The Wireless LAN Services Module (WLSM) for the Cisco® Catalyst® 6500 Series of multilayer switches enables scalable wireless LAN network deployments. The Cisco Catalyst 6500 Series WLSM is ideal for enterprises, midsize businesses, universities, and service providers that have deployed Cisco Aironet® autonomous access points. The Cisco Catalyst 6500 Series WLSM:
• Uses existing network infrastructure investments that do not force changes to the underlying wireline infrastructure and do not require special client devices
• Enables secure campus-wide Layer 3 roaming
• Supports up to 6000 wireless LAN users and 600 Cisco Aironet Series autonomous access points spread throughout the campus using a single Cisco Catalyst 6500 Series WLSM deployed in a Cisco Catalyst 6500 Series chassis located anywhere in the network
• Allows network managers to segment and individually authenticate, control access to, and manage disparate wireless user groups such as "guest" and "employee" by enabling wireless mobility groups
• Simplifies management and deployment of wireless networks by unifying wireless and wireline networks, providing consistent application of policies for all wireless traffic via a single point of ingress and providing "out-of-box" access point configuration
• Extends Cisco Catalyst 6500 Series rich intelligent network services to the wireless edge, including enterprise-class security (denial of service [DoS] prevention access control lists [ACLs], firewall, intrusion detection, and IP Security [IPSec] VPN), high availability (Layer 2 and Layer 3 nonstop forwarding [NSF] with stateful switchover [SSO] of the control and data planes in a supervisor failover, and Cisco EtherChannel®), and quality of service (QoS) mechanisms
Note: The Cisco Catalyst 6500 Series WLSM supports autonomous access point deployments. Cisco IOS Software releases in the 12.2.SX series for Cisco Catalyst 6500 Series switches are the last software releases to support the Cisco Catalyst 6500 Series WLSM. Customers are encouraged to migrate to the Cisco Catalyst 6500 Series Wireless Services Module (WiSM) and transition to Cisco lightweight access points and the Cisco Unified Wireless Network. The Cisco Catalyst 6500 Series WiSM is a key component of the Cisco Unified Wireless Network and a member of the Cisco Wireless LAN Controller family. The Cisco Catalyst 6500 Series WiSM works in conjunction with Cisco Aironet lightweight access points, the Cisco Wireless Control System (WCS) and the Cisco Wireless Location Appliance to support mission-critical wireless data, voice, and video applications. Learn more about the Cisco Catalyst 6500 Series WiSM visit http://www.cisco.com/go/wism.
Figure 1. Cisco Catalyst 6500 Series WLSM
The Cisco Catalyst 6500 Series WLSM (Figure 1) can be configured in any open slot of a 3-, 6-, 9-, or 13-slot Cisco Catalyst 6500 Series switch equipped with a Supervisor Engine 720. The Cisco Catalyst 6500 Series WLSM works with Cisco Aironet autonomous access points and the CiscoWorks Wireless LAN Solution Engine (WLSE). All industry standards-based IEEE 802.11a, b and g client devices are supported. Additionally, a broad-range of Cisco Compatible Extensions wireless devices offered by leading PC, network interface card (NIC), and wireless handheld device vendors provides even greater usability and wireless network optimization that is transparent to the user (if desired).
APPLICATIONS AND DEPLOYMENT SCENARIOS
Enterprise Campus Environment
The Cisco Catalyst 6500 Series WLSM can be flexibly deployed anywhere in the network-from the wiring closet to the core, to the data center to the WAN edge, or as a services switch. Figure 2 illustrates how the Cisco Catalyst 6500 Series WLSM can be deployed in an enterprise campus environment.
Figure 2. Cisco Catalyst 6500 Series WLSM Enterprise Campus Deployment
In this example, the Cisco Catalyst 6500 Series WLSM can be deployed in the distribution layer or the data center; it does not have to be deployed in the wiring closet. An autonomous access point can connect to any switch port on any subnet. Upstream switches or routers do not have to be configured, and no specific VLAN assignment or trunks are required. Prior to actively passing traffic, the autonomous access point can be authenticated as a trusted network device. Once the autonomous access point is registered and has received its configuration from the CiscoWorks WLSE, fast secure roaming tunnels (FSRTs) are established between the autonomous access point and the Cisco Catalyst 6500 Series WLSM-equipped Cisco Catalyst 6500 Series switch. An FSRT is established for each service set identifier (SSID) of a given autonomous access point.
Using this configuration, wireless LAN users are provided with fast secure roaming, both within and between subnets. No special client software is required, which gives network administrators maximum flexibility on network access policies. Clients can be authenticated and placed in mobility groups prior to accessing network resources. Wireless LAN client handoff between autonomous access points, including IEEE 802.1X reauthentication and rekeying (if used), occurs in less than 50 ms-well below the ability of a user to detect a disruption on a voice call. The Cisco Catalyst 6500 Series WLSM preserves the client IP address regardless of the access point association; any established VPNs or open connections continue to function, even through a roam.
FEATURES AND BENEFITS
Fast Secure Campus-Wide Mobility
Network administrators can provide campus-wide fast secure roaming services to wireless users without sacrificing security, implementing campus-spanning VLANs, or modifying client software or hardware. The Cisco Catalyst 6500 Series WLSM delivers a secure Layer 3 mobility system with autonomous access point handoff times as low as 50 ms, based upon the selected deployment scenario and the IEEE 802.1X authentication type. Cisco Catalyst 6500 Series WLSM fast secure roaming characteristics and benefits include:
• Dynamic configuration of FSRTs to facilitate campus-wide mobility on a per-mobility-group basis, from each access point to the Cisco Catalyst 6500 Series switch equipped with the Cisco Catalyst 6500 Series WLSM
• No data traffic allowed beyond the access point and into the FSRT until client IEEE 802.1X authentication is successfully completed
• Support for latency-sensitive applications such as voice over IP (VoIP), video streaming, VPN over wireless, and client/server-based applications
• Checking secure authentication credentials every time a client roams, while maintaining 50-ms handoff times
• Support for multicast and broadcast applications
• Support for Wireless Fidelity (Wi-Fi) certified client devices, Cisco Aironet Series WLAN client adapters, and Cisco Compatible client devices
As an integrated part of the widely deployed Cisco Catalyst 6500 Series switch, the Cisco Catalyst 6500 Series WLSM uses the full range of Cisco Catalyst 6500 Series hardware- and software-based intelligent switching services. These services can be applied on a per-mobility-group basis using the same management interface that is used for all other traffic. Important Cisco Catalyst 6500 Series network services that are immediately available to wireless traffic include, but are not limited to:
• Full range of ACLs for traffic inspection, filtering, and rate limiting based on Layers 2 through 4 header information
• Hardware-based denial of service (DoS) protection mechanisms such as control plane rate limiters and Unicast Reverse Path Forwarding (uRPF)
• RADIUS-based mobility assignment for administrators looking to support a single SSID with the capability for a centralized RADIUS server to determine network connectivity based on authentication
• QoS preservation and policy enforcement of wireless traffic from the access points through the FSRTs to the Cisco Catalyst 6500 Series switch equipped with a Cisco Catalyst 6500 Series WLSM
• IEEE 802.1X and authentication, authorization, and accounting (AAA) services
• Interoperability with integrated Cisco services modules such as the Firewall Services Module (FWSM), Intrusion Detection Services Module (IDSM), Network Analysis Module (NAM), and IPSec VPN Services Module (VPNSM), which can be applied on a per-mobility-group basis (Figure 3)
Note: The multigigabit FWSM capabilities far exceed extended ACL functions that are sometimes described as "firewall" features.
Additional Cisco Catalyst 6500 Series features that enhance wireless network deployments include:
• An integrated Time Domain Reflectometer (TDR) for simplified cable fault troubleshooting of any directly connected autonomous access points-supported by any Cisco Catalyst 6500 Series chassis equipped with a 48-port 10/100/1000-Mbps Ethernet interface module
• Field-upgradeable IEEE 802.3af power over Ethernet daughter cards can power access points, IP phones, and other directly connected devices-supported on various Cisco Catalyst 6500 Series 48-port 10/100 and 10/100/1000-Mbps Ethernet interface modules
Up to 240 Mobility Groups for Traffic Segmentation and Policy Enforcement
Network managers can segment wireless users into one of up to 240 logical mobility groups across all autonomous access points without configuring VLANs on the underlying network infrastructure. Cisco Catalyst 6500 Series WLSM mobility characteristics and benefits include:
• A single Cisco Catalyst 6500 Series management interface per mobility group that supports all direct or network-attached autonomous access points, automatically applying all defined configurations and policies to the roaming user
• Flexibility to define IEEE 802.1X authentication types on a per-mobility-group basis
• Each mobility group can be assigned its own policies and services, including direction to and through IPSec VPN, firewall, intrusion detection and network analysis modules for services chaining
Figure 3. Application of Cisco Catalyst 6500 Series WLSM Services to Wireless Traffic
As shown in Figure 3, wireless LAN traffic is segmented and tunneled on a per-mobility-group basis using separate FSRTs from the access point to a unique interface on the Cisco Catalyst 6500 Series switch. This allows for the application of distinct network admission control and bandwidth management policies to each group as it enters or leaves the wireless network. Intelligent switching services such as time of day ACLs and QoS policies can be individually applied to each mobility group (for example, a guest mobility group, a voice mobility group, or an employee mobility group).
Simplified Deployment and Management
By unifying wireless and wireline capabilities, initial deployment and ongoing network management activities are greatly simplified. Network managers can use the existing infrastructure and management tools, simplifying initial and ongoing management activities. Cisco Catalyst 6500 Series WLSM deployment and management benefits include:
• Dynamically established FSRTs
• A single point of ingress and management for each mobility group to greatly simplify the application of wireless services and policies to each mobility group, independent of the number of autonomous access points
• Separate data and control planes for deterministic, predictable performance
• Common command line interface (CLI) and management tools across the wireless and wireline infrastructure
• Switched Port Analyzer (SPAN) and Remote SPAN (RSPAN) capabilities to allow remote monitoring of traffic and troubleshooting
• Maximum flexibility to deploy anywhere in the network (the wiring closet, the core, the data center) based upon customer business requirements
• Noninvasive monitoring of wireless traffic with full protocol decoding on a real-time and historical basis, allowing for the validation of QoS policies, as well as the identification of application response delays when used with the optional Cisco Catalyst 6500 Series Network Analysis Module
Maximum Network Uptime
Cisco Catalyst 6500 Series switches are deployed in many networks requiring the highest levels of availability and reliability. By integrating the Cisco Catalyst 6500 Series WLSM into the Cisco Catalyst 6500 Series, the Cisco Catalyst 6500 Series' rich set of high-availability and network resiliency features can be extended to wireless users. These capabilities are complemented by additional high-availability and resiliency features maximizing wireless and wireline network uptime in a systemic approach. As a result, mission-critical applications such as IP telephony and other latency-sensitive, connection-oriented applications can be made available to wireless client devices. The following features highlight some of the enterprise-class high-availability and resiliency capabilities that the Cisco Catalyst 6500 Series WLSM, within the Cisco Catalyst 6500 Series switch, supports in a unified wireless and wireline network.
• Critical baseline features such as Per-VLAN Spanning Tree (PVST), Cisco EtherChannel, IEEE 802.1w Rapid Spanning Tree (RST), and redundant system components enhance overall network uptime, reducing the time required for network topology convergence.
• Fast stateful Layer 2 and Layer 3 control and data plane failover of redundant Cisco Catalyst 6500 Series supervisor engines help to ensure that wireless traffic will continue to be forwarded across the network with no loss of connectivity for wireless users. Cisco Catalyst 6500 Series NSF with Stateful Switchover (NSF/SSO) features prevent faults from being propagated to adjacent network devices. As a result, there are no route flaps or spanning tree reconvergence issues.
• Hot Standby Router Protocol (HSRP) failover protects Cisco Catalyst 6500 Series WLSMs to help ensure rapid service restoration for wireless users.
• Interoperability with the CiscoWorks WLSE and Cisco Aironet Series autonomous access points to support features such as self-healing WLANs and assisted site surveys, helping to ensure that optimal wireless coverage is provided across the campus.
• Graceful tunnel resiliency for maintaining network connectivity for existing wireless clients during a WLSM failure.
• Active and standby WLSM in a Catalyst 6500 chassis providing failover capabilities within a single chassis.
Wireless and Wireline Integration
The Cisco Catalyst 6500 Series WLSM integrates wireless and wireline networks to deliver superior security, management, and mobility. Benefits and highlights of this solution include:
• Extends traditional wireline policies to wireless traffic, enabling unified management
• Separates control and data planes, ensuring scalable, predictable performance across an entire campus
• No changes to the underlying network infrastructure. Uses existing switches, routers, and Cisco Aironet autonomous access points that are already deployed in the network
• No configuration changes to wireless LAN clients
• Delivering Layer 2 and Layer 3 roaming services to the end user that is both fast and secure
• Active participation of multiple network elements (clients, access points, management tools, and network infrastructure platforms) maximize the power of the network as a system, rather than as a point product with limited efficacy
The Cisco Catalyst 6500 Series WLSM is an advanced services module for the Cisco Catalyst 6500 Series switch. It incorporates Wireless Domain Services (WDS) for the enterprise and performs the following important functions:
• Aggregation of access point radio management information for delivery to the CiscoWorks WLSE
• Cisco Centralized Key Management to help ensure security of client roams
• Authentication of Cisco Aironet autonomous access points into the network infrastructure
• Layers 2 and 3 roaming and client mobility management
The Cisco Catalyst 6500 Series WLSM is not in the forwarding path for wireless data traffic. The 8-Gbps (Full Duplex) switch fabric connection is specifically reserved for aggregated access point radio management information, as well as mobility-related protocols and client IEEE 802.1X authentication traffic.
The Cisco Catalyst 6500 Supervisor Engine 720 is responsible for all forwarding decisions for both wireless and wireline traffic. It supports hardware-accelerated FSRT encapsulation and data plane forwarding. ACLs, rate limiters, QoS, and other services are applied to wireless traffic on the Supervisor Engine 720, helping to ensure common configuration and behavior across the wireless and wireline networks.
