Data Sheet

Cisco 2500 Series Wireless Controllers

Small to Medium-Sized Enterprise and Branch Office Controller Support for up to 50 access points and 500 clients. 802.11n ready support up to 500 Mbps. Payment Card Industry (PCI) support enables certification for scanner and kiosk deployments. Licensing Flexibility and Investment Protection Additional access point licenses may be added over time. Comprehensive Security Full Control and Provisioning of Wireless Access Points (CAPWAP) access point to controller encryption. Supports rogue access point detection and detection of denial-of-service attacks. Management frame protection detects malicious users and alerts network administrators. Cisco CleanAir Technology Detects, classifies, locates, and mitigates RF interference to provide performance protection for 802.11n networks. Cisco OfficeExtend Solution Secure, simple, cost-effective mobile teleworker solution.

Product Overview
The Cisco 2500 Series Wireless Controller enables systemwide wireless functions in small to medium-sized enterprises and branch offices. Designed for 802.11n performance, Cisco 2500 Series Wireless Controllers are entry-level controllers that provide real-time communications between Cisco Aironet access points to simplify the deployment and operation of wireless networks (Figure 1). Figure 1: Cisco 2500 Series Wireless Controller

As a component of the Cisco Unified Wireless Network, this controller delivers centralized security policies, wireless intrusion prevention system (wIPS) capabilities, award-winning RF management, and quality of service (QoS) for voice and video. Delivering 802.11n performance and scalability, the Cisco 2500 Series provides low total cost of ownership and flexibility to scale as network requirements grow.

The Cisco 2504 Wireless Controller supports Cisco Application Visibility and Control (AVC), the technology that includes Ciscos Network-Based Application Recognition 2 (NBAR-2) engine. N-BAR-2 does deep packet inspection (DPI) to classify applications and tie into quality of service (QoS) to either drop or mark the traffic, thereby prioritizing business-critical applications in the network. NBAR-2 uses NetFlow Version 9 to export the flows. The 2504 controller also supports Bonjour Services Directory, which enables Bonjour (Apple) Services to be advertised and utilized in a separate Layer 3 network. Cisco 2500 Series Wireless Controller base access point licensing offers flexibility with 5, 15, 25, or 50 access points. Additional access point support can be added in increments of 1, 5, or 25. Table 1 lists the features and benefits of the Cisco 2500 Series Wireless Controllers.
Table 1.
Feature Scalability Ease of Deployment High Performance RF Management

Cisco 2500 Series Wireless Controller Features and Benefits

Benefits Supports up to 75 access points For quick and easy deployment Access Points can be connected directly to 2504 Wireless LAN Controller via two PoE (Power over Ethernet) ports Wired-network speed and nonblocking performance for 802.11n networks Provides both real-time and historical information about RF interference impacting network performance

2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.

Page 1 of 6

Feature

Benefits across controllers, via systemwide Cisco CleanAir technology integration

Comprehensive End-to-End Security End-to-end Voice

Offers CAPWAP-compliant Datagram Transport Layer Security (DTLS) encryption to help ensure full-linerate encryption between access points and controllers across remote WAN/LAN links Supports Unified Communications for improved collaboration through messaging, presence, and conferencing Supports all Cisco Unified Communications Wireless IP Phones for cost-effective, real-time voice services Integrates Cisco VideoStream technology as part of the Cisco medianet framework to optimize the delivery of video applications across the WLAN Part of Payment Card Industry (PCI) certified architecture, and are well-suited for retail customers who deploy transactional data applications such as scanners and kiosks Supports corporate wireless service for mobile and remote workers with secure wired tunnels to the Cisco Aironet 600, 1130, 1140 or 3500 Series Access Points Extends the corporate network to remote locations with minimal setup and maintenance requirements Improves productivity and collaboration at remote site locations Separate service set identifier (SSID) tunnels allow both corporate and personal Internet access Reduced carbon dioxide emissions from a decrease in commuting Higher employee job satisfaction from ability to work at home Improves business resiliency by providing continuous, secure connectivity in the event of disasters, pandemics, or inclement weather

High-Performance Video PCI Integration OfficeExtend

Enterprise Wireless Mesh

Allows access points to dynamically establish wireless connections without the need for a physical connection to the wired network Available on select Cisco Aironet access points, Enterprise Wireless Mesh is ideal for warehouses, manufacturing floors, shopping centers, and any other location where extending a wired connection may prove difficult or aesthetically unappealing Organizations may choose to turn off access point radios to reduce power consumption during off-peak hours Secure, reliable wireless connectivity and consistent end-user experience Increased network availability by proactive blocking of known threats Equips administrators for IPv6 troubleshooting, planning, client traceability from a common wired and wireless management system Supports up to 15 guest anchor Ethernet over IP (EoIP) tunnels for path isolation of guest traffic from enterprise data traffic

Environmentally Responsible Mobility, Security and Management for IPv6 & DualStack Clients

Guest Anchor

Product Specifications
Table 2 lists the product specification for Cisco 2500 Series Wireless Controllers.
Table 2.
Item Wireless Standards Wired/Switching/Routing Data Request for Comments (RFCs)

Product Specifications for the Cisco 2500 Wireless Controller

Specification IEEE 802.11a, 802.11b, 802.11g, 802.11d, WMM/802.11e, 802.11h, 802.11n, 802.11u. IEEE 802.3 10BASE-T, IEEE 802.3u 100BASE-TX specification, 1000BASE-T, and IEEE 802.1Q VLAN tagging. RFC 768 UDP RFC 791 IP RFC 2460 IPv6 (passthrough bridging mode only) RFC 792 ICMP RFC 793 TCP RFC 826 ARP RFC 1122 Requirements for Internet Hosts RFC 1519 CIDR RFC 1542 BOOTP RFC 2131 DHCP RFC 5415 CAPWAP Protocol Specification

2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.

Page 2 of 6

Item Security Standards

Specification Wi-Fi Protected Access (WPA) IEEE 802.11i (WPA2, RSN) RFC 1321 MD5 Message-Digest Algorithm RFC 1851 The ESP Triple DES Transform RFC 2104 HMAC: Keyed Hashing for Message Authentication RFC 2246 TLS Protocol Version 1.0 RFC 2401 Security Architecture for the Internet Protocol RFC 2403 HMAC-MD5-96 within ESP and AH RFC 2404 HMAC-SHA-1-96 within ESP and AH RFC 2405 ESP DES-CBC Cipher Algorithm with Explicit IV RFC 2406 IP Encapsulating Security Payload (ESP) RFC 2407 Interpretation for ISAKMP RFC 2408 ISAKMP RFC 2409 IKE RFC 2451 ESP CBC-Mode Cipher Algorithms RFC 3280 Internet X.509 PKI Certificate and CRL Profile RFC 3602 The AES-CBC Cipher Algorithm and Its Use with IPsec RFC 3686 Using AES Counter Mode with IPsec ESP RFC 4347 Datagram Transport Layer Security RFC 4346 TLS Protocol Version 1.1

Encryption

WEP and Temporal Key Integrity Protocol-Message Integrity Check (TKIP-MIC): RC4 40, 104 and 128 bits (both static and shared keys) Advanced Encryption Standard (AES): CBC, CCM, Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) DES: DES-CBC, 3DES Secure Sockets Layer (SSL) and Transport Layer Security (TLS): RC4 128-bit and RSA 1024- and 2048-bit DTLS: AES-CBC

Authentication, Authorization, and Accounting (AAA)

IEEE 802.1X RFC 2548 Microsoft Vendor-Specific RADIUS Attributes RFC 2716 PPP EAP-TLS RFC 2865 RADIUS Authentication RFC 2866 RADIUS Accounting RFC 2867 RADIUS Tunnel Accounting RFC 3576 Dynamic Authorization Extensions to RADIUS RFC 3579 RADIUS Support for EAP RFC 3580 IEEE 802.1X RADIUS Guidelines RFC 3748 Extensible Authentication Protocol Web-based authentication TACACS support for management users

Management

SNMP v1, v2c, v3 RFC 854 Telnet RFC 1155 Management Information for TCP/IP-Based Internets RFC 1156 MIB RFC 1157 SNMP RFC 1213 SNMP MIB II RFC 1350 TFTP RFC 1643 Ethernet MIB RFC 2030 SNTP RFC 2616 HTTP RFC 2665 Ethernet-Like Interface types MIB RFC 2674 Definitions of Managed Objects for Bridges with Traffic Classes, Multicast Filtering, and Virtual Extensions RFC 2819 RMON MIB RFC 2863 Interfaces Group MIB RFC 3164 Syslog

2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.

Page 3 of 6

Item

Specification RFC 3414 User-Based Security Model (USM) for SNMPv3 RFC 3418 MIB for SNMP RFC 3636 Definitions of Managed Objects for IEEE 802.3 MAUs Cisco private MIBs

Management Interfaces

Designed for use with Cisco Wireless Control System Web-based: HTTP/HTTPS individual device manager Command-line interface: Telnet, SSH, serial port

Interfaces and Indicators

Console port: RJ-45 connector Network: Four 1 Gbps Ethernet (RJ-45) LED indicators: Link Activity (each 1 Gigabit Ethernet port), Power, Status, Alarm

Physical and Environmental

Dimensions: 1.73 x 8.00 x 6.75 in. (43.9 x 203.2 x 271.5mm) Weight: 3.5 lbs (with power supply) Temperature: Operating: 32 to 104 (0 to 40 F C) Storage: -13 to 158 (-25 to 70 F C) Humidity: Operating humidity: 10 to 95 percent, noncondensing Storage humidity: Up to 95 percent Power adapter: Input power: 100 to 240 VAC; 50/60 Hz Heat dissipation: 72 BTU/hour

Regulatory Compliance

Safety: UL 60950-1, 2nd Edition EN 60950:2005 EMI and susceptibility (Class B): U.S.: FCC Part 15.107 and 15.109 Canada: ICES-003 Japan: VCCI Europe: EN 55022, EN 55024

Ordering Information
Tables 3 and 4 provide ordering information for the Cisco 2500 Series Wireless Controllers. To place an order, visit the Cisco ordering website: http://www.cisco.com/en/US/ordering/index.shtml.
Table 3.
Part Number AIR-CT2504-5-K9 AIR-CT2504-15-K9 AIR-CT2504-25-K9 AIR-CT2504-50-K9

Ordering Information for Cisco 2500 Series Wireless Controllers

Description 2500 Series Wireless Controller for up to 5 Cisco access points 2500 Series Wireless Controller for up to 15 Cisco access points 2500 Series Wireless Controller for up to 25 Cisco access points 2500 Series Wireless Controller for up to 50 Cisco access points Cisco SMARTnet 8x5xNBD CON-SNT-CT255 CON-SNT-CT2515 CON-SNT-CT2525 CON-SNT-CT2550

Table 4.
Part Number

Ordering Information for Cisco 2500 Series Wireless Controllers: Optional Accessories
Product Name Cisco 2504 Wireless Controller Rack Mount Bracket Cisco 2504 Wireless Controller Spare Power Supply (not necessary with original order as 1 power supply is included)

AIR-CT2504-RMNT= PWR-2504-AC=

2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.

Page 4 of 6

Additive Capacity Upgrade Licenses

Tables 5 and 6 summarize additive capacity upgrade licenses that are available for the Cisco 2500 Series.
Table 5.
Part Number L-LIC-CT2504-UPG L-LIC-CT2504-1A L-LIC-CT2504-5A L-LIC-CT2504-25A

Ordering Information for Cisco 2500 Series Wireless Controllers: Access Point Adder Licenses (e-Delivery PAKs)
Description Primary upgrade SKU: Pick any number or combination of the following options under this SKU to upgrade one or many controllers under one product authorization key 1 Access Point Adder License for Cisco 2504 Wireless Controller (e-Delivery) 5 Access Point Adder License for Cisco 2504 Wireless Controller (e-Delivery) 25 Access Point Adder License for Cisco 2504 Wireless Controller (e-Delivery) Cisco SMARTnet 8x5xNBD CON-SNT-LCT25UP CON-SNT-LICCT2504 CON-SNT-LCT255A CON-SNT-LCT2525A

Table 6.
Part Number

Ordering Information for Cisco 2500 Series Wireless Controllers: Access Point Adder Licenses (Paper PAKs)
Description Primary upgrade SKU: Pick any number or combination of the following options under this SKU to upgrade one or many controllers under one product authorization key 1 Access Point Adder License for Cisco 2504 Wireless Controller (Paper Certificate U.S. Mail) 5 Access Point Adder License for Cisco 2504 Wireless Controller (Paper Certificate U.S. Mail) 25 Access Point Adder License for Cisco 2504 Wireless Controller (Paper Certificate U.S. Mail) Cisco SMARTnet 8x5xNBD CON-SNT-LCT25UP CON-SNT-LICCT2504 CON-SNT-LCT255A CON-SNT-LCT2525A

LIC-CT2504-UPG LIC-CT2504-1A LIC-CT2504-5A LIC-CT2504-25A

Table 7 shows the optional DTLS license for Cisco 2500 Series Wireless Controllers. When the customer orders the 2500 Series and chooses none selected (the default) in the Optional Licenses tab, data DTLS encryption is disabled. Datagram Transport Layer Security (DTLS) is required for all Cisco OfficeExtend deployments to encrypt the data plane traffic. To enable this functionality, you must obtain a $0 DTLS license. Customers planning to install this device physically in Russia must obtain a physical PAK in order to enable a DTLS license and should not download the license from Cisco.com. Please consult your local government regulations to ensure that data DTLS encryption is permitted. The DTLS Paper PAK license is designated for customers who purchase a controller with DTLS disabled due to import restrictions but get permission to add DTLS support after initial purchase. This optional DTLS license is required for Cisco OfficeExtend deployment.
Table 7.
Part Number LIC-CT2504-UPG LIC-CT25-DTLS-K9 L-LIC-CT2504-UPG L-LIC-CT25-DTLS-K9

Optional Licensing for Cisco 2500 Series Wireless Controllers (PAKs)

Description Primary upgrade SKU: Pick any number or combination of the following options under this SKU to upgrade one or many controllers under one product authorization key Cisco 2504 Controller DTLS License (Paper Certificate - US Mail) Primary upgrade SKU: Pick any number or combination of the following options under this SKU to upgrade one or many controllers under one product authorization key Cisco 2504 Controller DTLS License (electronic Certificate - must not be ordered by Russian Customers)

Other customers can simply use the following procedure in order to download the DTLS license from Cisco.com.

2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.

Page 5 of 6

To obtain/download a Data DTLS License: Step 1. Browse to http://cisco.com/go/license. Step 2. On the Product License Registration page, choose Licenses Not Requiring a PAK. Step 3. Choose Cisco Wireless Controllers DTLS License under Wireless. Step 4. Complete the remaining steps to generate the license file. The license will be provided online or via email. Step 5. Copy the license file to your Trivial File Transfer Protocol (TFTP) server. Step 6. Install the license by browsing to the WLC Web Administration Page: Management --> Software Activation --> Commands --> Action: Install License

Service and Support

Realize the full business value of your wireless network and mobility services investments faster with intelligent, customized services from Cisco and our partners. Backed by deep networking expertise and a broad ecosystem of partners, Cisco professional and technical services enable you to successfully plan, build, and run your network as a powerful business platform. Our services can help you successfully deploy the Cisco Wireless Controller and integrate mobility solutions effectively to lower the total cost of ownership and secure your wireless network. To learn more about Cisco wireless LAN service offers, visit: http://www.cisco.com/go/wirelesslanservices.

For More Information

For more information about Cisco wireless controllers, contact your local account representative or visit: http://www.cisco.com/en/US/products/ps6366/index.html. For more information about the Cisco Unified Wireless Network framework, visit: http://www.cisco.com/go/unifiedwireless.

Printed in USA

C78-645111-04

12/12

2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.

Page 6 of 6