cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
15411
Views
65
Helpful
62
Replies

ASK THE EXPERTS - WI-FI NETWORKS

ciscomoderator
Community Manager
Community Manager

Welcome to the Cisco Networking Professionals Ask the Expert conversation. This is an opportunity to get an update on different aspects of wireless network design and installation with Fred Niehaus.  Fred is a Technical Marketing Engineer for the Wireless Networking Business Unit at Cisco, where he is responsible for developing and marketing enterprise wireless solutions using Cisco Aironet and Airespace wireless LAN products. In addition to his participation in major deployments, Niehaus has served as technical editor for several Cisco Press books including the "Cisco 802.11 Wireless Networking Reference Guide" and "The Business Case for Enterprise-Class Wireless LANs." Prior to joining Cisco with the acquisition of Aironet, Niehaus was a support engineer for Telxon Corporation, supporting some of the very first wireless implementations for major corporate customers. Fred has been in the data communications and networking industry for more than 20 years and holds a Radio Amateur (Ham) License "N8CPI."

Remember to use the rating system to let Fred know if you have received an adequate response.

Fred might not be able to answer each question due to the volume expected during this event. Our moderators will post many of the unanswered questions in other discussion forums shortly after the event. This event lasts through July 16, 2010. Visit this forum often to view responses to your questions and the questions of other community members.

62 Replies 62

Hi Leo,

Thank you very much.Can you please conform following sepc's are ok to deploy.

Use two Cisco Aironet 1252G (a/b/g/n compatible) AP’s between the two buildings. This Access point is also able to support external antenna connectivity.

But this option is more expensive than previous.
Specs:
•    Wireless technology 802.11a/g/n
•    Data transfer rate (max) 300Mbit/s
•    Interfaces    1 x antenna - RP-TNC x 3

Antenna :
For the distance mentioned, a yagi antenna would be more suitable. 
AIR-ANT2410Y-R for the 2.4Ghz radio (with diversity turned off).
Gain -10 dBi
Connector- RP-TNC

However, I have a doubt with the antenna connector type (RP-TNC),I think AP has RP-TNC x 3interfaces(sockets), But the selected antenna(AIR-ANT2410Y-R) has only one RP-TNC jack.Is that correct?How it going to be connected to the AP(is there any special type of connecting arrangement available for this)?Please let me know.

Many thanks,

Amila

You could use only one antennae.  Just make sure you plug it directly into the "primary" and disable Diversity.

Take a look at the MIMO Patch antenna http://www.cisco.com/en/US/prod/collateral/wireless/ps7183/ps469/data_sheet_ant2460np.pdf

This is a directional antenna that will allow you to point the antenna at the other Bridge link.  The AP-1250 does not support the dish type antenna as the maximum gain for any antenna on the AP-1250 is 10 dBi.

Regards,

Fred

You can use a pair of 1300 or 1400 Series Bridges for this link as each will support up to 54 MB data rate.

Keep in mind the 54 Mb is the radio data rate with actual throughput being approximately half the radio data rate .

50m is an easy link distance to attain providing there are no obstructions but actual throughput will not be 54 MB

Another option might be to use a pair of AP-1250's in Bridge mode as they support faster 802.11n throughput speeds but those are indoor devices so you would need to mount the units inside with the antennas located outside (keeping antenna cables to very short distances) as there is a lot of loss in the cable at 2.4 and 5 GHz.

Using the AP-1250 you can achieve a radio data rate of 150 Mb so half of that (actual throughput) might be closer to what you require.

Regards,

Fred

jmprats
Level 4
Level 4

Hi, I’m not finding any secure method to authenticate wireless users through web portal in the WLC 5508 with a backbend database.

-          We have the option of using radius, but in this case WLC can only use CHAP or PAP, but they are not secure access methods. I could use Ipsec in the radius access but to allow CHAP access I have to enable reversible passwords in the Active Directory which is not a secure method to store passwords. So I cannot use radius

-          I could use LDAP, but WLC doesn’t support LDAP over SSL, so it transmits passwords in clear text and there is no option to make an ipsec connection between WLC and LDAP server. So I cannot use LDAP

Any help? Is there any secure method to authenticate web users?

Thanks

Is there any secure method to authenticate web users?

802.1x is an option but you won't be able to use H-REAP.

Sorry, but for web authentication the WLC only has radius, ldap or local authentication options.

802.1x is layer 2 authentication and web authentication is layer 3. I'm not doing layer 2 authentication for this wlan but I need to authenticate users with Active Directory through captive portal.

