Re: [WIRELESS-LAN] Cisco's new WLSM

[Frank Bulk - iNAME.com]

Jeff:   Let's be clear that the WLSM is not superset of WLSE's features.  The WLSM is an advanced WDS, and the WLSE will continue to play an extended role in managing access points, monitoring for rogues, load-balancing power, etc.  You don't need the WLSE to run the new WLSM blade, but most organizations will use that 1-U management solution.    You make a valid point about vendors and the numbers of AP they support.  I think the reason they are so flexible is that the number is so variable.  It's dependent on how much traffic will traverse the switch, how many client sessions it needs to maintain, what kind of encryption will be used, the rate of roams, if clients are using just 802.11b or 802.11a/g as well, etc.  There is so much variety that all the vendors numbers can be qualified.  Each vendor will have some kind of bottleneck, whether it's the encryption processor, host processor, the data plane (a 100 Mb link could theoretically scale only to 4 saturated hi-speed links), or the control plane.  So vendors aren't being totally arbitrary when they crank up their numbers to get a deal or hammer out a licensing agreement.  Each organizations environment will be different.  In all of this there is a subtle warning: don't run the demo or pilot and prematurely call it a success.  Dense and pervasive deployments (both of AP's and clients) will likely discover the limits of these systems, so it's wise to deploy carefully, with plans to change the ratio of AP's/clients to controllers if performance becomes a problem.  I've had several vendors share customer stories in which the pilot ran well, but once they got into a dense deployments (or started using VoWLAN) the problems started appearing, and they decided to move to a new vendor or change their site design.   Of course Cisco shops will experience the best integration of Cisco-specific features between the wired and wireless networks, but that's to be expected, and why some organizations go with a single-vendor solution.  It's the client side of the wireless world that's difficult to control, most apparent in an educational environment.  I know that Syracuse University strongly recommends the Cisco 350 card, but that doesn't mean that's the only card students use.  As you stated, once you use non-CCX cards the roaming benefits of the Cisco solution are mostly lost.  But you still have the management of AP's and traffic control.   Competing solutions like from wireless infrastructure switch vendors have to be vendor-agnostic because they don't control any other part of the wired network.  You may call them Cisco-proprietary features, while Cisco will says it's the extra value it adds to the solution...they might even say that they provide a superset of features.  They might also say that the reason that some thing are proprietary is because Cisco has to provide solutions in response to customer demands while standards move slowly through the standard bodies.  It's the same thing in every product and industry.  At the end of the day, the customer needs to choose for themselves what's appropriate.   Could you elaborate a bit more on "Ask Cisco to demonstrate all their Aruba and Airespace -alike features when the only clients on the network are authenticating with EAP-TTLS/PAP"?   Regards,   Frank >>> Thursday, July 01, 2004 3:20:15 PM >>> On Thu, 2004-07-01 at 07:58, Frank Bulk - iNAME.com wrote: > Yes, a lot of people feel the same way. There a few differences, with > varying importance depending on the organization and/or person: > - places that have a large installed base of Cisco wireless gear could > take advantage of managing it Allegedly, this is what the WLSE does.. I've not seen consistent vision fron Cisco on whether all of the WLSE functions will be integrated into the WLSM or whether you'll need to have both, or whether there will be a WLSE module for the cat. > - Cisco-shops that only buy Cisco will be ready to move into wireless Can't dispute that.. :) > - Cisco's equipment should be able to scale within one box up to at > least 300 access points, and likely much more. Their competitors, > like Aruba, peak out in the low 100 range. Well, that's marketing. When you get down to brass tacks, some vendors are willing to throw out the "we can't go more than 32 APs on this box because it's a performance limit" and jack up the licensed number of users to accommodate your budget requirements. A Vendor sat in front of us and swore that the AP limits on their switches were for performance and were hard limits. When we started talking $$ numbers and I balked at the pricing, they immediately switched to a config where they had oversubscribed one of their "switches" by 100%. "We'll just tweak the license. The box has lots of headroom". So which is it?? > - Cisco shops that already have a SUP720 on a Cisco 6500 might need to > get only the WLSM If it does what the WLSE does.. On the plus side, you only really need a few in the core, since it's not quite the same as the thin ap style products. > - The Cisco solution integrates at the lowest levels into the wired > solution, sharing firewalls, ACL's, VLANs, etc... On paper in a pure Cisco shop maybe.. Don't forget you loose a lot of the "features" that makes Cisco competitive if you don't run CCX enabled LEAP cards on your clients. You also loose a lot of you don't run the WLSE and WDS on your APs, which is very difficult to get configured correctly. > That said, there is still lots of room for the Airespace's and Aruba's > of the world, relating in contradictory ways to the points I mentioned > above. But would you agree that at least Cisco has a credible > solution, something it didn't have before? I would say they have most of a solution on paper. IMHO, they still have a lot of work to do to get their actual implementation to the point where it's providing the reality side of their vision. I also have to say that my position is slanted by the fact that we're a cost-sensitive operation, we have to be very circumspect about where we spend our budgets. To make matters worse, we do not have control over the clients and end users in the way a corporation does. For instance, I can't mandate that every one of my users will have a CCX compliant card capable of running LEAP or EAP-FAST. At the same time, I have to be able to serve *all* of those users equally. The difference between Cisco and the other vendors is the level of integration of Cisco proprietary "extentions" across the whole spectrum. That's what presents the most problems for us. Other vendors have proprietary glue, but it's between the APs and the controllers. They all seem to be client and EAP agnostic, which is not true with Cisco. As an example, I don't get anywhere near the level of RM information and rogue AP info from my EAP-TTLS clients on my AP1200s as I did from my LEAP clients. However, all my users can use EAP-TTLS, while only a handful have LEAP supplicants. Ask Cisco to demonstrate all their Aruba and Airespace -alike features when the only clients on the network are authenticating with EAP-TTLS/PAP.. Bet ya they can't and you have nothing more than a wad of standalone AP1200s. On a comparable Aruba or Airespace system, I'd get that same Radio management information no matter which 802.1x EAP I was using. $0.02 ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.