Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Wireless Solution

I am trying to get my head around what products I need to set up a secure wireless network.

1. I need something that can make a PPPoE connection with username and password to my ISP for Internet.

2. I'd like to create private vlans to separate areas of the network by port.

3. I'd like to be protected from brute force WPA key attacks and have dhcp snooping

4. I'd like to be able to define the range of the wireless network.

That about sums it up but as I'm new to this kind of configuration it doesn't come easily to me.

General info:

All in all there'll be 30 devices max (mostly wireless) out of which there will be 6 wired clients

I do have a cisco sg200-08 and would be glad if it met the above requirements so that i could integrate it into the network.

Mainly I'm asking if i'm looking at a

router->devices config or a

router->switch->devices config or a

switch->router->devices config.

And if so which cisco router/switch would you recommend?

  • WAN Routing and Switching

Wireless Solution

How many AP's do you think you'll need? I don't understand #4, can you eloborate a little? You mention private VLAN's. Do you mean you want multiple VLAN's or do you want PVLAN's?

New Member

Re: Wireless Solution

Hey there, well this only opens up further questions. Will wireless be centralized at one location, any plans for growth of your WLAN?

Depending on what you want to accomplish you will need something similar to the folllowing

Option 1 - Centrally Managed WLAN

1. Wireless LAN Controller

2. LWAPP (I would recommend 2 AP's at least for 30 users)

3. L3 Switch (L3, you did mention segementation of the network)

4. Router (be it from your provider or you manage it, this will route LAN to WAN *Internet*)

5. NPS Server for dot1x authentication (MS 2008 R2 would work, most likely have one in the environment already?)

Option 2 - Autonomous WLAN

1. Wireless Access Points (autonomous, 2 at least)

2. L3 Switch

3. Router

4. NPS server for dot1x authentication

You will need power adapters for the AP's as the Cisco 200-08 isn't not POE capable. The only thing I am confused on (i'm not smart afterall) is

1. I need something that can make a PPPoE connection with username and password to my ISP for Internet.

Why do you need username/password to connect to your ISP? What kind of circuit do you have coming into the site? T1? DS3? As I said, lots of questions

Also, as far as switch, you could most likely get away with a 48 port 3560 POE (100MB) or you could get fancy and go Gig and get a 3560G. Also make sure the AP you select can be powered by the 3560 POE

As far as segmentation, keep it simple. Something like

Mgmt -       (Use this segment only to manage switches, routers)

Data -        (This will be for the users who are wired)

Wireless Mgmt -   (Could be used if you go with a centralized WLAN solution, controller and AP's on this segment only)

Wireless -  (Wireless Network segment)

Now on your L3 switch, define your VLANs and SVI's

VLAN 10 - Mgmt

VLAN 20 - Data

VLAN 30 - WirelessMGMT

VLAN 40 - Wireless

This widget could not be displayed.