Overview Of The Project
Wireless devices are now an important part of the learning environment. Students make use of
laptop computers,
iPods,
iPads, and
Netbooks in their learning at our school. In summer 2011, we decided to increase our wireless usage by adding 30 school owned iPads and about
70 new Netbooks. We also greatly increased the number of school-issued teacher and staff laptop computers and increased our school enrollment from around 500 to over 750. This warranted a substantial improvement in our wireless network.
What We Started With
For the first three years of Operation, SCVi had a total of 4 wireless access points. These were located throughout the building, but the largest concentration was upstairs in the south wing. This document shows these as "Old AP" and are represented by the blue circles. It also shows some places we were considering adding new AP's for a more optimal coverage and these are marked as Meraki AP's because that is the first vendor we looked at.
All access points were
Cisco Aironet 1200's which we felt could service about 20 users each before we started to see significant performance issues. With this many access points, we could service about 80 simultaneous users, which meant the school wireless network would come to a crawl by mid morning.
Wireless Research
We started investigating vendors for our wireless upgrade. We knew we wanted to go to
Wireless N technology which would give our access points
greater speed, greater range, and more concurrent users. We started looking at different vendors. The following table shows some of the vendors we talked with.
Vendor
|
Option
|
Hardware Included
|
Recurring
Cost ( per year)
|
Notable Features
|
Meraki / IMT
|
New Access Points Only
| Meraki MR16 Cloud Managed AP |
Mandatory Fee For Cloud Controller Access. Pay per AP.
|
- Cloud controller ONLY.
- Cloud controller has an annual fee per access point
- Great features on the cloud controller and overall very polished product. Would be nice for multiple sites.
|
Meraki / IMT
|
New Access Points + New Router
|
| Mandatory Fee For Cloud Controller Access. Pay per AP. + License Fee for Router. |
- Router has two inputs and automatic failover.
- Router will not act as the controller, you still need to pay for a cloud controller.
|
Aerohive / Altaware
|
New Access Points Only
| Aerohive AP-120
|
Mandatory Fee For Cloud Controller Access. Pay per AP.
|
- Cloud controler.
- Cloud controller has an annual fee per access point, but fee is less than Meraki.
- You can buy a controller for in-house control, but is very expensive.
|
Blue Socket / Intuitive Networks
|
New Access Points Only
|
|
Optional Support Only.
|
- Controller is in-house. No cloud needed.
- Was the only vendor that provided us with a Demo access point. This was very nice.
- We were able to get a single access point up and running using their cloud controller without too much trouble.
|
Blue Socket /CDW
|
New Access Points Only
| Blue Socket 1800 Access Points |
Optional Support
|
|
Aruba / CDW
|
New Access Points Only
| Aruba AP-15 Acces Points |
Optional Support
|
|
| Aruba / CDW |
New Access Points + Aruba
Controller
|
|
Optional Support
|
- Controller required for more than 16 ap's. Could buy controller later.
- I like their tutorial videos
- If using the controller, you can no longer use Aruba Instant so you have to pay $100 per AP licensing fee.
|
DLink /
110 Technology
|
New Access Points Only
| DLink DAP2553 |
-
|
- Cheapest possible solution and still a huge upgrade from what we have now.
|
DLink /
110 Technology |
New Access Points Only
| DLink DAP2590 |
-
|
- Plenum rated version of the DAP2553. Put above ceiling.
|
DLink /
110 Technology |
New Access Points Only
| Dlink DAP 2555 |
Mandatory Fee For Cloud Controller Access. Pay per AP.
|
- This is DLink's Cloud solution Cloud based solution. Fee is $100 per access point.
- If we want cloud controlled, this is the cheapest.
|
DLink / Computer1
|
New Access Points + Controller
|
|
Optional Warranty
|
- Most robust hardware solution. Scales to 64 access points.
- Includes a 24 port switch - Nice.
- Best overall value of Hardware for $$
|
We decided to go with Aruba for these reasons:
- The solution scales nicely. You can start with Aruba Instant, then go to Aruba with a controller or cloud based as you get larger.
- Good tutorials and videos on web site.
- Software looks polished and is easy to use.
- We got a really good quote.
Implementing The Access Points
Our old access points had three separate SSID's. Each had different routing to different VLAN's. All three were open, but only one broadcast the SSID. Here is an overview of the config from one of our Cisco access points.
Each of the access points is routed to a separate network with different filtering in
Open DNS. This allows us to filter the content for teachers separately than the content from the student population. Since the SSID's of the old access points were not very descriptive, we decided to change them.
| Old SSIDs | Security | New SSIDs | New Security | VLAN Purpose | IP Domain | Internet Supplier |
| Stars | Open | SCVi-Learner | Open | Student usage | 172.168.128.xx, 172.168.129.xx | Fireline Broadband 10Mbit |
| Ambassadors | Open - Hidden SSID | SCVi-Facilitator | WPA2 - Password Protected | Teacher, Admin, and Staff usage | 172.168.12.xx | Telepacific 10Mbit |
| guru | Open - Hidden SSID | SCVi-Admin | WPA2- Password Protected | Network Administration by IT Staff | 192.168.250.xx | Telepacific 10Mbit |
When the Aruba access points arrived, we started setting them up. Configuration is pretty easy. You plug in the first access point and connect to it with a computer. You then navigate a web browser to http://instant.arubnetworks.com and use a web page to configure the device. Here is how the network configuration for the above SSIDs looked in the Aruba software.
The Learning Really Begins
As soon as we plugged in the access point, it became evident that our old
Cisco Catalyst 3550 was not going to be able to power the new Aruba AP's. The AP's would cycle on and off but never started up. For the first AP, we simply constructed a external power supply to get started and worked with it plugged into the 3550. This worked for one AP, but this was not going to work for the rest of the network.
In order to power the new AP's properly, we purchased a
DLink DGS-3100-40 managed POE switch. This powered the AP's nicely, but after a few days of trying to get it to work, we realized the configuration was going to take some learning. We needed to get the VLAN's used by the AP's to properly propagate through the new switch. Otherwise, we could only get them working on the administration network. It was time to call in some help!
We were able to get some expertise from
Earl Rolley who helped design our original network. He helped work out a lot of our configuration problems with our Cisco equipment. However, after plenty if tinkering, we still were not able to get the DLink switch up and running. So, we are running off the old switch and using
POE Power injectors. Still, we have learned a lot. Some highlights of the config are as follows.
- We replicated all of the VLAN's from the cisco hardware on the DLink switch and configured it to tag the ports for these VLAN's.
- Any switch on the Cisco hardware that fed the Dlink Switch or an Access Point must be set to mode "trunk". (See cisco commands below.)
- The drop to POE#3 Kindergarten had significant configuration problems that I simply didn't understand. Earl figured them out and set things correctly.
- What Cisco calls "Trunking" and DLink calls "Trunking" are totally different things. When Cisco configures a port to "Trunk" that means it's meant to feed another switch. However, in DLink, it is port aggregation.
- We enabled Spanning Trees on the DLink switch, but still not sure if that was the right thing to do.
- Since we use VLAN 250 as our admin VLAN; To talk to the Dlink switch as an admin plugged into a port, configure all the VLANs to be off except 250.
Understanding Switch Ports and VLANs
Virtual LANs allow different ports on a switch to be configured to talk to different networks. Our old access points were plugged into ports 1-4 on POE switch #2. We actually were set up to talk to them on 8 total ports. This document shows how things are configured. For the new DLink switch, we plugged it into the Gigabit Ethernet port on SW1 and configured the port to trunk.
Learned Some Cisco Commands
There were several cisco commands I learned while configuring the switches. These commands can be performed by logging into the switch using telnet or ssh.
| Command | Type | What it does |
| show vlan | Read | Shows the VLAN's configured on the device |
| show run | Read | Shows the entire switch config as currently running |
| show ip dhcp server | Read |
|
| show ip dhcp server statistics | Read |
|
| show interfaces | Read | show the interfaces on the device |
| show version | Read | shows software version, but more importantly, shows Uptime |
| show power inline | Read | shows POE status on POE switches/td> |
| show interface status | Read | show status of each interface. |
| show startup-config | Read |
|
| show cdp neighbor | Read | Show who is connected to a port. (Handy!) Must be in switchport mode. |
| show run interface fastethernet 0/1 | Read |
|
| show run interface fa 0/46 | Read | Notice that you can abbreviate the word fastethernet |
| show run interface gig 0/1 | Read |
|
| config | - | Puts you into configuration mode so you can change settings. |
| interface fastethernet 0/6 | - |
|
| switchport access vlan 250 | Write | Adds the port to VLAN 250 |
| no switchport access vlan 128 | Write | Removes VLAN 128 from a port |
| switchport mode access | Write | Tells a port to auto-detect for Trunk or VLAN mode. |
| switchport mode trunk | Write | Change the switchport to TRUNK mode |
| switchport trunk encapsulation dot1q | Write | Change port mode to 802.1q (Allows TRUNK mode) |
| do show run interface fastEthernet 0/48 | Read | When in config mode, you can use "do" to run the regular Read commands |
| write | Write | Set's the configuration to be saved for next time the switch reboots |
Using the above comamnds, we were able to learn some really useful things. For instance to see what VLANs are available on a particular port, you can use the "show vlan" command.
SCVI-POE-SW2#show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active
2 gateway_network active
4 VLAN0004 active
12 VLAN0012 active
20 network_printers active
30 teacher_network active
40 student_network active
50 VoIP_phone_network active Fa0/9, Fa0/10, Fa0/11, Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21, Fa0/22, Fa0/23, Fa0/24
60 office_administration_network active
128 VLAN0128 active
250 network_administration_network active Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21, Fa0/22 Fa0/23, Fa0/24
This is the typical config for a "Trunk" port on the cisco switch. i.e. Ports that power either an Access Point, or a Phone. (The phones are a Trunk device)
description NetworkAdministration
switchport access vlan 250
switchport trunk encapsulation dot1q
switchport trunk native vlan 250
switchport mode trunk
switchport voice vlan 50
mls qos trust dscp
priority-queue out
spanning-tree portfast
Here is a config from the "Student" ports on the POE switch that feeds high school.
switchport access vlan 128
switchport mode access
switchport voice vlan 50
power inline never
spanning-tree portfast
Network Overview - For Technical Parents
Since our school relies heavily on parent volunteers, We have documented our entire network here. This is to help future parents understand how we are configured.
