Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Installing a Wireless Network for University Members Oliver Gorwits, Roger Treweek Oxford University Computing Services

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Installing a Wireless Network for University Members Oliver Gorwits, Roger Treweek Oxford University Computing Services"— Presentation transcript:

1 1 Installing a Wireless Network for University Members Oliver Gorwits, Roger Treweek Oxford University Computing Services <wireless@oucs.ox.ac.uk>

2 2 Since Last Year… OUCS pilot completed OUCS pilot completed A better idea of service requirements A better idea of service requirements Members and Visitors Members and Visitors A better idea of user requirements A better idea of user requirements Public or Shared spaces Public or Shared spaces Six co-operative deployments of OWL-VPN Six co-operative deployments of OWL-VPN Tracking new vendors and initiatives (LIN) Tracking new vendors and initiatives (LIN)

3 3 Technology and Issues

4 4 Why Wireless? There are some obvious locations There are some obvious locations Lecture rooms Lecture rooms Libraries, Study areas Libraries, Study areas Hard-to-wire areas Hard-to-wire areas Or for specific reasons Or for specific reasons Conferences Conferences Meetings Meetings Mobility Mobility

5 5 Wireless Problems Security – products are not secure enough Security – products are not secure enough Privacy – snooping passwords, data Privacy – snooping passwords, data ‘Hub’ style operation – anyone can see all traffic ‘Hub’ style operation – anyone can see all traffic Hacker tools readily available Hacker tools readily available Performance Performance Propagation / Attenuation Propagation / Attenuation

6 6 Wireless Technology 802.11b 802.11b 2.4GHz, 11Mbps – basic common standard 2.4GHz, 11Mbps – basic common standard 802.11g 802.11g 2.4GHz, 54Mbps – popular but not without flaws 2.4GHz, 54Mbps – popular but not without flaws 802.11a 802.11a 5GHz, 54Mbps – ideal, but not yet common 5GHz, 54Mbps – ideal, but not yet common

7 7 Site Survey Site survey is still recommended Site survey is still recommended Use same make/model as it is intended to deploy Use same make/model as it is intended to deploy Consider main coverage areas Consider main coverage areas Number of access points and location Number of access points and location Interference issues Interference issues Channel settings Channel settings Power settings Power settings

8 8 Security Three areas to consider: Authorized users only Authorized users only Encrypted transmissions Encrypted transmissions Accountability of usage Accountability of usage

9 9 A Service for University Members

10 10 Cisco VPN 3000 series “concentrator” 3000 series “concentrator” Redundant hardware Redundant hardware >1000 concurrent users, 100 Mbit/s >1000 concurrent users, 100 Mbit/s Special VPN IP address pool Special VPN IP address pool Client program for users, multi platform Client program for users, multi platform

11 11 VPN-assisted Wireless Satisfies our requirements: Authorization: Authorization: Remote Access accounts Remote Access accounts Encrypted transmissions Encrypted transmissions Accounting: RADIUS and logs Accounting: RADIUS and logs

12 12 Site Requirements Separation from the main data network Separation from the main data network For the clients: For the clients: DHCP – unregistered DHCP – unregistered DNS lookup  VPN concentrator DNS lookup  VPN concentrator On the network: On the network: IP filter Clients  VPN concentrator IP filter Clients  VPN concentrator

13 13 Wireless Settings OptionValue SSID (Network Name)OWL-VPN Static WEPDisabled WEP AuthenticationOpen (not Shared) Network TypeInfrastructure (not Ad Hoc) Concentrator IP192.76.27.246 VPN IP FiltersUDP 500, 1500 both directions

14 14 Access Points Cisco 1200 series AP Cisco 1200 series AP Combined 802.11b/g with 802.11a add-on module Combined 802.11b/g with 802.11a add-on module IP Filters, DHCP server IP Filters, DHCP server Power over Ethernet (injector) Power over Ethernet (injector) ~330GBP in 2004 ~330GBP in 2004 Alternatives from 3Com, etc Alternatives from 3Com, etc Or use an integrated solution (Trapeze…) Or use an integrated solution (Trapeze…)

15 15 Use Case 1 Little additional equipment Little additional equipment Access Point and Power Injector Access Point and Power Injector No NAT No NAT Small IP pool from unit for DHCP Small IP pool from unit for DHCP Simple configuration Simple configuration Web Tool for Cisco 1200AP admin Web Tool for Cisco 1200AP admin

16 16 Use Case 1 University backbone network PC Access Point DHCP & IP Filter

17 17 Use Case 2 Less accommodating environment Less accommodating environment Access Point and NAT Appliance Access Point and NAT Appliance NAT NAT IP filter on either appliance IP filter on either appliance More hardware to configure More hardware to configure But mostly default configuration But mostly default configuration

18 18 Use Case 2 University backbone network PC Access Point NAT Appliance IP Filter DHCP & NAT

19 19 Use Case 3 More substantial deployment More substantial deployment Fully switched network Fully switched network Redundant cabling Redundant cabling or, VLAN-capable or, VLAN-capable Access Points are bridging Access Points are bridging Single Appliance to IP Filter, DHCP, NAT Single Appliance to IP Filter, DHCP, NAT Most flexible and future-proof Most flexible and future-proof

20 20 Use Case 3 - cabled University backbone network PC Access Point Bridging Appliance Access Point Bridging DHCP & IP Filter

21 21 Use Case 3 - VLANs University backbone network Office distribution network PC Access Point Bridging Appliance Access Point Bridging DHCP & IP Filter VLAN

22 22 Use Case 3 University backbone network Office distribution network PC Access Point Bridging Access Point Bridging DHCP & IP Filter

23 23 Alternatives Bluesocket Bluesocket Wireless / Wired “Captive Portal” appliances Wireless / Wired “Captive Portal” appliances Available from BTSkynet Systems Available from BTSkynet Systems Trapeze and Vernier Trapeze and Vernier Full Integration solutions – edge to core Full Integration solutions – edge to core Available from QolCom Available from QolCom

24 24 Networking Futures

25 25 FroDo A proposed upgrade to backbone connections A proposed upgrade to backbone connections Single fibre becomes managed 24-port switch Single fibre becomes managed 24-port switch UPS and Cabinet UPS and Cabinet One FroDo at main unit site One FroDo at main unit site Multiple services and Quality of Service Multiple services and Quality of Service Already deployed in a few locations Already deployed in a few locations Around 2kGBP depending on fibre work Around 2kGBP depending on fibre work

26 26 FroDo (2) Many opportunities: Many opportunities: Shared occupancy Shared occupancy Simpler annexe management Simpler annexe management Single Firewall Single Firewall Bulk transit Bulk transit “Dirty Network” “Dirty Network” Wireless handoff… Wireless handoff…

27 27 Guest Access Difficult to cater for Difficult to cater for Various periods of attendance Various periods of attendance Not University members Not University members Might arrive at short notice Might arrive at short notice Use a Gateway or “Captive Portal” Use a Gateway or “Captive Portal” HTTP redirect to HTTPS login page HTTP redirect to HTTPS login page Successful login opens an IP Filter Successful login opens an IP Filter Allow basic services, including visitor’s VPN Allow basic services, including visitor’s VPN

28 28 Deployment Requirements A FroDo A FroDo Separation of your wireless network Separation of your wireless network Layer 1 : separate cabling Layer 1 : separate cabling Layer 2 : VLANs Layer 2 : VLANs Access Points that support multiple services Access Points that support multiple services MBSSID MBSSID VLANs VLANs

29 29 Guest Access University backbone network PC Access Point Bridging FroDo Offices Network Multiple Services

30 30 Account Management Centrally organized, devolved administration Centrally organized, devolved administration Running from servers in OUCS Running from servers in OUCS Webauth’d Webauth’d 1) Nominated users login with Oxford Username 2) Create accounts singly or in bulk 3) Set an expiry 4) Set the sponsoring user or group

31 31 User Experience 1. Connect to an open, zero-config network 2. Attempt to browse web; redirected 3. Login with credentials 4. Cookie placed in their browser Rapid reauthentication Rapid reauthentication 5. IP Filter opened until account expiry or disassociation

32 32 Current Status Sadly no FroDo box at St. Catz, yet Sadly no FroDo box at St. Catz, yet Will be running for a 200 delegate conference here in September 2005 Will be running for a 200 delegate conference here in September 2005 Login and network parts are complete Login and network parts are complete Account Management nearing completion Account Management nearing completion Still evaluating commercial alternatives Still evaluating commercial alternatives No suitable candidate so far No suitable candidate so far

33 33 Q & A

Download ppt "1 Installing a Wireless Network for University Members Oliver Gorwits, Roger Treweek Oxford University Computing Services"

Similar presentations

Chapter 3: Planning a Network Upgrade

Chapter 3: Planning a Network Upgrade
SMC2804WBRP-G Barricade™ g 2.4GHz 54Mbps Wireless Cable/DSL Broadband Router with USB Print Server SMC2804WBRP-G www.smc.com.

SMC2804WBRP-G Barricade™ g 2.4GHz 54Mbps Wireless Cable/DSL Broadband Router with USB Print Server SMC2804WBRP-G
Agenda Product Overview Hardware Interfaces Software Features

Agenda Product Overview Hardware Interfaces Software Features
Application Guide For Mesh AP – MAP-3120

Application Guide For Mesh AP – MAP-3120
1 © 2005 Cisco Systems, Inc. All rights reserved. CONFIDENTIAL AND PROPRIETARY INFORMATION Cisco Wireless Strategy Extending and Securing the Network Bill.

1 © 2005 Cisco Systems, Inc. All rights reserved. CONFIDENTIAL AND PROPRIETARY INFORMATION Cisco Wireless Strategy Extending and Securing the Network Bill.
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 High-performance Gigabit Ethernet ports rapidly transfer large files supporting.

© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 High-performance Gigabit Ethernet ports rapidly transfer large files supporting.
Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco SB Summit Praha, 26.4.2012 Jan Křístek Tomáš Chott.

Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco SB Summit Praha, Jan Křístek Tomáš Chott.
Hotspot Customization

Hotspot Customization
TF Mobility Group 22nd September 20031 A comparison of each national solution was made against Del C – “requirements”, the following solutions were assessed.

TF Mobility Group 22nd September A comparison of each national solution was made against Del C – “requirements”, the following solutions were assessed.
Presentation viewer : _ Mahmoud matter. Ahmed alasy Dr: Rasha Atallah.

Presentation viewer : _ Mahmoud matter. Ahmed alasy Dr: Rasha Atallah.
Wireless Networking TGIF, April 18th, 2003 Alvin Chew Kent Reuber

Wireless Networking TGIF, April 18th, 2003 Alvin Chew Kent Reuber
Allied Telesyn Wireless LAN Solutions AT-WL2411 Access Point AT-WR2411 Wireless LAN PCMCIA Card.

Allied Telesyn Wireless LAN Solutions AT-WL2411 Access Point AT-WR2411 Wireless LAN PCMCIA Card.
Simple ways to secure Wireless Computers Jay Ferron, ADMT, CISM, CISSP, MCSE, MCSBA, MCT, NSA-IAM, TCI.

Simple ways to secure Wireless Computers Jay Ferron, ADMT, CISM, CISSP, MCSE, MCSBA, MCT, NSA-IAM, TCI.
Deliver your Technology-Based Labs with VMware Lab Manager 5/6/2010 Michael Fudge.

Deliver your Technology-Based Labs with VMware Lab Manager 5/6/2010 Michael Fudge.
Northern Arizona University Wi-Fi 2005 Flagstaff Campus Wireless Plan 4/11/2005.

Northern Arizona University Wi-Fi 2005 Flagstaff Campus Wireless Plan 4/11/2005.
Wireless networking Roger Treweek Oxford University Computing Services.

Wireless networking Roger Treweek Oxford University Computing Services.
Providing secure open- access networks Oliver Gorwits Oxford University Computing Services.

Providing secure open- access networks Oliver Gorwits Oxford University Computing Services.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Wi-Fi Structures.

Wi-Fi Structures.
Terri Lahey LCLS Facility Advisory Committee 20 April 2006 LCLS Network Security Terri Lahey.

Terri Lahey LCLS Facility Advisory Committee 20 April 2006 LCLS Network Security Terri Lahey.

Similar presentations

Ads by Google