Data Sheet
Cisco 8500 Series Wireless Controllers
The Cisco® 8500 Series Wireless Controllers are a highly scalable and flexible
platform that enables mission-critical wireless networking for enterprise and service
provider deployments.
Lower CapEx and OpEx
● Consolidate multiple controllers into one controller
with support for up to 6000 access points, and save
on rack space with a 1RU platform.
● Deploy fewer controllers in a data center by
consolidating many controllers into one controller
that supports centralized deployments and Cisco
FlexConnect™ and mesh access point deployments.
● Gain significant savings in operations by
configuring, managing, and troubleshooting up to
6000 access points and 64,000 clients with a single
point of touch.
Multilayer High Availability (HA)
● Service Set Identifier (SSID) HA with sub-second
access point and client failover.
● Dual-redundant power supplies installed.
● Dual-redundant 10 Gigabit Ethernet connectivity.
Service Provider Wi-Fi
● Wi-Fi Certified Passpoint (Hotspot 2.0) for mobile
data offload.
● Network-based mobility management with Proxy
Mobile IPv6 Mobility Access Gateway (MAG)
support for integration with cellular data networks.
Designed for 802.11n performance and maximum scalability, the
8500 Series offers enhanced uptime for high-scale deployments
with support for:
●
6000 access points and 64,000 clients in a 1RU form factor
●
4096 VLANs for large-scale deployments
●
Sub-second access point and client failover for Service Set
Identifier (SSID) high availability
●
Dual-redundant power supplies installed (AC or DC)
●
Dual-redundant 10 Gigabit Ethernet connectivity
Figure 1. Cisco 8500 Series Wireless Controller
Features
Licensing Flexibility and Investment Protection
● Additional access point capacity licenses can be
added over time.
● Right-to-use licensing (with EULA acceptance) for
faster and easier license enablement.
The Cisco 8500 Series Wireless Controllers (Figure 1) provide
FlexConnect, Centralized, and Mesh Deployment
Flexibility in a Single Controller
● Intelligent RF control plane, centralized software
update, control and management, and
troubleshooting.
● Mesh access point support for deployments where
full Ethernet cabling is not available.
● Deploy Cisco FlexConnect in sites with up to 100
access points in up to 2000 groups.
controller: for example, centralized mode for campus, Cisco
Comprehensive Wired and Wireless Security
● Full access point-to-controller encryption via the
Control and Provisioning of Wireless Access Points
(CAPWAP) protocol.
● Supports rogue access point detection and
detection of denial-of-service attacks.
● Management frame protection detects malicious
users and alerts network administrators.
Secured Guest Access
● Deploy simple and secure guest access services
across 6000 sites.
centralized control, management, and troubleshooting for
enterprise and service provider deployments. The 8500 Series
offers flexibility to support multiple deployment modes in the same
FlexConnect™ mode for lean branches managed over the WAN,
and mesh (bridge) mode for deployments where full Ethernet
cabling is unavailable.
The Cisco 8500 Series Wireless Controllers support Cisco
Application Visibility and Control (AVC). Cisco AVC includes the
Network-Based Application Recognition 2 (NBAR-2) engine,
Cisco’s deep packet inspection (DPI) capability, which classifies
applications, applies quality of service (QoS) settings to either drop
or mark the traffic, and prioritizes business-critical applications in
the network. Cisco AVC uses NetFlow Version 9 to export the flows
to Cisco Prime™ Infrastructure or a third-party NetFlow collector.
© 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 1 of 7
The Cisco 8500 Series also supports Bonjour Services Directory to enable Bonjour Services to be advertised and
utilized in a separate Layer 3 network. A wireless policy engine on the Cisco 8500 Series enables profiling of
wireless devices and enforcement of policies such as VLAN assignment, QoS, access control lists (ACLs), and
time-of-day- based access.
Cisco 8500 Series Wireless Controllers automate wireless configuration and management functions and allow
network managers to have the visibility and control needed to cost-effectively manage, secure, and optimize the
performance of their branch networks. As a component of the Cisco Unified Wireless Network, this controller
provides real-time communications between Cisco Aironet® access points, Cisco Prime Infrastructure, and the
Cisco Mobility Services Engine, and is interoperable with other Cisco controllers.
The Cisco 8500 Series has integrated Cisco CleanAir® technology, providing the industry’s only self-healing and
self-optimizing wireless network for branches.
Software Licensing Flexibility
Cisco 8500 Series Wireless Controllers provide right-to-use license enablement (with EULA agreement) for faster
time to deployment, with the flexibility to add additional access points (up to 6000 access points) as business
needs grow. Table 1 lists the features and benefits of the Cisco 8500 Series Wireless Controllers.
Table 1.
Features and Benefits
Feature
Benefits
Scalability
● Supports 100,300, 500, 1000, 3000, or 6000 access points
● Supports 64,000 clients
● Supports up to 6000 branch locations (up to 2000 Cisco FlexConnect groups) with 100 access points per branch
● Supports up to 4096 VLANs
RF management
● Provides both real-time and historical information about RF interference affecting network performance across
controllers, through systemwide integration of Cisco CleanAir technology
Cisco FlexConnect,
centralized switching,
and mesh access point
support
● Centralized control, management, and client troubleshooting
● Seamless client access in the event of a WAN link failure (local data switching)
● Highly secure guest access
● Indoor and outdoor mesh access point support
● Efficient access point upgrade that optimizes the WAN link utilization for downloading access point images
● Cisco OfficeExtend technology that supports corporate wireless service for mobile and remote workers with
secure wired tunnels to Cisco Aironet Access Points
● Rogue detection for Payment Card Industry (PCI) compliance
Service provider Wi-Fi
● Wi-Fi Certified Passpoint (Hotspot 2.0), facilitating hotspot operation for mobile data offloads
● Network-based mobility management with Proxy Mobile IPv6 Mobility Access Gateway (MAG) support for
integration with cellular data networks
Comprehensive end-toend security
● Offers CAPWAP-compliant Datagram Transport Layer Security (DTLS) encryption on the control plane between
access points and controllers across remote WAN links
End-to-end voice
● Supports Cisco Unified Communications for improved collaboration through messaging, presence, and
conferencing
● Supports all Cisco Unified IP Phones for cost-effective, real-time voice services
Fault tolerance and high
availability
● Access points continue to provide seamless services when a controller fails; provides failover to another backup
controller for centralized control and management
● SSID high availability with sub-second access point and client failover from the primary to standby controller
● Redundant power supply helps ensure maximum availability
● 10 Gigabit Ethernet connectivity: Two 10 Gigabit Ethernet ports for redundancy
Enterprise Wireless
Mesh
● Allows access points to dynamically establish wireless connections without the need for a physical connection to
the wired network
● Available on select Cisco Aironet access points, Enterprise Wireless Mesh is ideal for warehouses, manufacturing
floors, shopping centers, and any other location where extending a wired connection may prove difficult or
aesthetically unappealing
© 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 2 of 7
Feature
Benefits
High-performance video
● Integrates Cisco VideoStream technology as part of the medianet framework to optimize the delivery of video
applications across the WLAN
Mobility, security, and
management for IPv6
and dual-stack clients
● Highly secure, reliable wireless connectivity and consistent end-user experience
● Increased network availability through proactive blocking of known threats
Environmentally
responsible
● Organizations may choose to turn off access point radios to reduce power consumption during off-peak hours
● Equips administrators for IPv6 planning, troubleshooting, and client traceability from Cisco Prime Infrastructure
Table 2 lists the product specifications for the Cisco 8500 Series Wireless Controllers.
Table 2.
