Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

How to secure your wireless...

I don't want to sound to stupid here but it seems like there are a lot of items on the market that can be used to secure wireless. I'm familiar with Cisco ACS and I've briefly read about Cisco Wireless Control System (WCS), CiscoWorks Wireless LAN Solution Engine, Cisco Unified Wireless Network, and Cisco Wireless Control System. I'm a bit confused on what solutions are right for our company. I'm having trouble understanding if all these devices work separately or together, is one of these an all inclusive device or do I need to purchase all of them separately. If I have multiple remote sites, which I do, will I need to purchase any or all of these for each location. I believe I've got information over load and I was hoping someone could point me in the right direction, a website, an article, or even some advise on the best solution for securing the wireless.

Thanks in advance

7 REPLIES
Silver

Re: How to secure your wireless...

Different components provide different features and functions. I suggest to consult a Cisco salesman or the partner for a more completed solution.

IMO, in current Cisco wireless product, there are two types : LWAPP-enabled and Autonomous (traditional). Where LWAPP use WLC to control the AP and provides lots of information. The traditional one use WLSM to manage the AP.

I suggest to read below :

http://www.cisco.com/en/US/netsol/ns340/ns394/ns348/ns337/networking_solutions_white_paper0900aecd802c18ee.shtml

http://www.cisco.com/application/pdf/en/us/guest/netsol/ns178/c649/ccmigration_09186a00800d67eb.pdf

http://www.cisco.com/en/US/netsol/ns339/ns395/ns176/ns178/networking_solutions_white_paper0900aecd8040f7b2.shtml

Hopes this help.

New Member

Re: How to secure your wireless...

Thanks..That helped alot, the Unified Wireless solution seems to the way to go. However a couple of quick questions..

1. It appears with LWAPP I still need a ACS server, would that be a correct assumtion, and would it be best to have one at each remote location versues the main office?

2. I have 3 remote sites that all go through our main office for email, internet, and a few applications, would I need a WLAN controller for each location, if so, then I would image I should concider a WCS, correct?

Thanks...

Bob

Silver

Re: How to secure your wireless...

You can have one ACS or say Radius server in main office then configure the Radius proxy in WLC,

For the WLC distribution, it depends on how many AP in each office and how much WAN bandwidth you have. I recommend to have WLC at each office and have a larger one or two at main office to support main office and backup for the remote offices, in case the WLC at remote office down.

For the WCS, it is the management SW to manage the WLAN, it better to have it to manage all AP & WLC at a whole.

Above suggestions only based on the limited information and common practice. I strongly recommend to consult w/ the reseller or Cisco partner for a completed solution. Moreover, you also need to have a site survey to determine the number of AP and locations in each office, it is very important to ensure the required coverage.

Hope this helps.

New Member

Re: How to secure your wireless...

I concur with the distribution of WLC's among the branch offices as well as corporate. One thing to consider is that you can "replicate" WLC configs among each WLC and have them back each other up in case of single failure. There are two things to keep in mind in this case. 1. You will need a WLC with enough capacity at each site to split the load of one failed WLC. 2. It would be advisable to have each remote office and corp office in a mesh network in case one site fails and connectivity to main WLC is down, ie telco failure. This would ensure back WLC capabilities from remote office stand points.

(One thing that I would like to mention here is that Cisco has not worked out an upgrade for existing WLCs to handle additional licensing and capability in existing WLC's...in other words, they are not field upgradable, yet. So, buy with the intention of not being able to increase capacity without additional hardware investment.)

When you are buying the WCS and want to use the Wireless Location Appliance, you will need to buy the WCS that is a location version. I believe the difference in price is $1.5-2k, worth the initial investment.

Stevan

New Member

Re: How to secure your wireless...

Thanks for the input, I should have given some examples of our layout. Currently we have 4 sites, only 2, including the main office, at this moment have APs and both of them only have about 7 or so. We don't have much in the line of Wireless traffic at the moment but I do see the other two locations adding wirless and at least 3 of the 4 going to VoIP within the next few years.

Silver

Re: How to secure your wireless...

In this case, I will suggest to have the 2006 at each remote office if it will not excess 6 AP. And one larger size (e.g. 44xx) at main office to be the backup. For the VoIP issue, if you will use Wi-Fi phone, you need to consider the QoS in Wireless.

New Member

Re: How to secure your wireless...

Question for Jack:

If the remote site has no redundant routing path to the ASC/Radius at the Main site, whenever telco/circuit goes down between remote and main site, the remote wlan users will lost the access to their local servers access, right?

If there's a local ACS/Radius,WLC at remote site, no matter telco down or not, they can't always have access to the local resource, correct?

159
Views
0
Helpful
7
Replies
CreatePlease to create content