Question

Alternatives to Sites configuration


Hello, gentlemen!

We are trying to compete on a big wireless project here in Brazil, (against Aruba and Cisco) where the customer needs local resilience on more than 350 diferent remote locations.

"Sites" wouldn't be an option since he doesn't want to provide 350 radius servers and also only B@AP with wep, wpa and wpa2 seems to be too humble since he wants a voice solution running on the locations with full availability.

What would you recommend?

Any suggestion are very welcome.

Thank you !

Leandro - EXT Brazil

8 replies

Userlevel 7
I think the design of the wireless network will result from the answer to the following 2 questions...

1) where is the PBX, is there one in every remote location or a big one in the HQ
2) what encryption/authentication should the VoWLAN phones use
1- Yes, one on every remote location.

2 - They will probably use AES with MAC authentication or 802.1x (not decided yet)
Userlevel 7
In that case bridge@AP would be the best topology for such scenario as the traffic will stay local in the remote site and isn't transported back to the controller.

Still the problem with central authentication for i.e. 802.1X persists and there is not much you'd do about it if you don't plan to have one RADIUS/AD in every remote location.
But I also don't see how the other competitors could solve it as the C. controller works about the same as the Extreme with the site feature.

So either the customer likes to have central authentication and it's OK that the clients can't connect during an WAN outage or he'd need to use PSK encryption without central authentication.
Yeah, the problem is C. has something called Flexconnect where they can reply Radius/AD or part of it straight to the APs.
Userlevel 7
I've just read thru the "Enterprise Mobility 7.3 Design Guide" of C and as far as I unterstand flexconnect supports only local auth on the AP for LEAP (which is unsecure/broken) and EAP-FASTwith a max of 100users in the local database.

For 802.1X they also need an external RADIUS/ACS in the remote location.

So I don't see a major advantage as no one will use LEAP in 2014 and I don't think that there are a lot of network admins out there that even know what EAP -FAST is and how it work 🙂
Thank you very much Ron, it will help if we have a chance to explain the technologies. Cheers!
How many "sites" can we configure at the WC ?
Userlevel 7
here the matrix....

Reply