Starrett2005
asked on
Questions about Cisco Wireless setup.
Hello Experts,
We are implementing a wireless warehouse inventory scanning system and I would like to make it as secure as possible.
Network Infrastructure is Dell layer2 switches - one subnet.
Access Points are Cisco AP1242AG
1) I would like to restrict the wireless hand-held scanner devices to only certain LAN IP's, Is this possible? Example please.
2) I would like to allow laptops to connect to the same AP's but restrict them to only the Internet, Is this possible? Example please.
3) I would like to use the same SSID's on all AP's for the hand-held scanners as well as the laptop access with the same restrictions, Is this possible? Example please.
4) Recommendations?
Let me know if any more detail is needed.
Thanks
We are implementing a wireless warehouse inventory scanning system and I would like to make it as secure as possible.
Network Infrastructure is Dell layer2 switches - one subnet.
Access Points are Cisco AP1242AG
1) I would like to restrict the wireless hand-held scanner devices to only certain LAN IP's, Is this possible? Example please.
2) I would like to allow laptops to connect to the same AP's but restrict them to only the Internet, Is this possible? Example please.
3) I would like to use the same SSID's on all AP's for the hand-held scanners as well as the laptop access with the same restrictions, Is this possible? Example please.
4) Recommendations?
Let me know if any more detail is needed.
Thanks
ASKER
1) I would like to restrict the wireless hand-held scanner devices to only certain LAN IP's, Is this possible? Example please.
A) Depending on number of hand-held devices, static DHCP leases may be your best bet. Assuming you have a central DHCP server or router, just add the leases there and configure each AP to perform DHCP pass-through via web interface or CLI.
Q) (15 devices)Would the restriction to the application server IP be done with ACL's as well?
2) I would like to allow laptops to connect to the same AP's but restrict them to only the Internet, Is this possible? Example please.
A) Those Cisco APs have support for ACLs - create an ACL to permit IP traffic to your internal subnet, and the final entry in the ACL to deny all other destinations.
Q) Do I need multiple VLANs for different restrictions on SSID's? And if so, do my network switches need to support VLAN trunking on the ports the Aironet are connected?
3) I would like to use the same SSID's on all AP's for the hand-held scanners as well as the laptop access with the same restrictions, Is this possible? Example please.
A) You can do this - any APs that have overlaping signal are best set 5 channels apart to prevent interference - e.g. AP1 is on channel 6 and is within range of AP2 so put AP2 on channel 11.
Q) Will this be OK if all Aironet AP's are configured as root? I'm hoping the same SSID will prevent an connection poblems when a device moves into range of another AP.
A) Depending on number of hand-held devices, static DHCP leases may be your best bet. Assuming you have a central DHCP server or router, just add the leases there and configure each AP to perform DHCP pass-through via web interface or CLI.
Q) (15 devices)Would the restriction to the application server IP be done with ACL's as well?
2) I would like to allow laptops to connect to the same AP's but restrict them to only the Internet, Is this possible? Example please.
A) Those Cisco APs have support for ACLs - create an ACL to permit IP traffic to your internal subnet, and the final entry in the ACL to deny all other destinations.
Q) Do I need multiple VLANs for different restrictions on SSID's? And if so, do my network switches need to support VLAN trunking on the ports the Aironet are connected?
3) I would like to use the same SSID's on all AP's for the hand-held scanners as well as the laptop access with the same restrictions, Is this possible? Example please.
A) You can do this - any APs that have overlaping signal are best set 5 channels apart to prevent interference - e.g. AP1 is on channel 6 and is within range of AP2 so put AP2 on channel 11.
Q) Will this be OK if all Aironet AP's are configured as root? I'm hoping the same SSID will prevent an connection poblems when a device moves into range of another AP.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
2) Those Cisco APs have support for ACLs - create an ACL to permit IP traffic to your internal subnet, and the final entry in the ACL to deny all other destinations.
3) You can do this - any APs that have overlaping signal are best set 5 channels apart to prevent interference - e.g. AP1 is on channel 6 and is within range of AP2 so put AP2 on channel 11.