CWNP question of the month
Last Post: March 22, 2006:
-
WLANstan,
You are the man. You are one step closer to 802.11 heaven , with all them toys. Can I come out and play? Atlanta is starting to sound like the place all us CWNPs need to converge for a field trip.
Planet3Wireless , then Emory University... sounds like a pilgrimage. Just to get a taste of your wonderful World of Wireless would be the capstone to our certifications.
Aruba, hummmm, these catz are making strides in the Wireless space. I read most of the whitepapers and learn more each time I visit.
Your university either is highly supportive with resource$, or trust$ their CTO so much they are pushing Wireless ? That is plain SMART. I like that!
You are in the place where everybody knows your name.
"WLANstan"
Continued Success -
Hi WLANStan.
You explained things very well.
Hope Comphugters wish of comming to Emory come true.
Good to know that you have lot of toys to play with.
I also appreciate you open mindness to share your Experience
with others in this forum.
I have a few more Questions in mind. I have lots of question bcoz i never
had hands on with Wifi Switches/EWG. Hope CWNP does provide a
Feasible traning Classes for India too and also have some consideration
for CWNT,s in India bcoz we dont have a Chance to Attend CWNP traning sessions.
Ok down below are my questions.
1) I understand that you dont have a single point of Failure.
Do you run two cables from a AP directed towards two Different
Access controller to Prevent SPOF?
2) Does your APs support Bridginf for Outdoor?
3) Did you invest on a WIPS/WIDS or Happy with what Aruba does?
4) Did you Evaluate WIPS.Like to know your comment on WIPS?
5) How do you Manage all your 14 controllers from a Single Point?Any WNMS.?
6) Do you have a Public policies for all the 14 controlers /Private for each controller?
7) Does Location Tracking help u or it is just a Marketing Funda?
I think iam so greedy to ask you this many questions.
There is saying in Tamil[My local language] for this kind of Activity i will explain " Lets pull the moutain using a single hair,if we suceed the mountain is for us and if we lose it is just hair" .
The saying above is just for fun.
Thanks a Lot guys .
S.Senthilraj CWNA,CWAP,CWSP -
S,
I don't want to step on Stan's toes, but I can help you a bit.
Aruba APs do not require a direct connection to the controller. You plug the APs into any PoE switch and they build a GRE tunnel back to the nearest controller. Redundancy is achieved by having the APs mapped to a backup controller in case of failure.
Back in the "good" old days of APs that required a direct link to the controller, you would have to put multiple controllers in each wiring closet for redundancy. Now it is much easier.
You also had a question about WNMS with controllers. Again, I can't speak for Stan, but every environment I've been around that uses controllers (except one company that was using Cisco controllers in a test lab) also uses WNMS with them. Though controllers do give you some degree of tight integration with APs, if you have a large network WNMS is still necessary.
Stan,
If it isn't too much trouble, check back in with us on the board to let us know how your WLAN is working once it is fully rolled out. It sounds like you guys are just at the precipice of seeing widespread Wi-Fi use and I am curious to see how things work as more and more folks use your Wi-Fi network. -
There is saying in Tamil[My local language] for this kind of Activity i will explain " Lets pull the moutain using a single hair,if we suceed the mountain is for us and if we lose it is just hair" .
WirelessCWSP now (CWAP):
with that saying a trip to your location in India is more valuable to me!
Yes, WLANstan has shed light on some important issues with the wireless mobility management. It is fascinating. I look forward to his comments as well.
Ben Miller has opened up some issues that willl help facilitate this discussion so all will benefit. Thank you Ben.
Devinator is making us think. That is a GOOD thing! -
Ben ,
Thanks for clarifying a few points .You have actually helped out(Saved time) WLANstan answering questions.
I would still like him to comment on Location Tracking,WIPS and WNMS.
Best Regards,
S.Senthilraj -
Guys,
I wanted to comment that this is an outstanding thread. Keep up the great work!
Devinator -
Just wanted to add that we have tested and are using both the Trapeze and the new Cisco (Airepsace) Thin AP's and controllers and both have worked well. We even have AP's in a different geographical locations reporting back to a central switch (for smaller sites).
-
Gee whiz - I step away to get some work done for a day and I have lots of questions to answer here :-)
Ok, here goes...
compughter Escribi?3:
Your university either is highly supportive with resource$, or trust$ their CTO so much they are pushing Wireless ? That is plain SMART. I like that!
We got a new CTO at teh start of the school year last September. He got an earful from new students that EXPECTED(!) wireless everywhere, so his first move was to light up the residence halls & frats (450 APs installed in over 50 buildings in less than 4 months). We are a "destination university", you know... And Atlanta IS a happening wireless place :-D
WirelesswizardCWSP Escribi?3:
Ok down below are my questions.
1) I understand that you dont have a single point of Failure.
Do you run two cables from a AP directed towards two Different
Access controller to Prevent SPOF?
2) Does your APs support Bridginf for Outdoor?
3) Did you invest on a WIPS/WIDS or Happy with what Aruba does?
4) Did you Evaluate WIPS.Like to know your comment on WIPS?
5) How do you Manage all your 14 controllers from a Single Point?Any WNMS.?
6) Do you have a Public policies for all the 14 controlers /Private for each controller?
7) Does Location Tracking help u or it is just a Marketing Funda?
Answers:
1) We only run one cat5E/cat6 cable to the APs. Ben answered the redundancy part - the AP is configured to connect to a main or backup controller - all done with smoke, mirrors and GRE tunnels :-)
2) We are not doing mesh networks, but we do have a number of outdoor sites - Quads, athletic fields, the pool, etc. using APs with external patch or sector antennas. We are also using some point-to-point wireless for network extension where we do not have fiber - mostly off campus.
3 & 4) We have not invested in an additional WIDS/WIPS system, but do use the Aruba WIDS/WIPS funtionality for casual monitoring of the network. Even though we have a policy of no unsanctioned wireless devices, we do not actively attack rogues. I've got better things to do with my time (for now). We did use the WIDS to track down some DOS'ing last fall - the Business School's Aruba system classified the main wireless system as rogue and rendered connections useless on one side of the library. They fixed it and appologized for causing the problem after we brought it to their attention...
5) The Aruba product has a "master" controller that controls "local" conbtroller. This hierarchical architecture allows us to control all of the controllers from the master controller. A change in the config is pushed from the master to the local controllers then down to the APs. This works EXTREMELY well. We've also created some MRTG scripts that show us usage by authentication type, switch and building - very cool stuff. For instance, I know that peak usage in the dorms is at midnight :-)
6) Not sure what you are asking - we have two SSIDs, an open one for guest access/VPN authenticated access, and an 802.1x/WPA/WPA2 authenticated network. These policies and configurations are created on the master switch and pushed down to the local switches - super easy to manage at a single point - right now all APs have the same networks defined, but we could easily remove a network or define a specific network for just a group of APs. It's just SOOO much easier than fat APs...
7) Location tracking works well - if you have at least 3 APs that can see the device to be tracked. We haven't deployed Aire Monitors, Aruba's term for APs dedicated to listening to the RF space - but the standard APs will listen on their assigned channel, occasionally scanning the rest of the spectrum. I've watched students study in the library, and occasionally move across the room to another table, etc. I've also had our IT group ask me to identify a PC that was infected and causing problems. They gave me an IP address, I gave them the username, building, floor and area where they were.
Ben Miller Escribi?3:
If it isn't too much trouble, check back in with us on the board to let us know how your WLAN is working once it is fully rolled out. It sounds like you guys are just at the precipice of seeing widespread Wi-Fi use and I am curious to see how things work as more and more folks use your Wi-Fi network.
The wireless network is a production network and has been up and running for almost a year now - with a lot of users. It just keeps growing. Our peak usage is has been steadily increasing since we rolled this out - except for Summer Break, Thanksgiving, Christmas Break, and Spring Break. I remember turning up one dorm last fall on Friday evening - with in 5 minutes of going active, I had around 10 authenticated users. I thought college kids partied on Friday evenings - at least I did when I was in school :-) -
WlanStan,
Firstly ,Thanks for your time.
This thread will help people Gather Knowledge on Wlan Swicth Architecture.
So its time for some more questions.
I understand that you can Apply config files from the master to the
slaves.So the settings in the Master and the slave will be always the same.
Can we upload config files in groups?
Say Swicth 1,2,3,4 will have config file 1.bin
10,11,12,13,14 will have config file 2.bin
Does Aruba keep track of Auth and Unauth Devices?[Wlan Client Devices].
Please reply to the question when to have time.
Best regards,
S.Senthilraj CWNA,CWAP,CWSP -
Stan,
Thanks for taking the time to reply. I understand that the network is live. I was just looking at the map you posted and I saw that many of the buildings on campus have yet to be covered (you mentioned this as well, I think). I am just curious to hear back on how things are working once you guys have full coverage throughout campus.