150 likes | 271 Views
Dartmouth’s Wireless Network. May 16, 2005 David W. Bourque. Topics. Background (Dartmouth’s Wireless Network pre 2005) Dartmouth’s Wireless Network, Where Is It Going? “Fat” versus “Thin” Access Points An Architectural Evolution Virtual Networks Client Mobility
E N D
Dartmouth’s Wireless Network May 16, 2005 David W. Bourque
Topics • Background (Dartmouth’s Wireless Network pre 2005) • Dartmouth’s Wireless Network, Where Is It Going? • “Fat” versus “Thin” Access Points • An Architectural Evolution • Virtual Networks • Client Mobility • Securing The Wireless Network • The Aruba Wireless Location Tool • Managing The Wireless Network • Questions and maybe some Answers
Background • Campus roughly one mile square • User population is about 6000 • Roughly 200 buildings/structures • Campus is completely wired • Currently over 1,000 wireless Access Points deployed • 300 Cisco Systems • 700 Aruba Wireless Networks
First Generation Deployment • Installed over 18 months beginning in 2001 • Cisco Aironet 350 series • Approximately 500 APs installed • Approximately 2200 active users per day • Dartmouth’s wireless network named “Kiewit Wireless”
Dartmouth’s Wireless Network,Where Is It Going? • Removing all of the existing Cisco 350 • “Fat” access points • Installing Aruba Wireless Networks • “Thin” access points • Approximately 1400 devices at project completion • Current status • Over 700 Aruba access points installed • 85 buildings have been upgraded
“Fat” versus “Thin” Access Points • Cisco Systems “Fat” access points • 802.11b, 2.4 GHz, 11 Mbps data rate • Managed individually • All network decisions made at the access point • Hundreds of configuration files • Can operate as an independent stand-alone device • Aruba Networks “Thin” access points • 802.11b, 2.4 GHz, 11 Mbps data rate • 802.11g, 2.4 GHz, 54 Mbps data rate • 802.11a, 5.8 GHz , 54 Mbps data rate • Managed from a central tool, the “aruba master” • Network decisions made at a central tool • One “master” configuration file • Requires network connectivity to “aruba master” to operate
Management Location Policy Diagnostics Mobility Calibration Forwarding Enforcement Encryption Monitoring Authentication Media Access 802.11b Radio 802.11a radio 802.11n radio Architectural Evolution Centralized WLAN Systems “Fat” Access Points “Thin” Access Points
Next Generation Wireless& Virtual Networks • Increase AP density and thus bandwidth • Reduce or eliminate weak client pulling down others • Load balance associations in high client areas • Develop three “Virtual” wireless layers • Kiewit Wireless • Expand for general purpose bandwidth • Kiewit Voice • Developed for wireless VoIP devices • Kiewit Video • Developed for streaming video and latency sensitive services • Kiewit Wireless and Kiewit Voice • Build for mobility
Client Mobility • What does it mean? • Seamless movement from one access point to another access point within the same virtual network within the same wireless zone • Configuration Option: • Clients get to start the day with one IP address and keep it throughout the day as they move across campus
Securing The Wireless Network • Currently “Kiewit Wireless” is full and open access • Will become a guest network • Will become restricted to off campus Internet access only through firewall and router configurations • Will become bandwidth limited by firewall policies • New secure data network will become available • TBD name “Kiewit ?” • Secure through one or more of the following • 802.1x • E-Token Authentication • Dartmouth developed “Green Pass” • “Kiewit Voice” • Not generically visible, “hidden” network name • Currently secure through MAC based authentication • Network traffic restricted through firewall and router settings to internal Dartmouth network • Bandwidth limited to 1 Meg • “Kiewit Video” • On less popular, less crowded, less interference 802.11a band • Requires login through Captive Portal • Once authenticated full access and bandwidth
Securing The Wireless Network • Special AP configured to only monitor “Air Monitor” • Allows for rapid detection of intrusions • Allows for more accurate client location • Automatically defending the network against • Ping attacks • TCP SYN attacks, rate selectable • An attempt to keep a server busy by opening many TCP sessions • Bridging between wireless users • Ad-Hoc networking • IP Spoofing • Changing IP addresses from the same MAC address • Man In The Middle • Pretending to be the “sender” or “receiver”
The Aruba Wireless Location Tool • Real time client location demo
Managing The Wireless Network • Real time screens of the Aruba-Master
Questions And Maybe Some Answers • Thanks!