cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
452
Views
0
Helpful
2
Replies

Cisco Unified Solution Question

Tahir Ali
Level 1
Level 1

Hi all,

I want to ask that i am designing a cisco unified wireless solution in which i m taking WLCs on most of the main branches of the enterprise and using HREAP for remote branches. AP i have selected is 1130AG for the whole solution. I have placed the ACS on the Central Office and using EAP-Fast. The Question is that

1)I m terminating all my WLCs and HREAP on WISMs placed in central office, and also have proposed a redundant 6500 with redundant WISM topology.Is this a valid design of terminating all WLC in a WISM which is also a WLC and also having the redundant topology for that?

2)Secondly i wanted to ask that i have proposed the firewall and IDS module on both 6500s.Do i really need a IDS as unified wireless has its own integrated IDS/IPS capabilities. If i need it than wat role will it play?

3) Thirdly i wanted to ask that do i really need other security applicanes like MARS,NAC, Secure services client etc...as i have some financial contraints too...

4)I m terminating my WCS and location applicance on both of the 6500s,are there any error in this design?

5)How will i authenticate Users when the WAN link to the ACS will be down from any of the branch. Is there any local radius server support on WLC as we have on Cisco Autonomous access point.

Any help or links will be appriciated...

1 Accepted Solution

Accepted Solutions

jakew
Level 1
Level 1

Q1)I m terminating all my WLCs and HREAP on WISMs placed in central office, and also have proposed a redundant 6500 with redundant WISM topology.Is this a valid design of terminating all WLC in a WISM which is also a WLC and also having the redundant topology for that?

A1: This is a valid topology.

Q2)Secondly i wanted to ask that i have proposed the firewall and IDS module on both 6500s.Do i really need a IDS as unified wireless has its own integrated IDS/IPS capabilities. If i need it than wat role will it play?

A2: IDS module is optional. The embedded WIDS capabilities in the CUWN are focused on wireless attacks. The IDS modules gives you protection against lots of other, non-wireless specific attacks and vulnerabilities. For example, if you have a legitimately authenticated wireless user with a virus, the IDS module will detect that and provide shunning capabilities.

Q3) Thirdly i wanted to ask that do i really need other security applicanes like MARS,NAC, Secure services client etc...as i have some financial contraints too...

A3: These components are also optional to the CUWN, but like the IDS module, add significant value to the total solution.

Q4: I'm terminating my WCS and location applicance on both of the 6500s,are there any error in this design?

A4: No

View solution in original post

2 Replies 2

jakew
Level 1
Level 1

Q1)I m terminating all my WLCs and HREAP on WISMs placed in central office, and also have proposed a redundant 6500 with redundant WISM topology.Is this a valid design of terminating all WLC in a WISM which is also a WLC and also having the redundant topology for that?

A1: This is a valid topology.

Q2)Secondly i wanted to ask that i have proposed the firewall and IDS module on both 6500s.Do i really need a IDS as unified wireless has its own integrated IDS/IPS capabilities. If i need it than wat role will it play?

A2: IDS module is optional. The embedded WIDS capabilities in the CUWN are focused on wireless attacks. The IDS modules gives you protection against lots of other, non-wireless specific attacks and vulnerabilities. For example, if you have a legitimately authenticated wireless user with a virus, the IDS module will detect that and provide shunning capabilities.

Q3) Thirdly i wanted to ask that do i really need other security applicanes like MARS,NAC, Secure services client etc...as i have some financial contraints too...

A3: These components are also optional to the CUWN, but like the IDS module, add significant value to the total solution.

Q4: I'm terminating my WCS and location applicance on both of the 6500s,are there any error in this design?

A4: No

Thanks Jake for your help, it really cleared some ambiguties in my mind....

one thing which you forget to reply is the authentication question.

How will i authenticate users when the WAN link to the central ACS server will be down from any of the branch? Does WLCs have a local radius server support like we have for Autonomous APs ( which supports LEAP and EAP-FAST)?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: