Category Archives: Authentication

WiFi – Centralized infrastructure

Wireless has become an essential access medium, but it has been a headache to manage on a larger scale. I got involved with migrating access points from autonomous access points to being centrally managed when the company i was working for deployed 802.1x wireless authentication to try and get rid of an older web based authentication. At that point we only had about 200 Ap’s, but it was decided that changing them to lightweight, and using central controllers was the way to go. We ended up deploying two Cisco WiSM1 modules (second was for redundancy) and connecting them up to the central authentication services (LDAP, Kerberos, AD) via a Radius server (radiator).

The wireless network grew very quickly after that, and soon i was tasked with building a fully redundant central wireless module. I deployed two Cisco 6509’s in VSS configuration, each had two Supervisors, one 10Gb module and 5 WiSM2 modules, the last slot was reserved in case of failure so we could swap cards if needed. The WiSM2 modules were initially installed as stand alone, but were later run in AP-SSO mode to ensure our clients got the highest level of service. Fortigate firewalls were installed to provide content filtering and guest access, i used two of the 800C model in HA mode. Multiple VDOM’s were used on the fortigate to allow easy deployment of networks for guest companies on site, this was coupled with VRF light on the Cisco VSS MLS allowing great flexability.

This was coupled with freeradius (to proxy requests) and later Cisco ISE to offer the complete BYOD solution.