Need some advice on learning networking

[BillyCarpenter]

A quick note: I now have 3 Lightweight Access Points connected to the WLC. There's a couple of advantages that I see right off the bat.


1. The WLC automatically adjusts the power of the radio signal for each AP. Example: I have 2 AP's sitting on a table about a foot away from each other. The first AP is running at 87% radio and the other at 7%. The 3rd AP is on the other end of the building and it's at 11%.

These Cisco AP's are twice the size of the Aruba AP's and MUCH more powerful. I walked out in the parking lot and went about 150 yards away and could still access the internet.

2. Another difference is that the signal never drops when switching from 1 AP to the next.


This is definitely the way to go.

[BillyCarpenter]

PS - All of the Access Points were automatically placed on different channels with absolutely no overlap. It's the cleanest looking wireless setup that I've seen and the controller did much of the work.

[BillyCarpenter]

Now that my head is clear this morning after a frustrating day before, I have some random thoughts I'd like to share.


My journey into networking has led me in many different directions and the jobs are getting more and more complex. For me personally, I'm so glad that I'm learning the CCNA for routers and switches. Without knowing this, a networker would be extremely limited in what he can do.

On the other hand, CCNA teaches next to nothing about Windows 10, Linux, Windows Server or any other operating system and thus that has severely limited what I can do in that area.

It's clear to me that when I'm finished with the CCNA that I'm gonna have to learn more about operating systems/Servers.


Other random thoughts.

For the first time, I ran into a problem with security certs. I don't really understand them. I was able to resolve my issue by using google, but still don't understand them they way I should. I'll correct that at some point.


Lastly, I thought I understood DHCP. I found out that I understood the basics but there was much more to learn.

With Cisco's wireless lan controller it uses DHCP in a little different way. DHCP has "options." Google "DHCP OPTIONS" and you'll see what I mean.

You have DHCP option 43 that is used to help Cisco Access Points discover the Wireless LAN controller. And there are MANY other options.


PS - I have a question if anyone wants to jump in.

Let's say that I have a single Windows server. Good or bad idea to use that for DHCP? If it goes down, then what? Just wondering.

[rthonpm]

Most servers now are virtual so spinning up new servers is fairly trivial as long as you have available licenses (Windows and RHEL only). That said, I have several customers with only a single DHCP server and issues have been very rare. The key with servers is to keep their roles as separate as possible so that a failed server doesn't take down everything. DHCP is also easy to configure so that a secondary server is available if the primary isn't responding.

A basic Windows network could look something like:

Domain Controller/DNS/DHCP

Domain Controller/DNS (domain controllers will always also be your internal DNS servers)

File/Print

Web (IIS, Apache, etc)

Database (SQL, etc)

Any other appliances


In terms of licensing, the basics of Windows are:

Server Standard allows you either a physical install and two virtual machines as long as the physical server is only used for the Hyper-V role, or just two virtual machines if another OS is managing the physical hardware.

Server Datacenter allows you an unlimited number of virtual machines for any supported versions of Windows Server, so Server 2022 will let you install virtual machines for any version back to Server 2012. The cost is significantly higher, and your point where it becomes more cost effective is around more than 16 virtual machines on a single host.

You can also download evaluation versions of Windows Server which are good for 180 days. You can extend the period past that several times so that your evaluation copies can give you close to three years of use by reloading the activation every 180 days.

Server 2019 and earlier also offered a free version called Hyper-V Server which could only serve as a platform to host virtual machines. This is great for lab environments or for failover and replication servers since it doesn't require any licenses and can host as many VM's as you like, again as long as you have the appropriate licenses.

The norm for at least the last decade or so has been to virtualise everything as much as possible. Of the piles of servers we manage for ourselves or customers, the only physical servers are either hypervisors or servers that require a direct physical connection to some other piece of hardware, like a tape drive or other special equipment.

Sent from my BlackBerry using Tapatalk

[BillyCarpenter]

If my Layer 3 switch ever arrives, I'm gonna set up Wireless and spread it out over different VLANS. It's important for me to learn how to do this because, let's say that we have 100 AP's and let's say that each AP has 20 users on each one at the same time. That's 2000 users on the same vlan. Not good.

I've been studying this for several days and it's been fucking confusing. At times I think I understand the concept but then doubt starts to creep in. Finally, I had that "light bulb" moment and now I understand.

Basically I need need to create several different ssid's and assign them to a different vlan. That is done via logical interfaces on the Wireless LAN Controller. The WCL then applies a vlan tag and sends the packet to the switch where it is routed to the correct vlan and final destination.



There are other steps involved but I wanted to simplify in order to explain it.


PS - In future posts, I will be referring to Access Points as LAP's - "Light Weight Access Points". That just means that the WLC handles much of the work that is normally done by an autonomous AP.

[BillyCarpenter]

These Cisco WLC's are sick. Did you know that they have a built in packet capture tool that is similar to WireShark? It's true. Also, there's a built in statistics page that keeps track of everything under the sun....including what webpage each user visits and for how long. It also tells how much usage each AP gets. I haven't even touched the surface of what the Cisco WLC can do.


But mainly it's used as a central controller for all the access points. In other words, you can go to the WLC and make changes and push it out to all the other AP's.


Also, rthonpm rightly talked about "tuning" the AP's and he was right. However, that's not much of an issue here. The WLC does all of that for us.

[BillyCarpenter]

As I become more knowledgeable with the Cisco Wireless Lan Controller, I discover more cool functions. For instance, if I know the Mac Address of your phone, I can track you anywhere in the building.


Here's what I mean, if you're connected to the wireless network, when you walk through the building, you are roaming from one wireless access point to the next. From the Lan Controller, it shows me what access point that your mac address is on.


I moved my phone from one room to another to test this out. Worked like a charm.

[BillyCarpenter]

I'm still on LAP's and WLC's. The fun is over and I'm now deep into learning the protcols that are used.

One such protocol is CAPWAP. If nothing else, it's fun to say: CAPWAP. lol


Basically after the AP's have found and joined the WLC, a CAPWAP tunnel is formed. This tunnel connects the LAP's to the WLC and this is where the data is encapsulated. There's also a 2nd tunnel that is formed inside the CAPWAP tunnel and this is where the control data is sent.

Client Data is sent on UDP 5247 and control data is sent on UDP 5246.


I think I've about got this baby whipped.

[BillyCarpenter]

When it comes to wireless, I've only talked about Wireless Lan Controllers and Access Points. The reason is because that's the hard stuff to learn.


But there are the basics of wireless technology. Not hard to learn, but important nonetheless.


For starters, everyone needs to know the 802.11 standard. This is usually followed by some letter: a/b/g/n and the latest standard 802.11ac. All of these have to do with speed and the distance of the wireless signal. I won't go into it too much. If you want to know more, there's plenty of information out there.

Then there are security standards: WEP (no longer used), WPA, WPA2, WPA3. All of these security protocols use encryption keys. The later the version, the more secure.

We could get into the 2.4Gz vs. 5Gz range but that all goes back to the 802.11 standard.


Those are the basics.


When it comes to wireless, the really, really cool stuff doesn't happen until you get into a production network. That's where you get introduced to a radius server, link aggregation and how to set up the layer 3 switch and the WLC.

I think I'm about done talking about wireless.

[rthonpm]

Then there are security standards: WEP (no longer used), WPA, WPA2, WPA3. All of these security protocols use encryption keys. The later the version, the more secure.

Don't use anything less than WPA2. Anything old enough to not support it doesn't need to be connected to the internet.

Some consumer wifi devices also have a feature called WPS, which allows you to connect to a network using a PIN. If your home devices support this: disable it at all costs. There are known security issues with it that are fundamental enough to make the entire feature insecure.



Sent from my BlackBerry using Tapatalk