Safeguarding industrial control systems (ICS) from cyber threats is a critical priority, but transforming these intentions into effective actions can be challenging. Given the complexity of ICS and their networks, which often rely on outdated technologies and inadequate security measures, it can be difficult to determine the best starting point. Cisco Validated Designs (CVDs) are proven networking and security reference architectures that industrial organizations can use to build advanced capabilities and create a flexible foundation for the future.

The Cisco Validated Design for Industrial Security has been updated to create additional blueprints for securing critical infrastructure. Taking a phased approach to secure the industrial network, the Cisco Industrial Threat Defense solution comprises of OT asset visibility, zero trust access and segmentation, and cross-domain detection, investigation and response.

Cisco Industrial Threat Defense comprehensive OT/ICS security capabilities

Comprehensive OT visibility driving network segmentation

The previous version of Cisco’s Industrial Security Validated Design described how the Cyber Vision sensor software embedded in Cisco switches and routers could help gain visibility into connected industrial assets without having to deploy dedicated appliances or SPAN collection networks. It explained how control engineers and network managers could use this comprehensive asset inventory to implement adaptive zone segmentation in the industrial network by having Cyber Vision and Cisco Identity Services Engine to seamlessly work together.

The updated CVD now includes using the Cisco Secure Firewall to secure plant networks. Rising investments into AI and the virtualization of the plant floor is resulting in the industrial data center (IDC) becoming a critical component of operational networks. Virtual PLCs are an example of this shift, where virtual controllers allow for a more flexible and modular design of production plants.

In a traditional Purdue model architecture, the IDC would reside in level 3, the industrial operations zone. But many operational networks who have implemented some levels of network traffic control have done so at the IDMZ, or level 3.5. As the IDC becomes more modern, it also becomes more connected, relying on cloud connectivity for services to run as intended. More connectivity expands the attack surface, so placing the IDC behind a firewall is needed to protect it if an attack was to breach the boundary firewall.

Cisco Secure Firewall for protecting the industrial data center and segmenting OT networks

The Cisco Secure Firewall, supplemented by an integration with Cisco Cyber Vision, can also be used to dynamically segment the industrial network and prevent cyber-attacks from spreading. The updated CVD explains how to use the Cisco Secure Dynamic Attributes Connector (CSDAC) to make OT asset groups created in Cyber Vision automatically available to the Firewall Management Center (FMC) as dynamic objects. Dynamic objects can easily be incorporated into access control policies to allow or deny communications based on source/destination, ports, protocols, and even Industrial Control System (ICS) commands using OpenAppID. Cisco Secure Firewalls installed in the industrial distribution frame, or Purdue level 3, will enforce these access policies, driving east-west and north-south segmentation with the need to deploy dedicated firewall appliances in each zone.

A blueprint for securing distributed industrial infrastructure

The second major update to the CVD provides design guidance for building a cyber resilient network for distributed field assets with Cisco Industrial Routers. While we often talk a lot about cybersecurity, which refers to the robust tools and policies implemented to prevent attacks from occurring in operational networks, we often overlook cyber resiliency. Cyber resiliency refers to an organizations ability to maintain its critical operations even in the face of cyber attacks.

Cybersecurity is of course part of a cyber resiliency architecture. Capabilities such as firewalls, segmentation, and the implementation of a zero-trust model means that if an attacker does get a foothold in the network, their reach is limited and both reconnaissance and lateral movement can be prevented. However, cybersecurity practitioners and networking teams often make the mistake of treating themselves as siloed entities in the organization. The network configuration is just as important as the security appliances deployed in the network. Quality of Service (QoS) ensures that critical traffic always has priority when the network is in a degraded state. Lossless redundancy protocols ensure that critical traffic meets latency metrics when network paths go down. Management plane security ensures only trusted users get access to the network infrastructure and cannot be taken down by malicious actors. Plug and play ensures that new network devices are onboarded with a secure configuration out of the box. While all these features are typically considered part of networking, it’s the combination of networking and security that results in a cyber resilient architecture.

Cisco Industrial Router provides the best of OT security and rugged industrial networking

Zero trust remote access made for OT

Last, but not least, the CVD explores the various options for securing remote access to industrial networks and describes how to deploy Cisco Secure Equipment Access to enable zero trust network access (ZTNA) to the plant floor. Remote access solutions come in many forms, and it can often be confusing to understand which one will meet business needs. The design guide compares virtual private networks, the remote desktop protocol, and the evolution towards zero trust network access, ultimately leading to the deployment of Cisco SEA within a Purdue model architecture.

Cisco Secure Equipment Access enables ZTNA remote access in industrial settings

Learn More

The new version of the Cisco Industrial Security Validated Design is available now. It’s free to help everyone involved in building and/or securing industrial networks to implement advanced capabilities without fear of integration complexities or performance surprises. For further help, browse through a library of our industrial CVDs, or schedule a free, no-obligation consultation with a Cisco industrial security expert, and we will reach out to you.

Customers can take advantage of new capabilities of Wi-SUN FAN 1.1

With over 100 products certified by the Wi-SUN Alliance, Field Area Network 1.0 is a popular networking option for smart utility and smart city use cases. Electric utility metering, distribution automation, and municipal street lighting applications benefit greatly from FAN’s secure, self-forming, self-healing IPv6 wireless mesh networking which is able to support million scale deployments spanning large geographic areas.

Building on the strong foundation laid down by FAN 1.0, the Wi-SUN Alliance recently announced the availability of the first devices certified to support the new feature additions of FAN 1.1. These new FAN 1.1 capabilities include:

• Low energy device operation (LE). Low power nodes are able to function for up to 20 years on a single battery charge, targeting use cases such as methane detection, water metering, gas metering, and other low power field sensing applications.
• Higher performance (HP). FAN 1.1 adds Orthogonal Frequency Division Multiplexing radio support, meaning FAN 1.1 now offers data rates from 50 Kbps (FSK) up to 2.4 Mbps (OFDM). The higher data rates are ideal for utility AMI 2.0 and Distribution Automation use cases such as Fault Location Isolation and Restoration (FLISR).
• Modulations and data rate negotiation (MDR). Mesh neighbors can now negotiate a “gear shift” to transition, for example, a section of a lower speed AMI mesh to a higher throughput mode for DA fault isolation operations.
• Expanded geographic support. North America, Brazil, Japan, and European Union operation is supported. Extension to additional 800 and 900 MHz regions is now practical.

Figure 1 depicts an example multi-hop FAN 1.1 mesh. The mesh forms automatically between a set of deployed Routers and a Border Router providing WAN connectivity. A Router’s frequency hopping capabilities and ability to determine alternate data paths provide superior resiliency. Routers are further able to “parent” low power nodes.

The sub-GHz mesh RF links can individually stretch to several kilometers (depending upon local conditions), with multi-hop meshes able to span distances of 10s of kilometers. A single FAN 1.1 mesh can support thousands of Router nodes, each able to parent low power nodes. A classic utility deployment scenario is an electric meters (Router) parenting one or more low power water meters, gas meters, or environmental sensors. Adding additional meshes scales a deployment to millions of nodes.

The Catalyst IR8100 Heavy Duty Series Industrial Router will be the first member of the Cisco Resilient Mesh solution to be FAN 1.1 certified. Given its rugged design for harsh outdoor environments, flexible backhaul configuration, and security capabilities, the IR8140 is an ideal FAN 1.1 Border Router. An individual IR8140 can root a mesh of thousands of FAN 1.1 devices, with millions scale device networks achieved with the deployment of additional IR8140s. Following the IR8140, IR530 Range Extender, and Cisco Resilient Mesh Endpoint SDK will also be scheduled for FAN 1.1 certification, rounding out a complete Cisco FAN 1.1 portfolio of Border Routers, Routers, and endpoint design SDK.

Figure 2: Cisco IR8140 Border Router

Large FAN 1.1 networks require a network management system able to provide lifecycle management for million node networks. Cisco IoT Field Network Director is purpose built, and field proven to manage these large-scale networks.

“Wi-SUN 1.1 provides improved flexibility, security, and adaptive performance to unlock newer markets demanding high performance or low energy use cases in the growing Utility or Smart city landscape. Cisco’s Wi-SUN commitment has been focused on ease of use through simplified Zero Touch Provisioning, resiliency in varying RF conditions, interoperability and network management for endpoints and border routers through industry leading OpenCSMP to enable customers to build production networks with its industry leading solution at scale in a secure manner.” says Lakshmi Narayana Jammi, Sr Product Manager for Cisco IR8140 and Cisco Resilient Mesh SDK

“With the introduction of low power nodes and higher data rates, FAN 1.1 supports many new and exciting use cases. Cisco is well positioned to support this increase in utility and smart city network demand with OpenCSMP and Field Network Director, device and network management solutions that have proven ability to scale to millions of endpoints.” says Clay Stroud, Product Manager for Cisco Field Network Director.

“Wi-SUN FAN1.1 provides highly flexible communications capability allowing both high performance and low energy functionality on the same network, making it the obvious choice for an even broader range of industrial IoT applications such as utilities and smart cities” says Phil Beecher, President and CEO of the Wi-SUN Alliance.  “We’re excited that Cisco will be supporting Wi-SUN FAN 1.1 communications infrastructure with its range of industrial routers, bringing proven reliability, scalability, and security to these critical infrastructure networks. “

For more information about the Wi-SUN Alliance and Field Area Network 1.1, head over to the Wi-SUN FAN information site.

Also see this additional information about Cisco Resilient Mesh products and Cisco Field Network Director.

Finally, if you are attending DISTRIBUTECH 2025, join us at Booth 1223 to see the Catalyst IR8140 and our IoT Field Network Director in person, as well key solutions to help utilities with their grid modernization projects in grid security, substation automation, distribution automation, renewable energy, and more.

Wi-Fi 7 offers a wealth of new services opportunities that go beyond the routine wireless upgrade. Recently, I assisted a local school, where my children attend, as they embarked on a wireless network refresh initiative. As the first school in the Catholic Diocese to upgrade, they sought to replace their outdated patchwork of Wi-Fi 4 and Wi-Fi 5 devices from various manufacturers; this inconsistency in design, performance, and management, is particularly common in various sectors like education, retail, and healthcare, and perhaps an overall pervasive problem with aging infrastructure that pre-dates Wi-Fi 6/6E and earlier installations.

The school’s primary goal was straightforward, to establish a secure, reliable, and easy to manage network infrastructure capable of supporting current and future demands. To achieve this, they invited proposals from various local IT providers, including resellers and Managed Service Providers (MSPs). As a Solutions Engineer in the IT industry working for Cisco Systems, I found it intriguing that all the solution proposals from the various vendors still centered around Wi-Fi 6E and older Wi-Fi 6 products — some of which would likely be announced soon for End-of-Life (EOL) or End-of-Sale (EOS)!

With Wi-Fi 7 entering its main adoption phase, I encouraged the school to look beyond Wi-Fi 6/6E. It became clear that information regarding Wi-Fi 7 was still trickling through the reseller and partner channels, and most were not well versed on the newer Wi-Fi 7 solutions. This prompted me to compile a summary of Cisco’s Wi-Fi 7 portfolio to highlight its transformative opportunities for end customers, resellers, and MSPs alike.

Focusing on the Key Takeaways regarding Cisco Wi-Fi 7

Cisco unveiled a comprehensive suite of Wi-Fi 7 products in November 2024 and followed up with additional product announcements in February 2025.

Key takeaways on Cisco’s Wi-Fi 7 product portfolio:

• Product Portfolio: Cisco introduced a wide array of Wi-Fi 7 products, from more entry-level Access Points (APs) to high-capacity, high-throughput models. These APs are ideal for supporting demanding applications such as High-Definition Video Streaming, Augmented/Virtual Reality (AR/VR), Immersive Gaming and Entertainment, and help build an infrastructure that optimizes the adoption of various AI-related use cases.
  • CW9176 – Enterprise Class, High Density, High Performance, Omni-directional, Indoor AP, with single 10 mGig capable port, suitable for offices, conventional buildings, etc.
  • CW9176D – Enterprise Class, High Density, High Performance, Indoor AP with Directional Antenna, suitable for auditoriums, warehouses, long aisles/corridors, and/or areas with high ceilings.
  • CW9178 – Mission Critical, Ultra High Density, High Performance, Omni-directional, Indoor AP, with dual 10 mGig capable ports that can operate in active/active for higher throughput or active/passive to achieve high availability/redundancy purposes.

• • CW9172 – Moderate Density, Omni-directional, Indoor AP, ideal for retail, clinics, branch offices, or Multi Dwelling Units (MDUs) deployments like hotels, student housing, apartments, condominiums, etc.

• Unified Hardware: Cisco Wi-Fi 7 products now feature a single Product ID (PID) per model, greatly simplifying the quoting and ordering process. There are no longer different PIDs/SKUs based on regulatory domains or operation modes. All Cisco Wi-Fi 7 based APs are designed for global use and can detect and operate in either Meraki Dashboard or Catalyst (WLC) management mode automatically. Users can also switch between management modes without needing to contact technical support. These Global Use Access Points offer efficient, smart, and scalable operations with comprehensive connectivity capabilities that include Bluetooth, IoT, and geolocation capabilities.
• Unified Licensing: Cisco Wi-Fi 7 APs offer a streamlined experience with unified licensing, supporting all management modes with a single license. Available in two tiers—essentials and advantage—this system simplifies the ordering process. Essentials licensing provides fundamental network operation features, while Advantage licensing advanced functionality enabled through the inclusion of Cisco Spaces Advantage. This unified licensing approach enables customers to deploy networks using the same hardware across cloud, on-premises, or hybrid environments. Additionally, the Cisco Networking Subscription includes comprehensive product support, addressing both hardware and software aspects.
• Power: With the exception of the CW9172I model, which supports DC input as an option, all Cisco Wi-Fi 7 based APs utilize Power Over Ethernet (PoE) as the power source. While these APs require at least 802.3at/PoE+ to function, they ideally need 802.3bt/PoE++/UPoE to enable full AP functionality.
• Ethernet Cabling Requirements: While existing Category 5e cabling can be re-used, it comes with limitations. To fully harness the throughput capabilities of the Wi-Fi 7 APs, Category 6/6A or better Ethernet cabling is recommended. Category 5e cabling supports a maximum throughput of 1 Gb up to 100 meters. In contrast, Category 6 cabling can potentially support up to 10 GbE, but only up to ~50 meters. For 10 GbE support over the full 100-meter distance, Category 6A or better cabling is required.

Opportunities that Wi-Fi 7 Brings for MSPs/Partners

Proposing a managed wireless service built around Wi-Fi 7 technology for an MSP can be compelling for several reasons:

• Cutting-Edge Technology: Wi-Fi 7 represents the latest advancement in wireless technology, offering higher transmission rates, lower latency, and enhanced reliability. By providing a service based on Wi-Fi 7, MSPs can position themselves as leaders in offering state-of-the-art solutions that meet the evolving needs of customers. By adopting Wi-Fi 7, MSPs help their customers future-proof their networks, ensuring they remain competitive in a rapidly changing technological landscape.
• Increased Demand for High-Performance Connectivity: With the growing reliance on bandwidth-intensive applications such as video collaboration, augmented reality, and IoT, customers are seeking faster and more reliable connectivity. Wi-Fi 7 enables these high-performance applications, making managed Wi-Fi services more attractive to organizations looking to upgrade their infrastructure.
• Consulting and Deployment: As customers transition to Wi-Fi 7, MSPs have the opportunity for additional revenue streams by offering consulting, deployment, and ongoing monitoring and management services. This includes network design, installation, maintenance, and optimization services. MSPs can also provide consulting services to assist businesses in planning and implementing the transition to this new technology, as well as integrating it with related infrastructure.
• Infrastructure Upgrades: This includes upgrading Ethernet cabling, as well as the network switching infrastructure to support the higher throughputs, as well as the PoE/power requirements of the APs.  MSPs can also provide more advanced monitoring/automation capabilities or provide additional services that ensure the clients’ infrastructure can support the demands required from modern use cases.
• Comprehensive Service Offering: By leveraging Cisco’s Wi-Fi 7 portfolio, MSPs have the right building blocks to create a powerful and differentiated services offering. Bundling Wi-Fi 7 with value-added services such as advanced security features, AI-enhanced management tools, and in-depth analytics can significantly enhance a business’s network performance and security, providing a clear competitive edge.  Consider these compelling services add-on examples:
  • Assurance and Monitoring Services: Integrate solutions like ThousandEyes to offer clients unparalleled visibility into their network performance. This enables quick identification and resolution of issues, greatly improving the overall user experience and ensuring maximum operational efficiency.
  • Enhanced Security Services: Utilize Wi-Fi 7’s cutting-edge capabilities to integrate sophisticated security solutions. MSPs can deliver additional security services, including real-time threat detection and response, alongside proactive network monitoring. This not only protects client environments from evolving cyber threats but also reinforces trust in MSPs as security partners.
• Scalability and Flexibility: Wi-Fi 7’s ability to support a higher density of devices and more complex environments makes it ideal for scalable solutions. MSPs can offer flexible managed services that grow with their clients’ needs, from small businesses to large enterprises.
• Support for New Business Applications: Wi-Fi 7 enables new business applications and services, providing MSPs with opportunities to develop and support innovative solutions tailored to specific industry needs.  MSPs can offer tailored solutions that support new use cases, including IoT, video collaboration, and/or augmented reality.
• Comprehensive Wireless/Wi-Fi Management: The demand for integrated Wi-Fi systems that include AI-enhanced automation and analytics creates an opportunity for MSPs to offer comprehensive management services that optimize wireless connectivity and improved user experiences.

By adopting managed wireless networking services centered on Wi-Fi 7 technology, MSPs are well-equipped to meet the growing demand for advanced wireless solutions, thereby enriching their service offerings and driving business growth.

In the context of my story, the school took the guidance to heart and conducted a thorough evaluation of their options. Recognizing the transformative potential of leveraging cutting-edge technology, they concluded that a Cisco-based Wi-Fi 7 deployment simply made more sense. This choice not only fulfilled their goals of establishing a secure, reliable, and easy-to-operate network, but also emerged as the more practical and overall, more cost-effective solution for the long run. The solution provided an excellent balance between current needs with future scalability, ensuring longevity from their investments.

By adopting this more forward-thinking strategy, the school positioned itself at the forefront of technological advancement, setting an example for other schools in the district. Their approach serves as a reference, illustrating the benefits of embracing new technology to enhance educational environments. This move ensures they not only meet the current demands of digital learning but also lead the way in setting new standards for educational connectivity.

Register for the upcoming Managed Services Voice of the Engineer session to learn more about Cisco’s innovative Wi-Fi 7 portfolio

I’m pleased to report that Cisco was named Industrial IoT Company of the Year 2025 in the IoT Breakthrough Awards Program. Since 2017, IoT Breakthrough has made annual awards to industrial IoT companies and products based on quality, unique technology, and market leadership. I would like to thank our customers, partners, and the entire Cisco industrial IoT team for making this award possible.

“Most people know Cisco for their enterprise networking products, but for over 20 years, Cisco has been instrumental in making enterprise technologies decisive for digitizing industrial operations.”

– Steve Johansson, Managing Director at IoT Breakthrough

In this blog I’ll summarize the reasons why the evaluation committee awarded Cisco top honors as Industrial IoT Company of the Year. Our solutions enable our customers to protect their operations and lay a robust foundation for AI, all with seamless IT-OT collaboration and validated designs built in partnerships with leading industrial automation companies.

“The same robust security as the enterprise”

In the award announcement, IoT Breakthrough emphasizes Cisco innovations in industrial cybersecurity and AI readiness, which it terms paramount concerns for industrial operations. The announcement says, “Designed specifically for industrial needs, Cisco’s switches, routers, and wireless equipment share a common foundation with their enterprise counterparts… A shared operating system, management platform, and security measures facilitate collaboration between IT and OT teams.” As shown in the figure, Cisco industrial networking solutions come with built-in visibility, segmentation, zero-trust remote access, and the threat intelligence needed for effective incident response. A case study: Brazil’s CPFL Energia uses Cisco solutions to automatically detect and profile OT assets in substations and identify vulnerabilities and anomalies.

Figure 1: Visibility, segmentation, and secure remote access are built into Cisco network fabric

Johansson from IoT Breakthrough says, “By enabling IT best practices in OT, Cisco has freed industrial networks to scale and be flexible, while enjoying the same robust security as the enterprise.”

“The power of AI/ML”

I meet regularly with leading industrial companies, many of them already using AI to modernize operations—for instance, for predictive maintenance, manufacturing anomaly detection, robotics and autonomous vehicles, supply chain optimization, and more. For example, Audi uses Cisco solutions for virtual reality prototypes and predictive maintenance. Argos Cement uses AI to analyze historical data and build digital twins and predictive models to maintain quality, reduce energy consumption, and increase throughput.

AI applications like these place high demands on the network. Think of the network as the nervous system connecting the brains in the data center to the industrial IoT assets in plants and in the field. In the award announcement, IoT Breakthrough states, “Cisco’s industrial solutions empower industries to leverage the power of AI/ML to drive innovation to meet current and future needs. The network’s high-bandwidth, low-latency connectivity between OT and IT domains transports large volumes of data generated by sensors, machines, controllers, and other devices to analytical applications in datacenters and the cloud.”

“Validated design guides that are blueprints”

Besides our technology, IoT Breakthrough also calls out Cisco for “publishing validated design guides that are blueprints for successful networking and security deployments… that achieve business objectives.” We provide more than 80 Cisco Validated Designs and architectures for industries including manufacturing, power and water utilities, oil and gas, mining, ports and terminals, roadways and intersections, and public transportation. My colleague Keith Higgins, Director of Product Marketing at Cisco, adds that “Validated designs improve IT/OT collaboration, which helps to reduce risk, increase operational efficiency, and accelerate implementation.”

Industrial companies also benefit from our partnerships and joint designs with Rockwell Automation®, Schneider Electric®, and CODESYS. Integration with Splunk gives OT teams the observability that’s needed for digital resilience.

Get started

Wherever your company is on the journey to network modernization, we can help you take the next step. I invite you to schedule a personalized consultation.

Sign up for the Cisco Industrial IoT Newsletter

Share

There’s a great deal of talk around the capability of Wi-Fi 7 (IEEE 802.11be) to revolutionize the wireless experience. It’s not hype. A key feature that delivers this transformative impact is multi-link operation (MLO). A mandatory and defining component of 802.11be, MLO enables a multi-link device (MLD) to simultaneously operate across multiple frequency bands, including 2.4 GHz, 5 GHz, and 6 GHz.

Access point (AP) and non-AP MLDs learn each other’s MLO parameters and capabilities through the multi-link information elements exchanged in frames like Beacons and Association Request/Response. In this blog, I’ll illustrate MLO’s impact on wireless connectivity and show you how it works in simultaneous transfer/receive (STR) mode.

How does multi-link operation (MLO) enhance wireless connectivity?

MLO introduces significant benefits for a variety of use cases. Key enhancements include:

• Simultaneous use of multiple bands. MLDs can transmit (Tx) and receive (Rx) data over more than one band at the same time. This is useful in environments with heavy congestion, as it avoids interference on any single band.
• Improved throughput. MLO leverages the combined capacity of multiple channels across different bands to enable higher aggregate throughput. This makes Wi-Fi 7 ideal for bandwidth-heavy applications like video streaming, virtual reality, and online gaming.
• Reduced latency. By offloading traffic across multiple channels. This is particularly useful in gaming, video conferencing, or other apps that require real-time communication.
• Better reliability and robustness. If one band (for example, 2.4 GHz) experiences congestion, then station (STA) MLDs can seamlessly switch to a less congested band (such as 6 GHz) without dropping the connection. This is extremely helpful in spaces with busy radio frequency (RF) traffic, such as stadiums, apartments, and offices.

Type of MLO operation modes

Wi-Fi 7 defines several single and multi-radio MLO modes, with stations able to support these modes based on their respective hardware capabilities. Various software thresholds—such as bandwidth requirements, band preferences, RF congestion, and QoS—will influence and guide a station’s choice of operating mode.

Among these modes, MLSR is required to be supported by all AP and non-AP MLDs. Support for EMLSR and STR modes is mandatory for AP MLDs, but optional for non-AP MLDs (stations). STR is currently incorporated by most vendors, making this mode an excellent starting place for dissection.

MLO’s STR mode in action

In STR operation, each link can be used to Tx or Rx concurrent physical layer protocol data units (PPDUs) without any synchronization. Figure 2 illustrates an example where an AP MLD and a non-AP MLD are operating over an STR link pair. Both devices contend for access to the wireless medium and engage in subsequent frame exchanges on those links.

After the AP MLD and the non-AP MLD complete a multi-link setup to successfully establish link 1 and link 2, and with the links enabled, AP 2 can receive data frames from STA 2 on link 2. Meanwhile, AP 1 contends for the wireless medium and, upon securing a transmit opportunity (TXOP), transmits data frames to STA 1 on link 1.

Next, let’s conduct a lab test using Cisco’s CW9178 AP running on Catalyst 9800 Wireless LAN controller (WLC) to demonstrate STR in action.

The access point under test (APUT) is configured to operate on 2.4 GHz (20 MHz) and 5 GHz (40 MHz) bandwidths with a WPA3-SAE WLAN. In the first step of the test, Wi-Fi 7/802.11be/MLO is enabled on both bands. We are using a Qualcomm 7800-based STR/MLMR-capable station, while the CW9178 AP serves as the sniffer—capable of capturing data across multiple bands and decoding Wi-Fi 7 frames.

Next, let’s associate the STAUT and check the capability details in both the WLC and Wireshark. During the association process, multiple elements are exchanged: the MLO information elements for the 5 GHz Association link, as well as the “Per-STA Profiles” information elements containing details about the non-association link (2 GHz).

The WLC identifies the STA as STR capable if the “Maximum Number of Simultaneous Links” value in the ML information element of the association request is non-zero. This indicates the number of radios the station is using for its association. See Figure 4 below for the corresponding Wireshark capture.

The Catalyst 9800 WLC provides a clear display of the STA’s 802.11be capabilities, including MLD links with Slot IDs and bands, MLO mode support (STR/eMLSR), and Tx/Rx RF and data statistics for each band. Equivalent CLI commands are also available, though not covered in this blog.

Now that the STA has associated on the 5G band with an STR link to both the 5G and 2G bands, let’s initiate traffic for one minute to verify STR operation. Using the IxChariot server, we will begin full-bandwidth Downlink UDP traffic. Initially, traffic will flow only on the 5G band, as it is the only active association link. However, the STA will soon assess the need for a secondary link to achieve higher bandwidth. It will then send a QoS Null data frame over the secondary (2G) link. The AP acknowledges this request and enables simultaneous data transmission across both bands.

Figure 6 shows the sequence starting with data on channel 36, followed by a QoS Null data frame on channel 6, and concluding with simultaneous data transmission on both channel 6 and channel 36.

The Catalyst 9800 WLC offers a comprehensive view of the client’s performance on each MLO link, with monitors providing detailed Tx/Rx data along with RF statistics.

Following the one-minute traffic run, the average throughput measured is 747 Mbps, as shown in Figure 8.

To provide a comparison, the test was repeated under the same conditions, but with 802.11be/MLO disabled, running in 802.11ax mode instead. The average throughput was 506 Mbps.

The table below summarizes the throughput comparison between clients. The impact is indeed transformative: Wi-Fi 7 with STR MLO significantly outperforms Wi-Fi 6, delivering a 47% throughput increase, along with more efficient spectrum utilization.The CW9178, CW9176I, and CW9176D APs, along with 9800 series wireless controllers, will fully support Wi-Fi 7 capabilities and features in the upcoming IOS XE 17.15.2 (currently in Beta) release.

The CW9178, CW9176I, and CW9176D APs, along with 9800 series wireless controllers, will fully support Wi-Fi 7 capabilities and features in the upcoming IOS XE 17.15.2 (currently in Beta) release.

The first in a series of blogs throughout 2025 highlighting the state of IPv6 across the industry, best practices to consider, and how Cisco is helping customers on their journeys with its products and services.

The complex history of IPv6

IPv6: a protocol with a long and winding history, and one that is sure to evoke a wide range of reactions upon mention – from skepticism to curiosity, from dismissal to openness, from indifference to fear, and everything in between. Most of the time, the first things I hear are either “It’s never going to happen” or “What’s going on with IPv6 anyway?” The first is quite easy to address – it is happening. The progress may not be uniform around the world nor across market segments, but the data is there, and it may come as a surprise to many.

The rise of IPv6 traffic

The percentage of global IPv6 traffic Google sees across all its properties from users did not cross the 1% threshold until 2013. Since then, it has risen dramatically, hitting around 48% at the end of 2024. Going by country, the United States is at 53%, while France, Germany, and India are at 78%, 76% and 72%, respectively. As of 2022, Akamai saw 52% of their US traffic as IPv6 and Facebook was seeing over 61% in the US. And yet when one digs into the data, you find that Residential and Mobile segments have driven a lot of these numbers, with Enterprise and Public Sector lagging.

Delayed adoption despite early promise

Given these prominent levels of adoption, it is natural to wonder why it has taken so long to deploy a protocol that is 30 years old (!). Many people have memories of the 1995-2015 time period where there was a lot of talk and hype around IPv6, but nothing ever seemed to materialize. Network professionals got rounds of training, it was incorporated into exam material, and we even had previous government mandates, but nothing ever seemed to get deployed.

Around the same time as the creation of IPv6, the industry also developed some life extenders for IPv4 – CIDR, VLSM, NAT and RFC 1918 private address space – that turned out to be so effective they delayed the need for IPv6 not just by a couple years, but by several decades. But as successful as they were, they still could not overcome the fact that 32 bits simply isn’t enough space for today’s global Internet. We ran out of new public IPv4 addresses to hand out in the mid 2010’s and are still feeling the consequences: Prices have skyrocketed on the secondary markets. ISP’s have had to increasingly deploy Carrier Grade NAT and shoulder the operational issues that accompany it. Enterprises have had to constantly re-address their networks to squeeze every last bit out of each subnet. Furthermore, many have had to deal with the pain of overlapping private address space, as different parts of their network started using the same address blocks independently. This forces more and more NAT just to achieve internal communication, let alone external connectivity.

The shift towards IPv6

The good news is we had a solution ready to go – it had just been in hibernation. However, it was going to require a team effort, an endeavor that has been working well in some areas, but that we still struggle with in others. Service Providers, both mobile and terrestrial, have IPv6-enabled many of their networks (with some choosing to run a single-stacked IPv6 core), large content providers have turned on dual-stack to serve as many potential customers as possible, and major operating systems vendors have ramped up their support. Combine these with developments like Happy Eyeballs (an algorithm built into most endpoints that will attempt IPv6 first, but quickly fail over to IPv4 without any noticeable delay to the user) and you begin to see why adoption has significantly increased.

However, more work is needed within Enterprises. There are a whole set of middleboxes, software suites, monitoring and management tools, identity and policy products, and other operational considerations that present challenges not faced by mobile and home users.

Governmental support and IPv6 moving forward

Many governments around the world, including the United States with OMB M-21-07, have seen this and are putting more emphasis behind closing these gaps [1]. They foresee an IPv6-only future and know that remaining in a dual-stack state indefinitely is the worst situation to be in, even though it is almost certainly required in the short-term. This future is not just about overcoming address exhaustion, but also presents new and exciting opportunities around architecture and operations that simply were not possible in a constrained IPv4 world. While Cisco has published a bit on this previously [2], my colleagues and I are going to use the rest of 2025 to lay out a series of blogs that will help you on that journey: how to think about and plan your new (nearly infinite) address space, how to transition from IPv4-only to IPv6-only, considerations for security and operations, the role of fabrics and other architectural designs, and what management and monitoring looks like in an IPv6 world. Stay tuned!

In today’s fast-paced digital landscape, IT efficiency and security are paramount. Many federal customers are realizing Enterprise Agreement (EA) benefits while adopting Cisco solutions at scale, saving millions of dollars annually and accelerating value and innovation. Without EA, customers plan for years, unable to prioritize and execute based on budget gaps alone. How can Cisco EA, FedRAMP Artificial Intelligence integrated solutions, and Cisco’s Expert Care National (ECN) Services enhance your organizational efficiency and trust?

Cisco Enterprise Agreements: Streamlining IT Management

Cisco Enterprise Agreements offer a comprehensive approach to software licensing, designed to streamline software procurement, management, and renewal. By consolidating various software purchases into a single agreement, organizations can achieve:

• Simplified Management: One contract means one renewal date and one set of terms and conditions, significantly reducing administrative overhead. This consolidation enables IT teams to focus more on strategic initiatives rather than managing multiple contracts.
• Cost Efficiency: Bundling contracts under an EA often leads to considerable cost savings. Cisco recognizes prior investments, allowing further cost reductions by consolidating existing software into a single agreement. This approach can also simplify budgeting with fixed term options.
• Scalability and Flexibility: EAs are tailored to accommodate business growth or contraction, providing flexibility in software licensing aligning with your organizational changes without constant renegotiations.

Cost Savings through Contract Bundling and Consolidation

Bundling services under Cisco’s Enterprise Agreements offers additional benefits:

• Reducing Costs: Consolidation can lead to lower technical services fees, including Software Support Service (SWSS) and operations support, to maximize efficiency.
• FAR Compliance: Federal Acquisition Regulations (FAR) emphasize procurement efficiency. Cisco’s approach to bundling aligns with FAR guidelines to optimize government spending, particularly through simplified acquisition procedures.

FedRAMP: Ensuring Security in Cloud Software as a Service (SaaS) Solutions

Federal Risk and Authorization Management Program (FedRAMP) is crucial for government workforce enablement, ensuring cloud services meet stringent security requirements. Here’s how FedRAMP impacts efficiency and trust:

• Standardized Security: FedRAMP sets a security baseline for cloud services, reducing the risk of data breaches by enforcing compliance with NIST 800-53 controls. This standardization speeds up the adoption of cloud technologies while maintaining security.
• Impact Levels: Services are categorized into low, moderate, and high impact levels, based on the potential effect on organizational operations, assets, or individuals. Understanding these levels helps in selecting appropriate cloud solutions that match your data sensitivity requirements.
• AI Capabilities: With AI integration, FedRAMP offers support enhanced capabilities in cloud services, including advanced threat detection and automated security responses, which are pivotal for maintaining trust in cloud-based operations. Cisco SaaS Compliant Product Availability may be a helpful roadmap reference for interested customers.

Expert Care National Services: Enhancing Operational Efficiency

Cisco’s Expert Care National Services complement the trust established by FedRAMP and the efficiency of Cisco EA Services by providing:

• Centralized Support: Providing a unified support experience across Cisco’s broad portfolio of products and services, resolving complex issues up to 55% faster than traditional product-specific support models, delivered by local citizens with local data storage.
• Proactive Management: Through Cisco CX Cloud, organizations gain insights and analytics that improve asset management efficiency by 96%, ensuring that IT infrastructure is always aligned with business needs.

Alignment with Cisco Enterprise Agreements, FedRAMP compliance, and Cisco’s Expert Care National Services creates a robust framework for enhancing IT operations efficiency and trust. By leveraging these programs, organizations not only ensure compliance with federal standards but may also benefit from significant cost savings and operational agility. For those looking to transform their IT landscape, these options represent a strategic path forward, ensuring both security and efficiency in an increasingly digital world.

Call your Cisco account team today or contact us to validate which EA best fits your requirements and accelerate your IT efficiency!

Cisco is powering the world’s most connected venues 

In recent years, there has been a significant increase in the need for robust and reliable high-speed Wi-Fi in sports and entertainment venues. Wi-Fi networks offer numerous opportunities to enhance both the attendee experiences and drive operational efficiencies for venues, but they also present challenges. It is crucial to deploy a Wi-Fi network that can meet the growing expectations of fans while keeping the total cost of ownership in check.  

Here are some of the opportunities that Wi-Fi networks bring to sports and venues:  

Enhanced Guest Experience 

More than 82% of sports fans say they use their mobile phones in some way while at a live professional sporting event.  Keeping fans connected and engaged by delivering a more convenient and customized fan experience through technology is essential in today’s event experience. The in-venue experience needs to compete with an ever-more-attractive at-home viewing experience. Fans expect a seamless mobile ticketing entrance, the ability to check fantasy and sports betting applications in real-time, and an easy social media sharing experience. Furthermore, interactive services like ordering food, wayfinding maps, real-time replays, and merchandise promotions add a level of personalization that guests value and keeps them coming back.   

Operational efficiency and lower total cost of ownership

Innovative Wi-Fi networks bring significant benefits to venues by enhancing operational efficiency and reducing the total cost of ownership (TCO). With its improved data speeds, increased capacity, and lower latency, the technology’s ability to handle a higher density of devices ensures smooth operations during large events, minimizing downtime and improving customer experience. Additionally, energy-efficient designs reduce power consumption, helping stadiums lower operational costs in the long term. By providing faster troubleshooting, more seamless device management, and the ability to support a broader range of IoT devices, enhanced Wi-Fi networks enable stadiums to optimize their infrastructure and reduce maintenance expenses, while delivering a superior, modern experience for everyone. 

Increased revenue and business growth

Wi-Fi networks offer new opportunities for monetization, such as digital advertising and promotions based on user data. The NFL’s 32 teams generated an estimated $2.35 billion in sponsorship revenue last season which was up 15% YoY. As the game day experience continues to evolve with technology so does the opportunities for sponsorable assets and content.

Wi-Fi 6E

Our best-in-class portfolio has been supporting successful deployments in sports, media and entertainment for more than 15 years.  Beyond just wired and wireless networking, we offer collaboration tools, comprehensive cybersecurity, and management solutions that deliver enhanced insights and automation. This ensures a more secure, consistent, and scalable infrastructure that is easier to manage, more flexible, and more resilient than ever before. 

We just added to our portfolio a Wi-Fi 6E solution tailored for high-performance in sports and entertainment venues. Our access points leverage Wi-Fi 6E technology with versatile hardware options to suit various venue configurations. 

• Catalyst IW9167E-STA Heavy Duty Access Point: Equipped with a Wi-Fi 6E 75° wide beam outdoor directional panel antenna, perfect for handrails and short-distance overhead deployments. 
• Catalyst IW9167E-STA2 Heavy Duty Access Point: Features a Wi-Fi 6E 35° narrow beam outdoor directional panel antenna, ideal for mid to long-range deployments. 
• Catalyst IW9167I Heavy Duty Access Point: Comes with a Wi-Fi 6E omni-directional antenna, suitable for areas near seats or where overhead mounting is limited. 

The Denver Broncos have implemented our Wi-Fi 6E solutions stadium-wide, enabling faster internet for fans to follow games, share images, videos, and more during events. 

Learn more about our solution here.

Modern applications have transformed how the world conducts business — driving unprecedented agility and innovation that push the boundaries of what’s possible. However, as applications continue to extend beyond private data centers and spread across multiple cloud service providers and in edge devices, organizations have lost critical visibility into these distributed environments. This observability gap has made it increasingly difficult — if not impossible — for network teams to diagnose application availability issues across multicloud, hybrid environments. In words familiar to the CCIE, “How does one plug a packet sniffer into the cloud?”.

At Cisco, we believe that innovation doesn’t have to come at the expense of a resilient network, and we’re teaming up with like-minded technology partners who share this core value. I’m excited to announce new integrations between Cisco and Amazon Web Services (AWS) that give network teams the visibility they need to quickly and accurately troubleshoot application availability issues across today’s dynamic multicloud networks.

Kernel-level visibility delivers true network observability

Multicloud visibility starts with deep workload observability applied at the kernel level. Isovalent (recently acquired by Cisco) are the co-creators of eBPF, Cilium and Tetragon — technologies that are already the de facto standard for cloud-native networking and security. For Kubernetes users, including those running on AWS Elastic Kubernetes Service (Amazon EKS), eBPF-based Cilium delivers networking, security and observability natively within Kubernetes environments. Every time a process reads a file, spawns another process or opens a network connection, eBPF code embedded in Cilium executes in the kernel, allowing it to gather detailed telemetries — such as TCP and UDP protocol data, packet loss and latency. Cilium is an open-source community project supported by Cisco. In addition, Isovalent Enterprise is offered as a step-up with additional capabilities in networking, observability and security.

The new integration between Isovalent Enterprise and AWS pushes networking telemetry directly to Amazon CloudWatch Network Monitoring where workload data can be correlated to actual network performance metrics in AWS environments. These insights can also flow into Splunk, where network teams can create unified dashboards that combine metrics from on-premises networks, cloud networks and application performance, and security teams can leverage this data for threat detection and policy enforcement.  Enriching workload visibility data with AWS network performance and making it available to Splunk enables real-time visibility into the entire AWS network fabric, giving network teams the level of observability and control they need to build and optimize truly agile environments that run today’s modern applications.

The deep integration in practice

Let’s see how the Cisco and AWS integration would work in the real world. One of our financial services customers recently migrated a critical trading application to AWS. The application was written so that certain workloads run in the cloud for scalability while keeping sensitive data on-premises for compliance. Their network team had sophisticated tools for monitoring on-premises performance but found that they had gaps in their network visibility when traffic moved to the cloud. It became difficult to distinguish between application issues and underlying network problems. When users complained about performance, the network team couldn’t tell if the problem was their application, the AWS network or somewhere in between.  The new, deep integrations between Cisco and AWS give our customer’s networking team detailed insights into process-level activity within all workloads. This allows them to monitor network performance metrics, visualize the entire application path and correlate all the data for rapid troubleshooting — all in one central management plane. What used to take days of finger-pointing between teams now takes minutes to resolve.

Providing a breadth of assurance and security capabilities

In addition to the integration covered above, Cisco ThousandEyes is also announcing general availability of Cloud Insights, a new multicloud product aimed at extending cloud infrastructure discovery and configuration changes to application performance. This new solution extends ThousandEyes’ well known path visualization capabilities into the AWS network and also correlates how traffic flow impacts application performance. By combining this with ThousandEyes’ existing network and application synthetics, you get true end-to-end assurance — from your data center, across the internet or Direct Connect and deep into the AWS infrastructure.

Finally, Cisco Hypershield builds on top of Isovalent technology, delivers the visibility above, and provides security controls at the workload and network level across multi-cloud and hybrid environments. Hypershield uses enhanced telemetry, AI analysis and recommendations to simplify security via its first use cases: Autonomous Segmentation and Distributed Exploit Protection.

Our new approach

The Cisco and AWS integration is a radically new approach to ensuring the availability of modern applications in today’s multicloud, hybrid environments. Today’s announcement brings together deep workload visibility, network performance monitoring, and security in a way that’s never been possible before.

Are you at AWS re:Invent Dec 2–6,2024, Las Vegas, NV?  Please visit us at Cisco booth #1332 and Splunk booth #1342.

For more information:

• Website — Isovalent
• AWS Feature — Network Monitoring
• Website — Cisco Hypershield
• ThousandEyes Solution — AWS Cloud Monitoring

From the devices we carry and the buildings where we work to the millions of terabytes transmitted around the world every day, our world runs on wireless technology. With the arrival of Wi-Fi 7, a new era of connectivity is upon us, promising unprecedented speed, reliability, and innovation. Choosing the right partner to navigate this new chapter is crucial. Here is where Cisco stands out as your ideal choice.

Key features of Wi-Fi 7 and solutions from Cisco

1. Increased speed and capacity

Cisco Wi-Fi 7 solutions deliver speeds up to 46 Gbps, nearly four times faster than Wi-Fi 6, ensuring seamless performance for bandwidth-heavy applications like augmented reality (AR) and virtual reality (VR). This capacity allows for rich, lag-free user experiences.

2. Smart, immersive spaces with Cisco Spaces

Included with every wireless license, Cisco Spaces turns Wi-Fi 7 into the foundation of intelligent, connected spaces. With AI-powered 3D mapping, IoT services, and real-time asset tracking, businesses can create immersive experiences—think hospitals tracking critical equipment or offices guiding employees to available meeting rooms.

3. A reimagined, simplified licensing model

Cisco Networking Subscription introduces a streamlined approach to deploying and managing Wi-Fi 7 networks. This new model unifies network management, simplifying operations and allowing organizations to adapt seamlessly as their network needs evolve.

4. Multi-link operation (MLO)

A standout feature of Wi-Fi 7, MLO allows devices to use multiple frequency bands simultaneously. This capability enhances reliability and reduces latency, providing a consistent, high-performance experience. Cisco Wi-Fi 7 solutions leverage MLO to set a new standard for wireless networks.

5. Enhanced security across all bands

Cisco Wi-Fi 7 enforces advanced security protocols, moving beyond outdated encryption standards to reduce vulnerabilities and ensure your network remains secure and resilient.

Unique innovations for Wi-Fi 7

Cisco Wi-Fi 7 access points are engineered with the future in mind, ensuring that your network infrastructure meets current demands while being adaptable for the coming years. Our unified subscription and hardware provide unmatched flexibility, enabling a seamless wireless management experience across cloud, on-premises, and hybrid environments.

Moreover, the integration of ultra-wideband (UWB) radio technology allows Cisco Wi-Fi 7 access points to offer high-speed data transfer and centimeter-level location precision. This feature supports critical applications in logistics, healthcare, and manufacturing, enabling precise asset tracking and advanced location analytics.

Transformative potential spanning industries

Cisco Wi-Fi 7 solutions can unlock myriad new possibilities, with potential for:

• Enhanced social and meta experiences: Supporting immersive and interactive digital spaces.
• Revolutionized gaming and entertainment: Enabling high-quality, lag-free virtual reality and cloud-based gameplay.
• Empowered cloud computing: Providing greater efficiency for data-intensive processes.
• Industrial IoT advancements: Facilitating smart factory operations and real-time monitoring.
• Improved video conferencing: Elevating high-definition video quality and reliability to deliver seamless communication.

A vision for a more connected world

These innovations and features contribute to a larger vision that Wi-Fi 7 will help bring to life: a world that is more connected, secure, and capable of delivering enhanced digital experiences. Cisco’s commitment to staying ahead of the curve with advanced technology, simplified operations, and robust security makes it the trusted partner for businesses looking to embrace the future of wireless connectivity.