Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

Converting wireless network from ACS server/ aironet 1200 using LEAP to VPN

We've been mandated by corp. to convert to VPN.

Currently we are running an ACS server with cisco 1200s across VLANS using leap. We service at this local site, about 500 users with a need for proable 200 simo-logins. At the end of the day we will need to incorp- the entire network around the world 100,000+ users in 130 countries.

I've trickled across numerous papers and sites within/out cisco, i've gotten lots of little pieces that don't seem to add-up.

What are my best options?

Any key links for research that deal directly with this type of transition?

Any and all appreciated, Thanks, Kevin

Cisco Employee

Re: Converting wireless network from ACS server/ aironet 1200 us


I hope you mean that you are adding VPN to your security suite and not simply replacing LEAP with VPN ???

You should use both as this will provide mutli level security.

If you use VPN only then almost anyone is able to associated to your access point and whlie they may not be able to access many of your network reasources that can send layer 2 packets such as layer 2 broadcasts that will severly reduce the bandwidth available to your authorised users. On a large enough scale a DOS attack.

Leap will mean un authorised users can not associate to your AP's and as such can not consume your bandwidth. while VPN will provide end to end protection of your data.

For a deployment of the scale your talking about you will need to distrubte your ACS servers around your main sites

Here is a paper on EAP over congested WAN links and will give you some guidelines for remote ACS deployments

Hope this helps, please consider VPN as an addition to your current security not a replacement

New Member

Re: Converting wireless network from ACS server/ aironet 1200 us

Thanks for the info.

Yes I was planning on removing leap, but after reading there's no need to and would behoove me to!!!

Now the link was very help in most aspects, one item is still somewhat unclear - - -deploying of ACS servers. Will this relieve the need for concentrators or contivity boxes?

Currently we do have a Nortel contivity box that our remote users as host, can that be used in-house for the employees with in the building as well?

Again thanks for any/all


CreatePlease to create content