Wireless Services on the Cisco 800, 1800, 2800, and 3800 Series Integrated Services Routers
Cisco Systems® integrated services routers with wireless services provide a complete, secure wireless infrastructure solution for enterprise branch offices, small and medium-sized businesses (SMBs), public wireless LAN (WLAN) or Wi-Fi hotspots, and small remote offices and teleworkers. The Cisco® Integrated Services Router portfolio supports integrated WLAN connectivity, Wi-Fi hotspot services, Cisco Land Mobile Radio (LMR)-over-IP services, and wireless infrastructure services.
Product Overview
Cisco Systems is redefining best-in-class routing for the secure delivery of concurrent data, voice, video, and wireless services. The modular Cisco 1800, 2800, and 3800 series as well as the fixed-configuration Cisco 800 and 1800 series integrated services routers offer the industry's most comprehensive suite of wireless services to enable productivity enhancements for wireless enterprise branch offices, SMBs, public WLAN and Wi-Fi hotspots, small remote offices, and teleworker environments (Figure 1).
Figure 1. Cisco Integrated Services Router Portfolio with Wireless Services
The following wireless solutions can be applied to selected models of the Cisco Integrated Services Router portfolio:
• WLAN Connectivity-Integrated 802.11 WLAN access points are supported as an option with the entire portfolio of integrated services routers, including the Cisco 800 and 1800 series fixed-configuration wireless routers and the Cisco 1800, 2800, and 3800 series modular routers, each available with a built-in access point or a high-speed WAN interface card (HWIC) access-point module.
• Public WLAN Hotspot-Integrated WLAN access points, access-zone-router (AZR) services, and Service Selection Gateway (SSG) services provide a comprehensive selection of routers for Wi-Fi hotspot locations:
–Small hotspots requiring a single access point and AZR services can be served by a single integrated services router with an integrated access point (Cisco 800, 1800, 2800, and 3800 integrated services routers).
–Hotspots requiring multiple access points and AZR services or Power over Ethernet (PoE) can be supported with an integrated services router and Cisco Aironet® access points (Cisco 1800, 2800, and 3800 integrated services routers).
–Large multiprovider or distributed hotspots (for example, airports) can be supported with Cisco Aironet access points and an integrated services router with AZR capabilities and a SSG (Cisco 2800 and 3800 integrated services routers).
• LMR over IP-LMR-over-IP services are supported on selected integrated services routers (Cisco 2800 and 3800 routers) significantly expand the scope of push-to-talk radio communications to include remote-access and dispatch operations from a variety of communications devices (IP telephones, analog telephones, cellular telephones, etc.) as well as interoperability among disparate radio systems to enhance productivity and collaboration capabilities for radio users at:
–Enterprises-Corporate security and emergency response services (security guards, medical technicians), building management and repair services (mail, electrical, heating, ventilating, and air conditioning [HVAC]), fleet services (trucking, installation, repair technicians), etc.
–SMBs-Plumbers, electricians, delivery personnel, construction, etc.
–Public Safety Venues-Police, fire, medical responders, etc.
• Wireless Infrastructure Services-Integrated services routers (Cisco 2800 and 3800 series) provide enhanced WLAN survivability and mobility services with Cisco Aironet® access points located at branch offices and remote sites. The SSG helps enable customized guest access, and the Mobile IP Home Agent feature of Cisco IOS® Software helps enable mobility across WLAN and mobile (cellular) networks.
–Survivable IEEE 802.1X local authentication capability in the router allows authentication of up to 1000 wireless clients to the secure wireless network at a remote site without a separate authentication, authorization, and accounting (AAA) server or as a backup for the AAA server at headquarters.
–WLAN and wired IP telephony support with Cisco CallManager Express (CCME) and Survivable Remote Site Telephony (SRST).
–Customized guest access solutions for large enterprises are enabled with SSG and the Cisco CNS Subscriber Edge Services Manager (SESM).
–The Mobile IP Home Agent helps enable transparent mobility and application session continuity for mobile users and mobile networks when they roam across IP network boundaries and different access network types, such as WLAN and mobile (cellular) 2.5- and third-generation (3G) networks.
• Wireless LAN Controller Functionality-Integrated services routers (Cisco 2800 and 3800 series) provide wireless LAN controller functionality with the Cisco Wireless LAN Controller Network Module. The Integrated wireless LAN Controller network module provides system wide wireless LAN functions, such as creating and enforcing security policies, intrusion prevention, RF management, quality of service (QoS), and mobility.
–Zero-touch access point configuration by managing all access points as a complete wireless LAN system.
–Embedded software with Radio Resource Management (RRM) algorithms to detect and adapt to changes in the air space in real time-creating a self-configuring, self-optimizing, and self-correcting wireless LAN environment.
–Supports up to 6 Access Points with an aggregated throughput of 75 Mbps.
Features Table
Table 1 summarizes the primary wireless services supported on the integrated services routers.
Table 1. Cisco Integrated Services Router Portfolio with Wireless Services
Integrated Services Routers |
Cisco 3800 Series |
Cisco 2800 Series |
Cisco 1800 Series |
Cisco 800 Series |
Model Numbers |
Cisco 3845 and 3825 |
Cisco 2851, 2821, 2811, and 2801 |
Cisco 1841 |
Cisco 1812, 1811, 1803, 1802, and 1801 |
Cisco 878, 877, 876, and 871 |
Cisco 857 and 851 |
Data |
X |
X |
X |
X |
X |
X |
Security |
X |
X |
X |
X |
X |
X |
Wireless |
X |
X |
X |
X |
X |
X |
WLAN Connectivity (integrated access point) |
X |
X |
X |
X
Cisco 1800W |
X
Cisco 870W |
X
Cisco 850W |
Public WLAN Hotspot |
X |
X |
X |
X |
X |
X |
LMR over IP |
X |
X
(except Cisco 2801) |
|
|
|
|
Wireless Infrastructure Services |
X |
X
(except Cisco 2801) |
|
|
|
|
Wireless LAN Controller Functionality |
X |
X
(except Cisco 2801) |
|
|
|
|
Switching |
X |
X |
X |
X |
X |
X |
PoE |
X |
X |
|
X |
X1 |
|
Voice-WLAN and Wired IP Telephony |
X |
X |
|
|
|
|
Modularity and Upgradability |
X |
X |
X |
|
|
|
Advanced Integration Modules (AIMs), HWICs, Voice Interface Cards (VICs), Voice/WAN Interface Cards (VWICs), and WAN Interface Cards (WICs) |
X |
X |
X |
|
|
|
Network Modules for Advanced Services |
X |
X
(except Cisco 2801) |
|
|
|
|
Power Supply Redundancy |
X
Cisco 3825 and 3845 |
X
Cisco 2851, 2821, and 2811 |
|
|
|
|
With external redundant power supply
Requires external midspan module and power supply |
Features and Benefits
WLAN Connectivity Services-Integrated 802.11b/g and 802.11a/b/g Access Points
IEEE 802.11 Wi-Fi certified, the integrated access points for the integrated services routers deliver robust and predictable IEEE 802.11 coverage with strong radio sensitivity and superior performance. Enhanced security with support for Wi-Fi Protected Access (WPA) enterprise including authentication with 802.1X and Cisco LEAP, Protected Extensible Authentication Protocol (PEAP), or Extensible Authentication Protocol Transport Layer Security (EAP TLS); encryption with Temporal Key Integrity Protocol (TKIP), dynamic WEP, or static WEP; Simple Secure Network (SSN); and MAC address filtering. WLAN VLANs and 802.1q are also supported.
The integrated access points are optimized for small sites requiring a single access point. Discrete Cisco Aironet access points are recommended for sites requiring multiple access points. The integrated access points have removable, field-replaceable diversity antennas to support standard or customized access-point configurations (except the Cisco 850W Series, which have a single fixed antenna). Router management is supported by CiscoWorks, CiscoView, and Cisco Router and Security Device Management (SDM)-based wireless device management. A GUI-based network management for wireless interface is provided.
Integrated 802.11b/g WLAN Connectivity
The integrated 802.11b/g access point in a wireless router supports up to 54 Mbps connections. The single-band (2.4 GHz) integrated access point is supported on the Cisco 800W Series and the 802.11b/g HWIC-AP WLAN Interface Card for the modular Cisco 1800, 2800, and 3800 series integrated services routers.
Integrated 802.11a/b/g WLAN Connectivity
The integrated 802.11a/b/g access point in a wireless router supports up to 108 Mbps connections. The dual-band (simultaneous 2.4 GHz and 5 GHz) integrated access point is supported on the Cisco 1800W Series and the 802.11a/b/g HWIC-AP WLAN Interface Card module for the modular Cisco 1800, 2800, and 3800 series integrated services routers.
Table 2 summarizes the WLAN connectivity options available for the integrated services router portfolio.
