CISCO ISDN BRI S/T WIC FOR THE CISCO 1700, 1800, 2600, 2800, 3600, 3700, AND 3800 SERIES

Offering a single ISDN BRI S/T interface, this WIC may require an external Network Termination 1 (NT1), depending on the region of the world. The WIC inserts into a mixed-media network module or directly into the WIC slot on the Cisco 1600, 1700, 1800, 2600, 2800, 3600, 3700, 3800 Series chassis. The ability to add BRI connectivity through a WIC enables administrators to maximize valuable slot space while providing additional connectivity options, such as Ethernet, on the same module.

Figure 1. Cisco WIC 1B-S/T-V3 WAN Interface Card

FEATURES

• One ISDN BRI port (S/T interface, requires external NT1)

• Utilizes an RJ-45 connector

• Supported Onboard, NM-1FE2W-V2, NM-1FE1R2W, NM-2FE2W-V2 and NM-2W

BENEFITS OF AN INTEGRATED, FULLY MANAGED SOLUTION

The network modules provide various port densities to meet customer requirements at various price points. The optional, integrated NT1 lets customers consolidate customer premises equipment (CPE) to provide multifunction dial access server, router, and other capabilities within the Cisco routers in power-branch-office environments.
The WAN-interface-card (WIC) option offers a single ISDN BRI port (with optional NT1). The WIC-1B-S/T-V3 inserts into a mixed-media network module (part number NM-1FE2W-V2, NM-2FE2W-V2, NM-1FE1R2W or NM-2W) or is supported on the Cisco 1700 Series, Cisco 1800 Series, Cisco 2600XM Series, Cisco 2800 Series, Cisco 3700 Series and Cisco 3800 Series routers. It provides a cost-effective ISDN router with the following benefits of integration:

• Fewer devices and cables to deploy and manage

• Remote and local configuration, monitoring, and troubleshooting via the Cisco IOS® Software CLI and Simple Network Management Protocol (SNMP)

• Flexibility and investment protection

• Single-vendor support

• Enhanced reliability

• Physical space savings

The ability to add BRI connectivity via a WIC enables administrators to maximize valuable slot space while providing additional connectivity options on the same module such as Fast Ethernet.

FLEXIBILITY AND INVESTMENT PROTECTION

The Cisco 1 port BRI-S/T WIC extends the Cisco commitment to providing customers with maximum flexibility and investment protection through modular WICs that are supported on award-winning router platforms. When WAN bandwidth requirements or service provider pricing change, users can easily change WAN services either by changing the software configuration or replacing the WIC. Because the same card can be used on Cisco 1600, 1700, 1800, 2600, 2800, 3700 or 3800 series router platforms, the number of stocking units can be reduced, and the WIC can be redeployed from one platform to another.

ENHANCED RELIABILITY

An integrated solution has fewer components; hence, fewer points of failure (for example, one less power supply and fewer cables). This leads to enhanced reliability.

CONSISTENCY WITH WIC-1B-S/T

The Cisco WIC-1B-S/T-V3 offers all of the features of the Cisco WIC-1B-S/T and can be smoothly deployed without requiring any additional learning.

WIC-1B-S/T

WIC-1B-S/T-V3

One ISDN BRI port (S/T interface, requires external NT1)
One ISDN BRI port (S/T interface, requires external NT1)
RJ-45 connector
RJ-45 connector
Supported on Cisco 1600, 1700, 2600, 3600, and series
Supported on Cisco 1700, 1800, 2600, 2800, 3660, 3700 and 3800 series (see tables below)
Cannot be used with Cisco 1603 or 1604 base units
Cannot be used with Cisco 1603 or 1604 base units
Does not support hot swapping; however, no hardware damage will occur if it is swapped while power is on
Does not support hot swapping; however, no hardware damage will occur if it is swapped while power is on
Can go into slot W0 or W1 of the 1E2W, 2E2W, and 1E1R2W network modules
Does not support the 1E2W, 2E2W, and 1E1R2W, NM-1FE2W, NM-2FE2W network modules
Supported in NM-1FE1R2W, NM-1FE2W, NM-2FE2W, NM-1FE2W-V2, NM-2FE-2W-V2, and NM-2W
Supported Onboard, NM-1FE2W-V2, NM-1FE1R2W, NM-2FE2W-V2 and NM-2W

Note: The Cisco IOS Software releases provided are typically the minimum version required to support the platform, module, or feature in question. Use the Software Advisor to choose appropriate software for your network device: match software features to Cisco IOS and Cisco Catalyst® Operating System (Catalyst OS) releases, compare Cisco IOS releases, or find out which software releases support your hardware. The Software Advisor and other tools are available in TAC Tools for Access-Dial Technologies.

CISCO IOS SOFTWARE RELEASE

Platform

Minimum Release

Cisco 1601(R), 1602(R), and 1605-R
Not Supported
Cisco 1603, 1603-R, 1604 and 1604-R
Not Supported
Cisco 1720, 1721, 1751, 1760
First Supported in 12.3(10)
Cisco 1750
Not Supported
Cisco 2600 and 2600XM
First Supported in 12.3(10)
Cisco 3620 and 3640
Not Supported
Cisco 3660
First Supported in 12.3(10)
Cisco 3700
First Supported in 12.3(10)
Cisco 1800 and 2800
First Supported in 12.3(8)T
Cisco 3800
First Supported in 12.3(11)T

Note: The Cisco IOS Software releases provided are typically the minimum version required to support the platform, module, or feature in question. Use the Software Advisor to choose appropriate software for your network device: match software features to Cisco IOS and Cisco Catalyst® Operating System (Catalyst OS) releases, compare Cisco IOS releases, or find out which software releases support your hardware. The Software Advisor and other tools are available in TAC Tools for Access-Dial Technologies.

CARRIER MODULE SUPPORTED

Platform

Carrier Module Supported

Cisco 1601(R), 1602(R), and 1605-R
Not Supported
Cisco 1603, 1603-R, 1604 and 1604-R
Not Supported
Cisco 1720, 1721, 1751 ,1760
Not Supported
Cisco 1750
Not Supported
Cisco 2600 and 2600XM
Onboard. NM-2W
Cisco 3620 and 3640
Not Supported
Cisco 3660
NM-1FE2W-V2, NM-1FE1R2W, NM-2FE2W-V2 and NM-2W
Cisco 3700
NM-1FE2W-V2, NM-1FE1R2W, NM-2FE2W-V2 and NM-2W
Cisco 1800 and 2800
Onboard
Cisco 3800
Onboard, NM-1FE2W-V2, NM-1FE1R2W, NM-2FE2W-V2 and NM-2W

Note: The Cisco IOS Software releases provided are typically the minimum version required to support the platform, module, or feature in question. Use the Software Advisor to choose appropriate software for your network device: match software features to Cisco IOS and Cisco Catalyst® Operating System (Catalyst OS) releases, compare Cisco IOS releases, or find out which software releases support your hardware. The Software Advisor and other tools are available in TAC Tools for Access-Dial Technologies.

SPECIFICATIONS

Product Number

Description

WIC-1B-S/T-V3
1-Port ISDN WAN Interface Card (dial and leased line)

SAFETY, EMC, TELECOM, NETWORK HOMOLOGATION, POWER REQUIREMENTS

When installed in a Cisco 2600/3600/3700 Router, the Cisco WIC-1ADSL does not change the standards (safety, EMC, telecom, network homologation and power) of the router itself. For more information, see the platform specific data sheets at the following URLs:

• Cisco 2600/2600XM/2691 Series: http://www.cisco.com/en/US/products/hw/routers/ps259/products_data_sheet0900aecd800fa5be.html

• Cisco 3600 Series: http://www.cisco.com/en/US/products/hw/routers/ps274/products_data_sheets_list.html

• Cisco 3700 Series: http://www.cisco.com/en/US/products/hw/routers/ps282/products_data_sheet09186a008009203f.html

Dimensions and Weight

• Dimensions (H x W x D)

–1.55 x 7.10 x 7.2 in. 1.55 x 7.10 x 7.2 in. .75 x 3.08x 4.38 in.

• Weight

–2 lb max 2 lb max 2.4 oz

Diagnostics

• LEDs

–Network module status indicator, status LEDs for each B Channel and NT1

• Environmental conditions

–Operating temperature 32 to 104°F (0 to 40°C),

–Nonoperating temperature 13 to 158°F (-25 to 70°C)

• Relative humidity

–to 95% noncondensing

• Cabling

–RJ-45 connectors

2007/05/05 21:12 2007/05/05 21:12

트랙백 주소 :: http://thinkit.or.kr/network/trackback/370

댓글을 달아 주세요

Secure Voice on Cisco Multiservice and Integrated Services Routers

Media authentication and encryption features on the Cisco Systems® portfolio of multiservice and integrated services routers help ensure that voice conversations are protected from eavesdropping.

The Cisco® Unified Communications system of voice and IP communications products and applications enables organizations to communicate more effectively-enabling them to streamline business processes, reach the right resource the first time and impact the top and bottom line. The Cisco Unified Communications portfolio is an integral part of the Cisco Business Communications Solution-an integrated solution for organizations of all sizes which also includes network infrastructure, security, and network management products, wireless connectivity, and a lifecycle services approach, along with flexible deployment and outsourced management options, end-user and partner financing packages, and third party communications applications.

PRODUCT OVERVIEW

Businesses are moving to IP communications to reduce operational expenses, increase productivity, and simplify network administration. The Cisco multiservice and integrated services router portfolio, ranging from the Cisco 1700 Series to the Cisco 3800 Series platforms, deliver powerful and scalable IP communications solutions for the most demanding enterprise environments.
A wide range of voice security features are available on Cisco multiservice and integrated services routers to deliver high levels of security protection for businesses deploying IP communications solutions. The Cisco multilayer offering, based on the self-defending network model, starts with the network itself and extends to the endpoints and applications. The SAFE Blueprint from Cisco presents a detailed framework of best practices and tools to help secure business networks.
Media encryption using Secure Real-Time Transport Protocol (SRTP) delivers protection by encrypting the voice conversation, rendering it unintelligible to internal or external eavesdroppers who have gained access to the voice domain. Designed for voice packets, SRTP supports the AES encryption algorithm and is an IETF RFC 3711 standard.
Media encryption on Cisco routers works together with Cisco Unified CallManager software and the media encryption feature on Cisco Unified IP phones to secure both gateway-to-gateway calls and IP phone-to-gateway calls. This enables secure analog phone calls, secure fax calls, or secure calls between an IP phone and the gateway, depending on the gateway interface type the media is terminated on. Voice encryption keys derived by Cisco Unified CallManager are securely sent by encrypted signaling path to Cisco Unified IP phones through the use of Transport Layer Security (TLS) and to gateways over IP Security (IPSec) protected links.
Media encryption features on Cisco routers are available beginning with Cisco IOS® Software release 12.3(11)T2 and with an upgrade to the Advanced Enterprise Services and Advanced IP Services IOS Software Feature Sets. The features are enabled on digital signal processing modules (DSPs) available on the PVDM2, EVM-HD, NM-HD-, AIM-VOICE, NM-HDA and NM-HDV2 voice gateway network modules.

FEATURES TABLE

Table 1 provides details on the media authentication and encryption solution.

Table 1. Features Table

Authentication and
Encryption Features

· Media encryption of voice RTP streams using SRTP
· Exchange of RTP Control Protocol (RTCP) information using secure RTCP
· SRTP to RTP fallback for calls between secure and insecure endpoints
· Secure calls supported in Cisco Unified Survivable Remote Site Telephony (SRST) mode during WAN failover
· Compressed RTP (CRTP) supported with media encrypted calls using SRTP

Authentication and
Encryption Algorithm

· Supports AES-128 encryption algorithm
· Supports the HMAC secure hash authentication algorithm (SHA 1)

Signaling Authentication and Encryption Features

· Gateway to Cisco Unified CallManager signaling and encryption uses IPSec for Media Gateway Control Protocol (MGCP) and H.323 gateways
· IP phone to Cisco Unified Survivable Remote Site Telephony router signaling and encryption uses TLS
(Transport Layer Security)

Protocol Support

· MGCP 0.1 (supports MGCP gateways with Cisco Unified CallManager)
· H.323 (supported on H.323 gateways and IPIP gateway; Cisco Unified CallManager interoperability is optional)
· SCCP (Cisco Unified IP Phone) in SRST mode

Module Support

· PVDM modules: PVDM2-8, PVDM2-16, PVDM2-32, PVDM2-48, PVDM2-64
· Analog voice modules: EVM-HD (with PVDMs), NM-HD-1V, NM-HD-2V, NM-HD-2VE, NM-HAD
· Digital voice modules NM-HDV2, NM-HDV2-1T1/E1, NM-HDV2-2T1/E1, NM-HDV (all versions), AIM VOICE 30, AIM-ATM-VOICE-30

Codec Support

· G.711, G.729A, and G.729

APPLICATIONS

Media authentication and encryption on Cisco multiservice and integrated services routers, together with media encryption on Cisco Unified IP phones and Cisco Unified CallManager, provides a highly secure environment for IP communications across a WAN or LAN. As illustrated in Figure 1, SRTP is used to encrypt voice calls placed on voice gateway network modules in branch office A. This provides secure calls from analog phone to analog phone, or fax machine to fax machine, within the office. Similarly, secure calls are enabled from time-division multiplexing (TDM) endpoints or analog phones at branch office A to Cisco Unified IP phones at the headquarters. The signaling between the gateway at branch office A and Cisco Unified CallManager is secured using IPSec, and the signaling between the IP phones at headquarters and Cisco Unified CallManager is secured using TLS.

Figure 1. Media Authentication and Encryption

KEY FEATURES AND BENEFITS

Media Authentication and Encryption

Media encryption currently delivers end-to-end encryption for voice calls between Cisco Unified IP phones. The introduction of media encryption on Cisco routers adds the ability to place secure IP phone-to-gateway and gateway-to-gateway calls. Callers can now place encrypted calls to the PSTN gateway using IETF RFC3711 standards-based SRTP. SRTP encrypts only the payload of a voice packet without adding additional encryption headers. Because of this, an SRTP-encrypted voice packet is almost indistinguishable from an RTP voice packet, allowing features like quality of service (QoS) and compressed RTP to be supported without any additional development or packet manipulation. In addition, SRTP uses the largest practical key size supported by the AES encryption standard for increased security. Voice encryption keys are generated for each call, ensuring a higher level of security protection. Media authentication also validates the identity of the devices encrypting the calls.
Media encryption using SRTP is suitable for voice privacy and confidentiality on the LAN to protect against internal threats. In addition, media encryption can also be delivered across an IP WAN or the Internet, using the same VPN infrastructure deployed for data.

Signaling Authentication and Encryption

Signaling authentication and encryption between the gateways and Cisco Unified CallManager is protected using IPSec. This ensures that signaling information such as dual tone multifrequency (DTMF) digits, passwords, PINs, and voice encryption keys are secure. Both software-based IPSec, available in Cisco IOS Software, and hardware-based IPSec using the AIM-VPN modules are supported.

Scalability of Encrypted Calls

SRTP media encryption is performed on DSP modules and not on the router CPU. This enables efficient scalability as increasing the number of voice gateway interfaces with DSPs, or increasing the number of DSPs integrated on the platforms (such as on the integrated services routers), increases the number of DSPs available for secure calls.

