Guest

Cisco 8500 Series Wireless Controllers

Cisco Wireless Release 7.5

  • Viewing Options

  • PDF (270.7 KB)
  • Feedback

PB729042

Overview

802.11ac radio module and innovations in the Cisco ® Wireless Release 7.5 now bring wire-like performance to wireless networks together with sub-second failover capability for mission critical deployments. Release7.5 is loaded with market leading features like an integrated BYOD policy engine, location-aware Bonjour Policy and CMX Browser Engage for cutting-edge mobile user experience.

Key Features in Release 7.5

• Cisco Aironet access point module for 802.11ac: Industry's first enterprise-class WFA-802.11ac certified access point

• Cisco Aironet 700 Series Access Point: An affordable, compact dual-radio access point for value-minded customers looking to modernize their networks to handle today's increasingly complex wireless access demands

• Client stateful switchover (SSO) across geographical locations: Controller redundancy with no client reauthentication and subsecond switchover

• Application services for wireless users:

– AVC protocol pack: Enables customers to update the protocol libraries with a simple protocol pack update instead of a standard software upgrade, to meet the dynamic, fast-changing application environment

– Bonjour services: Discovers services on a VLAN Layer 2 adjacent to the wireless access point. Wireless services in the vicinity of the client are provided

• Converged Access: Ability to run Mobility Controller (MC) functionality on a 5508 or WiSM2 in the Converged Access mode with a Catalyst 3850 mobility agent (MA)

• Integrated BYOD policy engine: The onboard wireless policy engine enables profiling of wireless devices and policy enforcement to address customers' bring-your-own-device (BYOD) deployments

• Guest access (sleeping client): Clients connected to the network are remembered even after waking up, eliminating the need for user intervention to reenter credentials

• CMX browser engage: Browser-based communication capabilities are available in Cisco Connected Mobile Experiences (CMX), enabling organizations to engage users in their venue based on the user's context: where they are, how long they have been there, whether they are a new or repeat visitor, or even what sites they are visiting

Platform Support

Cisco Wireless Release 7.5 is supported on the following platforms:

• Cisco Aironet access points running the Control and Provisioning of Wireless Access Points (CAPWAP) Protocol

• Cisco 2500 and 5500 Series Wireless LAN Controllers

• Cisco Catalyst 6500 Series Wireless Services Module 2 (WiSM2)

• Cisco Flex7500 Series FlexConnect Wireless Controllers

• Cisco 8500 Series Wireless Controllers

• Cisco Wireless LAN Controller Module for Integrated Services Routers G2 (UCS-E)

• Cisco Virtual Wireless Controller (vWLC)

• Cisco Mobility Services Engine (MSE)

Cisco Wireless LAN Controllers: New Features

In Software Release 7.5.102.0, Cisco wireless LAN controllers provide solutions to enable wireless as the primary means of access and to simplify high density media rich wireless deployments. Table 1 describes the new features of the wireless controllers in this release.

Table 1. New Controller Features in Cisco Wireless Release 7.5.102.0

Feature

Description

Benefit

High availability (HA): Client SSO

Enables client stateful switchover for 1:1 redundant controller deployments

Industry's first and only controller redundancy solution reduces client downtime to less than a second for business-critical applications, with no client reauthentication needed. The redundant controllers can be geographically distributed over a Layer 2 connection for data center level redundancy

Wireless policy engine

Wireless device profiler and policy classification feature on the Cisco wireless controller

The onboard wireless policy engine enables profiling of wireless devices and policy enforcement to address customers' BYOD deployments

Virtual controller: Datagram Transport Layer Security (DTLS)

Enables industry-standard CAPWAP encryption using DTLS

Extends corporate network services securely to a remote teleworker

Virtual controller: Bidirectional rate limiting

Provides the ability to rate-limit traffic, both downstream and upstream, on either a per-Service Set Identifier (SSID) or per-client basis for real-time (User Datagram Protocol, or UDP) or data (TCP) traffic

Customers can prevent excessive bandwidth usage on certain SSIDs (for example, guest) or by specific users (bandwidth hogging) from affecting other users on the network

AVC protocol pack

Supports Next-Generation Network-Based Application Recognition (NBAR2) protocol pack upgrades independent of wireless controller software upgrades

Seamless upgrade of the NBAR2 libraries to keep up with rapidly changing application requirements without affecting clients

Bonjour: Location-specific wireless services

Returns a filtered set of services to the client based on user location

Clients see only the wireless services specific to their neighborhood, such as printers on the same floor

Bonjour: Access point-based service discovery

Learns wired and wireless Bonjour services that are hosted on a VLAN Layer 2 adjacent to the access point

Customers can learn Bonjour services without needing the VLAN to be Layer 2 adjacent to the wireless controller

Guest access enhancements (sleeping client flexible timeout)

Enables the wireless controller to cache client credentials for a configurable period

Clients connected to the guest network are remembered even after waking up and do not need to reenter credentials

Guest anchor on Cisco 8500 Series Wireless Controller

Enables the Cisco 8500 to be the anchor controller for large-scale deployments

Cisco 8500 can provide anchor controller capability for large-scale deployments of up to 64,000 clients

Rogue policy enhancement: Client authentication

Enables authentication with the MSE in addition to authentication, authorization, and accounting (AAA)

Ease of configuration, clients dynamically updated, no manual or static updates required

FlexConnect enhancement: Protected Extensible Authentication Protocol (PEAP) and EAP-TLS

Introduces PEAP and EAP-TLS for local authentication on FlexConnect access points

Standards based, additional security authentication types to enable a larger number of newer devices to connect securely using local authentication

FlexConnect enhancement: WLAN-to-VLAN mapping

Provides the ability to configure WLAN-to-VLAN mapping at the FlexConnect group level

Allows configuration of a FlexConnect group of access points instead of individual access points, for greater ease of use

FlexConnect enhancement: Per-client access control lists (ACLs)

Enables configuration of per-client ACLs for central and local authentication

Dynamic client ACLs from AAA to enforce granular policies

Central and FlexConnect deployments - AAA quality of service (QoS) override

Supports upstream and downstream AAA override for QoS for locally switched WLANs on Flex access points

Per-client rate limiting for UDP (real-time) and TCP (data) traffic, both upstream and downstream

802.11w support for FlexConnect and Mesh deployment modes

Provides management frame protection

Consistent 802.11w support across deployment modes

Cisco Aironet Access Points: New Features

Table 2 describes the new access point features in Cisco Wireless Release 7.5.

Note: Management support for Release 7.5 will be delivered as part of the Cisco Prime Infrastructure roadmap Release 1.4.

Table 2. New Access Point Features in Cisco Wireless Release 7.5

Feature

Description

Benefit

-Z product IDs for the Aironet 3600 Series access points

New -Z product IDs for the Aironet 3600 Series access points

Provides enhanced 5-GHz spectrum coverage for Australia and New Zealand

Adds support for UNII-2 Extended channels in 5470 to 5725 (excluding 5600 to 5650)

The following is the complete set of channels in 5 GHz with -Z:

• 5150 to 5250
• 5250 to 5350
• 5470 to 5725 (5600 to 5650 excluded)
• 5750 to 5850

Declaration of Conformity

http://www.cisco.com/web/dofc/1087946.pdf

Cisco Aironet access point module for 802.11ac

• 802.11ac module for the Aironet 3600 Series enables support for 802.11ac Wave 1 (Draft 5)
• First enterprise-class 802.11ac solution shipping in the marketplace
• First 802.11ac certified solution for the commercial enterprise space, published by the Wi-Fi Alliance
• 802.11ac Wave 1 provides enhanced support for 5 GHz, including:
• 1.3 Gbps PHY max data rate
• 3x3 Multiple Input, Multiple Output (MIMO)
• 3 spatial streams
• 80-MHz wide channels

256 quadrature amplitude modulation (QAM)

Enables support of the next-generation 802.11 Wi-Fi protocol that defines Gigabit wireless

This initial implementation of the specification moving toward IEEE ratification provides three times the performance of 802.11n, using wider channels, enhanced modulation, and a more streamlined protocol to provide significant performance enhancements and enabling client devices to get on and off the network faster

Enterprise companies across all industries are expressing interest in 802.11ac with a variety of different drivers and deployments models:

• Healthcare: Large file movement and real-time imaging of MRI information
• Higher education: Both pervasive and targeted areas of coverage for their high-bandwidth student base, which also typically has three or more devices per student
• K-12: Increased density of wireless devices per classroom and increased use of video as a teaching method with the student

Service providers are also very interested in 802.11ac, both for their own corporate IT infrastructure as well as for service offerings to the public supporting the new wave of client devices entering with 802.11ac built in

Cisco Aironet 700 Series Access Point

Compact access point with the feature set to deliver highly secure and reliable wireless connections. It provides simultaneous dual radios and a 2 x 2: 2 radio design that enables data rates up to 300 Mbps

An affordable, compact dual-radio access point for value-minded customers looking to modernize their networks to handle today's increasingly complex wireless access demands. As part of the Cisco Unified Wireless Network, the Aironet 700 Series provides low total cost of ownership and investment protection by integrating smoothly with existing networks or hotspot deployments

Mobility Services

Table 3 describes new Cisco Mobility Services Engine (MSE) features in Cisco Wireless Release 7.5.

Table 3. New Cisco MSE Features in Release 7.5

Feature

Description

Benefit

CMX browser engage

In-venue customer engagement by providing rich contextual information on customer's mobile device.

Capabilities include:

• Indoor navigation: Navigate to and search for relevant points of interest on a floor map.
• Campaign management: Run relevant campaigns at venues based on different rules such as time, date, and location.
• Location services: Provide access to local services throughout the user's browser experience. Services are customizable by venue and time.

URL analytics

Web analytics: Aggregate statistics on URLs visited by venue and zone.

Enables merchants to better understand and meet their customer needs.

Representational State Transfer (REST) API

Support for MSE location REST API with XML and JSON data formats.

Support for northbound notification over HTTP/HTTPS/TCP with support for XML JSON and protobuf data format.

Lightweight REST protocol is easy to integrate with mobile apps.

Location analytics enhancements

Improved analytics on movements between zones and the flow around the buildings (speed and duration distributions).

Enables users to get information on visitors' movement around the area of interest more easily and quickly. This allows for better targeted marketing and improved wait times.

Midmarket MSE OVA

MSE virtual appliance with 250-GB hard disk requirement.

MSE virtual appliance with a smaller footprint for midmarket customers.

Exposing tag relative signal strength indicator (RSSI)

RSSI (probe) is exposed via MSE to third-party location apps. Base Location license is required.

Provides a single interface to integrate with third-party RFID tag vendors.

MSE licensing

3355 MSE scale increased to 2500 access points for Base and CMX license.

High-end virtual appliance scales to 5000 access points for Base and CMX license.

Higher scaling.

vWLC support

Supports virtual controller on MSE.

Customers can use the virtual controller with MSE without running command-line interface (CLI) commands.

Rogue access point zone of impact

Shows rogue access point zone of impact in Cisco Prime Network Control System (NCS) maps.

Enhanced map filtering and enhanced search for wireless intrusion prevention system (wIPS) attacks. Different icons for attacker and victim.

Easy identification of high-impact rogue access points on a map. The radius of the impact and the number of valid clients attached is shown on the map through the zone of impact.

Auto MAC address learning

MSE stores the state of the client.

Prevents valid clients from associating with rogue access points.

Adaptive wIPS (aWIPS) attack prevention

Automatic containment based on profile.

Automatic mitigation for aWIPS attacks.

New signatures

Signature update.

New threats detected by the aWIPS solution.

wIPS alarm consolidation

Consolidates wIPS alarms based on predefined rules.

Concise information to help the user determine the real attack or threat.

New wIPS UI

New wireless security wizard workflows.

Improved usability and intuitive workflow.

Forensics

Capability to start and stop forensics on a selected access point.

Better troubleshooting capability.

CMX Connect (demo version)

Visitor management. Supports web authentication, web passthrough, and social media authentication.

Visitor management.

Cisco Prime Network Infrastructure 1.4

Cisco Prime Infrastructure is a network management platform that supports lifecycle management of your entire network infrastructure from one GUI (Figure 1). Prime Infrastructure provides network administrators with a "single pane of glass" solution for provisioning, monitoring, optimizing, and troubleshooting both wired and wireless devices. Robust GUIs make device deployments and operations simple and cost-effective.

Figure 1. Cisco Prime Infrastructure 1.4

Cisco Prime Infrastructure 1.4 with Cisco Wireless Release 7.5 adds support for new features, as described in Table 4.

Table 4. New Cisco Prime Infrastructure 1.4 Features That Support Cisco Wireless Release 7.5

Feature

Description

Benefit

Management support for Release 7.5 and associated features

Support for new access point platforms (Aironet 3600p, 802.11ac module, etc.) and other features.
802.11.w.
Proactive capacity alarm or notification for RFID, clients.
Web authorization and Dot1x support.
Return additional 6 parameters for Dynamic Host Configuration Protocol (DHCP) option 82 configuration.

Centralized configuration, monitoring, and troubleshooting for the new access point and controller features.

Management support (configuration and monitoring) for Policy Classification Engine on wireless controller (Release 7.5 and later)

Policy classification enables customers to perform client (network endpoint) profiling at the controller and then configure and enforce policies on a per-device or per-user basis.

Policy Classification Engine on wireless controller enables this capability without the Cisco Identity Services Engine (ISE). Note that the ISE offers a much richer set of features, such as device profiling, onboarding, posture, and extensive policy management. The client device identification is based on protocols such as HTTP, DHCP, and MAC. The profiling can then be done based on factors including device type, user role/ID/password, location, time of day, EAP type, etc. Customers can configure and enforce policies on a per-device or per-user basis. Cisco Prime Infrastructure provides a scalable and easy mechanism to configure and monitor this capability on one or more wireless controllers using templates.

Configuration of sleeping client enhancement feature

Caches client credentials for a configurable period of up to 30 days (720 hours).

Previously (until Release 7.4), web authentication-enabled client devices connected to a WLAN via a wireless controller had to reauthenticate with login credentials (ID/password) when waking up from sleep. Release 7.5 added the ability to cache client credentials for a configurable period of up to 30 days (720 hours) and allows clients to reconnect to the network without having to reauthenticate on wakeup after sleep. Cisco Prime Infrastructure provides the necessary templates to configure the parameters on a per-WLAN basis and the ability to apply them to one or more wireless controllers.

Management support (configuration and monitoring) for a FlexConnect enhancement feature that allows customers to do WLAN-to-VLAN mapping at the FlexConnect group level

Allows customers to do WLAN-to-VLAN mapping at the FlexConnect group level.

Before Release 7.5, WLAN-to-VLAN mapping was configured on a per-access point basis, making this mapping difficult in deployments that had large numbers of access points in a FlexConnect group. This feature allows customers to do WLAN-to-VLAN mapping at the FlexConnect group level, making it scalable. Cisco Prime Infrastructure provides the necessary templates to configure the parameters and apply them to one or more wireless controllers.

Management support for new access point hardware:
802.11ac module: A field-upgradable add-on module to the Aironet 3600 Series

Simple Network Management Protocol (SNMP) MIB enhancements to the 802.11ac module for the Aironet 3600e or 3600 access points.
Same form factor as the Cisco Aironet Access Point Module for Wireless Security and Spectrum Intelligence.
Aironet 3600 Series maintains dual-band support for 2.4 and 5 GHz, supporting 802.11b/g/n on 2.4 GHz and 802.11a/ac/n on 5 GHz.

802.11ac module for the Aironet 3600e or 3600 access point allows customers to deploy 802.11ac in an enterprise using their existing Aironet 3600. The Aironet 3600 maintains dual-band support for 2.4 and 5 GHz, supporting 802.11b/g/n on 2.4 GHz and 802.11a/ac/n on 5 GHz. Cisco Prime Infrastructure (starting with Release 1.4) will provide support for configuring and monitoring the main radio and the module radio (with support for additional configuration such as channel width, dynamic channel assignment [DCA], Modulation and Coding Scheme [MCS], etc.)

Management support (configuration, templates) for a feature that enables customers to manage LED settings on the access point

Enables customers to manage LED settings (on/off duration and schedule) on the access point.

Beginning with Release 7.5, customers can configure access point LED capabilities from the wireless controller and Prime Infrastructure. Using a lightweight access point configuration template, customers can now configure the duration and schedule for access point LEDs. This feature is critical to customers in specific sectors (such as healthcare).

Management support for FlexConnect local authentication enhancement, adding EAP-TLS and PEAP

EAP-TLS and PEAP options for FlexConnect local authentication.

Release 7.5 has enhanced FlexConnect local authentication by adding EAP-TLS and PEAP. Previously we supported only Lightweight EAP (LEAP) and EAP-Fast. Cisco Prime Infrastructure (starting with Release 1.4) will provide support for configuration of these two additional authentication methods.

Reporting enhancement: Inventory report will show dead radios (in both Lightweight Access Point Protocol [LWAPP] and autonomous access points)

Inventory report to show dead radios (in both LWAPP and autonomous access points).

Release 7.5 has enhanced reporting functionality to show dead radios for both LWAPP and autonomous access points.

Management support for new functionality on MSE: Billboard and proxy services

Billboard and proxy services.

Release 7.5 has added the ability to launch billboard services. This allows customers to enhance in-venue engagement with venue visitors and customers carrying Wi-Fi-enabled mobile devices. Cisco Prime Infrastructure provides the configuration and templates necessary to configure billboard and proxy services parameters on the MSE.

Management support for client SSO on Cisco WLAN

Client SSO in Cisco WLAN.

Release 7.5 has introduced stateful switchover of the wireless clients that have successfully connected and are transferring data. This feature can be enabled in deployments where an access point serving the client is connected to a wireless controller in a 1:1 HA configuration. The key benefit of this feature is that when the primary wireless controller in this configuration goes down, access points and associated clients transition to the secondary controller without affecting the service. Cisco Prime Infrastructure 1.4 provides the configuration and templates necessary to configure this feature on wireless controllers running Release 7.5.

Management support for cable modem monitoring

Enables customers to monitor the health of the cable modem in the Aironet 1552C Outdoor Mesh Access Point.

Allows service provider customers to monitor the health of cable modems with Cisco Prime Infrastructure. Currently customers have to log in to their Cable Modem Termination System (CMTS) to monitor the cable modem module in the Aironet 1552C. With this feature, we link access points, wireless controllers, and cable modems and their associated CMTS, enabling customers to monitor the cable modem and access point from one tool.

Management support for Proxy Mobile IP (PMIP) v6 Mobile Access Gateway (MAG) implementation and enhancements

Support for PMIPv6 MAG implementation and enhancements.

Release 7.5 enhances support for PMIPv6 by adding the following two capabilities to the wireless controller: (a) support for centralized web authentication scenarios; (b) support for dynamic attributes - MAG support for obtaining PMIPv6 attributes (such as local mobility anchor [LMA] address, service selection type, etc.) dynamically from an AAA server. Customers can now use Cisco Prime Infrastructure to configure and monitor these features.

Service and Support

Services from Cisco and our partners can help you assess, design, tune, and operate your wireless LAN to transparently integrate mobility services and take advantage of the systemwide capabilities of the Cisco Unified Wireless Network.
Our professional services help you align your interference management, performance, and security needs with your technical requirements to better use the self-healing, self-optimizing features built into the silicon-level intelligence of Cisco CleanAir ® technology and the increased performance of the 802.11n standard. These services can enhance deployment and operational efficiencies to reduce the cost and complexity of transitioning to new technologies.
Our Technical Support Services help you maintain network availability and reduce risk. Optimization services provide ongoing assistance with performance, secure access, and maintaining a strong foundation for business evolution and innovation.

For More Information

• For more information about planning, building, and running services for Cisco CleanAir technology, Cisco 802.11n, and the Cisco Unified Wireless Network, visit Cisco Technical Support Services or Cisco Professional Services. http://www.cisco.com/go/services

• For more information about Cisco wireless products, visit http://www.cisco.com/go/wireless.