Re: [WIRELESS-LAN] Wireless design

Thu, 09 Jun 2011 14:35:33 -0700 

Bruce, 

For administrative reasons, we find it very helpful to have all our wireless 
users contained to "wireless only" IP ranges. This way, we can configure our 
IPS/IDS sensors, packet inspectors, etc to keep a more suspicious eye on 
wireless users (ie unmanaged, potentially dirty laptops) . We also don't have 
to worry about ensuring there are enough free IP addresses in each particular 
location to handle any potential transient surges (like during a large 
conference for example). 

Regards, 
Craig 



                SFU     SIMON FRASER UNIVERSITY 
        Network Services 
        

Craig Simons 
Network and Systems Administrator 

Phone: 778-782-8036 
Cell: 604-649-7977 
Email: [email protected] 
Twitter: simonscraig 


----- Original Message -----
From: "Mike King" <[email protected]> 
To: [email protected] 
Sent: Wednesday, 8 June, 2011 18:15:06 
Subject: Re: [WIRELESS-LAN] Wireless design 

The real short answer is that it does not matter what the IP address of the AP 
is, as long as it has good stable communications with the controller. 


What I personally try to do is what you are proposing, put the APs for each 
building/floor it's own subnet. 


Good luck 


Mike 


On Wed, Jun 8, 2011 at 6:54 PM, Entwistle, Bruce < [email protected] 
> wrote: 






We will soon be migrating our wireless network from Cisco autonomous 1231 APs 
to a combination of Cisco 3502i along with some of the existing 1231 APs 
converted to lightweight. As we prepare for this we are looking at how to best 
architect the new network. The new network will cover the entire campus which 
consists of approx 50 buildings, with each building having its’ own VLAN. 



The initial idea was to install the APs so the IP address of the AP would be a 
part of the local building VLAN. This is the IP the AP would use to talk back 
to the controller. For user connections there would be two VLANs created which 
would be accessed through a single SSID. The users would then be dynamically 
assigned to one of the two VLANs based on their logon credentials. Currently 
all users are placed on the same VLAN after authentication, as our current 
installation is not capable of dynamic VLAN assignment. There is currently only 
a single SSID in place. 



I would be interested to know what other have done and how successful it was. 





Thank you 

Bruce Entwistle 

Network Manager 

University of Redlands 



********** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/ . 




********** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 


**********
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Reply via email to