cisco unified wireless network software release 4 · • cisco is the 1st to provide and integrated...

1© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Unified Wireless NetworkSoftware Release 4.0

ALL INFORMATION IS FOR PARTNERS ONLY

AND UNDER NDA UNTIL PUBLIC

ANNOUNCMENT MADE!


List of New Features1. Cisco Catalyst 3750G Integrated Wireless LAN

Controller 2. Cisco Unified Intrusion Detection System

(IDS)/Intrusion Prevention System (IPS) 3. IDS Event Correlation4. Management Frame Protection (MFP)5. FIPS 140-2 Level 2 Validation6. DHCP server enhancements 7. EOIP Ping for mobility groups 8. DHCP Relay Option 82 (AP MAC, SSID) 9. Voice Enhancements (CCX v4)10. Guest Access enhancements 11. Access Control List enhancements 12. Hybrid REAP 13. Unique Device Identifier (UDI)14. Wireless Mesh Enhancements15. New LWAPP APs – 1120 and 1310 16. LWAPP upgrade tool enhancements17. Cisco Aironet 1500 Series enhancements 18. CLI for Initial LWAPP Configuration

Cisco Wireless Control System (WCS)– Running Cisco WCS on a CiscoWorks

Wireless LAN Solution Engine (WLSE)– Cisco WCS - mobility group templates – Cisco WCS Licensing per access point– Cisco WCS increased access point scalability – Cisco WCS / Cisco Aironet 1500 Series

Enhancements

Cisco Wireless Location Appliance1. Cisco Wireless Location Services Planning

Mode 2. Cisco Wireless Location Services Inspector

Tool 3. Import Asset information4. Low battery tag notification 5. Antenna Diversity (account for RSSI per

antenna) 6. Location Services Calibration Updates


Cisco Wireless Controller Family

Cisco WiSM 300 APs

Cisco 4404 100 APs

Deployment Size>=100 APs>=25 APs>=2-6 APs

Cisco 20066 APs

Cisco 4402-5050 APs

ISR WLC Module6 AP Cisco 4402-12

12 APs

Cisco 4402-2525 APs

1-2 APs >=12 APs

H-REAP

New!

>=50 APs

New!

Cisco 375025 APs

Cisco 375050 APs

<300 APs


3750 Integrated Controller Overview

• Wireless SpecificationsLWAPP enabled25 and 50 AP models2 Gigabit links between controller and switchManageable via the Wireless Control System (WCS)Feature parity with standalone controllers

• Switch Specifications24 10/100/1000 RJ45 .3AF PoE ports + 2 Gigabit SFPSMI feature set (upgradeable to EMI) Complete 3750 functionality2 RU form factor

4402 WLAN controller embedded into a Catalyst 3750G Series switch


Catalyst 3750G Integrated WLAN Controller in Stack

• 4 Integrated WLCs supported in a stack

• Integrated WLC can act as master or slave

• 32 Gbps stack interconnect

• Single IP address for switch management

• 1:N Master redundancy

• Sub-second L2 failover

• IOS version should match on all 3750s


Security EnhancementsCisco Unified IDS/IPS

• Cisco is the 1st to provide and integrated wireline and wireless security solution

• Supports the Cisco Self-Defending Network• Cisco leads the industry with a holistic approach to

security – at the wireless edge, wired edge, WAN edge through the data center

• When a trusted client acts maliciously (i.e. tries to hack into personnel or financial servers), Cisco’s wireline IDS detects the attack and sends shun requests to WLAN controllers


Security EnhancementsManagement Frame Protection

• Provides for the authentication of 802.11 management frames by the wireless network infrastructure

• Allows detection of malicious rogues that are spoofing a valid AP MAC or SSID in order to avoid detection as a rogue AP, or as part of a man-in-the-middle attack


EnterpriseIntranet

EnterpriseIntranet

Cisco Unified Wireless Network Software Release 4.0: Security Features

• Management Frame Protection• Unified wired and wireless IDS/IPS• FIPS 140-2 Level 2 validation

Security Features

MFP Protected

MFP Protected

Wired IDS4200 Series IDS Sensor

L2 IDS

L3-7 IDSManagement Frame Protection

Unified IDS/IPS

Malicious traffic

Deep Packet Inspection

Client ShunNew!


Hybrid REAP (Remote Edge Access Point)

• Allows customers to gain the benefits of centralization, without deploying a controller in small offices

–Auto RF, rogue detection, rogue containment, multiple WLANs and WAN survivability

• Users configure a Hybrid REAP AP so that all authentication happens centrally at the controller. Traffic can be bridged locally or tunneled back to a central controller on a WLAN-by-WLAN basis.

• No more than three Hybrid REAPs supported over a WAN connection

• Supported ONLY on Cisco Aironet 1130AG and 1240AG Series Access Points (memory requirement)


Hybrid REAP


Guest Access Enhancements

• Guest networking allows organizations to keep their wireless networks secure while providing their customers, vendors, and partners with controlled, secure network access.

