Wireless Access

We'd like to provide and monitor wifi access for our guests that will be staying in a separate location/building. Currently, that building is not tied-in to our current network so it has it's own connetion to the internet with a different ISP.

We currently have a 3600 controller with 16 AP's - 9 of them are RAP's - all working well.

We have 16 AP's that are not being used at the moment so I'm thinking we can use a couple of those in that building and connect it to a smaller controller and manage it from the internet? Any thoughts or suggestions?

Thanks.

Absolutely!

Another option would be to setup the AP's in remote mode and have the traffic source nat'ed threw that building's modem but we'd have to ask our ISP to allow traffic to flow threw their firewall and then poke holes in our firewall to reach to our 3600 controller.

I should mention, our goal here is to be able to log who's conneted to our wifi network (s) - there's been people connecting to the existing wifi network in that building and sending out some threatening emails to certain staff. We want to be able to figure out what machine was connected at the time that message reached our mail server and take action - I'm thinking the easiest way would be with a second controller with a public IP's on its' WAN interface then at least when we go through our email logs can say: "the threatening email came from the controller's IP therefore it was sent from someone connected to one of those AP's"

If we go with a second controller, would I be able to login to our master controller and manage or at least have a dashboard view of what's happening on that second one?

I have a meeting with my boss tomorrow and would like to present to her some ideas - Her big concern is security and logging.

Thanks

How you would design your network would probably be determined by what you do to collect logs right now.

If log collection is sizeable, you should probably have a controller at that site so that log collection does not have to traverse the internet.

That's the thing...we're not collecting logs at the moment. Is there a way to do this in the latest Aruba OS? What we'd like to do is have the ability to pull reports for any given day - maybe as far back as 2 weeks or longer. Would we need AirWave to do this?

Also: is there a way to have the controller send an email alerting us that there's been a rogue device detected?

Thanks

The controller can log every packet by enabling the "log" parameter in the firewall policy for a user.  The controller can be configured with an external syslog server to send this to a server.  These logs can be voluminus and will add to the utilization of the controller.  Please look in the user guide on how to create firewall policies on roles and they will discuss the "log" checkbox.

The controller can send syslog or snmp traps for a discovered rogue.  You would have to rely on your network management system that is collecting the syslog or snmp traps to send the email, however.

Since you are using a separate internet connection for guest traffic, you might not even be required to collect logs.  I would inquire about this before putting in the work.