New Year, New Networking Lab

I’ve decided to start off the new year by wiping the slate clean on my lab configuration and putting together a new configuration that will allow me to work on and test out some of the technologies that are relevant to me currently.  I’ve had many lab configurations over the years, and most of them have been pretty small and focused on working out a particular problem, or for prepping for the exam of the month.

This iteration of my lab will be a little different, in that I am aiming to mock-up, as close as I can with the resources at hand, an enterprise network complete with the traditional network layers, a data center, a dmz, WAN connections to remote offices, DMVPN over the Internet, remote access VPN, etc.  The end-goal is quite large, and it will take some time to completely get it up and running, but it will provide me a testbed for working with many aspects of enterprise networking.

As I work through the setup, I’ll be posting entries on progress, and specific configurations and tests I’ve completed.  Please leave any comments or suggestions for things to try or test out.

Goals for the Lab

Here is a short sampling of things I’m looking forward to setting up in the lab.

  • Cisco AnyConnect 3.0
  • Dynamic Access Policies
  • Secure Mobile Device Access – iPad, Laptop, Android, etc
  • 802.1x
  • MACSec
  • CiscoWorks LMS 4.0, Cisco Security Manager
  • DMVPN WAN Backup
  • Latest IOS Versions (ASA 8.3/8.4, IOS 15.x)
  • Cisco Office Extend Access Point (OEAP)
  • Cisco CleanAir
  • Anything else I can get my hands on

Lab Diagram – Draft

Here is the network diagram I put together for what I’m looking to create in the lab.  It isn’t complete, or fully detailed, but it does provide a good representation of what I’m working on.  I’ll also be using it as a working draft and will update it as the lab comes together.

Wireless Networking, where more is not always better

I was sent out to help a new client with a wireless networking problem that had been progressively getting worse, and which their efforts to resolve where failing short.

The problem network was covering a large warehouse in which Symbol scanners were used by the employees to process their product and shipments. This company had recently been purchased/merged with another company, and as part of the merger, the wireless network was completely changed over from about 12 Cisco Autonomous Access Points to a similar number of Cisco APs connected to a Wireless LAN Controller.

Shortly after making the change in gear, the workers began experiencing a much higher number of scanner disconnects and delays. The internal networking team attacked the problem in a typical way by doubling the number of access points, and raising the power level of all APs to maximum. After making these changes, the problems didn’t improve, and may have actually gotten worse. They then reached out for some external assistance.

My first visit to the site was a quick one to gather some information and do a quick walk through of the space to familiarize myself with the network. Upon deeper inspection, I began to notice that the access points reported significant channel interference measurements, and that the suggested power levels were much lower than the hard set maximum configured. I scheduled another site visit to perform some more in-depth RF analysis of the areas.

What I found during the next visit was in any one area in the warehouse, my scanner picked up very solid signal strength from anywhere between 4 and 8 access points. Being that this network was supporting older 802.11b scanners, this meant that there was significant co-channel interference almost everywhere, as well as the potential for client confusion with so many “good” choices for access points to connect to.

With this information, I suggested re-enabling the automatic power level control (RRM and TPC) available on Cisco’s Wireless LAN Controller. Shortly after making this change, as well as some other best practice adjustments, wireless scans in the area looked much better, and instances of client disconnects dropped to nearly none.

What did I learn…

This is a great example of how in wireless networking, more and stronger can actually have a significant negative impact on network performance. Though intuitively adding access points and raising the power levels would seem to be a good idea, either of these choice can actually cause significant adverse affects to the network.

Key to a healthy wireless network is a good site survey and RF analysis. Today, this is most easily accomplished by using the intelligence built into the wireless control systems. Both Cisco’s RRM and Aruba’s ARM features can make both channel and power level assignments and adjustments very simple.