Cisco Blogs


Cisco Blog > Mobility

Mitigating Wireless Threats with Cisco Adaptive WIPS

Controlling the wireless network can some times feel like trying to stop a river.  Employees, customers and vendors have their favored mobile devices and they want to be able to use them for work and play. The momentum for this trend is strong and the promise of productivity high so it’s becoming increasingly difficult to fight this trend. As a result, companies are opening their network to guest traffic.

As you well know, this new openness isn’t without risk. The devices that people bring may not always be productive. And sometimes those devices become rogues that can impact network performance and security.

Let’s be clear that not all rogue devices have evil in mind. In fact, many employees innocently bring their own IP cameras and personal hotspots to “help expand” the capabilities of the network. At a minimum, these rogue devices can cause interference that degrades overall network performance or prohibits critical devices from connecting to the network.

The greater danger is that these rogue devices are the weak link that enables a hacker to breach network security. A hacker can tag onto a tethered personal hot spot for easy entry into the network or can sit outside the venue to gain access.

Whatever the intent of the rogue device, it’s critical that you have a solution that leverages location information to identify and mitigate these rogue devices before they compromise your network.

mitigating wireless 1

Omaha World-Herald, one of William Buffet’s Berkshire Hathaway companies, uses the location capabilities of Cisco Mobility Services Engine (MSE) to ensure rogue devices don’t derail its many offices. Using Cisco’s location and adaptive WIPS capabilities, Omaha World detects rogue devices in real time, determines their location, and mitigates the threat. Read More »

Tags: , , , , , ,

Enhancing HDX: Optimized Roaming extended with 11v BSS Transition Management

Cisco Systems is announcing a new set of features that enhance its HDX (High Density Experience) suite. This blog is the third in a series that explains the new features that comprise the enhancements to HDX.

The first blog in the Enhancing HDX series is here. The second blog in the Enhancing HDX series is here.

What is 802.11v? What is BSS Transition Management? Why are these Important?

In this blog, two different series are intersecting: Enhancing HDX and the series looking at the lesser known but undeservedly underappreciated amendments to 802.11 and the features/benefits they provide.

Previous blogs briefly explained the basics of 802.11k “WLAN Radio Measurements” and specifically zoomed in on the Neighbor Request/Report and also explained the basics of 802.11r “Fast BSS Transition”

This blog will briefly explain the basics of 802.11v “Wireless Network Management” and will also explain how 802.11k Neighbor Request/Report and 802.11r “Fast BSS Transition” can provide a “better together” solution with 802.11v. It also explains where it fits in with High Density Experience (HDX).

Wireless Network Management (802.11v)

Wireless network management (WNM) enables devices comprising the WLAN to exchange information with the goal of improving the quality of experience when using the WLAN. Network administrators benefit from using WNM by having additional ability to fine tune the WLAN in order to provide improved reliability of services to their end users and the end users benefit in turn from using a WLAN that has been designed to provide more than mere connectivity.

Client devices and infrastructure may both use WNM to exchange operational information so that both clients and infrastructure have additional awareness of the WLAN conditions. That awareness can help provide a firm foundation for self-correcting events and actions to be implemented. In other words, WNM isn’t about being a “control freak”; it’s about raising the bar in the Wi-Fi ecosystem so as to create better Wi-Fi networks.

But not only does WNM provide information on the state of network conditions, it also provides a means to exchange location information, supports efficient delivery of multicast (group addressed) frames, and enables a power savings mode in which a client can sleep for longer periods of time without receiving frames or being disassociated from the AP.

Given this, it can be easily appreciated why WNM has often been described as a “kitchen sink” of features. This blog won’t take the time to go through each and every feature introduced in the 802.11v amendment. But in order to emphasize the potential richness of the feature set, the following is an alphabetized list:

HDX1

The remainder of this blog is going to focus on BSS Transition Management. Future blogs will cover other aspects of 802.11v.

BSS Transition Management Read More »

Tags: , , , , , , , , , , ,

Enhancing HDX: Introducing FlexDFS – Not All DFS Solutions Are Created Equally

Cisco Systems is announcing a new set of features that enhance its HDX (High Density Experience) suite. This blog is the second in a series that explains the new features that comprise the enhancements to HDX.

5 GHz is a great place to operate a WLAN. There is ample spectrum, and it’s far less crowded and noisy than 2.4 GHz.

However, the majority of 5 GHz spectrum is shared with radar (for both weather and military systems). Therefore, Wi-Fi Access Points not only need to detect radar in order to avoid interference but also need to avoid being an interferer to these systems.

This procedure is commonly referred to as DFS or Dynamic Frequency Selection.

For DFS operation, if radar is detected on a channel then the AP must abandon that channel from further operation for some minimum amount of time. Furthermore, the AP must ensure that any new channel it selects for operation is free from radar (and that detection also requires a minimum amount of time).

Finally, accurate detection of radar (i.e., avoiding false positives) also requires a lot of skill. Compounding the issue are many devices that emit “radar like” transmissions (including Wi-Fi clients and APs doing proprietary over the air detection and calibration).

As a result, many equipment vendors simply take the easy way out and avoid use of the channels requiring DFS.

Cisco believes it has the best DFS solution in the wireless industry and that it only gets better with  a new feature we’re calling Flexible Dynamic Frequency Selection (or for short, FlexDFS). Read More »

Tags: , , , , , ,

Cisco ISE Express Now Offers Enterprise Guest for Less

ISE express

It’s a familiar scene – people sitting in a coffee shop or waiting room, fiddling with their mobile phones – punctuated by a single question. “Do you have Wi-Fi?”  As Wi-Fi has become ubiquitous in everyday life, customers have come to expect some level of access when visiting businesses – from coffee shops to hospitals, from waiting areas to public parks.

Guest access has becomes an essential – almost required – service for practically every business, and, as technology has advanced, their guests expect easy access and a fast connection.  Often times, such services present a pricey proposition to many smaller organizations and cost-conscious institutions.  In response to this, the Cisco ISE team is pleased to announce the release of Cisco ISE Express, a comprehensive licensing bundle that offers Enterprise-level guest services – including hotspot, sponsored and self-registration portals – and RADIUS/AAA for access at an aggressive, entry-level price.

ISE Express is a complete package for guest access, and it’s fast and easy to get it up and running in your network.  The bundle includes Cisco Identity Services Engine (ISE).  Base licensing for 150 endpoints, an ISE virtual machine, unlimited access to the ISE Portal Builder, a web-based portal customization tool, and a quick installation guide. Cisco ISE includes native design capabilities that allow you to quickly design a portal by adding images (e.g., logos and banners) and selecting a color theme to match a corporate brand. Included with ISE Express is unlimited use of the ISE Portal Builder, a web-based tool that allows users to create highly customized portals in 17 different languages with a suite of 10 designer templates that are easily customizable and easily exportable to Cisco ISE. Read More »

Tags: , , , , ,

New Avenues for Learning

hong kong studentsSouth Island School in Hong Kong is made up of students from around the world with 1,400 students from over 35 countries. One value that sets the school apart is its commitment to using technology in the classroom. For instance, all students have a laptop that they use to access e-books, watch educational videos, and complete homework assignments. Some exams are even taken digitally.

With wireless devices used daily by every student and faculty member, a stable network connection is almost as important as pencil and paper in classrooms. South Island School’s existing Cisco network had reached end of life, and the school needed to refresh the infrastructure with a network that could meet bandwidth needs for years to come.

We looked at other vendors, but we were extremely impressed with how the existing Cisco equipment performed over the years,” says Victor Alamo, ICT manager at South Island Schools.

By upgrading to the latest Cisco access points and switches, we’d have an infrastructure that would keep up with our needs.”

South Island Schools updated their network around the Cisco Aironet Access Points which supported the latest Wi-Fi standard, 802.11ac. This along with Centralized management with support for converged wired and wireless networks allowed South Island Schools to keep their students and teachers connected with reliable and fast service.

These changes resulted in stable wireless connections for thousands of wireless devices which enhanced classroom work with video, applications, and sharing providing a better user experience for both students, teachers and administrators.

 

For more information, please visit the South Island School Wireless Case Study Page

Tags: , , , ,