Cisco® Unified Wireless Network Software Release 7.2 and Cisco Aironet® 3600 Series access points address critical enterprise IT challenges related to bring-your-own-device (BYOD) deployments, wireless as the primary access technology, and architectural complexity. Cisco Unified Wireless Network Software Release 7.2 delivers the industry's most scalable and high-performing wireless controller solution, unique network security and optimization for IPv6-enabled mobile clients, and next-generation hotspot capabilities.
A recently published global survey about tablet form-factor mobile devices in the enterprise revealed that three-quarters of IT managers feel that email and document sharing are "must haves". In addition, about half agreed that the following enterprise applications are desirable: video conferencing, instant messaging, and access to company databases (source: ciscopress). These business requirements related to BYOD are underpinning the need for a better user experience, network access control for IPv4 and IPv6 clients, and enterprise-class voice-video connectivity with transparent roaming.
New Features
The new features discussed here are included in Cisco Unified Wireless Network Software Release 7.2. The features are supported in the following platforms:
• Cisco Aironet access points running the Control and Provisioning of Wireless Access Point (CAPWAP) Protocol
• Cisco 2500 and 5500 Series Wireless Controllers
• Cisco Flex™ 7500 Series Wireless LAN Controllers (WLCs)
• Cisco Catalyst® 6500 Series Wireless Services Module 2 (WiSM2)
• Cisco 3300 Series Mobility Services Engine (MSE)
• Cisco Prime™ Network Control System (NCS) 1.1
Cisco Aironet Access Points: New Features
Table 1 summarizes the new features of the Cisco Aironet 3600 Series access points.
Table 1. New Cisco Unified Wireless Network Software Release 7.2 Access Point Features
Feature
Description
Benefit
AP Groups and RF profiles
Capability to segment and form virtual subgroup of access points
Capability to apply different RF configurations for different access point groups
Capability to customize the wireless network to business needs and locations, providing increased reliability and faster remediation
Centralized configuration from the WLC makes it simple for customer to create and manage multiple groups
Cisco CleanAir™ Technology enhancements
• Persistent device avoidance: Reduced use of channels affected by persistence interference; persistent device detected by local and monitor mode access point propagated to both Cisco CleanAir Technology and other access points
• Custom event-based radio resource management (RRM) threshold: Capability for the radio to change channel in reaction to strong interference reported in the form of the air-quality index
• Air-quality unclassified: New alarm triggered by the severity of the unclassified category exceeding a configured threshold
Flexibility to configure policies to address certain conditions of interference and unknown devices unique to customer's environment
Enhanced quality-of-service (QoS) prioritization
Increased flexibility in how customers can apply QoS priority against their unicast and multicast traffic on a per-wireless LAN (WLAN) basis within the access point
Capability to deploy a diverse set of user devices and support high-bandwidth, latency-sensitive applications, including voice and video streaming, in the wireless network
Video client scaling
Enhanced scaling of client devices streaming video along with mixed voice and data client traffic concurrently over the access point
• Gives companies the foundation and freedom to continue expanding their use of video within their businesses to service both internal corporate users and end customers
• Helps businesses address the changes in the network: as more mobile devices enter the corporate network, they increase demand for real-time multimedia applications, particularly video and voice, as well as traditional data applications
Multicast
Multicast enhancements to increase the scale, prioritization, and overall throughput of multicast sessions supported
Builds on existing video support, to allow high-density deployments such as auditoriums, classrooms, and stadiums to scale their multicast video content distribution at events and reach more client devices: smartphones, tablets, and other wireless mobile devices
Indoor wireless mesh
Capability to enable indoor wireless mesh support on the Cisco Aironet 3600 Series access point
Extends indoor mesh (bridge mode) capability to the recently released Cisco Aironet 3600 Series access points with 4x4:3SS 802.11n support.
Support for CAPWAP (secure enterprise access) on a second wired port on the Cisco Aironet 600 Series OfficeExtend Access Point (OEAP)
Extends support to two ports; previously, only one port was supported
Enables customers to support more scenarios in home and branch-office environments
Cisco Wireless LAN Controllers: New Features
In Cisco Unified Wireless Network Software Release 7.2, Cisco WLCs continue to lead the market in scale and performance, with specific enhancements in Cisco Catalyst 6500 Series WiSM2 and Cisco Flex 7500 Series controllers. Tables 2 and 3 list the new scale and performance numbers for these controllers. Table 4 lists the Cisco Unified Wireless Network Software Release 7.2 features.
Table 2. Cisco Unified Wireless Network Software Release 7.2 Scale and Performance Attributes for Cisco Catalyst 6500 Series WiSM2 Controllers
Attribute
Release 7.0
Release 7.2
Maximum number of access points in a controller
500
1,000
Maximum number of access points in a Cisco Catalyst 6500 Series Switch chassis
2,100
7,000
Maximum number of clients in a controller
10,000
15,000
Maximum number of clients in a chassis
70,000
105,000
Throughput
10 Gbps
20 Gbps
Table 3. Cisco Unified Wireless Network Software Release 7.2 Scale and Performance Attributes for Cisco Flex 7500 Series Controllers
Attribute
Release 7.0
Release 7.2
Maximum number of access points
2,000
3,000
Maximum number of clients
20,000
30,000
Maximum number of Cisco Flex groups
500
1,000
Maximum number of Cisco Aironet 600 Series OEAPs
-
3,000
Throughput
250 Mbps
1 Gbps
Datagram Transport Layer Security (DTLS) support for management of Cisco Aironet 600 Series OEAP
Intelligent IPv6 packet processing to enable transparent Layer 3 roaming for IPv6 and dual-stack clients
Provides reliable connectivity while roaming
IPv6 security
First-hop security features including router advertisement guard, which automatically blocks rogue router announcements from the access point; source guard; and Dynamic Host Configuration Protocol (DHCP) guard
Increases network availability and lowers operating costs through proactive blocking of known threats
IPv6 client management
IPv6 addresses visibility on a per-client basis; systemwide IP version distribution and trending from Cisco Prime NCS
Equips administrators for IPv6 troubleshooting and addresses planning, client traceability, etc. from a common wired and wireless management system
IPv6 packet optimization
Intelligent packet processing through Neighbor Discovery Protocol (NDP) proxy and rate limiting of chatty IPv6 packets
Increases radio efficiency and reduces CPU utilization in the router
Cisco TrustSec® Security Exchange Protocol (SXP) support
SXP enables security group-based access control, which abstracts network topology from policy, reducing the number of rules to be implemented and managed
Provides simplified management and centralized distribution of policy from a management server to meet the various business requirements, using the current access layer design; increases scalability and agility to adapt to business growth and changes
Cisco FlexConnect™: Efficient access point image upgrade
One Cisco FlexConnect access point per branch location acts as a master and downloads the image from the controller; other access points in the branch location predownload the access point image from the master
Provides local distribution of the image from the master to other access points in a branch office, speeding up the upgrade process and thereby reducing traffic over the WAN and providing increased reliability
Cisco FlexConnect: Access control lists (ACLs)
Allows filtering of client traffic that is locally switched on the Cisco FlexConnect access point
Enhances protection and integrity of locally switched data traffic at the Cisco FlexConnect access point
Cisco FlexConnect: Authentication, authorization, and accounting (AAA) override for dynamic VLAN assignment
Allows overriding of AAA mapping for dynamic VLAN assignment on the Cisco FlexConnect access point
Provides deployment flexibility for VLAN assignments for locally switched clients
Cisco FlexConnect: Fast roaming for voice clients in a Cisco FlexConnect group
Removes WAN link dependency by handling mobility events at the Cisco FlexConnect access point
Reduces roaming delay for fast roaming clients
Cisco FlexConnect: Layer 2 security for centrally switched users on Cisco Flex 7500 Series controller
Provides a full range of authentication mechanisms with IEEE 802.1x for centrally switched users
With the Cisco Flex 7500 Series controller, can support IEEE 802.1x authentication for centrally switched users
Cisco FlexConnect: Context-aware support on Cisco Flex 7500 Series controller
Provides comprehensive location information through Cisco 3300 Series MSE and context-aware software
Provides enhanced security to track thousands of mobile devices with alerts, notifications for rogue devices, and deployment optimization for Wi-Fi clients and tagged assets
Cisco FlexConnect: Peer-to-peer (P2P) blocking
A per-WLAN P2P configuration is pushed to the Cisco FlexConnect access point. After the access point is enabled, P2P communication on the WLAN is blocked
Limits vulnerabilities from insecure P2P client communication
Rogue enhancements
Capability to configure minimum received signal strength indication (RSSI) value for rogue clients, report after a minimum time, ignore transient rogue clients, and not track friendly rogue clients
Provides advanced controls for rogue-client monitoring, detection, and management
Wi-Fi Direct client management
Per-WLAN configuration to allow or block a Wi-Fi Direct client from joining the WLAN
Provides flexible architecture to support and detect Wi-Fi Direct clients, thereby decreasing enterprise vulnerability from this new technology
Next-generation hotspot (Hotspot 2.0)
Support for features described in the IEEE 802.1u Interworking with External Networks amendment; the interworking service enables a WLAN to assist mobile clients in automatic network discovery and selection by providing information about the network to the clients prior to association
• Supports interworking services, enabling equipment manufacturers and operators to provide standardized, interoperable components and thereby simplifying connectivity and improving services to Wi-Fi customers within the enterprise as well as public access and service provider (including residential) markets for hotspot access (whether subscription based or free)
• Lays the foundation for future Wi-Fi passpoint certification
Cisco ISE 1.1 enhancements
Support for central web authentication (CWA), in addition to local mode authentication and posture assessment for guest with device registration
Simplifies BYOD deployment with the introduction of automated device registration and posture assessment for guest access
Adder licenses without reboot
Capability to apply adder licenses without rebooting the WLC
Dynamically increases the scale of the controllers to meet network growth requirements with no service disruption
Fast-roaming solution using sticky-key caching
Fast roaming is a technique used to reduce client association time when it roams across access points. This feature allows a client to cache multiple Pairwise Master Key Security Association (PMKSA) instances in the hope that it can reuse an instance to associate with an access point
Avoids costly IEEE 802.1x authentication, which can be accomplished using Lightweight Extensible Authentication Protocol (LEAP), Protected EAP (PEAP), EAP Transport Layer Security (EAP-TLS), etc., benefiting customers with selected client models from vendors such as Apple and Motorola that do not support standards-based roaming
Mobility Services
Cisco MSE offers service-plane separation for scalable services delivery and a single interface point to securely expose network intelligence to third-party applications. In Cisco Unified Wireless Network Software Release 7.2, these capabilities are enhanced through the introduction of virtual appliances and high availability.
Table 5 describes the new features specific to Cisco MSE with Cisco Unified Wireless Network Software Release 7.2.
Table 5. Cisco Unified Wireless Network Software Release 7.2 and Cisco MSE Features
Feature
Description
Benefit
High availability
• High availability for all services supported
• Automatic and manual failure supported
• Both 1:1 and 2:1 configuration supported
Failover time of less than 1 minute enhances the redundancy and availability of the mobile services with no incremental license cost
Virtual appliance
• Supported in the VMware ESX and ESXi 4.1 hypervisor and distributed as an OVA image
• Scaling up to 50,000 endpoints or 10,000 Cisco MSE Adaptive wIPS instances in a single virtual Cisco MSE instance
Cisco MSE virtual appliance provides flexible deployment options and scalability without requiring dedicated physical appliances
Cisco MSE Adaptive Wireless Intrusion Prevention System (wIPS) alarm enhancements
Addition of nine new security penetration and denial-of-service (DoS) alarms
Provides additional threat protection, thus enhancing security for the wireless infrastructure
Context-aware support for Cisco FlexConnect
Provides comprehensive location information through Cisco 3300 Series MSE and context-aware software
Provides enhanced security to track thousands of mobile devices with alerts, notifications for rogue devices, and deployment optimization for Wi-Fi clients and tagged assets
Support for GPS coordinates
Provides x,y and GPS locations for all elements that are being tracked by Cisco MSE
Configuration wizard
Makes adding and configuring Cisco MSE a simple one-step process
Simplifies Cisco MSE configuration
Cisco Prime Network Control System
Cisco Prime NCS is a critical component of the Cisco Prime portfolio of management products. The Cisco Prime portfolio of management products has a service-centric foundation and supports integrated lifecycle management of Cisco architectures and technologies. Cisco Prime products are built on an intuitive workflow-oriented user experience.
Benefits of Cisco Prime products include:
• Simplified and predictable network management through a set of common attributes that deliver operational advantages and control across architectures, networks, and services
• Increased operating efficiency through reduced network errors, faster troubleshooting, and improved delivery of services
• Lower total cost of ownership (TCO) by getting the most value from the existing network investment and integrating with existing operation systems and processes
Cisco Prime NCS provides a single-pane view of converged user and access management for wired and wireless networks, with complete wireless lifecycle management.
Table 6 describes the new features specific to Cisco Prime NCS 1.1 with Cisco Unified Wireless Network Software Release 7.2.
Table 6. Cisco Unified Wireless Network Software Release 7.2 and Cisco Prime NCS Features
Feature
Description
Benefit
IPv6 client management
View IPv6 (wired and wireless client) addresses on a per-client basis; see systemwide IP version distribution and trending from Cisco Prime NCS
Equip administrators for IPv6 troubleshooting and address planning, client traceability, etc. from a common wired and wireless management system
Rogue rules customization
Customize rogue rules
Customize rogue rules on the controller based on SSID, RSSI, and other parameters for better filtering of false positives; associated Cisco Prime NCS support for this feature
Rogue access point alarm severity customization
Customize rogue access point alarm severity
Customize rogue access point alarm severity so it can be tied to email notifications in Cisco Prime NCS; you can choose to get alerted for malicious rogues only or for any rogue
Multilevel filters in client reports
Use more than one filter in reports: floor plus SSID, for example
Focus only on clients of interest
Advance filters: Client list page
Support advance filters on the client list page; similar to the alarms page
Focus only on clients of interest
Graphical display of historical clients
View graphical display of historical client counts on access point pages
Show graphical charts to trend client counts on access point detail pages
Batch reports and templates
Create batch report and templates
Create a report template at the root domain and turn it into a template for all member domains so that a report can be created and populated for all domains under it
Branch-location and WAN management
Manage Cisco Integrated Services Routers and Aggregation Services Routers (ASRs):
• Cisco 800, 1800, 1900, 2800, 2900, 3800, and 3900 Series ISRs
• Cisco ASR 1001, 1002, 1004, 1006, and 1013
Simplify large-scale deployment of branch networks
Limited Lifetime Hardware Warranty
Cisco Aironet 1260, 3500, and 3600 Series access points come with a Limited Lifetime Warranty that provides 10-day advance hardware replacement and helps ensure that software media is free of defects for 90 days. For comprehensive support that can help increase network performance and efficiency, Cisco offers a range of services from which you can choose support capabilities that meet your needs, including direct, anytime access to Cisco engineers, flexible device-by-device coverage, and premium OS software updates. For more information, visit http://www.cisco.com/go/warranty.
Service and Support
Services from Cisco and our partners can help you assess, design, tune, and operate your wireless LAN to transparently integrate mobility services and take advantage of the systemwide capabilities of the Cisco Unified Wireless Network.
Our professional services help you align your interference management, performance, and security needs with your technical requirements to better utilize the self-healing, self-optimizing features built into the silicon-level intelligence of Cisco CleanAir Technology and the increased performance of the IEEE 802.11n standard. These services can enhance deployment and operation efficiency to reduce the cost and complexities of transitioning to new technologies.
Our technical support services help you maintain network availability and reduce risk. Optimization services provide ongoing assistance with performance and secure access and help you maintain a strong foundation for business evolution and innovation.
For more information about planning, building, and run services for Cisco CleanAir Technology, Cisco IEEE 802.11n, and the Cisco Unified Wireless Network, visit Cisco Technical Support Services or Cisco Professional Services.
