Our wireless system is completely off our internal network. Its on its own cable broadband connection. The only thing that can touch our lightweight AP's is our wireless server that has 2 NIC cards. One NIC has an ip just to manage the AP's on there seperate c2960 switch and the other NIC has an internal IP so we can remotely manage. How can I hook up these phones so it can reach our internal voice LAN without compromising the network. I have attached a diagram of our wireless setup. I was told i have to use one of the gigabit ports on the switch the AP's connect through and connect it to my ASA box. Please advise. Thank You.
I would suggest you create a different SSID at your APs only for the telephones.
Set different security for this SSID, for best results use WPA2 with AES encryption.
Make sure this SSID is hooked up to a different VLAN, for example VLAN 99.
Make sure your Access Points have a trunk connection with the switch.
Create the vlan99 at the switch.
Statically set one of your switch ports to VLAN99 and connect that port with one of the ports of your ASA Firewall. Make the correct firewall settings so that you restrict access of that port only to the necessary IPs of your voice VLAN.
** Make sure you use a different IP subnet for your VLAN99!
"I have set up my network so that my wireless clients have no access to my internal network. How can I get some of my wireless clients access to my internal network?"
As things stand, you can't.
In order to make this work, you have to make a connection between your TOCWirelessSwitch and your internal LAN.
Now, there are obviously ways to make this as secure as possible- using an ASA and/or ACLs would be the obvious choices- but you will no longer have the complete physical isolation that you do now.
Of course, you would put your wireless phones on a separate SSID and VLAN from your data traffic, and make sure that the only traffic allowed to cross the new connection is restricted to the phone addresses and the specific ports your voice traffic uses.
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...