Tuesday, July 25, 2017

Cisco Wireless LAN Controller Redundancy Solutions: High Availability

There are two options for Cisco Wireless Controller redundancy solutions, either Backup Controllers or High Availability, depending on the firmware version of WLC's, failover time requirement, and budget.

Using Backup Controller method, a single controller at another location can act as a backup for access points when they lose connectivity with the primary controller in the local region. Centralized and regional controllers do not need to be in the same mobility group. You can specify a primary, secondary, and tertiary controller for specific access points in your network. Using the controller GUI or CLI, you can specify the IP addresses of the backup controllers, which allows the access points to fail over to controllers outside of the mobility group. You can set the Primary and Secondary controllers for the AP on the controller via the GUI, the CLI, or even SNMP. With Backup Controllers, in the case of a WLC failure, APs would begin to search for their Secondary Controller and re-establish their CAPWAP tunnel. The obvious downside is the outage that occurs from the client prospective while the AP drops it's tunnel and begins to build it again to the Secondary Controller.

The new High Availability (HA) feature (that is, AP SSO) set within the Cisco Unified Wireless Network software release version 7.3 and 7.4 allows the access point (AP) to establish a CAPWAP tunnel with the Active WLC and share a mirror copy of the AP database with the Standby WLC. The APs do not go into the Discovery state when the Active WLC fails and the Standby WLC takes over the network as the Active WLC. There is only one CAPWAP tunnel maintained at a time between the APs and the WLC that is in an Active state. The overall goal for the addition of AP SSO support to the Cisco Unified Wireless LAN is to reduce major downtime in wireless networks due to failure conditions that may occur due to box failover or network failover. Once you purchase a second WLC and license it specifically to serve as a standby,  it shares an IP address and session/Config/AP information with the main controller.

Cisco Wireless Controller 5508 Configuration Step by Step - Part 1 (CLI and GUI Access, Upgrade)

As the industry’s most deployed controller, the Cisco 5500 Series Wireless Controller provides the highest performance, security, and scalability to support business communications today and in the future.
Cisco 5500 Series Wireless Controller
• Support for up to 500 access points and 7000 clients
• 8-Gbps throughput, eight 1 Gigabit Ethernet ports, with Link Aggregation Group (LAG)
• Standalone, rack-mountable appliance

5508 Front Panel
Note: Service Port is the one above Redundancy Port. 

Monday, July 24, 2017

Gartner Magic Quadrant for Enterprise Network Firewall (2017, 2016, 2015, 2014, 2013, 2011, 2010)

Based on Gartner's definition, the enterprise network firewall
" is composed primarily of purpose-built appliances for securing enterprise corporate networks. Products must be able to support single-enterprise firewall deployments and large and/or complex deployments, including branch offices, multitiered demilitarized zones (DMZs) and, increasingly, the option to include virtual versions for the data center. Customers should also have the option to deploy versions within Amazon Web Services (AWS) and Microsoft Azure public cloud environments. These products are accompanied by highly scalable (and granular) management and reporting consoles, and there is a range of offerings to support the network edge, the data center, branch offices and deployments within virtualized servers and the public cloud. "

Here is the difference from UTM appliance, which  UTM approaches are suitable for small or midsize businesses (SMBs), but not for the remainder of the enterprise market.

2017 Gartner Magic Quadrant for Enterprise Network Firewalls

2017 Gartner Magic Quadrant for Enterprise Network Firewalls

Gartner Magic Quadrant for Unified Threat Management (2017, 2016, 2015, 2014, 2013, 2012, 2010,...)

Gartner defines the unified threat management (UTM) market as multifunction network security products used by small or midsize businesses (SMBs) (< 1000 employees).

2017 Gartner Magic Quadrant for Unified Threat Management (SMB Multifunction Firewalls)

Not much changes from 2016.
2017 Gartner Magic Quadrant for Unified Threat Management (SMB Multifunction Firewalls)

Friday, July 14, 2017

Cisco Wireless Controller 5508 Configuration - Tips and Tricks

All basic configuration has been created from following related posts. This post will focus on some other configuration or troubleshooting happened in real environment.

Relate Posts:

1. Create Different SSID for Different AP
1.1 Create a new WLAN with new SSID 
in this example, we are having two SSID : myoffice-t and myoffice-m

Wednesday, July 5, 2017

Gartner Magic Quadrant for the Wired and Wireless LAN Access Infrastructure (2016, 2015, 2014, 2013, 2012, 2011, 2010)

Gartner’s Magic Quadrant for Wireless LAN Infrastructure has been released for a couple of years. This post listed all reports found from Internet since 2010. If you are not familiar with this research publication or Gartner, please see graphic below. Gartner places vendors in one of four quadrants – Leaders, Visionaries, Niche Players and Challengers based on their score system.

Understanding Gartner Magic Quadrant Report
Source: Gartner (July 2013)


No changes on Leaders Quadrant. Fortinet got into challenger. 

Thursday, May 18, 2017

Using Artica Squid Open Source Project to Build Powerful and Safe but Simple to Use Proxy

Looking for a pre-installed GUI based Proxy for a while and found Artica recently. The feature is pretty attractive and GUI interface looks cool.

What is Artica?
"Artica Proxy is an appliance that claim to manage Squid-cache proxy with all features that Squid Cache provides.With the Artica Web interface you can monitor, manage get statistics of your proxy service.
Artica Proxy provides ISOs in order to build a full proxy appliance without any technical skills.
Artica Proxy allows to enable Web filtering engine with more than 30.000.000 categorized websites.

Other features included such as reverse-proxy, RDP proxy, VPN, DHCP, DNS..."
Here are some my experience on it.

1. Download Link:

There are ISO, ESXi, Hyperv, Xen versions to download.