The campus wireless project transformed a SoHo wireless router moved around on a single laptop cart in 2005 to a D-Link multiple access point, multi-SSID network within a year of taking the role, which while effective, and paved the road for immediate increased flexibility with the laptop cart itself, and the scalability to add additional laptop carts, it left a very large gap sharing pre-shared keys with all the pitfalls of open networks for untrusted devices.
Within a few years, while working with D-Link toward Protected-EAP, after having spent months trying to get a wireless identity solution to work with our edge filtering, RUCKUS Wireless was emerging in the market and a trial of their equipment closed the gaps with our Active Directory/RADIUS transparent identity strategy we had been struggling with.
With the extremely affordable, meaning free, Microsoft Network Policy server (role) on an existing data center VM, configured to authenticate with our Active Directory, along with a VLAN architecture that segmented classrooms to support IoT mDNS casting and printing, we delivered individual identity access to any device, with dynamically assigned network segmentation depending on role, need, and use-case. No clunky captive portals, or MAC lists to manage. Seamless AD Authentication at client association, individually revokable, and manageable with beautiful visualizations for driving advancement, and communicating ROI.
I don’t have every visual to share, it’s private to the institution.
The effort included:
- Setup of multiple VLAN’s to establish classroom segmentation
- Install 48 Access Points across campus buildings indoor and outdoor
- Establish SSID in Wireless Controller to be deployed on all access points
- Establish additional SSID’s for IoT and other incompatible organizational devices.
- Installation of Network Policy Server with distributed SQL Database backend.
- Define User policies for all user groups across the enterprise
- Define Computer Group policies for managed assets.
- Define exception policy for limited access users
- Define exception policy for catch-all.
- Define exception policy for limited access users
- Define Computer Group policies for managed assets.
- Define User policies for all user groups across the enterprise
- Integration of Active Directory on SonicWALL Edge cluster
- Installation of RADIUS Proxy on SonicWALL Edge cluster
- Setup Group Based Access Policies on SonicWALL
- Installation of SonicWALL Network Analyzer to capture and store logging.
- Installation of SQL Reporting Services
- Build Queries
- Build DataSets
- Build Reports
- Build DataSets
- Build Queries
