11-15-2011 09:02 AM - edited 07-03-2021 09:04 PM
Hi All
Excuse the newbee question!
We have "Cisco Aironet 1000 Series Lightweight Access Points" in the ceiling of the office.
We have been recommended that we purchase Cisco ASA 5505 (entry level firewall device) to control the these wireless access points.
However, I don't understand why we would need to buy a firewall to do this!
Is it possible that someone has got confused with the "Cisco 5500 Series Wireless Controllers" or can an ASA device be used to control wireless access points?
Thanks!
John
Solved! Go to Solution.
11-15-2011 11:21 AM
John,
If you look at the ASA documentation, there is no support for wireless access points at all. That is a firewall! If you look at the access point documentation, you will see the required hardware which is a wireless lab controller. Maybe you should look at another provider.
Sent from my iPhone
11-15-2011 01:51 PM
We did query the fact with the company when they made the recommendation, however they reiterated their confirmation.
I'd trust Scott than the company you bought these ancient 1000 from.
Other than Scott, I know for a fact that an ASA cannot control a WAP. However, an ASA can BLOCK ports used to send packets to-and-from the WAP. That's as far as the ASA can do to "control" a WAP.
11-15-2011 03:15 PM
Leo,
I will say there are some engineers in Cisco that believe in shaping the signal and as such will deploy external antennas. This doesn't mean 100% external antennas, but a reasonable mix.
11-16-2011 05:46 AM
Hi John,
Just to add a wee note to the great info from our friends Scott, Leo
and George here (+5 each guys)
The 1000 series of Cisco AP's were only supported on the WLC 4400
series up to release 4.2.207.0 which was quite a long time before the 5500
series of WLC's was released. The 4400 series and the old 1000 series
AP's are both EoL so you are likely looking at a total revamp of your wireless
infrastructure at this point. We are going through the same process right now
moving to Clean Air on the 5500's and it's been a very worthwhile change.
http://www.cisco.com/en/US/products/ps10315/prod_release_notes_list.html
Cheers!
Rob
11-15-2011 09:12 AM
They are wrong.. You need a WLC5508
Sent from my iPhone
11-15-2011 09:51 AM
Hi Scott
Thanks.
We did query the fact with the company when they made the recommendation, however they reiterated their confirmation.
Therefore, is there any documentation/link that you know of that we could use to illustrate the fact that the ASA device doesn't do what they are suggesting? Their confidence has made me wonder whether there is something they know about the ASA 5505 that we don't!
I understand that if that all the answer you can give it that "that is how it is!"
Thanks
John
11-15-2011 11:21 AM
John,
If you look at the ASA documentation, there is no support for wireless access points at all. That is a firewall! If you look at the access point documentation, you will see the required hardware which is a wireless lab controller. Maybe you should look at another provider.
Sent from my iPhone
11-15-2011 11:37 AM
John,
Here is a link
Lightweight Access Point FAQ
http://www.cisco.com/en/US/products/hw/wireless/ps430/products_qanda_item09186a00806a4da3.shtml
Sent from my iPhone
11-15-2011 01:51 PM
We did query the fact with the company when they made the recommendation, however they reiterated their confirmation.
I'd trust Scott than the company you bought these ancient 1000 from.
Other than Scott, I know for a fact that an ASA cannot control a WAP. However, an ASA can BLOCK ports used to send packets to-and-from the WAP. That's as far as the ASA can do to "control" a WAP.
11-15-2011 02:10 PM
Hi Scott/Leolaohoo
Thanks for your responses and time.
You've confirmed what I suspected.
There are various companies involved in the project and we are working alongside the company in question. This information doesn't make anybody look good, so I wanted to make sure I was 100% sure of myself.
John
11-15-2011 02:12 PM
I think they just got confused with the model number… 550X. Not cheap especially if you have a lot of AP’s,
11-15-2011 02:27 PM
This information doesn't make anybody look good, so I wanted to make sure I was 100% sure of myself.
It'll make you look good!
There are various companies involved in the project and we are working alongside the company in question.
There's a high chance that you might get "ripped off" if you don't get the final design "vetted" by an independent party. Happened to us. We have a AU$5M project for wireless and some whack-job told us to use 3502e INSIDE THE HOSPITAL. This project is in Australia and one of the reasons why they recommended external antennas is because "it's a standard in America". I re-read that line before breaking out in laughter. The choice for 3502e vs 3502i was >AU$500K in materials. So we didn't understand how a multi-billion dollar system integrator was trying is darn best to get us to go down this route.
We weren't suppose to see the design. Someone made the mistake of forwarding the design document to us and we just pulled the hand brakes.
11-15-2011 03:15 PM
Leo,
I will say there are some engineers in Cisco that believe in shaping the signal and as such will deploy external antennas. This doesn't mean 100% external antennas, but a reasonable mix.
11-15-2011 05:22 PM
This doesn't mean 100% external antennas, but a reasonable mix.
This one did. 100% Cisco 3502e. All 680 units of it.
11-16-2011 05:46 AM
Hi John,
Just to add a wee note to the great info from our friends Scott, Leo
and George here (+5 each guys)
The 1000 series of Cisco AP's were only supported on the WLC 4400
series up to release 4.2.207.0 which was quite a long time before the 5500
series of WLC's was released. The 4400 series and the old 1000 series
AP's are both EoL so you are likely looking at a total revamp of your wireless
infrastructure at this point. We are going through the same process right now
moving to Clean Air on the 5500's and it's been a very worthwhile change.
http://www.cisco.com/en/US/products/ps10315/prod_release_notes_list.html
Cheers!
Rob
11-16-2011 06:14 AM
Once again, thanks to all you guys.
Rob, thanks for that last bit of information, that will be very useful. I guess that the 5508 won't be backwards compatible to the 1000 Series but I'll double check that on the Cisco site. The client inherited the wireless access points when moving into a new office, so won't have a budget to buy new wireless access points. As I mentioned in an earlier post, unfortunately the situation is not going to make people happy though obviously needs to be worked through.
I have informed the parties concerned about the ASA firewall not being a correct recommendation, so we'll see what happens!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide