Wireless Management
Wireless LANs require the same level of security, dependability, and management that wired networks do.
Network management tasks related to WLANs are as follows:
- RF management services
- Interference detection
- Assisted site survey
- RF scanning and monitoring
Cisco Integrated Wireless Network[6] is an evolution of the Cisco Structured Wireless-Aware Network (SWAN), which has been available from Cisco since 2003. The main components of Structured Wireless-Aware Networks[7] are as follows:
- Cisco Aironet WAP
- Management and security servers, specifically CiscoWorks WLSEs
- Wireless clients
- SWAN-aware Cisco Catalyst switches and Cisco routers
Cisco Integrated Wireless Network addresses wireless security, deployment, management, and control issues. It seeks to provide the same level of security, scalability, reliability, ease of deployment, and management for wireless LANs as is expected from wired LANs.
Cisco Integrated Wireless Network requires wireless clients to send RF management (RM) data to a Cisco Aironet WAP, Cisco IOS router, or Cisco Catalyst switch running Wireless Domain Services (WDS), as shown in Figure 5-5.
Figure 5-5 Campus Infrastructure and Cisco Integrated Wireless Network
The WDS devices aggregate all the RM data. All access points and clients register with WDS using 802.1x. The WDS devices forward the authentication information to a CiscoWorks WLSE.
One of the many benefits of WDS is Fast Secure Roaming, which assists a wireless client when migrating from one WAP to another. Another significant benefit of Cisco Integrated Wireless Network is the alert generated should a rogue WAP or rogue wireless client connect to the network, because all connecting devices are reported to the WDS device for further authentication.
Although they should be concerned with wireless security, organizations shouldn't forget the basics of physical security, as demonstrated by the following story. In 2005, a Middle Eastern bank was broken into. The thief didn't take anything, but rather left something—a WAP in the wiring closet connecting to the bank's LAN. The hacker was already inside the bank network and therefore effortlessly proceeded to transfer money until his stratagem was discovered.