Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Is it time to kill off Cisco's fat APs?

Old-style Wi-Fi is going out of fashion

Article comments

If you are a Cisco wired network shop and also use Cisco’s thin-AP, controller-based wireless LANs, you can now apply wired Cisco security functions to your Wi-Fi traffic. Other features are arriving from third parties, as the bandwagon rolls and other vendors have brought out tools for the architecture.

If your company uses Cisco’s legacy wireless LAN components - autonomous access points that run Cisco IOS Software - it is time to think about migrating to the thin-AP architecture because of these new features. And for another reason - support is evaporating for enterprise networking based on the old products.

Unified security

Cisco last week said that many of its wired security products and technologies now interoperate with its WLAN controllers. In a nutshell, this means that Cisco security foundation products, such as its Network Access Control (NAC) appliance, intrusion prevention system (IPS), ASA 5500 Series Firewall, and other products, will talk to Cisco WLAN controllers.

As a result, you can put WLAN traffic through the same security paces as your wired traffic in one fell swoop, rather than a wireless client having to log in separately to the wireless and wired networks.

When wireless clients log in to a Cisco WLAN controller, the RF-specific security functions embedded in the 802.11 suite of protocols, such as WPA2, take place. In addition, the controller now automatically communicates with the various security appliances and functions on the wired network so that all security checks, scans, and remediation take place on wireless traffic, too.

Note that when I say “automatically,” I mean “automatically once you configure your wireless and wired networks to work together this way” using design guidelines that Cisco has developed. It doesn’t just happen without some twiddling on your part – either on your own or with assistance from Cisco or an integrator.

Also note that you can’t do away with wireless IPS capabilities just because wired IPS capabilities are now automatically engaged. Wireless IPS systems scan and filter the RF airwaves at Layer 1 for rogue devices and interference activity, while traditional wired IPSs comb through Layer 4-7 packet flows to detect malicious code that could infect operating systems and application software. With the integration, the RF and Layer 4-7 systems work together; if the wired IPS detects malicious code, it communicates with the WLAN controller to block that wireless client from accessing the network, explains Chris Kozup, Cisco manager of mobility services.

“Before, [the wired IPS] could detect the malicious code [on the wireless network], but couldn’t do anything about it,” Kozup says. He adds that Cisco Security Agent host and desktop threat-protection software can now detect a client that is physically connected to a wired network and disable its wireless card so that an ad-hoc connection from an undesirable third source couldn’t bridge into the network.

Integrated wired/wireless client provisioning and management weren’t part of this announcement, but Kozup advises to “stay tuned.”

Airmagnet adds analysis

This security integration pertains only to controller-based architectures. In the meantime, AirMagnet has come out with a Cisco-specific version of its Enterprise Analyzer, aimed also exclusively at the Cisco controller-based WLANs. Enterprise Analyzer for Cisco was designed with cooperation from Cisco, says Wade Williamson, AirMagnet product manager, and “doesn’t apply to autonomous APs, but works with Cisco APs that support LWAPP (Lightweight Access Point Protocol) nd Cisco controllers.”

Enterprise Analyzer for Cisco is an additive to the RF management capabilities in Cisco controllers and its Wireless Control System (WCS). Using it entails installing AirMagnet’s AirWISE software on a PC that connects to a controller by an IP address and login. It requires no changes to the AP infrastructure, Williamson says, except for Cisco APs to operate in sniffer mode. The software replicates the streams seen by Cisco controllers and enables wireless troubleshooters to use the AirMagnet user interface and get AirMagnet WLAN reports.

Cisco legacy APs - high and dry?

Meanwhile, other support for Cisco legacy APs seems to be evaporating. The Wireless LAN Services Module (WLSM) for the Cisco Catalyst 6500 series switches, introduced in the spring of 2004 for providing RF management to the autonomous-AP environment, has been end-of-lifed; it will no longer be sold after mid-April.

All versions of the stand-alone Wireless LAN Solutions Engine (WLSE), the RF management control system for Cisco’s legacy environment, have been end-of-lifed, too, other than the latest - Version 2.13. But that device does appear to still be kicking.

“There are no plans to end-of-life the WLSE,” says Chris Kozup, mobility services manager at Cisco. “This is still an important solution for many of our customers who have a need to centrally manage the configuration stand-alone APs. Of course, customers will get much broader and full-featured management support by migrating to the Cisco WCS management solution. That migration is a simple process and involves a software upgrade to the WLSE which can easily turn it into a WCS.”


Share:

More from Techworld

More relevant IT news

Comments




Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *