560 likes | 699 Views
DU Wireless Networking Update. Chad D. Burnham & Byron D. Early University Technology Services July 9, 2002 @ Univ. of Utah. Why Wireless @ DU? Laptops!. Laptop Requirement @ DU: Undergraduate Laptop program in place since Fall ’99
E N D
DU Wireless Networking Update Chad D. Burnham & Byron D. Early University Technology Services July 9, 2002 @ Univ. of Utah
Why Wireless @ DU? Laptops! • Laptop Requirement @ DU: • Undergraduate Laptop program in place since Fall ’99 • Students learn to utilize technology WHILE learning educational content • ‘02-’03: All undergrad & MBA students required to have laptops with wired 10/100 Ethernet card. • Laptops showing up with 802.11b cards built in. Students are asking about where & how on campus.
Why Wireless? (Cont.) • ~5000+ student laptops on & off DU network • ~300 faculty use laptops via departments, grants (some self funding) • Student Survey Results: • More “wireless hotspots”
Laptop Technology in DU’s Curriculum • Wireless network access is an overlay network service designed to provide physical flexibility in: • Open Areas – “Hot Spots” (inside & outside) • Wired Classrooms • Center for Teaching and Learning (CTL) • Academic grants used as incentives for divisions to ‘convert’ to digital media. • DU’s Blackboard On-line Class Implementation • Homework, Syllabus, Class Notes, PowerPoint Slides, quizzes.
Wireless Technology Concerns @ DU • Bandwidth limitations: • Performance: Not adequate for certain applications • Privacy & Security • Encryption & Authentication • Network Snooping – Separate VLANs for Wireless networks (not ‘on-top’ of existing) • Technical Support / People: • Card Installs: its all about the “DRIVERS” • VPN Software: Installation/configuration • User password issues • AD / LDAP / Kerberos?
Wireless Technology Concerns @ DU - Continued • Evolving/changing wireless technologies & PC operating systems: • Incompatibilities with installed base • Upgrade costs • “Rogue” Access Points – Dept. Installed • Security Issues – Network Access • Performance Issues (Duplex) • CDW ad: “I can do wireless”, “what is wireless”? • Top Level policy in draft stage - How to police?
Wireless Network Benefits for DU • Convenience • Places you cannot wire • Historical buildings • Access problems • Cannot get fiber uplink to • Flexibility physical group learning models • New type of “smart-classroom”
The Ricks Center (DU’s private K-8 school) • First wireless system was proprietary infrared technology: Summer 2000 • Not well liked or successful (connect problems, lost sessions, etc.) • Replaced with 802.11b Network: • 72 Laptops Provided to students by Ricks Center • 4 x 802.11b Access Points • Security: MAC Address Registration & WEP • High administrative overhead • Works well in this closed environment • Content Management in place
The Ricks Center (Cont.) • Reasons for Implementing Wireless for K-8 • Classes frequently broken into small “work groups” • Group & individual research flexibility • Web Publishing application • E-mail • Lower bandwidth type applications
Rick Center: Continued • Purchased mobile Dell Cart to secure units
Penrose Library • (10) 802.11b Access Points Installed • Redefining the library…. • Provides for wireless access for students, staff and faculty in library • “Wireless Festival” • VPN tested with 25 laptop users • Ready for “prime time” by fall 2002
Expanding Wireless @ DU • Current Installed Base: • 70 total Access Points in (18) VLANs • Security: In process of implementing VPN • Summer Projects 2002: • Adding (30) Access Points = 90 Total • VPN-Only Access for all wireless • 21 total VLANs
“The RF Site Survey” • Outside Firm vs. In-House • Outside Costs: ~$100 per/hr per/person • DU tried 2 different firms – limited use now • Dictates # of APs and placement of APs (RF Design) • Gives initial grasp of hardware & installation costs
Site SurveyRecommendations: • Use 3 people to do the surveys: • 1 person @ proposed base area with AP & various antenna types • Changing Antennas type/position/location • Documenting results • 2 people on wireless laptops (w/802.11x radio) & handheld walkie-talkies • Documenting SNR (in software) – to be overlaid on to maps/floor plans. • Cannot do “valid” site-surveys from blue-prints • New buildings: radio waves propagate much differently with furniture and people present
Site Survey Recommendations: (Cont.) • Assemble “Site Survey Tool Kit” • Detailed layout/blueprints of building • Portable battery pack for AP • AP & Radio Cards: use same brand as equipment to be deployed • Variety of Antenna types • Misc: digital camera, tie wraps & tape, flashlight, etc.
Antenna PlacementRecommendations: • Do not place antennas near: • Metal objects (filing cabinets, railings, I-Beams, lath, pipes, etc.) • Walls (when possible; unknown construction) • Wave degradation issues • Separation important with multiple antennas • 1 meter when on same tripod mast • Antenna should be placed in accessible area • Rooftops: Denver building code requires coax in rigid conduit supported off the roof (stands)
Antennas (Cont.) • Think 3-Dimensionally • “Outside In” Approach (contain signals in desired area) • Patterns vary by antenna type • Horizontal & Vertical “beam patterns” • Keep coax / LMR waveguide to minimum length • Move the data cable & AP before making coax longer
Wave Guide / LMR COAX • Cabling from Antenna to Access Point • LMR 200/400/600/800, etc. = Size & Loss Properties • LMR have very low signal loss properties • Every Db matters: Keep distances as short as possible • Newer Balun (75 <-> 50 Ohm) & Amplifier combo units available to deliver over cheaper RG-6 Coax • Times Microwave: Industry leader in cable, prep tools, and connectors.
Coax (Cont.) • “Leaky Feeder Coax” • Used as “base-station” antenna • “Leakage Slots” in outer foil conductor • Applications: vehicular tunnels, mines, inside buildings • Sized as LMR 600 • Expensive • Performance: DU has not tried yet
Antenna Variables to look for: • Antenna Data Sheet: read, understand, be skeptical (assume ½ coverage to be safe) • Beam Coverage: • Horizontal & Vertical (in degrees) • Antenna gain: rating in Dbi. (extends tx/rx “range”) • Size/Shape • Aesthetics • Remember: must have line of sight! • Cost • 2.4 GHz rated (802.11b)
RF: Its all in the Antenna…. • Parabolic Grid Antennas • Radome-Enclosed Yagi Antennas • Omni Directional Antennas • Patch Antennas (Bow-Tie) • Planar Array Panel Antennas • Heavy-Duty Panel Antennas • Mobile Antennas • Indoor Ceiling-Mount Antennas • "Rubber Duck" Antennas
A. Parabolic Grid Antennas • Reflector grid antenna designed for long-range operation (line of sight & <7 mile) and can be configured for either vertical or horizontal polarization. UCONN Story. • Heavy-duty yet lightweight construction and a UV-inhibited powdercoat finish. • Know your “Beam Pattern” or “Coverage” • Horizontal/Vertical discussion
B. Radome-Enclosed Yagi Antennas • Radome-enclosed yagi antennas combine high gain and wide beamwidth in a compact package. • Solid aluminum boom and elements enclosed within a white UV-inhibited radome for all-weather operation • “Pringles-Can” / War Driver article…
D. Patch/Panel Antennas: • Patch antennas are suitable for indoor and outdoor use. They are designed to be compact and aesthetic. • Narrow and wide beam avail. • Point to Point vs. AP • “Bow-tie” beam pattern • Low Price & excellent performance!
E. & F. Planar Array Panel Antennas: • Some models offer an attractive solution (aesthetics) for fixed subscriber and base station applications, • High performance alternative to Yagi-style antennas • Indoor/Outdoor
G. Mobile Antennas • Feature a variety of gain, radiation pattern and physical mounting options. • Moving Vehicle Applications
H. Indoor Ceiling-Mount Antennas • Ceiling-mount antennas are high performance, aesthetic and nearly invisible against a suspended ceiling (Holocom Panel) • ~3db gain
I. "Rubber Duck" Antennas • Perfect for portable applications and as replacement antennas for many popular access points
Active Ethernet (PoE) • Active Ethernet eliminates 110v AC outlet installation @ AP. • “Fault protected” recommended • “Injects” DC power onto the Ethernet (CAT5/5e/6) cable on Pins 7&8 (unused by Ethernet . • 19” Rack Mount - 12 / 6 / 1 Port Available. • Cisco WS-3524-PWR - WILL NOT support this feature without “Injector” hardware. • 802.3af ratified (today: 3Com, Milan).
DU: 802.11b (Current Networks) • 802.11b: Today’s most prevalent wireless Ethernet IEEE Standard • 2.4 GHz Carrier Frequency • Uses “Direct Sequence” Radio Scheme • Signals @ 4 speeds:11, 5.5, 2 & 1 Mbps • 14 discrete Channels/frequencies • Only 3 channels do not overlap (1, 6 & 11) • Applications: • LAN, Point-to-Point, Point-to-Multi-Point
DU: Future Wireless Networks • 802.11g (2.4 GHz, 22 Mbps) • Orinoco AP-2000 supports b & g in same box • Antenna Placement Remains the same • 802.11a (5 GHz): Higher frequencies require more antennas for same coverage
802.11b: Security & Access(OSI Layers 1 & 2) • ESS (Network) ID: Text Constant Variable • DU: Using Single Standardized Name • Users can’t be expected to know multiple wireless names for different locations • Open vs. Closed Network Setting (BSS): • “Open Setting”: Used by Windows XP to configure network automatically (pros and cons) • “Closed Setting” does not broadcast ESSID (weak security, user must know ESSID)
802.11b: Security & AccessOSI Layers 1 & 2 (Cont.) • MAC Address Registration (on APs) • Cumbersome & high management overhead • Must re-enter if card is swapped out • DU tried on 3 networks…...it’s over • DU Not Using: L2 WEP/WEP2 Key encryption • WEP2 (802.11i) not yet ratified • DU using VPN layer 3 solution • Encryption & AAA
802.11b: Security & Access (Cont.) • “Open” Access Points: • Mapped & Published on the Web • “Warchalking”: Do the outside walls of your wireless buildings have unusual graffiti?
DU Encryption & Access Using VPNs: • VPNs: DU using Cisco 3030s to terminate VPNs • Configured for IPSEC-3DES – 168Bit • Authentication & Authorization: VPN Client software leverages a back-end USER database for AAA functionality • RADIUS: Radiator on Solaris 8 • DU “Branded” Cisco-VPN Client Software for: • Windows (98/ME/NT4/2K/XP) • Not Yet DU-Branded: • Pocket PC, Palm OS, MAC OS 10,Solaris, Linux
“Locking Down” Wireless LANs: • Router Access Control List Objectives (so far): • # Allow IPsec to VPN Concentrators • #Allows MSFCs to see each other for HSRP • # Allow bootp on broadcast • # Allow bootp from DHCP clients • # Allow DNS to iVPN DNS server • # Allow download of client • # Allow MGMT station to ping router and AP's • # Allow these systems to be pinged • #Allow management station to snmp from APs • # Deny all else
Physical Network Topology • DU Data Backbone • Wireless is several Internal VLANs / Subnets
Standards Watch: • DU: Standards-based solution
802.1X - EAPLayer 2 Authentication • Drafts 7,8 & 10 on table – None Approved Today. • WEP works WITH 802.1X • WEP2 not expected to be ratified until 2003 • Solution for Wired Network: • Cisco CAT OS 6.x+IOS 12.1+
IEEE - 802.11g • Doubles bandwidth with same RF characteristics • Extends 802.11b (2.4 GHz) to 22 M bit/sec. • Intended to be backwards compatible w/ 802.11b • Approved. • Products expected Q3 2002
IEEE - 802.11a • Uses 5 GHz Carrier Frequency • 6M–54M Bit /sec rates (54-100!) • Different Radio A.P. Design Criteria (4x rule): • 802.11b = ~250-300 Feet • 802.11a = ~90 Feet • Harder to get through walls, furniture, etc.. • PC Cards will use more power – (Laptops) • Products available today • Total Cost of Ownership increases!
IEEE - 802.11e: • AKA Whitecap2 – Cirrus Logic • Earliest incarnation of IEEE 802.11e • New standard proposal will add: • QoS Features (multi-media, voice, etc.) • Applies to 802.11a, 802.11b, 802.11g • Major improvements in overall “channel robustness” • Deals with adjacent subnets operating on the same channel • Ratification expected Q3 2002