Wi-Fi solution for a large campus

MD. SHAFIQUL ISLAM ID: 082 087 045

1 | P a g e W i - F i S o l u t i o n f o r a L a r g e C a m p u s ( B U E T )

Table of Contents

Chapter 1: Introduction ................................................................................................................................ 3

1.1 About BASE Technologies Limited ...................................................................................................... 3

1.2 Background of Base Technologies Limited ......................................................................................... 5

1.3 Organizational Structure (Management Team) .................................................................................. 6

1.3.1 Technology Division: .................................................................................................................... 7

1.3.2 Marketing Division: ...................................................................................................................... 7

1.3.3 Communication Division: ............................................................................................................. 7

1.3.4 Finance Division: .......................................................................................................................... 8

1.3.5 Corporate Affairs Division: ........................................................................................................... 8

1.3.6 Human Resource Division: ........................................................................................................... 8

1.3.7 Internal Audit Division: ................................................................................................................ 8

Chapter 2: Executive Summary/Overview .................................................................................................... 9

2.1 Requirement ..................................................................................................................................... 10

2.2 Solution: ............................................................................................................................................ 11

2.3 About Aruba Networks ..................................................................................................................... 12

Chapter 3: Technical Overview .................................................................................................................... 13

3.1 High Level Diagram ........................................................................................................................... 14

3.2 Low Level Diagram: ........................................................................................................................... 15

3.3 Topology Implemented: .................................................................................................................... 16

3.4 Survey Images and Layouts ............................................................................................................... 17

3.5 About OSI Model ............................................................................................................................... 28

Chapter 4: Products Used ........................................................................................................................... 32

4.1 Aruba 7200 Series Mobility Controllers (WLC) ................................................................................. 32

4.1.1 Architected for High Availability ................................................................................................ 33

4.2 Aruba 175 Series Outdoor Access Points .......................................................................................... 34

4.3 Edge-Core Switch (ES3528M-PoE L2 Fast Ethernet Standalone PoE Switch) ................................... 35

4.4 Mikrotik Router BOARD 1100 ........................................................................................................... 37

4.5 Dell PowerEdge T110 II (DHCP Server) ............................................................................................. 38

Chapter 5: Technical Details ....................................................................................................................... 39



5.1 Aruba 7200 Series Mobility Controllers (WLC) ................................................................................. 39

5.1.1 WLC Configuration Screenshot .................................................................................................. 45

5.2 Edge-Core Switch (ES3528M-PoE L2 Fast Ethernet Standalone PoE Switch) ................................... 50

5.3 Mikrotik Router BOARD 1100 ........................................................................................................... 55

Specifications ...................................................................................................................................................................... 56

Description ........................................................................................................................................................................... 57

Description ........................................................................................................................................................................... 57

Example of Source NAT (Masquerading) ....................................................................................................................... 57

Installation ..................................................................................................................................................................................... 60

OSPF Network .................................................................................................................................................................... 61

OSPF_Main Router Setup ................................................................................................................................................ 61

5.4 Huawei Layer 3 switch Configuration ............................................................................................... 62

5.5 Configuration Huawei L2 switch (BUET) ........................................................................................... 72

5.6 Dell PowerEdge T110 II (DHCP Server) ............................................................................................. 75

Chapter 6: My Work Experience (overview) ............................................................................................... 84

Chapter 7: Conclusion ................................................................................................................................. 86

References: ................................................................................................................................................. 87



Chapter 1: Introduction

1.1 About BASE Technologies Limited

BASE Technologies Limited is envisioned to be a leader in the IT and professional services industry. Our Goal is to ensure use

of IT more efficiently to improve operations and profitability, focus on core competencies and achieve business results such as

increased agility, innovation and top-line growth.

Our service offerings include cloud computing, software and platform as a service solutions; system design and

integration;

IT and business process outsourcing; applications software development, cyber security;

Web and application hosting, mission support, technical services and management consulting.

We are here to serve commercial clients, state and local governments. BASE delivers services through three broad

service lines or sectors: Public Sector (PS), Managed Services Sector (MSS) and Business Solutions and Services Sector

(BSS).

BASE Technologies Limited is the partner of following products –

Name BASE Technologies Limited

Address Hosna Center [5th

Floor], 106 Gulshan Avenue,

Dhaka – 1212, Bangladesh.

Telephone +88 02 9885319

Fax +88 02 9863381

E-Mail [email protected]

mailto:[email protected]



BASE Group is one of the largest private sector industrial conglomerates in the country. It is engaged in

diverse business areas from Garments, Textiles, Oil & Gas, Paper manufacturing to Technology solutions.

Base tech offered services include Business Process Automation, Managed Services, Maintenance

Services, and Business Process Outsourcing. Base offer services for Telecoms, Banking Financial Services

& Insurances, Government & Defense, Small & Medium Businesses, and Enterprises.

Base provides backup power system to global communication, securing from malicious threats &

increasing productivity. Base offered solutions Include Network Security, Switching, Routing,

Virtualization, Data Centre, Virtualization, Storage, Platform, Unified Communication, IP Telephony,

Contact Centre, IP Surveillance, Audio & Video Collaboration, Battery backup, Rectifier, DC Ventilation

System, Uninterrupted Power Supply.

Supply, Installation and Commissioning of Station Power Equipment Battery and Rectifier is one of the

services of Base Technologies. The work of the company is to ensure the quality and provide the service

for Teletalk 3G. Base Tech will make sure that the Battery and Rectifiers are being correctly installed and

works perfectly without and any disruption. Base Tech previously has also worked with other big

Telecom and Information Technologies companies in Bangladesh such Banglalink Orascom, Robi Axiata,

Summit Communications Ltd, and others.



1.2 Background of Base Technologies Limited BASE Group is one of the successful uprising industrial sectors in Bangladesh. Base started the

company with Base Textiles which later expanded to Garments, Oil & Gas, Paper Manufacturing to

Technology Solutions. The group comprises eight private limited companies of which one company is

under process to be a public limited company. The group currently employs 9,000+ personnel having

operation in Dhaka, Chittagong, Hong Kong, UK and Singapore. It has a business heritage of over 36

years.

Base Technologies Ltd. Initiated in May 2012 with a small yet dynamic team and rapidly

expanding. Envisioned to be a leader in the IT & Professional Services Industry, providing services and

solutions in the field of IT & Telecom services and solutions. It ensures efficient implementation of IT

focus on core competencies; achieve business optimizations, overall increased profitability.

Base Technologies Ltd. solutions & services are delivered through three broad sectors Public

Sector, Managed Services Sector, Business Solutions & Services Sector. Services & Solutions are

delivered over five different industries and meeting clients’ most complex challenges. It has not only

proved to be one of the most successful companies in recent days but has also managed to retain its

reputation throughout time. Base values the skills of an individual, thus also provide career

opportunities.



1.3 Organizational Structure (Management Team)

Md. Hasan Shibli is the Managing Director of BASE Technologies Ltd. Responsible for overall

company vision and management, government relationship and top Corporate Head of the company. He

is the Top Management and Decision Making person in the company.

Md. Jubair Ahmed, Director has expertise: Solution design of Transmission, Data and Access

Network of the Telecom operators. He has extensive knowledge on DWDM, SDH -Transmission,

automation and cost reduction, call-center technology (ACD, IVR, CRM).

Md. Shafiul Islam, Director has expertise on large project management, automation & cost

reduction, has experience on GSM and CDMA Mobile Networks, Managed Services, critical SLA

handling.

Shahriar Husayn, Head of Sales has expertise on specialized skills in B2B technology in IT, ICT,

Mobile, OSS, BSS, IT Security solutions in Telecom Service Provider and Enterprise domain his key skills

include relationship development, Business & Channel Development, Strategic Partnership Building,

Forecasting & Market Analysis, Complex Negotiations & Sales Cycles.

Mohammed Moinoul Hossain Bhuiyan, Head of Technical Department has expertise on Network

& System Security, Risk Assessment, Business Impact Analysis, Data Integrity & Recovery, Disaster

Recovery Planning, Research & Development, Contingency Planning, Cost Benefits Analysis, and Project

Management Expertise.



Kazi Amirul Islam, Head of Supply Chain Management has expertise on Supply Chain

Management & Inventory Management his key skills include extensive knowledge on Finance &

Accounts, Budget and Fund Management of Procurement, Foreign Payment Collection, as per BD Govt.

Rules and Regulations and Internal Audit.

Redwan Al Hameed, Head of Business Development has expertise on design development

process along with technical operation, project management, customer relationship skills has extensive

Knowledge in Fiber Optics, FTTH, GPON and project management.

The brief introduction of the divisions of Base Technologies is as follows:

1.3.1 Technology Division: This division works for enriching and building a strong network of telecommunication service of

Base Technologies. Technology division includes 5 units called Planning unit, Implementing unit,

Operation unit, Network quality & Performance unit and Network advancement unit. All these units are

working by introducing new technology and planning properly to establish a strong network and

implementing those plans in a structural way to successfully operate over the country with great

network quality, impressive performance and advancement of the networks.

1.3.2 Marketing Division: Marketing Division is under the direction of the Chief Executive Officer of the company. This

division works with a purpose to develop and promotion of the available and newly introduced product.

Marketing division does this by identifying the needs of the market by observing it with close attention,

gathering secondary data, various promotional activities by cost effective publicity and advertisement

that can be and can closely reachable to mass people. These are the key operations that are being

operated by Marketing Division. Customer Service is also a part of Marketing Division now days

1.3.3 Communication Division: The objective of this division is to ensure information and public relations activities within the

company and also outside the company.



1.3.4 Finance Division: Finance division supports every department with financial back up. This division ensures that

finance and related management function existing within the company are always linked together and

also supportive to the company’s business objectives.

1.3.5 Corporate Affairs Division: Corporate Affairs Division ensures that the Regulatory and Corporate Affairs function within the

company is always aligned together and supports the business objectives. Ensuring a smooth relation

between company and Government and utilizing regulatory and legal instruments for the company is

also another objective of the Division. This total work is taken place under the supervision of the

Director of Corporate Affairs Division.

1.3.6 Human Resource Division: The departments that HR Division includes are, HR Operations, HR Development, Resourcing and

Employer Branding, Health, Safety and Environment and Administration. HR Division confirms upgraded

business performance and competitive advantage by offering right products and services to add value

and build organizational competences to meet strategic objectives.

1.3.7 Internal Audit Division: Internal Audit Department is to assist management to ensure proper internal control within the

company. It was established in view of the continued growth in operation. Internal Audit is the system of

reviewing the business controls of a corporate entity on behalf of its management



Chapter 2: Executive Summary/Overview

Bangladesh University of Engineering and Technology, abbreviated as BUET, is one of the most prestigious institutions for higher studies in the country. About 5500 students are pursuing undergraduate and postgraduate studies in engineering, architecture, planning and science in this institution. At present, BUET has sixteen teaching departments under five faculties and it has three institutes. Every year the intake of undergraduate students is around 900, while the intake of graduate students in Masters and PhD programs is around 1000. A total of about five hundred teachers are teaching in these departments and institutes. There are additional teaching posts like Dr. Rashid Professor, Professor Emeritus and Supernumerary Professors. The BUET campus is in the heart of Dhaka – the capital city of Bangladesh. It has a compact campus with halls of residence within walking distances of the academic buildings. The physical expansion of the University over the last three decades has been impressive with construction of new academic buildings, auditorium complex, halls of residence, etc. BUET is the oldest institution for the study of Engineering and Architecture in Bangladesh. The history of this institution dates back to the days of Dhaka Survey School which was established at Nalgola, in Old Dhaka in 1876 to train Surveyors for the then Government of Bengal of British India. As the years passed, the Survey School became the Ahsanullah School of Engineering offering three-year diploma courses in Civil, Electrical and Mechanical Engineering. In recognition of the generous financial contribution from the then Nawab of Dhaka, it was named after his father Khawja Ahsanullah. It moved to its present premises in 1912. In 1947, the School was upgraded to Ahsanullah Engineering College as a Faculty of Engineering under the University of Dhaka, offering four-year bachelor’s courses in Civil, Electrical, Mechanical, Chemical and Metallurgical Engineering. In order to create facilities for postgraduate studies and research, Ahsanullah Engineering College was upgraded to the status of a University in 1962 and was named East Pakistan University of Engineering and Technology. After the war of Liberation in 1971, Bangladesh became an independent state and the university was renamed as the Bangladesh University of Engineering and Technology. Till today, it has produced around 25,000 graduates in different branches of engineering and architecture, and has established a good reputation all over the world for the quality of its graduates, many of whom have excelled in their profession in different parts of the globe. It was able to attract students from countries like India, Nepal, Iran, Jordan, Malaysia, Sri Lanka, Pakistan and Palestine. Both Undergraduate and Postgraduate studies and research are now among the primary functions of the University. Eleven departments under five faculties offer Bachelor Degrees, while most of the departments and institutes offer Masters Degrees and some of the departments have Ph.D. programs. In addition to its own research programs, the university undertakes research programs sponsored by outside organizations like European Union, UNO, Commonwealth, UGC, etc. The expertise of the University teachers and the laboratory facilities of the University are also utilized to solve problems and to provide up-to-date engineering and technological knowledge to the various organizations of the country.



2.1 Requirement

Client Requirements:

• Supply, Installation, Configuration, Testing and Commissioning of Wi-Fi Internet Service in the Residential Halls of BUET on Turnkey basis, BUET, Dhaka.

• The Supplier will provide all the facilities required for supply, installation and integration of the proposed work. • The Supplier shall provide free comprehensive maintenance support for the entire system, including services, Spares and other support for 12 months from the date of completion of the work. • Operation and Maintenance Contact for 3 Years. Bidder must have to engage dedicated personnel for the operation and maintenance. • After installation and commissioning bidder must have to provide and operate internet

subscription package as bellow to the students including the following features:

SI Package Name Maximum download Limit Maximum usage time

1 Type A 4 GB 150 Hour/Month

2 Type B 10 GB 200 Hour/Month

• User must be authenticated before accessing the Wi-Fi network using standard mechanism such

as user ID and Password, MAC IP binding etc. Syslog server should be installed to record internet usage log. Any part of unused volume and use time will be elapsed in the next month.

• Non- Academic activated especially adult content should be restricted to save next generation. • Bidder must have to be capable to control user’s bandwidth if required. Bidder must

have to setup an operation, maintenance and monitoring center (Support Centre) within provided space by BUET to run operation, maintenance, monitoring and troubleshooting. Dedicated personnel (at least one of each category) as bellow have to stay at support centre 8 am to 10 pm on normal working day in two shifts (8am to 3 pm and 3 pm to 10 pm).



2.2 Solution: The Access point is connected to POE Access Switch. The POE Access switch is connected to the

Distribution switch. The distribution switch is connected to the core switch. The core switch is in turn

connected to WLAN controller. The WLAN Controller manages light-weight access points in large

quantities by the network administrator or network operations center. The wireless LAN controller is

part of the Data Plane within the Cisco Wireless Model. The main features include:

Interference detection and avoidance: RF power and channel assignment will be adjusted to the

planned network infrastructure.

• Load balancing: Disabled by default, high-speed load balancing can be used to connect a user to

Multiple access points for better coverage and data rates.

• Coverage whole detection and correction: Part of the RF management is the ability to handle

power levels. Power can be increased to cover holes or reduced to protect against cell

overlapping

The Cisco Wireless Controller supports Application Visibility and Control (AVC), the technology

that includes the Network-Based Application Recognition 2 (NBAR-2) engine, Cisco's deep

packet inspection (DPI) capability. The NBAR-2 engine can classify applications, applies quality of

service (QoS) setting to either drop or mark the traffic, and prioritizes business-critical

applications in the network. AVC uses Net Flow Version 9 to export the flows. The 5508 also

supports Bonjour Services Directory to enable Bonjour Services to be advertised and utilized in a

separate Layer 3 network.

Wireless LAN controller has the option of implementing Trusted AP policies. This is a security

feature in the controller that is designed to be used in scenarios where customers have a

parallel autonomous AP network along with the controller. In that scenario, the autonomous AP

can be marked as the trusted AP on the controller, and the user can define policies for these

trusted APs (which should use only WEP or WPA, our own SSID, short preamble, and so on). If

any of these AP fails to meet these policies, the controller raises an alarm to the network

management device (Wireless Control System) that states a trusted AP violated a configured

policy.

APs that are not part of your wireless deployment are called rogue APs. It can be either an

autonomous AP or Lightweight AP that happens to be in the range of authorized APs. Rogue APs

cannot be automatically blocked. This must be done manually. The reason for this is that, when

a rogue AP is found, the finding AP disassociates the clients of the rogue AP, which causes denial

of service to the clients. This can cause legal issues if the AP of the neighbor is detected as a

rogue, and its clients are denied service. Wireless LAN controller supports more than 700

rogues, which includes acknowledged rogues.



2.3 About Aruba Networks

Founded in 2002, Aruba Networks is the leading provider of next-generation access

management, network infrastructure and mobility application solutions for mobile

enterprise networks.

The company’s Mobile Virtual Enterprise (MOVE) architecture unifies these three core areas

into one cohesive and manageable system that strengthens security and dramatically simplifies

bring-your-own-device implementations.

MOVE is software-defined so it easily adapts to the dynamics of mobility. This enables IT to

manage traffic flows on any wired, wireless and remote network and control how devices and

work applications are used – without upgrading or reconfiguring existing networks.

Whether away or at work, MOVE gives users consistent, secure access to the appropriate

corporate resources based on who they are, where they are and what device they’re using.

The result is a rightsized network infrastructure that saves IT time, reduces capital and

operating expenses, speeds-up service delivery, and provides every user with the highest-

quality mobility experience.

Headquartered in Sunnyvale, California, Aruba has offices throughout the Americas, Asia-

Pacific/Japan and Europe/Middle East/Africa regions. Aruba is listed on the NASDAQ and

Russell 2000® Index.

Name Aruba Networks.

Head Quarter Address

1344 Crossman Ave.

Sunnyvale, CA 94089-1113

Telephone Phone: +1-408-227-4500

Fax Fax: +1-408-752-0626

Website: http://www.arubanetworks.com

http://www.arubanetworks.com/



Chapter 3: Technical Overview

The overall high level diagram consists of the following features:

(i)Offers Hierarchy where each layer has specific role

(ii)Modular topology –building blocks

(iii)Easy to grow , understand and troubleshoot

(iv)Creates small fault domains. Clear demarcations and isolation

(v)Promotes load balancing and redundancy

(vi)Promotes deterministic traffic patterns

(vii) Incorporates balance of both layer 2 and layer 3 technology ,leveraging the strength of both

(viii)Utilizes Layer 3 Routing for load balancing ,fast convergence scalability and control



3.1 High Level Diagram

Figure 1: Proposed Wireless Network Solution Block Diagram for BUET Student's Hall



3.2 Low Level Diagram:

Figure 2: Wireless Solution to the end users



3.3 Topology Implemented:

Figure 3: Network Topology of single Hall Implementation.



3.4 Survey Images and Layouts

Ahsanullah Hall



Kazi Nazrul Islam Hall



Shahid Smrity Hall



Dr. M A Rashid Hall



Shaheed Sarwardi Hall



Chattri Hall



Sher-E-Bangla Hall



Titumir Hall

*Calculation of Access points of each hall and parameters are shown details in

reference [11], [12], [13] and [14]



3.5 About OSI Model

The Open Systems Interconnection model (OSI) is a conceptual model that characterizes and

standardizes the internal functions of a communication system by partitioning it into abstraction

layers. The model is a product of the Interconnection project at the International Organization for

Standardization (ISO), maintained by the identification ISO/IEC 7498-1.

The model group’s communication functions into seven logical layers. A layer serves the layer above

it and is served by the layer below it. For example, a layer that provides error-free communications

across a network provides the path needed by applications above it, while it calls the next lower

layer to send and receive packets that make up the contents of that path. Two instances at one layer

are connected by a horizontal connection on that layer.

There are seven layers in OSI model:

1. Physical Layer

2. Data link Layer

3. Network Layer

4. Transport Layer

5. Session

6. Presentation Layer &

7. Application Layer

PHYSICAL LAYER

The physical layer, the lowest layer of the OSI model, is concerned with the transmission and reception of the unstructured raw bit stream over a physical medium. It describes the electrical/optical, mechanical, and functional interfaces to the physical medium, and carries the signals for all of the higher layers. It provides:

Data encoding: modifies the simple digital signal pattern (1s and 0s) used by the PC to better accommodate the characteristics of the physical medium, and to aid in bit and frame synchronization. It determines:

o What signal state represents a binary 1 o How the receiving station knows when a "bit-time" starts o How the receiving station delimits a frame

Physical medium attachment, accommodating various possibilities in the medium:

o Will an external transceiver (MAU) be used to connect to the medium? o How many pins do the connectors have and what is each pin used for?

Transmission technique: determines whether the encoded bits will be transmitted by baseband (digital) or broadband (analog) signaling.

http://en.wikipedia.org/wiki/Conceptual_model

http://en.wikipedia.org/wiki/Communication_system

http://en.wikipedia.org/wiki/Abstraction_layer

http://en.wikipedia.org/wiki/Abstraction_layer

http://en.wikipedia.org/wiki/International_Organization_for_Standardization

http://en.wikipedia.org/wiki/International_Organization_for_Standardization



Physical medium transmission: transmits bits as electrical or optical signals appropriate for the physical medium, and determines:

o What physical medium options can be used o How many volts/db should be used to represent a given signal state, using a given physical

medium

DATA LINK LAYER

The data link layer provides error-free transfer of data frames from one node to another over the physical layer, allowing layers above it to assume virtually error-free transmission over the link. To do this, the data link layer provides:

Link establishment and termination: establishes and terminates the logical link between two nodes.

Frame traffic control: tells the transmitting node to "back-off" when no frame buffers are available.

Frame sequencing: transmits/receives frames sequentially.

Frame acknowledgment: provides/expects frame acknowledgments. Detects and recovers from errors that occur in the physical layer by retransmitting non-acknowledged frames and handling duplicate frame receipt.

Frame delimiting: creates and recognizes frame boundaries.

Frame error checking: checks received frames for integrity.

Media access management: determines when the node "has the right" to use the physical medium.

NETWORK LAYER

The network layer controls the operation of the subnet, deciding which physical path the data should take based on network conditions, priority of service, and other factors. It provides:

Routing: routes frames among networks.

Subnet traffic control: routers (network layer intermediate systems) can instruct a sending station to "throttle back" its frame transmission when the router's buffer fills up.

Frame fragmentation: if it determines that a downstream router's maximum transmission unit (MTU) size is less than the frame size, a router can fragment a frame for transmission and re-assembly at the destination station.

Logical-physical address mapping: translates logical addresses, or names, into physical addresses.

Subnet usage accounting: has accounting functions to keep track of frames forwarded by subnet intermediate systems, to produce billing information.



TRANSPORT LAYER

The transport layer ensures that messages are delivered error-free, in sequence, and with no losses or duplications. It relieves the higher layer protocols from any concern with the transfer of data between them and their peers. The size and complexity of a transport protocol depends on the type of service it can get from the network layer. For a reliable network layer with virtual circuit capability, a minimal transport layer is required. If the network layer is unreliable and/or only supports datagrams, the transport protocol should include extensive error detection and recovery. The transport layer provides:

Message segmentation: accepts a message from the (session) layer above it, splits the message into smaller units (if not already small enough), and passes the smaller units down to the network layer. The transport layer at the destination station reassembles the message.

Message acknowledgment: provides reliable end-to-end message delivery with acknowledgments.

Message traffic control: tells the transmitting station to "back-off" when no message buffers are available.

Session multiplexing: multiplexes several message streams, or sessions onto one logical link and keeps track of which messages belong to which sessions (see session layer).

SESSION LAYER

The session layer allows session establishment between processes running on different stations. It

provides:

Session establishment, maintenance and termination: allows two application processes on

different machines to establish, use and terminate a connection, called a session.

Session support: performs the functions that allow these processes to communicate over the

network, performing security, name recognition, logging, and so on.

PRESENTATION LAYER

The presentation layer formats the data to be presented to the application layer. It can be viewed as the

translator for the network. This layer may translate data from a format used by the application layer into a

common format at the sending station, then translate the common format to a format known to the

application layer at the receiving station.

The presentation layer provides:

Character code translation: for example, ASCII to EBCDIC.

Data conversion: bit order, CR-CR/LF, integer-floating point, and so on.

Data compression: reduces the number of bits that need to be transmitted on the network.

Data encryption: encrypt data for security purposes. For example, password encryption.



APPLICATION LAYER

The application layer serves as the window for users and application processes to access network

services. This layer contains a variety of commonly needed functions:

Resource sharing and device redirection

Remote file access

Remote printer access

Inter-process communication

Network management

Directory services

Electronic messaging (such as mail)

Network virtual terminals



Chapter 4: Products Used

4.1 Aruba 7200 Series Mobility Controllers (WLC)

The Aruba 7200 series Mobility Controller is the next-generation networking platform, optimized for mobile application delivery to ensure the best mobility experience over Wi-Fi. With a new central processor that employs eight cores with four threads each, it’s like having a total of 32 virtual CPUs. As a result, The 7200 series supports 32,000 mobile devices and performs stateful firewall policy enforcement at 40 Gbps – plenty of capacity and speed for BYOD and 802.11ac devices. New levels of visibility are provided by Aruba’s unique AppRF technology, which runs on 7200 series Mobility Controllers. With AppRF, IT can see applications by user, including top web-based applications like Facebook and Box. The 7200 series also manages authentication, encryption, VPN connections, IPv4 and IPv6 Layer 3 services, the Aruba Policy Enforcement Firewall™, Aruba Adaptive Radio Management™, and Aruba RF Protect™ spectrum analysis and wireless intrusion protection. Clustering and centralized management enable the deployment of large networks with hundreds of Mobility Controllers with minimal staff. A master Mobility Controller can manage local Mobility Controllers, while Aruba AirWave™ network management provides enterprise-wide clarity and control through real-time monitoring, historical reporting and troubleshooting.



4.1.1 Architected for High Availability

The 7200 series includes a number of features that make it ideal for deployment in customer locations that require maximum availability: • Redundant power supplies: The 7200 series supports dual, field replaceable redundant power supplies to maintain uninterrupted network operations. • Hot-swappable fan tray with multiple fans: The 7200 series includes a field replaceable fan tray with multiple fans, providing sufficient cooling and rapid time to repair. • Solid state drives for maximum reliability and uptime. • Two dual-media ports: 1000BASE-X or 10/100/1000BASE-T connections for high availability.

Front View

Back view *Details Reference [3] and [4]



4.2 Aruba 175 Series Outdoor Access Points

Multifunctional 175 series outdoor wireless access points (APs) deliver enterprise-grade Wi-Fi to high-density client environments in campuses, storage yards, warehouses, container and transportation facilities, extreme industrial production areas and other harsh environments.

These high-performance 802.11n outdoor APs deliver wireless data rates up to 300 Mbps per radio and ensure peak performance by utilizing channel bonding, block acknowledgement and MIMO radios. Advanced antenna technology also increases RF signal range and reliability. Able to survive in harsh outdoor environments, 175 series APs withstand exposure to high and low temperatures, persistent moisture and precipitation.

*Details Reference [2]



4.3 Edge-Core Switch (ES3528M-PoE L2 Fast Ethernet

Standalone PoE Switch)

Product Overview The Edge-Core ES3528M-PoE is a Fast Ethernet Layer 2/4 Standalone PoE switch featuring 24 10/100Base-T ports plus 2 10/100/1000Base-T RJ45 and 2Gigabit combo ports (RJ45/SFP). It is an ideal for desktop Fast Ethernet connectivity and for powering devices such as VoIP phones, wireless access points, IP camera, etc, and for delivering data and power simultaneously over existing CAT 5 cables. It also has IP clustering management feature support up to 36 switches using a single IP address . IEEE 802.3af PoE compliant capability with 12 ports maximum power 15.4W or 24 ports maximum power 7.5W, ES3528M-PoE provides different power for devices on various environment. Performance and Scalability With 12.8Gbps switching capacity, the ES3528M-PoE delivers wire-speed switching performance on all ports and simultaneously followed IEEE 802.3af PoE capability 12 ports maximum power 15.4W or 24 ports maximum power 7.5W. Two SFP ports of the combo G allows users to long distance connections to remote site.



Continuous Availability IEEE 802.1w Rapid Spanning Tree Protocol provides a loop-free network and redundant links to core networks with rapid convergence to ensure faster recovery from failed links, enhancing overall network stability and reliability. IEEE 802.3ad Link Aggregation Control Protocol (LACP) increases bandwidth by automatically aggregating several physical links together as a logical trunk and provides load balancing and fault tolerance for uplink connection. IGMP snooping prevents flooding of IP multicast traffic and limits bandwidth intensive video traffic to only the subscribers Comprehensive QoS Up to 8 aggregation groups are supported, and up to 8 ports per group. Traffic is prioritized according to 802.1p, DSCP, IP precedence and TCP/UDP port number, L2/3/4 ACL (Access Control List) giving optimal performance to real-time applications such as voice and video. Asymmetric bidirectional rate-limiting, per port or per traffic class, preserves network bandwidth and allowing maximum control of network resources.

Front view

Back view

*Details reference [5] and [6]



4.4 Mikrotik Router BOARD 1100

The RB1100 is a rack mount router with 13 Gigabit Ethernet ports, serial port and PoE support. Two of the ports provide bypass functionality. There are two models, a single core 1066MHz PPC processor (RB1100AH), or with a dual core 1066MHz PPC processor with hardware encryption support (RB1100AHx2). The RB1100 device comes preinstalled with RouterOS and is ready to use. RB1100 is compatible with RouterOS v5 and newer, if your device comes preinstalled with an earlier version, please upgrade before using it: http://wiki.mikrotik.com/wiki/Manual:Upgrading_RouterOS

en the case and install a microSD card into the provided slot, for additional storage

*Details Reference [1] and [7]



4.5 Dell PowerEdge T110 II (DHCP Server)

The Dell™ PowerEdge™ T110 II is an ideal first server for small businesses with the right combination of value, reliability, collaboration and data protection features to improve your business continuity and productivity. The PowerEdge T110 II was designed to meet the needs of your small business environment—customizable with your choice of hard drives for important data, RAID options for added data protection and basic systems management for easy system monitoring. The PowerEdge T110 II provides you with the performance and features you need so you can focus on running your business.

*Details Reference [8], [9] and [10]



Chapter 5: Technical Details

5.1 Aruba 7200 Series Mobility Controllers (WLC)

The Aruba Mobility Controller is the heart of the Aruba dependent access point (AP) WLAN architecture. The mobility controller is responsible for many of the operations that traditionally would be handled by an autonomous AP, and it delivers additional functionality for control, security, operation, and troubleshooting.

Policy configuration: Configuration in the Aruba solution is split between policy and local configurations. Local configuration relates to physical interfaces, IP networking, and VLANs, which are different for each mobility controller. Policy configuration is centered on the operation of APs and users, including AP settings such as the SSID name, encryption, regulatory domain, channel, power, and ARM settings. Policy configuration extends beyond APs and also covers user authentication, firewall policy, mobility domains (IP mobility), IPsec, and system management. The policy is pushed to all locals in the form of profiles, and profiles combine to create the configuration for the dependent APs. Via the CLI

By default, only SSH (Secure SHell) access to the switch (mobility controller) is permitted. 1. From a management system that has network connectivity to the switch, connect to the switch using SSH: ssh admin@<switch IP address> 2.Enter the admin password at the password prompt. 3.Type enable at the > prompt to enter the enable mode. 4.Type the enable password when prompted for a password. Via the Web interface

Once the connectivity to the switch is verified, open a Web browser and enter the switch’s IP address in the navigator bar. The switch can be accessed using http, http://<switch IP Address> or https, https://<switch IP Address>:4343. On power-up, the user is presented with the startup wizard:



Enter System name [Aruba800]: Aruba Enter VLAN 1 interface IP address [172.16.0.254]: Enter VLAN 1 interface subnet mask [255.255.255.0]: Enter IP Default gateway [none]: Enter Switch Role, (master|local) [master]: master Enter Country code (ISO-3166), <ctrl-I> for supported list: US You have chosen Country code US for United States (yes|no)?: yes Enter Password for admin login (up to 32 chars): admin Re-type Password for admin login: admin Enter Password for enable mode (up to 15 chars): enable Re-type Password for enable mode: enable Do you wish to shutdown all the ports (yes|no)? [no]: no Current choices are: System name: Aruba VLAN 1 interface IP address: 172.16.0.254 VLAN 1 interface subnet mask: 255.255.255.0 IP Default gateway: none Switch Role: master Country code: US Ports shutdown: no If you accept the changes the switch will restart! Type <ctrl-P> to go back and change answer for any question. Do you wish to accept the changes (yes|no)yes . . . . . <<<<< Welcome to Aruba Wireless Networks - Aruba 800 >>>>> . . . . (Aruba)



Initial Setup Before starting, please ensure that the Policy Enforcement Firewall module license is enabled on the Aruba mobility controller. Please contact Aruba Networks for licenses and installation information. On power-up, the user is presented with the startup wizard: Enter System name [Aruba800]: Aruba Enter VLAN 1 interface IP address [172.16.0.254]: Enter VLAN 1 interface subnet mask [255.255.255.0]: Enter IP Default gateway [none]: Enter Switch Role, (master|local) [master]: master Enter Country code (ISO-3166), <ctrl-I> for supported list: US You have chosen Country code US for United States (yes|no)?: yes Enter Password for admin login (up to 32 chars): admin Re-type Password for admin login: admin Enter Password for enable mode (up to 15 chars): enable Re-type Password for enable mode: enable Do you wish to shutdown all the ports (yes|no)? [no]: no Current choices are: System name: Aruba VLAN 1 interface IP address: 172.16.0.254 VLAN 1 interface subnet mask: 255.255.255.0 IP Default gateway: none Switch Role: master Country code: US Ports shutdown: no If you accept the changes the switch will restart! Type <ctrl-P> to go back and change answer for any question. Do you wish to accept the changes (yes|no)yes . . . . . <<<<< Welcome to Aruba Wireless Networks - Aruba 800 >>>>> . . . . (Aruba) User:



Assigning an IP to the Mobility Controller 1. Connect to the switch via the CLI. 2. Login with the configured username and password, admin /admin in this example. 3. Type enable at the > prompt. 4. Type the enable password, enable in this example. 5. Type configure terminal at the # prompt. 6. Create the vlan for the voice (vlan 25) using the vlan command: (Aruba) (config) # vlan 25 7. Create the vlan interface. (Aruba) (config) # interface vlan 25 8. Assign the IP address to the interface. (Aruba) (config-subif)# ip address 10.168.10.2 255.255.255.0 9. Create the loopback interface and assign an IP address to the loopback. For more information about the loopback interface refer to the user guide. (Aruba) (config) # interface loopback (Aruba) (config-loop)# ip address 10.168.10.1 Switch IP Address is Modified. Switch should be rebooted now (Aruba) (config-loop)#! (Aruba) (config) #ip default-gateway 10.168.10.10 10. Assign a physical interface to the vlan. In this example, the interface connecting to the network is a trunk interface. Configure the mode on the interface to a trunk mode. (Aruba) (config) # interface fastethernet 1/0 (Aruba) (config-if)# trusted (Aruba) (config-if)# no shutdown (Aruba) (config-if)# switchport mode trunk (Aruba) (config-if)# switchport trunk allowed vlan add 10,25 (Aruba) (config-if)#! (Aruba) (config)# 11. Ping the default gateway from the switch’s console. 12. Ping the switch’s IP address from the management station.

SSID Configuration CLI command configuration APs can be configured using the CLI or the Web interface. Each AP is identified by a unique location code. The APs can either be configured per location with unique settings using the AP’s unique location code or globally using the wildcard location. “0” is used as the wildcard. Example: ap location 0.0.0 will configure all Aruba APs on the WLAN system. Both the Aruba APs and the Spectralink handsets support the 802.11a and the 802.11b/g radios. To apply the SSID to both bands configure the SSID as follows: configure terminal



ap location x.y.z virtual-ap aruba vlan-id 26 opmode wpa2-aes-psk wpa-passphrasethisisthekey dtim-period3 If the voice network needs to exist only in the 802.11a band, configure the virtual AP under the 802.11a settings on the controller. configure terminal ap location x.y.z phy-type a virtual-ap aruba vlan-id 26 opmode wpa2-aes-psk wpa-passphrase thisisthekey dtim-period 3 If the voice network needs to exist only in the 802.11g band , configure the virtual AP under the 802.11a settings on the controller. configure terminal ap location x.y.z phy-type g virtual-ap aruba vlan-id 26 opmode wpa2-aes-psk wpa-passphrase thisisthekey dtim-period 3 To save changes, enter: write mem



AP configuration



5.1.1 WLC Configuration Screenshot



5.2 Edge-Core Switch (ES3528M-PoE L2 Fast Ethernet

Standalone PoE Switch)

For switch configuration we use software name putty. All configuration command is done by in CLI mode.

#config

#vlan database

#vlan 1 media ethernet state active

#config

#vlan database


#config

#vlan database


#config

#vlan database


#config

#vlan database


#config



#vlan database


#config

#vlan database


#config

#vlan database


#config

#vlan database


#config

#vlan database


#config

#vlan database


#config

#vlan database


#config

#vlan database




#config

#vlan database


#config

#vlan database


#config

#vlan database


#config

#vlan database


#config

#vlan database


#config

#vlan database


#config

#vlan database


#config

#vlan database




config

#interface ethernet 1/1

# switchport allowed vlan add 1 untagged

#switchport native vlan 1

# switchport allowed vlan remove 1

config





config





config





Console(config)#interface ethernet 1/10

Console(config-if)#switchport mode trunk

Console(config-if)#switchport allowed vlan add

1,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,40,50 tagged

Console(config-if)#exit

Console#copy running-config startup-config



5.3 Mikrotik Router BOARD 1100

Sample Configuration of Mikrotik Router for a Company

How to Configure Interfaces IP Address in Mikrotik

In the current example we use two networks:

The local LAN with network address 192.168.0.0 and 24-bit netmask 255.255.255.0 The router's address is 192.168.0.254 in this network.

The ISP's network with address 10.0.0.0 and 24-bit netmask 255.255.255.0 The router's address is 10.0.0.217 in this network.

[admin@MikroTik] ip address> add address 10.0.0.217/24 interface Public [admin@MikroTik] ip address> add address 192.168.0.254/24 interface Local [admin@MikroTik] ip address> print



How to Configure Default Route in Mikrotik

In the following example the default route (destination 0.0.0.0, netmask 0.0.0.0) will be added.

In this case it is the ISP's gateway 10.0.0.1, which can be reached through the interface Public

[admin@MikroTik] ip route> add gateway=10.0.0.1 [admin@MikroTik] ip route> print

How to Configure NAT

If you want to 'hide' the private LAN 192.168.0.0/24 'behind' one address 10.0.0.217 given to you by the ISP, you should use the source network address translation (masquerading) feature of the MikroTik router. Masquerading is useful, if you want to access the ISP's network and the Internet appearing as all requests coming from the host 10.0.0.217 of the ISP's network. The masquerading will change the source IP address and port of the packets originated from the network 192.168.0.0/24 to the address 10.0.0.217 of the router when the packet is routed through it.

Masquerading conserves the number of global IP addresses required and it lets the whole network use a single IP address in its communication with the world.

To use masquerading, a source NAT rule with action 'masquerade' should be added to the firewall configuration:

[admin@MikroTik] ip firewall nat> add chain=srcnat action=masquerade out-interface=Public [admin@MikroTik] ip firewall nat> print Flags: X - disabled, I - invalid, D - dynamic 0 chain=srcnat out-interface=Public action=masquerade

What is NAT?

Network Address Translation (NAT) is a router facility that replaces source and (or) destination IP addresses of the IP packet as it pass through the router. It is most commonly used to enable multiple hosts on a private network to access the Internet using a single public IP address.

Specifications

Packages required: system License required: Level1 (number of rules limited to 1) , Level3 Submenu level: /ip firewall nat Standards and Technologies: IP, RFC1631, RFC2663 Hardware usage: Increases with the count of rules

http://www.faqs.org/rfcs/rfc791.html





Description

Network Address Translation is an Internet standard that allows hosts on local area networks to use one set of IP addresses for internal communications and another set of IP addresses for external communications. A LAN that uses NAT is referred as natted network. For NAT to function, there should be a NAT gateway in each natted network. The NAT gateway (NAT router) performs IP address rewriting on the way a packet travel from/to LAN.

