05-31-2013 08:06 AM - edited 07-04-2021 12:09 AM
We have a site that would like to have controlled wireless guest access.
Approximately 15 access points would be required at site and they have an ADSL2 broadband connection that
also requires a router.
I have looked at the 800 series ISR with adsl ports and wireless features but I'm not sure if these can
be used to manage the access points or act as a single access point only.
I've also looked at the 2500 series WLC or the new 3750 integrated POE/Wireless LAN controllers and
am confused to the best route.
I am looking for the best design/options for this site, any suggestions appreciated.
Sam
05-31-2013 09:19 AM
Your best bet will be either a solution based on the 2504 WLC, or the 3850 (which is both switch and WLC in one). In addition you'll need a FW, APs, Content Filters, DNS Names, SSL Certs, etc. If you're particularly concerned about security you may also want to look at using a pair of WLCs, one either side of a FW which allows you to tunnel Guest Users out to a DMZ and thus keeping them away from your LAN.
Unfortunately the ISR 800's you've found can only be an AP, they can't also be a WLC.
Rather than me typing about 500 lines of Cisco WLAN architecture chat on here, your best bet is to call a Cisco partner and they'll knock out a kit list and a rough design for you in no time. Failing that, check out the Enterprise Mobilty Design Guide.
05-31-2013 10:07 AM
Sam
here is couple of way to do this...
You could use the Cisco 2500 Series or if you have a VM enviroment inthat site use the WLC VM version
On the wireless AP any Third Generation Cisco WAP will give you all the features that you will need to maximize your investment.... now depends on your budget....
For Switch depends on your budget... but I will recommend to go with a switch capable of doing IOS Rel 15, CoA, DACL as minimum just in case you go in the future with Cisco ISE (identity Service Engine that could be on the VM also) as well in the Future for a MSE (Mobility Service Engine), just in case you also want to do Cisco Connected Mobility Experience (CME/CMX)
There is some promotions going on at this time thru you Cisco sales team or a Cisco Partner
Thank you,
Manuel Baez
Sales Eng
Need help ? call Sales Acceleration Center(SAC) at Toll Free (USA) :1-800-225-0905 International +1-408-902-4872 or send email to sac-support@cisco.com or Live Chat: http://tinyurl.com/sacucs
05-31-2013 05:22 PM
I have looked at the 800 series ISR with adsl ports and wireless features but I'm not sure if these can be used to manage the access points or act as a single access point only.
You don't look at the model of the router and match with your WAN speed. You need to look at your WAN speed and match with the router you need.
There are currently three models of the venerable 800-series routers being sold by Cisco (alot more if being sold by Cisco Refurbished Equipment), and they are the 860, 880 and the 890. The bad thing about these models are there are alot of "sub-models" to choose from.
Next, you specifically say DSL connection. So that lowers your choice a bit. But wait ... Before you go and say, Eureka, I want THAT model, take the following information to considerations:
1. 860 - supports up to two (2) VLANs. Four Layer 2 ports, PoE optional. WAN speed rated at 12.80 Mbps (half duplex and no encryption).
** NOTE: WAN speed can also be interpreted into full duplex OR with encryption if you half the rated WAN speed.
** NOTE: WAN speed can also be interpreted into full duplex AND full encryption if you factor by four (4) the rated WAN speed.
2. 880 - supports up to eight (8) VLANs. Four Layer 2 ports, PoE optional. WAN speed rated at 25.60 Mbps (half duplex and no encryption).
3. 890 - supports up to forteen (14) VLANs. Eight Layer 2 ports, four PoE optional ports. WAN speed rated at 51.20 Mbps (half duplex and no encryption).
860W and 880W comes equipped with 802.11 b/g AP, however, the antennas for the 880W is fixed. You will not be able to replace the antennas. The 890W is the only model that has an 802.11 a/b/g/n AP.
** NOTE: If your WAN speed is higher, then you need to look at other models. Let us know and we'll be happy to help.
Ok, the planning ...
I am not a big believer in getting a router with a built-in AP. The main reason is the potential location where the router is going to sit. If it's going to sit inside a metal cabinet and in the far (or remote) corner of the premises, then it is a fine waste of good money.
If you have 15 APs, then investing in a WLC like the 2504 or a beefier 5508 is a good investment of money. Investing in a vWLC, however, is something you'd want to avoid because the chances of your VMware's specs might become "useless" if you upgrade to future versions. Take the case of CPI 1.2 and CPI 2.0.
There are several ways of doing Guest access. One of the easiest is using AD. You can get someone to create a script or a database to be used by the receptionist to create temporary guest access. The WLC has a feature called Lobby Administrator and this is another feature too.
06-05-2013 04:37 AM
A big thanks for all the advice.
I have gone with 1600i for the AP's. Daisy chaining 2960 poe switches off the existing switching lan.
For the WLC i'm going to try the 3850 as it was the best buy for POE + WLC.
I will go with the 896 Router for ADSL connectivity and will need to secure the device to
keep management vlan off the Public vlan.
Thanks
Sam
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide