Network Administration

Physical Cabling Infrastructure: ISP, Fiber Path, and Point-to-Point Information

  • Primary ISP: Cogent Communications
  • Secondary ISP: Crown Castle
    • 1Gbps symmetrical bandwidth for both connections
    • Feeds enter campus via diverse paths to minimize disruption from a cable cut or other unforeseen accident
    • Load sharing between links implemented Summer 2019
  • Fiber Paths
    • The University at Buffalo Leases Support &  Fiberoptics to provide L1 (physical) connectivity to our Cogent DIA
    • Lightower Communications Leases Support & Fiberoptics to provide connectivity to our Level 3 DIA
    • Daemen College’s Building Interconnects contains a blend of multimode fiber optic cable: OM1 & OM4
      • Older OM1 multimode Fiber remains intact as well as excess strands of newer OM4 fiber. The intent is to provide redundant paths in case of connection failures
    • In progress: 6 strands of single-mode fiber from Canavan to AWC provided by First Light Communications.  ETA: October 2020
  • Point-to-Point Wireless Bridge
    • AWC Main Connection
      • DragonWave Horizon Quantum- Licensed channel, microwave point to point, 1Gbps throughput
      • Contract with Blue Wireless for support
      • Radios are on the roof of Duns Scotus and AWC
    • Alumni House Academic Feed/Redundant connection
      • Ubiquiti AirFiber24- Unlicensed channel (24ghz), microwave point to point, 1Gbps throughput
      • Radios are on the roof of Canavan and above the main doorway at Alumni House
  • Physical cabling within buildings
    • Leverage the use of existing cat5 and cat5e copper cabling within buildings
    • All new copper cable runs within buildings utilize cat6 u/UTP plenum rated cable
    • All new wireless access point cabling utilizes cat6a u/UTP plenum rated cable

Network Topology & Devices

  • Our WAN fiber connection from Cogent and a copper connection from Crown Castle terminate to a 10 GIG capable Cisco ASR1002x router
  • The connection then routes to our dual Sonicwall Supermassive 9200 firewall.  The two devices are set in an active/standby failover mode where one device will take over should the other fail.
    • The firewall splits the three separately zoned networks (Academic, Residential, Administrative)
  • Connections are sent to each building over the fiber paths to  Dell managed switches of various makes and models within each building
    • Our Academic network is comprised of various logical networks (VLANS) and the following SSIDs:
      • dc-secure
      • dc-iot (hidden – WPA2 PSK SSID for headless devices)
      • dc-guest
    • The dc-wireless open SSID has been retired and removed.
    • Resnet has moved off the Ubiquiti wireless system and no longer uses the PFSense software firewall for posture checking.  Daemen is leveraging its existing Aruba infrastructure and has added an additional wireless controller to handle Resnet duties, along with new Aruba wireless access points.  Aruba Clearpass is now serving as the new NAC.  The following SSIDs are now in use for Resnet:
      • dc-wildcat
      • dc-summer-guest (only active in summer for conference guests)
    • New VLAN networks have been created to segregate sensitive network traffic:
      • Separate VLANs for any devices handling credit card information, for PCI compliance
      • Separate VLAN for life safety, network cameras, and card access readers
      • Separate VLAN for VALT camera recording system in the RIC 2nd floor
Network Hardware Totals
Routers Firewalls Managed Switches Wireless Controllers Wireless Access Points
1 2 75 3 338

Network Monitoring and Alerts

  • Solarwinds Network Performance Monitor: Overall Network Health, Performance & Alerts
  • Aruba Airwave: Wireless Devices and Clients
    • Health, Performance, Alerts
  • Dyn Managed DNS
    • Monitor and alert to DNS service state for my.daemen.edu and www.daemen.edu
  • Kiwi Syslog
  • External network penetration test completed in Fall 2019.

Future Projects

  • Replace remaining unmanaged L2 switches with new managed PoE switches (Dell N1500 or N2200 series)
  • Upgrade existing Aruba infrastructure to software version 8
    • Increase security on dc-iot to WPA3
  • Consolidation of Academic and Administrative networks
  • Wireless coverage improvements
    • Possible new outdoor APs to cover the area between Rosary and Wick
  • Upgrade all inter-building links to 10GB
    • Will require an upgrade of old OM1 fiber to OM4 or single-mode.
  • Upgrade core switch stack (set to go EoL in 2023)
  • Server room network rack UPS upgrade & power distribution.