Chapter 9. SWAN: End-to-End Security Deployment

Cisco Structured Wireless-Aware Network (SWAN) solution provides integration for Cisco WLAN access points (AP 1200, AP 1100, and AP 350), wireless clients (Cisco, CCX, and non-Cisco/non-CCX clients), CiscoWorks Wireless LAN Solution Engine (WLSE), and Cisco wired switches and routers. This enables scalability, manageability, reliability, and ease of deployment for small, medium, and large enterprise and vertical networks. Furthermore, the SWAN solution enables end-to-end security, end-to-end quality of service (QoS), and Layer 2/Layer 3 mobility. Cisco SWAN solution can scale to manage thousands of APs and thousands of WLAN users across a large network.

This chapter introduces Cisco SWAN architecture. WLAN deployment modes, including standalone AP mode, SWAN nonswitching deployment mode, and SWAN central switching deployment mode, are discussed in detail. SWAN network concepts, along with SWAN network elements, are also discussed. Most of the focus is on enabling end-to-end wireless and wired network security using the SWAN network components. Infrastructure and client 802.1x/EAP (Extensible Authentication Protocol) authentication, radio monitoring functions, Fast Secure Roaming, local 802.1x RADIUS authentication, and security policy monitoring functions are discussed in detail.