Menara Maybanks Enterprise Network Requirements

Published Date: 02 Nov 2017

With respect to Maybank’s request, I am pleased to propose my business plan on behalf of VADS Berhad for Maybank.

Before I begin, let me briefly introduce my company – VADS Berhad.

Why VADS Berhad (VADS)?

VADS is Malaysia’s leading Managed ICT service provider. It was founded in 1991 as joint venture between IBM Global Network Services and Telekom Malaysia Berhad (TM). After undergoing several changes, it is now wholly owned subsidiary of Telekom Malaysia Berhad (TM), serving more than 500 medium to large businesses across industries.

Among the services provided by VADS is managed service, which focuses on enhancing the existing enterprises’ network reliability, performance, and security with the objective of accelerating client’s business to higher level of growth. It consists of:

Managed local area network

Managed wide area network accelerator services

Managed network visibility services

Managed security services

Managed unified communications

Managed telepresence services.

Based on Maybank’s request, I propose migration to new Cisco products together with a little network redesign to adapt to the specifications of new migrated Cisco products for Maybank on its headquarters (Menara Maybank), branches, data center, and disaster recovery center.

Why Cisco?

Among the network device vendors, Cisco is chosen because its devices provide highest level of scalability, flexibility, reliability, and continuous support to protect investments on the products, thus minimizing overall risk to deploy new technologies, products, and services in network.

Cisco’s products such as switches and routers can provide adequate redundancy and support data, voice, video, and wireless capabilities, thus avoiding single point of failure and at the same time providing all-in-one services for businesses.

It is well-known that Cisco is an American multinational corporation headquartered in San Jose, California, United States that specializes in designing and manufacturing networking devices for more than 20 years. Cisco had established high-level of credibility by providing best, state-of-art network services to many businesses.

In order to make this proposal more orderly, the scope of request and proposed solution in response to the request will be covered in the following format:

Section 1: Executive Summary

Section 2: Proposed enterprise network migration solution for Maybank’s headquarters – Menara Maybank

Section 3: Proposed Cisco IP Telephony migration solution for Maybank

Section 4: Proposed WAN optimization migration solution for Maybank

Section 5: Project Management

Section 6: Quality Management Plan

Section 7: Risk Management Plan

Section 8: Implementation Strategy

Section 9: Financial Summary

Section 10: Conclusion and additional comment

In this report, I will propose enterprise network migration solution for Maybank’s headquarters – Menara Maybank together with a little network redesign of wired and wireless LAN, and WAN/Internet edge infrastructure of Menara Maybank to improve performance, availability, resiliency, and scalability of the enterprise network.

After that, I will propose a new IP telephony migration solution for Maybank to reduces total cost of ownership and enhanced user experience for using Voice over Internet Protocol (VoIP) to communicate either on-net or off-net telephony communication via WAN and PSTN network.

Next, I will focus on proposal of new Maybank WAN optimization migration solution for Wide Area Network (WAN) architecture that connect all Maybank sites, which included headquarters (Menara Maybank), branches, off bank ATM (OBATM) to its Data Center (DC) and Disaster Recovery Center (DRC) to improve reliability, efficiency, availability, and security of the WAN network.

After finishing describing the overall proposed solution, I will detail the project management, quality management plan, risk management plan, and implementation strategy for the proposed solution, which will take approximately 2 years.

Besides that, financial requirements for the proposed solution will be summarized. The summary will include bill of materials (BOMs), project management, and implementation costs, which will be detailed in Section 9: Financial Summary.

In addition, I will include my fair additional comments towards future improvements for the proposed solution together with conclusion.

Last but not least, I would like to convey my appreciation to Maybank for giving me this opportunity to propose my solution. With extensive experience and research, I am confident in satisfying Maybank’s network communication needs with the aim of improving the overall operational excellence based on the proposed solution.

Proposed Enterprise Network Migration Solution For Maybank’s headquarters – Menara Maybank

Solution overview

In order to improve performance, availability, resiliency, scalability, and security of Menara Maybank’s enterprise network, I would use 3-tier hierarchical network model for LAN network design of Menara Maybank.

I propose to use Cisco switches as core layer, distribution layer, and access layer switches. Based on Forrester TEI Assessment, Cisco switches are able to reduce total cost of ownership and increase significant return on investment (ROI). Cisco switches can deliver rapid and reliable access to any resources anywhere and at any time. It can provide maximum uptime, high throughput, enhanced access, automated operations, rapid deployment, and support services to meet organization network requirements.

Besides that, it can effectively reduce energy cost and resource consumption. Among the switching solution provided by Cisco are:

Power-saving designs

StackPower technology

Optimized video and virtualization services

Extended service life

Moreover, Cisco switches allow organization to act quickly on new business requirements. It offers scalable performance, flexible configuration, and integrated services to ensure continuous reliable, secure, and simplified communications in respond to change.

In addition, Cisco switches are designed to provide secure access to network. It is able to mitigate threats in many forms, such as VLANs, TrustSec, MACsec, firewall, intrusion prevention, and control plane policing.

Cisco high end switches, such as Cisco Catalyst 3750 series switches, Cisco Catalyst 4500E series switches, and Cisco Catalyst 6500E series switches can adapt to new IT and business requirements easily. Incremental upgrades can be performed using technologies such as switch supervisor, StackWise, service modules, and interfaces components that can be easily reused or replaced, thus help to protect network investment.

Technical Overview

This section described my proposed solutions in response to Maybank’s enterprise network requirements for headquarters – Menara Maybank to support its future growth while ensuring a comprehensive IT operations environment at present.

In this sub-section, the technical overviews for Menara Maybank’s enterprise network requirements are divided as follow:

2.2.1 Desired Requirements for Enterprise Network Infrastructure

2.2.2 Network Design and Solutions for Enterprise Network Infrastructure

2.2.3 Network Components for the proposed Enterprise Network Infrastructure

Desired Requirements for Enterprise Network Infrastructure

Based on my understanding of Menara Maybank desired requirements for enterprise network infrastructure, the requirements are listed in table 1 below:

Table 1 – Menara Maybank’s enterprise network requirements

Functionality

Requirements

Benefits

Performance, availability, resiliency, scalability, security

Implementing a wired LAN infrastructure with high performance, availability, resiliency, and scalability.

Implementing access, distribution, and core layer devices with Gigabit or 10 Gigabit Ethernet capabilities.

Prepare LAN network of Menara Maybank to support Medianet services.

Virtual VLAN capabilities based on user group.

Access layer switches must support PoE (Power over Ethernet) for IP phones.

Uplinks from access layer switches to distribution layer switches with bandwidth of at least 1 Gigabit and scalable to 10 Gigabit.

Supporting wireless LAN standards of 802.11 a/b/n/g.

Integrate intrusion prevention system (IPS) with trusted firewall.

Preventing buffer overflow attacks, Denial of Service (DoS) attacks, and sophisticated intrusions.

Support IPsec encryption, Quality of Service (QoS) classification, policing, and shaping, access control lists (ACLs), and load balancing while supporting and maintaining its performance for rapid growing WAN and Internet.

Improved throughput and speed in LAN infrastructure.

Easy to maintain the LAN.

More resistant to burst of traffic.

Ready to future growth.

Improved staff productivity.

Accelerated business processes.

IP telephony reduces total cost of ownership.

Improve Maybank customer service.

Access layer switches with PoE (Power over Ethernet) eliminate the need to purchase power supplies, which helps to reduce total cost of ownership.

Secure network and avoid loss from malicious traffic with enhanced security with lower cost of ownership.

Support Medianet services for Menara Maybank.

Improve performance of virtual desktop infrastructure (VDI) for Menara Maybank.

Network Design and Solutions

This section described the proposed enterprise network migration solution in response to Menara Maybank’s desired requirements.

It consists of 2 parts:

Migration solution for Wired and Wireless LAN of Menara Maybank.

Migration solution for WAN/Internet edge of Menara Maybank.

This new enterprise network migration solution combines all forms of business communications into a single, unified platform that delivers greater innovative ways to collaborate.

Migration solution for Wired and Wireless LAN of Menara Maybank

Figure 1 below shows the design of high-level LAN network topology for Menara Maybank in response to the proposed migration solution for the enterprise network.

Figure 1 – High-level LAN network topology design for Menara Maybank

Access Layer

Distribution Layer

Core Layer

Stack of 1 to 9 Cisco Catalyst 3750G-48PS-E switches for each floor.

A pair of Cisco Catalyst 4506-E switches for 1st to 17th, 18th to 34th, and 35th to 50th floors.

A pair of Cisco Catalyst 6506-E switches on 7th floor

Note:

Symbol

Description

EtherChannel of 10 Gigabit trunk links from access layer switches to distribution layer switches

EtherChannel of 10 Gigabit trunk links from distribution layer switches to core layer switches

Virtual switch link with 10 Gigabit links

Interconnect link between switches

Primary uplink from access layer switch to distribution layer switch

Backup uplink from access layer switch to distribution layer switch

Primary uplink from distribution layer switch to core layer switch

Backup uplink from distribution layer switch to core layer switch

As shown in figure 1, stack of 1 to 9 Cisco Catalyst 3750G-48PS-E switches will be deployed for each floor of Menara Maybank, which will be the access layer switches. The number of the access layer switches to be deployed will be based on number of users on each floor. With StackWise Technology, we can combine minimum of 2 and maximum of 9 Cisco Catalyst 3750G-48PS-E switches as a logical switch. This simplifies ease of management and configuration for access layer switches, as we are treating stack of 1 to 9 switches as a single logical switch for each floor. In other word, we only need to manage 50 logical access layer switches, instead of 100 to 450 access layer switches for Menara Maybank. This can significantly reduce maintenance cost and time, which helps to decrease total cost of ownership.

Another reason that Cisco 3750G-48PS-E switches are selected as access layer switches is its support for Power over Ethernet (PoE). By having PoE capability on switch ports, IP devices such as IP phones, wireless access points, digital signage, and video surveillance devices can receive power via the connected LAN cable. This simplifies deployment of these IP devices, and reduces number of cables required, as normal LAN cables connected to the IP devices can also provide power. This helps to reduce total cost of ownership.

Moreover, it is very scalable, and can support future growth of next 5 to 10 years. For example, there might only be 150 employees at 30th floor in Menara Maybank, so we only need to deploy 4 Cisco Catalyst 3750G-48PS-E switches, which can support 192 users How about the next 5 or 10 years? The number of employees at 30th floor might increases to 300. In this case we can just add another 4 Cisco Catalyst 3750G-48PS-E switches with a total of 8 Cisco Catalyst 3750G-48PS-E switches at 30th floor to support the 300 employees.

For distribution layer, Cisco Catalyst 4506-E switches will be used. This is because it can support huge number of 1 Gigabit and 10 Gigabit ports, which is very scalable and can forward traffic efficiently from access layer to core layer. Notice each of the access layer switches will be connected to 2 distribution layer switches to provide adequate redundancy and load balancing using Hot Standby Router Protocol (HSRP).

Finally, Cisco Catalyst 6506-E switches will be as the core switches. It is chosen as our core switches, because it is state-of-art switch from Cisco which provides maximum uptime with redundancy together with rapid stateful failover across its supervisor engines within 1 to 3 seconds. It is also very scalable and can support LAN network requirements for the next 5 to 10 years. Besides that, it supports modular Cisco IOS software to minimize unexpected downtime via self-healing processes and simplifies software changes via subsystem in-service software upgrades. Similarly, each of the distribution layer switches will be connected to 2 core layer switches to provide adequate redundancy and load balancing using HSRP.

There will be 2 EtherChannel uplinks from access layer switches to distribution layer switches and from distribution layer switches to core layer switches to provide ultimate redundancy and avoid single point of failure. EtherChannel not only increases redundancy, but also increases throughput. This provides the scalability to support bandwidth requirements for the next 5 to 10 years, such that more uplinks can be bundled as a logical link to provide necessary throughput.

Migration solution for WAN/Internet edge of Menara Maybank

Figure 2 below shows design of high-level network topology for WAN/Internet edge for Menara Maybank.

Figure 2 – High-level network topology design for WAN/Internet edge for Menara Maybank

Note:

Symbol

Description

EtherChannel of 1 Gigabit links

Failover link between 2 Cisco ASA 5545-X Firewalls

Primary 1 Gigabit link

Secondary/Backup 1 Gigabit link

FlexStack link between 2 Cisco Catalyst 2960S-24TD-L switches

Link to Internet

Link to WAN

For the WAN/Internet edge, two Cisco ASR 1002 Aggregation Services Routers will be used to provide redundancy for WAN, Internet, and PSTN connections. By aggregating WAN, Internet and PSTN connections to 2 Cisco ASR 1002 routers, high-availability can be easily achieve, thus avoiding single point of failure.

Besides that, security can be easily implemented and managed, because all traffic from outside can only enter via the 2 edge routers, which are Cisco ASR 1002 routers.

By configuring IPsec VPN and access control lists (ACLs) on the 2 Cisco ASR 1002 routers, it provide higher-level of security for enterprise network. Moreover, Cisco ASR 1002 can provides other services such as Quality of Service (QoS) classification, policing, and shaping, load balancing, NetFlow services while at the same time maintaining its performance for WAN, Internet and PSTN connections as all these services are implemented in hardware known as Embedded Services Processor (ESP). The Cisco ASR 1002 support 5- and 10-Gbps Cisco ASR 1000 Series ESPs, which can support a maximum of 8 Mpps (million packets per second with the combination of commonly used features, such as IPv4 forwarding, IP

To provide higher level of security, 2 Cisco ASA 5545-X firewalls are connected to the 2 edge routers, Cisco ASR 1002 routers via 2 Cisco Catalyst 2960S-24TD-L switches as shown in Figure 2.

A demilitarized zone (DMZ) will be configure on interfaces of the 2 Cisco ASA 5545-X firewalls, which will be connected to Maybank’s server farm to act as a buffer zone between protected network (LAN) and unprotected network (WAN/Internet).

Among Cisco ASA 5500 series firewalls, Cisco ASA 5545-X firewall is chosen to protect Menara Maybank’s enterprise network because its features and specifications meet all the security requirements of Menara Maybank with lowest cost of ownership. Cisco ASA 5545-X provides firewall and intrusion prevention system (IPS) services, thus enabling concurrent threat mitigation and simplifying management and monitoring of network.

With the capability to provide intrusion prevention system (IPS), the Cisco ASA 5545-X firewalls can block unwanted and malicious traffic, while still allowing normal traffic to pass unimpeded. Besides that, the IPS can help in optimizing performance of normal traffic by consistently cleansing the network. This allows us to develop policies for prevention of network attacks and at the same time better characterize events for prioritization for further investigation. Thus, allowing Maybank to make more intelligent decisions on inline IPS actions while virtually eliminating the possibility of dropping valid traffic.

The proposed enterprise network migration solution for Menara Maybank is designed to lay a solid foundation to support Menara Maybank to:

Operate under 24x7x365 with high performance and resilient business environment.

Operate with new Gigabit or 10 Gigabit infrastructures between access, distribution, and core layers.

Position Maybank to integrate and establish more business ties, which allows Maybank to produce and preserve believing and commercial relationships with its partners.

Position Maybank in the flow economy, which is depending on the flow of ideas and information. This enables Maybank to take advantages of the immense emerging opportunities.

Provision any future technologies/solution initiatives that allow Maybank to be more responsive to its business needs with scalability to support future growth of network within the next 5 to 10 years.

Provision state-of-art security services to protect enterprise network from any malicious intent.

Design Considerations

The proposed enterprise network migration solution is designed with the following considerations:

Modularity and flexibility

The diagram below shows a 3-tier hierarchical model consisting of core, distribution, and access layers together with internet layer (WAN edge). By using this modular network design, every component in the architecture performed its own function and can be upgraded or replaced easily without radical redesign of network in future.

Resiliency, high Availability and redundancy

Based on the Figure 1 and 2, as shown in Figure 3 below, every network devices are designed with a redundant component which and be both active at the same time except the access layer switches. This is crucial to ensure a highly available network without single point of failure. A dual-homed connectivity to provider (WAN and Internet connectivity) is also crucial to ensure higher network availability.

Figure 3 - High availability on the services in the event of network devices failure or being pull out from production environment for maintenance or upgrade

(Cisco ASR 1002 Router)

(Stack of Cisco Catalyst 3750G

-48PS-E Switches)

(Cisco Catalyst 4506-E Switch)

(Cisco Catalyst 6506-E Switch)

(Cisco Catalyst 2960S-24TD-L Switch)

(Cisco ASA 5545-X Firewall)

Access layer

Distribution layer

Core layer

WAN/Internet/PSTN edge

This proposed LAN network design provides uptime of near 100 percent, as each layers in the enterprise network is having adequate redundancy, such that when 1 of switch is down, another switch can take over, thus avoiding single point of failure.

Moreover, Cisco ASR 1002 router supports software redundancy, which enables higher-level of redundancy. Unlike Cisco Integrated Services Routers (ISRs) Generation 1 (G1) and Generation 2 (G2) routers, Cisco ASR 1002 router runs Cisco IOS (Internetwork Operating System) as one of many processes within the operating system. This architecture enables for software redundancy, which is unavailable on Cisco ISR G1 and G2 routers. As the name implies, it allows 2 IOS processes to be available on a same route processor with 1 active IOS process and 1 standby IOS process. In the event of the active IOS process failed, the standby IOS process can be switched to provide uninterrupted services. It is suitable to be used to upgrade subpackage software in scenarios such as the standby IOS process in an In-Service Software Upgrade (ISSU).

As the saying goes, "One is none, two is one". Redundancy is crucial for today’s highly competitive business environments, especially for banking industry. As Maybank is the largest bank and financial group in Malaysia, it cannot afford to having network outage, as this could cause lost of millions dollars in revenue from just 1 second of network outage.

Bandwidth aggregation

In order to make sure this proposed LAN network is able to support the network requirements of Maybank on the next 5 to 10 year, the switches from access layer, distribution layer, and core layer are selected based on the compatibilities and capabilities to aggregate bandwidth between the trunk lines or uplinks.

For example, now the uplink of 1 Gigabit per second (Gbps) might be more than enough for uplinks between access layer and distribution layer switches, but over times, the users might generate more and more traffic, which requires more and more bandwidth, and therefore higher throughput of uplinks might be required.

With Cisco EtherChannel technology together with optional open standard Link Aggregation Control Protocol (LACP) or Cisco proprietary Port Aggregation Protocol (PAgP), bundling of a pair of 1 Gigabit Ethernet ports between 2 interconnected switches to aggregate bandwidth between trunk links or uplinks is possible. With maximum bundling of eight 1 Gigabit Ethernet ports, it can provide as many as 8 Gbps full-duplex bandwidth of throughput for the links.

With the same concept, bundling of 10 Gigabit Ethernet ports between 2 interconnected switches to aggregate bandwidth between trunk links or uplinks is also possible. This provides a maximum of 80 Gbps full-duplex bandwidth of throughput for the links. Aggregation of 10 Gigabit Ethernet ports is particularly useful for uplinks from distribution layer to core layer switches and between servers and switches, as these devices need to transfer large amount of data and traffic.

Besides that, EtherChannel can also increase availability of links between switches. By bundling several links together, even if one of the links in the bundle fails or down, other links can still continue to operate. For example, if one link in the bundle fails, traffic sent via that link is automatically moved to an adjacent link in the bundle and continue to be transferred without interrupted. This provides redundancy for the link and avoid single link of failure.

Security

By deploying Cisco switches for LAN, security of LAN network is assured and enhanced. Cisco switches can provide services to protect the network against unauthorized access via the use of tools such as port security, DHCP snooping, IP Source Guard, and Dynamic Address Resolution Protocol (ARP) Inspection.

Moreover, by deploying Cisco ASA 5545-X firewalls at the WAN/Internet edge of the enterprise network, which proactively secure the network from any viruses, worms, spyware, spam, phishing, and other malicious attacks, which can disrupt business operations and impact business transactions. This ensures smooth network operation of Maybank’s headquarters – Menara Maybank.

Last but not least, with the use of IPsec VPN on Cisco ASR 1002 routers at the edge of the network, it provides a secured network communication channel between protected network and unprotected network (WAN/Internet) for Maybank’s staff. As Cisco ASR 1002 is state-of-art router from Cisco, security features such as IP Security (IPsec) VPN is incorporated directly into the Cisco ASR 1002 embedded services processor (ESP). Thus allowing IPsec VPN to be deployed and operated at multi gigabit performance level.

VLAN Design

With advent of Virtual Local Area Network (VLAN) and layer 3 switches, router is no longer a mandatory option for sending traffic from one subnet to another subnet within a LAN network. VLAN represents a subnet or broadcast domain.

To put it simple, it allows for faster transfer rate of data from different subnets (or VLANs) within a LAN network, as switching is usually faster than routing.

With deployments of layer 3 switches on access layer, distribution layer, and core layer, VLAN switching is enabled starting from access layer. For example, if there is 3 VLANs connected on a single access layer switch, the 3 VLANs can communicate via the directly attached access layer switch, this shortened the traversal path of data between the 3 VLANs, which results in better response time and increases productivity.

Besides that, VLAN reduces scope of failure and broadcast domain as each VLAN runs dedicated broadcast domain. All traffic, including multicasts and broadcasts are confined within a subnet or VLAN.

Based on functional groups, different VLAN will be assigned to segregate network devices within Menara Maybank. For example, different VLAN will be assigned for marketing department, finance department, sales department, and IT department, and so on. Detailed information will be collected from site survey for designing VLANs on Menara Maybank and ensure proper segregation to increase productivity and security while at the same time simplifies management of network devices. With different VLANs for different functional groups, we can implement access control list at layer 3 switches at access, distribution, and core layer switches to control which departments can access resources from which departments. This means we can have better control of traffic within LAN, and establish highly secure LAN network.

With VLAN, wireless LAN requires specific VLANs to match with a specific Service Set Identifier (SSID). This provides a means to control WLAN infrastructure more efficiently and increases security and performance of Wireless LAN.

Besides that, segregation of IP Telephony devices from other network devices, such as computers, laptops, production servers can be done easily and efficiently with VLAN. For example, data VLAN and voice VLAN can be configured on a single switch port to provide necessary network connectivity to both laptop/computer and IP phone via a single LAN cable.

With Voice VLAN, Cisco Catalyst switches can detect the IP phone connected to the switch port and automatically assign IP address to corresponding IP phone via DHCP services. This simplifies IP addressing and enables higher flexibility which is also known as phone mobility such that user will still get back the same extension number and personal configuration of his/her IP phone regardless of his/her location within the office.

For purposes of security, all IP phones will be put on different VLAN segments from other end user devices (such as laptop and computer). This ensures IP phones will be using their own dedicated and isolated private IP address space, which protects them from malicious threats and unnecessary vulnerabilities.

Table 2 below shows a temporary template of VLAN design (modification will be performed based on end result of site survey at Maybank):

Table 2 –VLAN design for Menara Maybank

VLAN

Name

IP address/subnet mask

10

Marketing

10.10.0.0/23 (255 hosts for wired LAN, and 255 hosts for wireless LAN)

11

Finance

10.11.0.0/23

12

Sales

10.12.0.0/23

13

IT

10.13.0.0/23

14

Corporate_Management

10.14.0.0/23

15

HR

10.15.0.0/23

16

Legal

10.16.0.0/23

17

Debt_Collection

10.17.0.0/23

18

Real_Estate

10.18.0.0/23

19

Investment

10.19.0.0/23

77

Guest

10.77.0.0/24

88

Server

10.88.0.0/24

99

Trunk

10.99.0.0/24

100

Switch_Management

10.100.0.0/24

101

WLAN_Controller

10.0.101.0/24

210

Marketing_Voice

10.0.210.0/24

211

Finance_Voice

10.0.211.0/24

212

Sales_Voice

10.0.212.0/24

213

IT_Voice

10.0.213.0/24

214

Corporate_Management_Voice

10.0.214.0/24

215

HR_Voice

10.0.215.0/24

216

Legal_Voice

10.0.216.0/24

217

Debt_Collection_Voice

10.0.217.0/24

218

Real_Estate_Vocie

10.0.218.0/24

219

Investment_Voice

10.0.219.0/24

310

Marketing_CCTV

10.0.310.0/24

311

Finance_CCTV

10.0.311.0/24

312

Sales_CCTV

10.0.312.0/24

313

IT_CCTV

10.0.313.0/24

314

Corporate_Management_CCTV

10.0.314.0/24

315

HR_CCTV

10.0.315.0/24

316

Legal_CCTV

10.0.316.0/24

317

Debt_Collection_CCTV

10.0.317.0/24

318

Real_Estate_CCTV

10.0.318.0/24

319

Investment_CCTV

10.0.319.0/24

Power Source for Wireless Access Points (AP) / IP Telephony

Pairing with Power over Ethernet enabled LAN interface, it simplifies the provisioning of power to wireless access point (AP) or IP Phones. The built-in Power over Ethernet (PoE) switchports of Cisco Catalyst 3750G-48PS-E switches detect presence of IP devices (such as IP phones or Access Points) and automatically supplies power for devices connected over the same LAN cables. This reduces cost as it eliminate the need of separate power sources such as wall power connection for IP devices such as IP phones and wireless AP.

In order to ensure high availability for IP devices, RPS 2300 equipped with 2 1150W of power supplies is used to connect the 5 Cisco Catalyst 3750G-48PS-E switches in each floor. This provide additional power source and during power outage, the Cisco Catalyst 3750G-48PS-E switches continue to supply power to the IP devices and assure uninterrupted services.

Wireless LAN Infrastructure

In the proposed design, utilities such as client authentication, RF management, roaming management, security management and QoS within access points are directed to a central device known as Wireless LAN Controller. Cisco Wireless LAN Controllers provide system wide wireless LAN functions such as security policies, intrusion prevention, RF management, quality of service (QoS), and mobility. They work in conjunction with Cisco Access Points and the Cisco Wireless Control System (WCS) to support business-critical wireless applications.

From voice and data services to location tracking, Cisco Wireless LAN Controllers provide the control, scalability, security, and reliability for network managers to build enterprise-scale and secure wireless networks.

Cisco Wireless LAN Controllers efficiently integrate into existing enterprise networks. By using Lightweight Access Point Protocol (LWAPP), they communicate with Controller-based Access Points over any Layer 2 (Ethernet) or Layer 3 (IP) infrastructure. Automation of numerous WLAN configuration and management functions across all enterprise locations are supported by Cisco Wireless LAN Controllers.

Figure 4 below illustrates the proposed high-level overview of wireless network setup to be implemented at each floor of Menara Maybank.

Figure 4 – Proposed high-level overview of wireless network setup at each floor of Menara Maybank

As shown in Figure 4 above, the proposed wireless network setup will have 2 Cisco Aironet 3600i Access Points at each floor of Menara Maybank with a total of 100 Cisco Aironet 3600i Access Points for 50 floors in Menara Maybank.

