cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
610
Views
9
Helpful
3
Replies

Wireless LAN Across Multiple Non-Contiguous Floors in a Building...

deanhassan
Level 1
Level 1

Hi All,

It's been a few years since I've done anything in the way of Wireless networking but I'm just looking for some advice as it looks like I'll be revisiting it again quite soon.

We operate in a building where we have multiple floors but between some of them are floors owned by other companies. I'm guessing the typical way of doing wireless in this scenario would be to have a VLAN per floor and then force the reauthentication with you change AP's.

Saying that, does anyone have any advice on how to maintain continious connectivity in this kind of scenario, barring having a single VLAN stetched across all AP's and having AP's in the lift wells (a big no, no from a security perspective, WPA2 or otherwise)

Is there any way of maintaining a secure continuous wireless connection when traversing floors that are non-contiguous? I'd appreciate any advice. Thanks in advance.

Dean~

3 Replies 3

Aaron Harrison
VIP Alumni
VIP Alumni

Hi Dean

A good way to work around this VLAN issue is to use the new AireSpace/Controller based wireless systems.

Basically you can put APs anywhere (in any VLAN) and they tunnel all traffic from their management interface in the VLAN they are installed in back to the central controller, which in turn has interfaces in whatever VLANs you actually want to give access to.

This nicely works around the issues given rise to when you have different VLANs per floor with traditional wireless systems - when you roam between floors in those, you roam between subnets, and therefore need to reauthenticate and obtain a new IP address - a process which cuts off most apps and causes a break in communications.

Hope this helps

Aaron

Please rate helpful posts..

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!

Thanks for getting back to me Aaron.

When you mean "AireSpace/Controller based wireless systems, am I right in assuming that if you need a WiSM enabled switch/module for routers or switches?

I'm trying to think of the most secure way of doing it allowing this "separated floor" mobility without going overkill at the same time (putting IPSEC/VPN tunnels, encryption and forced re-authenitcation all over the place which has been investigated in the past and failed miserably)

I was thinking of having AiroNet AP's (with directional antennas if possible) distributed on each floor along with AirDefense modules.

These would then connect in a dedicated Wireless LAN switch per floor (eg. some form of WiSM enabled Catalyst 3750) running it's own VLAN and dot1x and then have these connected into the standard floor switches and up into our core.

Would such as solution work? How would this work when traversing lift wells (provided AP's would be allowed to fitted into them)

Thanks again for your help.

Dean~

Hi Aaron,

Great answer here and great review of the 4400 series (just read it)! Very deserving of at least 5 points from this end.

Take care!

Rob

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: