Upcoming Maintenance Alert:

The UBNT Community will be upgraded at 5pm MDT on April 25th. During this time the community forums will be set to read-only status.

Learn more

×

City network, wifi, phone system upgrade !

by ‎06-17-2017 12:01 PM - edited ‎06-18-2017 12:27 PM

Hello all,

 

here is my story as a ubiquiti products user and installer.

 

When I started this job as IT manager for this city in France they were using mpls over adsl links ... lots of dsl links : schools, library, public services, social services ... with bad copper line quality, disconnections, slow speed, unhappy users and they were just hit by the locky ransomware 2 months before I began, with no backup which caused them nearly 2 weeks of outage and lots of lost files ... quite a challenge !

 

So the first thing to do was a network upgrade ! (after installing veeam for the vm backups, closing network shares, updating vmware esx, installing eset, replacing XP desktop, creating new gpo, auditing phone system ... !)

 

1- Interconnections

 

With a previous experience with Ubiquiti products in my past job I decided to interconnect most of the buildings. Since town police videoprotection was already installed (and also using ubiquiti !) but on a separate network and by a contractor I simply used the same high spot (a local residential tower, 15 stories) to install our own pole avoiding interferences (they mainly use M gear, I am using AC) :

 

Capture1.PNG

On the left you can see the 2 masts for video protection (not maintained by us) and on the right the new mast with EPR6, Rocket + 60° AC antenna, Nanobeam 5AC 16 (with the lan port flapping, RMA and replaced by a Litebeam 5AC 23).

 

This allowed us to link 4 distant buildings (technical services (2mb sdsl for 20 users !), 2 elementary schools, a library) and to link another high point 1km further serving 3 others building (a school, a reception hall, a social service) where there are a Edgepoint R6, 2 litebeams 23db and a nanobeam ac 16.

 

On the other side of this tower we installed another ptmp with a Litebeam 5AC16 120 and a Nanobeam 5AC 19. The Litebeam is linked to 3 buildings (soon 3 more), 2 schools, 1 residential building for elderly the Nanobeam is our link to the main site (those antennas are connected to the Edgepoint R6 of the 1st pole).

 

Each building has either a Nanobeam 19db or Litebeam 23db to connect to the ptmp.

 

Connecting a school NSM5 + Litebeam 5AC23Connecting a school NSM5 + Litebeam 5AC23

We actually have 23 antennas up and 12 buildings connected to the main site.

 

MapMap

2- WIFI

 

The main site is the city hall with a 100/20 fiber. Interconnecting the schools allowed us to deploy 30 laptops in each schools to create a mobile computer class (6 schools so 200 laptops for teachers and students) connected with unifi switches (1 or 2 per schools) with 2 UAC AP PRO per school that teacher connects when they need wifi in the classroom (we are required to only switch on the wifi when they use the laptop, otherwise it must be switched off to prevent overexposure of children).

 

Wifi was also changed for the users by configuring UAP AC Lite and WPA enterprise with a radius authentication and a guest wifi with coupon for public visitors.

 

Interconnections allowed us to extend the SSID to the different sites keeping the radius auth and same SSID by managing vlans : a gpo deploys the wifi settings to the users computer automatically. 

 

A cloud key is used for the wifi management :

UnifiUnifi

We have an average of 50 wifi users and peak at 120-130 when student visits the library.

 

3- Network

 

The network was all Cisco 2960 and one 3750, rather old. They were all replaced by EdgeSwitch 48, 24, 16 and 8 ports POE. Vlan routing is now managed by a ES48 Lite, servers (vmware, nas ...) are connected on another ES48 Lite. We replaced about 18 switches, used SFP/SFP+ (FiberStore).

 

Wan access was provided by 2 little Juniper (ssg50?) that I replaced with an Edgerouter 8 Pro, providing VPN access for remote users, dual wan (with an existing adsl connection).

 

Now that we have the POE network we could change the phones !

 

4- Phones

 

I tested XiVo, Asterisk, 3CX and kept 3CX because we are mainly windows admins and because of the ease of use to delegate extension creation.

 

So we replaced the phone system in several buildings (old alcatel pabx) by VOIP directly installed in the town hall (3CX VM), created a new phone vlan that is propagated to the other buildings, some QOS on the edgerouter, enabled lldp+lldpmed+voice vlan on edgeswitch, a trunk SIP and now we simply plug the phone (Yealink T21, T23G) and it switches to the voice vlan and we have a line after configuring the extension in 3CX!

 

3CX v15.5 is really great.

 

5- Conclusion

 

I started working for this city on 1st August 2016, next week is my last week working as IT manager for them (I quit for another challenge) and I feel that thanks to the ubiquiti products we have spared the french tax payers a good amount of money by installing ourselves all the antennas, switches, cabling ... and we reduced the spendings on adsl fees (we closed a lot of lines, some with expensive services (sdsl ...) ...) and simplified the network.

 

The users are now happy to have a fast new network with new services (network backup of their folder, fast access to shared folders and internet), a new phone system which should grow to 150 (currently only 50 phones deployed), wifi access in every building, 200 laptops for elementary schools for teachers to use, PRTG supervision + Air Control.

 

Interconnections, phone systems, wifi, laptops deployment, routers and switches configuration were all done internally by the team (I was with 3 technicians and an apprentice). I'm sure they learnt a lot (I did too!) as they were not used to installing and configuring network switchs, antenna and phone systems. They discovered that IT was not only sitting behind a computer answering users' call but also going up a ladder to fix an antenna and be proactive to fix futur problems and foresee needs. They were motivated again.

 

It was quite a challenge to audit the entire IT : Active directory had to be purged and updated, Exchange 2007 had to be updated too (missing at least 7 years of updates but no budget to upgrade), Windows update and wsus were disabled for 2 years (enabling them caused many computers to get 200 updates ...), lots of XP desktop, other services would not trust IT team anymore (locky) and tried to do without it and so on ... users could not believe the speed when we created our first link about 2 months after I started, to replace a 2mb sdsl with a +150mbps link to city hall servers.

 

We encountered many surprises : for example cabling was sometimes faulty and when replacing the switch? which should have taken 10 minutes, it usually took 2 hours to fix cabling ... or with small unmanaged 8 ports switches screwed under the users desk ... 

 

In march 2017 I and another technician became UBWA certified.

 

I'm 100% sure I'll use ubiquiti products for my next job, I spent a lot of time learning and testing on weekend and evening but now they have a good network.

 

Sorry for the long post but I had to share this success as it was personnaly very time consuming but rewarding !

 

Matthieu Roger

Comments
by
on ‎06-17-2017 02:25 PM

Awesome story!

by
on ‎06-17-2017 02:35 PM

woow     

 

cool job

 

/Flemming

by
‎06-17-2017 03:19 PM - edited ‎06-19-2017 04:28 AM

Nice story! I really would like to have some simliar challenge! Good job!

by
on ‎06-17-2017 04:07 PM

Beau projet!

by
on ‎06-17-2017 06:24 PM

It sounds like the French owe you a debt of gratitude. Thanks for sharing!

by
on ‎06-17-2017 11:00 PM

A great write-up of what sounds like a massive project! 

by
‎06-19-2017 03:43 PM - edited ‎06-19-2017 03:44 PM

 

Cool story of connecting up all their sites on the super cheap using Lightbeams and PowerBeams. Now that you have then hooked on Ubiquiti and wide area microwave bypass based networking you should write a new proposal to go back and replace all those CPE grade links with AirFibers so they have serious intra-building bandwidth, and are future proofed.

 

This part I found odd:

 

(we are required to only switch on the wifi when they use the laptop, otherwise it must be switched off to prevent overexposure of children).

 

Has anyone explained to them (the math - the actual milliwatt info) of how infinitesimally small the power output of a UniFi access point are, vs things like the GSM phones they already carry around in their pockets?

 

 

Stories is my favorite part of the UBNT community, I love all the show and tell, it's quite inspiring.

 

by
on ‎06-20-2017 12:02 AM

@wayneco Yes, I wish we could budget airfiber everywhere ! Man Happy but we had to to budget many other parts like desktop upgrade (we bought second hand refurbished computers to match budget), software licences so we went "cheap" but it works good and most of the buildings are small team.

 

For the wifi switch on/off, it is a recommandations from the government to limit exposure to children in school, it is also forbidden to put wifi in nursery (pre school < 3 years old child day care). But you're right, it is a residential area with a lot of wifi around so it is a "precautionary principle" so parents can't say it is because of the city wifi their children got ill (if they do) ...