Cisco Blogs

Cisco Blog > Enterprise Networks

Plan for Your Network Evolution with Cisco Unified Access [Infographic]

September 19, 2012 at 8:30 am PST

Say you were on an advisory board for a city where population growth, traffic congestion, and demand for services (ambulances, police, & firefighters) presented major challenges, what actions would you suggest the city to take?  Similarly, say you were managing IT operations for your company, what actions would you put in place to respond to the Bring Your Own Device (BYOD) trend and the potential impact on your network as users flood it with tons of iPads, Ultrabooks and other personal devices?

Before you rush out of the door to take action, you may want to ask yourself two questions:
- Is my action plan going to deliver a consistent and high quality user experience?
- Is my action plan sustainable, given the demand, available IT headcount and budgetary resources?

Read More »

Tags: , , , , , , , , , , , , , , , ,

Laying the foundation for tomorrow: A New 802.11ac module for Aironet 3600

You no doubt already know about the coming 802.11ac wireless standard. And, if you’re facing a future bandwidth crunch due to the demands of increased Wi-Fi client density because of BYOD, you’re probably wondering how to prepare for the increased capacity and performance made possible by 802.11ac.  So what can you do now, given that enterprise-class products that support the standard won’t be available until 2013?

The Cisco Aironet 3600 access point can help you bridge the gap between what you need today and what you want for tomorrow. Deploy an Aironet 3600 with 802.11n, and you’ll get a future-proof investment that delivers industry-leading performance now—without sacrificing the ability to add the scale of 802.11ac later.

Take a look under the hood of the 3600 and you’ll see the only 802.11n access point on the market today that supports 802.11n-based  4x4 MIMO with three spatial streams and Cisco’s CleanAir and ClientLink technologies. That means you can get an average of 33% percent better performance right now on mobile devices, and use up to 38% less battery on Wi-Fi clients.

What you’ll also see is a modular slot. This is where the industry’s very first enterprise class 802.11ac solution comes in. Literally. When 802.11ac products are certified in early 2013, you can simply plug a Cisco 802.11ac radio module into the slot and immediately upgrade your access point to leverage the new standard.

This is the second module announced for the Aironet 3600, joining the spectrum monitoring module.  The spectrum module scans all Wi-Fi channels in succession (not just the one the AP uses for traffic), giving outstanding visibility for mission-critical applications, security scanning, and interference troubleshooting.

The bottom line is you can get leading performance today while you future-proof your investment for tomorrow. In other words, there’s no longer a need to compromise. You can act now and lay the groundwork for tomorrow.

Find out more about 802.11ac fundamentals here and look for upcoming webinars about the Aironet 3600 soon.

Tags: , , ,

802.11i, Authentication and You

January 4, 2012 at 5:00 am PST

Not too long ago I was assigned to a troubleshooting and remediation project for a hospital here in the SF bay area. The problem, after much troubleshooting and lab recreations, was determined to be due to an unique issue with client roaming and authentication. During the course of troubleshooting my coworker and myself often found ourselves explaining 802.1X and 802.11i to others working on the troubleshooting effort, or requesting technical updates. So based on that experience, I started thinking this might a be a good topic to cover here.

Let’s review the some of typical components of the enterprise wireless security model.

What is 802.1X?
802.1X is not a protocol, but rather a framework for a “port-based” access control method.  802.1X was initially created for use in switches, hence the port-based terminology, which really doesn’t fit too well in wireless since users don’t connect to a port. In the end it’s meant to be a logical concept in the 802.11 world.  802.1X was adopted for wireless networks with the creation of 802.11i to provide authenticated access to wireless networks. At a high level. the framework allows for a client that has connected to the WLAN to remain in a blocked port status until it has been authenticated by a AAA server. Essentially the only traffic allow through this virtual blocked port is EAP traffic, things like HTTP would be dropped.

What is EAP?

EAP  (Extensible Authentication Protocol) is the authentication method used by 802.1X. It can take on various forms, such as PEAP, EAP-TLS, EAP-FAST, to name a few. There is one thing to remember when determining what EAP type to use in your network, is that it is dependent upon what your client and AAA server supports. This is it, your AP or AP/Controller hardware or code version will play no part in version is supported. Unless your AP/controller is acting as the AAA server, but I’ll stay away from that in this post. I think this can be a point of confusion for people who haven’t read much or anything about EAP methods. So, if some one asks what version of EAP the AP will support, all you need to do is ask them, what does their Client and AAA server support.

What is 802.11i?

Simply put, 802.11i is an amendment to the original 802.11 standard to address the well documented security short comings of WEP. It incorporates WPA  as a part of the 802.11i amendment and adds the fully approved WPA2 with AES encryption method. 802.11i  introduces the concept of a Robust Security Network (RSN) with the Four-way handshake and the Group key Handshake.

Read More »

Tags: , , , , , , , , , , , , , , , , , ,