Cisco Cisco Aironet 1200 Access Point Technical References
Cisco Structured Wireless-Aware Network (SWAN) Implementation Guide
Implementing the Cisco SWAN Framework
13
Cisco Structured Wireless-Aware Network (SWAN) Implementation Guide
OL-6217-01
Cisco Wireless LAN Solution Engine (CiscoWorks WLSE)
The CiscoWorks WLSE is a management tool that provides comprehensive WLAN device management,
including access point configuration, fault management, and extensive reporting. The CiscoWorks
WLSE also applies intelligence to radio management data gathered from the network. The intelligent
processing of data allows for advanced RF management tools that control power and channel settings on
access points, detect interference, and detect, locate, and mitigate against WLAN intrusion sources.
including access point configuration, fault management, and extensive reporting. The CiscoWorks
WLSE also applies intelligence to radio management data gathered from the network. The intelligent
processing of data allows for advanced RF management tools that control power and channel settings on
access points, detect interference, and detect, locate, and mitigate against WLAN intrusion sources.
WLAN Client Devices
Fast secure roaming using CCKM requires client device support for encryption key management. Cisco
Aironet client adapters and non-Cisco client adapters compliant to the Cisco Compatible Extensions
version 2 requirements support CCKM with Cisco LEAP authentication. Cisco Aironet client adapters
and non-Cisco client adapters compliant with Cisco Compatible Extensions version 3 requirements can
use CCKM with EAP-FAST authentication. Other EAP types such as EAP-TLS and PEAP may be used
with CCKM with some third-party supplicants.
Aironet client adapters and non-Cisco client adapters compliant to the Cisco Compatible Extensions
version 2 requirements support CCKM with Cisco LEAP authentication. Cisco Aironet client adapters
and non-Cisco client adapters compliant with Cisco Compatible Extensions version 3 requirements can
use CCKM with EAP-FAST authentication. Other EAP types such as EAP-TLS and PEAP may be used
with CCKM with some third-party supplicants.
WLAN clients can also be used to gather radio management data with a radio measurement technique
called the client walkabout and during normal operations with a measurement technique called radio
monitoring. Cisco client adapters and client adapters compliant with the Cisco Compatible Extensions
version 2 requirements are used to gather radio measurement data.
called the client walkabout and during normal operations with a measurement technique called radio
monitoring. Cisco client adapters and client adapters compliant with the Cisco Compatible Extensions
version 2 requirements are used to gather radio measurement data.
Implementing the Cisco SWAN Framework
The phases of constructing the Cisco SWAN framework are:
1.
WDS activation
2.
Infrastructure access point authentication and registration
3.
CiscoWorks WLSE authentication and registration
4.
CiscoWorks WLSE device discovery and management
During the WDS activation phase, the WDS service becomes active on its host device. In the access
point-based WDS solution, the WDS advertises itself via WLCCP broadcast messages on the access
point management subnet.
point-based WDS solution, the WDS advertises itself via WLCCP broadcast messages on the access
point management subnet.
In the infrastructure authentication and registration phase, infrastructure access points present 802.1x
credentials for authentication to the WDS. After authentication, WLCCP registration requests are issued
to the WDS. Cisco LEAP is currently the only supported authentication mechanism for infrastructure
access point authentication 802.1x or EAP types are supported for WLAN client authentication. In the
access point-based WDS solution, the WDS is discovered by infrastructure access points by the WLCCP
broadcast messages from the WDS. In the WLSM-based WDS solution, infrastructure access points
must be configured with the IP address of the WLSM.
credentials for authentication to the WDS. After authentication, WLCCP registration requests are issued
to the WDS. Cisco LEAP is currently the only supported authentication mechanism for infrastructure
access point authentication 802.1x or EAP types are supported for WLAN client authentication. In the
access point-based WDS solution, the WDS is discovered by infrastructure access points by the WLCCP
broadcast messages from the WDS. In the WLSM-based WDS solution, infrastructure access points
must be configured with the IP address of the WLSM.
After the infrastructure access points are registered with the WDS, a WLCCP communication link is
established between the WDS and the CiscoWorks WLSE. The CiscoWorks WLSE IP address is
configured on the WDS-hosting device. The WDS device attempts to contact the CiscoWorks WLSE
with WLCCP messages; this is how the CiscoWorks WLSE "discovers" the WDS device. After the
WLAN administrator manages the WDS device within the CiscoWorks WLSE, the CiscoWorks WLSE
presents credentials for authentication to the WDS. After the authentication is completed, the WDS and
WLSE negotiate encryption keys to secure future WLCCP transactions.
established between the WDS and the CiscoWorks WLSE. The CiscoWorks WLSE IP address is
configured on the WDS-hosting device. The WDS device attempts to contact the CiscoWorks WLSE
with WLCCP messages; this is how the CiscoWorks WLSE "discovers" the WDS device. After the
WLAN administrator manages the WDS device within the CiscoWorks WLSE, the CiscoWorks WLSE
presents credentials for authentication to the WDS. After the authentication is completed, the WDS and
WLSE negotiate encryption keys to secure future WLCCP transactions.