Solved

New Cisco Wireless Configuration

Posted on 2012-04-10
1
867 Views
Last Modified: 2013-04-11
we have just purchased a Cisco aeronet hardware setup for our multiple offices, to replace a very shaky Sonicpoint configuration (2 years with open support tickets with Sonicwall for dropping connections, and still no solutions!).

The plan is to set up across our 3 sites, with 2 3501 APs in our London and Manchester offices, and 1 3501 in our smaller Liverpool office; with the central 2504 controller in our Manchester office.  We currently use separate private and public SSIDs at each site, but i am planning to make this just a single SSID for public, and another for Private network.  From my understanding, I will need to configure the remote APs for H-REAP and also will need to setup VLANs for this all to work properly.  

The previous configuration was a lot simpler, due to the Sonicwall NSA4500 firewalls at each site managing the VLANning and general running of the APs at each site!  We are also running true-IP Mitel phones at each site, running through HP Procurve 5400 series PoE switches - very simple configuration, VLAN 1 for data (untagged), VLAN 2 for voice (tagged).

After reading through the multiple documents on Cisco's website I am (as usual with Cisco) a little bogged down in how best to set this configuration up!  There are mentions of using just 1 port on the 2504 for management and trunking to the switch, and others mention using a spearate port for the data trunk.  I am also unclear about how to route the public SSID out through each of the NSA4500 firewalls at each site locally.  

Can anyone offer some advice please?
0
Comment
Question by:Amaze_IT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 46

Accepted Solution

by:
Craig Beck earned 500 total points
ID: 37832605
Firstly, you don't absolutely HAVE TO use H-REAP.  If you have good WAN links and latency is <300ms you can do this without using H-REAP.  The only problem here is that if the WAN link fails between the AP and the controller, your WLAN is DOWN at that site.  If this is acceptable, I'd do it this way.

However, if you need the WLAN to function when the WAN link goes down (or the controller fails) you need to use H-REAP and implement VLANs at your offices.  Choose a different VLAN ID for each office to keep things separate, and create H-REAP AP groups on the controller.

The Cisco H-REAP guide is pretty straight forward from the controller side of things, it's just understanding the switching modes that throws people.  Basically you'll be using a local-local method if you want to use H-REAP, so think of it as a normal trunk port at the switch level.

I'd use one port for the controller - implementing separate ports is confusing and unnecessary for your implementation.
0

Featured Post

Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Last Mile Wireless The term last mile wireless is a bit deceptive as it can be much more than a mile. It is also called WiMax and 802.16. It generally refers to relatively short distance point-to-point / point-to-multipoint secure wireless connecti…
This article is split into background info to start and actual review at bottom: Some time ago I wanted to sell a system with both wired and wireless capability but at minimum expense.  Having visited my trusted online auction I was pleasantly su…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question