04-19-2006 06:59 PM - edited 07-04-2021 11:57 AM
We are looking to deploy wifi to support Tablet PCs. The software we are using is very sensitive to loosing its connection to the SQL database. I am worried particually about roaming. We need to use 802.1x for security and would like to use the MS IAS servier with EAP-TLS for authentication. We have 4 locations which should each be well covered by 3 base stations at each location. Medical providers need to be able to move around the office without losing connections. Time is more important than money. An hour of lost provider time (and when our app crashes it crashes hard) is worth avoiding with addition money. My questions are the following:
1. Do we need LWAPP or will autonomous with WLSE work for us? (Specifically for fast secure roaming, or quick handoff, or whatever it is we need)
2. Do we need to use EAP-FAST (and thus a Cisco AAA server) or will EAP-TLS with IAS be enough?
3. If we use LWAPP do we need WCS or will managing each 2000 series WLAN controller be enough?
4. Will all this work with my HP switches and Andtran routers?
04-20-2006 07:29 PM
WLSE will support radio monitoring and self-healing but doesn't help with FSR. FSR is accomplished (in IOS) with WDS for layer2 roaming and WLSM (6500 blade) for Layer 3 roaming.
I just received my eval of WISM (Airespace in a 6500 blade) and, although I have yet to test, from everything I hear, LWAPP is the way to go for rogue-suppression, self-healing, and L2-L3 roaming.
You MUST use 1 or the other WDS/WLSM or LWAPP/AireSpace Controller OR WISM for FSR.
I chose PEAP-GTC in lieu of EAP-TLS...there are more and more OEM supplicants that support PEAP-GTC (802.1x or WPA/WPA2) and it's an interesting alternative to EAP-TLS...IMHO
04-21-2006 02:49 PM
To add to the above: It's my understanding that you must use LEAP or EAP-FAST to gain the most benefit from FSR.
While there is apparently some additional efficiency with other protocols, the WDS works "fastest" with EAP-FAST or LEAP.
FWIW
Scott
04-23-2006 09:59 AM
Ok, thanks for the input.
06-29-2006 05:38 PM
I recommend running autonomous with WDS seemed to be seamless on hand offs from AP to AP when running EAP-TLS and IAS sever. Wish I would have stayed away from LWAPP and controllers for I lost the seamless roaming on the change over.
06-30-2006 06:49 AM
1. Do we need LWAPP or will autonomous with WLSE work for us? (Specifically for fast secure roaming, or quick handoff, or whatever it is we need)
A: Go with LWAPP, more reliable, and easier to work with.
2. Do we need to use EAP-FAST (and thus a Cisco AAA server) or will EAP-TLS with IAS be enough?
A: I'd recommend, PEAP. More secure, and with everything Cisco, much easier to support, since TAC does not support the IAS server.
3. If we use LWAPP do we need WCS or will managing each 2000 series WLAN controller be enough?
A: If you are only contemplatign using 2006 at 4 locations, WCS wouldn't be a necessity. If you expand beyond that and decide to do something else, then yes WCS.
4. Will all this work with my HP switches and Andtran router?
A: It probably will, and it should, but for best results, going Cisco for the whole solution works the best.
Now, why go with 2006's? They are nice boxes, but you would need 4 of them. If you are static at 4 locatiosn with out need for growth, I'd go with a 4402-25. This is a single controller that can handle up to 25 AP's. With this, if you purchase the 1242 or the 1131, you can do HREAP, and keep all the subnets locally switched, that way if the WAN goes out, or the controller goes out, then the WiFi stays up for the local subnets. Naturally anything acrosss the WAN is not accessable.
That beign said, if you are backhauling everything to a central site anyway, might as well go with one 4402-25, single point of controll, instead of 4. And if you do need to add another site, then you still have 13 more AP's that can join instead of having to purchase another controller.
my 2cents
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide