Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Autonomous or LWAPP for fast roaming

We are looking to deploy wifi to support Tablet PCs. The software we are using is very sensitive to loosing its connection to the SQL database. I am worried particually about roaming. We need to use 802.1x for security and would like to use the MS IAS servier with EAP-TLS for authentication. We have 4 locations which should each be well covered by 3 base stations at each location. Medical providers need to be able to move around the office without losing connections. Time is more important than money. An hour of lost provider time (and when our app crashes it crashes hard) is worth avoiding with addition money. My questions are the following:

1. Do we need LWAPP or will autonomous with WLSE work for us? (Specifically for fast secure roaming, or quick handoff, or whatever it is we need)

2. Do we need to use EAP-FAST (and thus a Cisco AAA server) or will EAP-TLS with IAS be enough?

3. If we use LWAPP do we need WCS or will managing each 2000 series WLAN controller be enough?

4. Will all this work with my HP switches and Andtran routers?

5 REPLIES
New Member

Re: Autonomous or LWAPP for fast roaming

WLSE will support radio monitoring and self-healing but doesn't help with FSR. FSR is accomplished (in IOS) with WDS for layer2 roaming and WLSM (6500 blade) for Layer 3 roaming.

I just received my eval of WISM (Airespace in a 6500 blade) and, although I have yet to test, from everything I hear, LWAPP is the way to go for rogue-suppression, self-healing, and L2-L3 roaming.

You MUST use 1 or the other WDS/WLSM or LWAPP/AireSpace Controller OR WISM for FSR.

I chose PEAP-GTC in lieu of EAP-TLS...there are more and more OEM supplicants that support PEAP-GTC (802.1x or WPA/WPA2) and it's an interesting alternative to EAP-TLS...IMHO

Green

Re: Autonomous or LWAPP for fast roaming

To add to the above: It's my understanding that you must use LEAP or EAP-FAST to gain the most benefit from FSR.

While there is apparently some additional efficiency with other protocols, the WDS works "fastest" with EAP-FAST or LEAP.

FWIW

Scott

New Member

Re: Autonomous or LWAPP for fast roaming

Ok, thanks for the input.

New Member

Re: Autonomous or LWAPP for fast roaming

I recommend running autonomous with WDS seemed to be seamless on hand offs from AP to AP when running EAP-TLS and IAS sever. Wish I would have stayed away from LWAPP and controllers for I lost the seamless roaming on the change over.

Re: Autonomous or LWAPP for fast roaming

1. Do we need LWAPP or will autonomous with WLSE work for us? (Specifically for fast secure roaming, or quick handoff, or whatever it is we need)

A: Go with LWAPP, more reliable, and easier to work with.

2. Do we need to use EAP-FAST (and thus a Cisco AAA server) or will EAP-TLS with IAS be enough?

A: I'd recommend, PEAP. More secure, and with everything Cisco, much easier to support, since TAC does not support the IAS server.

3. If we use LWAPP do we need WCS or will managing each 2000 series WLAN controller be enough?

A: If you are only contemplatign using 2006 at 4 locations, WCS wouldn't be a necessity. If you expand beyond that and decide to do something else, then yes WCS.

4. Will all this work with my HP switches and Andtran router?

A: It probably will, and it should, but for best results, going Cisco for the whole solution works the best.

Now, why go with 2006's? They are nice boxes, but you would need 4 of them. If you are static at 4 locatiosn with out need for growth, I'd go with a 4402-25. This is a single controller that can handle up to 25 AP's. With this, if you purchase the 1242 or the 1131, you can do HREAP, and keep all the subnets locally switched, that way if the WAN goes out, or the controller goes out, then the WiFi stays up for the local subnets. Naturally anything acrosss the WAN is not accessable.

That beign said, if you are backhauling everything to a central site anyway, might as well go with one 4402-25, single point of controll, instead of 4. And if you do need to add another site, then you still have 13 more AP's that can join instead of having to purchase another controller.

my 2cents

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
499
Views
0
Helpful
5
Replies