Cisco Unified Wireless Network Software Release 4.1 [Cisco 2100 Series Wireless LAN Controllers]

PB401199

Overview

Cisco® continues to strengthen the Cisco Unified Wireless Network with software enhancements and hardware products that are available with Cisco Unified Wireless Network Software Release 4.1. With this release, Cisco deepens the richness of its portfolio of mobility services including enhanced security, guest access, voice services and location services. This new release delivers:

• Unified management across large and very large networks with the new Cisco Wireless Control System (WCS) Navigator

• Enhanced WLAN management, optimization, scalability, and performance from new Cisco WCS reports, ease-of-use features, templates, guest access enhancements and tools for client troubleshooting, CiscoWorks Wireless LAN Solution Engine (WLSE) migration and interference detection

• Support for Cisco's diverse global customers with two new Cisco Aironet® access points

• Infrastructure enhancements that improve support for roaming clients, facilitate wired device mobility, support local user authentication at branch and remote offices, and enhance VoWLAN performance

• Increased flexibility, reliability and monitoring of wireless mesh networks

• Flexibility to mix and match Wi-Fi tags and applications from different vendors with the new Cisco Compatible Extensions Wi-Fi tag specification developed with cross-vendor engagement

• High-accuracy deterministic location-based notifications from Cisco Compatible Extensions Wi-Fi Tags as they enter, exit, or move past a chokepoint

• End-to-end security with Management Frame Protection (MFP) from Cisco Aironet 802.11a/b/g CardBus Wireless LAN Client Adapters and Wireless PCI Adapters

This release contains new features, as well as support for the features delivered in Cisco Unified Wireless Network Software Release 4.0. It introduces support for the following new features:

• Cisco Aironet® access points

– Cisco Aironet 1240G Series and 1130G Series Access Points

• Cisco Wireless LAN Controllers:

– Support for Cisco Wireless LAN Controller Network Module Enhanced (WLCM-E) for integrated services routers

– Load-based Call Admission Control (CAC) for voice over wireless LAN (VoWLAN)

– Anchor wireless LAN controller failover

– Autonomous access point workgroup bridge (WGB) support

– Local Extensible Authentication Protocol (EAP) termination

– Symmetric mobility tunneling

– Federal Information Processing Standards (FIPS) 140-2 Level 2 validation and recertification

– TACACS+ support

– Multiple country controller

– Cisco Discovery Protocol enhancements

– Regulatory domain update for Japan

– Expedited bandwidth request

• Cisco Aironet 802.11a/b/g CardBus Wireless LAN Client Adapter and Wireless PCI Adapter

– Management Frame Protection (MFP)

• Cisco Wireless Control System (WCS) Navigator

– Cisco WCS Navigator

• Cisco WCS

– Cisco WCS Enterprise License

– Reporting enhancements

– Ease-of-use enhancements

– Bulk provisioning of Cisco wireless LAN controllers

– Client troubleshooting tool

– Guest Access enhancements

· Automated guest user access scheduling

· Guest user credential emailing

· Flexible guest access provisioning by Cisco wireless LAN controller group

· Mapping of guest users to Cisco WCS maps

· Logging guest user provisioning personnel activities

– Integration with Cognio Spectrum Expert

– Integration with TACACS+ server

– New wireless LAN controller configuration templates

– Data migration from CiscoWorks Wireless LAN Solution Engine (WLSE)

– Increased scalability

– Planning mode support for irregularly shaped buildings

– Japanese Microsoft Windows support

• Cisco wireless mesh enhancements

– Universal access

– Routing around interference

– Wireless mesh alarms and reports

– Backhaul background scanning

– Infrastructure WGB support

– CAC

– Enhanced backhaul security

– Outdoor location support: Nearest access point

– High-speed roaming

• Cisco 2700 Series Wireless Location Appliance

– Cisco Compatible Extensions Wi-Fi Tag specification

– Telemetry information

– Battery information

– Emergency group notifications

– Chokepoint support

– New Location Protocol (LOCP)

