Wireless roaming best practice

Similar Messages

• Wireless Design - Best Practices for Data, Voice, and LBS

  Hi,
  I am currently in the process of designing a WLAN for a new hospital and I am getting some push back from my sales team.  The requirements of the WLAN are data, voice, and location based services (RFID for medical equipment) ... needs to be 2.4 GHz for Guest and some apps/clients but primarily 5 GHz for most of the clients ... lastly needs to be N compatible for future use.
  So, I did a predictive design with 1252's on the perimeter with 2.4 and 5 GHz patch antennas and 1142's in the middle to fill gaps ... I also scoped out 2 5508 for redundancy .... total design with -65 at my edges was 169.  However, this is getting push back because of several cost issues ....
  1. The bundle that Cisco offers for 5 100 AP license 5508 WLC is cheaper than buying 2 250 AP licenses WLC's ... which doesn't make any sense to me because I think 5 devices is over kill
  2. The sales engineer is concerned about the power issues with the 1252's ... customer would rather not use power injectors ... and although they would have 6500's at there core ... they would only have basic switches in their IDF's so I wasn't sure which POE Switches would be able to handle 1252 but cost was an issue there as well
  So, for my understanding when you are doing a WLAN design for LBS it's always best to have APs or antennas on the perimeter for better triangulation ... it makes more sense to me to do that with patch instead of Omni's ... however my sales engineer wants to use all 1142's ... so my question is what are the pro and cons behind using all Omni's or using Patch and Omni's?
  Furthermore, if anyone has any documentation supporting why I would not use all Omni's that would be great because all the articles I have read on LBS just state that placement of APs is critical but doesn't give no specifics on whether it's a good practice to place them on the perimeter using a specific type of antenna or what.
  Thanks in advance for you help and any ideas about this design!!!

  1.  The 5508 is expensive because it's alot faster than the 4400 plus there are some features exclusive to the 5508 such as OfficeExtend.  As the old network design adage goes:  Your design can be done correctly, cheap or fast.  Choose two.
  2.  The 1250 requires 19.5w of power to enable FULL MCS rates to both radios.  Only the 3560E, 3750E or the Sup720 is capable of supporting that.  Upgrading the IOS of the 1250 to 12.4(10b)JDA3 will allow the AP to operate both radios at 15.4w BUT at a lower MCS rates.  Correct placement of the AP and the correct use of the antennaes will also help in the signal distribution.
  3.  Patch antennaes are mostly directional.  The 1140 is onmi-directional BUT the signal strength is not as powrful as the 1250 at full power.  The AIR-ANT2451NV is an omni-directional patch designed for the 1250.
  Cisco Aironet Antennas and Accessories Reference Guide
  http://www.cisco.com/en/US/prod/collateral/wireless/ps7183/ps469/product_data_sheet09186a008008883b.html
  Cisco Aironet 2.4 GHz and 5 GHz Antennas and Accessories
  http://www.cisco.com/en/US/prod/collateral/wireless/ps7183/ps469/product_data_sheet09186a008022b11b.html
  Some of the new patch antennaes for the 1250
  Cisco Aironet Dual Band MIMO Low Profile Ceiling Mount Antenna (AIR-ANT2451NV-R)
  http://www.cisco.com/en/US/prod/collateral/wireless/ps7183/ps469/data_sheet_ant2451nv.pdf
  Cisco Aironet Very Short 5-GHz Omnidirectional Antenna (AIR-ANT5135SDW-R)
  http://www.cisco.com/en/US/prod/collateral/wireless/ps7183/ps469/data_sheet_ant5135sdw.pdf
  Cisco Aironet Very Short 2.4-GHz Omnidirectional Antenna (AIR-ANT2422SDW-R)
  http://www.cisco.com/en/US/prod/collateral/wireless/ps7183/ps469/data_sheet_ant2422sdw.pdf
  Cisco Aironet 5-dBi Diversity Omnidirectional Antenna (AIR-ANT2452V-R)
  http://www.cisco.com/en/US/prod/collateral/wireless/ps7183/ps469/data_sheet_ant2452v.pdf
  Cisco Aironet 5-GHz MIMO Wall-Mounted Omnidirectional Antenna (AIR-ANT5140NV-R)
  http://www.cisco.com/en/US/prod/collateral/wireless/ps7183/ps469/data_sheet_ant5140nv.pdf
  Cisco Aironet 5-GHz MIMO 6-dBi Patch Antenna (AIR-ANT5160NP-R)
  http://www.cisco.com/en/US/prod/collateral/wireless/ps7183/ps469/data_sheet_ant5160np.pdf
  Cisco Aironet 2.4-GHz MIMO Wall-Mounted Omnidirectional Antenna (AIR-ANT2450NV-R)
  http://www.cisco.com/en/US/prod/collateral/wireless/ps7183/ps469/data_sheet_ant2450nv.pdf
  Cisco Aironet 2.4-GHz MIMO 6-dBi Patch Antenna (AIR-ANT2460NP-R)
  http://www.cisco.com/en/US/prod/collateral/wireless/ps7183/ps469/data_sheet_ant2460np.pdf

• Best Practice for FlexConnect Wireless roaming in MediaNet environment?

  Hello!
  Current Cisco best practice recommendations for enterprise MediaNet design, specify that VLANs be local to a switch / switch stack (i.e., to limit the scope of spanning-tree). 
  In the wireless world, this causes problems if you want users while roaming to keep real-time applications up and running.  Every time they connect to a new AP on a different VLAN, then they will need to get a new IP address, which interrupts real-time apps. 
  So...best practice for LAN users causes real problems for wireless users.
  I thought I'd post here in case there's a best practice for implementing wireless roaming in a routed environment that we might have missed so far!
  We have a failover pair of FlexConnect 7510s, btw, configured for local switching for Internal users, and central switching with an anchor controller on the DMZ for Guest users.
  Thanks,
  Deb

  Thanks for your replies, Stephen and JSnyder.
  The situation here is that the original design engineer is no longer here, and the original design was not MediaNet-friendly, in that it had a very few /20 subnets bridged over entire large sites. 
  These several large sites (with a few hundred wireless users per site), are connected to an HQ location (where the 7510s in failover mode are installed) via 1G ethernet hand-offs (MPLS at the WAN provider).  The 7510s are new, and are replacing older contollers at the HQ location. 
  The internal employee wireless users use resources both local to their site, as well as centralized resources.  There are at least as many Guest wireless users per site as there are internal employee users, and the service to them consists of Internet traffic only.  (When moved to the 7510s, their traffic will continue to be centrally switched and carried to an anchor controller in the DMZ.) 
  (1) So, going local mode seems impractical due to the sheer number of users whose traffic bound for their local site would be traversing the WAN twice.  Too much bandwidth would be used.  So, that implies the need to use Flex / HREAP mode instead.
  (2) However, re-designing each site's IP environment for MediaNet would suggest to go routed to the closet.  However, this breaks seamless roaming for users....
  So, this conundrum is why I thought I'd post here, and see if there was some other cool / nifty solution I wasn't yet aware of. 
  The only other (possibly friendly to both needs) solution I'd thought of was to GRE tunnel a subnet from each closet to the collapsed Core / Disti switch at each site.  Unfortunately, GRE tunnels are not supported in the rev of IOS on the present equipment, and so it isn't possible to try this idea.
  Another "blue sky" idea I had (not for this customer, but possibly elsewhere in the future), is to use LAN switches such as 3850s that have WLC functionality built-in.  I haven't yet worked with the WLC s/w available on those, but I was thinking it looks like they could be put into a mobility group, and L3 user roaming between them might then work.  Do you happen to know if this might be a workable solution to the overall big-picture problem? 
  Thanks again for taking the time and trouble to reply!
  Deb

• Best practice architecture Wireless security

  What is the best practice architecture for wireless to the wire network?
  Use AP to Firewall and it to a router using RADIUS?
  It apply to Control is a safety?
  What models Cisco recomend (Hard and Soft?)
  Is any place in Cisco that I can use to see Architecture recomendations that integrete Wireless, Radio (Microwave) and Voice over IP com-plete system?

  using one of the 802.1x types (i.e. LEAP, EAP-FAST, PEAP) with WPAv2 (AES encryption). Too bad that there are not many wireless adapters support AES.
  All Cisco wireless product support AES in 12.3(2)JA recently.
  Also, you may want to configure WDS for radio management.

• Best Practice for Roaming Profiles over Branch Offices

  Hello Everybody,
  I was hoping I could gain advice from experienced engineers on an issue me and my team are currently experiencing.
  The issue:
  We have a client that has their main office in London and this company has other remote offices over the world, Paris, Milan, Luxembourg etc.. Each remote office has a local DC&file server installed as two separate servers or both roles on the same
  server. Everything is central to London, all the main file shares that the company uses is based in London and the terminal server's are based in London too.
  We have DFS-R & N set up on the London File servers to replicate the dfs shares over the remote offices which works fine and we don't generally ever have any issues with this and works well when user's in remote offices access file shares from
  London.
  However and I didn't set this up but this client also has DFS-R & N set up for roaming profiles!!! The issue we are having here is only with the terminal servers. For example I will log in as one of the users from London on the terminal server and will
  load the profile fine, I will log that user off and log in as the admin and remove the profile through advanced system settings. I will then log back on as that same user and will be given a temporary profile, I repeat the first step and the profile loads
  fine, so every other log on will load the user with a temporary profile. I know this is the case because for that user, if I change the profile path in AD from
  \\xxxx.com\public to
  \\lon-fs3v\profiles$\user it then loads every time with no issues. Before anyone asks I have rebuilt the terminal server(s) to rule out if they were misconfigured. You may ask why not do that for everyone? We can't do that for people based in Milan otherwise
  their profile will forever take time to load and that's where the dfs replication comes into play for the profiles.
  Unfortunately they are a very stubborn client so some users (important people) have very large profiles which sometimes takes a while to load up.
  I have done some reading already on the web and have seen the unsupported scenario from Microsoft regarding this (
  https://support.microsoft.com/en-gb/kb/2533009 )  so unsure the best way to do it. The link I've put in does say you can have issues with the profiles loading (which we do) if there are too many
  connections which we have 10 to replicate profiles around the remote offices.
  I have done some reading into the hostedbranch cache method but not sure if you can do this with roaming profiles or not?
  We generally want to eliminate the issue for users when logging on remotely with getting a temp profile every other log on attempt. I must add though this issue never occurs on the workstations just the terminal server, our client is in the private equity
  market so one user may just spend one day in a remote office and then come back to London to carry on as they normally would.
  So that's the background to the issue and I was generally trying to work out what methods or if this is possible with the branch cached method for roaming profiles ?
  Thank you to anyone who replies.
  Best,
  Liam

  Hi UC3ngineer,
  Agree with Luca.
  If the branch users need to do lot of conferencing, the best practice is to deploy an new Front End Pool and an Edge Server in Branch Office; Otherwise you must have a 100%
  reliable WAN connection to your central site.
  Best regards,
  Eric
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Best practice of Wireless settings E4200

  I Have a Linksys E4200 router and would like to know what the best practice is for the Wireless settings?
  My settings are currently:
  This is good or should I change something, for example difference Network name for both or channel ?
  Please somebody help/advise me.

  Optimal settings. And also be sure to give the network's 2 different names. Example. HomeNetwork and HomeNetwork5G 2.4GHz Mixed: If you have mixed devices. If not. G or N. Channel Width: 20MHz Channel: 1,6 or 11. 5GHz N only. Channel Width: 40MHz Channel: Does not matter on the 5GHz band.

• Swtich with 2 wireless routers (configuration for best practice/advice?)

  HI folks,
  I have a gigabit switch, and 2 wireless G routers.  I'll leave the model numbers out as it's fairly irrelevant - all linksys.
  Router 1 is used as a router only (due to location in basement)
  Router 2 is used for wireless only
  My current network setup:
  DSL MODEM (accessed on 192.168.2.1 - can not be changed) > Router 1(192.168.1.1)
  Router 1 > Switch (i believe it can't be changed 192.168.2.12 - no webgui)
  Switch > everything else including Router 2
  Everything works except Router 2 - can't connect to it wired or wirelessly until connected directly to a pc.
  Is my setup wrong
  and/or is there a best practice?
  Many thanks!!!

