Cisco CUWN Overview—About CCNA Wireless Tips

Premier Mellanox Selections: best-selling Mellanox Switches, Network Cards, and Cables

How to successfully deploy a Cisco Unified Wireless Network (CUWN) solution? What features do you need to know about? In this article, we will talk about some CCNA wireless tips of Cisco CUWN.

The CUWN-Cisco Unified Wireless Network Solution offers secure, scalable, cost-effective wireless LANs for business critical mobility. It is the industry’s only unified wired and wireless solution to cost-effectively address the wireless LAN (WLAN) security, deployment, management, and control issues facing enterprises. This powerful indoor and outdoor solution combines the best elements of wired and wireless networking to deliver high performance, manageable, and secure WLANs.

The CUWN solution builds upon the base security features of 802.11 by augmenting RF, 802.11, and network-based security features where necessary to improve overall security. Although the 802.11 standards address the security of the wireless medium, the CUWN solution addresses end-to-end security of the entire system by using architecture and product security features to protect WLAN endpoints, the WLAN infrastructure, client communication, and the supporting wired network.

WLANs in the enterprise have emerged as one of the most effective means for connecting to a network.

Cisco Unified Wireless Network Architecture in the Enterprise

Cisco Unified Wireless Network Architecture in the Enterprise

The core feature set of the Cisco Unified Wireless Network includes Cisco Aironet access points (APs), the Wireless Control System (WCS), and Wireless LAN Controllers (WLC), including the Cisco Catalyst 6500 Wireless Services Module (WiSM), the 440X, the 2106 WLC, the WLCM ISR module, and the WS-C3750G integrated controller.

The core feature set is currently deployable in the following configurations:

  • APs and WLC
  • APs, WLCs, and WCS
  • APs, WLC, WCS, and LBS

More notes: Adding optional Cisco Compatible Extensions client devices and the Cisco Secure Services Client provides additional benefits, including advanced enterprise-class security, extended RF management, and enhanced interoperability.

Generally, AP traffic is divided into the following:

  • Data Plane traffic–end user traffic
  • Control Plane traffic-control, configure, manage, and monitor the AP

Recall that autonomous APs bridge traffic between a wireless BSS and a wired VLAN. An Autonomous AP performs the following combined functions.

  • Lightweight AP functions (Real Time functions)
    • RF Transmit/Receive
    • MAC Management
    • Encryption
  • WLC Functions (Management functions)
    • RF Management
    • Association & Roaming Management
    • Client Authentication
    • Security Management
    • QoS

In the CUWN, a lightweight access point (LAP) performs only the real-time 802.11
operation. Management is performed on the WLC. The LAP-WLC division of labor is known as a split-MAC architecture. The Control and Provisioning of Wireless Access Points (CAPWAP–RFCs 5415, 5416, 5417, and 5418) tunneling protocol enables the AP and the WLC to communicate despite their location. It encapsulates the data between the APs and the WLC. UDP port 5246 transports CAPWAP control data to the WLC. CAPWAP data uses UDP port 5247 and is not encrypted by default. Encrypted packets are protected by Datagram Transport Layer Security (DTLS).

Every LAP and WLC must also authenticate each other with X.509 digital certificates.

Activities performed by the WLC:

  • Dynamic channel assignment
  • Automatically sets the power for each LAP according to the coverage area needed
  • Self-healing wireless coverage in case a LAP dies by increasing power for remaining LAPSю able to pinpoint and recover from external problems dynamically.
  • L2 and L3 client roaming
  • Dynamic client load balancing
  • RF Monitoring
  • Security management
  • Wireless intrusion protection system

For Autonomous APs, traffic from client to client passes through the LAP then to the next client. For LAP, The client traffic usually travels through the CAPWAP tunnel and passes through the WLC before making a return trip back through the tunnel to the other client. Clients may use DLS to communicate directly, without passing through the AP and controller; LAPs can also be configured in FlexConnect mode, so that traffic can be forwarded locally at the AP if needed.

Flexconnect: remote site LAPs are able to locally switch the traffic without traversing the CAPWAP tunnel. FlexConnect allows the LAP to keep switching traffic locally to maintain wireless connectivity available inside the remote site.

Cisco WLCs

Cisco WLC Platforms and Capabilities

Cisco WLC Platforms and Capabilities

Cisco WLC Platforms and Capabilities02

The vWLC cannot support any APs in local mode; all APs must be configured for FlexConnect instead.


Cisco APs

Cisco Lightweight Access Points and Tbeir Capabilities

Cisco Lightweight Access Points and Tbeir Capabilities

Cisco Lightweight Access Points and Tbeir Capabilities02

CleanAir–allows an AP to perform spectrum analysis on the wireless channels to detect non-802.11 interference.

As the number of radios and spatial streams increases, the AP is able to provide a greater throughput for its clients.

AP Operation Modes:

  • Local (Default). During times that it is not transmitting, the LAP will scan  the other channels to measure the noise floor, measure interference, discover rogue
    devices, and match against intrusion detection system (IDS) events.
  • Monitor Mode. No transmission of traffic. but its receiver is enabled to act  as a dedicated sensor. The LAP checks for IDS events, detects rogue access points,
    and determines the position of stations through location-based services (LBS).
  • Flexconnect (HREAP). LAP can locally switch traffic between an SSID and a VLAN if its CAPWAP tunnel to the WLC is down or configured to.
  • Sniffer Mode. Acts as packet sniffer and passes traffic to software analyzers like wireshark
  • Rogue detector.
  • OfficeExtend AP (OEAP).  LAP connects to the local broadband service and builds  a CAPWAP tunnel to the central WLC. User data can be encrypted over the
    CAPWAP data tunnel using DTLS.
  • SE-Connect for spectrum analysis.


CUWN Management

  • Wireless Control System (WCS)
    • Dedicated appliance
    • WLAN management or configuration tasks
    • RF planning
    • wireless user tracking, troubleshooting, and monitoring
    • display predictive “heatmap” representations of coverage
    • locate a wireless client  to within a few meters by triangulating the client’s signal as received by multiple LAPs.
    • with Cisco Wireless Location Appliance it could track client location
    • The WCS Navigator product provided a single portal to manage up to 20 instances  of WCS and up to 30,000 APs
  • Cisco Prime Network Control System (NCS)
    • Either dedicated appliance or vMware
    • wireless device management
    • switch management
    • dynamic RF coverage heatmaps
    • with MSE it could provide client location tracking
  • Cisco Prime Infrastructure (PI)
    • offers converged management  of both wireless and wired network devices
    • integration with wireless intrusion  prevention services,
    • spectrum analysis,
    • tracking of users, interferers, and rogue devices.


Reference from

More Related Cisco Wireless Network Topics

Types of Wireless Network & Wireless Topologies

WLAN, WLAN’S Role & Advantages

Wireless Network: How to Configure Wireless Security?

How to Connect Cisco Wireless Access Point?

Wi-Fi Alliance Announces 802.11ac Certification

Share This Post

Post Comment