From the blog.

Managing Digital Racket
The more I tune out, the less I miss it. But that has presented me with some complex choices for a nuanced approach to curb
Complexity – My Friend, My Enemy
Over my years of network engineering, I've learned that the fewer features you can implement while still achieving a business goal, the better. Why? Fewer

OECG – Chapter 23

473 Words. Plan about 3 minute(s) to read this.

The CiscoWorks Wireless LAN Solution Engine is a network management platform for Cisco Aironet products. You have to have it to run a Cisco “SWAN” network. The features of WLSE follow.

Automatic Access Point Configuration

  • WLSE auto-discovers and configures Aironet APs. This is configurable by type of AP, subnet and software version.
  • WLSE can update AP configurations – WPA, SSID, RF channel, etc.
  • WLSE can mass upgrade old AP code to newer IOS releases.
  • WLSE has a configuration history database, storing the last 4 configs, allowing for an easy undo when needed.

Assisted Site Surveys – WLSE identifies the best RF channels and transmit power. Periodically reviews performance in comparison to the baseline site survey. This eases the burden of responsibility on the intial site survey.

Centralized Firmware Updates – can upgrade on individually or as a group.

Dynamic Grouping – WLSE allows the administrator to group APs anyway he sees fit, regardless of what subnet the APs are on.

VLAN Configuration – WLSE supports central configuration of VLAN deployed to the APs. The administrator can split traffic by groups of users into various VLANs.

Multiple Service Set Identifier Support – WLSE allows 8 broadcast SSIDs per AP radio. Each SSID can be assigned to a VLAN, allowing for traffic separation.

Customizable Thresholds – WLSE monitors various elements of the wireless LAN, and alers the administrator (via SNMP traps, for instance) if thresholds are exceeded.

Fault Status – WLSE can show you all APs in device groups, and give you a pretty color display of faults.  Since broken APs could go unnoticed, this is a significant function.  Fault notification is performed via syslog, SNMP traps and e-mail.

Intrustion Detection System – WLSE looks for unauthorized access points and keeps track of wireless clients on the LAN.  Spoofed MACs, too many probe requests, weird deauthentication frames all may indicate man-in-the-middle or DoS attacks.

Security Policy Monitoring – Using SNMP, WLSE can detect an AP config.  If the config doesn’t match predefined security criteria, WLSE will send an alert.

Secure User Interface – Web interface is authenticated, and roles assigned to the person logging in.  WLSE communications to APs is via SSL.

Air/RF Scanning and Monitoring – WLSE acts as a gathering place for the RF reconnaissance that Aironet APs can perform.  WLSE takes this information and can generate reports about RF coverage and the presence of rogue devices.  You’re less likely to need dedicated devices to seek out rogue APs.

Self-Healing Functions – WLSE can boost the power of APs if another AP fails, leaving a hole in coverage.  Also, WLSE can be run as a standby pair, where a backup WLSE takes over if the primary WLSE fails.

Reporting, Trending, Planning and Troubleshooting – WLSE tracks client actions.  This can be helpful when diagnosing, for example, why a user can’t associate to an AP.