• Customized Login Screen – Add company logo, meeting information, news, links– Downloadable to controllers

• Lobby Ambassador Portal– Guest user IDs and passwords can be auto-generated or

manually configured

– Runs on Controller and WCS


Lobby Ambassador Feature in WCS• Lobby Ambassador (LA) role created which only

allows access to the Lobby Administrator screen in WCS

• Runs on Controller and WCS• Traps sent to notify when guest user account expires

WirelessVLAN’s

WirelessVLAN’s

Campus Core

LWAPP LWAPP

Internet

Guest Emp Guest Emp

SiSi

SiSiEmpEmp SiSi

EmpEmp

WCS Guest


Add a Guest User and Apply to Controllers

Add a new user

Apply to controller

Select the controller


Create the Lobby Admin in WLC

• Lobby Administrator can be created in WLC directly

WirelessVLAN’s

WirelessVLAN’s

Campus Core

LWAPP LWAPP

Internet

Guest Emp Guest Emp

SiSi

SiSiEmpEmp SiSiEmpEmp

GuestWLC


Add a “guest” user on the WLC

• Guest User List New


Web Portal – Internal to WLC

• Internal web login page in WLC

WirelessVLAN’s

WirelessVLAN’s

Campus Core

LWAPP LWAPP

Internet

Guest Emp Guest Emp

SiSi


GuestWLC


Web Portal – External Web Server

• Web portal in an external web server

WirelessVLAN’s

WirelessVLAN’s

Campus Core

LWAPP LWAPP

Internet

Guest Emp Guest Emp

SiSi


External Web

ServerGuest

WLC


Pre-Staging Option for AP’s

• Uses standard IOS / LWAPP AP image– Serial cable available for initial IP Address, subnet mask,

gateway, and controller IP address configuration

– After initial connectivity to controller serial port no longer available

• Leverages centralized controller for Authentication– Requires centralized controller for any user

authentication

– Pre-shared keys are also supported


Cisco Compatible ExtensionsEnabling Voice Leadership through Partnership

Version 1 Secure

Connectivity

Version 2Scaling

Version 3 Performance

& Security

Version 4 Voice Over

WLAN

2000 2001 2002 2003 2004 2005 2006

LEAP, WPA, 802.1x & VLANs per AP TKIP, WIFI

AP assisted roam, CCKM,Radio measurements, Transmit power control

WMM, Proxy ARP, EAP-FAST, & WPA2, Single Sign-On

Call admission control, UPSD,Voice metrics, MBSSIDs, Location, Link tests, NAC

Fast Secure Roaming

Basic QoS

Voice Ready


CCX V4: Voice

• Compliance with versions 1-3

• NAC Support• SSIDL • L2 Roaming Enhancements• Call Admission Control (CAC)• Unscheduled Automatic Power Save Delivery (UPSD)• Voice Metrics• CCKM support for EAP-types• Wireless IDS• EAP-FAST Enhancements • MBSSID• Location• Keep-alive • Link Test

Clients AvailableLaptop: Q1 CY06Phones: Q3 CY06


CCX V4: Voice

Key Features: Key Benefits:

Unscheduled Automatic Power

Save Delivery(UPSD)

TSPEC based Call Admission Control

(CAC)

VoiceMetrics

Improved battery life, Increased capacity per AP, Less congestion

Ability to reserve and control bandwidth for voice, improving the quality of voice calls

Provides information to predict and tune

networks for optimum WLAN VoIP

performance


Cisco Centralized Key Management (CCKM)

Features Description:

Benefit:

• CCKM–Cisco Centralized Key management protocol that enables fast 802.1x reauthentication

• CCKM support available for the following 802.1x EAP types• EAP-LEAP• EAP-FAST

• Fast re-authentication• Provides a survivability benefit in that it works even when

the network link between the APs and the centralized authentication server is down

• EAP-PEAP-GTC *• EAP-TLS

• EAP-PEAP-MSCHAPv2*

* Optional for ASD


Voice Metrics


Benefit:

• Instrumentation defines reporting elements • Packet Jitter, Packet Loss, Roaming Delay

• Assists in quickly isolating and distinguishing between problems on the wired vs. wireless network


TSPEC based Call AdmissionControl (CAC)


Benefit:

• Client device capable of integrating layer 2 TSPEC admission control with layer 3 CCM admission control (RSVP). This facilitates providing a fast busy indication to the calling or called parties during times of network congestion

• Ensures that the number of active voice callsdo not exceed the configured limits

• Reserve and control bandwidth for voice• Ensure audio quality, even across roams• Faster roaming• Low latency

Voice Quality Unacceptable


WMM based Unscheduled Automatic Power Save Delivery (“U-APSD”/Reverse Polling)


Benefit:

• Allows synchronization of send/receive in one atomic operation

• AP has per client buffer

• Client initiates transmission

• Estimated improvement 2–4 timestalk time

• Improved battery life• Potential to increase the number of

calls each AP is capable of handling

UA P SD

Send

Rec

eive

Slee

p

Send

Rec

eive

Slee

p

UA P SD

Send

Rec

eive

Send

Rec

eive

Send

Rec

eive


Location Services – New Features and Enhancements

Enhancements for increased scale, ease of deployment and reduced OpEx

Configuration • Rich WCS Configuration Templates• Asset Import/Export Templates:

asset category, group, name• Automated location appliance setup script

Location Deployment• New Installation: Location Planning Tool• Existing WLAN: Location Readiness Tool• Post Deployment: Location Inspector• Location “Jitter” Reduction• Faster Calibration for CCX v.2 clients• Location notifications: added battery level

notifications & position changes to previous notifications of absence, in/out of configurable area, movement from defined point/marker.

• Scale: increased location tracking up to 2500 simultaneous devices, up from 1500


Cisco WCS Server Scalability in SW 4.0

1500 APs, 100 Controllers

Intel Pentium4 CPU 3 GHz, 3 GB RAM, 38GB HDD

CiscoWorks WLSE 1130 (Non-Dell Platforms) running Cisco WCS


Intel (R) CPU 3.06GHz, 960 MB RAM, 30GB HDD

Cisco WCS Low End Server


Intel (R) Dual Core CPU 3.2GHz, 4 GB RAM, 80 GB HDD

Cisco WCS Standard Server


Intel (R) Xeon Quad CPU 3.15 GHz, 8 GB RAM, 200 GB HDD

High End Server

ScalabilityMachine SpecificationsServer Type


Thanks!

cisco unified wireless network software release 4 · • cisco is the 1st to provide and integrated...

Documents