Q. What is the Cisco Wireless Services Module (WiSM)?
A. The Cisco
® WiSM is a WLAN controller services module for the Cisco Catalyst
® 6500 Series modular switches and Cisco 7600 Series routers. It is the flagship controller in the Cisco Wireless LAN Controller product line, which also includes the Cisco 2100 and 4400 Series wireless LAN controllers, Cisco Wireless LAN Controller Module for Cisco Integrated Services Routers, and the Cisco Catalyst 3750G Integrated Wireless LAN Controller. It works with Cisco Aironet
® Series lightweight access points, the Cisco Wireless Control System (WCS), and the Cisco Wireless Location Appliance to deliver a secure and unified wireless solution that supports mission-critical wireless data, voice, and video applications.
Q. What products support the Cisco WiSM?
A. A single Cisco WiSM occupies one slot in a Catalyst 6500 Series Switch or a Cisco 7600 Series Router. The WiSM is supported with the Cisco Supervisor Engine 720.
Q. Does the Cisco WiSM support the Cisco Unified Wireless Network?
A. Yes. The Cisco WiSM is a component of the
Cisco Unified Wireless Network, which is the industry's only unified wired and wireless solution to cost-effectively address the WLAN security, deployment, management, and control issues facing enterprises. This powerful solution combines the best elements of wireless and wired networking to deliver scalable, manageable, and secure WLANs with a low total cost of ownership. It includes innovative RF capabilities that enable real-time access to core business applications and provides proven enterprise-class secure connectivity.
Q. Can the Cisco WiSM be managed by the Cisco WCS?
A. Yes. The Cisco WCS is the management component of the Cisco Unified Wireless Network. Each Cisco WiSM is represented in the Cisco WCS as one module with two controllers. After the IT administrator enters the management IP address of the first Cisco WiSM controller, the Cisco WCS automatically finds the IP address of the second Cisco WiSM controller. The IT manager can replicate the configuration of the first Cisco WiSM controller on the second Cisco WiSM controller in a single step. The Cisco WCS displays the slot number, controller number, and IP address for each Cisco WiSM controller.
Features and Benefits
Q. What features are supported by the Cisco WiSM?
A. The Cisco WiSM supports the following features:
• Intelligent, adaptive real-time RF management for self-configuration, self-healing, and self-optimization
• Enterprise reliability for mission-critical wireless networks and for automated recovery from failures
• Enterprise scalability for business-critical wireless services for deployments of all sizes
• Enterprise-class security with support for Wi-Fi security standards and flexible security policies that are adaptable to changing corporate security needs
• Intrusion detection, location, and containment to preserve the integrity of wireless networks and sensitive corporate information
• Mobility management that allows users to roam between access points and across bridged and routed subnets without requiring changes to the underlying infrastructure
• Simplified deployment and management with zero-configuration deployment and intuitive management interfaces that provide better visibility and control of the air space for reduced operating costs
• Best-in-class performance to support real-time applications such as voice
Q. What are the benefits of the Cisco WiSM?
A. The Cisco WiSM provides the control, scalability, and reliability that IT managers need to build secure, enterprise-scale indoor and outdoor 802.11 wireless networks. From voice and data services and location tracking, to wireless mesh networks, the Cisco WiSM enables enterprises and service providers to create and enforce policies that support business-critical applications.
Q. What is the scalability of the Cisco WiSM?
A. The Cisco WiSM is designed for medium or large-sized enterprises, campus distribution centers and service providers. It scales to deliver secure, enterprise wireless access to main, branch, and remote campuses. It supports:
• Clustering capabilities of up to 7200 lightweight access points per seamless, roaming domain
• Scaling to 300 lightweight access points per module
• More than 10,000 wireless client devices per module
• Deployment in conjunction with other Cisco wireless LAN controllers for even greater scalability
• Support for up to seven WiSMs in a single Cisco Catalyst 6500 Series chassis
Q. Does the Cisco WiSM support the same features as the Cisco 4400 Series Wireless LAN Controller?
A. Yes. The Cisco WiSM supports the same features as the Cisco 4400 Series Wireless LAN Controller.
Q. Does the Cisco WiSM support wireless LAN controller clustering?
A. Yes. The Cisco WiSM supports wireless LAN controller clustering for up to 12 service modules (48 controllers), or clustering with other Cisco wireless LAN controllers for up to 24 total controllers.
Note: The WiSM counts as two controllers when clustering.
Q. What is wireless LAN controller clustering?
A. Wireless LAN controller clustering technology is used between wireless LAN controllers to help ensure mobility across an entire wireless network. With Cisco's innovative clustering technology, IT staff can effortlessly create logical groups of controllers, which proactively share network and user information for transparent roaming. By transferring context information from one controller to another (including network addresses, quality-of-service (QoS) parameters, access control lists, and security policies), users can roam throughout a cluster of controllers and receive consistent wireless services, regardless of location. No special client software or modifications to the routing infrastructure are required. In addition, controller mobility groups are established with the click of a mouse and can span an entire wireless network, making systemwide mobility easy and cost-effective.
Q. What is the advantage of deploying the Cisco WiSM?
A. The advantages of deploying the Cisco WiSM include:
• Lower costs for deployments of more than 300 access points
• Continued investment protection for customers with existing Cisco Catalyst 6500 Series or Cisco 7600 Series Routers
• Tighter wired and wireless integration for enterprise-scale deployments in the same chassis
• Fewer managed nodes in the network
• Scalability to 7200 access points
Q. What access points are supported by the Cisco WiSM?
A. The Cisco WiSM supports Cisco Aironet access points running Lightweight Access Point Protocol (LWAPP) only. This includes any enabled Cisco Aironet Series 1000 (1010, 1020, 1050), Series 1100 (1120, 1130, 1140), Series 1200 (1230, 1240, 1250), and Series 1520 (1522, 1524) access points.
Note: Please refer to the release note for the software version installed on the WiSM for specific access point model support.
Q. What operating system is used by the Cisco WiSM?
A. The Cisco WiSM uses the Linux operating system.
Q. What is the SKU for the Cisco WiSM?
A. The SKU for the Cisco WiSM is WS-SVC-WISM-1-K9 for the system and WS-SVC-WISM-1-K9= for spares. The SKUs for the 6504E and 6509E bundles are WS-C6504-E-WISM and WS-C6509-E-WISM.
Q. How many services modules are supported?
A. As Table 1 shows, the Cisco WiSM supports up to seven WiSMs in a Cisco Catalyst 6509E Switch and up to seven on the Cisco 7600 Series Router and on the Cisco Catalyst 6513 Switch and no other services modules.
Table 1. Number of WiSMs and Access Points Supported
Type of Device
Services Module Support
Access Point Support
Cisco Catalyst 6503
Two WiSMs and no other services modules.
Up to 600 access points
Cisco Catalyst 6504
Three WiSMs and no other services modules.
Up to 900 access points
Cisco Catalyst 6506
Five WiSMs and no other services modules.
Up to 1500 access points
Cisco Catalyst 6509E
Seven WiSMs and no other services modules; up to four WiSMs in a chassis and two other services modules.
Up to 2100 access points
Cisco Catalyst 6513
Five WiSMs and no other services modules; up to four WiSMs in a chassis and two other services modules. WiSM can plug only into slots with a fabric connector.
Up to 1500 access points
Seven WiSMs and no other services modules.
Up to 2100 access points
Five WiSMs and no other services modules.
Up to 1500 access points
Q. Are there any differences in WiSM support between the Cisco 7600 Series routers and Catalyst 6500 switches?
A. The only difference in WiSM support between the Cisco 7600 Series Router and the Cisco Catalyst 6500 Series Switch is that there is no support for configuring the port channels (for WiSM) and the Gigabit WiSM ports manually on the Cisco 7600 Series Router. Although this is different from the Cisco Catalyst 6500 Switch, it does not affect normal operation of the card. The port channels will be configured automatically in Cisco 7600 Series routers. The module-to-port channel mapping is predictable. It starts from 283 for the first slot and ends at 295 for the thirteenth slot. All other commands are the same.
Cisco Catalyst 6500 Series Switch
Q. What hardware must be deployed in conjunction with the Cisco WiSM?
A. The Cisco WiSM must be deployed with a Cisco Catalyst 6500 Series Switch and a Cisco Catalyst 6500 Series Supervisor Engine 720 (all Supervisor Engine 720 versions are supported, including the Sup720-10G-VSS).
Q. Which Cisco Catalyst 6500 Series Switch chassis are supported with Cisco WiSM?
A. The Cisco WiSM supports Cisco Catalyst 6503, 6504, 6506, 6509, and 6513 switches (enhanced and nonenhanced versions).
Q. Which Cisco Catalyst 6500 Series Switch slots support the Cisco WiSM?
A. Table 2 shows the supported slots for the Cisco WiSM.
Table 2. Cisco Catalyst 6500 Series Switch Slots Supported
1 - 3
5 - 6
7 - 8
10 - 13
Q. Does the Cisco WiSM require a Cisco Catalyst 6500 Series Supervisor Engine 720?
A. Yes. The Cisco WiSM is built on a 40-Gigabit-per-slot baseboard; only the Cisco Supervisor Engine 720 supports a 40-Gigabit-per-slot line card. (The Supervisor Engine 2 supports only 8-Gigabit-per-slot line cards.)
Q. Does the Cisco WiSM have a Fast Ethernet service port?
A. No. The Cisco WiSM uses an internal Gigabit interface for Cisco WiSM to Supervisor Engine 720 communication, rather than a Fast Ethernet service port like that available on the Cisco 4400 Series wireless LAN controllers. All out-of-band management of the Cisco WiSM occurs across the backplane of the Supervisor Engine 720.
Q. Are there physical interfaces connecting the Cisco WiSM to the infrastructure?
A. No. There are no physical interfaces on the faceplate of the Cisco WiSM to connect to the infrastructure. The Cisco WiSM requires ingress/egress interfaces from Cisco Catalyst switches (line cards) or Cisco 7600 Series routers to provide connectivity to the network.
Q. What is the available data throughput for the Cisco WiSM?
A. Although the Cisco WiSM has 10 Gigabit interfaces, two of the interfaces are used for controller-to-supervisor-engine functions. Therefore, the available data throughput for the Cisco WiSM is 8 gigabits.
Cisco 7600 Series Router
Q. Which Cisco 7600 Series routers are supported with Cisco WiSM?
A. The Cisco WiSM supports the Cisco 7609, 7609-S, and 7613. The Cisco WiSM is supported on Cisco IOS
® Software Release 12.2 (18) SXF (and greater) and all switch feature-sets. It is also supported on 12.2SRC. Supported chassis: the Cisco 7609, 7609-S, and 7613. The S chassis is recommended for better cooling and high availability features.
Q. Which software supports WiSM?
A. The Cisco WiSM is supported on the latest software releases (release 4.0 and greater) for the Cisco Unified Wireless Network.
Q. What supervisor versions are supported?
A. The supervisor versions that are supported include the SUP720 3B and 3BXL. RSP720-3C-GE and RSP720-3CXL-GE are not yet supported.
Q. What are the service blade options?
A. The service blade options include:
• Maximum of seven WiSM blades at any one time per Cisco 7600 Series Router chassis
• Line card families 65xx, 67xx, 6816
• WAN modules such as ES20, SIP-200, SIP-400, SIP-600, and others
• Other services modules such as ACE, IDSM2, and FWSM
Customers are advised to do proof-of-concept testing with any WiSM and service module combination before attempting to deploy in production.
Q. Where are the access-point-to-controller communication certificates located on the Cisco WiSM?
A. The certificates for access-point-to-controller communication are burned into protected flash memory on the Cisco WiSM during the manufacturing process.
Q. What enterprise security features does the Cisco WiSM support?
A. As part of the Cisco Wireless LAN Controller product line, the Cisco WiSM supports the following enterprise-class security standards and capabilities:
• 802.1X using multiple Extensible Authentication Protocol (EAP) types, including Protected EAP (PEAP), EAP-Transport Layer Security (EAP TLS), EAP-Tunneled TLS (EAP-TTLS), and Cisco LEAP
• Rogue access point detection and containment
• Wireless Intrusion Prevention System (IPS)
• Consistent security policy enforcement across an entire wireless network
Q. Is control traffic from the Cisco WiSM encrypted with Advanced Encryption Standard (AES)?
A. Yes. Similar to the other Cisco wireless LAN controllers, Cisco WiSM encrypts control traffic with AES; data traffic is not encrypted in LWAPP.
Q. What fast secure roaming protocol is supported by Cisco WiSM?
A. Cisco WiSM supports Proactive Key Caching (PKC). PKC is an extension to the 802.11i standard and precursor to the 802.11r standard that facilitates secure roaming with AES encryption and RADIUS authentication. The Cisco WiSM also supports Cisco Centralized Key Management (CKM), which is widely deployed in Cisco Compatible Extensions client devices.
Q. Does Cisco WiSM support peer-to-peer blocking?
A. Yes. Peer-to-peer blocking is supported both on a per-controller and per-WLAN basis by Cisco WiSM, along with all the other software features of Cisco 4400 Series wireless LAN controllers.
Q. What happens if a Cisco WiSM fails?
A. Similar to a cluster of Cisco wireless LAN controllers, if the first controller on the Cisco WiSM fails, the access points will fail over to the second Cisco WiSM controller, or a secondary or tertiary controller, either in the same chassis or a separate chassis, depending on the redundancy architecture defined by the IT staff.
Q. Can the Cisco WiSM be automatically rebooted upon failure?
A. Yes. When a Cisco Catalyst Supervisor Engine 720 detects a Cisco WiSM failure, it waits three minutes to see if the Cisco WiSM comes back online. If the Cisco WiSM does not come back online within the three-minute time period, the Supervisor Engine 720 reboots the Cisco WiSM.
Q. Does the Cisco WiSM support N:1 redundancy?
A. Yes. The Cisco WiSM supports N:1 controller redundancy for single module failures. If a Cisco WiSM controller fails, the access points automatically fail over to an alternate Cisco WiSM or Cisco wireless LAN controller.
Q. Does the Cisco WiSM support access point redundancy?
A. Yes. The Cisco WiSM supports access point redundancy. If an access point fails, the Cisco WiSM automatically increases power on the neighboring access points to compensate and provide coverage.
Q. What are the steps required to deploy a Cisco WiSM?
A. The following steps are required to deploy a Cisco WiSM:
1. Configure a wireless management VLAN on the Cisco Catalyst Supervisor Engine 720.
2. Configure Dynamic Host Configuration Protocol (DHCP) pool for Cisco WiSM(s) (optional).
3. Insert Cisco WiSM(s) into chassis.
4. At this point, the Supervisor Engine 720 recognizes the Cisco WiSM via Wireless Control Protocol (WCP).
5. Access each controller through the console of the Cisco WiSM and configure basic configuration.
6. Enter the management IP address of the first Cisco WiSM controller into Cisco WCS.Cisco WCS automatically recognizes the second Cisco WiSM controller on the module.Configuration of the second Cisco WiSM occurs.
7. Push configuration to both Cisco WiSM controllers.
Q. Do all wireless LAN controllers configured on the network need to run the same software code?
A. While it is possible to have different software code running on the Cisco WiSM and/or Cisco wireless LAN controllers, it is not recommended.
Note: Controllers in the same mobility group must be running the same software.
Q. Does a VLAN need to span a campus to support the Spectralink Voice Protocol (SVP) server?
A. No. Since the Cisco WiSM defines the VLAN that wireless LAN networks are mapped to, the VLAN for the SVP server has to be defined only on the Cisco WiSM, not each access point in the network.
Q. How many VLANs can be tied to a single service set identifier (SSID)?
A. One default VLAN can be tied to a single SSID. If using site-specific VLANs or Identity-Based Networking Services (IBNS), up to 512 VLANs can be used on a single SSID.
Q. How does the RADIUS server assign users to different VLANs?
A. Vendor-specific attributes (VSAs) that are returned in the RADIUS 802.1X exchange specify which interface to use for each user.
Q. Where can I go to learn more about the Cisco WiSM and the Cisco Unified Wireless Network?
A. For more information, visit the following Websites: