210 likes | 518 Views
Campus Wireless Network kitenet. Koji OKAMURA Research Institute for Information Technology, Kyushu University. Overview of Kyushu Univ. is located in Fukuoka City of Fukuoka Prefecture. Population of Fukuoka City is 1.3M . Population of Fukuoka Pref. is 5.0M. has
E N D
Campus Wireless Network kitenet Koji OKAMURA Research Institute for Information Technology, Kyushu University
Overview of Kyushu Univ. • is located in Fukuoka City of Fukuoka Prefecture. • Population of Fukuoka City is 1.3M. • Population of Fukuoka Pref. is 5.0M. • has • 20,000 students and 10,000 staffs (faculties and etc.). • and two main big campus (hakozaki and ito) and several satellite campus (hospital, chikushi and oohashi ). • every campus are connected 10G. • uses • AS2508 and one Class B address (133.5.0.0/16).
Campus of Kyushu Univ. Main Hospital 15km New Main Art Material, Energy etc
Why Campus Wireless Network is necessary ? • Everyone of Kyushu Univ. want to use Internet when they come to University. • Everyone had bought and set-upped their own Wireless AP. • Only owner can use his Wireless AP even there are so many Wireless APs in campus. • Policies for Member of Kyushu Univ. and guests should be different. • Computer Center had decide to introduce Campus wide wireless network in 2006.
The 1st Version (2003~2007) • Mobile IP based. • Non Standard. • 228APs • Special Driver (Software) is necessary. • The product becomes “Dis-Continue”. • No Windows Vista support.
The 2nd Version (2006~ • 802.1x Base • 591 APs • APs are installed with core network when the new building is build.
Infrastructure Campus Network of Kyushu Univ. (KITE) Authentication Server Commercial Network Ether Switch
Authentication Campus Network of Kyushu Univ. (KITE) Authentication Server Commercial Network Ether Switch
Connecting Campus Network of Kyushu Univ. (KITE) Authentication Server Commercial Network Dynamic VLAN Ether Switch
Policy for each user can be supported. Campus Network of Kyushu Univ. (KITE) 133.5.11.0/24 133.5.22.0/24 Authentication Server 133.5.7.0/24 Commercial Network Commercial ISP Tohoku Univ. Kyoto Univ. Ether Switch
System Design • Functions • Authentication • 802.1x → Mandatory • Web → Option • Dynamic VLAN • Wired • AX (MAC VLAN) • 802.1 1X • SW or Wireless AP which can pass EAP packets can be cascaded. • Web • Wireless • Allied Tetesis (Tagged VLAN) • 802.1X • Web(not supported) Radius Server Core SW AX SW which can not pass EAP packets Port which is set of Authentication Wireless AP by Allied Telesis SW or Wireless AP which can pass EAP packets Center Network AX-630x User Network AT-TQ2403
Dynamic VLAN Wireless AP Wired SW Wireless AP Wired SW Wireless AP VID=xxx VID=yyy VID=zzz Radius
kitenet (IPv4) Wireless AP Wired SW Wireless AP Wired SW Wireless AP VID=xxx 10.1.0.0/16 VID=yyy 10.2.0.0/16 NAT NAT Internet Kyushu Univ. ISP
kitenet (IPv6) Wireless AP Wired SW Wireless AP Wired SW Wireless AP VID=xxx 10.1.0.0/16 2001:200:905:15f1::/64 VID=yyy 10.2.0.0/16 2001:200:905:15f2::/64 QGPOP IPv6 NAT NAT Internet Kyushu Univ. ISP
The current situation • every one can use Internet using Windows, Mac, iPhone, Windows Mobile…. • even guests can use Internet when they come to Kyushu Univ. based on security policy of Kyushu Univ. • Conference at Kyushu Univ.
Future Works • Big segment across whole campus management/authentication Kyushu University Guest
Future Works • They should be segmented. • IPv4 is used for each segment. • Virtual Router will support the routing. Authentication Management Kyushu Univ. Guest