WLAN management is one piece of a puzzle for network managers to understand. WLANs address the business drivers such as mobile users.WLAN management helps Network Managers plan for scalable WLANs that are both centralized and secure.
WLAN management within the Cisco Unified Wireless Network is composed of five elements. Those elements are fundamental to building successful enterprise-class WLANs that are scalable, centralized, and secure.
Cisco Unified Wireless Networks
The Cisco Unified Wireless Network is a total-enterprise solution composed of five comprehensive elements. The Cisco Unified Wireless Network enables the use of advanced wireless services and addresses security concerns. It also addresses deployment, control, and the management of WLAN components and RF.
Following are the five elements of Cisco Unified Wireless Network:
■ Client devices—Use the Cisco Compatible Extensions program to help ensure interoperability. The Cisco Compatible Extensions program delivers services such as wireless mobility, QoS, network management, and enhanced security.
■ Mobility platform—Provides ubiquitous access in any environment indoors or out. The LWAPs are dynamically configured and managed by wireless LAN controllers (WLC) through LightWeight Access Point Protocol (LWAPP).
■ Network unification—Creates seamless integration into the routing and switching infrastructure. The WLCs are responsible for functions such as RF management, n+1 deployment, and Intrusion Prevention System (IPS).
■ World-class network management—Enables WLANs to have the equivalent LAN security, scalability, reliability, ease of deployment, and management via Cisco Wireless Control System (WCS). Cisco WCS provides features for design, control, and monitoring.
■ Unified advanced services—Support new mobility applications, emerging Wi-Fi technologies, and advanced threat detection and prevention capabilities such as wireless VoIP, future unified cellular, location services, Network Admission Control (NAC), the Self-Defending Network, Identity Based Networking Services (IBNS), Intrusion Detection Systems (IDS), and guest access.
Following are Cisco WLAN products supporting the Cisco Unified Wireless Network:
■ Client devices—These include the Cisco 7920 IP Phone, PDAs.Cisco client device compatibility is higher than 90 percent, reducing conflicts or issues.
■ Mobility platform—Lightweight access points (AP) include the 1500, 1300, 1240AG, 1230AG, 1130AG, and 1000. Bridges include the 1400 and 1300.
■ Network unification—WLCs include the 4400 and 2000. Catalyst devices include the 6500 WiSM, ISR, and 3750 integration.
■ World-class network management—Cisco WCS provides features for design, control, and monitoring.
■ Unified advanced services—Cisco Wireless Location Appliance, WCS, Self-Defending Network (SDN), NAC, Wi-Fi phones, and RF firewalls.
Cisco WLAN Implementation
Cisco offers two WLAN implementations. The first is the autonomous WLAN solution based on autonomous APs, and the second is the lightweight WLAN solution based on LWAPs and WLCs.
Table 10-2 compares the two WLAN solutions.
Table 10-2 Comparison of WLAN Implementation Solutions
|
Category |
Autonomous WLAN Solution |
Lightweight WLAN Solution |
|
Access Point |
Autonomous APs |
LWAPs |
|
Control |
Individual configuration on each AP |
Configuration via Cisco WLC |
|
Dependency |
Independent operation |
Dependent on Cisco WLC |
|
WLAN Management |
Management via CiscoWorks WLSE and Wireless Domain Services (WDS) |
Management via Cisco WCS |
|
Redundancy |
AP redundancy |
Cisco WLC redundancy |
The two WLAN solutions have different characteristics and advantages:
■ Autonomous APs— Configuration is accomplished on each AP. Each AP places RF control, security, and mobility functions within the local configuration. Individual configuration is required because each AP operates independently. However, centralized configuration, monitoring, and management can be done through CiscoWorks WLSE. WDS provides the radio monitoring and management communication between the autonomous APs and CiscoWorks WLSE.
■ LWAPs—Configuration, monitoring, and security are accomplished via the WLAN controller. The LWAPs depend on the controller for control and data transmission. However, Remote-Edge Access Point (REAP) mode does not need the controller for data transmission. Cisco WCS can centralize configuration, monitoring, and management. Cisco WLAN controllers can be implemented with redundancy within the WLC groups.
Without centralized WLAN management both implementations eventually have scalability issues. However, LWAPs and their associated WLAN Controllers provide a more scalable solution for WLANs than autonomous APs. In fact, the growth and management of autonomous APs becomes an important concern since independently managing APs increases operational costs and staffing requirements. Moreover, correlating and forecasting across the enterprise WLAN becomes more difficult due to the lack of visibility and/or personnel time. Client handoff times decrease between APs and real-time applications such as voice and video start to suffer.
Security starts to lose effectiveness because of the growth and no centralized management. Detection and mitigation of denial of service (DoS) attacks across an entire WLAN are not possible. Interferences cannot be viewed on a systemwide basis because of the lack of centralized management. Each autonomous AP is a single point of enforcement for security policies across Layer 1, Layer 2, and Layer 3. Security is at risk when an AP is stolen or compromised because the passwords, keys, and community strings all reside within the local configuration.
Regardless of which implementation is chosen, Cisco provides a centralized WLAN management solution.
WLAN Components
Figure 10-1 provides a clear hierarchy of the components that are required to build a WLAN.
Figure 10-1 WLAN Components
Client devices are the most obvious of the WLAN components.
Access Points are another obvious WLAN component—either autonomous or lightweight. The APs are used to build the WLAN infrastructure. Configuration is performed independently on the autonomous APs. Lightweight APs are configured through their associated LAN controller.
Control is the WLAN component that provides device control and radio monitoring. Control and radio monitoring are specific to the end solution implementation. The autonomous AP solution uses Wireless Domain Services (WDS). All WDS configured APs aggregate their information through WDS which sends it to the WLSE. The lightweight APs use their associated LAN controllers via LWAPP.
WLAN management is the WLAN component that addresses how large-scale deployments are centrally managed. Autonomous APs use CiscoWorks WLSE and lightweight APs use Cisco WCS management.
The network infrastructure WLAN component includes the routers and switches that interconnect all the APs, controllers, management, and servers together.
Network services is the last WLAN component in Figure 10-1. Network services function to provide services such as Dynamic Host Configuration Protocol (DHCP), Domain Name System (DNS), and Authentication, Authorization and Accounting (AAA)—DHCP, DNS, and AAA.
NOTE Cisco Aironet bridges operate at the MAC address layer (data link layer).
