Associate
- Joined
- 23 Dec 2002
- Posts
- 1,495
- Location
- Under my desk
ISE is looking good, hopefully they'll release 1.2 so as I really want MDM tie in. Trying to do a POC in a test lab at the moment but being hampered by cert issues 
Enterprise WLAN
- Thread starter kefkef
- Start date
You configure your WLC through CLI? What about CUCM?
I configured my last CME install using CLI
The 3850 recently announced for Cisco seems to point the towards the mesh route in future developments rather then the controller only based. Seems an ok product but for the moment can't really support being a decent switch and WLC, just makes an ok halfway house between the two.
Hi kefkef,
How many AP's are you looking at deploying, across how many sites and approx how many expected clients?
The reason I ask is that the 8500 WLC is aimed at large enterprise or Service Provider with 300-6000 AP's and many thousands of clients (apologies if you know this already!).
If you have any specific questions feel free to fire away or drop me a message - I work for an Advanced Wireless certified Cisco Partner so would be happy to review any specs or answer Q's you have.
Paul.
How many AP's are you looking at deploying, across how many sites and approx how many expected clients?
The reason I ask is that the 8500 WLC is aimed at large enterprise or Service Provider with 300-6000 AP's and many thousands of clients (apologies if you know this already!).
If you have any specific questions feel free to fire away or drop me a message - I work for an Advanced Wireless certified Cisco Partner so would be happy to review any specs or answer Q's you have.
Paul.
Sounds good.
I've been playing with AVC (Application Visibility & Control) in our lab this week which is a new feature in WLC version 7.4 code. It's something that has been missing from Cisco's WLC feature list for a while and uses NBAR to classify traffic and allows you to view traffic stats based upon application type - i.e. you can see how much YouTube traffic, Skype traffic, Citrix etc. You can then use this to set up rules and either drop certain traffic types or you can re-mark QoS/CoS values.
It probably (hopefully) won't be an issue when you come to deploy but the latest 7.4 WLC code requires your Prime software must be on version 1.3 which hasn't been released yet....d'oh!
I've been playing with AVC (Application Visibility & Control) in our lab this week which is a new feature in WLC version 7.4 code. It's something that has been missing from Cisco's WLC feature list for a while and uses NBAR to classify traffic and allows you to view traffic stats based upon application type - i.e. you can see how much YouTube traffic, Skype traffic, Citrix etc. You can then use this to set up rules and either drop certain traffic types or you can re-mark QoS/CoS values.
It probably (hopefully) won't be an issue when you come to deploy but the latest 7.4 WLC code requires your Prime software must be on version 1.3 which hasn't been released yet....d'oh!
Looking at putting in a wireless network at my employer, but because of security concerns it can't be directly connected to our enterprise network and must be segregated, most likely by firewalls if not completely standalone.
I'm thinking that because this is going to be segregated from our enterprise network, that staying with an online managed system is for the best but I only know of Aerohive and Meraki who are doing this. We've already got some Aerohive access points for a guest network being managed by HiveManager Online, but I don't really like the interface. Are there any other manufacturers I should be considering ?
I'm thinking that because this is going to be segregated from our enterprise network, that staying with an online managed system is for the best but I only know of Aerohive and Meraki who are doing this. We've already got some Aerohive access points for a guest network being managed by HiveManager Online, but I don't really like the interface. Are there any other manufacturers I should be considering ?
It makes sense to break down your thinking into 2 layers - the physical wireless deployment and then the logical traffic flows & separation.
From a physical point of view I see no reason why this cannot sit on top of your existing enterprise network as an expansion of your infrastructure. When it then comes to how you logically handle the wireless traffic you can achieve the desired security / segregation by ensuring all wireless traffic is placed into it's own VLAN (or multiple VLANs for different wireless traffic types) and then each VLAN has layer 3 termination onto a firewall where you can apply whatever level of restriction and filtering is required.
Even from a PCI-DSS point of view VLANs are generally accepted to be an adequate level of security and separation if implemented correctly and with firewalls to control inter-VLAN traffic flows.
So based on the above I wouldn't discount any on-premise solution and Cisco would certainly be in the ring for me.
From a physical point of view I see no reason why this cannot sit on top of your existing enterprise network as an expansion of your infrastructure. When it then comes to how you logically handle the wireless traffic you can achieve the desired security / segregation by ensuring all wireless traffic is placed into it's own VLAN (or multiple VLANs for different wireless traffic types) and then each VLAN has layer 3 termination onto a firewall where you can apply whatever level of restriction and filtering is required.
Even from a PCI-DSS point of view VLANs are generally accepted to be an adequate level of security and separation if implemented correctly and with firewalls to control inter-VLAN traffic flows.
So based on the above I wouldn't discount any on-premise solution and Cisco would certainly be in the ring for me.
Unfortunately, I live in the the realms of CESG and they don't trust VLANS, so they are a no-no for segregating different security levels. All the wireless network guidance from them specifies that all the access points are firewalled off and clients then have the VPN back into your network. Fun fun fun.
We're still wondering though about having an on premises solution, but having the management located within the less secure network and then allowing specific clients through to it for admin purposes.
We're still wondering though about having an on premises solution, but having the management located within the less secure network and then allowing specific clients through to it for admin purposes.
Associate
- Joined
- 5 Feb 2009
- Posts
- 424
Wireless. ARGH! Doing this at the moment and if I've learned anything it's that wireless is a complete nightmare. All vendors think they are best, it's very difficult to stress test equipment because of the scale.
However, be keen to make them fight one another for your custom. So far I've managed to drop from almost 80k on some solutions to between 38 and 55 for a 100AP dual controller solution.
For high client density you need to look outside the traditional network vendors. The disruptive technology is with the startups - in a few years time after some M&A activity it'll probably end up back with the giants but for now, look beyond the likes of Cisco IMO.
However, be keen to make them fight one another for your custom. So far I've managed to drop from almost 80k on some solutions to between 38 and 55 for a 100AP dual controller solution.
For high client density you need to look outside the traditional network vendors. The disruptive technology is with the startups - in a few years time after some M&A activity it'll probably end up back with the giants but for now, look beyond the likes of Cisco IMO.