Day 2 of the Implementing Aruba WLANs course has come to a close and we have managed to make a nice mess of the room. It’s amazing how quickly 6 people can fill a room with controllers, access points, cables, laptops, and courseware!
Much like the first day of the course, the second day was very educational. Focusing mainly on authentication, access control, and roles, I’d say this day represented the meat of the course. Here are my thoughts after day 2:
To securely deploy a wireless network you had better brush up on your 802.1X, RADIUS, and PKI knowledge. Home WLANs are not the same thing as Enterprise WLANs; pre-shared keys (PSK) are not a scalable or manageable solution in most enterprise deployments. All SMB, or enterprise WLAN vendors support robust authentication when it comes to wireless networks so take advantage of these features.
Role derivation is awesome! Having the ability to assign specific access policies and VLAN assignments to clients based on device type or group membership is a great way to avoid excessive SSID creation and provide granular control that matches the capabilities and requirements of each user/device. Regardless of the WLAN vendor you are using, I would highly recommned looking into this feature the next time you are thinking about creating a new SSID for a new business requirement. You just might save your self some configuration effort and eliminate needless wireless beacons at the same time.
Overall I’d say day 2 was a success. WLAN security is incredibly important so I was very happy to see that we spent the entire day exploring the various options available to us.
If you have thoughts, comments, or questions about WLAN security, please leave a note in the comments section.
I firmly believe that the only way to stay on top of the wireless networking industry is to fully embrace the idea of lifelong learning. To me, this doesn’t just mean learning new skills and products, but also taking the time to revisit and refresh the things you think you already know. That’s why I jumped at the chance to sit in on a three-day Implementing Aruba WLANs course being held at my office. True, I do already have my ACMA, but I attained this back when controllers were running ArubaOS 3.x. Now that ArubaOS 6.x is out, I figured it couldn’t hurt to revisit the course and make sure I’m still up to date. Here are a few observations after completing the first day:
Regardless of how simple a WLAN controller is to configure, anyone involved in designing, securing, or administering a WLAN must still understand the underlying 802.11 technology. Fancy wizards and snazzy interfaces are great when things are working fine, but don’t expect your WLAN to run as efficiently, securely, or resiliently if you don’t know what all those knobs and dials are actually doing. That beings said, Aruba Networks has done a great job improving and enhancing their configuration wizards. These wizards do such a good job of simplifying the basics of configuring your controller(s) that someone could technically get a secure WLAN up and running with very little wireless knowledge or experience. Unfortunately, there is no WLAN Administration Wizard. Until that day arrives, hit the books and start learning the underlying technology. A good place to look for vendor neutral wireless certification is the CWNP organization.
Wireless networks are at a critical, and potentially dangerous, juncture in their relatively short lives. If we spend the time to properly plan, design, and secure wireless networks they have the potential to dramatically affect the way we work and play in a very positive and reliable way. However, if we rely too heavily on the perceived simplicity of deploying wireless networks without doing our homework first, then we are setting mobile computing up for failure or, at the very least, an existence that falls very short of the true potential of wireless networking.
Overall, day one was very informative and a lot of fun. It’s always great to see people putting in the time and effort required to properly implement a wireless network. So far the Deploying Aruba WLANs course has delivered what was promised and I am looking forward to sharing my thoughts on the next two days.