® Unified Wireless Network (CUWN) Software Release 7.4 brings advancements to the wireless market with innovative features and a category of new wireless solutions to help customers integrate business operations more closely with mobile devices and wireless infrastructure for better end-user experience and value-added IT services.
Release 7.4 delivers:
• Consistent Application Visibility and Control (AVC) for wireless and wired networks.
• Bonjour Services Directory for Apple device services across L3 domain.
• Connected mobile experience through innovations in mobility services engine (MSE) and recently acquired ThinkSmart Technology.
• The new Cisco Aironet® 1600 Series Access Points, which offer great performance, functionality, and reliability at a great price point.
• Wireless Security and Spectrum Intelligence module for the Cisco Aironet 3600 Series Access Point enables enterprises to secure their full wireless spectrum.
The feature-packed 7.4 release also introduces the ability for smartphones to conserve battery while roaming in an enterprise network, a new low-cost, high-availability (HA) SKU for 2500 Series controllers, the capability to place an HA SKU in a geographically different location from a primary controller, and a number of enhanced security features.
In addition, a GPS receiver and antenna for Aironet
® 1550 Series outdoor access points is supported in the 7.4 release.
The Cisco Unified Wireless Network Software Release 7.4 is supported on the following platforms:
• Cisco Aironet access points running Control and Provisioning of Wireless Access Points (CAPWAP) Protocol
• Cisco 2500 and 5500 Series Wireless LAN Controllers
• Cisco Catalyst® 6500 Series Wireless Services Module 2 (WiSM2)
• Cisco Flex7500 Series FlexConnect Wireless LAN Controller
• Cisco 8500 Series Wireless LAN Controller
• Cisco Wireless LAN Controller Module for Integrated Services Routers G2 (WLCM2) (Cisco Wireless LAN Controller on Cisco Services-Ready Engine)
• Cisco Virtual Wireless Controller (vWLC)
• Mobility Services Engine (MSE)
Cisco Wireless LAN Controllers: New Features
In Software Release 7.4xxx, Cisco Wireless LAN Controllers provide solutions to enable wireless as primary access and simplify deployments for bring your own device (BYOD). Table 1 describes the new features of the wireless controller in this release.
Table 1. New Controller Features in Cisco Unified Wireless Network Release 7.4.xxx
Application Visibility and Control (AVC)
Classifies applications using Cisco's Deep Packet Inspection (DPI) techniques with Network Based Application Recognition 2 (NBAR 2) engine and provides application-level visibility and control into Wi-Fi network.
After recognizing the applications, this feature would allow customers to either drop or mark the traffic.
Allows a customer to quickly identify the key business applications and prioritize over the Wi-Fi network.
Customers can use the Cisco Prime™ Infrastructure or Cisco NetFlow ecosystem with third-party tools for further analysis and troubleshooting.
Ability to use HA SKU in N:1 for controller resiliency when geographically separate from the primary
HA controller SKUs can now be deployed in a geographically separate location from the primary controller to provide N:1 controller resiliency.
Low-cost HA solution that allows wireless controller to be geographically dispersed and may reside in same or different L3 network than the primary wireless controller. The HA controller may be entirely different model than primary controller(s) and yet provide the HA capabilities.
Bonjour Services Directory
Provides the ability for wireless clients to access Apple services such as Apple Printer and Apple TV advertised in a different L3 network.
Bonjour is a protocol shared by Apple devices such as Apple TV, Apple Printer, and so on within the same VLAN. This feature allows customers to access those Apple services from other VLANs/Layer 3 networks.
Access Point Neighbor List (part of 802.11k)
Intelligent, client-optimized neighbor list based on RRM neighbor table.
Increases the battery life and roaming performance for Apple products such as iPhone, iPad, and so on as the controller provides client-optimized neighbor list table that contains list of access points based on clients' current location.
Higher scale: WLC 2500
Increased scalability for 2504 Wireless Controller.
With Release 7.4, customers can now scale the Cisco Wireless LAN Controller 2504 to support up to 75 access points and 1000 concurrent clients.
Guest anchor on WLC 2500
Provides the ability for 2500 Series Wireless Controller to act as the guest anchor.
Customers can now use 2504 as guest anchor, which can support up to 15 EoIP tunnels.
LAG on Flex 7500, WLC 8500, WLC 2500
Wireless Controllers 8500, 2500, and Flex 7500 now support Link Aggregation Group (LAG).
With this feature, customers can aggregate multiple links to protect against link failures.
802.11w support for central mode (also known as local mode)
The 802.11w support as defined by the Management Frame Protection (MFP) service. These include disassociation, deauthentication, and robust action frames.
Increases the Wi-Fi network security by protecting the management frames from spoofed.
Support for secure FTP protocol.
Allow customers to securely upload/download software images to and from wireless controllers.
This enhancement will drop DNS packets if Pre-Auth ACL is configured explicitly to deny the DNS traffic.
This feature further enhances the way Cisco's Wireless Controllers handles security risks and hardens the Wi-Fi network traffic.
Return access point name (MAC), access point location string (access point group name), and VLAN ID/SSID for RADIUS for AAA interim accounting
In the Authentication and Accounting RADIUS packets, the WLC sends the "Called-Station-Id" attribute to the RADIUS. Six additional attribute types have been added for Called-Station-Id.
Provides additional flexibility by allowing RADIUS to classify users into different groups.
Return access point name (MAC), access point location string (access point group name), and VLAN ID/SSID for DHCP option 82
With DHCP proxy enabled, WLC can add Option 82 to client request before forwarding to DHCP server. The client-related information carried by Option-82 can then be used by the DHCP server to provide differential IP assignments.
Enhances mechanism for client location discovery via DHCP.
Wireless IPS Attack Containment feature has the ability to isolate the MAC address of the attacker that triggered the alarm on Cisco Prime and use that information to mitigate all traffic originating from the offending MAC address and isolate the attacker.
Helps to protect the Wi-Fi network from network security threats such as denial-of-service (DoS) by isolating the client device. Additionally, blacklisting, DoS, or other security-related actions can now be taken to eliminate attacks from this particular client.
Rogue Containment Enhancements
Rogue Containment feature allows detecting and reporting about attacks that involves Rogue access point and rogue client. Upon this detection further containment action can be taken.
Customers could avoid the widespread attack in Wi-Fi network by taking containment action against rogue access point and client. By containing the rogue access point/client, the attacker weakens and loses the ability to attack other devices in the network.
Aggressive load balancing in FlexConnect
Based on traffic load on access point interfaces, the clients will be moved over to nearby access point.
Better end user performance.
Cisco FlexConnect: Support more than 17 RADIUS servers per Flex group
With this new feature, increase in support for number of radius servers equal to 2x number of flex groups supported on a controller, with limit of 2 radius servers per flex group.
This allows for deployments with a RADIUS server per Flex group.
Warning message when near max RFID tags
When Wireless Controller reaches 90% of its RFID capability, a warning message is logged, and an SNMP trap will be generated.
WLC 2504: 500 max RFIDs
WLC 5508: 5000 max RFIDs
WiSM2: 10,000 max RFIDs
WLC 7500: 50,000 max RFIDs
WLC 8510: 50,000 max RFIDs
vWLC: 3,000 max RFIDs
Proactively notifies customers about Wireless Controller nearing its capacity in terms of number of RFID tags. This can allow customers to plan the network expansion as the needs grow.
Warning message when near max clients
When Wireless Controller reaches 90% of its max clients support capability, a warning message is logged, and an SNMP trap will be generated.
WLC 2504: 1,000 max clients
WLC 5508: 7,000 max clients
WiSM2: 15,000 max clients
WLC 7500: 64,000 max clients
WLC 8510: 64,000 max clients
vWLC: 30,000 max clients
Proactively notifies customers about Wireless Controller nearing its capacity in terms of number of client devices.
Display more than 16 rogue clients per access point
Rogue client per rogue access point is increased from 16 to 256 for all controllers and 64 for WLC 2504.
Ability to display up to 256 rogue clients per access point.
Granular TACACS+ control
Similar to per-command authorization in Cisco IOS® Software. Refer to config guide for more information.
Increased security control while accessing the WLC for performing any operations.
Cisco Aironet Access Points: New Features
Table 2 describes the new access point features in Cisco Unified Wireless Network Release 7.4.
Note: Management support for Release 7.4 will be delivered as part of Cisco Prime Infrastructure roadmap Release 1.3.
Table 2. New Access Point Features in Cisco Unified Wireless Network Release 7.4
Cisco Aironet 1600 Series Access Point
Access point with rich feature set including Cisco ClientLink 2.0, Cisco CleanAir™ technology, and 3 x 2:2 radio design that enables data rates up to 300 Mbps.
An affordable and secure way to handle the explosion of the Bring Your Own Device (BYOD) megatrend for small and mid-sized organizations, Cisco Aironet 1600 Series Access Points allow mid-market and K-12, customers to build the platform needed to accommodate the transition to BYOD networking.
GPS support for 1550 Series
GPS receiver and antenna as optional items on 1552C/CU/E/EU/I.
Automatically provides the access point location to the WLC and Cisco Prime Infrastructure to accurately display on maps.
Link Local Discovery Protocol (LLDP)
Support of LLDP and the "Power via MDI TLV" to negotiate with Enhanced Power over Ethernet (PoE+) access layer devices.
Supported in the following access points: 3600, 3500, 2600, 1600, 1140, 1250, 1552, and 1520 Series access point.
Allow customers to connect to PoE+ capable Ethernet ports within their access-layer network, to power their Cisco Aironet Series Access Points.
Additional feature support for autonomous access points
Full autonomous support for 1600, 3500, 3600 and 1550 Series Access Points.
With autonomous support for these platforms, customers have the complete flexibility in deployment modes available while standardizing in same access point platform.
Spectrum Expert mode for 2600, 3500, 3600, and1550 Series Access Points to connect access points to the Cisco Spectrum Console Version 4.1 or later.
The Spectrum Console and application provides detailed drill-down visibility into the RF spectrum, which supports RF troubleshooting as well as enhancing site survey functionality.
Quick Setup screen via GUI.
Autonomous GUI was updated to provide a single screen to allow for quick setup of the necessary network configuration (for example, radio settings and security settings). This supports quick setup for site surveys as well as quicker setup of network.
Cisco BandSelect technology.
The Cisco BandSelect feature allows for load balancing and more importantly steering 5-GHz capable clients to the cleaner, more available 5-GHz spectrum.
Table 3 describes new Mobility Services Engine (MSE) features Cisco Unified Wireless Network Release 7.4.
Table 3. New Cisco MSE Features in Release 7.4
Advanced Location Services
Integrates the recently acquired ThinkSmart technology in Cisco MSE. It provides real-time location analytics alongside historical trends such as network utilization, peak usage, and the number and types of devices.
Lines of business can better understand how customers behave by tracking Wi-Fi signals within their venue, documenting their movements throughout facilities and using this context-aware data for engaging with customers better.
Advanced Location Services (Mobile Concierge)
Allows engaging users through a native app on smart mobile device. It includes a Mobile Concierge SDK for mobile app developers to easily use MSE and provide highly personalized content using user and location information.
Support for Layer 2 MSAP allows service discovery without associating to the network and without requiring a native app on the smartphone. This capability will be available only on Android phones shipping in CY13 that have the Snapdragon chipset from Qualcomm.
Qualcomm Atheros will also deliver precise indoor location capabilities on mobile devices, by interoperating with Cisco Wi-Fi infrastructure.
Mobile Concierge SDK allows end users to receive push notifications, be seamlessly on-boarded to the Wi-Fi network, and receive personalized services.
The collaboration with Qualcomm provides a better indoor location capability in venues with Cisco Wi-Fi infrastructure, as well as enhances service discovery, provides greater context, and delivers a better mobile user experience.
Wireless Security and Spectrum Intelligence nodule for 3600 Series Access Point
24x7 full spectrum monitor and mitigation for aWIPS, CleanAir®, Context Awareness, Rogue Detection, and RRM.
24x7 on-channel aWIPS threat protection.
24/7 on-channel and full spectrum threat protection.
23x more security and spectrum coverage.
30%+ CapEx cost savings versus dedicated monitor radio.
Define custom rogue rules, add severity definition, and auto containment.
Ad hoc rogue classification, filtering, and containment.
Granular and easier rogue classification and containment.
Rogue clients per rogue access point are increased from 16 to 256 for all WLCs and 64 for WLC 2504.
Scaling rogue entry and increasing rogue clients per rogue access point.
Adaptive WIPS Signature Enhancement
New signatures supported in Enhanced Local Mode (ELM).
Signature parity with Monitor Mode access points.
Adaptive wIPS containment
Blacklist and contain wIPS threats.
New containment capabilities.
Support for 3 new 802.11 Fuzzing Attacks.
Can detect and mitigate
• Beacon Fuzzing
• Probe Request Fuzzing
• Probe Response Fuzzing
New MSE licensing
Base location license now includes support for Advanced Spectrum, Location tracking for rogues, interferers, Wi-Fi clients, and tags.
Advanced location license now includes support for Base location + Mobile Concierge + Location analytics.
Access-point-based licensing for location and advanced location services.
Cisco Prime Infrastructure (CPI)
Cisco Prime Infrastructure provides a single pane of glass for device management and application visibility across switches, routers, wireless controllers, MSE, and access points (see Figure 1).
Figure 1. Dashboard for Network Health and Key Performance Indicators
CPI release 1.3 will offer support for features introduced in CUWN release 7.4 as described in Table-4. It is currently scheduled for general availability by Q1CY13.
Table 4. New Cisco Prime Infrastructure 1.3 Features that Support Cisco Unified Wireless Network Software Release 7.4
Assurance for Wireless feature
Monitor, configure, report, and troubleshoot application traffic using tools like NBAR-2 and NetFlow.
Network managers can proactively monitor, analyze, and troubleshoot application health, and quantify end user experience.
Management support for Bonjour Services Directory (mDNS) feature
Monitor, configure, and troubleshoot Bonjour Services Discovery.
This feature allows customers to easily deploy and manage Bonjour Services Directory.
Support for FlexConnect RADIUS enhancement
Ability to configure up to 100 RADIUS servers per FlexConnect group.
This allows for ease of deployment where a RADIUS server is required per FlexConnect group.
Management support for new access point hardware: WSSI module: field-upgradable, third radio module add-on to the 3600 Series Access Point
SNMP MIB enhancements for the monitor module within the specific 3600 Series access point.
Enables increased client performance by offloading spectrum Monitoring and Security capabilities to third radio, while the integrated radios concurrently serve 2.4 and 5 GHz client devices.
Management support for new 1600 Series Access Point
Ability to manage the 1600 Series from Cisco Prime Infrastructure.
Customers can plan, deploy, and manage the 1600 Series through Cisco Prime Infrastructure.
Management support for new MSE 7.4 features: WSSI module, Qualcomm, Meridian, wIPS
Ability to support MSE's new features that are introduced in Cisco Unified Wireless Network Software Release 7.4.
Cisco Prime Infrastructure supports the new MSE features that are introduced in Release 7.4.
Service and Support
Services from Cisco and our partners can help you assess, design, tune, and operate your wireless LAN to transparently integrate mobility services and take advantage of the systemwide capabilities of the Cisco Unified Wireless Network.
Our professional services help you align your interference management, performance, and security needs with your technical requirements to better utilize the self-healing, self-optimizing features built into the silicon-level intelligence of Cisco CleanAir technology and the increased performance of the 802.11n standard. These services can enhance deployment and operational efficiencies to reduce the cost and complexities of transitioning to new technologies.
Our technical support services help you maintain network availability and reduce risk. Optimization services provide ongoing assistance with performance, secure access, and maintaining a strong foundation for business evolution and innovation.
For More Information
• For more information about planning, building, and running services for Cisco CleanAir technology, Cisco 802.11n, and the Cisco Unified Wireless Network, visit Cisco Technical Support Services or Cisco Professional Services. http://www.cisco.com/go/services