As WLAN deployments expand, security, scalability, reliability, ease of deployment, and management become increasingly important. Cisco provides a comprehensive line of access points that deliver enterprise-class features for business-ready wireless LANs.
Executive Summary
Access points are critical elements of the Cisco® Unified Wireless Network. Cisco single- and dual-band access points are designed for offices and similar environments, challenging RF environments, and the outdoors. The devices are available in two versions: unified or autonomous. Unified access points operate with the Lightweight Access Point Protocol (LWAPP) and work in conjunction with Cisco wireless LAN controllers and the Wireless Control System (WCS). Autonomous access points are based on Cisco IOS® Software and may optionally operate with the CiscoWorks Wireless LAN Solution Engine (WLSE). Autonomous access points, along with the WLSE, deliver a core set of features and may be field-upgraded to take advantage of the full benefits of the Cisco Unified Wireless Network as requirements evolve.
To make the best choices for their particular applications, customers need to understand the features and benefits of the different Cisco Aironet® access points. This solution overview details the capabilities of each of the devices in the Cisco Aironet Family of wireless access points.
Management Paradigm
As wireless LANs become increasingly mission-critical and evolve in terms of scale and capabilities, the way the wireless deployment is managed must evolve as well. Because each customer and each deployment is unique, Cisco provides differing feature sets and differing management paradigms to address these customer-specific requirements.
Cisco provides a core feature set that includes autonomous access points and the CiscoWorks WLSE management appliance. The core feature set provides a base set of capabilities that are required for enterprise deployments. Core features include secure connectivity through support for 802.11i Wi-Fi Protected Access 2 (WPA2), fast and secure Layer 2 roaming, and interfaces to a variety of third-party applications and products. Most Cisco access points are available in versions designed for autonomous operation. These devices may be upgraded in the field to lightweight mode, thereby providing customers with a smooth path from core to unified features.
The Cisco unified feature set is delivered by lightweight access points, wireless LAN controllers, and the Wireless Control System (WCS) management solution. The unified feature set represents the most comprehensive set of capabilities in the industry, including guest access, wireless intrusion detection and intrusion prevention, scalable Layer 3 mobility, and location services. Most Cisco Aironet access points are available in versions designed for lightweight operation.
Deployment Environments
Wireless LANs are becoming commonplace in numerous environments, including offices, schools, factories, warehouses, and even the outdoors. At the same time, the wireless industry is evolving from lower-capacity, single-band devices to high-capacity, dual-band solutions. The Cisco Aironet Family of access points meets these various application requirements by providing:
• Single- and dual-band access points
• Devices designed for indoor and outdoor deployments
• A consistent hardware feature set and predictable RF performance for deployment across the enterprise
As WLAN deployment expands into more applications and installation scenarios, a diverse line of access points is required to meet the associated capacity, coverage, and environmental requirements. The Cisco product line includes access points designed for offices and similar facilities, such as hospitals and retail environments, challenging RF environments like factories and warehouses, and the outdoors. These devices can be installed on desktops, on walls, on ceilings, above ceilings, and on top of poles.
While application requirements may vary, Cisco understands that all enterprise customers require uncompromised network security, scalable manageability, and an evolving set of network services. That's why all Cisco Aironet access points support the Cisco Unified Wireless Network, a framework for wired and wireless integration that delivers the security, manageability, and services that enterprises have come to expect from Cisco on both wired and wireless networks.
Solution
Addressing Feature Requirements
As wireless LAN usage has evolved from basic transport for largely transactional applications, so have the feature expectations of wireless LAN users and administrators. This change has come about on a segment-by-segment, customer-by-customer basis. It is critical for Cisco to provide differing feature sets to best fit differing customer requirements. Given that customer requirements can evolve during the lifetime of a wireless LAN deployment, it is also necessary to provide a means of smoothly upgrading this feature set for the installed base of products, with minimal disruption to network operations.
Cisco's unified wireless LAN feature set offers the features required for most enterprise deployments. Some deployments may not yet require these advanced capabilities. To address these evolving requirements, customers can select lightweight access points, or they can upgrade autonomous access points in the field to lightweight operation. With Cisco, customers can choose the feature set that is right for them, at the time that it is right for them. Table 1 provides a summary of the operational capabilities of various Cisco Aironet access points.
Table 1. Operational Capabilities of Cisco Aironet Access Points
Addressing Capacity Requirements
In just a few years, WLANs have evolved from proprietary systems with sub-Mbps capabilities to standardized offerings operating at data rates as high as 600 Mbps for dual-band 802.11n access points. These high data rates are available by taking advantage of the emerging 802.11n draft 2.0 standard with radios operating in both the 2.4 GHz band and the 5 GHz band. 802.11n draft 2.0 offers backward compatibility with 802.11a/b/g devices. Both 802.11b/g and 802.11n draft 2.0 are limited to three nonoverlapping channels when deployed in the 2.4 GHz band. 802.11a and 802.11n draft 2.0 support as many as 23 channels in the 5 GHz band (depending upon local regulations). To provide both backward compatibility and high capacity, WLAN client vendors are migrating to 802.11n-capable client devices, although many devices will continue to support the 802.11a/b/g standards and the 802.11n support complete backwards compatibility to ensure investment protection.
Deploying an infrastructure that takes full advantage of next generation wireless with 802.11n makes sense if capacity or reliability is currently an issue or is expected to become an issue during the useful life of the infrastructure devices. Given the rapid expansion of wireless-enabled devices, increasing capacity requirements are likely to apply to most WLAN installations. For this majority of applications, access points that support the emerging 802.11n draft 2.0 standard represents a better long-term value, particularly given the low price premium relative to performance. For the few applications that are not expected to present capacity issues in the near term, customers can choose existing 802.11a/g dual-radio access points. Table 2 summarizes which Cisco access points support 802.11a, 802.11b, 802.11g, and the new 802.11n draft 2.0 standard.
Table 2. Cisco Aironet Access Point Support for 802.11a/b/g and 802.11n draft 2.0
|
Cisco Series |
802.11b |
802.11g |
802.11a |
802.11n Draft 2.0 |
|
1100 Series |
Yes |
Yes |
No |
No |
|
1130AG Series |
Yes |
Yes |
Yes |
No |
|
1200 Series |
Yes |
Yes |
Optional1 |
No |
|
1230AG Series |
Yes |
Yes |
Yes |
No |
|
1240AG Series |
Yes |
Yes |
Yes |
No |
|
1250 Series |
Yes |
Yes |
Yes |
Yes |
|
1300 Series |
Yes |
Yes |
No |
No |
|
1500 Series |
Yes |
Yes |
Yes |
No |
|
1With a hardware upgrade module, Cisco Aironet 1200 Series Access Points may be field-upgraded to support 802.11a.
|
Award-Winning Security
The Cisco Aironet Series access points supports 802.11i, Wi-Fi Protected Access (WPA), WPA2, and numerous Extensible Authentication Protocol (EAP) types. WPA and WPA2 are the Wi-Fi Alliance certifications for interoperable, standards-based WLAN security. These certifications support IEEE 802.1X for user-based authentication, Temporal Key Integrity Protocol (TKIP) for WPA encryption, and Advanced Encryption Standard (AES) for WPA2 encryption. These certifications help to ensure interoperability between Wi-Fi-certified WLAN devices from different manufacturers.
Cisco Aironet Series Access Points operating with LWAPP support Cisco Unified Intrusion Detection System/Intrusion Prevention System (IDS/IPS), a software feature that is part of the Cisco Self-Defending Network and is the industry's first integrated wired and wireless security solution. Cisco Unified IDS/IPS (Figure 1) takes a comprehensive approach to security-at the wireless edge, wired edge, WAN edge, and through the data center. When an associated client sends malicious traffic through the Cisco Unified Wireless Network, a Cisco wired IDS device detects the attack and sends shun requests to Cisco wireless LAN controllers, which will then disassociate the client device.
Figure 1. Cisco Unified IDS/IPS Detects Malicious Attacks Allowing the WLAN Controller to Disassociate the Offending Client Device
Autonomous or unified Cisco Aironet Series access points support management frame protection for the authentication of 802.11 management frames by the wireless network infrastructure. This allows the network to detect spoofed frames from access points or malicious users impersonating infrastructure access points. If an access point detects a malicious attack, an incident will be generated by the access point and reports will be gathered on the Cisco wireless LAN controller, Cisco WCS, or CiscoWorks WLSE.
Management and Deployment Flexibility
The Cisco Aironet Series access points are key elements of the Cisco Unified Wireless Network, a comprehensive solution that delivers an integrated, end-to-end wired and wireless network. Using the radio and network management features of the Cisco Unified Wireless Network for simplified deployment, the access points extend the security, scalability, reliability, ease of deployment, and manageability available in wired networks to the wireless LAN. In addition to management flexibility the Cisco Aironet Series offers investment protection deployment flexibility with Hybrid REAP and Link Role Flexibility.
Hybrid REAP
Hybrid Remote Edge Access Point (Figure 2) functionality is supported on the Cisco Aironet 1240AG and 1130AG Series Access Points. It allows users to deploy access points in remote offices, and choose whether they would like to have traffic bridged locally, or tunneled over the WAN over LWAPP on a per SSID basis. If users choose to bridge traffic locally, then it is bridged onto separate VLANs that directly correlate to an SSID (i.e. there is a 1:1 mapping of SSIDs to VLANs when traffic is bridged locally).
Figure 2. Remote Edge Access Point (REAP) Capabilities Allow Users to Deploy Access Points in Remote Offices, and Choose Whether They Would Like to Have Traffic Bridged Locally, or Tunneled over the WAN over LWAPP on a Per-SSID Basis
Users receive their IP address locally within the branch, but authenticate at a central site when using 802.1x, 802.11i, MAC authentication, web authentication, or NAC is in use. If any type of pre-shared key is used (i.e. WEP, WPA-PSK), then there is no need for central authentication. After central authentication, the user traffic can still be bridged locally.
If a WAN link goes down, no new users using authentication can be added into the network, however users that have already authenticated remain connected. Users using pre-shared key remain connected and new pre-shared key users can still associate with the network since centralized authentication is not necessary. When the WAN link becomes active again, all users are disassociated and then authenticated to the network. This is used to ensure that the controller has accurate, up to date information about the users who are on the network.
Following are key elements of Hybrid REAP functionality:
• Supported only on Cisco Aironet 1240AG and 1130AG Series Access Points.
• 8 advertised WLANs/SSIDs that terminate on a Controller or bridged locally.
• Locally bridged WLAN/SSID can be mapped to a VLAN.
• There is support for NAC/Web Auth/802.1x/802.11i on a per WLAN/SSID basis. These protocols are handled centrally, and subsequently the traffic can be bridged locally or continue to be tunneled back to the controller.
• If an AP has never joined a Controller, it can be primed with an IP address, subnet mask, default gateway, and IP address of a Controller. After the AP has contacted the Controller the console is no longer available.
• Cisco recommends that only two Hybrid REAPs be used in any one location over a WAN connection. This configuration is recommended because of the WAN bandwidth required.
Link Role Flexibility
The autonomous versions of the Cisco Aironet 1300 Series, 1240AG Series, 1230AG Series, and the 1200 Series offer link role flexibility, which provides both access point and bridge functions through configuration of each radio as an access point, repeater, root bridge, non-root bridge, or workgroup bridge. This configuration flexibility enables the access points to address a wide range of applications, including basic wireless LAN coverage, wireless LAN coverage with wireless backhaul, and more traditional bridging applications (Table 3).
Table 3. Wireless LAN Link Role Flexibility Applications for Dual-Band Access Points
Note: Only one 802.11g radio and one 802.11a radio are supported.
Office Access Points
Cisco Aironet 1130AG Series IEEE 802.11a/b/g Access Point
Packages high-capacity, high-security, and enterprise-class features to deliver wireless LAN access for a low total cost of ownership. The device is available in either a lightweight version or an autonomous version that may be field-upgraded to lightweight operation. With support for both lightweight and autonomous operation, customers can enjoy the simplicity and efficiency of a common hardware platform even while having a hybrid lightweight and autonomous deployment. Designed for wireless LAN coverage in offices and similar RF environments, this unobtrusive access point features integrated antennas and dual IEEE 802.11a/g radios for robust and predictable coverage, delivering a combined capacity of 108 Mbps. The product comes complete with all necessary mounting hardware to provide for an installation that is both secure and consistent with contemporary office décor. The mounting bracket locks the access point as well as the Ethernet and console cables in place to prevent theft and tampering. The Cisco Aironet 1130AG Series is ready to install and easy to manage, reducing the cost of deployment and ongoing maintenance. For more information, visit http://www.cisco.com/en/US/prod/collateral/wireless/ps5678/ps6087/product_data_sheet0900aecd801b9058.html.
Cisco Aironet 1100 Series Access Point
Offers customers an affordable, easy-to-install, 802.11g single-band access point that features enterprise-class management, security, and scalability. The device is available in either a lightweight version or an autonomous version that may be field-upgraded to lightweight operation. For more information, visit http://www.cisco.com/en/US/prod/collateral/wireless/ps5678/ps4570/ps4612/product_data_sheet09186a00800f9ea7.html
Indoor Access Points for Challenging RF Environments
Cisco Aironet 1250 Series IEEE 802.11n draft 2.0 Access Point
The Cisco® Aironet® 1250 Series is the first enterprise-class access point to support the IEEE 802.11n draft 2.0 standard. 802.11n offers combined data rates of up to 600 Mbps to provide users with mobile access to high-bandwidth data, voice, and video applications regardless of their location. Through the use of multiple-input multiple-output (MIMO) technology, 802.11n also provides reliable and predictable WLAN coverage to improve the end-user experience for both existing 802.11a/b/g clients and new 802.11n clients. The robust Cisco Aironet® 1250 Series Access Point is a modular platform designed to be easily field-upgradeable to support a variety of wireless capabilities. This modularity allows businesses to deploy existing wireless technologies today with the confidence that their network investment will extend to support emerging and future wireless technologies.
Cisco Aironet 1240AG Series IEEE 802.11a/b/g Access Point
Delivers the versatility, high capacity, security, and enterprise-class features required in more challenging RF environments, such as warehouses, factories, and retailers. The device is available in either a lightweight or an autonomous version that may be field-upgraded to lightweight operation. With support for both lightweight and autonomous operation, customers can enjoy the simplicity and efficiency of having a common hardware platform even while having a hybrid lightweight and autonomous deployment. Designed for wireless LANs in rugged environments or installations that require specialized external antennas, the Cisco Aironet 1240AG Series features diversity antenna connectors for both 2.4 and 5 GHz bands to provide extended range, coverage versatility, and more flexible installation options. The Cisco Aironet 1240AG Series Access points combines this versatility with industry-leading transmit power, receive sensitivity, and delay spread for high-multipath environments, providing reliable performance and throughput under the most demanding conditions. A second-generation dual-band access point, the Cisco Aironet 1240AG Series supports IEEE 802.3af Power over Ethernet (PoE). The product comes complete with all necessary mounting hardware to provide for an installation that is both secure and rugged. The mounting bracket locks the access point as well as the Ethernet and console cables in place to prevent theft and tampering. For more information, visit http://www.cisco.com/en/US/prod/collateral/wireless/ps5678/ps6521/product_data_sheet0900aecd8031c844.html.
Cisco Aironet 1200 Series Access Point
Offers the same versatility, high capacity, security, and enterprise-class features demanded by industrial wireless LAN customers in a single-band 802.11g solution. The modular device provides the flexibility to field-upgrade to a dual-band 802.11a/g network by adding a CardBus-based 802.11a upgrade module that can be easily installed in Cisco Aironet 1200 Series access points that were originally configured for 802.11g. For more information, visit http://www.cisco.com/en/US/prod/collateral/wireless/ps5678/ps430/ps4076/product_data_sheet09186a00800937a6.html.
Cisco Aironet 1230AG Series Access Point
The Cisco Aironet 1230AG Series is a preconfigured dual-band version of the 1200 Series, providing support for 802.11a and 802.11g. This first-generation, dual-band device does not, however, provide the same performance and support for 802.3af PoE as does the 1240AG Series. For more information, visit http://www.cisco.com/en/US/prod/collateral/wireless/ps5678/ps6108/product_data_sheet0900aecd801b9068.html.
Outdoor Access Points and Bridges
Cisco Aironet 1300 Series IEEE 802.11g Wireless Outdoor Access Point and Bridge
Provides access point, wireless bridge, and workgroup bridge capabilities with enhanced WLAN security. For high-speed, cost-effective wireless connectivity between multiple fixed or mobile networks and clients, this ruggedized platform is ideal for public access for outdoor areas, network connections within a campus area, or outdoor infrastructures for mobile networks and users. Engineered specifically for harsh outdoor environments, the Cisco Aironet 1300 Series is ideal for WLANs requiring outdoor coverage. The Cisco Aironet 1300 Series is available in either a lightweight version or an autonomous version that may be field-upgraded to lightweight operation.
Note: The Cisco Aironet 1300 Series supports LWAPP when operating as an access point. When it operates in bridge mode, however, it does not support the LWAPP protocol.
For more information on the Cisco Aironet 1300 Series Access Points, visit http://www.cisco.com/en/US/prod/collateral/wireless/ps5679/ps5861/product_data_sheet09186a00802252e1.html.
Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access Point
The Cisco Aironet 1500 Series enables cost-effective, scalable deployment of secure outdoor wireless LANs. With dual-band, simultaneous support for IEEE 802.11a and 802.11b/g standards, the Cisco Aironet 1500 Series employs a patent-pending Adaptive Wireless Path Protocol to form a dynamic wireless mesh network between remote access points, and delivers secure wireless access to any Wi-Fi-compliant client.
For more information on Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access Points, visit http://www.cisco.com/en/US/products/ps6548/index.html.
Access Point Features and Benefits
Table 4 provides a summary of the Cisco Aironet access points that are best suited for different environments.
Table 4. Cisco Aironet Access Points for Different Environments
* For lightweight deployment only.
** For autonomous deployment only.
*** Particularly for deployments above suspended ceilings.
**** Can be deployed outdoors in a weatherproof NEMA-rated enclosure.
Table 5 summarizes the complete Cisco Aironet Family of access points.
Table 5. The Cisco Aironet Family of Access Points
