What the Future Holds


Cisco IT is currently undertaking a major upgrade of the global WLAN. As the business has come to realize the benefit of wireless connectivity, the WLAN is being redesigned from the bottom up, adopting a proactive business value philosophy rather than a simple technology deployment approach. The team has been tasked to tackle the wireless LAN in a holistic manner, taking into account not only new products (such as the Cisco WLAN controllers and LWAPP access points), but also concepts such as fully integrated security with the Cisco self-defending network security strategy, a converged management solution, improved stability, and resilience in addition to data and voice capacity, outdoor coverage to ensure seamless roaming on campus sites, and a raft of additional features, enhancements, and evolutionary development.

The number of access points will be approximately doubled, providing a 100 percent improvement in user to AP ratio, from the current 25:1 ratio to approximately 14:1. This is essential for robust wireless voice services, increased granularity in wireless rogue AP detection and Intrusion Detection Systems, and greater wireless traffic loadall features and characteristics of Cisco's internal WLAN today.

This section describes other changes introduced by Cisco IT's NexGen WLAN:

  • Modular architecture

  • Enhanced security

  • Location-based services

  • Outdoor wireless

Modular Architecture: Centralized and Autonomous APs

Because of the large number of Cisco sites and their varying sizes (from large multibuilding campuses with thousands of users to small, shared-tenancy sales offices with five or fewer staff), the Cisco WLAN upgrade plan includes a combination of the Cisco centralized WLAN solution (based on LWAPP access points and WLAN controllers) for large- and medium-sized sites, along with the Cisco distributed WLAN solution (based on intelligent, IOS-based access points) for small and very small sites where local controllers are uneconomical. The flexibility of this solution allows Cisco to tailor its internal global solution to all kinds of sites, from campus sites with thousands of staff to small, regional sales offices with five or fewer users.

Figure 9-6 provides a snapshot of the NexGen WLAN architecture. Large campus buildings are fitted with LWAPP access points. Buildings are logically grouped into clusters, and dual redundant WLAN controllers are used to manage the access points in each cluster. Wireless coverage is provided outside using Cisco outdoor mesh access points. The outdoor mesh network is provided between buildings on large campus sites to allow seamless roaming from building to building and to support enhanced wireless voice services. Medium to large remote offices are also fitted with LWAPP access points, and dual redundant WLAN controller appliances are installed locally. For small offices, IOS access points are used. Finally, WLAN management is provided by both the WCS and Wireless LAN Solution Engine (WLSE) that are centrally located at regional data centers.

Figure 9-6. High-Level Overview of the Cisco Internal NexGen WLAN Project


Enhanced Security

The security framework for the Cisco internal NexGen WLAN will be based on the recently ratified 802.11i protocol. Authentication will continue to be provided by EAP-FAST, a tunneled authentication protocol that protects authentication exchanges in a strongly encrypted tunnel. Data integrity will be provided by WPA and WiFi Protected Access 2 (WPA2), with the incremental introduction of Advanced Encryption Standard (AES) capable devices.

The integrated Wireless Intrusion Detection System will be used to proactively monitor, detect, and isolate wireless security threats, including rogue access points and well-known wireless hacking attacks. The latter is a fundamental feature of the Cisco centralized WLAN solution, itself part of the Cisco Unified Wireless Network solutions family. To learn more, visit http://www.cisco.com/en/US/products/ps6306/prod_brochure09186a0080184925.html or go to Cisco.com and search for the keyphrase Cisco Unified Wireless Network.

Finally, third-party scanning utilities will be used for wired network scanning; this is especially important as a tool to reduce false positives and to assist with rogue AP detection in smaller sites and "air gapped" locations, where there are fewer access points to undertake active over-the-air scanning.

Location-Based Services

The Cisco WLAN Location Appliance will provide robust location-based services (LBS) such as asset tracking to assist in E911 applications. Combined with the use of 802.11-based wireless asset tags, this will allow Cisco IT to identify, locate, and track high-value assets in real time, down to a particular room and usually within five meters of accuracy.

Outdoor Wireless

Cisco plans to extend the enterprise WLAN such that it will provide coverage outdoor between buildings in its large campus sites. This coverage will be achieved with the use of the Cisco new Aironet 1510 outdoor mesh access point. The use of mesh technology will avoid the necessity of cabling each outdoor access point and will ensure seamless self-configuration and optimization.

The outdoor coverage will be a logical extension of the indoor WLAN and will be protected with the same level of robust security features.

Outdoor coverage will extend the capabilities of the enterprise WLAN and also ensure seamless, building-to-building roaming, which is especially important for wireless voice features.




The Business Case for Enterprise-Class Wireless Lans
The Business Case for Enterprise-Class Wireless LANs
ISBN: 1587201259
EAN: 2147483647
Year: 2004
Pages: 163

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net