So here's the scoop. I've recently gotten involved in a volunteer capacity with a local Junior hockey team. For what it's worth, the team just changed management, so everything I'm about to describe here is what was done by the previous folks.
I've got a small to medium sized arena (~2250 seats), with one hell of a mess of networking at the moment. I'm trying to bring this somewhat in line, but on a modest budget. Up to now I've been looking at the 2nd hand enterprise hardware online.
- On the wired side, there's currently 4 separate networks, 3 of which share the same internet connection (2 networks are double-NAT though a third, and the fourth is separate). Did I mention these are all just /24 networks (with 7 day DHCP leases...)?
- Building Operations
- Team Operations
- 50/50 lottery system
- Guests (protected / semi-private)
- On the wireless side, I've got a dozen or more consumer grade routers (Eg. TP-Link & D-Link) hanging out all over the damn place. Some are configured with same SSID/psk, others are just named randomly and have the password written down somewhere.
They were "ok" with this crap setup until they got a new ticketing system, which has wireless iOS based ticket scanners at all the entrances, which aren't able to get a strong or reliable signal from the lower level entrances. They asked if I could put some more (consumer grade) access points down there to help the problem, and I said no. If you want me to do something, I'm going to rip out every last piece of junk that's in here and I'm going to replace it with something that's intended to do the job. I don't need to have crazy high speeds (WAN is only 200/200), but would l'm trying for something that's at least reliable, easier to manage, and doesn't look like Red Green built it with duct tape.
So far I've gotten:
- 15x Cisco 1142 A/B/G/N
- Cisco 5508 Wireless Controller w/ 35 AP license
What I need to get:
- POE Switch(s)
- Router
By the end of it, I'd like to have a unified network running on VLAN's that looks something like this:
- vlan1, SSID Team-CORP, WPA Enterprise, full internet access. For team management & employees, mobile ticket checkers.
- vlan2, no wireless, no wireless, full internet access with ability to dedicate WAN bandwidth. For live video production, outbound video stream.
- vlan3, SSID Team-PLAYERS, WPA Enterprise, full internet access. For players, segregated from office/mgmt network.
- vlan4, SSID Team-5050, WPA2-PSK, no internet access. For Handheld 50/50 sales deivces to communicate back to the in house server. Could possibly use WPA enterprise, but don't see the need.
- vlan5, SSID Team-GUEST, some undecided wireless security, internet access bandwidth limited by client & by total usage. ie. each client can't use more then 2 mbps, and that all guest combined can't use more then 100 mbps. This is semi-private in that it's not open for use by all the fans
No access between each, but all sharing a single internet connection.
So I guess I have two real questions here:
- What should I get for a router/fw? I've quickly looked at the ubnt EdgeRouters, and I think some of the upper tier ones might be well suited. What about some used Fortigate gear?
- Without spinning up a separate RADIUS server, is there a way to do dynamic VLAN assignment using only the "local net users" on the Cisco WLC? If possible, I'd like to trim down to 2 SSID's: "TeamName" & "Guest" and have the system decide which vlan to dump the client on. If I can't do this all in the WLC, what would you recommend as free or low-ish cost RADIUS server to do this?
No comments:
Post a Comment