+7 (812) 929-8283
Модуль в коммутатор Cisco Catalyst 6500 - Cisco Wireless Services Module (WiSM)
Cisco Catalyst 6500 Series Wireless Services Module (WiSM) предоставляет непревзойденные возможности по обеспечению безопасности, мобильности, отказоустойчивости и простоты использования беспроводных сетей. С его использованием сетевые администраторы получают единое средство по контролю над всей беспроводной сетью, такое же простое и эффективное в использовании, как и для традиционных проводных сетей.
Этот модуль, входящий в линейку беспроводных контроллеров Cisco, работает совместно с "облегченными" точками доступа, системой управления Cisco Wireless Control System (WCS) и Cisco Wireless Location Appliance для поддержки таких критических бизнес приложений, как передача голоса, данных и определение местоположения. В качестве ключевого компонента архитектуры Cisco Unified Wireless Network, Cisco WiSM предоставляет средства для управления "облегченными" точками доступа и другими беспроводными контроллерами в реальном времени.
Cisco WiSM может быть легко интегрирован в существующий коммутатор Cisco Catalyst 6500. Как и у самого коммутатора, у данного модуля широкие возможности по масштабированию - он может быть использован для построения беспроводных сетей как главного здания, так и удаленных филиалов. Модуль рассчитан на средние и больших предприятия с возможностью кластеризации и поддержки до 3600 "облегченных" точек доступа на каждый роуминг-домен. Cisco WiSM также масштабируется до 300 "облегченных" точек доступа на каждый модуль с суммарной поддержкой до 10,000+ беспроводных клиентов.
Cisco WiSM предоставляет сетевым администраторам возможность повысить прозрачность организации и усилить контроль над всей беспроводной сетью. Кроме того, с Cisco WiSM клиенты получают существенное снижение общей стоимости владения корпоративной сетью за счет снижение расходов на поддержку.
Общая архитектура построения беспроводных сетей Cisco Unified Wireless Network
Архитектура Cisco Unified Wireless Network обладает превосходными характеристиками в области безопасности, управляемости, функциональности и радио-частотной эффективности для предоставления беспроводного доступа к корпоративным приложениям.
Безопасность беспроводных сетей
Безопасность беспроводных сетей может быть обеспечена на очень высоком уровне. Узнайте больше о том, как это сделать стандартными средствами, а также о продуктах Cisco, позволяющих перейти на новый уровень контроля и защиты корпоративной беспроводной сети.
Figure 1. Cisco Catalyst 6500 Series Wireless Services Module
PRODUCT OVERVIEW
The Cisco® Catalyst® 6500 Series Wireless Services Module (WiSM) provides unparalleled security, mobility, redundancy, and ease of use for business-critical wireless LANs (WLANs). It delivers the most secure wireless system available for enterprise-scale WLANs. As a Cisco Catalyst 6500 Series module, it delivers centralized security policies, wireless intrusion prevention system (IPS) capabilities, award-winning RF management, quality of service (QoS), and Layer 3 fast secure roaming for WLANs. As a key component of the Cisco Unified Wireless Network, the Cisco WiSM provides the control, security, redundancy, and reliability that network managers need to scale and manage their wireless networks as easily as they scale and manage their traditional wired networks (Figure 1).
The Cisco WiSM is a member of the Cisco Wireless LAN Controller family. It works in conjunction with Cisco Aironet® lightweight access points, the Cisco Wireless Control System (WCS) and the Cisco Wireless Location Appliance to support mission-critical wireless data, voice, and video applications. It provides real-time communication between lightweight access points and other WLAN controllers to deliver a secure and unified wireless solution.
The Cisco WiSM smoothly integrates into existing Cisco Catalyst 6500 Series enterprise networks. It communicates using the emerging Lightweight Access Point Protocol (LWAPP) standard to establish secure connectivity between access points and modules across Layer 3 networks. This protocol enables the automation of important WLAN configuration and management functions for cost-effective WLAN operations. With this integrated approach to large-scale wireless networking, customers can realize significant total cost of ownership benefits by streamlining support costs and reducing planned and unplanned network downtime.
The Cisco WiSM scales to deliver secure, enterprise wireless access to main, branch, and remote campuses. It is designed for medium-sized and large enterprise facilities with clustering capabilities of up to 3600 lightweight access points per roaming domain. It scales to 300 lightweight access points per module with support for 10,000+ wireless client devices. For even greater scalability, the Cisco WiSM can be deployed in conjunction with other Cisco wireless LAN controllers (Figure 2).
Figure 2. Unified Wireless LAN with the Cisco WiSM
The Cisco WiSM enables enterprises to create and enforce policies that support business-critical applications. From voice and data services to location tracking, the Cisco WiSM provides the control, scalability, and reliability that IT managers require to build secure, enterprise-scale 802.11 wireless networks.
Cisco Catalyst 6500 Series Intelligent Network Services
The Cisco WiSM extends the Cisco Catalyst 6500 Series' rich, intelligent network services to the wireless edge. As an integrated part of the widely deployed series, the Cisco WiSM uses the full range of Cisco Catalyst 6500 Series hardware- and software-based intelligent switching services. It supports interoperability with Catalyst 6500 Series integrated services modules such as the Firewall Services Module (FWSM), Intrusion Detection Services Module (IDSM), Network Analysis Module (NAM), and IPSec VPN Services Module (VPNSM).
Enterprise Reliability
Cisco delivers the highest level of reliability for mission-critical wireless networks. In the event of an access point failure, the Cisco WiSM automatically adjusts power on adjacent lightweight access points to cover the area where the failed access point provided service. In the event of an individual Cisco WiSM failure, access points automatically find a backup Cisco WiSM on the same Catalyst 6500 Series switch or any other Cisco LWAPP-enabled platform. Multiple Cisco WiSMs can be configured to work together as a single system to deliver a scalable WLAN network with tens of thousands of client devices.
Multiple Redundancy Options
The Cisco Catalyst 6500 Series' rich set of high-availability and network-resiliency features are extended to wireless users via the Cisco WiSM. High availability of the Cisco Catalyst 6500 Series Supervisor Engine 720's Layer 3 Stateful Switchover (SSO), coupled with Cisco WiSM automated failover features, maximizes network uptime for wireless traffic.
The Cisco WiSM allows IT managers to minimize the impact of a potential wireless outage by clustering multiple Cisco WiSM's together. This reduces the failure domain size when the Cisco WiSM is deployed lower in the network hierarchy.
The Cisco WiSM supports N+1 and 1:1 redundancy topologies, allowing enterprises to scale their wireless networks and protect them from both hardware and software disruptions. N+1 redundancy supports single module failure redundancy for cost-effective WLAN deployments. 1:1 redundancy supports full redundancy of each active Cisco WiSM in the network. Only Cisco's WLAN solution allows users to control wireless deployment costs without sacrificing reliability.
Intelligent RF Management
The Cisco WiSM comes equipped with embedded software for adaptive real-time RF management. The Cisco WLAN solution uses Cisco's patent-pending Radio Resource Management (RRM) algorithms that detect and adapt to changes in the air space in real time. These adjustments create the optimal topology for wireless networking in much the same way that routing protocols compute the best possible topology for IP networks. Cisco RMM creates an intelligent RF control plane for self-configuration, self-healing, and self-optimization of the WLAN (Figure 3).
Figure 3. Enterprisewide RF Intelligence
Specific intelligent RF capabilities managed by the Cisco WiSM include:
- Dynamic Channel Assignment-802.11 channels are adjusted to optimize network coverage and performance based on changing RF conditions.
- Interference Detection and Avoidance-The system detects interference and recalibrates the network to avoid performance problems.
- Load Balancing-The system provides automatic load balancing of users across multiple access points for optimum network performance, even under a heavy load.
- Coverage Hole Detection and Correction-RMM software detects coverage holes and attempts to correct them by adjusting the power output of access points.
- Dynamic Power Control-The system dynamically adjusts the power output of individual access points to accommodate changing network conditions, helping to ensure predictable wireless performance and availability.
Enterprise-Class Security
The Cisco WiSM adheres to the strictest level of security standards, including:
- 802.11i Wi-Fi Protected Access 2 (WPA2), WPA, and Wired Equivalent Privacy (WEP)
- 802.1X with multiple Extensible Authentication Protocol (EAP) types, including Protected EAP (PEAP), EAP with Transport Layer Security (EAP-TLS), EAP with Tunneled TLS (EAP-TTLS), and Cisco LEAP
The result is the industry's most comprehensive WLAN security solution.
In Cisco's WLAN solution, access points act as air monitors, communicating real-time information about the wireless domain to Cisco wireless LAN controllers. All security threats are rapidly identified and presented to network administrators via Cisco WCS, where accurate analysis takes place and corrective action can be taken.
Cisco provides the only wireless LAN system that offers simultaneous wireless protection and wireless LAN service delivery. This helps to ensure complete wireless LAN protection, with no unnecessary overlay equipment costs or extra monitoring devices. This solution can be deployed initially as a standalone wireless IPS, and reconfigured later to add wireless LAN data service. This allows network managers to create a "defense shield" around their RF domains, containing unauthorized wireless activity until they are ready to deploy wireless LAN services.Cisco addresses wireless LAN security by offering multiple layers of protection (Figure 4), including:
- RF Security-Detect and avoid 802.11 interference and control unwanted RF propagation.
- Wireless LAN Intrusion Protection and Location-The solution not only detects rogue devices or potential wireless threats, but also locates these devices. This helps IT administrators to quickly assess the threat level and take immediate action to mitigate threats as required.
- Identity-Based Networking-IT staff must support many different user access rights, device formats, and application requirements when securing wireless LANs. The Cisco WLAN solution enables enterprises to deliver individualized security policies to wireless users or groups of users. These include:
- Layer 2 Security-802.1X (PEAP, LEAP, EAP-TTLS), WPA, 802.11i (WPA2), and Layer 2 Tunneling Protocol (L2TP)
- Layer 3 Security (and above)-IP Security (IPSec), Web authentication.
- VLAN Assignments
- Access Control Lists (ACLs)-IP restrictions, protocol types, port, and differentiated services code point (DSCP) value.
- QoS-Multiple service levels, bandwidth contracts, traffic shaping, and RF utilization.
- Authentication, Authorization, and Accounting (AAA)/RADIUS-User session policies and rights management.
- Network Admission Control (NAC)-Enforce policies pertaining to client configuration and behavior, to help ensure that only end-user devices with appropriate security utilities can gain access to the network.
- Secure Mobility-Maintains the highest level of security in mobile environments with Cisco Proactive Key Caching (PKC), an extension to the 802.11i standard and precursor to the 802.11r standard that facilitates secure roaming with Advanced Encryption Standard (AES) encryption and RADIUS authentication.
- Guest Tunneling-Provides additional security for access to the corporate network by guest users. It helps ensure that guest users are only able to access the corporate network by passing through the corporate firewall.
Figure 4. Multiple Layers of Wireless LAN Protection
Real-Time Application Support
The Cisco Unified Wireless Network provides best-in-class performance to support real-time applications such as voice. Cisco WiSM enables rapid handoff between access points and multiple modules and/or controllers, providing smooth mobility with no interruption in service to the client. Intelligent queuing and contention management schemes provide effective resource management in the air space. The Cisco WiSM also supports QoS capabilities that are Wi-Fi Multimedia (WMM)-compliant and closely mirror the emerging IEEE 802.11e standard. Full compliance with the finished standard will be achieved via a software upgrade when the final standard is ratified.Mobility
The Cisco WiSM allows users to roam between access points and across bridged and routed subnets without requiring changes to the underlying infrastructure. Security and QoS context information follows users wherever they roam, helping to ensure that mobility does not compromise performance, reliability, or privacy. The Cisco WiSM does not require any modifications to existing infrastructures or client devices to enable mobility (mobile IP, for example).Simplified Deployment and Management
The Cisco WiSM is easy to deploy and cost-effective to own and operate. It provides maximum flexibility to deploy anywhere in the network from access, to distribution, to the core based upon customer business requirements. It supports zero-touch deployments that do not require manual or preconfiguration of the access points. It also supports template-based configuration management. These intuitive templates enable the quick application of systemwide security configurations, QoS policies, mobility groups, back-end services, and other important configurations via the easy-to-use, award-winning Cisco WLAN user interface.The Cisco WiSM supports several embedded troubleshooting tools. When deployed with Cisco WCS, it supports enhanced monitoring and troubleshooting features, including intuitive heat map displays, alarm filtering, event correlation, and granular reporting tools.
FEATURES AND BENEFITS
Table 1. Features and Benefits of the Cisco WiSM
|
Feature |
Benefits |
| Cisco Catalyst 6500 Series Switch Integration |
Embedded system for the Cisco Catalyst 6500 Series infrastructure, delivering centralized security policies, IPS, RF management, QoS, and Layer 3 fast secure roaming for WLANs. |
| Enterprise Scalability |
Scalable architecture provides business-critical wireless services for deployments of all sizes. |
| Enterprise Reliability |
Automated recovery from failures of Cisco Aironet lightweight access points, Cisco WiSMs, and Cisco Catalyst 6500 Series Supervisor Engine 720 maximizes the availability of the wireless network. |
| Integrated RRM |
Creates an intelligent RF control plane for self-configuration, self-healing, and self-optimization. |
| Zero-Configuration Deployment |
The Cisco WiSM is deployed without manually configuring access points or modifying existing network infrastructures. |
| Multilayered Security |
Flexible security policies adapt to changing corporate security needs. |
| Intrusion Detection, Location, and Containment |
Integrated wireless intrusion protection preserves the integrity of wireless networks and sensitive corporate information. |
| Mobility Management |
Users can roam between access points and across bridged and routed subnets without requiring changes to the underlying infrastructure. |
| Intuitive Management Interfaces |
Better visibility and control of the air space reduces operational costs. |
SUMMARY
The Cisco WiSM is ideal for enterprise-scale wireless LAN deployments. It eliminates the complexity of wireless networks, helping to ensure smooth performance, enhanced security, and maximized network availability. The Cisco WiSM is deployable within campus, branch, and remote locations with scalability of up to 300 Cisco Aironet lightweight access points per module. It works in conjunction with Cisco WCS and the Cisco Wireless Location Appliance to support mission-critical wireless data, voice, and video applications. It delivers centralized security policies, IPS, RF management, QoS, and Layer 3 fast secure roaming for enterprise WLANs. As a key component of the Cisco Unified Wireless Network, the Cisco WiSM provides network administrators with the visibility and control they need to effectively manage and scale their enterprise-class WLANs.PRODUCT SPECIFICATIONS
Table 2. Product Specifications for the Cisco WiSM.
|
Item |
Specification |
| Wireless |
IEEE 802.11a, 802.11b, 802.11g, 802.11d, 802.11h |
| Wired/Switching |
IEEE 802.3 10BASE-T, IEEE 802.3u 100BASE-TX specification, IEEE 802.1Q VLAN tagging, and IEEE 802.1D Spanning Tree Protocol |
| Data RFCs | |
| Security Standards | |
| Encryption | |
| AAA | |
| Management | |
| Management Interfaces | |
| Interfaces and Indicators | |
| Physical and Environmental |
Dimensions (W x D x H): 1.6 x 15.3 x 16.3 in. (4.0 x 37.9 x 40.3 cm) Weight: 10.5 lbs Temperature: Humidity: Power |
| Regulatory Compliance |
CE Mark Safety: EMI and susceptibility (Class A): |
ORDERING INFORMATION
Table 3. Ordering Information for the Cisco WiSM.
|
Part Number |
Product Name |
Software Release |
| WS-SVC-WISM-1-K9 |
Cisco Catalyst 6500 Series Wireless Services Module with support for up to 300 Cisco Aironet lightweight access points |
SWISMK9-32 or later |