Posts Tagged ‘wireless’
Well, we had all heard the rumors that it was coming down the line, and today Cisco decided to make it official just ahead of Cisco Live. Something very interesting thing about this update -no doubt as a result of really listening to the community’s voice in regards to the things that threaten the enterprise most these days- is that they’ve added a heavy emphasis on Bring Your Own Device (BYOD) over wireless threats. With the addition of a Wireless Lan Controller (WLC) and at least a single AP, along with the Identity Services Engine (ISE). For those of you who may not be familiar with the ISE, this is basically an evolution of a few devices combined into one – it is sort of a mix of the ACS, NAC Appliance and NAC Profiler. However, it is NOT a replacement for the ACS, namely because it does not do TACACS+, instead only supporting RADIUS for 802.1x and NAC. This is the reason that Cisco decided to leave ACS server in there – but upgrading it to v5.x (most likely 5.3). Also, if you happen to not have any experience with wireless technologies in general – you’re in luck! INE is releasing our 20-hour CCNA Wireless class later today, which covers Lightweight Access Points (LWAP) being controlled by WLCs, and those WLCs being controlled by higher-up Wireless Control System (WCS). In fact, since I’ve mentioned the WCS, it’s quite interesting that Cisco (in sort of a nonchalant way) mentions that the ASA firewalls may be configured by “Cisco Prime Tools”. If you aren’t familiar with Cisco Prime, it is basically the new branding of Cisco’s network management as a whole. LMS would now fall under Prime, something called Prime NCS (evolution of Cisco’s WCS), and Prime Tools fall under the new Prime branding.
There’s also a smidge of Voice device authentication as well, though it doesn’t even begin to really touch on Unified Communications security – something I still think will largely be addressed in the next CCIE Voice update. Basically they have a 7900 phone (probably 7965) and you do NOT have to configure the Unified Communications Manager (UCM) server to get it to work, you only have to dot1x authenticate it onto the wired network. Basically setup the ISE or ACS to auth it and interact with the actual phone display to input your credentials. Don’t be concerned – it’s nothing difficult at all.
Cisco also (finally) introduces their IronPort acquisition to the exam, by way of the S-series Web Security Appliance (WSA). This device goes way beyond days of old where you blocked or allowed certain websites, but rather digs deep into the functionality of websites and web-based applications and provides ‘acceptable use enforcement’ of these sites or webapps. Take for example Facebook. Many (if not most) companies these days have a social presence and use Facebook as a tool to conduct business, but that doesn’t mean they want their users surfing FB all day. The WSA allows strategic enforcement of what is and is not allowed to occur via these type web sites. It also blocks against threats such as malware.
They mention simply including “VPN Client Software” which will no doubt be the Cisco Secure Services Client v5 installed on one or possibly more Windows 7 virtual desktops placed around the topology. This would make sense for both wired and wireless 802.1x authentication with the ACS/ISE. Something we also go into in the new 20-hour CCNA Wireless class I just recorded a few weeks back. Question is whether AnyConnect Secure Mobility Client will also be tested. It’s not in there per-se, but that doesn’t mean it isn’t possible.
The addition of at least one 2911 ISR-G2 only makes sense, as IOS version 15.2 can’t be run on an older ISRs (making me wonder why the inclusion of the older ISR is even there, save maybe that there are far more deployed currently).
Links to both the new v4 blueprint and v4 hardware/software equipment list, as well as a more detailed checklist for studying:
There are obviously still a lot of questions that need to be answered by Cisco to have a complete and full picture of this new version of the prestigious CCIE Security exam, and those will no doubt be addressed during the 8-hour seminar this Sunday at Cisco Live in San Diego. I should note that this 8-hour session is an additional charge ($799) on top of your normal admittance to the convention – it is not considered a “breakout session”, all of which come included with your convention pass. Some obvious questions might be:
- Will we need to know how to configure ASA via Prime Tools, or is that simply another option?
- How many Windows 7 desktops will there be, and will we be using AnyConnect NAM on them or something like CSSC?
- Will there be both ASA and ASA-x versions? And if so, what would be the reason? (ASA-X series runs 8.6, whereas ASA only goes up to 8.4, amongst other things
- And many others we’ll come up with and have asked and answered
You can be sure that INE will be there, tweeting and live-blogging from the event.
Follow me and stay updated throughout the conference!
Once I catch my breath and look back at one of our popular INE courses like the CCNA Wireless course, I can delve a bit deeper into certain subjects that we did not have time for in the course. This is one of those moments. Let us get more detailed about Cisco’s implementation of Radio Resource Management (RRM) in the Cisco Unified Wireless Network architecture.
In today’s wireless LAN infrastructures, of course users want more and more bandwidth in a greater and greater coverage area. This is tricky to implement, however, since adding more and more powerful access points can actually do more harm than good for throughput. The goal of Cisco’s Radio Resource Management is to act like a Radio Frequency engineer built-in to the equipment. RRM allows the Cisco Unified Wireless equipment to continuously monitor the Radio Frequency environment and adjust things like channel assignments and and power levels to ensure optimal coverage and throughput. The exciting goal here is to make the wireless infrastructure “self-healing”.
Encoding and Modulating
What form of CSMA does 802.11 use?
What does DCF stand for?
Your wireless station heres someone transmit and waits the duration heard plus what value?
What logically seperates WLANs?
Name three requirements to roam between two autonomous APS.
For success designing and implementing Cisco Wireless solutions, a CCNA Wireless student needs to be familiar with the options for various wireless topologies. Two were defined by the 802.11 committees, while others were made possible thanks to excellent developments by wireless vendors like Cisco Systems.
The 802.11 Topologies
Ad Hoc Mode
While not popular, it is possible to have wireless devices communicate directly with no central device managing the communications. This is called the Ad Hoc network topology and is one of the two topologies defined by the 802.11 committees. In the Ad Hoc type topology, one device sets a group name and radio parameters, and another device uses this information to connect to the wireless network.
This type of wireless network topology is referred to as an Independent Basic Service Set (IBSS). This is easy to remember as we know the devices are working independently of an access point (AP).
Network Infrastructure Mode
When an access point is used to create the network, the official term is network infrastructure mode for the network. There is a Basic Service Set (BSS) setup that uses a single access point, or the Extended Service Set (ESS) that uses multiple access points in order to extend the reach of the wireless network.
We wanted to provide our students with advance notification of some upcoming online classes here at INE. While we hope to see many students in the actual live events, on-demand versions will indeed be made available the week following the live, online version.
September 13 – 17th, 2010 CCNA Wireless 5-Day Bootcamp
September 15 – 17th, 2010 Security for CCIE R&S Candidates 3-Day Bootcamp
September 29 – Oct 1, 2010 IPv4/IPv6 Multicast 3-Day Bootcamp
October 4 – 9th, 2010 Online 6-Day CCIE R&S Bootcamp with K. Barker and A. Sequeira
In an attempt to enhance the wireless security environment, especially in light of problems with Wireless Encryption Protection, SSID Cloaking and MAC Address Filtering were quickly implemented.
Wireless certainly exploded onto the networking scene, unlike other technologies that took years to catch on. However, with wireless came huge challenges for securing the wireless network. After all, having potentially sensitive network data traveling through the air as radio waves immediately presented massive concerns.
Before this exciting news, a quick introduction. My name is Josh Finke, Director of Operations for Internetwork Expert. Along with Brian Dennis and Brian McGahan, I am currently attending CiscoLive Networkers 2008 in Orlando Florida.
After speaking with multiple Cisco employees within the wireless group, the Wireless CCIE has been confirmed. Beta candidate registration should begin this fall, along with a blueprint release. Beginning early 2009 the Wireless CCIE beta testing will begin! As of now, topics of the test are expected to cover all aspects of wireless from design through implementation including the implications of security, routing and switching and voice technologies. Check back often for any additional information!