Networks and their Purposes

We are moving away from having a network tied to SSID as well as static assignment on the wire. We are moving forward with a more dynamic network. We will have network and securities in place based on these networks. Users will be on boarded to these network by an intelligent process on the back-end called ClearPass by Aruba. The following will explain the purpose of each network and how a user would be able to access them.

Network/VLAN

There are 4 networks that can be accessed via the SSID "D91". Users will on-board this network by connecting to the wireless SSID "D91". ClearPass will move that user to the a Network/VLAN this will be based on the Identification table below and the securities on these network are described in the table below call ACL's. The only way to know this has happened is by the IP address the device received or by looking in ClearPass at the Access Log. The IP address that the device should receive is explained in the table called IP address assignment.

There will be a Guest network. This SSID is available to any user that in range of our network. They will not need credentials to access this network. When a user connects to this SSID their device will be redirected to a captive portal. On the captive portal they will be prompted to accept our internet use agreement and to click a button to continue. They will then have access to the internet at a limited speed. The speed control is there to encourage users that have credential to connect to the SSID "D91".

We will also have an Event Network. This SSID is available to anyone that gets an event code from the main office of the building they are in. Once they have this code, they will connect to the SSID "D91_Event". When a user connects to this SSID, their device will be redirected to a captive portal. On the captive portal they will be prompted to accept our internet use agreement and enter an event code to continue. They will then have access to the internet at a limited speed, this speed will be much higher than Guest but still controlled.

Schedule of Implementation

I have put together a schedule of deployment and tear down. You can see the schedule on the page "Network Maintenance Status". We have a main goal of enabling the D91 network by Friday Aug 19th and shutting off D91_Access in one month. The networks D91_Guest and D91_Event will be enabled as they are ready.

Identification Process

VLAN/Network	In AD User Group	In District Authorized MAC List	Other Credentials
IT VLAN	Must be in IT Group	No applicable	No applicable
Staff VLAN	Must be in Admin or Staff Groups	MAC address must be Authorized in CompInfo	No applicable
Student VLAN	Must be in Student Groups	MAC address must be Authorized in CompInfo	No applicable
BYOD VLAN	Has a Valid login to the Domain	MAC not in CompInfo	No applicable
Guest VLAN	No applicable	No applicable	Accept IUA and Continue
Event VLAN	No applicable	No applicable	Event Code and Accept IUA

ACL's

VLAN/Network	Services allowed	Services not allowed	QOS
IT VLAN	All	None
Staff VLAN	Internet, Domain, Server, and TBA	Management, Security, and others to come
Student VLAN	Internet, Domain, Server, and TBA	Management, Security, and others to come
BYOD VLAN	Internet	Management, Security, Internet, Domain, Server, and TBA
Guest VLAN	Internet (port80, and 443)	Explicit Content and many others	1 Mbps
Event VLAN	Internet	Explicit Content	10Mbps

IP Addresses

B=Building number

X=wildcard

VLAN/Network	IP address Range
IT VLAN	10.B.192-193.X
Staff VLAN	10.B.196-197.X
Student VLAN	10.B.200-203.X
BYOD VLAN	10.B.224-239.X
Guest VLAN	10.B.208-211.X
Event VLAN	10.B.216-219.X

Comments

IFSD 91 NOC	Search this site