Cisco Aironet 1600/2600/3600

Author	All Replies
tomkb Premium join:2000-11-15 Tampa, FL kudos:5	Cisco Aironet 1600/2600/3600 Hi Group, I'm leaning toward buying 2 cisco 2600 access points for our office. My goal is to eliminate the residential style access points. The issue is security/management. Each time someone leaves the company, the password needs to be changed, and then all the laptops need to be changed. Looking for a better managed solution. I am aware that cisco also offers controllers to simplify management, but since we are only needing 2 access points, I want to know if I can successfully integrate these 2 access points with active directory without a controller. A couple of other questions. Is a radius server required for this or can the AP's directly talk with AD via LDAP. Without a controller, does each AP require a different SSID? Is any software required to be installed on the laptops (win xp and 7) Any advantages to using a controller for a 2 AP system? Thanks for the info.
	to forum · permalink · 2013-01-15 20:15:37 ·
HELLFIRE join:2009-11-25 kudos:7	To the best of my knowledge... said by tomkb: Is a radius server required for this or can the AP's directly talk with AD via LDAP. AAA config for this would direct authentication requests to a TACACS or Radius server, so yes you would need a seperate RADIUS server. said by tomkb: Without a controller, does each AP require a different SSID? Depends what you're trying to accomplish. If it's seamless roaming, you'd only want one SSID, typically. said by tomkb: Is any software required to be installed on the laptops (win xp and 7) A supplicant MAY be needed, but I'm not sure off the top of my head. Regards
	to forum · permalink · 2013-01-16 02:08:49 ·
tomkb Premium join:2000-11-15 Tampa, FL kudos:5	reply to tomkb Yes, I would like seamless roaming and a single SSID, but is it possible without a controller? Tom
	to forum · permalink · 2013-01-17 11:13:15 ·

TomS_ Git-r-done Premium,MVM join:2002-07-19 London, UK kudos:4	reply to tomkb 802.1x? You install the certificate on the device, issued by the company, and when they leave and hand back all company equipment, the only credentials to get on the network go back with it. Naturally you dont install the certificate on BYO devices, they would connect to a "guest" SSID, for example.
	to forum · permalink · 2013-01-17 12:34:12 ·
HELLFIRE join:2009-11-25 kudos:7	reply to tomkb said by tomkb: Yes, I would like seamless roaming and a single SSID, but is it possible without a controller? If it can be done with two home wireless routers, no reason it can only be done with the controller. The whole point of a controller is to manage multiple APs simutaneously and centrally, there's really nothing special beyond that. Regards
	to forum · permalink · 2013-01-17 13:07:26 ·
tomkb Premium join:2000-11-15 Tampa, FL kudos:5	said by HELLFIRE: said by tomkb: Yes, I would like seamless roaming and a single SSID, but is it possible without a controller? If it can be done with two home wireless routers, no reason it can only be done with the controller. The whole point of a controller is to manage multiple APs simutaneously and centrally, there's really nothing special beyond that. Regards The thing that would be important to me is only 1 ssid shows up no matter how many AP's.
	to forum · permalink · 2013-01-17 15:38:49 ·
Delco24 join:2004-02-15	reply to HELLFIRE said by HELLFIRE: said by tomkb: Yes, I would like seamless roaming and a single SSID, but is it possible without a controller? If it can be done with two home wireless routers, no reason it can only be done with the controller. The whole point of a controller is to manage multiple APs simutaneously and centrally, there's really nothing special beyond that. Regards Not exactly - the WLC also allows you to cache the client's PMK so you don't have to do a full re-auth every time you roam. This is absolutely critical if you are doing wireless voice or anything that needs fast roaming. Without the WLC, the client has to connect to each AP first and do a full backend auth against your RADIUS server before its PMK is cached on that AP alone. OP, just to add to what's already been said, you can do seamless roaming by using the same SSID across both APs. You will need a RADIUS server to process authentications with AD (you can use Microsoft's NPS to do this which is built into W2K8) as the standalone APs can't do LDAP, and the WLC has very limited LDAP capabilities (only usable with Web Authentication).
	to forum · permalink · 2013-01-17 18:11:40 ·
tomkb Premium join:2000-11-15 Tampa, FL kudos:5	reply to tomkb Thanks for all your replies. I've settled on the 2602i with 2504 controller. Tom
	to forum · permalink · 2013-01-17 22:55:34 ·

Equipment Support > Hardware By Brand > Cisco > Cisco Aironet 1600/2600/3600