Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
776
Views
0
Helpful
4
Replies

7925G? HELP? Need a real pro for this one?

Chris Alvarado
Level 1
Level 1

‎03-26-2009 07:08 AM - edited ‎07-03-2021 05:22 PM

Our wireless system is completely off our internal network. Its on its own cable broadband connection. The only thing that can touch our lightweight AP's is our wireless server that has 2 NIC cards. One NIC has an ip just to manage the AP's on there seperate c2960 switch and the other NIC has an internal IP so we can remotely manage. How can I hook up these phones so it can reach our internal voice LAN without compromising the network. I have attached a diagram of our wireless setup. I was told i have to use one of the gigabit ports on the switch the AP's connect through and connect it to my ASA box. Please advise. Thank You.

Labels:
Preview file
85 KB
0 Helpful
4 Replies 4

Leo Laohoo
Hall of Fame
Hall of Fame

‎03-26-2009 04:05 PM

Have you read the Cisco Unified Wireless IP Phone 7925G Deployment Guide?

www.cisco.com/en/US/docs/voice_ip_comm/cuipph/7925g/7_0/english/deployment/guide/7925dply.pdf

0 Helpful

JON O'NAN
Level 1
Level 1

‎03-28-2009 02:22 PM

I have used GRE tunnels with Policy Based Routing in the past. This would require a L3 switch at the Access Points.

0 Helpful

Georgios Nikitas
Level 1
Level 1

‎03-30-2009 04:04 AM

I would suggest you create a different SSID at your APs only for the telephones.

Set different security for this SSID, for best results use WPA2 with AES encryption.

Make sure this SSID is hooked up to a different VLAN, for example VLAN 99.

Make sure your Access Points have a trunk connection with the switch.

Create the vlan99 at the switch.

Statically set one of your switch ports to VLAN99 and connect that port with one of the ports of your ASA Firewall. Make the correct firewall settings so that you restrict access of that port only to the necessary IPs of your voice VLAN.

** Make sure you use a different IP subnet for your VLAN99!

0 Helpful

gamccall
Level 4
Level 4

‎04-14-2009 10:02 AM

"I have set up my network so that my wireless clients have no access to my internal network. How can I get some of my wireless clients access to my internal network?"

As things stand, you can't.

In order to make this work, you have to make a connection between your TOCWirelessSwitch and your internal LAN.

Now, there are obviously ways to make this as secure as possible- using an ASA and/or ACLs would be the obvious choices- but you will no longer have the complete physical isolation that you do now.

Of course, you would put your wireless phones on a separate SSID and VLAN from your data traffic, and make sure that the only traffic allowed to cross the new connection is restricted to the phone addresses and the specific ports your voice traffic uses.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card