Wireless LAN Logical design
Cisco, Cisco Wireless LAN Controller, Cisco wireless LANs and networks, Network design, Network planning, Network Technology, Network Topology, Wireless Access Points, Wireless networking
• Three main groups: Sales, Production and Engineering. Each group has 60 users in each group.
• The standard network card is a Cisco Aironet 350, and the access point selected is a Cisco Aironet 1200.
• The Sales and Production departments should not be able to access the Web server on any access points, but Engineering can.
• The Sales department should not be able to ping any of the network, while the Production department can ping for the access point, while the Engineering department can ping any part of the network.
• The Engineering department should be able to access SNMP information on the access point and the router, but no other device. Sales and Production should not be able to access any SNMP information.
• The department servers are located at: 10.0.0.1 (for the Sales department); 10.0.0.2 (for the Production department); and 10.0.0.3 (for the Engineering department). Access should be barred to the server which is not defined for the department. There is also a public access server at 10.0.0.5.
• External WWW access should only be allowed for the Sales department.
• An email server is located at 10.0.0.4. It supports most of the commonly used email protocols. Every user should be able to access it. • The organization has external access to a single router which has an external IP address of 172.16.1.1/24, and has at least three ports (but more can be added, as required).
• Users in Engineering should be allowed to log into any access points, in a secure way.
The span of network is similar to a university campus.
It would be very kind of you guys if any of you could help me. I would be more than happy if you want to charge me for your services as well. Thanks
Software/Hardware used:
cisco aironet 1200, cisco aironet 350
Software/Hardware used:
cisco aironet 1200, cisco aironet 350
ASKED:
December 23, 2009 10:30 AM
UPDATED:
September 11, 2012 5:00 PM
Answer Wiki:
1. What are the security requirements and access methodologies - you have routing defined, but no access control information. How are the machines defined? By MAC (not very secure), USERID, Certificate, TwoFactor authentication (RSA or Token) etc? What RADIUS server product are you using and where is it located?
2. What/Where is the router in all of this? Are the WAPs setup "outside" the corporate LAN, or on the same network? The same network is not advised as wireless is inherently less secure than the wired network as the physical layer is radio. Standard security practice is to configure your WAPs on their own separate network and use firewall rules/VPN to allow access to specific required resources.
I would setup a Wireless Network either VLAN or separate hardware and use certificates to authenticate the users to their correct wireless VLAN, then create VIPs for each corporate resource and allow traffic based on source IP address. That should be a nice balance between security and ease of use.
To see all answers submitted to the Answer Wiki: View Answer History.
I would advise that you should contact a solutions provider to go through this with you.
There are going to be more issues than you have put here like security / Signal strength / Bouce / Noise / planning / placement of AP’s.
I am not sure where you are based, otherwise I may be able to help there. But I am sure the Cisco vender you use could help.
@ gabe… mate i m in london and basically i need a logical design using three layer model . and this is pure for acdemic purposes , i have done some work but stuck in advance stages , all three depsrtments clients are connecting with three access points and then these APs are connecting with switchies via ethernet cable . blah blah