Cisco Cisco 5520 Wireless Controller Guía De Diseño
1-8
Book Title
OL-xxxxx-xx
Chapter 1 Cisco Adaptive wIPS Management Deployment Guide, Release 8.0
Cisco Adaptive wIPS Introduction
wIPS Communication Protocols
To provide communication between each system component, a number of protocols are utilized:
•
CAPWAP (Control and Provisioning of Wireless Access Points) – This protocol is utilized for
communication between Access Points and controllers. It provides a bi-directional tunnel in which
alarm information is shuttled to the controller and configuration information is pushed to the Access
Point. CAPWAP control messages are DTLS encrypted and CAPWAP data has the option to be
DTLS encrypted
communication between Access Points and controllers. It provides a bi-directional tunnel in which
alarm information is shuttled to the controller and configuration information is pushed to the Access
Point. CAPWAP control messages are DTLS encrypted and CAPWAP data has the option to be
DTLS encrypted
•
NMSP (Network Mobility Services Protocol) – The protocol used for communication between
Wireless LAN Controllers and the Mobility Services Engine. In the case of a wIPS Deployment, this
protocol provides a pathway for alarm information to be aggregated from controllers to the MSE and
for wIPS configuration information to be pushed to the controller. This protocol is encrypted.
Wireless LAN Controllers and the Mobility Services Engine. In the case of a wIPS Deployment, this
protocol provides a pathway for alarm information to be aggregated from controllers to the MSE and
for wIPS configuration information to be pushed to the controller. This protocol is encrypted.
–
Controller TCP Port: 16113
•
SOAP/XML (Simple Object Access Protocol) - The method of communication between the MSE
and PI. This protocol is used to distribute configuration parameters to the wIPS service running on
the MSE.
and PI. This protocol is used to distribute configuration parameters to the wIPS service running on
the MSE.
–
oMSE TCP Port: 443
•
SNMP (Simple Network Management Protocol) – This protocol is used to forward wIPS alarm
information from the Mobility Services Engine to the Prime Infrastructure. It is also utilized to
communicate rogue access point information from the Wireless LAN Controller to the Prime
Infrastructure.
information from the Mobility Services Engine to the Prime Infrastructure. It is also utilized to
communicate rogue access point information from the Wireless LAN Controller to the Prime
Infrastructure.
wIPS Configuration and Profile Management
Configuration of wIPS Profiles follows a chained hierarchy starting with PI, which is used for profile
viewing and modification. The actual profiles are stored within the wIPS service running on the MSE.
From the wIPS Service on the MSE, profiles are propagated to specific controllers, which in turn
communicate this profile transparently to wIPS Mode Access Points associated to that perspective
controller. When a configuration change to a wIPS profile is made at PI and applied to a set of Mobility
Services Engine(s) and Controller(s), the following steps occur to put the change in place:
viewing and modification. The actual profiles are stored within the wIPS service running on the MSE.
From the wIPS Service on the MSE, profiles are propagated to specific controllers, which in turn
communicate this profile transparently to wIPS Mode Access Points associated to that perspective
controller. When a configuration change to a wIPS profile is made at PI and applied to a set of Mobility
Services Engine(s) and Controller(s), the following steps occur to put the change in place:
1.
The configuration profile is modified on PI and versioning information is updated.
2.
An XML-based profile is pushed to the wIPS Engine running on the MSE. This update occurs
via the SOAP/XML protocol.
via the SOAP/XML protocol.
3.
The wIPS Engine on the MSE will update each controller associated with that profile by pushing
out the configuration profile via NMSP.
out the configuration profile via NMSP.