Bowdoin College is a liberal arts college based in the town of Brunswick, Maine. It houses 1839 students in about 100 buildings and offers 33 different majors and 4 minors. The Bowdoin IT Team are pioneering in nature as would be expected from the state whose motto, “Dirigo”, translates to “I lead”; adopting bleeding-edge best-in-class technologies to provide the optimal connected experience for students, faculty, staff and guests. This is counter-balanced with pragmatism in phasing the roll-out of these services.
This next generation pervasive WLAN network enables students to collaborate with each other anywhere on the campus and with the teachers in the classroom. In the previous blog in 2012, we described how Bowdoin upgraded to 3602 Access Points and used the innovative CleanAir technology tie-in with Event Driven Radio Resource Monitoring to optimize WLAN coverage. They also adopted the Cisco Prime and ISE 1.2 for manageability and consistent wired-wireless Policy respectively. In this blog, we will cover more details about the recent upgrade of the Wireless LAN Controller from the previous model WiSM to the new model 5760 and describe highlights of our conversation with Jason and Trevor about the WLAN deployment itself.
At a Glance:
Located in: Maine town of Brunswick
Number of students: 1839
Number of teachers/staff: 1000
WLAN clients 3100
3602 Access-Points: 500
Catalyst 3850 switches: 400
5760 WLC Controllers: 3 (Version 3.3.1)
Prime Infrastructure 2.0
Identify Services Engine 1.2
Mobility Services Engine
The two 5760 controllers are deployed in the DataCenter to manage the production network and a third is installed in a lab environment to experiment with the latest software releases including access to pre-released software for evaluation and to partner with Cisco for feedback. Four 10Gbe uplinks on the production controllers are used to provide connectivity to the Access Points.
Deployment Details:
A total of four SSIDs are deployed in the Bowdoin WLAN environment.
- The first is 802.1x enabled and dedicated for students, teachers and faculty.
- The second is dedicated for legacy clients incapable of using .1x authentication whereby the security is addressed with mac filtering.
- The third is the robotics WLAN which is used by users to provide real-time inputs to robots. Bowdoin hosts the annual RoboCup contest; which involves autonomous humanoid robots playing soccer based upon the FIFA rules. This is managed via a dedicated SSID, that is configured only on select access points that host the contest, enabled only during the time-frame of the contest and prioritized over other SSIDs. ClientLink is used to optimize the traffic per client per packet within Access Point hardware. This allows Bowdoin to optimally host many schools to participate in the US Robocup contest.
- The fourth is focused on serving guest users with some interesting considerations. Bowdoin uses SNMP to automatically create a new guest user. In this way, the account can be used from a few days to a month, which covers the usual time-frame of usual visitors. A description field allows them to review who came in, why and how long was the user available in their records e.g. “Student-name came for soccer practice”, “Lecturer came for a guest lecture”. Guest Authentication is done using an external webauth server.
The Bowdoin WLAN network supports NO SSID Outage implemented via the Access Point Stateful SwitchOver feature. In this scenario, the standby 5760 continuously synchronizes Access Point states with the primary controller thereby allowing sub-second fail-over in the eventuality of the crash of a primary controller.
Where do we go from here ?
We talked to Jason Lavoie, the Director of Networking and Telecommunications and Trevor Jennings, an Associate Network Engineer to discuss some of their thoughts around their choice of this solution and the associated benefits.
- Flexibility of Architecture: Both the 5760 and 3850 are based upon the same innovative Unified Access Data Plane(UADP) ASIC that allows the ability for these platforms to operate as a Controller. Jason liked the flexibility offered by the UADP and RTU licensing structure to migrate from the Centralized mode today to the Converged Access mode tomorrow.
- Readyness for 802.11ac: In addition, the 5760 supports up to 60 Gbps of throughput and the 3850 series switch supports up to 40 Gbps of throughput preparing them for the 802.11ac wave. Bowdoin is currently in EFT trials for 802.11ac in a building where they observe high client density. Jason and Trevor observed that the benefit of the 802.11ac modules is that it allows investment protection on the existing 802.11n Access Point 3600s.
- Ability to roll-out services one-at-a time: Today Bowdoin has deployed with some of the features such as AP SSO but they are also evaluating turning on further innovations such as Application Visibility and Control that push visibility to the edge. Implementing AVC and QOS on the Access Point will allow them to enable visualization of Application usage and granular policies on the network. In the future they may turn on Service Discovery Gateway to address Bonjour(mDNS) services.
- Consistent IOS CLI: Trevor loved that both the 5760 Series Wireless LAN Controllers and the 3850 Series Switch are based upon the familiar rich IOS-XE command line interface. This allowed him to apply the same commands to configure features as well as manage both the devices for common wired and wireless features.
I’m curious on how they actually managed to use SNMP to create and validate users on that webauth portal. Could you please provide more technical information on that topic?
Thanks.
The portal collects the user information and creates the user, setting the name, description, lifetime, etc. via SNMP to the controller(s).
You’ll find the OIDs you need in the AIRESPACE-WIRELESS-MIB, specifically the following table:
BsnLocalNetUserEntry ::= SEQUENCE {
bsnLocalNetUserName OCTET STRING,
bsnLocalNetUserWlanId INTEGER,
bsnLocalNetUserPassword OCTET STRING,
bsnLocalNetUserDescription OCTET STRING,
bsnLocalNetUserLifetime TimeInterval,
bsnLocalNetUserStartTime TimeTicks,
bsnLocalNetUserRemainingTime TimeInterval,
bsnLocalNetUserRowStatus RowStatus
}