Q. What is the CiscoWorks Wireless LAN Solution Engine (WLSE) Express?
A. CiscoWorks WLSE Express is an integrated management and security solution that helps simplify and automate the deployment and security of Cisco
® access points. It provides a solution for small- and midsized-businesses (SMB) and enterprise branch-office WLAN deployments of up to 100 Cisco Aironet access points located in one or multiple locations. CiscoWorks WLSE Express is a component of the Cisco Structured Wireless-Aware Network (SWAN) autonomous access-point solution. It provides comprehensive air/radio frequency (RF) and device-management capabilities in ways that simplify deployment, reduce operational complexity, and provide administrators visibility into the WLAN. By automating several RF and device-management tasks, CiscoWorks WLSE reduces the costs and time needed for WLAN deployment, management, and security.
CiscoWorks WLSE Express also provides an integrated and embedded authentication, authorization, and accounting (AAA) server for user authentication, making it an ideal solution for remote and branch-office deployments with limited WAN bandwidth. This solution also provides survivability for WAN failure scenarios and allows users to authenticate locally. It supports popular Extensible Authentication Protocol (EAP) types including Cisco LEAP, Protected EAP (PEAP), EAP Flexible Authentication via Secure Tunneling (EAP-FAST), and EAP- Transport Layer Security (EAP-TLS).
CiscoWorks WLSE Express supports up to 50 Cisco Aironet access points and 500 AAA user accounts, with an optional license upgrade to support 100 Cisco Aironet access points and 1000 AAA user accounts. Please refer to the CiscoWorks WLSE Express data sheet on upgrade option for 100 access points.
Q. What is the Cisco SWAN?
A. Cisco SWAN provides the framework to integrate and extend wired and wireless networks to deliver the lowest possible total cost of ownership (TCO) for companies deploying WLANs. Cisco SWAN extends “wireless awareness” into important elements of the network infrastructure, providing the same level of security, scalability, reliability, ease of deployment, and management for wireless LANs that organizations have come to expect from their wired LANs.
Q. What are the primary benefits of Cisco SWAN?
A. Cisco SWAN reduces overall operational expenses by simplifying network deployment operations and management. With Cisco SWAN, several, hundreds, or thousands of central or remotely located Cisco access points can be managed from a single management console. Cisco SWAN’s flexibility allows network managers to design networks to meet their specific needs, whether implementing a highly integrated network design or a simple overlay network.
Q. What role does CiscoWorks WLSE Express perform in the Cisco SWAN framework?
A. CiscoWorks WLSE Express provides centralized, comprehensive management for the Cisco SWAN autonomous access point solution. CiscoWorks WLSE Express, working with Cisco Aironet access points, provides visibility into the RF network, including coverage displays, continual “Air/RF” monitoring, network security with intrusion detection and suppression, simplified deployment, self-healing capabilities, and network optimization. CiscoWorks WLSE Express also assists network managers by automating and simplifying mass configuration deployment, fault and policy monitoring and alerting, tracking wireless clients, and reporting.
Q. Where can I read more about Cisco SWAN?
Q. How many Cisco Aironet access points can CiscoWorks WLSE Express manage?
A. CiscoWorks WLSE Express manages up to 50 Cisco Aironet access points, with an optional license upgrade to support 100 Cisco Aironet access points.
Q. How many users does the integrated AAA server on CiscoWorks WLSE Express support?
A. The standard CiscoWorks WLSE Express supports up to 500 users, or up to 1000 users with the license upgrade version of CiscoWorks WLSEExpress, which supports 100 Cisco Aironet access points.
Q. What EAP protocols are supported on CiscoWorks WLSE Express integrated AAA server?
A. CiscoWorks WLSE Express supports LEAP, EAP-FAST, PEAP, and EAP-TLS.
Q. Does CiscoWorks WLSE Express provide feature parity with CiscoWorks WLSE in terms of management feature support?
Q. Which Cisco Aironet access points are supported by CiscoWorks WLSE Express?
A. CiscoWorks WLSE Express supports Cisco Aironet 1230 AG, Aironet 1200, Aironet 1130 AG, Aironet 1100, and Aironet 350 series access points. It also supports the Cisco Aironet 1310 Access Point/Bridge and Aironet 1400 Wireless Bridge.
Q. Does CiscoWorks WLSE Express support the Cisco 1000 Series lightweight access points (formerly Airespace access points)?
