Q&A: Larry Birenbaum, Senior VP and GM for Ethernet Access Group, Discusses the Benefits of Cisco's Structured Wireless Aware Networks

June 2, 2003

Cisco Systems has announced the Structured Wireless-Aware network, a framework for an integrated secure wired and wireless network that extends the company s proven local area networking (LAN) infrastructure capabilities to the wireless LAN. Creating a secure, reliable, and easily managed network design has become increasingly complex as customers expand their wireless LANs and deploy advanced applications, and this new solution is designed to simplify the challenges IT managers face as they move forward with these networks.

News@Cisco asked Larry Birenbaum, Senior VP and GM for Ethernet Access Group, to explain some of the security and other benefits to customers of Cisco s Structured Wireless Aware Networks.

What is the Cisco Structured Wireless-Aware Network?

Larry Birenbaum: The Cisco Structured Wireless-Aware Network is the solution for network managers who need to deploy, operate and manage hundreds to thousands of access points within wireless LAN campus deployments and branch offices or vertical retail, manufacturing, and healthcare locations. This framework provides medium-sized to large organizations with the same level of security, scalability, reliability, ease of deployment, and management that they have come to expect from their wired LANs.

What are the benefits of integrating wireless networks with the switching or routing infrastructure?

Larry Birenbaum: The advantages of a "wireless-aware" Cisco switch and router infrastructure combined with a Cisco wireless network include a common management and robust security scheme, simplified deployment and operation, centralized control and configuration of thousands of networking devices, the ability to detect rogue access points, fast secure roaming for mobile applications and self-healing networks for improved wireless up-time.

Is wireless LAN security still a key concern with customers?

Larry Birenbaum: Yes, wireless LAN security is still a key concern with customers. Cisco provides wireless LAN security for Cisco Aironet products via the Cisco Wireless Security Suite. This solution supports all IEEE 802.1x authentication types, including Cisco LEAP, and provides Temporal Key Integrity Protocol (TKIP) enhancements. This solution also supports Wi-Fi Protected Access (WPA). WPA is the new Wi-Fi Alliance specification for interoperable, standards-based wireless LAN security. It is based on the proposed IEEE 802.11i security standard. In April 2003, the Wi-Fi Alliance announced that the first round of products had successfully completed Wi-Fi Protected Access interoperability testing. Cisco Aironet Series Access Points were among the first round of products to successfully receive WPA certification.

Are rogue (or unauthorized) access points a wireless LAN security concern?

Larry Birenbaum: Yes, employee installed rogue access points are becoming more common as the demand for wireless networking increases, the cost of access points decreases and access point installation becomes easier. Malicious rogue access points, while much less common than employee installed rogue access points, are also a security concern. These rogue access points create an unsecured wireless LAN connection that puts the entire wired network at risk. Malicious rogues present an even greater risk and challenge because they are intentionally hidden from physical and network view.

Until the Cisco Structured Wireless-Aware Network, network managers had difficulty finding and disabling rogue access points. Prior to this new Cisco framework, network managers needed to walk the entire length of the network with an air-sniffing device to locate rogue devices. This manual, time consuming and costly task had to be repeated on a regular basis in order to detect newly installed rogue access points. With the Cisco Structured Wireless-Aware Network this process is automated. IT managers can now easily and automatically detect and locate rogue access points. This capability is extended to other RF interferers that are sharing the unlicensed, 802.11 bands.

What is the advantage of air/radio frequency (RF) scanning using both Cisco Aironet Access Points and Cisco and Cisco Compatible client adapters and mobile devices?

Larry Birenbaum: Since wireless LAN clients can potentially move through a large physical area, the addition of client-assisted rogue access point scanning and monitoring into the framework greatly increases the RF coverage area. Client air management with Cisco and Cisco Compatible client adapters and mobile devices provide 10 to 20 times more RF measurement data than access point RF measurements alone. This extends RF monitoring to areas most likely to contain rogue access points and allows for more accurate rogue access point detection.

What are IEEE 802.11 wireless bridges and what are common applications for these bridges?

Larry Birenbaum: IEEE 802.11 wireless bridges are an extremely cost-effective alternative to leased lines or as a less expensive backup to leased lines. Wireless bridges can also be used as a supplement to existing leased lines to provide more capacity. Applications for wireless bridges such as the Cisco Aironet 1400 Series Wireless Bridge, include backbone (backhaul) for community-based municipal networks such as public safety networks, education healthcare and building-to-building links across enterprise campuses.