Part of the Cisco Prime™Infrastructure bundle, Cisco® Prime Network Control System (NCS) provides converged user, access, and identity management across wired and wireless networks to meet the challenges that Bring Your Own Device (BYOD) is placing on IT organizations. Designed with users and their mobile devices in mind, Cisco Prime NCS speeds network troubleshooting by giving IT complete visibility into connectivity, regardless of device, network or location. Deep integration with the Cisco Identity Services Engine (ISE) further extends this visibility across security and policy-related problems, presenting a complete view of client issues with a clear path to solving them. Cisco Prime NCS (Figure 1) delivers full lifecycle management of Cisco wireless LAN infrastructure, with additional focus on the deployment and management of branch networks.
Figure 1. Cisco Prime Network Control System
The platform significantly reduces operational costs by eliminating the need for competing overlay management solutions for wired, wireless, and branch networks, as well as security policy. Built on the foundation of Cisco Wireless Control System (WCS), Cisco Prime NCS:
• Helps resolve access problems across wired and wireless networks to get users back online faster
• Allows full wireless lifecycle management, enabling IT staff to design and maintain optimal RF environments
• Offers an intuitive user experience to eliminate complexity, improve IT productivity, and minimize staffing requirements
• Provides a scalable platform for small, mid-sized, and large-scale wired and wireless networks, across both campus and distributed branch environments
• Delivers physical or virtual appliance deployment for flexibility without sacrificing functionality
Cisco Prime NCS scales to manage thousands of routers and switches, hundreds of Cisco wireless controllers, which in turn can manage up to 15,000 Cisco Aironet®access points, including the next-generation, 802.11 Cisco Aironet 3600, 3500, 1040, 1260, 1250, and 1140 Series and OfficeExtend 600 Series. Cisco Prime NCS supports the Cisco Integrated Services Routers (ISRs), the Cisco Aggregation Services Router (ASR) 1000 Series, and Cisco Catalyst switches.
Cisco Prime NCS offers both physical appliance and virtual appliance deployment options, providing full product functionality, scalability, ease of installation, and setup tailored to your deployment preference.
WLAN Services Management
The platform provides complete WLAN services management, supporting:
• Cisco CleanAir™technology, a systemwide capability of the Cisco Unified Wireless Network providing proactive, high-speed spectrum intelligence to combat performance problems due to RF interference
• Cisco ISE integration, which allows for visibility into user and endpoint attributes, their posture, and profiling information for both wired and wireless clients
These advanced mobility services provide additional information to the popular Client Troubleshooting tool, allowing quick problem resolution across any access medium.
Comprehensive Wireless LAN Lifecycle Management
Cisco Prime NCS cost-effectively supports all phases of the wireless LAN lifecycle from planning and deployment, to monitoring, troubleshooting, and customized reporting. Cisco Prime NCS allows wireless LAN operations to be more efficient and effective for all lifecycle phases (Figure 2).
Figure 2. Comprehensive Wireless LAN Lifecycle Management
Designing a wireless LAN that effectively supports business-critical data, voice, and video services is simplified with the Cisco Prime NCS suite of built-in planning and design tools (Figure 3).
Figure 3. Simplified Wireless LAN Planning and Design
The planning and design tools in Cisco Prime NCS simplify the process of defining access point placement and determining access point coverage areas for standard and irregularly shaped buildings. These tools give IT administrators clear visibility into the RF environment to anticipate future coverage needs, assess wireless LAN events, and mitigate or eliminate improper RF designs and coverage problems.
Specialized Cisco Prime NCS planning tools facilitate immediate assessment of the WLAN's readiness to provide voice-over-WLAN services supporting single and dual-mode Wi-Fi-enabled phones, and context-aware (location) services that use Cisco's patent-pending "RF fingerprinting" technology to locate, track, and manage Wi-Fi-enabled devices and their contextual information in conjunction with Cisco MSE.
Getting the wireless LAN up and running quickly and cost-effectively to meet end-user needs is streamlined with the broad array of Cisco Prime NCS integrated configuration templates. Flexible, easy-to-use templates and deployment tools - such as the Controller Auto-Provisioning feature for zero-touch deployment of Cisco Wireless LAN Controllers - help IT managers provision and configure the wireless LAN to expressly deliver the services that their business requires (Figure 4). These templates and tools make it simple to apply common and best-practices configurations across multiple wireless LAN controllers regardless of their location, streamlining even the most complex controller configurations, updates, and scheduling. Provisioning access points is just as simple with easy-to-use templates for customized configuration of multiple access points.
Figure 4. Flexible Deployment Tools and Configuration Templates
Monitoring and Troubleshooting
Cisco Prime NCS is the ideal management platform for monitoring and troubleshooting the wired and wireless LAN to maintain robust performance and deliver an optimal access experience to fixed and mobile endpoints. The centralized interface of Cisco Prime NCS makes it easy to access information where it's needed, when it's needed, on-demand or as scheduled.
The easy-to-use graphical display serves as a starting point for maintenance, security, troubleshooting, and future capacity planning activities. Quick access to actionable data about healthy and unhealthy devices is available from a variety of entry points, making Cisco Prime NCS vital to ongoing network operations.
The ever-present alarm summary panel and alarm browser in Cisco Prime NCS simplify access to critical information, faults, and alarms based on their severity (Figure 5). The alarm summary panel facilitates faster assessment of outstanding notifications and supports quicker resolution of trouble tickets. Detecting, locating, and containing unauthorized (rogue) devices are fully supported when location services are enabled.
Figure 5. Ever-Present Alarm Summary and Alarm Browser Interaction
The integrated workflows and extensive array of troubleshooting tools in Cisco Prime NCS help IT administrators quickly identify, isolate, and resolve problems across all components of the Cisco access network. Cisco NCS supports rapid troubleshooting of LANs and WLANs of any size with minimal IT staffing. A set of tools works together to help IT administrators understand the operational nuances occurring on the LAN and WLAN and discover nonoptimal events occurring outside baseline parameters (for example, client connection or roaming problems):
• The ever-present search tool facilitates cross-network access to immediate and historic information about devices and assets located anywhere in the access network, including endpoint and session attributes, association history, endpoint location, RF performance, statistics, radio resource management (RRM), and air quality.
• Integrated workflows support seamless linkage between all tools, alarms, alerts, searches, and reports for all infrastructure components and client devices.
• A built-in Client Troubleshooting tool provides a step-by-step method to analyze problems for all wired and wireless client devices. This robust Client Troubleshooting tool helps reduce operating costs by speeding the resolution of trouble tickets for a variety of Wi-Fi client device types. The tool can also assist with client trending analysis (Figure 6).
• When Cisco Compatible Extensions clients, Cisco ISE, and Cisco CleanAir technology are used, specialized diagnostic tools are available to support enhanced analysis of connection problems.
Figure 6. Built-in Client Troubleshooting Tool to Support Step-by-Step Problem Analysis
Cisco Prime NCS makes it easy to quickly assess service disruptions, receive notices about performance degradation, research resolutions, and take action to remedy nonoptimal situations.
• Cisco CleanAir technology supports finding, classifying, correlating, and mitigating interference from Wi-Fi and non-Wi-Fi sources such as rogue access points, microwave ovens, Bluetooth devices, and cordless phones. Cisco CleanAir technology improves air quality and creates a self-healing and self-optimizing wireless network that mitigates the impact of wireless interference sources.
• Built-in tools such as the Client Troubleshooting tool support help desk staff and level-two administrators resolve client access issues by providing guidance on where the actual problem may be.
• The security dashboard allows for a network-level assessment and provides a security index with suggestions on how to improve security across your deployment.
• The voice-service audit tool not only provides a way to audit the current network configuration for voice over wireless LAN (VoWLAN) deployments, but also provides a way to rectify the current configuration based on Cisco best practices for VoWLAN deployment.
Cisco Prime NCS includes customizable reporting that assists IT teams to effectively manage, maintain, and evolve the wireless LAN to meet ongoing business and operations requirements. In addition to tools such as configuration compliance monitoring with comprehensive auditing functionality, flexible reports provide access to the right data, at the right time, in a format to meet any requirement (Figure 7).
Figure 7. Customizable Reports to Meet Any Requirement
An extensive variety of reports is available to help IT managers stay on top of network trends, maintain network control, perform audit operations, and quickly address changing business and end-user requirements. Reports are customizable based on user-defined parameters. Detailed trend analysis of the network environment, as well as capacity planning, provides a cohesive understanding how the LAN or the WLAN has changed over time in order to project and plan for future growth and enhancements.
New Features in Cisco Prime Network Control System 1.1
Table 1 lists the new features in Cisco Prime Network Control System 1.1.
Table 1. New Features in Cisco Prime Network Control System 1.1
IPv6 client management
Supports IPv6 (wired and wireless client) address visibility on a per-client basis and systemwide IP version distribution and trending. Equips administrators for IPv6 troubleshooting, address planning, and client traceability from a unified wired and wireless management system.
Rogue rules customization
Supports customized rogue rules on the controller based on parameters such as service set identifiers (SSIDs), received signal strength indication (RSSI), and other parameters for better filtering of false positives.
Rogue AP alarm severity customization
Supports customized rogue access point alarm severity. You can tie alarms to email notifications in NCS, and choose to be alerted for malicious rogues only or for any rogue.
Multilevel filters in client reports
Supports more than one filter in reports - floor plus SSID, for example - to focus on clients of interest.
Advance filters for client list page
Supports advanced filters in client list page to focus on clients of interest, just as on the alarms page.
Graphical display of historical client
Provides graphical displays on access point detail pages to show client count trends.
Batch reports and templates
Supports creation of report templates at the root domain so a report can be populated to all member domains.
Branch and WAN management
Supports configuration, monitoring, and reporting for large-scale branch networks consisting of Cisco Integrated Services Routers and Aggregation Services Routers. Note: This functionality requires installation of a separate virtual appliance.
Supports the definition of standardized device configuration elements using the included feature templates or user-definable command-line interface (CLI)-based templates. Feature templates provided for Ethernet interfaces, access control lists (ACLs), routing protocols (static, Routing Information Protocol [RIP], Enhanced Interior Gateway Protocol (EIGRP), Group Encrypted Transport VPN [GET VPN], and Dynamic Multipoint VPN [DMVPN]). Novel composite template feature allows defining an overall device configuration by grouping individual feature-level templates. Ability to deploy templates to one or more devices in a single operation.
Device 360 View
An innovative feature that provides a summarized view of all key aspects of a selected device. Presented information includes device inventory details, reachability status, CPU and memory utilization, alarms, interfaces, modules, and neighbors.
Summary of Cisco Prime NCS Features and Benefits
Table 2 provides a summary of the features and benefits of Cisco Prime NCS 1.1.
Table 2. Summary of Cisco Prime NCS 1.1 Features and Benefits
Ease of use
• Simple, intuitive user interface reduces complexity. Designed with focus on workflow optimization.
• Modularized interface supports user-defined customization to display only the most relevant information.
• Flexible platform accommodates novice and experienced IT administrators.
• Complete lifecycle management of hundreds of Cisco wireless LAN controllers and 15,000 Cisco Aironet lightweight access points from a centralized location. Additionally, manage up to 5000 Cisco Aironet autonomous access points.
• Manage up to 5000 routers and switches for configuration management, monitoring and troubleshooting functions.
• Scalable mobility delivered through integration with Cisco MSE. Scalable identity service management delivered through integration with the Cisco ISE.
• Physical appliance or virtual appliance deployment options for ease of installation and setup.
• Comprehensive configuration, monitoring, and troubleshooting support for Cisco Catalyst switches allows for visibility into critical performance metrics for interfaces, ports, endpoints, and users, as well as basic switch inventory.
WLAN lifecycle management
• Comprehensive wireless LAN lifecycle management includes a full range of planning, deployment, monitoring, and troubleshooting, remediation, and optimization capabilities.
WLAN and RF planning
• Built-in planning and design tools simplify defining access point placement and coverage.
• Information from third-party site-survey tools can be easily imported and integrated into Cisco Prime NCS to aid in WLAN design and deployment.
• Specialized tools facilitate immediate assessment of the WLAN's readiness to support voice over WLAN (VoWLAN) and context-aware (location) services.
• Support for on-demand coverage reassessments helps mitigate the effects of (and in many cases eliminate) improper RF designs and coverage problems.
• A broad array of integrated controller, access point, and CLI configuration templates deliver quick and cost-effective deployments.
• Network auditing is supported for effective configuration compliance and management.
• Built-in, software-based, high availability maximizes uptime for services delivery and improves operational efficiency.
• Secure wired and wireless guest access gives controlled wireless access to customers, vendors, visitors, and partners, while keeping the network secure.
• Tools and processes support monitoring, upgrading, and migrating selected Cisco Aironet autonomous access points to operate as lightweight access points and run control and provisioning of wireless access points (CAPWAP).
• Role-based access control provides flexibility to segment the wireless network into one or more virtual domains controlled by a single Cisco Prime NCS platform.
• Power savings are delivered through Cisco EnergyWise™ technology with adaptive WLAN power management.
• Cisco Prime NCS maps, hierarchies, and network designs can be easily exported and imported between one or more Cisco Prime NCS servers.
• Virtual domains help deploy both large, multisite networks and managed services.
Monitoring and troubleshooting
• Centralized monitoring of the entire LAN and WLAN helps maintain robust performance and an optimal access connectivity experience. Unified switch inventory, dashboard components, reports, and monitoring views help you quickly monitor the access network from a single pane.
• Cisco CleanAir technology provides detailed information about RF interference events, air quality, and interference security threats to help more efficiently assess, prioritize, and manage RF interference issues. Easy-to-use graphical displays serve as a starting point for maintenance, security, troubleshooting, and future capacity planning.
• Graphs, charts, and tables are interactive for quick configuration and reconfiguration.
• Hierarchical mapping trees, color-coding, and icons support quick visualization and status assessments of the network, devices, and air quality.
• Ever-present alarm summary and alarm browser provide robust fault, event, and alarm management.
• Google Earth integration helps visualize and manage outdoor wireless mesh deployments.
• Cisco Spectrum Expert® can be utilized for Cisco Aironet access points that are enabled with Cisco CleanAir technology and configured for Cisco Spectrum Expert.
• You can troubleshoot large-scale LAN and WLAN networks with minimal IT staffing.
• The Client Troubleshooting tool supports a step-by-step analysis of problems and misconfigurations for all client devices across all connection media, with support to troubleshoot issues such as 802.1X (for wired and wireless networks), and identify RF interferers that are affecting client devices.
• The ever-present search tool facilitates cross-network access to immediate and historic information.
• Integration with Cisco ISE and Cisco Secure Access Control Server (ACS) View provides a simple way to collect and analyze additional data relevant to endpoints.
• Specialized diagnostic tools support enhanced analysis of connection problems occurring with Cisco Compatible Extensions clients Version 5 or later.
• Radio resource management (RRM) tools provide visibility into performance, RF statistics, and air quality.
• Integrated workflows and tools help IT administrators quickly assess service disruptions, receive notices about performance degradation, research resolutions, and take action to remedy nonoptimal situations. The Client Troubleshooting tool provides guidance on where the access problem may be.
• Alerts, summaries, and reports about air quality and interferers are included with Cisco CleanAir technology to help diagnose the RF environment and mitigate interference from Wi-Fi and non-Wi-Fi sources.
• The security dashboard and the security index provide a quick assessment of network security, and ways to improve it.
• Voice tools support customizable queries to address VoWLAN problems.
• Extensive on-demand and automated reports can be run on immediate and historic data on network activity, performance, usage, devices, inventory, compliance, security, and air quality.
• Payment Card Industry (PCI) report analyzes WLAN for potential noncompliant events.
• Alarms and events can be forwarded to third-party, northbound receivers and fault, configuration, accounting, performance, and security (FCAPS) applications that understand traps such as HP OpenView or IBM Tivoli Netcool.
• You can customize report data, report timeframe, and report format.
• Display options for charts, graphs, and tables provide enhanced flexibility.
• Output reports in comma-separated value (CSV) or PDF format can be saved as files or as emails.
• Capacity planning is supported by developing trends from multiple reports for analysis.
Centralized security and network protection
Cisco's unified wireless security solution integrates security alerts, alarms, adaptive wireless intrusion prevention system, and Cisco CleanAir technology into a single unified platform, from a centralized view, making it unprecedented in the industry.
• Cisco CleanAir technology provides critical information about RF interferers that are potential security threats.
• Robust adaptive wIPS supports quick detection, location, and containment of unauthorized (rogue) devices,
• Customized signature files protect against unauthorized intrusion and RF attacks.
• Automated alarms enable rapid responses to mitigate risks.
• Robust service policy engine supports multiple unique service set identifiers (SSIDs) with customizable security and enforcement parameters.
• Management frame protection (MFP) monitors the authentication of 802.11 management frames.
• Access point wired port authentication with 802.1X validates all access point credentials.
• Network security can be enhanced and power costs can be reduced by turning access points on or off at scheduled intervals.
• Unified wired and wireless security is delivered though integration with Cisco Self-Defending Network and Cisco Network Admission Control (NAC).
Cisco NCS Serviceability Program
• The Cisco NCS Serviceability Program gives organizations the opportunity to provide anonymous usage statistics and wireless operational information to Cisco.
• This voluntary "opt-in" program gathers anonymous statistics from Cisco NCS and the network. No confidential data is collected.
• Cisco Prime NCS supports the "opt-in" collection of diagnostic data about Cisco wireless LAN controllers and Cisco Aironet access points to assist with wireless LAN Cisco Technical Assistance Center (TAC) cases. This feature helps organizations experience faster resolution of wireless LAN Cisco TAC cases.
Table 3 list product specifications for Cisco Prime NCS 1.1.
Table 3. Product Specifications for Cisco Prime NCS 1.1
VMware ESX and ESXi versions (virtual appliance on a customer-supplied server)
VMware ESX or VMware ESXi Version 5.0
Minimum server requirements for deploying NCS Virtual Appliances
Cisco Prime NCS Large Virtual Appliance:
• Up to 15,000 lightweight access points, 5000 autonomous access points, 1200 wireless LAN controllers, and 5000 switches or up to 5000 routers
• Minimum RAM: 16 GB
• Minimum hard disk space allocation: 400 GB
• Processors: 8 cores, at 2.93 GHz or better
Cisco Prime NCS Medium Virtual Appliance:
• Up to 7500 lightweight access points, 2500 autonomous access points, 600 wireless LAN controllers, and 2500 switches or up to 2500 routers
• Minimum RAM: 12 GB
• Minimum hard disk space allocation: 300 GB
• Processors: 4 cores, at 2.93 GHz or better
Cisco Prime NCS Small Virtual Appliance:
• Up to 3000 lightweight access points, 1000 autonomous access points, 240 wireless LAN controllers and switches or up to 1000 routers
• Minimum RAM: 8 GB
• Minimum hard disk space allocation: 200 GB
• Processors: 2 cores, at 2.93 GHz or better
Note: Deploying Cisco Prime NCS Virtual Appliance on CiscoWorks Wireless LAN Solution Engine (WLSE) models 1130-19 or 1133 is not supported.
Minimum client requirements
Client hardware: 1-GB RAM, 2-GHz or better processor
Browser: Internet Explorer 8.0 or later or Mozilla Firefox 3.6 or later
Management and security
Simple Network Management Protocol (SNMP) v1, v2c, v3 and Cisco TACACS+, PNG, JPEG, and AutoCAD (DXF and DWG) import file types supported
• Cisco 2100, 2500, 4400, 5500 and Flex 7500 Series Wireless LAN Controllers
• Cisco Catalyst 6500 Series Wireless Services Modules (WiSM/WiSM2) and Cisco Wireless LAN Controller Module on Cisco Services-Ready Engine 2 (SRE 2)
• Cisco Catalyst 3750G Integrated Wireless LAN Controller. Cisco Wireless LAN Controller Module (WLCM and WLCM-E) for Integrated Services Routers
• Cisco Aironet access points with CleanAir technology, Cisco Aironet lightweight access points, Cisco Aironet lightweight outdoor mesh access points, Cisco OfficeExtend 600 Series Access Point, Cisco Aironet 1240AG and 1130AG Series Access Points, Cisco 3300 Series Mobility Services Engine (MSE), Cisco Wireless Location Appliance, Cisco Spectrum Expert Wi-Fi, Cisco Context-Aware Software, and Cisco Adaptive wIPS Software
• Monitoring and migration of selected Cisco Aironet autonomous access points. Monitoring of the autonomous access points of Cisco 800, 1800, 2800, and 3800 Series Integrated Services Routers
• Cisco 1800 and 1900 Series Integrated Services Routers
• Cisco 2800 and 2900 Series Integrated Services Routers
• Cisco 3800 and 3900 Series Integrated Services Routers
• Cisco 1000 Series Aggregation Services Routers
• Cisco Catalyst 2900, 3000, 3500, 3700, 4500, and 6500 Series Switches
Evaluation, Ordering, and Licensing Information
Cisco Prime NCS 1.1 is available exclusively as part of the Cisco Prime Infrastructure 1.1 bundle. Upgrade options are available for existing Cisco Prime NCS and Cisco Wireless Control System customers. For information on Cisco Prime Infrastructure 1.1 licensing, evaluation, upgrade, and ordering, refer to the Cisco Prime Infrastructure 1.1 Ordering and Licensing Guide.
Cisco Wireless LAN Services
Cost-effectively deploy secure mobile access to business-critical applications and interactive multimedia collaboration tools while improving operational efficiency with smart, personalized services from Cisco and our partners.
Based on leading practices, these services help accelerate your transition to an advanced mobility architecture that optimizes performance, reliability, and security, so that you can maintain business innovation while controlling costs.
Our services help you successfully deploy Cisco Prime NCS and integrate mobility solutions effectively to lower the total cost of ownership and secure your wireless network. To learn more about Cisco Wireless LAN Service offers, visit: http://www.cisco.com/go/wirelesslanservices.
Technical Service Options
Cisco Prime Infrastructure software products come with the Cisco 90-day software warranty. Purchasing a Cisco Software Application Support plus Upgrades (SASU) service provides benefits not available with the warranty, including access to maintenance releases, minor and major upgrades, online resources, and Technical Assistance Center support services.
The Cisco Prime physical appliance option comes with a Cisco 90-day hardware warranty. Adding a contract for a technical service offering, such as Cisco SMARTnet® Service, to your device coverage provides access to the Cisco Technical Assistance Center (TAC) and can provide a variety of hardware replacement options to meet critical business needs, updates for licensed operating system software, and registered access to the extensive Cisco.com knowledge base and support tools.