A. No. The Cisco 1000 Series lightweight access points are supported by the Cisco Wireless Control System.
Q. Do Cisco Aironet access points need to run Cisco IOS
® Software to support the Cisco SWAN framework?
A. Yes, only Cisco Aironet access points running Cisco IOS Software can support Cisco SWAN and send RF management data back to CiscoWorks WLSE Express.
Q. Can CiscoWorks WLSE Express upgrade Cisco Aironet 1200 and Aironet 350 series access points running VxWorks software to Cisco IOSSoftware?
A. Yes, CiscoWorks WLSE Express provides centralized mass conversion capabilities. Some configuration settings are not preserved in this conversion process, but they can be easily recreated using the configuration templates available in CiscoWorks WLSE Express.
Q. Does CiscoWorks WLSE Express support Cisco Aironet wireless bridges?
A. Yes, CiscoWorks WLSE Express provides network management support, including configuration, monitoring, and reporting for the Cisco Aironet 1400 and Aironet 1300 in wireless bridge mode. CiscoWorks WLSE provides Cisco SWAN Radio Management support for the Cisco Aironet 1300 when it is configured in access-point mode.
Q. Does CiscoWorks WLSE Express support IEEE 802.11a, b, and g networks?
A. Yes. CiscoWorks WLSE Express supports IEEE 802.11a, b, and g networks.
Q. Does CiscoWorks WLSE support the Cisco Wireless IP Phone 7920?
A. The Cisco Wireless IP Phone 7920 is supported by CiscoWorks WLSE Express as a wireless client. CiscoWorks WLSE Express provides client-association reports and client-tracking support for the Cisco Wireless IP Phone 7920. The client-tracking feature can be used for troubleshooting and finding associated access points.
Q. Does CiscoWorks WLSE Express support the Cisco Catalyst
® 6500 Series Wireless LAN Services Module (WLSM)?
A. Yes. CiscoWorks WLSE Express interoperates with the Cisco SWAN Wireless Domain Services (WDS) software feature. Cisco SWAN WDS can runs on both Cisco Aironet access points and the Cisco Catalyst 6500 Series WLSM. Cisco SWAN WDS aggregates radio management information received from the access points and client devices and sends this information to the CiscoWorks WLSE Express where it is used to manage, monitor, and control the RF environment.
RF MANAGEMENT AND WIRELESS DOMAIN SERVICES
Q. What is Cisco SWAN Wireless Domain Services (WDS)?
A. Cisco SWAN WDS is a collection of Cisco IOS Software features that enhance WLAN client mobility, help ensure WLAN security, and simplify WLAN deployment and management. Cisco SWAN WDS can be located in Cisco Aironet access points or Cisco Catalyst switches. The Cisco SWAN WDS device communicates with CiscoWorks WLSE.
Q. What platforms can operate a Cisco SWAN WDS device?
A. A Cisco SWAN WDS device can be a Cisco Aironet 1230 AG, Aironet 1200, Aironet 1130 AG, or Aironet 1100 series access point, or a Cisco Catalyst 6500 Series WLSM.
Q. Is Cisco SWAN WDS required for RF management when the Cisco SWAN autonomous access-point solution is used?
A. Yes. A WDS device is required for the Cisco SWAN access-point solution. For deployments that use access point-based WDS, at least one Cisco SWAN WDS access point per subnet is required for RF management of that subnet.
Q. How is Cisco SWAN WDS related to CiscoWorks WLSE Express?
A. RF measurements taken by access points (and optionally Cisco or Cisco compatible client devices) within a given subnet are aggregated by the WDS device and forwarded to CiscoWorks WLSE Express for analysis. Based on the measurements received from the WDS device, CiscoWorks WLSE Express can detect rogue access points, interference from other devices, provide assisted site surveys, and support WLAN self-healing for optimal channel and power-level setting.
Q. Can Cisco Aironet access points support clients while scanning the air/RF environment?
A. Yes. Cisco Aironet access points are multifunctional. In addition to serving clients, they also provide air/RF monitoring.
Q. Are third-party switches supported for rogue access-point switch-port tracing and shutdown?
A. No. CiscoWorks WLSE Express uses the Cisco Discovery Protocol and other Cisco SNMP MIBs to trace rogue access points to specific switch ports, and thus supports Cisco switches exclusively.
Q. Can a rogue access point configured on a different channel than the access point scanning the RF environment be detected?
A. Yes. Cisco Aironet access points can monitor both the serving channel and nonserving channels, so a rogue access point configured on a different channel than the access point scanning the RF environment can be detected.
Q. Is there service disruption to associated clients, when an access point performs air/RF scanning?
A. No. There is no service disruption to associated clients when an access point performs air/RF scanning.
Q. Can an IEEE 802.11a rogue access point be detected by an IEEE 802.11b/g radio?
A. No. An IEEE 802.11a radio is required to detect an IEEE 802.11 rogue access point. The dual-mode IEEE 802.11a/b/g Cisco Aironet 1230 AG, Aironet 1200, or Aironet 1130 AG series access points can be deployed to detect IEEE 802.11a/b/g rogue access points.
WIRELESS LAN INTRUSION DETECTION AND PROTECTION
Q. Can Cisco Aironet access points support clients while scanning the air/RF environment?
A. Yes. Cisco access points are multifunctional. In addition to serving clients, they also provide air/RF monitoring.
Q. What is the Cisco SWAN Integrated WLAN IDS for autonomous access points?
A. Cisco SWAN Integrated WLAN IDS uses a Cisco Aironet access point deployed with its radio (802.11a, b, or g) placed in multifunction mode to service client devices and provide WLAN intrusion monitoring. In this configuration, an access point functions as both an active 802.11 infrastructure device and as an 802.11 scanning device. Basic WLAN IDS capabilities such as rogue access-point detection and unauthorized client network detection are supported.
Q. What is the Cisco SWAN Dedicated WLAN IDS for autonomous access points?
A. Cisco SWAN Dedicated WLAN IDS uses a Cisco Aironet access point deployed with its radio (802.11a, b, or g) placed in scanning-only mode to support only WLAN intrusion monitoring. In this configuration, an access point functions as an 802.11 scanning-only device providing continuous, 24-hour monitoring of the RF environment. The access point’s full bandwidth is dedicated to intrusion detection RF monitoring.
Q. How do I deploy Cisco Aironet access points operating in scanning-only mode?
A. Cisco Aironet access points operating in scanning-only mode are deployed as dedicated access points to detect intrusions. Because scanner-mode access points are not supporting client devices only a small number of access points, with higher gain antennas, need to be deployed for complete dedicated WLAN IDS. Scanner-mode access points can also be deployed as an overlay to an existing integrated WLAN for advanced WLAN IDS support.
Q. How does CiscoWorks WLSE Express contain any rogue access points that have been detected through air/RF monitoring?
A. CiscoWorks WLSE Express traces the switch port of the detected rogue access point. It provides an effective means of tracing rogue access points by monitoring and using the clients associated to rogue access points. When a switch port is traced, CiscoWorks WLSE Express can shut down the switch port, disabling the rogue device from accessing the network.
DEPLOYMENT, MANAGEMENT, AND TROUBLESHOOTING
Q. How does CiscoWorks WLSE Express provide automatic configuration for factory default access-point deployment?
A. Automatic configuration facilitates automatic downloading of configurations to newly deployed access points and bridges based on customer-defined templates. This simplifies and speeds up the deployment of new access points. CiscoWorks WLSE Express 2.11 introduces a deployment wizard that allows administrators to define their configuration policies for access points up front based on the location. The wizard also simplifies and automates the setup for access-point-based WDS. CiscoWorks WLSE Express can automatically designate a primary and backup access-point-based WDS per subnet and automatically generate configurations and credentials.
Q. How does access point automatic configuration work?
A. The network administrator can use the CiscoWorks WLSE Express deployment wizard and specify the access-point configuration policies and setup based on the location (subnet). When the new access point boots, it receives the CiscoWorks WLSE Express information from the Dynamic Host Configuration Protocol (DHCP) server and downloads the default configuration. Specific configuration templates based on device type, subnet, and software version can be applied automatically on authorized access points.
Q. Can shared keys and other security parameters be configured automatically?
A. Yes. Shared keys and other security parameters can be configured using the specific configuration templates based on device type, subnet, and so on.
Q. Can CiscoWorks WLSE Express be used to archive access-point and bridge configurations?
A. Yes. CiscoWorks WLSE Express can save up to four configurations for each device. Device configuration can be archived on demand, or scheduled to run periodically. Users can view, search, and compare configurations.
Q. Is a client walkabout required for the assisted site survey?
A. No. Client walkabouts are optional for the assisted site survey. CiscoWorks WLSE Express can provide optimal channel and power-level settings based on only the access-point air/RF monitoring phase of the assisted site survey. However, performing client walkabouts during the assisted site survey is recommended because it increases the coverage for RF management and it makes the site surveys more effective. A Cisco client adapter or a Cisco compatible client adapter can be used to perform a client walkabout.
Q. What does a “scan-only” or “scanner-mode” access point provide?
A. Scanner-mode access points are dedicated access points that are used to monitor the air/RF environment for intrusions. Scanner-mode access points do not support client associations; they only monitor the air/RF environment. They provide enhanced WLAN IDS features such as detecting unregistered wireless clients, in addition to basic WLAN IDS capabilities such as rogue access-point detection and unauthorized client network detection. They provide continuous, 24-hour, uninterrupted air/RF scanning.
Q. How is the Cisco SWAN autonomous access-point solution self-healing?
A. If CiscoWorks WLSE Express detects that an access point has failed, it compensates by automatically increasing the power and cell coverage of nearby access points. This WLAN self-healing minimizes the outage impact to wireless client devices and maximizes the availability of wireless applications. Self-healing also recalculates power coverage when the radio comes back up. CiscoWorks WLSE Express also periodically assesses the performance of the network from the established radio setting or performance baseline. Alerts are generated for performance degradation.
Q. When CiscoWorks WLSE Express increases the power of access points to cover for a lost radio access point during WLAN self-healing, is there service disruption to existing client devices?
A. No. There is no service disruption to client devices associated to access points that have increased their power during WLAN self-healing.
Q. Can CiscoWorks WLSE Express be used to track a wireless client device?
A. Yes. CiscoWorks WLSE can be used to discover the associated access point of a specific client device. Client lookup by MAC address, user name, and client name are supported. User name lookup is supported for IEEE 802.1X Cisco LEAP and Protected Extensible Authentication Protocol (PEAP) running on Cisco Secure Access Control Server. Because Cisco SWAN WDS notifies CiscoWorks WLSE Express when a client roams, this information is available in near real time as opposed to a polling-based model.
Q. How does CiscoWorks WLSE Express gather fault and performance data?
A. The CiscoWorks WLSE Express queries standard Simple Network Management Protocol (SNMP) MIBs from Cisco devices whenever possible. Administrators can specify polling intervals and define thresholds for monitored data. When thresholds are exceeded, CiscoWorks WLSE Express can generate northbound alarms and traps through SNMP traps, syslog messages, and e-mail notifications. This allows wireless fault information from deployed CiscoWorks WLSE Express devices to be consolidated using a higher-level network management system, such as HP OpenView or the Cisco Information Center.
Q. Can there be multiple syslog or trap receivers that receive messages from the CiscoWorks WLSE Express?
A. Yes. Multiple syslog or trap receivers can be defined.
Q. Does CiscoWorks WLSE Express receive SNMP traps from the WLAN infrastructure?
A. No. CiscoWorks WLSE Express monitors the WLAN infrastructure using SNMP polling and in turn generates SNMP trap messages to be forwarded to other network management applications when user-defined thresholds are exceeded.
Q. How much historical data can CiscoWorks WLSE Express store?
A. CiscoWorks WLSE Express can save up to a few weeks of historical data. Administrators can specify both aggregation and truncation frequencies for the monitored data.
Q. Does CiscoWorks WLSE Express support Multiple Basic Service Set Identifiers(MBSSID) on Cisco Aironet access points?
A. Yes, CiscoWorks WLSE Express can be used to configure and monitor MBSSIDs. Security policies for multiple basic Service Set Identifiers (SSIDs) can be defined and monitored.
Q. Can a device-level access-point interface be launched from CiscoWorks WLSE Express?
A. Yes. A device-level Web interface can be launched and independently used to configure an access point or a bridge from CiscoWorks WLSE Express.
Q. Does CiscoWorks WLSE Express provide a visual representation of Cisco Aironet access points?
A. Yes. CiscoWorks WLSE Express provides GUI visualization of Cisco Aironet access points and coverage displays with its Location Manager feature. Administrators can import a floor plan (.jpeg or .gif formats) and place the access points in approximate locations. A rogue access point’s location is shown on the floor plan GUI.
Q. Where should CiscoWorks WLSE Express reside in the network?
A. There are several deployment options. It can be deployed in each remote site to provide localized security and management for all the Cisco Aironet access points deployed in that site. Alternatively, for commercial and small deployments it can be deployed in the network operations center (NOC) to manage several locations consisting of 50–100 Cisco Aironet access points.
Q. Can the CiscoWorks WLSE Express hardware be upgraded?
A. No. The CiscoWorks 1030 for WLSE, which is the hardware that CiscoWorks WLSE Express runs on, has a fixed configuration. No components of the CiscoWorks 1030 can be upgraded or replaced in the field. As application needs change, new hardware configurations will be introduced into the product family to support changing requirements. This approach enhances the reliability and supportability of the CiscoWorks WLSE Express.
Q. Does the CiscoWorks WLSE Express support data backup and restore capabilities?
A. Yes. The CiscoWorks WLSE Express configuration data can be backed up to another device and later restored. Data backup can also be scheduled to run periodically, to minimize the data loss in the event of a CiscoWorks WLSE Express failure.
Q. Does CiscoWorks WLSE Express support redundancy?
A. Yes. The CiscoWorks WLSE Express supports warm-standby redundancy. A backup server can be configured to take over the wireless management in the case of a primary CiscoWorks WLSE Express failure. Data on primary and backup servers can be synchronized periodically (theminimum is 15 minutes). Multiple CiscoWorks WLSE Express servers can be assigned and referenced by a virtual IP address to make this transparent to the user. Both primary and backup CiscoWorks WLSE Express servers have to reside on the same subnet.
Q. Can CiscoWorks WLSE Express software run on a customer-provided workstation or server?
A. No. CiscoWorks WLSE Express software is available only preinstalled on the specialized CiscoWorks 1030 for WLSE hardware.
Q. How does CiscoWorks WLSE Express integrate with other network management systems?
A. When network faults are detected or user-defined performance thresholds are exceeded, CiscoWorks WLSE Express generates notifications through SNMP trap and syslog messages that can be forwarded to other network management systems. CiscoWorks WLSE Express also provides an Extensible Markup Language (XML) API for exporting device lists, faults, reports, and other settings for third-party integration and customization.
Q. What is the integration between the CiscoWorks WLSE Express and CiscoWorks LAN Management Solution (LMS)?
A. CiscoWorks LMS provides broad, generalized network-operations management for a wide range of Cisco devices. It integrates with CiscoWorks WLSE Express in the following ways:
· CiscoWorks WLSE Express can be launched from CiscoWorks LMS and vice versa.
· A list of IP addresses and credentials from the inventory can be imported and exported between CiscoWorks LMS and CiscoWorks WLSEExpress. Device import can be automated.
Q. Is CiscoWorks LMS required for CiscoWorks WLSE Express to work?
A. No. CiscoWorks LMS is not required for CiscoWorks WLSE Express to function.
Q. Is CiscoWorks WLSE Express required for CiscoWorks LMS to manage Cisco wireless devices?
A. No. CiscoWorks LMS can perform standard maintenance operations on Cisco Aironet access points just as it does for any other Cisco device. However, the operations in CiscoWorks LMS are generalized, and not specific to the unique factors involved in managing Cisco wireless-aware infrastructure. For complete management of wireless technology, CiscoWorks WLSE or WLSE Express is required.
Q. Are hardware and software service support programs available? How are they ordered?
A. Yes. A Software Application Support (SAS) service contract can be purchased that provides Cisco Technical Assistance Center (TAC) support, Cisco.com Software Center access, and minor updates. You can also purchase a Cisco SMARTnet
® hardware service contract that provides hardware support for the CiscoWorks 1030 for WLSE. Contact your service representative for available options.
Q. How can I upgrade the CiscoWorks WLSE Express to support up to 100 Cisco Aironet access points?
A. Upgrading CiscoWorks WLSE Express to manage 100 Cisco Aironet access points and 1000 AAA users can be done by ordering an additional 50-device license.
Q. How do I gain access to CiscoWorks WLSE Express software updates?
Software patches and updates are posted to the Cisco.com Software Center. Customers with existing SAS contracts can also obtain the latest release of CiscoWorks WLSE Express 2.11 software through the Product Upgrade Tool at
FOR MORE INFORMATION
For more information about Cisco SWAN, visit:
For more information about Cisco Aironet products, visit:
For more information about CiscoWorks WLSE, visit:
For more information about Cisco Secure ACS, visit: