cisco unified wireless network software release 4 · • cisco is the 1st to provide and integrated...
TRANSCRIPT
1© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Unified Wireless NetworkSoftware Release 4.0
ALL INFORMATION IS FOR PARTNERS ONLY
AND UNDER NDA UNTIL PUBLIC
ANNOUNCMENT MADE!
222© 2006 Cisco Systems, Inc. All rights reserved.
List of New Features1. Cisco Catalyst 3750G Integrated Wireless LAN
Controller 2. Cisco Unified Intrusion Detection System
(IDS)/Intrusion Prevention System (IPS) 3. IDS Event Correlation4. Management Frame Protection (MFP)5. FIPS 140-2 Level 2 Validation6. DHCP server enhancements 7. EOIP Ping for mobility groups 8. DHCP Relay Option 82 (AP MAC, SSID) 9. Voice Enhancements (CCX v4)10. Guest Access enhancements 11. Access Control List enhancements 12. Hybrid REAP 13. Unique Device Identifier (UDI)14. Wireless Mesh Enhancements15. New LWAPP APs – 1120 and 1310 16. LWAPP upgrade tool enhancements17. Cisco Aironet 1500 Series enhancements 18. CLI for Initial LWAPP Configuration
Cisco Wireless Control System (WCS)– Running Cisco WCS on a CiscoWorks
Wireless LAN Solution Engine (WLSE)– Cisco WCS - mobility group templates – Cisco WCS Licensing per access point– Cisco WCS increased access point scalability – Cisco WCS / Cisco Aironet 1500 Series
Enhancements
Cisco Wireless Location Appliance1. Cisco Wireless Location Services Planning
Mode 2. Cisco Wireless Location Services Inspector
Tool 3. Import Asset information4. Low battery tag notification 5. Antenna Diversity (account for RSSI per
antenna) 6. Location Services Calibration Updates
333© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Wireless Controller Family
Cisco WiSM 300 APs
Cisco 4404 100 APs
Deployment Size>=100 APs>=25 APs>=2-6 APs
Cisco 20066 APs
Cisco 4402-5050 APs
ISR WLC Module6 AP Cisco 4402-12
12 APs
Cisco 4402-2525 APs
1-2 APs >=12 APs
H-REAP
New!
>=50 APs
New!
Cisco 375025 APs
Cisco 375050 APs
<300 APs
444© 2006 Cisco Systems, Inc. All rights reserved.
3750 Integrated Controller Overview
• Wireless SpecificationsLWAPP enabled25 and 50 AP models2 Gigabit links between controller and switchManageable via the Wireless Control System (WCS)Feature parity with standalone controllers
• Switch Specifications24 10/100/1000 RJ45 .3AF PoE ports + 2 Gigabit SFPSMI feature set (upgradeable to EMI) Complete 3750 functionality2 RU form factor
4402 WLAN controller embedded into a Catalyst 3750G Series switch
555© 2006 Cisco Systems, Inc. All rights reserved.
Catalyst 3750G Integrated WLAN Controller in Stack
• 4 Integrated WLCs supported in a stack
• Integrated WLC can act as master or slave
• 32 Gbps stack interconnect
• Single IP address for switch management
• 1:N Master redundancy
• Sub-second L2 failover
• IOS version should match on all 3750s
666© 2006 Cisco Systems, Inc. All rights reserved.
Security EnhancementsCisco Unified IDS/IPS
• Cisco is the 1st to provide and integrated wireline and wireless security solution
• Supports the Cisco Self-Defending Network• Cisco leads the industry with a holistic approach to
security – at the wireless edge, wired edge, WAN edge through the data center
• When a trusted client acts maliciously (i.e. tries to hack into personnel or financial servers), Cisco’s wireline IDS detects the attack and sends shun requests to WLAN controllers
777© 2006 Cisco Systems, Inc. All rights reserved.
Security EnhancementsManagement Frame Protection
• Provides for the authentication of 802.11 management frames by the wireless network infrastructure
• Allows detection of malicious rogues that are spoofing a valid AP MAC or SSID in order to avoid detection as a rogue AP, or as part of a man-in-the-middle attack
888© 2006 Cisco Systems, Inc. All rights reserved.
EnterpriseIntranet
EnterpriseIntranet
Cisco Unified Wireless Network Software Release 4.0: Security Features
• Management Frame Protection• Unified wired and wireless IDS/IPS• FIPS 140-2 Level 2 validation
Security Features
MFP Protected
MFP Protected
Wired IDS4200 Series IDS Sensor
L2 IDS
L3-7 IDSManagement Frame Protection
Unified IDS/IPS
Malicious traffic
Deep Packet Inspection
Client ShunNew!
999© 2006 Cisco Systems, Inc. All rights reserved.
Hybrid REAP (Remote Edge Access Point)
• Allows customers to gain the benefits of centralization, without deploying a controller in small offices
–Auto RF, rogue detection, rogue containment, multiple WLANs and WAN survivability
• Users configure a Hybrid REAP AP so that all authentication happens centrally at the controller. Traffic can be bridged locally or tunneled back to a central controller on a WLAN-by-WLAN basis.
• No more than three Hybrid REAPs supported over a WAN connection
• Supported ONLY on Cisco Aironet 1130AG and 1240AG Series Access Points (memory requirement)
111111© 2006 Cisco Systems, Inc. All rights reserved.
Guest Access Enhancements
• Guest networking allows organizations to keep their wireless networks secure while providing their customers, vendors, and partners with controlled, secure network access.
• Customized Login Screen – Add company logo, meeting information, news, links– Downloadable to controllers
• Lobby Ambassador Portal– Guest user IDs and passwords can be auto-generated or
manually configured
– Runs on Controller and WCS
121212© 2006 Cisco Systems, Inc. All rights reserved.
Lobby Ambassador Feature in WCS• Lobby Ambassador (LA) role created which only
allows access to the Lobby Administrator screen in WCS
• Runs on Controller and WCS• Traps sent to notify when guest user account expires
WirelessVLAN’s
WirelessVLAN’s
Campus Core
LWAPP LWAPP
Internet
Guest Emp Guest Emp
SiSi
SiSiEmpEmp SiSi
EmpEmp
WCS Guest
131313© 2006 Cisco Systems, Inc. All rights reserved.
Add a Guest User and Apply to Controllers
Add a new user
Apply to controller
Select the controller
141414© 2006 Cisco Systems, Inc. All rights reserved.
Create the Lobby Admin in WLC
• Lobby Administrator can be created in WLC directly
WirelessVLAN’s
WirelessVLAN’s
Campus Core
LWAPP LWAPP
Internet
Guest Emp Guest Emp
SiSi
SiSiEmpEmp SiSiEmpEmp
GuestWLC
151515© 2006 Cisco Systems, Inc. All rights reserved.
Add a “guest” user on the WLC
• Guest User List New
161616© 2006 Cisco Systems, Inc. All rights reserved.
Web Portal – Internal to WLC
• Internal web login page in WLC
WirelessVLAN’s
WirelessVLAN’s
Campus Core
LWAPP LWAPP
Internet
Guest Emp Guest Emp
SiSi
SiSiEmpEmp SiSiEmpEmp
GuestWLC
171717© 2006 Cisco Systems, Inc. All rights reserved.
Web Portal – External Web Server
• Web portal in an external web server
WirelessVLAN’s
WirelessVLAN’s
Campus Core
LWAPP LWAPP
Internet
Guest Emp Guest Emp
SiSi
SiSiEmpEmp SiSiEmpEmp
External Web
ServerGuest
WLC
181818© 2006 Cisco Systems, Inc. All rights reserved.
Pre-Staging Option for AP’s
• Uses standard IOS / LWAPP AP image– Serial cable available for initial IP Address, subnet mask,
gateway, and controller IP address configuration
– After initial connectivity to controller serial port no longer available
• Leverages centralized controller for Authentication– Requires centralized controller for any user
authentication
– Pre-shared keys are also supported
191919© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Compatible ExtensionsEnabling Voice Leadership through Partnership
Version 1 Secure
Connectivity
Version 2Scaling
Version 3 Performance
& Security
Version 4 Voice Over
WLAN
2000 2001 2002 2003 2004 2005 2006
LEAP, WPA, 802.1x & VLANs per AP TKIP, WIFI
AP assisted roam, CCKM,Radio measurements, Transmit power control
WMM, Proxy ARP, EAP-FAST, & WPA2, Single Sign-On
Call admission control, UPSD,Voice metrics, MBSSIDs, Location, Link tests, NAC
Fast Secure Roaming
Basic QoS
Voice Ready
202020© 2006 Cisco Systems, Inc. All rights reserved.
CCX V4: Voice
• Compliance with versions 1-3
• NAC Support• SSIDL • L2 Roaming Enhancements• Call Admission Control (CAC)• Unscheduled Automatic Power Save Delivery (UPSD)• Voice Metrics• CCKM support for EAP-types• Wireless IDS• EAP-FAST Enhancements • MBSSID• Location• Keep-alive • Link Test
Clients AvailableLaptop: Q1 CY06Phones: Q3 CY06
212121© 2006 Cisco Systems, Inc. All rights reserved.
CCX V4: Voice
Key Features: Key Benefits:
Unscheduled Automatic Power
Save Delivery(UPSD)
TSPEC based Call Admission Control
(CAC)
VoiceMetrics
Improved battery life, Increased capacity per AP, Less congestion
Ability to reserve and control bandwidth for voice, improving the quality of voice calls
Provides information to predict and tune
networks for optimum WLAN VoIP
performance
222222© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Centralized Key Management (CCKM)
Features Description:
Benefit:
• CCKM–Cisco Centralized Key management protocol that enables fast 802.1x reauthentication
• CCKM support available for the following 802.1x EAP types• EAP-LEAP• EAP-FAST
• Fast re-authentication• Provides a survivability benefit in that it works even when
the network link between the APs and the centralized authentication server is down
• EAP-PEAP-GTC *• EAP-TLS
• EAP-PEAP-MSCHAPv2*
* Optional for ASD
232323© 2006 Cisco Systems, Inc. All rights reserved.
Voice Metrics
Features Description:
Benefit:
• Instrumentation defines reporting elements • Packet Jitter, Packet Loss, Roaming Delay
• Assists in quickly isolating and distinguishing between problems on the wired vs. wireless network
242424© 2006 Cisco Systems, Inc. All rights reserved.
TSPEC based Call AdmissionControl (CAC)
Features Description:
Benefit:
• Client device capable of integrating layer 2 TSPEC admission control with layer 3 CCM admission control (RSVP). This facilitates providing a fast busy indication to the calling or called parties during times of network congestion
• Ensures that the number of active voice callsdo not exceed the configured limits
• Reserve and control bandwidth for voice• Ensure audio quality, even across roams• Faster roaming• Low latency
Voice Quality Unacceptable
252525© 2006 Cisco Systems, Inc. All rights reserved.
WMM based Unscheduled Automatic Power Save Delivery (“U-APSD”/Reverse Polling)
Features Description:
Benefit:
• Allows synchronization of send/receive in one atomic operation
• AP has per client buffer
• Client initiates transmission
• Estimated improvement 2–4 timestalk time
• Improved battery life• Potential to increase the number of
calls each AP is capable of handling
UA P SD
Send
Rec
eive
Slee
p
Send
Rec
eive
Slee
p
UA P SD
Send
Rec
eive
Send
Rec
eive
Send
Rec
eive
262626© 2006 Cisco Systems, Inc. All rights reserved.
Location Services – New Features and Enhancements
Enhancements for increased scale, ease of deployment and reduced OpEx
Configuration • Rich WCS Configuration Templates• Asset Import/Export Templates:
asset category, group, name• Automated location appliance setup script
Location Deployment• New Installation: Location Planning Tool• Existing WLAN: Location Readiness Tool• Post Deployment: Location Inspector• Location “Jitter” Reduction• Faster Calibration for CCX v.2 clients• Location notifications: added battery level
notifications & position changes to previous notifications of absence, in/out of configurable area, movement from defined point/marker.
• Scale: increased location tracking up to 2500 simultaneous devices, up from 1500
272727© 2006 Cisco Systems, Inc. All rights reserved.
Cisco WCS Server Scalability in SW 4.0
1500 APs, 100 Controllers
Intel Pentium4 CPU 3 GHz, 3 GB RAM, 38GB HDD
CiscoWorks WLSE 1130 (Non-Dell Platforms) running Cisco WCS
500 APs, 50 Controllers
Intel (R) CPU 3.06GHz, 960 MB RAM, 30GB HDD
Cisco WCS Low End Server
2000 APs, 150 Controllers
Intel (R) Dual Core CPU 3.2GHz, 4 GB RAM, 80 GB HDD
Cisco WCS Standard Server
3000 APs, 250 Controllers
Intel (R) Xeon Quad CPU 3.15 GHz, 8 GB RAM, 200 GB HDD
High End Server
ScalabilityMachine SpecificationsServer Type