01-07-2014 09:46 AM - edited 03-04-2019 10:00 PM
I am trying to get my head around what products I need to set up a secure wireless network.
1. I need something that can make a PPPoE connection with username and password to my ISP for Internet.
2. I'd like to create private vlans to separate areas of the network by port.
3. I'd like to be protected from brute force WPA key attacks and have dhcp snooping
4. I'd like to be able to define the range of the wireless network.
That about sums it up but as I'm new to this kind of configuration it doesn't come easily to me.
General info:
All in all there'll be 30 devices max (mostly wireless) out of which there will be 6 wired clients
I do have a cisco sg200-08 and would be glad if it met the above requirements so that i could integrate it into the network.
Mainly I'm asking if i'm looking at a
router->devices config or a
router->switch->devices config or a
switch->router->devices config.
And if so which cisco router/switch would you recommend?
01-08-2014 09:12 AM
How many AP's do you think you'll need? I don't understand #4, can you eloborate a little? You mention private VLAN's. Do you mean you want multiple VLAN's or do you want PVLAN's?
01-08-2014 09:16 AM
Hey there, well this only opens up further questions. Will wireless be centralized at one location, any plans for growth of your WLAN?
Depending on what you want to accomplish you will need something similar to the folllowing
Option 1 - Centrally Managed WLAN
1. Wireless LAN Controller
2. LWAPP (I would recommend 2 AP's at least for 30 users)
3. L3 Switch (L3, you did mention segementation of the network)
4. Router (be it from your provider or you manage it, this will route LAN to WAN *Internet*)
5. NPS Server for dot1x authentication (MS 2008 R2 would work, most likely have one in the environment already?)
Option 2 - Autonomous WLAN
1. Wireless Access Points (autonomous, 2 at least)
2. L3 Switch
3. Router
4. NPS server for dot1x authentication
You will need power adapters for the AP's as the Cisco 200-08 isn't not POE capable. The only thing I am confused on (i'm not smart afterall) is
1. I need something that can make a PPPoE connection with username and password to my ISP for Internet.
Why do you need username/password to connect to your ISP? What kind of circuit do you have coming into the site? T1? DS3? As I said, lots of questions
Also, as far as switch, you could most likely get away with a 48 port 3560 POE (100MB) or you could get fancy and go Gig and get a 3560G. Also make sure the AP you select can be powered by the 3560 POE
As far as segmentation, keep it simple. Something like
Mgmt - 192.168.10.0/24 (Use this segment only to manage switches, routers)
Data - 192.168.20.0/24 (This will be for the users who are wired)
Wireless Mgmt - 192.168.30.0/24 (Could be used if you go with a centralized WLAN solution, controller and AP's on this segment only)
Wireless - 192.168.40.0/24 (Wireless Network segment)
Now on your L3 switch, define your VLANs and SVI's
VLAN 10 - Mgmt
VLAN 20 - Data
VLAN 30 - WirelessMGMT
VLAN 40 - Wireless
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide