A little about the lab environment I have set up at home:
My situation is a little unique in that I absolutely have to maintain a working internet connection for my wife. She's a CPA in the midst of tax season who is lucky enough to be able to work from home. So "breaking the internet," as she puts it, is not really an option.
The way I have things set up right now:
I have a Cisco ASA as my edge device at the moment, which is fed from a cable internet connection. The ASA splits into the LAN (wife's side of the network, which she accesses through a consumer-grade Asus access point) and my lab network.
My lab's core switch is an HP 3400cl-24G. Hanging off of this switch, I have:
Dell PowerEdge 2950 III running Hyper-V Server 2012. VMs that are running:
Server 2012, running AD, DHCP, DNS, File Services, NAP, and a Ubiquiti Controller
Server 2008 R2 (no roles actively doing anything; I recently blew up and reinstalled this VM)
Ubiquiti Unifi AP, which will be replaced by the Aruba APs for the duration of this project
The lab network is segmented into 4 VLANs, each assigned a pool in the 172.16.XX.0/24 space, with XX matching the VLAN number:
VLAN 10: Infrastructure
VLAN 20: IT Staff
VLAN 30: Accounting
VLAN 40: General Staff
Each group also has a AD user group with test accounts assigned (except for VLAN 10, in which the switches, APs, servers, etc reside). I have RADIUS functioning for
Other notes:
- Sean from Aruba has let me borrow three Aruba IAPs: one 225 and two 115's. They arrived yesterday! Thanks Sean!
- I also have 3 Cisco 2650XM's and 3 Cisco 2950s in a small rack that I am using for my CCNA studies that can be thrown into the mix if I get really ambitious.
In the end, I would like to see wired users sign on from the same workstation and be assigned to the appropriate VLAN, with VLANs 30 and 40 only able to access resources on their subnet and their gateway (no management access from these two vlans). VLAN 20 should be able to SSH/HTTPS to manage infrastructure.
For wireless users, I want users in VLANs 30 and 40 to sign onto the same SSID, receive an appropriate address, and be confined to their subnet and their gateway. VLAN 20 should again be able to SSH/HTTPS to infrastructure devices.
My university is all Aruba, but I never got to do much more than hang them when I worked in their network department. I have had more AirWave and controller exposure in the last few months, but I'm definitely looking forward to diving into the guts of what Aruba can do.