4.Cisco无线网络运用

无线网络运用

Wireless LANs

Implementing WLANs

现任明教教主© 2006 Cisco Systems, Inc. All rights reserved.

数字签名者：现任明教教主 DN: cn=现任明教教主, o=北京 WOLF安全实验室, ou=北京WOLF CCIE, email=collinsctk@gmail. com, c=CN-中国日期： 2008.05.20 18:52:28+08'00'BCMSN v3.0—6-1

无线网络运用

Cisco WLAN Implementation

Autonomous WLAN solution Autonomous access points

Lightweight WLAN solution Lightweight access points WLAN controller

© 2006 Cisco Systems, Inc. All rights reserved.

BCMSN v3.0—6-2

无线网络运用

Autonomous WLAN Solution Autonomous access point– Cisco IOS software Network infratructure– PoE switch and router Wireless Domain Services (WDS)– Management support Wireless LAN Solution Engine (WLSE)– Centralized management Acess Control Server (ACS)– RADIUS/TACACS+ security

© 2006 Cisco Systems, Inc. All rights reserved.

BCMSN v3.0—6-3

无线网络运用

Lightweight WLAN Solution1.廋AP

Lightweight access point Network infratructure– PoE switch and router

2.支持PoE的 交换机和路由器 3.Controller (中心管理 AP) 4.WCS(中心管理 Controller) 5.Location (位置跟踪)

Cisco Wireless LAN controller (WLC)– Access point configuration Cisco Wireless Control System (WCS)– Management Location appliance– Location tracking Cisco Secure Acess Control Server (ACS)– RADIUS/TACACS+ security

6.ACS (提供Ra/Ta安全 服务)

© 2006 Cisco Systems, Inc. All rights reserved.

BCMSN v3.0—6-4

无线网络运用

Lightweight WLAN SolutionControler 1.安全策略 2.QOS策略 3.RF管理 4.漫游管理

通过UDP传输

AP 1.远程的RF接口 2.MAC层加密

© 2006 Cisco Systems, Inc. All rights reserved.

BCMSN v3.0—6-5

无线网络运用

Lightweight Access Point Protocol Real-time frame exchange and certain real-time portions of MAC management are accomplished within the access point. Authentication, security management, and mobility are handled by WLAN controllers. Data and control messages are exchanged between the access point and the WLAN controller using LWAPP. Control messages are encrypted. All client data traffic is sent via the WLAN controller.1.实时的帧交换，中心的MAC管理 2.无线controler控制认证，安全管理，漫游 3.在AP和无线Controler之间的数据和控制信息通过LWAPP进行交换 4.控制信息是加密的 5.所有的客户数据通过无线controler来转发

© 2006 Cisco Systems, Inc. All rights reserved.

BCMSN v3.0—6-6

无线网络运用

LWAPPLWAPP工作的两种模式 Layer 2 mode Layer 2 LWAPP is in an Ethernet frame. The WLAN controller and the access point must be in the same broadcast domain and IP subnet.

Layer 3 mode Layer 3 LWAPP is in a UDP/IP frame. The WLAN controller and access point can be in the same or different broadcast domains and IP subnets. The access point must obtain an IP address via DHCP.

© 2006 Cisco Systems, Inc. All rights reserved.

BCMSN v3.0—6-7

无线网络运用

Associatio

n of Access Point to WLAN Controller1.AP使用 LWAPP通过L2或者L3模式关联到无线 controler 2.L3模式AP通过广播发送 LWAPP发现请求信息到 controler的管理IP地址 3.Controler通过管理IP响应这个发现请求信息，这个响应包括关联到当前controler管理接口的AP的数量 4.AP选择负载最小Controler并且发送加入请求 5.所有的后续操作都是和无线controler的管理IP地址

Access points use LWAPP in Layer 2 and Layer 3 mode to associate to the WLAN controller. In Layer 3 mode, the access point sends an LWAPP discovery request to the controller management IP address via a directed broadcast. The controller responds with a discovery response from the manager IP address that includes the number of access points currently associated to the access point manager interface. The access point chooses the access point manager IP address with the least number of access points and sends the join request. All subsequent communication is to the WLAN controller access point manager IP address.

© 2006 Cisco Systems, Inc. All rights reserved.

BCMSN v3.0—6-8

无线网络运用

Cisco Aironet WLCs1.可测量性

Scalability

2.集成的RRM单

Integrated Radio Resource 3.配置非常简 Management (RRM)4.提供多层的安全

Zero-configuration deployment Multilayered security Intrusion detection, location, and containment Mobility management Reliability Intuitive management interfaces

WLC 2000

5.入侵检测,定位，隔离 6.漫游管理 7.可靠性

8.简单的管理界面

WLC 4400

© 2006 Cisco Systems, Inc. All rights reserved.

BCMSN v3.0—6-9

无线网络运用

Comparison of the WLAN ConfigurationAutonomous WLAN solution胖AP Autonomous access points Configuration of each access point Independent operation Centralized management via WLSE Access point redundancy

Lightweight WLAN solution瘦AP Lightweight access points Configuration via WLC Dependent on WLC Centralized management via WCS WLC redundancy

© 2006 Cisco Systems, Inc. All rights reserved.

BCMSN v3.0—6-10

无线网络运用

WLAN ComponentsAutonomous Solution Autonomous access points Wireless Domain Services (WDS) WLAN Solution Engine (WLSE) PoE switches, routers DHCP, DNS, AAA Lightweight Solution Lightweight access points WLAN controller Cisco Wireless Control System (WCS) PoE switches, routers DHCP, DNS, AAA

Wireless clients Access points Control

WLAN management

Network infrastructure Network services