Networks and their Purposes


We are moving away from having a network tied to SSID as well as static assignment on the wire. We are moving forward with a more dynamic network. We will have network and securities in place based on these networks. Users will be on boarded to these network by an intelligent process on the back-end called ClearPass by Aruba. The following will explain the purpose of each network and how a user would be able to access them.

 

Network/VLAN

There are 4 networks that can be accessed via the SSID "D91". Users will on-board this network by connecting to the wireless SSID "D91". ClearPass will move that user to the a Network/VLAN this will be based on the Identification table below and the securities on these network are described in the table below call ACL's. The only way to know this has happened is by the IP address the device received or by looking in ClearPass at the Access Log. The IP address that the device should receive is explained in the table called IP address assignment.

 

There will be a Guest network. This SSID is available to any user that in range of our network. They will not need credentials to access this network. When a user connects to this SSID their device will be redirected to a captive portal. On the captive portal they will be prompted to accept our internet use agreement and to click a button to continue. They will then have access to the internet at a limited speed. The speed control is there to encourage users that have credential to connect to the SSID "D91".

 

We will also have an Event Network. This SSID is available to anyone that gets an event code from the main office of the building they are in. Once they have this code, they will connect to the SSID "D91_Event". When a user connects to this SSID, their device will be redirected to a captive portal. On the captive portal they will be prompted to accept our internet use agreement and enter an event code to continue. They will then have access to the internet at a limited speed, this speed will be much higher than Guest but still controlled.

 

Schedule of Implementation

I have put together a schedule of deployment and tear down. You can see the schedule on the page "Network Maintenance Status". We have a main goal of enabling the D91 network by Friday Aug 19th and shutting off D91_Access in one month. The networks D91_Guest and D91_Event will be enabled as they are ready.


Identification Process

VLAN/Network

In AD User Group

In District Authorized MAC List

Other Credentials

IT VLAN

Must be in IT Group

No applicable

No applicable

Staff VLAN

Must be in Admin or Staff Groups

MAC address must be Authorized in CompInfo

No applicable

Student VLAN

Must be in Student Groups

MAC address must be Authorized in CompInfo

No applicable

BYOD VLAN

Has a Valid login to the Domain

MAC not in CompInfo

No applicable

Guest VLAN

No applicable

No applicable

Accept IUA and Continue

Event VLAN

No applicable

No applicable

Event Code and Accept IUA

 

ACL's

VLAN/Network

Services allowed

Services not allowed

QOS

IT VLAN

All

None

 

Staff VLAN

Internet, Domain, Server, and TBA

Management, Security, and others to come

 

Student VLAN

Internet, Domain, Server, and TBA

Management, Security, and others to come

 

BYOD VLAN

Internet

Management, Security, Internet, Domain, Server, and TBA

 

Guest VLAN

Internet (port80, and 443)

Explicit Content and many others

1 Mbps

Event VLAN

Internet

Explicit Content

10Mbps

 

IP Addresses

B=Building number

X=wildcard

VLAN/Network

IP address Range

IT VLAN

10.B.192-193.X

Staff VLAN

10.B.196-197.X

Student VLAN

10.B.200-203.X

BYOD VLAN

10.B.224-239.X

Guest VLAN

10.B.208-211.X

Event VLAN

10.B.216-219.X

Comments