290 likes | 391 Views
Introduction. Trinity guest network project objective College wireless network overview Public wireless/hospitality internet access Guest network access challenges Guest access solution IP3 NetAccess subscriber gateway Outcomes and future developments. Trinity Guest Network Project.
E N D
Introduction • Trinity guest network project objective • College wireless network overview • Public wireless/hospitality internet access • Guest network access challenges • Guest access solution • IP3 NetAccess subscriber gateway • Outcomes and future developments
Trinity Guest Network Project • Objective: To facilitate the connection of short stay authorized Guests to the College data wireless (mandatory) and wired (desirable) network. • Examples of authorised Guests: • Conference delegates • Visiting academics and Library readers • VIPs, sales representatives, contractors • Summer accommodation visitors
College wireless network overview • Size and locations • 750 users last academic year • Approx 145 APs in 50 locations, main Campus, St James, Dartry, D’Olier Street, Foster Place/College Green complex
College wireless network overview (cont) • Enterprise class based on Cisco Structured Wireless Aware Network (SWAN). • Secure • 802.1X/EAP authentication via Radius/AD • Dynamic 128bit encryption • MAC address registration • VLAN’ed • Clients • 802.1X compatible • College AD domain, OS patches, AV, high support • Internet connectivity limited, LAN based services available
Public wireless hotspots/Hospitality Guest Internet access • Low security • Any wireless client adapter will connect • Little wireless client configuration to connect • Full or almost full internet access • Connection established using a prepaid access code or credit card via a web based login portal • Connectivity and session management is usually controlled by a wireless gateway device providing a reliable controlled connection
Guest network access challenge • To provide an reliable network service to guests with the following characteristics • Low client configuration • Access code/portal authentication • Compatibility for most hardware and software types • Low user support requirements • Feature rich in terms of internet availability • Benefit from existing extensive infrastructure • Protect College’s other data networks and reputation from intentional/unintentional misuse of guest network
Guest access solution • Provide public wireless hotspot/hospitality type connectivity features using the existing campus network infrastructure • This is achieved by “overlaying” a Guest enabled network on the existing campus network using VLAN technology and an internet gateway device • A number of internet gateway devices were evaluated
Devices evaluated: • Bluesocket WG5000 wireless gateway (August 2004). www.bluesocket.com • Cisco Building Broadband Services Manager (BBSM) ver 5.3. (May 2005). www.cisco.com • IP3 NetAccess NA1500 internet gateway (July 2005). www.ip3networks.com
Primary evaluation criteria: • VLAN based guest client discovery*. • Ability to generate its own access codes to facilitate Guest authentication*. • Session and bandwidth control, logging and accounting. • Ease of integration with existing campus network infrastructure, must support min. 1000+ users. • Customisable login portals, DHCP (NAT/PAT) ,SMTP, support for RADIUS authentication.
Internet Guest overlay architecture Firewall IP3 IDS appliance Enterprise Network Wireless Staff/Student Authentication 802.1X/EAP Wireless Guest (VLAN 14), Authentication: OPEN Wired Guest (VLAN 14) Wired Staff/Student etc
IP3 NetAccess subscriber gateway • Access Control, Billing, and Subscriber Management Solution • Flash-based Network Appliance • 802.1Q VLAN support. • Internal Access Code Generation & Authentication • Custom Login Portals. • Integrated DHCP, Firewall, & Web Servers • RADIUS AAA support • Supports VPN Pass-Through.
Internet, E-mail, VPN, etc. IP3 NetAccess manages Guest Internet Connections 1. Guest connects to wired/wireless network, (SSID: TCDguest) 2. Guest client obtains DHCP assigned private IP address, opens Web browser,IP3 redirects to custom login screen. 3. Guest enters guest access code 4. IP3 provides authentication & accounting IP3 NetAccess 5. IP3 manages bandwidth, access code duration.
Portal groups: • Combination of the following: • Assigned (Guest) VLAN • Assigned (customised) login portal • Payment method (access code) • Product (eg 512K bandwidth)
Access codes - overview: • Created using access code generator. • Codes may be valid between a fixed start/end date or allow a one-off session from time of activation. • The generated access codes can be exported from the IP3 appliance in .CSV format. • The exported codes are then merged with a customised TCD access code token template before printing. • Codes are printed from a standard LaserJet colour printer using Avery business card labels.
Outcomes • Over 500 guest users have been facilitated since the system was rolled out in August 2005 • First trial end July, Maths Lattice conference (55) • Production end Aug, Eurographics 2005 (>200) • Sept., BA conference (BA press users fallback) • Sept., EDNO, Maths, Nursing Studies • many individual requests
Outcomes (cont) I wanted to say that the wireless access in the printing house worked flawlessly yesterday. Our international evaluation panel and the SFI and IDA minders plugged in, retrieved their e-mail and I think this helped enormously in getting across an image of a professional organization with it's act together. One of the panellists from a University in the South of England commented that he'd never be able to get this kind of service in his home University!. So the day was a big success from our point of view..Thanks Again,
Future Developments • There has been much interest from the College community in this new service, strong demand is anticipated during 05/06 academic year • Automate process of distributing access codes • Using other authentication methods and additional VLAN’s to provide: • Quarantine/basic services network • PDA and handhelds • Facilitate Eduroam visitors