Awesome Challenge! 1.) BBC Radio 2.) Towel Day - May 25th, annually 3.) phishing attack 4.) "Don't Panic" 5.) 42 6.) Marvin the Paranoid Android 7.) Deep Thought, a Super Computer built by Lunkwill & Fook 8.) Neil Young 9.) email@example.com 10.) Douglas Adams
... View more
We have a customer that recently completed the build out of new office space in a new HQ facility. Over the next year they will be migrating all operations from the old HQ facility to the newly constructed space in the new building. This particular customer has traditional Cisco enterprise infrastructure deployed for edge, wireless, and data center utilizing catalyst at the edge, unified wireless, and Nexus in the data center deployed in typical collapsed core architecture. Having recently adopted Cisco Meraki as the primary solution to be deployed at 3500 small remote locations across the country it was decided to implement Meraki for the access layer at the new HQ facility while maintaining Cisco Nexus and enterprise products in the data center and at the internet edge. Additionally Cisco ISE was implemented to handle Identity services and authentication for wireless across the organization. One of the unique challenges that was encountered with the migration to the new HQ was that three separate guest wireless networks were deployed at the legacy HQ location that had to be replicated at the new HQ facility. Internet connectivity for each of these guest networks is provided via separate cable modem connections for each network. This proved to be problematic at the new HQ office as cable provider network facilities were not set to be built out for several months. An additional factor complicating this was that connectivity between the old and new HQ buildings was being provided as two separate 10Gb ethernet links and the customer wanted these links to be Layer 3 links to enable more deterministic control over the routing of traffic between the two sites. This L3 connectivity requirement made it impossible to simply bridge the internet connectivity for the three isolated guest networks from the old HQ to the new. To address this issue we implemented a unique solution. At the old HQ location we implemented an MX in concentrator mode to anchor tunnels from each of the three Guest SSIDs at the new HQ site dropped off to separate vlans. Each of these vlans was bridged onto an isolated L2 vlan in the Nexus environment that connected each Guest SSID to the respective isolated cable modem connection. This is depicted in the attached diagram. This solution provided the customer with a couple of benefits. First it provided the required isolated connectivity for each of the guest networks without waiting months for the new cable modem network facilities to be built out at the new HQ building. Secondly the traffic in these tunnels can be identified at layer three allowing custom routing and QoS policies to be implemented to balance and prioritize traffic flows between the two facilities. In concert with this the new ISE implementation was leveraged to provide authentication services for the non-guest corporate and voice SSIDs serviced buy the Meraki wireless infrastructure at the new HQ. While nothing about this solution is particularly earth shattering at a technical level it does provide a great example of how real problems can be solved utilizing the marriage of traditional Cisco Enterprise products and the simple and flexible capabilities of the Meraki cloud managed platform.
... View more