Cisco Aironet 1250 Series

Feature

Description

Benefit

Cisco Aironet 1250 Series

This modular access point provides the industry's best wireless performance and enhanced services with support for the 802.11n draft 2.0 standard and Multiple Input, Multiple Output (MIMO) technologies.

Supports the 802.11n draft 2.0 standard and delivers a next-generation wireless solution with unparalleled throughput and improved reliability and predictability for wireless connectivity. The access point is easily field-upgradable to support a variety of wireless capabilities. This modularity allows businesses to deploy existing wireless technologies today with the confidence that their network investment will extend to support emerging and future wireless technologies.

Support for 16 BSSIDs per Access Point

Cisco Aironet lightweight access points can support up to 16 broadcast service set identifiers (BSSIDs) per access point.

This support increases an organization's flexibility to specify individual BSSIDs to meet their unique WLAN requirements.

Feature

Description

Benefit

Access Points

Cisco Aironet 1250 Series Access Point

All wireless LAN controllers support the new Cisco Aironet 1250 Series access point, which supports 802.11n draft 2.0 and MIMO technologies.

All wireless LAN controllers are 802.11n-capable, protecting existing technology investments while providing a clear path to scalability.

Access Point Discovery Improvements

Cisco wireless LAN controllers send all LWAPP error messages to the Syslog server.

Debugging an access point that fails to join a controller is easier.

Regulatory Compliance Update

International regulatory requirements are constantly changing. In this software release, support has been added to the list of configurable country codes on all models of Cisco wireless LAN controllers for Bulgaria, United Arab Emirates, and Ukraine.

Organizations in Bulgaria, United Arab Emirates, and Ukraine can deploy Cisco Unified Wireless Networks that use lightweight access points.

High-Availability Capabilities

(Learn more about the high availability offered by the Cisco Unified Wireless Network by reading theFeature Brief-Wireless LAN High Availability for Remote Locations and Branch Offices)

Backup WLAN Controller Enhancement

A single Cisco wireless LAN controller at a centralized location can act as backup for remote wireless LAN controllers across mobility groups.

A secondary controller is recommended when redundancy is required at the local site.

Organizations can deploy across wireless LAN controller mobility groups, simplifying global provisioning. This feature is ideal for organizations with a large number of branch locations.

Hybrid Remote Edge Access Point (HREAP) Cisco Centralized Key Management Support

HREAP mode supports Layer 2 fast secure roaming using Cisco Centralized Key Management (CKM) if the WAN link connection to the remote controller is lost.

Roaming voice clients in remote locations and branch offices will stay connected even when the WAN link to the wireless LAN controller is lost.

HREAP IEEE 802.1X Support

HREAP mode supports 802.1X authentication to a backup AAA/RADIUS server if the WAN link connection to the centralized AAA/RADIUS server is lost.

Clients in remote locations and at branch offices can be locally authenticated by the HREAP and a local AAA/RADIUS server if the WAN link connection is lost. Both new clients joining the WLAN and existing clients that are re-authenticated can be authenticated remotely using HREAP mode.

Local Protected Extensible Authentication Protocol (PEAP) Termination

PEAP Generic Token Card (GTC) and PEAP Microsoft Challenge Handshake Authentication Protocol (MSCHAP) v2 termination for IEEE 802.1X authentication on a local wireless LAN controller is supported for IEEE 802.11i, WPA, and WPA2.

This feature allows the wireless LAN controller to authenticate a local database of users without requiring a RADIUS server. Users can be defined on the wireless LAN controller or in a Lightweight Directory Access Protocol (LDAP) database (for example, Active Directory) that can be accessed by the wireless LAN controller.

Cisco wireless LAN controllers support local EAP authentication with PEAP, in addition to Cisco LEAP, EAP-Flexible Authentication via Secure Tunneling (EAP-FAST), EAP-Transport Layer Security (EAP-TLS), and Message Digest Algorithm 5 (MD5). This feature is ideal for remote sites with unreliable WAN links.

Security

Support of IPv6 and IPv4 on Same WLAN

IPv6 and IPv4 clients can be configured on the same WLAN. All IPv6 traffic will be bridged and all IPv4 traffic will be blocked until the client performs a Web authentication.

This feature enhances WLAN security and provides increased flexibility.

WPA/WPA2 Client Noncompliance Trap

A trap (alert) is generated if a WPA or WPA2 client requests a security policy that is inconsistent with the approved security configuration.

This feature increases WLAN security and guards against improper client device configuration.

Voice Services

Signal Strength Target Level for Radio Resource Management (RRM)

Network radio coverage can be optimized for the signal-to-noise ratio and signal strength coverage. Normalizing WLAN signal strength levels enhances WLAN reliability and consistency for applications sensitive to noise such as voice calls.

Organizations can reduce network maintence times and deliver a high-quality RF signal for applications such as VoWLAN through automatic radio coverage optimization. Optimizing the WLAN for voice reduces dropped voice calls and increases end-user satisfaction.

Enhanced Control on MAC Behavior and EDCA Parameters

Faster RF optimization by Cisco wireless LAN controllers is facilitated through more frequent MAC behavior information updates.

Customized configurations that overwrite standard-based default parameters for EDCA are facilitated through manual adjustment of EDCA parameters.

Organizations can adjust their WLANs and meet their unique RF environmental requirements by delivering enhanced quality of service (QoS) for voice calls, supporting more simultaneous VoWLAN calls to increase wireless network utilization, and reducing call latency to improve the end-user experience.

Enhanced Wi-Fi Phone Support for Mixed Environment

Wi-Fi phones running proprietary (pre-standard) QoS or standard-based Wi-Fi Multimedia (WMM) QoS can be simultaneously supported through an enhanced configuration parameter and call admission control.

Organizations can meet a variety of end-user needs by supporting Wi-Fi phones running proprietary or WMM QoS. Easy setup of voice QoS configuration parameters simplifies voice operations.

Guest Access

Guest User Monitoring

The login guest username, associations, and disassociation events via MAC address can be trapped to monitor guest user network access.

Guest user activities can be supervised to ensure appropriate network usage and gather traffic statistics for network sizing.

Simplified Operations

Multicast Optimization

Full Internet Group Management Protocol (IGMP) snooping is supported. An access point will transmit multicast packets only if a client associated to the access point is subscribed to the multicast group.

This new feature optimizes the wireless LAN for voice and video applications like push-to-talk and IPTV. This feature also delivers network optimization which significantly improves over-the-air efficiency.

Peer-to-Peer Blocking Per Wireless LAN Controller

Traffic from clients communicating with each other on the same SSID can be configured to be bridged, dropped, or forwarded at the wireless LAN controller.

Communication between clients on the same SSID can be configured. This allows organizations to block, drop, or forward traffic for billing, security, and more efficient network usage.

Service providers can use this feature for billing purposes.

Network administrators can use this feature to switch traffic locally on the controller, such as two VoWLAN phones connected to the same wireless LAN controller; or to block traffic between two client devices to prevent communication between these devices, such as instant messages being sent between students in a classroom.

Dynamic Host Control Protocol (DHCP) Bridging

When DHCP proxy is disabled, the wireless LAN controller will pass DHCP packets unmodified from the LWAPP tunnel to the client's VLAN, and vice versa.

This feature allows organizations to use their existing DHCP backend infrastructure.

Ease of Use

Access Control list (ACL) Counters

Cisco wireless LAN controllers support ACL counters to assist with determining which ACLs were applied to packets transmitted through the wireless controller.

This feature is configurable as a global configuration and is disabled by default.

ACL counters are available to assist with debugging wireless LAN controllers.

ASCII XML Configuration

The Cisco wireless LAN controller bootup configuration will be stored in ASCII XML format.

Configuration files will be readable to assist in network monitoring and troubleshooting.

Feature

Description

Minimum Server Requirements

Cisco WCS High-End Server

Cisco WCS Standard Server

Cisco WCS Low-End Server

Feature

Description

Benefit

Access Points

802.11n Support

Cisco WCS display screens include a listing for configuring, managing, and monitoring 802.11n access points and their associated wireless LAN controllers.

Cisco WCS supports Cisco Aironet 1250 Series access points that deliver 802.11n draft 2.0 for increased throughput, reliability, and predictability.

Simplified Migration to the Unified Architecture

(Learn more about migrating to the unified architecture by reading the Feature Brief-Simplified Migration of Standalone Access Points to Operate as Lightweight Access Points in the Cisco Unified Wireless Network)

Standalone Access Point Monitoring

Cisco WCS supports standalone access point status and alarm monitoring. Standalone access points can be placed and viewed on Cisco WCS heat maps.

Basic status and alarms from standalone access points can be received by Cisco WCS. Monitored standalone access points are categorized as authorized access points, not as rogue devices, on Cisco WCS heat maps.

All Cisco Aironet standalone (autonomous) access point models can be monitored as well as the standalone access points of Cisco 800, 1800, 2800, and 3800 Series integrated services routers.

Organizations can monitor the status and alarms of Cisco Aironet and Cisco integrated services router standalone access points.

Cisco Aironet standalone access points can be monitored in preparation for migrating these access points to run LWAPP and operate with a wireless LAN controller in the unified architecture.

Standalone Access Point Migration Tool

Cisco WCS includes a tool that simplifies the migration of Cisco Aironet standalone (autonomous) access points to operate as lightweight access points and run LWAPP.

Up to 10 Cisco Aironet standalone access points of the same model number can be upgraded simultaneously using the tool.

A status notice (success or failure) is displayed throughout the migration process. An output log is available.

Migration to the Cisco Unified Wireless Network is simplified with a built-in Cisco WCS tool that simplifies the process to convert Cisco Aironet standalone access points to operate as lightweight access points. Migrated access points can then operate with a wireless LAN controller to deliver the rich features and diverse mobility services available with the unified architecture.

Workgroup Bridges

Workgroup Bridge Support for Standalone Access Points and Wireless Bridges

Cisco WCS includes a new workgroup bridge tab that lists the user, IP address, MAC address, and 802.11 state of the workgroup bridge acting as a client. A list of the standalone access points identified as clients operating as workgroup bridges is also listed on the Cisco WCS monitor menu.

With this release, Cisco WCS supports the Cisco Aironet 1300 Series outdoor access point bridge and Cisco Aironet 1400 Series wireless bridge operating in workgroup bridge mode as well as Cisco integrated services router 800, 1800, 2800, and 3800 Series standalone access points operating in workgroup bridge mode.

Organizations can select from a variety of Cisco Aironet and integrated services router standalone access points and Cisco Aironet wireless bridges to operate as workgroup bridges with the unified architecture.

Organizations have enhanced visibility and control of workgroup bridges operating within their wireless networks, resulting in greater flexibility for supporting wired and wireless devices.

Cisco WCS can now monitor a variety of Cisco Aironet and Cisco integrated services router standalone access points and wireless bridges operating in workgroup bridge mode.

RF Monitoring

Cisco WCS-Cisco Spectrum Intelligence Enhancements

Cisco WCS supports adding multiple Cisco Spectrum Expert sensors to monitor interference and includes new Spectrum Expert screens, menu options, and interference search capabilities.

Up to 10 Cisco Spectrum Expert sensors can simultaneously interface with Cisco WCS to monitor RF interference.

A new Cisco WCS table displays detected interferer types with severity, impacted channels, affected access points, and affected client devices. Searches for interferers can be performed using a variety of interferer properties.

The approximate location of interferers can be determined by locating the sensors with Cisco WCS, displaying the affective range of the sensors, and correlating this with the suspected interferer.

For ongoing analysis, spectrum information can be integrated into Cisco WCS using Cisco Spectrum Expert running in a remote laptop as an interference sensor.

This feature requires a Cisco WCS Spectrum Intelligence license for sensors available as Cisco part number WCS-ADV-SI-SE-10.

Network performance and coverage is improved when RF interference is quickly detected and mitigated.

With this new feature, organizations can identify and resolve RF problems more efficiently, resulting in improved performance, increased security, and lower operational costs.

Troubleshooting remote or intermittent RF problems is simplified because one or more Cisco Spectrum Expert sensors can be placed at a problem location to collect RF data which can then be analyzed.

Organizations can simultaneously use multiple Cisco Spectrum Expert sensors to detect interference from non-Wi-Fi devices operating in the Wi-Fi spectrum.

Interference information from these sensors can be located through a customized Cisco WCS search, and then graphed and integrated with existing Cisco WCS information for more comprehensive and sophisticated reporting.

Sensors are displayed as a client device, if connected wirelessly, on the Cisco WCS floor map.

Cisco Aironet Client Devices

Client Troubleshooting Enhancements for Cisco Aironet and Cisco Compatible Extensions Version 5 Client Devices

Cisco WCS can collect, save, export and open debug logs for Cisco Aironet and Cisco Compatible Extensions version 5 client devices.

Debug logs can be collected from the wireless LAN controller through watch-listing of Cisco Aironet client devices. These files can be saved to an external folder.

