Filter
Top Products
2-5
Configuration Guide for Cisco Secure ACS 4.2
OL-14390-02
Chapter 2 Deploy the Access Control Servers
Determining the Deployment Architecture
Figure 2-3 ACS in a Geographically Dispersed LAN
Wireless Access Topology
A wireless access point (AP), such as the Cisco Aironet series, provides a bridged connection for mobile
end-user clients into the LAN. Authentication is absolutely necessary, due to the ease of access to the
AP. Encryption is also necessary because of the ease of eavesdropping on communications.
Scaling can be a serious issue in the wireless network. The mobility factor of the WLAN requires
considerations similar to those given to the dial-up network. Unlike the wired LAN, however, you can
more readily expand the WLAN. Though WLAN technology does have physical limits as to the number
of users who can connect via an AP, the number of APs can grow quickly. As with the dial-up network,
you can structure your WLAN to allow full access for all users, or provide restricted access to different
subnets among sites, buildings, floors, or rooms. This capability raises a unique issue with the WLAN:
the ability of a user to roam among APs.
Simple WLAN
A single AP might be installed in a simple WLAN (Figure 2-4). Because only one AP is present, the
primary issue is security. An environment such as this generally contains a small user base and few
network devices. Providing AAA services to the other devices on the network does not cause any
significant additional load on the ACS.
Switch 1
Switch 3
Region 1
Region 3
T1
T1 T1
Firewall
ACS 1
158313
Switch 1
ACS 3
Region 2
Firewall
ACS 2
Firewall