David Biron – Senior Network Engineer – UCL
Why speak here today?
• Regular Networkshop attendee
• Always spent time listening and gleaning information
• Thought I’d speak about our journey, hoping it will help
others, like previous talks helped me
• We have no affiliation or preference for any particular
Give something back
Why start the project?
• A very varied and mixed wireless estate
• A focus on what was going immediately EOL rather than the bigger picture
• Wireless had grown organically
• A large wireless estate
• Wireless lifecycle shorter than wired
• Greater demand and expectation
• Essential service to students
What do we have now?
• Aruba for the Halls of Residence
• Cisco for the Campus
• FreeRADIUS for authentication
• 2 management platforms
• Varying models of APs
Mixed vendor estate
• Services offered
Custom IoT use cases
Facts and Figures
• HoR – Provided in house (Not via a 3rd Party)
• AP per room model – 4000 APs
• Installed around 2012
• HoR switches provide power and data to the AP (Wired connection provided via the AP)
• Licensing (AP, Policy Enforcement Firewall, RF Protect, Airwave)
• AP models mainly 93H
• Managed via Aruba Airwave v8
• Running v6 codebase
• Running 4 controllers (All controllers active, VRRP resiliency with a hot spare)
Facts and Figures
• Total – 2500 APs
• Installed over a number of years
• Driven by demand (Schools/departments)
• In the early days limited surveys were carried out
• Cisco ONE licensing
• AP models, big mixture (big headache!)
• Managed via Cisco Prime v3.2
• Running v8.3 and v8.5 codebase!
• Running 4 controllers (2 x 8540’s in HA and 2 x 8510’s in HA)
• Decided to only select Cisco and Aruba due to being market leaders in the education sector and also
• Structured as a tender document, then shortlisted suppliers invited in to give a presentation
• Concept of a work package
• Limited the number of buildings
• Created a shopping basket to allow bidders to fill in their proposed equipment and pricing
• Who will bid:
• Asked Cisco and Aruba to give us your best people based on the project brief
• Went out to 8 suppliers
Wrote our own tender rather than using a framework
The Red Zone
• Bloomsbury Campus
The Red Zone
• Bloomsbury Campus
• 8 Responses back!
• Lots of clarifications!
•You must do this!
•All options non-negotiable!
•Very rigid timescales!
•Wanted to guide us rather than be guided!
• Wanted to replace things that were not in scope
• RADIUS (Clearpass/ISE)
• Guest wireless services
• Put a lot of thought into the tender
• Tender customised for us based on the information given
• Clear pricing and discount matrix
• Fully considered the Halls of Residences
• Wanted to work with us and gave a level of flexibility we liked
• Every clarification was clear, concise and provided extra
• Gave a solid interesting presentation and answered all
questions posed providing extra levels of detail
Not just a box shifter!
• Aruba 10k hardware mobility master backend solution
• Aruba 7280 hardware controllers (Latest and greatest)
• Aruba AP-5xx (WiFi 6 APs)
• HoR fully considered and accounted for (AP-303H)
• Aruba Clearpass 25k solution (4 VMs)
• Aruba Airwave management (3 VMs)
• Able to use existing 7240 controllers on v8 code until
old APs retired.
• Able to use licenses already purchased
•IPv6 first strategy
•Ensuring IPv6 is fully supported from the outset for future moves from native IPv4 to IPv6.
•IPv6 dual stack model
•IPv4 and IPv6 supported in conjunction for management and clients to co-exist on both.
•Simple fault diagnosis
•A standard and simple to follow fault finding process.
•Comprehensive monitoring from both a system and user perspective
•A monitoring system that gathers and displays complex information in a simple and useable
format, with additional automation in place to improve overall management.
•No infrastructure bottlenecks
•Suitable bandwidth from the outset to ensure suitable throughput is in place for the lifespan of the
•Seamless ubiquitous user experience
•Single and consistent user experience no matter who the user is, what the device is, where they are
or when they are accessing the network.
•Simple and consistent onboarding of all types of users connecting to the wireless networks
•Providing the UCL user with the ability to help themselves and gain secure access to the wireless
network without having to ask and possibly wait for assistance.
•Skype for Business (Microsoft Teams) first
•Seamless Skype for Business solution with the ability to prioritise and manage S4B voice and video
•Identification of all users accessing the UCL provided networks
•Define each and every authentication to the wireless network based on user and/or device.
•A single vendor approach to the wireless deployment, Aruba technologies used throughout.
•Self-service fault diagnosis
•Self-service fault diagnosis options for wireless users.
•External wireless coverage
•UCL wireless connectivity throughout the campus including outdoor areas.
•Ability to define user, client or device locations based on wireless connectivity.
•Pinpoint a user location and use this information to provide directions to a required destination
within the UCL campus.
•Integration, allowing for a Smart Campus.
How are we going to do this?
• Survey, survey survey!
•Predictive, live pre and post surveys
• Proof of concept stage – Initial infrastructure
build and thorough testing – 20 APs
• Pilot stage – 2 buildings (100 APs)
• Location services
• Aruba service assurance
• Work package 1 – 5 buildings (300 APs)
• Outdoor coverage of the 5 buildings
• Chance to review all the existing infrastructure and how things bolt
• Bounce ideas of the partner
• Take time to reflect and make sure we are going the way we want
• Aim is to measure twice, cut once!
• Evaluate new routing/switching equipment
It is possible!
• Don’t be afraid to challenge what you normally do
• Choose partner wisely
• Be aware of what other areas of the business are doing
• Try and involve different areas of the business as much as possible
• Have a clear communication plan and end goal
Would you do things differently?
• Cisco do have a fantastic product:
•Products (Catalyst 9k) (IOS XE/AireOS)
•Chicken and Egg with software releases and equipment support
• Consider support and what this means
• Clear roadmap for the next 5 years
• Sign a good length agreement with review and improvement milestones to keep the partner engaged
Senior Network Engineer