With so many organizations wanting to adopt wireless networking technology, Cisco realized it was difficultif not impossiblefor many organizations to quickly and effectively deploy their own wireless solutions. When users decide they need wireless capabilities, problems often occur. For example, users take it upon themselves to install wireless components. This initiative poses performance and security issues for the network. To help address this problem, Cisco developed its SWAN solution.
For any size network, SWAN makes it possible to quickly add wireless infrastructure and then configure the WLAN in a manner consistent with the rest of the network.
SWAN is not an off-the-shelf product; rather, SWAN is an architecture built from many Cisco components. To build your own SWAN, you need the following components, as illustrated in Figure 3-1:
Figure 3-1. Cisco SWAN Components
You must also include the CiscoWorks LAN Management Solution software and the Wireless Solutions Engine (WLSE) appliance for management.
WLSE is covered in more depth in Chapter 10, "CiscoWorks Wireless LAN Solution Engine (WLSE)."
Alhough this sounds like a lot of equipment, chances are you already have most of it because of your support for wired LANs. Additionally, routers and switches are not mandatory for a SWAN solution.
Overall, SWAN focuses on two main areas:
SWAN introduces the Cisco Wireless Domain Services (WDS) technology. In essence, WDS is a set of Cisco IOS Software features that run on one of the WLAN's APs. The device, in addition to its own AP duties, also acts as a controller for other APs on the same subnet. To speed up Layer 2 roaming (roaming in the same subnet) and Layer 3 roaming (roaming between subnets), all APs register with the WDS AP using 802.1X. As clients power up, they are initially authenticated with the AAA server. This information is sent through the WDS, which transfers it to the AP.
Layer 3 roaming is supported if WDS runs on a router or a WLSM module in a Catalyst 6500 series switch.
As the client roams from cell to cell, WDS sends the client key to the new AP. As such, the client does not need to re-authenticate with the AAA server, which makes roaming much more efficient and speedy. Figure 3-2 illustrates the roaming process as facilitated by WDS.
Figure 3-2. WDS Transmits a Client's Key to APs the Client Has Roamed into, Making Roaming Faster
Further, the WDS acts as a backup local authenticator for remote offices if the WAN connected to an AAA server in a head office fails.
When an AP is used as an authenticator, the WDS can handle only 50 accounts, and it is not synchronized to the central Remote Authentication Dial-In User Service (RADIUS) server. For that functionality, you need to use WLSE, which is used for the management of hundreds of APs. More accounts can be handled if an external RADIUS server is used.
SWAN adds the following ease-of-use features that make WLAN management much simpler and smoother for both setup and ongoing use: