cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7413
Views
15
Helpful
12
Replies

Newbee Question: Can an ASA device control Wireless Access Points?

LondonCisco
Level 1
Level 1

Hi All

Excuse the newbee question!

We have "Cisco Aironet 1000 Series Lightweight Access Points" in the ceiling of the office.

We have been recommended that we purchase Cisco ASA 5505 (entry level firewall device)  to control the these wireless access points.

However, I don't understand why we would need to buy a firewall to do this!

Is it possible that someone has got confused with the "Cisco 5500 Series Wireless Controllers" or can an ASA device be used to control wireless access points?

Thanks!

John

4 Accepted Solutions

Accepted Solutions

John,

If you look at the ASA documentation, there is no support for wireless access points at all. That is a firewall! If you look at the access point documentation, you will see the required hardware which is a wireless lab controller. Maybe you should look at another provider.

Sent from my iPhone

-Scott
*** Please rate helpful posts ***

View solution in original post

We did query the fact with the company when they made the recommendation, however they reiterated their confirmation.

I'd trust Scott than the company you bought these ancient 1000 from.

Other than Scott, I know for a fact that an ASA cannot control a WAP.  However, an ASA can BLOCK ports used to send packets to-and-from the WAP.  That's as far as the ASA can do to "control" a WAP.

View solution in original post

Leo,

I will say there are some engineers in Cisco that believe in shaping the signal and as such will deploy external antennas. This doesn't mean 100% external antennas, but a reasonable mix.

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

View solution in original post

Rob Huffman
Hall of Fame
Hall of Fame

Hi John,

Just to add a wee note to the great info from our friends Scott, Leo

and George here (+5 each guys)

The 1000 series of Cisco AP's were only supported on the WLC 4400

series up to release 4.2.207.0 which was quite a long time before the 5500

series of WLC's was released. The 4400 series and the old 1000 series

AP's are both EoL so you are likely looking at a total revamp of your wireless

infrastructure at this point. We are going through the same process right now

moving to Clean Air on the 5500's and it's been a very worthwhile change.

http://www.cisco.com/en/US/products/ps10315/prod_release_notes_list.html

Cheers!

Rob

View solution in original post

12 Replies 12

Scott Fella
Hall of Fame
Hall of Fame

They are wrong.. You need a WLC5508

Sent from my iPhone

-Scott
*** Please rate helpful posts ***

Hi Scott

Thanks.

We did query the fact with the company when they made the recommendation, however they reiterated their confirmation.

Therefore, is there any documentation/link that you know of that we could use to illustrate the fact that the ASA device doesn't do what they are suggesting? Their confidence has made me wonder whether there is something they know about the ASA 5505 that we don't!

I understand that if that all the answer you can give it that "that is how it is!"

Thanks

John

John,

If you look at the ASA documentation, there is no support for wireless access points at all. That is a firewall! If you look at the access point documentation, you will see the required hardware which is a wireless lab controller. Maybe you should look at another provider.

Sent from my iPhone

-Scott
*** Please rate helpful posts ***

John,

Here is a link

Lightweight Access Point FAQ

http://www.cisco.com/en/US/products/hw/wireless/ps430/products_qanda_item09186a00806a4da3.shtml

Sent from my iPhone

-Scott
*** Please rate helpful posts ***

We did query the fact with the company when they made the recommendation, however they reiterated their confirmation.

I'd trust Scott than the company you bought these ancient 1000 from.

Other than Scott, I know for a fact that an ASA cannot control a WAP.  However, an ASA can BLOCK ports used to send packets to-and-from the WAP.  That's as far as the ASA can do to "control" a WAP.

LondonCisco
Level 1
Level 1

Hi Scott/Leolaohoo

Thanks for your responses and time.

You've confirmed what I suspected.

There are various companies involved in the project and we are working alongside the company in question. This information doesn't make anybody look good, so I wanted to make sure I was 100% sure of myself.

John

I think they just got confused with the model number… 550X. Not cheap especially if you have a lot of AP’s,

-Scott
*** Please rate helpful posts ***

This information doesn't make anybody look good, so I wanted to make sure I was 100% sure of myself.

It'll make you look good!

There are various companies involved in the project and we are working alongside the company in question.

There's a high chance that you might get "ripped off" if you don't get the final design "vetted" by an independent party.  Happened to us.  We have a AU$5M project for wireless and some whack-job told us to use 3502e INSIDE THE HOSPITAL.  This project is in Australia and one of the reasons why they recommended external antennas is because "it's a standard in America".  I re-read that line before breaking out in laughter.  The choice for 3502e vs 3502i was >AU$500K in materials.  So we didn't understand how a multi-billion dollar system integrator was trying is darn best to get us to go down this route.

We weren't suppose to see the design.  Someone made the mistake of forwarding the design document to us and we just pulled the hand brakes. 

Leo,

I will say there are some engineers in Cisco that believe in shaping the signal and as such will deploy external antennas. This doesn't mean 100% external antennas, but a reasonable mix.

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

This doesn't mean 100% external antennas, but a reasonable mix.

This one did.  100% Cisco 3502e.  All 680 units of it.

Rob Huffman
Hall of Fame
Hall of Fame

Hi John,

Just to add a wee note to the great info from our friends Scott, Leo

and George here (+5 each guys)

The 1000 series of Cisco AP's were only supported on the WLC 4400

series up to release 4.2.207.0 which was quite a long time before the 5500

series of WLC's was released. The 4400 series and the old 1000 series

AP's are both EoL so you are likely looking at a total revamp of your wireless

infrastructure at this point. We are going through the same process right now

moving to Clean Air on the 5500's and it's been a very worthwhile change.

http://www.cisco.com/en/US/products/ps10315/prod_release_notes_list.html

Cheers!

Rob

LondonCisco
Level 1
Level 1

Once again, thanks to all you guys.

Rob, thanks for that last bit of information, that will be very useful. I guess that the 5508 won't be backwards compatible to the 1000 Series but I'll double check that on the Cisco site. The client inherited the wireless access points when moving into a new office, so won't have a budget to buy new wireless access points. As I mentioned in an earlier post, unfortunately the situation is not going to make people happy though obviously needs to be worked through.

I have informed the parties concerned about the ASA firewall not being a correct recommendation, so we'll see what happens!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: