Friday, October 14, 2011

I like the Cisco AP541N WAPs

So I've been resisting giving wireless access to my internal network for a long while.  But over time the security options on wireless equipment have gotten better and frankly the cable clutter in the conference rooms has started resembling a brier patch. So I went to go look for a wireless router that could not only handle multiple VLANs but would also provide strong security and integrate my user's Active Directory accounts.  Enter in the Cisco AP541N which can emulate up to 15 virtual APs, each can be configured with unique authentication options, VLAN tagging, and supports redirection to a URL.  And it had good clustering support to boot which was a nice plus along with POE support to simplify deployment and it comes in just under $400.

For my secure network I set the VAP to use RADIUS auth to my win2k8 r2 domain controllers that were set up using NPS.  Good setup article here:

Accessing the VAP is a breeze as the user just has to click connect on their domain joined laptops and their credentials are automatically passed through without any end user configuration.   Nice video at:

Now the only thing that I didn't like when I configured it was that the admin password was limited to only 8 alphanumeric characters.  Fortunately if that's an issue you can just configure the whole WAP to use 802.1x to authenticate the admin account.  I also ran into an issue where the auto-configured settings that the cluster feature set up had an authentication problem but all I had to do to fix that was just re-enter the RADIUS password again and it went away.


Liscio said...

i'm really enthusiast of this AP, too... but i have some issues with POE injection... can you tell me exactly what device are you using to supply power on poe?

Thank you


Gnawgnu said...

Sure, currently I'm using a Cisco SG200-08P unit to handle the POE to the AP units. Current stats: 7800mW Power consumption per AP, 167mA Current, and 47V Volts. The switch can do up to 16200mW on each of the 4 POE ports so there's plenty to spare.

Liscio said...

Thank you for the quick reply...
Well, currently i've bought a POE injector, 'cause i've just a couple of AP by now, and didn't want to change my 24port switch...
The injector is a "Digicom", and it respects the IEEE standards and power requirements, requested by the AP... if i try to supply power with the injector, the AP power up, but loses the LAN signal.
CISCO say they don't have an injector "certified" for this AP, so i don't know what do do..

Gnawgnu said...

I tried out a similar one but D-Link brand injector a while back but I never could get it to work right. It was misleading in that at the device side you have to split off power so it wasn't actually injecting through the LAN cable; rather it was meant to output to a power cable and go into the power plug of the device. I also didn't want to change my switch out so I just dropped in the 8 port between the APs and my network. The extra hop doesn't really hurt it and it had full vlan support built in so the configurations worked fine. The model I use is only $220 but if you don't need a managed switch the SD208 is around $110 at

Gnawgnu said...

My bad, SD208P was the full model number.

Liscio said...

Many thanks for your reply... you have been so helpful!!
I've just ordered the managed one... i'll do the same as you, and append the POE switch between the main switch and the AP.

Thank you again!