When you design your WLAN, you must determine how it will fit in with your existing, wired LAN. This is an issue both of technology and your organization's policies. Security PlanningFirst, you must establish a security plan, and then determine how to connect the APs into your existing LAN switches, with special attention paid to IP address management and application roaming. Security plans must address:
Your LAN's construction and its capabilities largely determine how you connect your WLAN to the existing LAN. Virtual LANsIf your switches are powerful enough and have the bandwidth to spare, you might establish a virtual LAN (VLAN) for wireless users. You can establish a VLAN to handle address assignment and establish security policies for wireless users. For example, at a school, you might assign students to a VLAN with restricted access to the network, although faculty and staff would be on a VLAN with more privileges and access. The best part of a VLAN solution, however, is that it improves one of the toughest parts of WLAN design: how to manage roaming users. For the most part, clients should be able to move between subnets with little or no interruption. However, if disconnects are encountered, the problem can be fixed if clients restart their machines (if they've turned them off to move from one building to the next, for example) or renew their DHCP leases. Using Cisco Equipment with Third-Party VendorsIf you use a pure Cisco environment, problems with connectivity and interoperability are rare, if ever. However, the risk increases as you consider working in a mixed environment. That is, if you use different equipment from different vendors. If you use equipment from different vendors, standards come into play. Always check equipment before you buy it to ensure that it is compatible with your other gear. Even though a piece of equipment advertises itself as being a wireless device, with the huge popularity in wireless networking in recent years, companies have been eager to produce their products ahead of standardized protocols. Rather than wait for the protocols to develop, many vendors create their own proprietary protocols that simply don't work with other vendors' equipment. One way you can avoid this problem and ensure equipment is compatible with your Cisco equipment is to buy third-party products that have been approved as part of the Cisco Compatible Extensions (CCX) program. As mentioned in Chapter 1, "Cisco Wireless Equipment," this program allows vendors to develop their own equipment, ensure compatibility with Cisco equipment, and be certified as such. Testing is performed by an independent party to ensure that it's impartial. Integration ChecklistWhen you design your WLAN, consider the following points:
|