Re: [WIRELESS-LAN] Wireless design

Wed, 08 Jun 2011 21:35:37 -0700

Can that system bridge at the AP?  We are going to have a secure network and an open one.  The secure network will be configured with 802.1x and will just dump people on the local VLAN of the building.  Once we have the network fully secure we will be fine with this.  I like this for performance reasons.  The APs just become secure hubs. 
 
We will also make sure that no clients can talk to each other on these networks.  We will try to drive all users to the secure network.  The secure network will also be NAC enabled.
 
The open network will tunnel back to the controller and bridge there which is required due to the captive portal.
 
The only possible snag here is roaming between buildings and between 802.1x APs.  I have not tested and tweaked that yet.
 
John
 


----- Original Message -----
From: Mike King <[email protected]>
Date: Wednesday, June 8, 2011 9:29 pm
Subject: Re: [WIRELESS-LAN] Wireless design
To: [email protected]

> The real short answer is that it does not matter what the IP address of the AP is, as long as it has good stable communications with the controller.  


> What I personally try to do is what you are proposing, put the APs for each building/floor it's own subnet.


> Good luck


> Mike

> On Wed, Jun 8, 2011 at 6:54 PM, Entwistle, Bruce <[email protected]> wrote:

> We will soon be migrating our wireless network from Cisco autonomous 1231 APs to a combination of Cisco 3502i along with some of the existing 1231 APs converted to lightweight.   As we prepare for this we are looking at how to best architect the new network.    The new network will cover the entire campus which consists of approx 50 buildings, with each building having its’ own VLAN. 

 

> The initial idea was to install the APs so the IP address of the AP would be a part of the local building VLAN.  This is the IP the AP would use to talk back to the controller.  For user connections there would be two VLANs created which would be accessed through a single SSID.  The users would then be dynamically assigned to one of the two VLANs based on their logon credentials.  Currently all users are placed on the same VLAN after authentication, as our current installation is not capable of dynamic VLAN assignment.  There is currently only a single SSID in place.

 

> I would be interested to know what other have done and how successful it was.

 

 

> Thank you

> Bruce Entwistle

> Network Manager

> University of Redlands

 

 



> ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.




> ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Reply via email to