Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
385
Views
0
Helpful
1
Replies

Case study - wireless and wired network

faustopaiva27
Level 1
Level 1

‎11-25-2006 04:21 PM - edited ‎07-03-2021 01:17 PM

Good night,

My company need to do a network project. The topology is the following:

- Around two hundred units each one at a distinct subnet. One unit may not to communicate with other, only with router.

- It's have wireless signal at any local. For this will be used access points.

Three user types will exist: 1 - The no registred ones; 2 - The registered ones but with only internet access; 3 - The registered ones with full network access. It's have 3 buildings and one CPD (building 2).

The security is the most concern (at layer 2). One idea that I have was use VLAN, one per unit. Each unit access only switch port and router port (multi-vlan port). With 3560 series switches it's possible? One cluster where one switch see others VLAN?

The idea is all unit or access point arrive at router first and there the MAC address will be denied or will not.

I only have experience at to divide networks using layer 3 (per IP address). VLAN I did only in the same switch.

Sorry my english, it's not my native language.

Thanks for help.

Labels:
0 Helpful
1 Reply 1

scottmac
Level 10
Level 10

‎11-26-2006 07:52 AM

Most of what you want to do can be done by associating an SSDI to a given VLAN.

You can prevent one wireless client from talking to anther by enabling "Public Secure Packet Forwarding" (PSPF) on the APs.

If you use RADIUS (or TACACS+, I believe) you can do authentication / filtering by MAC address at the AP (or you can still do it later in the network, if you want).

Cisco ACS would be a good choice for authentication and authorization. It can do the MAC auth, it can access credentials from external databases (i.e., Microsoft AD, Novell Directory, LDAP, SQL ...)

You may also want to use some flavor of "captive portal" (Cisco's is "BBSM") which will force guest users to acknowledge the company's "guest usage policy" before proceeding.

Are you looking to use standalone (Aironet) or LWAP (Airespace)?

You could use either, but depending on which you choose may change the back-end setup / infrastructure.

Good Luck

Scott

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card