|
|
The Cisco® 8500 Series Wireless Controllers are a highly scalable and flexible platform that enables mission-critical wireless networking in large-scale service provider and large-campus deployments.
Designed for 802.11n performance and maximum scalability, the 8500 Series offers enhanced uptime for high-scale deployments with support for:
• 6000 access points and 64,000 clients in a 1RU form factor
• 4096 VLANs for large-scale deployments
• Sub-second access point and client failover for Service Set Identifier (SSID) high availability
• Dual-redundant power supplies installed (AC or DC)
• Dual-redundant 10 Gigabit Ethernet connectivity
Figure 1. Cisco 8500 Series Wireless Controller
Features
The Cisco 8500 Series Wireless Controllers (Figure 1) provide centralized control, management, and troubleshooting for high-scale deployments in service provider and large campus deployments. The 8500 Series offers flexibility to support multiple deployment modes in the same controller: for example, centralized mode for campus, Cisco FlexConnect™ mode for lean branches managed over the WAN, and mesh (bridge) mode for deployments where full Ethernet cabling is unavailable.
The Cisco 8500 Series Wireless Controllers support Cisco Application Visibility and Control (AVC). Cisco AVC includes the Network-Based Application Recognition 2 (NBAR-2) engine, Cisco's deep packet inspection (DPI) capability, which classifies applications, applies quality of service (QoS) settings to either drop or mark the traffic, and prioritizes business-critical applications in the network. Cisco AVC uses NetFlow Version 9 to export the flows to Cisco Prime™ Infrastructure or a third-party NetFlow collector.
The Cisco 8500 Series also supports Bonjour Services Directory to enable Bonjour Services to be advertised and utilized in a separate Layer 3 network. A wireless policy engine on the Cisco 8500 Series enables profiling of wireless devices and enforcement of policies such as VLAN assignment, QoS, access control lists (ACLs), and time-of-day- based access.
Cisco 8500 Series Wireless Controllers automate wireless configuration and management functions and allow network managers to have the visibility and control needed to cost-effectively manage, secure, and optimize the performance of their branch networks. As a component of the Cisco Unified Wireless Network, this controller provides real-time communications between Cisco Aironet® access points, Cisco Prime Infrastructure, and the Cisco Mobility Services Engine, and is interoperable with other Cisco controllers.
The Cisco 8500 Series has integrated Cisco CleanAir® technology, providing the industry's only self-healing and self-optimizing wireless network for branches.
Software Licensing Flexibility
Cisco 8500 Series Wireless Controllers provide right-to-use license enablement (with EULA agreement) for faster time to deployment, with the flexibility to add additional access points (up to 6000 access points) as business needs grow. Table 1 lists the features and benefits of the Cisco 8500 Series Wireless Controllers.
Table 1. Features and Benefits
|
Feature |
Benefits |
|
Scalability |
• Supports 300, 500, 1000, 3000, or 6000 access points
• Supports 64,000 clients
• Supports up to 6000 branch locations (up to 2000 Cisco FlexConnect groups) with 100 access points per branch
• Supports up to 4096 VLANs
|
|
RF management |
• Provides both real-time and historical information about RF interference affecting network performance across controllers, through systemwide integration of Cisco CleanAir technology
|
|
Cisco FlexConnect, centralized switching, and mesh access point support |
• Centralized control, management, and client troubleshooting
• Seamless client access in the event of a WAN link failure (local data switching)
• Highly secure guest access
• Indoor and outdoor mesh access point support
• Efficient access point upgrade that optimizes the WAN link utilization for downloading access point images
• Cisco OfficeExtend technology that supports corporate wireless service for mobile and remote workers with secure wired tunnels to Cisco Aironet 1130 or 1140 Series Access Points
• Rogue detection for Payment Card Industry (PCI) compliance
|
|
Service provider Wi-Fi |
• Wi-Fi Certified Passpoint (Hotspot 2.0), facilitating hotspot operation for mobile data offloads
• Network-based mobility management with Proxy Mobile IPv6 Mobility Access Gateway (MAG) support for integration with cellular data networks
|
|
Comprehensive end-to-end security |
• Offers CAPWAP-compliant Datagram Transport Layer Security (DTLS) encryption on the control plane between access points and controllers across remote WAN links
|
|
End-to-end voice |
• Supports Cisco Unified Communications for improved collaboration through messaging, presence, and conferencing
• Supports all Cisco Unified IP Phones for cost-effective, real-time voice services
|
|
Fault tolerance and high availability |
• Access points continue to provide seamless services when a controller fails; provides failover to another backup controller for centralized control and management
• SSID high availability with sub-second access point and client failover from the primary to standby controller
• Redundant power supply helps ensure maximum availability
• 10 Gigabit Ethernet connectivity: Two 10 Gigabit Ethernet ports for redundancy
|
|
Enterprise Wireless Mesh |
• Allows access points to dynamically establish wireless connections without the need for a physical connection to the wired network
• Available on select Cisco Aironet access points, Enterprise Wireless Mesh is ideal for warehouses, manufacturing floors, shopping centers, and any other location where extending a wired connection may prove difficult or aesthetically unappealing
|
|
High-performance video |
• Integrates Cisco VideoStream technology as part of the medianet framework to optimize the delivery of video applications across the WLAN
|
|
Mobility, security, and management for IPv6 and dual-stack clients |
• Highly secure, reliable wireless connectivity and consistent end-user experience
• Increased network availability through proactive blocking of known threats
• Equips administrators for IPv6 planning, troubleshooting, and client traceability from Cisco Prime Infrastructure
|
|
Environmentally responsible |
• Organizations may choose to turn off access point radios to reduce power consumption during off-peak hours
|
Table 2 lists the product specifications for the Cisco 8500 Series Wireless Controllers.
Table 2. Product Specifications
|
Item |
Specifications |
|
Wireless |
IEEE 802.11a, 802.11b, 802.11g, 802.11d, WMM/802.11e, 802.11h, 802.11n, 802.11k, 802.11r, 802.11u, 802.11w, 802.11ac |
|
Wired/switching/routing |
IEEE 802.3 10BASE-T, IEEE 802.3u 100BASE-TX, 1000BASE-T. 1000BASE-SX, 1000-BASE-LH, IEEE 802.1Q VLAN tagging, IEEE 802.1AX Link Aggregation |
|
Data RFCs |
• RFC 768 UDP
• RFC 791 IP
• RFC 2460 IPv6 (pass-through Bridging mode only)
• RFC 792 ICMP
• RFC 793 TCP
• RFC 826 ARP
• RFC 1122 Requirements for Internet Hosts
• RFC 1519 CIDR
• RFC 1542 BOOTP
• RFC 2131 DHCP
• RFC 5415 CAPWAP Protocol Specification
|
|
Security standards |
• Wi-Fi Protected Access (WPA)
• IEEE 802.11i (WPA2, RSN)
• RFC 1321 MD5 Message-Digest Algorithm
• RFC 1851 ESP Triple DES Transform
• RFC 2104 HMAC: Keyed Hashing for Message Authentication
• RFC 2246 TLS Protocol Version 1.0
• RFC 2401 Security Architecture for the Internet Protocol
• RFC 2403 HMAC-MD5-96 within ESP and AH
• RFC 2404 HMAC-SHA-1-96 within ESP and AH
• RFC 2405 ESP DES-CBC Cipher Algorithm with Explicit IV
• RFC 2407 Interpretation for ISAKMP
• RFC 2408 ISAKMP
• RFC 2409 IKE
• RFC 2451 ESP CBC-Mode Cipher Algorithms
• RFC 3280 Internet X.509 PKI Certificate and CRL Profile
• RFC 4347 Datagram Transport Layer Security
• RFC 4346 TLS Protocol Version 1.1
|
|
Encryption |
• Wired Equivalent Privacy (WEP) and Temporal Key Integrity Protocol-Message Integrity Check (TKIP-MIC): RC4 40, 104 and 128 bits (both static and shared keys)
• Advanced Encryption Standard (AES): Cipher Block Chaining (CBC), Counter with CBC-MAC (CCM), Counter with Cipher Block Chaining Message Authentication Code Protocol (CCMP)
• Data Encryption Standard (DES): DES-CBC, 3DES
• Secure Sockets Layer (SSL) and Transport Layer Security (TLS): RC4 128-bit and RSA 1024- and 2048-bit
• Datagram Transport Layer Security (DTLS): AES-CBC
• IPsec: DES-CBC, 3DES, AES-CBC
|
|
Authentication, authorization, and accounting (AAA) |
• IEEE 802.1X
• RFC 2548 Microsoft Vendor-Specific RADIUS Attributes
• RFC 2716 PPP EAP-TLS
• RFC 2865 RADIUS Authentication
• RFC 2866 RADIUS Accounting
• RFC 2867 RADIUS Tunnel Accounting
• RFC 3576 Dynamic Authorization Extensions to RADIUS
• RFC 3579 RADIUS Support for EAP
• RFC 3580 IEEE 802.1X RADIUS Guidelines
• RFC 3748 Extensible Authentication Protocol
• Web-based authentication
• TACACS support for management users
|
|
Management |
• Simple Network Management Protocol (SNMP) v1, v2c, v3
• RFC 854 Telnet
• RFC 1155 Management Information for TCP/IP-Based Internets
• RFC 1156 MIB
• RFC 1157 SNMP
• RFC 1213 SNMP MIB II
• RFC 1350 TFTP
• RFC 1643 Ethernet MIB
• RFC 2030 SNTP
• RFC 2616 HTTP
• RFC 2665 Ethernet-Like Interface types MIB
• RFC 2674 Definitions of Managed Objects for Bridges with Traffic Classes, Multicast Filtering, and Virtual Extensions
• RFC 2819 RMON MIB
• RFC 2863 Interfaces Group MIB
• RFC 3164 Syslog
• RFC 3414 User-Based Security Model (USM) for SNMPv3
• RFC 3418 MIB for SNMP
• RFC 3636 Definitions of Managed Objects for IEEE 802.3 MAUs
• Cisco private MIBs
|
|
Management interfaces |
• Web-based: HTTP/HTTPS
• Command-line interface: Telnet, Secure Shell (SSH) Protocol, serial port
• Cisco Prime Infrastructure
|
|
Interfaces and Indicators |
• 2 10 Gigabit Ethernet interfaces
• Small Form-Factor Pluggable (SFP) options (only Cisco SFPs supported): SFP-10G-SR, SFP-10G-LR
• LED indicators: Network Link, Diagnostics
• 1 service port: 10/100/1000 Mbps Ethernet (RJ-45)
|
|
Physical dimensions |
• Dimensions (WxDxH): 17.30 x 28.00 x 1.69 in. (440.0 x 711.4 x 43.0 mm)
• Weight: 35.1 lb (15.9 kg) with 2 power supplies
|
|
Environmental conditions |
Air temperature: • Appliance on: 10° to 35°C (50° to 95°F); altitude: 0 to 914.4 m (3000 ft),decrease system temperature by 1.8°F (1.0°C) for every 1000-foot (305-m) increase in altitude
• Appliance off: 5° to 45°C (41° to 113°F); maximum altitude: 3048 m (10,000 ft)