A log analysis tab supports exportation of the debug log to any client device.

Frame logs from the client diagnostic tests can be saved and opened in external tools (such as Ethereal) to assist with client troubleshooting.

Client troubleshooting for Cisco Aironet and Cisco Compatible Extensions version 5 client devices is improved with the availability of new debugging logs for client devices. These logs can facilitate the generation of client troubleshooting tickets.

Statistical Reports for Cisco Aironet and Cisco Compatible Extensions Version 5 Client Devices

Cisco WCS provides real-time and historical statistical reports for Cisco Aironet and Cisco Compatible Extensions version 5 client devices.

Client troubleshooting for Cisco Aironet and Cisco Compatible Extensions version 5 client devices is improved.

Ease of Use

Customizable Dashboard

New customizable tabs and focus areas are available on the Cisco WCS dashboard. Users can pick from a predefined list of components and select their order and placement on the home page, tabs, and focus areas.

Organizations can customize the Cisco WCS dashboard to meet their individual networking requirements.

Graphics Display Enhancements

Cisco WCS graphs support interactive graphics and filtering of specific criteria in real time. Data can be displayed in either a chart or tabular format.

Organizations can create customized interactive real-time charts and tables to view network-critical information.

One-Click Cisco WCS Software Upgrade

Cisco WCS software can be upgraded to the latest release using an easy upgrade process.

Organizations can simply and easily upgrade Cisco WCS to run the latest software release.

AutoCAD Map Import Support

AutoCAD images can be imported into Cisco WCS and used as maps. Users can select the layer of the AutoCAD image to be used as the WCS map when the image is previewed.

Cisco WCS maps support three import file types: JPEG, PDF, and AutoCAD.

Feature

Description

Benefit

Security

wIDS Reporting Enhancements

Enhanced intrusion detection system (IDS) reports display rogue devices and ad hoc events.

New rogue events detected during a specified time can be displayed as a list or graph. Rogue access points are listed based on the last update received for that rogue device.

Reports of all rogue ad hoc devices and ad hoc events from specified controllers for a specified duration can be generated.

Note: Ad hoc events are instigated by client devices operating in ad hoc mode. Clients operating in ad hoc mode create a potential security breach because they are communicating with each other and operating outside the authorized WLAN. Generally, their transmissions are not encrypted.

New IDS reports provide quick access to critical security information about unauthorized devices and ad hoc events that create potential security breaches in the network.

Ad Hoc Client Device Icon

Client devices operating in ad hoc mode are displayed using a unique ad hoc client icon on the Cisco WCS floor plan map.

Quick differentiation between rogue access points and client devices operating in ad hoc mode can be made based on the icon displayed on the Cisco WCS floor plan map.

Rogue Access Point Icon Enhancements

The rogue access point icon displayed on the floor plan map changes color and differentiates between a variety of states, including alert, pending, contained, threat, contained pending, trusted missing, on network, and off network.

The state of a rogue access point displayed on the Cisco WCS floor plan map can be quickly ascertained.

Security Search by MAC Address of Secure Services Client (SSC)

The MAC address of an SSC is searchable from the Cisco WCS Security-Access Point policy page.

The time required to identify and isolate clients with incorrect security settings has been reduced.

Guest Access

(Learn more about the guest access enhancements supported by Cisco Unified Wireless Network Software Release 4.2 by reading the Feature Brief-Cisco Unified Wireless Network Software Version 4.2 Unified Wired and Wireless Guest Access and the Feature Brief-Granular Guest Access Management and Provisioning)

Unified Wired and Wireless Guest Access

Wired user guest access can be enabled from a Cisco wireless LAN controller or Cisco WCS to deliver a unified guest access solution for both wired and wireless guest users.

The complexity and cost for guest access services is reduced because both wired and wireless access for guest users can be enabled through the wireless infrastructure and a single unified management interface.

Guest User Provisioning Templates

Preconfigured provisioning templates are available within Cisco WCS to streamline the process of provisioning guest access. The templates are defined and uploaded by the network administrator.

Single-click guest provisioning reduces errors made by provisioning personnel when they are issuing guest access credentials. Provisioning personnel do not need to have network knowledge to provision guests since they can use unalterable templates to issue guest credentials.

Bulk Guest User Provisioning

Multiple guest users can be provisioned simultaneously by uploading a flat file (csv to text).

The time required to provision multiple guest users is greatly reduced.

Bandwidth Policy Controls

Bandwidth limitations and policies can be specified for individual guest users.

Network security is improved and network performance can be enhanced when per-user bandwidth limits are placed on guest traffic.

Customizable Guest Portals per SSID

This feature allows administrators to implement different guest portals based on the access point SSID used by the guest user.

Many organizations support a variety of guest user groups with different business functions such as accounting, IT, or training. Per-SSID guest portals allow organizations to provision separate portals for different guest user groups.

Provisioning Personnel Audit Trail

Audit trail logs list the name of the provisioning personnel who created, deleted, or modified guest user profiles or guest user credentials.

Guest user access reports include information about provisioning personnel activities. This new information will assist organizations in more accurately tracking guest user provisioning.

Customized Provisioning Personnel Views

The Cisco WCS screens that are available for viewing by provisioning personnel while they are provisioning guest users can be constrained to a specific wireless LAN controller or access point SSIDs.

The process used to issue guest access certificates is simplified and network security is enhanced because provisioning personnel can be constrained to specific wireless LAN controllers or access point SSIDs.

Configurable Guest Access Terms and Conditions

The legal disclaimer displayed to guest users can be modified by provisioning personnel or secured to make it uneditable.

Organizations have greater flexibility for displaying guest access terms and conditions because they can allow or disallow editing of the terms by provisioning personnel.

Provisioning Personnel Authentication to External AAA Server

Provisioning personnel can be authenticated against a TACACS or RADIUS AAA server to confirm their identity.

Using an external AAA server to verify the identity of provisioning personnel helps maintain network security.

Voice Services

(Learn more about the voice services enhancements supported by Cisco Unified Wireless Network Software Release 4.2 and 4.1 by reading the Feature Brief-Voice over WLAN Solutions Using Cisco Unified Wireless Network Software Releases 4.1 and 4.2)

VoWLAN Readiness Tool

A new VoWLAN post deployment tool helps validate that the radio coverage requirements for VoWLAN are met and improves VoWLAN calibration accuracy.

The tool categorizes the radio coverage into three types:

The tool supports input of any signal strength from a Wi-Fi voice device (including non Cisco devices).

Wireless networks require stringent signal strength and coverage characteristics to deliver quality VoWLAN. The new VoWLAN post deployment tool facilitates fast and simple visualization of design guideline compliance for voice over Wi-Fi. Wireless network degradations are rapidly identified and addressed, helping maintain user satisfaction. Operations and maintenance are simplified because VoWLAN calibration can be assessed with one click.

Feature

Description

Benefit

New Outdoor Mesh Reports

Cisco WCS includes several new reports to simplify outdoor wireless mesh network management, including:

Organizations have additional outdoor wireless mesh operational information to help them troubleshoot network issues and optimize network performance.

Outdoor Mesh Map Enhancements

The Cisco WCS outdoor mesh map displays the value of the link quality for the signal to noise ratio (SNR) or packet error rate (PER).

Organizations have greater flexibility and ease of use for monitoring outdoor mesh networks.

Feature

Description

Benefit

Enhanced Scalability

Cisco WCS Navigator supports up to 30,000 Cisco Aironet lightweight access points.

Organizations can scale their Cisco Unified Wireless Network to support large-scale deployments across diversified geographical locations using multiple Cisco WCS managed by Cisco WCS Navigator.

Feature

Description

Benefit

Interfloor Location Differentiation

The location of a mobile asset in regular and irregularly shaped buildings can be more accurately determined with the Cisco interfloor location differentiation feature. The following configurations are supported:

The Cisco interfloor location differentiation feature allows organizations to more accurately assess the location of mobile assets (laptops, Wi-Fi tags, Wi-Fi phones, telemetry-enabled devices) as they move throughout the WLAN. Organizations have the flexibility to choose the interfloor location configuration that best fits their specific needs, scalability requirements, and desired accuracy level.

Element Partitioning and ACLs

Wi-Fi devices and tags can be divided into groups for simplified tracking and resource allocation. Once placed in a group, a device or tag is tracked as a member of the group instead of as an individual device.

Devices can be defined using a range of MAC addresses that can be imported from a comma-separated or text file.

For example, an employee with a Wi-Fi phone and laptop can be tracked by the Wi-Fi phone in order to track only one device per user and allot space for Wi-Fi tags.

Wi-Fi devices and tags can be managed more effectively by tracking only groups of desired elements. This offers better control of tracked devices.