  What is the model number of the switch?
  Normally a switch that cannot be changed does not have an IP address.  So if your switch has an address (you said it was 192.168.2.12)  I would assume that it can be changed and that it must support either a gui or have some way to set or reset the switch.
  Since Router1 is using the 192.168.1.x  subnet , then the switch would need to have a 192.168.1.x  address (assuming that it even has an IP address), otherwise Router1 will not be able to access the switch.
  I would suggest that initially, you setup your two routers without the switch, and make sure they are working properly, then add the switch.  Normally you should not need to change any settings in your routers when you add the switch.
  To setup your two routers, see my post at this URL:
  http://forums.linksys.com/linksys/board/message?board.id=Wireless_Routers&message.id=108928
  Message Edited by toomanydonuts on 04-07-2009 02:39 AM

• Wireless authentication network design questions... best practices... etc...

  Working on a wireless deployment for a client... wanted to get updated on what the latest best practices are for enterprise wireless.
  Right now, I've got the corporate SSID integeatred with AD authentication on the back end via RADIUS.
  Would like to implement certificates in addition to the user based authentcation so we have some level of dual factor authentcation.
  If a machine is lost, I don't want a certificate to allow an unauthorized user access to a wireless network.  I also don't want poorly managed AD credentials (written on a sticky note, for example) opening up the network to an unathorized user either... is it possible to do an AND condition, so that both are required to get access to a wireless network?

  There really isn't a true two factor authentication you can just do with radius unless its ISE and your doing EAP Chaining.  One way that is a workaround and works with ACS or ISE is to use "Was machine authenticated".  This again only works for Domain Computers.  How Microsoft works:) is you have a setting for user or computer... this does not mean user AND computer.  So when a windows machine boots up, it will sen its system name first and then the user credentials.  System name or machine authentication only happens once and that is during the boot up.  User happens every time there is a full authentication that has to happen.
  Check out these threads and it explains it pretty well.
  https://supportforums.cisco.com/message/3525085#3525085
  https://supportforums.cisco.com/thread/2166573
  Thanks,
  Scott
  Help out other by using the rating system and marking answered questions as "Answered"

• Wireless best practices

  Are there a set of best practices that one could use for deployment of Cisco APs or any general AP?
  Let me know.
  Thanks,
  Ohamien

  Are you trying to setup a Wireless LAN network. If this is a new installation the first best practice that you need to follow is to do a site survey. For more information on site survey read http://www.cisco.com/en/US/tech/tk722/tk809/technologies_q_and_a_item09186a00805e9a96.shtml

• Best practice for Wireless ap vlan

  Is there a best practice for grouping lightweight access points in one vlan or allowing them to be spread across several ??

  Whether you have multiple sites or not, it's good practice to put your APs in a separate and dedicated VLAN. 
  If your sites are routed sites, then you can re-use the same VLAN numbers but make sure they are on separate subnets and/or VRF instance.

• Best practices in wireless configuration?

  Hi,
  Is there a best practice document that shows 3500 AP with 5508 controllers? The questions I have are below.
  1. Do I configure each AP to non overlapping neighbor channels(1,6,11 for 2.4GHz) or leave that to controller to decide? Does controller change the channel of an AP when it sees congestion on a specific frequency?
  2. For 5 GHz is it good idea to bond the channels? What frequency to use for neighboring APs? OR again, leave it to controller to shift as needed?
  3. For security what's best practices? 802.1x or different?
  Thanks,
  Sm

  1. Do I configure each AP to non overlapping neighbor channels(1,6,11 for 2.4GHz) or leave that to controller to decide?
  Let the controller(s) decide.  By default the Dynamic Channel Assignment (DCA) verifies the channel for interferrence every 600 seconds.  Because you have 3500 then make sure you enable Event Driven RRM (Radio Resource Management) on both channels.
  Does controller change the channel of an AP when it sees congestion on a specific frequency?
  The controllers will not change the channel when it sees congestion.  The controller will change the channel if it sees interference on the same channel.  The CleanAir will change the channel when it sees interference from non-AP interference like Bluetooth, Microwave ovens, cordless phones, etc.
  2. For 5 GHz is it good idea to bond the channels?
  Sure.
  What frequency to use for neighboring APs? OR again, leave it to controller to shift as needed?
  Leave this option in default.
  3. For security what's best practices? 802.1x or different?Sure.

• Printing best practices

  I've been asking a bunch of questions recently on TS printing and realize that I should just start from scratch. Since I'm not sure what best practices are for this environment, I would like to get everyone's opinion. 
  This environment:
  20 Server 2008 R2 TS' and approximately 200 fat clients (mixed XP and 7). Currently, all network printers are installed on each TS individually (not shared). We also have about 10 USB printers that redirect. Our network printers are set up on 5 different local
  servers since we have multiple locations. We print both from local desktops and terminal servers.
  What we need is for all network printers to be on each server like they are currently but I'd like to eliminate the need to manage each one on each and every server whenever there is a change. Our current environment was set up by previous IT personnel and
  I'm not sure if it's optimal
  I understand there are multiple ways to deploy printers but I don't know what is best for our environment. I've tried Print Management but I need to be able to set preferences. I've tried GPP in Computer Configuration but it doesn't seem to work (possibly because
  of the current set up). I would like to know how others would manage the printers in this environment, even if I need to delete everything and start over. I am also inexperienced with servers and group policy so I will ask follow up questions to most responses.
  Sorry in advance!
  Edit:To be more clear about my scope of knowledge- I know where the Active Directory and Group Policy Management reside. I have modified existing group policies
  but not made new ones. Since all of our changes always apply to all users/terminal servers/roaming profiles, I've never needed to create OU's or use any kind of item-level targeting so I am not familiar with those.
  Also, I would greatly appreciate not being redirected to another site/forum for answers. I've read hundreds
  and am getting mixed responses since I'm not sure what is appropriate for this particular environment. That and because I need layman's terms :) Thank you!

  Hey Lynnette
  I read through some of the other questions you were asking. 
  Deployed Printers from Print Management is only for adding printer connections, it's not for adding local printers and Deployed Printers does not support setting a default printer.
  Group Policy Preferences supports adding local printers and connections.  It can be used to set the default but not sure if that's for connections or local printers.
  If the end result is to have the same configuration of local printers on multiple machines, I suggest using \windows\system32\spool\tools\PrintBRM.exe to backup the local printers from your Primary machine, then restore to all the other targets. 
  You can create a scheduled task to perform the backup and restores.
  If you are looking to add printer connections in the "Computer" context (all users logging on will get the connection to the shared printer), you can achieve this using the local machine policy or using a domain policy that only applies to a specific
  set of computers.  But once again no default is set but it's fairly easy to set the default with printui.exe or prnmngr.vbs both included with the operating system.
  Alan Morris Windows Printing Team

• Best practices to share 4 printers on small network running Server 2008 R2 Standard (service pack 1)

  Hello, 
  I'm a new IT admin at a small company (10-12 PCs running Windows 7 or 8) which has 4 printers. I'd like to install the printers either connected to the server or as wireless printers (1 is old enough to require
  a USB connection to a PC, no network capability), such that every PC has access to each printer.
  Don't worry about the USB printer - I know it's not the best way to share a printer, but it's not a critical printer; I just want it available when its PC is on.
  I've read a lot about the best way to set up printers, including stuff about group policy and print server, but I am not a network administrator, and I don't really understand any of it. I'd just like to install
  the drivers on the server or something, and then share them. Right now all the printers do something a little different: one is on a WSD port, two has a little "shared" icon, one has the icon but also a "network" icon... it's very confusing.
  Can anyone help me with a basic setup that I can do for each printer?
  p.s. they all have a reserved IP address.
  Thanks,
  Laura

  may need to set print server... maybe helpful.
  http://www.techiwarehouse.com/engine/9aa10a93/How-to-Share-Printer-in-Windows-Server-2008-R2
  http://blogs.technet.com/b/yongrhee/archive/2009/09/14/best-practices-on-deploying-a-microsoft-windows-server-2008-windows-server-2008-r2-print-server.aspx
  http://joeit.wordpress.com/2011/06/08/how-do-i-share-a-printer-from-ws2008-r2-to-x86-clients-or-all-printers-should-die-in-a-fire/
  Best,
  Howtodo

• Best practices for network design on WLC 2504 and 5508

  Dear all:
  I'm looking for some recommendations on WLC 2504 and 5508 about the the following:
  Maximum amount of AP per port
  The scenario when to use all ports in both WLC
  Maximum number of clients(users) per port
  Bandwidth comsumption of  management vs data in order to assign one port for management
  I've just found this:
  Cisco 5508 controllers have eight Gigabit Ethernet distribution system ports, through which the controller can manage multiple access points. The 5508-12, 5508-25, 5508-50, 5508-100, and 5508-250 models allow a total of 12, 25, 50, 100, or 250 access points to join the controller. Cisco 5508 controllers have no restrictions on the number of access points per port. However, Cisco recommends using link aggregation (LAG) or configuring dynamic AP-manager interfaces on each Gigabit Ethernet port to automatically balance the load. If more than 100 access points are connected to the 5500 series controller, make sure that more than one gigabit Ethernet interface is connected to the upstream switch.
  http://www.cisco.com/c/en/us/td/docs/wireless/controller/6-0/configuration/guide/Controller60CG/c60mint.html
  Thanks for your help.

  The 5508-12, 5508-25, 5508-50, 5508-100, and 5508-250 models allow a total of 12, 25, 50, 100, or 250 access points to join the controller.
  This is an old document.  5508 can now support up to 500 APs if you run firmware 7.X.  2504 can support up to 75 APs if you run firmware 7.4.X.
  I'm looking for some recommendations on WLC 2504 and 5508 about the the following:
  Best practice and recommendation is to LAG all ports so you will be able to form a link redundancy.  If one link goes down, you have other link to push traffic. 

• ASA 5505 Best Practice Guidance Requested

  I am hoping to tap into the vast wealth of knowledge on this board in order to gain some "best practice" guidance to assist me with the overall setup using the ASA 5505 for a small business client.  I'm fairly new to the ASA 5505 so any help would be most appreciated!
  My current client configuration is as follows:
  a) business internet service (cable) with a fixed IP address
  b) a Netgear N600 Wireless Dual Band router (currently setup as gateway and used for internet/WiFi access)
  c) a Cisco SG-500-28 switch
  d) one server running Windows Small Business Server 2011 Standard (primary Domain Controller)
       (This server is currently the DNS and DHCP server)
  e) one server running Windows Server 2008 R2 (secondary Domain Controller)
  f) approximately eight Windows 7 clients (connected via SG-500-28 switch)
  g) approximately six printers connected via internal network (connected via SG-500-28 switch)
  All the servers, clients, and printers are connected to the SG-500-28 switch.
  The ISP provides the cable modem for the internet service.
  The physical cable for internet is connected to the cable modem.
  From the cable modem, a CAT 6 ethernet cable is connected to the internet (WAN) port of the Netgear N600 router.
  A Cat 6 ethernet cable is connected from Port 1 of the local ethernet (LAN) port on the N600 router to the SG-500-28 switch.
  cable modem -> WAN router port
  LAN router port -> SG-500-28
  The ASA 5505 will be setup with an "LAN" (inside) interface and a "WAN" (outside) interface.  Port e0/0 on the ASA 5505 will be used for the outside interface and the remaining ports will be used for the inside interface.
  So my basic question is, given the information above of our setup, where should the ASA 5505 be "inserted" to maximize its performance?  Also, based on the answer to the previous question, can you provide some insight as to how the ethernet cables should be connected to achieve this?
  Another concern I have is what device will be used as the default gateway.  Currently, the Netgear N600 is set as the default gateway on both Windows servers.  In your recommended best practice solution, does the ASA 5505 become the default gateway or does the router remain the default gateway?
  And my final area of concern is with DHCP.  As I stated earlier, I am running DHCP on Windows Small Business Server 2011 Standard.  Most of the examples I have studied for the ASA 5505 utilize its DHCP functionality.  I also have done some research on the "dhcprelay server" command.  So I'm not quite sure which is the best way to go. First off, does the "dhcprelay server" even work with SBS 2011?  And secondly, if it does work, is the best practice to use the "dhcprelay" command or to let the ASA 5505 perform the DHCP server role?
  All input/guidance/suggestions with these issues would be greatly appreciated!  I want to implement the ASA 5505 firewall solution following "best practices" recommendations in order to maximize its functionality and minimize the time to implement.
  FYI, the information (from the "show version" command) for the ASA 5505 is shown below:
  Cisco Adaptive Security Appliance Software Version 8.4(7)
  Device Manager Version 7.1(5)100
  Compiled on Fri 30-Aug-13 19:48 by builders
  System image file is "disk0:/asa847-k8.bin"
  Config file at boot was "startup-config"
  ciscoasa up 2 days 9 hours
  Hardware:   ASA5505, 512 MB RAM, CPU Geode 500 MHz
  Internal ATA Compact Flash, 128MB
  BIOS Flash M50FW016 @ 0xfff00000, 2048KB
  Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
                               Boot microcode   : CN1000-MC-BOOT-2.00
                               SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
                               IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.06
                               Number of accelerators: 1
  0: Int: Internal-Data0/0    : address is a493.4c99.8c0b, irq 11
  1: Ext: Ethernet0/0         : address is a493.4c99.8c03, irq 255
  2: Ext: Ethernet0/1         : address is a493.4c99.8c04, irq 255
  3: Ext: Ethernet0/2         : address is a493.4c99.8c05, irq 255
  4: Ext: Ethernet0/3         : address is a493.4c99.8c06, irq 255
  5: Ext: Ethernet0/4         : address is a493.4c99.8c07, irq 255
  6: Ext: Ethernet0/5         : address is a493.4c99.8c08, irq 255
  7: Ext: Ethernet0/6         : address is a493.4c99.8c09, irq 255
  8: Ext: Ethernet0/7         : address is a493.4c99.8c0a, irq 255
  9: Int: Internal-Data0/1    : address is 0000.0003.0002, irq 255
  10: Int: Not used            : irq 255
  11: Int: Not used            : irq 255
  Licensed features for this platform:
  Maximum Physical Interfaces       : 8              perpetual
  VLANs                             : 3              DMZ Restricted
  Dual ISPs                         : Disabled       perpetual
  VLAN Trunk Ports                  : 0              perpetual
  Inside Hosts                      : 10             perpetual
  Failover                          : Disabled       perpetual
  VPN-DES                           : Enabled        perpetual
  VPN-3DES-AES                      : Enabled        perpetual
  AnyConnect Premium Peers          : 2              perpetual
  AnyConnect Essentials             : Disabled       perpetual
  Other VPN Peers                   : 10             perpetual
  Total VPN Peers                   : 12             perpetual
  Shared License                    : Disabled       perpetual
  AnyConnect for Mobile             : Disabled       perpetual
  AnyConnect for Cisco VPN Phone    : Disabled       perpetual
  Advanced Endpoint Assessment      : Disabled       perpetual
  UC Phone Proxy Sessions           : 2              perpetual
  Total UC Proxy Sessions           : 2              perpetual
  Botnet Traffic Filter             : Disabled       perpetual
  Intercompany Media Engine         : Disabled       perpetual
  This platform has a Base license.

  Hey Jon,
  Again, many thanks for the info!
  I guess I left that minor detail out concerning the Guest network.  I have a second Netgear router that I am using for Guest netowrk access.  It is plugged in to one of the LAN network ports on the first Netgear router.
  The second Netgear (Guest) router is setup on a different subnet and I am letting the router hand out IP addresses using DHCP.
  Basic setup is the 192.168.1.x is the internal network and 192.168.11.x is the Guest network.  As far as the SBS 2011 server, it knows nothing about the Guest network in terms of the DHCP addresses it hands out.
  Your assumption about the Guest network is correct, I only want to allow guest access to the internet and no access to anything internal.  I like your idea of using the restricted DMZ feature of the ASA for the Guest network.  (I don't know how to do it, but I like it!)  Perhaps you could share more of your knowledge on this?
  One final thing, the (internal) Netgear router setup does provide the option for a separate Guest network, however it all hinges on the router being the DHCP server.  This is what led me to the second (Guest) Netgear router because I wanted the (internal) Netgear router NOT to use DHCP.  Instead I wanted SBS 2011 to be the DHCP server.  That's what led to the idea of a second (Guest) router with DHCP enabled.
  The other factor in all this is SBS 2011.  Not sure what experience you've had with the Small Business Server OS's but they tend to get a little wonky if some of the server roles are disabled.  For instance, this is a small busines with a total of about 20 devices including servers, workstations and printers.  Early on I thought, "nah, I don't need this IPv6 stuff," so I found an article on how to disable it and did so.  The server performance almost immediately took a nose dive.  Rebooting the server went from a 5 minute process to a 20 minute process.  And this was after I followed the steps of an MSDN article on disabling IPv6 on SBS 2011!  Well, long story short, I enabled IPv6 again and the two preceeding issues cleared right up.  So, since SBS 2011 by "default" wants DHCP setup I want to try my best to accomodate it.  So, again, your opinion/experiece related to this is a tremendous help!
  Thanks!