dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
4180
share rss forum feed


tomkb
Premium
join:2000-11-15
Tampa, FL
kudos:5
Reviews:
·Verizon FiOS

Cisco Aironet 1600/2600/3600

Hi Group,

I'm leaning toward buying 2 cisco 2600 access points for our office.

My goal is to eliminate the residential style access points. The issue is security/management. Each time someone leaves the company, the password needs to be changed, and then all the laptops need to be changed. Looking for a better managed solution.

I am aware that cisco also offers controllers to simplify management, but since we are only needing 2 access points, I want to know if I can successfully integrate these 2 access points with active directory without a controller.

A couple of other questions.

Is a radius server required for this or can the AP's directly talk with AD via LDAP.

Without a controller, does each AP require a different SSID?

Is any software required to be installed on the laptops (win xp and 7)

Any advantages to using a controller for a 2 AP system?

Thanks for the info.

HELLFIRE
Premium
join:2009-11-25
kudos:18
To the best of my knowledge...

said by tomkb:

Is a radius server required for this or can the AP's directly talk with AD via LDAP.

AAA config for this would direct authentication requests to a TACACS or Radius server, so yes you would need a seperate RADIUS server.

said by tomkb:

Without a controller, does each AP require a different SSID?

Depends what you're trying to accomplish. If it's seamless roaming, you'd only want one SSID, typically.

said by tomkb:

Is any software required to be installed on the laptops (win xp and 7)

A supplicant MAY be needed, but I'm not sure off the top of my head.

Regards


tomkb
Premium
join:2000-11-15
Tampa, FL
kudos:5
reply to tomkb
Yes, I would like seamless roaming and a single SSID, but is it possible without a controller?

Tom


TomS_
Git-r-done
Premium,MVM
join:2002-07-19
London, UK
kudos:5
reply to tomkb
802.1x?

You install the certificate on the device, issued by the company, and when they leave and hand back all company equipment, the only credentials to get on the network go back with it.

Naturally you dont install the certificate on BYO devices, they would connect to a "guest" SSID, for example.

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to tomkb
said by tomkb:

Yes, I would like seamless roaming and a single SSID, but is it possible without a controller?

If it can be done with two home wireless routers, no reason it can only be done with the controller.
The whole point of a controller is to manage multiple APs simutaneously and centrally, there's really
nothing special beyond that.

Regards


tomkb
Premium
join:2000-11-15
Tampa, FL
kudos:5
Reviews:
·Verizon FiOS
said by HELLFIRE:

said by tomkb:

Yes, I would like seamless roaming and a single SSID, but is it possible without a controller?

If it can be done with two home wireless routers, no reason it can only be done with the controller.
The whole point of a controller is to manage multiple APs simutaneously and centrally, there's really
nothing special beyond that.

Regards

The thing that would be important to me is only 1 ssid shows up no matter how many AP's.

Delco24

join:2004-02-15
Cary, NC
reply to HELLFIRE
said by HELLFIRE:

said by tomkb:

Yes, I would like seamless roaming and a single SSID, but is it possible without a controller?

If it can be done with two home wireless routers, no reason it can only be done with the controller.
The whole point of a controller is to manage multiple APs simutaneously and centrally, there's really
nothing special beyond that.

Regards

Not exactly - the WLC also allows you to cache the client's PMK so you don't have to do a full re-auth every time you roam. This is absolutely critical if you are doing wireless voice or anything that needs fast roaming. Without the WLC, the client has to connect to each AP first and do a full backend auth against your RADIUS server before its PMK is cached on that AP alone.

OP, just to add to what's already been said, you can do seamless roaming by using the same SSID across both APs. You will need a RADIUS server to process authentications with AD (you can use Microsoft's NPS to do this which is built into W2K8) as the standalone APs can't do LDAP, and the WLC has very limited LDAP capabilities (only usable with Web Authentication).


tomkb
Premium
join:2000-11-15
Tampa, FL
kudos:5
reply to tomkb
Thanks for all your replies. I've settled on the 2602i with 2504 controller.

Tom