Cisco Wireless Mobility Express

Cisco Smart Business
Communications System
Stanislav.Hrda@alefnula.sk
Cisco Wireless Mobility Express pre malé podniky a Cisco
Unified Wireless Network riešenia pre SMB stredné podniky.
IDEA 2.0 – Slide 1
SessionMarkets
number:Unified
923 274
942
Emerging
Communications
Bezplatné číslo (volanie cez Skype): +1 866 432 9903
Lokálny tel. pre Česko: +420 221 435 100
Lokálny tel. pre Slovensko: +421 258 255 309
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco WLAN Solutions Overview
Enterprise and SP Portfolio
Feature Richness
Autonomous and Unified Solutions
Indoor and Outdoor Solutions
SBCS
Mobility 500 Express –
WLC526
AP521 (controller mode)
Configuration Assistant
Mobility 500 Express –
AP521 (standalone)
Configuration Assistant
*
UC500 AP
1 AP
© 2007 Cisco Systems, Inc. All rights reserved.
3 APs
12 APs
30k APs
Cisco SMB Solutions Portfolio
Smart Business
Communications
System
Complete SMB
Product Portfolio
§ End-to-end solution
§ Designed for SMB
§ World class service and
support
§ Best of breed solutions
§ Scalable designs
§ World class service and
support
© 2007 Cisco Systems, Inc. All rights reserved.
Smart Business Communication System
Simple, Complete, Secure Communication Solution for SMB
Unified
Communications
IP Phones
Switching
Wireless
Teleworker
UC500 Series
7900 Series
CE520 Series
AP500
WLC 500
Cisco 870W
• 8 to 48 Voice Users • All Cisco Unified IP
Phones are
• Desktop &
supported
Rackmount Models
• Optional Integrated
WLAN AP on desktop
models
• 8 port desktop and
24 port rack mount
models
• Companion Switch
for UC500
Business & Productivity Applications
Cisco Smart Assist Features
Cisco Configuration Assistant
Cisco Monitor Director
© 2007 Cisco Systems, Inc. All rights reserved.
• Autonomous APs or • VPN, Wired and
Wireless Access,
Unified Wireless
Solution with Mobility Remote IP Phone
extension
Express
Cisco Wireless Mobility Express
§ Part of the Smart Business Communications System
§ Works equally well as a standalone solution
§ An optimized WLAN solution for SMB
Easy to configure
Easy to manage
Grows as your business grows
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Wireless Mobility Express
§ Enables real-time access to core business applications
for mobile workers
§ Provides enterprise-class secure connectivity
§ Highly scalable
§ Low total cost of ownership
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Mobility Express Solution
A Solution That Evolves with You
Integration
§ Part of the Smart
Business
Communications
System
Flexible Cost
§ Pay as you grow
Hardware
Software
Advanced mobility services
Business-grade features
§
§
§
§
Reliability built-in
Security
Scalability
Advanced mobility
services
Cisco Mobility Express Solution
Application-Based
Access Points, controllers,
plus application Servers
Controller-Based
Access points plus controllers
Standalone
Access points
© 2007 Cisco Systems, Inc. All rights reserved.
Adapt to Your Level
of Sophistication
Grow with Your
Business
Offer a Mobile
Foundation for All
Access Points
Cisco 521 Wireless Express Access Point
§ Characteristics
Up to three APs can be managed through Cisco
Configuration Assistant (CCA) in standalone mode
Up to six APs can be managed through CCA
in controller-based mode
APs only associate with Cisco Wireless Express
Mobility Controllers
§ Features
Single radio 802.11b/g
Enterprise class security
Indoor Access Point
§ Standalone mode:
AIR-AP521G-x-K9
§ Controller-based mode:
AIR-LAP521G-x-K9
§ List price $499
Industry’s best range and throughput
Simultaneous air monitoring and traffic delivery
Flexible, secure mounting options
§ Benefits
From secure coverage to advanced services
Zero touch management
No dedicated air monitors
© 2007 Cisco Systems, Inc. All rights reserved.
Controllers
Cisco 526 Wireless Express Mobility Controller
§ Characteristics
Managed through Cisco Configuration Assistant
Supports up to six Cisco Wireless Express APs
Two 10/100 Ethernet ports
Only manages Cisco Wireless Express APs
Up to two controllers per network
§ Features
Centralized management of users, APs, policies, etc.
Automated radio resource management
EZ virtual network with up to eight SSIDs/VLANs
Mobility management
Guest access ready
Optimized voice over Wi-Fi ready
§ SKU:
AIR-WLC526-K9
§ List Price: $1799
© 2007 Cisco Systems, Inc. All rights reserved.
§ Benefits
Advanced enterprise grade features incl. Security
Cost effective solution for SMB
Ideal for data, voice, and video
Integration with SBCS
Cisco Configuration Assistant v1.5
§ Supports all SBCS components
§ Supports Mobility Express with new features & enhancements
§ Wizards simplify configuration of access points / controllers
§ Free download from CCO
§ Runs on Windows XP
© 2007 Cisco Systems, Inc. All rights reserved.
Typical Deployment Example
AP521
Example Smart Assist Features
Access Points
System Management Tools for
Configuration & Monitoring
WLC500
Wireless
CE520
Switching
UC500
Network
Foundation
PSTN
DSL/Cable
Modem or
Router for WAN
Communications,
Productivity & Business
Applications
© 2007 Cisco Systems, Inc. All rights reserved.
Internet
4 Analog Station Ports
(Fax, Door Bell, etc)
Teleworker
Secure Remote Phone support
Mobility Express
Standalone access points
Provide a Mobile
Foundation for
Simpler and
Faster Adoption
Cisco 521 Wireless
Express Access Points
LAN
Company Name: MobExpress
Number of Sites
Number of Employees
Number of Business
Partners
1
50
Cisco Configuration
Assistant
Integrated
Management
0
Site 1
© 2007 Cisco Systems, Inc. All rights reserved.
Mobility Express
Controller-based architecture
Increase
coverage,
users, &
locations
Add Controller
for Central
Configuration
and Mobile
Services
Provide a Mobile
Foundation for
Simpler and
Faster Adoption
Radio Resource
Management
Company Name: MobExpress
Number of Sites
Centralized
Management
2
Number of Employees
150
Number of Business
Partners
20
EZ Virtual
Networks
Site 2
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Configuration
Assistant
ü
Site 1
Connecting Standalone Access Points
§ Connect PC running CCA to the switch
§ Connect up to three APs to PoE ports on the switch
(use supplied power injectors if PoE ports are not available)
§ If CE 500 series is deployed, configure smart ports for APs
§ APs will obtain IP address from the DHCP server –
be sure DHCP server has been configured on the UC500
or that a DHCP server is set up on the network
© 2007 Cisco Systems, Inc. All rights reserved.
Connect Controller to the Network
§ Connect the controller to the CE500 series switch
§ Be sure smart port is configured as ‘Switch’
§ While controller reboots, connect PC with CCA
to the CE 500 series switch, making sure it is on the
same subnet as the controller and switch
§ Launch CCA
© 2007 Cisco Systems, Inc. All rights reserved.
Support for Voice, Data, Guest WLANs
© 2007 Cisco Systems, Inc. All rights reserved.
CUWN Products for SMB
§ Often sold to SMB customers:
Aironet 1130AG Series APs
Aironet 1240AG Series APs
2100 Series WLAN Controller
§ “Entry-level” enterprise products for SMB customers
who want advanced security, mobility applications,
scalability
§ Enables more AP and radio choices
§ Scalability to meet the requirements of small
businesses to large enterprises
§ Stronger investment protection
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Mobility Express Solution
§ Lower total cost of ownership
TCO 30–40% lower than Cisco Unified Wireless Network
§ Management
Cisco Configuration Assistant designed specially for SMBs,
integrates Mobility and Unified Communications
§ Capacity requirements for the future
Can support up to 12 Cisco Wireless Express access points
§ Features
Simple feature set, suitable for SMB applications
© 2007 Cisco Systems, Inc. All rights reserved.
Deployment Recommendations
Cisco Mobility Express Solution
SMB focused
Cisco Unified Wireless Network
Enterprise Focused
6 APs per controller
2 controllers per network
Stay within the 500 Series
No limitation
H-REAP supported
All APs supported on all controllers
Roaming
2 controllers, 1 mobility group
Layers 2 and 3
72 controllers, 24 mobility groups
Layers 2 and 3
Security
Encryption and authentication
Encryption and authentication
Intrusion detection and prevention
Shared management with SBCS
(All elements/technologies included)
Some features share management
with the wired infrastructure (security)
Mobility
Applications
Simplified Voice over Wi-Fi
Guest access
Voice over Wi-Fi
Full Guest access
Location-based services
Management
Cisco Configuration Assistant
(View of multiple networks)
Wireless Control System
AP Not to Exceed $500
Controller Not to Exceed $2000
AP: $599–$999
Controller: $3250–45,995
Capacity/
Scalability
Integration
Cost
© 2007 Cisco Systems, Inc. All rights reserved.
Advanced Mobility Express Services
Controller-based solution improves productivity, operations
Guest Access
§ Customized portal page for
guest login and
authentication
§ Simple set-up and admin of
secure access for visitors
§ Segments guest traffic on
separate VLAN
Voice over WLAN
§ Single & Dual Mode Phones
§ Optimized QoS, Call
Admission Control, & fast
inter-AP hand-off
§ Voice optimization button
eases AP and 7921
configuration
§ Voice configuration templates
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Wireless Mobility Express vs.
Cisco Unified Wireless Network
Wireless Controller Features
SBCS
CUWN
Zero touch LAP support
ü
ü
Layer 3 support
ü
ü
Multiple WLANs
ü
ü
Multiple VLANs ( Dynamic Interfaces)
ü
ü
Security: WEP, WPA, WPA2, MAC, ACL
ü
ü
RADIUS 802.1x Authentication
ü
ü
Voice over WLAN ready
ü
ü
WMM support
ü
ü
Layer 2 and 3 roaming
ü
ü
Wireless Guest User access
ü
ü
Internal and Customizable Web Portal support
ü
ü
Lobby Admin support (Web UI)
ü
ü
Auto RM support ( Auto RF)
ü
ü
Wireless Protection Policies
ü
ü
802.11b/g support
ü
ü
Rogue Detection (Web UI)
ü
ü
Multiple Countries support
ü
ü
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Wireless Mobility Express vs.
Cisco Unified Wireless Network
Wireless Controller Features
SBCS
CCA – Configuration Assistant
ü
Dynamic VLAN Synchronization
ü
Wizard Device Setup
ü
SNMP support ( Web UI for Monitor Director)
ü
CUWN
WCS support
Location Base services
ü
Mesh support
ü
H-REAP support
ü
Local EAP
ü
Internal RADIUS Server
ü
Internal DHCP Server
ü
Wired Guest User access
ü
AP Monitor/Sniffer mode support
ü
Intrusion Protection Services
ü
802.11a/n support
ü
Multicast support
ü
Full SNMP support
ü
© 2007 Cisco Systems, Inc. All rights reserved.
ü
WLAN AP Comparison
Companies
Cisco
D-Link
NETGEAR
521 (b/g), 1130(b/g)
DWL-2130AP
DWL-2230AP
DWL-3140
WGL102
1130, 1240
DWL-7130AP
DWL-7230AP
DWL-8220AP
WAGL102
521 (b/g), 1130(b/g)
DWL-2200AP
WG302, WG602
1130, 1240
DWL-7100AP
DWL-7200AP
WG602
3Com
ProCurve
Indoor – Dependent (requires controller)
Single Radio a/b/g
Dual Radio a/b/g
7760, 8760
Indoor Standalone
Single Radio a/b/g
Dual Radio a/b/g
420
7760, 8760
530,
ProCurve 10ag
Cisco Wireless Competitive Reference Guide - http://www.cisco.com/web/partners/downloads/partner/WWChannels/technology/wireless/download/wireless_crg.pdf - Requires CCO logon
© 2007 Cisco Systems, Inc. All rights reserved.
WLAN Controller Comparison
Cisco
Companies
D-Link
NETGEAR
3Com
DWS-3250
DWS-3227/3227P
DES-1228P
DWS-1008
WFS709TP
3CRUS2475
APs: 16 to 48
APs: up to 24
ProCurve
Distribution
4402
APs: 12 to 50
Integrated Access
Integration with
Switching
3750G
APs: 12 to 50
APs: 12 to 50
Integration with
Routing
WLC for ISR
platforms
APs: 8 to 12
Small Office
526
APs: 1 to 12
2106
ZD 1006
APs: 6
APs: 1 to 6
WLC for ISR APs:
1 to 12
Cisco Wireless Competitive Reference Guide - http://www.cisco.com/web/partners/downloads/partner/WWChannels/technology/wireless/download/wireless_crg.pdf - Requires CCO logon
© 2007 Cisco Systems, Inc. All rights reserved.
Security – Alphabet Soup
802.1X
Provides a framework for authenticating users and controlling access to a protected
network and dynamic encryption keys to protect data privacy
EAP
Extensible Authentication Protocol – authentication framework for wireless and wired
Ethernet networks
TLS
Transport Layer Security. Designed to authenticate and encrypt data communications,
prevent eavesdropping, message forgery, and interference
PEAP
Protected Extensible Authentication Protocol (802.1X authentication)
LEAP
Lightweight Extensible Authentication Protocol (Cisco proprietary)
TKIP
Temporal Key Integrity Protocol. Wireless security encryption mechanism in WPA
AES
Advanced Encryption Standard
MIC
Message Integrity Check
WEP
The original security standard used to encrypt wireless network traffic
WPA2
Wi-Fi Protected Access 2. Strong data protection and network access control.
Uses FIPS 140-2 compliant AES encryption algorithm and 802.1X-based authentication
LWAPP
Lightweight Access Point Protocol can control multiple access points at once
CAPWAP
Control & Provisioning of Wireless Access Points
X.509
ITU-T standard for public key (cryptography) infrastructure; specifies standard formats
for certificates and certification path validation algorithm
FIPS
Federal Information Processing Standard
© 2007 Cisco Systems, Inc. All rights reserved.
Wi-Fi Protected Access
§ What are the differences
between WPA / WPA2?
Authentication / encryption
standards for /clients and APs
Gold
WPA2/802.11i
• EAP Fast/TLS/PEAP
• AES
802.1x authentication
WPA uses TKIP encryption
Silver
WPA2 uses AES encryption
WPA
§ Which should I use?
• EAP-Fast/TLS/PEAP
• TKIP
Gold, for supporting NIC/OSs
Silver, if you have legacy clients
Lead, if you absolutely have no
other choice (i.e., ASDs)
© 2007 Cisco Systems, Inc. All rights reserved.
Lead
Dynamic WEP
• EAP-Fast/LEAP
• VLANs + ACLs
Cisco Unified Wireless Network
Associated Benefits
Products / Solutions
Wireless Control System
© 2007 Cisco Systems, Inc. All rights reserved.
Standalone
mode
Access Points
Controller
based
mode
WLAN Controllers
§ Simplified management
For more than two controllers
§ Integrated wired / wireless
management
§
§
§
§
Centralized management
Integrated form factor
Dynamic RF management
Advanced security
Secure guest access
Intrusion detection & prevention
§ Affordable entry level solution
§ Benefit from the latest Wi-Fi
standards
§ Investment protection
Autonomous Deployments Originally
Had Little Coordination
§ Each AP had its own view of the network – like standalone cell
towers
§ No hierarchical view of the RF – or the network
© 2007 Cisco Systems, Inc. All rights reserved.
Enter The Controller
DHCP
DHCP
DNS
DNS
RADIUS
RADIUS
ACS
ACS
HPOV
HPOV
Control and Management
LWAPP (CAPWAP)
© 2007 Cisco Systems, Inc. All rights reserved.
Benefits of Controller-Based Architecture
§ Centralized configuration and management
§ Roaming capabilities for true mobility
§ Advanced services
§ Radio Resource Management
§ Client load balancing
© 2007 Cisco Systems, Inc. All rights reserved.
RRM: Dynamic Channel Assignment
§ Channel 1 (2.4 GHz) is Access Point default
§ AP reports metrics to controller:
Load: % total time transmitting/receiving 802.11 frames
Noise: AP calculated noise values on each serviced channel
Interference: % taken up by contending 802.11 transmissions
Signal Strength: RSSI values of the AP’s neighbors
§ RRM makes changes to the channel plan, if necessary
§ Logic is applied to minimize changes
§ Running APs return to default assignment on reboot
© 2007 Cisco Systems, Inc. All rights reserved.
Why Do Customers Choose Cisco?
Industry leading wireless solution
Proven Customer Track Record
§ 5+ Million Cisco APs deployed worldwide
§ 128,000+ Cisco WLAN customers worldwide
§ 95% of Fortune 500 companies use Cisco
products
§ Cisco ranked Top 10 Most Powerful
Networking Company by Network World
§ Whole offer: technologies, service and support,
flexible financing or leasing options and
industry-specific solutions
§ Market Leadership: 61% market share,
significantly more share than nearest
competitors (Aruba, Motorola)
© 2007 Cisco Systems, Inc. All rights reserved.
Why Do Customers Choose Cisco?
Driving Industry Standards
§ Wi-Fi Alliance founding member
§ Founding contributors to Network
World’s “Wireless Wizards” column
§ Award winning CCIE Program
Proven Track Record of Innovation
§ Initial author of 802.11 and LWAPP
§ Chair of numerous IEEE Committees
§ Cisco spends more on Wireless R&D
than the combined revenue of our two
top competitors
Smart Business Applications
§ Mobility Services
§ Technology Developer Partners
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Compatible Extensions
The Standard for Client Advancement
Over 90% of Client Devices Cisco Compatible
Client Devices
Features
Client Devices
§ Assured compatibility with 400+ devices
§ Standards-based
§ Enhanced security, mobility, and
performance
§ Supports Mobility Services i.e..
Location, voice
Benefits
§ Accelerates innovation
§ Supports diverse enterprise applications
§ Ensures multi-vendor interoperability
§ Enables simplified deployment of mobile
WLAN clients
http://www.cisco.com/go/ciscocompatible/wireless
© 2007 Cisco Systems, Inc. All rights reserved.
Ďakujem za pozornosť.
Q & A?
Stanislav Hrda
Stanislav.Hrda@alefnula.sk
© 2007 Cisco Systems, Inc. All rights reserved.
© 2007 Cisco Systems, Inc. All rights reserved.