1 Installing a Wireless Network for University Members Oliver Gorwits, Roger Treweek Oxford University Computing Services

Slides:



Advertisements
Similar presentations
Chapter 3: Planning a Network Upgrade
Advertisements

SMC2804WBRP-G Barricade™ g 2.4GHz 54Mbps Wireless Cable/DSL Broadband Router with USB Print Server SMC2804WBRP-G
Agenda Product Overview Hardware Interfaces Software Features
Application Guide For Mesh AP – MAP-3120
1 © 2005 Cisco Systems, Inc. All rights reserved. CONFIDENTIAL AND PROPRIETARY INFORMATION Cisco Wireless Strategy Extending and Securing the Network Bill.
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 High-performance Gigabit Ethernet ports rapidly transfer large files supporting.
Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco SB Summit Praha, Jan Křístek Tomáš Chott.
Hotspot Customization
TF Mobility Group 22nd September A comparison of each national solution was made against Del C – “requirements”, the following solutions were assessed.
Presentation viewer : _ Mahmoud matter. Ahmed alasy Dr: Rasha Atallah.
Wireless Networking TGIF, April 18th, 2003 Alvin Chew Kent Reuber
Allied Telesyn Wireless LAN Solutions AT-WL2411 Access Point AT-WR2411 Wireless LAN PCMCIA Card.
Simple ways to secure Wireless Computers Jay Ferron, ADMT, CISM, CISSP, MCSE, MCSBA, MCT, NSA-IAM, TCI.
Deliver your Technology-Based Labs with VMware Lab Manager 5/6/2010 Michael Fudge.
Northern Arizona University Wi-Fi 2005 Flagstaff Campus Wireless Plan 4/11/2005.
Wireless networking Roger Treweek Oxford University Computing Services.
Providing secure open- access networks Oliver Gorwits Oxford University Computing Services.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Wi-Fi Structures.
Terri Lahey LCLS Facility Advisory Committee 20 April 2006 LCLS Network Security Terri Lahey.
Chapter 9 Connecting to and Setting up a Network
Flexible Network Access Overview. Flexible Access an Integral part of Universal Access Policy Universal Access to Campus IT Resources Managed LAN portsFlexible.
A Guide to major network components
Wireless LANs A Case Study of Baylor University’s Wireless Network Copyright Bob Hartland 2002 This work is the intellectual property of the author. Permission.
Treaded Case Study Computer Networks 2002 Daire Sheriden Ronan Monaghan Mark Gilmore.
PKI Network Authentication Dartmouth Applications Robert Brentrup Educause/Dartmouth PKI Summit July 27, 2005.
ITGS Networks Based on the textbook “Information Technology in a Global Society for the IB Diploma” by Stuart Gray.
Technical Training: DAP-1360 Wireless N Access Point DAP-1360.
Dainis Krakops’ Wireless Network MOTOROLA SURFboard SB5101 CABLE MODEM Enables cable operators to provide broadband Internet connection for my LAN devices.
Course 201 – Administration, Content Inspection and SSL VPN
Ch. 5 – Access Points. Overview Access Point Connection.
Networking Components Mike Yardley LTEC 4550 Assignment 3
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Troubleshooting Your Network Networking for Home and Small Businesses.
LDK-24(Nexer). LDK-24 Flexible architecture Flexible architecture Integrated LAN switch & ADSL Router Integrated LAN switch & ADSL Router Basic & enhanced.
Dartmouth’s Wireless Network May 16, 2005 David W. Bourque.
1 October 20-24, 2014 Georgian Technical University PhD Zaza Tsiramua Head of computer network management center of GTU South-Caucasus Grid.
Udit Verma( ) Aditya Gulati( ) Abhishek Meena( )
©Kwan Sai Kit, All Rights Reserved Windows Small Business Server 2003 Features.
Altai Certification Training Backend Network Planning
CTSP TRAINING Router 101 And Networking Basics. You Don’t Need Internet Access to Run or Connect your devices to an Ethernet switch or Router Enable DHCP.
Wireless Network Authentication Regnauld / Büttrich, Edit: Sept 2011 Wireless Network Authentication Regnauld / Büttrich, Edit: Sept 2011.
Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.
Wireless Past, Present and Future. University of Auckland Robert Beattie.
Internet Engineering Course Network Design. Internet Engineering Course; Sharif University of Technology Contents Define and analyse an organization network.
How to Integrate a WiFi for Mobile Networks Karen Cameron, EdTech 541 Image from wifinotes.com.
1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.
Module 11: Remote Access Fundamentals
Secure Wireless Home Networks Area 2 SIR Presentation Nov. 18, 2004 Dean Steichen Br. 8.
CAEN Wireless Network College of Engineering University of Michigan October 16, 2003 Dan Maletta.
Module 11: Implementing ISA Server 2004 Enterprise Edition.
Bluesocket vWLAN Overview. Its ALL about n……
Wireless? A wireless LAN or WLAN is a wireless local area network that uses radio waves as its carrier. The last link with the users is wireless, to give.
Wireless networking Unit objective: Identify wireless networking standards, and install a SOHO network.
● Albert Einstein explained it best: ● "You see, wire telegraph is a kind of a very, very long cat. You pull his tail in New York and his head is meowing.
A machine that acts as the central relay between computers on a network Low cost, low function machine usually operating at Layer 1 Ties together the.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 ver.2 Module 8 City College.
7.4 Update - ISE Session.
NETWORKING COMPONENTS lLTEC 4550 JGuadalupe. HUB -THIS IS A HARDWARE DEVICE THAT IS USED TO NETWORK MULTIPLE COMPUTERS TOGETHER. IT IS A CENTRAL CONNECTION.
Chapter 1-4 Home Networking. Introduction Setting up a home network is probably one of the first networks that the student sets up. This is an exciting.
COMPUTER FUNDAMENTALS David Samuel Bhatti
Installing the ALSMS Software on a Windows Platform Configuration Example Alcatel-Lucent Security Products Configuration Example Series.
© ExplorNet’s Centers for Quality Teaching and Learning 1 Install, configure, and deploy a SOHO wireless/wired router using appropriate settings. Objective.
LINCWorks Mesh Networking User Guide. This user guide will give a brief overview of mesh networking followed by step by step instructions for configuring.
SMOOTHWALL FIREWALL By Nitheish Kumarr. INTRODUCTION  Smooth wall Express is a Linux based firewall produced by the Smooth wall Open Source Project Team.
Model: DS-600 5x 10/100/1000Mbps Ethernet Port Centralized WLAN management and Access Point Discovery Manages up to 50 APs with access setting control.
RuggedPOD O/S Deployment strategy. Disclaimers The content of this presentation is released under GPL v2 license en Creative Common Attribution-ShareAlike.
Instructor Materials Chapter 6 Building a Home Network
Wireless IP products: GWN series
Introduction To Networking
What’s New In WatchGuard Wi-Fi Cloud v8.6
Presentation transcript:

1 Installing a Wireless Network for University Members Oliver Gorwits, Roger Treweek Oxford University Computing Services

2 Since Last Year… OUCS pilot completed OUCS pilot completed A better idea of service requirements A better idea of service requirements Members and Visitors Members and Visitors A better idea of user requirements A better idea of user requirements Public or Shared spaces Public or Shared spaces Six co-operative deployments of OWL-VPN Six co-operative deployments of OWL-VPN Tracking new vendors and initiatives (LIN) Tracking new vendors and initiatives (LIN)

3 Technology and Issues

4 Why Wireless? There are some obvious locations There are some obvious locations Lecture rooms Lecture rooms Libraries, Study areas Libraries, Study areas Hard-to-wire areas Hard-to-wire areas Or for specific reasons Or for specific reasons Conferences Conferences Meetings Meetings Mobility Mobility

5 Wireless Problems Security – products are not secure enough Security – products are not secure enough Privacy – snooping passwords, data Privacy – snooping passwords, data ‘Hub’ style operation – anyone can see all traffic ‘Hub’ style operation – anyone can see all traffic Hacker tools readily available Hacker tools readily available Performance Performance Propagation / Attenuation Propagation / Attenuation

6 Wireless Technology b b 2.4GHz, 11Mbps – basic common standard 2.4GHz, 11Mbps – basic common standard g g 2.4GHz, 54Mbps – popular but not without flaws 2.4GHz, 54Mbps – popular but not without flaws a a 5GHz, 54Mbps – ideal, but not yet common 5GHz, 54Mbps – ideal, but not yet common

7 Site Survey Site survey is still recommended Site survey is still recommended Use same make/model as it is intended to deploy Use same make/model as it is intended to deploy Consider main coverage areas Consider main coverage areas Number of access points and location Number of access points and location Interference issues Interference issues Channel settings Channel settings Power settings Power settings

8 Security Three areas to consider: Authorized users only Authorized users only Encrypted transmissions Encrypted transmissions Accountability of usage Accountability of usage

9 A Service for University Members

10 Cisco VPN 3000 series “concentrator” 3000 series “concentrator” Redundant hardware Redundant hardware >1000 concurrent users, 100 Mbit/s >1000 concurrent users, 100 Mbit/s Special VPN IP address pool Special VPN IP address pool Client program for users, multi platform Client program for users, multi platform

11 VPN-assisted Wireless Satisfies our requirements: Authorization: Authorization: Remote Access accounts Remote Access accounts Encrypted transmissions Encrypted transmissions Accounting: RADIUS and logs Accounting: RADIUS and logs

12 Site Requirements Separation from the main data network Separation from the main data network For the clients: For the clients: DHCP – unregistered DHCP – unregistered DNS lookup  VPN concentrator DNS lookup  VPN concentrator On the network: On the network: IP filter Clients  VPN concentrator IP filter Clients  VPN concentrator

13 Wireless Settings OptionValue SSID (Network Name)OWL-VPN Static WEPDisabled WEP AuthenticationOpen (not Shared) Network TypeInfrastructure (not Ad Hoc) Concentrator IP VPN IP FiltersUDP 500, 1500 both directions

14 Access Points Cisco 1200 series AP Cisco 1200 series AP Combined b/g with a add-on module Combined b/g with a add-on module IP Filters, DHCP server IP Filters, DHCP server Power over Ethernet (injector) Power over Ethernet (injector) ~330GBP in 2004 ~330GBP in 2004 Alternatives from 3Com, etc Alternatives from 3Com, etc Or use an integrated solution (Trapeze…) Or use an integrated solution (Trapeze…)

15 Use Case 1 Little additional equipment Little additional equipment Access Point and Power Injector Access Point and Power Injector No NAT No NAT Small IP pool from unit for DHCP Small IP pool from unit for DHCP Simple configuration Simple configuration Web Tool for Cisco 1200AP admin Web Tool for Cisco 1200AP admin

16 Use Case 1 University backbone network PC Access Point DHCP & IP Filter

17 Use Case 2 Less accommodating environment Less accommodating environment Access Point and NAT Appliance Access Point and NAT Appliance NAT NAT IP filter on either appliance IP filter on either appliance More hardware to configure More hardware to configure But mostly default configuration But mostly default configuration

18 Use Case 2 University backbone network PC Access Point NAT Appliance IP Filter DHCP & NAT

19 Use Case 3 More substantial deployment More substantial deployment Fully switched network Fully switched network Redundant cabling Redundant cabling or, VLAN-capable or, VLAN-capable Access Points are bridging Access Points are bridging Single Appliance to IP Filter, DHCP, NAT Single Appliance to IP Filter, DHCP, NAT Most flexible and future-proof Most flexible and future-proof

20 Use Case 3 - cabled University backbone network PC Access Point Bridging Appliance Access Point Bridging DHCP & IP Filter

21 Use Case 3 - VLANs University backbone network Office distribution network PC Access Point Bridging Appliance Access Point Bridging DHCP & IP Filter VLAN

22 Use Case 3 University backbone network Office distribution network PC Access Point Bridging Access Point Bridging DHCP & IP Filter

23 Alternatives Bluesocket Bluesocket Wireless / Wired “Captive Portal” appliances Wireless / Wired “Captive Portal” appliances Available from BTSkynet Systems Available from BTSkynet Systems Trapeze and Vernier Trapeze and Vernier Full Integration solutions – edge to core Full Integration solutions – edge to core Available from QolCom Available from QolCom

24 Networking Futures

25 FroDo A proposed upgrade to backbone connections A proposed upgrade to backbone connections Single fibre becomes managed 24-port switch Single fibre becomes managed 24-port switch UPS and Cabinet UPS and Cabinet One FroDo at main unit site One FroDo at main unit site Multiple services and Quality of Service Multiple services and Quality of Service Already deployed in a few locations Already deployed in a few locations Around 2kGBP depending on fibre work Around 2kGBP depending on fibre work

26 FroDo (2) Many opportunities: Many opportunities: Shared occupancy Shared occupancy Simpler annexe management Simpler annexe management Single Firewall Single Firewall Bulk transit Bulk transit “Dirty Network” “Dirty Network” Wireless handoff… Wireless handoff…

27 Guest Access Difficult to cater for Difficult to cater for Various periods of attendance Various periods of attendance Not University members Not University members Might arrive at short notice Might arrive at short notice Use a Gateway or “Captive Portal” Use a Gateway or “Captive Portal” HTTP redirect to HTTPS login page HTTP redirect to HTTPS login page Successful login opens an IP Filter Successful login opens an IP Filter Allow basic services, including visitor’s VPN Allow basic services, including visitor’s VPN

28 Deployment Requirements A FroDo A FroDo Separation of your wireless network Separation of your wireless network Layer 1 : separate cabling Layer 1 : separate cabling Layer 2 : VLANs Layer 2 : VLANs Access Points that support multiple services Access Points that support multiple services MBSSID MBSSID VLANs VLANs

29 Guest Access University backbone network PC Access Point Bridging FroDo Offices Network Multiple Services

30 Account Management Centrally organized, devolved administration Centrally organized, devolved administration Running from servers in OUCS Running from servers in OUCS Webauth’d Webauth’d 1) Nominated users login with Oxford Username 2) Create accounts singly or in bulk 3) Set an expiry 4) Set the sponsoring user or group

31 User Experience 1. Connect to an open, zero-config network 2. Attempt to browse web; redirected 3. Login with credentials 4. Cookie placed in their browser Rapid reauthentication Rapid reauthentication 5. IP Filter opened until account expiry or disassociation

32 Current Status Sadly no FroDo box at St. Catz, yet Sadly no FroDo box at St. Catz, yet Will be running for a 200 delegate conference here in September 2005 Will be running for a 200 delegate conference here in September 2005 Login and network parts are complete Login and network parts are complete Account Management nearing completion Account Management nearing completion Still evaluating commercial alternatives Still evaluating commercial alternatives No suitable candidate so far No suitable candidate so far

33 Q & A

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.