1、1 2005 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialSession NumberPresentation_IDCENTRALIZED WLAN ARCHITECTURE AND PRODUCT OVERVIEW2 2005 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialSession NumberPresentation_IDMarch 23rd, Cisco Acquired AirespaceGreat News for Wireless Cu
2、stomers ! Cisco Aironet Customers Good News!The Leader in Wireless LANs will continue to Support and Enhance these Integrated WLAN Solutionss, providing exemplary Investment Protection. Buy with confidence from the market leader. Cisco Airespace Customers Good News!The Innovative, Award-winning prod
3、ucts, which have captured the interest of Enterprise customers, will be integrated into high-speed switches and Routers. Buy with confidence from the market leader. Cisco Router & Switching Customers Good News!The acquisition has accelerated Ciscos strategy of Integrating Wireless technology into th
4、e Network. Buy with confidence from the market leader.3 2005 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialSession NumberPresentation_IDWhat did Airespace bring to Cisco?Airespace Products Integrated with the Cisco WLAN PortfolioCisco 2000 WLAN Controllerformerly Airespace 3500Cisco 4100
5、 WLAN Controllerformerly Airespace 4100Cisco 1000 APformerly Airespace 1250Cisco Wireless Control System (WCS)formerly ACS The Airespace acquisition accelerates Ciscos goal of wired+wireless integration Technology leader in Lightweight AP/Controller market Benefits of LWAPP approachEase of use & pol
6、icy based managementSecurity: Integrated IPS, Rogue AP Detection, Guest Access, etcRF management: real-time RF monitoring and adjustmentIntegrated location tracking4 2005 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialSession NumberPresentation_IDEnterprise-Wide RF IntelligenceManagement
7、PlaneControl PlaneData PlaneSmall/Medium OfficeRemote OfficeCisco Wireless Control System (WCS)Radio Resource Management SoftwareWLANControllerInterference Detection/AvoidanceRogue Detection/ContainmentTransmit PowerCoverage Hole ManagementMobility ManagementUser Load ManagementAutomatic Channel Man
8、agementWLANControllerREAPRF DomainCisco Wireless Location ApplianceSOAP/XML5 2005 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialSession NumberPresentation_IDIntroducing the Centralized WLAN Solution A complete WLAN systemUniform WLAN policies across main office, branch offices, and remot
9、e offices Easy to Deploy and OperateFull suite of WLAN management tools - from planning to operationsReal-time RF Management Proven security for any enterprise environmentReal-time monitoring and analysisIntegrated wireless intrusion protection Best-in-class PerformanceDesigned for converged voice a
10、nd data applications Integrated, accurate, location tracking Designed for heterogeneous environments6 2005 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialSession NumberPresentation_IDCentralized WLAN Solution OverviewLightweight Access PointsSecurity PoliciesQoS PoliciesRF ManagementMobil
11、ity ManagementRemote RF interfaceMAC Layer EncryptionWireless ControllerLWAPPSNMPWireless Control SystemIntuitive GUI for easy configuration, monitoring, and troubleshootingLocation ApplianceHigh-resolution location tracking and history for clients, asset tags, and roguesSOAP/XML7 2005 Cisco Systems
12、, Inc. All rights reserved.Cisco ConfidentialSession NumberPresentation_IDLightweight Access Point Protocol (LWAPP)Data TrafficEncapsulated via LWAPPConnection between AP and Controller encapsulated via LWAPPLWAPPXSelf-signedX.509 Certificate9 Carries all communication between AP and WLAN controller
13、 Allows controller to fully manage AP configuration and software Zero touch AP configuration Security FeaturesNo network security parameters in AP (e.g., RADIUS secret)Mutual authenticationProtection against replayStrong authentication (X.509 certificate based)Strong encryption for control traffic (
14、NIST certified AES-CCM algorithm)LWAPPControl TrafficEncrypted via AES-CCMPRogue APUnknown rogue cannot spoof Cisco APX.509 certificates used for connection setupEncryption keys are dynamically set and rotated8 2005 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialSession NumberPresentation
15、_IDCentralized Controller and Lightweight AP Architecture Security policies QoS policies RF management Mobility management Remote RF interface MAC layer encryptionLightweight Access PointsWireless ControllerLWAPPAP MAC Functions 802.11: Beacons, probe response, auth (if open) 802.11 control: Packet
16、ack and retransmission (latency) 802.11e: Frame queuing and pkt prioritization (access to RF) 802.11i: Encryption in APController MAC Functions 802.11 MAC mgmt:(Re)association requests and action frames 802.11 Data: Encapsulate and sent to AP 802.11e resource reservation: Control protocol carried to
17、 AP in 802.11 mgmt framessignaling done in the controller 802.11i authentication and key exchangeDivision of LaborSplit MAC9 2005 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialSession NumberPresentation_IDRadio Resource ManagementALL channels scanned while offering serviceCountry channel
18、s only or all channelsAll 802.11 packets collected & characterizedrogue beacons, rogue clients, 802.11 interference and matched against IDS signatures.AP received energyTotal energy on each channel802.11 noiseNon-802.11 noise heard on channel802.11 interference (Described as %busy)802.11 packets hea
19、rd during sampling intervalsUtilizationMore emphasis given to APs that require more bandwidthControllerLightweight APTransmit PowerUser Load ManagementAuto Channel ManagementInterference Detection & AvoidanceRogue Detection & ContainmentCoverage Hole ManagementMobility ManagementRadio Resource Manag
20、ement Software - Embedded in ControllerKey RF stats profiledIts like having an RF Engineer in the Controller10 2005 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialSession NumberPresentation_IDLightweight APsCisco 1010 Lightweight Access PointExcellent range/coverage (5k sq. ft) Real-time
21、RF monitoring (RF management, security, location)LWAPP enabled (zero touch config.)LightweightAPnew iconCisco 1020 Lightweight Access PointAll the same capabilities of 1010, plus:Connectors for 3 external antennaB/G left & right, A externalCisco 1030 REAPAll of the capabilities as 1020, plus:Central
22、ized management & monitoring via remote WAN linkCentralized authenticationLocalized traffic delivery11 2005 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialSession NumberPresentation_IDCentralized Wireless Controllers new iconCisco 2000 Series - BranchSupports 6 APs4 10/100 Mbps interfaces
23、All hardware includes Radio Resource Management (RRM), mobility, intrusion protection, and QoSCisco 4100 Series - CoreSupports up to 36 APsGigabit uplink port with redundant gigabit uplink portExpansion slot (Enhanced Security Module)wireless controllerCisco 4400 Series - Data CenterSupports up to 1
24、00 APs2 or 4 active SFP Gigabit uplink ports1 or 2 Expansion slotsRedundant Power Supplies12 2005 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialSession NumberPresentation_IDCisco Wireless Control System (WCS) WCS is the management platform for Ciscos controller-based solution WCS is used
25、 for:-Network planning and ongoing monitoring-Real-time visibility and control of the air space-Unified policies that are centrally managed and enforced-Management of Cisco controllers and lightweightAPs WCS is optional, but highly recommended when:-Multiple controllers are deployed, supporting nume
26、rous APs-Advanced WLAN services are deployed (IDS, location, voice, ) 13 2005 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialSession NumberPresentation_IDWCS OS/Client Support OS SupportWindows 2000/SP4+ or Windows 2003/SP1+RedHat Enterprise Linux ES version v3.0 Hardware Requirements (mi
27、nimum)Up to 500 APs: Pentium 4, 2.4 GHz, 1 GB RAMOver 500 Aps: Dual Pentium, 2.4 GHz +, 2 GB RAM20 GB Hard Drive Client Browser SupportIE 6.0/SP1 on Windows WCS supports up to 50 controllers & 1,500 APsNOTE: Shutdown WCS before changing IP parameters14 2005 Cisco Systems, Inc. All rights reserved.Ci
28、sco ConfidentialSession NumberPresentation_IDLocation Appliancenew icon Advanced RF Fingerprinting for high accuracy location resolution Industrys 1st Location Solution Integrated into the WLAN infrastructure Tracks up to 1,500 simultaneous Wi-Fi devices: tags, rogues, clients, and Aps Retains locat
29、ion history GUI display via WCS or 3rd party via API General Availability in July 05LocationAppliance2700 Location Appliance15 2005 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialSession NumberPresentation_IDMANAGING A CENTRALIZED WLAN Solution16 2005 Cisco Systems, Inc. All rights reserv
30、ed.Cisco ConfidentialSession NumberPresentation_IDWLAN Planning Tool Optimize WLAN design for coverage or performance Assign RF characteristics to building material-Integrated floor plan editor WCS suggests optimal AP placement and graphically displays expected coverage area Printable reports Minimi
31、ze the need for manual site survey17 2005 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialSession NumberPresentation_IDPlanning a Deployment1. Install WCS2. Create Campus, Building & Floor Plans3. Launch Planning Tool from each floor map4. Use Map Editor to place RF obstructions5. Size cov
32、erage area & enter usage parameters6. View/Modify results7. Print out ProposalMap Editor allows placement of walls with correct RF signal loss parameters. This is used to calculate a precise signal propagation using the predictive RF engine.Obstacles added by clicking & dragging linesMap Editor allo
33、 plac ent of w lls wit corr t RF signal loss para t r . This is used t calculate a precise signal pro agation usi g the predictive RF engine.s clicking & dragging liPre-defined list of walls and obstacles.Light Wall 2 dBThick Wall 13 dBHeavy Door 15 dBLight Door 4 dBCubicle 1 dBGlass 1.5 dB18 2005 C
34、isco Systems, Inc. All rights reserved.Cisco ConfidentialSession NumberPresentation_IDPlanning a Deployment1. Install WCS2. Create Campus, Building & Floor Plans3. Launch Planning Tool from each floor map4. Use Map Editor to place RF obstructions5. Size coverage area & enter usage parameters6. View/
35、Modify results7. Print out ProposalThe blue box indicates which areas of the floor plan need coverage. This can be used to plan for different needs within a floor. One area, such as an auditorium, may need to be planned with increased user density in mind, whereas classrooms may have very different
36、density needs. The blue x indicates w ich areas of the floor plan need coverage. This can be used t pla f r different needs ithin a floor. One area, such as an auditoriu , may need to be pla ed ith increased user density in min , ereas classro s y have very differe t density needs. Two optimization
37、modes: coverage and capacity. Assists administrators in designing WLANs where AP load is an important concern. If capacity is selected, a selection for total # of users, as well as users per AP can be made.o optimization modes: coverage and capacity. sists administrators in designing ere AP load is
38、an important concern. If capacity is selected, a selecti f r t tal # of users, as ell as users per can be ma e.This is where you can select the minimum real worldthroughput needed at the edge of each APs cell. This helps in planning for both coverage and capacity.This is ere you can select the minim
39、um real rldthroughput needed at the edge of each APs cell. This helps in planning for both covera e and ca acity.The Calculate button will determine how many APs are needed for the input parameters (especially useful when planning for capacity where more parameters are available). The Apply button w
40、ill place the needed APs within the coverage area (blue box) and show their propagation characteristics based on our predictive engine.The alculate button ill determine any APs are nee e for the input para eters (es ecially useful en plannin for ca acity ere more parameters are available). The Apply
41、 button ill place the needed s ithin the c vera e area (blue x) and s their propagation c aracteristics based o r pre ictive en ine.19 2005 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialSession NumberPresentation_IDPlanning a DeploymentData Rate Map - MbpsSignal Strength Map - RSSIAPs ca
42、n be re-positioned & heat maps re-calculatedbe r - iti1. Install WCS2. Create Campus, Building & Floor Plans3. Launch Planning Tool from each floor map4. Use Map Editor to place RF obstructions5. Size coverage area & enter usage parameters6. View/Modify results7. Print out Proposal20 2005 Cisco Syst
43、ems, Inc. All rights reserved.Cisco ConfidentialSession NumberPresentation_IDPlanning a Deployment1. Install WCS2. Create Campus, Building & Floor Plans3. Launch Planning Tool from each floor map4. Use Map Editor to place RF obstructions5. Size coverage area & enter usage parameters6. View/Modify re
44、sults7. Print out ProposalProposal Contains:Floor Plan DetailsDisclaimer/Scope/AssumptionsProposed AP PlacementWLAN Coverage & Data Rate HeatmapsCoverage AnalysisFloor Plan Detailsverage & Data Rate is21 2005 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialSession NumberPresentation_IDWLAN
45、 Configuration Create templates for multiple unique SSIDs-Independent of controllers or APs System-wide security configuration-802.1x, RADIUS, IPsec, L2TP, System-wide QoS policies-802.11e, WMM, 802.1p Define controller mobility groups for seamless roaming Establish RRM thresholds and measurement in
46、tervals Configure back-end services-NTP, AAA, NAC22 2005 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialSession NumberPresentation_IDCreating & Deploying a WLAN Template WLAN template can be applied to multiple controllers All relevant data entered in a single screen Intelligent GUI provi
47、des parameters only for options you chooseSelecting WPA for the Layer 2 security setting enables only the WPA parameters to simplify configuring security parameters. In this case TKIP-MIC with a pre-shared key option. Selecting WPA for the Layer 2 security setting enables only the WPA para eters to
48、simplify c fig rin security para ters. In this case TKIP-MIC ith a pre-shared key option. QoS policies defined and enforced here licies defined a d e f rced here Session Timeout is useful during mobility to control how long until a roaming client is re-anchored to its local controllerSession Timeout
49、 is useful during mobility to control long until a roaming client is re-anchored to its local c tr llerOnce applied, all APs will begin offering this new WLAN23 2005 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialSession NumberPresentation_IDCreating a Mobility GroupController 1 Controller 2AP A AP B AP CAP DMobilityAnnouncementAdding controllers to a Mobility Group enables Layer 2 and Layer 3 roaming across APs and WLAN controllersAdding controllers to a Mob