There are two types of NAT:

source NAT or srcnat. This type of NAT is performed on packets that are originated from a natted network. A NAT router replaces the private source address of an IP packet with a new public IP address as it travels through the router. A reverse operation is applied to the reply packets travelling in the other direction.

destination NAT or dstnat. This type of NAT is performed on packets that are destined to the natted network. It is most comonly used to make hosts on a private network to be acceesible from the Internet. A NAT router performing dstnat replaces the destination IP address of an IP packet as it travel through the router towards a private network.

NAT Drawbacks

Hosts behind a NAT-enabled router do not have true end-to-end connectivity. Therefore some Internet protocols might not work in scenarios with NAT. Services that require the initiation of TCP connection from outside the private network or stateless protocols such as UDP, can be disrupted. Moreover, some protocols are inherently incompatible with NAT, a bold example is AH protocol from the IPsec suite.

RouterOS includes a number of so-called NAT helpers, that enable NAT traversal for various protocols.

NAT Applications

Description

In this section some NAT applications and examples of them are discussed.

Basic NAT configuration

Assume we want to create router that:

"hides" the private LAN "behind" one address provides Public IP to the Local server creates 1:1 mapping of network addresses

Example of Source NAT (Masquerading)



If you want to "hide" the private LAN 192.168.0.0/24 "behind" one address 10.5.8.109 given to you by the ISP, you should use the source network address translation (masquerading) feature of the MikroTik router. The masquerading will change the source IP address and port of the packets originated from the network 192.168.0.0/24 to the address 10.5.8.109 of the router when the packet is routed through it.

To use masquerading, a source NAT rule with action 'masquerade' should be added to the firewall configuration:

/ip firewall nat add chain=srcnat action=masquerade out-interface=Public

All outgoing connections from the network 192.168.0.0/24 will have source address 10.5.8.109 of the router and source port above 1024. No access from the Internet will be possible to the Local addresses. If you want to allow connections to the server on the local network, you should use destination Network Address Translation (NAT).

Example of Destination NAT

If you want to link Public IP 10.5.8.200 address to Local one 192.168.0.109, you should use destination address translation feature of the MikroTik router. Also if you want allow Local server to talk with outside with given Public IP you should use source address translation, too

Add Public IP to Public interface:

/ip address add address=10.5.8.200/32 interface=Public

Add rule allowing access to the internal server from external networks:

/ip firewall nat add chain=dstnat dst-address=10.5.8.200 action=dst-nat \ to-addresses=192.168.0.109 Add rule allowing the internal server to talk to the outer networks having its source address translated to 10.5.8.200:

/ip firewall nat add chain=srcnat src-address=192.168.0.109 action=src-nat \to-addresses=10.5.8.200

Example of 1:1 mapping

If you want to link Public IP subnet 11.11.11.0/24 to local one 2.2.2.0/24, you should use destination address translation and source address translation features with action=netmap.

/ip firewall nat add chain=dstnat dst-address=11.11.11.1-11.11.11.254 \ action=netmap to-addresses=2.2.2.1-2.2.2.254 /ip firewall nat add chain=srcnat src-address=2.2.2.1-2.2.2.254 \ action=netmap to-addresses=11.11.11.1-11.11.11.254 STATIC NAT



The server's address is now 192.168.0.4, and we are running web server on it that listens to the

TCP port 80. We want to make it accessible from the Internet at address:port 10.0.0.217:80.

This can be done by means of Static Network Address translation (NAT) at the MikroTik Router.

The Public address:port 10.0.0.217:80 will be translated to the Local address:port

192.168.0.4:80. One destination NAT rule is required for translating the destination address and

port: [admin@MikroTik] ip firewall nat> add chain=dstnat action=dst-nat protocol=tcp dst-

address=10.0.0.217/32

dst-port=80 to-addresses=192.168.0.4 [admin@MikroTik] ip firewall nat> pr Flags: X - disabled, I - invalid, D - dynamic 0 chain=dstnat dst-address=10.0.0.217/32 protocol=tcp dst-port=80 action=dst-nat to-addresses=192.168.0.4 to-ports=0-65535 Port Forwarding This example will show you how to forward port (tcp 5900) to an internal IP using destination

NAT. 69.69.69.69 is the example wan IP, 192.168.1.101 is the desired internal destination.

/ip firewall nat add chain=dstnat dst-address=69.69.69.69 protocol=tcp dst-port=5900 \ action=dst-nat to-addresses=192.168.1.101 to-ports=5900

How to configure DHCP in Mikrotik

Lets say we want to configure DHCP server on ether1 interface to lend addresses from

192.168.0.2 to 192.168.0.254 which belong to the 192.168.0.0/24 network. The gateway and

DNS server is 192.168.0.1.

From /ip dhcp-server menu run setup command and follow instructions:

[admin@MikroTik] ip dhcp-server> setup Select interface to run DHCP server on dhcp server interface: ether1 Select network for DHCP addresses dhcp address space: 192.168.0.0/24 Select gateway for given network gateway for dhcp network: 192.168.0.1 Select pool of ip addresses given out by DHCP server addresses to give out: 192.168.0.2-192.168.0254 Select DNS servers dns servers: 192.168.0.1 Select lease time lease time: 3d [admin@MikroTik] ip dhcp-server>



How to assign IP pool excluding the address:

[admin@MikroTik] ip pool> add name=ip-pool ranges=10.0.0.2-10.0.0.99, 10.0.0.101 , 10.0.0.126

MikroTik RouterOS OSPF Routing Protocol

Document revision 10-Jul-2002 This document applies to the MikroTik RouterOS V2.4 and 2.5

Overview

MikroTik RouterOS implements OSPF Version 2 (RFC 2328). The OSPF protocol is based on the link-state technology. It is also known as the shortest-path-first technology.

OSPF distributes routing information between routers belonging to a single autonomous system (AS). An AS is a group of routers exchanging routing information via a common routing protocol.

Installation

The OSPF feature is included in the “routing” package. The package file routing-2.x.y.npk can be downloaded from MikroTik’s web page www.mikrotik.com. To install the package, please upload it to the router with ftp and reboot. You may check to see if the routing package is installed with the command: [MikroTik] > system package print # NAME VERSION BUILD-TIME UNINSTALL 0 routing 2.4.5 dec/04/2001 14:54:29 no 1 snmp 2.4.5 dec/04/2001 14:54:41 no 2 ppp 2.4.5 dec/04/2001 14:55:36 no 3 pppoe 2.4.5 dec/04/2001 14:56:30 no 4 ssh 2.4.5 dec/04/2001 14:58:22 no 5 pptp 2.4.5 dec/04/2001 14:55:54 no 6 cyclades 2.4.5 dec/04/2001 14:58:39 no 7 framerelay 2.4.5 dec/04/2001 15:07:21 no 8 system 2.4.5 dec/04/2001 14:53:19 no

[MikroTik] >

OSPF Setup

1. Change the general OSPF settings for redistributing connected, static and default routes. Generally, the default route should be distributed only from one router of your area;

2. Add an OSPF area record, if the area is not the backbone area;

Add OSPF network records for each interface you want the OSPF to run on.



OSPF Network

To start the OSPF protocol, you have to define the interfaces on which OSPF runs and the area ID for those interfaces. Use the /routing ospf network add command:

[MikroTik] routing ospf network> add area=local_10 network=10.0.0.0/24 [MikroTik] routing ospf network> print Flags: X - disabled # NETWORK AREA 0 10.0.0.0/24 local_10 [MikroTik] routing ospf network>

Argument description:

area - Area to be associated with the address range. The area name should be from the /routing ospf area list. network - the network address/mask that is associated with the area. The network argument allows defining one or

multiple interfaces to be associated with a specific OSPF area. Only local address of the router should be covered by the network address/mask.

OSPF_Main Router Setup

The IP address configuration of the [OSPF_Main] router is as follows:

[OSPF-Main] interface> /ip address print Flags: X - disabled, I - invalid, D - dynamic # ADDRESS NETWORK BROADCAST INTERFACE 0 10.0.0.214/24 10.0.0.0 10.0.0.255 main_gw 1 10.1.0.2/24 10.1.0.0 10.1.0.255 peer1 2 10.2.0.2/24 10.2.0.0 10.2.0.255 peer2 [OSPF-Main] interface> OSPF settings: [OSPF-Main] > routing ospf print router-id: 0.0.0.0 redistribute-connected: yes redistribute-static: yes redistribute-rip: no distribute-default: if-installed [OSPF-Main] > routing ospf area print Flags: X - disabled 0 name=backbone area-id=0.0.0.0 default-cost=0 stub=no authentication=none 1 name=local_10 area-id=0.0.0.1 default-cost=0 stub=no authentication=none [OSPF-Main] > routing ospf network print Flags: X - disabled # NETWORK AREA 0 10.1.0.0/24 local_10 1 10.2.0.0/24 local_10 [OSPF-Main] >



5.4 Huawei Layer 3 switch Configuration

<BUET_Hall_Core_SW_Pri>

%Mar 16 17:18:01 2014 BUET_Hall_Core_SW_Pri SHELL/5/LOGIN: Console login from aux0

<BUET_Hall_Core_SW_Pri>sys

<BUET_Hall_Core_SW_Pri>system-view

System View: return to User View with Ctrl+Z.

[BUET_Hall_Core_SW_Pri]displ

[BUET_Hall_Core_SW_Pri]display curr

[BUET_Hall_Core_SW_Pri]display current-configuration

sysname BUET_Hall_Core_SW_Pri

super password level 3 simple hall

local-server nas-ip 127.0.0.1 key huawei

domain default enable system

temperature-limit 0 10 70

temperature-limit 1 10 70

poe power max-value 2400

radius scheme system

primary authentication 127.0.0.1 1645

primary accounting 127.0.0.1 1646

user-name-format without-domain

domain system

vlan-assignment-mode integer

access-limit disable

state active

idle-cut disable

self-service-url disable



messenger time disable

local-user huawei

password cipher 7A%Z)9</U<NP\)G'%<OW$1!!

service-type telnet

level 3

stp TC-protection enable

vlan 1

vlan 10

vlan 800

interface Vlan-interface1

ip address 192.168.199.200 255.255.255.0


ip address 192.168.100.5 255.255.255.0

interface Aux0/0/0

interface M-Ethernet0/0/0

interface Ethernet1/0/1

broadcast-suppression 20































description to student hall

port link-type trunk

port trunk permit vlan 1 10 800




























interface GigabitEthernet0/0/1


description to iictold-s2000-E1/0/1


port trunk permit vlan 1 10 800

















interface NULL0

user-interface aux 0

user-interface vty 0

authentication-mode scheme

set authentication password simple hall

user-interface vty 1 4

authentication-mode scheme

return

primary authentication 127.0.0.1 1645

primary accounting 127.0.0.1 1646

user-name-format without-domain

domain system

vlan-assignment-mode integer

access-limit disable

state active



idle-cut disable

self-service-url disable

messenger time disable

stp TC-protection enable

vlan 1

vlan 10

vlan 11

vlan 12

vlan 13

vlan 14

vlan 15

vlan 16

vlan 17

vlan 18

vlan 19

vlan 20

vlan 21

vlan 22

vlan 23

vlan 24

vlan 25

vlan 26

vlan 27

vlan 28

vlan 29

vlan 30

vlan 31

vlan 32

vlan 33

vlan 34



vlan 35

vlan 40

vlan 50


ip address 172.16.215.1 255.255.255.0


ip address 172.16.191.1 255.255.255.0

dhcp-server 1


ip address 172.16.192.1 255.255.255.0

dhcp-server 1


ip address 172.16.193.1 255.255.255.0

dhcp-server 1


ip address 172.16.194.1 255.255.255.0

dhcp-server 1


ip address 172.16.195.1 255.255.255.0

dhcp-server 1


ip address 172.16.196.1 255.255.255.0

dhcp-server 1


ip address 172.16.197.1 255.255.255.0

dhcp-server 1


ip address 172.16.198.1 255.255.255.0

dhcp-server 1




ip address 172.16.199.1 255.255.255.0

dhcp-server 1


ip address 172.16.200.1 255.255.255.0

dhcp-server 1


ip address 172.16.201.1 255.255.255.0

dhcp-server 1


ip address 172.16.202.1 255.255.255.0

dhcp-server 1


ip address 172.16.203.1 255.255.255.0

dhcp-server 1


ip address 172.16.204.1 255.255.255.0

dhcp-server 1


ip address 172.16.205.1 255.255.255.0

dhcp-server 1


ip address 172.16.206.1 255.255.255.0

dhcp-server 1


ip address 172.16.207.1 255.255.255.0

dhcp-server 1


ip address 172.16.208.1 255.255.255.0

dhcp-server 1




ip address 172.16.209.1 255.255.255.0

dhcp-server 1


ip address 172.16.210.1 255.255.255.0

dhcp-server 1


ip address 172.16.211.1 255.255.255.0

dhcp-server 1


ip address 172.16.212.1 255.255.255.0

dhcp-server 1


ip address 172.16.213.1 255.255.255.0

dhcp-server 1


ip address 172.16.214.2 255.255.255.0


ip address 172.16.216.1 255.255.255.0

interface Aux0/0/0

interface M-Ethernet0/0/0



port access vlan 40


port access vlan 50



port trunk permit vlan all





port trunk permit vlan all












interface NULL0

ip route-static 0.0.0.0 0.0.0.0 172.16.214.1 preference 60

user-interface aux 0

user-interface vty 0 4

Return



5.5 Configuration Huawei L2 switch (BUET)

<Quidway>system-view

[Quidway]display current-configuration configuration

[Quidway]vlan 1

[Quidway-vlan1]quit

[Quidway]vlan 10

[Quidway-vlan 10]quit

[Quidway]vlan11

[Quidway-vlan 11]quit

[Quidway]vlan 12

[Quidway-vlan12]quit

[Quidway]vlan 13


[Quidway]vlan 14


[Quidway]vlan 15


[Quidway]vlan 16


[Quidway]vlan 17


[Quidway]vlan 18


[Quidway]vlan 19


[Quidway]vlan 20




[Quidway]vlan 21


[Quidway]vlan 22


[Quidway]vlan 23


[Quidway]vlan 24


[Quidway]vlan 25


[Quidway]vlan 26


[Quidway]vlan 27


[Quidway]vlan 28


[Quidway]vlan 29


[Quidway]vlan 30


[Quidway]vlan 31


[Quidway]vlan 32


[Quidway]vlan 33


[Quidway]vlan 34


[Quidway]vlan 35




[Quidway]vlan 40


[Quidway]vlan 50


[Quidway]interface eth 0/1

[Quidway-Ethernet0/1]port link-type trunk

[Quidway-Ethernet0/1]port trunk permit vlan 1 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

32 33 34 35 40 50

[Quidway]interface eth 0/2

[Quidway-Ethernet0/1]port link-type trunk

[Quidway-Ethernet0/1]port trunk permit vlan 1 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

32 33 34 35 40 50



5.6 Dell PowerEdge T110 II (DHCP Server)

Continuing our series on learning IT basics, today we’re going to show you how to setup DHCP on Windows Server 2008 instead of using it on a router.

Note: this is part of our ongoing series teaching IT administration basics, and might not apply to everybody.

This guide assumes that you have Server 2008 up and running on a machine–if you don’t, you should check out our guide on how to install it. You should also have set a static IP address on the server before continuing.

To get started, fire up the Server Manager, right click on roles, and then select add roles.

http://www.howtogeek.com/50036/how-to-install-windows-server-2008-r2/



You will be prompted with the normal “Before You Begin” screen, and after clicking Next you’ll

be able to choose DHCP Server.



Next you’ll want to select the network connection to bind the DHCP protocol to.



Put in the IP address of your DNS Server, which in this case is the same machine–but be careful

not to put the loopback address (127.0.0.1) as this will be the address your clients will go to for

name resolution.



Click next again to skip the WINS setup, this will bring you to creating a DHCP Scope, where

you can click the Add button.



Now you need to:

Give your scope a name

Enter the first address that you want available to clients to use

Enter the last address that you want available to clients to use

Enter the subnet mask (usually 255.255.255.0)

Enter the IP address of your default gateway (usually your router IP at .1)



Once you have clicked on OK, you can click next 4 times to get to the confirmation screen where

you can finally click install.



Once the installation is complete your DHCP will be functioning, and you can start managing

your DHCP server right away.



Chapter 6: My Work Experience (overview)

I was accepted for internship in Base Technologies Ltd. on 1st February, 2014. At

the beginning of the internship, I was given training sessions. My mentor Mr. Montasir

Mamun taught me networking stuffs. I learned how packets actually travel throughout

the world and how data is shared among end devices. He taught me a lot about

networking. He also taught how to implement Wi-Fi solution for a large campus.

I learned how we can configure different types of switches. How to configure DHCP

server and how DHCP server maintain IP. I also learned about Mikrotik router board.

I studied the network infrastructure of my company and come to know how router is

being configured as well as the switch. The network architecture of my company is

given below.



First when we started survey each of every hall of BUET. We took some pictures of

BUET halls. After taking pictures we measured every hall’s parameter. Then BUET

authority gives us some assumption of Access point’s number. Then we sent the whole

survey report to the ARUBA Networks (USA). Then they gave us actual AP’s number

and the whole calculation. Then we started our work. BUET got their Internet connection

from BTCL (150 mbps line). Then we connected Internet to Bandwidth manager

(mikrotik) and also BUET existing Layer 3 Huawei switch. From layer 3 switch one

connection goes to ARUBA 7210 WL (Wireless controller), another goes to System Log

Server and last one connected to DHCP server. Basically WLC, DHCP server and

Mikrotik Bandwidth manager all these are connected to existing BUET layer 3 switches.

From layer 3 switch connection went to each of every individual Hall’s layer 2 Huawei

switch. And then from layer 2 switch of every individual hall connection went to Edge

Core layer 2 switches. Manually we configure these switches; we created 4 VLAN for 4

Access points and one switch for trunk. We used software which is called PUTTY. In

putty we configure switch manually by CLI mode. We also configure DHCP server by

Graphical mode and web interface. At last we connected Outdoor Access point to edge

core switches. AP din not need any extra power connection because we used edge

core switch which is POE (Power over Ethernet).Beside these kinds of work we did

some other configurations such as NATTING (Network Address Translator), DNS

(Domain Name System) and IP Helper which is work as a relay. IP helper helps layer 3

switches to allocate IP address from DHCP server regularly. DHCP server provides IP’s

to end users from IP range or IP scheme. For configured Mikrotik Router Board we used

a graphical mode or web interface. In WLC first we created a group of AP’s, like for

each hall we created one group and each of groups belong 4 Access Points. Then

register all the new IP’s to each group. We created an AP’s against to Wireless

Controller. And against WLC we created SSID (service set identification) and SSID

created against each of AP’s group. In WLC we could control AP’s signal strength,

Modulation, IP address, configuration, authentication etc.



Chapter 7: Conclusion

Getting a chance to work as an intern in an esteemed IT Solution firm & vendor

company like BASE Technologies LTD was a great experience for me. After working

here, I have learned many things I never knew before. I have gathered a lot of

experiences throughout the entire internship program at the company. There was a

scope for me to observe how to establish a solid Wi-Fi network on an entire campus. In

this report I have explained my practical experiences working for BASE Technologies

Ltd. I have learned so many significant procedures from my supervisors and colleagues

and conducted some tests and did troubleshooting on a regular basis throughout my

entire Internship period. I got to know corporate culture for the very first time and the

discipline that I learned from here will surely help me a lot in my future career. Every

work that I did over here took to me to a new direction and taught me a new lesson.

After working here, I realized that practical learning is the real learning. Handling

different challenges, dealing with various customers, retailers, vendors and client was a

new and great experience for me. Now, I am more confident in decision making than

before. My supervisor and other Colleagues helped me a lot in my working which made

it easy for me to carry on. They taught me how to deal with several problems and take

proper action against them. This Internship program made my view about the working

environment broader and introduced me with Job world and overall I have learned the

requirement of patience, dedication, discipline, decision making power, and team work

and leadership quality. I think I believe this will guide me through my whole working life

in the near future.



References:

1. Router BOARD 1100AH and 1100AHx2 Data sheet [online] Available at:

http://i.mt.lv/routerboard/files/rb1100AHmA.pdf [accessed: May, 24, 2014]

2. 175 series outdoor wireless access points (APs)[online] Available at:

http://www.arubanetworks.com/products/access-points/175-series/ [accessed: May, 24,

2014]

3. Aruba 7200 Series Mobility Controllers [online] Available at:

http://www.arubanetworks.com/products/mobility-controllers/7200-series/ [accessed:

May, 24, 2014]

4. Aruba 7200 Series Mobility controller’s [online] Available at:

http://www.arubanetworks.com/pdf/products/DS_7200Series.pdf [accessed: May, 24,

2014]

5. Layer2 Fast Ethernet Standalone PoE Switches/ data sheet [online] Available at:

http://www.edge-core.com/ProdDtl.asp?sno=297&ES3528M-PoE[accessed: May, 24,

2014]

6. User Manual of Edge Core [online] available at: http://www.edge-

core.com/download.asp?c=B [accessed: May, 24, 2014]

7. Router Boards 1100/data sheet [online] available at:

http://i.mt.lv/routerboard/files/rb1100ug.pdf [accessed: May, 24, 2014]

8. PowerEdge T110 Tower Server [online] available at:

http://www.dell.com/us/business/p/poweredge-t110/pd [accessed: May, 24, 2014]

9. Dell PowerEdge T110 II/ Data sheet [online] available at:

http://www.dell.com/downloads/global/products/pedge/T110_II_Spec_Sheet.pdf

[accessed: May, 24, 2014]

10. Dell PowerEdge Servers Portfolio Guide /data sheet [online] available at:

http://www.dell.com/downloads/global/products/pedge/en/pedge-portfolio-brochure.pdf

[accessed: May, 24, 2014]

http://i.mt.lv/routerboard/files/rb1100AHmA.pdf

http://www.arubanetworks.com/products/access-points/175-series/

http://www.arubanetworks.com/products/mobility-controllers/7200-series/

http://www.arubanetworks.com/pdf/products/DS_7200Series.pdf

http://www.edge-core.com/ProdDtl.asp?sno=297&ES3528M-PoE

http://www.edge-core.com/download.asp?c=B

http://www.edge-core.com/download.asp?c=B

http://i.mt.lv/routerboard/files/rb1100ug.pdf

http://www.dell.com/us/business/p/poweredge-t110/pd

http://www.dell.com/downloads/global/products/pedge/T110_II_Spec_Sheet.pdf

http://www.dell.com/downloads/global/products/pedge/en/pedge-portfolio-brochure.pdf



11. The Aruba Validated Reference Design (VRD) series is a collection of technology

deployment guides. [Online] available at:

http://www.arubanetworks.com/resources/reference-design-guides/ [accessed:

February, 10, 2014]

12. Aruba Campus Wireless Networks [online] available at:

http://www.arubanetworks.com/wp-content/uploads/CampusVRDV8_20110913.pdf

[accessed: February, 10, 2014]

13. Aruba Reference Architectures [online] available at:

http://www.arubanetworks.com/vrd/CampusWNetworksVRD/wwhelp/wwhimpl/js/html/w

whelp.htm [accessed: February, 10, 2014]

14. Campus Redundancy Models [online] available at:

http://www.arubanetworks.com/wp-content/uploads/CampusRedAppNote_2012-08-

13.pdf [accessed: February, 10, 2014]

http://www.arubanetworks.com/resources/reference-design-guides/

http://www.arubanetworks.com/wp-content/uploads/CampusVRDV8_20110913.pdf

http://www.arubanetworks.com/vrd/CampusWNetworksVRD/wwhelp/wwhimpl/js/html/wwhelp.htm

http://www.arubanetworks.com/vrd/CampusWNetworksVRD/wwhelp/wwhimpl/js/html/wwhelp.htm

http://www.arubanetworks.com/wp-content/uploads/CampusRedAppNote_2012-08-13.pdf

http://www.arubanetworks.com/wp-content/uploads/CampusRedAppNote_2012-08-13.pdf

Wi-Fi solution for a large campus

Documents

Transcript of Wi-Fi solution for a large campus