Cisco Wireless LAN Controller Solution Overview [Cisco 4400 Series Wireless LAN Controllers]

Delivering efficient and secure wireless control

Cisco® Wireless LAN Controllers work in conjunction with Cisco Lightweight Access Points and the Cisco Wireless Control System (WCS) to provide systemwide wireless LAN (WLAN) functions. As components of the Cisco Unified Wireless Network, Cisco Wireless LAN Controllers present network administrators with the visibility and control necessary to effectively and securely manage business-class WLANs and mobility services, such as enhanced security, voice, guest access, and location services.

Cisco Wireless LAN Controllers help reduce overall operational expenses by simplifying network deployment, operations, and management. The flexibility allows network managers to design networks to meet their specific needs, whether implementing standalone or highly integrated network designs.

Features and Benefits

• Business-class RF security and WLAN security policy monitoring

• Clear visibility into and centralized control of the RF environment

• High performance through reliable coverage and optimized bandwidth

• Mobility features for uninterrupted network access for roaming users

• Scalability to meet the requirements of small businesses to large enterprises

• Investment protection

• Reduced overall operational expenses, achieved by simplifying network deployment, operations, and management

The Cisco Unified Wireless Network is designed to enhance productivity, collaboration, and responsiveness in organizations of all types and sizes. Cisco Wireless LAN Controllers (Figure 1) enable enterprises to create and enforce policies for business-critical applications such as mobile healthcare, inventory management, retail point of sale, video surveillance, real-time data access, asset tracking, and network visibility. Multiple WLAN controllers automatically discover each other and transparently coordinate WLAN services across themselves. In this way, Cisco Wireless LAN Controllers work together as a single, transparent system to deliver a scalable WLAN network with thousands of access points.

Figure 1. Cisco Unified Wireless LAN with Secure Communication Between Lightweight Access Points and Controllers

Intelligent RF Management

Cisco Wireless LAN Controllers take the complexity out of RF management by supporting a series of RF-specific management tools (Figure 2). These tools include dynamic channel assignment, RF interference mitigation, client load balancing, and power transmit control. The RF management tools provide visibility into the wired and wireless network, so network managers can view performance, usage, availability, and reliability statistics from a single interface. These features also support continuous site-survey services to help ensure that the wireless network provides optimal coverage and capacity.

Figure 2. Networkwide RF Intelligence

Specific intelligent RF capabilities managed by Cisco Wireless LAN Controllers include:

• Dynamic channel assignment-802.11 channels are adjusted to optimize network coverage and performance based on changing RF conditions.

• Interference detection and avoidance-The system detects interference and recalibrates the network to avoid performance problems.

• Load balancing-The system provides automatic load balancing of users across multiple access points for optimum network performance, even under heavy loads.

• Coverage hole detection and correction-Radio Resource Management (RMM) software detects coverage holes and attempts to correct them by adjusting the power output of access points.

• Dynamic power control-The system dynamically adjusts the power output of individual access points to accommodate changing network conditions, helping ensure predictable wireless performance and availability.

Enhanced Security

A unified network allows IT to maintain unified network security policies and detect and respond to alerts more quickly. Cisco Wireless LAN Controllers adhere to the strictest level of security standards, including:

• Standard 802.11i Wi-Fi Protected Access 2 (WPA2), WPA, and Wired Equivalent Privacy (WEP)

• Standard 802.1X with multiple Extensible Authentication Protocol (EAP) types: Protected EAP (PEAP), EAP with Transport Layer Security (EAP-TLS), EAP with Tunneled TLS (EAP-TTLS), EAP with Flexible Authentication through Secure Tunneling (EAP-FAST), EAP with subscriber identity module (EAP-SIM), and Cisco LEAP

• Management frame protection

• Federal Information Processing Standards (FIPS) 140-2 Level 2 validation

The result is the industry's most comprehensive WLAN security solution.

In the Cisco WLAN architecture, access points act as air monitors, communicating real-time information about the wireless domain to WLAN controllers. All security threats are rapidly identified and presented to network administrators through the Cisco WCS, where accurate analysis can take place and corrective action can be taken.

Cisco addresses WLAN security by offering multiple layers of protection, as Figure 3 shows. The multiple layers of WLAN protection include:

• RF security-The Cisco WLAN system detects and avoids 802.11 interference and controls unwanted RF propagation.

• Wireless LAN intrusion prevention, location, and correlation-The Cisco WLAN system not only detects rogue devices or potential wireless threats, but also locates these devices, enabling systems administrators to quickly assess the threat level and take immediate action to mitigate threats as required. The intrusion-detection-system (IDS) signature engine on controllers and on the Cisco WCS automatically eliminates duplicate alerts for rogue access points, rogue clients, and IDS signatures that previously occurred when two or more access points detected the same attacker. Now instead of one IDS alert from each detecting access point, a single alert is generated for the attack.

• Identity-based networking-IT staff must support many different user access rights, device formats, and application requirements when securing WLANs. The Cisco WLAN system enables enterprises to deliver individualized security policies to wireless users or groups of users, including:

– Layer 2 security-802.1x (PEAP, TLS, TTLS, FAST, SIM, and LEAP), WPA, and 802.11i (WPA2)

• Layer 3 security (and above)-IP Security (IPsec) and Web authentication

– VLAN assignments

– Access control lists (ACLs)-IP restrictions, protocol types, port, and differentiated-services-code-point (DSCP) value

– Quality of service (QoS)-Multiple service levels, bandwidth contracts, traffic shaping, and RF usage

– Authentication, authorization, and accounting (AAA) and RADIUS user session policies and rights management

– Management frame protection-Management frame protection (MFP) provides for the authentication of 802.11 management frames by the wireless network infrastructure, allowing the network to detect spoofed frames from access points or malicious users impersonating infrastructure access points.

• Network Admission Control (NAC)-The Cisco WLAN system enforces policies pertaining to client posture and configuration and behavior to ensure that only end-user devices with appropriate security utilities and health can gain access to the network.

Figure 3. Multiple Layers of Wireless LAN Protection

Reliability

Cisco delivers the highest level of reliability for mission-critical wireless networks. If an access point failure occurs, Cisco Wireless LAN Controllers automatically adjust power on adjacent access points to cover the area where the failed access point provided service. If an individual controller failure occurs, access points automatically find a backup WLAN controller to keep wireless service available. Cisco Wireless LAN Controllers can be deployed in an N + 1 redundant topology, allowing enterprises to scale their wireless networks while knowing that they are protected from both hardware and software disruptions. Only the Cisco Wireless LAN Controllers allow users to control wireless deployment costs without sacrificing reliability.

Mobility Services

The Cisco Unified Wireless Network is the first solution to provide true mobility services that enable business process improvement. Guest, voice, security, and location services can all significantly affect productivity, efficiency, and security when enabled organizationwide. The Cisco Wireless LAN Controller plays a critical role in supporting these mobility services.

Secure Guest Access

Guest access allows customers, vendors, partners, and others to wirelessly access network resources without compromising enterprise security. The WLAN controller ensures that client devices comply with security policies, and can be configured to automatically quarantine clients that pose a threat to network security. Guest access increases company productivity, facilitates real-time collaboration, and helps companies be more competitive in today's anywhere, anytime, business climate. The solution enables companies to:

• Manage guest access

• Monitor guest use of the network

• Automatically prioritize traffic to optimize network performance

Voice Services

Cisco Voice over WLAN provides business communications using Wi-Fi and cellular-compatible smart phones. Cisco Wireless LAN Controllers ensure enterprise voice services can be deployed by enabling:

• High availability-Real-time RF scanning and monitoring of the RF environment minimize interference and ensure high quality and availability for voice communications. Management tools for monitoring roam time, jitter, and client connectivity are critical to meet the requirements for high availability.

• Roaming-Cisco Wireless LAN Controllers support pervasive communications with fast (low latency) secure roaming for voice clients. They help clients optimize roaming and minimize disruption to communications.

• Advanced QoS-Cisco Wireless LAN Controllers support voice on the WLAN with advanced QoS features, industry-standard QoS, extended-talk-time battery life, and Call Admission Control.

• Choice of client devices-Cisco Wireless LAN Controllers securely interoperate with a diverse selection of wireless devices that support advanced features such as fast secure roaming and advanced QoS.

For more information about the Cisco Voice over WLAN solution, please visit: http://www.cisco.com/go/vowlan.

Location Services

Location services track the physical location of Wi-Fi devices, making possible applications such as real-time asset tracking, location-based security, and business policy enforcement. Interoperating with the Cisco WCS and Cisco Wireless Location Appliance, Cisco Wireless LAN Controllers can track the physical location of a variety of Wi-Fi devices-including laptops, voice handsets, personal digital assistants (PDAs), active Wi-Fi RF identification (RFID) tags, rogue client devices, and rogue access points. For more information about the Cisco Wireless Location Appliance, visit: http://www.cisco.com/en/US/products/ps6386/index.html

Network Management

The Cisco WCS is an optional network component that lets companies centrally plan, configure, and manage an enterprise wireless network. With an easy-to-use graphical interface, it simplifies management of multiple WLAN controllers and their associated access points. For more information about Cisco WCS, visit: http://www.cisco.com/en/US/products/ps6305/index.html

Deployment Flexibility for Branch Offices

Cost-effective Hybrid Remote Edge Access Point (REAP) functions allow remote deployment of the Cisco Aironet® 1240 AG and Aironet 1130 AG Series Access Points from the WLAN controller, making it ideal for branch office and small retail locations. With Hybrid REAP, users can choose whether they want to have traffic bridged locally or tunneled over the WAN over Lightweight Access Point Protocol (LWAPP) on a per-Service Set Identifier (SSID) basis. Because of bandwidth required, only 8 Hybrid REAPs can be used in any one location over a WAN connection. For more details, please visit: Cisco Unified Wireless Network Software Release 4.0.

Features and Benefits

All the Cisco Wireless LAN Controllers used in the Cisco Unified Wireless Network architecture offer the features described in Table 1. The main differences are in the number of access points supported, uplink capacity, and form factor.

Table 1. Features and Benefits of Cisco Wireless LAN Controllers

Feature	Benefits
Cisco Unified Wireless Network	The Cisco Unified Wireless Network reduces overall operational expenses by simplifying network deployment, operations, and management. The flexibility allows network managers to design networks to meet their specific needs, whether implementing highly integrated network designs or simple overlay networks.
Scalability	The scalable architecture of the Cisco Wireless LAN Controllers provides business-critical wireless services for locations of all sizes.
Integrated Radio Resource Management (RRM)	The system creates an intelligent RF control plane for self-configuration, self-healing, and self-optimization.
Zero-configuration deployment	The system is deployed without the need to modify existing routing and switching infrastructures or to configure access points.
Reliability	Automated recovery from lightweight access point and WLAN controller failures maximizes the availability of the wireless network.
Intuitive management interfaces	The Cisco WCS provides better visibility and control of your company's wireless network, resulting in ease of deployment and lower total cost of ownership.
Mobility management	Up to 24 Cisco Wireless LAN Controllers can be supported in a single mobility group for transparent, secure client roaming and high availability.
Enhanced security	• Enhanced security ensures authentication of clients for controlled access to network resources and encryption of client data to maintain privacy. • Intrusion detection, location, and containment preserve the integrity of wireless networks and sensitive corporate information. When an associated client sends malicious traffic, a Cisco wired IDS device detects the attack and sends shun requests to Cisco Wireless LAN Controllers, which then disassociate the client device. • The Cisco Unified Wireless Network integrates with the Cisco Self-Defending Network to limit damage from emerging security threats such as viruses, worms, and spyware. It also integrates with Network Admission Control to enforce security policy compliance on all wireless devices seeking to access network computing resources.
Mobility services	To facilitate integration with business processes, the Cisco Unified Wireless Network offers four mobility services: guest access, location, voice, and security.

Cisco Wireless LAN Controller Products

To meet a variety of deployment scenarios, the Cisco Wireless LAN Controller product line includes standalone controllers, integrated controllers, and modular WLAN controllers that work in conjunction with selected Cisco switches and routers.

• Cisco 4400 Series and Cisco 2106 Wireless LAN Controllers are standalone, 1-rack-unit devices.

• The Cisco Catalyst 3750G Integrated Wireless LAN Controller is integrated into a Cisco Catalyst 3750G Switch.

• The Cisco Catalyst 6500 Series WiSM and the Cisco Wireless LAN Controller Module (WLCM) are WLAN controller modules that slide into an existing Cisco Catalyst 6500 Series Switch or a Cisco Integrated Services Router, respectively.

All WLAN controllers deliver the same features and benefits, but each controller supports a different number of lightweight access points. Additionally, WLAN controller modules for the Cisco Catalyst 6500 Series Switch and Integrated Services Routers as well as the Cisco Catalyst 3750G Integrated Wireless LAN Controller can take advantage of the ACL, policies, and advanced features of the switch or router that they reside in.

Each controller can be managed centrally through the Cisco WCS or locally through the onboard WLAN controller GUI or CLI. Up to 24 controllers and 3600 lightweight access points can be clustered together to provide mobility and systemwide RF management (Table 2).

Table 2 lists specifications for the Cisco Wireless LAN Controller product line.

Table 2. Specifications for Cisco Wireless LAN Controller Products

	Cisco 2106 Wireless LAN Controller	Cisco 4400 Series Wireless LAN Controller	Cisco WLCM¹	Cisco Catalyst 3750G Integrated Wireless LAN Controller²	Cisco Catalyst 6500 Series WiSM³
Controller type	Standalone	Standalone	Module	Integrated	Module
Platform integration	-	-	Cisco 2800 and 3800 Series Integrated Services Routers	Cisco Catalyst 3750G Series Switches	Cisco Catalyst 6500 Series Switch
Number of lightweight access points supported	6	12, 25, 50, or 100	6	25 and 50	300
Deployment location	Remote location, branch office, or small office	Remote location, branch office, or campus	Remote location, branch office, or small office	Midsize organizations and enterprise branch offices	Large campus
Uplink interfaces	Two 10-/100-Mbps ports	Cisco 4402: Two 1-Gbps ports Cisco 4404: Four 1-Gbps ports	One 10-/100-Mbps port	24 Power over Ethernet (PoE) 10/100/1000 ports 32-Gbps, high-speed stacking bus	Eight 1-Gbps ports
Forwarding engine	Software	ASIC-based (Hardware)	Software	ASIC-based (Hardware)	ASIC-based (Hardware)

¹Must be deployed with Cisco IOS® Software Release 12.4(2)XA1 or later.

²The Cisco Catalyst 3750G Integrated Wireless LAN Controller must be purchased as a complete unit. An existing Cisco Catalyst 3750G Switch cannot be upgraded to operate as a WLAN controller.

³Requires a Cisco Catalyst 6500 Series Supervisor Engine 720.

Table 3 lists ordering information for Cisco Wireless LAN Controllers, the Cisco Wireless Location Appliance, and the Cisco Wireless Control System.

Table 3. Ordering Information

Product	Features	Customer Requirements	Sales Advantages and Part No.
Wireless LAN Controllers
Cisco 2106 Wireless LAN Controller	• Supports up to six Cisco Aironet Lightweight Access Points. • 6 Fast Ethernet downlink Ethernet ports (2 of 6 provide power for lightweight access points). • 2 Fast Ethernet uplink Ethernet ports.	• Small to medium-sized deployments or enterprise • Branch or distributed offices	Part Numbers AIR-WLC2106-K9 Refer to the Cisco WLAN Controller data sheet for more details: http://www.cisco.com/en/US/products/ps7206/products_data_sheet0900aecd805aaab9.html
Cisco 4400 Series Wireless LAN Controller	• Modular support of 12, 25, 50, or 100 Cisco Aironet Lightweight Access Points. • The Cisco 4402 with two 1-GB Ethernet ports supports configurations for 12, 25, and 50 access points. • The Cisco 4404 with four 1-GB Ethernet ports supports configurations for 100 lightweight access points. • IEEE 802.1D Spanning Tree Protocol for higher availability. • IPsec encryption. • Industrial-grade resistance to electromagnetic interferences (EMI).	• Midsize to large deployments • High availability	Part Numbers • AIR-WLC4402-12-K9 • AIR-WLC4402-25-K9 • AIR-WLC4402-50-K9 • ·AIR-WLC4404-100-K9 Refer to the Cisco WLAN Controller data sheet for more details: http://www.cisco.com/en/US/products/ps6308/ products_data_sheet0900aecd802570b0.html
Wireless Integrated Switches and Routers
Cisco Catalyst 6500 Series Wireless Services Module (WiSM)	• Wireless LAN Controller for Catalyst 6500 in conjunction with up to 300 Cisco Aironet Lightweight Access Points. • IPsec encryption. • Industrial-grade resistance to electromagnetic interferences (EMI). • Intra-chassis and inter-chassis failover. • Interoperable with Cisco Catalyst 6500 Firewall and IDS Modules.	• Embedded system for the Cisco Catalyst 6500 Series infrastructure • Large-scale deployments • High availability	Part Numbers WS-SVC-WISM-1-K9 Refer to the Cisco Catalyst 6500 WiSM data sheet for more details: http://www.cisco.com/en/US/products/hw/modules/ps2706/products_data_sheet0900aecd80364340.html
Cisco Catalyst 3750G Integrated Wireless LAN Controller	• The Cisco Catalyst 3750G offers WLAN controller capabilities. • Modular support for 25 or 50 Cisco Aironet Lightweight Access Points per switch (and up to 200 lightweight access points per stack¹). • IPsec encryption. • Industrial-grade resistance to EMI.	• Midsize to large deployments • High availability	Part Numbers • WS-C3750G-24WS-S25 • WS-C3750G-24WS-S50 Refer to the Cisco Catalyst 3750G Integrated Wireless LAN Controller data sheet for more details: http://www.cisco.com/en/US/products/ps6915/ products_data_sheet0900aecd804b0879.html
Cisco Wireless LAN Controller Module for Cisco Integrated Services Routers	• The Cisco Wireless LAN Controller Module is integrated into Cisco Integrated Services Routers. • Supports up to 6 Cisco Aironet Lightweight Access Points.	• Embedded system for the Cisco 2800 and 3800 Series Integrated Services Routers and Cisco 3700 Series Routers • Small to medium-sized deployments or branch offices	Part Numbers NM-AIR-WLC6-K9 Refer to the Cisco WLAN Controller Module data sheet for more details: http://www.cisco.com/en/US/products/hw/modules/ps2797/products_data_sheet0900aecd80364432.html
Wireless Location Appliance
Cisco 2710 Series Wireless Location Appliance	• Scalable location tracking and asset management for up to 2500 devices. • Enhanced network visibility. • Integration with a variety of technology and application partners through a rich and open application programming interface (API). • Enhanced WLAN security through accurate location of rogue access points. • Advanced planning and deployment tools for accurate calibration.	• Customers range from enterprises to vertical industries, such as healthcare, finance, retail, manufacturing, and federal organizations • Support for critical applications including high-value asset tracking, location-based security, enhanced network management, and business policy enforcement	Part Numbers AIR-LOC2710-L-K9 Refer to the Cisco Wireless Location Appliance data sheet for more details: http://www.cisco.com/en/US/products/ps6386/products_data_sheet0900aecd80293728.html
Wireless Network Management
Cisco Wireless Control System (WCS)	• Management of Cisco Wireless LAN Controllers, Cisco Aironet Lightweight Access Points, and the Cisco Wireless Location Appliance. • Modular support of 50, 100, 500, 1000, and 2500 Cisco Aironet Lightweight Access Points. • Supports up to 250 Cisco Wireless LAN Controllers. • Hierarchical maps. • WLAN planning, monitoring, configuring, and troubleshooting tools. • Policy management templates. • Centralized software upgrades. • Robust APIs. • Integrated location tracking (optional).	• Easy management of Cisco Unified Wireless Networks • Businesses deploying mobility services • Base software for management • Additional software for location services • Compatibility with Windows and Linux	Part Numbers • WCS-APBASE-50 • WCS-APBASE-100 • WCS-APBASE-500 • WCS-APBASE-1000 • WCS-APBASE-2500 • WCS-APLOC-50 • WCS-APLOC-100 • WCS-APLOC-500 • WCS-APLOC-1000 • WCS-APLOC-2500 Refer to the Cisco WCS data sheet for more details: http://www.cisco.com/en/US/products/ps6305/products_data_sheet0900aecd802570d0.html

¹With 4 modules per stack and 50 access points per module

Summary

The Cisco Wireless LAN Controller eliminates the deployment and management complexity of wireless networks, and provides enhanced security, maximum network availability, and enhanced WLAN performance. Cisco Wireless LAN Controllers work in conjunction with the Cisco WCS and the Cisco Wireless Location Appliance to support mission-critical wireless data, voice, and video applications. As a component of the Cisco Unified Wireless Network, Cisco Wireless LAN Controllers provide network administrators with the visibility and control needed to effectively manage and secure enterprise-class WLANs.

Service and Support

Cisco offers a wide range of service programs to accelerate customer success. These innovative programs are delivered through a unique combination of people, processes, tools, and partners, resulting in high levels of customer satisfaction. Cisco services help you protect your network investment, optimize network operations, and prepare your network for new applications to extend network intelligence and the power of your business. For more information about Cisco services, visit: http://www.cisco.com/en/US/products/svcs/ps2961/ps2738/serv_home.html

Hierarchical Navigation

Cisco 4400 Series Wireless LAN Controllers

Cisco Wireless LAN Controller Solution Overview

Downloads