Wireless What lies ahead Looking at LWAPP

Wireless – What lies ahead Looking at LWAPP and Mobile Handset Develpment Aybala C. S. Tut Systems Engineer acelebi@cisco. com Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 1

Agenda § Distributed vs. Centralized WLAN Architecture § Centralized Architecture and Infrastructure § Mobile Handsets § Q&A Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2

Distributed vs. Centralized WLAN Architecture Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 3

Cisco Wireless LAN Portfolio Distributed - Centralized Solution Distributed Solution Cisco. Works WLSE Express Cisco Wireless Control System (WCS) Management Control Catalyst 6500 Series WLSM Cisco WLAN Controllers Cisco 1100, 1130, 1200, 1230, 1240, 1300 Access Points Autonomous Access Cisco 1000, 1130, 1200, 1230, 1240 Access Points Lightweight (LWAPP) Applications Cisco Compatible Extensions and Wi-Fi Client Devices Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 4

Centralized Architecture and Infrastructure Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 5

The Centralized Architecture Cisco WLAN Controller P AP LW Switch/Routed Network Lightweight Access Points Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 6

Understanding WLAN Controllers— 1 st/2 nd Generation vs. 3 rd Generation Approach § 1 st/2 nd generation— APs act as 802. 1 Q translational bridge, putting client traffic on local VLANs 1 st/2 nd Generation § 3 rd generation—Controller bridges client traffic centrally 3 rd Generation Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 7

Understanding WLAN Controllers—The WLAN Controller as a Network Device § WLAN Controller For wireless end-user devices, the controller is a 802. 1 Q bridge that takes traffic of the air and puts it on a VLAN From the perspective of the AP, the controller is an LWAPP Tunnel end-point with an IP address From the perspective of the network, it’s a Layer-2 device connected via one or more 802. 1 Q trunk interfaces § The AP connects to an access port—no concept of VLANs at the AP Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 8

Centralized Solution Architecture “Split-MAC” Approach § Security policies Wireless Controller § Qo. S policies § RF management § Mobility management LWAPP Division of Labor Split MAC § Remote RF interface § MAC layer encryption Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Lightweight Access Points Cisco Confidential 10

Split – MAC AP MAC Functions § 802. 11: Beacons, probe response, authentication (if open) § 802. 11 control: Packet acknowledgement and retransmission (latency) § 802. 11 e: Frame queuing and packet prioritization (access to RF) § 802. 11 i: Encryption in AP Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 11

Split- MAC Controller MAC Functions § 802. 11 MAC mgmt: (Re)association requests and action frames § 802. 11 Data: Encapsulate and sent to AP § 802. 11 e resource reservation: Control protocol carried to AP in 802. 11 mgmt frames—signaling done in the controller § 802. 11 i authentication and key exchange Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 12

Real-Time RF Management Dynamic Channel Assignment RF channel “ 1” RF channel “ 6” RF channel “ 11” Dynamic Power Optimization • Eliminate coverage holes • Avoid interference/Improve performance • Optimize coverage area • Reduce “hands on” WLAN mgmt Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 13

No Single Point of Failure AP Redundancy Cisco WLAN Controller Ethernet Switch Cisco Access Point Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 14

No Single Point of Failure WLC Redundancy Primary WLCM Secondary WLCM Primary and secondary controllers can be configured Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 15

Better Network Performance Dynamic Load Sharing Solving Performance & Capacity problems in high density areas (e. g. conference rooms, cafeteria)… 16 Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 16

Better Network Performance Dynamic Load Sharing Solving Performance & Capacity problems in high density areas (e. g. conference rooms, cafeteria)… 17 Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 17

Better Network Performance Dynamic Load Sharing Solving Performance & Capacity problems in high density areas (e. g. conference rooms, cafeteria)… 18 Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 18

Wireless LAN Controller Family Wireless LAN Controllers 2000 4400 Catalyst 6500 Series Wireless Services Module (Wi. SM) Wi. SM Switch and Router Platforms Wireless LAN Controller Module (WLCM) for ISR Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential Catalyst 3750 Switch 19

Proven Platform for Mobile Access Indoor Access Points 1130 AG 1000 Indoor Rugged Access Points 1240 AG 1230 AG Outdoor Access Points/Bridges 1500 Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 1300 20

Cisco Wireless Control System (WCS) World-Class Network Management Features § Client troubleshooting (via CCX) § Planning, configuration, monitoring, location, IDS/IPS, and troubleshooting § Hierarchical maps § Intuitive GUI and templates § Policy based networking (Qo. S, security, RRM, etc. ) Benefits § Lower OPEX and CAPEX § Better visibility and control of the air space § Consolidate functionality into a single management system § Determines location and voice readiness Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 21

WCS Dashboards Network Monitor Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 22

Location Tracking Services § 1 st integrated location solution § Real-time location services § Advanced RF fingerprinting § Simultaneous real-time tracking 10, 000+ devices § API Third Party Applications § RF capacity management § Intuitive management GUI Cisco 2700 Series Wireless Location Appliance Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 23

Lightweight Access Point Protocol (LWAPP) Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 24

What is LWAPP? § The Light Weight Access Point Protocol (LWAPP) is used between an AP and a WLAN Controller. § Why is this critical to a scalable network deployment? Customers want to manage a network, not individual network elements LWAPP allows a controller to manage the APs LWAPP Tunnel Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 25

LWAPP involves. . . § Low overhead communication between Wireless LAN Controllers and Access Points § 1 -4 kbps overhead with associated clients § Data traffic encapsulation in: UDP source port 1024 Destination port 12222 § Control traffic encapsulation in: UDP source port 1024 Destination port 12223 § AES encryption for control traffic ONLY § For data traffic encrpytion use security protocol like WPA 2 with AES encryption Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 26

Cisco Centralized WLAN Model LWAPP defines control messaging and data encapsulation between access points and centralized WLAN controller Switched/Routed Wired Network Lightweight Access Point Wireless LAN Controller LWAPP Tunnel Control Messages Data Encapsulation Ingress/Egress point from/to upstream switched/routed wired network (802. 1 Q trunk) Access Points are “lightweight”—controlled by a centralized WLAN controller Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential Much of the traditional WLAN functionality moved from access points to centralized WLAN controller 27

Cisco Centralized WLAN Model LWAPP carries all communication between access point and controller L 2 or L 3 transport Mutual authentication—X. 509 certificate based LWAPP control AES-CCM encrypted Data encapsulation Radio resource management Mobility management Switched/Routed Wired Network Lightweight Access Point Wireless LAN Controller LWAPP Tunnel Control Messages Data Encapsulation Ingress/Egress point from/to upstream switched/routed wired network (802. 1 Q trunk) Remote RF interface Real-time 802. 11 MAC RF spectral analysis Security management WLAN IDS Signature analysis Qo. S policies enforcement Centralized configuration, firmware management Northbound management interfaces Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 28

Centralized Solution Architecture LWAPP discovery process The LWAPP discovery process provides • Ease of AP installation • Automatic redundancy in case of controller failure (self healing) LWAPP Layer 2 broadcast (FF. FF. FF) • 2. LWAPP Layer 3 broadcast (255. 255) • • 3. Use Cisco ‘ip-helper’ and ‘forward protocol’ to get to the controller Vendor option 60 ‘Airespace. AP 1200’ Vendor option 43 ‘controller IP address’ LWAPP Layer 3 with DNS • 5. Controller on same subnet can answer request LWAPP Layer 3 with DHCP option 43 • • 4. Controller on same subnet can answer request LWAPP Layer 2 and Layer 3 1. Wireless Controller Host ‘CISCO-LWAPP-CONTROLLER’ Over The Air Provisioning (OTAP) Lightweight Access Points After the initial controller discovery phase the AP can be configured with a primary, secondary or tertiary controller. Use ‘Master’ controller for newly added AP’s Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 29

Why LWAPP ? § Longterm goal: vendor interoperability § Secure, zero touch – configuration § Scalability throught centrlized management and configuration § Visibility to networkwide attacks and interference across a system § Management Dynamic, systemwide RF management, including a host of features for smooth wireless operations, such as dynamic channel assignment, transmit power control, and load balancing. Single graphical interface for enterprise-wide policies, including VLANs, security, and Qo. S. § Security Enterprise-wide security policies that encompass all layers of a wireless network, from the radio layer through the MAC layer, and into the network layer. This makes it easier to provide uniformly enforced security and Qo. S or user policies that can address the particular capabilities of different classes of devices, such as handheld scanners, PDAs, or notebook computers. § Mobility Cellular-like fast handoffs. Excellent support for real-time, mobile applications such as voice over WLAN. Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 30