However, modification might be required after site survey to ensure that the proposed wireless solution that will deliver the excellent wireless coverage, data rates, roaming capability, network capacity, and Quality of Service (QoS).

Regardless of how much research has been done, it cannot replace a physical site survey for wireless network setup. Physical site survey comprises setting up the access point and taking real time readings of throughput between the temporary network, and the client device. Throughput will be affected during the tests just as it will be affected when the network is in place. Only by going through all the tests during physical site survey at each floor of Menara Maybank, then only we can confirm that the proposed wireless network setup is suitable for Menara Maybank. Depending on the result of the tests, reduction or addition in the number of Cisco Aironet 3600i Access Points for each floor might be required.

Wireless network is proposed as a means to provide secondary network access for users in Menara Maybank in case that wired LAN network failed. Besides that, it can provide truly high mobility network for users who need to move around the building for meeting or perform tasks.

Wireless network can also provide wireless IP telephony communication to employees by using Cisco Unified Wireless IP Phone or by using Cisco IP Communicator installed in laptop/Computer with appropriate wireless network adapter.

Therefore, wireless network is an essential element in today’s enterprise network and is required for high productivity of workers.

Key Functional Attributes for wireless network

The proposed wireless network at Menara Maybank will deploy 2 Cisco Aironet 3600i Access Points at each floor in Menara Maybank with a total of 100 Cisco Aironet 3600i Access Points for 50 floors.

All of the 100 Cisco Aironet 3600i Access Points will be configured and managed by two 5508 Wireless Controller with 100 AP Licences where each 2504 Wireless Controller will be primary WLAN controller to manage access points in 25 floors (50 of the 100 Cisco Aironet 3600i Access Points) of Menara Maybank and secondary/backup WLAN controller for access points in another 25 floors. This provides adequate redundancy when one of the WLAN controllers experience failure.

In the following section, features and benefits of Cisco Aironet 3600i Access Point and 5508 Wireless Controller will be explained in details to justify my proposed wireless network for Menara Maybank.

Network Components for wired and wireless LAN infrastructure of Menara Maybank

In the following sections, introduction and explanation of the core layer switch, distribution layer switch, access layer switch, wireless access point, and WLAN controller will be elaborated to justify my proposal.

Core Layer Switch

Cisco Catalyst 6500-E Series

The Cisco Catalyst 6500-E Series defines the new standard for IP Communications and application delivery in enterprise campus and service provider networks by maximizing and optimizing user productivity and enhancing operational control. Available in 3-, 6-, 9-, and 13-slot chassis as shown in Figure 5 below, Catalyst 6500-E Series switches featured an unparalleled range of integrated services modules, including multigigabit network security, content switching, telephony, and network analysis modules.

Figure 5 – Cisco Catalyst 6500-E Series Switch

Over a forward-thinking architecture that uses a common set of modules and OS software across all Cisco Catalyst 6500-E Series chassis (Figure 1), the Catalyst 6500-E Series delivers a high level of operational consistency that optimizes IT infrastructure usage and enhances return on investment (ROI). From 48-port to 576-port 10/100/1000 or from 1152-port 10/100 Ethernet wiring closets to 400 million packets per second (mpps) network cores supporting up to 192 1-Gbps or 32 10-Gbps trunks, the Catalyst 6500 Series provides an optimal platform that maximizes network uptime with stateful failover capability between redundant routing and forwarding engines.

Features and Benefits

The Cisco Catalyst 6500 Series provides market-leading services, performance, port densities, and availability with investment protection for enterprise and service provider markets, including:

Maximum Network Uptime: With Cisco IOS Software Modularity and platform, power supply, supervisor engine, switch fabric, and integrated network services redundancy provides one- to three-second stateful failover and delivers application and services continuity in a converged network, minimizing disruption of mission-critical data and services

Comprehensive Network Security: Integrates proven, multi-gigabit Cisco security solutions, including intrusion detection, firewall, VPN, and Secure Sockets Layer (SSL) into existing networks

Scalable Performance: Provides up to 400-mpps performance with distributed forwarding architecture

Forward-Thinking Architecture with Investment Protection: Supports three generations of interchangeable, hot-swappable modules in the same chassis, optimizing IT infrastructure usage, maximizing ROI, and reducing TCO Operational Consistency: Features 3-, 6-, 9-, and 13-slot chassis configurations sharing a common set of modules, Cisco IOS® Software, Cisco Catalyst Operating System Software, and network management tools that can be deployed anywhere in the network

Unparalleled Services Integration and Flexibility: Integrates advanced services such as security, wireless LAN services, and content with converged networks; provides the widest range of interfaces and densities, from 10/100 and 10/100/1000 Ethernet to 10 Gigabit, and from DS-0 to OC-48; and performs in any deployment from end to end

For purposes of our network design, I propose to use Cisco Catalyst 6506-E switch as our core layer switch for LAN network of Menara Maybank, as it provides the most scalable features for core layer as required by Menara Maybank.

Table 3 below summarizes the specifications of Cisco Catalyst 6506-E switch.

Table 3 – Specifications of Cisco Catalyst 6506-E switch

Feature

Specification

Number of Slots

6

Maximum number of 10/100/1000 ports

241

Maximum number of 1 GE ports

243

Maximum number of 10 GE ports

82

Maximum number of 40 GE ports

20

Maximum forwarding performance (IPv4) with VS-S720-10G-3C

450 Mpps

Maximum forwarding performance (IPv6) with VS-S720-10G-3C

225 Mpps

Height (RU)

12

Weight (chassis)

50 lbs (22.7 kg)

Distribution Layer Switch

Cisco Catalyst 4500-E Series

The Cisco Catalyst 4500-E Series Switches facilitate borderless networks, providing high performance, mobile, and secure user experience through Layer 2-4 switching investments. They allow security, mobility, application performance, video, and energy savings over an infrastructure that supports resiliency, virtualization, and automation. Cisco Catalyst 4500-E Series Switches provide borderless performance, scalability, and services with reduced total cost of ownership and superior investment protection.

Cisco Catalyst 4500-E (Figure 1) has a centralized forwarding architecture that enables collaboration, virtualization, and operational manageability through simplified operations. With forward and backward compatibility spanning multiple generations, the new Cisco Catalyst 4500-E Series provides exceptional investment protection and deployment flexibility to meet the evolving needs of organizations of all sizes. The Cisco Catalyst 4500-E Series platform has 10 Gigabit Ethernet (GE) uplinks and supports Power over Ethernet Plus (PoE+) and Universal POEP (UPOE), enabling customers to future proof their network.

As shown in Figure 6 below, Cisco Catalyst 4500-E Series chassis comes in four different form factors: 3-slot (4503-E), 6-slot (4506-E), 7-slot (4507R+E/4507R-E), and 10-slot (4510R+E/4510R-E). 4503-E, 4506-E, 4507R+E, and 4510R+E chassis are exceptionally flexible and support either 6 Gbps, 24 Gbps, or 48Gbps per line-card slot. 4507R-E and 4510R-E chassis are limited to 6 Gbps and 24 Gbps per line-card slot. Integrated resiliency in the Cisco Catalyst 4500E Series includes 1+1 supervisor engine redundancy (10-slot and 7-slot only), redundant fans, software-based fault tolerance, and 1+1 power supply redundancy. Integrated resiliency in both hardware and software minimizes network downtime, helping to ensure workforce productivity, profitability, and customer success.

Figure 6 – Cisco Catalyst 4500-E Series Switch

Fig1

The Cisco Catalyst 4500-E Series extends control to the network edge with intelligent network services, including cutting-edge quality of service (QoS), anticipated performance, advanced security, comprehensive management, and integrated resiliency. Scalability of these intelligent network services is done with dedicated, specialized resources known as ternary content-addressable memory (TCAM). Ample TCAM resources (up to 384,000 entries) enable "high feature capacity," which provides wire-speed routing/switching performance independent of provisioning of services such as QoS and security.

For purposes of our network design, I propose to use Cisco Catalyst 4506-E switch as our distribution layer switch for LAN network of Menara Maybank, as it provides the most scalable features for distribution layer as required by Menara Maybank.

Table 4 below summarizes the specifications of Cisco Catalyst 4506-E switch.

Table 4 – Specifications of Cisco Catalyst 4506-E switch

Feature

Specification

Number of Slots

6

Maximum number of 10/100/1000 ports

240

Maximum number of 1 GE ports

240

Maximum number of 10 GE ports

64

Maximum forwarding performance (IPv4) with

WS-X45-SUP7L-E

225 Mpps

Maximum forwarding performance (IPv4) with

WS-X45-SUP7L-E

110 Mpps

Height (RU)

10

Weight (chassis)

40.50 lbs (18.37 kg)

Access Layer Switch

Cisco Catalyst 3750 Series

Figure 7 – Cisco Catalyst 3750 Series Switch

As shown in Figure 7 above, the Cisco Catalyst 3750 Series Switches are cutting-edge and innovative switches that improve LAN operating efficiency by combining industry-leading ease of use and high resiliency for stackable switches. This product series enables Cisco StackWise technology, a 32-Gbps stack interconnect that allows customers to build a unified, highly resilient switching system, one switch at a time. Cisco Catalyst 3750 Series simplifies deployment of converged applications and adapts to changing business needs by providing configuration flexibility, support for converged network patterns, and automation of intelligent network services configurations. The Cisco Catalyst 3750 Series switches supports up to 1 Gigabit connectivity and up to 8 gigabit by bundling 8 1 gigabit port with Cisco EtherChannel technology.

Cisco StackWise Technology offers Stackable Resiliency

Cisco StackWise technology is a stacking architecture optimized for Gigabit Ethernet. This technology is designed to respond to additions, deletions, and redeployment while maintaining consistent performance. As illustrated in Figure 8 below, Cisco StackWise technology can combine up to nine individual switches into a single logical unit, using special stack-interconnect cables and stacking software. The individual switches can be any combination of Cisco Catalyst 3750, 3750 v2, and 3750-E Series Switches.

Figure 8 – Cisco StackWise Technology

For purposes of our network design, I propose to use Cisco Catalyst 3750G-48PS-E switch as our access layer switch for LAN network of Menara Maybank, as it provides the most scalable features for access layer and able to support high bandwidth requirements of Menara Maybank via gigabit switch ports.

Table 5 below summarizes the specifications of Cisco Catalyst 3750G-48PS-E switch.

Table 5 – Specifications of Cisco Catalyst 3750G-48PS-E switch

Feature

Specification

Maximum number of 1 GE ports with PoE

48

Maximum number of 10 GE ports

4

Maximum forwarding performance

38.7 Mpps

Height (RU)

1

Weight (chassis)

8.82 lbs (7 kg)

Internet/WAN edge router

Cisco ASR 1000 Series Aggregation Services Router

Cisco ASR 1000 Series Aggregation Services Routers is a portfolio of midrange routers that establish a new price-to-performance class offering, delivering a very reliable, high-performance WAN edge solution such that information, communication, collaboration, and commerce converge.

The Cisco ASR 1000 Series Routers accelerate services by enabling outstanding performance and resiliency with optimized, intelligent services. It establishes a new benchmark for price-to-performance offerings in enterprise advanced routing. Besides that, it also helps to secure WAN aggregation by providing firewall services.

As shown in Figure 9 below, the Cisco ASR 1000 Series comprises of several different versions, which are the Cisco ASR 1001 Router, the Cisco ASR 1002 Router, the Cisco ASR 1002-X Router, the Cisco ASR 1004 Router, the Cisco ASR 1006 Router, and the Cisco ASR 1013 Router.

All models utilize innovative and powerful Cisco QuantumFlow Processor, which offers a massive leap in performance and resiliency for network processors.

Figure 9 – Cisco ASR 1000 Series Router

http://www.cisco.com/en/US/prod/collateral/routers/ps9343/images/data_sheet_c78-447652-1.jpg

The Cisco ASR 1000 Series Routers provide significant enhancements compared to prior generations of Cisco midrange routing solutions by providing more than tenfold performance improvement with services running. Additionally, the routers have hardware and software redundancy, as well as an industry-leading high-availability design.

The Cisco ASR 1000 Series provides multiple services embedded in the Cisco QuantumFlow Processor at wire speeds from 2.5 to 100 Gbps. The services supported on the Cisco QuantumFlow Processor include security services (for example, encryption and firewall), quality of service (QoS), Network-Based Application Recognition (NBAR), Cisco IOS Flexible Packet Matching (FPM), broadband aggregation, and Cisco Unified Border Element (SP Edition) (previously known as Session Border Controller, or SBC), among others.

By separating the control and data planes in the Cisco ASR 1000 Series Router architecture, software redundancy (on the Cisco ASR 1001, ASR 1002 Fixed, ASR 1002, ASR 1002-X, and ASR 1004 Routers) and hardware redundancy (on the Cisco ASR 1006 and ASR 1013 Routers) are provided. In addition, the modular Cisco IOS XE Software that is introduced with the Cisco ASR 1000 Series facilitates In-Service Software Upgrade (ISSU).

Moreover, Cisco ASR 1000 Series Router are designed with Cisco Interface Flexibility (I-Flex) design, which combines shared port adapters (SPAs) and SPA interface processors (SIPs). I-Flex design is one of the Cisco state-of-art technologies, taking advantage of an extensible design that facilitates service prioritization for voice, video, and data services.

SPAs provide physical interfaces for router connectivity ranging from copper, Channelized, Packet over SONET/SDH (PoS), ATM, and Ethernet. Together with SPA interface processor (SIP), it maximizes connectivity options and enables highly intelligent services through programmable interface processors that deliver line-rate performance.

I-Flex effectively provides a rich set of quality-of-service (QoS) features for first-class service provision while reducing total cost of ownership, where Maybank could take advantage and reuse the modular SPA that are interchangeable across Cisco routing platforms in future. This helps to protect network investments of Maybank.

Figure 10 below shows a sample of the wide range of SPAs supported on the Cisco ASR 1000 Series, and Figure 11 shows the Cisco ASR 1000 Series SIP.

Figure 10 – SPA supported on Cisco ASR 1000 Series Router

http://www.cisco.com/en/US/prod/collateral/routers/ps9343/images/data_sheet_c78-443175-1.jpg

Figure 11 – SIP on Cisco ASR 1000 Series Router

http://www.cisco.com/en/US/prod/collateral/routers/ps9343/images/data_sheet_c78-443175-3.jpg

In response to requirements of Menara Maybank’s WAN/Internet edge, Cisco ASR 1002 router as shown in Figure 12 below is proposed to be deployed, as it provides the lowest total cost of ownership and expected to support future growth within the next 5 to 10 years.

Figure 12 – Cisco ASR 1002

http://www.cisco.com/en/US/prod/routers/ps9343/ps9436/ASR_1002_large.jpg

Table 6 below summarizes the features and specifications of Cisco ASR 1002 router.

Table 6 – Features and Specifications of Cisco ASR 1002 router

Feature

Specification

Scalability

5 Gbps to 10 Gbps

Number of shared port adapters

3

Embedded services processor slots

1

Route processor slots

Integrated

Number of SPA interface processors (SIPs) supported

Integrated

Redundancy

Yes: Software

Number of SFP (Small Form-factor Pluggable) built-in GE ports.

4

Redundant power supply

Yes: Dual power supply, option of either AC (Alternating Current) or DC (Direct Current)

Management tool

Cisco Prime Network Analysis Module

Airflow

Front-to-back

Height

3.5 in. (88.9 mm)

Width

17.2 in. (437.4 mm)

Depth

22 in. (558.8 mm)

Weight

33.65 lb (15.23 kg)

Internet/WAN Edge Distribution Switch

Cisco Catalyst 2960-S

The Cisco® Catalyst® 2960-S is the Cisco’s leading Layer 2 edge, enabling better ease of use, highly secure business operations, enhanced sustainability, and a borderless network experience. The Catalyst 2960-S Series Switches include new FlexStack switch stacking capability with 1 and 10 Gigabits connectivity.

The Cisco Catalyst 2960-S is fixed-configuration access switches designed for enterprise, midmarket, and branch office networks to reduce total cost of ownership. The Cisco Catalyst 2960-S is shown in Figure 13.

Figure 13 – Cisco Catalyst 2960-S Switch

http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps6406/images/product_data_sheet0900aecd80322c0c-1.jpg

Cisco FlexStack Stacking

Cisco FlexStack stacking with a hot-swappable module and IOS software provides true stacking, all switches in a stack act as a single logical switch unit. The Cisco FlexStack enables a unified data plane, unified configuration, and single IP address management for a group of switches, which result in lower total cost of ownership through simplified management and higher availability.

Cisco FlexStack supports cross-stack features including Etherchannel, SPAN and FlexLink technology. A stack module can be added to any Catalyst 2960-S switch with LAN Base software to quickly upgrade the switch to make it stack capable, and the switch added to the stack will upgrade to the correct Cisco IOS Software version and transparently become a stack member. Figure 14 shows the FlexStack stacking module for the Catalyst 2960-S.

Figure 14 – Cisco FlexStack Module and Switches

http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps6406/images/product_data_sheet0900aecd80322c0c-3.jpg

Based on the Internet/WAN edge distribution requirements of Menara Maybank, Cisco Catalyst 2960S-24TD-L switch is chosen to provide the necessary services with the lowest total cost of ownership.

Table 7 below shows the specifications of Cisco 2960S-24TD-L switch.

Table 7 – Specifications of Cisco 2960S-24TD-L switch

Total 10/100/1000 Ethernet Ports

Uplinks

AC Power Supply Rating

Available PoE Power

FlexStack Data Stacking

24

2x10G

60W

None

Yes Modular Slot

As can be seen, there is no PoE for Cisco 2960S-24TD-L, as it is not required for our network design at Internet/WAN edge distribution.

Internet/WAN Edge Distribution Firewall

Cisco ASA 5500-X series Firewall

Recently Cisco had introduced Cisco SecureX framework which allows establishment and enforcement of security policies across the entire distributed network, and not just at a single point of data stream. It leverages global and local security intelligence for dynamic and real-time threat protection, thus can responds to evolving security needs of today’s borderless network environments.

A key component of the Cisco SecureX framework is Cisco ASA 5500-X Series which integrates the world's most recognized firewall with a robust collection of highly integrated, market-leading security services for networks of all sizes - small and midsize business with one or a few locations, large enterprises, service providers, and mission-critical data centers.

The Cisco ASA 5500-X Series delivers MultiScale performance and functionality with extraordinary services flexibility including context-aware firewall capabilities, modular scalability, feature extensibility, and most importantly lower deployment and operations costs.

Among the Cisco ASA 5500-X series firewalls, Cisco ASA 5545-X as shown in Figure 15 is chosen to protect Internet/WAN edge distribution of Menara Maybank as it provides the most suitable balance between features and cost.

Figure 15 – Cisco ASA 5545-X

http://www.secureitstore.com/images/ASA/5545/asa-5545-x.jpg

Table 8 shows specifications of the Cisco ASA 5545-X.

Table 8 – Specifications of Cisco ASA 5545-X

Feature

Specification

Maximum Firewall Throughput

3 Gbps

Maximum Firewall and IPS Throughput

900 Mbps

(Extra hardware not required)

3DES/AES VPN Throughput***

400 Mbps

IPsec VPN Peers

2500

Premium AnyConnect VPN Peers (Included/Maximum)

2/2500

Concurrent Connections

750,000

New Connections/Second

30,000

Virtual Interfaces (VLANs)

300

Security Contexts (Included/Maximum)*

2/50

High Availability

Active/Active and Active/Standby

Expansion Slot

1 interface card

Number of User-Accessible Flash Slots

0

USB 2.0 Ports

2

Integrated I/O

8 GE Copper

Expansion I/O

6 GE Copper or 6 GE SFP

Dedicated Management Port

Yes (1 GE)

Serial Ports

1 RJ-45

Wireless LAN controller

Cisco 5500 Wireless Controllers

The Cisco 5500 Series Wireless Controller as shown in Figure 16 is an extremely flexible and scalable platform that allows system wide services for mission-critical wireless networking in medium-sized to large enterprises and campus environments. Designed for 802.11n performance and maximum scalability, the 5500 Series offers enhanced uptime with:

• RF visibility and protection

• The ability to simultaneously manage up to 500 access points

• Superior performance for reliable streaming video and toll quality voice

• Sub-second stateful failover of all Access Points from Primary to Standby controller

Figure 16 – Cisco 5500 Series Wireless LAN Controller

Cisco 5508 Wireless Controller is chosen as our wireless controller. It offers improved mobility and prepares the business for the next wave of mobile devices and applications. Besides that, it supports a higher density of clients and delivers more efficient roaming, with at least nine times the throughput of existing 802.11a/g networks.

Moreover, it automates wireless configuration and management functions and allows network managers to have the visibility and control needed to cost-effectively manage, secure, and optimize the performance of their wireless networks. With integrated Cisco CleanAir technology, the 5500 Series protects 802.11n performance by providing cross-network access to real-time and historic RF interference information for quick troubleshooting and resolution. As a component of the Cisco Unified Wireless Network, this controller provides real-time communications between Cisco Aironet access points, the Cisco Wireless Control System (WCS), and the Cisco Mobility Services Engine to deliver centralized security policies, wireless intrusion prevention system (IPS) capabilities, award-winning RF management, and quality of service (QoS).

Software Licensing Flexibility

Base access point licensing offers flexibility to add up to 500 additional access points as business needs grow. The licensing structure supports a variety of business mobility needs as part of the basic feature set, including the Cisco OfficeExtend solution for secure, mobile teleworking and Cisco Enterprise Wireless Mesh, which allows access points to dynamically establish wireless connections in locations where it may be difficult or impossible to physically connect to the wired network.

Table 9 lists the features of the Cisco 5508 Wireless Controller.

Table 9 – Features of Cisco 5508 Wireless LAN Controller

Feature

Benefits

Scalability

• Supports 12, 25, 50, 100, 250, or 500 access points for business-critical wireless services at locations of all sizes

High Performance

• Wired speed, non-blocking performance for 802.11n networks

RF Management

• Provides both real-time and historical information about RF interference impacting network performance across controllers, via systemwide Cisco CleanAir technology integration

OfficeExtend

• Supports corporate wireless service for mobile and remote workers with secure wired tunnels to the Cisco Aironet 1130 or 1140 Series Access Points

• Extends the corporate network to remote locations with minimal setup and maintenance requirements (zero-touch deployment)

• Improves productivity and collaboration at remote site locations

• Separate SSID tunnels allow both corporate and personal Internet access

• Reduced CO2 emissions from decrease in commuting

• Higher employee job satisfaction from ability to work at home

• Improves business resiliency by providing continuous, secure connectivity in the event of disasters, pandemics, or inclement weather

Comprehensive End-to-End Security

• Offers Control and Provisioning of Wireless Access Points (CAPWAP) compliant DTLS encryption to ensure full-line-rate encryption between access points and controllers across remote WAN/LAN links

Enterprise Wireless Mesh

• Allows access points to dynamically establish wireless connections without the need for a physical connection to the wired network

• Available on select Cisco Aironet access points, Enterprise Wireless Mesh is ideal for warehouses, manufacturing floors, shopping centers and any other location where extending a wired connection may prove difficult or aesthetically unappealing

High Performance Video

• Integrates Cisco VideoStream technology as part of the medianet framework to optimize the delivery of video applications across the WLAN

End-to-end Voice

• Supports Unified Communications for improved collaboration through messaging, presence, and conferencing

• Supports all Cisco Unified Communications Wireless IP Phones for cost-effective, real-time voice services

High Availability

• An optional redundant power supply that helps to ensure maximum availability

Environmentally Responsible

• Organizations may choose to turn off access point radios to reduce power consumption during off peak hours

Mobility, security and management for IPv6 & dual-stack clients

• Secure, reliable wireless connectivity and consistent end-user experience

• Increased network availability through proactive blocking of known threats

• Equips administrators for IPv6 troubleshooting, planning, and client traceability from a common wired and wireless management system

Table 10 lists the specifications for Cisco 5508 Wireless Controller.

Table 10 – Specifications for Cisco 5508 Wireless Controller

Item

Specifications

Wireless

IEEE 802.11a, 802.11b, 802.11g, 802.11d, WMM/802.11e, 802.11h, 802.11n, 802.11u

Wired/Switching/Routing

IEEE 802.3 10BASE-T, IEEE 802.3u 100BASE-TX specification, 1000BASE-T. 1000BASE-SX, 1000-BASE-LH, IEEE 802.1Q Vtagging, and IEEE 802.1AX Link Aggregation.

Encryption

• WEP and TKIP-MIC: RC4 40, 104 and 128 bits (both static and shared keys)

• AES: CBC, CCM, CCMP

• DES: DES-CBC, 3DES

• SSL and TLS: RC4 128-bit and RSA 1024- and 2048-bit

• DTLS: AES-CBC

• IPSec: DES-CBC, 3DES, AES-CBC

Management Interfaces

• Web-based: HTTP/HTTPS

• Command-line interface: Telnet, Secure Shell (SSH) Protocol, serial port

• Cisco Wireless Control System (WCS)

Interfaces and Indicators

• Uplink: 8 (5508) 1000BaseT, 1000Base-SX and 1000Base-LH transceiver slots

• Small Form-Factor Pluggable (SFP) options (only Cisco SFPs supported): GLC-T, GLC-SX-MM, GLC-LH-SM

• LED indicators: link

• Service Port: 10/100/1000 Mbps Ethernet (RJ45).

• Service Port: 10/100/1000 Mbps Ethernet (RJ45) For High Availability for future use

• LED indicators: link,

• Utility Port: 10/100/1000 Mbps Ethernet (RJ45)

• LED indicators: link

• Expansion Slots: 1 (5508)

• Console Port: RS232 (DB-9 male/RJ-45 connector included), mini-USB

• Other Indicators: Sys, ACT, Power Supply 1, Power Supply 2

Physical and Environmental

• Dimensions (WxDxH): 17.30 x 21.20 x 1.75 in. (440 x 539 x 44.5 mm)

• Weight: 20 lbs (9.1 kg) with 2 power supplies

• Temperature: Operating temperature: 32 to 104°F (0 to 40°C); Storage temperature: -13 to 158°F (-25 to 70°C)

• Humidity: Operating humidity: 10 95%, noncondensing. Storage humidity: up to 95%

• Input power: 100 to 240 VAC; 50/60 Hz; 1.05 A at 110 VAC, 115 W Maximum; 0.523 A at 220 VAC, 115 W Maximum; Test Conditions: Redundant Power Supplies, 40C, Full Traffic.

• Heat Dissipation: 392 BTU/hour at 110/220 VAC Maximum

Wireless Access Point

Cisco Aironet 3600 Series Access Point

Figure 17 – Cisco Aironet 3600 Series Access Points

The Cisco Aironet 3600 Series Access Point as shown in Figure 17 above is the best in class Cisco Wireless Access Point that delivers the peak level of 802.11n performan