Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1082
Views
0
Helpful
22
Replies

Wireless Deployment

aadeoye
Level 1
Level 1

‎01-09-2008 12:36 PM - edited ‎07-03-2021 03:11 PM

Hello everyone,

I need some help here. I am currently working on a project with Centralized WLC deployement at a Co-Location Centre.

My WiSMs are located in my co-location switches. The Co-location network is different from the corporate network (MAN/WAN) and traffic between the two is routed (Layer 3)via MPLS connections.

The Access Points will be deployed in the corporate network. With DHCP option 43 and Layer 3 LWAPP, I don't think communication between the WiSMs and APs will be a problem. However, I am a little concerned about the user VLAN. How will I perform the dynamic interface/VLAN mapping configuration on the WiSMs since it is not on the same Layer 2 infrastructure as the APs? The WiSMs and APs do not share any VLAN information.

Thanks in anticpation,

Ade

Labels:
0 Helpful
22 Replies 22

aadeoye
Level 1
Level 1
In response to klein425

‎02-25-2008 02:38 PM

So, if I understand correctly, the remote RADIUS server (if it is configured as primary) is used for all authentication.

The local RADIUS (if configured as secondary) will only be used if the primary RADIUS is unreachable e.g. if the WAN link is down, right?

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to aadeoye

‎02-25-2008 02:47 PM

If you plan on having a radius server on the remote and on the central location, then you would have the remote radius server (authentication localy switched) as the primary and the central radius server (authentication centrally switched)as the secondary. You can have one or both centrally in your HQ to authenticate users at your remote offices if you like. You don't need a remote radius server for this unless this is what you want.

What you have to look at is if traffic (Internet, email, shares, etc) is centrally located, then if your WAN link goes down, they will still complain... you know... users! haha

-Scott
*** Please rate helpful posts ***
0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to aadeoye

‎02-25-2008 02:50 PM

If you plan on having a readius server on the remote and on the central location, then you would have the remote radius server (authentication localy switched) as the primary and the central radius server (authentication centrally switched)as the secondary. You can have one or both centrally in your HQ to authenticate users at your remote offices if you like. You don't need a remote radius server for this unless this is what you want.

What you have to look at is if traffic (Internet, email, shares, etc) is centrally located, then if your WAN link goes down, they will still complain... you know... users! haha

-Scott
*** Please rate helpful posts ***
0 Helpful

Scott Fella
Hall of Fame
Hall of Fame

‎02-25-2008 03:01 PM

To be honest, what you have is your WiSM's centrally located (co-location)and your ap's going to be installed at HQ. Why go H-REAP? You can have your ap's on different layer 3 networks and have uses associate on a different network that is configured on the co-location side. Then it is just routing.

-Scott
*** Please rate helpful posts ***
0 Helpful

aadeoye
Level 1
Level 1
In response to Scott Fella

‎02-25-2008 03:08 PM

You have a point.....that configuration works.

However, depending on how heavily the WLAN is used (in this case, it is going to be as it is a major business driver), you become exposed to major application latency issues since all traffic (whether remote or local) has to traverse the WAN through the LWAPP tunnel. In an extreme case, you may be looking at a bandwidth upgrade simply due to unnecessary traffic traversing the WAN from the WLAN.

I currently have one deployment with this issue and I want to avoid it in this installation.

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to aadeoye

‎02-25-2008 03:15 PM

I understand, then h-reap is what you will need to look at. Usually when you have the WiSM's centrally located, you also have email, application servers, etc located and have the bandwidth required. I have had multiple deployments in which having traffic run back to a central location was not an issues at all. These included multiple WiSM and or the 4400 WLC. Even with H-REAP you must make sure your users have available bandwidth to perform their work. what you will have to look into is implementing some type of QoS on both the LAN & WAN.

-Scott
*** Please rate helpful posts ***
0 Helpful

aadeoye
Level 1
Level 1
In response to Scott Fella

‎02-25-2008 03:20 PM

Thanks. I will definitely have to look into QoS for the LWAPP traffic at least.

I am pretty certain that there is enough bandwidth for remote enterprise applications. However, the file and print servers are local and large file downloads are usually cached using local appliances. This type of traffic could wreak havoc on the current WAN infrastructure we have.

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to aadeoye

‎02-25-2008 05:27 PM

Well you do have options... don't leave h-reap out of it. There are also appliances that can help save your wan like WAAS.

-Scott
*** Please rate helpful posts ***
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card