Presentation is loading. Please wait.

Presentation is loading. Please wait.

Wireless – What lies ahead

Published byLoraine Wilkerson Modified over 9 years ago

Similar presentations

Presentation on theme: "Wireless – What lies ahead"— Presentation transcript:

1 Wireless – What lies ahead
Looking at LWAPP and Mobile Handset Develpment Aybala C.S. Tut Systems Engineer

2 Agenda Distributed vs. Centralized WLAN Architecture
Centralized Architecture and Infrastructure Mobile Handsets Tutorial – assignment problems Feedback forms

3 Distributed vs. Centralized WLAN Architecture

4 Cisco Wireless LAN Portfolio Distributed - Centralized
Distributed Solution Centralized Solution Cisco Wireless Control System (WCS) Management CiscoWorks WLSE CiscoWorks WLSE Express Control Catalyst 6500 Series WLSM Cisco WLAN Controllers Cisco 1000, 1130, 1200, 1230, 1240 Access Points Lightweight (LWAPP) Cisco 1100, 1130, 1200, 1230, 1240, 1300 Access Points Autonomous Access Applications Cisco Compatible Extensions and Wi-Fi Client Devices

5 Centralized Architecture and Infrastructure

6 The Centralized Architecture
Cisco WLAN Controller LWAPP Switch/Routed Network Lightweight Access Points

7 Understanding WLAN Controllers—1st/2nd Generation vs
Understanding WLAN Controllers—1st/2nd Generation vs. 3rd Generation Approach 1st/2nd generation— APs act as 802.1Q translational bridge, putting client traffic on local VLANs 3rd generation—Controller bridges client traffic centrally 1st/2nd Generation 3rd Generation The centralized architecture consists of one AP lighter in terms of intelligence united through a tunnel to the controller which is the heart of the solution. This tunnel is created through a special protocol called Light Weight Access Point Protocol. The distributed architecture, traffic belonging to different user SSID was distributed in the AP to the various VLANs and sent to the wired network with a trunk 802.1q. in the new approach all traffic is sent to the controller which is responsible for passing it on the network in the vlan.

8 Understanding WLAN Controllers—The WLAN Controller as a Network Device
For wireless end-user devices, the controller is a 802.1Q bridge that takes traffic of the air and puts it on a VLAN From the perspective of the AP, the controller is an LWAPP Tunnel end-point with an IP address From the perspective of the network, it’s a Layer-2 device connected via one or more 802.1Q trunk interfaces The AP connects to an access port—no concept of VLANs at the AP

9 The Lightweight AP Architecture “Split – MAC” Approach
Cisco WLAN Controller Security Policies QoS Policies Dynamic RF Management Channel assignment Transmit power adjustment Interference avoidance Coverage hole managerment Load balancing Capacity management Mobility Management LWAPP Switch/Routed Network Lightweight Access Points Remote RF interface MAC Layer Encryption

10 Centralized Solution Architecture “Split-MAC” Approach
Remote RF interface MAC layer encryption Security policies QoS policies RF management Mobility management Wireless Controller Division of Labor Split MAC LWAPP Lightweight Access Point Protocol (LWAPP) is the core protocol for the centralized WLAN architecture that provides for the management and configuration of the WLAN, as well as the tunneling of the WLAN client traffic to and from a centralized WLAN controller (WLC). Figure 2-1 shows a high level schematic of the basic centralized WLAN architecture, where LWAPP APs connect to a WLC. Although the LWAPP protocol has a number of components, only the components of the LWAPP protocol that impact the network design and operation are discussed in this document. The key features are the LWAPP split MAC tunnel, the various tunnel types, and the WLC discovery process. Split MAC One of the key concepts of the LWAPP is concept of split MAC, where part of the protocol operation is managed by the LWAPP AP, and other parts of the protocol are managed by the WLC. A schematic of the split MAC concept is shown in Figure 2-2. The AP at its simplest level is the radio MAC layer providing bridging to a wired network for the WLAN client associated to the AP Basic Service Set Identifier (BSSID). as shown in Figure 2-2a. The standard extends the single AP concept to allow multiple APs to provide an extended service set (ESS), where multiple APs use the same ESS identifier (ESSID; commonly referred to as an SSID) to allow a WLAN client to connect to the same network through different APs. The LWAPP split MAC concept breaks the APs making up the ESS into two component types: the LWAPP AP, and the WLC. These are linked via the LWAPP protocol across a network to provide the same functionality of radio services, as well as bridging of client traffic in a package that is simpler to deploy and manage than individual APs connected to a common network. Note Although the split MAC provides a Layer 2 connection between the WLAN clients and the wired interface of the WLC, this does not mean that the LWAPP tunnel passes all traffic; the WLC forwards only IP Ethertype, and its default behavior is not to forward broadcast or multicast traffic. This becomes important when considering multicast and broadcast in the WLAN deployment. The simple timing-dependent operations are generally managed on the LWAPP AP, and more complex and less time-dependent operations are managed on the WLC. For example, the LWAPP AP handles the following: Frame exchange handshake between a client and AP Transmission of beacon frames Buffering and transmission of frames for clients in power save mode Response to probe request frames from clients; the probe requests are also sent to the WLC for processing Forwarding notification of received probe requests to the WLC Provision of real-time signal quality information to the switch with every received frame Monitoring each of the radio channels for noise, interference, and other WLANs Monitoring for the presence of other APs Encryption and decryption of frames Other functionality is handled by the WLC. Some of the MAC-layer functions provided by the WLC include the following: authentication association and reassociation (mobility) frame translation and bridging 802.1x/EAP/RADIUS processing Termination of traffic on a wired interface, except for the REAP and H-REAP, which are discussed later in this guide When the WLAN LWAPP tunnel traffic reaches the WLC, it is mapped to the matching VLAN interface configured on the WLC that defined the SSID, operational state, and WLAN security and quality parameters for that WLAN. WLC WLAN parameters define the wired interface to which the WLC WLAN is mapped. The wired interface on the WLC is typically a VLAN configured on a WLC port, but a WLAN client can be mapped to a specific VLAN interface on the WLC based on parameters sent by the AAA server after successful EAP authentication. Layer 2 and Layer 3 Tunnels LWAPP allows tunneling within Ethernet frames (Layer 2) and within UDP packets (Layer 3). This is configurable on the WLC, but not all WLCs support Layer 2 tunneling, and a WLC can support only one tunnel type at a time. Layer 2 Tunnel When using Layer 2 LWAPP, the WLC and the LWAPP APs still require IP addresses, but the Layer 2 LWAPP connection uses Ethertype 0xBBBB to encapsulate the LWAPP traffic between the AP and the WLC, and all interaction between the LWAPP AP and the WLC are within the Ethertype 0xBBBB. Although Layer 2 LWAPP is one of the simplest ways to establish LWAPP connection, and is sometimes the easiest way for the initial configuration of APs or troubleshooting AP WLC connectivity, it is not generally recommended for enterprise deployment, and is not discussed in detail in this document. The primary reasons for Layer 2 LWAPP not being recommended are the following: The need to provide a Layer 2 connection between the LWAPP APs and the WLC limits the location of the APs or WLC, unless Layer 2 connections are extended across the enterprise network, which goes against current networking best practice. Layer 2 LWAPP is not supported on all LWAPP AP and WLC platforms. Layer 2 LWAPP does not support CoS marking of the Ethertype frames, and therefore is not able to provide end-to-end QoS for tunnelled traffic, although the client traffic DSCP is maintained within the tunnel. Layer 3 Tunnel Layer 3 LWAPP tunnels are the recommended LWAPP deployment type, and use IP UDP packets to provide communication between the LWAPP AP, and the WLC. The LWAPP tunnels between the LWAPP APs and the WLC perform fragmentation and reassembly of tunnel packets; allowing the client traffic to use the full 1500 byte MTU and not have to adjust for any tunnel overhead. To optimize fragmentation and reassembly, the number of fragments that the WLC or AP expect to receive is limited. The ideal supported MTU for deploying the Cisco Unified Wireless is 1500, but the solution operates successfully over networks where the MTU is as small as 500 bytes. The following are some Layer 3 LWAPP packet captures to illustrate LWAPP operation. These three sample decodes of the LWAPP packets use the Ethereal Network Analyzer. Note Note that the default Ethereal configuration does not decode Cisco LWAPP packets correctly. This can be corrected by using the “SWAP Frame Control” option in protocol preferences. Lightweight Access Points

11 Split – MAC AP MAC Functions
802.11: Beacons, probe response, authentication (if open) control: Packet acknowledgement and retransmission (latency) 802.11e: Frame queuing and packet prioritization (access to RF) 802.11i: Encryption in AP

12 Split- MAC Controller MAC Functions
MAC mgmt: (Re)association requests and action frames Data: Encapsulate and sent to AP 802.11e resource reservation: Control protocol carried to AP in mgmt frames—signaling done in the controller 802.11i authentication and key exchange

13 Real-Time RF Management
Dynamic Channel Assignment RF channel “1” RF channel “6” RF channel “11” Dynamic Power Optimization Eliminate coverage holes Optimize coverage area Avoid interference/Improve performance Reduce “hands on” WLAN mgmt

14 No Single Point of Failure AP Redundancy
Cisco WLAN Controller Ethernet Switch Cisco Access Point

15 No Single Point of Failure WLC Redundancy
Primary WLCM Secondary WLCM Primary and secondary controllers can be configured

16 Better Network Performance Dynamic Load Sharing
Solving Performance & Capacity problems in high density areas (e.g. conference rooms, cafeteria)… 16

17 Better Network Performance Dynamic Load Sharing
Solving Performance & Capacity problems in high density areas (e.g. conference rooms, cafeteria)… 17

18 Better Network Performance Dynamic Load Sharing
Solving Performance & Capacity problems in high density areas (e.g. conference rooms, cafeteria)… 18

19 Wireless LAN Controller Family
Wireless LAN Controllers 4400 2000 Catalyst 6500 Series Wireless Services Module (WiSM) WiSM Cisco Wireless LAN Controllers work in conjunction with Cisco lightweight access points and the Cisco Wireless Control System (WCS) to support business-critical wireless applications. From voice and data services to location tracking, WLAN controllers provide the control, scalability, and reliability that IT managers need to build secure, enterprise-scale wireless networks-from branch offices to main campuses. Today’s wired and wireless unification occurs with Cisco 4400 and 2000 Series wireless LAN controllers. The capacity range of these controllers ranges from six access points with the 2006 model to 100 access points with the 4404 model. Catalyst 6500 Series Wireless Services Module (WiSM) that supports 300 access point per blade with 5 blades per chassis/1500 per cluster. It smoothly integrates into existing Cisco Catalyst 6500 Series enterprise networks and scales to deliver secure, enterprise wireless access to main, branch, and remote campuses. Wireless LAN Controller Module (WLCM) for Integrated Services Routers (ISR) supports 6 access points per ISR for branch office & SMB deployments Catalyst 3750 switch integration is planned for mid Catalyst 3750 will support access points per switch for SMB Cisco wireless LAN controllers can be deployed in an N+1 redundant topology, allowing enterprises to scale their wireless networks while knowing that they are protected from both hardware and software disruptions. Features Enterprise scalability and reliability Real-time RF Management Multi-layered security: IPS & rogues Mobility management Standalone and integrated options Integrated RRM Benefits Up to 1500 APs per Cat 6K chassis Cost effective solution for all types of deployments – main, branch, and remote campuses Ideal for data, voice, and video Wired and wireless integration Support mission-critical wireless data, voice, and video applications Visibility and control of WLAN Switch and Router Platforms Wireless LAN Controller Module (WLCM) for ISR Catalyst 3750 Switch

20 Proven Platform for Mobile Access
Indoor Access Points 1130AG 1000 Indoor Rugged Access Points AUTONOMOUS AP APs in this category consist of the original Aironet product line. The following select models are available in or are capable of being field upgraded to lightweight (LWAPP) mode of operation. This feature permits an enterprise to standardize on a common AP platform that can be deployed in hybrid topologies. First generation autonomous APs are as follows: AP 1100—This single band AP is orderable as an g AP or b AP that is field upgradeable to g. It possesses an integrated antenna and is considered an entry level AP for enterprise deployments. The part number for the LWAPP AP is AIR-LAP1121G-x-K9 where x= the regional code. AP 1200—A single band b/g AP that is targeted for enterprise deployments. Unlike the 1100 series, the 1200 supports connection to external antennas for more flexibility. It can be field upgraded to support an a radio as well as upgradeable for lightweight (LWAPP) operation. The part number for the LWAPP AP is AIR-LAP1231G-x-K9 where x= the regional code. AP 1230AG—Dual band a/b/g AP with external connectors for antennas in both bands. It does not possess all of the features (most notably 802.3af PoE) and RF performance of the 1240AG. It also comes in a lightweight (LWAPP) version or can be upgraded later to lightweight mode of operation. The part number for the LWAPP AP is AIR-LAP1232G-x-K9 where x= the regional code. Second generation autonomous APs are as follows: AP 1130AG—The AG version is dual band (a/b/g) AP with integrated antennas. It is designed to be wall-mounted and also uses an integrated dual band antenna. The 1130AG is available in a lightweight (LWAPP) version for implementation in centralized (WLC)-based deployments. The autonomous version can be later upgraded for lightweight operation. The part number for the LWAPP AP is AIR-LAP1131AG-x-K9 where x = the regional code. AP 1240AG—A dual band a/b/g AP designed for deployments in challenging RF environments such as retail and warehousing. The 1241AG possesses external connections for antennas in both bands. It is the most feature-rich AP in the autonomous category and is also available in a lightweight (LWAPP) version. For greatest flexibility, the autonomous version can be upgraded later to lightweight mode of operation. Other notable features include pre-installed certificates for LWAPP operation mode and the ability to support hybrid REAP. The part number for the LWAPP AP is AIR-LAP1242AG-x-K9 where x = the regional code, AP 1300—A single band b/g AP/bridge designed for outdoor deployments. It comes with an integrated antenna or can be ordered with RP-TNC connectors to support external antenna applications. The LWAPP AP part number is AIR-LAP1310G-x-K9 where x = the regional code. Lightweight APs APs in this category consist of the original Airespace product line, but also include select autonomous AP models above. The following lightweight models can be used only in WLC topologies AP 1010—Dual band, zero touch, a/b/g AP intended for basic enterprise LWAPP/WLC deployments. The 1010 comes with dual internal sector antennas. The part number is AIR-AP1010-x-K9 where x = the regional code. AP 1020—Similar to the 1010, but in addition to its internal sector antennas, it also includes RP-TNC connectors for external 2.4 and 5 GHz antennas. The part is number AIR-AP1020-x-K9 where x = the regional code. AP 1030—Also referred to as the REAP AP or Remote Edge AP, the 1030 possesses the same capabilities, features, and performance as the 1020, in addition to being able to be deployed in environments where it is not practical to deploy a WLC, such as in small branch offices. The part number is AIR-AP1030-x-K9 where x = the regional code. AP 1500—A dual band AP specifically designed for outdoor, point-to-point, and multipoint MESH deployments. The a band is used for backhaul while the b/g band is used for wireless client access. The 1500 uses (patent pending) Adaptive Wireless Path Protocol (AWPP) for optimal routing through MESH topologies. 1240AG 1230AG Outdoor Access Points/Bridges 1500 1300

21 Cisco Wireless Control System (WCS)
World-Class Network Management Features Client troubleshooting (via CCX) Planning, configuration, monitoring, location, IDS/IPS, and troubleshooting Hierarchical maps Intuitive GUI and templates Policy based networking (QoS, security, RRM, etc.) Benefits Lower OPEX and CAPEX Better visibility and control of the air space Consolidate functionality into a single management system Determines location and voice readiness Cisco Wireless Control System (WCS) supports wireless LAN planning and design, RF management, location tracking, IPS, and WLAN systems configuration, monitoring, and management. With Cisco WCS, network administrators have a single solution for RF prediction, policy provisioning, network optimization, troubleshooting, user tracking, security monitoring, and wireless LAN systems management. On the left are sample WCS screen shots from its easy-to-use GUI Robust graphical interfaces make wireless LAN deployment and operations simple and cost-effective. Detailed trending and analysis reports make Cisco WCS vital to ongoing network operations. Features Planning, configuration, monitoring, location, IDS, and troubleshooting Hierarchical maps for quick access to information and network visibility Intuitive GUI and templates for easy configuration, monitoring, and troubleshooting Policy based networking (QoS, security, RRM, etc.) Integrated security and location tracking of a single devices with WCS or thousands of devices with the Cisco Wireless Location Appliance Benefits Lower OPEX and CAPEX Better visibility and control of the air space Consolidate functionality into a single management system Improved network security Increased scalability Enable new business applications

22 WCS Dashboards Network Monitor

23 Location Tracking Services
1st integrated location solution Real-time location services Advanced RF fingerprinting Simultaneous real-time tracking 10,000+ devices API Third Party Applications RF capacity management Intuitive management GUI Cisco has revolutionized Wi-Fi networking by providing advanced location tracking functionality within the WLAN infrastructure via two solution options: On demand location tracking that provides visual location tracking of a single device based on a specific query or lookup via the Cisco Wireless Control System (WCS) with embedded location. Simultaneous location tracking of thousands of wireless devices by adding a Cisco Wireless Location Appliance to the Cisco WCS. Cisco Wireless Location Appliance The Cisco Wireless Location Appliance is the industry's first location solution that simultaneously tracks thousands of devices from directly within the WLAN infrastructure It brings the power of a cost effective, high-resolution location solution to critical applications such as high-value asset tracking, IT management, location based security and business policy enforcement. This appliance uses advanced radio frequency (RF) fingerprinting technology to track wireless devices to within a few meters for increased asset visibility and enhanced control of the air space. It tracks any Wi-Fi device including Wi-Fi clients, Wi-Fi active RFID tags, rogue access points and rogue devices. The same, easy-to-use, browser-based interface that is used for the Cisco WCS is also used for the appliance. The appliance has a rich SOAP/XML application programming interface (API) that can be integrated with other 3rd party business applications that can use its location information for a variety of purposes including inventory management streamlining operations and workflow enabling code blue E911 services enforcing security policies PanGo Locator Asset Tracking System is an example of a 3rd party business application that integrates with the Cisco Wireless Location Appliance Cisco 2700 Series Wireless Location Appliance

24 Lightweight Access Point Protocol (LWAPP)

25 What is LWAPP? The Light Weight Access Point Protocol (LWAPP) is used between an AP and a WLAN Controller. Why is this critical to a scalable network deployment? Customers want to manage a network, not individual network elements LWAPP allows a controller to manage the APs LWAPP Tunnel

26 LWAPP involves... Low overhead communication between Wireless LAN Controllers and Access Points 1-4 kbps overhead with associated clients Data traffic encapsulation in: UDP source port 1024 Destination port 12222 Control traffic encapsulation in: Destination port 12223 AES encryption for control traffic ONLY For data traffic encrpytion use security protocol like WPA2 with AES encryption LWAPP is used for low overhead communication between Cisco Wireless LAN controllers and APs. This type of communication will require 1 to 4 kbps overhead with associated clients. The data traffic is encapsulated in UDP source port 1024 and destination port 12222, while control traffic is encapsulated in UDP source port 1024 and destination port Control traffic between the Cisco AP and the controller is encapsulated and encrypted using Advanced Encryption Standard (AES-CCMP) encryption. The data traffic between the Cisco AP and the controller is also encapsulated; however, user data is not encrypted. To secure your client data, it is recommended to use a security protocol like WPA2 with AES encryption of data.

27 Cisco Centralized WLAN Model
LWAPP defines control messaging and data encapsulation between access points and centralized WLAN controller Switched/Routed Wired Network Lightweight Access Point Wireless LAN Controller LWAPP Tunnel Control Messages Data Encapsulation Ingress/Egress point from/to upstream switched/routed wired network (802.1Q trunk) Access Points are “lightweight”—controlled by a centralized WLAN controller Much of the traditional WLAN functionality moved from access points to centralized WLAN controller

28 Cisco Centralized WLAN Model
LWAPP carries all communication between access point and controller L2 or L3 transport Mutual authentication—X.509 certificate based LWAPP control AES-CCM encrypted Data encapsulation Radio resource management Mobility management LWAPP Tunnel Ingress/Egress point from/to upstream switched/routed wired network (802.1Q trunk) Switched/Routed Wired Network Lightweight Access Point Wireless LAN Controller Control Messages Data Encapsulation Remote RF interface Real-time MAC RF spectral analysis WLAN IDS Signature analysis Security management QoS policies enforcement Centralized configuration, firmware management Northbound management interfaces

29 Centralized Solution Architecture LWAPP discovery process
The LWAPP discovery process provides Ease of AP installation Automatic redundancy in case of controller failure (self healing) Wireless Controller LWAPP Layer 2 broadcast (FF.FF.FF.FF) Controller on same subnet can answer request LWAPP Layer 3 broadcast ( ) Use Cisco ‘ip-helper’ and ‘forward protocol’ to get to the controller LWAPP Layer 3 with DHCP option 43 Vendor option 60 ‘Airespace.AP1200’ Vendor option 43 ‘controller IP address’ LWAPP Layer 3 with DNS Host ‘CISCO-LWAPP-CONTROLLER’ Over The Air Provisioning (OTAP) Layer2 and Layer3 LWAPP 1. The AP broadcasts a Layer 3 LWAPP discovery message on the local IP subnet. Any WLC configured for Layer 3 LWAPP mode that is connected to the local IP subnet receives the Layer 3 LWAPP discovery message. Each of the WLCs receiving the LWAPP discovery message reply with a unicast LWAPP discovery response message to the AP. 2. When a feature called Over-the-Air Provisioning (OTAP) is enabled on a WLC, APs that are joined to the WLC advertise their known WLCs in neighbor messages that are sent over the air. New APs attempting to discover WLCs receive these messages and then unicast LWAPP discovery requests to each WLC. (OTAP is not supported in IOS APs in their initial state; that is, an IOS AP fresh out of the box cannot use OTAP to find a WLC.) WLCs receiving the LWAPP discovery request messages unicast an LWAPP discovery response to the AP. 3. The AP maintains previously learned WLC IP addresses locally in NVRAM. The AP sends a unicast LWAPP discovery request to each of these WLC IP addresses. Any WLC receiving the LWAPP discovery request responds by sending an LWAPP discovery response to the AP. These WLC IP addresses are learned by the AP from previously joined WLCs. The stored WLC IP addresses include all of the WLCs in previously joined WLC mobility groups. (The mobility group concept isdiscussed in greater detail later in this document.) 4. DHCP servers can be programmed to return WLC IP addresses in vendor specific “Option 43” in the DHCP offer to lightweight Cisco APs. When the AP gets an IP address via DHCP, it looks for WLC IP addresses in the Option 43 field in the DHCP offer. The AP sends a unicast LWAPP discovery message to each WLC listed in the DHCP option 43. WLCs receiving the LWAPP discovery request messages unicast an LWAPP discovery response to the AP. 5. The AP attempts to resolve the DNS name “CISCO-LWAPP-CONTROLLER.localdomain”. When the AP is able to resolve this name to one or more IP addresses, the AP sends a unicast LWAPP discovery message to the resolved IP address(es). Each WLC receiving the LWAPP discovery request message replies with a unicast LWAPP discovery response to the AP. 6. If, after Steps 1 through 5, no LWAPP discovery response is received, the AP resets and restarts the search algorithm. ypically, the DHCP or DNS discovery mechanism is used to provide seed WLC addresses, and then WLC discovery response provides a full list of WLCs from the mobility group. An LWAPP AP is normally configured with a list of up to 3 WLCs that are its preferred WLCs. If these WLCs are unavailable or over-subscribed, the AP chooses another WLC from the list of WLCs in the response to its discovery requests and chooses the least-loaded WLC. Lightweight Access Points After the initial controller discovery phase the AP can be configured with a primary, secondary or tertiary controller. Use ‘Master’ controller for newly added AP’s

30 Why LWAPP ? Longterm goal: vendor interoperability
Secure, zero touch – configuration Scalability throught centrlized management and configuration Visibility to networkwide attacks and interference across a system Management Dynamic, systemwide RF management, including a host of features for smooth wireless operations, such as dynamic channel assignment, transmit power control, and load balancing. Single graphical interface for enterprise-wide policies, including VLANs, security, and QoS. Security Enterprise-wide security policies that encompass all layers of a wireless network, from the radio layer through the MAC layer, and into the network layer. This makes it easier to provide uniformly enforced security and QoS or user policies that can address the particular capabilities of different classes of devices, such as handheld scanners, PDAs, or notebook computers. Mobility Cellular-like fast handoffs. Excellent support for real-time, mobile applications such as voice over WLAN.

31 LWAPP Architecture Security Benefits Physical
Configuration not maintained on AP Configuration are automatically downloaded from WLC over AES encrypted link APs with console ports can have IP address and WLC address configured APs authenticated to WLC by X.509 certificate The WLC can also MAC authenticate WLC authenticated to AP by X.509 certificate WLC certificate is installed at manufacture Aunque hablaremos más delante de la seguridad puedo adelantar que está se realiza en tres posibles escenarios: 1- A nivel de infraestructura 2- A nivel de transporte de datos 3- A nivel de entorno

32 LWAPP Architecture Security Benefits Network
AP Communication with WLC via well known UDP ports UDP Ports APs only communicate with WLC management and ap-management interfaces The APs have no remote management interface No SNMP No Telnet, SSH

33 Mobile Handset Development – Nokia E-Series Dual – Mode Phone

34 Top 4 Reasons Every CXO Needs a Pervasively Deployed Wireless System
Security Rogue APs—Employees create opening to enterprise network unknowingly FTC FINES Hacker Guest Access Voice WiFi enabled voice 7920, Blackberry, Treo Better coverage Reduced Cost Integrated with IP PBX Location Unlike pockets of wireless LAN capability, a pervasive wireless LAN enables significant new capabilities. Guest, voice, security, and location services can all have a substantial impact on productivity, efficiency, and security when enabled organization-wide. Examples of how pervasive wireless LANs can create new services, or renovate existing business processes to be more efficient include: • Enhance decision making-Provide guest networks for customers, system integrators, and vendors to help speed information gathering and as part of the company hospitality. • Track and secure assets-Reduce spending and personnel time locating or repurchasing assets through location services. • Improve customer-facing services-Deliver instant access to customer account records, reach the closest available service associate, and track product progress in a manufacturing or repair facility. • Improve logistics and maintenance-Update transportation management systems with passengers served, fuel status, collected revenues, and video surveillance logs as passengers enter the airport or station. • Increase responsiveness and control over telecommunications-Offer consistent call quality in-building, track expenses and integrate into existing voice PBX infrastructure through voice services. • Protect personnel and property-Secure the campus or remote sites using wireless video surveillance to prevent theft or harm. • Engage customers-Offer Internet access, online services, and Web portals to inform and amuse customers onsite, reinforcing brand loyalty. • Strengthen security systems-Continuously monitor the entire work environment in order to detect abnormal wireless activity and automatically act upon it. For truly significant productivity gains from mobility, wireless LAN coverage must be pervasive throughout the enterprise. Islands of coverage will impede efficiency and frustrate mobile workers. Arguments for limited deployments based on infrastructure cost savings create a false economy as the true gains from mobility cannot be realized. Security services, as an example, ensure that the enterprise network is protected against unauthorized access via the wireless LAN medium. Because rogue access points and other wireless threats may appear anywhere within the enterprise, pervasive RF monitoring is critical to maintaining enterprise security. Deploying the security service in marketing, but not in R&D, would not make sense because a rogue access point could just as easily appear in either place. Without pervasive RF monitoring, the rogue could remain undiscovered and expose the enterprise to malicious hacking or loss of confidential information. Voice services must also be pervasive to truly impact profits. Whether improving customer satisfaction through improved responsiveness, taking control of telecommunications expenses, or integrating company PBX services, all of these goals will be only partially achieved without pervasive coverage. Because today's voice experience is dictated by the user's experience with cellular, dropped calls and spotty coverage inside the enterprise will lead to disappointment, and ultimately abandonment of the service. If the goal is improved customer satisfaction, but customers reach voic , the objective will not be reached. Rogue AP: The wireless IPS feature will detect rogue access points and clients. WCS will provide a graphical view of the location of rogues so that they may be removed. Ad Hoc: A wireless user that is also connected to the enterprise network via wired Ethernet may become a bridge into the network for a hacker. DoS Attacks: An RF denial of service attack can cause a degradation in service quality and disrupt mission critical applications such as VoWLAN. Client Mis-association: The wireless IPS feature will detect and send an alert if a known client associates with a rogue wireless LAN access point.

35 The way we work is changing …
41% of US workers can be considered “mobile” spending 20% of more of their time away from their primary workspace1 Dual Mode (WiFi/Cellular) handsets expected to reach over 29m units by 20093 1Yankee Group (2007), 2 Vision Gain, 3 Infonetics

36 Mobile Business Solutions from Cisco and Nokia
Endpoints Nokia Eseries Dual Mode Phones Cisco Unified Wireless IP Phone 7921G Cisco Unified Communications Manager Cisco Unified Communications Manager Express Media Control Voice-Ready Wireless LAN Infrastructure WLAN Controller Aironet Access Points QoS Services WCS

37 Dual – Mode Phone – Overview
Delivered in partnership with Nokia through the SolutionsPlus partner program Nokia Eseries dual mode handset with Skinny Client Call Control Protocol (SCCP) client works on GSM networks and Cisco VoWLAN campus networks In Cisco VoWLAN campus network, Nokia Eseries handsets operates as an IP Phone with Cisco Unified Communications Manager or Cisco Unified Communications Manager Express In public GSM network, operates as a GSM phone

38 Nokia Eseries Dual-Mode Handsets Supported
S Nokia mobile handsets supported are: Nokia E60 Nokia E61 Nokia E61i Nokia E65 Nokia E61i Nokia E61 Nokia E65

39 Solution Architecture

40 Mobile Business Solution Architecture
3 PSTN Trunk Enterprise Network Cisco Unified Wireless Network Cellular Network WLAN Controller IP Phones WLAN AP Transcript: This slide here, I want to kind of like lead you through what the connectivity is presently with the Nokia solution and realize that this is in the early stages. And in some ways is not as complete as the solution that we had with Motorola that went under last year. The thing to note here is first of all that the device is going to operate as a cellular technology phone, going into the cellular network and through PSTN connection into the corporate network. The second bullet point here is Wi-Fi mode, and I've put this in red because I think it's important to understand. It's CallManager client, right. It's a device that's known by CallManager, it's a type within CallManager when you make your phone selection to be a CallManager client or to operate in CallManager, there has to code down a CallManager recognizes that device. Interestingly enough though, we don't have a type called Nokia or type called E61. From the type perspective for those who are familiar with CallManager, it's actually a So I think that's kind of interesting. But if you're in some situation where you're trying to get this client to work or a client to work in your network that's capable, use the E60, I mean 7960 as your default. Now Mobile Connect is the server that brings the process of handing that phone call off from one network to the other network. Presently, the only handoff that you have that is seamless is if the call comes to your desktop phone number. So let's say your desktop phone number is 1234, right, from where you sit and then you have a 7921, it's also registered to your name as the second phone, its phone number is If you have a Nokia that's assigned to you, it will also have the desk phone number of 1234, but it also has the cellular number tied to it. Now what could happen? Well if you're an avid golfer, yet you have customers who want to reach you, they are going to call what, your desk number right? Unless you want them to know you are really on the golf course. So your 123 number rings, but you are not there to pick it up because you're out on the fifth tee, right. The fifth tee is too far away for that call to get picked up by your 7921, right, because you are kind of like outside of the Cisco network on the fifth tee. But what can be done is, this number can be rolled up to call your cellular number. So even though they call 1234, because you didn't pick up on either one of the two 79 devices that you have in your network, it rolled over to your cellular and the call went out through the cellular provider down to you cellphone, okay. So you can be talking to your customer on the fifth hole and if your partner doesn't holler fore, you haven't been given up, your thinks that you're busy at your desk working on their solutions, right? Author’s Original Notes: It is important to note because there are already applications running on hand set phones with WiFi radios that provide internet calls 1 CCX v3 1 Cellular Mode Nokia SCCP Mobile Client WiFi Mode (Skinny Client Control Protocol SSCP Client) via Cisco Unified Wireless Network 2 2 Cisco Unified Communications Manager or Cisco Unified Communications Manager Express Operates as Phone 3

41 Cisco Wireless Controller Cisco Unified Wireless IP Phone 7921G
Route incoming calls to Nokia Eseries handset within campus WLAN network Cisco Unified Communications Manager or Cisco Unified Communications Manager Express OUTSIDE INSIDE SCCP Cisco Wireless Controller SCCP Cellular Network PSTN Access Points Note: 28% of employees use their cellular phone as the primary work phone – IDC Transcript: Now in terms of incoming call routing with regard to the Nokia Intellisync application, in this example I'm talking about MobilityManager, Communications Manager 4.x and 5.x, but the behavior is the same even with 6.x. So I have my MobilityManager enabled user here. They have the dual-mode phone. The GSM interface is configured as the remote destination phone On the WLAN side of things, my enterprise phone has a DN of and a DID of Any incoming call to the user's enterprise DN or DID, whether internal or external, dial five digit or 10 digit with a PSTN digit. It's going to -- if the WLAN is unavailable, it's going to be routed by via Mobile Connect out to the GSM interface of the device. If the dual-mode phone is associated to the WLAN and registered to Communications Manager, in those situations the call is going to get routed to the WLAN interface or the Skinny client on the dual-mode phone. The key here is, that when the dual-mode phone is in the WLAN, any incoming call to the enterprise DN or DID will not be forwarded out to the GSM interface of the device. The reason that we do that is, because Communications Manager has the intelligence to know, hey, this is a dual-mode phone, it's the same device. There's no reason for me to send the call out to the PSTN and waste that resource because the device is already registered to me and communicating with me so I can reach them that way. So that's what's going on. Do note here, read that last sentence one more time. This is incoming calls to the enterprise DN and DID. If a call is made to the GSM interface, so if somebody calls directly to , the user's GSM phone number, that will ring the dual-mode phone. And again, the behavior is going to be the exact same with 6.0 and the Intellisync Call Connect version 1.1. Author’s Original Notes: Note: Incoming calls directly to the GSM/mobile phone number will ring the GSM/PSTN interface even when the dual-mode phone is associated to the enterprise WLAN. Gateway Switch 802.11 802.11 Shared line DN Nokia Eseries Handset Cisco Unified Wireless IP Phone 7921G

42 Least cost routing for outgoing calls placed from campus WLAN network
Cisco Unified Communications Manager or Cisco Unified Communications Manager Express INSIDE OUTSIDE Cellular Network PSTN SCCP Cisco Wireless Controller SCCP Gateway Note: 50-80% of mobile calls made within the enterprise are between employees - Intel Transcript: Outgoing call routing is very straightforward. When on the GSM, the call is going to be routed as if it's a mobile device. When inside the enterprise, it's going to be routed via the enterprise telephony and dialed as an enterprise call. This means the Dial plan is a bit challenging in terms of the end user's dialing experience. And what really you need to be thinking about here is user education to make sure that users are aware that when they're registered to Communications Manager, they need to dial things as if they are in the enterprise. When they're outside the enterprise, they need to dial things like they would from a regular mobile device. It can be a little bit confusing, though, because they see it as a single mobile phone and they want to dial it that way. And especially in Europe, I know we get lots of complaints about the fact that we don't do plus dialing and all that stuff. And so this can be a bit of a problem and so it's just a matter of user education. Access Points Switch 802.11 Nokia Eseries Handset Cisco Unified Wireless IP Phone 7921G

43 Least cost routing of internal calls placed from campus WLAN network
Cisco Unified Communications Manager or Cisco Unified Communications Manager Express INSIDE OUTSIDE Cellular Network PSTN SCCP Cisco Wireless Controller SCCP Gateway Note: 50-80% of mobile calls made within the enterprise are between employees - Intel Access Points Switch 802.11 Nokia Eseries Handset Cisco Unified Wireless IP Phone 7921G

44 Cisco VoWLAN Network Characteristics
802.11b/g Cisco Compatible Extensions (CCX) Version 3 No seamless handoff between cellular and WLAN networks Requires Intellisync Call Connect Version 1.0 QoS is marked by Nokia Transcript: I'm not going to take a lot of time to talk about this slide because we're running out of time here. The main takeaway from this is simply this, from a WLAN perspective for configuring the Nokia phones and our infrastructure that's required, the design recommendations are exactly the same as the 7921G, so you can consult that documentation. But the idea is the same in terms of roaming, cell overlap, capacities and all that sort of thing are all exactly the same. Check out the VoWLAN design recommendations chapter in the Enterprise Mobility 3.0 Design Guide for more information.

45

Download ppt "Wireless – What lies ahead"

Similar presentations

Chapter 1: Introduction to Scaling Networks

Chapter 1: Introduction to Scaling Networks
Wireless Technology.

Wireless Technology.
CAPWAP Architecture draft-mani-ietf-capwap-arch-00 Mahalingam Mani Avaya Bob O’Hara Airespace Lily Yang Intel.

CAPWAP Architecture draft-mani-ietf-capwap-arch-00 Mahalingam Mani Avaya Bob O’Hara Airespace Lily Yang Intel.
Agenda Product Overview Hardware Interfaces Software Features

Agenda Product Overview Hardware Interfaces Software Features
1 © 2005 Cisco Systems, Inc. All rights reserved. CONFIDENTIAL AND PROPRIETARY INFORMATION Cisco Wireless Strategy Extending and Securing the Network Bill.

1 © 2005 Cisco Systems, Inc. All rights reserved. CONFIDENTIAL AND PROPRIETARY INFORMATION Cisco Wireless Strategy Extending and Securing the Network Bill.
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
1 © 2006 Cisco Systems, Inc. All rights reserved.Cisco Public Wireless and Mobility Products.

1 © 2006 Cisco Systems, Inc. All rights reserved.Cisco Public Wireless and Mobility Products.
UMA (Unlicensed Mobile Access) El Ayoubi Ahmed Hjiaj Karim.

UMA (Unlicensed Mobile Access) El Ayoubi Ahmed Hjiaj Karim.
SV9100 Business Mobility (Migration)

SV9100 Business Mobility (Migration)
Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.

Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.
1 Wireless LANs – in Academy Curricula Presenter: Gratitude Kudyachete EA - CATC.

1 Wireless LANs – in Academy Curricula Presenter: Gratitude Kudyachete EA - CATC.
 Category 6 Ethernet Cable, Single-mode Fiber Cable, and RJ45 Jacks  APC Netshelter SX 48U Racks and NetShelter AV Roof Fan Tray 825mm  Cisco 3800 ISR.

 Category 6 Ethernet Cable, Single-mode Fiber Cable, and RJ45 Jacks  APC Netshelter SX 48U Racks and NetShelter AV Roof Fan Tray 825mm  Cisco 3800 ISR.
© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—11-1 111 © 2003, Cisco Systems, Inc. All rights reserved.

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0— © 2003, Cisco Systems, Inc. All rights reserved.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBCMSN 6 - 5 1 Implementing Wireless LANs BCMSN Module 6 Lesson 5.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBCMSN Implementing Wireless LANs BCMSN Module 6 Lesson 5.
The world is going to wireless …. Wireless Networking Part 2 CCNP Switch Hossein Shamloo.

The world is going to wireless …. Wireless Networking Part 2 CCNP Switch Hossein Shamloo.
Wireless Design for Voice Last Update 2011.06.11 1.0.0 1Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com.

Wireless Design for Voice Last Update Copyright 2011 Kenneth M. Chipps Ph.D.
1 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID Cisco Unified Wireless Network Webinar Commercial WLAN.

1 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID Cisco Unified Wireless Network Webinar Commercial WLAN.
Protection notice / Copyright notice HiPath MobileConnect Delivering on the Promise of Enterprise FMC February 2007.

Protection notice / Copyright notice HiPath MobileConnect Delivering on the Promise of Enterprise FMC February 2007.
© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—5-1 111 © 2003, Cisco Systems, Inc. All rights reserved.

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0— © 2003, Cisco Systems, Inc. All rights reserved.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBCMSN 6 - 6 1 Configuring Wireless LANs BCMSN Module 6 Lesson 6.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBCMSN Configuring Wireless LANs BCMSN Module 6 Lesson 6.

Similar presentations

Ads by Google