Cisco latest wireless LAN controller software is the just-released version 18.104.22.168, with a string of improvements that are dissected in a blogpost by Andrew vonNagy, a lead wireless engineer with an unnamed Fortune 50 retailer. A number of the main ones are aimed at improving administration, security and operations for remote Cisco access points without a local controller.
Among the main changes he looks at are (check his blog, RevolutionWiFi, for full details):
1. WIPS Enhanced Local Mode: essentially this takes a subset of the controller-based Wireless Intrusion Prevention System features and runs them on remote access points running Hybrid Remote-Edge AP. H-REAP, which as vonNagy points out in another blogppost lets you deploy centralized WLAN controllers but distribute more intelligence to groups of remote access points. Enhanced Local Mode or ELM adds WIPS functionality to these remote APs, without having to set up APs dedicated solely to radio monitoring.
2. New key caching option for H-REAP: H-REAP access points now can make use of Opportunistic Key Caching (OKC), in addition to CCKM, which vonNagy notes, "should provide much broader support for fast roaming with many more clients in typical customer environments." Both options still require a controller to handle the 80.21x/EAP key derivation to support fast roaming between multiple remote APs.
3. Support for Cisco Identity Services Engine: ISE is appliance software that works with Cisco Secure ACS and Network Admission Control to use user and device identities to enforce network access policies. A corporate user might be granted different privileges based on whether he connects with a company laptop or his personal iPad.