Efficient Delay Optimization and Channel Capacity Impact

No additional call setup delays are introduced with encrypted calls, as the key exchange is completed as part of the normal MGCP call setup and no extra messages are introduced. Voice media delay is also not introduced because SRTP media encryption is performed in the DSP, and not by the router CPU or a separate encryption engine that processes the completed voice packet.
There is no channel capacity impact for encrypted calls in G.729 and G.729a modes, and minimal impact in G.711 mode (Table 2).

Table 2. Channel Impact per DSP (ex: PVDM2-16)

Codec

Regular Voice Call/DSP

Encrypted Voice Call/DSP

G.711

16 calls

10 calls

G.729a

8 calls

8 calls

G.729

6 calls

6 calls

Management Features

Media authentication and encryption is easily configured on Cisco routers using the command-line interface (CLI). In addition, features such as a lock icon indicator on Cisco IP Phones provide visual confirmation of encryption in calls to supported gateways. If a device within the call flow does not support media encryption or the security is compromised, the lock icon disappears. CLI commands are also available to confirm and provide details about an encrypted call and to debug calls.

Security in Cisco Unified Survivable Remote Site Telephony Mode

Cisco Unified Survivable Remote Site Telephony provides call processing redundancy when connectivity to Cisco Unified CallManager is lost. Media authentication and encryption is supported in Cisco Unified Survivable Remote Site Telephony mode, beginning with Cisco IOS Software release 12.3(14)T, providing the ability to place secure calls within a remote branch office when the WAN link or Cisco Unified CallManager goes down. When the WAN link or Cisco Unified CallManager is restored, Cisco Unified CallManager resumes secure call handling capabilities. The signaling from the Cisco Unified Survivable Remote Site Telephony router to the IP phones is encrypted using TLS.

SRTP AND IPSEC VPNS

SRTP and IPSec are complementary VPN technologies. One of the key differences is that SRTP can deliver encryption from end to end, that is, from IP phone to IP phone, whereas IPSec VPN is a router-to-router tunnel-based encryption. In addition, SRTP encrypts only voice packets, whereas IPSec VPN tunnels can transport data, voice, and video (and thus are called V3PN).
This means that SRTP can add additional protection for voice traffic using an IPSec VPN.
For enterprises and small and medium-sized businesses that have a trusted WAN network, SRTP can be used to encrypt voice end to end across this network. However, most of these businesses conduct business across the Internet or across a WAN that is managed by a service provider. Therefore, the WAN may be insecure, and a VPN tunnel is used to transport data securely between branch offices. SRTP can be used to secure voice in the WAN across the same IPSec VPN network that is used for data. This is illustrated in Figure 2.

Figure 2. Secure RTP and V3PN

FEATURE AVAILABILITY

Table 3. Feature Availability

Protocol/Feature Support

Platform Support (with Supported Modules in Table 4)

Release

MGCP Gateways (MGCP 0.1)

· Cisco 2600XM, 2691, 3660, 3725, and 3745
multiservice platforms
· Cisco 2811, 2821, 2851, 3825, and 3845 integrated
services routers
· Cisco VG224 Analog Phone Gateway
· Cisco IOS Software Release 12.3(11)T2 and Cisco Unified CallManager 4.1

H.323 Gateways
and IPIP Gateway

· Cisco 2600XM, 2691, 3725, and 3745 multiservice platforms
· Cisco 2811, 2821, 2851, 3825, and 3845 integrated services routers
· Cisco VG224 Analog Phone Gateway
· Cisco IAD 2430 Series Integrated Access Device
· IPIP gateway is supported in both flow-through and flow around mode.
· Cisco IOS Software Release 12.4(6)T1
· Interworking with Cisco Unified CallManager 5.0 is supported,
but is optional

SCCP IP Phones in
Cisco Unified SRST Mode

· Cisco 2600XM, 2691, 3660, 3725, and 3745
multiservice platforms
· Cisco 2811, 2821, 2851, 3825, and 3845 integrated
services routers
· Cisco IOS Software Release 12.3(14)T and Cisco Unified CallManager 4.1

MODULE AVAILABILITY

Table 4. Module Availability

Module Support

Platform Support

Release

NM-HD-1V, NM-HD-2V, NM-HD-2VE

· Cisco 2600XM, 2691, 3660, 3725, and 3745 multiservice platforms
· Cisco 2811, 2821, 2851, 3825, and 3845 integrated services routers
· Cisco IOS Software Release 12.3(11)T2

NM-HDV2, NM-HDV2-1T1/E1,
NM-HDV2-2T1/E1

· Cisco 2600XM, 2691, 3725, and 3745 multiservice platforms
· Cisco 2811, 2821, 2851, 3825, and 3845 integrated services routers
· Cisco IOS Software Release 12.3(11)T2

PVDM2-8, PVDM2-16, PVDM2-32,
PVDM2-48, PVDM2-641

· Cisco 2801, 2811, 2821, 2851, 3825, and 3845 integrated services routers
· Cisco IOS Software Release 12.3(11)T2-all platforms except 2801
· Cisco IOS Software Release 12.3(14)T-2801 platform

EVM-HD

· Cisco 2821, 2851, 3825, and 3845 integrated services routers
· Cisco IOS Software Release 12.3(11)T2 and Cisco Unified CallManager 4.1

NM-HDV (Including All Bundle Variations)

· Cisco 2600XM, 2691, 3725, and 3745 multiservice platforms
· Cisco 2811, 2821, 2851, 3825, and 3845 integrated services routers
· Cisco IOS Software Release 12.3(14)T and Cisco Unified CallManager 4.1

AIM-VOICE-30, AIM-ATM-VOICE-30, NM-HDA

· Cisco 2600XM, 2691, 3725, and 3745 multiservice platforms
· Cisco IOS Software Release 12.4(6)T1
1. The PVDM2 Packet/Voice DSP modules are used with native VICs/VWICs and NM-HDV2s on the Cisco 2801, 2811, 2821, 2851, 3825 and 3845 integrated services routers. They are also used with the High-Density Analog and Digital Extension Module (EVM-HD) supported on the Cisco 2821, 2851, 3825, and 3845 integrated services routers.

Note: The voice gateway modules on the Cisco multiservice and integrated services routers interoperate with Cisco Unified IP Phone 7940G, 7960G, and 7970G that support media encryption. The Cisco Unified IP Phone 7970G supports media encryption with the Cisco Unified CallManager 4.0 release, and the Cisco Unified IP Phone 7960G and 7940G support media encryption with Cisco Unified CallManager 4.1 release.

CISCO UNIFIED COMMUNICATIONS SERVICES AND SUPPORT

Using the Cisco Lifecycle Services approach, Cisco Systems® and its partners offer a broad portfolio of end-to-end services to support the Cisco Unified Communications system. These services are based on proven methodologies for deploying, operating, and optimizing IP communications solutions. Upfront planning and design services, for example, can help you meet aggressive deployment schedules and minimize network disruption during implementation. Operate services reduce the risk of communications downtime with expert technical support. Optimize services enhance solution performance for operational excellence. Cisco and its partners offer a system-level service and support approach that can help you create and maintain a resilient, converged network that meets your business needs.

CONCLUSION

Media authentication and encryption provides an additional layer of security for enterprises and small and medium-sized businesses deploying IP communications. Voice conversations terminated on TDM or analog voice gateway ports or Cisco Unified IP phones are protected from eavesdropping within the LAN and WAN using standards-based encryption.

PRODUCT COMPATIBILITY

Table 5. Product Compatibility

Product Compatibility

· Cisco 2600XM, 2691, 3725, and 3745 multiservice platforms
· Cisco 2811, 2821, 2851, 3825, and 3845 integrated services routers
· Cisco VG224 Analog Phone Gateway
· Cisco IAD 2430 Series Integrated Access Device
· Cisco Unified CallManager 4.1 for MCGP and SCCP (Cisco Unified SRST mode)
· Cisco Unified CallManager 5.0 (H.323)

Software Compatibility

· Advanced IP Services Image
· Advanced Enterprise Services Image

Protocols

· MGCP 0.1, H.323, SCCP (SRST mode)

ORDERING INFORMATION

To place an order, contact your Cisco representative or visit the Cisco Website. See Table 6 for ordering information.

Table 6. Ordering Information

Product Name

Part Number

IP Communications High Density Digital Voice Network Module

NM-HDV2

IP Communications High Density Digital Voice Network Module with One Built-in T1/E1 Port

NM-HDV2-1T1/E1

IP Communications High Density Digital Voice Network Module with Two Built-in T1/E1 Port

NM-HDV2-2T1/E1

One-Slot IP Communications Voice/Fax Network Module

NM-HD-1V

Two-Slot IP Communications Voice/Fax Network Module

NM-HD-2V

Two-Slot IP Communications Enhanced Voice/Fax Network Module

NM-HD-2VE

Digital T1/E1 Packet Voice/Fax Network Module

NM-HDV (and all bundle variations)

30-Channel Voice/Fax DSP Advanced Integration Module

AIM-VOICE-30, AIM-ATM-VOICE-30

High-Density Analog and Digital Extension Module

EVM-HD

8-Channel Packet Fax/Voice DSP Module

PVDM2-8

16-Channel Packet Fax/Voice DSP Module

PVDM2-16

32-Channel Packet Fax/Voice DSP Module

PVDM2-32

48-Channel Packet Fax/Voice DSP Module

PVDM2-48

64-Channel Packet Fax/Voice DSP Module

PVDM2-64

2007/05/05 21:12 2007/05/05 21:12

트랙백 주소 :: http://thinkit.or.kr/network/trackback/369

댓글을 달아 주세요

Wireless Services on the Cisco 800, 1800, 2800, and 3800 Series Integrated Services Routers

Cisco Systems® integrated services routers with wireless services provide a complete, secure wireless infrastructure solution for enterprise branch offices, small and medium-sized businesses (SMBs), public wireless LAN (WLAN) or Wi-Fi hotspots, and small remote offices and teleworkers. The Cisco® Integrated Services Router portfolio supports integrated WLAN connectivity, Wi-Fi hotspot services, Cisco Land Mobile Radio (LMR)-over-IP services, and wireless infrastructure services.

Product Overview

Cisco Systems is redefining best-in-class routing for the secure delivery of concurrent data, voice, video, and wireless services. The modular Cisco 1800, 2800, and 3800 series as well as the fixed-configuration Cisco 800 and 1800 series integrated services routers offer the industry's most comprehensive suite of wireless services to enable productivity enhancements for wireless enterprise branch offices, SMBs, public WLAN and Wi-Fi hotspots, small remote offices, and teleworker environments (Figure 1).

Figure 1. Cisco Integrated Services Router Portfolio with Wireless Services

The following wireless solutions can be applied to selected models of the Cisco Integrated Services Router portfolio:

• WLAN Connectivity-Integrated 802.11 WLAN access points are supported as an option with the entire portfolio of integrated services routers, including the Cisco 800 and 1800 series fixed-configuration wireless routers and the Cisco 1800, 2800, and 3800 series modular routers, each available with a built-in access point or a high-speed WAN interface card (HWIC) access-point module.

• Public WLAN Hotspot-Integrated WLAN access points, access-zone-router (AZR) services, and Service Selection Gateway (SSG) services provide a comprehensive selection of routers for Wi-Fi hotspot locations:

–Small hotspots requiring a single access point and AZR services can be served by a single integrated services router with an integrated access point (Cisco 800, 1800, 2800, and 3800 integrated services routers).

–Hotspots requiring multiple access points and AZR services or Power over Ethernet (PoE) can be supported with an integrated services router and Cisco Aironet® access points (Cisco 1800, 2800, and 3800 integrated services routers).

–Large multiprovider or distributed hotspots (for example, airports) can be supported with Cisco Aironet access points and an integrated services router with AZR capabilities and a SSG (Cisco 2800 and 3800 integrated services routers).

• LMR over IP-LMR-over-IP services are supported on selected integrated services routers (Cisco 2800 and 3800 routers) significantly expand the scope of push-to-talk radio communications to include remote-access and dispatch operations from a variety of communications devices (IP telephones, analog telephones, cellular telephones, etc.) as well as interoperability among disparate radio systems to enhance productivity and collaboration capabilities for radio users at:

–Enterprises-Corporate security and emergency response services (security guards, medical technicians), building management and repair services (mail, electrical, heating, ventilating, and air conditioning [HVAC]), fleet services (trucking, installation, repair technicians), etc.

–SMBs-Plumbers, electricians, delivery personnel, construction, etc.

–Public Safety Venues-Police, fire, medical responders, etc.

• Wireless Infrastructure Services-Integrated services routers (Cisco 2800 and 3800 series) provide enhanced WLAN survivability and mobility services with Cisco Aironet® access points located at branch offices and remote sites. The SSG helps enable customized guest access, and the Mobile IP Home Agent feature of Cisco IOS® Software helps enable mobility across WLAN and mobile (cellular) networks.

–Survivable IEEE 802.1X local authentication capability in the router allows authentication of up to 1000 wireless clients to the secure wireless network at a remote site without a separate authentication, authorization, and accounting (AAA) server or as a backup for the AAA server at headquarters.

–WLAN and wired IP telephony support with Cisco CallManager Express (CCME) and Survivable Remote Site Telephony (SRST).

–Customized guest access solutions for large enterprises are enabled with SSG and the Cisco CNS Subscriber Edge Services Manager (SESM).

–The Mobile IP Home Agent helps enable transparent mobility and application session continuity for mobile users and mobile networks when they roam across IP network boundaries and different access network types, such as WLAN and mobile (cellular) 2.5- and third-generation (3G) networks.

• Wireless LAN Controller Functionality-Integrated services routers (Cisco 2800 and 3800 series) provide wireless LAN controller functionality with the Cisco Wireless LAN Controller Network Module. The Integrated wireless LAN Controller network module provides system wide wireless LAN functions, such as creating and enforcing security policies, intrusion prevention, RF management, quality of service (QoS), and mobility.

–Zero-touch access point configuration by managing all access points as a complete wireless LAN system.

–Embedded software with Radio Resource Management (RRM) algorithms to detect and adapt to changes in the air space in real time-creating a self-configuring, self-optimizing, and self-correcting wireless LAN environment.

–Supports up to 6 Access Points with an aggregated throughput of 75 Mbps.

Features Table

Table 1 summarizes the primary wireless services supported on the integrated services routers.

