Wireless LAN Logical design

Cisco Wireless LAN Controller
Cisco wireless LANs and networks
Network design
Network planning
Network Technology
Network Topology
Wireless Access Points
Wireless networking
• Three main groups: Sales, Production and Engineering. Each group has 60 users in each group. • The standard network card is a Cisco Aironet 350, and the access point selected is a Cisco Aironet 1200. • The Sales and Production departments should not be able to access the Web server on any access points, but Engineering can. • The Sales department should not be able to ping any of the network, while the Production department can ping for the access point, while the Engineering department can ping any part of the network. • The Engineering department should be able to access SNMP information on the access point and the router, but no other device. Sales and Production should not be able to access any SNMP information. • The department servers are located at: (for the Sales department); (for the Production department); and (for the Engineering department). Access should be barred to the server which is not defined for the department. There is also a public access server at • External WWW access should only be allowed for the Sales department. • An email server is located at It supports most of the commonly used email protocols. Every user should be able to access it. • The organization has external access to a single router which has an external IP address of, and has at least three ports (but more can be added, as required). • Users in Engineering should be allowed to log into any access points, in a secure way. The span of network is similar to a university campus. It would be very kind of you guys if any of you could help me. I would be more than happy if you want to charge me for your services as well. Thanks

Software/Hardware used:
cisco aironet 1200, cisco aironet 350

Answer Wiki

Thanks. We'll let you know when a new response is added.

1. What are the security requirements and access methodologies – you have routing defined, but no access control information. How are the machines defined? By MAC (not very secure), USERID, Certificate, TwoFactor authentication (RSA or Token) etc? What RADIUS server product are you using and where is it located?

2. What/Where is the router in all of this? Are the WAPs setup “outside” the corporate LAN, or on the same network? The same network is not advised as wireless is inherently less secure than the wired network as the physical layer is radio. Standard security practice is to configure your WAPs on their own separate network and use firewall rules/VPN to allow access to specific required resources.

I would setup a Wireless Network either VLAN or separate hardware and use certificates to authenticate the users to their correct wireless VLAN, then create VIPs for each corporate resource and allow traffic based on source IP address. That should be a nice balance between security and ease of use.

Discuss This Question: 2  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Gabe9527
    I would advise that you should contact a solutions provider to go through this with you. There are going to be more issues than you have put here like security / Signal strength / Bouce / Noise / planning / placement of AP's. I am not sure where you are based, otherwise I may be able to help there. But I am sure the Cisco vender you use could help.
    11,095 pointsBadges:
  • Jonigooner1
    @ gabe... mate i m in london and basically i need a logical design using three layer model . and this is pure for acdemic purposes , i have done some work but stuck in advance stages , all three depsrtments clients are connecting with three access points and then these APs are connecting with switchies via ethernet cable . blah blah
    15 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: