Emory Network Communications Building a Secure & Scaleable Wireless LAN Infrastructure Stan Brooks CWNA, CWSP Emory Network Communications [email protected]AIM-Y!-MSN: WLANstan Copyright Stan Brooks 2007. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the
28
Embed
Emory Network Communications Building a Secure & Scaleable Wireless LAN Infrastructure Stan Brooks CWNA, CWSP Emory Network Communications [email protected].
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
EmoryNetwork Communications
Building aSecure & Scaleable
Wireless LANInfrastructure
Stan Brooks CWNA, CWSPEmory Network Communications
Copyright Stan Brooks 2007. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate
otherwise or to republish requires written permission from the author.
About Emory Emory’s Wireless Network Today & Yesterday The “New” WLAN: What We Chose – and Why How We Deployed the Architecture Network Usage Tips, Tricks, Traps, & Best Practices
Aruba WLAN Switch/Controller-based Implementation The AP attaches to network infrastructure and gets its configuration from the Aruba
WLAN switch/controller The AP builds tunnel to the Aruba WLAN switch/controller An Authenticated user associates to AP; all traffic is tunneled to controller where it is
scrutinized and passed or blocked to various destinations including the Internet A Guest user associates to AP; all traffic is tunneled to controller, scrutinized and
forwarded to the Internet as policy dictates Using a centralized controller gives a single point of ingress and control for wireless
traffic on Emory’s network
Authenticated UserSSID: EmoryUnplugged
Emory’s Internal Network
Aruba WLAN Switch/Controllerw/ Built in Firewall and Per User Access Control
Initial deployment of 39 APs in the Law School (03/05)
Additional deployments from 04/05 to 09/05: School of Public Health & some outdoor areas
Replaced ~75-100 legacy APs by 08/05
Move-In Weekend ’05 saw a push to get Wi-Fi in all residence buildings by start of Spring ’06 semester (~5 Months) ~460 APs deployed in 50+ buildings in less
than 5 months including surveys & designs
Also deployed Healthcare starting in 08/05 with large deployment summer of 2006
Currently (06/07): 500 APs in ResNet 500 APs covering the rest of campus 525 APs on Healthcare network 21 Aruba Controllers on both networks
Move-In Weekend 2006 was an eye-opener Turned off ResNet VPN & guest access to force users to WPA Implemented NetReg NAC on wireless and wired networks
Users flocked to wireless in droves Spring Semester ’06 ~835 peak simultaneous users Move-In Weekend ’06 ~1900+ peak simultaneous users
Incoming freshmen didn’t know (and didn’t want to know) what an Ethernet cable was
Wireless Footprint continues to grow Adding APs as departments and schools request them Adding controllers as APs increase (128 APs/controller)
Adding new functionality VoIP over Wi-Fi (VoFi) in the hospital and beyond Addressing “non-standard” applications Consolidated wireless networks: Now a unified system Considering merging Academic & Healthcare wireless systems
The Legacy Wireless Network – and its Problems The Decision Process – What Criteria We Used Our Chosen Architecture – Aruba How We Built Out the WLAN Network Growth We’ve Experienced What We Learned – Useful Tips & Tricks