Most of the new network equipment has turned up at work, and so I’ve been working on getting it all configured.  Sadly the main core switch has not turned up so we’ve had to improvise, using an old 3550 L3 switch to pretend to be the core switch for the time being.  VTP allows a little bit of the work to be automated, as when we turn on the new core switch, we can configure VTP and all our VLANs will magically appear.  For the rest of the work, such as the L3 SVIs, ACLs and any other config work we’ve done on the “core switch,” this can be copied/pasted from what we’ve done so far so nothing should be wasted.

Essentially the network (in very basic form!) looks a little like this:

We have the KPSN CPE router which also hosts the wireless LAN controller, an add-in module for the 3825 router (and all modular ISR routers).  Connected to this we have the core switch, which will eventually be a Cisco 4506, and assorted workgroup switches which will be 2960s and 3560s.

Getting the wireless piece working was a challenge.  Having not configured a wireless LAN controller before, this was an excercise fraught with Google searching and reading articles from the Cisco website.  As the WLC had previously been deployed we wanted to factory reset it.  Most of the articles were along the lines of “once you’ve done the incredibly trivial task of getting your access points associated with your controller all this is child’s play.”  Having reset the WLC, configured it, set the clock on it (important for access point association), configured DHCP option 42 (and another that escapes me at the moment) we still couldn’t get the access points associated.  Eventually we found that because the APs has also previously been deployed and had self signed certificates (SSCs) we had to sit on the debug of the WLC, capture the SSC and add it into the configuration of the WLC.  Once we had done this the APs associated and joined the WLC fine.  This took care of 5 out of the 6 APs, but one was still in “autonomous” mode.

A Cisco autonomous AP is an independent (as you might imagine) access point which you individually configure, and has a standalone image.  You can “upgrade” an autonomous AP to remove its intelligence and make it a Lightweight Access Point (LWAP), and that’s what we had to do with the final AP.  Having discovered that Cisco meant what they said about running the update tool on Windows XP (and not Vista / Windows 7 like I was initially trying) we eventually had the final AP all joined on as an LWAP.

Having done the heavy lifting with the wireless network, we now just need to spend some time tidying a few things up, deploying a RADIUS server to authenticate the wireless network against, configure some NAT to allow us to talk to head office, a bit of port security and the basic network is in place.  Following that we need to revisit the connection to our remote office to make things a little more efficient and secure there, and just continue to evolve, improve and secure the new LAN infrastructure.

Hopefully soon afterwards our server infrastructure will arrive and we’ll really see a big difference in performance.