1 / 28

Port Based Network Authentication in a Lab Environment

Port Based Network Authentication in a Lab Environment. QUESTNet 2000. Contents. Introduction Overview of QUT’s network Technical part of the LAS Project Support part of the LAS Project. Introduction. Laptop Access Project started in 1999 Provide Laptop Access in QUT Labs

idania
Download Presentation

Port Based Network Authentication in a Lab Environment

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Port Based Network Authentication in a Lab Environment QUESTNet 2000

  2. Contents • Introduction • Overview of QUT’s network • Technical part of the LAS Project • Support part of the LAS Project

  3. Introduction • Laptop Access Project started in 1999 • Provide Laptop Access in QUT Labs • Faster and better access • Demand for student labs • Economic considerations

  4. Overview of the QUT Network • Potential of 34,000 users - 30K students 4K staff. • 6000 x PCs / Workstations • 90 Central Servers, 30 x Faculty Servers • 2 x WAN ATM Switches • 3 x Legacy Routers, 4 x ATM Router Engines • 46 x ATM Switches • 189 x Ethernet Switches • 370 x Ethernet Hubs • 48 x Terminal Servers • 600 x Digital / Analog Modems

  5. AARNET Switch PABX PABX PABX PABX DIALIN ACCESS ATM Switch Legacy Router QUT Wide Area Network (Voice/Data) - May 2000 UQ GU USQ Adelaide St 34Mbps 34Mbps 34Mbps 2 x 2Mbps Merivale St 34Mbps 2Mbps Radio Links Kelvin Grove Campus 64k 6 x 2Mbps KG Offices (4) 4 x 2Mbps PSTN / ISDN Mt Cootha 2Mbps Gardens Point Campus Carseldine Campus 155Mbps Margaret St Offices 2Mbps Radio Link Peel St

  6. Network Projects 2000 • Installing Accellar router switches into the core of data network. • VoIP trials • Carseldine WAN upgrade to155Mbps • Microwave Links reused for redundancy

  7. AARNET ATM Switch Legacy Router QUT Wide Area Network (Voice/Data) - Future 34Mbps Kelvin Grove Campus Carseldine Campus UQ 155Mbps 155Mbps 6Mbps GU 34Mbps Mt Cootha 34Mbps 155Mbps 12Mbps Gardens Point Campus

  8. Current Networking Issues • High Availability and High Bandwidth • Integrating voice over the data network • Network Performance • Wire speed routing • IP only backbone • Network Security • Breach Monitoring within the LAN • Secure Management LAN • Leaf node (port based) authentication

  9. Laptop Access Project Requirements • Easy to use authenticated laptop access • Given technical and financial constraints. • Network Authentication • Use QUT Access username, password. • Network Access and Performance • Same as in a standard public access lab. • Before Authentication • Network access must be completely restricted, including other unauthenticated ports.

  10. Possible Client End Solutions • Laptop to switch authentication using: • 1. Microsoft(NetBIOS) or NetWare Client • 2. Browser or telnet Client • 3. Extensible Authentication Protocol - EAP • Laptop to server authentication • Microsoft or Browser client • Server requests port movement from default VLAN to the authenticated VLAN

  11. Central Dynamic Address Allocation Server (DHCP) Central Authentication Server (RADIUS) Network Gateway (Router) Alcatel Ethernet Switch Internal Web and Telnet Server Default Port Virtual LAN Authenticated Virtual LAN 1 2 3 Laptop/PC Network Authentication Process

  12. DHCP Request DNS [QUTAccess ] Username, Password DHCP Reply DNS [Switch IP Addr] Auth Successful IP, Gateway Address Primary DNS Secondary DNS - Switch IP Network Authentication Process - Detail Central DCHP Server 1 2 Switch Internal Web & Telnet Server Central RADIUS Server Front End for Oracle DB ORACLE Database Stores: QUT Access Username Password

  13. Current Solution Specifications • ISC DHCP Server Ver 2.0 • Internet Software Consortium - www.isc.org • RADIUS Server Radiator • Open Systems Consultants - www.open.com.au • Oracle Database ver 8 with perl DBI • ALCATEL Switches • Omnistack 4024,5024, Omniswitch router OSR • Current software 4.1.2 GA • Standard Telnet, Netscape, IE 4,5 • Win95,98,NT,Win2000, MacOS, Linux

  14. Radius Log Processor - snapshot

  15. Alcatel Solution • Switch authentication reliability • software, hardware problems • Vendor support was good • Scalability is Costly

  16. Future Direction • QUT authentication backend change • Directory Service replaces oracle db • User profile detail VLAN • LDAP replace RADIUS • Goals for switch vendors • Authentication before DHCP • A solution for Operations Systems apart from Win2K • A solution for all L2 Access - Ethernet & Wireless

  17. From the technical detail to the bigger picture….. • Technical • Support • Usage • Cost effectiveness

  18. What other universities are doing • User services list March 2000 • University of Melbourne • CAUDIT list June 2000 Information from 23 universities

  19. Institutional Responses • Most universities are at least considering laptop access for students (17/23) • 9 yes • 8 Soon/very small • 6 no • Demand has been much lower than expected • Many see wireless as the future direction

  20. QUT laptop access areas • Law Library. September 1999 • Graduate School of Business teaching facilities. Semester 1 2000 • Gardens Point Library. June-July 2000 • Student superlab – 350 ports – October 2000

  21. Law library usage statistics

  22. Law Library usage statistics (cont)

  23. Law library usage statistics (cont) • 21 students successfully used the service • 9 students only used it on one day • 1 student used it on 23 days • Maximum of 5 users on any one day • Usage slowly increasing

  24. Support issues • Hired laptops (preconfigured) • Only connect at QUT laptops (configure once) • Modem + QUT connection laptops (minor adjustments) • Work laptops. Major adjustments. • Hire network cards or USB connectors

  25. Promotion • Signage • Official launch • Position • Competition • Feedback

  26. What we’ve learnt • Support • Demand - convenience • Promotion • Equity • Laptop Security • Technical - hardware and management

  27. Likely future • Wireless • Client software will be inbuilt • Interchangable with desktops • Establish cost effectiveness • Benchmark student access to the university network

More Related