wireless that works Best Practices: WLAN Security Today wireless network management software Core AirWave Messaging Best P...
Today’s Key Question <ul><li>Lower user support costs? </li></ul><ul><li>Automate routine tasks? </li></ul><ul><li>Extend ...
Which Kind of Cisco Customer Are You? <ul><li>“ 100% Autonomous Customers” </li></ul><ul><ul><li>Currently use Aironet ‘fa...
Which Kind of Cisco Customer Are You? <ul><li>“ Autonomous Customers” </li></ul><ul><ul><li>KEY MANAGEMENT CHALLENGE:  Rel...
Strategy for Integrating WLAN Management <ul><li>Most organizations today have a broader strategic framework for overall n...
Configuration Management <ul><li>Cisco wireless products are configured in different ways: </li></ul><ul><ul><li>IOS acces...
A Brief Focus on IOS Access Points <ul><li>Best way to manage IOS APs is often via  templates </li></ul><ul><ul><li>Define...
A Brief Focus on LWAPP Access Points <ul><li>Most controller configuration is done via the GUI interface </li></ul><ul><li...
Delivering Level 1 and Level 2 Support <ul><li>Wireless networks enable critical new mobile applications like voice, video...
Empowering the Help Desk <ul><li>Giving the Level 1 and Level 2 Help Desk the tools and the training to support all classe...
Location Information <ul><li>Major difference in managing a mobile environment: You  MUST  know where the user is located ...
Location Information <ul><li>Accurate location information is critical for: </li></ul><ul><ul><li>Trouble-shooting end-use...
Identifying Rogue Access Points <ul><li>Cisco enterprise-grade wireless access points are relatively easy to discover on t...
Reporting in a Cisco Network <ul><li>Key historical trends to monitor: </li></ul><ul><ul><li>Users per AP </li></ul></ul><...
Consider “Rightsizing” Your Network <ul><li>Monitoring WLAN utilization patterns over time is critical </li></ul><ul><li>D...
Alerting in a Cisco Network <ul><li>Alerts are used to notify admins about changes in the network and potential problems. ...
Management of 3 rd  Party Devices <ul><li>Organizations rarely set out to create heterogeneous network infrastructures but...
What is AirWave Wireless? <ul><li>Premier provider of multi-vendor wireless network management software </li></ul><ul><li>...
AirWave’s Approaches to WLAN Management Network Engineering Executive Mgmt. Security & Audit Group Role-based administrati...
The AirWave Wireless Management Suite <ul><li>AirWave Management Platform  wireless management application </li></ul><ul><...
AirWave Management Platform <ul><li>Centralized network management </li></ul><ul><ul><li>Network discovery </li></ul></ul>...
RAPIDS Rogue AP Detection Module Combines wired & wireless detection to find rogues anywhere Data Sources Router/Switch Po...
VisualRF Mapping & Location Software <ul><li>Uses data from existing APs and controllers </li></ul><ul><li>Displays accura...
AWMS 6.2 Live Demo
Upcoming SlideShare
Loading in …5
×

Best Practices For Cisco Wlan Management

3,615 views

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
3,615
On SlideShare
0
From Embeds
0
Number of Embeds
28
Actions
Shares
0
Downloads
109
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Best Practices For Cisco Wlan Management

  1. 1. wireless that works Best Practices: WLAN Security Today wireless network management software Core AirWave Messaging Best Practices for Managing a Cisco WLAN David Gau AirWave Regional Sales Director
  2. 2. Today’s Key Question <ul><li>Lower user support costs? </li></ul><ul><li>Automate routine tasks? </li></ul><ul><li>Extend the life of existing infrastructure? </li></ul><ul><li>Reduce compliance costs? </li></ul><ul><li>“ Rightsize” your entire network? </li></ul><ul><li>Consolidate disparate management systems? </li></ul>Can you save money by re-examining your wireless LAN Management strategy?
  3. 3. Which Kind of Cisco Customer Are You? <ul><li>“ 100% Autonomous Customers” </li></ul><ul><ul><li>Currently use Aironet ‘fat’ APs – either IOS or VxWorks based </li></ul></ul><ul><ul><li>No plans to switch to ‘thin AP’ architecture </li></ul></ul><ul><li>“ Hybrid Network Users” </li></ul><ul><ul><li>Intentionally use a combination of autonomous and LWAPP access points </li></ul></ul><ul><ul><li>Often LWAPP in large campus environments and fat APs in remote offices, branches, retail stores, etc. </li></ul></ul><ul><li>“ Migration Customers” </li></ul><ul><ul><li>Switching WLAN architectures gradually </li></ul></ul><ul><li>“ 100% LWAPP Customers” </li></ul><ul><ul><li>Pure “thin AP” and controller networks </li></ul></ul><ul><li>“ Multi-vendor Customers” </li></ul><ul><ul><li>Combine Cisco and other vendors’ products on a single network </li></ul></ul>
  4. 4. Which Kind of Cisco Customer Are You? <ul><li>“ Autonomous Customers” </li></ul><ul><ul><li>KEY MANAGEMENT CHALLENGE: Reliable configuration management and user monitoring </li></ul></ul><ul><li>“ Hybrid Network Users” </li></ul><ul><ul><li>KEY MANAGEMENT CHALLENGE: Cost-effective management of multiple product lines from a single console </li></ul></ul><ul><li>“ Migration Customers” </li></ul><ul><ul><li>KEY MANAGEMENT CHALLENGE: Managing the LWAPP conversion process smoothly and effectively with minimal data loss </li></ul></ul><ul><li>“ 100% LWAPP Customers” </li></ul><ul><ul><li>KEY MANAGEMENT CHALLENGE: Providing visibility to all network users to enable the Level 1/Level 2 Help Desk support </li></ul></ul><ul><li>“ Multi-vendor Customers” </li></ul><ul><ul><li>KEY MANAGEMENT CHALLENGE: Providing consistent policy enforcement & support across a heterogeneous network </li></ul></ul>
  5. 5. Strategy for Integrating WLAN Management <ul><li>Most organizations today have a broader strategic framework for overall network management </li></ul><ul><ul><li>ITIL is increasingly becoming a standard within the enterprise </li></ul></ul><ul><li>Wireless element management tools from hardware vendors are too often ‘stand-alone’ point solutions </li></ul><ul><ul><li>Do not integrate into the broader framework </li></ul></ul>vs . Wireless Element Mgmt. CMDB Service Desk Network Monitor Asset Tracking Wireless Mgmt.
  6. 6. Configuration Management <ul><li>Cisco wireless products are configured in different ways: </li></ul><ul><ul><li>IOS access points typically via CLI (similar to routers, switches) </li></ul></ul><ul><ul><li>LWAPP controllers via HTML user interface </li></ul></ul><ul><li>Controller-based architecture simplifies configuration management </li></ul><ul><ul><li>Generally done via GUI based tools </li></ul></ul><ul><li>Managing configurations for autonomous access points without centralized management is extremely difficult </li></ul><ul><ul><li>Cisco IOS access points have hundreds of configurable settings </li></ul></ul><ul><ul><li>Each setting represents an opportunity for human error </li></ul></ul><ul><ul><li>As many as 30% of autonomous APs may not comply with policy (AirWave user data) </li></ul></ul>
  7. 7. A Brief Focus on IOS Access Points <ul><li>Best way to manage IOS APs is often via templates </li></ul><ul><ul><li>Define a ‘golden configuration’ </li></ul></ul><ul><li>All AP settings are not created equal </li></ul><ul><ul><li>Telnet vs. SSH </li></ul></ul><ul><ul><li>SNMPv1 vs SNMPv2 vs SNMPv3 </li></ul></ul><ul><ul><li>Some settings must be uniform for security and seamless roaming </li></ul></ul><ul><ul><li>Other settings may be (or even should be) allowed to vary from AP to AP </li></ul></ul><ul><li>Managing firmware versions on IOS APs can be challenging </li></ul><ul><li>Configuration should be schedulable </li></ul><ul><li>Configuration history is important </li></ul>IOS
  8. 8. A Brief Focus on LWAPP Access Points <ul><li>Most controller configuration is done via the GUI interface </li></ul><ul><li>Controllers have significantly more configuration settings than IOS devices </li></ul><ul><li>When primary and backup controllers are not configured the same, issues can arise when APs move from controller to controller. </li></ul><ul><li>When migrating older IOS devices to LWAPP, SSC (Self Signed Certificates) can be an issue </li></ul>LWAPP
  9. 9. Delivering Level 1 and Level 2 Support <ul><li>Wireless networks enable critical new mobile applications like voice, video surveillance, and more. </li></ul><ul><ul><li>IT will inevitably be drawn into supporting more users and more classes of devices </li></ul></ul><ul><li>Today’s wireless management model cannot scale: </li></ul>End User Reports wireless problems Helpdesk Lacks the tools and training to differentiate between Network Engineer Ends up handling everything from client device configuration to network infrastructure failures
  10. 10. Empowering the Help Desk <ul><li>Giving the Level 1 and Level 2 Help Desk the tools and the training to support all classes of end users is critical to success </li></ul>End User <ul><li>Helpdesk </li></ul><ul><li>Able to diagnose and resolve the most common user-reported problems </li></ul><ul><li>When escalation is required, Helpdesk is able to pass snapshot information to Network Engineering </li></ul>Network Engineer Only a limited number of true network-related issues are escalated Faster response, lower operational costs, efficient division of labor
  11. 11. Location Information <ul><li>Major difference in managing a mobile environment: You MUST know where the user is located in physical space </li></ul><ul><ul><li>A port-based approach to management is no longer acceptable </li></ul></ul><ul><li>Location information must be tracked for every user and device </li></ul><ul><ul><li>Management solutions must provide open API’s to enable higher-level applications to access location information </li></ul></ul><ul><ul><li>Need to be able to do a remote “site survey” without dispatching a technician or contractor </li></ul></ul><ul><li>Large organizations simply can’t do physical surveys of all locations </li></ul><ul><li>For the helpdesk, a picture is worth a thousand words! </li></ul>
  12. 12. Location Information <ul><li>Accurate location information is critical for: </li></ul><ul><ul><li>Trouble-shooting end-user problems </li></ul></ul><ul><ul><li>Diagnosing RF problems </li></ul></ul><ul><ul><li>Tracking assets </li></ul></ul><ul><ul><li>Assessing usage patterns and trends </li></ul></ul><ul><ul><li>Monitoring roaming patterns </li></ul></ul>
  13. 13. Identifying Rogue Access Points <ul><li>Cisco enterprise-grade wireless access points are relatively easy to discover on the network </li></ul><ul><ul><li>Cisco APs are rarely ‘rogues’ </li></ul></ul><ul><li>Cisco APs can be used to detect unknown, unauthorized wireless APs broadcasting within range </li></ul><ul><ul><li>But rogues are less often installed within range of managed APs </li></ul></ul><ul><ul><li>Rogues are often in remote branch offices without an authorized wireless network </li></ul></ul><ul><li>Organizations need an effective strategy to detect rogues that are not in range of the existing network </li></ul><ul><ul><li>WLSE can provide some information </li></ul></ul><ul><ul><li>Rogue detection across the wired network is essential </li></ul></ul><ul><ul><li>Wireline OS identification is important to help reduce false positives </li></ul></ul>
  14. 14. Reporting in a Cisco Network <ul><li>Key historical trends to monitor: </li></ul><ul><ul><li>Users per AP </li></ul></ul><ul><ul><li>SSID usage </li></ul></ul><ul><ul><li>Usage by encryption type (WEP  WPA) </li></ul></ul><ul><li>Each class of user has specific reporting needs: </li></ul><ul><ul><li>Network Engineer: Utilization/capacity, uptime, inventory, SSID data </li></ul></ul><ul><ul><li>Help Desk: Utilization by location, client roaming history, Device Level Management, authentication issues, etc. </li></ul></ul><ul><ul><li>Security: Client migration status, PCI, audit reports, IDS alerts, etc. </li></ul></ul><ul><ul><li>CIO: Overall utilization, uptime, etc. </li></ul></ul><ul><li>Data may need to be retained for HIPAA, PCI and other compliance programs </li></ul>
  15. 15. Consider “Rightsizing” Your Network <ul><li>Monitoring WLAN utilization patterns over time is critical </li></ul><ul><li>Determine whether users are shifting to wireless as their primary access network </li></ul><ul><ul><li>Laptop/data users are typically early candidates </li></ul></ul><ul><li>As users begin to shift, examine LAN switch utilization rates and look for unused and under-used ports </li></ul><ul><li>Use data to assess your network needs </li></ul><ul><ul><li>Are switch upgrades really required? </li></ul></ul><ul><ul><li>Can you reduce the number of active ports on your network? </li></ul></ul><ul><ul><li>Cut annual maintenance and support costs </li></ul></ul><ul><ul><li>Save on cable pulls and moves/adds/changes </li></ul></ul>
  16. 16. Alerting in a Cisco Network <ul><li>Alerts are used to notify admins about changes in the network and potential problems. </li></ul><ul><li>Common alerts include: </li></ul><ul><ul><li>Too many users on an AP </li></ul></ul><ul><ul><li>Low memory/High CPU on wireless devices </li></ul></ul><ul><ul><li>Missing/stolen device alerts </li></ul></ul><ul><li>Alerts should be able to be sent in multiple methods </li></ul><ul><ul><li>SNMP </li></ul></ul><ul><ul><li>Email distribution lists </li></ul></ul>
  17. 17. Management of 3 rd Party Devices <ul><li>Organizations rarely set out to create heterogeneous network infrastructures but they are almost inevitable </li></ul><ul><ul><li>“ Best-of-breed” solutions required for specific operating environments </li></ul></ul><ul><ul><li>Rapidly evolving technologies and architectures (yesterday’s leader is today’s follower) </li></ul></ul><ul><ul><li>Product lines inevitably face an “end-of-life” (EOL) </li></ul></ul><ul><ul><li>Mergers and acquisitions </li></ul></ul><ul><ul><li>Consolidation among vendors </li></ul></ul><ul><ul><li>Vendor price competition and negotiation </li></ul></ul><ul><ul><li>Changes to Cisco’s own product roadmap and strategy </li></ul></ul><ul><li>Even “all-Cisco” customers must have a strategy for managing heterogeneous environments in the future </li></ul>Aironet  VxWorks | Aironet  IOS | Airespace  LWAPP
  18. 18. What is AirWave Wireless? <ul><li>Premier provider of multi-vendor wireless network management software </li></ul><ul><li>Division of Aruba Networks, Inc. </li></ul><ul><li>Supports leading wireless hardware products </li></ul><ul><li>Integrates with industry leading enterprise management systems </li></ul><ul><li>750+ customers world-wide </li></ul>
  19. 19. AirWave’s Approaches to WLAN Management Network Engineering Executive Mgmt. Security & Audit Group Role-based administrative access Easy-to-use console Full network control Compliance reports Usage & trend reports AirWave Wireless Management Suite™ Operations Management Solution AirWave: WLAN management for your entire IT department <ul><li>Role based monitoring and reporting </li></ul><ul><li>Visibility into every user & device </li></ul><ul><li>Historical trend reporting </li></ul><ul><li>Threshold-based alerts </li></ul><ul><li>Scheduling of events and reports </li></ul><ul><li>Multi-vendor management </li></ul><ul><li>Centralized software updates </li></ul><ul><li>Automated compliance audits </li></ul><ul><li>Wireless & Wireline rogue detection </li></ul><ul><li>Monitoring of routers & switches </li></ul>Help Desk Monitoring & Visualization Config. Mgmt. & Diagnostics Compliance & Security Mgmt. Reporting & Analysis Multi-vendor, Multi-architecture Platform
  20. 20. The AirWave Wireless Management Suite <ul><li>AirWave Management Platform wireless management application </li></ul><ul><li>VisualRF software module for location tracking and RF maps </li></ul><ul><li>RAPIDS software module for rogue access point detection and WIDS </li></ul><ul><li>AirWave Master Console for large WLANs (75,000+ devices) </li></ul>Failover licenses are available for high availability environments
  21. 21. AirWave Management Platform <ul><li>Centralized network management </li></ul><ul><ul><li>Network discovery </li></ul></ul><ul><ul><li>Configuration of APs & controllers </li></ul></ul><ul><ul><li>Automated compliance audits </li></ul></ul><ul><ul><li>Firmware distribution </li></ul></ul><ul><ul><li>Monitoring of every device and user connected to the wireless network </li></ul></ul><ul><ul><li>Real-time and historical trend reports </li></ul></ul><ul><li>Granular administrative access </li></ul><ul><ul><li>Role-based (i.e., Admin vs. Help Desk) </li></ul></ul><ul><ul><li>Network segment (i.e., “Retail Store” network vs. “Corporate HQ” network) </li></ul></ul><ul><li>Flexible device support </li></ul><ul><ul><li>‘ Thin’, ‘thick’, mesh and WiMAX </li></ul></ul><ul><ul><li>Multi-vendor support </li></ul></ul><ul><ul><li>Current and legacy hardware </li></ul></ul>Centralize control of the entire wireless infrastructure
  22. 22. RAPIDS Rogue AP Detection Module Combines wired & wireless detection to find rogues anywhere Data Sources Router/Switch Polling SNMP/HTTP Fingerprint Scans Enterprise APs Enterprise Controllers Laptop Client Utility Customizable Rules Correlate Wired + Wireless Reduce false positives Protect your SSID Programmatically filter neighbors Alerts Email SNMP Syslog Reports By Network By Region Schedulable Email XML Suspect Rogue Neighbor Valid Rogue
  23. 23. VisualRF Mapping & Location Software <ul><li>Uses data from existing APs and controllers </li></ul><ul><li>Displays accurate location information for all wireless users, rogues and devices </li></ul><ul><li>Historical user location playback </li></ul><ul><li>Up-to-date heat maps and channel maps for RF diagnostics </li></ul><ul><ul><li>Adjusts for building materials </li></ul></ul><ul><ul><li>Multi-floor bleed through </li></ul></ul><ul><li>3-D campus and building views </li></ul><ul><li>Visual display of errors and alerts </li></ul><ul><li>Automatically plan AP locations </li></ul><ul><li>Easy import of existing floor plans and building maps </li></ul>Full visibility to every user and device across the entire network
  24. 24. AWMS 6.2 Live Demo

×