Cisco Unified Solution Question

Answered Question
Apr 1st, 2007
User Badges:

Hi all,

I want to ask that i am designing a cisco unified wireless solution in which i m taking WLCs on most of the main branches of the enterprise and using HREAP for remote branches. AP i have selected is 1130AG for the whole solution. I have placed the ACS on the Central Office and using EAP-Fast. The Question is that


1)I m terminating all my WLCs and HREAP on WISMs placed in central office, and also have proposed a redundant 6500 with redundant WISM topology.Is this a valid design of terminating all WLC in a WISM which is also a WLC and also having the redundant topology for that?


2)Secondly i wanted to ask that i have proposed the firewall and IDS module on both 6500s.Do i really need a IDS as unified wireless has its own integrated IDS/IPS capabilities. If i need it than wat role will it play?


3) Thirdly i wanted to ask that do i really need other security applicanes like MARS,NAC, Secure services client etc...as i have some financial contraints too...


4)I m terminating my WCS and location applicance on both of the 6500s,are there any error in this design?


5)How will i authenticate Users when the WAN link to the ACS will be down from any of the branch. Is there any local radius server support on WLC as we have on Cisco Autonomous access point.


Any help or links will be appriciated...


Correct Answer by jakew about 10 years 2 months ago

Q1)I m terminating all my WLCs and HREAP on WISMs placed in central office, and also have proposed a redundant 6500 with redundant WISM topology.Is this a valid design of terminating all WLC in a WISM which is also a WLC and also having the redundant topology for that?


A1: This is a valid topology.



Q2)Secondly i wanted to ask that i have proposed the firewall and IDS module on both 6500s.Do i really need a IDS as unified wireless has its own integrated IDS/IPS capabilities. If i need it than wat role will it play?


A2: IDS module is optional. The embedded WIDS capabilities in the CUWN are focused on wireless attacks. The IDS modules gives you protection against lots of other, non-wireless specific attacks and vulnerabilities. For example, if you have a legitimately authenticated wireless user with a virus, the IDS module will detect that and provide shunning capabilities.



Q3) Thirdly i wanted to ask that do i really need other security applicanes like MARS,NAC, Secure services client etc...as i have some financial contraints too...


A3: These components are also optional to the CUWN, but like the IDS module, add significant value to the total solution.



Q4: I'm terminating my WCS and location applicance on both of the 6500s,are there any error in this design?


A4: No





  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
jakew Sun, 04/01/2007 - 08:55
User Badges:
  • Silver, 250 points or more

Q1)I m terminating all my WLCs and HREAP on WISMs placed in central office, and also have proposed a redundant 6500 with redundant WISM topology.Is this a valid design of terminating all WLC in a WISM which is also a WLC and also having the redundant topology for that?


A1: This is a valid topology.



Q2)Secondly i wanted to ask that i have proposed the firewall and IDS module on both 6500s.Do i really need a IDS as unified wireless has its own integrated IDS/IPS capabilities. If i need it than wat role will it play?


A2: IDS module is optional. The embedded WIDS capabilities in the CUWN are focused on wireless attacks. The IDS modules gives you protection against lots of other, non-wireless specific attacks and vulnerabilities. For example, if you have a legitimately authenticated wireless user with a virus, the IDS module will detect that and provide shunning capabilities.



Q3) Thirdly i wanted to ask that do i really need other security applicanes like MARS,NAC, Secure services client etc...as i have some financial contraints too...


A3: These components are also optional to the CUWN, but like the IDS module, add significant value to the total solution.



Q4: I'm terminating my WCS and location applicance on both of the 6500s,are there any error in this design?


A4: No





Tahir Ali Sun, 04/01/2007 - 21:54
User Badges:

Thanks Jake for your help, it really cleared some ambiguties in my mind....


one thing which you forget to reply is the authentication question.


How will i authenticate users when the WAN link to the central ACS server will be down from any of the branch? Does WLCs have a local radius server support like we have for Autonomous APs ( which supports LEAP and EAP-FAST)?

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode