENDED


Enhanced PoE (ePoE)Delivers higher power than 802.3af (Class 3, 15.4W) but lower than 20 Watts per port

This is not draft 802.3at/POE+ (Standard is still being baked)High power mode is negotiated via CDP between the switch and the APSupported on Catalyst E-series switches and Catalyst 6500 line cards

Operation when AP1250 is plugged into a Cisco switchAP1250 boots up as a class 3 device with radios disabledSwitch and AP auto-negotiate a higher power level using CDP

Switch informs the AP what power level it is capable of providingAP1250 chooses the appropriate mode of operation

If the switch cannot provide the required power then radios remain offWhen powered with a non-Cisco standard PoE switch source AP1250 will operate under 15.4W

-Even if the non-Cisco switch is able to provide higher power AP1250 will not operate in enhanced PoE mode.


AP1250 Dual Radio Powering Options

Power Mode 802.3af Cisco Enhanced PoEMax Power at

PSE15.4 W 16.8-20 W

# of radios supported

1 or 2 2

MIMO Mode (Tx x Rx)

1 radio: 2x32 radios: 1x31

2x3

Dual radio Limitations1

No MCS 8-15 data rates in 2.4 & 5GHz (maximum PHY data-rate 157.5 Mbps/radio)

1:1 replacement of legacy APs2 ensures maximum performance and functionality. (Max PHY data-rate 300 Mbps per radio)

Catalyst Switch Support

Any 802.3af switch 3560E, 3750-E4500E: X4648-E, X4648+E6500: X6148 / X6148A / X6548

1 Limitations are only applicable to dual radio configurations. In single radio configurations, full capabilities are available for all power options.

2 If AP density is lower than one AP per 5,000 sq feet (data only) OR one AP per 3,000 sq feet (for voice, location); then additional power source may be needed

A Power Injector and Power Supply are also available as powering options


Controller UI for powering options

• Medium(15.4W)

• Medium(16.8W) and

• High(20.0W)

Command Use

show power inline Shows Maximum power configured per port, power drawn up by the device on the port

Power inline port max 20000

Power inline auto" or "Power inline static"

Commands needed to get this feature working on the C3750/C4K

wireless update - cisco.com · controller ewm license pid list price ... bug fixes, cco posting)...

Documents