Hi, I'm considering moving from Sonicwall to ISA500s as my standard...haven't really seen this discussed anywhere yet.
I often have clients who start small with a basic UTM, where the built-in wireless is sufficient...
...then they grow, or decide to expand wireless coverage to the warehouse, or realize that there are areas of the office that don't have enough coverage.
So they decide they'd like to expand the wireless network by adding an access point.
Can the built-in wireless access point in an ISA550w/ISA570W be expanded by adding another access point on the network, to give a mesh setup..allowing seamless coverage on the same SSID? (Similar to what Meraki can do with MX+MR devices)
(With my current Sonicwalls I get pushback because the customer already paid for the built-in AP that can't be used because it can't create a network with others...)
If so, what devices would work as WAP add-ons?
Hi Gregory, thanks for using our forum, my name is Johnnatan and I am part of the Small business Support community. I apologize for the issues you are having, however you can not extend the signal of the ISA 500. These devices are made for security features such as VPN, firewall, ACL, Web-filter, IPS not for repeat the wireless signal or extend it.
I hope you find this answer useful,
**Please rate useful posts so other users can benefit from it**
Johnnatan Rodriguez Miranda.
Cisco Network Support Engineer.
If I understand what you are trying to achieve, you can allow users to roam between ISA500 internal AP and an external AP and protect the past investment.
To accomplish this, one can configure the same SSID and same authentication methods (and key/password) on the internal AP of ISA500 and the external APs. You would also want to place the external AP in the same VLAN as the extenral AP. This way when client roams, it would be able to maintain the same IP address and keep existing sessions that have layer 3 dependancy. It is possible having some packet drops during the hand-off between the AP. However, this should be only few packets.
We tested with Cisco WAP121 earlier and it works fine. We only see 2-3 packet loss.
About manging an external AP signal, John is correct that ISA500 doesn't provide that functionality.
Cisco has cluster APs or controller to manage that but it's not in ISA500.
Another point is the wireless feature on the ISA500 provides security wireless and hotspot services, not just internal employee wifi access.
The wireless function on ISA500 offers rouge AP detection allowing business to detect any unauthorized AP. It also provides guest wifi access with captive portal. That is a business can enable its guest/visitor to access Internet while preventing them from access internal business networks. Prior accessing the Intenret, the guest would be directed to a portal to acknolwedge any business policy or optionally enter guest password. These can be the values for your customers to invest on WiFi model of ISA500 even they may grow to use external APs later.
Few other values may help to communicate with your current customers to adopt ISA500:
- the wireless function on ISA500 can also support captive portal (hot spot like service mentioned above) with an external AP
- in general, ISA500 has a relative higher performance especially when it comes to "UTM" performance
- it provides high-level security protections - it is integreted with Cisco enterprise class security solution, such as Cisco Security Intelligence Operations (SIO), which is one of the largest threat analysis systems
Hopefully this more or less helps.
Sorry to jump in on this thread, but i have a fairly similar question.
We're currently using the ISA550W and it's wireless features are great, however we need more coverage for the network. Would something like a WAP121 work (wired of course) with the ISA 550W, providing the similar functions (captive portal, network separation, host isolation etc)? We want to make sure we can access the internal company network, but also provide a safe guest network.
There's no reason it wouldn't technically work. One thing to keep in mind is that you would need to mirror the wireless settings from the ISA on the other WAPs so there is the appearance of seamless wireless even though the ISA and APs won't actually interact.
Sent from Cisco Technical Support iPhone App
Great, exactly as i was thinking. I just wasn't sure if the wap121 would have the required functionality.
Thanks for the help