Multi-discipline school in Denmark provides specialized skills courses for students
Meraki APs offer robust wireless for daytime students, boarding students, and guests
Active Directory with captive portal required for student authentication
From high school to vocational training, EUC Lillebælt offers programs for students looking to develop specialized skills, including architecture, computer engineering, process operating, blacksmithing, and more. Much of the curriculum requires access to online or digital content, making a robust network essential to learning.
Distributed across five locations, the school’s previous network operated on the aging 802.11g wireless standard and was difficult to manage. “We needed consultants to upgrade configurations on devices and so on, and not all of my people were able to manage the solution,” explained Lars Juul, IT Manager at EUC Lillebælt. Juul wanted to provide the school with a complete technology overhaul including upgrading to the latest 802.11ac wireless standard. This would also provide better coverage for students and teachers who were connecting nearly 1,200 mobile devices to the wireless network daily.
During the process of evaluating vendors, including HP and Aruba, Juul discovered the Cisco Meraki solution through his technology partner. He decided to attend one of the weekly webinars to learn more about the cloud-management platform and receive a free Meraki access point to test. Finding a product that provided simple management, while also offering deep visibility, was crucial considering the school’s IT team consisted of just four people. Following the successful evaluation of the AP from the webinar, Juul chose to deploy 100 Cisco Meraki MR34 802.11ac APs “We chose Meraki because of the ease of use, the quality of the solution, and, of course, the price,” said Juul.
The Meraki APs, installed at the network edge, connect seamlessly with the existing switch infrastructure, which is deployed in a star configuration. In a week where the school was closed, it took a single employee just three days to completely remove the old APs and deploy the new Meraki MR34 APs. “It was easy and pain-free,” explained Juul. “I actually enjoyed doing the entire wireless upgrade entirely alone.”
The intuitive Cisco Meraki web-based interface provides the EUC Lillebælt team with the ability to configure up to 15 different SSIDs per network. This allows them to push custom settings to various user groups and to create SSIDs specifically for testing new features or configurations before making them live on the network. Currently there are 3 active SSIDs for guests, daytime students, and boarding students. Guests and boarding students have open access to the internet, but the IT team is able to enforce restrictions in dashboard to prevent abuse by denying access to the LAN and defining traffic shaping rules for peer-to-peer, social web, and photo sharing traffic. Conversely, users accessing the daytime student SSID are redirected to a captive portal where they are required to enter their Active Directory credentials to gain access to the network, including the LAN. On this SSID, Juul has configured Layer 3 firewall blocks and various traffic shaping rules.
“I personally like that Meraki has taken all the functions that are useful to us, and have made them very easy to access and use in a quick, meaningful way,” explained Juul. “Then they have taken the settings that only a few people wish to change and have preconfigured those settings for us in advance.”
The tagging functionality in dashboard allows Juul’s team to tag each Meraki AP with the type of access they want for that location. Using this feature, they can choose which SSIDs are broadcasted on the APs deployed in each area. Moreover, they can schedule when the SSIDs are broadcasted. For instance, for the daytime student SSID, the IT team has restricted access to daytime hours during the week, providing an additional level of security by eliminating access to internal resources during evening hours.
The ease of use with the Meraki solution ensures that I need to have zero, or near-zero, administration burden on a daily basis.
EUC Lillebælt provides services for numerous types of students and guests, meaning they have all types of devices accessing the network, from phones to tablets to gaming devices. This level of network exposure can be unsettling for IT teams; however, the Cisco Meraki MR34 APs have a dedicated security radio that continually scans the environment, classifying and containing potential threats like rogue SSIDs, packet floods, and malicious broadcasts. Juul’s team can then assess the threat level and take whatever action they deem necessary, while knowing that the infrastructure is secure even outside of school hours.
Juul and his team are able to keep an eye on their network from the dashboard by either diving into the fine-grained details on clients and configurations or by looking at the overview summary. The overview summary provides a historic look at the trends of usage, device types, area of heavy density, and clients. Using this information, they can identify where additional coverage is required and simply add an access point, create more fine-tuned SSID configurations, or adjust traffic shaping rules to balance bandwidth consumption. “It’s working great,” said Juul. “We can make changes to the network without anyone noticing, increasing speed and coverage.”
One of the most appealing aspects of the new network has been the change in types of cases the IT team has been receiving. Before the upgrade, many of the cases being raised were related to something not working or a decrease in the overall performance of the wireless network. Now, they are receiving positive feedback about the improved coverage and the simplified Active Directory login process using the captive portal. Previously, only certain members of the team knew how to manage the network; now everyone on the IT staff is comfortable with the dashboard management interface and money is already being saved by not having to hire consultants for routine maintenance.
The troubleshooting tools that are integrated into the dashboard have allowed Juul to be proactive about his network maintenance. It has also given him the ability to identify potential problems in the network. For example, the RF spectrum analyzer revealed an issue with the school’s alarm system and they were able to respond with configuration changes. Looking forward, the school is investigating Cisco Meraki Systems Manager for mobility management, as well as a more unified platform with Cisco Meraki switches. “The ease of use with the Meraki solution ensures that I need to have zero, or near-zero, administration burden on a daily basis,” explained Juul.