Samsung Research America (SRA) moved its corporate headquarters to Mountain View California end of 2104 and moved about 3000 employees into their new campus across two buildings. This was a Greenfield deployment. SRA employees use wireless as the primary access to the network. I spearheaded the design & deployment efforts.
- Centralized Wireless network Management for Corporate & National branch locations.
- Geographic redundancy with Active/Active controller deployment.
- Seamless Mobility throughout the Campus in the corporate location.
- Employee Authentication/Authorization using backend Cisco ISE platform.
- Device profiling to have policies based on device OS.
- Guest access using a custom splash page authenticating against ISE.
- Secure Policies using Wireless Intrusion Prevention (WIPS).
- Capability to look at historical statistics on an NMS platform. (Single Pane of Glass)
Proposed Solution & Deployment:
- The Samsung WEC8500 controllers were proposed given the scale of the Aps and capacity.
- The Samsung WEA403i Aps (3X3:3) were proposed for indoor office space and Samsung WEA453e were proposed for Outdoor campus areas. The 403i AP has dedicated WIPS sensor module that runs on its own dedicated CPU and memory and does not borrow from the 2.4 & 5 ghz radios for off channel scanning. This allows for higher performance on the client radios as all Radio Resource management activity is now performed by the sensors and they also perform WIPS/WIDS function for rogue AP detection and mitigation. This saves cost for the customer by not investing additional cabling for additional sensors.
- The Samsung WIPS solution was proposed to interwork with the sensor modules on board the Aps to implement policies to mitigate against Rogue APs , Stations and unmanaged SSID’s within the confines of the enterprise.
- The Samsung Wireless Enterprise Manager solution was deployed as a Network Management system.
- The Controllers were deployed in two data centers, one in the west coast & one in the east coast. The Controllers were deployed in Active/Active model where each controller served as a primary for the Aps in a particular region and secondary in other regions.
- AP’s in corporate location were grouped by floors so that RF Profiles could be created depending on the needs of the floors.
- All the national branch office locations were pooled in their own AP Groups.
- A single Employee WLAN profile is created for the entire organization & assigned to all AP groups.
- The Employee WLAN is designed to locally bridge the WLAN DATA traffic on to their local switches.
- The Controller uses Role Based Access Control policies in conjunction with Cisco ISE which interfaces with Active Directory, to assign a user an appropriate VLAN, QOS policy and ACL.
- The Employee devices are loaded with Certificates and mutual authentication is done using EAP/TLS.
- The Guest WLAN traffic is configured to Tunnel all traffic back to the controller and hit the DMZ on separate VLAN.
- The Guest users are redirected to a custom Splash page where they are made to go through a self-registration portal to sign-in.
- On the RF side the Aps power & channels are set using Samsung Self Organizing Network technology (RRM).
- Broadcast/Multicast traffic is filtered at the Controller globally and selectively enabled only on WLANs that need it.
- The Multicast to Unicast traffic feature eliminates unnecessary chatty multicast traffic from the RF. (Multicast Optimization)
- Advanced features are enabled on the WLANs affecting employee traffic which includes rejecting Probe requests based on set SNR values. Ap will not respond to probes if the SNR is less than 15 db.
RF Settings for the Corporate Location (Open Office space):
- * Radio -> 802.11a/n/ac -> General
Bandwidth : 20MHZ
- – Data Rates : default or “6Mbps: Basic, 24Mbps: Basic, Others: Supported”
- * Radio -> 802.11a/n/ac -> RRM -> Dynamic TX Power Control
Tx Power Minimum : 12 dbm
Tx Power Maximum : 15 dbm
- * Radio -> 802.11b/g/n -> General
– Data rates : “1Mbps/2Mbps/5.5Mbps/11Mbps: Disable, 6Mbps: Basic, 24Mbps: Basic, Others: Supported”
- * Radio -> 802.11b/g/n -> RRM -> Dynamic TX Power Control
Tx Power Minimum : 6 dbm
Tx Power Maximum : 9 dbm