RDA Wireless Management

Owner: Ashish Rana Originator: Deshbir Sandhu Document Version: 1.0 Date: 18th January, 2010

Contents
1. Purpose Sign In Prerequisits Naming Standards RDA Overview Wireless LAN Wireless Standard Documents Configuration Wireless Diagram

2. 3. 4. 5. 6. 7. 8.
9.

1. Purpose

This document will provide information of WAN operation process overview and setup in RDA environment, and guide for WAN Management of Network devices across different RDA Network sites along with their solutions. In particular, it will serve as a baseline for anyone joining the Network team and documents the WAN infrastructure in place with network diagrams, vendor details etc.

2. Sign Before you begin executing any part of this checklist, you must do the following: In Important!
1. Sign in on the chart below before executing any procedures. Print your name legibly; provide your signature, initials, and the date. 2. Record your initials in the designated space after each procedure you perform. Full Name (Please Print) Signature Initials Date

3. Prerequisites
Prior to start we need to collect the following information. A. Device Hostname, Device IP address, ISP Circuit information and Contact details, Onsite support person contact information. NOTE: Refer IP address database and Network Inventory excel sheets. B. Update Daily change control link for any add, remove change in Hardware/configuration of any Network Devices and initiate Remedy change control process for the same.

4 Naming Standard in cutting RDA network infrastructure is built on the latest RDA edge products and technologies from world leading networking vendors including Cisco, Packeter, etc. The network infrastructure is securely built to protect to the RDA uses the following Naming Standard intellectual property of Reader Digest.
Network Device Hostname: Pleasant Villa, NY, the head-quarters for Reader Digest, is the hub of the Reader Digest network, with 66 remote WAN sites world wide in 45 countries. RDA support operations from locations in 45 countries with most CCSSSNWXX of there staff concentrated in 7 countries. The remote sites are connected to Pleasant villa and each other uspvlswC101 through IPSec VPN technologies. The campus network at Pleasant Villa runs Eigrp on the LAN and the remote site are reachable through GRE on IPSec. Where CC is the 2 letter country code (i.e. US) Major WANSSS isinclude in United Kingdom and Hong Kong. United Kingdom is the European Headquarters. sites the 3 letter site/location code (i.e. PVL,) NW is Asia Headquarter and many other small and medium offices around the globe. Hong Kong is the a constant for "Switch/Router/Access Point" XX is the number of the Router or Switch, incremented sequentially (i.e. 01, 02) e.g. USPVSWC101 RDA maintains a core datacenter in Pleasantville, NY that provides 24x7x365 global services to all businesses and geographies. The computer center provides technology infrastructure across a wide variety of technical platforms. E.g 2 INDNOIAP01 Where IND stands for India Noi stands for and Network GTS Global Technology City Noida Services, located in Pleasantville provides centralized data center, AP Access operating system administration and email management to the Readers Digest world database management,Point 01 Device Number as well as Helpdesk, Desktop support and Network support services. Global Network Services provides two significant services: a) Global Data Network Services b) Voice Services. Global Network Services team supports RDAs global WAN that spans 65 RD sites, 112 vendor Connections across 37 countries. The Global Network is monitored 24x7 365 days per year by a centralized Network Operations Center (NOC). The NOC performs 1st level problem determination and resolution and escalates issues to on-call Network Analyst. There is always on-call Network Analyst. In addition to managing the WAN the global teams responsibilities include providing 2nd level support for RDAs 65 LANs distributed across 37 countries and providing implementation and maintenance support for RDs globally distributed Wan and LAN systems. Following are the services provided by RDA to there Business:
Wide Area Network Services Local Area Network Services VOIP Services Remote Access Services Network Security Services

5.

Introduction to Reader Digest Network- WAN

In order to provide these services to users following functions are enabled. Monitoring, Alerting & Reporting Incident Management Problem Management Change Management Configuration Management Performance management Asset Management Vendor Management Cabling & Wiring

6. Wireless LAN
Wireless LAN (WLAN), deployed in RDA campus, is based on Cisco Aironet Access Points (WAPs). All Access Point works in autonomous Mode .Access points are installed in RDA campus and they are visible with naked eye. All access point are Connected to Campus Network through truck port to the nearby Switch.

Two Vlans are defined in core switch VLan 22 and VLan 13.VLan 22 is for the guest user with open Authentication. VLan 13 is for RDA users. Traffic flow between the wireless clients and the Internet 1. The wireless client associates with the AP. 2. The wireless client gets the IP address and default gateway information from the DHCP server. The RDA Laptops will be configured with predefined WPA Keys. So they will added into VLAN 22.For the Guest user, Authentication will be Open and they will be added into VLan 13.The default gateway for the clients point to the interface of the IP Address of VLan in which they will be added. For example, for the RDA Guest wireless clients associated with WLAN 13, the default gateway is 161.230.7.1. 3. Logically, the wireless client forwards all the traffic directly to the default gateway. The clients are forwarded to the default gateway via the trunk link between the core switch and the AP. Once the Traffic reached the core Switch depending upon the ACL, the packets are forwarded. As RDA Guest Users are allowed only to access the internet.

7. Wireless Standard Document

The purpose of this Wireless Standards document is to describe RDAs standards for WAPs: Hardware, Software, Installation, Configuration, Change Management and Operations. These standards are subordinate to RDAs general Security Policy, as well as any governing laws or regulations.

1.1 Scope
This document refers to all RDA WAPs and all users Connectratorecting are subject to this policy and required to abide by it.

1.2 Standards Hardware and Software

The GTS Wireless Expert must review the specifications before any wireless access point is purchased or implemented. They will review the current standards and available products and recommend a model for purchase. Only hardware that can accept all standards will be purchased and implemented.

Software
WAP software must be kept up to date to protect against the latest vulnerabilities. Any changes to wireless software will follow the standard RDA Change Control policy.

1.2.1 Configuration Standards In order for Wireless Access to be implemented at RDA: 1. A wireless access device(s) must be present within the building location and the WAP needs to be configured according to the standards documented in this section. 2. A wireless card must be present on the end users laptop or desktop computer and must be configured according to the standards documented in this section. 3. The wireless user must authenticate by using a userid/password as defined to ACS or SID. WAP Configuration: All WAPs deployed must be configured to meet these minimum standards. Whenever possible a standard configuration template will be available through GTS. WAPS must be deployed in a manner that forces Connectratorections to primary segments to be encrypted with a minimum of WPA encryption. This level of encryption can be changed at the discretion of Data Security. WAPS must force individual authentication from a central resource. Accounts must meet all existing standards, including but not limited to the Password Policy and Identity Access and Management Policy.

End User Configuration: All managed computers will deploy a standard wireless client as defined by Global Desktop Services. This client must support all required standards and configurations. Clients using unmanaged computers looking to Connect to the guest wireless are responsible for there own local wireless client. Readers Digest IT will assist these users whenever possible however no guarantee of service is made.

1.2.1.1 Change Management Any changes to WAPs or wireless clients will follow the standard Readers Digest Change Control Policy. All changes must be processed and approved by Data Security.
1.3 Enforcement

Wherever possible, technological tools will be used to enforce this policy and mitigate security risks. Any employee who is found to have violated this policy may be subject to disciplinary action, up to and in

8. Configuration

Above snapshot shows that the trunk has been formed between switchport Fa1/0/3 & Fa0.1 of Access Point. It also gives the description of Fa1/0/3. IP address of Access Point is 161.230.23.41 (Noida)

The above diagram gives information regarding the machines associated with the Access Point. You can see the mac-addresses of the machines with the Current IPs assigned thru DHCP.

The above snapshots shows the configuration for Dot11Radio0.1 & Dot11Radio0.4

This describes the IP address configured on the BVI1 Interface.

9. Wireless Diagram

WWW

2811

3750

RDA_DATA_SWITCH_01

TRUNK 161.230.23 .41 Internal User : SSID RDAPEAP

External User : SSID Visitor

Above diagram gives an example of an Access Point connected to a switch ( trunking) and having two SSIDs configured . 1. SSID RDAPEAP This SSID is being used for RDA internal user and 2. SSID is used for external Laptops where only Internet Access is given.

ASA5510

RDA_ROUTER