+7 (812) 929-8183,
+7 (812) 929-8283

Модуль в коммутатор Cisco Catalyst 6500 - Cisco Wireless Services Module (WiSM)

Product Small Photo

Cisco Catalyst 6500 Series Wireless Services Module (WiSM) предоставляет непревзойденные возможности по обеспечению безопасности, мобильности, отказоустойчивости и простоты использования беспроводных сетей. С его использованием сетевые администраторы получают единое средство по контролю над всей беспроводной сетью, такое же простое и эффективное в использовании, как и для традиционных проводных сетей.

Этот модуль, входящий в линейку беспроводных контроллеров Cisco, работает совместно с "облегченными" точками доступа, системой управления Cisco Wireless Control System (WCS) и Cisco Wireless Location Appliance для поддержки таких критических бизнес приложений, как передача голоса, данных и определение местоположения. В качестве ключевого компонента архитектуры Cisco Unified Wireless Network, Cisco WiSM предоставляет средства для управления "облегченными" точками доступа и другими беспроводными контроллерами в реальном времени.

Cisco WiSM может быть легко интегрирован в существующий коммутатор Cisco Catalyst 6500. Как и у самого коммутатора, у данного модуля широкие возможности по масштабированию - он может быть использован для построения беспроводных сетей как главного здания, так и удаленных филиалов. Модуль рассчитан на средние и больших предприятия с возможностью кластеризации и поддержки до 3600 "облегченных" точек доступа на каждый роуминг-домен. Cisco WiSM также масштабируется до 300 "облегченных" точек доступа на каждый модуль с суммарной поддержкой до 10,000+ беспроводных клиентов.

Cisco WiSM предоставляет сетевым администраторам возможность повысить прозрачность организации и усилить контроль над всей беспроводной сетью. Кроме того, с Cisco WiSM клиенты получают существенное снижение общей стоимости владения корпоративной сетью за счет снижение расходов на поддержку.

Общая архитектура построения беспроводных сетей Cisco Unified Wireless Network

Архитектура Cisco Unified Wireless Network обладает превосходными характеристиками в области безопасности, управляемости, функциональности и радио-частотной эффективности для предоставления беспроводного доступа к корпоративным приложениям.

Безопасность беспроводных сетей

Безопасность беспроводных сетей может быть обеспечена на очень высоком уровне. Узнайте больше о том, как это сделать стандартными средствами, а также о продуктах Cisco, позволяющих перейти на новый уровень контроля и защиты корпоративной беспроводной сети.

Figure 1. Cisco Catalyst 6500 Series Wireless Services Module

PRODUCT OVERVIEW

The Cisco® Catalyst® 6500 Series Wireless Services Module (WiSM) provides unparalleled security, mobility, redundancy, and ease of use for business-critical wireless LANs (WLANs). It delivers the most secure wireless system available for enterprise-scale WLANs. As a Cisco Catalyst 6500 Series module, it delivers centralized security policies, wireless intrusion prevention system (IPS) capabilities, award-winning RF management, quality of service (QoS), and Layer 3 fast secure roaming for WLANs. As a key component of the Cisco Unified Wireless Network, the Cisco WiSM provides the control, security, redundancy, and reliability that network managers need to scale and manage their wireless networks as easily as they scale and manage their traditional wired networks (Figure 1).

The Cisco WiSM is a member of the Cisco Wireless LAN Controller family. It works in conjunction with Cisco Aironet® lightweight access points, the Cisco Wireless Control System (WCS) and the Cisco Wireless Location Appliance to support mission-critical wireless data, voice, and video applications. It provides real-time communication between lightweight access points and other WLAN controllers to deliver a secure and unified wireless solution.

The Cisco WiSM smoothly integrates into existing Cisco Catalyst 6500 Series enterprise networks. It communicates using the emerging Lightweight Access Point Protocol (LWAPP) standard to establish secure connectivity between access points and modules across Layer 3 networks. This protocol enables the automation of important WLAN configuration and management functions for cost-effective WLAN operations. With this integrated approach to large-scale wireless networking, customers can realize significant total cost of ownership benefits by streamlining support costs and reducing planned and unplanned network downtime.

The Cisco WiSM scales to deliver secure, enterprise wireless access to main, branch, and remote campuses. It is designed for medium-sized and large enterprise facilities with clustering capabilities of up to 3600 lightweight access points per roaming domain. It scales to 300 lightweight access points per module with support for 10,000+ wireless client devices. For even greater scalability, the Cisco WiSM can be deployed in conjunction with other Cisco wireless LAN controllers (Figure 2).

Figure 2. Unified Wireless LAN with the Cisco WiSM

The Cisco WiSM enables enterprises to create and enforce policies that support business-critical applications. From voice and data services to location tracking, the Cisco WiSM provides the control, scalability, and reliability that IT managers require to build secure, enterprise-scale 802.11 wireless networks.

Cisco Catalyst 6500 Series Intelligent Network Services

The Cisco WiSM extends the Cisco Catalyst 6500 Series' rich, intelligent network services to the wireless edge. As an integrated part of the widely deployed series, the Cisco WiSM uses the full range of Cisco Catalyst 6500 Series hardware- and software-based intelligent switching services. It supports interoperability with Catalyst 6500 Series integrated services modules such as the Firewall Services Module (FWSM), Intrusion Detection Services Module (IDSM), Network Analysis Module (NAM), and IPSec VPN Services Module (VPNSM).

Enterprise Reliability

Cisco delivers the highest level of reliability for mission-critical wireless networks. In the event of an access point failure, the Cisco WiSM automatically adjusts power on adjacent lightweight access points to cover the area where the failed access point provided service. In the event of an individual Cisco WiSM failure, access points automatically find a backup Cisco WiSM on the same Catalyst 6500 Series switch or any other Cisco LWAPP-enabled platform. Multiple Cisco WiSMs can be configured to work together as a single system to deliver a scalable WLAN network with tens of thousands of client devices.

Multiple Redundancy Options

The Cisco Catalyst 6500 Series' rich set of high-availability and network-resiliency features are extended to wireless users via the Cisco WiSM. High availability of the Cisco Catalyst 6500 Series Supervisor Engine 720's Layer 3 Stateful Switchover (SSO), coupled with Cisco WiSM automated failover features, maximizes network uptime for wireless traffic.

The Cisco WiSM allows IT managers to minimize the impact of a potential wireless outage by clustering multiple Cisco WiSM's together. This reduces the failure domain size when the Cisco WiSM is deployed lower in the network hierarchy.

The Cisco WiSM supports N+1 and 1:1 redundancy topologies, allowing enterprises to scale their wireless networks and protect them from both hardware and software disruptions. N+1 redundancy supports single module failure redundancy for cost-effective WLAN deployments. 1:1 redundancy supports full redundancy of each active Cisco WiSM in the network. Only Cisco's WLAN solution allows users to control wireless deployment costs without sacrificing reliability.

Intelligent RF Management

The Cisco WiSM comes equipped with embedded software for adaptive real-time RF management. The Cisco WLAN solution uses Cisco's patent-pending Radio Resource Management (RRM) algorithms that detect and adapt to changes in the air space in real time. These adjustments create the optimal topology for wireless networking in much the same way that routing protocols compute the best possible topology for IP networks. Cisco RMM creates an intelligent RF control plane for self-configuration, self-healing, and self-optimization of the WLAN (Figure 3).

Figure 3. Enterprisewide RF Intelligence

Specific intelligent RF capabilities managed by the Cisco WiSM include:

  • Dynamic Channel Assignment-802.11 channels are adjusted to optimize network coverage and performance based on changing RF conditions.
  • Interference Detection and Avoidance-The system detects interference and recalibrates the network to avoid performance problems.
  • Load Balancing-The system provides automatic load balancing of users across multiple access points for optimum network performance, even under a heavy load.
  • Coverage Hole Detection and Correction-RMM software detects coverage holes and attempts to correct them by adjusting the power output of access points.
  • Dynamic Power Control-The system dynamically adjusts the power output of individual access points to accommodate changing network conditions, helping to ensure predictable wireless performance and availability.

Enterprise-Class Security

The Cisco WiSM adheres to the strictest level of security standards, including:

  • 802.11i Wi-Fi Protected Access 2 (WPA2), WPA, and Wired Equivalent Privacy (WEP)
  • 802.1X with multiple Extensible Authentication Protocol (EAP) types, including Protected EAP (PEAP), EAP with Transport Layer Security (EAP-TLS), EAP with Tunneled TLS (EAP-TTLS), and Cisco LEAP

The result is the industry's most comprehensive WLAN security solution.

In Cisco's WLAN solution, access points act as air monitors, communicating real-time information about the wireless domain to Cisco wireless LAN controllers. All security threats are rapidly identified and presented to network administrators via Cisco WCS, where accurate analysis takes place and corrective action can be taken.

Cisco provides the only wireless LAN system that offers simultaneous wireless protection and wireless LAN service delivery. This helps to ensure complete wireless LAN protection, with no unnecessary overlay equipment costs or extra monitoring devices. This solution can be deployed initially as a standalone wireless IPS, and reconfigured later to add wireless LAN data service. This allows network managers to create a "defense shield" around their RF domains, containing unauthorized wireless activity until they are ready to deploy wireless LAN services.

Cisco addresses wireless LAN security by offering multiple layers of protection (Figure 4), including:

  • RF Security-Detect and avoid 802.11 interference and control unwanted RF propagation.
  • Wireless LAN Intrusion Protection and Location-The solution not only detects rogue devices or potential wireless threats, but also locates these devices. This helps IT administrators to quickly assess the threat level and take immediate action to mitigate threats as required.
  • Identity-Based Networking-IT staff must support many different user access rights, device formats, and application requirements when securing wireless LANs. The Cisco WLAN solution enables enterprises to deliver individualized security policies to wireless users or groups of users. These include:
    • Layer 2 Security-802.1X (PEAP, LEAP, EAP-TTLS), WPA, 802.11i (WPA2), and Layer 2 Tunneling Protocol (L2TP)
    • Layer 3 Security (and above)-IP Security (IPSec), Web authentication.
    • VLAN Assignments
    • Access Control Lists (ACLs)-IP restrictions, protocol types, port, and differentiated services code point (DSCP) value.
    • QoS-Multiple service levels, bandwidth contracts, traffic shaping, and RF utilization.
    • Authentication, Authorization, and Accounting (AAA)/RADIUS-User session policies and rights management.
  • Network Admission Control (NAC)-Enforce policies pertaining to client configuration and behavior, to help ensure that only end-user devices with appropriate security utilities can gain access to the network.
  • Secure Mobility-Maintains the highest level of security in mobile environments with Cisco Proactive Key Caching (PKC), an extension to the 802.11i standard and precursor to the 802.11r standard that facilitates secure roaming with Advanced Encryption Standard (AES) encryption and RADIUS authentication.
  • Guest Tunneling-Provides additional security for access to the corporate network by guest users. It helps ensure that guest users are only able to access the corporate network by passing through the corporate firewall.

Figure 4. Multiple Layers of Wireless LAN Protection

Real-Time Application Support

The Cisco Unified Wireless Network provides best-in-class performance to support real-time applications such as voice. Cisco WiSM enables rapid handoff between access points and multiple modules and/or controllers, providing smooth mobility with no interruption in service to the client. Intelligent queuing and contention management schemes provide effective resource management in the air space. The Cisco WiSM also supports QoS capabilities that are Wi-Fi Multimedia (WMM)-compliant and closely mirror the emerging IEEE 802.11e standard. Full compliance with the finished standard will be achieved via a software upgrade when the final standard is ratified.

Mobility

The Cisco WiSM allows users to roam between access points and across bridged and routed subnets without requiring changes to the underlying infrastructure. Security and QoS context information follows users wherever they roam, helping to ensure that mobility does not compromise performance, reliability, or privacy. The Cisco WiSM does not require any modifications to existing infrastructures or client devices to enable mobility (mobile IP, for example).

Simplified Deployment and Management

The Cisco WiSM is easy to deploy and cost-effective to own and operate. It provides maximum flexibility to deploy anywhere in the network from access, to distribution, to the core based upon customer business requirements. It supports zero-touch deployments that do not require manual or preconfiguration of the access points. It also supports template-based configuration management. These intuitive templates enable the quick application of systemwide security configurations, QoS policies, mobility groups, back-end services, and other important configurations via the easy-to-use, award-winning Cisco WLAN user interface.

The Cisco WiSM supports several embedded troubleshooting tools. When deployed with Cisco WCS, it supports enhanced monitoring and troubleshooting features, including intuitive heat map displays, alarm filtering, event correlation, and granular reporting tools.

FEATURES AND BENEFITS

Table 1. Features and Benefits of the Cisco WiSM


Feature

Benefits


Cisco Catalyst 6500 Series Switch Integration

Embedded system for the Cisco Catalyst 6500 Series infrastructure, delivering centralized security policies, IPS, RF management, QoS, and Layer 3 fast secure roaming for WLANs.

Enterprise Scalability

Scalable architecture provides business-critical wireless services for deployments of all sizes.

Enterprise Reliability

Automated recovery from failures of Cisco Aironet lightweight access points, Cisco WiSMs, and Cisco Catalyst 6500 Series Supervisor Engine 720 maximizes the availability of the wireless network.

Integrated RRM

Creates an intelligent RF control plane for self-configuration, self-healing, and self-optimization.

Zero-Configuration Deployment

The Cisco WiSM is deployed without manually configuring access points or modifying existing network infrastructures.

Multilayered Security

Flexible security policies adapt to changing corporate security needs.

Intrusion Detection, Location, and Containment

Integrated wireless intrusion protection preserves the integrity of wireless networks and sensitive corporate information.

Mobility Management

Users can roam between access points and across bridged and routed subnets without requiring changes to the underlying infrastructure.

Intuitive Management Interfaces

Better visibility and control of the air space reduces operational costs.


SUMMARY

The Cisco WiSM is ideal for enterprise-scale wireless LAN deployments. It eliminates the complexity of wireless networks, helping to ensure smooth performance, enhanced security, and maximized network availability. The Cisco WiSM is deployable within campus, branch, and remote locations with scalability of up to 300 Cisco Aironet lightweight access points per module. It works in conjunction with Cisco WCS and the Cisco Wireless Location Appliance to support mission-critical wireless data, voice, and video applications. It delivers centralized security policies, IPS, RF management, QoS, and Layer 3 fast secure roaming for enterprise WLANs. As a key component of the Cisco Unified Wireless Network, the Cisco WiSM provides network administrators with the visibility and control they need to effectively manage and scale their enterprise-class WLANs.

PRODUCT SPECIFICATIONS

Table 2. Product Specifications for the Cisco WiSM.


Item

Specification


Wireless

IEEE 802.11a, 802.11b, 802.11g, 802.11d, 802.11h

Wired/Switching

IEEE 802.3 10BASE-T, IEEE 802.3u 100BASE-TX specification, IEEE 802.1Q VLAN tagging, and IEEE 802.1D Spanning Tree Protocol

Data RFCs
  • RFC 768 UDP
  • RFC 791 IP

  • RFC 792 ICMP
  • RFC 793 TCP

  • RFC 826 ARP
  • RFC 1122 Requirements for Internet Hosts

  • RFC 1519 CIDR
  • RFC 1542 BOOTP

  • RFC 2131 DHCP
  • Security Standards
  • NAC
  • WPA

  • IEEE 802.11i (WPA2, RSN)
  • RFC 1321 MD5 Message-Digest Algorithm

  • RFC 1851 The ESP Triple DES Transform
  • RFC 2104 HMAC: Keyed Hashing for Message Authentication

  • RFC 2246 TLS Protocol Version 1.0
  • RFC 2401 Security Architecture for the Internet Protocol

  • RFC 2403 HMAC-MD5-96 within ESP and AH
  • RFC 2404 HMAC-SHA-1-96 within ESP and AH

  • RFC 2405 ESP DES-CBC Cipher Algorithm with Explicit IV
  • RFC 2406 IPSec

  • RFC 2407 Interpretation for ISAKMP
  • RFC 2408 ISAKMP

  • RFC 2409 IKE
  • RFC 2451 ESP CBC-Mode Cipher Algorithms

  • RFC 2661 L2TP
  • RFC 3280 Internet X.509 PKI Certificate and CRL Profile

  • RFC 3602 The AES-CBC Cipher Algorithm and its use with IPSec
  • RFC 3686 Using AES Counter Mode with IPSec ESP
  • Encryption
  • WEP and TKIP-MIC: RC4 40, 104 and 128 bits (both static and shared keys)
  • Secure Sockets Layer (SSL) and TLS: RC4 128-bit and RSA 1024- and 2048-bit

  • AES: CCM, CCMP
  • AAA
  • IEEE 802.1X
  • RFC 2548 Microsoft Vendor-Specific RADIUS Attributes

  • RFC 2716 PPP EAP-TLS
  • RFC 2865 RADIUS Authentication

  • RFC 2866 RADIUS Accounting
  • RFC 2867 RADIUS Tunnel Accounting

  • RFC 2869 RADIUS Extensions
  • RFC 3576 Dynamic Authorization Extensions to RADIUS

  • RFC 3579 RADIUS Support for EAP
  • RFC 3580 IEEE 802.1X RADIUS Guidelines

  • RFC 3748 Extensible Authentication Protocol
  • Web-based authentication
  • Management
  • Simple Network Management Protocol (SNMP) v1, v2c, v3
  • RFC 854 Telnet

  • RFC 1155 Management Information for TCP/IP-Based Internets
  • RFC 1156 MIB

  • RFC 1157 SNMP
  • RFC 1213 SNMP MIB II

  • RFC 1350 TFTP
  • RFC 1643 Ethernet MIB

  • RFC 2030 SNTP
  • RFC 2616 HTTP

  • RFC 2665 Ethernet-Like Interface Types MIB
  • RFC 2674 Definitions of Managed Objects for Bridges with Traffic Classes, Multicast Filtering, and Virtual LAN Extensions

  • RFC 2819 RMON MIB
  • RFC 2863 Interfaces Group MIB

  • RFC 3164 Syslog
  • RFC 3414 User-Based Security Model (USM) for SNMPv3

  • RFC 3418 MIB for SNMP
  • RFC 3636 Definitions of Managed Objects for IEEE 802.3 MAUs

  • Cisco private MIBs
  • Management Interfaces
  • Web-based: HTTP/HTTPS
  • Command-line interface: Telnet, Secure Shell (SSH), serial port
  • Interfaces and Indicators
  • Console port: RS-232 (DB-9 male, DTE interface)
  • Status LED: Normal sequence, fault during initialization, environmental monitoring

  • Disk LED
  • Physical and Environmental

    Dimensions (W x D x H): 1.6 x 15.3 x 16.3 in. (4.0 x 37.9 x 40.3 cm)

    Weight: 10.5 lbs

    Temperature:

  • Operating: 32 to 104°F (0 to 40°C)
  • Storage: -40 to 167°F (-40 to 75°C)
  • Humidity:

  • Operating humidity: 10 to 95 percent, noncondensing
  • Storage humidity: Up to 95 percent
  • Power

  • 254.94 watts
  • 6.07 Amps at 42V
  • Regulatory Compliance

    CE Mark

    Safety:

  • UL 60950-1:2003
  • EN 60950:2000

    EMI and susceptibility (Class A):

  • U.S.: FCC Part 15.107 and 15.109
  • Canada: ICES-003

  • Japan: VCCI
  • Europe: EN 55022, EN 55024

  • ORDERING INFORMATION

    Table 3. Ordering Information for the Cisco WiSM.


    Part Number

    Product Name

    Software Release


    WS-SVC-WISM-1-K9

    Cisco Catalyst 6500 Series Wireless Services Module with support for up to 300 Cisco Aironet lightweight access points

    SWISMK9-32 or later