Cisco builds WLAN security framework
Extend, embrace and control
Cisco Systems this week introduced an architecture designed to make wireless LANs easier to manage and more secure.
Cisco's Structured Wireless-Aware Network framework, which includes a series of enhancements and additions to its hardware portfolio and new software capabilities, are also designed to head of the threat of competitors using wireless LANs as a bridgehead to attack Cisco's core enterprise networking market.
Cisco's pitch is that its framework provides the security, scalability, and reliability that enterprises need to run core business applications over a wireless LAN network. To enjoy these benefits to the full, corporates need to standardise on a Cisco-only network.
"The advantages of a 'wireless-aware' Cisco switch and router infrastructure combined with a Cisco wireless network include a common management and robust security scheme, simplified deployment and operation, centralised control and configuration of thousands of networking devices, the ability to detect rogue access points, fast secure roaming for mobile applications and self-healing networks for improved wireless up-time," the pitch continues.
Cisco foreshadowed these enhanced management capabilities when it discussed its wireless LAN strategy last week. Critics have already dubbed these increased functions as a Trojan-horse ploy. There again criticising Cisco as proprietary is a bit like criticising a boxer for hitting people - that's what it does. "There's one way, it's our way and it's only way", is the standard Cisco line, and part of what's made the firm so successful.
Cisco Structured Wireless-Aware Network infrastructure enhancements will be integrated in Cisco Aironet 1100 and 1200 Series Access Points (AP), Cisco Catalyst 3750, 4500 and 6500 Series Switches and Cisco 2600XM and 3700 Series Routers. Other components of the solution include CiscoWorks Wireless LAN Solution Engine (WLSE) for management and monitoring, Cisco Secure Access Control Server for centralised authentication and Cisco and Cisco Compatible client adapters for Radio Frequency (RF) monitoring and measurement.
Combined with CiscoWorks WLSE 2.0, a platform that supports up to 2,500 APs in a single, centralised appliance, the following Cisco Structured Wireless-Aware Network capabilities are available as a Cisco IOS Software upgrade for the Aironet 1100 and 1200 APs:
- Wi-Fi Protected Access (WPA) support for certified and interoperable security
- Fast secure roaming provides mobility within and between subnet boundaries for latency sensitive applications such as wireless voice over IP, using standards based IEEE 802.1x authentication
- IEEE 802.1x local authentication service for remote site, Wide Area Network
With the subsequent release of CiscoWorks WLSE v2.5 and a corresponding Cisco IOS Software upgrade, additional security and management capabilities including:
- Security enhancements for active detection, blocking and graphical depiction of the location of rogue APs; alerts on security policy deviations
- Dynamic RF management permitting innovative assisted site survey and automatic accommodation of changes in the wireless LAN infrastructures
Alongside this framework, Cisco introduced the Aironet 1400 Series Wireless Bridge, an outdoor wireless bridge designed to provide cost-effective wireless connectivity among multiple network locations within a metro area. The bridge supports point-to-point ranges up to 7.5 miles and at point-to-multipoint ranges up to 2 miles. Through the use of higher gain antennas or lower data rates, extended ranges in excess of 20 miles point-to-point can be achieved.
The Cisco Aironet 1400 Series Wireless Bridge will cost from $4,999 in the US and begins shipping this month.
Cisco also introduced Cisco Secure Access Control Server Solution Engine 3.2, a "hardened" security / authentication appliance, with US list price of $11,995, also scheduled to begin shipping this month.
Cisco Structured Wireless-Aware Network enhancements will initially be available on Cisco Aironet 1100 and 1200 APs, with functions introduced between this month and the end of the calendar year. These features will be migrated to other Cisco IOS Software-based platforms, including the Cisco Catalyst 3750, 4500 and 6500 Series Switches and Cisco 2600XM and 3700 Series Routers, starting next year. ®
Sponsored: Global DDoS threat landscape report