Product Specifications
Item
Specifications
Wireless
IEEE 802.11a, 802.11b, 802.11g, 802.11d, WMM/802.11e, 802.11h, 802.11n, 802.11k, 802.11r, 802.11u, 802.11w,
802.11ac
Wired/switching/routing
IEEE 802.3 10BASE-T, IEEE 802.3u 100BASE-TX, 1000BASE-T. 1000BASE-SX, 1000-BASE-LH, IEEE 802.1Q
VLAN tagging, IEEE 802.1AX Link Aggregation
Data RFCs
● RFC 768 UDP
● RFC 791 IP
● RFC 2460 IPv6 (pass-through Bridging mode only)
● RFC 792 ICMP
● RFC 793 TCP
● RFC 826 ARP
● RFC 1122 Requirements for Internet Hosts
● RFC 1519 CIDR
● RFC 1542 BOOTP
● RFC 2131 DHCP
● RFC 5415 CAPWAP Protocol Specification
Security standards
● Wi-Fi Protected Access (WPA)
● IEEE 802.11i (WPA2, RSN)
● RFC 1321 MD5 Message-Digest Algorithm
● RFC 1851 ESP Triple DES Transform
● RFC 2104 HMAC: Keyed Hashing for Message Authentication
● RFC 2246 TLS Protocol Version 1.0
● RFC 2401 Security Architecture for the Internet Protocol
● RFC 2403 HMAC-MD5-96 within ESP and AH
● RFC 2404 HMAC-SHA-1-96 within ESP and AH
● RFC 2405 ESP DES-CBC Cipher Algorithm with Explicit IV
● RFC 2407 Interpretation for ISAKMP
● RFC 2408 ISAKMP
● RFC 2409 IKE
● RFC 2451 ESP CBC-Mode Cipher Algorithms
● RFC 3280 Internet X.509 PKI Certificate and CRL Profile
● RFC 4347 Datagram Transport Layer Security
● RFC 4346 TLS Protocol Version 1.1
Encryption
● Wired Equivalent Privacy (WEP) and Temporal Key Integrity Protocol-Message Integrity Check (TKIP-MIC):
RC4 40, 104 and 128 bits (both static and shared keys)
● Advanced Encryption Standard (AES): Cipher Block Chaining (CBC), Counter with CBC-MAC (CCM), Counter
with Cipher Block Chaining Message Authentication Code Protocol (CCMP)
● Data Encryption Standard (DES): DES-CBC, 3DES
● Secure Sockets Layer (SSL) and Transport Layer Security (TLS): RC4 128-bit and RSA 1024- and 2048-bit
● Datagram Transport Layer Security (DTLS): AES-CBC
● IPsec: DES-CBC, 3DES, AES-CBC
© 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 3 of 7
Item
Authentication,
authorization, and
accounting (AAA)
Specifications
● IEEE 802.1X
● RFC 2548 Microsoft Vendor-Specific RADIUS Attributes
● RFC 2716 PPP EAP-TLS
● RFC 2865 RADIUS Authentication
● RFC 2866 RADIUS Accounting
● RFC 2867 RADIUS Tunnel Accounting
● RFC 3576 Dynamic Authorization Extensions to RADIUS
● RFC 3579 RADIUS Support for EAP
● RFC 3580 IEEE 802.1X RADIUS Guidelines
● RFC 3748 Extensible Authentication Protocol
● Web-based authentication
● TACACS support for management users
Management
● Simple Network Management Protocol (SNMP) v1, v2c, v3
● RFC 854 Telnet
● RFC 1155 Management Information for TCP/IP-Based Internets
● RFC 1156 MIB
● RFC 1157 SNMP
● RFC 1213 SNMP MIB II
● RFC 1350 TFTP
● RFC 1643 Ethernet MIB
● RFC 2030 SNTP
● RFC 2616 HTTP
● RFC 2665 Ethernet-Like Interface types MIB
● RFC 2674 Definitions of Managed Objects for Bridges with Traffic Classes, Multicast Filtering, and Virtual
Extensions
● RFC 2819 RMON MIB
● RFC 2863 Interfaces Group MIB
● RFC 3164 Syslog
● RFC 3414 User-Based Security Model (USM) for SNMPv3
● RFC 3418 MIB for SNMP
● RFC 3636 Definitions of Managed Objects for IEEE 802.3 MAUs
● Cisco private MIBs
Management interfaces
● Web-based: HTTP/HTTPS
● Command-line interface: Telnet, Secure Shell (SSH) Protocol, serial port
● Cisco Prime Infrastructure
Interfaces and
Indicators
● 2 10 Gigabit Ethernet interfaces
● Small Form-Factor Pluggable (SFP) options (only Cisco SFPs supported): SFP-10G-SR, SFP-10G-LR
● LED indicators: Network Link, Diagnostics
● 1 service port: 10/100/1000 Mbps Ethernet (RJ-45)
Physical dimensions
● Dimensions (WxDxH): 17.30 x 28.00 x 1.69 in. (440.0 x 711.4 x 43.0 mm)
● Weight: 35.1 lb (15.9 kg) with 2 power supplies
© 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 4 of 7
Item
Specifications
Environmental
conditions
Air temperature:
● Appliance on: 10° to 35°C (50° to 95°F); altitude: 0 to 914.4 m (3000 ft), decrease system temperature by 1.8°F
(1.0°C) for every 1000-foot (305-m) increase in altitude
● Appliance off: 5° to 45°C (41° to 113°F); maximum altitude: 3048 m (10,000 ft)
● Storage: -40° to 60°C (-40° to 140°F); maximum altitude: 3048 m (10,000 ft)
Humidity:
● Appliance on: 20% to 80%; maximum dew point: 70°F (21°C); maximum rate of change: 9°F (5°C)/hr
● Appliance off: 8% to 80%; maximum dew point: 80°F (27°C)
Electrical input:
● Sine-wave input (47 - 63 Hz) required
● Input voltage range (DC):
◦ Minimum: -40 VDC
◦ Maximum: -75 VDC
● Input voltage low range:
◦ Minimum: 100 VAC
◦ Maximum: 127 VAC
● Input voltage high range:
◦ Minimum: 200 VAC
◦ Maximum: 240 VAC
● Input kilovolt-amperes (kVA), approximately:
◦ Minimum: 0.090 kVA
◦ Maximum: 0.700 kVA
● Heat output (maximum) 2302 Btu per hour (675 watts)
● Acoustical noise emissions:
◦ Sound power, idling: 6.1 bels maximum
◦ Sound power, operating: 6.1 bels maximum
Regulatory compliance
CE Mark
Safety:
● UL 60950-1:2003
● EN 60950:2000
● EMI and susceptibility (Class A)
● U.S.: FCC Part 15.107 and 15.109
● Canada: ICES-003
● Japan: VCCI
● Europe: EN 55022, EN 55024
Table 3 lists ordering and accessories information for the Cisco 8500 Series Wireless Controllers.
To place an order, visit the Cisco ordering website: http://www.cisco.com/en/US/ordering/index.shtml.
Table 3.
Ordering Information
Part Number
Product Name
Cisco SMARTnet® Service 8x5xNBD
AIR-CT8510-100-K9
8500 Series Controller for up to 100 Cisco access points
CON-SNT-AIRC8510
AIR-CT8510-300-K9
8500 Series Controller for up to 300 Cisco access points
CON-SNT-AIRCT853
AIR-CT8510-500-K9
8500 Series Controller for up to 500 Cisco access points
CON-SNT-AIRCT855
AIR-CT8510-1K-K9
8500 Series Controller for up to 1000 Cisco access points
CON-SNT-AIRCT85Z
AIR-CT8510-3K-K9
8500 Series Controller for up to 3000 Cisco access points
CON-SNT-AIRCT85K
AIR-CT8510-6K-K9
8500 Series Controller for up to 6000 Cisco access points
CON-SNT-AIRCT856
AIR-CT8510-HA-K9
8500 Series Controller for High Availability
CON-SNT-AIRCT85
AIR-CT8510-SP-K9
8500 Series Wireless Controller with 0 APs included, Dual AC PSU
CON-SNT-AIRCT85B
AIR-CT85DC-SP-K9
8500 Series Wireless Controller with 0 APs included, Dual DC PSU
CON-SNT-AIRCT85A
© 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 5 of 7
Additive Capacity Upgrade Licenses
Tables 4 and 5 show the additive capacity upgrade licenses that are available for the Cisco 8500 Series Wireless
Controller.
Table 4.
Ordering Information for Additive Capacity Licenses (e-Delivery PAKs)
e-License
Part Number
Product Description
SMARTnet® 8x5xNBD
L-LIC-CT8500-UPG
Primary upgrade SKU: Pick any number or combination of the following
options under this SKU to upgrade one or many controllers under one
product authorization key
CON-SNT-CT8500UP
L-LIC-CT8500-100A
100 Access Point Adder License for the 8510 Controller (e-Delivery)
CON-SNT-LICCT851
L-LIC-CT8500-500A
500 Access Point Adder License for the 8510 Controller (e-Delivery)
CON-SNT-LICCT855
L-LIC-CT8500-1000A 1000 Access Point Adder License for the 8510 Controller (e-Delivery)
Table 5.
CON-SNT-CT851KA
Ordering Information for Additive Capacity Licenses (Paper PAKs)
Paper
License
Part Number
Product Description
SMARTnet 8x5xNBD
LIC-CT8500-UPG
Primary upgrade SKU: Pick any number or combination of the following
options under this SKU, to upgrade one or many controllers under one
product authorization key
CON-SNT-CT8500UP
LIC-CT8500-100A
100 Access Point Adder License for the 8510 Controller
CON-SNT-LICCT851
LIC-CT8500-500A
500 Access Point Adder License for the 8510 Controller
CON-SNT-LICCT855
LIC-CT8500-1000A
1000 Access Point Adder License for the 8510 Controller
CON-SNT-CT851KA
Table 6 shows the optional DTLS license for the Cisco 8500 Series Wireless Controllers.
Datagram Transport Layer Security (DTLS) is required for all Cisco OfficeExtend deployments to encrypt the data
plane traffic. To enable this functionality, you must obtain a $0 DTLS license. Customers planning to install this
device physically in Russia must obtain a paper PAK in order to enable a DTLS license and should not download
the license from Cisco.com. Please consult your local government regulations to ensure that data DTLS encryption
is permitted.
The DTLS paper PAK license is designated for customers who purchase a controller with DTLS disabled due to
import restrictions but get permission to add DTLS support after initial purchase. This optional DTLS license is
required for Cisco OfficeExtend deployment.
Table 6.
Optional Licensing (PAKs) and Accessories
Part Number
Description
LIC-CT8500-UPG
Primary upgrade SKU: Pick any number or combination of the following options under this SKU to upgrade one or
many controllers under one product authorization key
LIC-CT8510-DTLS-K9
Cisco 8500 Series Controller DTLS License (paper Certificate - U.S. Mail)
L-LIC-CT8500-UPG
Primary upgrade SKU: Pick any number or combination of the following options under this SKU to upgrade one or
many controllers under one product authorization key
L-LIC-CT85-DTLS-K9
Cisco 8500 Series Controller DTLS License (electronic certificate - must not be ordered by Russian customers)
AIR-SRVR-PWR=
Field replaceable AC power supply for wireless appliances
AIR-SVR-PWR-DC=
Field replaceable DC Power Supply for 8510DC (AIR-CT85DC-K9)
AIR-SRVR-300GB-HD=
Field replaceable 300GB HD for wireless/management servers
© 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 6 of 7
Service and Support
Realize the full business value of your wireless network and mobility services investments faster with intelligent,
customized services from Cisco and our partners. Backed by deep networking expertise and a broad ecosystem of
partners, Cisco professional and technical services enable you to successfully plan, build, and run your network as
a powerful business platform. Our services can help you successfully deploy the Cisco 8500 Series Wireless
Controller and integrate mobility solutions effectively to lower the total cost of ownership and secure your wireless
network.
To learn more about Cisco Wireless LAN service offers, visit: http://www.cisco.com/go/wirelesslanservices.
Summary
The Cisco 8500 Series Wireless Controllers are designed to support large-scale service provider and large-campus
deployments. They simplify deployment and operation of wireless networks, helping to ensure smooth
performance, enhance security, and maximize network availability. The Cisco 8500 Series manages all the Cisco
access points within campus, service provider, and branch locations, eliminating complexity and providing network
administrators with visibility and control of their wireless LANs.
For More Information
For more information about Cisco wireless controllers, contact your local account representative or visit:
http://www.cisco.com/en/US/products/ps6302/Products_Sub_Category_Home.html.
For more information about the Cisco Unified Wireless Network framework, visit:
http://www.cisco.com/go/unifiedwireless.
Printed in USA
© 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
C78-713207-06
05/14
Page 7 of 7