Wireless deployment with NAC solution
Feb 05, 2024
About the Client: Large Health Care provider - NJ
Customer is one of the largest non-profit health care provider in New Jersey providing wide array of healthcare services. Customer serves more than half the state of NJ providing care for health needs including critical patient care services. They are known for providing exceptional patient outcomes, experiences and committed to provide highest quality care.
Due to existing unmanaged Wi-Fi infrastructure and lack of security, customer has decided to deploy new WiFi solution which includes centralized AP management and Centralized NAC solution.
This strategic initiative was the outcome of multiple challenges & limitations faced by customer with existing Wi-Fi setup such as troubleshooting, administration, Wi-Fi management and high-availability of Wi-Fi services to Corporate and Guest users.
We worked with customer to come up with solution to design and deploy Cisco Wireless and Cisco NAC solution.
We engineered this solution to have fully redundant Wi-Fi infrastructure and improved Corporate Wi-Fi security and segmented Guest Wi-Fi solution. This has resulted to enhanced performance, better scalability, simplified management.
Customer faced challenges with existing running unmanaged Wi-Fi infrastructure and lack of security, customer has decided to deploy new WiFi solution which includes centralized AP management and Centralized NAC solution. Troubleshooting Wi-Fi issues in existing wireless infra was creating delay to the resolution of the incident. Hence customer wanted the new solution to enhance wireless services.
Customer wanted new deployment should be more efficient to serve and handle multiple branches Access Point from single central Controller and NAC device without having any issues on the performance of Controller and wireless endpoints.
Considering the criticality of wireless services, customer wanted new solution to be deployed to provide full resiliency to all critical wireless clients/devices.
Network resiliency was needed to enhance overall user experience by reducing downtime and increasing network responsiveness.
Existing running unmanaged Wi-Fi infrastructure and lack of security, administration and control over Wi-Fi services made it difficult to manage and troubleshoot Wi-Fi issues. Customer wanted a solution that can simplify the configuration, administration and troubleshooting of any issues related to Wi-Fi
Solutions and Outcomes
To address the goals highlighted above, Customer has decided to deploy new Global Enterprise Wireless and NAC solution. Since all the health care center were equiped with highly critical medical devices, this entired deployment/migration has taken place by deploying 4 Cisco WLC, 2 ISE Node and 340 Access Point in Flex-Connect Mode across the branch offices and healthcare center which has elimated need of having individual WLC at the branch or healthcare.
The overall deployement included below key components:
Management and Control: New wireless solution helped customer to manage remote location Access Points from central Wireless LAN Controller (WLC). From Security and control point of view, we deployed dedicated WLC for CORP and Guest users in DC. Guest and CORP users are getting authenticated from the ISE which again giving visibility of users. Separately created AP group for each sites made the wireless policies management easy.
We provisioned Dynamic Vlan assignment on WLC and integrated it with the ISE followed by userbase polices on Firewall. This eliminates the need of having multiple SSID for different categories of employee.
For guest user management we defined the Guest Portal under Layer-3 authentiction which is useds by guests to register and create their account in order to use Guest Wi-Fi
Scalability: New wireless and NAC solution is fully capable of handling traffic of multiple wireless clients requests without getting overloaded. New WLC can also accommodate more Access Points i.e. upto 1500 AP.
Network Resiliency: New deployment is fully redundant as below
- 1 CORP WLC is at DC1 and 1 at DC2 deployed in High-Availability in SSO
- 1 Guest WLC is at DC1 and 1 at DC2 deployed in High-Availability in SSO
- Each DC has 1 ISE node deployed which has all the three Personas
Enhanced Security: New solution is integrated with ISE which is giving more security to onboard CORP and Guest users to the Enterprise Wi-Fi. Guest WLC is placed at DMZ zone i.e. behind the Firewall, which restricts the communication between Guest and CORP wireless users.
This case study provides the overall idea of the successful deployment of Cisco Wireless and ISE solution.
This has addressed multiple issues of Wireless and its related security standard. This also reflects the positive impact of modernizing Wireless and NAC solution for the healthcare infrastructure. As the healthcare industry continues to grow and evolve, the Customer is well-positioned to adapt new challenges with respect to Wireless Security/Management and soon Cisco DNA Center we will provisioned for betterment of monitoring of wireless infrastructure.