Cisco Catalyst® Family switches have been continuously evolving to provide converged infrastructure for wired and wireless networks. Cisco Catalyst 4500 and 6500 Series Switches support enhanced Power over Ethernet (ePoE) for wireless IEEE 802.11n access points. Cisco Catalyst 4500 Series line cards are the first in the industry to provide up to 30 watts (W) of inline power per port to enable the next generation of unified applications. The Cisco Catalyst 6500 Series supports a centralized and scalable wireless solution in the form of the Cisco Catalyst 6500 Series/7600 Series Wireless Services Module (WiSM). The Catalyst 4500 Series will be introducing support for EnergyWise and Cisco® location services in Cisco IOS® Software Release 12.2(52)SG. Figure 1 shows how Cisco has been investing in the converged infrastructure for wired and wireless networks.
Figure 1. Campus Mobility Evolution
This document focuses on a feature called Network Mobility Service Protocol (NMSP), which will be introduced in Cisco IOS Software Release 12.2(52)SG for the Cisco Catalyst 4500 Series Switches.
Businesses have gone mobile. The number of employees who expect access to network resources to improve productivity has increased significantly over the past few years, and the trend shows little sign of slowing anytime soon. Business mobility means consistent access to corporate applications over the right network for the right user at the right time. Delivering this experience requires IT to give careful consideration to the network design. In addition to providing mobility services for wireless devices, IT needs to provide mobility within the wired network to track the location of users, invoke location-based policies, and track assets.
The Cisco location service solution (also referred to as context-aware service) provides the capability to determine the physical location of a tracked entity in the network as well as additional contextual information such as the serial number of the tracked entity. The tracked entity can be a wireless endpoint, a wired endpoint (a phone or PC), a wired switch, or a wireless controller. Location information is critical for wired endpoints. For example, a phone in the lobby of an office building can have different policies from a phone in a conference room or in an employee's office. Today the policies are statically administered based on an endpoint's MAC address and not based on the location of the endpoint itself. Knowing the location of a wired entity provides more intelligence to push the right set of policies to tracked devices based not only on the user's credentials and MAC address, but also on the location of the device.
Endpoint location information can be obtained from the endpoint by various means, such as the Global Positioning System (GPS), the network (either wirelessly or through a wired medium), or static configuration. Wired and wireless devices require location information. Dynamic updates of location information are required to support mobility of the endpoints (wired or wireless). For example, if a wired phone is provisioned for Cube B6-1, Floor 3, Building 19, and if the person whose phone this is moves to Cube C5-2, Floor 2, Building 18, the location information needs to be manually updated if there is no means to update it dynamically. If the endpoint can derive its location from the point of attachment in the enterprise network, it can provide dynamic location information. When an endpoint is plugged into the access device, the device can convey information (IP address , port, and VLAN) to a central server (location server). This information can be used by the server to track the location of the endpoint.
The Cisco location feature, which is referred as NMSP in this document, enables the switch to act as a raw attachment feed for the location service for all devices connected to it, providing asset tracking for the connected devices. NMSP is supported on all Cisco Catalyst 4500 and 4900 Series Switches in Cisco IOS Software Release 12.2(52)SG.
Cisco Location Service Solution
The wired location solution is designed for Cisco Catalyst 4500 and 4900 Series Switches to track the location of devices as they move around the network, track the location of servers in data centers, and update those locations in a central server. NMSP and the Cisco location service solution support the capability to track the location of virtual machines within a data center or a campus as they virtually move around the network. The overall solution has four components: the Cisco 3300 Series Mobility Services Engine (MSE), the Cisco Wireless Control System (WCS) , switches for the wired clients, and wireless controllers for the wireless clients.
Cisco 3300 Series MSE
The Cisco 3300 Series MSE platform can run multiple independent or related services on top of wireless and wired network infrastructures. Those services typically provide high-level service capabilities such as location tracking.
The Cisco 3300 Series MSE tracks the location of wired and wireless devices continuously. It can do this by having the wired and wireless network infrastructure devices (controllers and switches) send raw location measurement data to the MSE as changes occur in the network. Both wired and wireless network infrastructures connect to the MSE using NMSP. In the case of wired switches, the information sent to the MSE is typically the MAC address, switch MAC address, slot or port, IP address, and IEEE 802.1x username (if available). This information is sent whenever a device link changes state. In the case of wireless controllers, the information sent to the MSE is typically the MAC address, IP address, IEEE 802.1x username (if available), and the IEEE 802.11 measurement data necessary to determine the physical location. After the MSE calculates the location of an endpoint device, it has multiple options to provide the location data to external systems, such as asset management applications.
The two primary options are:
– The application or external system typically sends a query asking for a device's location, including optional query criteria such as return data for only a specific floor.
– The MSE would respond with the answer immediately upon receipt of the query.
• Subscribe and publish
– The external system (a switch) typically registers an event subscription for a device location based on a set of criteria such as changes in position or containment within a specific boundary.
– When the MSE calculates or updates the location for any device, it matches that device and location with any event subscriptions defined on the MSE. If any event matches the subscription criteria, an event is fired for that device that includes the device's details and location information.
The Cisco WCS is the management system for the MSE and provides the administrator with the user interface for common MSE network management functions such as configuration, monitoring, and fault finding. The administrator can configure location information for switches and ports, which is then pushed to the MSE running the location service.
Switches (Cisco Catalyst 4500 and 4900 Series)
Switches provide the relevant location information for all the IP endpoints attached to them. These endpoints may include IP phones, PCs, and access points. NMSP runs between the switches and MSE to provide the location information to the MSE. Location information may include the physical address (also known as the civic address) as well as other information about endpoints such as the IP address , MAC address, port, VLAN, and username. Typically, this information is obtained using features such as IEEE 802.1x, Dynamic Host Configuration Protocol (DHCP) snooping, Dynamic Address Resolution Protocol (ARP) Inspection (DAI), and IP source guard. Additionally, if the end device runs the Cisco Discovery Protocol or Link Layer Discovery Protocol (LLDP), more information, such as the version number and serial number, can also be sent to the MSE. At this time, Cisco Discovery Protocol does not report the serial numbers, but LLDP reports serial numbers. With an enhancement, Cisco Discovery Protocol will be able to report the serial number of the device as well as other contextual information such as the version number and power information.
The Cisco Catalyst 6500 Series WiSM provides the control, scalability, and reliability that IT managers need to build secure, enterprise-scale indoor and outdoor IEEE 802.11 wireless networks. From voice and data services and location tracking to wireless mesh networks, the Cisco Catalyst 6500 Series WiSM enables enterprises and service providers to create and enforce policies that support business-critical applications. The Cisco WiSM is a member of the Cisco wireless LAN controller family. It works in conjunction with Cisco Aironet lightweight access points, the Cisco WCS, and the Cisco wireless location appliance to deliver a secure and unified wireless solution that supports wireless data, voice, and video applications. The Cisco WiSM consists of two Cisco 4404 controllers; therefore, the IT staff must be aware that two separate controllers exist on a single module. The first controller is considered the WiSM-A card, while the second controller is considered the WiSM-B card. Interfaces and IP addressing have to be considered on both cards independently. WiSM-A manages 150 access points, while WiSM-B manages a separate lot of 150 access points. The Catalyst 6500 Series Switch chassis can support up to five Cisco WISMs without any service modules installed. If one or more service modules are installed, the chassis can support up to four service modules (WISMs included). WISM in Cisco Catalyst 6500 Virtual Switching System (VSS) works the same as in standalone chassis. Multiple WISMs are supported in a VSS system in Active state.
Figure 2. shows the Cisco location solution.
Here are some of the ways in which location (context) services can be used:
• Emergency services (E911)
– Use Cisco Emergency Responder with the device location database from MSE
– Provide dynamic device location for both wired and wireless clients
• Enterprise access control
– Provide location information to access enforcement services: for example, the Network Admission Control (NAC) server, RADIUS server, or Cisco ASA Adaptive Security Appliance
– Integrate location with policy and provisioning with applications such as the Cisco Intelligent Services Gateway (ISG)
– Deliver dynamic location information from the network to the Cisco Unified Presence server
– Integrate with unified communication
– Locate resources nearby
• Network service virtualization
– Merge the location database and information from LLDP, Cisco Discovery Protocol, and DHCP to locate and track physical servers as well as virtual machines
• Asset inventory and management
– Convey chassis line card unique device identifier (UDI) information through NMSP
– Detect unexpected loss or presence
Following are some additional uses for Cisco location services:
• Provide user-to-device mapping
• Facilitate device mobility
• Make policy enforcement decisions using location and presence
• Govern distribution of location information to third parties (partners, regulators, emergency services, etc.)
• Provide location and presence as part of the network system