This weekend was spent at work putting in the equipment for the new office network.  10 hours on Saturday and 12 hours on Sunday (not including the 1 hour travel each way) later and we have the new equipment installed and in place.

Aside from swapping out the kit, our entire rack or patching was stripped and re-patched neatly with new cables by a couple of colleagues (all 30U of it) whilst another colleague and I did the configuration bits.  All in all things went pretty well, even if the days were a little longer than we are used to.

Come Monday morning all of us were in early in anticipation of any problems, things which we might have missed etc.  Happily there were only one or two patching related issues which were easily sorted in minutes.  Coupled with that, we also had a positive report of network speeds following the work, so all is looking well.

Most of the new network equipment has turned up at work, and so I’ve been working on getting it all configured.  Sadly the main core switch has not turned up so we’ve had to improvise, using an old 3550 L3 switch to pretend to be the core switch for the time being.  VTP allows a little bit of the work to be automated, as when we turn on the new core switch, we can configure VTP and all our VLANs will magically appear.  For the rest of the work, such as the L3 SVIs, ACLs and any other config work we’ve done on the “core switch,” this can be copied/pasted from what we’ve done so far so nothing should be wasted.

Essentially the network (in very basic form!) looks a little like this:

We have the KPSN CPE router which also hosts the wireless LAN controller, an add-in module for the 3825 router (and all modular ISR routers).  Connected to this we have the core switch, which will eventually be a Cisco 4506, and assorted workgroup switches which will be 2960s and 3560s.

Getting the wireless piece working was a challenge.  Having not configured a wireless LAN controller before, this was an excercise fraught with Google searching and reading articles from the Cisco website.  As the WLC had previously been deployed we wanted to factory reset it.  Most of the articles were along the lines of “once you’ve done the incredibly trivial task of getting your access points associated with your controller all this is child’s play.”  Having reset the WLC, configured it, set the clock on it (important for access point association), configured DHCP option 42 (and another that escapes me at the moment) we still couldn’t get the access points associated.  Eventually we found that because the APs has also previously been deployed and had self signed certificates (SSCs) we had to sit on the debug of the WLC, capture the SSC and add it into the configuration of the WLC.  Once we had done this the APs associated and joined the WLC fine.  This took care of 5 out of the 6 APs, but one was still in “autonomous” mode.

A Cisco autonomous AP is an independent (as you might imagine) access point which you individually configure, and has a standalone image.  You can “upgrade” an autonomous AP to remove its intelligence and make it a Lightweight Access Point (LWAP), and that’s what we had to do with the final AP.  Having discovered that Cisco meant what they said about running the update tool on Windows XP (and not Vista / Windows 7 like I was initially trying) we eventually had the final AP all joined on as an LWAP.

Having done the heavy lifting with the wireless network, we now just need to spend some time tidying a few things up, deploying a RADIUS server to authenticate the wireless network against, configure some NAT to allow us to talk to head office, a bit of port security and the basic network is in place.  Following that we need to revisit the connection to our remote office to make things a little more efficient and secure there, and just continue to evolve, improve and secure the new LAN infrastructure.

Hopefully soon afterwards our server infrastructure will arrive and we’ll really see a big difference in performance.

Here at EIS towers things have moved a little bit.  I realise that I’ve not updated for a while so I thought I’d throw this out there to keep things ticking over!

We have been given the go-ahead to implement a new Cisco based network here at work and the kit has been ordered.  Next phase will be configuration and implementation, and this may take a while as there are debates over how we should implement things.

It’s still exciting though, in terms of the opportunity to implement what is a greenfield network, and also for the unit to have a network which works how it should and meets our business needs (which we don’t really have now, if we’re honest).

There is also some slight forward motion in the service which we have been touting for schools too.  A school is desperate to move ahead with things but we haven’t yet got contractual stuff sorted out.  Ho hum, hopefully we’ll get there.

In other news, I passed my CCNA Security test this weekend.  I think I’m going to concentrate on the BGP aspect of obtaining the CCIP next, then the MPLS.