Home | Skip to Content | Skip to Search | Skip to Navigation | Skip to Footer |
Worldwide [change] |Register |About Cisco
Guest

Hierarchical Navigation

Cisco 500 Series Wireless Express Mobility Controllers

Cisco Mobility Express Wireless Demo Version 1.51 - Demonstration and Deployment

Downloads

Document ID: 100928


Contents

Introduction
Cisco Mobility Express Wireless Network
      Key Features
      Marketing Messages
      Helpful URLs
Cisco Aironet Series Lightweight Access Points
      Key Features
      Marketing Messages
      Demonstration Notes
      Demo Actions
Cisco Mobility Express Configuration and Management
      Marketing Messages
      Cisco Configuration Assistant Overview
      Configuring 526 Wireless LAN Controllers
      Auto Radio Frequency (RF) and Power Management
Mobility Express Security and Guest Access
      Key Features
      Marketing Messages
      Demo Actions
      Mobility Express Security Configuration
      Cisco Wireless Clients
      Client Failover
      Create Guest Web Authentication
      Web Authentication Lockout
Appendix-A — IP Addressing and Account Information
Appendix-B — Cisco Configuration Assistant 1.5
Appendix-C — Cisco 500 Series Wireless Mobility Express Controller
Appendix-D — Cisco 500 Series Unified Communication
Appendix-E — Cisco Catalyst Express 520 Series Switches
NetPro Discussion Forums - Featured Conversations
Related Information

Introduction

mobility-express-demo00.gif

Welcome to the Cisco® Mobility Express Wireless Demo Box for small and medium-sized business (SMB) and midmarket customers. This kit is designed to provide you with everything you need to demonstrate a wide range of product features to a variety of potential customers, and illustrate the business benefits that Cisco Mobility Express Wireless solutions provide.

Demonstration Goals

The goal of this demonstration solution is to prove to customers that a Cisco Mobility Express Wireless solution is the best choice for their business. The demonstrations are designed to achieve the following:

  • Customer awareness of what the solution can do

  • Customer understanding of why the Cisco Systems® solution is unique, and the benefits of the Cisco solution relative to the status quo or competitive solutions

  • Customer understanding of the Cisco solution purchasing and implementation process

  • Appeal to the business decision maker (BDM) by focusing on the solution business impact

Demonstration Script Style

The Cisco Mobility Express Wireless DemoBox script uses a horizontal approach (feature-based) to show the feature elements. Each feature-based section includes important marketing messages as well as product and feature overviews and demonstration instructions. It is not intended that you select demo tasks based on customer requirements instead of perform every demo in this script. Present the demos to your customers with vertical situations applicable to their needs and explanations based on their business requirements.

Demonstration Scripts Key

  • Bulleted features in each script can be selected individually for demonstration.

Numbered instructions must be implemented in the order shown.

Note: Important instructions!

General Presentation Tips

  • Before you begin each demonstration scenario, explain what you are going to demonstrate.

  • Make the demo relevant by relating what you are demonstrating to the specific situation of the customer. Communicate the appropriate relevant marketing messages.

  • Explain what they see and hear during the demonstration.

  • Perform the demonstration with only brief comments during the demonstration that help keep the customer oriented to the demo progress.

  • After each demo is completed, recap what they saw and heard in the demo and reiterate the relevance to the situation of the customer and why that is an improvement over their current operation (from customer/caller perspective as well as an agent/supervisor/corporate perspective). This is where the emphasize callouts can be used.

  • Solicit feedback and impressions. Correct any erroneous impressions. Try to gauge the impact the demos have had on the customer’s understanding of the benefits of the solution, its relevance to their company, and their vendor preference.

Cisco Mobility Express Wireless Network

The Cisco Mobility Express Wireless Network is the only Mobility Express wired and wireless solution in the industry to cost-effectively address the Wireless LAN (WLAN) security, deployment, management, and control issues that face SMB. This powerful solution combines the best elements of wireless and wired networking to deliver scalable, manageable, and secure WLANs with a low total cost of ownership. It inc udes innovative RF capabilities that enable real-time access to core business applications and provides proven enterprise-class secure connectivity. The Cisco Mobility Express Wireless Network delivers the same level of security, scalability, reliability, ease of deployment, and management for wireless LANs that organizations expect from their wired LANs.

Table 1 describes the demonstrations covered in this script.

Table 1. Mobility Express Wireless Demos

Demo

Device(s)/Product

Duration (min.)

Lightweight APs (LWAPP)

Cisco Access Points

5

Mobility Express WLAN Management

Cisco Wireless LAN Controller (WLC) and Cisco Configuration Assistant

10 - 15

Security

Cisco Wireless LAN Controller, CCA and UC520

10 - 15

Wireless Clients

Cisco Wireless Clients with variety of supplicants

15 - 20

Wireless VoIP

Cisco WLC 526 and UC 520 with 7921 and Nokia

10 - 15

Guest Access

Cisco WLC 526 and CCA, WebAuth and WebUI

10 - 15

Note: CE 520 is optional and not required for this Demo. If CE 520 is not used in the demo please connect all the devices directly to the UC 520 Ethernet PoE ports.

Figure 1. Demo Topology.

mobility-express-demo01.gif

Table 2. Devices

Device

Description

521 LWAPP Access Points

Cisco Aironet 521 Series 802.11/b/g Access Point with Internal. Antennas

PC or Laptop

PC or laptop with Windows XP and CCA version 1.5

WL526 Controller

526 Series WLAN Controller for up to 6 Cisco lightweight APs per controller. Maximum two allowed.

UC520

Unified Communications 520 with wireless option

CCA version 1.6

Cisco Configuration Assistant version 1.5

Intermec CN-3 (Optional)

Intermec PDA CN-3 CCX v4.0 compatible (optional)

Laptop Wireless Clients

Laptop Client devoices with CCX Wireless Card and CSSC, ACU, ADU, MZC and Odyssey supplicants

CE520 (Optional)

CE 520 eight port PoE switch

Cisco 7921

Nokia E60-1 (optional)

Cisco 7921 802.11a/b/g Wireless Phone

Nokia E60-1 Dual Mode Wireless Phone

Key Features

The Cisco Small Business Communication System (SBCS) is an integrated end-to-end solution that addresses all layers of the WLAN, from client devices and access points, to the network infrastructure, to network management, to the delivery of advanced wireless services integration and award-winning, worldwide, 24-hour product support. It delivers the best wireless LAN security, innovation, and investment protection in the industry. It is the only solution to integrate innovative access point technology with an award-winning centralized configuration and management system, intelligent control and a wide array of interoperable Cisco Compatible client devices.

The Cisco Mobility Express Wireless Network helps reduce overall operational expenses by simplifying network deployment, operations, and management. With this solution up to 12 access points, six for each controller, can be easily managed from a centralized management console. The flexibility of the Cisco Mobility Express Wireless Network allows network managers to design networks to meet their specific needs, whether implementing highly integrated network designs or simple overlay networks.

SBCS system integrates Wireless and Wired Voice services in one easy CCA managed solution.

Marketing Messages

Challenge

A worldwide revolution occurs today in business. Wi-Fi enabled notebook computers proliferate and drive the adoption of SMB WLANs. Unlike past technology advancements that were driven by technology professionals, the explosion of SMB WLANs is driven by mobile users, traveling professionals, wireless applications, and advanced services like voice over IP (VoIP) over Wi-Fi. The acceleration of SMB adoption of WLAN technology is radically transforming business operations, the network edge, data centers, and centralized IT control.

The business climate today requires anywhere, anytime connectivity. Mobility changes the way organizations do business. Real-time interaction, instant messaging, text paging, voice services, network access while traveling, and real-time network access in the office are transforming the business environment. In an increasingly competitive business environment, companies need fast responses and want immediate results.

WLANs are now business-critical. End users embrace the freedom and flexibility of wireless connectivity, and business executives recognize the competitive advantage of business-critical mobile applications. Organizations deploy WLANs to increase employee productivity, enhance collaboration, and improve responsiveness to customers.

The increasing need for anytime connectivity creates new challenges for networking professionals, who must respond to the growing demand for WLANs in an era of tight budgets and reduced resources. These networking professionals discover that in the absence of a company sanctioned wireless network, employees deploy their own unauthorized access points that put the entire network at risk.

Network managers need to protect their networks and deliver secure WLAN access for their organizations. They need a wireless infrastructure that embraces the unique attributes of radio frequency (RF) technology and effectively supports today's business applications. They need to keep their wired network secure while laying a foundation for the smooth integration of new applications that embrace wireless technology. Network managers need a WLAN solution that takes full advantage of existing tools, knowledge, and network resources to cost-effectively address critical WLAN security, deployment, and control issues.

Solution

The Cisco Mobility Express Wireless Network is the only Mobility Express wired and wireless solution to cost-effectively address the WLAN security, deployment, management, and control issues facing SMB in the industry. This powerful solution combines the best elements of wireless and wired networking to deliver scalable, manageable, and secure WLANs with a low total cost of ownership. It includes innovative RF capabilities that enable real-time access to core SMB applications and provides proven enterprise-class secure connectivity. The Cisco Mobility Express Wireless Network delivers the same level of security, scalability, reliability, ease of deployment, and management for wireless LANs that organizations expect from their wired LANs.

The Cisco Mobility Express Wireless Network is an integrated end-to-end solution that addresses all layers of the WLAN, from client devices and access points, to the network infrastructure, to network management, to the delivery of advanced wireless services integration and award-winning, worldwide, 24-hour product support. It delivers the best wireless LAN security, innovation, and investment protection in the industry. It is the only solution to integrate innovative access point technology with a centralized management and configuration system, intelligent control and a wide array of interoperable Cisco Compatible client devices.

The Cisco Mobility Express Wireless Network helps reduce overall operational expenses by the simplification of network deployment, operations, and management.

Helpful URLs

Refer to these URLs for more information on Cisco SBCS:

Cisco Wireless Links for Customers:

When you demonstrate to Customers, please refer to http://www.cisco.com/go/wireless for wireless related information.

Cisco Aironet Series Lightweight Access Points

Demo Time: 1 to 10 minutes

The Cisco Mobility Express Solution brings together the 521 Access Point and the Cisco 500 Series Wireless Express Mobility Controller to provide a flexible, cost effective wireless solution specifically designed to meet the needs of small and medium-sized businesses (SMBs). The Mobility Express Solution aligns with the Cisco Smart Business Communication System-a unified communications solution for SMBs that provides voice, data, video, security and wireless capabilities while integrating with existing desktop applications like calendar, e-mail and CRM to provide a complete solution. As part of this solution, the Cisco 521 Access Point uniquely addresses the diverse requirements of small and medium-sized businesses (SMBs) by offering the versatility of operating either in standalone mode, or in controller-based mode with the Cisco 500 Series Wireless Express Controller.

Customers need wireless access points and clients which are easy to centrally manage, monitor, and secure the wireless network as well as minimize costs of deploying wireless access point and clients.

Note: More information on Cisco wireless products can be found at www.cisco.com/go/wireless

Key Features

The Cisco® 521 Wireless Express Access Point is a single-band 802.11g access point that features business-class management, security, and scalability. This access point offers high-performance wireless connectivity in carpeted offices and similar environments.

Refer to Cisco 521 Wireless Express Access Point for more information.

Figure 2. Cisco 521 Wireless Express Access Points

mobility-express-demo02.gif

  • Standalone mode—Access points are directly connected to the wired infrastructure and provide reliable high-speed wireless connectivity to users in the area they cover. Configuration and management is performed locally at the individual access point level. Maximum of three standalone APs are supported.

  • Controller-based mode—Access points associate with a Cisco 526 Series Wireless Express Controller to provide wireless connectivity and comprehensive monitoring of the airspace. The controller streamlines and manages the configuration of all connected access points through a single interface, instead of requiring configuration of each unit separately.

The Cisco 521 Access Point delivers optimal value for carpeted offices and similar environments. Built-in antennas provide omni-directional coverage specifically designed for today's open workspaces. A multipurpose mounting bracket easily secures Cisco 521 Access Points to ceilings and walls. With an unobtrusive design, the access points are aesthetically appealing and blend into their surrounding environment. For maximum concealment, they may be placed above ceilings or suspended ceilings. The access point's UL 2043 rating allows it to be placed above ceilings in plenum areas regulated by municipal fire codes. Offered at a competitive price point and optimized for easy installation and operation, the Cisco 521 Access Point helps organizations attain a lower total cost of ownership. Two 526 Wireless Mobility Express controllers and up to twelve Controller-mode 521 APs are supported.

Marketing Messages

Management (Lower Total Cost of Ownership)

The Cisco 521 Lightweight Access Points, which provide 802.11 b/g zero- touch configuration and management, deliver cost effective wireless access with advanced WLAN services for any deployment.

Security (Lower Risk)

This series of access points supports Wi-Fi Protected Access (WPA) and 802.11i/WPA2 for enterprise-class interoperable WLAN security.

  • The APs support all the latest industry security standards to provide confidentiality, integrity and availability for the wireless network.

  • If an AP is stolen, confidential information cannot be harvested from the AP since the configuration is stored in volatile memory, thus mitigating risk.

  • The APs are dynamically configured for RF and power levels, thus minimizing cost to implement, operate, and optimize wireless coverage.

Flexible and Easy Installation options (Lower Total Cost of Ownership)

Models are available with internal antennas. Cisco Aironet Lightweight Access Points support industry standard 802.3af Power over Ethernet, through PoE switch or injector. An external power supply is also available.

In offices and similarly open environments, Cisco 521 Wireless Express Access Points may be installed on the ceiling to provide users with continuous coverage as they roam throughout a facility. In school buildings and similar facilities, the access points can be installed on the ceiling of each room and hallway to provide users with full coverage and high network availability. In areas where a ceiling installation may not be practical, such as retail hotspots or similar small facilities, the access points can be mounted simply and securely on walls for complete coverage with minimal installation cost.

Demonstration Notes

When you complete the steps in this demonistration, keep in mind that it can take several minutes for the APs to register back to the controller and update their status in CCA.

Demo Actions

AP Registration

Complete these steps for AP Registration:

  1. Open CCA on the configuration PC or Laptop using the desktop shortcut. Login is <admin/cisco>.

  2. In CCA, choose MONITOR> Wireless Radios > Refresh.

  3. On the window, you should see all access points, their names, MAC addresses, channel assignments and transmit power.

    Note:  The 521 APs should be setup in a six foot by six foot grid with WLC 526 and UC 520 in the middle.

  4. Unplug one of the APs. Pass these around to customers. When they are finished, have them plug the AP into the appropriate Ethernet cable. It takes several minutes before the AP is removed from the topology view. When you click on the Inventory button on the menu, the removed AP should not be on the list.

  5. Point out that no other tasks are required on the AP to replace or add APs. Everything is managed from the CCA 1.6.

    Note: Configuration and maintenance is not performed on the AP itself. (Zero-touch configuration).

    Polling intervals can be adjusted from the Main Menu on the top bar. Topology view and options can be adjusted from the menu in the topology window.

  6. While the APs reload, point out the APs which receive the operating system and configuration from the Wireless LAN Controller. Once the 521 LAP is registered, solid LEDs for the power (green) are displayed for Registered AP.

    mobility-express-demo03.gif

  7. Return to the CCA Topology screen and verify there are 3 APs registered (or as many as available). If only two APs are registered, click the refresh button to see the third. This process again can take several minutes.

  8. Now choose Monitor > Wireless Clients and you should see all the wireless clients registered to the APs.

  9. Show the customer that LAP 521 or controller-mode AP icon has a triangle and the AAP or stand alone AP icon has a circle.

    mobility-express-demo04.gif

Cisco Mobility Express Configuration and Management

Demo Time: 15 to 25 minutes

Wireless is a rapidly changing environment; the management of this change is a challenge in most wireless deployments. In order to resolve this problem, changes to the APs, such as RF and power levels, are made dynamically by the controllers. Other changes require manual changes. Cisco makes these manual changes possible from the controller WebUI or in the Mobility Express solution with the use of the Cisco Configuration Assistant (CCA), with the minimization or elimination of repetitive tasks of updating individual access points. In the next several Mobility Express releases, most or all configuration options will be available from the CCA. Making changes that use CCA are more effective and easier to understand and implement. Most of the CLI interfaces are disabled in the Mobility Express systems; only advanced and show commands are still available through the CLI.

The components highlighted in this demo section are shown in Table 3.

Table 3. Key Components of the Cisco Mobility Express WLAN Management

Demo

Description

Cisco Configuration Assistant

CCA is the industry leading platform for wireless LAN configuration and management of multiple WLAN controllers, Unified Communication 520, Catalyst Express 500 series and stand alone APs.

WLAN Controller (WLC)

Cisco Wireless LAN Controllers are responsible for system wide wireless LAN functions, such as security policies, intrusion detection, RF management, quality of service (QoS), and mobility. They work in conjunction with Mobility Express Lightweight Access Points that use the Lightweight Access Point Protocol (LWAPP).

UC 520

UC 520 is an easy-to-deploy solution smoothly integrates with Cisco Wireless LAN Controllers and Cisco lightweight access it provides additional services required for wireless deployment, such DHCP and AAA services.

The demos covered in this section are shown in Table 4.

Table 4. Management Demos

Demo

Duration (min.)

Description

Component Overview

5

WLAN Controller, CCA and UC520

WLC 526 configuration

10

WLAN 526 controller

Auto RF using WebUI

3

Dynamic Power Control, Dynamic Channel Control (install/setup), Dynamic Channel Control

CCA overview

15

CCA version 1.5 and WLC updated with the latest software release

Marketing Messages

Cisco Configuration Assistant

Cisco Configuration Assistant, a PC-based intuitive GUI configuration tool, is an integral component of the Cisco Smart Business Communications System. With a focus on ease of use, the Cisco Configuration Assistant simplifies configuration of multiple technologies-unified communications, switching, routing, security, and wireless. Cisco Configuration Assistant simplifies wireless configuration and provides follow-up support to facilitate easy modification. Features include an interactive topology view, front-panel views of devices, and drag-and-drop Cisco IOS Software upgrades. Cisco Configuration Assistant was purpose-built to provide comprehensive configuration, deployment, and ongoing network management support for the entire line of products in the Cisco Smart Business Communications System.

Cisco Configuration Assistant Key Features

Cisco Configuration Assistant provides these features and benefits:

  • Holistic, network-level insight through multiple network views—You can access devices and monitor the network from two perspectives: the physical Topology View or the Front Panel View. The rich Topology View graphically represents the types of devices in the network as well as detailed information about device status, physical connections, and various monitoring capabilities, all from a single view. The Front Panel View displays all switches, controllers and routers in the network simultaneously, along with the state, duplex, and speed of ports. The Front Panel View also allows users to apply features across multiple ports or multiple switches during the configuration of features such as VLANs. In addition, you can verify optimal ongoing network performance if you generate comprehensive, real-time reports of network inventory and health.

    Figure 7. The Topology View graphically represents the types of devices in the network and provides detailed information about device status and physical connections

    mobility-express-demo05.gif

  • Simplified topology mapping and deployment through dynamic discovery—The unique discovery capabilities of the Cisco Configuration Assistant provide you with total control when you discover network devices to create a community. You can discover devices if you enter a seed IP, range IP, subnet IP, or a single IP address. This feature provides more flexibility and time savings when you design the topology.

  • Clear separation of services through VLAN highlighting—From the Topology View, you can associate VLAN numbers with colors in order to quickly view what devices are in a VLAN. Devices that are associated with more than one VLAN display two or more colors with a striped effect.

  • Customization with annotated text—You can add additional text under devices in the Topology View in order to further describe aspects of the network, such as the name of a building, floor, or closet.

  • Improved network visibility with continual health monitoring—You can quickly assess the status of switches and routers, which includes packet errors, temperature, PoE status, and bandwidth, CPU, memory, and ternary content addressable memory (TCAM) usage,all from a single window. You can select the specific health categories to monitor. For each category selected, the switch with the highest usage is displayed in the quick view. You can access a more comprehensive view if you click the Details button.

  • Simplified network reporting—You can print easy to read reports such as bandwidth utilization. The enhanced print option even allows users to print the Topology View or Front Panel View on one page with the use of the fit to page option.

  • Enhanced security for configuration and monitoring activities—Cisco Configuration Assistant provides a secure connection between the Cisco Configuration Assistant client and each connected device in the network to safeguard all sensitive information.

  • Increased IT staff efficiency through simplified software updates—The drag-and-drop Cisco IOS Software Upgrade feature simplifies the process of upgrading the Cisco IOS Software on a Cisco Catalyst® switch or Cisco router or access point. You can download the latest software version if you simply drag the update icon from the PC desktop and drop it onto the icon of the target device depicted in the Topology View. This process eliminates the need to use the specific Cisco IOS Software filename or select a specific Trivial File Transfer Protocol (TFTP) server IP address when performing updates. This process can also be used to deploy Cisco Unified Express images, phone loads, music on hold files and language packs onto the router.

  • Improved network security and performance with dynamic application updates—You can stay up-to-date on the latest versions and security patches of Cisco Configuration Assistant through dynamic application updates. With this function, you can be assured that when a newly purchased Cisco device is added to the network, it is automatically supported and secured with the latest update.

  • Enhanced ability to identify and address issues—The Event Notification feature alerts you if a potential problem arises with a device in the network, if a configuration change is required, or if a new version of Cisco Configuration Assistant is available for download. A dialog box provides all necessary information in regards to the event, which includes time, description, and, if applicable, suggestions to resolve the problem.

  • Enhanced productivity of partners and guests—The Guest Port feature of the Cisco Configuration Assistant allows businesses to easily configure guest access ports on their switch, and provides visiting guests with Internet access and allows them to establish VPN connectivity to their company resources. Guest Port users are separated from internal network traffic so that confidential internal access only information and services remain secure from unauthorized guest users.

  • Increased security and performance through network synchronization—This feature detects inconsistent settings in the network such as VLAN mismatches, centralized time, and security policies. If you work with the Troubleshooting Advisor, you can detect and fix these inconsistencies easily.

  • Simplified troubleshooting—Embedded in the application is the Troubleshooting Advisor, which simplifies troubleshooting by the automatic identification of potential network problems and documentation with a graphical trend chart. Examples include cabling problems, configuration errors, and other potential network problems. You receive an explanation of the issue and often can correct the problem with a simple mouse click.

  • Enhanced IT staff effectiveness through comprehensive online support—A detailed, transparent help function embedded in Cisco Configuration Assistant provides an extensive glossary and powerful search engine that help users quickly and easily find the information they need to apply specific settings. With these online help features, you often can troubleshoot and resolve problems without the need to call for technical support.

  • Faster network configuration and improved network performance through intelligent port configuration—Cisco Configuration Assistant includes the Cisco Smartports Advisor, which discovers devices connected in the network and recommends appropriate Cisco best practice configurations for security, availability, and QoS features on switch ports. This feature saves time by proactively recommending Cisco best practices and removes the need for network administrators to consult detailed design guides or documentation. The feature allows network administrators to configure ports more quickly; eliminates human error; and helps ensure the configuration of the switch, router, or access point is optimized for the business applications.

  • Improved IT staff efficiency and effectiveness when securing the network—You can centrally configure security and access for Cisco Catalyst switches. You simply choose the desired level of security (low, medium, or high) on the Security Slider in Cisco Configuration Assistant. The low setting (default) provides port security and protection against broadcast storms. The medium setting adds MAC address authentication. The high setting adds IEEE 802.1x authentication for media-level access control, and provides the capability to permit or deny network connectivity and control VLAN access based on the user or machine identity.

Cisco 500 Series Wireless Mobility Express Controller

The Cisco 500 Series Wireless Express Mobility Controller is designed to optimize the wireless networks of small and medium-sized businesses (SMBs). As a core element of the Cisco Mobility Express Solution, the mobility controller is built to specifically support the Cisco 500 Series Wireless Express Access Points. Together, they provide IT Managers complete visibility of the wireless network. The mobility controller automatically manages access points to reduce interference, avoid coverage gaps, maximize available bandwidth to ensure overall optimal network performance, and support advanced mobility services such as guest Internet access and voice over Wi-Fi.

Figure 3. 500 Series Controllers

mobility-express-demo06.gif

The Cisco 526 Wireless Express Mobility Controller can be used with up to six access points for each controller and up to two controllers for each network. It harnesses the power of Cisco Lightweight Access Point Protocol (LWAPP) technology-best-in-class automatic radio optimization, mobility performance and multi-access-point management-at the capacity, simplicity, and price point appropriate for the SMB. On top of the basic transport layer, this controller supports Cisco Secure Guest Access and voice-over-WLAN advanced mobility services. Along with other products in the Smart Business Communications System, this controller uses the Cisco Configuration Assistant software rather than a command-line interface, accelerates deployment and decreases the cost of ongoing maintenance.

Features and Benefits

Table 4 describes the features and benefits of the Cisco 526 Wireless Express Mobility Controller.

Table 4. Features and Benefits of the Cisco 526 Wireless Express Mobility Controller

Features

Benefits

Part of the Cisco Smart Business Communications System

Part of a portfolio of switching, routing, security, and voice products designed to work both individually and together as a multiproduct system to maximize the value of each product in the network.

Simplifies multi-access-point networks

Addresses issues in multi-access-point infrastructures, including scalable security, radio self-interference, and repetitive management tasks, to help ensure that multi-access-point networks operate at peak efficiency.

Streamlined management tool

Uses Cisco Configuration Assistant management software instead of a command-line interface for configuration to accelerate new and incremental deployments.

Supports Cisco LWAPP

Uses Cisco LWAPP for communication between access points and controllers to simplify deployment and follow-on management, and to automate functions required for a pervasive WLAN end-user experience.

Multi-access-point Radio Resource Management (RRM)

In built with more than one access point, RRM coordinates access points in real time to optimize radio coverage/capacity while working around potential points of interference.

Secure authentication mechanism support

Support for a wide range of authentication mechanisms to enable scalable security architectures and minimize security interoperability issues (WEP, MAC Filtering, WPA, WPA2, WebAuth, and EAP).

Wired/wireless network virtualization

Supports the use of up to eight SSID/VLANs so that one physical WLAN infrastructure can be safely shared by different users, applications, or organizations as virtual wired/wireless networks.

Supports Cisco Secure Guest Access

With Secure Guest Access, organizations can create a virtual guest network with a Web login page for non-employees to get Internet access while safely partitioned from the sensitive corporate LAN.

Supports Cisco voice-over- WLAN optimization

Voice over WLAN optimization is a package of features that deliver quality of service, call admission control, and fast inter-access point hand-off to improve the quality of a wireless voice infrastructure.

Architectural Feature Comparison

With Cisco 521 Wireless Express Access Points, the Cisco Wireless Mobility Solution is an ideal fit for the SMB environment. Table 5 highlights the main architectural feature differences between consumer-grade, business-grade, and enterprise-grade WLAN solutions.

Demonstration Notes

WLC 526 is accessible with the desktop shortcut (local machine) or https://192.168.10.50 for remote machines. Configuration is done from the CCA and Web UI. CCA can be started if you click the icon on the desktop.

Cisco Configuration Assistant Overview

Complete these steps:

  1. From the PC that runs CCA, double-click on the CCA icon on the desktop. The screen comes with the message to connect to community or create community. If community was already created then choose that community from the drop-down menu. In this example, the community name is SBCS demo.

    mobility-express-demo07.gif

  2. Click OK in order to connect to the community.

  3. The message appears and asks for the user name and password on the UC 520 our seed device address. Key in user name admin and password cisco and click OK. You can also see the screen that asks you to accept the security certificates of the devices. Enter yes on that screen.

    mobility-express-demo08.gif

    Note: You can have other devices in the topology that require different user name and passwords. You need to know their default or administratively changed credentials for the CCA in order to be able to configure and manage them.

  4. If the community was not created, then choose an option to create a community. This example uses SBCSdemo with the seed IP address of the UC 520. Enter the information previously indicated and start discovery. After a few seconds, the devices are discovered on the screen with their IP addresses and Host names. Again as before, enter username and password admin and cisco and accept security certificates as they popup on the screen during the discovery process.

    mobility-express-demo09.gif

    mobility-express-demo10.gif

  5. The CCA comes on the screen with Topology View of the configured network. Make sure all the devices are discovered and presented on the Topology View screen.

    mobility-express-demo11.gif

Verify AP Registration

Complete these steps in order to verify AP registration:

  1. In the topology view, verify that all the components are present and all the devices show MAC address and IP addresses. You can change the setting of what is shown on the screen in the Topology Preference Setting.

  2. Open the Monitor > Reports > Wireless Radios menu and see all the APs connected to the controller and their Channel and Transmit power assignments.

    mobility-express-demo12.gif

    Note: The AP Mac address entries vary in every demo. Channels and Transmit power can be different as well.

Verifying Clients Association

Complete this step:

On the left side drop-down menu, choose Monitor > Reports > Wireless Clients and you see all the Wireless clients associated and authenticated to the APs.

CCA features on the Topology View Screen

Complete these steps:

  1. Double-click on any Device icon on the screen and see the detailed device information or you can change devices name, get code version loaded on the device, and write annotations.

  2. On the top menu of the Topology view, there are Topology Icons for Changing layout, Saving Topology or Topology Options. One of the nice features is the ability to set colors for the VLAN of the SBCS network.

    mobility-express-demo13.gif

CCA menu options on the Left Side Menu

Complete these steps:

  1. On the left side menu open the Configure Tab and view all the different options to configure Smartports, VLANs, Ports, Security, Telephony, Wireless, Routing, DHCP Server, Device Properties, etc.

    mobility-express-demo14.gif

  2. Open the <Configure>< Smartports menu tab, and you see the UC500 displayed on the screen with Ethernet Smartports highlighted on the display. When you click on Port and then on the Modify button, this shows the configuration options for the port. Note that in this demonstration, the port where the APs are connected configured as Access Point ports with default VLAN.

    mobility-express-demo15.gif

  3. Next in the Configure menu choose VLANs. You see VLANs configured on the network under the hostname UC520-demo and hostname New526-demo.

    mobility-express-demo16.gif

    mobility-express-demo17.gif

  4. Next move on to the Wireless Networks and choose Hostname of the 526 controller. You see all the SSIDs created and their security settings and VLANs to which they are assigned. You can create a new SSID from this menu option as well.

    mobility-express-demo18.gif

    Note: If you choose to create a new SSID and there is no unassigned VLANs available, the system prompts you to first create a new VLAN for that SSID since Mobility Express system supports only one to one mapping between VLAN and SSID. See the Note on the previous image.

    mobility-express-demo19.gif

    mobility-express-demo20.gif

    Note: The new created VLAN shown on the screen is synchronized with VLANs on all other SBCS system that CCA 1.5 supports, such as in this case UC520. Under the hostname UC520, you can show that a new VLAN was created.

    mobility-express-demo21.gif

    If you create a SSID with WebAuth, you also get a message if a new WLAN user should be created at the same time. This is also a new feature in the CCA 1.5.

    mobility-express-demo22.gif

  5. In Wireless > WLANs (SSID)…> Modify, you can modify the SSID setting such as Security, Encryption, Choose associated VLAN and decide whether the SSID should be broadcasted.

    mobility-express-demo23.gif

  6. Choose<Configure> <VLANs…> and then choose < New526-demo> for the Hostname. You can see all the dynamic interfaces (VLANs) that exist on your wireless network and their IP addresses assignments. You can see the same information under WebUI.

    mobility-express-demo24.gif

  7. In Wireless> WLAN Users>, you can create a new Wireless Network Users: a Regular User with no time restrictions or a Guest user with time restrictions.

    mobility-express-demo25.gif

    Note: The new created Guest user option allows you to specify the Validity time of the Guest User on the network.

    Note: In addition, you have an option to create a new SSID right from the same configuration screen. These are a new feature in the CCA 1.5 and new WLC software.

  8. Under WLAN Users create a guest user; when you create a guest user you have to add a guest SSID and create synchronized VLAN at the same time. For ease of use, all this is done from one window and you are prompted for each step during the process. All the newly created VLANs get synchronized across SBCS system for configuration simplicity.

    mobility-express-demo26.gif

    Note: When a new SSID gets created the system automatically sets the type of the WLAN to Guest from the three available options: .

    • Data

    • Voice

    • Guest

    Note: You can also demonstrate that the new SSIDs and VLANs were created successfully on the system as shown here.

    mobility-express-demo27.gif

    mobility-express-demo28.gif

  9. DHCP services are not available on the Wireless controller so you reserve to using the DHCP server on the UC500 to assign IP addresses to the wireless APs and wireless clients. After the WLANs and VLANs have been created and configured, verify or configure DHCP server on the UC500 in Configure > Routing > DHCP Server. Verify that DHCP Pools and DHCP Exclusions are created and configured properly on the UC520 for each VLAN previously configured.

    mobility-express-demo29.gif

    mobility-express-demo30.gif

  10. Next, move on the Monitor tab and see some of the options there. In Monitor > Reports, you can see all wireless Radios (APs) and wireless clients on the network.

    mobility-express-demo31.gif

  11. Look at the Monitor > Wireless Controller Dashboard. This is also a new option in the CCA 1.5. In this option, you can show System Status, AP summary, Controller and AP Statistics.

    mobility-express-demo32.gif

  12. Look at Monitor > System Messages. If there are any rogue APs in the surrounding environment and not configured on the network, the system displays them as Rogue APs. You can also setup a Message Filter or Save/Print the system messages report.

    mobility-express-demo33.gif

    Note: The error messages displayed on the display vary from site to site.

    Converting 521 AP from Standalone to Controller mode LAP

  13. In Configure > Wireless > Convert To LAP…>, you can convert any or all Standalone 521 APs to a Controller Mode LAPs. You can demonstrate that there is a standalone 521 AP connected to the SBCS demo network and that AP can be converted to the LAP.

    Note: Do not proceed with the conversation process during the demonstration. In addition you have to verify that the Standalone 521 AP is part of the SBCS-demo community, otherwise the Convert To LAP… does not show up under the Wireless menu option.

    mobility-express-demo34.gif

Viewing Horizontal Menu Tab in the CCA

The Client filter further enables the ability to view specific information that relates to the client IP Address, MAC Address, Name, and asset information.

mobility-express-demo35.gif

  1. The First Tab mobility-express-demo36.gif allows you to connect or change the community you display.

  2. The second Tab mobility-express-demo37.gif is the refresh button, when you make changes and need to refresh the information presented on the screen or the Topology view.

  3. The Third Tab mobility-express-demo38.gif activates the Print Services.

  4. The Fourth Tab mobility-express-demo39.gif is the preference setting tab. You can change setting such as Network Polling Intervals, setup Applications Updates, Proxy Servers, Configuration Archive and Network Health here.

    mobility-express-demo40.gif

  5. This tab mobility-express-demo41.gif can save configurations of all or individual devices.

  6. This tab mobility-express-demo42.gif allows you to configure Voice setting such as Device and System Parameters, Network parameters, Dial Plan, AA and Voicemail, SIP trunk parameters, Voice Features and User Parameters.

    mobility-express-demo43.gif

  7. The mobility-express-demo44.gif tab is to configure VPN server on the UC520.

  8. This tab mobility-express-demo45.gif is to setup Firewall and DMZ on the UC 520 and different Security Levels.

  9. The Wireless Tab mobility-express-demo46.gif allows you to configure the Wireless setting on the UC520 device for the stand-alone AP(s) and on the WLC 526 for the Controller Mode configuration.

    Note: This setting is the same as if you chose a Wireless Networks Configuration on the left side Config Wireless Tab. Several other Tabs on the Horizontal Menu are a repeat of the configuration options available on the Left Side Menu options.

  10. This tab mobility-express-demo47.gif is the setting to configure the Smart Ethernet ports on the UC 520 or CE 500 if one is available.

  11. This tab mobility-express-demo48.gif is the Ethernet Port Setting tab on the UC 520 with options to set filters on each port and set the speed of the ports.

  12. This tab mobility-express-demo49.gif is the Inventory Tab and provides a detailed list of the devices and their settings.

  13. This tab mobility-express-demo50.gif is the Health Tab, same as the Monitor tab on the left side menu and shows the performance of the system.

  14. This tab mobility-express-demo51.gif is the event notification tab, also same as Monitor Health Tab on the left side menu.

  15. Next Tab is the Front View Menu Tab mobility-express-demo52.gifof the devices in the SBCS network.

    mobility-express-demo53.gif

    Note: The Front View of the WLC 526 is now supported in release version 1.5 of the CCA.

  16. The next Tab mobility-express-demo54.gif displays and refreshes the Network Topology View on the screen.

  17. The next four Tabs mobility-express-demo55.gifare for Legend, Help, Email option and Search.

Configuring 526 Wireless LAN Controllers

  • There are Unified Controllers and SMB controllers, you want to briefly discuss the differences between the Unified and Mobility Express 526 controller.

  • The Cisco controllers provide Mobility Express management for SMB system

  • If desired, you can show demonstrate the web interface of the 526 controller or the CCA interface to the Controller. You can launch CCA from the desktop Icon as before mobility-express-demo56.gifor launch the WebUI to the controller by launching the IE browser to the http://192.168.10.50 - the IP address of the management interface of the 526 controller.

    mobility-express-demo57.gif

Auto Radio Frequency (RF) and Power Management

In this section, you can demo auto power and auto channel assignments. The Auto RF demos rely on the controller response time which is locked in at 600 seconds (10 minutes). Patience is required for some of the RF changes to occur.

Auto Power and DCA

Complete these steps:

  1. For this demonstration, use Web UI interface on the controller. Connect to the controller Web UI interface IP address 192.168.10.50, in this case, the IP address of the controller management interface. Login into the controller with username = admin and password = cisco.

  2. In the controller GUI interface, choose wireless > 802.11b/g > RRM > auto RF and you see all the default options. These options are preset and should not be changed.

  3. In the controller GUI interface, choose wireless > 802.11b/g > RRM > DCA and you can see all the channels that have been selected. There are three channels selected 1, 6, 11; these are the non-overlapping channels do not change that setting.

  4. In the section you can also choose the country of operation and select the desired country here under the 802.11 b/g > Country setting.

    Note: The APs should be setup in a six foot by six foot grid with the WLC526 in the center of the grid. For the best demonstration results three to four LAPs 521 should be used. For RRM to function effectively, at least three LAPs 521 should be used at the same time.

  5. Disconnect one of the APs from the Ethernet ports.

  6. Look in the CCA in Monitor > Wireless Radios. Some of the transmit power settings should change from the lowest value of 1*.

  7. The radio settings can be also observed under the Web UI under the Wireless > Radios > 802.12b/g > Tx Power Level Assignment in Custom Mode.

    Note: 

    Power Level

    The transmit power level of the access point where

    1 = Maximum power allowed per Country Code setting, 2 = 50% power, 3 = 25% power, 4 = 6.25 to 12.5% power, and 5 = 0.195 to 6.25% power

    Note: The power levels and available channels are defined by the Country Code setting, and are regulated on a country by country basis.

    mobility-express-demo58.gif

  8. Connect AP back to the Ethernet port and you should be able to observer changes in Power Levels.

    Note: This demonstration works the best if at least three APs are used.

    Emphasize:

    • The real-time RF management capabilities of the Cisco Mobility Express Wireless Network allow the network to respond in real-time to changes in the RF environment.

      1. Organization should expect ongoing changes in the RF environment.

      2. Users come and go from conference rooms.

      3. Additional clients can be added to an area in a building

      4. The WLAN infrastructure can need to be adjusted over time for changes in the building configuration or design.

      5. Interference can occur from devices that operate in the unlicensed Wi-Fi bands

    • The Cisco Mobility Express Wireless Network creates an intelligent RF control plane for self-configuration, self-healing, and self-optimization.

    • Intelligent RF capabilities managed by Cisco wireless LAN controllers include:

      1. Dynamic Channel Assignment—802.11 channels are adjusted to optimize network coverage and performance based on changing RF conditions.

      2. Interference Detection and Avoidance—The system detects interference and recalibrates the network in order to avoid performance problems.

      3. Coverage Hole Detection and Correction—RRM software detects coverage holes and attempts to correct them with the adjustment of the power output of access points.

      4. Dynamic power control—The system dynamically adjusts the power output of individual access points to accommodate changing network conditions, which helps to ensure predictable wireless performance and availability.

Mobility Express Security and Guest Access

Demo Time: 10 to 20 minutes

Customers understand the need for wireless security. At issue is how to manage the security across the enterprise given the access requirements for employees and guest access today. Other critical issues that customers face include Rogue APs . The demonstrations included in this section are shown in Table 5.

Table 5. Security Setup Demos

Demo

Duration (min.)

Description

Guest Access using Web Authentication (configuration demo)

5 - 10

This demo will show a customer how to setup a Guest authentication web login.

WEB Authentication

5

This demo will show how to monitor guest login

Key Features

  • Multiple security policies are very easy to deploy and maintain across any network with the use of the Cisco Mobility Express WLAN Solution.

  • Built in guest user administration web authentication is a key feature many customers require for guest access.

Marketing Messages

With the increased reliance on WLANs, businesses have become more concerned about network security. Network managers need to provide end users with freedom and mobility without offering intruders access to the WLAN or the information sent and received on the wireless network.

The Cisco Mobility Express Wireless solution provides robust wireless LAN security services that closely parallel the security available in a wired LAN. With industry-leading WLAN security services, it fulfills the need for consistent, reliable, and secure mobile networking. The Cisco Mobility Express Wireless solution delivers many innovative Cisco enhancements and supports Wi-Fi Protected Access (WPA), Wi-Fi Protected Access 2 (WPA2), and Wi-Fi Certified client devices to provide access control for each user, for each session mutual authentication and data privacy through strong dynamic encryption.

Demo Actions

Mobility Express Security Configuration

Complete these steps:

  1. In the CCA 1.5, choose Configure > Wireless > WLANs (SSIDs)…> and choose the Hostname to be configured.

  2. In this section you notice that each SSID is mapped to a VLAN.

    Note: Only one to one mapping is allowed; one SSID for each VLAN.

  3. Choose one of the SSIDs configured in earlier and then click Modify. For example, choose <datasec>.

    mobility-express-demo59.gif

  4. Under the security settings you see all of the security options available for configuration. In this case, the SSID = datasec is configured with WPA2 as a security option.

  5. The encryption type for the SSID was chosen as AES the second option available is TKIP.

  6. Finally, the RADIUS server with IP address 192.168.10.1 was selected for 802.1x authentication as shown in the image in step 7.

  7. The RADIUS server can be selected as internal on the UC500 or external if External RADIUS such as ACS is available.

    Note: The Local RADIUS server on the UC520 is designed for support of the Internal or Standalone APs only! For the demonstration purposes only, you have to modify the UC520 local RADIUS server to also support WLC 526 as authenticator, therefore you need to add this command on the UC520 from the CLI. The IP address added 192.168.50.10 indicates the IP address of the management interface of the controller.

    Note: In the production environment do not use the UC520 as a RADIUS server for the 526 Wireless Controllers.

    mobility-express-demo60.gif

  8. In this demonstration, the internal Local RADIUS server on the UC 520 is configured in Configure > Wireless > WLANs > Hostname = UC520-demo. Secret Key = demo. Enable Local RADIUS server.

    mobility-express-demo61.gif

  9. Enable the Local RADIUS Server with Secret Key = demo.

  10. Show client connectivity on the SSID = smbdata, with username=user1 and password= demo.

    Note: The supported EAP types with the Local RADIUS serer are LEAP, EAP-FAST and MAC authentication.

Cisco Wireless Clients

Demo Time: 20 to 30 minutes

There are variety of the Wireless Client 802.11a/b/g cards are available on the market today. There are also about half a dozen very popular Supplicants available to the wireless users. Although Cisco cannot demonstrate every possible wireless client and supplicant, the most popular clients, supplicants and some hand held devices used by the SMB are demonstrated. Please note the Wireless Clients demonstrated here are all CCX client devices.

The components highlighted in this demo section are shown in Table 6.

Table 6. Key Components to demonstrate various Client

Demo

Description

Laptop with CB 21AG card and Cisco ADU

Wireless client setup with the Cisco PC Bus 802.11 a/g card and Cisco ADU supplicant

Laptop with 350 card and ACU supplicant

Wireless client setup with Cisco 350 802.11b card and ACU

Laptop with CB 21AG card and ADU and CSSC 5.0 Supplicants

Wireless Client setup with Cisco card and Cisco Security Services Client Version 5.0

Intermec Hand Held Device and Funk Odyssey Supplicant (optional)

Intermec CN-3 Mobil device with Broadcom Wireless Card and Funk Odyssey client

Cisco 7921 Wireless Phone

Cisco 7921 Wireless IP phone with VoIP

Nokia Dual Mode Phone (optional)

Nokia Dual Mode Wireless Phone.

Marketing Messages

Based on customer client requirements, you can want to discuss the various wireless client options available from Cisco (802.11b/g cards) or from third party (Cisco Compatible –CCX) vendors. Over 90 percent of Wi-Fi silicon is Cisco Compatible.

Key Points:

  • With the Cisco Client Administration Software, an administrator can centrally perform these operations, thus the cost to implement, operate, and optimize the wireless clients is minimized:

    • Determine and configure the setup options for the end user utility software.

    • Set and modify end user functions.

    • Create preconfigured user profiles for a user or group of users.

Refer to Cisco Aironet Wireless LAN Client Adapters—Maintain and Operate Guides for more information.

Demo Activity

In this demonstration, a variety of wireless cards and supplicants are used and in order to make demo more interesting and to explore rich set of the security capabilities of the Mobility Express controller in combination with the UC 520, several different security setups, as shown in the previous section, with different clients are demonstrated. This demonstration further enforces the security capabilities of the SMB system and its interoperability with a wide variety of wireless clients and supplicants. During the demonstration you can pass the wireless clients and handhelds to the customers.

Table 5. Security Setup Demos

Demo

Duration (min.)

Description

Laptop with CB 21AG card and Cisco ADU

3 min

Wireless client setup with the Cisco PC Bus 802.11 a/g card and Cisco ADU supplicant .

Demonstrate connectivity to WLC LAP with WPA2/AES and EAP-FAST

Laptop with 350 card and ACU supplicant

3 min

Wireless client setup with Cisco 350 802.11b card and ACU

Demonstrate connectivity to IOS AP with EAP-FAST and Dynamic WEP

Laptop with CB 21AG card CSSC 4.2 Supplicants

3 min

Wireless Client setup with Cisco card and Cisco Security Services Client Version 4.2

Demonstrate connectivity to IOS AP with LEAP and Dynamic WEP.

Laptop with Cisco CB 21AG card and CSSC 5.0 Supplicant

3 min

Wireless Client setup with Cisco card and Cisco Security Services Client Version 5.0.

Demonstrate connectivity with WPA/PSK.

Intermec Hand Held Device with Funk Odyssey Supplicant and MS Zero Config

3 min

Intermec CN-3 Mobil device with Broadcoam Wireless Card and Funk Odyssey client

Demonstrate connectivity with WPA-PSK using Zero Config and WPA2/AES and EAP-FAST using Odyssey supplicant

Cisco 7921 Wireless Phone

3 min

Cisco 7921 Wireless IP phone with VoIP

Nokia Dual Mode Phone

3 min

Nokia Dual Mode Wireless Phone.

Wireless Client connectivity with UC520 integrated AP - Secure connectivity using CSSC supplicants.

Here is a demonstration of the setup with WPA-PSK on the laptop that uses lately released CSSC version 5.0.

With CCA 1.5, in the Configure Wireless Networks tab, configure SSID=smbdata with security WPA-PSK and PSK=sbcsdata. PSK key has to be at least eight characters.

mobility-express-demo64.gif

Note: Connectivity with an autonomous AP on the UC 500 is demonstrated.

Client connectivity demonstration using CSSC ver 5.0 supplicant

This section shows a demonstration of a configuration and setting of the CSSC supplicant version 5.0 with WPA-PSK and TKIP encryption. As shown in step 2 other Authentication and Encryption options can be easily configured with the use of CSSC version 5.0 supplicant.

CSSC 5.X supports both Wired and Wireless connectivity on the client devices, however only one option by default is used.

  1. First, you have to configure a profile with the Configuration Manager 5.0.

    mobility-express-demo65.gif

    mobility-express-demo66.gif

  2. Enable Authentication Policy in the Supplicant for all the profiles of the wireless client. You have to make sure that WPA-PSK Personal with TKIP is enabled.

    mobility-express-demo67.gif

  3. Configure Wireless Settings for the client with SSID=smbdata and shared key=sbcsdemo.

    mobility-express-demo68.gif

    mobility-express-demo69.gif

  4. After the profile SBCS demo is configured, save the profile to the SBCS group.

    mobility-express-demo70.gif

  5. After you save profile in the Configuration Manager, choose CSSC Client Utility > Launch the SBCS Demo profile and enter Authentication credentials when prompted.

    mobility-express-demo71.gif

  6. Choose the Connection Status tab in order to see the client IP address and other connectivity parameters as indicated in this image. The client received the IP address from the DHCP server on the UC 500 on VLAN 10.

    mobility-express-demo72.gif

Wireless connectivity with UC 520 AP - Secure connectivity using MS Zero Config Supplicant

The next demonstration is the setup with WPA/PSK on the hand held device. You initially configure the Intermec CN-3 device with the Microsoft Wireless Zero Config supplicant that comes native on the Windows Mobile Device.

Note: You can use any PDA or a Hand Held device that runs Windows CE Mobile if you do not have Intermec device for this demonstration.

Note: MS Zero config supports PEAP authentication; however, Local Radius server on the UC520 supports only LEAP and EAP-FAST authentication methods therefore there is not a demonstration for PEAP with Windows Mobile.

  1. This is a demonstration of Wireless client connectivity with WPA/PSK on the Windows Mobile device.

    mobility-express-demo73.gif

    mobility-express-demo74.gif

    mobility-express-demo75.gif

  2. Configure the discovered wireless network smbdata with WPA/PSK. Configure SSID= smbdata with shared key=sbcsdata.

    mobility-express-demo76.gif

    mobility-express-demo77.gif

  3. After the user credential is entered as previous shown, the client authenticates and connects to the Wireless Network.

    mobility-express-demo78.gif

Wireless connectivity with WLC526 LAP - Secure connectivity using ADU and Odyssey Supplicants

This is a demonstration of the setup with WPA2/AES on the laptop and hand held device. For the next few client connectivity demonstration, the WLC 526 controller and LWAPP APs are used.

  1. This is a demonstration of the Wireless client connectivity with WPA2/AES and EAP-FAST authentication. Configure SSID= datasec with security WPA2/AES and EAP-FAST; in the security make sure Local RADIUS server 192.168.10.1 is configured with key=demo. See the configuration setup done with CCA 1.5 in this image.

    mobility-express-demo79.gif

  2. Configure Client in ADU with the same credentials as previously shown in step 1 in the CCA configuration. Create profile with a SSID=datasec.

    mobility-express-demo80.gif

  3. Configure in the ADU security settings for WPA2/AES and EAP-FAST authentication as shown in this image:

    mobility-express-demo81.gif

  4. Configure EAP-FAST settings as displayed here:

    mobility-express-demo82.gif

  5. In the Advanced option Tab, you want to configure additional options as shown and also disable the 5GHz scan since the 521 AP does not support that mode.

    mobility-express-demo83.gif

  6. Finally activate the newly created profile.

    mobility-express-demo84.gif

  7. The wireless client should Associate, Authenticate and eventually get an IP address from the DHCP server on VLAN 40.

    mobility-express-demo85.gif

    mobility-express-demo86.gif

  8. In Web UI interface, you can show more details about the connected client and even do a Link Test. Also on the Client device in ADU, you can see more in the Advanced Status tab.

    mobility-express-demo87.gif

Client Connectivity using Intermec CN-3 device and Odyssey or Windows Mobile supplicant

Complete these steps:

  1. Configure the CN-3 device with the Odyssey interface for the WPA2/AES and EAP_FAST authentication.

    mobility-express-demo88.gif

    mobility-express-demo89.gif

    mobility-express-demo90.gif

  2. Configure the Odyssey with SSID= datasec withWPA2/AES and EAP-FAST.

    mobility-express-demo91.gif

    mobility-express-demo92.gif

    mobility-express-demo93.gif

  3. After you entered authentication credentials user=user5 and passw=demo as it was configured on the Local Radius Server, you see the client Associate, Authenticate and receiving the IP address.

    mobility-express-demo94.gif

Wireless Client Connectivity with WLC 526 and LAP using Cisco 350 card and ACU with EAP/WEP

Complete these steps:

  1. This example shows client connectivity to the Wireless Network with SSID=dataopen with EAP/Dynamic WEP configured with CCA.

    mobility-express-demo95.gif

  2. Configure Cisco Wireless Client with the same SSID=dataopen using ACU 6.6 . Create a profile 350 with ACU in the ACU under Profile Manager Menu option as shown here:

    mobility-express-demo96.gif

    mobility-express-demo97.gif

  3. Configure wireless security as LEAP in the Network Security Tab in the ACU and then configure LEAP.

    mobility-express-demo98.gif

    mobility-express-demo99.gif

  4. Save the profile and then choose it in the ACU main menu with the Select Profile option.

    mobility-express-demo100.gif

  5. Authenticate to the wireless network with credentials as configured on the Local Radius server on the UC520. User name=user3 and password=demo

    mobility-express-demo101.gif

  6. The client Authenticates and receives IP address from the DHCP server configured on the UC520 on the VLAN 30.

    mobility-express-demo102.gif

  7. Verify the connectivity in Status > ACU main menu.

    mobility-express-demo103.gif

Wireless connectivity with WLC526 LAP521 - Secure connectivity using Wireless 7921 Phones

This example shows the setup with WPA/TKIP and 802.1x with Wireless Phone clients. You initially configure the Cisco 7921 device with the GUI interface on the phone supplicant that comes native on the 7921.

Note: It is technically difficult to get the screen shots from the 7921; therefore the demonstration is of the configuration setup of the 7921 with the Browser interface that connects to the 7921.

Note: In the CCA version 1.5, there is now a new capability to configure some Advances VoIP features for the Wireless Clients. The Advanced Voice features such as Call Admission Control (CAC) and the Fast Secure Roaming (CCKM) can be configured right in the CCA 1.5 interface as shown here.

mobility-express-demo104.gif

  1. This shows the 7921 client connectivity to the SSID=smbphone in the CCA 1.5. Other settings on the 7921 are for the Default Router 10.1.1.1 and Call Manager Express (CME) – 10.1.1.1. As shown here, the client IP address is 10.1.1.15 , and note the IP address can be different.

    mobility-express-demo105.gif

  2. Configure the Active Profile SMBphone with SSID= smbphone.

    mobility-express-demo106.gif

  3. On the 7921 create a Wireless Profile SMBphone and setup the wireless options as shown here. Security should be setup to WPA/TKIP and Authentication Auto AKM equivalent to Cisco Centralized Key Management = Fast Secure Roaming (CCKM). When Auto AKM is selected on the 7921 phone, the Authentication type is LEAP automatically as it shows in this controller screen shot.

    mobility-express-demo107.gif

  4. Configure wireless Profile = Profile1 or make changes to the existing profile as shown here. If the settings are locked, choose <*><*> and <# > keys in order to unlock them. Enter User credentials as configured on the Local Radius Server user=user5 and password=demo. Enable the DHCP server.

    mobility-express-demo108.gif

    mobility-express-demo109.gif

  5. After you configure the 7921 and connect to the wireless network, verify the phone connectivity authentication and security credentials obtained on the controller Web UI as shown here.

    mobility-express-demo110.gif

  6. Verify Phone connectivity to the Cisco CallManager Express in the CCA as shown here.

    mobility-express-demo111.gif

  7. After all the connectivity is verified, you should be able to demonstrate the functionality of the 7921 when you make calls to a Desktop 7960 phone and other phones if available. Phones extensions examples are shown in the previous image.

    Note: 7921 clients should be freely moving (roaming) around the demonstration room and observe no latency in the communications since Fast Secure Roaming (CCKM) was configured on the 7921. The 7921 phone is auto configured in the Voice system. You can add names to extensions if you wish.

Client Failover

Complete these steps:

  1. Place a call from the 7920 Wireless IP Phone to the 7960.

  2. Answer the call on the 7960 and put the call on mute.

  3. Look for a fast blinking Ethernet activity light on the AP, or you can look in the WLAN Controller or CCA in order to note which AP the 7920 is associated.

  4. Disconnect the Ethernet cable from this AP. Talk into the 7920 while you do the demo.

  5. Notice that the phone call stays active and only takes a second to failover to another AP. The voice interruption should be very minimal.

  6. Verify 7921 phone connection in the Topology View.

Wireless connectivity with WLC526 LAP521 - Secure connectivity using Wireless Nokia Dual-Mode Phone

The next demonstration is the setup with WPA/TKIP and 802.1x with Wireless Phone clients. You initially configure the Nokia device with the GUI interface on the phone supplicant that comes native on the Nokia interface.

  1. This is an example of the Wireless client connectivity with WPA/PSK on the Nokia wireless phone, but prior to that you have to setup the Cisco CallManager Express with the MAC address of the Nokia E-60-1 dual mode phone.

    Note: As shown in this figure, the Nokia dual mode phone is setup in the Cisco CallManager Express as a 7960 desktop phone.

    mobility-express-demo112.gif

    Note: Start Intellisynch in the Installat folder in order to get the serial number of the Nokia phone and other settings.

  2. Press the Menu button under the Navigation Button in the middle and then choose the Tools Icon > Settings in order to start configuration of the Nokia phone.

    mobility-express-demo113.gif

    mobility-express-demo114.gif

    mobility-express-demo115.gif

  3. Under the Connectivity Options > Connection Mgr > Available WLAN, find available WLANs seen by the Nokia Dual Mode wireless phone.

    mobility-express-demo116.gif

    mobility-express-demo117.gif

    mobility-express-demo118.gif

  4. In the Settings menu, choose a Connection configuration option for the Access Point and Create or Modify the SMB profile for the Nokia WLAN.

    mobility-express-demo119.gif

    mobility-express-demo120.gif

    mobility-express-demo121.gif

  5. Configure SMB profile for WPA/WPA2 with TKP for Authentication and Encryption and WLAN=smbphone, just like on the WLC. Also choose the EAP plug-in setting and configure it for LEAP at the highest priority and also configure under the LEAP settings User Credentials User=user5, Password=demo.

    mobility-express-demo122.gif

    mobility-express-demo123.gif

    mobility-express-demo124.gif

  6. Set up the Wireless LAN connection and then the SMB profile under the Access.

    mobility-express-demo125.gif

    mobility-express-demo126.gif

    mobility-express-demo127.gif

  7. Choose Dual Mode operation, verify the SCCP configuration for the Cisco CallManager Express connection and Voice Profile.

    mobility-express-demo128.gif

    mobility-express-demo129.gif

    mobility-express-demo130.gif

  8. After successful Authentication, the Nokia dual mode phone receives a Cisco CallManager Express extension and the call can be placed to the Desktop phone extension 201.

    mobility-express-demo131.gif

    mobility-express-demo132.gif

    Note: Please note in the previous figure that when the phone is connected to the Cisco CallManager Express and has extension, there is a little Icon near the Battery Icon. Also note that when the phone is connected to the WLAN (primary wireless connection), the Little Clover icon with the Lock is near the 123.

Create Guest Web Authentication

In the CCA version 1.5, the Guest Access is configurable now right through the CCA interface.

  1. Create Guest User interface in the CCA before you configure the Guest SSID. Choose Wireless > WLANs in CCA. For Guest User, create VLAN 60 with no security.

    mobility-express-demo133.gif

  2. From the same interface create another WLAN = smbguest, this time on VLAN 20 with Web Authentication checked and security set WPA2-PSK /AES.

    mobility-express-demo134.gif

  3. Configure the IP address of the Interface guest and smbguest, Subnet Mask, Default Gateway and DHCP server as shown here.

    mobility-express-demo135.gif

  4. After SSID guest is created in the CCA 1.5 Configure > Wireless > WLAN Users, createa new user guest as shown here. Note when you create a user guest, there are options available in this release that allow you to configure the times guest user is permitted on the network.

    mobility-express-demo136.gif

  5. In the same window, create another Guest user smbguest, but this time do not check the Guest User box; this setup allows you to map the not-guest user to a smbguest SSID that has different security credentials. This is a very useful setup when a not-guest user can be connected to the wireless network with Web-auth credentials and without AAA server.

    mobility-express-demo137.gif

  6. From the same tab <WLAN Users…>, you can create or modify the Web Authentication page as shown.

    mobility-express-demo138.gif

    Note: Lobby ambassador from the Web UI or System administrator has to create all the Guest and Local Net user accounts. Also note that session timeout impacts the Lifetime of the local net user. The session ends when the Lifetime or the session timeout timer ends. Session timeout of “0” means session for that WLAN does not expire.

  7. Click Hide or Show if you want Cisco Logo to appear on the log on page.

  8. In order to direct user to another specific URL, such as your company URL, after login, enter the www.companyname.com URL up to 254 characters.

  9. Enter information up to 127 characters in the Headline field. Default is Welcome to Cisco Wireless Network.

  10. In order to display message in the Web Login page, enter desired text up to 2047 characters. An example is previously shown.

  11. Click Apply in order to save the changes. Save configuration on the controller.

  12. You can preview the login page if you click Preview.

    mobility-express-demo139.gif

    Note: You must Save configuration and reboot the 526 controller in order to commit the changes. Choose Maintenance > Restart/Reset inorder to Reload the controller in CCA.

  13. Login to the WLAN Controller web authentication screen with guest/guest.

  14. Reenter the reachable HTTP site address in order to verify that client is able to freely use all network functions.

    mobility-express-demo140.gif

  15. Verify that client appears on the WLAN Controller client list as Associated and Authenticated.

  16. Click on the Monitor > Report > Wireless Client link in order to view associated client detail table. Guest clients should show as associated in the table with configured Guest profile.

    mobility-express-demo141.gif

    Note: When you set up guest VLANs, there is no separation applied between the VLANs in this release. This means that if the guest user logs on through your controller, the user can access any subnet in use on the UC500 if one is implemented on your network, for example your data vlan, voice vlan and so forth through the connection to the default gateway of the guest network.

    Note: The work around in this release of CCA 1.0 to 1.6 is to apply ACLs on the UC500 or on the 526 controller. Create the ACLs on the controller as shown in the example:

    mobility-express-demo150.gif

Web Authentication Lockout

Complete these steps:

  1. Start the WWW browser on SE Laptop and browse to https:// 1.1.1.1/login.html.You get a redirect to the web authentication page.

  2. At the WebAuth login screen, use the guest User Name in order to login however, use an incorrect password four times.

  3. After the fourth try, you are not be able to login.

  4. In WLC Web UI interface, choose Monitor mode and in Client Summary, you should see Excluded Clients.