Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

Wireless Network Design

Hi,

I need some assistance with wireless design. we need a wireless network for our two board rooms (will expand in the near future). Due to our security policies we need to make sure out network is secured as much as possible. no guest access is needed and also and mobility is not needed for now(may be in the furture). One of the security requirements is that we contain the network signal within boundries of the board room or with minimum signal leakage.

so our approach is as follows. we are planning of using Cisco Aironet 1140 access points(two) with Cisco WS-C3750G-24WS-S25 intergrated controller. at the client's PC's we are planning of using Cisco's secure services version 5.1. the wireless network will be behind the firewall (Cisco firewall Module on the 6500).

I need someone to help us with the following.

1. Is it possible to contain the signal within the parameters of the boadroom? if not what are the implications?

2. is this solution going to give us what we expect in terms of scalability, performance and security?

3. I saw that the Cisco's secure services version 5.1 software does not support windows 7. any idea what we can do to support windows 7 clients

4. Can we use Micorsoft AD accounts for wireless network authentication, or do we need a separate wireless authentication? what is the best practice for this?

Your help will be highly appreciated.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Wireless Network Design

Emmanuel,

     I think what you are attempting to do is doable, the scalability of it could be limited somewhat by the controller choice, but other than that it should be fine.  See my answers to your questions below:

1. Is it possible to contain the signal within the parameters of the boadroom? if not what are the implications?

My recommendation if you chose to use 1 AP is place it in the center of the boardroom, if you are using 2 AP's cut the room into thirds and place an ap at each of those points. Then in terms of limiting the signal out side the room there is only so much you can do in terms of that although you can prevent others from connecting to it at a distance. So assuming that all the clients support either 802.11g or 802.11n you can manually set the transmit power really low, I'd start around 7 or 8, then disable the following data rates: 1,2,5.5,6,9,11,12,18,24 and set 48 as mandatory with 36 & 54 as supported.  Then test with this configuration, if signal is a little weak step the power up 1 value so if you start at 8 goto 7.  This configuration will provide service within the Boardroom and drastically decrease the distance outside the boardroom that you can actually connect.

2. is this solution going to give us what we expect in terms of scalability, performance and security? 

In my opinion the only scalability issue would be the controller since it's limited to 25 access points. Performance wise it depends on what your using the wireless for, but it should provide execellent bandwidth and performance.  Security wise that's really depends on yout security policies.

3. I saw that the Cisco's secure services version 5.1 software does not support windows 7. any idea what we can do to support windows 7 clients

I have no experience with this so I can't provide any insight to this.

4. Can we use Micorsoft AD accounts for wireless network authentication, or do we need a separate wireless authentication? what is the best practice for this?

You don't mention if you have ACS or Radius in your environment, if you do I'd use PEAP to authenticate the users via Radius looking at the AD Database.

Hope this helps answer your questions. Please feel free to rate this post.

Thanks.

4 REPLIES

Re: Wireless Network Design

Emmanuel,

     I think what you are attempting to do is doable, the scalability of it could be limited somewhat by the controller choice, but other than that it should be fine.  See my answers to your questions below:

1. Is it possible to contain the signal within the parameters of the boadroom? if not what are the implications?

My recommendation if you chose to use 1 AP is place it in the center of the boardroom, if you are using 2 AP's cut the room into thirds and place an ap at each of those points. Then in terms of limiting the signal out side the room there is only so much you can do in terms of that although you can prevent others from connecting to it at a distance. So assuming that all the clients support either 802.11g or 802.11n you can manually set the transmit power really low, I'd start around 7 or 8, then disable the following data rates: 1,2,5.5,6,9,11,12,18,24 and set 48 as mandatory with 36 & 54 as supported.  Then test with this configuration, if signal is a little weak step the power up 1 value so if you start at 8 goto 7.  This configuration will provide service within the Boardroom and drastically decrease the distance outside the boardroom that you can actually connect.

2. is this solution going to give us what we expect in terms of scalability, performance and security? 

In my opinion the only scalability issue would be the controller since it's limited to 25 access points. Performance wise it depends on what your using the wireless for, but it should provide execellent bandwidth and performance.  Security wise that's really depends on yout security policies.

3. I saw that the Cisco's secure services version 5.1 software does not support windows 7. any idea what we can do to support windows 7 clients

I have no experience with this so I can't provide any insight to this.

4. Can we use Micorsoft AD accounts for wireless network authentication, or do we need a separate wireless authentication? what is the best practice for this?

You don't mention if you have ACS or Radius in your environment, if you do I'd use PEAP to authenticate the users via Radius looking at the AD Database.

Hope this helps answer your questions. Please feel free to rate this post.

Thanks.

New Member

Re: Wireless Network Design

Thanks. I think you answered what I needed.

Hall of Fame Super Gold

Re: Wireless Network Design

If you are yet to build the board room, consider putting Faraday Cage or Faraday Shield.

Cisco Employee

Re: Wireless Network Design

415
Views
3
Helpful
4
Replies
CreatePlease to create content