Cisco Wireless Control System (WCS) [Cisco Wireless Control System]

Figure 1. Cisco Wireless Control System (WCS)

Product Overview

Cisco Wireless Control System (WCS)

Cisco® Wireless Control System (WCS) is the industry's leading platform for wireless LAN planning, configuration, management, and mobility services. It provides a powerful foundation that allows IT managers to design, control, and monitor enterprise wireless networks from a centralized location, simplifying operations and reducing total cost of ownership. Cisco WCS is a component of the Cisco Unified Wireless Network and supports the Cisco Motion vision.

With Cisco WCS, network administrators have a single solution for RF prediction, policy provisioning, network optimization, troubleshooting, device tracking, security monitoring, and wireless LAN systems management. Robust graphical interfaces make wireless LAN deployment and operations simple and cost-effective. Detailed trending and analysis reports make Cisco WCS vital to ongoing network operations.

Cisco WCS runs on a server platform with an embedded database. This provides the scalability necessary to manage hundreds of Cisco wireless LAN controllers, which in turn can manage thousands of Cisco Aironet® lightweight access points. Cisco wireless LAN controllers can be located on the same LAN as Cisco WCS, on separate routed subnets, or across a wide-area connection. All Cisco wireless LAN controller models can be managed by Cisco WCS including enterprise-class stand-alone wireless LAN controllers such as the 4400 and 2100 Series as well as the Cisco Catalyst 6500 Series Wireless Services Module (WiSM), the Cisco Catalyst 3750G Integrated Wireless LAN Controller, and the Cisco Wireless LAN Controller Module (WLCM and WLCM-E) for Integrated Services Routers.

Cisco WCS also manages the Cisco 3300 Series Mobility Services Engine (MSE). Cisco MSE is an appliance-based platform that enables industry mobility solutions using a centralized, services engine with an open API for scalable mobility applications development. Cisco MSE serves as a single point of integration for a variety of value-added mobility services including Cisco Context-Aware Mobility Solution, Cisco Adaptive Wireless Intrusion Prevention System (IPS) and Cisco Mobile Intelligent Roaming Solution.

Multiple, geographically dispersed Cisco WCS management platforms can be cost-effectively and easily managed by the Cisco WCS Navigator. Cisco WCS Navigator supports up to 20 Cisco WCS management platforms with manageability of up to 30,000 Cisco Aironet lightweight access points from a single management console. Together, Cisco WCS and Cisco WCS Navigator are the ideal wireless LAN management solution for even the largest enterprise environments and outdoor deployments (Figure 2).

Figure 2. Enterprise Wide RF Intelligence

Cisco WCS enables the following functions across an entire wireless network:

General Management

Cisco WCS makes wireless LAN configuration, monitoring, and management as simple and as effective as wired systems management. This includes the following core capabilities:

• Configuration templates: With Cisco WCS, administrators can assign a template to one or all of the wireless LAN controllers or access points in a mobility group. They can then select the mobility group name and apply the template across the entire mobility group domain. A variety of wireless LAN controller templates are available to manage system, WLAN, security, access control, 802.11 a/b/g/n, mesh, rogue devices, TFTP servers, and management configurations (Figure 3 and Figure 4).

• Bulk provisioning of Cisco wireless LAN controllers: All Cisco wireless LAN controllers can be provisioned in bulk by importing a CSV file into Cisco WCS.

• Software management: With Cisco WCS, upgrades to Cisco wireless LAN controllers and access points can be performed from a centralized location, with a single click of a mouse.

• User group-based privilege management: Network administrators can create Cisco WCS user groups and assign management task level privileges to each individual user group.

• Network auditing: Network administrators can audit wireless LAN controller and access point configurations by network location, mobility group, or device. Discrepancies between the configuration stored in Cisco WCS and the current configuration of the access point or controller can be displayed. Network administrators can remediate configuration discrepancies by retaining either the Cisco WCS configuration or the configuration stored on the device. Using network auditing in conjunction with Cisco WCS configuration templates delivers powerful real-time configuration management of connected controllers and access points.

• RADIUS and TACACS+ support for secure access: Cisco WCS supports Simple Network Management Protocol (SNMP) version 3 and Terminal Access Controller Access Control System (TACACS+) for the highest level of network management capabilities and security. SNMP version 3 can be used for communication between a Cisco WCS server and individual wireless LAN controllers. Cisco WCS also supports SNMP version 1 and version 2, which allows other network management platforms to query it. TACACS+ is a Cisco protocol that supports authentication, authorization, and accounting (AAA) servers. Cisco WCS uses TACACS+ to authenticate and authorize access to specific Cisco WCS features.

• HTTP and HTTPS interface: Network administrators can access Cisco WCS via any standard browser running HTTP or Secure HTTP (HTTPS), which helps ensure anytime, anywhere access to Cisco's management capabilities.

Figure 3. Cisco WCS Configuration Templates

Figure 4. Cisco WCS Configuration Group Templates

Virtual Domains

Organizations can segment Cisco WCS using virtual domains (partitioning). Cisco WCS virtual domains enhance network access control by allowing organizations to limit an individual IT administrator's access to only those wireless network segments that are under each IT administrator's individual responsibility. Cisco WCS virtual domains allows organizations to maintain super-user and root administrator control of the wireless LAN. Managed service providers can use this feature to easily manage multiple customer WLANs from a single, centralized, easy-to-use Cisco WCS platform (Figure 5).

Figure 5. Cisco WCS Virtual Domains Grouped by Hierarchical Domains

Cisco WCS virtual domains provide organizations with the flexibility to:

• Define the areas of the wireless network that individual IT administrators (users) can manage.

• Customize virtual domain names by geographical regions, customer names, building, campus, or other customized parameters to meet each organization's individual needs.

• Create up to 128 distinct hierarchical virtual domains.

• Maintain tight control of the wireless network infrastructure that is managed by each IT administrator.

Learn more about Cisco WCS virtual domains by reading the brochure: Cisco Wireless Control System Virtual Domains-Enhance Access Control and Simplify WLAN Management.

Network Monitoring

Cisco WCS provides tools that enable IT managers to visualize the layout of their wireless network and monitor ongoing WLAN performance. This includes detailed heat maps that show RF coverage on top of imported floorplans. Cisco WCS also provides a portal into the real-time RF management capabilities provided by Cisco wireless LAN controllers, including channel assignments and access point transmit power settings. In addition, Cisco WCS provides quick visibility into coverage holes, alarms, and key utilization statistics for easy WLAN monitoring (Figure 6).

Figure 6. Visualize RF Coverage

Network Troubleshooting

Cisco WCS facilitates network troubleshooting based on network reports and quick searches for areas such as noise levels, signal-noise ratio, interference, signal strength, clients, controllers, access points, security and performance. This allows network administrators to isolate and resolve problems at all layers of a wireless network. A client troubleshooting tool, client debugging logs, and integration with Cisco Spectrum Expert are also available for troubleshooting of client devices and non Wi-Fi interference.

• Client Troubleshooting Tool: A built-in client troubleshooting tool allows network administrators to quickly and easily troubleshoot problems with a client. Detailed client information is displayed on a troubleshooting dashboard to aide network managers in quickly troubleshooting client problems. This tool includes a summary page with a list of the defined problem and suggested troubleshooting actions as well as a log analysis to capture log messages from the controller and a detailed event history. This tool helps network managers debug Layer 1 to Layer 3 client problems using a step-by-step method (Figure 7).

Figure 7. Client Troubleshooting Tool

• Client debugging logs and statistical reports: Cisco WCS can collect, save, export and open debug logs for Cisco Aironet and Cisco Compatible Extensions version 5 client devices. These logs can facilitate the generation of client troubleshooting tickets. Real-time and historical statistical reports and a consolidated summary of the troubleshooting tests that were used on the diagnostic channel of these devices can be generated.

• Integration with Cisco Secure Access Control Server (ACS) View Server 4.0: The Cisco WCS client troubleshooting tool integrates with Cisco Secure ACS View Server 4.0 to provide aggregated client status information from multiple Cisco ACS Servers. This supports easy troubleshooting of client problems associated with client authentication failures.

• Radio Resource Management (RRM): Troubleshooting and maintenance of the WLAN network is simplified with the RRM tool. This tool provided visibility into wireless network performance and radio frequency statistics. The RRM dashboard is easy to read and enhances awareness of critical events, coverage, or lack of coverage, and configuration anomalies (Figure 8).

Figure 8. RRM Tool Dashboard

• Integration with Cisco Spectrum Expert: Cisco WCS supports integration with Cisco Spectrum Expert. This integration allows customers to use the Cisco Spectrum Expert tool to investigate non-Wi-Fi interference sources within the vicinity of the Cisco lightweight access points that are affected by interference. When the source of the interference is determined, customers can remove, move, shield, adjust, or replace the device that is generating the interference. This tool can be used to assist with network troubleshooting (Figure 9).

Cisco WCS can be configured to receive non-Wi-Fi interference device traps from Cisco Spectrum Expert when a new device that is causing interference is discovered by Cisco Spectrum Expert. Cisco WCS can be configured to support the following actions:

– Enable the reception of a trap from Spectrum Expert (Cardbus). The authentication mechanism is set up by adding the laptop IP address as a valid trap transmitter to Cisco WCS.

– Issue an interference alarm.

– Configure the severity of the alarm, with a default value of minor.

– Associate the alarm with a specific access point.

Users can set trap filters and threshold values within Cisco Spectrum Expert so that traps are generated only for significant interference events.

Learn more about the Cisco Spectrum Expert by visiting http://www.cisco.com/en/US/products/ps9393/index.html.

Learn more about spectrum intelligence by reading the brochure Cisco Spectrum Intelligence Solution Simplifies Detection, Classification, Location, and Troubleshooting of RF Interference.

Figure 9. Cisco WCS integration with Cisco Spectrum Expert

Reports

Reports that improve data management, simplify operations, and enhance network control can be generated by Cisco WCS on demand or for scheduled time increments. Cisco WCS general report features include:

• Exporting of reports into comma separated values (CSV) or PDF format.

• Automating and scheduling of exported reports.

• Sending e-mail notifications upon report generation.

• Specifying target or logical entity groups when generating a report.

• Configuring and customizing reports by frequency and polling to reduce the costs of unnecessary network polling and database storage

• Configuring data storage and saving parameters. Hourly aggregated data can be stored for up to 31 days. Daily aggregated data can be stored for up to 90 days. Weekly aggregated data can be stored for up to 54 weeks.

A summary of Cisco WCS reports can be found in Table 1. Sample reports are displayed in Figures 10, 11 and 12.

Table 1. Cisco WCS Report Summary

Cisco WCS Report	Description
Inventory	Inventory reports for wireless equipment deployed within the network (access points, controllers, and location appliances) can be generated for each hardware category or as a combined report for all categories. Reports can include the hardware type, software revision, and location by building or floor.
Performance	Memory and CPU usage can be tracked and reported at configurable intervals. Coverage hole alarms can be generated to provide a better view of the coverage hole problems experienced by client devices. Metrics for voice traffic streams are available to support Cisco Compatible Extensions clients running Version 4 and later.
Security	Security information can be downloaded as a report and the number of rogue devices detected by each access point per month can be automatically listed on the summary report. Intrusion detection system (IDS) reports display rogue devices and ad hoc events as a list or graph.
Detailed Client Report	Reports on the roaming history of all clients, the busiest clients and a list of unique clients that accessed the WLAN in a specific area for a specified duration of time can be generated. Trends in client counts can be displayed in a graph. A variety of client statistics can be displayed including MAC address, associated access point, transmit/receive throughout, RSSI, Cisco Compatible Extensions, and signal-to-noise ratio. Reports can be generated based on a variety of criteria including floor area, controllers, access point, and Service Set Identifiers (SSIDs). The display of this report can be customized.
Access Points	Traffic stream metrics for access points can be generated as a report or a graph. Access points can be reported by their location or SSID and the status of each access point by its profile listing can be reported. A listing of the busiest access points is available in a table format.
Mesh	A report on the number of alternate parents available to a mesh access point in case the parent is lost can be generated. Other mesh reports that can be generated for events overt time include: child and parent link statistics, node hop counts, packet error rate on the backhaul link, the number of transmitted neighbor packets, worst node hops, packet queue statistics, and worst SNR links.
Payment Card Industry (PCI) Assistance Report	An analysis of Cisco Unified Wireless Network security event data, such as rogue and attack events from Wireless IDS, as well as network-wide configurations and audit trails provide assistance in creating a PCI Assessment Report. Potentially non-compliant events and network configurations are summarized in this report.

Figure 10. Access Point Report and Inventory Report

Figure 11. Controller Utilization Performance Report and Busiest Client Report

Figure 12. PCI Compliance Assistance Report

Simplified Ease-of-Use

Cisco WCS is very easy to use and requires minimal training. This robust platform supports a variety of intuitive screens that streamline configurations and simplify daily operations and management of the WLAN including:

• A quick search box that enables searches across the entire WLAN for access points, controllers, or client devices by their MAC address, IP address, or name. This reduces the time required to identify and isolate devices with incorrect operations or security settings (Figure 13).

• Advanced searches with an option for saving

• Access control list (ACL) provisioning supports creating reusable grouped IP addresses and reusable protocols

• An extensive selection of access point and controller templates with specialized tab areas that simplify the selection and design of configuration parameters. These templates can be scheduled to be applied at a future day or time to support automated controller provisioning and software management at anytime, without manual intervention.

• Reuse and apply controller templates to one or all wireless LAN controllers.

• Configuration auditing supports auditing of the configuration of each wireless LAN controller to confirm that it's running configuration is identical to the configuration listed in Cisco WCS database.

• List page record sizes are configurable to up to 500 records per page

• Customizable dashboard with interactive real-time charts and tables to meet each organization's individual networking requirements

• Alarm configuration by severity level

• Scheduled shut off of WLAN and access point radios supports deactivation of the unified wireless LAN as needed to meet security requirements during business or non-business hours.

• Auto-provisioning of wireless LAN controllers supports remote configuration of controllers at branch offices or remote locations.

• Distinctive floor map icons indicate the device type including: authorized and unauthorized client devices, authorized and rogue access points, Wi-Fi tags, and chokepoints when the Cisco Wireless Location Appliance is deployed with Cisco WCS. The rogue access point icon also changes color to differentiate between a variety of states, including alert, pending, contained, threat, contained pending, trusted missing, on network, and off network.

• One-click software upgrade simplifies the process for upgrading Cisco WCS to run the latest software release.

Figure 13. Cisco WCS Quick Search and New Search

Cisco Context-Aware Mobility Solution

Cisco provides a variety of options for efficiently tracking wireless devices and managing contextual information from Wi-Fi enabled laptops, PDAs, voice handsets, telemetry-enabled devices and mobile assets equipped with 802.11 transceivers. Cisco WCS can determine which access point a wireless device is associated with, giving IT managers a general proximity of where wireless devices are situated. Wi-Fi devices and tags can also be divided into groups for simplified tracking and device control.

Environments that require more granular device location capabilities can implement Cisco Context-Aware Software in conjunction with Cisco MSE. This solution uses Cisco's patent pending "RF fingerprinting" technology. This technology compares real-time client RSSI information to known RF building characteristics, making Cisco the first WLAN infrastructure with the ability to accurately locate a wireless device, including rogue devices, to within a few meters (Figure 14).

Cisco WCS with location services supports "on demand" lookups of the most recent location information for a single Wi-Fi device or rogue device. With a Cisco WCS license deployed in conjunction with Context-Aware Software and Cisco MSE, real-time contextual information about mobile assets and users such as its location, temperature, availability, and applications in use can be supported to simultaneously monitor and track thousands of wireless clients (Figure 15).

Outdoor location is supported by Cisco WCS with Context-Aware Software and Cisco MSE to the nearest access point.

Figure 14. Cisco Context-Aware Mobility Solution -High Resolution Map for Rogue Device Detection

Figure 15. Cisco Context-Aware Mobility Solution-Location Services

Cisco WCS also supports high-accuracy deterministic location-based notifications enabled through chokepoints. Chokepoint-based notifications are triggered by Cisco Compatible Extensions Wi-Fi tags as they come within range of a chokepoint. Notifications can be triggered by a variety of Wi-Fi tag actions, including entry or exit of a tag from a specified zone, doorway, or gate; and process control events such as those used in manufacturing environments. Chokepoint summary information is displayed on the Cisco WCS Location Notifications Summary. The Cisco WCS Location Notifications Summary screen also displays a client's absence, movement in or out of an area, and marker or location change, battery level and emergency group notifications (Figure 16).

With these advanced location tracking capabilities, the Cisco Unified Wireless Network is an ideal platform for helping to enable key business applications that take advantage of wireless mobility, such as asset tracking, inventory management, and enhanced 911 (e911) services for voice. By incorporating indoor location tracking into the wireless LAN infrastructure itself, Cisco reduces the complexities of wireless LAN deployment and minimizes total cost of ownership.

Figure 16. Cisco WCS Location Notifications Summary

Secure Guest Access

Cisco WCS supports customizable secure guest access that allows organizations to keep their wired and wireless networks secure while providing customers, vendors, and partners with controlled access to their WLANs (Figure 17). The complexity and cost for guest access services is reduced because both wired and wireless access for guest users can be enabled through the wireless infrastructure and a single unified management interface.

The following features are supported by Cisco WCS secure guest access (Figure 18):

• Single-click guest provisioning that reduces errors made by provisioning personnel when they are issuing guest access credentials.

• An HTML image file that can be uploaded to the controller to replace the default Web authentication page that guests traditionally see when logging into a controller-based guest network. This customized page can be previewed prior to activation.

• Customized automated guest access by time of day and date.

• Customizable guest user login failure message and logout verification Web page helps enhance the overall guest-user experience and minimize help desk calls.

• Pre-provisioning of guests prior to their arrival at the site by sending them login credentials by email.

• Limits can be placed on the number of guest users that provisioning personnel can create during a given time period to help maintain network security.

• The existing LDAP infrastructure can be used to authenticate guest users via Web authentication.

• Per-user bandwidth limits on guest traffic to enhance network security and performance.

• Per-SSID guest portals to provision separate portals for different guest user groups.

• Restriction of guest users by their network location: campus, building, or floor area.

• Guest user passwords automatically generated or manually defined.

Figure 17. Cisco Unified Wireless Network Secure Guest Access

Figure 18. Cisco WCS Secure Guest Access Configuration

Voice over Wireless LAN

Cisco WCS includes a variety of advanced tools to plan, deploy, monitor, and optimize the WLAN for voice over wireless LAN (VoWLAN).

• Voice WLAN parameter settings: Voice is latency sensitive. Several WLAN parameters need to be modified to allow for both voice and data on the same network. Cisco WCS voice tools adjust critical WLAN parameters to support VoWLAN.

• Voice troubleshooting tools: Troubleshooting degraded voice quality problems can be difficult In a WLAN environment. Cisco WCS supports queries for traffic stream metrics (TSM) such as packet latency, packet jitter, packet loss and roaming time to determine the cause of voice quality problems.

• Voice Readiness Tool: The Cisco WCS Voice Readiness Tool (VRT) provides a visual indication of the RF coverage and provides an assessment of the readiness of the deployment for VoWLAN. The tool displays three distinct color-coded regions on the floor map highlighting areas of good, moderate and poor RF coverage (Figure 19). This helps identify insufficient coverage areas that could potentially experience voice quality issues. The VRT also takes advantage of calibration data, when available, to provide an estimate of the RF coverage levels and suitability of the network for VoWLAN. The tool can be queried for a visual representation of the RF coverage for current access point power levels or maximum access point power levels.

• VoWLAN Audit Tool: The Cisco WCS VoWLAN Audit Tool automates configuration checks and supports the definition of rules to validate Cisco wireless LAN controller configurations based on the VoWLAN deployment guide recommendations. Configuration violations can be presented as a report or an alarm. This tool helps organizations save time when performing configuration checks of Cisco wireless LAN controllers based on the suggested VoWLAN deployment guidelines.

Figure 19. Cisco WCS Voice Readiness Tool (VRT)

Wireless Security and Network Protection

Cisco WCS streamlines administration and monitoring of security status across the wireless network by providing a single, comprehensive view of all security-related events and network conditions. The graphical at-a-glance format of the security summary greatly reduces the time needed for wireless network administrators to determine wireless network security status (Figure 20).

Figure 20. Cisco WCS Security Summary

Cisco WCS provides a full suite of tools for managing and enforcing security policies within a Cisco wireless infrastructure. These include:

• Intrusion Detection System (IDS)/Intrusion Prevention System (IPS): Cisco WCS supports robust IPS/IDS with the Cisco Secure Wireless Solution and Adaptive Wireless IPS that integrates with the Cisco Self-Defending Network and Network Access Control (NAC). This solution takes a comprehensive approach to security-at the wireless edge, wired edge, WAN edge, and through the data center. When an associated client sends malicious traffic through the Cisco Unified Wireless Network, a Cisco wired IDS device detects the attack and sends shun requests to Cisco wireless LAN controllers, which will then disassociate the client device.

• wIDS signature tuning and management: Cisco WCS reduces false alarms and increases event fidelity by supporting a configurable "interval" for all IDS signatures.

• RF attack signatures and management frame protection: Cisco WCS helps IT staff to create customizable attack signature files that can be used to rapidly detect common RF-related attacks, such as denial of service (DoS), Netstumbler, and FakeAP. Cisco WCS can be programmed to automatically generate alarms if an attack is detected. The detailed security summary enables IT staff to identify recurring security threats before they can cause significant harm.

• Management frame protection: Cisco WCS supports management frame protection (MFP) to monitor the authentication of 802.11 management frames by the wireless network infrastructure and client devices. MFP allows the network to detect spoofed frames from access points, malicious users impersonating infrastructure access points or Cisco Aironet client devices.

• Rogue detection, location, and containment: The Cisco WCS platform uses patent-pending technology to constantly monitor the RF environment looking for unauthorized access points and ad-hoc 802.11a/b/g/n networks. If unauthorized devices appear, Cisco WCS can be used to determine their location and assess the level of threat. The state of a rogue access point is easily determined by the color of the rogue access point icon displayed on the Cisco WCS floor plan map. If deemed malicious, IT managers can use Cisco WCS to properly contain these rogue devices. Detailed trending reports help to identify potential recurring problems. Standalone access points can be color-coded and marked as friendly or non-rogue.

• Access point wired port authentication with 802.1X: Cisco WCS also authenticates access points plugged into a wired network port using 802.1X to validate credentials. This helps to prevent wireless attacks on the wired network and reduces exposure to wireless security threats. It also eases installation and authentication of new access points on 802.1X-enabled networks.

• Policy creation and enforcement: Cisco WCS contains a service policy engine (Figure 21) that allows network administrators to easily create virtual LAN (VLAN), RF, quality of service (QoS), and security policies. With Cisco WCS, IT staff can create multiple unique service set identifiers (SSIDs) with individual security parameters. For example, a "guest" SSID can be secured with Web authentication; a "voice" SSID might be required to take advantage of the Wired Equivalent Privacy (WEP) capabilities inherent to voice handsets; and normal data traffic can be secured using 802.11i or IP Security (IPSec). Cisco WCS can be used to enforce security policies across an entire Cisco Unified Wireless Network, in individual Cisco wireless LAN controllers, or on individual lightweight access points.

Figure 21. Policy Engine

• User exclusion lists: IT staff can use Cisco WCS to proactively exclude specific users from associating with the wireless network. In addition, if unusual activity is detected, offending devices can be flagged and excluded if they are considered to be malicious. These devices cannot access wireless LAN services until timing on the exclusion list expires, or the IT staff decides to grant them wireless LAN access.

Wireless LAN Planning and Design

Cisco WCS provides integrated RF prediction tools that can be used to create a detailed wireless LAN design, including lightweight access point placement, configuration, and performance/coverage estimates. IT staff can import real floor plans into Cisco WCS and assign RF characteristics to building components to increase design accuracy. Graphical heat maps help IT staff visualize anticipated wireless LAN behavior for easier planning and faster rollout. Drawing of irregularly shaped buildings using polygons is also supported to help organizations easily design and support WLAN deployments in such buildings (Figure 22).

Figure 22. Planning Tool

Google Earth Integration

Google Earth features and functionality can be used by Cisco WCS to assist with visualizing and managing Cisco Aironet outdoor wireless mesh deployments. A variety of Google Earth map features can be used within Cisco WCS, including zoom, pan, and tilt. Google Earth must be installed to enable this feature and Google Earth Pro is recommended.

Migrate CiscoWorks WLSE to Operate as a Cisco WCS

Organizations can simply and easily convert their existing CiscoWorks Wireless LAN Solution Engine (WLSE) Models 1130-19 or 1133 to operate as a Cisco WCS. This allows customers of CiscoWorks WLSE to migrate to the Cisco Unified Wireless Network architecture using their existing CiscoWorks WLSE platform.

A converted CiscoWorks WLSE becomes a server that runs Cisco WCS software using RedHat Linux ES v. 4.0. (A copy of RedHat Linux ES v. 4.0 is included with the CiscoWorks WLSE migration CDs.) The converted CiscoWorks WLSE becomes a new Cisco WCS installation that supports lightweight access points and wireless LAN controllers running LWAPP.

Standalone (autonomous) access points are not supported by a converted CiscoWorks WLSE. A CiscoWorks WLSE that has been converted to Cisco WCS cannot be reverted back to operate as a CiscoWorks WLSE. CiscoWorks WLSE Express (Model 1030) and CiscoWorks WLSE (Model 1105) cannot be converted to operate as a Cisco WCS.

To simplify the CiscoWorks WLSE to Cisco WCS migration process, selected data can be migrated, in bulk, from CiscoWorks WLSE into Cisco WCS. CiscoWorks WLSE must be running software Release 2.15 or later in order to use this function. Learn more about converting a CiscoWorks WLSE to Cisco WCS by reading the Cisco WCS Licensing and Ordering Guide.

Simplified Standalone Access Point Migration and Monitoring

Cisco WCS simplifies the process of migrating standalone (autonomous) access points to operate as lightweight access points with a standalone access point migration tool and capabilities to monitor standalone access points.

• Standalone Access Point Migration Tool: Cisco WCS includes an easy-to-use migration tool that supports the simultaneous upgrading of up to 10 Cisco Aironet standalone access points of the same model number. Using this tool reduces the time required to migrate standalone access points.

• Standalone Access Point Monitoring: Organizations can now easily monitor their existing standalone access points from a Cisco WCS console in preparation for migration. Cisco WCS, running release 4.2 and later, can receive basic status and alarm information from standalone access points. These access points are then categorized as authorized access points on Cisco WCS heat maps. This helps optimize the WLAN and increase WLAN security.

All Cisco Aironet standalone access point models can be monitored as well as the standalone access points of Cisco 800, 1800, 2800, and 3800 Series integrated services routers.

Learn more about migrating to the unified architecture by reading the Feature Brief-Simplified Migration of Standalone Access Points to Operate as Lightweight Access Points in the Cisco Unified Wireless Network.

Cisco WCS Demonstration License

Customers can experience Cisco WCS, the industry's leading platform for wireless LAN planning, configuration, management, and mobility services, for free for 30 days by downloading the new full-featured, location-enabled Cisco WCS Demonstration License. This license supports 10 access points for up to 30 days. Network configurations and set up for the demonstration license are retained to make it easier to transition to a licensed Cisco WCS copy. Register to receive a license for free at http://www.cisco.com/go/license or https://tools.cisco.com/SWIFT/Licensing/PrivateRegistrationServlet?DemoKeys=Y. Select Network Mgmt Products > Wireless Control System > Wireless Control System 30 day trial license. Then, after registration, download Cisco WCS software from the Cisco Wireless Software Center (login required). There is no Cisco Technical Assistance Center (TAC) support for the Cisco WCS Demonstration License.

Features and Benefits

Table 2 lists the features and benefits of Cisco WCS.

Table 2. Features and Benefits of Cisco WCS

Feature	Benefit
Intuitive GUI and Simplified Ease-of-Use	IT staff can easily configure, monitor, and troubleshoot their wireless networks with minimal training.
Hierarchical Maps	IT staff can quickly access different geographies, campuses, buildings, floors, and regions for better visibility and control.
Virtual Domains	Enhanced access control is provided to organizations by allowing them to limit an individual IT administrator's access to only those wireless network segments that are under the IT administrator's individual responsibility. Managed service providers can use this feature to easily manage multiple customer WLANs from a single, centralized, easy-to-use Cisco WCS platform.
Policy Management Templates	Uniform QoS, security, and RF management policies can be easily created and enforced across an entire enterprise or outdoor deployment including outdoor mesh deployments. This can be done in a scalable fashion using global templates.
Robust Wireless Security and Network Protection	Cisco WCS streamlines administration and monitoring of security across the wireless network by providing a single, comprehensive view of all security-related events and network conditions. It supports built-in rogue detection, location, and containment as well as Adaptive Wireless IPS and robust security policy creation and enforcement.
Complete Wireless LAN Intrusion Protection	Customized signature files protect against unauthorized intrusion and RF attacks; automated alarms enable rapid response to mitigate risk.
Secure Access	Authentication and authorization to Cisco WCS is ensured with SNMP version 3 and TACACS+.
Client Troubleshooting	Network administrators can quickly and easily troubleshoot problems with a client, debugging Layer 1 to Layer 3 client problems using a step-by-step method. Integration with Cisco Secure ACS View Server 4.0 is supported for easy troubleshooting of client problems associated with client authentication failures.
Non-Wi-Fi Interference Detection	Integration with the Cisco Spectrum Expert allows customers to investigate non-Wi-Fi interference sources within the vicinity of the Cisco Aironet lightweight access points that are affected by interference. This tool assists with network troubleshooting.
Reporting	Extensive customizable reports allow network managers to monitor network activity and system information including inventory, performance, security, access points, clients, radio utilization, 802.11 counters, RF management, configuration history, and alarms.
Ease of Operation	Cisco wireless LAN controllers and Cisco Aironet lightweight access points remain up-to-date with no hands-on intervention. Flexible backups can be automatically scheduled for off-peak hours or run during normal business hours without impacting WLAN performance. Compressed backup files reduce file transfer times and disk space. Easily installed as a service on Windows, Linux or VMware systems.
Integrated High Accuracy Context-Aware Information	Real-time contextual information about mobile assets and users such as its location, temperature, availability, and applications in use can be supported with Cisco Context-Aware Software and Cisco MSE to simultaneously monitor and track thousands of wireless clients. High accuracy, deterministic location to within a few feet or several centimeters is supported by adding third party chokepoints.
Customizable Secure Wired and Wireless Guest Access	Organizations can keep their wired and wireless networks secure while providing customers, vendors, and partners with controlled access to their WLANs.
Voice over WLAN	Cisco WCS includes a variety of advanced tools to plan, deploy, monitor, and optimize the WLAN for VoWLAN including: voice WLAN parameter settings, voice troubleshooting tools, a voice audit tool, and a voice readiness tool.
Wireless LAN Planning Tools	Accurate RF prediction tools increase the effectiveness of wireless LAN planning and design. Three import file types are supported to generate maps: JPEG, PDF, and AutoCAD.
CiscoWorks WLSE Migration	Capital expenses can be reduced by converting an existing CiscoWorks WLSE (Models 1130-19 and 1133) to operate as a Cisco WCS. Selected data can be migrated in bulk from CiscoWorks WLSE into Cisco WCS.
Simplified Standalone Access Point Migration and Monitoring	The process of migrating standalone (autonomous) access points to operate as lightweight access points is simplified with a standalone access point migration tool and capabilities to monitor standalone access points.
Support for Large Scale Deployments	Up to 20 geographically diverse Cisco WCS management platforms can be cost-effectively and easily managed by Cisco WCS Navigator from a single management console.
Green Initiatives	Organizations can reduce power costs by using Cisco WCS to turn access points on or off at scheduled intervals. This feature can also be used to manage network security or restrict WLAN usage.

Summary

Cisco WCS is ideal for enterprise wireless LAN deployments and outdoor mesh networks. This easy-to-use solution simplifies the deployment and operation of wireless networks and helps to ensure smooth performance, enhance security, and maximized network availability. Cisco WCS centrally manages all Cisco wireless LAN controllers including Cisco Catalyst 6500 Series WiSM, the Cisco Catalyst 3750G Integrated Wireless LAN Controller, the Cisco WLCM, the Cisco WLCM-E and the 2100 Series and 4400 Series Cisco wireless LAN controllers. It also manages the Cisco Wireless Location Appliance, Cisco Aironet lightweight access points within campus environments and branch locations, and Cisco Aironet lightweight outdoor mesh access points, eliminating complexity and providing network administrators with visibility and full control of their indoor and outdoor wireless LANs.

Product Specifications

Table 3 lists the product specifications for Cisco WCS.

Table 3. Product Specifications for Cisco WCS

Item	Specification
Operating Systems (Customer Supplied Server)	Cisco WCS can be deployed on a customer supplied server running one of the following operating systems: • Windows 2003 SP1 or greater • Redhat Linux AS/ES v4.0 (Release 4.2 and later) and Redhat Linux AS/ES v5.0 (Releases 4.2.x or 5.0 or later) • VMware ESX Server 3.0.1 or later. (Minimum hardware requirements for a dedicated and guaranteed VMware server: Intel® Xeon Quad CPU; 3.15 GHz, 8 GB RAM, 200 GB HDD)
Minimum Server Requirements	Cisco WCS High-End Server • 3000 lightweight access points, 1250 standalone access points, 750 wireless LAN controllers • Two Intel® Xeon Dual Core CPU's; 3.0 GHz, 8 GB RAM, 200 GB HDD
	Cisco WCS Standard Server • 2000 lightweight access points, 1000 standalone access points, 450 wireless LAN controllers • Intel® Dual Core CPU; 3.2 GHz, 4 GB RAM, 80 GB HDD
	Cisco WCS Low-End Server • 500 lightweight access points, 200 standalone access points, 125 wireless LAN controllers • Intel® CPU; 3.06 GHz, 2 GB RAM, 30 GB HDD
	CiscoWorks WLSE Models 1130-19 or 1133 running Cisco WCS • 1500 lightweight access points, 161 wireless LAN controllers • Intel Pentium 4 CPU; 3 GHz, 3 GB RAM, 38 GB HDD
Minimum Client Requirements	Internet Explorer 6.0/SP1 or later
Management and Security	SNMP v1, v2c, v3 and TACACS+
Managed Devices	Cisco 2000, 2100, 4100 and 4400 Series Wireless LAN Controllers; Cisco Catalyst 6500 Series Wireless Services Module (WiSM), Cisco Catalyst 3750G Integrated Wireless LAN Controller, Cisco Wireless LAN Controller Module (WLCM and WLCM-E) for Integrated Services Routers; Cisco Aironet lightweight access points, Cisco Aironet lightweight outdoor mesh access points, Cisco 3300 Series Mobility Services Engine, Cisco Wireless Location Appliance, and Cisco Spectrum Expert. Monitoring and migration of selected Cisco Aironet standalone (autonomous) access points.
Database	Integrated Solid FlowEngine SQL

Cisco WCS Licenses

Ordering Guide

Please read the Cisco WCS Licensing and Ordering Guide for step-by-step instructions for ordering the correct Cisco WCS license SKUs as well as instructions for downloading, installing, and regis

Hierarchical Navigation

Cisco Wireless Control System

Cisco Wireless Control System (WCS)

Downloads