Solved: Re: Help out a Networking Student

DanielRodgers · ‎02-10-2024

Hello folks!

This is a bit of an odd one so I appreciate your time clicking in. I am a college systems management student who is currently working on a research assignment with some particular limiting parameters. Mine are that I need to research exclusively through official community forums. So you are absolutely not just doing my homework for me, the point is more the journey itself than the end result!

The task itself is to solicit for ideas on network design, devices, and IP addressing for a very simple (and I stress very simple) network based on these parameters:

"Design a network topology that supports 3 wireless networks.

Network 1 = Admin Devices

Network 2 = Guest Devices

Network 3 = CCTV – Security Devices

Each network requires a separate SSID for wireless network access.

- Each network should have its own LAN/Subnet range.

- Network 1 requires a maximum of 500 usable IP’s

- Network 2 requires a maximum of 250 usable IP’s

- Network 3 requires a maximum of 1000 usable IP’s

- Inter VLAN routing should be available between Network 1 and 3.

- Network 2 should have internet access only and no access to Network 1 and 3

- Network 2 should have the capability to “throttle” it’s network usage I.E. Max upload and download speeds.

- Network 2 should have a forced portal with terms and conditions for network access.

- Networks 1 and 3 require radius or single sign on authentication.

- Network 2 requires only terms of service acceptance for access.

- Network 2 should block client to client communications on that network."

Off the bat I do know that I will need some sort of radius implementation, but if you folks have a few moments to provide some professional insight I would appreciate it!

Rich R · ‎02-11-2024

> Company sites and documentation:
https://www.cisco.com/c/en/us/support/wireless/catalyst-9800-series-wireless-controllers/products-installation-and-configuration-guides-list.html
https://www.cisco.com/c/en/us/support/wireless/catalyst-9800-series-wireless-controllers/series.html

The config and reference guides are not sales heavy at all.

------------------------------
Please click Helpful if this post helped you and Accept as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
Field Notice: FN74383 APs Running 17.12.4/5/6/6a May Run Out of Flash Space Preventing Upgrades
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

View solution in original post

Leo Laohoo · ‎02-10-2024

@DanielRodgers wrote:
Mine are that I need to research exclusively through official community forums. So you are absolutely not just doing my homework for me

So far, what have you done or which bit have you reached an impasse?

Most importantly, do you have anything to show for?

Have you heard of the Cisco Learning Network?

Rich R · ‎02-11-2024

> you are absolutely not just doing my homework for me
Quite right - this is not a consultancy - it's just other folks helping each other with knowledge and experience when we get stuck. Each of those bullet points is telling you to use a particular design or feature so you need to research them and understand what each one means and how to implement it. If you are totally stuck on a particular item you can ask for specific advice here (with what you've already found) but you can't just expect us to provide your whole answer for you.

Your research must necessarily include the product documentation and configuration guides which describe those features and how to use them. The forums are more about solving problems with those features, not telling you how to use and configure them.

------------------------------
Please click Helpful if this post helped you and Accept as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
Field Notice: FN74383 APs Running 17.12.4/5/6/6a May Run Out of Flash Space Preventing Upgrades
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

DanielRodgers · ‎02-11-2024

This all makes perfect sense to me and I am 90% sure it is the answer I was supposed to encounter in this exercise. Every student in the group is working under a constraint and mine is as follows:
"Option 2 – You may ONLY use Company sites and documentation, and Company Community forums for research of this project. (you may not use non-company or dedicated resources such as Reddit or TechRepublic. You may also not use Cisco Courses that you may be registered in such as Cisco Academy). I recommend posting some questions"

At risk of sounding flippant about it, nobody will be more excited to be able to just use google again than me! From this point forward I think the best option is to go forward as you said. Design and configure as best I can with what I know, turn to the company resources (as sales heavy as they might be) when I encounter something I do not understand, and then return to the forums with a more pointed question when necessary.

To give you a little more insight I believe this assignment is supposed to produce flawed designs, as in part two we have the freedom to use whatever resources we want to make recommendations on another students design. All of which are working under similar constraints.

Rich R · ‎02-11-2024

> Company sites and documentation:
https://www.cisco.com/c/en/us/support/wireless/catalyst-9800-series-wireless-controllers/products-installation-and-configuration-guides-list.html
https://www.cisco.com/c/en/us/support/wireless/catalyst-9800-series-wireless-controllers/series.html

The config and reference guides are not sales heavy at all.

------------------------------
Please click Helpful if this post helped you and Accept as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
Field Notice: FN74383 APs Running 17.12.4/5/6/6a May Run Out of Flash Space Preventing Upgrades
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

Haydn Andrews · ‎02-11-2024

You have 2 networks requiring RADIUS authentication. Best practice is to use a single SSID and AAA override to return different VLANs as part of the authorization policy.

I really hate throttling guest networks, the reason is they device still needs to grab the data so uses more airtime to keep trying to get it. Better to do content filtering to prevent them from accessing large downloads, or doing it further upstream.

*****Help out other by using the rating system and marking answered questions as "Answered"*****
*** Please rate helpful posts ***