LWAPP Architecture Security Benefits Physical § Configuration not maintained on AP Configuration are automatically downloaded from WLC over AES encrypted link § APs with console ports can have IP address and WLC address configured § APs authenticated to WLC by X. 509 certificate The WLC can also MAC authenticate § WLC authenticated to AP by X. 509 certificate § WLC certificate is installed at manufacture Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 31

LWAPP Architecture Security Benefits Network § AP Communication with WLC via well known UDP ports UDP Ports § APs only communicate with WLC management and ap-management interfaces § The APs have no remote management interface No SNMP No Telnet, SSH … Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 32

Mobile Handset Development – Nokia E-Series Dual – Mode Phone Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 33

Top 4 Reasons Every CXO Needs a Pervasively Deployed Wireless System Security Guest Access Hacker Rogue APs—Employees create opening to enterprise network unknowingly FTC FINES Voice Location § Wi. Fi enabled voice § 7920, Blackberry, Treo § Better coverage § Reduced Cost § Integrated with IP PBX Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 34

The way we work is changing … § 41% of US workers can be considered “mobile” spending 20% of more of their time away from their primary workspace 1 § Dual Mode (Wi. Fi/Cellular) handsets expected to reach over 29 m units by 20093 1 Yankee Presentation_ID Group (2007), 2 Vision Gain, 3 Infonetics © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 35

Mobile Business Solutions from Cisco and Nokia Mobile Endpoints Media Control Cisco Unified Communications Manager Voice-Ready Wireless LAN Infrastructure Presentation_ID Nokia Eseries Dual Mode Phones WLAN Controller © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential Aironet Access Points Cisco Unified Wireless IP Phone 7921 G Cisco Unified Communications Manager Express WCS Qo. S Services 36

Dual – Mode Phone – Overview § Delivered in partnership with Nokia through the Solutions. Plus partner program § Nokia Eseries dual mode handset with Skinny Client Call Control Protocol (SCCP) client works on GSM networks and Cisco Vo. WLAN campus networks § In Cisco Vo. WLAN campus network, Nokia Eseries handsets operates as an IP Phone with Cisco Unified Communications Manager or Cisco Unified Communications Manager Express § In public GSM network, operates as a GSM phone Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 37

Nokia Eseries Dual-Mode Handsets Supported § S 60 3. 0 Nokia mobile handsets supported are: Nokia E 60 Nokia E 61 i Nokia E 65 Nokia E 61 i Nokia E 61 Nokia E 65 Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 38

Solution Architecture Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 39

Mobile Business Solution Architecture Business 3 PSTN Trunk Cisco Unified Wireless Network Cellular Network Enterprise Network WLAN Controller IP Phones WLAN AP 1 CCX v 3 1 Nokia SCCP Mobile Client 2 2 3 Operates as 802. 11 Phone Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential Cellular Mode Wi. Fi Mode (Skinny Client Control Protocol SSCP Client) via Cisco Unified Wireless Network Cisco Unified Communications Manager or Cisco Unified Communications Manager Express 40

Route incoming calls to Nokia Eseries handset within campus WLAN network INSIDE OUTSIDE Cisco Unified Communications Manager or Cisco Unified Communications Manager Express SCCP Cisco Wireless Controller SCCP Cellular Network PSTN Gateway Access Points Switch 802. 11 Shared line DN Nokia Eseries Handset Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential Cisco Unified Wireless IP Phone 7921 G 41

Least cost routing for outgoing calls placed from campus WLAN network INSIDE OUTSIDE Cisco Unified Communications Manager or Cisco Unified Communications Manager Express Cellular Network PSTN SCCP Cisco Wireless Controller SCCP Gateway Access Points Switch 802. 11 Nokia Eseries Handset Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential Cisco Unified Wireless IP Phone 7921 G 42

Least cost routing of internal calls placed from campus WLAN network INSIDE OUTSIDE Cisco Unified Communications Manager or Cisco Unified Communications Manager Express Cellular Network PSTN SCCP Cisco Wireless Controller SCCP Gateway Access Points Switch 802. 11 Nokia Eseries Handset Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential Cisco Unified Wireless IP Phone 7921 G 43

Cisco Vo. WLAN Network Characteristics § 802. 11 b/g § Cisco Compatible Extensions (CCX) Version 3 § No seamless handoff between cellular and WLAN networks § Requires Intellisync Call Connect Version 1. 0 § Qo. S is marked by Nokia Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 44

Q&A Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 45

Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 46