CiscoWorks Wireless LAN Solution Engine Express (WLSE Express) является полноценным решением для управления беспроводными сетями на малых и средних предприятиях, в которых используются автономные точки доступа Cisco Aironet.
CiscoWorks WLSE Express обеспечивает контроль и безопасность беспроводной сети корпоративного уровня. Отличительной особенностью данного решения являются интегрированные сервисы по аутентификации, авторизации и учету.
Данное решение рассчитано на бюджет небольших организаций, поэтому имеет более скромную функциональность по сравнению с решением Cisco Unified Wireless Network.
Особенности и преимущества:
Organizations are adopting wireless LANs (WLANs) to increase business productivity and accessibility. Network managers need a solution that provides them with the control they need to effectively manage and secure their WLANs. CiscoWorks Wireless LAN Solution Engine Express (WLSE Express) plays a key role in the Cisco Autonomous WLAN solution for managing Cisco Aironet® access points.
CiscoWorks WLSE Express helps simplify and automate the deployment and security of WLANs, to ensure their smooth operation and dependability. CiscoWorks WLSE Express also includes an integrated authentication, authorization server, to provide localized management and security services for local WLAN users. Additionally, it provides WLAN intrusion detection IDS capabilities for detecting WLAN intrusions such as rogue access points, ad-hoc networks, and excess management frames on the air that typically signal a WLAN attack.
CiscoWorks WLSE Express provides a solution for small and medium-sized businesses (SMBs), and enterprise branch-office WLAN deployments of up to 100 Cisco Aironet access points. For medium-sized to large enterprises and wireless vertical markets where wireless management of hundreds to thousands of autonomous Cisco Aironet access points is needed, Cisco offers the CiscoWorks Wireless LAN Solution Engine (WLSE). Please refer to the CiscoWorks WLSE data sheet for additional details.
CiscoWorks WLSE Express is the integrated security and management solution for managing Cisco Aironet autonomous access points located in one or multiple locations. CiscoWorks WLSE Express can manage up to 50 Cisco Aironet access points or up to 100 Cisco Aironet access points through an optional license upgrade.
CiscoWorks WLSE Express provides comprehensive air/radio frequency (RF) and device-management capabilities in ways that simplify deployment, reduce operational complexity, and provide administrators visibility into the WLAN. By automating several RF and device-management tasks, CiscoWorks WLSE Express reduces the costs and time needed for WLAN deployment, management, and security.
By using Cisco Aironet access points as RF air monitors, CiscoWorks WLSE Express provides WLAN intrusion detection and protection. As part of the WLAN Intrusion Detection System (IDS), CiscoWorks WLSE Express quickly and securely detects, locates (Figure 1), and disables unauthorized (rogue) access points, helping to ensure that security policies are applied consistently throughout the network. The latest IDS addition is the Management Frame Protection (MFP), by which management frames between access points are authenticated, eliminating several WLAN attacks that arise due to spoofing of authorized devices. CiscoWorks WLSE Express enables MFP in the network and provides visibility into network events associated with MSP detection/protection. CiscoWorks WLSE Express further enhances the security of the WLAN by monitoring for ad-hoc networks, unauthorized WLAN client networks, client spoofing, and other WLAN attacks that may introduce security openings in the network. These capabilities can benefit any organization, including those that have not formally operationalized WLANs but want to guard against intruders.
CiscoWorks WLSE Express also provides an integrated and embedded user Authentication and Authorization server, making it an ideal solution for remote branch-office deployments with limited WAN bandwidth. It supports popular Extensible Authentication Protocol (EAP) types including Cisco LEAP, Protected EAP (PEAP), EAP Flexible Authentication via Secure Tunneling (EAP-FAST), and EAP- Transport Layer Security (EAP-TLS). It supports up to 500 users on the standard CiscoWorks WLSE Express, or up to 1000 users on the license-upgraded version of CiscoWorks WLSE Express, which supports 100 Cisco Aironet access points.
CiscoWorks WLSE also supports Voice over WLANs by enabling the deployment of voice with call admission control. This enables access points to prioritize/optimize WLAN bandwidth for voice traffic. It also monitors the health of the voice network, including calls with degraded QoS and jitter/loss.
CiscoWorks WLSE Express provides dynamic RF management through self-healing, which adjusts a Cisco Aironet access point's cell coverage area automatically when an adjacent access point becomes disabled or fails. It also helps optimize performance by detecting and locating RF interference while proactively monitoring usage and faults.
CiscoWorks WLSE Express' deployment wizard enables efficient access point deployment through contextual configurations that are automatically applied to access points as they are plugged into the network. Specific access-point configurations can be applied depending on flexible deployment criteria. This reduces access-point deployment times, increases security and configuration consistency, while reducing user-caused configuration errors.
CiscoWorks WLSE Express may be transparently integrated with other network management systems, operational support systems, and CiscoWorks applications through syslog messages, Simple Network Management Protocol (SNMP) traps, and an Extensible Markup Language (XML) interface. Its secure HTML-based user interface provides access anywhere, including through firewalls.
CiscoWorks WLSE Express speeds deployment by automating configuration and setup, reducing the overall cost to provision WLANs. The result is superior return on investment and enhanced productivity.
CiscoWorks WLSE Express offers the following capabilities:
CiscoWorks WLSE Express automates a wide range of repetitive time-consuming tasks, simplifying the management of Cisco Aironet access points and bridges to enhance productivity for network administrators.
Organizations need to protect their RF environment and data networks from unauthorized access. Unauthorized (rogue) access points installed by employees or intruders create security breaches that put the entire network at risk. WLAN IDS quickly detects, locates, and automatically shuts down rogue access points. CiscoWorks WLSE Express provides effective rogue access-point switch-port tracing by monitoring and using the clients that are associated to rogue access points, thus providing a means of containing the rogue access point by shutting down the switch port connected to the rogue access point. Rogue access points can be filtered by Received Signal Strength Indicator (RSSI) threshold to avoid triggering alarms for access points that might be a neighboring network. CiscoWorks WLSE will also periodically monitor for changes in the status of rogue access points that are marked "Friendly" to alert the administrator in case its location and RSSI values change.
CiscoWorks WLSE Express detects unauthorized WLAN ad-hoc networks, and locates and identifies which wireless clients are participating in the network. It also detects clients spoofing authorized MAC addresses and generates notifications. CiscoWorks WLSE Express monitors per-channel excess wireless management frames such as excess association, disassociation, probe requests, responses, and authentication and de-authentication frames that may signal WLAN attacks such as denial-of-service (DoS) and "man-in-the-middle" attacks. EAP over LAN (EAPOL) flood-message monitoring provides a means to detect excess authentications requests by an intruder.
CiscoWorks WLSE Express provides a WLAN IDS dashboard that acts as a launch pad for all WLAN IDS features. The dashboard provides a summary of all WLAN IDS alarms. In addition, it displays WLAN IDS reports pertaining to rogue access points, unauthorized ad-hoc networks, and unregistered clients, which can be exported using comma separated value (CSV), PDF, and XML formats. These reports provide detailed information including the estimated location of the WLAN IDS fault, which access point detected it, its channel, and its basic service set identifier (BSSID). Administrators can select and enable specific WLAN IDS events they are interested in through a WLAN IDS profile. These WLAN IDS profiles can be customized per location to provide greater flexibility and control. Notifications can be sent through e-mail, syslog, or SNMP trap messages.
WLAN IDS protection can be tailored to suit individual needs:
Other security features of CiscoWorks WLSE Express include:
Interference detection and location is critical to maintaining a reliable WLAN. RF measurements sent to CiscoWorks WLSE Express include measurements for both 802.11 and non-802.11 interference. If the interference exceeds an administrator-defined threshold, a fault is generated so that the administrator can quickly locate and suppress the source of the interference.
Real-time client tracking is a powerful tool for troubleshooting client network access issues. Using only a client name, user name (supported for Cisco LEAP and PEAP), or MAC address, it is easy to determine which access point a client is associated to in real-time. In addition, the previous 10 associations for the client and associated access points can be accessed to aid in troubleshooting.
CiscoWorks WLSE Express provides several reports to monitor the health of the network. Information about network usage, client association and usage, historical and current client usage statistics, Cisco Aironet access-point Ethernet and radio interfaces status, and error details are displayed in both graphical and tabular form. Reports may be generated both at the individual device level and the group level. All reports may be scheduled, delivered by e-mail, or exported in CSV, XML, and PDF formats.
CiscoWorks WLSE Express also provides comprehensive coverage display overlaid on floor maps to provide visibility into the RF environment. The CiscoWorks WLSE Express Location Manager tool can display a graphical view of radio coverage by data rate and signal strength. CiscoWorks WLSE also supports RF management for directional antennas. Details about device settings, including channel and power, can be overlaid on the coverage display.
CiscoWorks WLSE Express also provides reports to monitor the health of the Cisco Wireless LAN Services Module (WLSM) including the clients on each mobility group, client roaming summary and Wireless LAN Domain Services (WDS) status.
CiscoWorks WLSE Express enables wireless network administrators to easily support voice over WLANs through a "Voice Express" configuration template. This enables the correct QoS and Call Admission Control (CAC) configurations to be deployed in supporting access points and wireless phones that support the WMM T-Spec standard for optimizing/prioritizing voice over data.
CiscoWorks WLSE Express monitors call statistics related to admission control, including rejected calls and calls in progress, which provide visibility into bandwidth usage for voice. It also supports Voice Traffic Stream Measurements from both access points and CCX v4 clients, which provide valuable information on roaming delay, calls with degraded QoS etc to aid in troubleshooting.
CiscoWorks WLSE Express provides client-association reports and client-tracking support for the Cisco Wireless IP Phone 7920. The client-tracking feature can be used for troubleshooting and finding associated access points.
When network faults are detected or user-defined performance thresholds are exceeded, CiscoWorks WLSE Express can generate notifications through SNMP traps and syslog messages. Integration with third-party network management systems is provided through these event messages. As part of the CiscoWorks network management series of products, CiscoWorks WLSE Express integrates with the CiscoWorks LAN Management Solution (LMS) and other CiscoWorks applications to increase the efficiency of managing a converged wired and wireless network. Device inventory and credentials, for example, can be imported or exported between CiscoWorks WLSE Express and CiscoWorks Resource Manager Essentials (RME) tool, an application that provides broad network management for a wide range of Cisco devices. If desired, device discovery may be turned off to allow automatic inventory synchronization with CiscoWorks RME. CiscoWorks WLSE Express uses the same default user roles as CiscoWorks LMS, but it allows customization. CiscoWorks WLSE Express can be launched from CiscoWorks LMS desktop.
CiscoWorks WLSE Express also provides an XML API for exporting data and for third-party integration. Devices in the network, detected faults and alarms, and reports and information collected from the network using SNMP can be exported to other external systems for customization.
CiscoWorks WLSE Express itself is a manageable device that supports SNMP MIB-II. CPU utilization and memory utilization of CiscoWorks WLSE Express can be monitored using SNMP.
Table 1 summarizes the features and benefits of CiscoWorks WLSE Express.
Table 1. Features and Benefits
Feature |
Benefit |
Integrated and embedded user authentication and authorization server |
Localizes user authentication and provides WAN survivability for remote- and branch-office deployments |
Wireless LAN IDS with rogue access-point detection, switch-port shutdown, client MAC spoofing, and WLAN attack detection |
Eliminates security threats posed by malicious intruders and by employee-installed unauthorized access points |
CiscoWorks WLSE Express deployment wizard for Cisco Aironet access points |
Allows for rapid deployment and expansion of the WLAN |
Interference detection |
Notifies administrators quickly about conditions that may affect network performance |
Self-healing adjusts cell-coverage area to compensate for disabled or failed access points |
Increases WLAN availability and optimizes WLAN performance |
Assisted site-survey tool |
Assisted site surveys performed by IT personnel reduce the costs, skills, and time required to make optimal radio settings for best network performance |
Automated follow-up site surveys |
Maintains peak WLAN performance and reliable WLAN coverage by periodically reassessing the performance of optimal settings in the network |
Automated configuration and bulk firmware updates |
Simplifies daily operations and management |
Access-point and bridge security-policy misconfiguration detection and alerts |
Enhances security by monitoring consistency throughout the network |
Proactive fault and performance monitoring |
Increases WLAN availability |
Access-point group usage reports |
Fast troubleshooting improves user satisfaction |
XML data export |
Facilitates integration with third-party applications |
Core Logic |
CPU |
VIA Processor 1 GHz |
|
Hard drives |
One 40-GB Integrated Drive Electronics (IDE) hard drive |
CD-ROM drive |
IDE CD-ROM drive |
|
|
Serial |
One 9-pin connector |
USB |
Two in rear |
|
RJ-45 |
One 10/100 Ethernet connection |
|
|
AC power supply wattage |
60W external |
AC power supply voltage |
100-120V at 50-60 Hz; 200-240V at 50-60 Hz |
|
System battery |
CR2032 3V lithium coin cell |
|
|
Height |
2.56 in. |
Width |
8.27in. |
|
Depth |
10.16in. |
|
Weight |
6 lb (9 kg) maximum |
|
Environmental |
Operating temperature |
50 to 95°F (10 to 35°C) |
Storage temperature |
-40 to 149°F (40 to 65°C) |
• Mozilla Firefox 1.0.6
• Microsoft Internet Explorer Service Pack 1