– Location appliance algorithm enhancements for antenna elevation and azimuth

New Features

The following new features are included in Cisco Unified Wireless Network Software Release 4.1. These features are supported by Cisco Aironet® access points running Lightweight Access Point Protocol (LWAPP); Cisco 2100 and 4400 Series Wireless LAN Controllers; the Cisco Catalyst® 6500 Series Wireless Services Module (WiSM); the Cisco Wireless LAN Controller Module (WLCM) and Cisco Wireless LAN Controller Module Enhanced (WLCM-E) for integrated services routers; the Cisco Catalyst 3750G Integrated Wireless LAN Controller; the Cisco 2700 Series Wireless Location Appliance; Cisco WCS, and Cisco WCS Navigator as noted.

Table 1 lists the new features in Cisco Unified Wireless Network Software Release 4.1. These features are supported in this release for the platforms noted.

Table 1. New Cisco Unified Wireless Network Software Release 4.1 Features

New Features	Cisco Aironet 802.11a/b/g CardBus Wireless LAN Client Adapter and Wireless PCI Adapter	Cisco Aironet 1500 Series Wireless Mesh Access Points	Cisco Aironet Access Points Running LWAPP	Cisco 2100 and 4400 Series Wireless LAN Controllers	Cisco Catalyst 3750G Integrated Wireless LAN Controller	Cisco Catalyst 6500 Series WiSM	Cisco WLCM and WLCM-E	Cisco Wireless Location Appliance	Cisco WCS	Cisco WCS Navigator
Cisco Aironet Series Access Points
Cisco Aironet 1240G Series and 1130G Series Access Points			X¹
Cisco Wireless LAN Controllers
Cisco Wireless LAN Controller Network Module Enhanced (WLCM-E)							X²
Load-Based CAC for VoWLAN			X	X	X	X	X		X
Anchor wireless LAN controller failover			X	X	X	X	X		X
Autonomous access point WGB support		X	X	X	X	X	X		X
Local EAP termination				X	X	X	X
Symmetric mobility tunneling				X	X	X	X
FIPS 140-2 Level 2 validation and recertification			X³	X⁴	X	X
TACACS+ support				X	X	X	X
Multiple country controller				X	X	X	X
Cisco Discovery Protocol enhancements			X	X	X	X	X
Regulatory domain update for Japan				X	X	X	X
Expedited bandwidth request			X	X	X	X	X		X
Cisco Aironet 802.11a/b/g CardBus Wireless LAN Client Adapter and Wireless PCI Adapter
Management Frame Protection (MFP)	X			X	X	X	X		X
Cisco WCS Navigator
Cisco WCS Navigator									X	X
Cisco WCS
Cisco WCS Enterprise License									X
Reporting enhancements									X
Ease-of-use enhancements									X
Bulk provisioning of Cisco wireless LAN controllers				X	X	X	X		X
Client Troubleshooting tool	X⁵								X
Automated guest user access scheduling				X	X	X	X		X
Guest user credential emailing				X	X	X	X		X
Flexible guest access provisioning by Cisco wireless LAN controllers				X	X	X	X		X
Mapping of guest users to Cisco WCS maps				X	X	X	X		X
Logging guest user provisioning personnel activities				X	X	X	X		X
Integration with Cognio Spectrum Expert			X						X
Integration with TACACS+ server									X
New WLAN controller configuration templates				X	X	X	X		X
Data migration from CiscoWorks WLSE									X
Increased scalability									X
Planning mode support for irregularly shaped buildings								X	X
Japanese Microsoft Windows support									X
Cisco Wireless Mesh Enhancement
Universal access		X
Routing around interference		X
Wireless mesh alarms and reports		X							X
Backhaul background scanning		X
Infrastructure WGB support		X
CAC	X⁶	X
Enhanced backhaul security		X
Outdoor location support: Nearest access point		X						X	X
High-speed roaming		X
Cisco 2700 Series Wireless Location Appliance
Cisco Compatible Extensions Wi-Fi Tag specification								X
Telemetry information								X
Battery information								X
Emergency group notifications								X
Chokepoint support								X
LOCP								X
Location appliance algorithm enhancements for antenna elevation and azimuth			X					X

¹Cisco Aironet 1240G Series and 1130G Series Access Points only

²Support for Cisco WLCM-E.

³Cisco Aironet 1130AG and 1240AG Series access points running LWAPP

⁴4400 Series Wireless LAN Controller

⁵All Wi-Fi clients are supported with this feature.

⁶Supported by all Wi-Fi client devices.

Cisco Aironet Access Points

The Cisco Aironet flagship access points the Cisco Aironet 1240AG Series and the Cisco Aironet 1130AG Series are now available in single-band 802.11g versions for use in regulatory domains that do not allow 802.11a/5GHz operation.

The Cisco Aironet 1240G Series Access Points provide single-band 802.11g wireless connectivity for challenging RF environments such as factories, warehouses, and large retail establishments (Table 2).

Table 2. Cisco Aironet 1240G Series Access Points

Part Number	Description	Regulatory Domain
AIR-AP1242G-x-K9	802.11g non-modular Cisco IOS access point; RP-TNC	x= • A=FCC • E=ETSI • P=Japan2
AIR-LAP1242G-x-K9	802.11g non-modular LWAPP access point; RP-TNC	x= • A=FCC • E=ETSI • P=Japan2

The Cisco Aironet 1130G Series is a single-band low-profile business-class access point with integrated antennas for easy deployment in offices and similar RF environments (Table 3).

Table 3. Cisco Aironet 1130G Series Access Points

Part Number	Description	Regulatory Domain
AIR-AP1131G-x-K9 Cisco IOS Software	802.11g Non-modular IOS AP; Integrated Antennas	x= • A=FCC • E=ETSI • P=Japan2\
AIR-LAP1131G-x-K9 LWAPP	802.11g Non-modular LWAPP AP: Integrated Antennas	x= • A=FCC • E=ETSI • P=Japan2

Cisco Wireless LAN Controllers

Support for Cisco Wireless LAN Controller Network Module Enhanced (WLCM-E)

The new Cisco Wireless LAN Controller Network Module Enhanced (WLCM-E) is introduced with this software release. This new device integrates wireless LAN controller functions into Cisco 2800, 3700, and 3800 Series Integrated Services Routers. It is designed for small and medium-sized businesses (SMBs) and enterprise branch offices with limited IT support. It allows SMBs and enterprise branch offices to cost-effectively and easily deploy and manage secure WLANs.

For more information, visit: http://www.cisco.com/en/US/prod/collateral/modules/ps2797/ps6730/product_data_sheet0900aecd80364432.html.

Load-Based Call Admission Control for VoWLAN

VoWLAN reliability is improved with load-based CAC for VoWLAN. This new feature allows the unified network (lightweight access points and wireless LAN controllers) to account for three additional variables when deciding how many voice calls to allow onto the network: the bandwidth used by local access points, co-channel access point interference, and co-located channel interference.

Using this new feature, the access point accounts for these three new variables when determining if there is sufficient bandwidth to support a new VoWLAN call. The access point admits a new VoWLAN call only if sufficient bandwidth is available to support the new call, preventing voice oversubscription and maintaining quality of service (QoS).

Anchor Wireless LAN Controller Failover

This release supports roaming client mobility failover between foreign and anchor wireless LAN controllers. The anchor controller provides a client with its IP address. It is the first controller that a client associates with. The foreign controller is any controller that a client roams to while on the network.

A heartbeat will now be maintained between the foreign controller and anchor controller during layer 3 roaming (Figure 1). If the heartbeat fails, the foreign controller disassociates the attached roaming clients.

Figure 1. Anchor Wireless LAN Controller Failover - Layer 3 Roaming

Additionally, if the client device is on a guest WLAN and the heartbeat fails, the foreign controller marks the anchor controller as unreachable, preventing roaming clients from being stranded if their anchor controller fails. It also allows roaming clients to acquire a new IP address from the foreign controller. Guest clients that have lost their anchor controller are tunneled to an alternate anchor when they reassociate (Figure 2).

Figure 2. Anchor Wireless LAN Controller Failover - Guest Access

Autonomous Access Point Workgroup Bridge Support

Cisco Aironet autonomous access points operating in WGB mode can now associate with Cisco Aironet access points running LWAPP to provide an 802.11 wireless connection to wired devices. The autonomous WGB access point learns the MAC address of the wired client and then informs the LWAPP access point and wireless LAN controller that the device is operating on the wireless network. This scenario provides transparent bridging for wired clients and secure roaming. The autonomous WGB access point and connected wired devices do not need to be stationary; they can be mobile such as on a cart, in a train, or in a moving vehicle (Figure 3).

This feature helps enable mobility for wired devices. Any wired client with a MAC address and an Ethernet port can be supported by an autonomous WGB access point, including medical devices, cash registers, printers, and other wired devices. Cisco Aironet 1100, 1130, 1200, 1230AG, 1240AG, and 1300 Series access points operating in WGB client mode support this feature. Authentication by LEAP, EAP-Flexible Authentication via Secure Tunneling (EAP-FAST) and EAP-Transport Layer Security (EAP-TLS) is supported by this feature.

Multicast over the WLAN is supported with this feature, but reliable multicast over the WLAN is not supported. VLAN is not supported on the autonomous WGB access point for the wired devices. Autonomous WGB access points cannot be managed by Cisco WCS.

Figure 3. Workgroup Bridge Support

Local Extensible Authentication Protocol (EAP) Termination

This release supports the termination of EAP on a local wireless LAN controller for IEEE 802.11i, Wi-Fi Protected Access (WPA), and WPA2 authentication. This feature allows the wireless LAN controller to authenticate a local database of users without requiring a RADIUS server. Users can be defined on the wireless LAN controller or in a Lightweight Directory Access Protocol (LDAP) database (for example, Active Directory) that can be accessed by the wireless LAN controller. This feature is ideal for remote sites with unreliable WAN links. A variety of EAP types are supported, including Cisco LEAP, EAP-FAST, EAP-TLS, and Message Digest Algorithm 5 (MD5).

Additionally, if the central RADIUS server becomes unreachable, the controller can use Local EAP to authenticate users (Figure 4).

Figure 4. Local EAP Termination

Symmetric Mobility Tunneling

A foreign wireless LAN controller now sends a Layer 3 roaming client's packet back to its anchor wireless LAN controller through EtherIP tunneling rather than through a dynamic interface. The source IP address of the packet then becomes the management IP address of the foreign controller, allowing upstream routers that have Reverse Path Forwarding (RPF) to forward on packets rather than discard them because the source IP address of the nontunneled packet did not match the router subnet. This option is configurable (Figure 5).

Figure 5. Symmetric Mobility Tunneling

FIPS 140-2 Level 2 Validation and Recertification

FIPS stipulates the security requirements for cryptographic modules. This release provides FIPS 140-2 Level 2 validation for the Cisco Catalyst 3750G Integrated Wireless LAN Controller. It also supports FIPS recertification of Cisco 4400 Series Wireless LAN Controllers; the Cisco Catalyst 6500 Series WiSM, and Cisco Aironet 1130AG and 1240AG Series Access Points running LWAPP.

TACACS+ Support

Support for TACACS+ is included with this release for Cisco wireless LAN controllers. TACACS+ is a Cisco protocol that supports authentication, authorization, and accounting (AAA) of administrators. It authenticates administrators and specifies the commands that each administrator is authorized to run, such as show commands or configuration change enablement. Cisco wireless LAN controllers now support the following TACACS+ authorization levels: monitor, all, WLAN, controller, wireless, security, management, commands, and lobby.

Hierarchical Navigation

Cisco 2100 Series Wireless LAN Controllers

Cisco Unified Wireless Network Software Release 4.1

Downloads