Table 2. Integrated Services Router WLAN Connectivity
Integrated Services Routers |
Cisco 3800 Series |
Cisco 2800 Series |
Cisco 1800 Series |
Cisco 800 Series |
Comments |
Model Numbers |
Cisco 3845 and 3825 |
Cisco 2851, 2821, 2811, and 2801 |
Cisco 1841 |
Cisco 1812, 1811, 1803, 1802, and 1801 |
Cisco 878, 877, 876, and 871 |
Cisco 857 and 851 |
|
Integrated 802.11b/g Access Point (2.4 GHz; 54 Mbps) |
X |
X |
X |
|
X
Cisco 870W |
X
Cisco 850W |
Modular routers with HWIC-AP WLAN interface card |
Integrated 802.11a/b/g Access Point (simultaneous 2.4 and 5-GHz; 2 x 54 Mbps) |
X |
X |
X |
X
Cisco 1800W |
|
|
Modular routers with HWIC-AP WLAN interface card |
RP-TNC Connectors for Field-Replaceable Optional High-Gain Antennas |
X |
X |
X |
X |
X |
|
|
Diversity (dual) Antennas |
X |
X |
X |
X |
X |
|
|
Support for Discrete Cisco Aironet Access Points |
X |
X |
X |
X |
X |
X |
|
Public WLAN Hotspot Service-Integrated 802.11 Access Points, AZR, PoE, and SSG Support
The Cisco integrated services routers provide a complete solution for public WLAN hotspots (or access zones) in a single device.
Integrated 802.11b/g and 802.11a/b/g WLAN Connectivity
As described earlier, Cisco integrated service routers offer an integrated 802.11b/g or 802.11a/b/g access-point option for Wi-Fi hotspot services.
AZR
AZR capability helps ensure that the hotspot network is secured for authorized public access. An AZR with an integrated 802.11 WLAN eases the deployment and configuration necessary to provide an accessible and secure public Wi-Fi hotspot. Acting as an AZR, the integrated services routers can be used with an integrated access point or can be used to extend services to discrete access points connected to 10/100BASE-T switch ports on the integrated services router. In addition, the routers can provide Inline PoE to the external access points.
The integrated services routers support the full suite of AZR features, including:
• Secure Address Resolution Protocol (ARP)-IP Spoofing
• Called station ID (CSID) format
• Authorized ARP-IP Spoofing and session termination
• Automatically operational static address support
• Automatically operational static address Network Address Translation (NAT) accounting
• Automatically operational static address NAT timeout session termination
• Automatically operational static address and authentication
• ARP session termination
• Dynamic Host Configuration Protocol (DHCP) Option 82 secured address assignment and accounting
Figure 2. Public WLAN or WiFi Hotspot Network
As shown in Figure 2, integrated AZR services for the integrated services routers help enable secure, manageable service at public Wi-Fi hotspots. Table 3 shows the Public WLAN hotspot features for the integrated services router portfolio.
Table 3. Integrated Services Routers for Public WLAN Hotspots
Integrated Services Routers |
Cisco 3800 Series |
Cisco 2800 Series |
Cisco 1800 Series |
Cisco 800 Series |
Comments |
Model Numbers |
Cisco 3845 and 3825 |
Cisco 2851, 2821, 2811, and 2801 |
Cisco 1841 |
Cisco 1812, 1811, 1803, 1802, and 1801 |
Cisco 878, 877, 876, and 871 |
Cisco 857 and 851 |
|
Small Hotspot with Integrated Access Point and AZR |
X |
X |
X |
X
Cisco 1800W |
X
Cisco 870W |
|
Modular routers with HWIC-AP WLAN Interface Card |
Hotspots with Cisco Aironet Access Points and AZR |
X |
X |
X |
X |
X |
|
Also with Cisco 3700, Cisco 2691 Multiservice Platform, and Cisco 2600XM, 1700, and 830 |
PoE Ports for Cisco Aironet Access Points |
X |
X |
|
X |
X |
|
Also with Cisco 3700, 2691, and 2600XM |
SSG and AZR Services for Large Multiprovider or Distributed Hotspots |
X |
X
(except Cisco 2801) |
|
|
|
|
Also with Cisco 3700, 2691, and 2651XM |
Requires external midspan module and power supply |
Ethernet Switch and PoE Support
For sites with discrete 802.11 access points-such as Cisco Aironet access points-the integrated services routers provide integrated IEEE 802.3af PoE to power the access points, eliminating the need for separate cabling and power infrastructure (Table 4).
Table 4. Integrated Services Routers with Ethernet Switch and Inline Power over Ethernet
Integrated Services Routers |
Cisco 3800 Series |
Cisco 2800 Series |
Cisco 1800 Series |
Cisco 800 Series |
Comments |
Model Numbers |
Cisco 3845 and 3825 |
Cisco 2851, 2821, 2811, and 2801 |
Cisco 1841 |
Cisco 1812, 1811, 1803, 1802, and 1801 |
Cisco 878, 877, 876, and 871 |
Cisco 857 and 851 |
|
Integrated 10/100/1000 Gigabit Ethernet Ports (without PoE) |
2 |
Cisco 2851-2
Cisco 2821-2 |
|
|
|
|
|
Integrated 10/100 Fast Ethernet Ports (without PoE) |
|
Cisco 2811-2
Cisco 2801-2 |
2 |
2 |
|
|
|
Switch Ports with Optional IEEE 802.3af PoE (to power discrete Cisco Aironet Access Points, IP Phones, etc.) |
Cisco 3845-72
Cisco 3825-52 |
Cisco 2851-44
Cisco 2821-24
Cisco 2811-24
Cisco 2801-16 |
8 |
8 |
4 |
0 (4 without PoE) |
Requires PoE-capable power supply |
Support for Cisco 4-Port 10/100BASE-T Fast Ethernet Switch HWIC (HWIC-4ESW) with PoE |
X |
X |
X
(no PoE) |
|
|
|
|
Support for Cisco 9-Port Doublewide 10/100BASE-T Ethernet Switch HWIC
(HWIC-D-9ESW) with PoE |
X |
X |
|
|
|
|
|
Support for Ethernet Switch Network Modules (NM-ESWs) with PoE |
X |
X
(except Cisco 2801) |
|
|
|
|
16-, 24-, 36-, and 48-port modules |
Power Supply Redundancy |
X
Cisco 3825 and 3845 |
X
Cisco 2851Error! Bookmark not defined., 2821Error! Bookmark not defined., and 2811Error! Bookmark not defined. |
|
|
|
|
|
Requires external midspan module and power supply
With external redundant power supply |
Service Selection Gateway
Cisco IOS Software-based SSG services provide subscriber authentication, service selection, service connection, and accounting capabilities in conjunction with the Cisco CNS SESM, a software toolkit that resides on a Windows, UNIX, or Linux server (Figure 3). Integrated services routers with SSG services can support up to 1000 users and can provide an ideal system for large, multiservice provider hotspots (for example, airports) and distributed public WLAN network deployments:
• SSG can authenticate and authorize subscribers to access public (or enterprise) WLAN services.
• In conjunction with a billing server, SSG can provide per-subscriber, per-service billing in both post- and prepaid billing modes.
• In conjunction with SESM, SSG can provide a Web portal for subscriber authentication and self-subscription, as well as service provider branding.
• SSG provides open-garden and walled-garden services for controlled access of information to subscribers.
Figure 3. Service Selection Gateway Helps Enable Individualized Subscriber Services for Service Providers and Enterprises
The integrated services routers with built-in 802.11 access points, AZR services, PoE, and SSG services comprise the industry's most comprehensive portfolio of Wi-Fi hotspot routers.
LMR-over-IP Services-Push-to-Talk Radio Interoperability
Push-to-talk radios-otherwise known as LMR systems-are used by companies, local governments, and other organizations to meet a wide range of communication requirements, including coordination of people and materials, important safety and security needs, and quick response in times of emergency. LMR systems provide high reliability, privacy, and local control, but are isolated and lack the ability to interoperate with other LMR systems and other types of communications devices. LMR over IP preserves the advantages of LMR systems while significantly expanding the scope of communications to include remote-access and dispatch operations from a variety of communications devices as well as interoperability among disparate radio systems.
Cisco integrated services routers (Table 5) act as LMR "gateways" to the IP network. The router takes advantage of standard ear-and-mouth (E&M) interfaces with LMR-specific software capabilities. These gateways link to existing LMR systems and make the critical adaptation of LMR audio and signaling to IP. The standards-based IP network that interconnects the LMR gateways provides the intelligent services necessary for real-time, point-to-multipoint traffic. The flexible, cost-effective solution helps enable multiple LMR systems to be joined together temporarily or permanently. The scalable, distributed architecture can support just a few to hundreds or thousands of users over unlimited distances across a public or private network. Server-based applications manage the LMR channels, and include features such as per-user access, distribution to PC and other clients, and unplanned or statically defined conferencing for cross-agency interoperability.
LMR over IP has three primary applications (see Figure 4):
• IP-Enabled Transport-The LMR gateway is used to connect the LMR system to the IP network in a point-to-point or point-to-multipoint configuration. This allows users to take advantage of IP infrastructure and eliminate dedicated-leased-line recurring charges.
• Remote Monitor and Dispatch from Phones and Other Devices-This application allows users to monitor and talk to one or multiple radio channels that are connected to an IP network, allowing them to access their radio system from any location with a network connection or telephone through a variety of clients-IP phone, PC, basic telephone service phone, or mobile phone.
• Multiagency Interoperability-This application provides the ability to "bridge" different radio systems together.
Figure 4. LMR over IP-Interoperability with Push-to-Talk Radios
Table 5. Integrated Services Router for LMR over IP
Integrated Services Routers |
Cisco 3800 Series |
Cisco 2800 Series |
Comments |
Model Numbers |
Cisco 3845 and 3825 |
Cisco 2851, 2821, 2811, and 2801 |
|
IP-Enabled Transport of Radio Traffic |
X |
X
(except Cisco 2801) |
Also with Cisco 3700, 2691, and 2600XM |
Remote Monitor and Dispatch from IP Telephones, Analog or Mobile Phones, etc. |
X |
X
(except Cisco 2801) |
Also with Cisco 3700, 2691, and 2600XM |
Multiagency (multiradio system) Interoperability |
X |
X
(except Cisco 2801) |
Also with Cisco 3700, 2691, and 2600XM |
Wireless Infrastructure Services-Survivability, Telephony, and Mobility
Survivable Local Authentication
The integrated services routers provide backup authentication services for remote or branch-office WLANs during WAN link or RADIUS server failures. With this service, the integrated services router acts as a local authentication server to authenticate wireless clients when the AAA server is not available to enhance the survivability of the remote site. Up to 1000 user accounts can be configured in the local Cisco LEAP authentication database at the integrated services router (each account includes one username and password). (Refer to Figure 5.)
Figure 5. IEEE 802.1X Local Authentication Service for up to 1000 User Accounts
WLAN and Wired IP Telephony with CCME and SRST
The integrated services routers provide wired and WLAN IP Communications support, including support for the Cisco 7920 WLAN IP telephone. With CCME, the integrated services router can provide key system and private branch exchange (PBX) functionality for the wired and WLAN IP telephones. When a centralized Cisco CallManager is used, the integrated services router with SRST ensures that the telephony service is uninterrupted during WAN outages. (Refer to Figure 6.)
Figure 6. Wired and WLAN IP Telephony Support with CCME or SRST
Transparent Mobility for IP Networks Crossing and Media Type Roaming
In addition to supporting the sitewide Layer 2 mobility described previously, the integrated services routers extend their mobility portfolio by adding standard-based Mobile IP Home Agent support. The standards-based Mobile IP Home Agent helps mobile users transparently roam between Layer 3 boundaries as well as between different access networks. With these capabilities, a mobile user can roam freely within a campus where different IP subnets are used across the campus networks or move from or to the outside of the campus where a different access technology is used without dropping its application connections. In addition to providing this transparent mobility for an individual mobile user, the Mobile IP Home Agent in the integrated services routers also supports the same transparent mobility for an entire network-known as mobile networks. The mobile networks allow multiple devices that may move together as a unit, such as a police cruiser, to enjoy transparent mobility without understanding the Mobile IP protocol. IP Security (IPSec) can be integrated with Mobile IP to provide transparent, secure mobility. For more information about Mobile IP, go to
http://www.cisco.com/warp/public/732/Tech/mobile/ip/ (see Figure 7).
Figure 7. IP Mobility Across WLAN and Mobile Wireless Networks
The wireless infrastructure services supported by the integrated services router portfolio are summarized in Table 6.
Table 6. Integrated Services Router for Wireless Infrastructure Services
Integrated Services Routers |
Cisco 3800 Series |
Cisco 2800 Series |
Cisco 1800 Series |
Cisco 800 Series |
Comments |
Model Numbers |
Cisco 3845 and 3825 |
Cisco 2851, 2821, 2811, and 2801 |
Cisco 1841 |
Cisco 1812, 1811, 1803, 1802, and 1801 |
Cisco 878, 877, 876, and 871 |
Cisco 857 and 851 |
|
Survivable Local Authentication for Cisco LEAP Clients-Number of Clients Supported |
Cisco 3845-1000
Cisco 3825-500 |
Cisco 2851-200
Cisco 2821-100
Cisco 2811-100
Cisco 2801-50 |
50 |
50 |
50 |
50Error! Bookmark not defined. |
Cisco 3745-500
Cisco 3725-250
Cisco 2691-100
Cisco 2600XM-50 |
Voice-WLAN and Wired IP Telephony with CCME or SRST-Number of Clients Supported |
Cisco 3845-240
Cisco 3825-168 |
Cisco 2851-96
Cisco 2821-48
Cisco 2811-36
Cisco 2801-24 |
|
|
|
|
Cisco 3745-192
Cisco 3725-144
Cisco 2691-72 |
IETF Mobile IP Home Agent for Mobile Node and Mobile Networks |
X |
X
(except Cisco 2801) |
|
|
|
|
Also with Cisco 3700, 2691, and 2651XM |
Mobile IP Home Agent RFC 3344 for Mobile Node and Mobile Networks |
X |
X
(except Cisco 2801) |
|
|
|
|
|
Mobile IP Home Agent Support for RFC 3519 NAT Traversal |
X |
X
(except Cisco 2801) |
|
|
|
|
|
Mobile IP Home Agent Redundancy for Transparent Failover |
X |
X
(except Cisco 2801) |
|
|
|
|
|
For the recommended number of users for each platform, please check the Cisco 850 and 870 Data Sheets |
Applications
Wireless services can be used in a wide variety of applications, including (Figure 8):
• Enterprises-Corporate branch offices, bank branches, etc.
• Retailers-Small and large retail stores, distribution centers, etc.
• Government and Public Safety-Government offices, police stations, fire departments, etc.
• SMBs-Medical offices, service professionals (plumbers, electricians, etc.), and others
• Teleworkers-Home offices, etc.
Figure 8. Converged Wireless and Wired Branch Office with Secure Data, Voice, Switching, and Wireless
Wireless LAN Controller Functionality
The Wireless LAN Controller Module allows small and medium-sized businesses (SMBs) and enterprise branch offices to cost-effectively deploy and manage secure WLANs. The module provides unparalleled security, mobility, and ease of use for business-critical WLANs, delivering the most secure enterprise-class wireless system available. As a Cisco Integrated Services Router module, it delivers centralized security policies, wireless intrusion prevention system (IPS) capabilities, award-winning RF management, quality of service (QoS), and Layer 3 fast secure roaming for WLANs. The Cisco Wireless LAN Controller Module manages up to six Cisco Aironet® lightweight access points and is supported on Cisco 2800/3800 Series integrated services routers (Refer to Figure 9.)
Figure 9. Wireless LAN Controller Network Module with ISR
The Wireless LAN controller network module enables enterprises to create and enforce policies that support business-critical applications. From voice and data services to location tracking, the Cisco Wireless LAN controller network module provides the control, scalability, and reliability that IT managers require to build, secure, enterprise-class 802.11 wireless networks.
Intelligent RF Management
The Cisco Wireless LAN controller network module comes equipped with embedded software for adaptive real-time RF management. The Centralized wireless Solution uses Cisco's patent-pending Radio Resource Management (RRM) algorithms that detect and adapt to changes in the air space in real-time. These adjustments create the optimal topology for wireless networking in much the same way that routing protocols compute the best possible topology for IP networks. Cisco RMM creates an intelligent RF control plane for self-configuration, self-healing, and self-optimization of the wireless (Figure 10).
Figure 10. Enterprise Wide RF Intelligence
Specific intelligent RF capabilities managed by the Cisco Wireless LAN controller include:
• Dynamic Channel Assignment-802.11 channels are adjusted to optimize network coverage and performance based on changing RF conditions.
• Interference Detection and Avoidance-The system detects interference and recalibrates the network to avoid performance problems.
• Load Balancing-The system provides automatic load balancing of users across multiple access points for optimum network performance, even under heavy load.
• Coverage Hole Detection and Correction-RMM software detects coverage holes and attempts to correct them by adjusting the power output of access points.
• Dynamic Power Control-The system dynamically adjusts the power output of individual access points to accommodate changing network conditions, helping to ensure predictable wireless performance and availability.
Enterprise-Class Security
The Cisco Wireless LAN controller network module adheres to the strictest level of security standards, including:
• 802.11i Wi-Fi Protected Access 2 (WPA2), WPA, and Wired Equivalent Privacy (WEP)
• 802.1X with multiple Extensible Authentication Protocol (EAP) types-Protected EAP (PEAP), EAP with Transport Layer Security (EAP-TLS), EAP with Tunneled TLS (EAP-TTLS), and Cisco LEAP
The result is the industry's most comprehensive wireless LAN security solution.
In the Cisco Centralized Wireless LAN Solution, access points act as air monitors, communicating real-time information about the wireless domain to Cisco Wireless LAN Controllers. All security threats are rapidly identified and presented to network administrators via Cisco WCS, where accurate analysis can take place and corrective action can be taken.
Cisco provides the only wireless LAN system that offers simultaneous wireless protection and wireless LAN service delivery. This helps to ensure complete wireless LAN protection, with no unnecessary overlay equipment costs or extra monitoring devices. The Cisco Centralized Wireless LAN Solution can be deployed initially as a standalone wireless IPS, and reconfigured later to add wireless LAN data service. This allows network managers to create a "defense shield" around their RF domains, containing unauthorized wireless activity until they are ready to deploy wireless LAN services.
Cisco addresses wireless LAN security by offering multiple layers of protection (Figure 4), including:
• RF Security-Detect and avoid 802.11 interference and control unwanted RF propagation.
• Wireless LAN Intrusion Prevention and Location-The Cisco Centralized Wireless LAN Solution not only detects rogue devices or potential wireless threats, but also locates these devices. This helps IT administrators to quickly assess the threat level and take immediate action to mitigate threats as required.
• Identity-Based Networking-IT staff must support many different user access rights, device formats, and application requirements when securing wireless LANs. The Cisco wireless LAN system enables enterprises to deliver individualized security policies to wireless users or groups of users. These include:
–Layer 2 Security-802.1X (PEAP, LEAP, TTLS), WPA, 802.11i (WPA2)
–Layer 3 Security (and above)-IPSec, web authentication
–VLAN Assignments
–Access Control Lists (ACLs)-IP restrictions, protocol types, port, and differentiated services code point (DSCP) value
–QoS-multiple service levels, bandwidth contracts, traffic shaping and RF utilization
–Authentication, Authorization, and Accounting (AAA)/RADIUS-User session policies and rights management
• Network Admission Control (NAC)-Enforce policies pertaining to client configuration and behavior, to ensure that only end-user devices with appropriate security utilities can gain access to the network.
• Secure Mobility-Maintains the highest level of security in mobile environments with Cisco Proactive Key Caching (PKC), an extension to the 802.11i standard and precursor to the 802.11r standard that facilitates secure roaming with advanced encryption standard (AES) encryption and RADIUS authentication.
• Guest Tunneling-Provides additional security for access to the corporate network by guest users. It helps ensure that guest users are unable to access the corporate network without first passing through the corporate firewall. Guest Switch tunneling can be initiated on Wireless LAN controller network module but can not be terminated. For terminating Guest Switch tunneling a 44xx controller is required.
Figure 11. Multiple Layers of Wireless LAN Protection
Real-Time Application Support
The Cisco Centralized wireless LAN Solution provides best-in-class performance to support real-time applications such as voice. The Cisco Wireless LAN controller network module enables rapid handoff between access points, providing smooth mobility with no interruption in service to the client. Intelligent queuing and contention management schemes provide effective resource management of the air space. Cisco Wireless LAN controller network module also supports QoS capabilities that are Wi-Fi Multimedia (WMM)-compliant and closely mirror the emerging IEEE 802.11e standard. Full compliance with the finished standard will be achieved via a software upgrade when the final standard is ratified.
Mobility
The Cisco Wireless LAN controller network module allows users to roam between access points and across bridged and routed subnets without requiring changes to underlying infrastructure. Security and QoS context information follows users wherever they roam, helping to ensure that mobility does not compromise performance, reliability, or privacy. The Cisco Wireless LAN controller network module does not require any modifications to existing infrastructures or client devices to enable mobility (Mobile IP, for example).
Simplified Deployment and Management
The Cisco Wireless LAN controller network module is easy to deploy and cost-effective to own and operate. It provides maximum flexibility to deploy in SMB and Enterprise branch offices. It supports zero-touch deployments that do not require manual or pre-configuration of the access points. It also supports template-based configuration management. These intuitive templates enable the quick application of system-wide security configurations, QoS policies, mobility groups, back-end services and other key configurations via the easy-to-use, award winning Cisco Centralized wireless LAN Solution user interface.
When deployed with the Cisco WCS, it supports enhanced monitoring and troubleshooting features including intuitive heat maps displays, alarm filtering, event correlation, and granular reporting tools.
Table 7. Integrated Services Router for Wireless LAN Controller Functionality
Integrated Services Routers |
Cisco 3800 Series |
Cisco 2800 Series |
Cisco 1800 Series |
Cisco 800 Series |
Comments |
Model Numbers |
Cisco 3845 and 3825 |
Cisco 2851, 2821, 2811, and 2801 |
Cisco 1841 |
Cisco 1812, 1811, 1803, 1802, and 1801 |
Cisco 878, 877, 876, and 871 |
Cisco 857 and 851 |
|
Cisco Wireless LAN Controller Integration |
X |
X |
|
|
|
|
|
Integrated RRM |
X |
X |
|
|
|
|
|
WLAN Controller Management-Number of Controller Modules Managed |
Up to 100 |
Up to 100 |
|
|
|
|
Using Cisco WCS |
Zero-Configuration Deployment |
X |
X |
|
|
|
|
|
Summary
The Cisco Integrated Services Router portfolio provides the opportunity to select a variety of options for wireless connectivity, whether integrated WLAN connectivity (available across all models), Wi-Fi hotspot services (available across all models), secure wireless infrastructure services (available for selected models), or LMR-over-IP services (available for selected models), delivering a single, integrated platform for wired and wireless data, voice, video, and security services.
Ordering Information
To place an order, visit the
Cisco Ordering Home Page or refer to Table 7.
Table 8. Ordering Information
Part Number |
Product Name |
CISCO851W-G-A-K9 |
Cisco 851 Ethernet to Ethernet Wireless Router; Americas |
CISCO851W-G-E-K9 |
Cisco 851 Ethernet to Ethernet Wireless Router; Europe |
CISCO851W-G-J-K9 |
Cisco 851 Ethernet to Ethernet Wireless Router; Japan |
CISCO857W-G-A-K9 |
Cisco 857 ADSL Wireless Router; U.S. and Americas |
CISCO857W-G-E-K9 |
Cisco 857 ADSL Wireless Router; Europe |
CISCO871W-G-A-K9 |
Cisco 871 Ethernet to Ethernet Wireless Router; U.S./Americas |
CISCO871W-G-E-K9 |
Cisco 871 Ethernet to Ethernet Wireless Router; Europe |
CISCO871W-G-J-K9 |
Cisco 871 Ethernet to Ethernet Wireless Router; Japan |
CISCO876W-G-E-K9 |
Cisco 876 ADSL over ISDN Wireless Router |
CISCO877W-G-A-K9 |
Cisco 877 ADSL Wireless Router: U.S./Americas |
CISCO877W-G-E-K9 |
Cisco 877 ADSL Wireless Router: Europe |
CISCO878W-G-A-K9 |
Cisco 878 G.SHDSL Wireless Router: U.S./Americas |
CISCO878W-G-E-K9 |
Cisco 878 G.SHDSL Wireless Router: Europe |
CISCO1801W-AG-E/K9 |
Cisco 1801 ADSL over POTS Wireless Router |
CISCO1802W-AG-E/K9 |
Cisco 1802 ADSL over ISDN Wireless Router |
CISCO1801W-AG-C/K9 |
Cisco 1801 ADSL over POTS Wireless Router: China |
CISCO1801W-AG-N/K9 |
Cisco 1801 ADSL over POTS Wireless Router: Australia/NZ |
CISCO1803W-AG-A/K9 |
Cisco 1803 G.SHDSL Wireless Router: Americas |
CISCO1803W-AG-E/K9 |
Cisco 1803 G.SHDSL Wireless Router: Europe |
CISCO1811W-AG-A/K9 |
Cisco 1811 Security Wireless Router: Americas |
CISCO1812W-AG-E/K9 |
Cisco 1812 Security Wireless Router: Europe |
CISCO1811W-AG-C/K9 |
Cisco 1811 Security Wireless Router: China |
CISCO1811W-AG-N/K9 |
Cisco 1811 Security Wireless Router: Australia/NZ |
HWIC-AP-G-A (=) |
Cisco 802.11b/g HWIC-AP WLAN Interface Card for the Americas (FCC configuration) |
HWIC-AP-G-E (=) |
Cisco 802.11b/g HWIC-AP WLAN Interface Card for Europe (ETSI configuration) |
HWIC-AP-G-J (=) |
Cisco 802.11b/g HWIC-AP WLAN Interface Card for Japan (TELEC configuration) |
HWIC-AP-AG-A (=) |
Cisco 802.11a/b/g HWIC-AP WLAN Interface Card for the Americas (FCC configuration) |
HWIC-AP-AG-E (=) |
Cisco 802.11a/b/g HWIC-AP WLAN Interface Card for Europe (ETSI configuration) |
HWIC-AP-AG-P (=) |
Cisco 802.11a/b/g HWIC-AP WLAN Interface Card for Japan (TELEC configuration) |
HWIC-AP-AG-N (=) |
Cisco 802.11a/b/g HWIC-AP WLAN Interface Card for Australia/NZ |
AIR-ANT2422D-R |
Cisco Aironet Swivel Mount Dipole Antenna (2.4 GHz for 802.11b/g access points, 2.2 dBi), (system part number for AIR-ANT4941 spare) |
AIR-ANT4941 (=) |
Cisco Aironet Swivel Mount Dipole Antenna (2.4 GHz for 802.11b/g access points, 2.2 dBi) |
AIR-ANT2420V-R |
Cisco Aironet Diversity Patch Omni-Directional Ceiling-Mount Antenna (2.4 GHz for 802.11b/g access points,2 dBi), (system part number for AIR-ANT5959 spare) |
AIR-ANT1728 |
Cisco Aironet Omni-Directional Ceiling-Mount Antenna, spare (2.4 GHz for 802.11b/g access points, 5.2 dBi (not supported for Japan) |
AIR-ANT3549 (=) |
Cisco Aironet Diversity Patch Wall-Mount Antenna (2.4 GHz for 802.11b/g access points, 9 dBi) spare (not supported for US/Canada) |
AIR-ANT5959 (=) |
Cisco Aironet Diversity Omnidirectional Ceiling Mount Antenna (2.4 GHz for 802.11b/g access points, 2 dBi) spare |
AIR-ANTM2050D-R (=) |
Cisco Dual-band swivel mount dipole antenna (2.2 dBi, 2.4 GHz and 5.0 dBi, 5 GHz) |
AIR-ANTM5560P-R (=) |
Cisco Dual-band diversity ceiling-mount omnidirectional antenna (4.0 dBi, 2.4 GHz and 5.0 dBi, 5 GHz) |
AIR-ANTM4050V-R (=) |
Cisco Dual-band wall-mount patch antenna (5.5 dBi, 2.4 GHz and 6.0 dBi, 5 GHz) |
NM-AIR-WLC6-K9 |
Cisco Wireless LAN controller network module for up to 6 Lightweight Access Points (system SKU) |
NM-AIR-WLC6-K9= |
Cisco Wireless SLAN controller network module for up to 6 lightweight Access Points (spare SKU) |
댓글을 달아 주세요