Overview Of The Project
Wireless devices are now an important part of the learning environment. Students make use of laptop computers, iPods, iPads, and Netbooks in their learning at our school. In summer 2011, we decided to increase our wireless usage by adding 30 school owned iPads and about 70 new Netbooks. We also greatly increased the number of school-issued teacher and staff laptop computers and increased our school enrollment from around 500 to over 750. This warranted a substantial improvement in our wireless network.What We Started With
For the first three years of Operation, SCVi had a total of 4 wireless access points. These were located throughout the building, but the largest concentration was upstairs in the south wing. This document shows these as "Old AP" and are represented by the blue circles. It also shows some places we were considering adding new AP's for a more optimal coverage and these are marked as Meraki AP's because that is the first vendor we looked at.
All access points were Cisco Aironet 1200's which we felt could service about 20 users each before we started to see significant performance issues. With this many access points, we could service about 80 simultaneous users, which meant the school wireless network would come to a crawl by mid morning.
Wireless Research
We started investigating vendors for our wireless upgrade. We knew we wanted to go to Wireless N technology which would give our access points greater speed, greater range, and more concurrent users. We started looking at different vendors. The following table shows some of the vendors we talked with.
Vendor
|
Option
|
Hardware Included
|
Recurring
Cost ( per year) |
Notable Features
|
Meraki / IMT
|
New Access Points Only
| Meraki MR16 Cloud Managed AP |
Mandatory Fee For Cloud Controller Access. Pay per AP.
|
|
Meraki / IMT
|
New Access Points + New Router
| Mandatory Fee For Cloud Controller Access. Pay per AP. + License Fee for Router. |
| |
Aerohive / Altaware
|
New Access Points Only
| Aerohive AP-120 |
Mandatory Fee For Cloud Controller Access. Pay per AP.
|
|
Blue Socket / Intuitive Networks
|
New Access Points Only
|
|
Optional Support Only.
|
|
Blue Socket /CDW
|
New Access Points Only
| Blue Socket 1800 Access Points |
Optional Support
| |
Aruba / CDW
|
New Access Points Only
| Aruba AP-15 Acces Points |
Optional Support
|
|
| Aruba / CDW |
New Access Points + Aruba
Controller |
|
Optional Support
|
|
DLink /
110 Technology |
New Access Points Only
| DLink DAP2553 |
-
|
|
| DLink / 110 Technology |
New Access Points Only
| DLink DAP2590 |
-
|
|
| DLink / 110 Technology |
New Access Points Only
| Dlink DAP 2555 |
Mandatory Fee For Cloud Controller Access. Pay per AP.
|
|
DLink / Computer1
|
New Access Points + Controller
|
Optional Warranty
|
|
We decided to go with Aruba for these reasons:
- The solution scales nicely. You can start with Aruba Instant, then go to Aruba with a controller or cloud based as you get larger.
- Good tutorials and videos on web site.
- Software looks polished and is easy to use.
- We got a really good quote.
Implementing The Access Points
Our old access points had three separate SSID's. Each had different routing to different VLAN's. All three were open, but only one broadcast the SSID. Here is an overview of the config from one of our Cisco access points.
Each of the access points is routed to a separate network with different filtering in Open DNS. This allows us to filter the content for teachers separately than the content from the student population. Since the SSID's of the old access points were not very descriptive, we decided to change them.
| Old SSIDs | Security | New SSIDs | New Security | VLAN Purpose | IP Domain | Internet Supplier |
|---|---|---|---|---|---|---|
| Stars | Open | SCVi-Learner | Open | Student usage | 172.168.128.xx, 172.168.129.xx | Fireline Broadband 10Mbit |
| Ambassadors | Open - Hidden SSID | SCVi-Facilitator | WPA2 - Password Protected | Teacher, Admin, and Staff usage | 172.168.12.xx | Telepacific 10Mbit |
| guru | Open - Hidden SSID | SCVi-Admin | WPA2- Password Protected | Network Administration by IT Staff | 192.168.250.xx | Telepacific 10Mbit |
When the Aruba access points arrived, we started setting them up. Configuration is pretty easy. You plug in the first access point and connect to it with a computer. You then navigate a web browser to http://instant.arubnetworks.com and use a web page to configure the device. Here is how the network configuration for the above SSIDs looked in the Aruba software.
The Learning Really Begins
As soon as we plugged in the access point, it became evident that our old Cisco Catalyst 3550 was not going to be able to power the new Aruba AP's. The AP's would cycle on and off but never started up. For the first AP, we simply constructed a external power supply to get started and worked with it plugged into the 3550. This worked for one AP, but this was not going to work for the rest of the network.In order to power the new AP's properly, we purchased a DLink DGS-3100-40 managed POE switch. This powered the AP's nicely, but after a few days of trying to get it to work, we realized the configuration was going to take some learning. We needed to get the VLAN's used by the AP's to properly propagate through the new switch. Otherwise, we could only get them working on the administration network. It was time to call in some help!
We were able to get some expertise from Earl Rolley who helped design our original network. He helped work out a lot of our configuration problems with our Cisco equipment. However, after plenty if tinkering, we still were not able to get the DLink switch up and running. So, we are running off the old switch and using POE Power injectors. Still, we have learned a lot. Some highlights of the config are as follows.
- We replicated all of the VLAN's from the cisco hardware on the DLink switch and configured it to tag the ports for these VLAN's.
- Any switch on the Cisco hardware that fed the Dlink Switch or an Access Point must be set to mode "trunk". (See cisco commands below.)
- The drop to POE#3 Kindergarten had significant configuration problems that I simply didn't understand. Earl figured them out and set things correctly.
- What Cisco calls "Trunking" and DLink calls "Trunking" are totally different things. When Cisco configures a port to "Trunk" that means it's meant to feed another switch. However, in DLink, it is port aggregation.
- We enabled Spanning Trees on the DLink switch, but still not sure if that was the right thing to do.
- Since we use VLAN 250 as our admin VLAN; To talk to the Dlink switch as an admin plugged into a port, configure all the VLANs to be off except 250.
Virtual LANs allow different ports on a switch to be configured to talk to different networks. Our old access points were plugged into ports 1-4 on POE switch #2. We actually were set up to talk to them on 8 total ports. This document shows how things are configured. For the new DLink switch, we plugged it into the Gigabit Ethernet port on SW1 and configured the port to trunk.
Learned Some Cisco Commands
There were several cisco commands I learned while configuring the switches. These commands can be performed by logging into the switch using telnet or ssh.| Command | Type | What it does |
|---|---|---|
| show vlan | Read | Shows the VLAN's configured on the device |
| show run | Read | Shows the entire switch config as currently running |
| show ip dhcp server | Read | |
| show ip dhcp server statistics | Read | |
| show interfaces | Read | show the interfaces on the device |
| show version | Read | shows software version, but more importantly, shows Uptime |
| show power inline | Read | shows POE status on POE switches/td> |
| show interface status | Read | show status of each interface. |
| show startup-config | Read | |
| show cdp neighbor | Read | Show who is connected to a port. (Handy!) Must be in switchport mode. |
| show run interface fastethernet 0/1 | Read | |
| show run interface fa 0/46 | Read | Notice that you can abbreviate the word fastethernet |
| show run interface gig 0/1 | Read | |
| config | - | Puts you into configuration mode so you can change settings. |
| interface fastethernet 0/6 | - | |
| switchport access vlan 250 | Write | Adds the port to VLAN 250 |
| no switchport access vlan 128 | Write | Removes VLAN 128 from a port |
| switchport mode access | Write | Tells a port to auto-detect for Trunk or VLAN mode. |
| switchport mode trunk | Write | Change the switchport to TRUNK mode |
| switchport trunk encapsulation dot1q | Write | Change port mode to 802.1q (Allows TRUNK mode) |
| do show run interface fastEthernet 0/48 | Read | When in config mode, you can use "do" to run the regular Read commands |
| write | Write | Set's the configuration to be saved for next time the switch reboots |
Using the above comamnds, we were able to learn some really useful things. For instance to see what VLANs are available on a particular port, you can use the "show vlan" command.
SCVI-POE-SW2#show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active 2 gateway_network active 4 VLAN0004 active 12 VLAN0012 active 20 network_printers active 30 teacher_network active 40 student_network active 50 VoIP_phone_network active Fa0/9, Fa0/10, Fa0/11, Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21, Fa0/22, Fa0/23, Fa0/24 60 office_administration_network active 128 VLAN0128 active 250 network_administration_network active Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/12, Fa0/13, Fa0/14 Fa0/15, Fa0/16, Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21, Fa0/22 Fa0/23, Fa0/24
This is the typical config for a "Trunk" port on the cisco switch. i.e. Ports that power either an Access Point, or a Phone. (The phones are a Trunk device)
description NetworkAdministration switchport access vlan 250 switchport trunk encapsulation dot1q switchport trunk native vlan 250 switchport mode trunk switchport voice vlan 50 mls qos trust dscp priority-queue out spanning-tree portfastHere is a config from the "Student" ports on the POE switch that feeds high school.
switchport access vlan 128 switchport mode access switchport voice vlan 50 power inline never spanning-tree portfast
Network Overview - For Technical Parents
Since our school relies heavily on parent volunteers, We have documented our entire network here. This is to help future parents understand how we are configured.
Cool Matt :)
ReplyDeleteCurrently reading Wikipedia on Virtual LANs. Not sure what the current problem is for your DLINK switch or if this is the place you'd like to discuss it. Or should that happen via email?
ReplyDelete