Currently the 6504 that houses our WiSM blades are behind the same ASA interface as the wired network.
It was placed there because all the AP's are in H-REAP mode, and user traffic doesn't go through the WiSM's.
We're adding more AP's that will run local mode, and I'm thinking it's best to move the WiSM's to a different firewall interface, even though we run WPA2 w/ AES, which is very secure.
I'm a little hesitant because moving the WiSM's means there will be an outage for all the remote sites that sit on those WLC's, and I need to find out exactly which ports need to be allowed through the firewall for LWAPP/CAPWAP to work properly.
Thoughts or suggestions?
It was placed there because all the AP's are in H-REAP mode, and user traffic doesn't go through the WiSM's.
We're adding more AP's that will run local mode, and I'm thinking it's best to move the WiSM's to a different firewall interface, even though we run WPA2 w/ AES, which is very secure.
I'm a little hesitant because moving the WiSM's means there will be an outage for all the remote sites that sit on those WLC's, and I need to find out exactly which ports need to be allowed through the firewall for LWAPP/CAPWAP to work properly.
Thoughts or suggestions?