The Cisco Catalyst 6500 Series Switch equipped with the Cisco Catalyst 6500 Series WLSM delivers an enterprise-class wireless/wireline network system for autonomous access points. This solution extends the Cisco Catalyst 6500 Series' rich set of intelligent network services such as security, QoS, and reliability features that users expect in their wireless networks to the wired network. By integrating the Cisco Catalyst 6500 Series WLSM into a Cisco Catalyst 6500 series chassis, the Cisco Catalyst 6500 Series WLSM offers the scalability required to support hundreds of autonomous access points and thousands of users.
Tables 1 and 2 provide product specifications for the Cisco Catalyst 6500 Series WLSM.
Table 1. Performance, Scalability, and Protocol Support
Number of Access Points Supported
Up to 600 Cisco Aironet Series autonomous access points
Number of Wireless Clients Supported
Up to 6000 Cisco Aironet WLAN client adapters, Cisco Compatible client devices, or Wi-Fi certified client devices
Up to 10 mpps for wireless traffic in hardware (centralized forwarding mode)
Layer 3 Roam Times
As low as 50 ms, depending upon authentication type, client, and network topology
IEEE 802.1X Authentication Types Supported
Cisco LEAP, Protected EAP (PEAP), EAP-Flexible Authentication via Secure Tunneling (EAP-FAST), EAP Tunneled Transport Layer Security (EAP-TTLS) and EAP-Transport Layer Security (EAP-TLS)
Network Admission Control (NAC) Layer 2 support; WPA; WPA2
IPv4, IPSec, IP Broadcast, and IP Multicast
Table 2. Physical Characteristics and Certifications
Physical Dimensions (H x W x D)
1.6 x 15.3 x 16.3 in. (4.0 x 37.9 x 40.3 cm)
123.48W AC, 527.11 BTU
Environmental Operating Conditions
• Operating temperature: 32 to 104°F (0 to 40°C)
• Storage temperature: -40 to 167°F (-40 to 75°C)
• Relative humidity: 10 to 90 percent, noncondensing
• UL 1950
• EN 60950
• CSA-0C22.2 No. 950
• IEC 950
• FCC 15J Class A (FCC Part 15 [CFR 47] Class A)
• ICES-003 Class A
• VCCI CE II (VCCI Class A)
• CE mark
• EN 55022 Class B (EN 55022 Class A)
• CISPR 22 Class B (CISPR 22 Class A)
• EN 55024
Tables 3 lists the hardware components interoperable with the Cisco Catalyst 6500 Series WLSM.
Table 3. Hardware Components Interoperable with the Cisco Catalyst 6500 Series WLSM
Minimum Software Required
Cisco Catalyst 6500 Series Supervisor Engine 720 (required for switches equipped with the Cisco Catalyst 6500 Series WLSM)
Cisco IOS Software Release 12.2(18)SXD
Cisco Aironet 1300 Series outdoor access point/bridge (Supported in access point mode only)
Cisco IOS Software Release 12.3(4)JA or later
Cisco Aironet 1240AG Series access point
Cisco IOS Software Release 12.3.(7)JA or later
Cisco Aironet 1230AG Series access point
Cisco IOS Software Release 12.3.(2)JA or later
AIR-AP1210, AIR-AP1230A, AIR-AP1230B, or AIR-AP1231G
Cisco Aironet 1200 Series access point
Cisco IOS Software Release 12.2.(15)XR or later
Cisco Aironet 1130AG Series access point
Cisco IOS Software Release 12.3.(2)JA or later
AIR-AP1121B or AIR-AP1121G
Cisco Aironet 1100 Series access point
Cisco IOS Software Release 12.2.(15)XR or later
CiscoWorks WLSE (optional)
CiscoWorks WLSE Version 2.7 or later
Table 4 provides ordering information for the Cisco Catalyst 6500 Series WLSM. To place an order, visit the Cisco Ordering Website.
Table 4. Ordering Information for the Cisco Catalyst 6500 Series WLSM
Minimum Software Required
Cisco Catalyst 6500 Series WLSM
Cisco CAT6000-WLSM Software Release 1.1.2. or later*
* Cisco IOS Software releases 12.2.SX for Cisco Catalyst 6500 Series switches are the last software releases to support the Cisco Catalyst 6500 Series WLSM.
SERVICE AND SUPPORT
Cisco offers numerous innovative services programs to accelerate customer success. These programs are delivered through a unique combination of people, processes, tools, and partners, resulting in high levels of customer satisfaction. Cisco services help you to protect your network investment, optimize network operations, and prepare your network for new applications to extend network intelligence and the power of your business. For more information about Cisco services, see Cisco Technical Support Services or Cisco Advanced Services.