Cisco Structured Wireless-Aware Network (SWAN) Implementation Guide

Implementing the Cisco SWAN Framework

Cisco Wireless LAN Solution Engine (CiscoWorks WLSE)

The CiscoWorks WLSE is a management tool that provides comprehensive WLAN device management, including access point configuration, fault management, and extensive reporting. The CiscoWorks WLSE also applies intelligence to radio management data gathered from the network. The intelligent processing of data allows for advanced RF management tools that control power and channel settings on access points, detect interference, and detect, locate, and mitigate against WLAN intrusion sources.

WLAN Client Devices

Fast secure roaming using CCKM requires client device support for encryption key management. Cisco Aironet client adapters and non-Cisco client adapters compliant to the Cisco Compatible Extensions version 2 requirements support CCKM with Cisco LEAP authentication. Cisco Aironet client adapters and non-Cisco client adapters compliant with Cisco Compatible Extensions version 3 requirements can use CCKM with EAP-FAST authentication. Other EAP types such as EAP-TLS and PEAP may be used with CCKM with some third-party supplicants.

WLAN clients can also be used to gather radio management data with a radio measurement technique called the client walkabout and during normal operations with a measurement technique called radio monitoring. Cisco client adapters and client adapters compliant with the Cisco Compatible Extensions version 2 requirements are used to gather radio measurement data.

Implementing the Cisco SWAN Framework

The phases of constructing the Cisco SWAN framework are:

1.WDS activation

2.Infrastructure access point authentication and registration

3.CiscoWorks WLSE authentication and registration

4.CiscoWorks WLSE device discovery and management

During the WDS activation phase, the WDS service becomes active on its host device. In the access point-based WDS solution, the WDS advertises itself via WLCCP broadcast messages on the access point management subnet.

In the infrastructure authentication and registration phase, infrastructure access points present 802.1x credentials for authentication to the WDS. After authentication, WLCCP registration requests are issued to the WDS. Cisco LEAP is currently the only supported authentication mechanism for infrastructure access point authentication 802.1x or EAP types are supported for WLAN client authentication. In the access point-based WDS solution, the WDS is discovered by infrastructure access points by the WLCCP broadcast messages from the WDS. In the WLSM-based WDS solution, infrastructure access points must be configured with the IP address of the WLSM.

After the infrastructure access points are registered with the WDS, a WLCCP communication link is established between the WDS and the CiscoWorks WLSE. The CiscoWorks WLSE IP address is configured on the WDS-hosting device. The WDS device attempts to contact the CiscoWorks WLSE with WLCCP messages; this is how the CiscoWorks WLSE "discovers" the WDS device. After the WLAN administrator manages the WDS device within the CiscoWorks WLSE, the CiscoWorks WLSE presents credentials for authentication to the WDS. After the authentication is completed, the WDS and WLSE negotiate encryption keys to secure future WLCCP transactions.

Cisco Structured Wireless-Aware Network (SWAN) Implementation Guide

 

OL-6217-01

13

 

 

 

Page 13
Image 13
Cisco Systems OL-6217-01 manual Implementing the Cisco Swan Framework