Financial Company Secure Access Points


Last month, I worked on a project with Amvean, an IT consulting company, here in Manhattan, NY.
Amvean Consulting was tasked to implement a manage, centrally-controlled wireless management infrastructure for an international financial services company with a local New York based office. The project required consideration of the bank information security protocols and the wireless system was to service guests and external auditing staff that would routinely visit.

Due to compliance, the bank is not permitted to allow guests to join their wireless networks without approved security credentials.  Technology selection, installation and security were a part of the scope of this project.

Client

Client is a multinational banking and financial services company. They offer a wide range of banking products and financial services for corporate and retail customers through a variety of delivery channels and specialised subsidiaries in the areas of investment banking, life, non-life insurance, venture capital and asset management. The bank has a network of 4,183 branches and 13,498 ATMs, and has a presence in 17 countries including here in New York.

Project Scope entailed the following:

  • 1. Wireless site survey to determine optimal location for one additional access-point
    2. Required cabling runs from server room to the respective locations where the Access Points will be installed
    3. Installation and Configuration of the Access Point on both 2.4GHz / 5 GHz bands
    4. Installation and Programming of Power over Ethernet Switch
    5. Post installation wireless site survey and respective adjustment
    6. Programming relevant network equipment Wireless Access Controller
    7. Install Network Switch and/or Network Routing Equipment to accommodate the new  internet service provider
    8. Network diagram and respective network configuration files

The hardware required for the project consisted of, one new Access Points from Cisco and  relevant mounting kits, Cisco 1900 routing equipment or equivalent, Cisco Wireless Access Controller with PoE capabilities, Cat5e plenum overhead cabling, and three Cisco AIR-CAP1602 Access Points at different locations.  

Summary:

  • Network cable run to access points and termination to the server rack
  • Installation and configuration of cisco 1921 router with two VLANS
  • Setup network remote VPN service
  • Enabling of QOS service to take advantage of the Cogent Fiber downlink
  • Installation and configuration of a Cisco 2504 Wireless Mobile Controller for both staff and guest access
  • Applying applicable bandwidth and security restrictions per banking policies   


Project Equipment (supplied by Amvean)

ICICI Bank_devices

Cisco 1921 Router
Cisco Switch SF200-24P
Cisco Mobile Controller 2504 WLC – 5 AP Licenses
Cisco AIR Mesh Wifi Access Points

Operations
Amvean performed a detailed site inspection a week before and myself and another technician was able to perform the installations and configurations of all devices at the close of the business day. The normal daily operations of our client’s business didn’t get affected since this was a new setup and didn’t require any operational shutdowns of servers and existing equipment.
First the cat5e network cables were run overhead in the ceiling where it was not-visible. Call termination were performed for RJ-45 cables and also the Fiber (provided by Cogent Communications), was terminated and tested and secured to the access points mounted on the walls (see pic).

20160415_104258

Cisco AIR-CAP1602 AP Install

Cogent fiber links

Cogent Internet Fiber Link Installation

Afterwards, the rest of the Cisco  Router 1921 and Cisco WLC 2504 equipment was attached to a server rack (see pic).

1921 router with 2504 wlc

Cisco 1921 Router with 2504 wlc

Network Implementation
On the software configuration end, the Cisco router 1921 was configured with specific IP addresses, routing information and VLAN requirements for the wireless lan controller. Access points were connected to the PoE switch, in addition to the router and controller, as seen in this example topology.

example network topology

Conclusion
Myself, together with Amvean tested the wireless system installation to ensure that we met all the client’s wireless installation requirements and network security obligations. Staff members are now able to gain wireless access on their devices using mac addresses with WPA2 preset password authentication filtered by the access controller.

Guest of the company were each provided a username and unique password  which is time-generated so that guest would have access for a finite amount of time. The Cisco Mobile 2504 enforced controller’s authentication and policy settings across the network.

As a whole, all went as planned.

WiFi speeds from the access points at different locations on the office floor were tested and produced excellent download and upload results.

To say the least, the biggest achievement of the day were the smiles on our client’s faces and nods of approval. Once again Amvean had come through, with the promise of what this company prioritizes … total customer satisfaction!


Posted in Blog, Projects and tagged , , .