Yeshiva University Wi-Fi Management Report: MN503 Overview

Verified

Added on 2022/09/18

AI Summary

This report details a project aimed at overhauling the Wi-Fi network at Yeshiva University. It begins with an overview of the current challenges, including decentralized management, frequent outages, and slow speeds. The proposed solution involves centralizing management through the installation of new access points and switches, enhancing security, and improving user experience. The report discusses the hardware requirements, including CPEs, routers, and the Ruckus SmartZone 300 for bandwidth management and security. It also covers the importance of a user-centric design and demonstrates the proposed network using Cisco Packet Tracer. The project emphasizes the need for a robust and efficient network to support the demands of students and faculty, focusing on improved performance, security, and centralized management for ease of maintenance and proactive monitoring.

Running Head: WI-FI MANAGEMENT 1
Overview of Internetworking
Name:
Course:
Tutor:
Date:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

WI-FI MANAGEMENT 2
Overview of Internetworking
Project Scope
The project ahead involves an overhaul of the network of the Yeshiva University
campuses. The project will entail a survey of the requirements, deployment of the new
network, and removal of the old system. Installation of the new equipment will be done
without interfering with old setup in order to allow minimal downtime throughout the project.
It will involve the installation of both wired and wireless devices that will have centralized
management. In order to overcome the shortcomings of the project preparations such as short
time, the tasks of the project will be clearly outlined, all the devices, and human resources
required must be gotten in advance. As such, the project will have all the necessary resources
and have several standby technicians who would step in case of a shortage of human capital
at any stage of the project.
Deploying and supporting Wi-Fi devices such as mobile phones, tablets, and laptops
can be stressful for IT professionals and clients. Network administration for a campus
involves a lot, from budgeting, devices configuration, standards creation, creating rules, and
devices deployment. The problem is worsened by the high demand for a stable and efficient
network by the students. Students are genuinely irritated by slow and unstable network
mainly because of their academic and entertainment needs. The current wireless network at
Yeshiva University is extensive and may be challenging to troubleshoot the problems.
Challenge Identified
Generally, the challenge that stands out in the university is lack of synchronization of
the Wi-Fi equipment. Each of the more than 1600 Access Points is managed individually. It
is not possible for IT administrators to monitor the AP proactively. In the current situation,

WI-FI MANAGEMENT 3
the admins rely on students’ complaints to know when there is a problem. Therefore, it is
difficult for administrators to identify patterns of the network that can help to them to remain
proactive (Dorm Wi-Fi Changes From Restrictive to Enriched Student Experience, n.d). They
can also not monitor bandwidth usage, making it impossible to optimize the network.
Essentially, the network needs to be centralized for easy monitoring, configuration, and
diagnosis in order to enhance proactive and reactive solutions. Additionally, they are unable
to active reactively in a timely manner because it is cumbersome to identify the nodes with
problems. One of the main problems of Wi-Fi is a frequent total outage. The downtime
means that the students are not able to access their study and research materials (Dorm Wi-Fi
Changes From Restrictive to Enriched Student Experience, n.d). They are also not able to
enjoy various online forms of recreation. The other problem with the Wi-Fe is slow speeds.
Slow speeds mean that students cannot download or upload various content efficiently. There
is also a problem of multiple SSID because of use of many access points, making it hard for
administrators to manage the Wi-Fi. It also hinders the mobility of students since they would
need to memorize multiple login credentials (Burt, 2019). Also, the credential management is
not integrated with the central database for student enrollment. Credential management is a
crucial aspect of any robust network and failure to manage it centrally makes it difficult to IT
administrator to manage it.
User-Centric Design
The proposed solution involves the installation of important access points that will be
managed from only 27 switches. The new style of centralized authentication is not only
impressive to the students but also protect their internet experience. The contracted company
has vast experience in networking and development of networking devices (Lavoie, 2018).
They have experience in fiber, ethernet, and Wi-Fi networking. The campus is quite old and
has little infrastructure to support the installation of modern equipment. However, the

WI-FI MANAGEMENT 4
contracted company has a broad human resources base that will be able to carry out activities
such as the installation of electrical cables, digging of trenches, and drilling of concrete
surfaces.
Besides, the company has worked in many academic institutions with similar and
even more severe needs than Yeshiva University. The new access points will not be drawing
electrical power from the dormitory room in order to leave the available power sockets for
use by the students (Jakes, 2015). The university will not be worried about power deficits in
the dormitories. It will also not be worried about power overload and poor electrical
connections that students make. Also, the Access Points to be used will be power-efficient,
allowing more power to other dormitory requirements such as bathrooms, kitchenettes, and
laundry rooms (Lavoie, 2018). The new infrastructure will help the university reduce its
power expenses drastically.
Additionally, the cables and Access Points will be installed on specific areas and
concealed behind ceiling boards to avoid. The design of the network will leave most of the
wall surfaces with their original look and feel since there will be no wall mounts or cables
running on the walls and the floors. Also, the cables required will run behind the ceiling
boards, making it impossible for people to see nearly all of the networking infrastructure. The
design of hiding cables and access points behind the ceilings will also be a safety
enhancement for students and the university employees who dwell there. The currents setup
involves cables running on walls and some on floors in a way that increases the chances of
accidents.
It is imperative also to note that the new installation will save the university much
money that it has been spending to carry out repairs of the network infrastructure. It will
require minimal repairs of cables since they will not be exposed to common threats such as

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

WI-FI MANAGEMENT 5
accidental and malicious damage (Phanse, 2018). The cables in the current set up are visible
and thus exposed to vandalism and accidental cuts. Repairs of such cables are costly since it,
in most cases, requires running of complete cables from the switch to the affected Access
Points. Besides, the proposed system saves the IT team much time since it allows them to
monitors the activity all the Access Points from the various switches (Phanse, 2018). The
centralization of several hundred of Access Points to one switch makes it easy for IT admins
to view the activities of the switches during incidents from a standard dashboard on a
computer interface.
B. Demonstration Section
Simulation using Cisco’s packet Tracer

WI-FI MANAGEMENT 6
Project Hardware Requirements
Today, offering Wi-Fi and stable cabled networks in educations is more of a necessity
than an option. As more and more students acquire high-end smart devices and laptops, they
expect topnotch Wi-Fi services around the clock (Burt, 2019). Thus, the university must
invest heavily in the network infrastructure. It must also install future-oriented equipment and
use future-ready design in order to make necessary changes in the ever-changing world of
technology (Chieochan & Hossain, 2015). The equipment's capacity must be high enough to
support the high bandwidth that the students require.
Among the equipment that will be required are Client Premise Equipment (CPEs) that
will deliver the data to various campuses from the service providers. The CPE should use two
different technologies, most preferably fiber and WiMAX technologies (Chieochan &
Hossain, 2015). The advantage of using two delivery technologies is to avoid significant
outages when a particular technology is affected in a large area. For instance, fiber
technology may suffer severe fiber cuts that may affect several service providers, thus cause
an outage to all customers who use it (Duell, 2017). It is also advisable to use different
service providers for the two links internet in order to avoid downtime when one service
provider is not able to deliver the internet for any reason. Preferable brands for the CPEs are
Cambium and Radwin since that have stood the test of time in the telecommunications
industry (Duell, 2017). They are also very resilient to vagaries of nature and harsh
environmental conditions.
The other equipment they need is a router that doubles up as a firewall. A hardware
firewall is generally more potent than software-based firewall since it protects the LAN at the
point where it borders the WAN. An appropriate appliance for a business such as a university
campus would be a Sophos XG 210. It can handle bandwidths of up to16 Gbps and a VPN

WI-FI MANAGEMENT 7
throughput of 1.45 Gbps (Jin et al. 2017). It has the capability of load-balancing so that the
campuses can have two internet channels simultaneously to ensure availability. With the high
bandwidth, it will be able to handle traffic for multimedia content without data congestion.
Also, it has QoS capabilities that can be used to enhance the performance of the switches that
will be used in the distribution of communication of data packets.
Additionally, the VPN feature is essential for the campus because it would control the
access of educational materials and secure the devices that student connects to the campus
network. Campus network contains a lot of sensitive and confidential information that needs
to be protected from intrusion. The Sophos XG 210 supports both IPSec and SSL VPN
technologies. Each has its advantages and disadvantages. The IT team should assess their
security and resources availability needs to the technology to settle for (Jin et al. 2017). The
appliance's other security enhancements include web protection, antimalware protection,
intrusion protection, wireless protection, and network protection.
The data from Sophos XG 210 will be routed to the Bandwidth and Subscriber
Management system known as Rackus SmartZone 300. Ruckus SmartZone 300 is a scalable
and versatile WLAN controller designed for data center deployment (Jin et al. 2017). The
system will be ideal for bandwidth management and in order to balance recreational needs of
the students and study needs.
For the WLAN to communicate through the Sophos appliance, the following ports
must be open;
Port Number Layer 4 Protocol
9080 HTTP
9443 HTTPS

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

WI-FI MANAGEMENT 8
The university has a robust data center in the library that would require reliable
bandwidth management system. Ruckus SmartZone 300 is powered by an operating system
called SmartZone OS that addresses the problems of distributed networks in large enterprises.
Ruckus SmartZone 300 gives the IT staff intuitive visuals for management of end-user
experience, both reactively and proactively (Jakes, 2015). It has an active-reactive
redundancy that ensures there is no idle capacity at all times. The appliance will be the
primary DHCP server and will have most of the configurations done it. Since the university
uses an active directory, the following will be set as the primary Server section;
 IP Address = IPv4 of the AD server
 Port = Input the logical port of the AD server
 Windows domain name = Type the name of the domain name allocated to the AD
server

WI-FI MANAGEMENT 9
Besides, the Rackus appliance provides IT admins with multi-tier admin hierarchy
that enhances the flexibility of IT management. The feature allows admins to create and re-
use the configuration in other domains. Thus, the university IT admins will be able to
replicate the configurations across the five campuses at the click of a button (Jakes, 2015).
For instance, the procedure of replication the authentication, authorization, and accounting
(AAA) from a single SZ300 is by selecting the Configure, Clone, and Delete options form
the AP Authenticator tab. It also has a role-bases access control that allows admins to create
permissions and group them into categories that can be replicated across the campuses (Jakes,
2015). The feature is ideal for the university because the profile of students can help to create
groups to base permissions on. The procedure of creating user role and mapping is as follows;
 Enter some value on the group attribute section
 Select the user role from the list “user role”. Alternatively click on the + sign to add
a user role.

WI-FI MANAGEMENT 10
 Click OK
The device also has a feature called Partner Domain Layer (PDL) that allows admins
to give students unique sets of profiles, system objects, and configurations that are not
sharable with other students (Lavoie, 2018). The feature creates a barrier between users to
ensure privacy and avoid operational challenges associated with user management.
The SZ300 has a customizable dashboard that is contextually rich in order to reduce
the time that is required to support the entire network. It has consistent menus and
streamlined navigation that shortens time to carryout routines jobs such as monitoring and
configuration of access points (Phanse, 2018). However, the task of Access Point
configuration shall be done at the switch level. The only aspect of Access Points
configuration that will be managed the SZ300 level is the WLAN statistics and visual
network alerts, traffic analysis, health analysis, and spectrum analysis, among others. The
appliance has a Visual Connection Diagnostics that simplify problem resolution (Jakes,
2015). The tool allows the network administrators to focus on specific client device and
status of connections. It has an intuitive interface that tracks users' steps of 802.11
connections. The interface also allows the admin to view captive portal redirects, DHCP
allocation, roaming and handover, EAP authentication, and RADIUS. This helps
administrators identify network failures quickly and take the necessary actions (Phanse,
2018). The visualized diagnostics help to determine the exact cause of problems and offer
great insight into the remediation cations.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

WI-FI MANAGEMENT 11
However, the SZ300 system has a rich dashboard that allows realtime visibility of
millions of URLs and classifies them into over 80 categories, that are either denied or
allowed. Furthermore, the filtering capability supports the safe search for Bing, Google, and
YouTube. The system has an enhanced security feature known as Dynamic Phase Shift
Keying that automates randomized keys for use on each device. The SZ300 supports more
than 100,000 Dynamic Phase-Shift Keying that can be used across on all campuses (Phanse,
2018). That means that the five campuses can have up to 25,000 DPSK for use.
The Ruckus SmartZone 300 has WIDS and WIPS that help to identify rogue Access
Points. Rogue APs possess malicious behaviors such as BSSID and SSID spoofing that
interfere with client connectivity. It categorized the APs as a rogue, known, malicious, and
ignore to minimize disruption of allowed access points so that the network does not act
against the discoverable access points. Classification rules allow detection of rogue APs by
MAC, SSID, and RSSI in role-based policy management (Lavoie, 2018). Enforcement of