[c-nsp] WLSM, what's it good for?

Matthew Melbourne matt at melbourne.org.uk
Sat Nov 3 09:53:53 EDT 2012 

The Autonomous APs will build GRE tunnels back to the WLSM for any WLANs
defined on the APs with a "mobility network-id X" statement under the SSID
definition; this effectively provides an overlay network for wireless users
connecting to these 'centralised' SSIDs. Therefore, removing the WLSM will
affect these networks.

Also, the WLSM provides centralised WDS, which contains information on all
APs in the "roaming domain", WDS is used for fast secure roaming (i.e. it
will cache user credentials to provide fast authentication when a roam
occurs); it also collates Radio Management information from all APs for use
by the WLSE. 

A more subtle function is that it acts as centralised AAA NAS for
authentication for all APs, be it a 'tunnelled WLAN' or a WLAN which breaks
out on a local VLAN, so you may find that removing the WLSM also disables
authentication for local WLANs.

Cheers,
Matt

-----Original Message-----
Message: 4
Date: Fri, 02 Nov 2012 14:44:10 +0100
From: Peter Rathlev <peter at rathlev.dk>
To: cisco-nsp <cisco-nsp at puck.nether.net>
Subject: [c-nsp] WLSM, what's it good for?
Message-ID: <1351863850.16997.45.camel at abehat.dyn.net.rm.dk>
Content-Type: text/plain; charset="UTF-8"

We have a legacy wireless network based on 1120, 1121 and 1131 access points
(320 total) and a set of WLSM cards (WS-SVC-WLAN-1-K9). It's about to be
replaced with a Trapeze network, but until then we're stuck supporting it.

All APs are autonomous and have a few bridged SSIDs and a few tunnelled
SSIDs. The tunnels terminate in a multipoint GRE interface on the 6500s with
the WLSMs. All SSIDs are either open or using 

WLSM is of course unsupported after SXF and we'd like to upgrade the
supervisors to what we use everywhere else. Replacing the WLSM with a WiSM
is not an option, we're already planning to replace the entire network.

As far as I can tell, the WLSM is supposed to provide WDS services and
enables "fast secure L3 roaming" when using certain authentication types. We
don't use L3 roaming, having all relevant VLANs span the entire network
already.

Basically I'm wondering if we can just turn of the WLSMs and what would
happen if we did. Can a network like this function without WDS? Does the
WLSM perform any other critical functions than WDS? Does the multipoint GRE
tunnels depend on something from the WLSM? My guess is that turning off the
WLSMs does nothing since all APs are autonomous. (Using AP based WDS sounds
like something that doesn't scale by the way.)

We're aware that the WLSM (together with a WLSE server) collects a bunch of
useful statistics, but we're willing to lose this.

Any input appreciated. :-)

--
Peter

More information about the cisco-nsp mailing list