Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Wireless Solution Advice

Hi all,

i would like to enquire about whether Cisco is a good way to go for wireless. I have looked at other vendors, and they all seem to have a box that "can do everything". I need a good understanding as to what I would need in setting up wireless in my organisation.

Firstly, we would have hundreds of APs, lets say 500. 200 on our main camus and then the other 300 dotted around remote sites. So there is a definate need for having all wireless connectivity controlled and managed from a central location.

I have spotted Cisco ISE which I think performs all the authentication and profiling of the various types of users and machines that will want access to our network.

I have also spotted Cisco Flex which, if I am right in thinking is strictly for deploying wireless to our remote branches.

and then there is the WLC, which manages the APs themselves and the various RF environments.

Firstly, I am very keen on having two SSIDs. One for use only by corporate machines and then the other for guest access.

The corporate SSID should be as secure as possible, maybe using 802.1x EAP-TLS

The guest SSID should be really easy to administer, as such, a user can self request access to the guest network, and then get a pre-shared key which eventually expires.

The guest network will be seperated at layer 2 from the corporate network.

the corporate SSID should include Layer3 seemless mobility for VOICE in particular.

Our topology does not include End to End VLANs, we have seperate vlans per access switch to keep broadcasts local. We also then have layer 3 switching in distribution and core layer.

On the remote sites,

I do not want the traffic to tunnel back to a central controller, i would like all traffic to remain local. However, I do want authentication to be sent back over the WAN to our corporate ISE.

Is there a cisco box that can do all of this, or do I have to purchase each seperate appliance to build this whole solution?

Any advice would be very helpful. Also, any references to any documentation or example topologies of such solutions would also be very helpful.

I have looked at some of the discussions on this forum and I think I am beginning to get the picture. but i do need clarification on what exact products I need to buy.

Thanks

Mario De Rosa

1 REPLY
Hall of Fame Super Gold

Re: Wireless Solution Advice

I do not want the traffic to tunnel back to a central controller, i would like all traffic to remain local. However, I do want authentication to be sent back over the WAN to our corporate ISE.

There's one flaw to this.  The APs in the remote location are controlled by the Flex 7500 WLC using a Cisco proprietary language called H-REAP.  One of the biggest feature of H-REAP happens when the WAN link goes down.  When this happens, the APs will still provide service, however, this is possible when the remote site has a local authentication server present.  Otherwise, new clients will be unable to associate to the WLAN.

Is there a cisco box that can do all of this, or do I have to purchase each seperate appliance to build this whole solution?

Depends on you.  The Flex 7500 will do nothing but H-REAP.  It won't be able to control APs that are not running H-REAP.  The WLC 5508, however, can do both H-REAP and non-H-REAP.  If you do plan to purchase the 5508, then get the one that will support a minimum of 100 AP license.  Getting the -25 or -50 will only make you pull your hair out when you try to go beyond 450 APs.

259
Views
0
Helpful
1
Replies
CreatePlease login to create content