Wednesday, July 13, 2011
Wood Campus Center: Room E/F
University of Alaska Fairbanks
Fairbanks, AK
Wireless
- eduroam
- Captive portal
- Authentication without a client
- Shibboleth authentication
- CALEA
- Accessibility issues with captive portals
- screen readers don't work
- Authenticate with CAS?
- Authenticate with TLS/certificates
- ChromeOS and WPA2
IPv6
- Terado
- 6to4 Relay
- Join IPv6 WG to help with best practices documents
- DHCPv6 vs SLAAC
- DNS - if SLAAC
- DHCP INFORM message
- No RAs on server networks
- 802.1X with IPv6
- The Pv4 world is this big, the IPv6 world is THIS big, where do you want to go?
- RA guard
- Scrape the neighbor table
OpenFlow
- Software defined networking
- VLAN through the switch
- OpenFlow switchs
- OpenFlow APs
- Juniper/HP/Pronto
- Production?
Phones in ALL Wireless Areas
- Phone per suite
- Phone per floor
- e911 for wireless VoIP
- PSAP
- RedSky
- Cisco Emergency Responder
- Requirements vary by state
- Cellular vs WiFi
- Risk management
100G Ethernet
- Brocade MLX-16
- Skip 40 and go to 100?
- Expensive
- MLX-16e: 16 slots of full duplex 100G
- Oversubscribe, port density, power, cooling
- Cisco ASR900 40G
- Cisco CRS 40G
- Quanta / Pronto 3980 - 40G 16 ports QSFP
- Broadcom Trident Chips
10G Servers
- Nexus 7K and 5K
- Juniper EX4500
- Arista
- Force 10 - too new
- Nexus 5010 / 5020
- Fibre extenders back to core
- 5500 series L3, 5000 L2 only, 7000 L3
Next Gen Core
- Juniper MPLS
- Nexus - fabric path
- 6500s with SUP2Ts
- MX960
- Cisco e chassis 80G
- Converged
- Future must be 100G
Security
- RSA Compromised
- Firewalls
- Departments maintain rule set; Central implements it
- Nessus scans
- Firewall rules
- reviewed by network engineer?
- prevetted rules?
- security override?
Switch Upgrades
- MACSec
- 802.1X
- v4 security features implemented for v6
- Control plane protection
NetFlow Analysis
- LANCope
- inMon
- Bro
Thursday, July 14, 2011
IPv6 IPAM
- Infoblox
- v5 and about understands IPv6
- v6 supports DHCPv6
- Bluecat Proteus
- Some IPv6 support
Cell Carrier Hot Spots
- AT&T
- DAS
Remove Connectivity
- Cable/DSL - tunnel back to campus
- Psuedo wire connection
Guests
- Get RFC1918 IPs
- NAT
- 1:1 NAT vs 1:many NAT
- Logs: huge
- SPLUNK
- Correlate events
- Route RFC1918 addresses internally
- Split DNS?
SIP Trunks
- PRIs
- SIP
- Acme Packets - session border controller
- Cisco 3945
- ASR1004
- Cisco Callmanager
- Nortel Avaya Communication Server 2100