Cisco Virtual Wireless Controller

Cisco Virtual Wireless Controller Data Sheet

Let Us Help

  • Viewing Options

  • PDF (285.5 KB)
  • Feedback

The Cisco® Virtual Wireless Controller is a virtual form-factor controller that enables flexible and cost-effective deployment for small and medium-sized deployments.

Text Box: Deployment Flexibility
●	Virtual form-factor
●	Any x86 server with VMware Hypervisor ESXi4.x -or 5.x
●	On-premises or data-center-hosted deployments
●	Share existing virtualization infrastructure to achieve operational cost savings
●	Co-resides with other virtualized network services: virtual Cisco Prime™ Infrastructure, virtual Cisco Mobility Services Engine (vMSE), virtual Cisco Identity Services Engine (vISE) and others
●	Single access point adder licenses enable a granular “pay as you grow” model
HA and Manageability
●	Common Cisco Prime management for appliance and virtual wireless controller, in addition to the standard virtual machine (VM) tools for monitoring, troubleshooting, and so on
●	Use VM infrastructure features: VMotion, cloning, snapshot, and so on
●	Business agility with on-demand orchestration; enabling new controllers is quick and simple
FlexConnect Solution
●	Intelligent RF control plane, centralized software update, control and management, and troubleshooting
●	With a distributed data plane, deploy On-Prem (locally switched) voice-, video-, and data-intensive applications over wireless
●	Seamless wireless services even when WAN link fails or a controller out-of-service
●	Local RADIUS server for new clients to get on the network and access services
Comprehensive Wired and Wireless Security
●	Full CAPWAP access point to controller encryption
●	Supports detection of rogue access points and denial-of-service attacks
●	Management frame protection detects malicious users and alerts network administrators
Secured Guest Access
●	Deploy simple and secure guest access services
The controller allows IT managers to configure, manage, and troubleshoot up to 200 access points and 6000 clients. The Cisco Virtual Wireless Controller supports secure guest access, rogue detection for Payment Card Industry (PCI) compliance, and in-branch (locally switched) Wi-Fi voice and video.


The Cisco Virtual Wireless Controller provides centralized control, management, and troubleshooting. It supports the Cisco FlexConnect solution. Data traffic from the access points are switched locally at the access point.

The Cisco Virtual Wireless Controller automates wireless configuration and management functions and allows network managers to have the visibility and control needed to cost-effectively manage, secure, and optimize the performance of their wireless networks. Cisco Virtual Wireless Controller in central switched mode supports Bonjour Services Directory to enable Bonjour Services to be advertised and utilized in a separate L3 network. Wireless Policy engine is a wireless profiler and policy feature on the wireless controller that enables profiling of wireless devices and enforcement of policies such as VLAN assignment, quality of service (QoS), ACL and time-of-day-based access. As a component of the Cisco Unified Wireless Network, this controller provides real-time communications between Cisco Aironet® access points, the Cisco Prime Infrastructure, and the Cisco Mobility Services Engine, and is interoperable with other Cisco controllers. With integrated Cisco CleanAir® technology, the Cisco Virtual Wireless Controller provides the industry’s only self-healing and self-optimizing wireless network for small and mid-sized businesses and small campus-like schools.

Table 1 lists the features of Cisco Virtual Wireless Controller.

Table 1.       Cisco Virtual Wireless Controller Features




  Supports 200 access points
  Supports 6000 clients

RF Management

  Provides both real-time and historical information about RF interference impacting network performance across controllers, through systemwide Cisco CleanAir technology integration

Cisco FlexConnect

  Supports up to 200 Cisco FlexConnect groups and 100 access points in each FlexConnect group
  Centralized control, management, and client troubleshooting
  Seamless Layer 2 roaming within a Cisco FlexConnect group of 50 access points
  Seamless client access in the event of a WAN link failure (local data switching)
  Local RADIUS server support to enable new clients to access wireless services without depending on the central RADIUS servers
  Support for high-latency WAN links
  Secure guest access
  Efficient access point upgrade that optimizes the WAN link utilization for downloading access point images
  Integrated and enhanced security with a wireless intrusion prevention system (wIPS)
  Rogue detection for PCI compliance
  Local split tunneling for improved WAN bandwidth utilization
  Workgroup bridge/universal workgroup bridge (WGB/uWGB) support for local switching simplifies deployment of wired-only devices in remote locations

Comprehensive End-to-End Security

  Offers control and provisioning of wireless access points (CAPWAP)-compliant Datagram Transport Layer Security (DTLS) encryption on the control plane between access points and controllers across remote WAN links

End-to-End Voice

  Supports Cisco Unified Communications for improved collaboration through messaging, presence, and conferencing
  Supports all Cisco Unified IP Phones for cost-effective, real-time voice services

Fault Tolerance

  Access points continue to provide seamless services when a controller fails; provides failover to another backup controller for centralized control and management
  Redundant power supply helps to ensure maximum availability

Environmentally Responsible

  Organizations may choose to turn off access point radios to reduce power consumption during off- peak hours

Table 2 lists the product specifications for Cisco Virtual Wireless Controller.

Table 2.       Product Specifications for Cisco Virtual Wireless Controller




IEEE 802.11a, 802.11ac, 802.11b, 802.11g, 802.11d, WMM/802.11e, 802.11h, 802.11k, 802.11n, 802.11r, 802.11u, 802.11w


IEEE 802.3 10BASE-T, IEEE 802.3u 100BASE-TX specification, 1000BASE-T. 1000BASE-SX, 1000-BASE-LH, IEEE 802.1Q VLAN tagging

Data Request For Comments (RFC)[1]

  RFC 768 UDP
  RFC 791 IP
  RFC 2460 IPv6 (pass through Bridging mode only)
  RFC 792 ICMP
  RFC 793 TCP
  RFC 826 ARP
  RFC 1122 Requirements for Internet Hosts
  RFC 1519 CIDR
  RFC 1542 BOOTP
  RFC 2131 DHCP
  RFC 5415 CAPWAP Protocol Specification [2]

Security Standards

  IEEE 802.11i (WPA2, RSN)
  RFC 1321 MD5 Message-Digest Algorithm
  RFC 1851 The ESP Triple DES Transform
  RFC 2104 HMAC: Keyed Hashing for Message Authentication
  RFC 2246 TLS Protocol Version 1.0
  RFC 2401 Security Architecture for the Internet Protocol
  RFC 2403 HMAC-MD5-96 within ESP and AH
  RFC 2404 HMAC-SHA-1-96 within ESP and AH
  RFC 2405 ESP DES-CBC Cipher Algorithm with Explicit IV
  RFC 2407 Interpretation for ISAKMP
  RFC 2409 IKE
  RFC 2451 ESP CBC-Mode Cipher Algorithms
  RFC 3280 Internet X.509 PKI Certificate and CRL Profile
  RFC 4347 Datagram Transport Layer Security
  RFC 4346 TLS Protocol Version 1.1


  Wired Equivalent Privacy (WEP) and Temporal Key Integrity Protocol-Message Integrity Check (TKIP-MIC): RC4 40, 104 and 128 bits (both static and shared keys)
  Advanced Encryption Standard (AES): Cipher Block Chaining (CBC), Counter with CBC-MAC (CCM), Counter with Cipher Block Chaining Message Authentication Code Protocol (CCMP)
  Data Encryption Standard (DES): DES-CBC, 3DES
  Secure Sockets Layer (SSL) and Transport Layer Security (TLS): RC4 128-bit and RSA 1024- and 2048-bit
  Datagram Transport Layer Security (DTLS): AES-CBC

Authentication, Authorization, and Accounting (AAA)

  IEEE 802.1X
  RFC 2548 Microsoft Vendor-Specific RADIUS Attributes
  RFC 2865 RADIUS Authentication
  RFC 2866 RADIUS Accounting
  RFC 2867 RADIUS Tunnel Accounting
  RFC 3576 Dynamic Authorization Extensions to RADIUS
  RFC 3579 RADIUS Support for EAP
  RFC 3580 IEEE 802.1X RADIUS Guidelines
  RFC 3748 Extensible Authentication Protocol
  Web-based authentication
  Terminal Access Controller Access-Control System (TACACS) support for management users


  SNMP v1, v2c, v3
  RFC 854 Telnet
  RFC 1155 Management Information for TCP/IP-Based Internets
  RFC 1156 MIB
  RFC 1157 SNMP
  RFC 1350 TFTP
  RFC 1643 Ethernet MIB
  RFC 2030 SNTP
  RFC 2616 HTTP
  RFC 2665 Ethernet-Like Interface types MIB
  RFC 2674 Definitions of Managed Objects for Bridges with Traffic Classes, Multicast Filtering, and Virtual Extensions
  RFC 2863 Interfaces Group MIB
  RFC 3164 Syslog
  RFC 3414 User-Based Security Model (USM) for SNMPv3
  RFC 3418 MIB for SNMP
  RFC 3636 Definitions of Managed Objects for IEEE 802.3 MAUs
  Cisco private MIBs

Management Interfaces

  Web-based: HTTP/HTTPS
  Command-line interface: Telnet, Secure Shell (SSH) Protocol, serial port
  Cisco Wireless Control System (WCS)

Regulatory Compliance

CE Mark


  UL 60950-1:2003
  EN 60950:2000
  EMI and susceptibility (Class A):
  U.S.: FCC Part 15.107 and 15.109
  Canada: ICES-003
  Japan: VCCI
  Europe: EN 55022, EN 55024

Virtual Machine Specifications

Cisco Virtual Wireless Controller can run on any x86 server that supports VMware ESXi 4.x and 5.x

The resource requirements from the virtualized server hardware:

  CPU: 1 virtual CPU
  Memory: 2 GB
  Disk Space: 8 GB
  Network Interfaces: 2 or more virtual Network Interface cards (vNICs)

Table 3 lists ordering and accessories information for Cisco Virtual Wireless Controller. To place an order, visit the Cisco ordering website:

Table 3.       Ordering Information for Cisco Virtual Wireless Controller

Part Number

Product Name

Cisco SMARTnet® Service 8x5xNBD


Cisco Virtual Wireless Controller for up to 5 Cisco access points


Additive Capacity Upgrade Licenses

Table 4 shows the additive capacity upgrade licenses that are available for the Cisco Virtual Wireless Controller.

Table 4.       Ordering Information for Cisco Virtual Wireless Controller Additive Capacity Licenses (e-Delivery PAKs)


Part Number

Product Description

SMARTnet 8x5xNBD



Primary upgrade SKU: Pick any number or combination of the following options under this SKU to upgrade one or many controllers under one product authorization key



1 Access Point Adder License for the Virtual Controller (e-Delivery)



5 Access Point Adder License for the Virtual Controller (e-Delivery)



25 Access Point Adder License for the Virtual Controller (e-Delivery)


Service and Support

Realize the full business value of your wireless network and mobility services investments faster with intelligent, customized services from Cisco and our partners. Backed by deep networking expertise and a broad ecosystem of partners, Cisco professional and technical services enable you to successfully plan, build, and run your network as a powerful business platform. Our services can help you successfully deploy the Cisco Virtual Wireless Controller and integrate mobility solutions effectively to lower the total cost of ownership and secure your wireless network.

To learn more about Cisco Wireless LAN service offers, visit:


The Cisco Virtual Wireless Controller is designed to support large-scale branch wireless deployments. It simplifies deployment and operation of wireless networks, helping to ensure smooth performance, enhance security, and maximize network availability. The Cisco Virtual Wireless Controller [[Please check. MDF and list the name as I’ve edited it]] manages all the Cisco access points, eliminating complexity and providing network administrators with visibility and control of their wireless LANs.

For More Information

For more information about Cisco wireless controllers, contact your local account representative or visit:

For more information about the Cisco Unified Wireless Network framework, visit:

For more information about the Cisco Flex 7500 Series Cloud Controller, visit: