Solved

wireless access point -- business

Posted on 2014-03-16
5
1,301 Views
Last Modified: 2014-03-31
Currently the business I work for is all WIRED, but I want to plug some wireless access points into each building since some buildings are 2,000+ feet away from each other.

Possible Requirements
   1. setup GUEST network with individual user/pass for each GUEST
   2. setup WORKER network with individual user/pass for each WORKER
   3. possible RIGHTS to LIMIT each wireless users so they don't take up ALL my bandwidth
   4. ONE "website management" interface for the 10+ access points across buildings

What "access points" do you recommend ?
0
Comment
Question by:finance_teacher
5 Comments
 
LVL 17

Accepted Solution

by:
pergr earned 125 total points
ID: 39933543
Since you do not want to manually configure each AP for each guest, you should consider a system with a central controller.

Also, if you use a central controller, then you can "tunnel" all the guest connections to the controller, and give them internet from there, so that you do not need to create a guest VLAN across the campus.

One option is to get a FortiGate firewall, since these can also function as controllers for FortiAP access points. Then you get to configure both firewall and APs in one place.

Since it is a small deployment, any other controller based system should probably have the controller running as a VM on VMWare, in order to keep the costs down. I know Juniper does this - perhaps others too.

Other options are "cloud based" controllers, like the service from ADTRAN.
0
 
LVL 61

Assisted Solution

by:btan
btan earned 250 total points
ID: 39933628
you likely are segmenting out the various segment within the Wireless for different purpose and I supposed you have some sort of different SSID associated with those segment - I dont think it is optimal for each segment n/w to have one user, or one guest or one worker/vendor, tough to scale up. Also needed one WLAN controller to aggregate and manage all the APs which has minimally have PEAP/CHAPv2 for user/password , it is more secure for EAP/TLS1.2...

Wireless controller can have their internal user database to check identity but likely you are looking at external identity user db. So RADIUS will comes in minimally (or something like Microsoft NPS) is needed for the the authentication part which then help to assign the necessary segment n/w lan. Most of the time is web portal to key in credential and from there spawn off to various segments..

Some candidate for quick deployment include
 - Cisco Unified Wireless Guest Access Services that is self-contained and does not require any external platforms to perform access control, web portal, or AAA services. Also external RADIUS server can be used to authenticate guest users in place of creating and storing guest credentials locally. The cisco wireless faq helps to list the various components necessary including making the router wireless etc and also other controllers that can be used to support guest access in the unsecured network area


Other on WLC  feature are available in here

Q. What are the various options available to access the WLC?
    A. This is the list of options available to access the WLC:
        GUI access with HTTP or HTTPS
        CLI access with Telnet, SSH, or console access
        Access through service port

Q. How are guest users handled by WLC?
    A. Guest users are third-party network users, who needs limited access to the network resources and internet connectivity. WLC provides wireless and wired guest access using the existing wireless network infrastructure. Usually a separate SSID is provided for wireless guest users. Guest users on both the wired and wireless networks are assigned a separate VLANs, which provides isolation of guest traffic from the rest of the data traffic. This provides better control over the guest traffic and greater network security. Guest users are usually authenticated through Web authentication.

Q. Does the wireless LAN controller (WLC) locally support EAP-PEAP authentication?
    A. Through version 4.1, PEAP is not supported locally on the WLC. You need an external RADIUS server. With WLC version 4.2 and later versions, local EAP now supports PEAPv0/MSCHAPv2 and PEAPv1/GTC authentication.
in term of rate limiting, there is the basic QoS role to limit the bandwidth of guest clients. There is certain Cisco IOS version that support micro policing that allows for granular rate limiting in both the upstream and downstream directions.
0
 
LVL 38

Assisted Solution

by:lherrou
lherrou earned 125 total points
ID: 39934201
finance_teacher,

I'd take a look at the products offered by Open-Mesh (http://www.open-mesh.com/) in combination with the free Cloudtrax (https://www.cloudtrax.com) to managed your wireless net.

The Open-Mesh access points are inexpensive, and can be powered locally at each access point or by passive PoE (if you are already using PoE, make sure your injector is compatible with the Open-Mesh products).

Cloudtrax allows you to set up both a public and a private wireless net, both running through the same access points. The private net will be configured with standard single password for any user, the public one can be configured to require accepting "terms and conditions", or force users to obtain unique tokens (by purchase or provided by you) to access the network. You can set the total up/down bandwidth for each public user, duration they may use the net without reaccepting terms and conditions / providing new token, etc, etc.

Cheers,
LHerrou
0
 
LVL 61

Assisted Solution

by:btan
btan earned 250 total points
ID: 39934283
Something I missed out is the use of Wireless Bridge or Outdoor Access Point/Bridge, (some examples) and also the meshed AP network connected that consists mainly Root access point (RAP)  and Mesh access point (MAP). Normally all access points are configured and shipped as mesh access points. To use an access point as a root access point, you must reconfigure the mesh access point to a root access point. In all mesh networks, ensure that there is at least one root access point.

The RAPs have wired connections to their controller, and the MAPs have wireless connections to their controller. MAPs communicate among themselves and back to the RAP using wireless connections over the 802.11a radio backhaul. MAPs will have to determine the best path through the other mesh access points to the controller to avoid loops and latency esp critical for long range n/w.
0
 
LVL 38

Expert Comment

by:Aaron Tomosky
ID: 39934427
For hardware I prefer software based controllers like unifi http://www.ubnt.com/unifi
Or meraki
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Join & Write a Comment

Working settings for French ISP Orange "Prêt à Surfer" SIM cards for data connections only. Can't be found anywhere else !
#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now