01-09-2008 12:36 PM - edited 07-03-2021 03:11 PM
Hello everyone,
I need some help here. I am currently working on a project with Centralized WLC deployement at a Co-Location Centre.
My WiSMs are located in my co-location switches. The Co-location network is different from the corporate network (MAN/WAN) and traffic between the two is routed (Layer 3)via MPLS connections.
The Access Points will be deployed in the corporate network. With DHCP option 43 and Layer 3 LWAPP, I don't think communication between the WiSMs and APs will be a problem. However, I am a little concerned about the user VLAN. How will I perform the dynamic interface/VLAN mapping configuration on the WiSMs since it is not on the same Layer 2 infrastructure as the APs? The WiSMs and APs do not share any VLAN information.
Thanks in anticpation,
Ade
02-25-2008 02:38 PM
So, if I understand correctly, the remote RADIUS server (if it is configured as primary) is used for all authentication.
The local RADIUS (if configured as secondary) will only be used if the primary RADIUS is unreachable e.g. if the WAN link is down, right?
02-25-2008 02:47 PM
If you plan on having a radius server on the remote and on the central location, then you would have the remote radius server (authentication localy switched) as the primary and the central radius server (authentication centrally switched)as the secondary. You can have one or both centrally in your HQ to authenticate users at your remote offices if you like. You don't need a remote radius server for this unless this is what you want.
What you have to look at is if traffic (Internet, email, shares, etc) is centrally located, then if your WAN link goes down, they will still complain... you know... users! haha
02-25-2008 02:50 PM
If you plan on having a readius server on the remote and on the central location, then you would have the remote radius server (authentication localy switched) as the primary and the central radius server (authentication centrally switched)as the secondary. You can have one or both centrally in your HQ to authenticate users at your remote offices if you like. You don't need a remote radius server for this unless this is what you want.
What you have to look at is if traffic (Internet, email, shares, etc) is centrally located, then if your WAN link goes down, they will still complain... you know... users! haha
02-25-2008 03:01 PM
To be honest, what you have is your WiSM's centrally located (co-location)and your ap's going to be installed at HQ. Why go H-REAP? You can have your ap's on different layer 3 networks and have uses associate on a different network that is configured on the co-location side. Then it is just routing.
02-25-2008 03:08 PM
You have a point.....that configuration works.
However, depending on how heavily the WLAN is used (in this case, it is going to be as it is a major business driver), you become exposed to major application latency issues since all traffic (whether remote or local) has to traverse the WAN through the LWAPP tunnel. In an extreme case, you may be looking at a bandwidth upgrade simply due to unnecessary traffic traversing the WAN from the WLAN.
I currently have one deployment with this issue and I want to avoid it in this installation.
02-25-2008 03:15 PM
I understand, then h-reap is what you will need to look at. Usually when you have the WiSM's centrally located, you also have email, application servers, etc located and have the bandwidth required. I have had multiple deployments in which having traffic run back to a central location was not an issues at all. These included multiple WiSM and or the 4400 WLC. Even with H-REAP you must make sure your users have available bandwidth to perform their work. what you will have to look into is implementing some type of QoS on both the LAN & WAN.
02-25-2008 03:20 PM
Thanks. I will definitely have to look into QoS for the LWAPP traffic at least.
I am pretty certain that there is enough bandwidth for remote enterprise applications. However, the file and print servers are local and large file downloads are usually cached using local appliances. This type of traffic could wreak havoc on the current WAN infrastructure we have.
02-25-2008 05:27 PM
Well you do have options... don't leave h-reap out of it. There are also appliances that can help save your wan like WAAS.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide