wireless lab

Started by fsck, August 29, 2017, 01:33:56 PM

Previous topic - Next topic

fsck

I have built a vWLC and I wanted to connect a few AP's and get more familiar with wireless.  Connect it to a ISE lab environment, and get users authenticated on the wireless.  My question is do I have to be cognizant in setting up another wireless network here at work?  It will of course be a different SSID, but can an AP associate with the vWLC somehow? 
New to wireless but I was thinking maybe if I choose different channels for my test environment.  Is this something to be concerned about, or am I save just standing up this new wireless network?

deanwebb

The answer is, yes, you can create a separate SSID and have selected APs participating with it. According to https://supportforums.cisco.com/t5/wireless-mobility-documents/cisco-virtual-wireless-controller-vwlc-release-7-3/ta-p/3123574 , only FlexConnect and Local Switching modes are supported.

If you choose different channels, I think 1, 6, and 11 are standards for being far enough from each other to not result in interference.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

SimonV

Make sure your controller is in a different VLAN than your production APs. All of the L3 discovery techniques require explicit configuration so you should be good.

If you're worried about causing channel interference, you could stick to the 5Ghz band, more channels available there.

icecream-guy

and secure it good, so people don't auto-associate with your wireless lab by mistake.

:professorcat:

My Moral Fibers have been cut.

deanwebb

Quote from: ristau5741 on August 30, 2017, 06:18:58 AM
and secure it good, so people don't auto-associate with your wireless lab by mistake.



^This. You would not want to have people discover that there's a new test network that allows full, unproxied Internet access without authentication or anything secure like that. Because they will then use it to download all kinds of crazy crap.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

fsck

So this network is completely segregated on different hardware, granted some VLANs might be the same in the test network.  But I don't think that will be a problem, as even the IP addresses are different.

Making it very secure is a good idea.  I'm testing out some BYOD policies and things like that and once again learning how production does things.  I will also hide the SSID, short of somebody scanning it and trying to find it that should help.

I did do a scan of our production WiFi and I see channels 1, 6, 36, 44, 112, 64, 120, 132, 153, 157.  Using some of these channels on the same SSID too.  I wasn't expecting to see so many channels in use.

fsck

After I did a little more reading, I found out that there are more channels in the 5Ghz range, which a lot of those are using.

Using iStumbler under the Channels tab, I can see that 136 through 149 are white, as the others in use I assume are in orange.  Can I just use one of those channels within that range and be safe?

wintermute000

Quote from: fsck on August 31, 2017, 06:22:13 PM
After I did a little more reading, I found out that there are more channels in the 5Ghz range, which a lot of those are using.

Using iStumbler under the Channels tab, I can see that 136 through 149 are white, as the others in use I assume are in orange.  Can I just use one of those channels within that range and be safe?

Some of those are in the DFS range. So weather radar if one is nearby will interfere

deanwebb

This is where a bandwidth study tool comes into play, for sure. I recall my former workmates using Ekahau to do stuff like that.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.