In this article we will go through a basic step-by-step configuration of a Cisco Wireless LAN Controller. Before going forward, let’s first see some basics about the product and the wlan technology from Cisco: Introduction. Cisco introduced two types of Wireless architectures in its WiFi portfolio: Distributed Architecture. The Cisco virtual Wireless LAN Controller (vWLC) is available as a virtual appliance also. SUPPORTED CISCO VWLC IMAGES UNetLab Image Name Downloaded Filename Version vCPUs vRAM vwlc-8.1.102.0 AIR. Cisco vWLC on Microsoft Hyper-V Deployment Guide.
Cisco Vwlc Ordering Guide
TRANSCRIPT
- 1. Cisco 18/11/2013
Cisco Vwlc Requirements
2. WLAN: WIPS rogue APs, . feedback . . , : - 802.11 - wireless security mistakes - - . - - Cisco - ' ' 3. WLAN (, ) , Mesh 4. Outdoor-mesh outdoor : - / 5. vs : WLAN. ( ). . . . . Site Survey. standalone 6. : : - , , 7. : AP500, 100, 300, 600, 700, 1040, 1130, 1140, 1200, 1240, 1250, 1260, 1600, 2600, 3500, 3600, 3700, 1300, 1400, 1500, 1520, 1530(1310), 1550 : WSSI Wireless security, 3G Small Cell 16 LTE ( ) 802.11 (3.5Gb, MU-MIMO)37003600 35001260114010406001550, Mb1.3/450450+300300300300300300CleanAir ClientLink3.02.0Rougue DetectionWIPS Office ExtendFlexConnectMesh 7.2 8. : (500-800$) (150$ per AP/Year). , - Cisco )) / WEB. FlexConnect??? 9. : Enterprise, Campus Branch Mobile HREAP 5700SO-Medium Office5500 SeriesWiSM22500(4GEth) WLCM2 AP 5/15/25/50 , 500 User- 300 7.3,4,5 8.0 ?AP 12 500 7000 10000 User- 8 10 GEth Switch/controller: 3650 38501000 60gb 12000usersFlex 7500 8500AP 500 6000 64000 User- 2*10Ge FlexConnect (. HREAP) Local mode AP is not supported Inter Controller mobility is not supported LAG is not supported on WLC 7500 Data DTLS is not supported Client and RFID Tag location is not supported Voice CAC is not supported Reliable multicast (Media Stream feature) is not supported WGB is not supported WLC 7500 platform will not be certified with FIPS 10. , FlexConnect: Branch Mobile HREAP 128K, 300ms (100ms ) 11. , Virtual 7: vWLC / . VMWare : Hardware: Cisco UCS, UCS Express, HP and IBM servers VMware OS: ESX/ESXi 4.x/5.x FlexConnect Mode: central and local switching Maximum APs: 200 Maximum : 3000 Throughput performance up to 500 Mbps per virtual controller Management with Cisco Prime Infrastructure 1.2 and above All 802.11n APs with required software version 7.3 are supported. APs will be operating in FlexConnect mode only. AP autoconvert to FlexConnect is supported on controller. New APs ordered will ship with 7.3 software from manufacturing. Existing APs must be upgraded to 7.3 software before joining a virtual controller. : Data DTLS, OEAP (no data DTLS),Rate Limiting,Internal DHCP server, Mobility/Guest Anchor, Multicast-Unicast mode, PIMIPv6, Outdoor Mesh Access Points( an Outdoor AP with FlexConnect mode will work) 12. ():WCSCisco Secure ACSCisco Prime NCSMobility Service Engine 3355 (Loc.App+wIPS) 13. (): Cisco Prime Infrastucture: WCS, NCS(+LMS) MSE wIPS, CleanAir.. . Cisco Identity Service Engine, Cisco Secure ACS NAC ( ) MDM..Cisco Prime Infrastructure 2.0 09/2013 (4.5Gb)WCS 7.0.240 (01/2013) . 14. 802.11 N 2 ! : Site Survey , Wi MeshPCI DSS, : Welcome to the IAUWS Course )) 15. WLAN. , : AES vs WEP(TKIP): AES 128 , WEP(TKIP) PSK vs 802.1x: 802.1 - PEAP, EAP-TLS, EAP-FAST.Hole 196 MadWiFi driver Peer-to-Peer Blocking Mode 16. WLAN : ? 17. WLAN AP CAPWAP, WiFi (RFC5415) CAPWAP Tunnel (UDP 5246, 5247) - DTLS DTLS ( 6.0)CAPWAP L3 X.509 18. WLAN NAC in-band , .NAC Appliance 19. WLANNAC Framework ClientAccess PointRADIUS Server ACS 4.x : - NAC Server Vendor X 20. WLAN : //CCVT.. 21. WLAN : //CCVT.. : wifi 5MHz, . 125 KHz .. 22. WLAN : //CCVT.. ? 1. CleanAir 2. 7. [3.] WCS/Prime [4.] MSE AQIWCS/Prime , , , MSE , PMAC, , .. 23. WLAN : ! 24. WLAN Spoof Unicast DeauthenticationSpoof Unicast DeauthenticationAccess Point2 AP ContainmentRogue AP Controller 25. WLAN RLDPDHCP Access pointIP AddressConnect (port 6352)ControllerRogue AP 26. WLAN : beacon . . switch-, . . . ( ) 27. WLAN : (Local), (monitor) . :Rogue Rule: SSID: tmobile RSSI: -80dBm Detected as RogueMarked as FriendlyRogue Rule: SSID: Corporate RSSI: -70dBmMarked as MaliciousRogues Matching No RuleMarked as Unclassified 28. WLAN : : 29. WLAN : : 30. WLAN : : 31. WLAN : :Rogue AP Broadcast Deauth framesRogue AP Broadcast and Unicast Deauth 32. WLAN IDS wIPS: 33. WLAN IDS wIPS: IDS . IPS MSE ! : - MSE WCS. - . - - - 34. WLAN IDS wIPS:APAttack Detection24x7 Scanning Over-the-Air DetectionWLCConfiguration wIPS AP ManagementMSEAlarm ArchivalWCSCentralized MonitoringCapture Storage Complex Attack Analysis, Forensics, EventsHistoric Reporting Monitoring, Reporting 35. WLAN IDS wIPS:1130 1040 1140 1260 3500 3600 3700 36. : InternetVirtual Anchor Controller SSID: GUEST Rate Limit = 500KbpsInternet RoutersExternal Services External DNS server WEB ServerWLCTunnel to Virtual Anchor External FirewallGGExternal DMZSSID Client Default GatewayG 2 WANRemote Office1SSID: Internal SSID: GUESTRemote Office2SSID: Internal= GUEST1= Internal 1= Internal 2 37. , Clean Air 38. : , Redcenter, ! , , . .TC-MENTOR.RU 39. ! : CCIE, CCSI, CQS, ENS, ENA,- sm@arccn.ru http://tc-mentor.ru .: +7 (495) 984-2764 , , - , TC MENTOR/ARCCN