• Storage: -40° to 60°C (-40° to 140°F); maximum altitude: 3048 m (10,000 ft)
Humidity: • Appliance on: 20% to 80%; maximum dew point: 70°F (21°C); maximum rate of change: 9°F (5°C)/hr
• Appliance off: 8% to 80%; maximum dew point: 80°F (27°C)
Electrical input: • Sine-wave input (47 - 63 Hz) required
• Input voltage range (DC):
• Minimum: -40 VDC
• Maximum: -75 VDC
• Input voltage low range:
• Minimum: 100 VAC
• Maximum: 127 VAC
• Input voltage high range:
• Minimum: 200 VAC
• Maximum: 240 VAC
• Input kilovolt-amperes (kVA), approximately:
• Minimum: 0.090 kVA
• Maximum: 0.700 kVA
• Heat output (maximum) 2302 Btu per hour (675 watts)
• Acoustical noise emissions:
• Sound power, idling: 6.1 bels maximum
• Sound power, operating: 6.1 bels maximum
|
|
Regulatory compliance |
CE Mark Safety: • UL 60950-1:2003
• EN 60950:2000
• EMI and susceptibility (Class A):
• U.S.: FCC Part 15.107 and 15.109
• Canada: ICES-003
• Japan: VCCI
• Europe: EN 55022, EN 55024
|
Table 3 lists ordering and accessories information for the Cisco 8500 Series Wireless Controllers.
To place an order, visit the Cisco ordering website: http://www.cisco.com/en/US/ordering/index.shtml.
Table 3. Ordering Information
Additive Capacity Upgrade Licenses
Tables 4 and 5 show the additive capacity upgrade licenses that are available for the Cisco 8500 Series Wireless Controller.
Table 4. Ordering Information for Additive Capacity Licenses (e-Delivery PAKs)
Table 5. Ordering Information for Additive Capacity Licenses (Paper PAKs)
Table 6 shows the optional DTLS license for the Cisco 8500 Series Wireless Controllers.
Datagram Transport Layer Security (DTLS) is required for all Cisco OfficeExtend deployments to encrypt the data plane traffic. To enable this functionality, you must obtain a $0 DTLS license. Customers planning to install this device physically in Russia must obtain a paper PAK in order to enable a DTLS license and should not download the license from Cisco.com. Please consult your local government regulations to ensure that data DTLS encryption is permitted.
The DTLS paper PAK license is designated for customers who purchase a controller with DTLS disabled due to import restrictions but get permission to add DTLS support after initial purchase. This optional DTLS license is required for Cisco OfficeExtend deployment.
Table 6. Optional Licensing (PAKs)
Service and Support
Realize the full business value of your wireless network and mobility services investments faster with intelligent, customized services from Cisco and our partners. Backed by deep networking expertise and a broad ecosystem of partners, Cisco professional and technical services enable you to successfully plan, build, and run your network as a powerful business platform. Our services can help you successfully deploy the Cisco 8500 Series Wireless Controller and integrate mobility solutions effectively to lower the total cost of ownership and secure your wireless network.
To learn more about Cisco Wireless LAN service offers, visit: http://www.cisco.com/go/wirelesslanservices.
Summary
The Cisco 8500 Series Wireless Controllers are designed to support large-scale service provider and large-campus deployments. They simplify deployment and operation of wireless networks, helping to ensure smooth performance, enhance security, and maximize network availability. The Cisco 8500 Series manages all the Cisco access points within campus, service provider, and branch locations, eliminating complexity and providing network administrators with visibility and control of their wireless LANs.
For More Information
For more information about Cisco wireless controllers, contact your local account representative or visit: http://www.cisco.com/en/US/products/ps6302/Products_Sub_Category_Home.html.
For more information about the Cisco Unified Wireless Network framework, visit: http://www.cisco.com/go/unifiedwireless.