802.11ac radio module and innovations in the Cisco® Wireless Release 7.5 now bring wire-like performance to wireless networks together with sub-second failover capability for mission critical deployments. Release7.5 is loaded with market leading features like an integrated BYOD policy engine, location-aware Bonjour Policy and CMX Browser Engage for cutting-edge mobile user experience.
Key Features in Release 7.5
• Cisco Aironet access point module for 802.11ac: Industry's first enterprise-class WFA-802.11ac certified access point
• Cisco Aironet 700 Series Access Point: An affordable, compact dual-radio access point for value-minded customers looking to modernize their networks to handle today's increasingly complex wireless access demands
• Client stateful switchover (SSO) across geographical locations: Controller redundancy with no client reauthentication and subsecond switchover
• Application services for wireless users:
– AVC protocol pack: Enables customers to update the protocol libraries with a simple protocol pack update instead of a standard software upgrade, to meet the dynamic, fast-changing application environment
– Bonjour services: Discovers services on a VLAN Layer 2 adjacent to the wireless access point. Wireless services in the vicinity of the client are provided
• Converged Access: Ability to run Mobility Controller (MC) functionality on a 5508 or WiSM2 in the Converged Access mode with a Catalyst 3850 mobility agent (MA)
• Integrated BYOD policy engine: The onboard wireless policy engine enables profiling of wireless devices and policy enforcement to address customers' bring-your-own-device (BYOD) deployments
• Guest access (sleeping client): Clients connected to the network are remembered even after waking up, eliminating the need for user intervention to reenter credentials
• CMX browser engage: Browser-based communication capabilities are available in Cisco Connected Mobile Experiences (CMX), enabling organizations to engage users in their venue based on the user's context: where they are, how long they have been there, whether they are a new or repeat visitor, or even what sites they are visiting
Platform Support
Cisco Wireless Release 7.5 is supported on the following platforms:
• Cisco Aironet access points running the Control and Provisioning of Wireless Access Points (CAPWAP) Protocol
• Cisco 2500 and 5500 Series Wireless LAN Controllers
• Cisco Catalyst 6500 Series Wireless Services Module 2 (WiSM2)
• Cisco Flex7500 Series FlexConnect™ Wireless Controllers
• Cisco 8500 Series Wireless Controllers
• Cisco Wireless LAN Controller Module for Integrated Services Routers G2 (UCS-E)
• Cisco Virtual Wireless Controller (vWLC)
• Cisco Mobility Services Engine (MSE)
Cisco Wireless LAN Controllers: New Features
In Software Release 7.5.102.0, Cisco wireless LAN controllers provide solutions to enable wireless as the primary means of access and to simplify high density media rich wireless deployments. Table 1 describes the new features of the wireless controllers in this release.
Table 1. New Controller Features in Cisco Wireless Release 7.5.102.0
Feature
Description
Benefit
High availability (HA): Client SSO
Enables client stateful switchover for 1:1 redundant controller deployments
Industry's first and only controller redundancy solution reduces client downtime to less than a second for business-critical applications, with no client reauthentication needed. The redundant controllers can be geographically distributed over a Layer 2 connection for data center level redundancy
Wireless policy engine
Wireless device profiler and policy classification feature on the Cisco wireless controller
The onboard wireless policy engine enables profiling of wireless devices and policy enforcement to address customers' BYOD deployments
Virtual controller: Datagram Transport Layer Security (DTLS)
Enables industry-standard CAPWAP encryption using DTLS
Extends corporate network services securely to a remote teleworker
Virtual controller: Bidirectional rate limiting
Provides the ability to rate-limit traffic, both downstream and upstream, on either a per-Service Set Identifier (SSID) or per-client basis for real-time (User Datagram Protocol, or UDP) or data (TCP) traffic
Customers can prevent excessive bandwidth usage on certain SSIDs (for example, guest) or by specific users (bandwidth hogging) from affecting other users on the network
• 802.11ac module for the Aironet 3600 Series enables support for 802.11ac Wave 1 (Draft 5)
• First enterprise-class 802.11ac solution shipping in the marketplace
• First 802.11ac certified solution for the commercial enterprise space, published by the Wi-Fi Alliance
• 802.11ac Wave 1 provides enhanced support for 5 GHz, including:
• 1.3 Gbps PHY max data rate
• 3x3 Multiple Input, Multiple Output (MIMO)
• 3 spatial streams
• 80-MHz wide channels
256 quadrature amplitude modulation (QAM)
Enables support of the next-generation 802.11 Wi-Fi protocol that defines Gigabit wireless
This initial implementation of the specification moving toward IEEE ratification provides three times the performance of 802.11n, using wider channels, enhanced modulation, and a more streamlined protocol to provide significant performance enhancements and enabling client devices to get on and off the network faster
Enterprise companies across all industries are expressing interest in 802.11ac with a variety of different drivers and deployments models:
• Healthcare: Large file movement and real-time imaging of MRI information
• Higher education: Both pervasive and targeted areas of coverage for their high-bandwidth student base, which also typically has three or more devices per student
• K-12: Increased density of wireless devices per classroom and increased use of video as a teaching method with the student
Service providers are also very interested in 802.11ac, both for their own corporate IT infrastructure as well as for service offerings to the public supporting the new wave of client devices entering with 802.11ac built in
Cisco Aironet 700 Series Access Point
Compact access point with the feature set to deliver highly secure and reliable wireless connections. It provides simultaneous dual radios and a 2 x 2: 2 radio design that enables data rates up to 300 Mbps
An affordable, compact dual-radio access point for value-minded customers looking to modernize their networks to handle today's increasingly complex wireless access demands. As part of the Cisco Unified Wireless Network, the Aironet 700 Series provides low total cost of ownership and investment protection by integrating smoothly with existing networks or hotspot deployments
Mobility Services
Table 3 describes new Cisco Mobility Services Engine (MSE) features in Cisco Wireless Release 7.5.
Table 3. New Cisco MSE Features in Release 7.5
Feature
Description
Benefit
CMX browser engage
In-venue customer engagement by providing rich contextual information on customer's mobile device.
Capabilities include:
• Indoor navigation: Navigate to and search for relevant points of interest on a floor map.
• Campaign management: Run relevant campaigns at venues based on different rules such as time, date, and location.
• Location services: Provide access to local services throughout the user's browser experience. Services are customizable by venue and time.
URL analytics
Web analytics: Aggregate statistics on URLs visited by venue and zone.
Enables merchants to better understand and meet their customer needs.
Representational State Transfer (REST) API
Support for MSE location REST API with XML and JSON data formats.
Support for northbound notification over HTTP/HTTPS/TCP with support for XML JSON and protobuf data format.
Lightweight REST protocol is easy to integrate with mobile apps.
Location analytics enhancements
Improved analytics on movements between zones and the flow around the buildings (speed and duration distributions).
Enables users to get information on visitors' movement around the area of interest more easily and quickly. This allows for better targeted marketing and improved wait times.
Midmarket MSE OVA
MSE virtual appliance with 250-GB hard disk requirement.
MSE virtual appliance with a smaller footprint for midmarket customers.
Exposing tag relative signal strength indicator (RSSI)
RSSI (probe) is exposed via MSE to third-party location apps. Base Location license is required.
Provides a single interface to integrate with third-party RFID tag vendors.
MSE licensing
3355 MSE scale increased to 2500 access points for Base and CMX license.
High-end virtual appliance scales to 5000 access points for Base and CMX license.
Higher scaling.
vWLC support
Supports virtual controller on MSE.
Customers can use the virtual controller with MSE without running command-line interface (CLI) commands.
Rogue access point zone of impact
Shows rogue access point zone of impact in Cisco Prime Network Control System (NCS) maps.
Enhanced map filtering and enhanced search for wireless intrusion prevention system (wIPS) attacks. Different icons for attacker and victim.
Easy identification of high-impact rogue access points on a map. The radius of the impact and the number of valid clients attached is shown on the map through the zone of impact.
Auto MAC address learning
MSE stores the state of the client.
Prevents valid clients from associating with rogue access points.
Adaptive wIPS (aWIPS) attack prevention
Automatic containment based on profile.
Automatic mitigation for aWIPS attacks.
New signatures
Signature update.
New threats detected by the aWIPS solution.
wIPS alarm consolidation
Consolidates wIPS alarms based on predefined rules.
Concise information to help the user determine the real attack or threat.
New wIPS UI
New wireless security wizard workflows.
Improved usability and intuitive workflow.
Forensics
Capability to start and stop forensics on a selected access point.
Better troubleshooting capability.
CMX Connect (demo version)
Visitor management. Supports web authentication, web passthrough, and social media authentication.
Visitor management.
Cisco Prime Network Infrastructure 1.4
Cisco Prime Infrastructure is a network management platform that supports lifecycle management of your entire network infrastructure from one GUI (Figure 1). Prime Infrastructure provides network administrators with a "single pane of glass" solution for provisioning, monitoring, optimizing, and troubleshooting both wired and wireless devices. Robust GUIs make device deployments and operations simple and cost-effective.
Figure 1. Cisco Prime Infrastructure 1.4
Cisco Prime Infrastructure 1.4 with Cisco Wireless Release 7.5 adds support for new features, as described in Table 4.
Table 4. New Cisco Prime Infrastructure 1.4 Features That Support Cisco Wireless Release 7.5
Feature
Description
Benefit
Management support for Release 7.5 and associated features
Support for new access point platforms (Aironet 3600p, 802.11ac module, etc.) and other features.
802.11.w.
Proactive capacity alarm or notification for RFID, clients.
Web authorization and Dot1x support.
Return additional 6 parameters for Dynamic Host Configuration Protocol (DHCP) option 82 configuration.
Centralized configuration, monitoring, and troubleshooting for the new access point and controller features.
Management support (configuration and monitoring) for Policy Classification Engine on wireless controller (Release 7.5 and later)
Policy classification enables customers to perform client (network endpoint) profiling at the controller and then configure and enforce policies on a per-device or per-user basis.
Policy Classification Engine on wireless controller enables this capability without the Cisco Identity Services Engine (ISE). Note that the ISE offers a much richer set of features, such as device profiling, onboarding, posture, and extensive policy management. The client device identification is based on protocols such as HTTP, DHCP, and MAC. The profiling can then be done based on factors including device type, user role/ID/password, location, time of day, EAP type, etc. Customers can configure and enforce policies on a per-device or per-user basis. Cisco Prime Infrastructure provides a scalable and easy mechanism to configure and monitor this capability on one or more wireless controllers using templates.
Configuration of sleeping client enhancement feature
Caches client credentials for a configurable period of up to 30 days (720 hours).
Previously (until Release 7.4), web authentication-enabled client devices connected to a WLAN via a wireless controller had to reauthenticate with login credentials (ID/password) when waking up from sleep. Release 7.5 added the ability to cache client credentials for a configurable period of up to 30 days (720 hours) and allows clients to reconnect to the network without having to reauthenticate on wakeup after sleep. Cisco Prime Infrastructure provides the necessary templates to configure the parameters on a per-WLAN basis and the ability to apply them to one or more wireless controllers.
Management support (configuration and monitoring) for a FlexConnect enhancement feature that allows customers to do WLAN-to-VLAN mapping at the FlexConnect group level
Allows customers to do WLAN-to-VLAN mapping at the FlexConnect group level.
Before Release 7.5, WLAN-to-VLAN mapping was configured on a per-access point basis, making this mapping difficult in deployments that had large numbers of access points in a FlexConnect group. This feature allows customers to do WLAN-to-VLAN mapping at the FlexConnect group level, making it scalable. Cisco Prime Infrastructure provides the necessary templates to configure the parameters and apply them to one or more wireless controllers.
Management support for new access point hardware:
802.11ac module: A field-upgradable add-on module to the Aironet 3600 Series
Simple Network Management Protocol (SNMP) MIB enhancements to the 802.11ac module for the Aironet 3600e or 3600 access points.
Same form factor as the Cisco Aironet Access Point Module for Wireless Security and Spectrum Intelligence.
Aironet 3600 Series maintains dual-band support for 2.4 and 5 GHz, supporting 802.11b/g/n on 2.4 GHz and 802.11a/ac/n on 5 GHz.
802.11ac module for the Aironet 3600e or 3600 access point allows customers to deploy 802.11ac in an enterprise using their existing Aironet 3600. The Aironet 3600 maintains dual-band support for 2.4 and 5 GHz, supporting 802.11b/g/n on 2.4 GHz and 802.11a/ac/n on 5 GHz. Cisco Prime Infrastructure (starting with Release 1.4) will provide support for configuring and monitoring the main radio and the module radio (with support for additional configuration such as channel width, dynamic channel assignment [DCA], Modulation and Coding Scheme [MCS], etc.)
Management support (configuration, templates) for a feature that enables customers to manage LED settings on the access point
Enables customers to manage LED settings (on/off duration and schedule) on the access point.
Beginning with Release 7.5, customers can configure access point LED capabilities from the wireless controller and Prime Infrastructure. Using a lightweight access point configuration template, customers can now configure the duration and schedule for access point LEDs. This feature is critical to customers in specific sectors (such as healthcare).
Management support for FlexConnect local authentication enhancement, adding EAP-TLS and PEAP
EAP-TLS and PEAP options for FlexConnect local authentication.
Release 7.5 has enhanced FlexConnect local authentication by adding EAP-TLS and PEAP. Previously we supported only Lightweight EAP (LEAP) and EAP-Fast. Cisco Prime Infrastructure (starting with Release 1.4) will provide support for configuration of these two additional authentication methods.
Reporting enhancement: Inventory report will show dead radios (in both Lightweight Access Point Protocol [LWAPP] and autonomous access points)
Inventory report to show dead radios (in both LWAPP and autonomous access points).
Release 7.5 has enhanced reporting functionality to show dead radios for both LWAPP and autonomous access points.
Management support for new functionality on MSE: Billboard and proxy services
Billboard and proxy services.
Release 7.5 has added the ability to launch billboard services. This allows customers to enhance in-venue engagement with venue visitors and customers carrying Wi-Fi-enabled mobile devices. Cisco Prime Infrastructure provides the configuration and templates necessary to configure billboard and proxy services parameters on the MSE.
Management support for client SSO on Cisco WLAN
Client SSO in Cisco WLAN.
Release 7.5 has introduced stateful switchover of the wireless clients that have successfully connected and are transferring data. This feature can be enabled in deployments where an access point serving the client is connected to a wireless controller in a 1:1 HA configuration. The key benefit of this feature is that when the primary wireless controller in this configuration goes down, access points and associated clients transition to the secondary controller without affecting the service. Cisco Prime Infrastructure 1.4 provides the configuration and templates necessary to configure this feature on wireless controllers running Release 7.5.
Management support for cable modem monitoring
Enables customers to monitor the health of the cable modem in the Aironet 1552C Outdoor Mesh Access Point.
Allows service provider customers to monitor the health of cable modems with Cisco Prime Infrastructure. Currently customers have to log in to their Cable Modem Termination System (CMTS) to monitor the cable modem module in the Aironet 1552C. With this feature, we link access points, wireless controllers, and cable modems and their associated CMTS, enabling customers to monitor the cable modem and access point from one tool.
Management support for Proxy Mobile IP (PMIP) v6 Mobile Access Gateway (MAG) implementation and enhancements
Support for PMIPv6 MAG implementation and enhancements.
Release 7.5 enhances support for PMIPv6 by adding the following two capabilities to the wireless controller: (a) support for centralized web authentication scenarios; (b) support for dynamic attributes - MAG support for obtaining PMIPv6 attributes (such as local mobility anchor [LMA] address, service selection type, etc.) dynamically from an AAA server. Customers can now use Cisco Prime Infrastructure to configure and monitor these features.
Service and Support
Services from Cisco and our partners can help you assess, design, tune, and operate your wireless LAN to transparently integrate mobility services and take advantage of the systemwide capabilities of the Cisco Unified Wireless Network.
Our professional services help you align your interference management, performance, and security needs with your technical requirements to better use the self-healing, self-optimizing features built into the silicon-level intelligence of Cisco CleanAir® technology and the increased performance of the 802.11n standard. These services can enhance deployment and operational efficiencies to reduce the cost and complexity of transitioning to new technologies.
Our Technical Support Services help you maintain network availability and reduce risk. Optimization services provide ongoing assistance with performance, secure access, and maintaining a strong foundation for business evolution and innovation.
For More Information
• For more information about planning, building, and running services for Cisco CleanAir technology, Cisco 802.11n, and the Cisco Unified Wireless Network, visit Cisco Technical Support Services or Cisco Professional Services. http://www.cisco.com/go/services