If I use radius, web authentication on the WLC only supports PAP or CHAP (I cannot understand why it doesn't support MSCHAPv2). If I use LDAP , it doesn't support LDAP over SSL. I think there is a lack of security for a device like this,

Thanks

fredn
Cisco Employee
Cisco Employee

Well Radius is how we do it today.

Given you do not wish to do CHAP or PAP this certainly limits your options.

You are correct when you say that WLC doesn't support LDAP over SSL but we are working to add this as I've seen some chatter where folks are working on this.

Unfortunately I can only recommend Radius.

Fred

I think it's a security hole for this device:

- LDAP without SSL transmits passwords in clear text, so I can't understand how this configuration option in the controller exists. In fact in older versions you could configure LDAP with TLS, so in newer versions there is less security! In this example you can see that: Choose Secure from the Server Mode drop-down box if you want all LDAP transactions to use a secure TLS tunnel http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a008093f1b9.shtml#localeap

- And Radius with CHAP or PAP with Windows Active Directory backbend database force to store passwords using reversible encryption which is the same as storing plaintext versions of the passwords, which is not admissible http://technet.microsoft.com/en-us/library/cc784581%28WS.10%29.aspx

So we don't have an option with minimal security requirements.

Any help?

Carl Perkins
Level 1
Level 1

Hi,  There

I have an issue that I hope you can help with. Wism controller with code 6.0.196.0 with 136 remote cisco 1242 Ap's connected. As of late I'm having to reset the Ap's to restore connectivity. When the remote site rings in I can see clients Associated and Authenticated to the Ap's but cannot ping the clients from the local router on the same subnet as the Ap's but can ping the Ap's with no loss of connectivity. WCS is on ver 6.0.181.0. I've just recently upgraded WISM from ver 4.2.61.0 to 4.2.176.0 to 6.0.196.0. It almost seems as if the device is going to sleep or loses connectivity to the controller? This is happening at random sites but constantly resetting the Ap's cures the issue. Any help or suggestions would be greatly appreciated.

Kind Regards,

Carl

There's a bug in the 6.X code where clients stops responding for a duration in time.  Cisco is asking everyone listening/reading to avoid 5.X or 6.X codes.  Upgrade to the 7.X and see if you find any improvements.

Please don't forget to rate useful posts.  Thanks.

Leo Laohoo
Hall of Fame
Hall of Fame

Fred?  Oh Fred, where are you????  

ahmedbishry
Level 1
Level 1

Hi,

I need your help, I setup AP-1310 as a Root Bridge in main site and AP-1310 as a Non Root Bridge in the Remote site, the Distance between them 2 Kilometers, I need to know the fellowing:

1- which the best power option for both.

2- what is best way to know the signal strength between Both Access points (because I don't know where to see the signal strength between the Root Bridge and Non Root Bridge) .

3- how Can I align the Antenna in both access point for the both sites.

Thanks in Advanced,

Ahmed,

The best power option for the 1300 is the standard power injector.

If however you are using mobility applications (say you were mounting the Bridge in a vehicle or on a mountain top using solar panels) then rather then using the standard injector that uses 48 VDC you would want to order the injector with a "T" in the part number as the T stands for "Transportation Injector" as that injector uses + 12 volts (for car and solar applications).

The best way to know the signal strength (without consoling in) would be to simply look at the LED lights the blink pattern will tell you.

Another way is to console or browse into the device.  For the LED patterns see the hardware installation guide at this URL

http://www.cisco.com/en/US/docs/wireless/access_point/1300/installation/guide/1300hig_book.pdf

To align (for best performance) you should be able to see your other units (clear line of sight) some folks use binoculars or they might make a bigger target like a cluster of helium balloons and initially point the Root Bridge to the non root site.  Once you get the root unit installed then go to the non-Root and align to it (as previously described).

Regards,

Fred

Hi,

I wonder if there is any easy way to know the signal strength of the 1300 bridge (except by lead light because the access point is up high on the tower), because always I wonder how much the signal strength become, after I successful connect the 1300 Bridge and I want to tel the client how much signal strength he has.

I also setup an(WLC V.6) 4402 and I add many 1130 LAP to it, every thing is works fine but suddenly there is a problem with some of the 1130LAP, when two or more 1130 LAP close to each other one of theme works by broadcasting SSID but the other who are close to it is not sending SSID, but when I turnoff one who is working the other works fine and send ssid, so at last one of theme works fine every time, and not all of theme at the same time, when I check in my WLC I found all of the LAP 1130 is registered and have the HREAP Mode.

Thanks in advanced,

Review Cisco Networking for a $25 gift card