Why this topology?
We are going to use Cisco Aeronet 1000 LAP. Based on theDatasheetwe found that if we use802.11a we would get a 14m range indoor at full speed but if we user 802.11g we get 27meters atfull speed indoor. We choose 802.11g and designed the network with a 25meters of range per access point. Because of roaming, we need at least 30% overlap between APs. But on the other hand wedon't want collisions on the access points, so we need at least two channels. In the diagram, the redrange is one channel (channel 1) and the green is the other (channel 12).
Concusion of design
We need 6 access points with omnidirectional antennas, placed as in the picture. Each access pointshould support about 30 users.
User separation
We would have tree groups:
•
guests
•
employees
•
VoIP PhonesSeparation between the groups will be made through
VLANs
. Each VLAN will be matched to a
SSID
.
Groups
Guests
They are not vital and should have minimal access to the network (only Internet use). Theconnection should be easy to setup, so it needs to be
open
. The access control will be made throughACLs on the Firewall.
Employees
The people who work inside the company should have more access, but this access needs to be over a secure connection. On this connection we will use
WPA2
. The authentication will be madethrough
802.1x
based on data from a
RADIUS
server.
LEAP
will be used to authenticate.
VoIP Wireless Phones
The data on this network is very sensitive so it should be protected through
QoS
mechanisms. Itmust also be secured, but most phones don't support WPA2, so
WPA
will be used (phones withWPA2 support will be too expensive).
LEAP
will also be used here.
Hardware and protocols
The Access points will be Cisco Aeronet 1000 Lightweight Access Point (6 of them) because theyhave a very good coverage, have all needed protocols implemented and integrate in a Cisco builtnetwork.Each AP will broadcast all tree SSIDs (because of roaming) and the SSID will be matched to a broadcast domain (VLAN) and the data will be transmitted though trunks on the wired network.The Access Points will be controlled by a central device, a
Wireless LAN Controller
. The WLC
Leave a Comment