Table 1. Cisco Integrated Services Router Portfolio with Wireless Services

Integrated Services Routers

Cisco 3800 Series

Cisco 2800 Series

Cisco 1800 Series

Cisco 800 Series

Model Numbers

Cisco 3845 and 3825

Cisco 2851, 2821, 2811, and 2801

Cisco 1841

Cisco 1812, 1811, 1803, 1802, and 1801

Cisco 878, 877, 876, and 871

Cisco 857 and 851

Data

X

X

X

X

X

X

Security

X

X

X

X

X

X

Wireless

X

X

X

X

X

X

WLAN Connectivity (integrated access point)

X

X

X

X

Cisco 1800W

X

Cisco 870W

X

Cisco 850W

Public WLAN Hotspot

X

X

X

X

X

X

LMR over IP

X

X

(except Cisco 2801)

       

Wireless Infrastructure Services

X

X

(except Cisco 2801)

       

Wireless LAN Controller Functionality

X

X

(except Cisco 2801)

       

Switching

X

X

X

X

X

X

PoE

X

X

 

X

X1

 

Voice-WLAN and Wired IP Telephony

X

X

       

Modularity and Upgradability

X

X

X

     

Advanced Integration Modules (AIMs), HWICs, Voice Interface Cards (VICs), Voice/WAN Interface Cards (VWICs), and WAN Interface Cards (WICs)

X

X

X

     

Network Modules for Advanced Services

X

X

(except Cisco 2801)

       

Power Supply Redundancy

X

Cisco 38251 and 3845

X

Cisco 2851, 2821, and 28112

       
1With external redundant power supply
2Requires external midspan module and power supply

Features and Benefits

WLAN Connectivity Services-Integrated 802.11b/g and 802.11a/b/g Access Points

IEEE 802.11 Wi-Fi certified, the integrated access points for the integrated services routers deliver robust and predictable IEEE 802.11 coverage with strong radio sensitivity and superior performance. Enhanced security with support for Wi-Fi Protected Access (WPA) enterprise including authentication with 802.1X and Cisco LEAP, Protected Extensible Authentication Protocol (PEAP), or Extensible Authentication Protocol Transport Layer Security (EAP TLS); encryption with Temporal Key Integrity Protocol (TKIP), dynamic WEP, or static WEP; Simple Secure Network (SSN); and MAC address filtering. WLAN VLANs and 802.1q are also supported.
The integrated access points are optimized for small sites requiring a single access point. Discrete Cisco Aironet access points are recommended for sites requiring multiple access points. The integrated access points have removable, field-replaceable diversity antennas to support standard or customized access-point configurations (except the Cisco 850W Series, which have a single fixed antenna). Router management is supported by CiscoWorks, CiscoView, and Cisco Router and Security Device Management (SDM)-based wireless device management. A GUI-based network management for wireless interface is provided.

Integrated 802.11b/g WLAN Connectivity

The integrated 802.11b/g access point in a wireless router supports up to 54 Mbps connections. The single-band (2.4 GHz) integrated access point is supported on the Cisco 800W Series and the 802.11b/g HWIC-AP WLAN Interface Card for the modular Cisco 1800, 2800, and 3800 series integrated services routers.

Integrated 802.11a/b/g WLAN Connectivity

The integrated 802.11a/b/g access point in a wireless router supports up to 108 Mbps connections. The dual-band (simultaneous 2.4 GHz and 5 GHz) integrated access point is supported on the Cisco 1800W Series and the 802.11a/b/g HWIC-AP WLAN Interface Card module for the modular Cisco 1800, 2800, and 3800 series integrated services routers.
Table 2 summarizes the WLAN connectivity options available for the integrated services router portfolio.

Table 2. Integrated Services Router WLAN Connectivity

Integrated Services Routers

Cisco 3800 Series

Cisco 2800 Series

Cisco 1800 Series

Cisco 800 Series

Comments

Model Numbers

Cisco 3845 and 3825

Cisco 2851, 2821, 2811, and 2801

Cisco 1841

Cisco 1812, 1811, 1803, 1802, and 1801

Cisco 878, 877, 876, and 871

Cisco 857 and 851

 

Integrated 802.11b/g Access Point (2.4 GHz; 54 Mbps)

X

X

X

 

X

Cisco 870W

X

Cisco 850W

Modular routers with HWIC-AP WLAN interface card

Integrated 802.11a/b/g Access Point (simultaneous 2.4 and 5-GHz; 2 x 54 Mbps)

X

X

X

X

Cisco 1800W

   

Modular routers with HWIC-AP WLAN interface card

RP-TNC Connectors for Field-Replaceable Optional High-Gain Antennas

X

X

X

X

X

   

Diversity (dual) Antennas

X

X

X

X

X

   

Support for Discrete Cisco Aironet Access Points

X

X

X

X

X

X

 

Public WLAN Hotspot Service-Integrated 802.11 Access Points, AZR, PoE, and SSG Support

The Cisco integrated services routers provide a complete solution for public WLAN hotspots (or access zones) in a single device.

Integrated 802.11b/g and 802.11a/b/g WLAN Connectivity

As described earlier, Cisco integrated service routers offer an integrated 802.11b/g or 802.11a/b/g access-point option for Wi-Fi hotspot services.

AZR

AZR capability helps ensure that the hotspot network is secured for authorized public access. An AZR with an integrated 802.11 WLAN eases the deployment and configuration necessary to provide an accessible and secure public Wi-Fi hotspot. Acting as an AZR, the integrated services routers can be used with an integrated access point or can be used to extend services to discrete access points connected to 10/100BASE-T switch ports on the integrated services router. In addition, the routers can provide Inline PoE to the external access points.
The integrated services routers support the full suite of AZR features, including:

• Secure Address Resolution Protocol (ARP)-IP Spoofing

• Called station ID (CSID) format

• Authorized ARP-IP Spoofing and session termination

• Automatically operational static address support

• Automatically operational static address Network Address Translation (NAT) accounting

• Automatically operational static address NAT timeout session termination

• Automatically operational static address and authentication

• ARP session termination

• Dynamic Host Configuration Protocol (DHCP) Option 82 secured address assignment and accounting

Figure 2. Public WLAN or WiFi Hotspot Network

As shown in Figure 2, integrated AZR services for the integrated services routers help enable secure, manageable service at public Wi-Fi hotspots. Table 3 shows the Public WLAN hotspot features for the integrated services router portfolio.

Table 3. Integrated Services Routers for Public WLAN Hotspots

Integrated Services Routers

Cisco 3800 Series

Cisco 2800 Series

Cisco 1800 Series

Cisco 800 Series

Comments

Model Numbers

Cisco 3845 and 3825

Cisco 2851, 2821, 2811, and 2801

Cisco 1841

Cisco 1812, 1811, 1803, 1802, and 1801

Cisco 878, 877, 876, and 871

Cisco 857 and 851

 

Small Hotspot with Integrated Access Point and AZR

X

X

X

X

Cisco 1800W

X

Cisco 870W

 

Modular routers with HWIC-AP WLAN Interface Card

Hotspots with Cisco Aironet Access Points and AZR

X

X

X

X

X

 

Also with Cisco 3700, Cisco 2691 Multiservice Platform, and Cisco 2600XM, 1700, and 830

PoE Ports for Cisco Aironet Access Points

X

X

 

X

X1

 

Also with Cisco 3700, 2691, and 2600XM

SSG and AZR Services for Large Multiprovider or Distributed Hotspots

X

X

(except Cisco 2801)

       

Also with Cisco 3700, 2691, and 2651XM

1Requires external midspan module and power supply

Ethernet Switch and PoE Support

For sites with discrete 802.11 access points-such as Cisco Aironet access points-the integrated services routers provide integrated IEEE 802.3af PoE to power the access points, eliminating the need for separate cabling and power infrastructure (Table 4).

Table 4. Integrated Services Routers with Ethernet Switch and Inline Power over Ethernet

Integrated Services Routers

Cisco 3800 Series

Cisco 2800 Series

Cisco 1800 Series

Cisco 800 Series

Comments

Model Numbers

Cisco 3845 and 3825

Cisco 2851, 2821, 2811, and 2801

Cisco 1841

Cisco 1812, 1811, 1803, 1802, and 1801

Cisco 878, 877, 876, and 871

Cisco 857 and 851

 

Integrated 10/100/1000 Gigabit Ethernet Ports (without PoE)

2

Cisco 2851-2

Cisco 2821-2

         

Integrated 10/100 Fast Ethernet Ports (without PoE)

 

Cisco 2811-2

Cisco 2801-2

2

2

     

Switch Ports with Optional IEEE 802.3af PoE (to power discrete Cisco Aironet Access Points, IP Phones, etc.)

Cisco
3845-72

Cisco
3825-52

Cisco 2851-44

Cisco 2821-24

Cisco 2811-24

Cisco 2801-16

8

81

4

0
(4 without PoE)

Requires PoE-capable power supply

Support for Cisco 4-Port 10/100BASE-T Fast Ethernet Switch HWIC (HWIC-4ESW) with PoE

X

X

X

(no PoE)

       

Support for Cisco 9-Port Doublewide 10/100BASE-T Ethernet Switch HWIC

(HWIC-D-9ESW) with PoE

X

X

         

Support for Ethernet Switch Network Modules (NM-ESWs) with PoE

X

X

(except Cisco 2801)

       

16-, 24-, 36-, and 48-port modules

Power Supply Redundancy

X

Cisco 38252 and 3845

X

Cisco 2851Error! Bookmark not defined., 2821Error! Bookmark not defined., and 2811Error! Bookmark not defined.

         
1Requires external midspan module and power supply
2With external redundant power supply

Service Selection Gateway

Cisco IOS Software-based SSG services provide subscriber authentication, service selection, service connection, and accounting capabilities in conjunction with the Cisco CNS SESM, a software toolkit that resides on a Windows, UNIX, or Linux server (Figure 3). Integrated services routers with SSG services can support up to 1000 users and can provide an ideal system for large, multiservice provider hotspots (for example, airports) and distributed public WLAN network deployments:

• SSG can authenticate and authorize subscribers to access public (or enterprise) WLAN services.

• In conjunction with a billing server, SSG can provide per-subscriber, per-service billing in both post- and prepaid billing modes.

• In conjunction with SESM, SSG can provide a Web portal for subscriber authentication and self-subscription, as well as service provider branding.

• SSG provides open-garden and walled-garden services for controlled access of information to subscribers.

Figure 3. Service Selection Gateway Helps Enable Individualized Subscriber Services for Service Providers and Enterprises

The integrated services routers with built-in 802.11 access points, AZR services, PoE, and SSG services comprise the industry's most comprehensive portfolio of Wi-Fi hotspot routers.

LMR-over-IP Services-Push-to-Talk Radio Interoperability

Push-to-talk radios-otherwise known as LMR systems-are used by companies, local governments, and other organizations to meet a wide range of communication requirements, including coordination of people and materials, important safety and security needs, and quick response in times of emergency. LMR systems provide high reliability, privacy, and local control, but are isolated and lack the ability to interoperate with other LMR systems and other types of communications devices. LMR over IP preserves the advantages of LMR systems while significantly expanding the scope of communications to include remote-access and dispatch operations from a variety of communications devices as well as interoperability among disparate radio systems.
Cisco integrated services routers (Table 5) act as LMR "gateways" to the IP network. The router takes advantage of standard ear-and-mouth (E&M) interfaces with LMR-specific software capabilities. These gateways link to existing LMR systems and make the critical adaptation of LMR audio and signaling to IP. The standards-based IP network that interconnects the LMR gateways provides the intelligent services necessary for real-time, point-to-multipoint traffic. The flexible, cost-effective solution helps enable multiple LMR systems to be joined together temporarily or permanently. The scalable, distributed architecture can support just a few to hundreds or thousands of users over unlimited distances across a public or private network. Server-based applications manage the LMR channels, and include features such as per-user access, distribution to PC and other clients, and unplanned or statically defined conferencing for cross-agency interoperability.
LMR over IP has three primary applications (see Figure 4):

• IP-Enabled Transport-The LMR gateway is used to connect the LMR system to the IP network in a point-to-point or point-to-multipoint configuration. This allows users to take advantage of IP infrastructure and eliminate dedicated-leased-line recurring charges.

• Remote Monitor and Dispatch from Phones and Other Devices-This application allows users to monitor and talk to one or multiple radio channels that are connected to an IP network, allowing them to access their radio system from any location with a network connection or telephone through a variety of clients-IP phone, PC, basic telephone service phone, or mobile phone.

• Multiagency Interoperability-This application provides the ability to "bridge" different radio systems together.

Figure 4. LMR over IP-Interoperability with Push-to-Talk Radios

Table 5. Integrated Services Router for LMR over IP

Integrated Services Routers

Cisco 3800 Series

Cisco 2800 Series

Comments

Model Numbers

Cisco 3845 and 3825

Cisco 2851, 2821, 2811, and 2801

 

IP-Enabled Transport of Radio Traffic

X

X

(except Cisco 2801)

Also with Cisco 3700, 2691, and 2600XM

Remote Monitor and Dispatch from IP Telephones, Analog or Mobile Phones, etc.

X

X

(except Cisco 2801)

Also with Cisco 3700, 2691, and 2600XM

Multiagency (multiradio system) Interoperability

X

X

(except Cisco 2801)

Also with Cisco 3700, 2691, and 2600XM

Wireless Infrastructure Services-Survivability, Telephony, and Mobility

Survivable Local Authentication

The integrated services routers provide backup authentication services for remote or branch-office WLANs during WAN link or RADIUS server failures. With this service, the integrated services router acts as a local authentication server to authenticate wireless clients when the AAA server is not available to enhance the survivability of the remote site. Up to 1000 user accounts can be configured in the local Cisco LEAP authentication database at the integrated services router (each account includes one username and password). (Refer to Figure 5.)

Figure 5. IEEE 802.1X Local Authentication Service for up to 1000 User Accounts

WLAN and Wired IP Telephony with CCME and SRST

The integrated services routers provide wired and WLAN IP Communications support, including support for the Cisco 7920 WLAN IP telephone. With CCME, the integrated services router can provide key system and private branch exchange (PBX) functionality for the wired and WLAN IP telephones. When a centralized Cisco CallManager is used, the integrated services router with SRST ensures that the telephony service is uninterrupted during WAN outages. (Refer to Figure 6.)

Figure 6. Wired and WLAN IP Telephony Support with CCME or SRST

Transparent Mobility for IP Networks Crossing and Media Type Roaming

In addition to supporting the sitewide Layer 2 mobility described previously, the integrated services routers extend their mobility portfolio by adding standard-based Mobile IP Home Agent support. The standards-based Mobile IP Home Agent helps mobile users transparently roam between Layer 3 boundaries as well as between different access networks. With these capabilities, a mobile user can roam freely within a campus where different IP subnets are used across the campus networks or move from or to the outside of the campus where a different access technology is used without dropping its application connections. In addition to providing this transparent mobility for an individual mobile user, the Mobile IP Home Agent in the integrated services routers also supports the same transparent mobility for an entire network-known as mobile networks. The mobile networks allow multiple devices that may move together as a unit, such as a police cruiser, to enjoy transparent mobility without understanding the Mobile IP protocol. IP Security (IPSec) can be integrated with Mobile IP to provide transparent, secure mobility. For more information about Mobile IP, go to http://www.cisco.com/warp/public/732/Tech/mobile/ip/ (see Figure 7).

Figure 7. IP Mobility Across WLAN and Mobile Wireless Networks

The wireless infrastructure services supported by the integrated services router portfolio are summarized in Table 6.

Table 6. Integrated Services Router for Wireless Infrastructure Services

Integrated Services Routers

Cisco 3800 Series

Cisco 2800 Series

Cisco 1800 Series

Cisco 800 Series

Comments

Model Numbers

Cisco 3845 and 3825

Cisco 2851, 2821, 2811, and 2801

Cisco 1841

Cisco 1812, 1811, 1803, 1802, and 1801

Cisco 878, 877, 876, and 871

Cisco 857 and
851

 

Survivable Local Authentication for Cisco LEAP Clients-Number of Clients Supported

Cisco 3845-1000

Cisco 3825-500

Cisco 2851-200

Cisco 2821-100

Cisco 2811-100

Cisco 2801-50

50

50

501

50Error! Bookmark not defined.

Cisco 3745-500

Cisco 3725-250

Cisco 2691-100

Cisco 2600XM-50

Voice-WLAN and Wired IP Telephony with CCME or SRST-Number of Clients Supported

Cisco 3845-240

Cisco 3825-168

Cisco 2851-96

Cisco 2821-48

Cisco 2811-36

Cisco 2801-24

       

Cisco 3745-192

Cisco 3725-144

Cisco 2691-72

IETF Mobile IP Home Agent for Mobile Node and Mobile Networks

X

X

(except Cisco 2801)

       

Also with Cisco 3700, 2691, and 2651XM

Mobile IP Home Agent RFC 3344 for Mobile Node and Mobile Networks

X

X

(except Cisco 2801)

         

Mobile IP Home Agent Support for RFC 3519 NAT Traversal

X

X

(except Cisco 2801)

         

Mobile IP Home Agent Redundancy for Transparent Failover

X

X

(except Cisco 2801)

         
1For the recommended number of users for each platform, please check the Cisco 850 and 870 Data Sheets

Applications

Wireless services can be used in a wide variety of applications, including (Figure 8):

• Enterprises-Corporate branch offices, bank branches, etc.

• Retailers-Small and large retail stores, distribution centers, etc.

• Government and Public Safety-Government offices, police stations, fire departments, etc.

• SMBs-Medical offices, service professionals (plumbers, electricians, etc.), and others

• Teleworkers-Home offices, etc.

Figure 8. Converged Wireless and Wired Branch Office with Secure Data, Voice, Switching, and Wireless

Wireless LAN Controller Functionality

The Wireless LAN Controller Module allows small and medium-sized businesses (SMBs) and enterprise branch offices to cost-effectively deploy and manage secure WLANs. The module provides unparalleled security, mobility, and ease of use for business-critical WLANs, delivering the most secure enterprise-class wireless system available. As a Cisco Integrated Services Router module, it delivers centralized security policies, wireless intrusion prevention system (IPS) capabilities, award-winning RF management, quality of service (QoS), and Layer 3 fast secure roaming for WLANs. The Cisco Wireless LAN Controller Module manages up to six Cisco Aironet® lightweight access points and is supported on Cisco 2800/3800 Series integrated services routers (Refer to Figure 9.)

Figure 9. Wireless LAN Controller Network Module with ISR

The Wireless LAN controller network module enables enterprises to create and enforce policies that support business-critical applications. From voice and data services to location tracking, the Cisco Wireless LAN controller network module provides the control, scalability, and reliability that IT managers require to build, secure, enterprise-class 802.11 wireless networks.

Intelligent RF Management

The Cisco Wireless LAN controller network module comes equipped with embedded software for adaptive real-time RF management. The Centralized wireless Solution uses Cisco's patent-pending Radio Resource Management (RRM) algorithms that detect and adapt to changes in the air space in real-time. These adjustments create the optimal topology for wireless networking in much the same way that routing protocols compute the best possible topology for IP networks. Cisco RMM creates an intelligent RF control plane for self-configuration, self-healing, and self-optimization of the wireless (Figure 10).

Figure 10. Enterprise Wide RF Intelligence

Specific intelligent RF capabilities managed by the Cisco Wireless LAN controller include:

• Dynamic Channel Assignment-802.11 channels are adjusted to optimize network coverage and performance based on changing RF conditions.

• Interference Detection and Avoidance-The system detects interference and recalibrates the network to avoid performance problems.

• Load Balancing-The system provides automatic load balancing of users across multiple access points for optimum network performance, even under heavy load.

• Coverage Hole Detection and Correction-RMM software detects coverage holes and attempts to correct them by adjusting the power output of access points.

• Dynamic Power Control-The system dynamically adjusts the power output of individual access points to accommodate changing network conditions, helping to ensure predictable wireless performance and availability.

Enterprise-Class Security

The Cisco Wireless LAN controller network module adheres to the strictest level of security standards, including:

• 802.11i Wi-Fi Protected Access 2 (WPA2), WPA, and Wired Equivalent Privacy (WEP)

• 802.1X with multiple Extensible Authentication Protocol (EAP) types-Protected EAP (PEAP), EAP with Transport Layer Security (EAP-TLS), EAP with Tunneled TLS (EAP-TTLS), and Cisco LEAP

The result is the industry's most comprehensive wireless LAN security solution.
In the Cisco Centralized Wireless LAN Solution, access points act as air monitors, communicating real-time information about the wireless domain to Cisco Wireless LAN Controllers. All security threats are rapidly identified and presented to network administrators via Cisco WCS, where accurate analysis can take place and corrective action can be taken.
Cisco provides the only wireless LAN system that offers simultaneous wireless protection and wireless LAN service delivery. This helps to ensure complete wireless LAN protection, with no unnecessary overlay equipment costs or extra monitoring devices. The Cisco Centralized Wireless LAN Solution can be deployed initially as a standalone wireless IPS, and reconfigured later to add wireless LAN data service. This allows network managers to create a "defense shield" around their RF domains, containing unauthorized wireless activity until they are ready to deploy wireless LAN services.
Cisco addresses wireless LAN security by offering multiple layers of protection (Figure 4), including:

• RF Security-Detect and avoid 802.11 interference and control unwanted RF propagation.

• Wireless LAN Intrusion Prevention and Location-The Cisco Centralized Wireless LAN Solution not only detects rogue devices or potential wireless threats, but also locates these devices. This helps IT administrators to quickly assess the threat level and take immediate action to mitigate threats as required.

• Identity-Based Networking-IT staff must support many different user access rights, device formats, and application requirements when securing wireless LANs. The Cisco wireless LAN system enables enterprises to deliver individualized security policies to wireless users or groups of users. These include:

–Layer 2 Security-802.1X (PEAP, LEAP, TTLS), WPA, 802.11i (WPA2)

–Layer 3 Security (and above)-IPSec, web authentication

–VLAN Assignments

–Access Control Lists (ACLs)-IP restrictions, protocol types, port, and differentiated services code point (DSCP) value

–QoS-multiple service levels, bandwidth contracts, traffic shaping and RF utilization

–Authentication, Authorization, and Accounting (AAA)/RADIUS-User session policies and rights management

• Network Admission Control (NAC)-Enforce policies pertaining to client configuration and behavior, to ensure that only end-user devices with appropriate security utilities can gain access to the network.

• Secure Mobility-Maintains the highest level of security in mobile environments with Cisco Proactive Key Caching (PKC), an extension to the 802.11i standard and precursor to the 802.11r standard that facilitates secure roaming with advanced encryption standard (AES) encryption and RADIUS authentication.

• Guest Tunneling-Provides additional security for access to the corporate network by guest users. It helps ensure that guest users are unable to access the corporate network without first passing through the corporate firewall. Guest Switch tunneling can be initiated on Wireless LAN controller network module but can not be terminated. For terminating Guest Switch tunneling a 44xx controller is required.

Figure 11. Multiple Layers of Wireless LAN Protection

Real-Time Application Support

The Cisco Centralized wireless LAN Solution provides best-in-class performance to support real-time applications such as voice. The Cisco Wireless LAN controller network module enables rapid handoff between access points, providing smooth mobility with no interruption in service to the client. Intelligent queuing and contention management schemes provide effective resource management of the air space. Cisco Wireless LAN controller network module also supports QoS capabilities that are Wi-Fi Multimedia (WMM)-compliant and closely mirror the emerging IEEE 802.11e standard. Full compliance with the finished standard will be achieved via a software upgrade when the final standard is ratified.

Mobility

The Cisco Wireless LAN controller network module allows users to roam between access points and across bridged and routed subnets without requiring changes to underlying infrastructure. Security and QoS context information follows users wherever they roam, helping to ensure that mobility does not compromise performance, reliability, or privacy. The Cisco Wireless LAN controller network module does not require any modifications to existing infrastructures or client devices to enable mobility (Mobile IP, for example).

Simplified Deployment and Management

The Cisco Wireless LAN controller network module is easy to deploy and cost-effective to own and operate. It provides maximum flexibility to deploy in SMB and Enterprise branch offices. It supports zero-touch deployments that do not require manual or pre-configuration of the access points. It also supports template-based configuration management. These intuitive templates enable the quick application of system-wide security configurations, QoS policies, mobility groups, back-end services and other key configurations via the easy-to-use, award winning Cisco Centralized wireless LAN Solution user interface.
When deployed with the Cisco WCS, it supports enhanced monitoring and troubleshooting features including intuitive heat maps displays, alarm filtering, event correlation, and granular reporting tools.

Table 7. Integrated Services Router for Wireless LAN Controller Functionality

Integrated Services Routers

Cisco 3800 Series

Cisco 2800 Series

Cisco 1800 Series

Cisco 800 Series

Comments

Model Numbers

Cisco 3845 and 3825

Cisco 2851, 2821, 2811, and 2801

Cisco 1841

Cisco 1812, 1811, 1803, 1802, and 1801

Cisco 878, 877, 876, and 871

Cisco 857 and 851

 

Cisco Wireless LAN Controller Integration

X

X

         

Integrated RRM

X

X

         

WLAN Controller Management-Number of Controller Modules Managed

Up to 100

Up to 100

       

Using Cisco WCS

Zero-Configuration Deployment

X

X

         

Summary

The Cisco Integrated Services Router portfolio provides the opportunity to select a variety of options for wireless connectivity, whether integrated WLAN connectivity (available across all models), Wi-Fi hotspot services (available across all models), secure wireless infrastructure services (available for selected models), or LMR-over-IP services (available for selected models), delivering a single, integrated platform for wired and wireless data, voice, video, and security services.

Ordering Information

To place an order, visit the Cisco Ordering Home Page or refer to Table 7.

Table 8. Ordering Information

Part Number

Product Name

CISCO851W-G-A-K9

Cisco 851 Ethernet to Ethernet Wireless Router; Americas

CISCO851W-G-E-K9

Cisco 851 Ethernet to Ethernet Wireless Router; Europe

CISCO851W-G-J-K9

Cisco 851 Ethernet to Ethernet Wireless Router; Japan

CISCO857W-G-A-K9

Cisco 857 ADSL Wireless Router; U.S. and Americas

CISCO857W-G-E-K9

Cisco 857 ADSL Wireless Router; Europe

CISCO871W-G-A-K9

Cisco 871 Ethernet to Ethernet Wireless Router; U.S./Americas

CISCO871W-G-E-K9

Cisco 871 Ethernet to Ethernet Wireless Router; Europe

CISCO871W-G-J-K9

Cisco 871 Ethernet to Ethernet Wireless Router; Japan

CISCO876W-G-E-K9

Cisco 876 ADSL over ISDN Wireless Router

CISCO877W-G-A-K9

Cisco 877 ADSL Wireless Router: U.S./Americas

CISCO877W-G-E-K9

Cisco 877 ADSL Wireless Router: Europe

CISCO878W-G-A-K9

Cisco 878 G.SHDSL Wireless Router: U.S./Americas

CISCO878W-G-E-K9

Cisco 878 G.SHDSL Wireless Router: Europe

CISCO1801W-AG-E/K9

Cisco 1801 ADSL over POTS Wireless Router

CISCO1802W-AG-E/K9

Cisco 1802 ADSL over ISDN Wireless Router

CISCO1801W-AG-C/K9

Cisco 1801 ADSL over POTS Wireless Router: China

CISCO1801W-AG-N/K9

Cisco 1801 ADSL over POTS Wireless Router: Australia/NZ

CISCO1803W-AG-A/K9

Cisco 1803 G.SHDSL Wireless Router: Americas

CISCO1803W-AG-E/K9

Cisco 1803 G.SHDSL Wireless Router: Europe

CISCO1811W-AG-A/K9

Cisco 1811 Security Wireless Router: Americas

CISCO1812W-AG-E/K9

Cisco 1812 Security Wireless Router: Europe

CISCO1811W-AG-C/K9

Cisco 1811 Security Wireless Router: China

CISCO1811W-AG-N/K9

Cisco 1811 Security Wireless Router: Australia/NZ

HWIC-AP-G-A (=)

Cisco 802.11b/g HWIC-AP WLAN Interface Card for the Americas (FCC configuration)

HWIC-AP-G-E (=)

Cisco 802.11b/g HWIC-AP WLAN Interface Card for Europe (ETSI configuration)

HWIC-AP-G-J (=)

Cisco 802.11b/g HWIC-AP WLAN Interface Card for Japan (TELEC configuration)

HWIC-AP-AG-A (=)

Cisco 802.11a/b/g HWIC-AP WLAN Interface Card for the Americas (FCC configuration)

HWIC-AP-AG-E (=)

Cisco 802.11a/b/g HWIC-AP WLAN Interface Card for Europe (ETSI configuration)

HWIC-AP-AG-P (=)

Cisco 802.11a/b/g HWIC-AP WLAN Interface Card for Japan (TELEC configuration)

HWIC-AP-AG-N (=)

Cisco 802.11a/b/g HWIC-AP WLAN Interface Card for Australia/NZ

AIR-ANT2422D-R

Cisco Aironet Swivel Mount Dipole Antenna (2.4 GHz for 802.11b/g access points, 2.2 dBi), (system part number for AIR-ANT4941 spare)

AIR-ANT4941 (=)

Cisco Aironet Swivel Mount Dipole Antenna (2.4 GHz for 802.11b/g access points, 2.2 dBi)

AIR-ANT2420V-R

Cisco Aironet Diversity Patch Omni-Directional Ceiling-Mount Antenna (2.4 GHz for 802.11b/g access points,2 dBi), (system part number for AIR-ANT5959 spare)

AIR-ANT1728

Cisco Aironet Omni-Directional Ceiling-Mount Antenna, spare (2.4 GHz for 802.11b/g access points, 5.2 dBi (not supported for Japan)

AIR-ANT3549 (=)

Cisco Aironet Diversity Patch Wall-Mount Antenna (2.4 GHz for 802.11b/g access points, 9 dBi) spare (not supported for US/Canada)

AIR-ANT5959 (=)

Cisco Aironet Diversity Omnidirectional Ceiling Mount Antenna (2.4 GHz for 802.11b/g access points, 2 dBi) spare

AIR-ANTM2050D-R (=)

Cisco Dual-band swivel mount dipole antenna (2.2 dBi, 2.4 GHz and 5.0 dBi, 5 GHz)

AIR-ANTM5560P-R (=)

Cisco Dual-band diversity ceiling-mount omnidirectional antenna (4.0 dBi, 2.4 GHz and 5.0 dBi, 5 GHz)

AIR-ANTM4050V-R (=)

Cisco Dual-band wall-mount patch antenna (5.5 dBi, 2.4 GHz and 6.0 dBi, 5 GHz)

NM-AIR-WLC6-K9

Cisco Wireless LAN controller network module for up to 6 Lightweight Access Points (system SKU)

NM-AIR-WLC6-K9=

Cisco Wireless SLAN controller network module for up to 6 lightweight Access Points (spare SKU)

2007/05/05 21:11 2007/05/05 21:11

트랙백 주소 :: http://thinkit.or.kr/network/trackback/368

댓글을 달아 주세요